March 18

Retail Software Update/Upgrades in the era of the Silver Surfer….

Old YouView
New YouVIew

So I have this PVR box here in the UK called “YouView” which now pretty much standard fair – you know Series Link, Pause/Rewind Live TV etc. etc. This week they did a software update/upgrade which reskined the thing with quite a shift in the UI. The UI change is pretty typical of what’s in fashion nowadays, and you see it on modern day website designed for tablets. So reduce the detail; menus – and opted for the more stripped down ’tile’ view along the lines of say OSes like Window8/10. The kind of less is more approach.

Of course, this raises the thorny questions of when is software change – a patch, update or upgrade. This old catagory question has got even more blurry as stuff that was meant to just fix stuff is now generally sweetened up with additional features or a new look. The other SW vendors are doing are doing is “depreciating” features. This is a clever use language for what is affectively an arbitarary removal of functionality without notice. Finally, with domestic retail software we seeing an increase us of over the air updates which are mandatory, not optional – and happen automagically without your triggering them. I guess this is requirement nowadays as more and more devices are web-connected, as vunerabilities are discovered those fixes need to pushed out quickly in order to gain ‘herd immunity‘ from potentional virus or exploits in badly patched managed environments.

I guess my generation is probably going to be the last to be irratated by this, as the younger generation will be able to absorb software changes as fast rate, and have more important things to do like curating an interest image on themselves on social media platforms, and wondering why their uber hasn’t arrived yet.

But I think the retail software people are forgetting a core demographic. The baby-boomer generation or “silver surfers” who react badly to any change, of any type. I’ve seen this happen loads with my Mum as Microsoft ceasely change an almost weekly cadence, for almost negiable benefit, unless they definie “benefit’ as confusing the shit out my elderly parents. So how to manage this radically divergent user types. Well, I think these vendors should be going back to a very simple Q/A of “Doing want our radical new update that makes everything bright and shiny, or would rather have the good classic look”.  At the very least the ability to go back to a classic look and feel should be offered. With the rise in the aged population, there’s going to be rise in people who struggle to adapt change, and need to make notes on ‘how to do stuff’.

Of course the silly thing is. This ’tile’ UI is in itself quite old-hat now. I mean its been around for donkeys years and think the first time i saw it was on an early AppleTV. Personally, I prefer the good old fashioned list – when you could see more on a single screen and navigate through more content in a single page, and also see what shows I’d partly watched… Finally, we with every mass software update there is always a % of DOA updates. Mine went thru perfectly fine, others less so. I assume retail sofware vendors budget for and have the PR chaps ready for any blowback…

Category: Other | Comments Off on Retail Software Update/Upgrades in the era of the Silver Surfer….
January 30

Altaro VM Backup V7 Released

Download the 30-day trial:
Product Info:

Hi there, and thanks for reading this blog post about Altaro VM Backup. I was asked by the guys at Altaro to take a look at their latest release. I said yes, and I also managed to persuade Altaro to make a donation to the charity ( who I’m volunteering for whilst I look for a new role. So firstly, a big thank you goes out to Altaro for agreeing to this arrangement. I think its setup that works well for all. Altaro gets exposure to their new offering; I get stick time with a product that’s new to me – and a good cause benefits as well. I managed to raise £280 for Aquabox. If you want to donate to Aquabox as well click the logo!

Lets start with some basic facts. Altaro has won a number of pludits from the reviewers on Spiceworks and Their Altaro VM Backup software can backup both VMware vSphere as well as Microsoft HyperV, so is handy for those people working in a hybrid environment. It’s licensed on a per-host basis, not per-socket or CPU, so customers who go for a high-density consolidation ratios (the number of VMs per hosts) are really going to benefit from a licensing perspective. It’s chocked full of all the features you would normally expect from any enterprise backup system. Altaro VM Backup is fully compatible with Microsoft VSS, and that means you will get a consistent backup from those tricky customers like Microsoft SQL. The software is granular enough to restore individual files and emails from within a virtual machine backup. Finally, a number of backup targets are supported including USB External Drives and Flash Drives eSata External Drives, File Server Network Shares (via UNC), NAS devices (via UNC), RDX Cartridges – as well as the Offsite Altaro Backup Server with WAN acceleration. In my own case I pointed my simple Altaro Server to my local NAS box that already had backup shared out accessible to Microsoft Windows, the same NAS is visible to my VMware ESXi hosts on the same network using NFS.

The Setup

As you might expect the setup routine was a relatively trivial affair, and indeed the software itself does a good job of walking you through the 3-step routine to provide the core details need to do your first test backup – this means adding your VMware vCenter, individual VMware ESXi Hosts or Microsoft Hyper-V Hosts.

Each of these stages has a ‘test connection’ component before you proceed, tha you can see in this screen grab below:

The next stage is adding your storage options for carrying out the backup itself. You can opt for a directly connected device, or for a remote location supported by UNC. In my case my Altaro VM Backup Server was a Windows 2012 R2 virtual machine, with access to my remote NAS.

As you can see once a backup target has been added its simply a case of dragging and dropping a VM to that target. From this point onwards most of the admin tasks are of a drag-and-drop variety – dragging VMs to predefinied schedules and retentention policys, so you can control the frequency of backups, and hold old backups are disgarded. As my lab has been offline for a year, I don’t really have that many VMs to backup, except of course the infrastructure VMs that make up the lab itself. So I decided to backup these VMs as a matter of course.

What’s New

The V7 Edition boasts a number of new features. The first is “Augmented Inline Deduplication”. This decreases the time it takes to both take and restore a backup. It creates the smallest backup size, and doesn’t require you to group VMs together to get the benefits. The fact that its inline means the deduplication process isn’t run as a post-backup process. This is important because the storage savings that deduplication brings mean little in real terms if you still need the temporary space required to carry out the backup. By definition backups often mean backing up the same bit of data that repeats itself in different VMs over and over again, and this deduplication cancels out bloat in backups.

Altaro have published blogs that explain this augmented deduplication process. This blogpost is a centred around Hyper-V and they have a very similar one for VMware as well. Calculating the upfront exact amount of potential savings any customer will get from any dedupe process is difficult. However, the Altaro VM Backup Dashboard does a good job of showing those dedupe and compression savings.

Also new to V7 is “Boot from Backup”, it’s the ability to power on a VM directly from the source backup. Typically, this means a network location like a CIFS/NFS server share/export is mounted directly to the hypervisor and powered on. That means the IO performance will be constrained by the disk capabilities of the system backing it. Remember this is merely away of getting the VM up and running in the shortest possible time. In most cases the availability issue trumps any short-term performance hit, because it’s the clever stuff going on in the background that matters. In the background the restore process is continuing – once the restore process has completed, all you need to do is schedule a small maintenance window to shutdown the “boot from backup” and replace it with the restored copy. As you might expect, a reboot takes less time than waiting for a full VM restore.

The “boot from backup” feature has two modes – a verification and recovery mode, and of course the performance mileage will vary dependent on the qualities and capabilities of the storage backing that VM’s backup target location.

Once you have gone through the usual suspects of selecting the mode, backup location and VM itself – you get granular control over the way VM is brought up. This includes attributes such as renaming the VM and ensuring its network card is in a disconnected state – to avoid conflicts with the existing VM.

What’s Next?

VM Backup V7 will soon promises a feature called Cloud Management Console (CMC), which will allow administrators to monitor and manage remotely all their backup installations using a single tool that can be accessed from any web browser – without VPN or any requirement to be on-site. The CMC dashboard gives a more site-by-site or customer-by-customer point of view and will be designed for a more multi-tenant approach to backup management.

What’s There?

Well, as I stated earlier everything you’d expect from an enterprise backup solution is pretty much there. So along side multi-hypervisor support you’ll see an impressive list of features:

  • Drastically reduce backup storage requirements on both local and offsite locations, and therefore significantly speed up backups with Altaro’s unique Augmented Inline Deduplication process
  • Back up live VMs by leveraging Microsoft VSS with Zero downtime
  • Full support for Cluster Shared Volumes & VMware vCenter
  • Offsite Backup Replication for disaster recovery protection
  • Compression and military grade Encryption
  • Schedule backups the way you want them (View video)
  • Specify backup retention policies for individual VMs (View video)
  • Back up VMs to multiple backup locations

So there are plenty of positives to be hand, along side a competitive licensing policy… but….

What’s Missing?

If there’s one repeated criticism levelled at Altaro VM Backup is the lack of public cloud as a backup targets. So for offsite backup use your very much dependent on having another site in which to host the Altaro VM Backup Offsite Server. Now for many small businesses this might not be an issue, as many SMBs actually have more than one location – such as their main warehouse facility and the customer-facing location. However, for SMBs that literally only have one location this is tricky. Such customers might look to services like Amazon S3, Glacier or Azure as way of getting their backups a distance from the core site. The alternative is transporting removable media to another location – and that feels decidedly 1990’s for an era where data can and should be held anywhere.

I raised this issue with the guys at Altaro and they pointed me to blogpost they have which show using the Altaro VM Backup Office Server in Azure. The first blogpost covers off the planning and pricing aspects of placing an Altaro Offsite Server in Microsoft Azure. The second blogpost explains the process of how to setup it up. This configuration is something that Altaro intends to fully develop and it in the pipeline, and part of an overall cloud strategy – but they weren’t understandably able to give me an ETA on that – because it would be commercial sensitive to do so.

In Conclusion

If you are familiar with virtualisation and have been following the backup space for virtualization for a while – there are no surprises here. What’s certainly true for me is that a new tier of backup vendors is entering an already crowded space. This is not dissimilar to the shake-up we saw in the storage space in the last 5 years. Features that were once unique and only available from premium vendors are now going mainstream. The question remains – if you are working with a premium mainstream vendor what unique features are they offering you that you can’t get elsewhere from a relatively new player in the market who is hitting the streets with very attractive pricing and licensing policies? So I see it as a mark of ‘due diligence’ to do a scoping out of alternatives, rather than simply disengaging the brain and signing the renewal contract. You don’t do that with any other insurance premium, so why do that with your backup insurance premium?

Finally, for home labs and small environments, that need basic features, they can also use the free edition that enables backup up to two VMs for free, valid forever.






Category: Other, vSphere | Comments Off on Altaro VM Backup V7 Released
January 2

@LastPass and Password Management


This blogpost is about my recent escapades in password reset and password management. Before I dive in I need to fess up. Despite decades of experience, I have over time seriously miss-managed my passwords. That’s despite having used tools like Lastpass for a couple of years. I haven’t been naughty such as writing down passwords on PostIT notes, but I have re-used similar or same passwords across multiple websites – even though I knew this exposed me to so-called “weaker sister” style breaches – that is to say that if you use the same password across multiple site, it’s the one that is most vulnerable to attack which then allows access (assuming the same user ID is in use) to all the rest. So this New Year I decided to put a stop once and for all to this bad practise. What follows is a description of what that was like, how bad/easy it was, and some general thoughts about the nature of security in the modern world. I might add the recent 1B breach of user ID by Yahoo was a wake-up call. I wasn’t personally hacked and I believe my account was secure (after all 1B accounts takes some going thru even by modern computing standards). I guess the operative word there is ‘believe’

Firstly, if you a LastPass user – check out how many websites you have listed, and run the security challenge. This does a good job of flagging up how bad your situation is, as well as flagging – compromised passwords, weak paswords, reused passwords and old passwords. You can see the result of my score above. Actually, this was in terrible state until I set about resetting the passwords. I had bad reports for Step1/2/3/4. My master password (the one that allows access to the LastPass word vault) was the same as one of the websites I had saved. Lastpass does warn you about doing this – but I foolishly ignored it and never got round to resetting it…


Secondly, where possible use Lastpass ‘Change Password Automatically’ feature to reset bum entries. This feature works well with the website it works with (paypal, twitter, amazon). However, it DOES NOT work with the vast majority of other websites. This is NOT Lastpass fault, but because we have no uniform standard for how password reset webpages should be constructed and formatted. This means authenticating individually to each and every site, and doing the password reset manually. I had over 240 sites. A follower on twitter had over 600 (admittedly he said he was okay as everyone was unique)

Note: Incidentally, I found “Change Password Automagically” is available for Yahoo, it didn’t work. I also found it got confused with the multiple Google accounts I have. I think this is because both Yahoo and Google have their own special UI and method of handling logins. I found Lastpass would reset the wrong accounts password.


Thirdly, let LastPass generate new passwords for you. But beware that not all websites support special characters (!@£%^&*_), and some require things like 2 numbers and two letters with Upper-Case. Also I found occasionally that Lastpass would not ‘see’ the password reset, and it wouldn’t prompt to update the username/password stored in the Vault. I took to copying the password to the clipboard, just in case – and doing manual updates. This is because there are really no standards for how password resets are managed for web-pages.

Lastly, Lastpass creates a little icon in the username and password areas – this works on Yamaha’s website for example but not for Hertz’s website.


Note: You can right click in these fields, and select Lastpass, and Generate Secure Password

Also I spent many minutes trying to find the place to reset my password in some websites which slowed the process down. This is because there is no standardisation really for where this information is held. Sometimes it’s easier to pretend you’ve forgotten your password, to get an easy to click reset link. However, this isn’t standardised either – as some websites reset your password to a value which you have to subsequently change (which means you wind up having to locate and work with their password reset feature).

Fourthly, rinse and repeat for every single login ID – I ended up running down my 240 stored usernames/passwords to about 160. This is because some of the websites no longer exists or I couldn’t access them. For instance I had username/password combo for internal systems at stored behind a VPN accessible firewall. This does raise the spectre of bad username/password combinations that can never be fixed. However, I take the view that if ALL of the existing websites I do have access to – each have their own unique password – I’m as safe as I could ever be. And in comparison to my poor rating before – I now have a much better situation. It does raise the issue of remembering to delete accounts or reset passwords on systems you are not using anymore. The Yahoo warning was about an email address I have not used in years….

Firstly, You will notice that the word ‘standardisation’ comes up a number of times. It’s my belief that this lack of standardisation in the industry concerning password management significantly reduces the value of tools like Lastpass. This isn’t Lastpass fault, they must work with the reality they find. However, given recent breaches I think pressure should be put on the large stakeholders to adopt uniform standards.

Secondly, I shocks me that today in 2017, many website use your ’email address’ as the username. I doubt very much if the average joe/Josephine creates a bogus email address simply for the purpose of logins. This means the very means by which people requests password resets can be hacked. I see no reason why folks can’t have a user ID that is distinct and separate from their email. It would make swapping out email when they change infinitely easier. If I change my email address many hundreds of entries in my Lastpass vault become stale or invalid.

Thirdly, given this a manual process cared out me a monkey with an oversized wet brain – mistake can and do happen. There are couple of website where I screwed up their password reset process and found myself locked out. This means I have to request a password reset email (or in the case of get codes sent to other email addresses or my phone).

Finally, although Lastpass has an automatic password reset feature, it’s not supported uniformly. This makes the process very labourious, and is a dissensitivity to fix the problem – but also reset passwords. It’s common standard in the enterprise environments to change passwords on a 30/60/90 cycle. No such standard exists in the private internet space. It took me ALL DAY to fix my problem – starting at 9am and finishing at nearly 11pm. It’s unacceptable to me to have carve out a whole day annually, quarterly or monthly to reset all 160 entries. The only ‘reasonable thing is once a week do a block of 10 or alternatively – make a folder of the MOST sensitive accounts (email, banking and anything that processes money – paypal and ebay for instance) and put them on a more frequent cadence of resets.

Category: Other | Comments Off on @LastPass and Password Management
April 28

Facebook Live – This got too long for a tweet

I got one of those emails from Facebook introducing Facebook Live. It’s aimed at businesses (I still have LLC here in the UK, but it doesn’t do much. Anyway, they were advertings streamGO – which essentially offering video production services….

Anyway I was reading the stuff/guff online. When up pops an irratating “Live Chat” box that I had close and dismiss before I could carry on reading. Then I read this statement:

Screen Shot 2016-04-28 at 15.15.12

I’m sorry – but I don’t understand why any company would use Facebook Live/streamGo. If you have a marketing effort that has no measurement – and no method to contact interested customers – why would you bother?

Category: Other | Comments Off on Facebook Live – This got too long for a tweet
February 23

How to get a broken server door key out of HP ML350e


Yes, I know how esoteric and specific can a blogpost get, eh?

I’d only had my new HP ML350e series servers in a homelab until one day disaster struck. I accidentally broke a server key in the lock on one of the servers.

The ML350e has one of those key setups where you cannot leave the front door unlocked. When you unlock the server you can’t remove the key. The key also locks the outer-panel which is used to get to the main system for upgrades – and physically secures the server (bear in mind anyone with genuine physical access can pull the power cords and disconnect the network!). I’d prefer to leave the server unlocked, so I loose the key I can still have access. The trouble is in an unlocked mode, you cannot remove the key. I’d left the keys hanging in the locks with the front door pushed shut (Actually, I sometimes do this with my house door/key. Yes, I’m that forgetful. My mum calls me the absent minded professor).

With the server stood vertically, and side-by-side. It wasn’t long before shifting of the server caused one to bang into another, and bend the cheap and nasty key. Of course, I bent it back into shape. The third time this happened it sheered off right off. I tried to the pull remainder of the keyout, and only succeed in pushing it in further. I know. Utter Face Palm…


So how to get the key out? First I consulted the internet. This guys is great…

So sprayed the lock with the workmans friend – WD40. And then stuck this very thin screwdriver into the lock along side the key. The screwdriver is the kind you might use to unscrew the screws on an iPhone or such like. I found a place where it would slip down the side of the broken key – and then pulled it very quickly. I did this couple of times. The frictional force of the mini-screwdriver as it was removed dislodge the key enough so I could see the end of it. I bit more leverage with screwdriver helped bring the key out enough that I could use some tweezers to remove it… RESULT!


Moral? Lock the server. Secure the keys. Don’t bend keys, they sometimes don’t bend back. If your too abscent minded not to loose keys, loop them to the back of the server, or staple them to your forehead.

Category: Other | Comments Off on How to get a broken server door key out of HP ML350e
January 9

An Empty Cluster for PowerCLI…

At the end of the last year, I asked on twitter if anyone used an empty VMware Cluster (without HA, DRS, DPM enabled) to aid in their scripting/building of a vSphere environment. As ever I was asked “why”, and it was then I realised that 140 characters wasn’t going to be enough to explain my question – which incidentally I don’t really feel I have answer too. I’m a bit like that. I ask questions I don’t know the answer to – as opposed to asking questions where I do know the answer [something a former colleague of mine the 90’s used to all the time!]

So here’s the thinking. Since about ESX 2.x to ESX 4.1 (and a bit of 5.0) the main engine I used for configuring VMware ESXi hosts was post-scripts executed at the end of the installation. Generally, I would use the Ultimate Deployment Appliance (UDA) to accelerate that process. For many people this remains a popular method of rolling out VMware ESX. However, I’ve alway had issues with this method because installing VMware ESXi is just one small task amongst many that I would have carry out – say if I was building my lab to learn the next version of VMware View or VMware SRM. For instance I can’t use this sort of scripting to configure a VMware ESXi hosts membership of a cluster or Distribute vSwitch. So for some years now I’ve been using VMware PowerCLI to vast majority of this work because it has such a rich set of cmdlets that allow me to automate my entire build both of the VMware ESXi host AND the vCenter inventory objects. It feels neater to me to use one very rich method of carrying out automation tasks, rather than using two different methods together (UDA/Anaconda-style scripts with PowerCLI handling the rest)

So far so good. For me its almost made sense to add all the hosts into vCenter, and then begin the process of configuring them. That’s because you can use For-each loops to carry out bulk-administration tasks on every single host – rather than connecting to each host individually. After all one VMware ESXi host doesn’t differ from another host – in fact the very reason for these scripting task is get consistency, so the VMware ESXi hosts can be treated like cattle rather than cats (to use current metaphor that is in vogue). So here’s the quandary.

Whilst my many VMware ESXi hosts are all very similar, they have unique attributes (such as hostname, IP address and so on), but they also share some common attributes as well (such as access to the same storage LUNs/Volumes/NFS exports, Distributed vSwitches and VLANs). It’s generally the case in most environments that the “cluster” acts as virtual silo with one cluster generally not having access to another clusters resources. The assumption is that if some rogue admin monkey’s with the configuration of a cluster the impact is felt within one cluster – not all. Imagine for instance a storage admin changing the masking of LUNs/Volumes which results in all the storage “disappearing” from a cluster. The trouble I feel is how to best differentiate one bunch of servers from another. An example might help illustrate:


I have added 64 VMware ESXi hosts into vCenter. I now want to create a unique vSwitch and Storage configuration to hosts 1-32, 33-64 and 65-96. These will ultimately end up in ClusterA (1-32), ClusterB (33-64) and ClusterC (64-96). It’s important that VLANs and Storage is only available to the hosts in each cluster.

So how best to identify or group these host when using my For-each loop? I could create 3 datacenters, and that would allow me to use the get-datacenter to make sure that configuration only goes to the right VMware ESXi host in those datacenters. That seems a bit ugly to me. I could use Powershell ranges (1..32) to use a For-each loop that would only be applied to esx01nyc to esx32nyc. Again, that seems a bit clunky. I could use a big ole .CSV file making sure and use references within it differentiate one collection of servers from another (I actually think is quite a good approach…)

One idea had was to create both the datacenter, and the cluster (A,B,C) but not enable the DRS/HA features – and then add the VMware ESX hosts. The idea here is that the cluster acts as attribute I can reference using get-datacenter. Once the host within this cluster have got access to the networks and storage they need – the properties of HA/DRS could be enabled. After all there dependencies to met – HA will want heartbeat datastores & redundancy on the management network – and DRS will need at least one vmkernel port enabled for vMotion. Once HA/DRS had been enabled I could set about using my script to define resource pools….

I’d be interest to know if anyone else does this. If they think this is a bad idea or not. I’m quite happy to quit the field if people think what I’m proposing is a bad idea. I’m just curious to know peoples opinions – and if they think there’s a better way of doing it…

Category: Other | Comments Off on An Empty Cluster for PowerCLI…
October 9

New Release: Bitdefender GravityZone-in-a-box (GZiaB)

Note: GZiaB can protect physical, virtual and mobile devices – my focus is on virtual machines, with a particular focus on virtual desktops. For that reason I will skip the part of the appliance that deals with physical and mobile endpoints.

If you have been following my EUC work for a while you’ll know I’ve spent sometime in the lab with Bitdefender GravityZone. I first came across the company when I was writing the “EUC Book” with fellow vExpert Barry Coombs (aka @VirtualisedReal).

Back then I was looking closely at the VMware “vShield” Endpoint technology. In case you don’t know it offloads the demands of AV out of the guest operating system, onto a dedicated appliance. I recently did some updates around Chapter 23 of the book, and Bitdefender were kind enough to sponsor that work which allowed me to give that chapter away for free.

Anyway, more time has elapsed and Bitdefender have been busy (re)developing their offering called “GravityZone-in-a-box” (GZiaB). I did an hour long WebEx with them – where they briefed me on the new offering that have been announced today.

In the full enterprise release of GravityZone a single virtual appliance can be downloaded and configured for a number of different roles including a database, update, communication and web console. The idea is that you can deploy a number of appliances running each role, and drive up scalability. Of course, it’s entirely possible to enable all these roles on the same virtual appliance – which is what I did to keep the setup simple.

What’s new is that Bitdefender now have an appliance designed with SMB’s in mind with all these roles are already setup and configured for us. They have also licensed the “in-a-box” solution at a price point that should make it attractive to the SMB market with a sliding scale of packs based on the number of endpoints you want to protect. Notice how I just said “endpoints” – the GZiaB solution supports protecting physical, virtual and mobile endpoints. At the moment the appliance scales up to about 250 endpoints – so you’ll need have a handle on the number of endpoints you expect have with an licensing period. You’ll also need to work out whether high-availability of the AV management layer was something that was an absolute requirement. That’s something that’s available GZ, but not in GZiaB. There is possibility of out-growing the 250 devices best practise by adding more CPU/Memory to the appliance. But at that stage you might be better of looking at the full GZ model which includes HA. In my session with Bitdefender they did indicate that upgrading from GZiaB to the fully GZ version would be possible. There’d be no need to touch/upgrade the endpoints themselves (phew!) but merely enables the deployment of additional appliances need for GZ (including the SVA appliance mentioned to , and porting of your licenses entitlements to the GZ product.

What makes GZiaB different is that it doesn’t leverage the vShield Endpoint. Personally, that’s a bit of a disappointment to me for reasons that are probably obvious to everyone (you do know I work for VMware, right?). That got me thinking about why that might be the case – and no isn’t Bitdefender putting the best cookies in a jar on the top shelf, and charging top dollar. I think it’s more about easing the deployment of a virtualized AV solution. As you might know vSphere vShield Endpoint is now “free”, in that its now rolled into the mainstream suites and SKUs, where as previously it was available as part of the vCenter Network & Security (vCNS) bundle. Historically, its been bundled with various editions of vSphere and Horizon View – to offer a complete package of end-user compute virtualization, virtual desktops, application virtualization (with ThinApp) and also anti-virus. Apart from the cost of acquiring vShield Endpoint the other barrier was it didn’t provide the virus definitions/scanning/quarantine process expected of AV system. Instead vShield Endpoint provided a robust infrastructure that AV partners like Bitdefender, Trend Micro and Symantec could leverage to build AV solutions. So that was two products you needed to get of the ground – vShield Endpoint and a third-party provider certified in the program.

You would have thought making vShield Endpoint “free” would open the floodgates. But I’m not sure whether it has. I’m going say something that sounds critical here, but I’m going to say it because – well, I think it’s the truth. I think one barrier to adoption is two layers of management that comes hand in hand with the virtual AV (software-defined-AV or SDAV!) There’s the administration of the VMware part, and then the administration of the third-party component. Whilst an able person such as I, who has been working with VMware for some years, and is heavily exposed to the Enterprise products in the stable wouldn’t struggle – sadly, that isn’t the case for your average SMB person. Now that does NOT mean I think SMB people are less able or technology – that’s hogwash. What SMB people are VERY busy, and have to wear many hats – and in some case ALL the hats in an organization. One minute you’re in the AV room fixing a projector, the next you have a Putty session open an VMware ESX host. What I would love to see happen is some rationalization around the deployment process for vShield Endpoint that would enable the third parties to OEM and deploy the vShield Endpoint component. So the deployment of the vShield Endpoint, and the VMCI driver (that’s part of VMware Tools) is something that a third-party could deploy. Anyway I’m not the PM or PMM of Endpoint, and I’m not privy to the roadmap – so I have no clue if this can/will happen – but I figure anything that makes rolling out VMware Endpoint+3rd party would only result in more usage and more revenue for both parties…

Anyway, that’s my two cents – lets check this GZiaB out.

Continue reading

Category: Other | Comments Off on New Release: Bitdefender GravityZone-in-a-box (GZiaB)
June 18

Updating BIOS Firmware and Settings for HP Proliants using the Ultimate Deployment Appliance (UDA) by Tom Ewerling

This article is the first from a guest on Tom Ewerling contacted me a couple of weeks ago asking me some questions about the Ultimate Deployment Appliance – as ever before I’d even scratched my head Tom had worked some of them out for himself. In case you don’t know Tom he tweets as @ETgoVirtual. Tom wanted to know if there was method of using UDA to update BIOS Firmware and BIOS settings.

Tom gives an overview of the process in his article. Put simply, the physical box boots from customized WinPE build which contain the update (in this case HP), and then runs a script to work out if the firmware is up to date or not.

Screen Shot 2013-06-17 at 11.12.45


After some consideration I decide it was easier to take Tom’s work which is in a Word.doc file, and convert it to a PDF. That means if needs to do any update he can just send me the new version along, and I can upload the PDF to my site.

Thanks Tom!

DOWNLOAD: Updating BIOS Firmware and Settings for HP Proliants using the Ultimate Deployment Appliance.

Category: Other | Comments Off on Updating BIOS Firmware and Settings for HP Proliants using the Ultimate Deployment Appliance (UDA) by Tom Ewerling
April 7

Up in the RyanAir

This articles title is inspired by the movie “Up In the Air”. It was released a couple of years ago and starts George Clooney as a roaming “severance” expert (his job is to fire people). Watching the movie I a struck by home adopted similar strategies for getting through the airport experience as him. Remember “its not racist – its called stereotyping – it’s faster…”

About 4 years ago I would have said I was a road warrior.  Back then as a freelance VMware Instructor I’d fly around Europe delivering the official curriculum for partners – and on average I do 2-3 weeks away, followed by 1-2 weeks at home. One year it got so crazy that I didn’t teach at all in my home country. I did 8 week stint across Europe, on that last week I woke up in my hotel room unsure of what EU country I was in. Any road warrior will tell you of tales of 5mins of existential panics induce by this. That’s when I decided I need to regain control of my schedule.

So there will come a point in time that whether you like it or not you take a flight with the low-cost airline “RyanAir”. The airline as unenviable reputation for value for money flights, but also less than enviable quality of experience or customer service. With that said, I’m a firm believer of you get what you pay for – so here’s my tips for smoothing your way thru the process. In truth some of this stuff applies regardless of airline.

1. Never let travel agent book a Ryanair flight. Online web-checking is mandatory. Your travel agent is unlikely not to provide the right details to complete this process. Failure not to print your boarding pass before checking results in €70 “admin fee” both ways. So save yourself the heartache of service desk queuing… And book you flight with your credit card.

Incidentally, there’s no Ryanair App. You must print a paper boarding pass or checking at machine. Some cynics say this is a deliberate ploy to catch out unsuspecting passengers with €70 surcharge…

Continue reading

Category: Other | Comments Off on Up in the RyanAir
April 1

AdaptingIT Podcasts with folks from VMware…

Screen Shot 2013-04-01 at 09.03.41

The last two weeks on Lauren Malhoit’s AdaptingIT podcast features two very special VMware guests. First up is VMware’s Cyndie Zikmund.

She works in the EUC side of the business specifically in competitive marketing. So if there’s anyone more qualified to tell you the adv of VMware’s EUC technology over say the incumbent then you would struggle to find that person.

The second guest is more of a mystery person. Someone I’ve not personally met myself called “Michela Laverick“… apparently s/he is in the Cloud Infrastructure BU:

Category: Other | Comments Off on AdaptingIT Podcasts with folks from VMware…