What is CVE-2018-3646 or L1 Terminal Fault and why a vSphere admin should care ?

Have you come across an error on your Vmware Web client with the message
" The Host is Potentially vounarable to issues discussed in CVE-2018-3646 " then you should read this . 

It is a vulnerability that was reported in Intel CPUs. A local user can obtain potentially sensitive information from system memory. what worries us is that VMware ESXi is affected.

A local user can conduct a speculative execution side-channel attack against the L1 cache to infer potentially sensitive information from L1 cache memory on the target system.

This method is referred to as the "L1 Terminal Fault (L1TF)" or "Foreshadow" attack.

Microprocessors that support Intel Software Guard Extensions (SGX) are affected [CVE-2018-3615].

Other Intel microprocessors that use speculative execution and address translations may be affected [CVE-2018-3620].

Other Intel microprocessors that use speculative execution and address translations and that host virtual systems may be affected [CVE-2018-3646].

The end result is that  A local user can obtain potentially sensitive information from L1 cache memory on the target system.

Anyway VMware has issued a fix for CVE-2018-3646 for VMware ESXi.

Check this Link for updates https://www.vmware.com/security/advisories/VMSA-2018-0020.html

Blog post Sources :  https://securitytracker.com/id/1041456
                                 https://kb.vmware.com/s/article/55636

If you are not aware about this issue before and if you reached this article to read about it , Please leave a comment here and share this link to your IT professionals groups so that we can fight it together .

unhandled exception when trying to connect to host client

most probably you are here because you tried to login to host client in vsphere 6/ 6.5 and got an error message "  unhandled exception when trying to connect to host client "

Please watch this video and it will give solution to your problem . Please comment if it fixed your issue 

Please share it with your friends too.
If your organization need a corporate training session on VMware DCV , Please click this link below to reach us
http://vmwaretraining.in 

Industry hands on session on VMware Virtualization

Need a real Industry hands on session on VMware Virtualization ?
Welcome to Corona Institute of technology . Rather than a slide show based session on Virtualization , We make sure that you will get the real hands on session on Production servers and session taken by Industry experts with years on hands on experience in IT infrastructure industry .

VMware vSphere Free Training

This blog post serve the role of aggregating various tech videos available from the you tube channel of VMware  and presented in such a way that an IT professional trying to learn more about virtualization will get an step by step knowledge of concepts and implementation skills on VMware vSphere 5 and 6 . 

The first post is made as on 6th November 2015 starting from basic ESXi installation  and reach up to FT feature of  vSphere . Please give your inputs in comment box so that more and more topics , vidoes and links can be added to make it more useful for IT professionals .  

Introduction : 

One of the key difference between the certification pattern offered by VMware  compared to other international certification is that VMware insist on attending their official training session named Install , Configure , manage ( ICM ) so that your certification transcript become visible on their web site .  Everyone in the industry is aware that the reasons behind this policy is mainly do with the business than technology , VMware insist that it is their way to maintain a strict quality of training offered by their certified instructors.  But strange enough  most of that classes including the slides used on the official camp is available on VMware YouTube channel itself and the sessions are taken by senior VMware Certified instructors .

One of the major issue faced by any novice  to virtualization industry attending the  ICM is that the lab sessions are not demonstrated by the instructor. After the slides are explained by the instructor , he /she will just ask the participant to  to the lab mentioned on the pdf file . Since the students are new to the concept of virtualization they will find it really hard to digest the concept of the process and  will blindly follow what all stuff written on the lab manual .
But at the same time , the on-line videos from VMware clearly explains the process as well us do the demonstration of the lab sessions . The only shortcoming is that the videos given on the channel will be on basics of the previous versions of the ICM class.  But if the student is ready to the learn the what's new concepts after learning the contents of the video , it is not going to be a big issue .

Please bear in  mind that this blog post is not an alternative to attend VMware ICM workshop for your specific certification path . The session videos from VMware Web site covers vSphere 5.1 Lab

But going through this videos from Vmware itself before attending your workshop will give you more clear-cut idea about the process . Make sure that you also has enough hands on exposure to Virtualisation environment before you attend an ICM session . Also remember that storage management concepts and setting up your storage are not part of  ICM .If you need a physical hands on lab session which cover all the aspects of virtualization and storage concepts , Attend a hands on Lab session from Corona Institute . The details of the same can be found on www.vmwaretraining.in   

Let us Start with the very basic concepts of Virtualization with this video from VMware Itself

Once you learn the basics , Let us start with the installation process of the ESXi host on a production server . Please not that on offcial camps , this process is done only at the end of the training session which is really confusing . Even on this video tutorial , the aspects of physical preparation of your  production server, RAID configuration , IPMI and  ILO configuration are  not covered . If you need a hands on session on the same , attend a fast track session of hands on session at www.vmwaretraining.in 

Here is the video session on How to install and Configure the ESXi hosts.

Now After you learn how to configure the ESXi host , learn how to mange the ESXI host using the Direct Console User Interface , or DCUI

and Also check this video , It is a great introduction to the ESXi as a whole






 Once you learn the art of ESXi installation , it it time to manage the infrastructure  .   to manage an ESXi host directly , you need a software called vSpere Client . It is a dot net framework based windows software which is used to manage ESXI host individually or to manage multiple ESXi host through a concept called vCenter which we are going to discuss .

Download and install vSphere client to your Windows 7 machine and through the vsphere client you can manage the Single ESXi host . If you do not have the correct version of vsphere client with you , you can download it from here  https://www.vmware.com/go/download-vsphere

Your infrastructure will have Multiple ESXi hosts in place and managing each and every host individually is not an easy task and you will not get all the advantages your virtual infra offering to you by directly connecting to each and every ESXi host .

SO you need to have a centralized management of your vSphere which is done by the use of  a service called vCenter Server . Let us learn the concepts of vCenter through this video .



In this video, we'll be looking at installing the VMware vCenter Server. The vCenter Server is a management platform that allows the centralized management of all ESXi hosts and the virtual machines that run on those ESXi hosts.

Advertisement : 

If you need a real Industry hands on session on VMware Virtualization , Welcome to Corona Institute of technology . Rather than a slide show based session on Virtualization , We make sure that you will get the real hands on session on Production servers and session taken by Industry experts with years on hands on experience in IT infrastructure industry .

Click on the image below to know more about our hands on session in India . We also conduct corporate Training sessions for IT companies 

As you have observed , this video covers concepts related to  vSphere 5.1 . Why we discussed it here is because 5.1 is the first product which introdued the concept of SSO to vcenter . Next video will give you an overview of the the same process and best practices with vSphere 5.5

 . Be aware that at this point we installed and configured a physcial vCenter Machine . There is another way of configuring your vCenter as a Virtual Machine. But I personally believe that unless you are fully aware about the physical vCenter configuration , you will get the full concept of the Virtual vCenter . remember , your real goal of mastering all these concepts is not just to pass any certifications , but to learn the concepts so that you can apply it to the real field . So get   Qualified First , Then Get Certified ®

Once you installed and configured the vCenter Server , it is time to log in to the infrastructure and create your first virtual machine

The video you just watched discuss the process based on the vSphere Client method of login. Starting with the vsphere 5 , vmware introduced the web client concept where you can use your browser to point to the vcenter and use it as the web client to manage almost all the operations . VMware now expects that you perfrom all of your advanced functionalities with  the web client itself .

So let us get ourself familiarise with Web client through this video . We assume that the web client server component is installed on the same machine running VMware Vcenter  Server

and This video will also help to know more about the Web client .Some people has some strong objection against using the web client . they say it is slow and unresponsive . But VMware fixed most of the issues associated with the web client on newer releases . You like it or not , you have to use the web client if you want to perform advanced operations in vSphere . so let us have a more detailed look in to the web client though the following videos

This Video explains the new navigation features of the vSphere Web Client.

This video  walks you through the process of creating a virtual machine from scratch using the vSphere Web Client. Do not worry about advanced terminologies used on this video , we will learn it eventually 

Interact with virtual machines directly in the browser by using the vSphere Web Client HTML5 console. In supported browsers, the HTML5 console does not require the installation of additional software.

This video discusses privileges, roles, and permissions, and demonstrates how to create a virtual machine administrator role in the vSphere Web Client

Ok , Once you know the basic concepts of  Virtual machine creartion , Now look in to the underliying concepts of storage and Networking . Let us start with Virtual Networking concepts . These discussions hold good of all generations of vsphere


VMware vSphere provides a couple of different options for virtual switch technology. We have standard virtual switches, and distributed virtual switches. In this video, we're going to be looking at the standard virtual switch.

Now let us discuss VMware vSphere Distributed Switch concepts in the following video

Your ESXi host can make use of storage of a variety of types. It can access directly attached storage, for instance, local SCSI storage. It can access fiber channel storage, fiber channel over Ethernet, iSCSI and NFS. In this video, we will learn how to use VMFS Datastores.

Now let us discuss the difference between thick and thin provisioned Virtual Disks

Now let us learn to Use Templates and Cloning.Templates and cloning are techniques that we can use to rapidly provision a virtual machine over and over and over again. We are basically taking a virtual machine, making a photocopy of that virtual machine, with the option to be able to customize it to give it uniqueness, so we don't have duplicate IPs or duplicate names, or in the case of some Windows guest operating systems, potentially duplicate SIDs.

Now Let us Discuss the concepts of Clusters . There are diffrent aspects of the cluster including the feature like HA , DRS and FT . let us start with HA cluster

As you learned HA will create a downtime in your envirnment and it is ok if you are having a host failure and your aim is to bring back the machine as early as possible without human intervention . But for planned downtimes and load balancing aspects , we can use the vMotion process .

In this video, we're going to investigate how to migrate virtual machines using vMotion migration. vMotion migration allows you to move a virtual machine that's powered on from one host to another.

In the next  video, we'll be exploring how to use Storage DRS. A datastore cluster is a collection of datastores that are grouped together. Typically, the reason why you'd create a datastore cluster is in order to enable storage DRS on that cluster.

If you are having a mission critical environment , you may need to implement FT on your environment . Learn more about FT here

Have one more video on the same subject

As we stated initially , this is an effort to aggregate various videos on the v Sphere and present it in such a way that it will be useful for anyone who wish to move to virtualization career

Testimonials from Professionals

the best thing about all the effort on intensive sessions of vmware virtualization lab is the testimonials given by professionals who attended the session . I am trying to archive some of the testimonials here which inspired me to dive deep in to technology and impart the stuff to more and more people . so here I am after all these years , still getting nervous on the first moments of my new training sessions

.

VMware Virtualization പരിശീലനം തുടങ്ങിയിട്ട് അഞ്ചു വർഷം തികയുന്നു ഈ മെയ്‌ മാസത്തിൽ . 2009 മുതൽ ഏകദേശം ഒരു വർഷത്തോ...

Posted by Shyamlal T Pushpan on Saturday, May 16, 2015

Being Shyamlal Sir's last VMware session attendee, I wanted to share my experience here. Initially I thought a 9 hour...
Posted by Bijou Monci on Wednesday, April 8, 2015

Posted by Vmware Training in Kerala , india on Saturday, June 20, 2015

Posted by Vmware Training in Kerala , india on Saturday, May 30, 2015

Shyamlal - You are one of the best instructors I have ever come across. Glad I decided to take the #VMWaretraining from you.

Posted by Manoj Chandran Ramamangalam on Thursday, December 11, 2014

Power CLI primer

Just like many of the network professionals out here , I too believe that life is too short to learn all those command prompt tools and stick on to a graphical version of any tool if it is available . But some times the command prompt based tools can be indispensable if you have to do things repeatedly . For creating a single VM per day , I will surely use vsphere client , but for 50 VM per day , I prefer some method by which I can automate the process. That is the role the power CLI is playing in a vSphere environment .

This post is just a basic introduction in to the basic aspects of power CLI. Personally I am preparing this as a reference to me itself so that I will not miss any of the concepts of power CLI for my VCAP-DCA exam .

to begin your experiment with powerCLI , install it to any windows machine on your network . You can download it here 

installation is pretty straightforward . Finish it and open power CLI from all programs --vmware --vmware power CLI . but  wait , if you try to do it , you will be greeted with an error message like this .

Now try to open the same program with administrative privileges , ie right click and select run as administrator , you will find that the same error repeats this time also . But it is now time for us to set the execution policy of the PowerCLI to " remoteSigned " it will allow us to run scripts that have written on the local computer . That is exactly what we need to do . The default mode is restricted and that is why we are getting all those red colored scary messages . so go ahead and type this

set -executionPolicy Remotesigned

next time when you bring the powerCLI up , it will greet you in a much more pleasant manner . Remember that you don't have to run it in administrative mode anymore for normal operations .

Now let us start by connecting to an ESXi host  or a vCenter Server . use the command   connect-Viserver  < ipadress or FQDN >

it will pop up a message asking for the user name and password . There are two option to avoid  it and specify it along with the commands

connect-viserver < ipaddress>  -user root -password P@ssw0rd  or you can use the credential variable  $Credential=Get-Credential and using the value $credential along with the command like  connect-viserver< ipaddress>  -credential $credential 

connect-VIserver -Menu is a nice option to list all your previously connected servers and you can choose one to which you wish to connect .

SSD tagging a Normal hard disk

There will be some situations where you need to tag your regular local drive attached to your ESXi host as SSD drive. Your ESXi host is capable of detecting the SSD drive and tag it accordingly . But some specific models of  SSD drives will not show up as SSD. Since SSD is essential for your vSAN implementations and experiments , we may have to do the process manually .

The second scenario for doing this process is for your home lab with a nested virtualization where you need to fake an SSD for your lab experiments . Which ever may be the situation , we can use the following procedure .

select the data store option from the configuration tab of the host  , note down the device name as shown below

As you can observe from the figure , the name of my datastore is FakeSSD and device label is

mpx.vmhba2:C0:T1:L0

so I am performing an esxcli procedure which will make my ESXi host belive that he is using an SSD drive .

esxcli storage nmp satp rule add - - satp VMW_SATP_LOCAL - -device mpx.vmhba2:C0:T1:L0 --option "enable_local enable_ssd"

esxcli storage core claiming reclaim -d mpx.vmhba2:C0:T1:L0

Now check the device type after a refresh , the system now believes that I am having an SSD disk on its controller .