Monday, November 30, 2020

vSphere Standard Switch: Introduction (P1)

 In this video, I spoke about the fundamental concepts of networking in virtualization and the differences between physical and virtual switches. It's the first part and the second video will be uploaded soon.

 

Friday, November 13, 2020

ESXi BootBank partitions

VMware ESXi will create some system partitions on its boot storage device, and it's very useful to understand them with respect to troubleshooting tasks. So let's check them a little:

1. System Boot (FAT16) includes boot loader that has a fixed size: 4MB for older versions (Prior to 6.7) / 100MB for ESXi ver7.0

2. BootBanks 0 & 1: Boot Bank partition has a compressed copy of ESXi boot files and modules. BB0 is used as an active boot partition and BB1 for alternative (AltBootBank) so whenever you upgrade the ESXi version all contents of BB0 will copied into the BB1 for fail-safe purposes. When you upgrade the ESXi host, files of currently installed version are loaded into the AltBootBank (It's empty after new installation) and the system is set to use the updated bank when it reboots normally. In some cases, if the ESXi failed to boot or for any possible reasons the BootBank partition became inaccessible, to recover the latest healthy status of the ESXi host, the system automatically boots from the previously used BootBank and will return to the last good situation (However, you can choose between them manually by pressing "Shift + R" while ESXi are booting).

3. Also, all other system partitions that include non-boot modules like the Scratch partition and the CoreDump that will be placed in the new introduce unified partition in ESXi v7.0, called ESX-OSData. (I think I wrote enough about the importance of CoreDump in my blog, like the last one: Why CoreDump files are useful?) This partition can be used for storing virtual machine files, whenever there is no secondary storage device and the only chosen device must provide all VM's required spaces.

One of the major limitations of ESXi system partitions is their fixed size and to avoid related issues to this matter, VMware decided to make this parameter flexible in v7.0 (You can read more details here) So based on the disk space that we choose as the boot device and its capacity, only the size of the BootBank partitions will be different (not the system boot partition).

At last, if you need to know how to recover a failed ESXi and back it to the normal boot, check the kb59418.



 

Monday, November 9, 2020

VMware Carbon Black


Parts of the best webinars in the VMwrold2020 for me were moments that I learn more about  VMware Carbon Black. As I believe one of the best topics on most of this event's presentations is talking about the Carbon Black. It's all about analyzing not-recognized patterns and automated threat detection, VMware Carbon Black Threat Analysis Unit (TAU) came to use all latest advanced malware detection/prevention mechanism to increase the security and cover our safety. Via this cloud-based platform with the approach on system hardening and threat detection, VMware tries to focus on discovering every global attack, especially each of them that focuses on unknown vulnerabilities that lead to the zero-day attack. Because most of their anomaly behaviors are included with undetected/unfamiliar patterns. So TAU can help us in every corner of the world to protect our infrastructures against pollution/attack.


On Augest 07 2019 this cloud-native endpoint protection announce discovery of affecting more than 500k computers in the world with the well-known cryptomining campaign that steal system access information for possible sale on the dark web and publish a full report about this matter.

However, if you wish to see VMware Carbon Black global threat report for most of the countries in the last 12 months, especially with COVID-19's side effects and tendency to home working for the staff of companies, and observation increasing rate of cyberattacks and threats like malware, review the following info-graph:

https://www.carbonblack.com/resources/global-threat-report-extended-enterprise-under-attack-infographic


Also if you want to know about the global incident response, biggest threats and most cyber-crimes, and notes to know how to fight back against them, read the full report of VMware Carbon Black :

https://www.carbonblack.com/resources/tipping-point-election-covid-19-create-perfect-storm-cyberattacks

 


I will start a new journey soon ...