Friday, September 8, 2017

VMworld 2017: Futures with Scott Davis EVP of Product Engineering at Embotics

Had a great discussion with Scott Davis the EVP of Product Engineering and CTO of Embotics at VMworld 2017. Scott was kind enough to share some of the future looking innovations they are working hard on at Embotics.

"Clearly the industry is moving from having virtualization or IaaS centric cross-cloud management platforms to more of an application-centric container and microservices focus. We really see customers getting serious about running containers because of the application portability, microservices synergy, development flexibility and seamless production scale-out that is possible. At the same time they are reducing the operational overhead and interacting more programmatically with the environment.

When we look at the work VMware is doing with Pivotal Container Service we believe this is the right direction but we think that the key is really enhanced automation for DevOps. One of the challenges that was pointed out, is that while customers are successfully deploying Kubernetes systems for their container development, production operation can be a struggle. Often the environment gets locked in stasis because the IT team is wary of upgrades in a live environment.

At Embotics we are all about automation. With our vCommander product we have have a lot of intelligence that we can use to build a sophisticated level of iterative automation. So let's take that challenge and let's think about what would be needed to execute a low risk DevOps migration. You would probably want to deploy the new Kubernetes version and test it against your existing set of containers. This should be sandboxed to eliminate the risk to production, validated and then the upgrade should be fully automated.”

Scott proceeds to demonstrate a beta version of Embotics Cloud Management Platform 'CMP 2.0" automating these exact set of steps across a Kubernetes environment and then rolling the changes forward to update the production environment.

“I think fundamentally we can deliver true DevOps, speeding up release cycles, delivering higher quality and providing a better end user experience. In addition we can automatically pull source code out of platforms like Jenkins, spin up instances, regression test and validate. The test instances that are successful can be vaporized, while preserving the ones that are not so that the issues can be remediated.

We are rolling this out In a set of continuous software releases to our product so that as customers are integrating Containers, the Embotics 'CMP' is extended to meet these new use-cases.

We realize as we collect a number of data points spanning user preference, IT specified compliance rules and vCommander environment knowledge across both enterprise and hyper-scale targets like Azure and AWS that we can assist our customers with intelligent placement suggestions.”

Scott switches to a demo in which the recommended cloud target is ranked by the number of stars in the beta interface.

“We are building it in a way that allows the customer to adjust the parameters and their relative importance so if PCI compliance is more important they can adjust a slider in the interface and our ranking system adjusts to the new priority. Things like cost, compliance can be set to be both relative or mandatory to tune the intelligent placement according to what the customer views as important."

Clearly Embotics is making some innovative moves to incorporate a lot of flexibility in their CMP platform. Looking forward to seeing these releases in the product line with cross cloud intelligence for containers and placement.

VMworld 2017: Interview with Zerto’s Don Wales VP of Global Cloud Sales

It is a pleasure to be here with Zerto's, Don Wales the Vice President of Global Cloud Sales at VMworld 2017. Don this is a big show for Zerto, can you tell me about some of the announcements you are showcasing here today?

"Sure Paul, we are extremely excited about our Zerto 5.5 release. With this release we have introduced an exciting number of new capabilities. You know we have many customers looking at Public and Hybrid Cloud Strategies and at Zerto we want them to be able to leverage these new destinations but do so in a way that is simple and straightforward.  Our major announcements here are our support for Fail In and Out of Azure, Increase AWS capabilities, Streamlined and Automated Upgradability, significant API enhancements and BI analytics.  All these are designed for a much better end-user experience.

One piece of feedback that we are proud of is when customers tell us that Zerto does exactly what they need it to do without a heavy engineering cost for installation. You know Paul when you think about taking DR to a Cloud Platform like Azure it can be very complex. We have made it both simple and bi-directional. You can fail into and out of Azure with all the capabilities that our customers expect from Zerto like live failover, 30-day journal retention and Journal level file restore.

We also recognize that Azure is not the only cloud target our customers want to use. We have increased the recovery times to Amazon Web services. We have improved the performance and it our testing we have seen a 6x improvement in the recovery to AWS. Zerto has also extended out support to AWS regions in Canada, Ohio, London and Mumbai.

All this as well as continuing to enhance the capabilities that our traditional Cloud Service Providers need to make their customers experience simple yet powerful."

Don, with your increased number of supported Cloud targets and regions how do you ensure your customers have visibility on what's going on?

Paul we have a SaaS product that allows our customers complete visibility on-premise and in public clouds called Zerto Analytics. It does historical reporting across all Zerto DR and recovery sites.  It is a significant step forward in providing the kind of Business Intelligence that customers need as their environments grow and expand.”

Don these innovations are great, looks like Zerto is going to have a great show. Let me ask you when Don's not helping customers with their critical problems, what do you do you unwind?

“It’s all about the family Paul. There is nothing I like better than relaxing with the family at home, and being with my wife and twin daughters.  One of our favorite things is to spend time at our beach house where our extended family gathers.  It’s a great chance to relax and get ready for my next adventure.” 

Many thanks for the time Don, it is great to see all innovations released here at VMworld 2017

Friday, September 1, 2017

VMworld 2017: Interview with Crystal Harrison @MrsPivot3

I had the pleasure of spending a few moments with Crystal Harrison, Pivot3’s dynamic VP of product strategy “@MrsPivot3”.

Crystal, I know Pivot3 from the innovative work you have been doing in security and surveillance. How has the interest been from customers in the move to datacenter and cloud?

“You know with the next generation release of Acuity, the industry’s first priority-aware hyper converged infrastructure “HCI” the demand has been incredible. While we started with 80% of the product being applied to security use cases we are now seeing a distribution of approx. 60% applied to datacenter and cloud with 40% deriving from our security practice. This is not due to any lack of demand on the security side it is just the demand on our cloud and datacenter focus has taken off with Acuity.”

We are pushing the boundaries with our HCI offering as we are leveraging NVM Express “NVMe” to capitalize on the low latency and internal parallelism of flash-based storage devices. All this is wrapped in an intuitive management interface controlled by policy.”

How do you deal with tiering within the storage components of Acuity?

Initially the policies manage where the data or instance lives in the system. We have the ability to dynamically reallocate resources  in real-time as needed. Say for example you have a critical business application that is starting to demand additional resources, we can recapture it from lower priority and policy assigned workloads on the fly. This protects your sensitive workloads and ensures they always have what they need.

How has the demand been from Cloud Service providers?

They love it. We have many flexible models including pay-by-the-drip metered and measured cost models. In addition the policy engine gives them the ability to set and charge for a set of performance based tiers for storage and compute. Iron Mountain is one of our big cloud provider customers. What is really unique is because we have lightweight management overhead and patented Erasure coding you can write to just about every terabyte that you buy which is important value to our customers and service providers.

Crystal, it really sounds like Pivot3 has built a high value innovative solution. Getting away from technology, what does Crystal do to relax when she is not helping customers adopt HCI?

My unwind is the gym. After a long day a good workout helps me reset for the next.

Crystal, it has been a pleasure, great to see Pivot3 having a great show here at VMworld 2017.

Thursday, August 31, 2017

VMworld 2017: Dr. Peter Weinstock, Game Changer: Life-like rehearsal through medical simulation

Dr. Peter Weinstock is an Intensive Care Unit physician and Director of the Pediatric Simulator Program at Boston Children's Hospital/Harvard Medical School.

Peter wants to talk about game changers in medicine. Peter looks after critically ill children and is interested in any advance that helps his patients. Peter references a few game changes in medicine such as antibiotics. Antibiotics were discovered in the 1800s. With the discovery we were able to save patients that we could not before. Another game changer was anesthetic which allows us to deliver surgeries that were not possible before.

A game changer moves the bar on the outcomes for all patients. Peter’s innovation is Life-like rehearsal through medical simulation.

The problem in pediatrics is that the exception of medical emergencies do not happen often enough to perfect the treatment and approach to them. Medicine is also an apprentice program in which we are often practicing on the patients that we are treating.

In other high stakes industries simulation and practice are foundational. Take for example the airline industry. In the airline industry when they looked at bad outcomes it was often the lack of communication in a crisis. The medical industry is not immune to these freezing or lack of interaction with the whole team. Airline simulators are used to help the cockpit crew to practice interaction and approach to various emergencies.

So how do we take these methods to the medical industry? In Boston they have a full 3D simulator so the team can practice before the actual surgery. Through 3D printing and special effects typically found in the movie industry they are able to recreate surgery simulators using incredible authenticity.

Prior to this one of the real surgical practice techniques involved making an incision on an actual pepper and removing the seeds. By creating a simulation we are able to practice and drill by leveraging techniques common in other high risk industries in the medical field. Pictured below is Peter with one of the medical simulators, notice the realism.

simulator

We do not stop at simulation; we also look at execution. Adopting the team approach used in formula one pit crews for quick efficient focused effort and communication we drill the team.This enables our surgical team to reach a level of efficiency not previously possible. This is a game changer in the medical field.

VMworld 2017: Raina el Kaliouby of Affectiva and Emotional AI

Raina el Kaliouby (@kaliouby) co-founder Affectiva takes to the stage.
affectiva
Affectiva’s vision is that one day we will interact with technologies in the way we interact with people. In order to achieve this technologies must become emotionally aware. This is the potential for emotional AI enabling you to change behavior in positive ways. Raina mentions that today we have things like emoticons but that these are a poor way to communicate emotions. They are all very unnatural ways to interact. Even with voice AI, they tend to have allot of smarts but no heart.
Studies have shown that people rage against technologies like Siri because they are emotionally devoid. There is also a risk that interaction with emotionally devoid technology causes a lack of empathy in human beings.
Affectiva’s first foray was to use wearable glasses for autistic people to provide emotional feedback on human interactions. Autistic people struggle to read body queues. They are now partnering with another company to make this commercially available using google glass.
Raina’s demo shows the technology profiling facial expressions in real-time. They do this by using neural networking to feed 1000s of facial expressions to the AI so that it can recognize different emotions. They now have the largest network of facial recognition data. The core engine has been packaged as an sdk to allow developers the ability to add personalize experiences to there applications.
Some of the possible use cases are personalizing movie feeds based on emotional reaction. Another use case is for autonomous cars to recognize if the driver is tired or angry. They have also partnered with educational software companies to develop software that adapts based on the level of engagement of the student.
The careful use of this technology has been why Affectiva has created the Emotion AI Summit.  The Summit will explore how Emotion AI can move us to deeper connections with technology, with businesses and with the people we care about. it takes place at the MIT Media Lab on September 13th.

VMworld 2017: General Session Day three: Hugh Herr MIT Media Lab Biomechatronics

Hugh Herr (@hughherr) takes the stage and mentions that prosthetics have not evolved a great deal over the decades and are passive with little innovation. Hugh Herr mentions that he lost both legs from frostbite iin a mountain climbing accident in 1982. During the postop, Hugh mentioned that he wanted to mountain climb and was told it would never happen by the doctor. The doctor was dead wrong. He did not understand that innovation and technology is not static but is transient and grows over time.

hugh

Hugh actually considered himself lucky as because he was a double amputee he could adjust his height by creating prosthetics that were taller. Hugh references the Biomechatronics limbs he is wearing on stage which have three computers and built in actuators. Hugh’s passion is running the Center for Extreme Bionics. Extreme Bionics is anything that is designed or implanted into the body that enhances human capability.

Hugh explains that when limbs are amputated surgeons fold over the muscle so there is no sensory feedback to the patient. Dr. Hugh and team have developed a new way of amputating. The new ways has surgeons create a little joint by ensuring there are two muscles working to expand and contract. With this new method the patient can ‘feel’ a phantom limb. By adding a simple controller you can track sensory movement that can be relayed to a bionic limb.

What they learned is that if you give the spinal cord enough information the body will intrinsically know how to move. But what about paralysis? The approach right now is to add a cumbersome exoskeleton to enable the ability to move. Work is being done to inject stems cell into severed spinal cord with the results being an incredible return of mobility.

Dr. Hugh and team are testing crystals embedded in muscles to relay information along with light emitters to control muscles. In this way they can build a virtual spinal column of sensors enabling mobility that was once considered impossible.

Hugh mentions that they are going to advance from their current foundational science in Biomechatronics to eliminate disabilities and augment physicality. It is important that we need to develop policies that govern the use of this technology so that it is used ethically.

Wednesday, August 30, 2017

Transforming the Data Center to Deliver Any Application on Any Platformwith Chris Wolf @cswolf

It's not just about Cloud, it's also about bringing services to the edge. Why does the edge matter? Well your average flight, if it is using IoT is generating 500 GBs of data per flight. How do we mine that data when we are turning planes around so quickly? This is creating a huge pull for the edge. Edge mastery is a new a competitive advantage. 


VMware is focused on Speed, Agile, Innovation, Differentiation and Pragmatism. VMware also realizes that hyper scale cloud platforms are not right for every use case. Public Cloud provides great speed but it is sticky. For application agility on Public Cloud there is a tendency for operational drift. VMware's approach is to have globally consistent infrastructure-as-code.

Nike is showcased for how they leverage NSX. They leverage NSX to securely deploy development environments. In addition they run a true hybrid environment and run services in Azure and AWS. They are looking at VMware AWS Cloud to shutter a legacy datacenter and move it wholesale into an AWS region in the West and then likely migrate it the eastern region to move it closer to dependent applications reducing overall latency.

To get those new cloud capabilities you need to be current. You can buy this with VMware Cloud Foundation because the lifecycle upgrades are managed for you. Yanbing Li takes the stage to talk about vSAN 6.6 which has just been recently released. Hyper-converged infrastructure "HCI" really breaks down the silo's within the datacenter. Three hundred of VMware's Cloud Service Partners are leveraging vSAN in their datacenters today. VMware is seeing customers using vSAN to save costs to fund their SDDC initiatives. vSAN has hit an important milestone with 10,000 customers.













Tuesday, August 29, 2017

Great Q&A with Pat Gelsinger, CEO of VMware and Andy Jassy, CEO of AWS Cloud Services

Great Executive Q & A with Pat Gelsinger CEO of VMware, Andy Jassy CEO of AWS Cloud Services and Sanjay Poonen COO of VMware 



Question from press core: "In the General Session, VMware's strategy was consistent infrastructure and operations, what does VMware mean by the term consistent infrastructure?"

Pat "There are 4400 VMware's vCloud Air Network "vCAN" partners providing Public Cloud Services to our customers. With the AWS partnership, customers can extend services to Amazon. This is all done leveraging VMware's management tools. It is this consistent infrastructure and operations that we were discussing in the general session. In addition we are developing other cloud services but these are likely to come to market as 'bit size' services to solve a particular challenge. We believe this approach makes it easier for customers to adopt."

Michael "VMware has 500,000 customers that the services being developed by VMware are directly applicable to which is a huge portion of the market." 

Question from Paul O'Doherty @podoherty. Public Cloud gets sticky with server less architecture while VMware is really focused on the infrastructure; are you discussing other areas where  VMware can add value to an Amazon and can you elaborate?

Pat "Well what we have announced today is a very big achievement but it really has kicked off an extensive collaboration involving a huge portion of the engineering talent at Amazon and VMware. While it would be premature to talk about anything at this point, we expect today's announcement to be one of many moving forward with Amazon."

Question from press core: "If in the new Cloud economy it is all about the apps, then it would seem that the partnership favours Amazon over the long term; can you comment?"

Pat "At VMware we do not see it that way. This is an opportunity for VMware to continue to add value as a part of a strong and ongoing partnership. When you think about moving applications to the cloud, often this involves some heavy engineering. Refactoring or Re-platforming an application, if it is not essentially changing does not add a significant amount of value. This set of services announced today adds a lot of value to our customers. Today VMware is providing management and metrics to applications but this is also the start of a joint roadmap with many more products and announcements that will be more app orientated"

Question from press core: "What is the benefit from the partnership from Amazons perspective?"

Andy: "Everything that we decided to pursue was not lightly considered. What carries the day is what customers want from us. When we look at the adoption of Public Cloud, enterprise is still at the relative beginning of their journey with some notable exceptions. Most are in the early days of their journey. When we spoke to customers about their Cloud Strategy we were asked "Why are you not working with VMware?" It really was the impetuous for these discussions. Customer feedback and excitement is tremendous around this partnership."

Question from press core: "As customers are heavily penalized for egress traffic from Public Cloud, are there any concerns that this on-boarding tends to flow one way around the VMware and Amazon partnership?"

Andy: "For customers who are serious about the adoption of a hybrid cloud platform, while egress traffic is a consideration, it is not a roadblock in the adoption."

Pat:"I do see customers also approaching architecture a little differently. For example now they have to build for average and peak load in a single environment. With a true hybrid platform it is possible to build for average workload while leveraging AWS for peak capacity demand"

AWS Native Services Integration with VMware Cloud on AWS with PaulBockelman @boxpaul & Haider Witwit

VMware Cloud on AWS has a tremendous amount of capabilities. This session will focus on some of the ninety "90" services available through VMware Cloud on AWS. We will start with a recap on VMware Cloud on AWS and then look at a sample use-case. The three core services within VMware Cloud on AWS are vSphere on bare metal, NSX and vSAN. This allows you to extend your enterprise the data enter. It integrates through link mode in vCenter as a separate site. In addition you have access to AWS integrations like CloudFormation templates.

For every customer, they get there own account with single-tenant dedicated hardware. The deployment is automated and stood up for you and takes approximately two "2" hours. The minimum configuration is a four "4" node cluster. It is connected to an AWS VPC through a NSX compute gateway. VMware recommends that you configure CloudWatch for monitoring your endpoints. The services on the left "VMware cluster" can connect directly to services on the right "AWS VPC".


This allows you to create integrated architectures in which some components live in the VMware SDDC along with native AWS services like AWS Storage Gateways, EC2 instances, AWS Certificate Manager and CloudWatch. In addition you can blend both server-less architectures like Lamba and the VMware SDDC. 

A sample architecture with documentation and its integration points can be found at the following links:

http://demo1-app1.vmw.awsdemo.cloud/
http://demo1-app2.vmw.awsdemo.cloud/ 




NSX & App Defence: Transform Network Security with MilinDesai @virtualmilin posted by @podoherty

This session will focus on transforming network and security. Christopher Frenz from Interfaith Medical Center starts with the message that healthcare is a target because healthcare records can be used for identity theft. Combine this possibility with an environment that has a lot of legacy applications and you have a very difficult environment to protect. In addition, Medical tends to keep their devices for an extended period of time. For example, wannacry infected a large number of medical devices in the healthcare industry in the US.

One of the misconceptions is that compliance equals security when it should not. Often compliance requirements are dated and should really be viewed as a lowest common denominator. In looking at the challenges in Interfaith's environment they realized that a lot of attacks happened through lateral movement. By leveraging NSX they were able to move to a zero trust environment. Currently VMware has 2,900 customers using NSX.

In adopting NSX, they started with their core network services like DNS because the protocols were understood and easy to configure policies on. From the general widespread services, they went up the food chain to more specialized systems. They are now looking at AppDefense to add an additional level of security beyond creating a zero trust environment. This is part of a more comprehensive defence in depth strategy that they are applying.

AppDefense captures the behaviour of the application as the hypervisor sees all activity related to the virtual machine. In addition, provisioning and application frameworks are queried to understand additional information. Then the virtual machine is profiled to ensure there is a complete understanding of the behaviour of the VM. What you wind up with is a very small number of components that need to be validated. These become the manifest that determines purpose of the VM and what applications are served from it.

AppDefense monitors the guest in realtime against the manifest. This is the AppDefense monitor. If we get a signal of that what is running is not intended you have the option of determining what you want to do. This is done through a response policy.

Centene is invited on stage to delivery there story. In order to make forward progress the customer created a separate Cloud team. While they new the technology they were interested in they could not make progress in the old model. They dedicated a team of four "4" architects and one engineer to be fully focused on Cloud services. There mantra was to ensure everything they delivered to the business was completely automated. To achieve their goals they deployed vRealize Automation along with NSX with a heavy focus on security policies. 






General Session Day Two with Pat Gelsinger, Micheal Dell and Ray O'Farrell

Pat welcomes the audience and calls Michael Dell, CEO of Dell Technologies onto stage. It is a bit of a fireside chat with a number of questions from the audience. 

The first question was a concern on VMware support to which Pat mentions VMware Skyline which provides proactive and predictive support to their customers.

The next question is VMware & Dells plan around IoT and Big Data. Michael mentions that Digital transformation is a CEO level discussion and concern. If you are not looking at how you use data to enhance your business you are doing it the wrong way. Dell and VMware have been reimagining their products to take advantage of IoT and Big Data while addressing both their larger and SMB markets and supporting their partners. The focus is on making the VMware ecosystem even more open moving forward through products like VMware Pulse IoT Center.

The final question is around the synergies between VMware, Dell and EMC. Michael mentions that the more they do together the better things get. For every product release the integration gets deeper, however it is being done in a way that supports the ecosystem of partners. Michael mentions the innovation being done by customers in leveraging containers to drive their business.

Rob Mee, the CEO of Pivotal is introduced and he mentions that they have been partnering to build Kubo which is open-source. Rob then announces, Pivotal Container Service "PKS" which includes kubernetes, Pivotal and NSX as s single product. 

Sam Ramji the VP of Google Cloud Platform is introduced to speak containers. Google has  been running at the containers at scale for sometime. Google sees container adoption skyrocketing. Sam believes "PKS" is important as it enables a hybrid infrastructure for running containers. It enables customers to put containers where they need them with support from Google and VMware.

Ray O'Farrell the CTO of VMware is introduced. VMware has a few guiding principals, like having the most modern infrastructure possible. VMware also wants to be pragmatic in how we develop product so we want to maintain the operational aspects of those products. As customers have asked for new models, VMware now has SaaS products.

Ray begins with a fictitious company "Elastic Sky Pizza"Z. They need to undergo a digital transformation.  The company integrates cloud foundation with AppDefender, vRealize Suite and VMware Cloud on AWS. When we think about our options, Public Cloud is great for getting things done quickly. VMware infrastructure can provide consistent experience by having a consistent environment.



The last piece of the puzzle is to layer VMware AppDefense for security. A demo is shown of the dashboard which shows a sample application with the known good behaviours. Once we have identified all the good behaviours and turn on the rules we know the application is protected.

vRealize is shown with the integrated AWS cloud connection. The demo shows deploying a SDDC in AWS which is easy with the vRealize Operations console. The four "4" node cluster will take approx. two "2" hours to deploy. In addition you can set thresholds for adding additional hosts depending on utilization. 

vRealize Network Insight is shown which color codes the complexity of the application depending on the total traffic flows. Green indicates an application with mostly contained network flows. The application is selected for migration and vMotioned into the AWS Cluster.

The demo moves to the "PKS" dashboard. The demo goes through the wizard interface for creating the kubernetes cluster. The credentials are then shared with the developers. The developer is then able to use native commands to interact with the environment. The last bit of the demo shows the NSX security wrapped around the container networks.

The VMware Cloud Services are promo'd


  1. VM Automation - provides cloud agnostic blueprint for deployment in any hyper-scale cloud provider. 
  2. VMware NSX Cloud - AWS instances are shown through the interface which provides a consistent view of all the networking
  3. Wavefront - Wavefront measures the KPIs for the application and infrastructure, thinks VMware Log Insight in the cloud. 
  4. Workspace ONE Mobile Flows - Mobile Flows allows you to automate business processes by using automated workflows

VMware Pulse IoT Center is the last topic that the team is covering. Pulse IoT Center can manage from your gateway to your things. It will manage from the gateway devices out to the sensors and machines. The technology is based on components from vROPs and AirWatch.
















Monday, August 28, 2017

VMworld 2017: Delivering New User Experiences with Digital Workspaces with Sumit Dhawan

Sumit Dhawan @sumit_dhawan, the SVP of EUC mentions that VMware worked hard with partners like Apple, Google and Amazon to deliver a massive amount of innovation this year. If you think about cost, it can only be controlled by standardizing. While we may have control over PCs, Mobile and Cloud, we lack control holistically. If we look at the technologies that are coming to the 'Cloud-to-Edge' like the Internet-of-Things "IoT" this is only going to compound.

If you look at modern OSes like Apple, Android and Windows 10 they all offer APIs for management. Securely communicating using these APIs to the device allows you to provide context. If you pair this with identity then you begin to understand the application profile of the user. Workspace ONE brings identity and context together in a unique way.

From a management perspective, IT also wants to ensure compliance of all these devices. Within Workspace ONE VMware has created a digital contract between the IT team and the users. Workspace provides one place for the management of all devices. Workspace ONE can be extended for various use cases which will now be demo'd.

Shawn Bass "@shawnbass", the CTO of VMware's EUC platform is introduced onto the stage. Shawn keys the demo which will demonstrate Windows 10 management via AirWatch. Jason Rosak "@Jasonrosak" the director of product management explains the demo.

Jason mentions how time intensive the traditional approach of imaging then deploying a desktop is compared to mobile device setup. The demo shows an intuitive setup process with Windows 10 being managed by AirWatch and deploying applications via policy. 

While this deals with the day one setup issues, it does not deal with application delivery. Shawn announces a new integration for delivering large application package without having to deploy branch office deployment services. Users are able to self-serve their applications and threw  network bandwidth harvesting technology running in the background localized deployment points are not required. In addition,the demo shows the patch enforcement ability through workspace ONE. 

Dan Quintas the product manager for Mac integration is introduced. VMware has simplified the deployment of macOS Sierra. The demo shows a bunch of new bootstrap tools to deploy  applications on a MacBook. Workspace ONE has native support for Mac. The demo shows Visio working on the Mac leveraging Horizon using the advanced windowing capabilities. This delivers a seamless experience to the MacBook.

VMware is the first to provide comprehensive Chrome management support. This includes the ability to provide a managed Google Play environment on the Chrome book with the applications curated by the admin team.

Dell is brought onstage to announce Dell EMC VDI Complete which are fully packaged solutions for as low as $7 USD/user/month (Previously announced at Dell EMC World). In addition Horizon Cloud can now deliver support on Azure. A demo is shown in which the Horizon Cloud is used to add an Azure Region. Once done, the Horizon Cloud pairs with the Azure Region. The next step is to upload your image and configure your farm. You can then entitle applications from within Horizon Cloud to your Azure Horizon environment. You can pair your Azure subscription cost with a 8$ USD/user/month for the Horizon Cloud option.

Workspace ONE intelligence is announced which allows you to leverage analytics to apply patch and remediation policies to avoid things like the wannacry exploits. 

A technology preview is announced of Mobile Flows which allows workflows to be integrated into the email requests. A demo is shown with Mobile Flows integrated into the VMware boxer email client. Mobile flows will extend across a wide range of applications and cloud platforms.


.




VMworld 2017: VMware Cloud Services presented by Guido Appenzeller Chief Strategy Officer


67% of VMware customers forsee an end state where they rely on multiple clouds. If you are running in multiple clouds a key consideration is vendor lock-in. This creates silos of different ways of defining policy, firewalls etc with little portability between them. 



VMware Cloud Services is about creating a cloud agnostic, cross cloud management solutions. The current product portfolio consists of the following service offerings:

Discovery - gives you a central database of all services you are consuming between clouds; VMware, AWS and Azure for example. In addition you can tag them.
Cost Insight - allows you to analyze and compare cloud spend, find savings opportunities and the cost of services to the business.
Network Insight - is now offered as a cloud service. It takes data points across your enterprise or AWS and allows you to run analyzes on them. VMware found customers using this information to plan application migrations to understand the interdependencies 
Wavefront - allows you to take real-time monitoring analytics to the cloud to provide visibility on application health
NSX Cloud - the SaaS version of NSX; you go online, request a new cluster from AWS which is deployed (Note: at this time this service is only available on Amazon)

These services have been built on the AWS Cloud. Pricing is available on http:/cloud.vmware.com . There are two costing models, pay-per-use or prepaid for one to three years.

VMworld 2017: VMware AppDefense with Tom Corn,SVP Security Products


VMware AppDefense is about detecting attacks and automating and orchestrating the response. In addition there is a significant focus on allowing partners to integrate in VMware's AppDefense framework because of the unique visibility VMware has.



If you think about it, we are trying to protect an application which is a distributed system. So how do we understand the application beyond just a collection of infrastructure. VMware is not a security company, however we are focused on Secure Infrastructure. We asked, can we understand the application and create lease privilege on a network so that only the components that should speak together do? Compute really is an enormous attack platform so we are reducing it with AppDefense. The last piece is can we architect in third party security products by giving them context they would not ordinarily have?

Micro segmentation from NSX is ofcourse a perimeter piece of this. It allows us to draw a logical boundary. AppDefense is looking within these boundaries to understand if there is any behaviour that is deviating from the purpose of the VM. The model today is always chasing bad behaviour while we are focusing on chasing good because it is more efficient and cost effective

Step one, is to capture what the VM should be doing; then monitoring against a manifest and then the third piece is a library of responses that can be automated. We are leveraging some unique capabilities with virtualization. We capture by plugging into vCenter and then crawling through the provisioning systems. This is already there in systems like Puppet, Chef and vRA, its just customers are not mining the data. We can go a level deeper looking at processes as will with technologies like Jenkins.

Once Step one is done we trigger the monitoring element so that there is a learning element. We leverage Machine learning to understand the delta's between what was done in provisioning and what is contained within the application instances. The end result is the application scope or manifest is created. In the manifest we understand that this is what this VM should do and these are the processes that do it. The manifest is maintained through updates and patches.

Step Two is about how we Detect. VMware at the virtualization level can monitor outside the guest vs a traditional approach where you have to be on the wire. In Step three, uncharacteristic behaviour triggers a set of reactions such as snapshot or VM isolation controlled by policy. What do you want to happen if something happens that is not good behaviour?

This allows us to have security that responds in the same time factor as the attack. Typically security is a partnership between security and infrastructure. AppDefense is a partnership between the security and application team. 

In addition, there is a mobile app that gets installed so that any processing on the application can be sent directly to the application team for response and clarification. This allows the application team to partner in profiling the application. Remediation an attack is a lot easier to do because rather than sifting through tens of thousands of security exploits we monitor a few expected good behaviours. When it changes the system reacts.

The secret sauce is the ability to peer into the guest, which requires a component that runs in the guests kernel. This opens up the opportunity to run this on non-virtualized application components.

VMworld2017: General Session Day One with Pat Gelsinger

VMworld's theme for 2017 is "Great Technologists Solve Problems, Great Innovators Create opportunities". 

Pat Gelsinger the CEO of VMware takes the stage. Pat says we have reached an interesting moment were science fiction is becoming science fact. Pat mentions the work being done to genetically modify mosquitoes to fight the Zitka virus. We see this across all industries; tech driven models changing traditional models. He sites the milestone example of digital media surpassing all other traditional forms of media this year.


Pat calls out healthcare and retail as industries that are ripe for change. In each one of these however we are seeing creative destruction in the way work is being done. Fundamentally this is about the apps. VMware's vision of the digital workspace is Any Device, Any Application,Any Cloud with integrated security. In the application world it is still complex and messy. VMware's strategy is to bring it all together in Workspace ONE.

Workspace ONE has three elements: Apps and Identity management, Management and Security across Desktop and Mobility. Today VMware is announcing a partnership with HP. Dion Weisler president and CEO of HP is introduced and mentions that Workspace ONE will be a key component of their managed service offering.

Pat mentions that VMware Cloud Foundation 2.2 is being announced at that show. A key piece of this hyper-convergence is vSAN. This solution is also included in VXRack and VXRail. Pat spends a few moments talking about vSphere 6.5 enhancements which we will cover later in our blog postings.

The physical world meets the digital at the Cloud-to-Edge. VMware announced pulse IoT as VMware's Internet of Things solution in this space (see more here: https://blogs.vmware.com/pulseiot/2017/05/09/introducing-vmware-pulse-iot-center/)

Andy Jassy @ajassy the CEO from Amazon Web Services joins Pat on stage. Andy talks about the integration they have been working on with VMware to remove the binary decision customers are faced with; either VMware or AWS for management. Andy mentions that if a customer can run the same set of management tools both in the enterprise and in AWS it is very cost effective. Some notable early adopters are Moody's financial and Ricoh.

VMware Cloud Services now extend across Private to AWS and IBM Softlayer Public Clouds. These will be extended to Azure and Google Cloud Platform as well. The VMware Cloud strategy is to deliver consistent infrastructure, operations, a rich network of partners and IT agility to its customers.

Pat changes the focus to networking and NSX. VMware sees NSX as the universal connector for all hybrid technologies.  They will extend NSX to public clouds and container platforms which will be a major focus in tomorrow's general session.

Over 100 Billion dollars is being spent on security however it is inordinately complex. VMware believes that security should be native to the infrastructure however the context, automation and policy must be included. VMware sites the five "5" pillars of cyber hygiene 

Least Privilege 
Micro-segmentation
Encryption
Multi-Factor Authentication
Patching

VMware introduces VMware Appdefence. Appdefence is enabled through the VM manifest so that the instance understands what a 'good' state is. The VM monitors its own behaviour to determine when it starts behaving badly and automates the remediation through things like segmentation and honey potting. Appdefence applies these base cyber hygiene elements and manages them at the infrastructure layer. Partners such as IBM are working with VMware products like QRadar to integrate them with VMware Appdefense.





Thursday, August 24, 2017

Excitement in Vegas #VMworld #mayweathermcgregor @podoherty

Well after the excitement last evening of the Mayweather and McGregor fight things are building in Las Vegas for VMworld 2017. Very happy to be covering the event with the press core this year on behalf of both VMware and Long View Systems and virtualguru.org. For a great play-by-play of the fight head on over to @MMAJunkie Twitter feed.

It was a good fight with McGregor taking it to Mayweather in the first three rounds. Alas for the Irish it was not to be. Weathering (pun?) the first three rounds, Mayweather pressed the attack while McGregor lost steam. The fight was called in the 10th with Mayweather the victor. McGregor represented himself well in the bout so proud to stand infront of the Irish, respect.


One of the themes at this years VMworld 2017 is 'be a game changer'. Well we almost had one last night so looking forward to the event to see what new announcements are in store. It will be an important year for VMware as going into the show attendance expectations seem lower than in previous years. VMware had staked out some important territory in Cross-Cloud management and also is looking to enhance their security profile with some new announcements at the show. Looking forward to having the opportunity to explore how the company is doing on this important transition in the analysts sessions this year.


Thursday, May 25, 2017

What do I need to consider when integrating Public Cloud? The Hybrid Conundrum: Part 2

Integrating a Public Cloud option into your Enterprise environment is not unlike integrating a new datacenter. Lighting up a new datacenter requires certain components to be in place before services are available. For example; core services such as networking, interconnectivity and Active Directory and Role Based Access Control “RBAC” should be reviewed and configured. RBAC determines who is able to access the environment and what they are able to do. In our discussions with customers we call these Public Cloud Foundational services.

While this is a very simplified list, it can be complex. For example consider backup, DR and monitoring when building a Hybrid environment. Often we have very established ways of doing these things in the enterprise and ideally a single framework for management. Public Cloud Providers offer alternatives to these Enterprise solutions that are optimized and tightly integrated into the platform. For example: does it make sense to apply your same standard backup solution to workloads in the Cloud or should you consider the Public provider alternative?

Once the foundational services are in place, you are ready to consider the migration. Migration to Public Cloud is a little different than “Lifting and Shifting” a workload. In Enterprise virtualization environments, the infrastructure looks after the application resiliency. In Public Cloud the application architecture needs to manage resiliency and availability of the app. This means that each individual application is its own micro-architecture. While you may be able to lift and shift some workloads, others may need to be redesigned into the Public Cloud.

Failure to carefully consider  the migration approach may lead to decreased availability of the application in the Cloud. For example, Azure has a Service Level Agreement of three 9’s (99.9 percent uptime) based on an Availability Set in Infrastructure as a Service “IaaS”. An Availability Set consists of two or more virtual workloads running on separate host hypervisors. When Microsoft patches the host hypervisors they guarantee that they will not reboot the virtual workloads at the same time to meet the SLA. If you are running on a single instance however you will experience outages.

The number of applications that will need re-architecting can have a dramatic impact on your migration timeframe. Understanding the percentage of applications that you have that are truly Cloud ready allows you to create two migration streams. One that moves quickly with the ideal Cloud candidates and the other that reviews whether the application should be replaced, re-architected or perhaps remain in the enterprise environment.

The key to success is in placing the applications in the environment that delivers the best business value. As the environment will be a hybrid of enterprise and public, it is more important to align them then it is to move them to cloud for the sake of moving them. Surprisingly, while obvious, many strategies often take an all or nothing approach. The “We are moving everything to Cloud” mantra should be “We are Cloud enabling our core business applications while maintaining others in the Enterprise”.

In the next post we will have a brief look at the operational and management considerations pre and post migration.

Tuesday, May 16, 2017

What do I need to consider when integrating Public Cloud? The Hybrid Conundrum: Part 1

Having worked through these challenges with various customers, I thought it would be a good idea to share. When integrating Public Cloud there are a number of “should and should not's” that warrant some consideration.

Perhaps the first and foremost is what goes where? Private, Public or managed by a 3rd party? For those of you who remember the early days of virtualization you likely remember capacity assessments which described what was needed to virtualize a set workload. While the information required has changed, the process is very similar. Today’s assessment software from vendors like Cloudamize take a similar workload assessment approach but provide a different set of outputs that are important to Cloud.

Optimizing the workload is still very important as even with virtualization we tend to over assign resources. In Public Cloud every excess is a price point so right sizing performance has a direct association to the cost. In addition, in Public Cloud when you build a virtual instance it is a layering of components that each have a specific performance characteristic. For example, in Public Cloud you have different storage performance tiers on which to add different virtual instance classes that are predefined with a set number of CPUs and memory configuration. Building without performance input leads to virtual instances that may under perform or cost to much.

Because Virtual instances are sold by certain T-Shirt sizes or classes in Public Cloud, having a tool like Cloudamize to translate from a VMware VM to an Azure Virtual instance class can be a great starting point. One of the other characteristics of Public Cloud providers is while they are very accommodating of ingress traffic (traffic coming in) they typically charge for most egress traffic (traffic coming out).

If we think of our business applications as a bunch of chatty VMs it is important to know who is talking to who. This allows us to ensure that all application interdependencies can be migrated together. This cuts down on the cost and flow of egress traffic between the Public Cloud and the Enterprise datacenter. This is another capability of a good assessment tool; the ability to identify related application traffic flow between a group of VMs.

Having a look at the relationships between the VMs and applications allows us to consider whether it should run in the Enterprise or on Public Cloud. Often this requires a look at the empirical data along with some reasoning. For example, if I have a legacy application that I will continue to use until I cutover to a new Cloud based application, should I migrate it to Public Cloud? If I have VMs providing backup services in the Enterprise should these migrate? What order and what things do I need in place for the actual migration? We will have a look at these more carefully in my next post @podoherty.