Archives for January 2012

New HP Service Pack for Proliant Released

One of the challenges with managing a lot of virtualized HP servers is firmware updates. Unlike Windows or Linux hosts where you can perform relatively simple on-line updates, ESX(i) hosts must be done offline. Traditionally you boot from the HP Firmware DVD and apply the updates. The update process was painfully slow, would sometimes freeze, and wouldn’t always get all updates applied on the first past. In addition, HP releases firmware updates so regularly that it’s hard to keep pace. The smart array controllers have had more critical updates than I can count.

Today HP launched a radically new update product based on HP Smart Update Manager 5.0. It promises “vastly improved update speeds” for HP blade systems, new GUI, and online updating of QLogic HBA firmware. It’s the HP Service Pack for ProLiant 2012.01.0 and you can download it here.

You can “burn” the ISO to a USB stick for faster booting, by using the HP USB Disk tool found here. If you use HP servers, now is the time to download the new update ISO and try it out. Firmware updates, particularly for blade systems, are critical for system stability, security, and avoiding unplanned downtime. At least twice a year you should review the lastest HP firmware updates and see if they apply to your environment, then schedule their deployment.

VCP5 Upgrade Deadline Looms

For those of you that have a VMware VCP4 and want to take the VCP5 exam without additional classroom training requirements, your time is short! February 29th, 2012 is the last day you can take upgrade exam. For some good study material, I recommend the vSphere Resource Kit site. It has a great interactive VCP5 practice exam. Is it worth the nominal fee? Yes!

VMware does have a 7-day waiting period for re-taking the exam. So I would encourage you to book your exam ASAP, so if you do fail you can retake before the end of the month. Slots may fill up very quick, so check with your nearest exam provider and book your test today.

In the interest of full disclosure I know the primary author, Chris McCain, and he graciously listed me as an author. But I get no kick back whatsoever. I just think it’s an excellent tool for your journey to a VCP5.

Microsoft Security Compliance Manager 2.5 Beta hits the streets

Microsoft SCM can be a great tool for configuring and maintaining security baselines for various Microsoft products such as Windows operating systems, Exchange, IE and Office. In the past I’ve used it to establish golden OS security baselines that then get exported and baked into our VM templates and physical image discs.

Two major issues I’ve had with past releases was no easy way to import existing GPO state data from a “model” computer. So you had to either start from scratch with SCM and define your baseline or use a MS baseline and modify as needed. Neither way was very time efficient. Configuring standalone machines was easier, as they included a “localgpo” tool. But the process could be easier.

SCM 2.5 beta addresses these issues, and adds other enhancements as well. The release notes mention the following new features:

  • Integration with the System Center 2012 IT GRC Process Pack for Service Manager-Beta:Product baseline configurations are integrated into the IT GRC Process Pack to provide oversight and reporting of your compliance activities.
  • Gold master support: Import and take advantage of your existing Group Policy or create a snapshot of a reference machine to kick-start your project.
  • Configure stand-alone machines: Deploy your configurations to non-domain joined computers using the new GPO Pack feature.
  • Updated security guidance: Take advantage of the deep security expertise and best practices in the updated security guides, and the attack surface reference workbooks to help reduce the security risks that you consider to be the most important.
  • Compare against industry best practices: Analyze your configurations against prebuilt baselines for the latest Windows client and server operating systems.
  • NEW baselines include:
    • Exchange Server 2007 SP3 Security Baseline
    • Exchange Server 2010 SP2 Security Baseline
  • Updated client product baselines include:
    • Windows 7 SP1 Security Compliance Baseline
    • Windows Vista SP2 Security Compliance Baseline
    • Windows XP SP3 Security Compliance Baseline
    • Office 2010 SP1 Security Baseline
    • Internet Explorer 8 Security Compliance Baseline

I’ve found previous versions of SCM to be a valuable tool, and these enhancements make it all the better. You can find the beta on Microsoft connect here. If you haven’t used it before, I would encourage you to try it out, if you value standizing your security baseline for a variety of MS products.

VMware Workstation 8.02 Released

VMware just released Workstation 8.0.2, up from 8.0.1. This is not a major release, but has a few enhancements:

  • Ubuntu 11.10 is supported as a host.
  • Fedora 16 is supported as a guest.

Fixed bugs include:

  • The ACLs on the PID files needed improvement. VMware thanks Inode0 for bringing this to our attention.
  • Releasing input from the guest to the host, for example, moving the cursor from the virtual machine window to the host screen, failed with an unrecoverable error.
  • Copying and pasting from a guest to an Ubuntu 11.10 host failed.
  • Shared folders did not work in Fedora 16 and OpenSuse 12.1 guests.
  • In Ubuntu 11.10 hosts, key repeat was disabled after ungrabbing or quitting VMware Workstation.
  • On a Windows host, a virtual machine configured to use a physical disk or partition failed to power on if the host had a volume backed by more than one physical disk, for example, a RAID system.
  • On a machine with Microsoft Visual Studio 2010 SP1, vix-perl installation failed with dynamic link errors.

This is a free update for all Workstation 8.0.2 owners. Workstation 8.0.1 included dramatic graphics acceleration with IE9, so if you are still on 8.0.0 and using IE9 in guests, you really should upgrade.

You can download Workstation 8.0.2 from here and view the release notes here.