Hackers, Phishers, Malware and more…..a virtual cancer

Many of you may have noticed over the last few weeks that Dailyhypervisor has had some ongoing issues.  It all started around the same time my 2 year old son went into the hospital I had gotten an message from a friend letting me know that google had flagged dailyhypervisor.com as a malware site.  Sure enough it had been flagged and malware was indeed present.  With no time to properly resolve the issue I did the only I could do to prevent anyone from coming to my site from being impacted by the malware.  I took the site down.

For me it was a quick temporary fix until I could find the time and focus to get it back up and fixed.  Of course it wasn’t until 11 days later when my son was finally released from the hospital that I got to fixing the site.  My fix was to perform a complete restore from a known good backup.  Luckily I do subscribe to a cloud based backup solution that takes nightly backups and I was able to determine when was the best time to restore the site to.  However I knew this wasn’t going to need to be the only step I took.

After the restore was completed I then needed to try and figure out how they got in and try to lock it down to prevent further incidents.  After hours spend reviewing the security I already had in place, file permissions, firewall rules, and updating all components of the site I got to a point where I felt I had done all the things I needed to and everything should be ok.  Well I recently just found out that was not the case.  These lechers of the internet that exploit any sites they can with vulnerability’s in order to turn them into petri dishes for spreading malware and other malicious code once again gained access to dailyhypervisor.

After doing yet another restore and and exhaustive review of the site again I decided to dig deeper into the plugins that I was using on the site.  I believe the download manager plugin to be the culprit but also discovered other plugins I was running that haven’t seemed to be maintained in a long time.  I ended up removing all the plugins that I felt were insecure, outdated and posed a security risk to the site and my readers.  With the removal of my download manager I will have go to through the entire site and update all the links to all the downloads to point them to the external sources where our downloads are located.  In the meantime if you need to download any of the packages we have shared you can find them on github or VMware Sample Exchange.

I would however like to take this time to apologize to all of my readers for the ignorance of these hackers that hide behind their keyboards in the darkness  and prey on those of us trying to be productive and helpful.  The craziest part is in the last year my blog has probably been the most secure it has been since I started it in 2009 and I’ve never had these issues before in the past.  The good news is they have not hacked or gotten access to the database, just the file system of the site.

I would like to ask all of you that if you see something, please say something.  Please send me a tweet to @vmmeup if you notice anything off.  I have up’d my game a little I now have a solution that monitors all my files and notifies me of any changes, but this isn’t bullet proof and I can’t look out for it ever minute of every day, so please if you notice anything strange with the site moving forward please let me know.  Thank you all for your patience and I resolved this issue and for being loyal readers.

Sid Smith

VMware Cloud Foundation and VMware Cross Cloud Services–VMworld 2016 Keynote

Many of you are at VMworld 2016 and had the opportunity to be at the Keynote Live this morning.  However there are those of us that are not at VMworld this year so I decided to put together some highlights from this mornings keynote.

The big theme for the keynote this year was the announcement of  VMware Cloud Foundation and Cross Cloud Services.   Although I say too much about Cloud Foundation beyond what what was discussed in this mornings keynote I think the below slide really helps shed some light.  Although you will hear Cloud Foundation compared to Nutanix, I see it as more than just converged infrastructure.  I see it more as a converged cloud.  If you look at the let side of the below image you can see that VMware Cloud Foundation includes, Private Cloud as well as VMware vCloud air, and the IBM cloud.  The benefit here is all of these environments are built on top of VMware technology.  To the right you see the Non-VMware-Based Clouds which includes Amazon, Azure, and Google CP.  These would be what’s part of the VMware Cross Cloud Services.

 

2016-08-29_13-15-50

[Read more…]

VMware round of Q2 releases including vRA 7.1, vROPs 6.3, vRCS 2.1, Cloud Client 4.2, vRB 7.1 and more

Many of you may have already seen the news, but I like to create a roll up to make it easy to see what’s been newly released.  Yesterday Tuesday August 23rd 2016 VMware released a number of much awaited Management product updates.  See below for a breakdown of the updates per product.

 

vRealize Automation 7.1

 

What’s new?

vRealize Automation 7.1 is optimized for growing clouds thanks to significant improvements in the automated installation experience.

vRealize Automation 7.1 continue simplifying the primarily and secondary setup process by adding ability to automate the setup process among similar deployments leveraging the new Silent Installer. Cloud Admins are now able to scale out existing vRealize deployment by adding more vRA components and manage them automatically though the new Command Line(CLI) interface.

vRA 7.1 release is also equipped with a brand new Migration tool which allows you to perform safe and sound side by side upgrade (migration) existing vRealize Automation systems 6.2.X to the latest and greatest release. During the migration process the source production environment remains intact which guarantees a minimum downtime of the production environment.

[Read more…]

Home Automation with vRealize Orchestrator and Wink

You might read the title and think to yourself ‘Why would I want to use vRO with Wink?”  Well there are a number of reasons.  I created this because being an automation specialist I thought it would be cool to automate my home.  When I started down this path I got a wink hub, a smartthing hub, a philips hue hub, Chamberlain MyQ Garage Door Openers, Kwickset locks, Leviton & GE switches, Light Bulbs, a Smappee Energy, Water, & Gas Monitor, Nest Thermostat, Nest Protect, EcoBee, Ring doorbell, Canary, Harmony Hub, and a number of other hubs, devices, and sensors.  As I started my project I realized on their own non of these products do a great job at automation.  Sure you can control things via na app, but I want more than that.   I don’t just want automation either, I want intelligent automation.

A simple example:  I want my door locks to be locked after a defined period of time being unlocked.  Well sure I can create a rule or robot that say lock door after x time, but that’s lacking intelligence.  Maybe I want to lock the door only if it is closed.  Non of these systems can do that.  However with vRO I can create a workflow that locks the door and checks the door sensor to determine if it is opened or closed and if it’s closed, lock the door, if not check again in x period of time until it can be locked.

Another example:  I park my vehicle in the garage.  I like to remote start my vehicle in the winter to warm it up.  I would sometimes forget to open my garage door then start my vehicle.  With vRO I can mount a Nest Protect on my garage door right behind my exhaust and set a rule that if CO is detected, open the garage door.  Alternatively I can use a OBDLink hooked up to my vehicle computer and through Dash determine if my vehicle is running and trigger garage door to open.  You get the idea.

[Read more…]

Platypus Project Update

platypusOver the weekend Roman, Grant, John and I released a significant update to the platypus project, which is essentially a very simple and elegant way to provide a Swagger based documentation of several VMware Products.  This project started out by providing a quick way to consume the vRealize Automation 7 API, but it has grown a healthy set of legs.

One of the goals of the project was to take publicly available specifications and make them consumable and adaptable by the larger community.

So,  what’s new? Everything.

  • Flexibility: When you run the docker container, there is the option to provide variables for Product Name and Product Version.
  • Product Support: The updated platypus project now includes vRealize Operations 6.2,  vRealize Orchestrator 7.0, and NSX 6.2.
  • Host Config: The host variable now provides the ability to input the hostname of an instance of the VMware Product in question (preferably a test/dev instance) and issue the REST API calls.

To get your hands dirty with the NSX version of Platypus, just issue the following command:

docker run –name platypus –rm -p 80:8080 -e PRODUCT=”nsx” -e VERSION=”6.2″ vmware/platypus

Interested in checking the platypus project out? Find out more at https://github.com/vmware/platypus.  If you are interested in contributing to the project, simply issue a PR.

Please leave your feedback or comments below, I’d love to hear from you.

cloudcanuck.ca / twitter / facebook