Now that we have a Management Domain (MD) with all components running in them, let’s take a look at the environment. We know that the Cloud Builder VM (CB-VM) was responsible for bringing up the Management Domain, but after this job, it is basically finished. We thank it for its service and can dismiss the VM (unless we want to build more SDDC’s). The new sheriff in town is called the SDDC Manager, and when we log in to its…
After the theory (Building a VMware Cloud with VCF (a short history)), it is time to dive into the technical stuff. Let’s deploy us some VCF! VMware Cloud Foundation is deployed in multiple steps. Since you are deploying an environment that has dependencies on itself, there is one tool that you can use, to help you along. This tool is called the Cloud Builder VM (which is a pretty cool name ;)). It can be downloaded from the My VMware…
After playing around with NSX-T for a while (and that certainly hasn’t stopped), I wanted to take a look into VMware Cloud Foundation (VCF). VCF is in the heart of VMware’s vision for the future. In the olden days, all companies who started working with VMware’s virtualization software had to deploy this completely manual. And although the software was usually well behaved, a lot of choices needed to be made to have a smoothly running virtual environment, tailored to the…
Now that we have learned the theory in Microsegmentation with NSX-T (part 1: methodology), we can look at the application of this methodology in practice. Methodology in action So after all this, let’s see a little bit of this methodology in action. First of all, it is important to know which traffic is flowing in the environment. An excellent tool to help in this respect, would be vRealize Network Insight, but not every organization is able to use this, so…
After a number of blogs on network-virtualization, I thought it was time to start writing some blogs on another of the major three use cases: Security, through micro-segmentation. In my line of work most organizations where I implement NSX (first V and now T) are primarily interested in the security aspects of the product. In my presentations on NSX I usually use two pictures to show what security is like in most traditional environments. It looks something like this: (for…
I learned something today, which in hindsight is obvious. Hopefully this helps someone that runs into the same “strange” (but not so strange) behavior. I created the following topology today, to prepare for some NSX-T demo I am giving tomorrow: What I (among other stuff) wanted to show, was that routing between Test-Segments “D” and “E” and “A”, “B” and “C”, is completely distributed. So when VM’s from the different segments live on the same host, no physical hops are…
Within our demonstration environment (the PQR Experience Center), we are running a multitude of SDDC-products from VMware. Most of them have been signed by a CA-based certificate, but today we found out that our vRNI server is still running with the self-signed certificate. Time to change this! I have looked at the procedure at https://kb.vmware.com/s/article/2148128, and created some screen shots to accompany the procedure. First of all, I logged in with ssh on the platform-vm. I used the username “support”,…
This is your chance to speak at a vCommunity Event: vNS or vMA TechCon is looking for speakers!
So after using NSX-T for a while, with the built-in admin account, it is time to look into using RBAC for some granular control over who is allowed to do what, within NSX. So with NSX-T it isn’t as straight forward as it was in NSX-V. Integrating logins with AD requires a bit more work. With NSX-T it becomes necessary to work with the VMware Identity Manager. When looking at the ever-important Interoperability Matrix, we can see that the following version…
So apparently it has been 90 days since the deployment of NSX-T and therefor, time for the admin password to expire ;): Unfortunately, this doesn’t give you the opportunity to login and then change the password (a feature I would really appreciate), but a reset is necessary. In the online documentation (https://docs.vmware.com/en/VMware-NSX-T-Data-Center/2.4/administration/GUID-8816B842-2EC4-40A8-A618-F68DB29FABD2.html) the reset is done through a reboot into single user mode of one of the appliances and reset the password. However, in the online documentation one of the…