In my previous blog post, we explored VCF Operations and its key components, a foundational topic for understanding the future of VMware Cloud Foundation (VCF). Now, as we continue preparing for the upcoming VCF release, let’s dive into VCF Operations Fleet Management—a new concept that many are still getting familiar with, as it was introduced only a few months ago!
.
Continue reading “VCF Operations Fleet Management: What You Need to Know”VMware Cloud Foundation Operations is the next generation of Aria Operations and tightly integrated with VMware VCF-based private cloud infrastructure. At its core, VCF Operations is an Ops Management tool, but with the next release of VMware Cloud Foundation, VCF Operations will be the focal point for managing and operating the VMware VCF environment. VCF Operations will integrate single sign-on, certificate, password, and lifecycle management(LCM) capabilities. Simply put, it will be the centralized point for configuring the VCF private cloud and will be mainly used, but not limited to, for VCF day-2 operations. In this blog post, we’ll go through the components and architecture of VCF Operations.
If you have experience working with Aria Operations or Aria Operations, then understanding the components and architecture of VCF Operations won’t be hard for you! But don’t worry if you don’t have experience with vROps or Aria Ops! Keep reading this blog post, and you’ll get a better idea.
Continue reading “Introduction to VMware Cloud Foundation (VCF) Operations”In the previous two blog posts, we installed and configured the Microsoft Certificate Service, prepared a certificate template, and configured a service account to follow the least privilege policy. In this blog post, we will bring everything together by integrating the Microsoft CA with VCF’s SDDC Manager and requesting a certificate from the CA for the VCF components.
Connect to the SDDC Manager UI, log in with a privileged user account, and choose the Certificate Authority option on the left panel. Then click on Edit to open the configuration page.
Continue reading “Configure a Microsoft Certificate Authority in SDDC Manager”In the previous blog post, we discussed the installation and initial configuration of Microsoft Certificate Service on a Windows Server and enabled Certificate Web Enrollment on that server. The second step to replacing the default self-signed certificate in VCF is to prepare the Certificate Authority with a new certificate template and assign a service account so that an alternative user can request the certificates instead of the default administrative accounts. With that said, let’s move forward with creating the customized certificate template.
When you request a certificate from a Certificate Authority(CA), the CA lets you choose from its templates store. We must create a template and publish it in the certificate store to create a customized certificate. Open the Certificate Authority snap-in from the CA server’s Administrative Tools to create the customized certificate. If you click Certificate Templates under your CA, you’ll see all the valid certificates in the certificate store.
Continue reading “Prepare Certificate Authority for VCF Certificate Replacement”One standard method of issuing valid certificates to infrastructure software solutions like VMware Cloud Foundation(VCF) is through an internal Microsoft Certificate Authority(CA). Most organizations that use Active Directory(AD) as a directory service also use AD Certificate Services to issue certificates when replacing the self-signed, auto-generated certificates. Even though this service might be installed and running in your infrastructure, this blog post explains how to install and configure it on a Windows Server machine to integrate with VCF infrastructure. After installing and configuring Certificate Authority, we should create a Certificates Template, integrate VCF with this CA, and finally request certificates and replace them through SDDC Manager,
In this post, we will install AD CS on a Windows Server 2022 joined to an Active Directory domain and configure Web Enrollment to allow users to request and retrieve certificates via a web interface.
Continue reading “Installing and Configuring Active Directory Certificate Services (AD CS)”Secure File Transfer Protocol (SFTP) is a secure method for transferring files over a network. Unlike traditional FTP, which sends data in plain text, SFTP utilizes the Secure Shell (SSH) protocol to encrypt both the authentication information and the data being transferred. This encryption ensures that sensitive data remains protected during transit, making SFTP a preferred choice for secure file transfers in various environments.
Having an SFTP server is important in a VMware environment for secure and reliable file-based backups. Components like vCenter server, NSX manager, and SDDC manager use SFTP for file-based backups. SFTP also allows for centralized backup management and remote storage, enhancing disaster recovery capabilities by safeguarding data off-site and enabling quick restoration.
In this blog post, I’ll explain step-by-step how to setup SFTP service on an Ubuntu server.
Continue reading “Setup SFTP on Ubuntu Server”In Part 1 of NSX SSL Certificate Replacement, the process of certificate template preparation and request has been explained. This blog post will teach you how to import and replace the generated certificate into NSX Manager. It is essential to verify the imported certificate before replacing it. I want to point out that if you are using a Virtual IP for your NSX management cluster, you should have generated the SSL certificate for the management cluster’s Virtual IP address.
NSX 4 installation comes with an out-of-the-box self-signed SSL certificate. For security and compliance reasons, most customers want to replace the default self-signed certificates with CA-signed certificates. In this two-part blog post, I’ll explain how to prepare your certificate infrastructure, request the certificate, and finally replace the SSL certificate. There are some very useful guides, like this one from VMware, but I will explain the whole certificate replacement process in the following blog posts.
Since the release of NSX-T 3.2, I have had questions about an option in the installation wizard of the NSX Manager OVA appliance regarding the GRUB root password, and in this post, I want to address it. If you wanted to recover a lost or forgotten password for the root account of the NSX Manager appliance, you had to reboot the appliance and force the boot process to enter the GRUB menu.
But to be able to do that, when everything was under control and you had the root’s password, you needed to log in to NSX managers with root and configure the GRUB Hidden Timeout. There was also a default password configured which we could use or change together with the hidden timeout configuration.
Continue reading “GRUB Root Password – NSX Installation”On Feb 10th, 2022, VMware released VCF 4.4 with a new set of features and of course new software components in the Bill of Material(BoM). This new release brings a lot of new enhancements around lifecycle management, security, and NVIDIA AI Enterprise suite capabilities for AI/ML workloads. Before going into the details of new features, let’s look at the VCF 4.4 BoM. VMware vSphere 7.0 U3c, vSAN U3c, and NSX-T 3.1.3.5 are included in this software packaging. Besides the base SDDC software base, VCF 4.4 supports vRealize Suite 8.6.2 and Workspace ONE Access 3.3.6. So as you might expect the software releases packaged with VCF 4.4 are pretty up to date and more importantly Apache log4j is updated to 2.16 or 2.17 which addresses Log4j vulnerability.
Now let’s look at the highlights of new features and capabilities on VMware Cloud Foundation 4.4
Continue reading “General Availability of VMware Cloud Foundation 4.4”