Introduction to VMware Cloud Foundation (VCF)

VMware Cloud Foundation(VCF) is VMware’s integrated SDDC platform for private and hybrid cloud infrastructures. This software package integrates VMware’s Compute, Storage and Network Virtualization solutions with a centralized automated lifecycle management tool call SDDC Manager. The core components of VCF are vSphere (Compute), vSAN (Storage) and NSX (Network & Security). VMware vRealize Suite can also be optionally added to VCF to increase the capability of SDDC infrastructure with performance & capacity Management and cloud management. Since VCF 3.8 beside running normal virtual machine workloads, you can also run containers with use of VMware Enterprise PKS.

To start implementing VCF at least seven ESXi hosts is needed, four for Management Workload Domain(WLD) which hosts infrastructure components of SDDC and another three host for running actual infrastructure WLD. These nodes can be vSAN ready nodes or you can take advantage of DellEMC’s VxRAIL platform and run more integrated Hyper-converged(HCI) platform. The Management WLD brought up with use of special virtual appliance call Cloud Builder. This awesome tool brings up four first nodes in management cluster alongside Platform Service Controllers(PSC), vCenter Servers, NSX manager & controllers and vRealize Log Insight. After the initial bring up process VCF infrastructure management will be done through SDDC Manager.

Continue reading “Introduction to VMware Cloud Foundation (VCF)”

Deploying & Configuring VMware Identity Manager (vIDM) – Part 1

VMware Identity Manager(vIDM), formerly known as VMware Workspace Portal, is VMware Workspace ONE’s identity & authentication component. vIDM aims to mainly achieve two goals increasing security and improve productivity by providing Single Sign-On(SSO). Beyond providing SSO to mobile users in End-User Computing(EUC) and Bring Your Own Device (BYOD) scenarios, vIDM can be used to provide SSO for different VMware products like vRealize suite and NSX. For instance, Configuring Role-Based Access Control (RBAC) in NSX-T Datacenter is only possible through vIDM.

vIDM can be installed on Windows (2008R2, 2012, 2012R2 and 2016) or as an Virtual appliance on Linux (SUSE Linux Enterprise 11). In this post, I am going to describe how to deploy VMware Identity Manager as a virtual appliance and in following post, I’ll describe initial configuration of vIDM.

Continue reading “Deploying & Configuring VMware Identity Manager (vIDM) – Part 1”

VMware VCF 3.9.1 goes GA!

On January 14th 2020, VMware announced general availability of VMware Cloud Foundation (VCF) 3.9.1. This new release supports new features such as Application Virtual Network (AVN), improvements to Cloud Builder, many resolved issues specially around NSX-T and also BOM updates.

Application Virtual Network (AVN) enables vRealize Suite deployment to use NSX overlay networks in addition to VLAN-backed port groups. New installation of VCF 3.9.1 can use AVNs for vRealize Suite components and if you upgrade VCF from a prior release to 3.9.1 and willing to use AVNs, VMware Support should be contacted. VMware Cloud Builder which is being used for bring-up process of VCF now includes several new workflows and also deployment report of bring-up phase.

Regarding Bill Of Material(BOM), VCF 3.9.1 now supports vSphere and vSAN 6.7 Update 3b which holds many security and bug fixes. If you are using NSX-V in your management or VI workload domains, you can take advantage of NSX-V 6.4.6 and lastly VDI workload domain will also upgraded to Horizon 7.10. Those who are using VCF on VxRAIL, now VxRAIL Manager 4.7.410 is supported with this new release of VCF on VxRail 3.9.1.

You can get more information regarding DellEMC VxRail 4.7.410 in other blogpost.

To get more information you can visit VCF 3.9.9 release notes.

NSX-T Password Expiration

NSX-T has a default password expiration policy of 90 days for NSX-T Manager and NSX-T Edges. As soon as this expiration period passes, at the login page of NSX-T Manager an error appears complaining that “Your password has expired”. As a result, you are not able to login to NSX-T Manager.

To solve this issue, login to NSX Manager’s virtual appliance through SSH. Enter admin as the username and use current password to login. After login in NSX Manager, you will be asked to change your password because it is expired. This is the way you can reset NSX Manager admin’s password.

Continue reading “NSX-T Password Expiration”

Introduction to VMware NSX

VMware NSX is a network virtualization and security platform and it is part of VMware’s Software Define Datacenter (SDDC) architecture. VMware NSX has emerged as VMware acquisition of a company call Nicira in 2012 which had a solid product on Software Defined Network (SDN). The product comes in four different forms;

  1. NSX Data Center
  2. NSX Cloud
  3. NSX SD-WAN
  4. NSX Hybrid Connect

NSX Data Center itself comes in two different flavors, NSX-V which mainly designed to work in VMware vSphere environments and NSX-T, formerly known as Multi-Hypervisor, which offers network virtualization and cyber-security features for multi-hypervisor, container-based and multi-cloud environments like AWS or Azure cloud services. Software-Defined networking delivers L2 to L7 network functions in software and allowing virtualization and cloud administrators to provision required services on hypervisor level.

Continue reading “Introduction to VMware NSX”

VxRail 4.7.410 Released

On December 17th, VxRail 4.7.410 software package has been released by DellEMC. The software package includes;

  • VxRail Manager 4.7.410(26262335)
  • VMware ESXi 6.7 Patch 01 (15160138)
  • VMware vCenter Server Virtual Appliance 6.7 Update 3b (15132721)
  • VMware vSAN 6.7 Patch 01(15160138)
  • VMware vRealize Log Insight 4.8(13036238)

This new release contains vSphere 6.7 Patch 1 which covers the heap overwrite security issue in OpenSLP as used in ESXi hosts. This vulnerability may allow network access to port 427 on ESXi host to OpenSLP service and result in remote code execution. (CVE-2019-5544). Other new features in 4.7.410 are;

  • Supports vSAN 2-node deployments with network switches.
  • Allows the order in which sites are upgraded to be specified for stretched clusters.
  • Improves the handling of VxRail alarms in vCenter.
  • Adds a Chat with Supportbutton on the Support tab.
  • Disables node removal for vSAN 2-node clusters.

You can directly upgrade you VxRail cluster if you are running VxRail software 4.0.510 or later release. You may not upgrade VxRail appliance in the following circumstances without opening a service request;

  • If you are running a 3-node cluster running VxRail 4.5.152 or earlier
  • If you are running a stretched cluster and running VxRail 4.7.212 or earlier
  • If your cluster is in unhealthy state or has critical errors

The upgrade bundle can be download from DellEMC’s support website.