vSphere 7.0 Update 1 is now Globally Available!

vSphere 7.0 introduced by VMware in March 2020 and went to GA in April 2020. Many new features like DRS & vMotion improvement and also Lifecycle Manager has been released. After half a year VMware introduced first major update on vSphere 7 and today this release went into GA. It is now publicly available, you can download it from VMware and take advantage of this latest and greatest release! Here in this blog post I will go through the new features and capabilities

3 Pillars of vSphere 7 Update 1
Continue reading “vSphere 7.0 Update 1 is now Globally Available!”

NSX-T 3.0 SSL Certificate Replacement – Part 2

In Part 1 of NSX-T SSL Certificate Replacement, the process of certificate template preparation and request has been explained. This blog post will teach you how to import and replace the generated certificate into NSX-T Manager. It is really important to verify the imported certificate before replacing it. I want to point out that if you are using a Virtual IP for you NSX-T management cluster, you should have generated the SSL certificate for management cluster’s Virtual IP address.

https://miro.medium.com/max/1200/1*3Ntz8MAEObg_dW10I9-RfQ.png
Continue reading “NSX-T 3.0 SSL Certificate Replacement – Part 2”

Configure NSX-T 3.0 RBAC with Native Active Directory Integration

One of the new features which has been added to NSX-T 3.0 is supporting RBAC with Native Active Directory. In previous version of NSX-T we had to use VMware Identity Manager (vIDM) to be able to add users and groups from Active Directory for RBAC purposes. In set posts I have already described how to install and configure vIDM with NSX-T. I still believe configuring RBAC through vIDM has some added value like Multi-Factor Authentication(MFA).

To setup NSX-T Role-based Access Control(RBAC) it’s better to create groups in Active Directory and add users into the group for two reasons. First it’s easier to add a group with couple of users as members rather than assign role to many users in NSX-T. Second, with help of Group Policy you can define a “Restricted Group” and it locks down membership to that group. As a result it provides a layer of security.

Continue reading “Configure NSX-T 3.0 RBAC with Native Active Directory Integration”

Finalizing NSX-T Management Cluster Deployment

In the previous articles, we deployed first NSX-T Manager and then we added vCenter Server as Compute Manager in NSX-T Web UI. In this post we are going to finalize NSX-T Management cluster. In production environment for high availability and performance reasons, it is recommended to have three NSX-T Managers in the cluster. Second and third NSX-T Managers should be added from NSX-T Web UI. To deploy additional NSX-T manager appliances, go to System menu and choose Appliances and click on “ADD NSX APPLIANCE”.

Continue reading “Finalizing NSX-T Management Cluster Deployment”

Add Compute Manager to NSX-T 3.0

In previous blog post we started NSX-T implementation by deploying first NSX-T Manager. Before deploying other two NSX-T Managers we need to add a Compute Manager. As it defines by VMware, “A Compute Manager is an application that manage resources such as hosts and VMs. One example is vCenter Server”. We do this because other NSX-T Managers will be deployed through Web UI and with help of vCenter Server. We can add up to 16 vCenter Servers in a NSX-T Management cluster.

To add compute manager in NSX-T, It is recommended to create a service account and customized vSphere Role instead of using NSX-T default admin account. The reason behind defining a specific role is because of security reasons. As you can see in the below screen shot I created a vSphere Role call “NSX-T Compute Manager” with the required privileges. I use this Role to assign permission to the service account on vCenter Server.

Continue reading “Add Compute Manager to NSX-T 3.0”

NSX-T 3.0 Deep Dive

In series of blog posts we are going to walk through different steps to setup a NSX-T Data Center infrastructure. If you are new to NSX-T, please first go ahead and read the Introduction to VMware NSX. To get more insight on NSX-T architecture you can continue with NSX-T Architecture and Components post. Because we are using NSX-T 3.0 for the purpose of this implementation deep dive, you can also review What’s new in NSX-T 3.0 blog post.

https://d3utlhu53nfcwz.cloudfront.net/171901/cdnImage/article/913ec53d-8797-4531-99b8-f41e2db1ff50/?size=Box320

Following are the required steps to build a solid NSX-T Data Center foundation. Please follow each step and we are going to update and complete this list regularly.

Continue reading “NSX-T 3.0 Deep Dive”

VMware vSAN 7.0 Witness Appliance Deployment

As part of vSAN Stretched or 2-Node cluster configuration, a witness appliance should be deployed and configured. This witness appliance will host witness components that is being used in split-brain failure scenarios. Witness component will act as a tie breaker and help vSAN cluster to satisfy the quorum requirements. Witness server could be installed as a dedicated physical ESXi host or an specialized virtual witness appliance can be used instead. The main reason of having witness as an virtual appliance is it does not require extra vSphere license to consume and eventually save some cost specially for smaller implementation like ROBO. The other reason behind using a virtual appliance is for multi-cluster environment like VCF stretched cluster implementation. Due to the reason of each vSAN cluster needs its own witness, then you can consolidate all of them on one physical host on a third site.

https://blogs.vmware.com/virtualblocks/files/2016/11/SCDIAG.png
Continue reading “VMware vSAN 7.0 Witness Appliance Deployment”

Deploying & Configuring VMware Identity Manager (vIDM) – Part 2

Following the first blog post about deployment of vIDM, this post will cover how to configure vIDM and implement NSX-T Role Based Access Control (RBAC) with help of vIDM. As you might noticed, in NSX-T 2.5 and earlier release RBAC cannot be enabled without use of vIDM.

When you login to administration page with vIDM’s admin user account, dashboard would be the fist page you will land. Dashboard contains login information and applications which are used by users and analytics.

To start vIDM configuration click on Identity & Access Management. Here you can join vIDM to Active directory domain, add directory to sync with vIDM and define user attributes which get synchronized from directory service to vIDM.

Continue reading “Deploying & Configuring VMware Identity Manager (vIDM) – Part 2”

Cloud Journey with AWS!

Since beginning of 2020, we have started our cloud computing journey by actively practicing and studying Amazon Web Services(AWS) public cloud computing services. We choose AWS because of its tight integration with VMware’s private cloud & SDDC offering and also broad usage & service coverage of AWS intentionally.

https://www.gratasoftware.com/wp-content/uploads/2019/05/https___blogs-images.forbes.com_janakirammsv_files_2018_12_aws-1080x675.jpg

AWS was founded in 2006 to provide IT infrastructure as a service which now commonly known as Cloud Computing. Initially AWS lunched with Simple Storage Service(S3), Elastic Cloud Computing(EC2) and Simple Queue Service(SQS) service offering. Since then AWS has experienced rapid growth in terms of number of customers, service portfolio and also profitability. AWS also maintained its position as the leader in cloud computing market. AWS interestingly surpass its giant parent company, Amazon, in terms of profitability!

In series of blog posts we will cover AWS wide range of services and also AWS architectural principals.

Deploying & Configuring VMware Identity Manager (vIDM) – Part 1

VMware Identity Manager(vIDM), formerly known as VMware Workspace Portal, is VMware Workspace ONE’s identity & authentication component. vIDM aims to mainly achieve two goals increasing security and improve productivity by providing Single Sign-On(SSO). Beyond providing SSO to mobile users in End-User Computing(EUC) and Bring Your Own Device (BYOD) scenarios, vIDM can be used to provide SSO for different VMware products like vRealize suite and NSX. For instance, Configuring Role-Based Access Control (RBAC) in NSX-T Datacenter is only possible through vIDM.

vIDM can be installed on Windows (2008R2, 2012, 2012R2 and 2016) or as an Virtual appliance on Linux (SUSE Linux Enterprise 11). In this post, I am going to describe how to deploy VMware Identity Manager as a virtual appliance and in following post, I’ll describe initial configuration of vIDM.

Continue reading “Deploying & Configuring VMware Identity Manager (vIDM) – Part 1”