VMware

cma6

 

Over the past several months, I have really taken a interest in…..THE CLOUD!

With all the talks about automation this and automation that…I figured it was about time for me to jump on board and start learning. More and more these days, businesses are taking advantage of a hybrid cloud model for their data center.

cloud

I’ve always liked to position myself to be valuable and with the rapid speed that NSX and vRealize Automation are going forward with, I needed to stay on top of both products. So taking advantage of the resources in my homelab, I deployed a vRealize Automation environment and integrated NSX with it to begin my studies about the product. Let me start by saying that vRA is MASSIVE. The possibilities really are endless with what you can do with it. One thing I found out soon in my studies was that there really aren’t a lot of good books on vRA 7. The best one that I found also came with the best price….FREE! As a wonderful service to the community, Jen Soldner, Dr. Guido Soeldner, and Dr. Constantin Soeldner created a online copy of the Mastering vRealize Automation 7.1 book that they wrote. This, along with the Eric Shanks’ PluralSight course, got me to a good start at learning the product.

So after months of reading, breaking and fixing the product in my lab, and some late nights studying….I’m proud to say that I passed the VCP6-CMA exam at VMworld US 2017. Now on to the next cert…I’m thinking VCAP6-NV Deploy or AWS. Who knows….maybe both!


It’s that time of year again…VMworld US! While the conference officially kicks off on Monday…that doesn’t mean that there’s not plenty to do to get you in full VMworld mode for the week. First off….for me it was time to take care of some business first. I’ve been studying for my VCP6-CMA for some months now. I scheduled my exam for Sunday so that whether it was win, lose, or draw (not sure how that could happen yet) I’d have the exam out of the way and not have it looming over me for the entire week. Well I’m happy that I got it out of the way and with good results! Read Full Article

VMwareNSX

Recently, VMware released its latest version of NSX, 6.3.3. With it came a number of bug fixes and some new features. One of the main new features to come along has to do with the NSX controllers. Starting with 6.3.3, the OS for the NSX controllers will be powered by Photon OS. Because a new OS is used, that means that your current NSX controllers will not be upgraded, but rather they will be deleted and recreated as part of the install process. There are also some other new features, that I will not dive too deep into, but just list:

Guest Introspection supports Windows Server 2016

New NSX API to retrieve a list of all unresolved alarms on NSX Manager

Crypto Module Changes Affecting FIPS Compliance

  • NSS and OpenSwan: The NSX Edge IPsec VPN uses the Mozilla NSS crypto module. Due to critical security issues, NSX 6.3.3 moved to a newer version of NSS that has not been FIPS certified. VMware affirms that the module works correctly, but it is no longer formally validated.
  • NSS and Password Entry: The NSX Edge password hashing use the Mozilla NSS crypto module. Due to critical security issues, NSX 6.3.3 moved to a newer version of NSS that has not been FIPS certified. VMware affirms that the module works correctly, but it is no longer formally validated.
  • Controller and Clustering VPN: The NSX Controller uses IPsec VPN to connect Controller clusters. The IPsec VPN uses the VMware Linux kernel crypto module (Photon 1 environment), which is in the process of being CMVP validated.

 

Upgrade Process

In this blog post, I will take your through the steps to upgrade your current NSX environment to 6.3.3

First check compatibility with your current NSX environment. That can easily be done here.

The NSX components have to be upgraded in a certain order:

  1. NSX Manager
  2. NSX Controller Cluster
  3. VIBs on the host clusters
  4. NSX edges
  5. Guest Introspection (If enabled)

To begin our upgrade process, navigate to your NSX Manager and log in as the admin.

nsx01

Read Full Article

591812795EM002_The_2015_Mis

About a year and a half ago, I really became interested in VMware NSX. What made NSX so interesting to me was that it touched two aspects of technology that I really have a passion for…virtualization and networking. I remember when I was first introduced to NSX. I thought to myself….”its a neat concept….but I can’t see having my network in software”. But the more I began to explore use cases for NSX, and realizing that 95% of the data center that I worked in was virtualized, it really made more sense. This lead me to dive even deeper into learning NSX. At the time, I didn’t have a homelab so I made good use of the VMware HOLs to play with NSX to further my learning. Using the VMware HOLs, I was able to get some good time at the “steering wheel” working with NSX and it helped me in my studies for my VCP6-NV. I was able to achieve that goal last year at VMworld US. Working more with NSX has made me want to share my thoughts, “how-tos”, and opinions about it and ultimately give back to the vCommunity. That “giving back” has in turn helped me to deepen my knowledge on NSX and other VMware products. That is why I am pleasantly surprised and honored to be awarded with vExpert NSX status for 2017.  Read Full Article

VMwareNSX

A NSX edge can be used to relay name resolution requests from clients to external DNS servers. As the NSX relay these requests, it caches the response from the DNS server. In this blog post, I will show you how to configure the DNS servers on the NSX edge.

First, navigate the Networking & Security.

dns01 Read Full Article

VMwareNSX

NSX Edge provides network address translation (NAT) service to assign a public address to a computer within a private network. The NSX edge supports using source NAT (SNAT) and destination NAT (DNAT). SNAT is used for translating a internal IP address to a public external address. Since external IP addresses have no knowledge of internal IP addresses, NAT is needed for communication. DNAT allows access from outside/external networks to internal private networks. NAT is important for providing access to services within your private network and for providing the ability to access services that are external to your network. For ex: In order for a machine on your private network to be able to access the internet, NAT is need. In this blog post, I’ll show you how to configure source NAT (SNAT) on a NSX edge device to do just that.

In our example, we will have a VM (VM01) with a IP address of 10.1.2.20 that is attached to a NSX logical switch (Tenant A). In order for this VM to access the internet, we will translate it’s IP to an IP that is internet accessible. Right now, as you can see, we cannot access the outside world. We test this by pinging Google’s public DNS (8.8.8.8).

nat

Let’s get started with changing this and making the VM accessible to the internet. Read Full Article

VMworld-2017

Each year that I’ve gone to VMworld, I always have in mind a certain product path that I want to focus on. With all the great content, there’s just no way that you can attend all of the sessions that you want (thank goodness for on-demand recordings). In 2015, I focused on vSphere and vCenter, as I was taking my VCP6-DCV test during the conference. Last year, all of my sessions were on NSX, since I was taking the VCP6-NV exam during the conference. So following suit, this year, I will be taking the VCP6-CMA exam during the conference. Can you guess what my sessions will be focused on? AUTOMATION…with a dash of NSX! 🙂

So here’s a list of my top 10 sessions that I plan to attend at this year’s conference.

Read Full Article