vSphere

VMware NSX-T: Create IP Pools

In this blog post I will go through the steps that are needed in order to create an IP pool that will be used by our Virtual Tunnel Endpoints (VTEP). VTEPs are the source and destination IP addresses that are used in the external IP header in order to identify the hypervisor hosts that are originating and terminating the NSX-T encapsulation of overlay frames. An IP Pool isn’t necessary in order to assign an IP address to a VTEP. You may also do so using DHCP or manually assign a static IP address.

Create an IP Pool

From a browser, log in to the NSX Manager with admin privileges.

mig01 Read Full Article

VMware NSX-T: Creating Transport Zones

In this blog post, I will go through the steps that it takes to create transport zones within NSX-T. Before we get started with the creation of the transports zone, let’s explain what transport zones are

Transport Zone Overview

Transport zones control which hosts and, essentially, which VMs can participate in a particular network by limiting what logical switches that a host can see. A transport zone can span multiple host clusters and a NSX-T environment can contain one or more transport zones but a logical switch can only belong to one transport zone. Since logical switches are limited to a transport zone, VMs in different transport zones cannot be on the same L2 network. NSX-T introduces the concept of the NSX Managed Virtual Distributed Switch (N-VDS, previously called the hostswitch). The N-VDS is what allows physical to virtual packet flow and it does this by binding logical router uplinks and downlinks to physical NICs. Each time you create a transport zone, you must provide a name for the N-VDS that will be associated with it as well as the traffic type that will take place.

Types of Transport Zones

There are two different types of Transport zones, Overlay and VLAN:

  • Overlay Transport Zones
    • Used by both the host transport nodes and NSX Edges
    • A N-VDS will be installed on the host or NSX Edge after it has been added to the overlay transport zone
  • VLAN Transport Zones
    • Used by the NSX Edge and host transport nodes for its VLAN uplinks
    • A N-VDS will be installed on the NSX Edge when it is added to the VLAN transport zone

Read Full Article

Configure Security Groups and Security Policies in VMware NSX

VMwareNSX

Configure Security Groups

Security Groups are a way to define objects that you want to group together to protect. They can be statically defined or defined dynamically. Security Groups can be defined using some of the following objects:

  • Clusters, port groups, resource pools
  • Security tags, IP Sets, MAC Sets, other security groups
  • Active Directory groups – If the NSX Manager is registered with Active Directory
  • VMs, vNICs, Logical Switch

Grouping objects together can make the application of firewall rules that much easier and cut down on the amount of rules that need to be generated in NSX

To create a security group, navigate to Networking & Security > Service Composer > Security Groups. Click the “New Security Group” icon.

sg01 Read Full Article

HomeLab: SuperMicro 5028D-TN4T One Year Review

Oh my, how fast a year has flown by and my how much has changed! Last year, in February, I came to the realization that if I really wanted to increase my knowledge and advance my career, then I needed to invest in a homelab. So, I made an investment and purchased a SuperMicro 5028D-TN4T system bundle from WiredZone. It has been a year since I did my initial review of this system and since then I have made good use out of it and decided to come back with my thoughts. Read Full Article

Veeam: Install Veeam Availability Suite 9.5

Veeam_logo_2017_green-500

There are few things in IT that are worse than needing to recover some data and realizing that you don’t have a proper backup of it. Well, good thing for me, this only happened in my home lab and not at my day job. I suffered a power outage during some recent bad weather and one of my management VMs, the VM that had everything that I use to manage my home lab, decided it wasn’t going to come back up. Oh how I wish I had a backup of that VM so that I didn’t have to spend hours getting it back to where it was before the crash. So, I decided I needed to get something in place so that this wouldn’t happen again. Veeam…to the rescue! I’ve used Veeam before at my previous job as our primary backup tool but it never hit me to try it in my lab because I also remember the cost! And for a small home lab it just wasn’t feasible. But then I realized that Veeam gives a NFR license to vExperts…..say no more! In this blog I will go through the install for Veeam Backup & Replication 9.5. Read Full Article

Upgrading VMware NSX to 6.3.3

VMwareNSX

Recently, VMware released its latest version of NSX, 6.3.3. With it came a number of bug fixes and some new features. One of the main new features to come along has to do with the NSX controllers. Starting with 6.3.3, the OS for the NSX controllers will be powered by Photon OS. Because a new OS is used, that means that your current NSX controllers will not be upgraded, but rather they will be deleted and recreated as part of the install process. There are also some other new features, that I will not dive too deep into, but just list:

Guest Introspection supports Windows Server 2016

New NSX API to retrieve a list of all unresolved alarms on NSX Manager

Crypto Module Changes Affecting FIPS Compliance

  • NSS and OpenSwan: The NSX Edge IPsec VPN uses the Mozilla NSS crypto module. Due to critical security issues, NSX 6.3.3 moved to a newer version of NSS that has not been FIPS certified. VMware affirms that the module works correctly, but it is no longer formally validated.
  • NSS and Password Entry: The NSX Edge password hashing use the Mozilla NSS crypto module. Due to critical security issues, NSX 6.3.3 moved to a newer version of NSS that has not been FIPS certified. VMware affirms that the module works correctly, but it is no longer formally validated.
  • Controller and Clustering VPN: The NSX Controller uses IPsec VPN to connect Controller clusters. The IPsec VPN uses the VMware Linux kernel crypto module (Photon 1 environment), which is in the process of being CMVP validated.

 

Upgrade Process

In this blog post, I will take your through the steps to upgrade your current NSX environment to 6.3.3

First check compatibility with your current NSX environment. That can easily be done here.

The NSX components have to be upgraded in a certain order:

  1. NSX Manager
  2. NSX Controller Cluster
  3. VIBs on the host clusters
  4. NSX edges
  5. Guest Introspection (If enabled)

To begin our upgrade process, navigate to your NSX Manager and log in as the admin.

nsx01

Read Full Article

Join a Platform Services Controller 6.5 to Active Directory Domain

vcsa penguin

After the initial deployment of your vCenter Server Appliance and Platform Services Controller, one of the first things that you want to do if you are using Active Directory is to join your PSC to the domain. In this blog post we are going to walk through doing just that. Like Active Directory domain controllers, the PSC really depends on time being synchronized within your network. The easiest thing to do would be to point all of your devices to the same NTP source. So before beginning, make sure the time is the same on all your devices. Once you have verified that, log into the PSC web UI as the admin account.

psc01 Read Full Article

HomeLab: SuperMicro 5028D-TN4T Review

Over the past few months, I’ve been searching for a good home lab server to replace the ones I had been using that were decommissioned and given to me by my previous employer…3 HP DL385 G6 rack servers with 64GB each. Well anyone that knows servers, know that these are not ideal from a home lab. Not only are they big, bulky and heavy, but they suck electricity like a newborn baby sucks a warm bottle (I can attest to this, being a new dad to a healthy,hungry boy) and on top of that, they can make a room HOT…really fast! I knew this was not a long term solution for me and there was only so much that I could do with VMware’s online HOL. I needed something that I could not only have to test out all the latest products from VMware without a 2hr or so limit, but also something that I could continue to use to prepare for advanced certifications and create content to share on the blog.

What I Wanted In A Server

First of all…it needed to be small. I have a office at home…not a dedicated server room. I wanted something no bigger than a desktop tower PC. To me, the smaller, the better. I also wanted something that would provide me with enough resources to run two of VMware’s most resource intensive products, NSX and vRealize Automation. Those two products alone would need about 50GB of RAM to install all the components to get up and running. I first began looking into the SuperMicro SYS-E200-8D and SYS-E300-8D servers. I was drawn first to their size and then to the fact that they could max out at a whooping 128GB of RAM. However, I didn’t like the idea of only have 2 options for storage, one 2.5 HDD and one M.2 slot. Then I stumbled across Paul Braren from TinkerTry on Twitter and that’s when I discovered what would soon be my next home lab server.

What I Got

I ended up purchasing a SuperMicro SYS-5028D-TN4T server bundle from WiredZone and added two additional 32GB DIMMs to have a total of 128GB of RAM.

 

img_3766 Read Full Article

Deploying NSX Manager 6.3

VMwareNSX

In this blog post we will be deploying the NSX manager appliance. This is the first step in beginning to deploy NSX in your VMware environment. First things first, after downloading the NSX OVA file, right click on the cluster you want to deploy the appliance in and click Deploy OVF Template. Browse to and select the NSX OVA file and click Next.

man01

Read Full Article