vSphere

VMwareNSX

Recently, VMware released its latest version of NSX, 6.3.3. With it came a number of bug fixes and some new features. One of the main new features to come along has to do with the NSX controllers. Starting with 6.3.3, the OS for the NSX controllers will be powered by Photon OS. Because a new OS is used, that means that your current NSX controllers will not be upgraded, but rather they will be deleted and recreated as part of the install process. There are also some other new features, that I will not dive too deep into, but just list:

Guest Introspection supports Windows Server 2016

New NSX API to retrieve a list of all unresolved alarms on NSX Manager

Crypto Module Changes Affecting FIPS Compliance

  • NSS and OpenSwan: The NSX Edge IPsec VPN uses the Mozilla NSS crypto module. Due to critical security issues, NSX 6.3.3 moved to a newer version of NSS that has not been FIPS certified. VMware affirms that the module works correctly, but it is no longer formally validated.
  • NSS and Password Entry: The NSX Edge password hashing use the Mozilla NSS crypto module. Due to critical security issues, NSX 6.3.3 moved to a newer version of NSS that has not been FIPS certified. VMware affirms that the module works correctly, but it is no longer formally validated.
  • Controller and Clustering VPN: The NSX Controller uses IPsec VPN to connect Controller clusters. The IPsec VPN uses the VMware Linux kernel crypto module (Photon 1 environment), which is in the process of being CMVP validated.

 

Upgrade Process

In this blog post, I will take your through the steps to upgrade your current NSX environment to 6.3.3

First check compatibility with your current NSX environment. That can easily be done here.

The NSX components have to be upgraded in a certain order:

  1. NSX Manager
  2. NSX Controller Cluster
  3. VIBs on the host clusters
  4. NSX edges
  5. Guest Introspection (If enabled)

To begin our upgrade process, navigate to your NSX Manager and log in as the admin.

nsx01

Read Full Article

vcsa penguin

After the initial deployment of your vCenter Server Appliance and Platform Services Controller, one of the first things that you want to do if you are using Active Directory is to join your PSC to the domain. In this blog post we are going to walk through doing just that. Like Active Directory domain controllers, the PSC really depends on time being synchronized within your network. The easiest thing to do would be to point all of your devices to the same NTP source. So before beginning, make sure the time is the same on all your devices. Once you have verified that, log into the PSC web UI as the admin account.

psc01 Read Full Article

Over the past few months, I’ve been searching for a good home lab server to replace the ones I had been using that were decommissioned and given to me by my previous employer…3 HP DL385 G6 rack servers with 64GB each. Well anyone that knows servers, know that these are not ideal from a home lab. Not only are they big, bulky and heavy, but they suck electricity like a newborn baby sucks a warm bottle (I can attest to this, being a new dad to a healthy,hungry boy) and on top of that, they can make a room HOT…really fast! I knew this was not a long term solution for me and there was only so much that I could do with VMware’s online HOL. I needed something that I could not only have to test out all the latest products from VMware without a 2hr or so limit, but also something that I could continue to use to prepare for advanced certifications and create content to share on the blog.

What I Wanted In A Server

First of all…it needed to be small. I have a office at home…not a dedicated server room. I wanted something no bigger than a desktop tower PC. To me, the smaller, the better. I also wanted something that would provide me with enough resources to run two of VMware’s most resource intensive products, NSX and vRealize Automation. Those two products alone would need about 50GB of RAM to install all the components to get up and running. I first began looking into the SuperMicro SYS-E200-8D and SYS-E300-8D servers. I was drawn first to their size and then to the fact that they could max out at a whooping 128GB of RAM. However, I didn’t like the idea of only have 2 options for storage, one 2.5 HDD and one M.2 slot. Then I stumbled across Paul Braren from TinkerTry on Twitter and that’s when I discovered what would soon be my next home lab server.

What I Got

I ended up purchasing a SuperMicro SYS-5028D-TN4T server bundle from WiredZone and added two additional 32GB DIMMs to have a total of 128GB of RAM.

 

img_3766 Read Full Article

VMwareNSX

In this blog post we will be deploying the NSX manager appliance. This is the first step in beginning to deploy NSX in your VMware environment. First things first, after downloading the NSX OVA file, right click on the cluster you want to deploy the appliance in and click Deploy OVF Template. Browse to and select the NSX OVA file and click Next.

man01

Read Full Article

vRA Icon

This post will be a short walkthrough on how to create a tenant in vRealize Automation 7. After you complete the initial installation of vRA, you have the default tenant that is created. The default tenant is not where we want to create and deploy any services. The default tenant should be used for creating other tenants and defining other administrators. To begin creating our first tenant we must first log into our default tenant. Navigate to https://FQDN or IP of vRA appliance/ and login with the administrator account that was created during installation

t1

Read Full Article

vcsa penguin

I’ve really come to appreciate more and more the VCSA. One of the times that I really appreciate it, is when it’s time to apply patches/updates to it. This post is just a simple….and I do mean simple…look at how to update your external PSC and then your VCSA when there’s a new update from VMware.

First things first….make sure you have a good backup of your VCSA and PSC. Also I recommend taking a snapshot of your PSC and VCSA but without preserving the VM’s memory state.

Then login into your PSC using the root account at https:// <FQDN or IP of appliance>:5480. Once logged in, go under the Update section.

vc1

Read Full Article