Since vRealize Automation 8.2 the product includes blueprints that can leverage Terraform services. The implementation leverages a Kubernetes cluster where it creates a temporary pod which loads some data from the internet. For some customers it’s mandatory to have no internet connection in the datacenter. Hence a solution is required that can run in a… Read More »
In one of my previous blogs, I explained how a network selection on blueprint request can be implemented: https://www.vrealize.it/2020/06/25/vrealize-automation-network-selection-in-request-form/ As always there’s multiple ways to achieve goals. The above-mentioned blog is using custom properties to realize the network selection. This has the general advantage that the process could be used for other selections as well… Read More »
Update: January 2021 update with current versions (Antrea v0.12.0 AKO 1.13 / Controller 20.1.3) This post shows how to integrate Antrea Container Networking with NSX Advanced Load Balancer (NSX ALB) using AVI Kubernetes Operator (AKO) This example shows integration of a single K8S cluster with NSX ALB. If you plan to integrate more than one… Read More »
vSphere with Tanzu automatically deploys an NSX-T based load balancer for its supervisor cluster control plane. The load balancer size is defined as MEDIUM and requires an EDGE node of large size which is defined with 8 vCPU and 32GB RAM. While the creation of a supervisor cluster does also work with a medium sized… Read More »
vRealize Automation 8/Cloud provides a comprehensive platform to offer service as part of a catalog experience. Users that have been assigned to projects and catalog items can select from the services available and request those accordingly. If new users want to get access to the platform typically an admin user must grant them permissions to… Read More »
For a customer demo I needed a quick way to interconnect my on-premises environment with a AWS VPC without getting a AWS direct connect or the possibility to open the on-premises firewall for a NSX IPSEC tunnel. So I made it work with OpenVPN which just needs TCP Port 443 to be allowed on the… Read More »
Beforehand I would like to express my thanks to Sascha Warno for his help in configuring the Keycloak integration. vRealize Automation 8 is leveraging VMware Identity Manager for authentication of users. While in most environments Identity Manager is integrated with LDAP directory services like Microsoft Active Directory, it supports a wide variety of other identity… Read More »
Beforehand I would like to express my thanks to Ismail Yilmaz and Christian Liebner for their help in developing modules and verification of the solution. vRealize Automation 8.x and vRealize Automation Cloud do have integration with gitlab and github for source code management. As of today, this is only a one-way process to pull blueprints from the SCM system into vRA –… Read More »
In my career I’ve seen boring & uninspiring general sessions. Pat & Sanjay always were the opposite for me. Enjoy virtual #vmworld on your couch, stream it on your 65”+TV and enjoy it with microwave popcorn. #carbonblack #lastline #nsx #vmworldsecemea Hear breaking news from Pat Gelsinger and… Join us online for VMworld 2020. Learn about… Read More »
Special thanks go to Martin Petkov for his help on API questions. Self-Service offerings typically bring up the question: Who’s the consumer for the services offered? While in many cases this might be some type of end-users who don’t care much where the service is running there’s also a lot of use cases where skilled… Read More »
After integrating NSX-T with K8S I sometimes get issues with coredns not working. Common root cause: K8S internal DNS infrastructure needs non-NAT’ed network access from container PODs to K8S Nodes and vice versa. As NSX-T NCP default behaviour is to NAT your K8S Namespaces this can – depending on you overall architecture – cause connection… Read More »
Deployment of a Kubernetes application into production requires a well-defined process. It is not only about the actual deployment but also about having the right test procedure in place as well as updating existing applications with new versions. In contrast to legacy applications where frequency of updates is rather low, modern containerized applications can have… Read More »
Yesterday the eighth release of NSX-T went GA. Yes, you can hear and marvel, besides the expiring, NSX for vSphere (early 2022) this is already the eighth public release of NSX-T. In addition to on-premise multi-hypervisor support, it allows a uniform security policy to be implemented in hybrid and multi-cloud environments, no matter whether the… Read More »
This post introduces NSX-T L7 capabilities. You will create a MySQL Daemon on an VM and configure NSX-T Distributed Firewall to allow traffic on TCP 3306. When replacing this MySQL Daemon with sshd listening on 3306 NSX-T L4 firewall will not prevent access – by design. After enabling NSX-T L7 Firewall (Context Profile / Application… Read More »
This post demonstrates how to integrate a bare-metal server on OS-Level into NSX-T overlay networking and security. As there was no bare-metal system in my demo environment available I created a CentOS 7.5 VM on a non-NSX enabled ESXi Server. Topology shown below After successful installation it should look like this Pre-Requisites: Have NSX-T up… Read More »