Why CloudHealth Secure State won Gold for… Managing misconfiguration risk to prevent data breaches and improve cloud security posture is a key priority for IT and developer teams. But finding a solution that’s easy to operationalize can be very challenging. Recently, VMware announced that CloudHealth Secure State won gold for cloud […]
This Blog will Guide you through the complete Installation from NAPP without using Tanzu and NSX Advanced Load Balancer. If you have Tanzu and NSX Advanced Load Balancer installed, I highly recommend to use your existing Tools!
VMware has aquired SaltStack a while ago and incorporated some of the products into the vRealize Automation product family. While most of the configuration management functionality focusses on guest operating systems there has been increasing demand to do the same for VMware SDDC components like vCenter, ESX, NSX etc. as well. As of this VMware… Read More »
Starting with NSX-T 3.2 its now possible to act as central security control plane for Antrea enabled k8s clusters. This post shows how to set up and gives a short introduction how it works. Prerequisites: have NSX-T 3.2 up and running Prepare 3 Ubuntu 18.04 VMs (4 CPU, 4GB RAM, 25GB Storage), minimum install with… Read More »
Introduction If you have been following the blog posts on this site, we implemented NSX-T with Openshift 4.6 with NCP’s support for Openshift operators (see https://www.vrealize.it/2021/03/24/nsx-t-ncp-integration-with-openshift-4-6-the-easy-way/) using the UPI installation. In the meantime, NCP 3.2 was released, which supports Openshift 4.7 and 4.8 and is also able to get installed through the IPI installation process.… Read More »
Often customers want to see the ease of use of VMware NSX distributed IDS/IPS. But to demonstrate its capabilities it might be necessary to setup tools like metaspoit and vulnerable software versions. With idsreplay I’ve created an easy way to run you IDS/IPS Demo “out-of-the-box” without the need to setup & configure potentially dangerous software… Read More »
vRealize Automation 8.x includes SaltStack Config as configuration management tool. This works with state files that define which configurations will be applied on target system. One of the options to store state files is leveraging a git repository. In this blog I will explain how the SaltStack appliance can be configured to leverage such a… Read More »
Since vRealize Automation 8.2 the product includes blueprints that can leverage Terraform services. The implementation leverages a Kubernetes cluster where it creates a temporary pod which loads some data from the internet. For some customers it’s mandatory to have no internet connection in the datacenter. Hence a solution is required that can run in a… Read More »
The most common use case implemented with vRealize Automation is classic Infrastructure-as-a-Service for VMs. vRealize Automation has the concept of a Deployment that can contain multiple objects incl. network, security and multiple VMs. Although this is the target architecture most of our customers are planning to reach, for many of them their first use case… Read More »
In one of my previous blogs, I explained how a network selection on blueprint request can be implemented: https://www.vrealize.it/2020/06/25/vrealize-automation-network-selection-in-request-form/ As always there’s multiple ways to achieve goals. The above-mentioned blog is using custom properties to realize the network selection. This has the general advantage that the process could be used for other selections as well… Read More »
Introduction If you have been following the blog posts on this site, we implemented NSX-T with Openshift 4.4 with NCP’s support for Openshift operators (see https://www.vrealize.it/2020/09/29/nsx-t-ncp-integration-with-openshift-4-4-the-easy-way). In the meantime, NCP 3.1.1 was released, which supports Openshift 4.6. Since 4.6 involves a new ignition format version, I took that opportunity to refresh this blog, to add… Read More »
Update: January 2021 update with current versions (Antrea v0.12.0 AKO 1.13 / Controller 20.1.3) This post shows how to integrate Antrea Container Networking with NSX Advanced Load Balancer (NSX ALB) using AVI Kubernetes Operator (AKO) This example shows integration of a single K8S cluster with NSX ALB. If you plan to integrate more than one… Read More »
vSphere with Tanzu automatically deploys an NSX-T based load balancer for its supervisor cluster control plane. The load balancer size is defined as MEDIUM and requires an EDGE node of large size which is defined with 8 vCPU and 32GB RAM. While the creation of a supervisor cluster does also work with a medium sized… Read More »
vRealize Automation 8/Cloud provides a comprehensive platform to offer service as part of a catalog experience. Users that have been assigned to projects and catalog items can select from the services available and request those accordingly. If new users want to get access to the platform typically an admin user must grant them permissions to… Read More »
This post is intended to show a very basic setup of VMware NSX Cloud to demonstrate the capability to enforce consistent microsegmentation policy for hybrid cloud environments. I will describe the setup of NSX Cloud and the operation of the Native Cloud Enforced Mode which relies on firewall functions delivered natively by AWS (or Azure).… Read More »
For a customer demo I needed a quick way to interconnect my on-premises environment with a AWS VPC without getting a AWS direct connect or the possibility to open the on-premises firewall for a NSX IPSEC tunnel. So I made it work with OpenVPN which just needs TCP Port 443 to be allowed on the… Read More »
Beforehand I would like to express my thanks to Sascha Warno for his help in configuring the Keycloak integration. vRealize Automation 8 is leveraging VMware Identity Manager for authentication of users. While in most environments Identity Manager is integrated with LDAP directory services like Microsoft Active Directory, it supports a wide variety of other identity… Read More »
Beforehand I would like to express my thanks to Ismail Yilmaz and Christian Liebner for their help in developing modules and verification of the solution. vRealize Automation 8.x and vRealize Automation Cloud do have integration with gitlab and github for source code management. As of today, this is only a one-way process to pull blueprints from the SCM system into vRA –… Read More »
Introduction In my previous post, we implemented NSX-T with Openshift 4 based without NCP’s support for Openshift operators (see https://www.vrealize.it/2020/07/15/nsx-t-ncp-integration-with-openshift-4-3-the-hard-way/). In the meantime, NCP 3.0.2 was released, which is implemented using an Openshift operator. The operator is also published on the Redhat Openshift Operator Hub (https://catalog.redhat.com/software/operators/detail/5ef0f362701a9cb8c147cf4b). That makes the installation way more simple, as you… Read More »
In this walktrough, I will explain how to use Antrea ClusterNetworkPolicy to isolate namespaces and individual pods within a Kubernetes Cluster.