Learning NSX-Part-3-Deploying NSX Controllers

Manish Jha

In last 2 posts of this series we understood what NSX is and how to install/configure NSX manager.

If you have missed earlier posts of this series, you can read them from below links:

1: Introduction to VMware NSX

2: Installing and Configuring NSX Manager

In this post we will be talking about NSX controllers. Before diving into lab, we will first discuss a little bit theory about NSX controllers and its importance.

NSX Controllers

NSX controllers are the control plane for NSX. They are deployed in a cluster arrangement, so as you deploy these, you can add more controllers for better performance and high availability so that if you loose one of em, you do not loose control functionality. These are important, if you loose enough of these, things stop working.

NSX controllers stores following tables:

1: MAC Table
2: ARP Table
3: VTEP Table

NSX controllers considerations:

1: Deployed in odd numbers

Controllers uses a cluster and uses a voting quorum.… Read More

Learning NSX-Part-2-Installing and Configuring NSX Manager

Manish Jha

In last post of this series we had a look into what NSX is and how it fits in a software defined datacenter. We also had a look on core NSX components and discussed in brief about them.

In this post we will be talking about basic installation and configuration options of NSX manager.

NSX manager provides a centralized management plane across your datacenter. It provides the management UI and API for NSX. NSX manager runs as a virtual appliance on an ESXi host and during installation it injects a plugin into the vSphere Web Client through which it can be managed.Each NSX Manager manages a single vCenter Server environment.

There are few prerequisites that must be met before proceeding with installation of NSX manager. These are as follows:

1: vSphere infrastructure should be ready. At least there should be 2 cluster.

2: NSX can be managed only via vSphere Web Client .… Read More

Learning NSX-Part-1-Introduction

Manish Jha

VMware NSX is the network virtualization and security platform that emerged from VMware after they acquired Nicira in 2012. This acquisition launched VMware into the software-defined networking (SDN)  and network functions virtualization (NFV) world.

VMware NSX® is a software networking and security virtualization platform that delivers the operational model of a virtual machine for the network. Virtual networks reproduce the Layer2 – Layer7 network model in software, allowing complex multi-tier network topologies to be created and provisioned programmatically in seconds, without the need for additional SoftLayer Private Networks. NSX also provides a new model for network security. Security profiles are distributed to and enforced by virtual ports and move with virtual machines.

With VMware NSX, virtualization now delivers for networking what it has already delivered for compute and storage. NSX can be configured through the vSphere Web Client, a command line interface (CLI), and REST API.

NSX includes a library of logical networking services – logical switches, logical routers, logical firewalls, logical load balancers, logical VPN, and distributed security.… Read More

Learning VSAN:Part-3- Storage Policies and VSAN

Manish Jha

In our last 2 posts of this series we discussed about VSAN Architecture and walked through steps needed to configure VSAN. If you have missed earlier posts of this series you can read them from here:

1: Overview and Architecture of VSAN

2: Installation and Configuration

In this post we will discuss Storage Policies and its role in a vSAN environment.

Storage policy based management and implementation is an important part of software defined storage and software defined datacenter. VMware vSAN is one of the most robust and most complete implementation of storage policy based management.

When you use Virtual SAN, you can define virtual machine storage requirements, such as performance and availability, in the form of a policy. The policy requirements are then pushed down to the Virtual SAN layer when a virtual machine is being created. The virtual disk is distributed across the Virtual SAN datastore to meet the requirements.… Read More

Learning VSAN:Part-2-Installation and Configuration

Manish Jha

In our last post Overview and Architecture of VSAN we learnt what vSAN is. Why one should use vSAN in their environment and what is the architecture of vSAN.

In this post we will look at how to install and configure VSAN in lab/production environment.

Note: I am using vSAN 6.X in my lab.

Installation Requirements:

VMware KB-2106708 list all the requirements for installing VSAN 6.X in a greater details. Here are the minimum requirements to build a VSAN Lab:

1: Minimum of 3 ESXi 6.0 host that will contribute to storage.

2:At least one SSD and one Hard Disk per host

3: VMkernel port configured for VSAN traffic

4: 1 GB network for small environment Lab/test (For Production VMware recommends 10GB)

vSAN uses Esxi hosts locally attached storage to create a clustered datastore. vSAN is a software feature which is built into the hypervisor (Esxi).

VSAN can be used in 2 mode: hybrid or all-flash.… Read More

Learning VSAN:Part-1-Overview and Architecture of VSAN

Manish Jha

This week a new program “VSAN vExpert” was launched for vExpert’s and I was all excited to be a part of the VSAN vexpert community. I was thinking about learning VSAN since a while but due to time constraints I was not able to do so. Launch of this vExpert program provided me an opportunity to finally test my hands on highly talked VSAN.

Lets begin with Introduction of VSAN and we will look into its architecture and will see why it is becoming so popular among administrators these days.

What is VMware VSAN?

VMware Virtual SAN (VSAN) is a hypervisor-converged storage solution for your vSphere environment. It was built to be extremely easy to use and administrator, high performance and expandable.

VMware Virtual SAN is a new software-defined storage tier for VMware vSphere, bringing the benefits of the software defined data center to storage. By clustering server hard disk and solid state drives (HDDs and SSDs), Virtual SAN creates a flash-optimized, highly resilient shared datastore designed for virtual environments.… Read More

Using Custom Certificates in vSphere Replication

Manish Jha

In this post we will be working on using a custom signed certificates (CA Signed) on vSphere Replication Appliance.

Unlike vCenter Server, there is no automated way of replacing the default certificates on VR appliance and all it needs a bit of manual effort. VMware has outlined the steps in the official KB-2080395 to do so.

Before performing these steps, make sure you have already replaced the default certificates on your vCenter Server.

vSphere Replication appliance ships with openssl and you can use this to generate the certificate signing requests for the vSphere Replication appliance

Perform following steps to replace the default certs with CA signed certs:

1: Create openssl config file

SSH to your VR appliance and create an configuration file for Replication Appliance. Contents of this file would look like as shown below. You need to change the fields marked in bold.

vrs01:~ # vi vrs01.cfg

[ req ]
default_bits = 2048
default_keyfile = rui.key… Read More

Replacing vSphere 6 Solution user certificates with CA signed certificates

Manish Jha

In our last post Replacing Esxi 6 SSL Certificates we learned how to replace Esxi host default certificates with CA signed certificates. In this post we will learn how to replace vSphere 6 solution user certificates with customer certificates signed by CA.

If you have missed earlier posts of this series, then you can read them from below links

1: Setup CA Server for vSphere Lab

2: Set Up Automatic Certificate Enrollment

3: Request Internal Certificate from CA Server

4: Everything You Should Know About Certificate Management in vSphere 6

5: Replacing vSphere 6 SSL Certificates

6: Replacing Esxi 6 SSL Certificates

Solution Users use SSL Certificates for internal communication and endpoint registration in vSphere 6. For vCenter with embedded PSC, there are four Solution User Certificates:

  • machine
  • vpxd
  • vpxd-extension
  • vsphere-webclient

We will be replacing certificates for all the solution user in this post.

Follow below steps to replace the solution user certificates:

1: Creating Certificate Signing Request

Launch the certificate manager utility

Press 5 to select “Replace solution user certificates with custom certificates”

Provide password of SSO account

Select option 1 “Generate Certificate signing Request(s) and key(s) for solution user certificates”

sol-1

Provide path to directory where you want to store the .csr… Read More

Replacing Esxi 6 SSL Certificates

Manish Jha

In our last post Replacing vSphere 6 SSL Certificates we learned how to replace Machine certificates and VMCA root certificates. In this post we will learn how to replace Esxi default ssl certificates with certificates signed by CA server.

If you have missed earlier posts of this series, then you can read them from below links

1: Setup CA Server for vSphere Lab

2: Set Up Automatic Certificate Enrollment

3: Request Internal Certificate from CA Server

4: Everything You Should Know About Certificate Management in vSphere 6

5: Replacing vSphere 6 SSL Certificates

ESXi host uses default certificates that are created during installation. These certificates are not verifiable and are not signed by a trusted certificate authority. If using default certificates do not fall under security policy of your organization, then you need the self-signed certificates from your CA server.

Note: ESXi hosts that are upgraded from vSphere 5.x to vSphere 6.0 will continue using their Certificate Authority signed certificates if they were replaced in the previous versions.… Read More

Replacing vSphere 6 SSL Certificates

Manish Jha

In our last post Certificate Management in vSphere 6 we had  a look on architecture of VMCA and what it do.

In this post I will walk through the steps needed to replace vSphere 6 SSL certificates.

In this post we will be covering following items:

  • Creating certificate templates for vSphere 6
  • Replacing Machine SSL certificates.
  • Replace VMCA Root certificate

If you have missed earlier posts of this series, then you can read them from below links

1: Setup CA Server for vSphere Lab

2: Set Up Automatic Certificate Enrollment

3: Request Internal Certificate from CA Server

4: Everything You Should Know About Certificate Management in vSphere 6

Lets the fun begin.

Create certificate templates

As per VMware KB Article 2112009 we need to create 2 certificate templates:

  • Machine SSL and Solution User certificates
  • Certificate template for VMCA as a Subordinate CA

To create the certificate templates, RDP to your Enterprise CA server  and click Start > Run, type certtmpl.msc,… Read More