VMware on AWS Quick Hits

vSphere plus SDDC Manager (VMware Cloud Foundation) plus NSX-V hosted on bare-metal at   AWS.

VMware manages hardware account and bills you (separate from any AWS account you have)

4 nodes to start – each 2 socket/36 core, 512GB RAM, 10.7TB storage (all flash)

Scales to 16 nodes currently

Just US (east and west regions) for now.

NSX-V with two IPSec VPN tunnels (one mgmt one compute) back to your data center (not required, but intended as hybrid)

Likes NSX on your DC but works with many hardware vendors for an IPSec endpoint.

One ESG, one DLR.

AWS services provided via direct connect (from compute Edge via a ENI) or internet connectivity.

Can connect to a AWS VPC Endpoint.

Includes routing table updates when connecting direct to AWS networks.

Gives a whole new meaning to “It’s not the cloud – it’s just someone else’s computer”

Posted in Cloud, Computing, Network, NSX, Security, Virtualization, VMware | Tagged , , , | Leave a comment

VMware AppDefense Quick Hits

Brought to you by the NSBU at VMware, home of NSX-V, NSX-T, VRNI.

Cloud-based with a local “proxy” (assuming local need).

Developer-focuses with tie-ins to development stream to track changes.

Supports Windows 2012, 2012R2, 2016 with *nix support coming.

Loads a “module” into the guest, which is protected in memory by the host

Watches a ton of “things” to determine proper operation and flags on improper

One “thing” : Creates hash of running executables and checks that hash periodically

Posted in Security, Virtualization, VMware | Tagged , | Leave a comment

VMware NSX-T Quick Hits

NSX-T(ransformers) is a multi-hypervisor (ESX/KVM) cousin of NSX-V.

Same SKU (if you own NSX-V 6.x, you own NSX-T 2.x).

One NSX-T Manager can have multiple vCenters as “Compute endpoints”

Standalone HTML5 client (not WebClient)

NSX-T Edges can be VMs or run on bare metal

Supports 8-way Edge ECMP but limited services on the Edge (vs V)

More/better BGP support/options/settings incl BFD

Uses Geneve instead of VXLAN for overlay due to extensible header

Protects cloud-native apps and container-level microsegmentation. The Google/Kubernetics project is protected by NSX-T

Posted in Network, NSX, Security, Virtualization, VMware | Tagged , , | Leave a comment

Migrate VMs between portgroups/virtual switches/vSS/vDS

I wrote this to help a client migrate to VXLAN from portgroups.

It pulls from a CSV file named c:\scripts\ImportPortGroups.csv which is structured:

VLAN,PortGroup,wire
123,dVLAN 123,192.168.123.0/24

and accepts the initial number (VLAN) as a commandline parameter such as:
changeportgroups 123

The CSV file needs: identifier, portgroup name, virtual switch name

If you don’t enter a initial parameter it will remind you and exit.

Entering an initial parameter, the script grabs the line from the CSV where the first value matches your input.

It will then:
Pull the PG and VS from vcenter and verify that is what you are looking to work with.
Pull the number of VMs on the PG and VS and display and ask which way the move should go (all to VS or all to PG)
Migrate the VMs and display the # of VMs on the PG and VS.

You can get the script here.

FYI the one-liner version of the script is:

get-vm | get-networkadapter |where {$_.networkname -eq “OldPortGroup”} | set-networkadapter -networkname “NewPortGroup” -Confirm:$false

Posted in NSX, PowerShell, Scripting, Virtualization, VMware | Tagged , , , | Leave a comment

VMware Cloud Foundation Quick Hits

VMware Cloud Foundation consists of VMware vSphere, vSAN, NSX and “SDDC Manager”.

SDDC Manager will manage the lifecycle of the different components of VCF and can also manage the lifecycle of “add-ons” like VMware Horizon, VMware vRealize Suite, vRealize Operations and vRealize Log Insight.

Licensing is per-CPU but you’ll need to contact your reseller about how to buy it as while you can’t buy “SDDC manager” on its own you can reuse existing licenses for VCF – and vCenter isn’t included in VCF.

You can buy VCF pre-installed on VxRack or just buy vSAN Ready hardware and roll your own. You’ll want to check your switches against the VCF HCL also.

Who should buy VCF: anyone who wants vSphere/vSAN/NSX but doesn’t want to install the components themselves or manage patching them.

Posted in Cloud, Virtualization, VMware | Tagged , , | Leave a comment

Free NSX books from VMware

VMware NSX Micro-segmentation: Day 1 Guide

VMware NSX Micro-segmentation: Day 2 Guide

VMware Operationalizing NSX

Automating NSX for vSphere with PowerNSX

Posted in Network, Scripting, Security, Virtualization, VMware | Tagged , | 1 Comment

VMware badges – 2017 edition (vROps / vSAN)

[Edit: Added time/#Qs to vSAN after someone tried it and responded to me]

VMware certification has announced a series of “badges” that existing VCPs can add to demonstrate knowledge in either vROps or vSAN.

vSAN was announced last week

Right now the portal claims the exams are only available during VMworld US (Aug 27-29). My guess would be the price will go up after VMworld with a new date range.

Key points:
VCP required
$250 for vSAN or $125 at VMworld
$125 for vROps until 8/29 then ??

  • (note: I was told vROps has a 40% discount for the next few months, but that is not reflected at checkout, so YMMV)

at a Pearson center for vSAN
online for vROps

vSAN time: 110min plus 30min time extension for ESL.
vSAN quesitons: 60

vROps: The number of questions and time allowed are not currently posted. if anyone pays the $125 and finds out please let me know!

Note that vSAN claims a “high score” is required to pass but generally

Prep Guides (with sample questions and outline)
VMware vRealize Operations 2017 Specialist

VMware vSAN 2017 Specialist

If you are interested in taking an exam just as expensive and time consuming as a VCP that only counts as a “badge” let me know in the comments.

Posted in Certification, Virtualization, VMware | Tagged | 2 Comments