tag:blogger.com,1999:blog-73018264636723502992024-03-09T01:48:21.748+05:30VirtualvmxSachin Bhardwajhttp://www.blogger.com/profile/00246998315096670256noreply@blogger.comBlogger74125tag:blogger.com,1999:blog-7301826463672350299.post-64066967788107678812023-12-03T11:14:00.017+05:302023-12-03T11:42:07.671+05:30VMware Skyline<p class="MsoNormal" style="line-height: normal; mso-margin-bottom-alt: auto; mso-margin-top-alt: auto; text-align: justify;"><span style="font-family: inherit;"><span style="font-size: 12pt;">VMware Skyline is a SaaS product
offering from VMware. It </span><span style="background: white; color: #1f1f1f; font-size: 12pt;">offers significant benefits for
your IT operations.</span></span></p><p class="MsoNormal" style="line-height: normal; mso-margin-bottom-alt: auto; mso-margin-top-alt: auto; text-align: justify;"><span style="font-family: inherit;"><span style="background: white; color: #1f1f1f; font-size: 12pt;"><br /></span></span></p><p class="MsoNormal" style="line-height: normal; mso-margin-bottom-alt: auto; mso-margin-top-alt: auto; text-align: justify;"><span style="font-size: 12pt;"><span style="font-family: inherit;">This offering has unplugged most of the
challenges in day 2 operations and this is a revolutionary add-on for VMware
engineers or Sysadmins.<o:p></o:p></span></span></p><p class="MsoNormal" style="line-height: normal; mso-margin-bottom-alt: auto; mso-margin-top-alt: auto; text-align: justify;"><span style="font-family: inherit;"><span style="font-size: 12pt;">VMware Skyline is based on AI/ML
terminology which proactively supports helping identify the </span><span style="background: white; color: #1f1f1f; font-size: 12pt;">anomalies, optimize
configurations</span><span style="font-size: 12pt;"> or any coming impact to make the stability in VMware environment.<o:p></o:p></span></span></p><p class="MsoNormal" style="line-height: normal; mso-margin-bottom-alt: auto; mso-margin-top-alt: auto; text-align: justify;"><span style="font-size: 12pt;"><span style="font-family: inherit;"><span style="font-family: inherit;">Also, its "LogAssist" feature
is fabulous which assists in automating the logs shipment to the VMware portal
during raising service requests with their support team. This SaaS product
comes free for every VMware customer who has having valid support contract (
Production and Premier support).</span><o:p></o:p></span></span></p><p class="MsoNormal" style="line-height: normal; mso-margin-bottom-alt: auto; mso-margin-top-alt: auto; text-align: justify;"><span style="font-size: 12pt;"><span style="font-family: inherit;"> </span></span></p><div class="separator" style="clear: both; text-align: center;"><span style="font-family: inherit;"><a href="https://blogger.googleusercontent.com/img/a/AVvXsEgYsbGsk7nSxtId7hQOrdxcAth-bFjMFhK-1DP7KNfyq8qVkipJp2yrL6cVTeMINmoe68VDoEQMN_cJLMrM_TW-E5-d8-HUIgPp9_5FWlPtYn9qIypX3RQSi86F-rFgWn_fNEs7Cf8Ef7TGrUk6Rm5Jm7Ns6zOf7RTiupsxsrD8zmxPESn22lW6FjhHc-w" style="margin-left: 1em; margin-right: 1em;"><img data-original-height="255" data-original-width="359" height="238" src="https://blogger.googleusercontent.com/img/a/AVvXsEgYsbGsk7nSxtId7hQOrdxcAth-bFjMFhK-1DP7KNfyq8qVkipJp2yrL6cVTeMINmoe68VDoEQMN_cJLMrM_TW-E5-d8-HUIgPp9_5FWlPtYn9qIypX3RQSi86F-rFgWn_fNEs7Cf8Ef7TGrUk6Rm5Jm7Ns6zOf7RTiupsxsrD8zmxPESn22lW6FjhHc-w=w335-h238" width="335" /></a></span></div><span style="font-family: inherit;"><br /><o:p></o:p></span><p></p><p align="center" class="MsoNormal" style="line-height: normal; margin-bottom: 0cm; text-align: center;"><span style="font-family: inherit;"><br /></span></p><p class="MsoNormal" style="line-height: normal; margin-bottom: 0cm;"><span style="font-family: inherit;"><span style="font-size: 12pt;"><u style="font-family: inherit; text-align: justify;"><span style="font-size: 16pt;">Features of VMware
Skyline</span></u></span></span></p><p class="MsoNormal" style="background: white; line-height: normal; margin-bottom: 3.0pt; margin-left: 0cm; margin-right: 0cm; margin-top: 3.0pt; margin: 3pt 0cm; mso-outline-level: 4; text-align: justify;"><span style="font-family: inherit;"><span style="color: #1f1f1f; font-size: 12pt;">VMware Skyline : Enhanced Visibility and Proactive Solutions for Your
IT Environment</span><b><span style="font-size: 12pt;"><o:p></o:p></span></b></span></p><ul type="disc">
<li class="MsoNormal" style="background: white; color: #1f1f1f; line-height: normal; margin-bottom: 7.5pt; mso-list: l0 level1 lfo1; mso-margin-top-alt: auto; mso-outline-level: 4; tab-stops: list 36.0pt; text-align: justify;"><span style="font-size: 12pt;"><span style="font-family: inherit;"><b>Rapid Response</b>: No more
waiting 48+ hours for notifications! Skyline Pro delivers insights
within 4 hours, empowering you to swiftly address issues before they
escalate.<b><o:p></o:p></b></span></span></li>
<li class="MsoNormal" style="background: white; color: #1f1f1f; line-height: normal; margin-bottom: 7.5pt; mso-list: l0 level1 lfo1; mso-margin-top-alt: auto; mso-outline-level: 4; tab-stops: list 36.0pt; text-align: justify;"><span style="font-size: 12pt;"><span style="font-family: inherit;"><b>Proactive Prevention:</b> Gain granular visibility across your entire global
environment. Automated analysis of
configurations, upgrades, and trends provides predictive
recommendations, allowing you to pre-empt problems.<b><o:p></o:p></b></span></span></li>
<li class="MsoNormal" style="background: white; color: #1f1f1f; line-height: normal; margin-bottom: 7.5pt; mso-list: l0 level1 lfo1; mso-margin-top-alt: auto; mso-outline-level: 4; tab-stops: list 36.0pt; text-align: justify;"><span style="font-size: 12pt;"><span style="font-family: inherit;"><b>Faster Support
Resolution:</b> Say goodbye to manual log file uploads and reactive
support responses. </span></span></li>
<li class="MsoNormal" style="background: white; color: #1f1f1f; line-height: normal; margin-bottom: 7.5pt; mso-list: l0 level1 lfo1; mso-margin-top-alt: auto; mso-outline-level: 4; tab-stops: list 36.0pt; text-align: justify;"><span style="font-size: 12pt;"><span style="font-family: inherit;"><b>Boosted Security, and Reliability:</b> Proactive detection and remediation
guidance keep your environment in optimal shape, minimizing security
risks and downtime.<b><o:p></o:p></b></span></span></li>
<li class="MsoNormal" style="background: white; color: #1f1f1f; line-height: normal; margin-bottom: 7.5pt; mso-list: l0 level1 lfo1; mso-margin-top-alt: auto; mso-outline-level: 4; tab-stops: list 36.0pt; text-align: justify;"><span style="font-size: 12pt;"><span style="font-family: inherit;"><b>Seamless
Integration:</b> Skyline comes bundled with vRealize Cloud Universal
and on-premises Production and Premier Support, offering a
comprehensive solution without additional overhead.<b><o:p></o:p></b></span></span></li>
</ul><p class="MsoNormal" style="background: white; line-height: normal; mso-margin-bottom-alt: auto; mso-margin-top-alt: auto; mso-outline-level: 3; text-align: justify;"><span style="font-family: inherit;"><span style="font-size: 12pt;"> </span><b><span style="font-size: 16pt;"><o:p></o:p></span></b></span></p><p class="MsoNormal" style="background: white; line-height: normal; mso-margin-bottom-alt: auto; mso-margin-top-alt: auto; mso-outline-level: 3; text-align: justify;"><span style="font-family: inherit;"><u><span style="color: #1f1f1f; font-size: 16pt;">Skyline Advisor:
Your One-Stop Shop for Multi-Product Visibility and Insights</span></u><b><span style="font-size: 16pt;"><o:p></o:p></span></b></span></p><p class="MsoNormal" style="line-height: normal; margin-bottom: 0cm; mso-margin-top-alt: auto; mso-outline-level: 4; text-align: justify;"><span style="font-family: inherit;"><span style="background: white; color: #1f1f1f; font-size: 12pt;">Skyline Advisor
isn't just for vSphere anymore! This powerful tool extends its reach across
VMware products. Here's what one can manage with Skyline Advisor :</span><b><span style="font-size: 12pt;"><o:p></o:p></span></b></span></p><ul type="disc">
<li class="MsoNormal" style="background: white; color: #1f1f1f; line-height: normal; margin-bottom: 7.5pt; mso-list: l1 level1 lfo2; mso-margin-top-alt: auto; mso-outline-level: 4; tab-stops: list 36.0pt; text-align: justify;"><span style="font-size: 12pt;"><span style="font-family: inherit;"><b>vSphere: </b>Keep your core virtualization platform running with proactive health checks, performance optimizations and security recommendations. </span></span>This requires read-only access on the Skyline collector as an endpoint.</li>
<li class="MsoNormal" style="background: white; color: #1f1f1f; line-height: normal; margin-bottom: 7.5pt; mso-list: l1 level1 lfo2; mso-margin-top-alt: auto; mso-outline-level: 4; tab-stops: list 36.0pt; text-align: justify;"><span style="font-size: 12pt;"><span style="font-family: inherit;"><b>vSAN:</b> Ensure your
storage infrastructure is rock-solid with automated analysis of cluster
health, capacity optimization, and proactive issue detection.<b><o:p></o:p></b></span></span></li>
<li class="MsoNormal" style="background: white; color: #1f1f1f; line-height: normal; margin-bottom: 7.5pt; mso-list: l1 level1 lfo2; mso-margin-top-alt: auto; mso-outline-level: 4; tab-stops: list 36.0pt; text-align: justify;"><span style="font-size: 12pt;"><span style="font-family: inherit;"><b>NSX-T/NSX:</b> Unify your
network visibility and gain deep insights into NSX/ NSX-T
deployments. Proactively identify network anomalies, optimize
configurations, and bolster security. <b><o:p></o:p></b></span></span>This requires auditor/admin access on Skyline collector as an endpoint.</li>
<li class="MsoNormal" style="background: white; color: #1f1f1f; line-height: normal; margin-bottom: 7.5pt; mso-list: l1 level1 lfo2; mso-margin-top-alt: auto; mso-outline-level: 4; tab-stops: list 36.0pt; text-align: justify;"><span style="font-size: 12pt;"><span style="font-family: inherit;"><b>vRealize Operations/Aria
Operations:</b> Take your monitoring and analytics to the next
level. Skyline Advisor integrates seamlessly with vROps to provide
even deeper insights and automated recommendations across your entire
hybrid cloud environment. <b><o:p></o:p></b></span></span>This requires read-only access on the Skyline collector as an endpoint.</li>
<li class="MsoNormal" style="background: white; color: #1f1f1f; line-height: normal; margin-bottom: 7.5pt; mso-list: l1 level1 lfo2; mso-margin-top-alt: auto; mso-outline-level: 4; tab-stops: list 36.0pt; text-align: justify;"><span style="font-size: 12pt;"><span style="font-family: inherit;"><b>vRealize Automation/ Area
Automation:</b> Streamline your automation workflows and infrastructure
provisioning with proactive guidance from Skyline Advisor. Identify
potential bottlenecks and configuration issues before they impact
deployments. <b><o:p></o:p></b></span></span>This requires read-only access on the Skyline collector as an endpoint.</li>
<li class="MsoNormal" style="background: white; color: #1f1f1f; line-height: normal; margin-bottom: 7.5pt; mso-list: l1 level1 lfo2; mso-margin-top-alt: auto; mso-outline-level: 4; tab-stops: list 36.0pt; text-align: justify;"><span style="font-size: 12pt;"><span style="font-family: inherit;"><b>Horizon:</b> Deliver a
seamless and secure virtual desktop experience. Skyline Advisor Pro
monitors Horizon deployments, identifies potential issues, and
recommends proactive steps to optimize performance and security. <b><o:p></o:p></b></span></span>This requires read-only access on the Skyline collector as an endpoint.</li>
<li class="MsoNormal" style="background: white; color: #1f1f1f; line-height: normal; margin-bottom: 7.5pt; mso-list: l1 level1 lfo2; mso-margin-top-alt: auto; mso-outline-level: 4; tab-stops: list 36.0pt; text-align: justify;"><span style="font-size: 12pt;"><span style="font-family: inherit;"><b>VMware Cloud
Foundation:</b> Gain end-to-end visibility and insights into your
multi-cloud and on-premises deployments with Cloud Foundation. <b><o:p></o:p></b></span></span>This requires read-only access on the Skyline collector as an endpoint. However, LogAssist feature is still not available for this product.</li>
</ul><p class="MsoNormal" style="line-height: normal; mso-margin-bottom-alt: auto; mso-margin-top-alt: auto; mso-outline-level: 4; text-align: justify;"><span style="font-size: 12pt;"><span style="font-family: inherit;"> <b><o:p></o:p></b></span></span></p><p style="text-align: justify;">
</p><p class="MsoNormal"><span style="font-size: 12pt; line-height: 107%;"><span style="font-family: inherit;"> </span></span></p><p>
</p><p class="MsoNormal"><br /></p>Sachin Bhardwajhttp://www.blogger.com/profile/00246998315096670256noreply@blogger.com0tag:blogger.com,1999:blog-7301826463672350299.post-65824752574850414962023-11-21T12:42:00.032+05:302023-11-22T09:44:47.925+05:30Quick view on NSX Multi-Tenancy<p> NSX-T brings an evaluation into SDN space whether it's networking, security or even monitoring the environment.</p><p>During its long journey starting from acquiring this product from Nicira Network by VMware to date, we have seen several enhancements evolving into this product.</p><p>From NSX-V to NSX-T and now rebranded to NSX starting from version 4. x this product is all set on the customer expectation whether it's a startup or a multi-billion Fortune 500 organization.</p><p>In this article, we will discuss one of NSX new offerings in NSX ver 4.1 which is NSX Project or multi-site tenancy.</p><p>Before starting into this let's draft a hypothetical or fictitious scenario...</p><p>In an organization called Virtualvmx, there were 3 tenancies:</p><p></p><ul style="text-align: left;"><li>Alpha</li><li>Beta</li><li>Gama</li></ul><div>All the above 3 tenants have some compliance guidelines for their organization where one tenant should not expose its networking component inside NSX with other tenants like Layer 2 networking which includes segment, security policies, T1 routers and so on.</div><div><br /></div><div>Before NSX 4.1..x we had no such capabilities as all tendencies were exposed to each other with their networking components like segments, T1, DFW policies, segment profiles, etc.</div><div><br /></div><div>Starting from NSX 4.1.x we can accomplish this requirement with the offering of NSX Project.</div><div><br /></div><div>Using NSX Project one can isolate all its securing networking components from one tenant to another in a single NSX Deployment.</div><div><br /></div><div>In NSX 4.1.x we can have multi-tenancy created for all 3 tenancies under NSX Project to accomplish the isolation of networking & security for individual tenancy.</div><div><br /></div><div>Under multi-tenancy, each tenant can isolate their L2 networking with other tenants. However, L3 networking which includes T0 routers (Edge nodes) going to be shared with other tenants or could be dedicated to individual tenancy as per requirement.</div><div><br /></div><div>Once you start creating projects inside NSX for individual tenancy, at that stage there will be 2 views on NSX which are:</div><div><br /></div><div><ul style="text-align: left;"><li>Default view.</li><li>Project view.</li></ul><h3 style="text-align: left;"><br />Default view:</h3></div><div><br /></div><div>This is the section that is governed by NSX Enterprise administrator or other security role which is generally not assigned to individual tenancy.</div><div><br /></div><div>In this view, the Enterprise administrator has the ability to modify T0 routers, Edge nodes, transport zones, and so on. In a nutshell, Default space is that space that is not assigned to any project.</div><div><br /></div><div>The below picture shows the view of the default section.</div><div>In this view, the Enterprise administrator has the full privilege to add/remove or modify any L2 or L3 components inside NSX deployment.</div><div><br /></div><div><div class="separator" style="clear: both; text-align: center;"><a href="https://blogger.googleusercontent.com/img/a/AVvXsEiORAMN6zFRutAM2JIOwZOFeDK0t91hx5WGcgkshPV_ZgeAarK99RrgtraJ8qa3UkIvBfBb5N-PXwC2llgUIoTvcgFmKqPR4Z0tncNuLRv-7L5w_pgLn5SKds14WQUtcavf5xkoZwK7XNSL4Yv8F_a_gKrE-TxIz7QoHXAcX6pifnoItt3GZThmT2I3Ci0" style="margin-left: 1em; margin-right: 1em;"><img data-original-height="93" data-original-width="630" height="94" src="https://blogger.googleusercontent.com/img/a/AVvXsEiORAMN6zFRutAM2JIOwZOFeDK0t91hx5WGcgkshPV_ZgeAarK99RrgtraJ8qa3UkIvBfBb5N-PXwC2llgUIoTvcgFmKqPR4Z0tncNuLRv-7L5w_pgLn5SKds14WQUtcavf5xkoZwK7XNSL4Yv8F_a_gKrE-TxIz7QoHXAcX6pifnoItt3GZThmT2I3Ci0=w640-h94" title="NSX Project view" width="640" /></a></div><br /><h4 style="text-align: left;">Default View in NSX Manager</h4></div><div><div class="separator" style="clear: both; text-align: center;"><a href="https://blogger.googleusercontent.com/img/a/AVvXsEgzQouAzHVdjWoR4ZBATIUze8b6-iXwa6prtuSa7LhqFy4Jw61Olurp0YRGq7JkRoTbDgZJRyJXAq05kc1Nb36mTrgmNq9Upu3cSvKwCSfCHXgDX_4AISZ7cx4oc-Z4hiSp3y5UKNX8hRh93AOUJVzBaAPsAKjH2U86cbnMKi8iWw9pL21uH0GgKLq-YfA" style="margin-left: 1em; margin-right: 1em;"><img data-original-height="502" data-original-width="1083" height="296" src="https://blogger.googleusercontent.com/img/a/AVvXsEgzQouAzHVdjWoR4ZBATIUze8b6-iXwa6prtuSa7LhqFy4Jw61Olurp0YRGq7JkRoTbDgZJRyJXAq05kc1Nb36mTrgmNq9Upu3cSvKwCSfCHXgDX_4AISZ7cx4oc-Z4hiSp3y5UKNX8hRh93AOUJVzBaAPsAKjH2U86cbnMKi8iWw9pL21uH0GgKLq-YfA=w640-h296" width="640" /></a></div> </div><div>Now, From the Default view you can create multiple projects as mentioned below:</div><div><br /><div class="separator" style="clear: both; text-align: center;"><a href="https://blogger.googleusercontent.com/img/a/AVvXsEg6Ko9UQ72EfDs4rim_Zkz-5ihRWZsR2l5yGJLNc-oBpKnFUnyWBqiIAlpo0FJtfsq532bmq3fCdSZ3jANambL-ttRvA7zF5R1G48neZz8RJEhJcP-jp3tu861ANJ9o179e6FZiFQq9N-HuBljObLGfV-e6DgKgAJxqL0GXxlPX0OTDH0aRGEigzP7ia6A" style="margin-left: 1em; margin-right: 1em;"><img data-original-height="254" data-original-width="1041" height="156" src="https://blogger.googleusercontent.com/img/a/AVvXsEg6Ko9UQ72EfDs4rim_Zkz-5ihRWZsR2l5yGJLNc-oBpKnFUnyWBqiIAlpo0FJtfsq532bmq3fCdSZ3jANambL-ttRvA7zF5R1G48neZz8RJEhJcP-jp3tu861ANJ9o179e6FZiFQq9N-HuBljObLGfV-e6DgKgAJxqL0GXxlPX0OTDH0aRGEigzP7ia6A=w640-h156" width="640" /></a></div></div><div class="separator" style="clear: both; text-align: center;"><br /></div><div class="separator" style="clear: both; text-align: left;">To create a new project. Go to > Manage Projects.</div><div class="separator" style="clear: both; text-align: left;">Also, you have to assign RBAC policies to the project which is associated with the project.</div><div class="separator" style="clear: both; text-align: left;"><br /></div><div class="separator" style="clear: both; text-align: left;">Here you could associate the shared T0 gateway/ Edge Cluster used by other projects or you can decide dedicated T0 for individual projects.</div><div class="separator" style="clear: both; text-align: center;"><br /></div><div><div class="separator" style="clear: both; text-align: center;"><a href="https://blogger.googleusercontent.com/img/a/AVvXsEjf9ZHnA66B1pRHasDA-vTHE_08a99yGG8yIiU-gr9iBq_8XaMeDPJycGp-c01Tg6lDiT_X_w3DjidZ7Nwy2_tEy1h2tbrBrQe-GgknpaRQieN0nwljYjjqHq5789q7klm8iJ5333EnG-tvetgfPcAen0UUNSGRe4J2ttnyVG_BgMZcpeHh74OKwtklywg" style="margin-left: 1em; margin-right: 1em;"><img data-original-height="669" data-original-width="1057" height="406" src="https://blogger.googleusercontent.com/img/a/AVvXsEjf9ZHnA66B1pRHasDA-vTHE_08a99yGG8yIiU-gr9iBq_8XaMeDPJycGp-c01Tg6lDiT_X_w3DjidZ7Nwy2_tEy1h2tbrBrQe-GgknpaRQieN0nwljYjjqHq5789q7klm8iJ5333EnG-tvetgfPcAen0UUNSGRe4J2ttnyVG_BgMZcpeHh74OKwtklywg=w640-h406" width="640" /></a></div>In this scenario, we have created 2 projects. <u>Alpha & Beta. </u> Both the projects are assigned to individual users through RBAC policy and assigned with a Project Admin role.</div><div><br /></div><div><div class="separator" style="clear: both; text-align: center;"><a href="https://blogger.googleusercontent.com/img/a/AVvXsEhEM139FclCb84mPIgXDwL50QvgSCxZZPfnt0Yrn4QNM5_MlxTKOKXjHu8GxI2sGS2Mqi75EN-0aMrFi3MJWFpMEdrVbAy61BANf8T8z_72YN4wFBhwAI4OrMeQjUAAxA_cCaTbQhs1rQDeT72-KipLK5ZRa1nHPcVlFhohinqgv5HIYWeMEVy6igumHLM" style="margin-left: 1em; margin-right: 1em;"><img data-original-height="416" data-original-width="1008" height="264" src="https://blogger.googleusercontent.com/img/a/AVvXsEhEM139FclCb84mPIgXDwL50QvgSCxZZPfnt0Yrn4QNM5_MlxTKOKXjHu8GxI2sGS2Mqi75EN-0aMrFi3MJWFpMEdrVbAy61BANf8T8z_72YN4wFBhwAI4OrMeQjUAAxA_cCaTbQhs1rQDeT72-KipLK5ZRa1nHPcVlFhohinqgv5HIYWeMEVy6igumHLM=w640-h264" width="640" /></a></div><div class="separator" style="clear: both; text-align: center;"><div class="separator" style="clear: both; text-align: center;"><a href="https://blogger.googleusercontent.com/img/a/AVvXsEiPZoJT2ApjzzIfQBQfJsDnwiHlR_VTex3pKp0LRmqSkiZxr71pjjSrRK3AzyeWzdO9dGwaQVcL408fdUOdbLRo_E8M99WTlibZ4sjyTw8p1wErc3BL-92eWcoJ3s-nACZTvNiCuIgykrrzvZX34BOiPFxj_0297KJVG_QqvkTCciWZR4X078OrS-y6rwM" style="margin-left: 1em; margin-right: 1em;"><img data-original-height="386" data-original-width="1040" height="238" src="https://blogger.googleusercontent.com/img/a/AVvXsEiPZoJT2ApjzzIfQBQfJsDnwiHlR_VTex3pKp0LRmqSkiZxr71pjjSrRK3AzyeWzdO9dGwaQVcL408fdUOdbLRo_E8M99WTlibZ4sjyTw8p1wErc3BL-92eWcoJ3s-nACZTvNiCuIgykrrzvZX34BOiPFxj_0297KJVG_QqvkTCciWZR4X078OrS-y6rwM=w640-h238" width="640" /></a></div><br /></div><h3 style="clear: both; text-align: left;">Project View</h3><div class="separator" style="clear: both; text-align: left;">Now we will try to log in with the newly created user " Beta" which we have assigned to Beta users giving project admin role.</div><div class="separator" style="clear: both; text-align: left;"><br /></div><div class="separator" style="clear: both; text-align: left;">Here when we log in on NSX using Beta project credentials, only the project-specific view is displayed. as shown in the below screenshot. Observe that the "<u>System</u>" tab is not visible to the Project Admin as that functionality of managing entities under "System" is privileged to Enterprise admin only.</div><div class="separator" style="clear: both; text-align: left;"><br /></div><div class="separator" style="clear: both; text-align: left;"><div class="separator" style="clear: both; text-align: center;"><a href="https://blogger.googleusercontent.com/img/a/AVvXsEjw6zoRN6BDypKDzKffUVHX2UFvaG9Qsi7js9AI8GPBBSRkoZqPxMRQCMx-sGNgizhA9CjCcnBDsN8hfh4rvRH7NCh69JGK_q9kY4xhTNN4yCJAZIcUZ_geEKJ4JiN1JXs-5oFsxsZ6Ab_rg0KPMZnBz0iOyWQaO9Ce1fZM5EjeVecJzs9OHjImE-V-_cM" style="margin-left: 1em; margin-right: 1em;"><img data-original-height="549" data-original-width="1475" height="238" src="https://blogger.googleusercontent.com/img/a/AVvXsEjw6zoRN6BDypKDzKffUVHX2UFvaG9Qsi7js9AI8GPBBSRkoZqPxMRQCMx-sGNgizhA9CjCcnBDsN8hfh4rvRH7NCh69JGK_q9kY4xhTNN4yCJAZIcUZ_geEKJ4JiN1JXs-5oFsxsZ6Ab_rg0KPMZnBz0iOyWQaO9Ce1fZM5EjeVecJzs9OHjImE-V-_cM=w640-h238" width="640" /></a></div><br />At present in the current version, NSX Project only supports 1 edge cluster configured on the "default" overlay-transport zone. Custom transport zone is currently not supported. </div></div><div><br /></div><div>Having said that, compute and edge transport nodes going to be configured with the transport node name "nsx-overlay-transportzone" which is the default in NSX.</div><div><br /></div><div><br /></div><div>The above described is just a <i>30,000-foot view</i> of the NSX Project. In a nutshell, this can be opted by those who use single NSX deployment being shared with multiple tenancies where they want to isolate networking & security elements from one tenant to another.</div><div><div class="separator" style="clear: both; text-align: left;"><br /></div><div class="separator" style="clear: both; text-align: left;"><br /></div><br /><br /></div><div><br /></div><div><br /></div><div><br /></div><div><br /></div><div><br /></div><div><br /></div><div><br /></div><div><br /></div><div><br /></div><div><br /></div><div><br /></div><div><br /></div><div><br /></div><div><br /></div><div><br /></div><div><br /></div><div><br /></div><div><br /></div><div><br /></div><p></p><p><br /></p><p><br /></p><p><br /></p><p><br /></p><p><br /></p><p><br /></p><p><br /></p>Sachin Bhardwajhttp://www.blogger.com/profile/00246998315096670256noreply@blogger.com0tag:blogger.com,1999:blog-7301826463672350299.post-86582894516631293902023-06-15T15:51:00.003+05:302023-06-15T21:57:58.202+05:30Introducing VMware vSAN 8.0: New Features and Enhancements Unveiled<h3 style="text-align: left;"> Introduction:</h3><p style="text-align: justify;">VMware vSAN 8.0 brings forth a range of exciting features and enhancements, aiming to revolutionize storage architecture and elevate performance. </p><p style="text-align: justify;">Let's explore the key highlights of this major release and discover how it improves scalability, usability, and overall efficiency.</p><p style="text-align: justify;"></p><div class="separator" style="clear: both; text-align: center;"><a href="https://blogger.googleusercontent.com/img/a/AVvXsEgGlza5coYMpp4-xBJNcsAkaDuImmfyulxqZlZH-INNMPqWM0beSEx8_4sX57T5KiSV8mFULM-YBCnUkvLEBwfa885gkKJq4EesaSsUgtQ3LsAMpY4fLchqJPrgL1y_UBRJPUy6pFPFVmqpY7ECunodnZWSNng25nSQya0wdORW5v1mKPTUHJmnfr4b" style="margin-left: 1em; margin-right: 1em;"><img data-original-height="480" data-original-width="838" height="364" src="https://blogger.googleusercontent.com/img/a/AVvXsEgGlza5coYMpp4-xBJNcsAkaDuImmfyulxqZlZH-INNMPqWM0beSEx8_4sX57T5KiSV8mFULM-YBCnUkvLEBwfa885gkKJq4EesaSsUgtQ3LsAMpY4fLchqJPrgL1y_UBRJPUy6pFPFVmqpY7ECunodnZWSNng25nSQya0wdORW5v1mKPTUHJmnfr4b=w634-h364" width="634" /></a></div><br /><br /><p></p><h4 style="text-align: justify;">1) vSAN Express Storage Architecture (ESA):</h4><p></p><p style="text-align: justify;">VMware introduces vSAN Express Storage Architecture (ESA) as an alternative to the original storage architecture (OSA). ESA presents a cost-effective and scalable solution specifically designed for edge and remote deployments. </p><p style="text-align: justify;">It employs a streamlined, single-tier architecture, where all devices contribute to storage capacity. This eliminates the need for disk groups with caching devices, simplifying deployment and reducing costs.</p><h4 style="text-align: justify;">2)Native Snapshots with Minimal Performance Impact:</h4><p></p><p style="text-align: justify;">vSAN ESA now offers native snapshots that have minimal impact on virtual machine (VM) performance, even with deep snapshot chains. These snapshots seamlessly integrate with existing backup applications utilizing VMware VADP, ensuring smooth and efficient data protection.</p><h4 style="text-align: justify;">3) Enhanced Compression Capabilities:</h4><p></p><p style="text-align: justify;">vSAN ESA introduces improved compression capabilities, delivering up to four times better compression. The compression process occurs prior to data transmission across the vSAN network, resulting in enhanced bandwidth utilization and optimized storage efficiency.</p><h4 style="text-align: justify;">4) Expanded Usable Storage Potential:</h4><p></p><p style="text-align: justify;">By leveraging the single-tier architecture, vSAN ESA eliminates the necessity for disk groups with caching devices. This design shift can boost usable storage capacity by up to 20%, providing greater flexibility and resource utilization.</p><h4 style="text-align: justify;">5) HCI Mesh Support for 10 Client Clusters:</h4><p></p><p style="text-align: justify;">vSAN 8.0 extends support for HCI Mesh by enabling the sharing of a storage server cluster with up to 10 client clusters. This advancement simplifies deployment and management of large-scale vSAN infrastructures, promoting efficiency and ease of use.</p><h4 style="text-align: left;"><div style="text-align: justify;"><br /></div><div style="text-align: justify;">Additional Performance and Usability Enhancements:</div></h4><p></p><ul style="text-align: left;"><li style="text-align: justify;">Improved performance for sequential writes on vSAN ESA.</li><li style="text-align: justify;">Optimized I/O processing for single VMDK/objects on vSAN ESA.</li><li style="text-align: justify;">Enhanced durability in maintenance mode scenarios on vSAN ESA.</li><li style="text-align: justify;">Increased administrative storage capacity on vSAN datastores using customizable namespace objects.</li><li><div style="text-align: justify;">Witness appliance certification for vSAN 8.0 Update 1</div><div style="text-align: justify;"><br /></div></li></ul><p></p><p style="text-align: justify;">"VMware vSAN 8.0 represents a significant milestone, introducing a host of features and enhancements that enhance performance, scalability, and usability. With its innovative vSAN Express Storage Architecture, native snapshots, improved compression, expanded storage potential, and HCI Mesh support, vSAN 8.0 empowers organizations to leverage cutting-edge technology for their storage needs. Upgrade to vSAN 8.0 to unlock the full potential of your virtualized infrastructure."</p>Sachin Bhardwajhttp://www.blogger.com/profile/00246998315096670256noreply@blogger.com0tag:blogger.com,1999:blog-7301826463672350299.post-59838812043756891922023-06-07T14:02:00.019+05:302023-06-07T23:32:24.243+05:30Unleashing the Power of Hyperconverged Infrastructure: A Comprehensive Analysis of Leading HCI (VMware vs Nutanix) <p style="text-align: justify;">In Today's fast-moving technology, all want to have a one-stop solution that could help procure all of their services and general needs.</p><p style="text-align: justify;">Initially, as I mentioned technology phase is where we'll be discussing two major private cloud offering players in the market (VMware and Nutanix). These players were having a great presence in the market due to the robust features they offer to their customers.</p><p style="text-align: justify;"><br /></p><p style="text-align: justify;"></p><div class="separator" style="clear: both; text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhC9do477b4r7KjQXFBX2FdLxeLp9LYOSau8r5To5Y3MeNKW0YWYQhfbrI5AD2sEZ2ybOXMSNXNDXjckfCqAfzFQ5OKne_pJxoca3LPe0ANFU2VWUy5nA0iG7qpUCS5gKq-brnc0lgIppVqIoBrBDdakbCrKnOl6HrxoS89B7325XZFOiVekD-ADSLg/s742/datanet.JPG" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="259" data-original-width="742" height="224" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhC9do477b4r7KjQXFBX2FdLxeLp9LYOSau8r5To5Y3MeNKW0YWYQhfbrI5AD2sEZ2ybOXMSNXNDXjckfCqAfzFQ5OKne_pJxoca3LPe0ANFU2VWUy5nA0iG7qpUCS5gKq-brnc0lgIppVqIoBrBDdakbCrKnOl6HrxoS89B7325XZFOiVekD-ADSLg/w640-h224/datanet.JPG" width="640" /></a></div><br /><div class="separator" style="clear: both; text-align: center;"><span style="font-size: xx-small;">credit: Datanet</span></div><p style="text-align: justify;">Let's get started...</p><p style="text-align: justify;">First, let's understand the top player's portfolio and their offerings.</p><h3 style="text-align: justify;">VMware:</h3><p style="text-align: justify;">VMware, headquartered in Palo Alto, California, is a renowned leader in delivering comprehensive multi-cloud services that drive digital innovation while maintaining enterprise control. By offering a range of products and services, VMware assists organizations in revolutionizing their IT infrastructure, fortifying security measures, and minimizing costs.</p><p style="text-align: justify;">Founded in 1998, VMware has emerged as a prominent force in the industry, boasting a workforce of over 30,000 employees and a vast customer base spanning more than 100 countries.</p><p style="text-align: justify;"><u>VMware's diverse product portfolio encompasses:</u></p><p></p><ul style="text-align: left;"><li style="text-align: justify;"><b>vSphere</b>: An advanced virtualization platform enabling organizations to operate multiple operating systems and applications on a single physical server.</li><li style="text-align: justify;"><b>vSAN</b>: A software-defined storage solution that provides centralized storage capabilities for virtualized workloads.</li><li style="text-align: justify;"><b>NSX:</b> A cutting-edge network virtualization platform facilitating the creation and management of virtual networks.</li><li style="text-align: justify;"><b>vRealize Suite:</b> A comprehensive suite of management tools empowering organizations to efficiently oversee their VMware environments.</li><li style="text-align: justify;"><b>VMware Cloud Foundation</b><u>:</u> An integrated platform empowering organizations to establish and manage private, hybrid, and multi-cloud environments.</li></ul><p></p><p style="text-align: justify;"><br /></p><p style="text-align: justify;"><i><b>Here are some key benefits organizations can experience by utilizing VMware products and services:</b></i></p><p></p><ul style="text-align: left;"><li style="text-align: justify;"><b>Enhanced Agility: </b>VMware products and services enable organizations to swiftly adapt to changing business requirements.</li><li style="text-align: justify;"><b>Cost Reduction:</b> By consolidating servers, optimizing storage needs, and improving energy efficiency, VMware products and services help organizations achieve significant IT cost savings.</li><li style="text-align: justify;"><b>Heightened Security:</b> VMware products and services are designed with a strong focus on security, ensuring robust protection measures.</li><li style="text-align: justify;"><b>Compliance Enablement:</b> VMware products and services assist organizations in meeting compliance requirements and adhering to industry regulations.</li><li style="text-align: justify;"><b>Improved Performance</b><u>:</u> Leveraging VMware products and services, organizations can elevate the performance of their IT infrastructure, enabling smoother operations and optimal resource utilization.</li></ul><p></p><p style="text-align: justify;"><br /></p><h3 style="text-align: justify;">Nutanix:</h3><p style="text-align: justify;">Nutanix, a software-defined computing company headquartered in San Jose, California, offers a powerful hyper-converged infrastructure (HCI) platform. Their HCI platform seamlessly integrates compute, storage, and networking into a unified system, providing organizations with efficient and cost-effective IT resource deployment and management.</p><p style="text-align: justify;">Established in 2009, Nutanix has grown to a company of over 4,000 employees, serving customers across more than 100 countries.</p><p style="text-align: justify;">At the core of Nutanix's HCI platform lies <u>Acropolis</u>, their software-defined storage and virtualization platform. Running on industry-standard servers, Acropolis provides a centralized management interface, simplifying IT resource deployment and management, irrespective of organizational size or complexity.</p><p style="text-align: justify;"><i><b>Organizations benefit from Nutanix's HCI platform in several ways:</b></i></p><ul style="text-align: left;"><li style="text-align: justify;"><b>Cost Reduction</b>: By consolidating servers, optimizing storage, and enhancing energy efficiency, Nutanix's HCI platform helps organizations lower their IT costs significantly.</li><li style="text-align: justify;"><b>Enhanced Agility:</b> Nutanix's HCI platform enables organizations to swiftly adapt to changing business requirements.</li><li style="text-align: justify;"><b>Improved Security:</b> Nutanix's HCI platform is designed with robust security measures, ensuring data protection.</li><li style="text-align: justify;"><b>Increased Uptime:</b> Nutanix's HCI platform prioritizes high availability and uptime, leveraging various technologies to ensure continuous operation, even during failures.</li></ul><p></p><p style="text-align: justify;">If you're seeking to reduce IT costs, improve agility, and enhance security, Nutanix's HCI platform is an ideal solution. </p><p style="text-align: justify;"><i><b>Highlighted features of Nutanix's HCI platform include:</b></i></p><p></p><ul style="text-align: left;"><li style="text-align: justify;"><b>Software-Defined Storage</b>: Nutanix's HCI platform employs software-defined storage, delivering a centralized storage solution for virtualized workloads. This approach enhances efficiency and cost-effectiveness compared to traditional storage solutions.</li><li style="text-align: justify;"><b>Software-Defined Networking: </b>Nutanix's HCI platform utilizes software-defined networking, offering a centralized networking solution for virtualized workloads. This technology ensures flexibility and scalability beyond conventional networking solutions.</li><li style="text-align: justify;"><b>Unified Management: </b>Nutanix's HCI platform presents a unified management interface, streamlining the deployment and management of all components within the Nutanix HCI system.</li><li><div style="text-align: justify;"><b>High Availability:</b> Nutanix's HCI platform is designed to provide continuous high availability and uptime. Leveraging multiple technologies, it guarantees the availability of workloads even in the face of failures.</div><div style="text-align: justify;"><br /></div></li></ul><div style="text-align: justify;">Nutanix's HCI platform caters to organizations of all sizes, seeking IT cost reduction, enhanced agility, and improved security. </div><div style="text-align: justify;"><br /></div><div style="text-align: justify;"><div>Hyper-converged infrastructure (HCI) refers to a data center architecture that integrates compute, storage, and networking into a unified system. The primary advantage of HCI lies in its ability to streamline data center management by consolidating and reducing the number of individual components that require configuration and administration. Consequently, this consolidation leads to cost savings and enhanced operational efficiency.</div><div><br /></div><div>Simplifying data center management is a key benefit of HCI, achieved by minimizing the complexity associated with managing and configuring numerous separate components. This streamlined approach not only saves costs but also improves overall efficiency. Furthermore, HCI offers greater scalability and flexibility compared to traditional data center architectures, empowering businesses to adapt and expand their infrastructure more effectively.</div><div><br /></div><div>Overall, HCI is an innovative solution that simplifies data center management, reducing the number of components to be managed and configured. This results in cost savings and improved operational efficiency. Moreover, HCI provides superior scalability and flexibility compared to traditional data center architectures, allowing businesses to adapt to changing requirements more efficiently.</div></div><p></p><p style="text-align: justify;"> <b><u>Top HCI Technology Vendors</u></b></p><div style="text-align: justify;">The choice of the HCI vendor that excels in features, functionality, and hybrid cloud integration may vary based on individual customer requirements and preferences. However, several leading HCI vendors consistently stand out for their robust capabilities and hybrid cloud offerings:</div><div style="text-align: justify;"><u><br /></u></div><div style="text-align: justify;"><u>Nutanix:</u> Renowned for its scalability and user-friendly interface, Nutanix supports diverse workloads while seamlessly integrating with the cloud. Its strong track record of delivering enterprise-grade HCI solutions, coupled with extensive cloud integrations, empowers organizations to modernize their IT infrastructure effectively. Nutanix demonstrates a strong ability to execute, supported by a large customer base.</div><div style="text-align: justify;"><br /></div><div style="text-align: justify;"><u>VMware vSAN</u>: As a well-established player in the HCI realm, VMware boasts a solid reputation and an extensive customer base. Its integration within the VMware ecosystem, emphasis on high availability and disaster recovery, and robust security features make it a popular choice for organizations seeking IT infrastructure modernization. VMware showcases a strong ability to execute, leveraging its established reputation and customer base.</div><div style="text-align: justify;"><u><br /></u></div><div style="text-align: justify;"><u>Dell EMC VxRail</u>: Known for its simplicity and ease of deployment, Dell EMC VxRail prioritizes security and reliability. It seamlessly integrates with other Dell EMC products and offers comprehensive cloud integrations. Dell demonstrates a strong ability to execute, supported by its well-established reputation and large customer base.</div><div style="text-align: justify;"><br /></div><div style="text-align: justify;"><u>HPE SimpliVity:</u> HPE SimpliVity delivers high performance and extensive application support, making it a favored choice for organizations. With a focus on innovation and an expanding product portfolio, HPE is well-positioned to cater to evolving customer needs. HPE exhibits a good ability to execute, backed by a growing customer base and a strong focus on innovation and product development.</div><div style="text-align: justify;"><br /></div><div style="text-align: justify;"><u>Cisco HyperFlex:</u> Cisco HyperFlex gains popularity due to its integration with the Cisco ecosystem and robust security features. By emphasizing simplicity and delivering a seamless user experience, Cisco aids organizations in modernizing their IT infrastructure. Cisco demonstrates a good ability to execute, benefiting from its well-established reputation and expanding customer base.</div><div style="text-align: justify;"><br /></div><div style="text-align: justify;">These are a few of the leading HCI vendors, each with its own strengths, roadmaps, visions, and execution capabilities. It's crucial to note that customers' specific requirements may vary, and a comprehensive evaluation should be conducted to determine the most suitable solution for a particular use case.</div><div style="text-align: justify;"><br /></div><div style="text-align: justify;"><p style="text-align: left;"><b>Let's discuss more on Hyper-converged infrastructure (HCI) and its architecture.</b></p><p style="text-align: left;">Refers to a datacenter architecture that integrates <u>compute, storage, and networking</u> into a unified system. The primary advantage of HCI lies in its ability to streamline data center management by consolidating and reducing the number of individual components that require configuration and administration. Consequently, this consolidation leads to cost savings and enhanced operational efficiency.</p><div class="separator" style="clear: both; text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgtuXkKLvlaVpNoq958VomkQOdfx2P13JQ4J3vUwClCs8Koxl6quV6fI-lZ7rPKL69pZ3_fGl--Lyp7J0nH69OzhBmfLDjSBsFLyiU-weoy3oAnLBa7y3opQSl4QUCwBsf7SwzF26M6JXO8GfpFo90u14gOAnGvrAQWu6MrQ_soKd241zXR9_JFESYM/s736/hci.JPG" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="308" data-original-width="736" height="268" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgtuXkKLvlaVpNoq958VomkQOdfx2P13JQ4J3vUwClCs8Koxl6quV6fI-lZ7rPKL69pZ3_fGl--Lyp7J0nH69OzhBmfLDjSBsFLyiU-weoy3oAnLBa7y3opQSl4QUCwBsf7SwzF26M6JXO8GfpFo90u14gOAnGvrAQWu6MrQ_soKd241zXR9_JFESYM/w640-h268/hci.JPG" width="640" /></a></div><span> </span><span> </span><span> </span><span> </span><span> </span><span> </span><span> </span><span> </span><span> </span><span> </span><span> </span><span> Figure: 2</span><br style="text-align: left;" /><p style="text-align: left;"><br /></p><p style="text-align: left;">Simplifying data center management is a key benefit of HCI, achieved by <u>minimizing the complexity</u> associated with managing and configuring numerous separate components. This streamlined approach not only <u>saves costs </u>but also improves <u>overall efficiency</u>. Furthermore, HCI offers greater <u>scalability and flexibility</u> compared to traditional data center architectures, empowering businesses to adapt and expand their infrastructure more effectively.</p><p style="text-align: left;"><br /></p></div><div class="separator" style="clear: both; text-align: center;"><h3 style="text-align: left;">Business continuity uses cases (VMware vs Nutanix)</h3></div><p style="text-align: justify;">VMware and Nutanix are two prominent providers of virtualization and hyper-converged infrastructure (HCI) solutions. Both platforms offer a wide array of features and advantages, but there are distinct differences that make one more suitable for your business than the other.</p><p style="text-align: justify;"><u><b><i>VMware:</i></b></u></p><p style="text-align: justify;">VMware is a mature platform with a long-established reputation for reliability and performance. It boasts a larger user base, resulting in greater availability of experienced VMware administrators. Additionally, VMware provides more flexibility in terms of licensing options, which can cater to diverse business needs.</p><p style="text-align: justify;">However, VMware can be relatively expensive compared to some competitors, and its management can be complex. It also necessitates the use of third-party storage devices, which contributes to the overall cost of ownership.</p><p style="text-align: justify;"><u><i><b>Nutanix:</b></i></u></p><p style="text-align: justify;">Nutanix, on the other hand, is a newer platform that offers an integrated and simplified approach to virtualization and HCI. It demonstrates superior scalability, accommodating a broader range of environments. Nutanix is also more cost-effective and easier to manage than VMware.</p><p style="text-align: justify;">Nevertheless, Nutanix has a smaller user base compared to VMware, resulting in fewer experienced Nutanix administrators available. Additionally, Nutanix has a shorter track record in terms of reliability and performance compared to VMware.</p><div class="separator" style="clear: both; text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEh-DIeaxkTZPqBmi2JrIagbu3vksudQM_dYKtTXZUv2WM6s2wtd_-SsrNzj-wnKKYR8DQVqEgV7PmJFh8whtxYuJwJdkgqDCzP7T7Nv81_IpaSXffLjeOo2eFQd0K2zT7uVwak36afT_rS3nf9TZfEoH306HlVkXpYnDqOG4Q3gEXP6OUSlT-LydGQf/s688/vmnutmatuarity.JPG" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="182" data-original-width="688" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEh-DIeaxkTZPqBmi2JrIagbu3vksudQM_dYKtTXZUv2WM6s2wtd_-SsrNzj-wnKKYR8DQVqEgV7PmJFh8whtxYuJwJdkgqDCzP7T7Nv81_IpaSXffLjeOo2eFQd0K2zT7uVwak36afT_rS3nf9TZfEoH306HlVkXpYnDqOG4Q3gEXP6OUSlT-LydGQf/s16000/vmnutmatuarity.JPG" /></a></div><span> </span><span> </span><span> </span><span> </span><span> </span><span> </span><span> </span><span> </span><span> </span><span> </span><span> </span><span> </span><span> </span><span> </span><span> </span><span> Figure: 3</span><div><br /><h3 style="text-align: justify;">Exploring Nutanix and VMware: <u>Comparing Key Aspects in HCI Solutions</u></h3><p style="text-align: justify;">Both Nutanix and VMware are viable choices for HCI solutions, but it's important to note the significant differences between these platforms.</p><p style="text-align: justify;"></p><ul><li><b>Ease of use:</b> Nutanix is widely regarded as more user-friendly compared to VMware. Nutanix's software-defined nature eliminates the need for dedicated hardware and intricate configurations. In contrast, VMware relies on a hypervisor-based approach, which necessitates dedicated hardware and can introduce complexities during setup.</li></ul><ul><li><b>Performance:</b> Nutanix and VMware offer comparable performance levels, although Nutanix may hold a slight advantage in terms of scalability. Nutanix can seamlessly scale out to accommodate thousands of nodes, while VMware's scalability is limited to a maximum of 16 hosts per cluster.</li></ul><ul><li><b>Features</b>: Nutanix and VMware present a similar range of features, but Nutanix boasts distinctive offerings not found in VMware. Nutanix's unified storage fabric and ability to scale out to thousands of nodes stand out. Conversely, VMware provides a broader array of features, including its vMotion technology that enables live migration of virtual machines between hosts</li></ul><ul><li><b>Cost:</b> Nutanix and VMware are priced similarly, but the pricing models differ. Nutanix is an appealing option for organizations seeking a pay-as-you-go structure. In contrast, VMware requires a one-time purchase of the software.</li></ul><p></p><p style="text-align: justify;">By considering these factors, you can make an informed decision when selecting between Nutanix and VMware for your HCI needs.</p><p style="text-align: justify;"><br /></p><h3 style="text-align: justify;"><u>Determining the Right Platform:</u></h3><p>Choosing the best platform hinges on your specific needs and requirements. If you prioritize a mature, reliable, and widely adopted platform, VMware may be the ideal choice. Conversely, if you seek a cost-effective, scalable, and easy-to-manage solution, Nutanix may be more suitable.</p><p><i>VMware and Nutanix component equations </i></p><div class="separator" style="clear: both; text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEj4VrKuPRGgonmy5GrcosrCberLHpaWh9XsYW6dlSaRI2UVtrANfERveQkVIePgTBiJW_GtRCrweG4dCl_bjYCbwbe0KUNMgD3kEwJq0dC-TyMNBUXBMdaXWQzYo1ljTsVaHOcapA0dbkwK-SHKJqpIdn3pUB11RH00jeYUHnGQVDJHG1mJBjcT0KN3/s721/scribd.JPG" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="721" data-original-width="525" height="766" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEj4VrKuPRGgonmy5GrcosrCberLHpaWh9XsYW6dlSaRI2UVtrANfERveQkVIePgTBiJW_GtRCrweG4dCl_bjYCbwbe0KUNMgD3kEwJq0dC-TyMNBUXBMdaXWQzYo1ljTsVaHOcapA0dbkwK-SHKJqpIdn3pUB11RH00jeYUHnGQVDJHG1mJBjcT0KN3/w557-h766/scribd.JPG" width="557" /></a></div><br /><p><br /></p><p><i>Here is a summarized table highlighting the key distinctions between VMware and Nutanix:</i></p><p></p><div class="separator" style="clear: both; text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjpSPcK9ADB5ownsuSMkRzK2_zXztjbp11M_ScIPK-JzRmd0I-UiNgT_xCsnAIyFq6iBwBBXDewksCjsIOKN90sbuWR932_1JAyATN6782HH4ETkDBwb2CIFJRkOtdE9w2i18P5VrX4e9SiLQqMfuHodbe-98v3O65HSpZPjjvg7IfqjOfBLwVXMloy/s689/nutanixvs%20vmware%20tabular.JPG" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="235" data-original-width="689" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjpSPcK9ADB5ownsuSMkRzK2_zXztjbp11M_ScIPK-JzRmd0I-UiNgT_xCsnAIyFq6iBwBBXDewksCjsIOKN90sbuWR932_1JAyATN6782HH4ETkDBwb2CIFJRkOtdE9w2i18P5VrX4e9SiLQqMfuHodbe-98v3O65HSpZPjjvg7IfqjOfBLwVXMloy/s16000/nutanixvs%20vmware%20tabular.JPG" /></a></div><div class="separator" style="clear: both; text-align: center;"><br /></div><p><br /></p><h3 style="text-align: left;"><u>Pros and Cons of Top Giants:</u></h3><div style="text-align: justify;"><u>Nutanix </u>software architecture is compatible with Nutanix NX hardware, as well as specific offerings from Dell, Hewlett Packard Enterprise (HPE), Lenovo, and Fujitsu. It can also run on various third-party servers and bare-metal Amazon EC2 instances.</div><div><h4 style="text-align: justify;">Pros (+)</h4><div style="text-align: justify;">Nutanix Acropolis: Nutanix Acropolis complements the company's core competencies by offering flexibility to clients in choosing the best application platform technology. It provides an open platform for virtualization and application mobility, allowing organizations to achieve operational flexibility across different types of virtual machines (VMs) and seamless containerization. The architecture consists of Distributed Storage Fabric, App Mobility Fabric, and Acropolis Hypervisor.</div><div style="text-align: justify;"><b><br /></b></div><div style="text-align: justify;"><ul><li><b>Nutanix Prism</b>: Nutanix Prism simplifies infrastructure management through innovative One-Click technology. It streamlines IT tasks, including software upgrades, capacity planning, and troubleshooting. With the convergence of storage, compute, and virtualization resources, advanced machine learning, and a user-friendly interface, Nutanix Prism enhances management efficiency.</li></ul></div><div style="text-align: justify;"><ul><li><b>Strong Community Support:</b> Nutanix is supported by a large community of technology leaders who recognize the need to reduce data center costs and complexities. This community ensures that applications and guest operating systems run smoothly on Nutanix Acropolis and Acropolis Hypervisor.</li></ul></div><div style="text-align: justify;"><ul><li><b>Customer Loyalty: </b>Nutanix's broad and deep HCI software, along with exceptional customer service, has resulted in high customer loyalty, as indicated by a Net Promoter Score of 92.</li></ul></div><div style="text-align: justify;"><ul><li><b>Hybrid Cloud Infrastructure:</b> Nutanix provides infrastructure for hybrid cloud deployments, enabling unified management, consistent tooling, and portability of applications, data, and licenses across the edge, data center, and public cloud.</li></ul></div><div style="text-align: justify;"><ul><li><b>Workload Unification:</b> Nutanix HCI software unifies multiple workloads and data services.</li></ul></div><div style="text-align: justify;"><br /></div><h3 style="text-align: justify;">Cons (-)</h3><div style="text-align: justify;"><ul><li><b>Cost-Effectiveness:</b> Nutanix HCI may not be a cost-effective solution for deployments that don't require advanced functionalities or for small and medium-sized organizations not leveraging the Nutanix Acropolis hypervisor.</li></ul></div><div style="text-align: justify;"><ul><li><b>Limited Public Cloud Traction</b>: The adoption of Nutanix Clusters in public cloud environments, particularly AWS, is currently average.</li></ul></div><div style="text-align: justify;"><ul><li><b>C<span style="font-family: arial;">LI Dependency:</span></b><span style="font-family: arial;"> Advanced functionality and troubleshooting capabilities may require the use of command-line interface (CLI) instead of being incorporated into the graphical user interface (GUI).</span></li></ul></div><div style="text-align: justify;"><br /></div><div style="text-align: justify;"><br /></div><h3 style="text-align: justify;"><u>VMware</u></h3><div style="text-align: justify;">VMware is recognized as a Leader in Gartner's Magic Quadrant, focusing on hybrid cloud, cloud-native, VDI, and edge use cases. The company has a diverse geographical presence, serving midsize and large enterprises. VMware expands on the capabilities of HCI Mesh and offers a software-defined approach to computing and storage disaggregation, enabling shared capacity between HCI and non-HCI clusters. VMware vSAN simplifies the development of a hybrid cloud architecture, providing unified compute and storage management within 30 days of adoption.</div><div style="text-align: justify;"><i><u><b><br /></b></u></i></div><div style="text-align: justify;"><i><u><b>Pros (+)</b></u></i></div><div style="text-align: justify;"><u><br /></u></div><div style="text-align: justify;"><ul><li><b>Collaboration with Public Cloud Providers</b><u>:</u> VMware collaborates with major public cloud providers like AWS, Microsoft Azure, Google Cloud Platform, Oracle Cloud, and IBM Cloud to support HCI deployments in those environments. This partnership offers service consumption-based models, benefiting clients.</li></ul></div><div style="text-align: justify;"><ul><li><b>Established Software Installed Base:</b> VMware's significant software installed base ensures a large talent pool of skilled I&O professionals available for hiring.</li></ul></div><div style="text-align: justify;"><ul><li><b>Enterprise Worth and Trust: </b>VMware is an established enterprise with a worth of $12 billion. Its global visibility, support, and trustworthiness minimize potential risks associated with smaller providers.</li></ul></div><div style="text-align: justify;"><br /></div><div style="text-align: justify;"><i><u><b>Cons (-)</b></u></i></div><div style="text-align: justify;"><br /></div><div style="text-align: justify;"><ul><li><b>Premium Pricing: </b>VMware's HCI offerings are positioned as premium solutions, and there may be less price competitiveness compared to other vendors when the cost is a significant consideration.</li></ul></div><div style="text-align: justify;"><ul><li><b>Configuration Complexity:</b> Configuring vSAN software can be complex due to various storage design considerations.</li></ul></div><div style="text-align: justify;"><ul><li><b>Limited Hypervisor Support:</b> vSAN only, although its too supports external storage to support.</li></ul></div></div><div style="text-align: justify;"><br /></div><h3 style="text-align: justify;">SDS (Software Defined Storage ) view on both the HCI Solutions</h3><div style="text-align: justify;"><br /></div><div style="text-align: justify;"><span id="docs-internal-guid-2ea0f775-7fff-4e61-7042-46eae6571d9d"><p dir="ltr" style="line-height: 1.38; margin-bottom: 18pt; margin-right: 36pt; margin-top: 0pt;"><span style="color: #1f1f1f; font-size: 12pt; font-variant-alternates: normal; font-variant-east-asian: normal; font-variant-numeric: normal; vertical-align: baseline; white-space-collapse: preserve;"><span style="font-family: inherit;">VMware vSAN and Nutanix are both popular software-defined storage (SDS) solutions that can be used to consolidate and virtualize your IT infrastructure. However, there are some key differences between the two platforms that you should consider when making a decision.</span></span></p><p dir="ltr" style="line-height: 1.38; margin-bottom: 18pt; margin-right: 36pt; margin-top: 18pt;"><span style="color: #1f1f1f; font-size: 12pt; font-variant-alternates: normal; font-variant-east-asian: normal; font-variant-numeric: normal; vertical-align: baseline; white-space-collapse: preserve;"><span style="font-family: inherit;"><b><u>VMware vSAN</u></b></span></span></p><ul style="margin-bottom: 0px; margin-top: 0px; padding-inline-start: 48px;"><li aria-level="1" dir="ltr" style="color: #1f1f1f; font-variant-alternates: normal; font-variant-east-asian: normal; font-variant-numeric: normal; list-style-type: disc; vertical-align: baseline; white-space: pre;"><p dir="ltr" role="presentation" style="line-height: 1.38; margin-bottom: 0pt; margin-right: 36pt; margin-top: 6pt;"><span style="font-variant-alternates: normal; font-variant-east-asian: normal; font-variant-numeric: normal; text-wrap: wrap; vertical-align: baseline;"><span style="font-family: arial;">VMware vSAN is a software-defined storage solution that runs on top of VMware vSphere.</span></span></p></li><li aria-level="1" dir="ltr" style="color: #1f1f1f; font-variant-alternates: normal; font-variant-east-asian: normal; font-variant-numeric: normal; list-style-type: disc; vertical-align: baseline; white-space: pre;"><p dir="ltr" role="presentation" style="line-height: 1.38; margin-bottom: 0pt; margin-right: 36pt; margin-top: 0pt;"><span style="font-variant-alternates: normal; font-variant-east-asian: normal; font-variant-numeric: normal; text-wrap: wrap; vertical-align: baseline;"><span style="font-family: arial;">It uses a distributed architecture to provide storage for virtual machines.</span></span></p></li><li aria-level="1" dir="ltr" style="color: #1f1f1f; font-variant-alternates: normal; font-variant-east-asian: normal; font-variant-numeric: normal; list-style-type: disc; vertical-align: baseline; white-space: pre;"><p dir="ltr" role="presentation" style="line-height: 1.38; margin-bottom: 0pt; margin-right: 36pt; margin-top: 0pt;"><span style="font-variant-alternates: normal; font-variant-east-asian: normal; font-variant-numeric: normal; text-wrap: wrap; vertical-align: baseline;"><span style="font-family: arial;">vSAN can be used to create all-flash or hybrid storage arrays.</span></span></p></li><li aria-level="1" dir="ltr" style="color: #1f1f1f; font-variant-alternates: normal; font-variant-east-asian: normal; font-variant-numeric: normal; list-style-type: disc; vertical-align: baseline; white-space: pre;"><p dir="ltr" role="presentation" style="line-height: 1.38; margin-bottom: 0pt; margin-right: 36pt; margin-top: 0pt;"><span style="font-variant-alternates: normal; font-variant-east-asian: normal; font-variant-numeric: normal; text-wrap: wrap; vertical-align: baseline;"><span style="font-family: arial;">It supports a wide range of data protection features, including snapshots, replication, and disaster recovery.</span></span></p></li><li aria-level="1" dir="ltr" style="color: #1f1f1f; font-variant-alternates: normal; font-variant-east-asian: normal; font-variant-numeric: normal; list-style-type: disc; vertical-align: baseline; white-space: pre;"><p dir="ltr" role="presentation" style="line-height: 1.38; margin-bottom: 0pt; margin-right: 36pt; margin-top: 0pt;"><span style="font-variant-alternates: normal; font-variant-east-asian: normal; font-variant-numeric: normal; text-wrap: wrap; vertical-align: baseline;"><span style="font-family: arial;">vSAN is a mature platform with a large installed base.</span></span></p></li><li aria-level="1" dir="ltr" style="color: #1f1f1f; font-variant-alternates: normal; font-variant-east-asian: normal; font-variant-numeric: normal; list-style-type: disc; vertical-align: baseline; white-space: pre;"><p dir="ltr" role="presentation" style="line-height: 1.38; margin-bottom: 14pt; margin-right: 36pt; margin-top: 0pt;"><span style="font-variant-alternates: normal; font-variant-east-asian: normal; font-variant-numeric: normal; text-wrap: wrap; vertical-align: baseline;"><span style="font-family: arial;">It is well-integrated with other VMware products, such as vCenter Server and NSX.</span></span></p></li></ul><p dir="ltr" style="line-height: 1.38; margin-bottom: 18pt; margin-right: 36pt; margin-top: 18pt;"><span style="color: #1f1f1f; font-variant-alternates: normal; font-variant-east-asian: normal; font-variant-numeric: normal; vertical-align: baseline; white-space-collapse: preserve;"><span style="font-family: arial;"><u><b>Nutanix</b></u></span></span></p><ul style="margin-bottom: 0px; margin-top: 0px; padding-inline-start: 48px;"><li aria-level="1" dir="ltr" style="color: #1f1f1f; font-variant-alternates: normal; font-variant-east-asian: normal; font-variant-numeric: normal; list-style-type: disc; vertical-align: baseline; white-space: pre;"><p dir="ltr" role="presentation" style="line-height: 1.38; margin-bottom: 0pt; margin-right: 36pt; margin-top: 6pt;"><span style="font-variant-alternates: normal; font-variant-east-asian: normal; font-variant-numeric: normal; text-wrap: wrap; vertical-align: baseline;"><span style="font-family: arial;">Nutanix is a hyper-converged infrastructure (HCI) platform that includes both compute and storage resources.</span></span></p></li><li aria-level="1" dir="ltr" style="color: #1f1f1f; font-variant-alternates: normal; font-variant-east-asian: normal; font-variant-numeric: normal; list-style-type: disc; vertical-align: baseline; white-space: pre;"><p dir="ltr" role="presentation" style="line-height: 1.38; margin-bottom: 0pt; margin-right: 36pt; margin-top: 0pt;"><span style="font-variant-alternates: normal; font-variant-east-asian: normal; font-variant-numeric: normal; text-wrap: wrap; vertical-align: baseline;"><span style="font-family: arial;">It uses a scale-out architecture to provide high performance and scalability.</span></span></p></li><li aria-level="1" dir="ltr" style="color: #1f1f1f; font-variant-alternates: normal; font-variant-east-asian: normal; font-variant-numeric: normal; list-style-type: disc; vertical-align: baseline; white-space: pre;"><p dir="ltr" role="presentation" style="line-height: 1.38; margin-bottom: 0pt; margin-right: 36pt; margin-top: 0pt;"><span style="font-variant-alternates: normal; font-variant-east-asian: normal; font-variant-numeric: normal; text-wrap: wrap; vertical-align: baseline;"><span style="font-family: arial;">Nutanix can be used to create all-flash or hybrid storage arrays.</span></span></p></li><li aria-level="1" dir="ltr" style="color: #1f1f1f; font-variant-alternates: normal; font-variant-east-asian: normal; font-variant-numeric: normal; list-style-type: disc; vertical-align: baseline; white-space: pre;"><p dir="ltr" role="presentation" style="line-height: 1.38; margin-bottom: 0pt; margin-right: 36pt; margin-top: 0pt;"><span style="font-variant-alternates: normal; font-variant-east-asian: normal; font-variant-numeric: normal; text-wrap: wrap; vertical-align: baseline;"><span style="font-family: arial;">It supports a wide range of data protection features, including snapshots, replication, and disaster recovery.</span></span></p></li><li aria-level="1" dir="ltr" style="color: #1f1f1f; font-variant-alternates: normal; font-variant-east-asian: normal; font-variant-numeric: normal; list-style-type: disc; vertical-align: baseline; white-space: pre;"><p dir="ltr" role="presentation" style="line-height: 1.38; margin-bottom: 0pt; margin-right: 36pt; margin-top: 0pt;"><span style="font-variant-alternates: normal; font-variant-east-asian: normal; font-variant-numeric: normal; text-wrap: wrap; vertical-align: baseline;"><span style="font-family: arial;">Nutanix is a newer platform than VMware vSAN, but it has gained a significant market share in recent years.</span></span></p></li><li aria-level="1" dir="ltr" style="color: #1f1f1f; font-variant-alternates: normal; font-variant-east-asian: normal; font-variant-numeric: normal; list-style-type: disc; vertical-align: baseline; white-space: pre;"><p dir="ltr" role="presentation" style="line-height: 1.38; margin-bottom: 14pt; margin-right: 36pt; margin-top: 0pt;"><span style="font-variant-alternates: normal; font-variant-east-asian: normal; font-variant-numeric: normal; text-wrap: wrap; vertical-align: baseline;"><span style="font-family: arial;">It is well-integrated with a wide range of third-party applications.</span></span></p></li></ul><div><span id="docs-internal-guid-b97bdf8e-7fff-bf63-60fa-67905b085ac0"><p dir="ltr" style="line-height: 1.38; margin-bottom: 18pt; margin-right: 36pt; margin-top: 18pt; text-align: center;"><span style="color: #1f1f1f; font-variant-alternates: normal; font-variant-east-asian: normal; font-variant-numeric: normal; vertical-align: baseline; white-space-collapse: preserve;"><span style="font-family: arial;"><u><i>Comparison</i></u></span></span></p><p dir="ltr" style="line-height: 1.38; margin-bottom: 18pt; margin-right: 36pt; margin-top: 18pt;"><span style="color: #1f1f1f; font-size: 12pt; font-variant-alternates: normal; font-variant-east-asian: normal; font-variant-numeric: normal; vertical-align: baseline; white-space-collapse: preserve;"><span style="font-family: arial;">The following table compares the key features of VMware vSAN and Nutanix:</span></span></p><div class="separator" style="clear: both; text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjnKolsylf9PBnKPtJBO5LciaZmsGNl1ZAbCqG2Z5d0CgImDN9Ei1okf3QZIo-rWGviSX5_G53lQu7M81WCdyokELtlLqwcLOfPIAkPkGpvnZfTHSFrXwoSyDM1eZ2GHenA7rptEu4P399BTN4gq6TYZ3JnmMtuWbipOrEfRcdGWmsD6yDBVRCaK-wH/s689/vsanarchi.JPG" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="160" data-original-width="689" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjnKolsylf9PBnKPtJBO5LciaZmsGNl1ZAbCqG2Z5d0CgImDN9Ei1okf3QZIo-rWGviSX5_G53lQu7M81WCdyokELtlLqwcLOfPIAkPkGpvnZfTHSFrXwoSyDM1eZ2GHenA7rptEu4P399BTN4gq6TYZ3JnmMtuWbipOrEfRcdGWmsD6yDBVRCaK-wH/s16000/vsanarchi.JPG" /></a></div><br /><div align="left" dir="ltr" style="margin-left: 0pt;"><br /></div></span></div></span></div><h3 style="text-align: justify;"><u>What does Gartner say?</u></h3><div style="text-align: justify;"><span style="font-family: arial;">The following is an overview of Gartner's Magic Quadrant for the Hyperconverged Infrastructure Software market as of November 2021:</span></div><div class="separator" style="clear: both; text-align: center;"><div class="separator" style="clear: both; text-align: justify;"><span style="font-family: arial;"><br /></span></div><div style="text-align: justify;"><span style="font-family: arial;">Top Players in Hyperconverged Infrastructure Software Market</span></div><div style="text-align: justify;"><span style="font-family: arial;"><br /></span></div><div style="text-align: justify;"><span style="font-family: arial;">This is how Gartner's Magic Quadrant for Hyperconverged Infrastructure Software appeared in November 2021:</span></div><div style="text-align: justify;"><br /></div></div><div class="separator" style="clear: both; text-align: justify;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEg5fyCxLML3oYdyNGnJ7bCWnoG6oW7YgYP_mGDyOyeKEWMGrK1xR6prZZzTnRTL9yxpvozKRNisbf4AfQDxQsT3b5U4qkDOnV8Iq6l_uNrYkXT1Egc6THJEO0SW98i0vg0PIV1Bik0l_4vOGr_1ZkMHvzW_7ZMYm0XcDKYHOkNm-3hqg9-hkB7TOHEM/s592/Gartner.png" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="592" data-original-width="570" height="640" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEg5fyCxLML3oYdyNGnJ7bCWnoG6oW7YgYP_mGDyOyeKEWMGrK1xR6prZZzTnRTL9yxpvozKRNisbf4AfQDxQsT3b5U4qkDOnV8Iq6l_uNrYkXT1Egc6THJEO0SW98i0vg0PIV1Bik0l_4vOGr_1ZkMHvzW_7ZMYm0XcDKYHOkNm-3hqg9-hkB7TOHEM/w616-h640/Gartner.png" width="616" /></a></div><div class="separator" style="clear: both; text-align: justify;"><br /></div><div class="separator" style="clear: both; text-align: justify;"><span style="font-family: arial;">As per IDC's Converged Systems Tracker Forecast, the projected growth of the HCI market is significant, expected to reach $16.2 billion by 2023 compared to $9 billion in 2019. This forecast underscores the immense market potential and expansion opportunities available to the top players in the HCI software market, enabling them to enhance their presence.</span></div><div style="text-align: justify;"><span style="font-family: arial;"><br /></span></div><div style="text-align: justify;"><span style="font-family: arial;">Furthermore, according to the Rightscale State of the Cloud report, approximately 80% of organizations have embraced a hybrid cloud strategy, incorporating both public and private clouds. HCI software plays a crucial role in facilitating seamless adoption of hybrid cloud environments, empowering IT teams to effectively manage workloads across on-premises infrastructure and public cloud platforms. With HCI software tools, applications can be efficiently managed in hybrid cloud setups, as well as within public cloud provider environments.</span></div><div style="text-align: justify;"><span style="font-family: arial;"><br /></span></div><div style="text-align: justify;"><span style="font-family: arial;">Hope this conversation helps in differentiating between both the vendors (VMware & Nutanix)</span></div><span style="font-family: arial;"><br /></span><br /><p></p><br /><p><br /></p><div class="separator" style="clear: both; text-align: center;"><br /></div><br /><p><br /></p><p></p><div class="separator" style="clear: both; text-align: center;"><div class="separator" style="clear: both; text-align: center;"><br /></div><br /><br /></div><br /><p></p><p><br /></p></div>Sachin Bhardwajhttp://www.blogger.com/profile/00246998315096670256noreply@blogger.com0tag:blogger.com,1999:blog-7301826463672350299.post-1662964477965934342023-06-02T18:33:00.002+05:302023-06-03T20:33:16.892+05:30VMware Cloud Foundation 5.0: A Game-Changing Unified Software Platform for Cloud Management<p style="text-align: left;"><span style="text-align: justify;">In the dynamic world of cloud computing, staying ahead of the curve is essential for businesses seeking scalability, security, and cost-efficiency. As VMware is a leading provider of virtualization and cloud computing software has recently unveiled VMware Cloud Foundation 5.0 (VCF 5.0), the latest version of its unified software platform for building and managing private clouds. Packed with an array of new features and improvements, VCF 5.0 offers <u>enhanced scalability</u>, <u>advanced security</u>, <u>extended support for Kubernetes</u>, and streamlined management capabilities. This article explores the key highlights of VCF 5.0 and why it should be on your radar when considering a cloud platform. 😃</span></p><p style="text-align: left;"><span style="text-align: justify;"><br /></span></p><p></p><div class="separator" style="clear: both; text-align: center;"><a href="https://blogger.googleusercontent.com/img/a/AVvXsEjL_-oNGWLkztPxxf32hzy3nD6wgm2omSWLu41f5I_Tr7amc7E2csjfS7f1um-m9cbe5xOfkhqTpGyuQMNz0VpoP0o-AO1WL8ojdyCEjC4bWhTyCFm3L4roqqzzlz5cUwzCjuECRoIuOn00Z4QLf78_B08jz-TnNFv0bDfaNf_5723TrTy1dIUe6qLc" style="margin-left: 1em; margin-right: 1em;"><img data-original-height="330" data-original-width="747" height="282" src="https://blogger.googleusercontent.com/img/a/AVvXsEjL_-oNGWLkztPxxf32hzy3nD6wgm2omSWLu41f5I_Tr7amc7E2csjfS7f1um-m9cbe5xOfkhqTpGyuQMNz0VpoP0o-AO1WL8ojdyCEjC4bWhTyCFm3L4roqqzzlz5cUwzCjuECRoIuOn00Z4QLf78_B08jz-TnNFv0bDfaNf_5723TrTy1dIUe6qLc=w640-h282" width="640" /></a></div><br /><span style="font-size: xx-small;"><span> </span><span> </span><span> </span><span> </span><span> </span><span> </span><span> </span><span> </span><span> </span><span> </span><span> </span><span> </span><span> </span><span> </span><span> </span><span> </span><span> </span><span> </span><span> </span><span> </span><span> </span><span> </span><span> </span><span> </span><span> </span><span> </span><span> <span> </span><span> </span><span> </span><span> </span><span> </span><span> Credit: VMware</span></span><br /></span><p></p><p><span style="font-size: large;">Improved Scalability:</span></p><p style="text-align: justify;">One of the standout features of VCF 5.0 is its improved scalability. With support for up to <u>100,000 vCPUs </u>and <u>100TB of storage</u> per cluster, VCF 5.0 empowers businesses to tackle even the most demanding workloads. This level of scalability ensures that organizations can deploy VCF on a larger scale and accommodate their evolving needs without compromising performance or efficiency.</p><p></p><div class="separator" style="clear: both; text-align: justify;"><a href="https://blogger.googleusercontent.com/img/a/AVvXsEgN8b2HiynMWu8tIDberupkZPRuD4ab66miG326a2WUhesNaMX37u_Ltn1ndatnwwoL6Ife6BBcKAGD8amh7Hg8XNWZGXs3Y4EuDqDeeDJXH__sSIPXKg0DqqLjI3IQMWg3lHLGFNnqu2CDuFIx2rw5QVFYeuB3ov9rPmaIPsKgourC9j7Le393bBpt" style="margin-left: 1em; margin-right: 1em;"><img data-original-height="368" data-original-width="778" height="302" src="https://blogger.googleusercontent.com/img/a/AVvXsEgN8b2HiynMWu8tIDberupkZPRuD4ab66miG326a2WUhesNaMX37u_Ltn1ndatnwwoL6Ife6BBcKAGD8amh7Hg8XNWZGXs3Y4EuDqDeeDJXH__sSIPXKg0DqqLjI3IQMWg3lHLGFNnqu2CDuFIx2rw5QVFYeuB3ov9rPmaIPsKgourC9j7Le393bBpt=w640-h302" width="640" /></a></div><span style="font-size: xx-small;"><span> </span><span> </span><span> </span><span> </span><span> </span><span> </span><span> </span><span> </span><span> </span><span> </span><span> </span><span> </span><span> </span><span> </span><span> </span><span> </span><span> </span><span> </span><span> </span><span> </span><span> </span><span> </span><span> </span><span> </span><span> </span><span> </span><span> </span><span> </span><span> </span><span> Credit: VMware</span><br /></span><br /><p></p><p><span style="font-size: large;">Enhanced Security:</span></p><p style="text-align: justify;">This one is quite important. Security is paramount in the cloud computing landscape, and VCF 5.0 addresses this concern with several new security features. The inclusion of remote authentication and secure boot capabilities ensures that user data and applications are protected from unauthorized access. </p><p style="text-align: justify;"><span style="font-size: x-large; text-align: left;">Extended Support for Kubernetes:</span></p><p style="text-align: justify;">VCF 5.0 demonstrates VMware's commitment to supporting containerized applications by offering comprehensive support for Kubernetes. With compatibility for Kubernetes 1.23, VCF 5.0 enables users to leverage the latest features and <u>enhancements of the popular container orchestration platform</u>. Additionally, the inclusion of critical functionalities such as Container Networking Interface (CNI) support and<u> multi-node control planes</u> makes it easier to deploy and manage containerized applications on VCF. This integration simplifies the adoption of modern application development practices and facilitates the seamless integration of legacy and cloud-native applications.</p><p style="text-align: justify;"><br /></p><p><span style="font-size: large;">Streamlined Management:</span></p><p style="text-align: justify;">Managing a cloud environment can be complex, but VCF 5.0 introduces several new features to simplify operations. A centralized management console empowers administrators with a unified view and streamlined control over their cloud infrastructure. This consolidation eliminates the need to juggle multiple interfaces, reducing complexity and saving time. Furthermore, VCF 5.0 introduces a<u> policy-based management framework, allowing organizations</u> to define and enforce governance rules effortlessly. By automating management tasks and providing a cohesive management experience, VCF 5.0 reduces operational overhead and accelerates time to value.</p><p style="text-align: justify;"><br /></p><p><span style="font-size: large;"><u>Verdict:</u></span></p><p>VMware Cloud Foundation 5.0 represents a significant upgrade that offers customers a scalable, secure, and cost-effective cloud platform. With its improved scalability, advanced security features, extended support for Kubernetes, and streamlined management capabilities, VCF 5.0 equips businesses with the tools they need to thrive in the cloud computing landscape. Whether you are a small business seeking growth opportunities or an enterprise managing complex workloads, VMware Cloud Foundation 5.0 should be on your radar as a reliable and powerful cloud management solution. </p><p><br /></p><p>Stay tuned for more updates...</p>Sachin Bhardwajhttp://www.blogger.com/profile/00246998315096670256noreply@blogger.com0tag:blogger.com,1999:blog-7301826463672350299.post-51149481725049574272023-05-24T11:07:00.002+05:302023-05-24T11:10:45.503+05:30Tunnel Endpoints<p>Tunnel endpoints are essential in VMware NSX-T for managing network connectivity across different environments. They handle the encapsulation and decapsulation of network traffic as it moves between overlay and underlay networks. Here are the key aspects of tunnel endpoints in NSX-T. Its uses in both East-West as well as North-South traffic communication.</p><p><br /></p><p></p><div class="separator" style="clear: both; text-align: center;"><a href="https://blogger.googleusercontent.com/img/a/AVvXsEhVpqRijJDMtm8RBHv8jNj8D02pLfdi8RXKOzrZ88Ajfs6xdUo1YbuUg76k9qWCZpGsvmxPOTKa9-yulINZE3wEQU5u9u4VOuXFZt-kid_3uJdyqUV437cAg8GvtPpq4xRt3_27jvvwL9G6c0NkZOxZSC5PAr1zsDAD6hk0O4vte5pgGQgWt0U3tqE3" style="margin-left: 1em; margin-right: 1em;"><img data-original-height="436" data-original-width="746" height="374" src="https://blogger.googleusercontent.com/img/a/AVvXsEhVpqRijJDMtm8RBHv8jNj8D02pLfdi8RXKOzrZ88Ajfs6xdUo1YbuUg76k9qWCZpGsvmxPOTKa9-yulINZE3wEQU5u9u4VOuXFZt-kid_3uJdyqUV437cAg8GvtPpq4xRt3_27jvvwL9G6c0NkZOxZSC5PAr1zsDAD6hk0O4vte5pgGQgWt0U3tqE3=w640-h374" width="640" /></a></div><br /><br /><p></p><p><br /></p><p><u><span style="font-family: courier;">Geneve Tunneling Protocol</span></u>: NSX-T uses the Geneve tunneling protocol for encapsulating overlay traffic. Geneve offers a flexible and extensible framework, ensuring efficient and secure communication among virtual machines (VMs) and NSX-T logical networks.</p><p><br /></p><p>Tunnel Endpoint (TEP) IP Addresses: Each hypervisor host or NSX-T Edge node is assigned a unique TEP IP address as its tunnel endpoint. These addresses are used for encapsulating and decapsulating overlay traffic between different endpoints.</p><p><br /></p><p><u><span style="font-family: courier;">Overlay Transport Zone (OTZ)</span></u>: An Overlay Transport Zone defines the scope of network communication within an overlay infrastructure. TEP IP addresses are assigned to hypervisor hosts or NSX-T Edge nodes within an Overlay Transport Zone, facilitating proper encapsulation and routing of overlay traffic within that zone.</p><p><br /></p><p><u><span style="font-family: courier;">TEP (VXLAN Tunnel Endpoint):</span></u> Tunnel Endpoint (TEP) is a software component on a hypervisor host or NSX-T Edge node responsible for encapsulating and decapsulating overlay traffic. TEPs are associated with TEP IP addresses and enable communication between overlay and underlay networks.</p><p><br /></p><p>Gateway TEPs: In NSX-T , Gateway Tunnel Endpoint (Gateway TEP) represents the TEP IP address associated with an NSX-T Edge node functioning as a gateway. Gateway TEPs route traffic between overlay and external networks, establishing connectivity with physical or virtual networks beyond the NSX-T environment.</p><p><br /></p><p>It's important to note that specific configurations and functionalities of tunnel endpoints in NSX-T may vary depending on deployment models, network architecture, and use cases. For comprehensive information on tunnel endpoints and their implementation in NSX-T .</p><p>I recommend consulting VMware's official documentation, such as the NSX-T Administration Guide and the NSX-T Design Guide.</p>Sachin Bhardwajhttp://www.blogger.com/profile/00246998315096670256noreply@blogger.com0New York, NY, USA40.7127753 -74.005972812.402541463821152 -109.1622228 69.023009136178842 -38.849722799999995tag:blogger.com,1999:blog-7301826463672350299.post-24460174489872302092023-03-31T19:35:00.003+05:302023-05-24T11:11:50.131+05:30Future of NSX<p style="text-align: justify;">NSX-T is VMware's network virtualization and security platform, which enables the creation of virtual networks and security policies that are decoupled from physical network hardware. VMware has been investing heavily in NSX-T in recent years, and it is considered a critical component of VMware's broader cloud management and automation portfolio.</p><p style="text-align: justify;"><br /></p><p style="text-align: justify;"></p><div class="separator" style="clear: both; text-align: center;"><a href="https://blogger.googleusercontent.com/img/a/AVvXsEjOAN6yWPfX9J3XMR2YQThUd8b2uBa80vMdocd8xWgPb-nMBwzfI2jSNHH9bnEldVZlJAbABUOeiABQGZm37oM5YO343mw1JFrr_g5ZnO93HYai5wa-zBDUUSuCGaDygm2GD5raKCL52hnjCIPvkYuYcxa6CoPBhWIwvXhsqr79kd0ubO_E2m0B6bBw" style="margin-left: 1em; margin-right: 1em;"><img alt="" data-original-height="205" data-original-width="584" height="112" src="https://blogger.googleusercontent.com/img/a/AVvXsEjOAN6yWPfX9J3XMR2YQThUd8b2uBa80vMdocd8xWgPb-nMBwzfI2jSNHH9bnEldVZlJAbABUOeiABQGZm37oM5YO343mw1JFrr_g5ZnO93HYai5wa-zBDUUSuCGaDygm2GD5raKCL52hnjCIPvkYuYcxa6CoPBhWIwvXhsqr79kd0ubO_E2m0B6bBw" width="320" /></a></div><br /><br /><p></p><p style="text-align: justify;">The future of NSX-T looks promising, as it continues to evolve and expand its capabilities to support modern cloud and application architectures. Some of the key trends that are likely to shape the future of NSX-T include:</p><p><br /></p><p></p><ul style="text-align: left;"><li style="text-align: justify;">NSX-T is an essential component of VMware's vision for software-defined networking (SDN) and network virtualization, which aims to make it easier for organizations to build and manage complex network environments. Some of the key features and capabilities of NSX-T include:</li></ul><p></p><p style="text-align: justify;"><br /></p><p></p><ul style="text-align: left;"><li style="text-align: justify;">Network virtualization: NSX-T enables the creation of virtual networks that are decoupled from physical network hardware. This allows organizations to create highly flexible and scalable network architectures that can adapt to changing business needs.</li></ul><p></p><p style="text-align: justify;"><br /></p><p></p><ul style="text-align: left;"><li style="text-align: justify;">Micro-segmentation: NSX-T provides micro-segmentation capabilities that allow organizations to apply fine-grained security policies to individual workloads or applications. This helps to improve security by limiting the scope of potential security breaches.</li></ul><p></p><p style="text-align: justify;"><br /></p><p></p><ul style="text-align: left;"><li style="text-align: justify;">Container networking: NSX-T provides native support for container networking and Kubernetes, which allows organizations to integrate container environments with traditional virtualized environments.</li></ul><p></p><p style="text-align: justify;"><br /></p><p></p><ul style="text-align: left;"><li style="text-align: justify;">Multi-cloud networking: NSX-T provides multi-cloud networking capabilities, which enables organizations to create consistent network policies across different cloud environments. This is especially important as more organizations adopt hybrid and multi-cloud architectures.</li></ul><p></p><p style="text-align: justify;"><br /></p><p></p><ul style="text-align: left;"><li>Automation and orchestration: NSX-T provides highly automated network and security policies, which reduces the need for manual configuration and enables faster deployment of new applications and workloads.</li></ul><p></p><p><br /></p><p>In addition to the key features and capabilities mentioned earlier, NSX-T also provides the following benefits:</p><p></p><ul style="text-align: left;"><li>Simplified network management: NSX-T provides a centralized management interface that simplifies network configuration and management across multiple environments. This reduces the complexity of network management and enables faster deployment of new applications and services.</li></ul><p></p><p><br /></p><p></p><ul style="text-align: left;"><li>Improved network agility: NSX-T enables organizations to create virtual networks that can be quickly provisioned and de-provisioned as needed. This allows organizations to respond more quickly to changing business requirements and to adapt their network architectures to support new applications and workloads.</li></ul><p></p><p><br /></p><p></p><ul style="text-align: left;"><li>Increased security: NSX-T provides advanced security features such as micro-segmentation and distributed firewalling that help to improve network security and reduce the risk of security breaches.</li></ul><p></p><p><br /></p><p></p><ul style="text-align: left;"><li>Better application performance: NSX-T enables organizations to optimize network performance for specific applications or workloads by creating dedicated virtual networks and applying policies to ensure that traffic is routed efficiently.</li></ul><p></p><p><br /></p><p></p><ul style="text-align: left;"><li>Cost savings: NSX-T enables organizations to reduce network hardware costs by creating virtual networks that are decoupled from physical network hardware. This reduces the need for expensive network hardware and enables organizations to scale their networks more efficiently.</li></ul><p></p><p><br /></p><p style="text-align: justify;">In summary, the future of NSX-T is likely to be driven by the continued growth of cloud computing and the increasing adoption of new technologies such as containers and Kubernetes. As organizations continue to adopt these new technologies, NSX-T is likely to evolve to support new use cases and to provide more advanced network and security features that are tailored to the needs of modern application environments.</p><p style="text-align: justify;"><br /></p><p><br /></p><p><br /></p><p> </p>Sachin Bhardwajhttp://www.blogger.com/profile/00246998315096670256noreply@blogger.com0New York, NY, USA40.7127753 -74.005972812.402541463821152 -109.1622228 69.023009136178842 -38.849722799999995tag:blogger.com,1999:blog-7301826463672350299.post-69318873202983855732023-03-21T17:28:00.002+05:302023-03-21T17:28:08.235+05:30NSX-T Logical Routing<p><br /></p><p><br /></p><p style="text-align: justify;">NSX-T logical routing is a powerful feature of the NSX-T networking and security platform that allows for flexible and scalable routing of traffic between virtual and physical networks. With NSX-T logical routing, you can create logical routers that can route traffic between virtual networks, physical networks, and even across different cloud environments. In this article, we will explore the benefits of NSX-T logical routing, how it works, and some best practices for its implementation.</p><p style="text-align: justify;"><br /></p><p><u>Benefits of NSX-T Logical Routing</u></p><p>NSX-T logical routing offers several key benefits, including:</p><p style="text-align: justify;">Scalability: NSX-T logical routing provides a scalable solution for routing traffic between virtual and physical networks, allowing you to easily scale your network infrastructure as your organization grows.</p><p style="text-align: justify;">Flexibility: NSX-T logical routing provides a flexible solution for routing traffic between different networks and cloud environments, allowing you to easily connect your virtual and physical infrastructure to create a cohesive network architecture.</p><p style="text-align: justify;">Simplified Management: NSX-T logical routing simplifies network management by providing a single pane of glass for managing routing policies across multiple virtual and physical networks.</p><p style="text-align: justify;"><br /></p><p><u>How NSX-T Logical Routing Works</u></p><p style="text-align: justify;">NSX-T logical routing works by creating logical routers that can route traffic between virtual and physical networks. These logical routers are created using NSX-T Manager, which allows you to define routing policies and configure interfaces for each logical router.</p><p style="text-align: justify;">Once a logical router is created, you can then configure routing policies to control how traffic is routed between virtual and physical networks. For example, you can configure static routes or use dynamic routing protocols such as OSPF or BGP to dynamically route traffic between networks.</p><p style="text-align: justify;"><br /></p><p><u>Best Practices for Implementing NSX-T Logical Routing</u></p><p style="text-align: justify;">When implementing NSX-T logical routing, it is important to follow best practices to ensure optimal performance and security. Some best practices to consider include:</p><p style="text-align: justify;">Segmentation: Use network segmentation to separate traffic between different logical routers to improve security and reduce the risk of unauthorized access to sensitive data.</p><p style="text-align: justify;">Redundancy: Implement redundant logical routers to ensure high availability and reduce the risk of network downtime.</p><p style="text-align: justify;">Performance Optimization: Optimize routing performance by configuring routing policies to minimize the number of hops required to route traffic between networks.</p><p style="text-align: justify;">Security: Use NSX-T security features such as Distributed Firewall and Micro-segmentation to enhance security and protect against threats.</p><p style="text-align: justify;"><br /></p><p style="text-align: justify;">NSX-T logical routing is a critical component of the NSX-T platform, providing organizations with the ability to build complex, multi-tenant networks that can support a variety of applications and services. NSX-T logical routing can also help organizations achieve compliance with regulatory requirements such as PCI-DSS and HIPAA by providing a secure and segmented network architecture.</p><p style="text-align: justify;">One of the key benefits of NSX-T logical routing is its ability to route traffic across different cloud environments. With NSX-T logical routing, organizations can easily connect their virtual and physical infrastructure to cloud environments such as AWS, Azure, and Google Cloud Platform. This allows organizations to build hybrid cloud architectures that can provide greater flexibility and cost savings than traditional on-premises solutions.</p><p style="text-align: justify;">NSX-T logical routing also provides organizations with the ability to create virtual networks that are completely isolated from one another. This can help organizations meet regulatory requirements for data privacy and security, and can also help prevent unauthorized access to sensitive data. Additionally, NSX-T logical routing allows organizations to create multiple virtual routing domains within a single physical network, providing a high degree of flexibility and control over network traffic.</p><p style="text-align: justify;"><br /></p><p style="text-align: justify;">When implementing NSX-T logical routing, it is important to consider the impact on network performance. While NSX-T logical routing can provide a scalable and flexible solution for routing traffic, it can also introduce additional latency and overhead. To optimize network performance, it is important to carefully configure routing policies and implement strategies such as route aggregation and summarization.</p><p style="text-align: justify;"><br /></p><p><u>Summary</u></p><p>NSX-T logical routing is a powerful and flexible solution for routing traffic between virtual and physical networks. By following best practices for implementation and optimization, organizations can build secure and scalable network architectures that can support a variety of applications and services. </p>Sachin Bhardwajhttp://www.blogger.com/profile/00246998315096670256noreply@blogger.com0tag:blogger.com,1999:blog-7301826463672350299.post-34262732147184077692021-12-04T03:01:00.000+05:302021-12-04T03:01:16.715+05:30Micro-Segmentation<p> According to VMware, “Micro-segmentation enables organizations to logically divide its data center into distinct security segments down to the individual workload level, and then define security controls and deliver services for each unique segment.” (Lawrence Miller, CISSP and Joshua Soto, 2015, p. 21) The benefit of micro-segmentation is that it denies an attacker the opportunity to pivot laterally within the internal network, even after the perimeter has been breached.</p><p>VMware NSX-T supports micro-segmentation as it allows for a centrally controlled, yet distributed firewall to be attached directly to workloads within an organization’s network. The distribution of the firewall for the application of security policy to protect individual workloads is effective as rules can be applied that are specific to the requirements of each workload. The additional value that NSX-T provides is that the capabilities of NSX are not limited to homogenous vSphere environments, but support the heterogeneity of platforms and infrastructure that is more commonly used with many organizations today. Figure 7 depicts micro-segmentation capabilities of NSX, where each workload is virtual secured with its own distributed firewall.</p><p><br /></p><p></p><div class="separator" style="clear: both; text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjXP9Dr8uzRwM8tgi2Qm9jP2SFBRlCveoGB_wPAzVV8RelzjViQzHm8ZHiEm-T2kweU13fNrxP-N71q529wem2D0GEHWgZxIqLD85aMkh2qyJKTk5Uy_dS-V4zS7KTbOqL0JugeJPqUK5A/" style="margin-left: 1em; margin-right: 1em;"><img data-original-height="825" data-original-width="1182" height="446" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjXP9Dr8uzRwM8tgi2Qm9jP2SFBRlCveoGB_wPAzVV8RelzjViQzHm8ZHiEm-T2kweU13fNrxP-N71q529wem2D0GEHWgZxIqLD85aMkh2qyJKTk5Uy_dS-V4zS7KTbOqL0JugeJPqUK5A/w640-h446/image.png" width="640" /></a></div><br /><br /><p></p><p>Micro-segmentation provided by NSX-T better supports a Zero Trust architecture for IT security such that it allows for perimeters to be established around each workload. The Zero Trust architecture was introduced by analyst firm Forrester Research as an alternative approach to IT security architecture. Conventional security models assume that everything on the inside of an organization’s network can be trusted, whereas the Zero Trust model assumes the opposite: that nothing can be trusted and everything should be verified. The Zero Trust model for IT security is a principle that addresses the increased sophistication of network attacks and insider threats. </p><p>Rather than simply placing firewalls at the edge of the organization’s network to prevent attacks from external networks, the Zero Trust model looks at ways to better control and manage network traffic within the organization’s network. The intent is that for each system in an organization’s network, trust of the underlying network is completely removed. To do this, organizations can define perimeters within the network to limit the possibility of lateral (east-west)movement of an attacker. Implementation of a Zero Trust model of IT security with traditional network security solutions designed primarily to protect the organization’s edge can be costly and complex. </p><p>Moreover, the lack of visibility for organization’s internal networks can slow down implementation of a Zero Trust architecture and possibly leave gaps that may only be discovered during a breach. Additionally, internal perimeters may only have granularity down to a VLAN or subnet, as is common with many traditional DMZs. However, network virtualization solutions like NSX and NSX-T can provide a more cost effective and efficient means to implement a Zero Trust network</p>Sachin Bhardwajhttp://www.blogger.com/profile/00246998315096670256noreply@blogger.com0tag:blogger.com,1999:blog-7301826463672350299.post-26099483223000668432021-11-08T17:08:00.011+05:302021-11-08T19:48:44.373+05:30About Bidirectional Forwarding Detection (BFD)<p> </p><p><span style="text-align: justify;">Bidirectional forward detection (BFD) is the protocol designed for detecting fast forwarding path failure detection various media types, encapsulations, topologies and routing protocols. BFD helps in providing a consistent failure detection method. </span></p><p style="text-align: justify;"><br /></p><p style="text-align: justify;">In NSX-T environment where Edge node in edge cluster exchange its BFD keep-alive status on management and tunnel (TEP/overlay) interface to get proper communication among each Edge/host transport nodes in NSX-T environment.</p><p></p><div class="separator" style="clear: both; text-align: justify;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgyR8JTaGgx2tYdMxPMWm6-ZUNw93k8inZ0JXJnLxivVCh8vCFu-hm6B-brewkw9LPNdmJf3C_zxcIYCUkrLA0-OGP4dsQ9uK7pQLHGz1DfI1rBLTCMD3H9p_ZCauhXOukfcJMPPPbFnjo/" style="margin-left: 1em; margin-right: 1em;"><img data-original-height="560" data-original-width="845" height="424" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgyR8JTaGgx2tYdMxPMWm6-ZUNw93k8inZ0JXJnLxivVCh8vCFu-hm6B-brewkw9LPNdmJf3C_zxcIYCUkrLA0-OGP4dsQ9uK7pQLHGz1DfI1rBLTCMD3H9p_ZCauhXOukfcJMPPPbFnjo/w640-h424/image.png" width="640" /></a></div> Fig:1 (Credit: vmware.com)<br /><br /><p></p><p style="text-align: justify;"><b>eg: </b>When the standby Edge node on T0 gateway fails to receive keep-alive status on both (management & tunnels) interfaces then in that case its not going to become active as its already in standby state. What its looses is its interface communication either from management of overlay.</p><p style="text-align: justify;"><br /></p><h3 style="text-align: left;"><u>Some features of BFD </u></h3><p></p><ul style="text-align: left;"><li>High availability uses BFD to detect forwarding path failures.</li></ul><ul style="text-align: left;"><li>BFD provides a low-overhead detection of fault even on physical media that do not support failure detection of any kind, suck as Ethernet.</li></ul><ul style="text-align: left;"><li>BFD keep alive were sent to both management and tunnel interfaces.</li></ul><p></p><p><br /></p><p></p><div class="separator" style="clear: both; text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEh3nTlEmbp0zeHKxiayAKn60cRrGQ03IYC0pwkOjZQ-PkBsYbKd_Yy5WckxeU-ZD9IljePLdr8yCmNT1M_hwN-K-WQdyM3c21-HZorL2hCm-z3SfBkwroOJigw002yRdzv4cSUY5Kuk340/" style="margin-left: 1em; margin-right: 1em;"><img data-original-height="493" data-original-width="516" height="382" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEh3nTlEmbp0zeHKxiayAKn60cRrGQ03IYC0pwkOjZQ-PkBsYbKd_Yy5WckxeU-ZD9IljePLdr8yCmNT1M_hwN-K-WQdyM3c21-HZorL2hCm-z3SfBkwroOJigw002yRdzv4cSUY5Kuk340/w400-h382/image.png" width="400" /></a></div><div> Fig:2 (Credit: vmware.com)</div><div><br /></div><p></p><ul style="text-align: left;"><li>The Tier-0 gateway supports the BFD protocol to protect the connection within the routing peers (External/physical).</li></ul><ul style="text-align: left;"><li>BFD allows and protect both static and dynamic routers.</li></ul><ul style="text-align: left;"><li>Provides fast detection of node (edge or physical gateway) or uplink failures.</li></ul><ul style="text-align: left;"><li>Enable multiple BFD sessions if multiple link exist between two system.</li></ul><p></p><br /><p></p><p><br /></p><p><br /></p><p><br /></p>Sachin Bhardwajhttp://www.blogger.com/profile/00246998315096670256noreply@blogger.com1tag:blogger.com,1999:blog-7301826463672350299.post-62841431116546099672021-11-08T13:21:00.011+05:302021-11-08T18:43:58.933+05:30NSX-T Data Center Firewalls<p></p><div><br /></div><p></p><h2 style="text-align: left;">NSX-T Data Center included two types of firewalls:</h2><p></p><h3><ol style="text-align: left;"><li>Distributed Firewall (<span style="font-weight: normal;">for east-west traffic</span>)</li><li>Gateway Firewall (<span style="font-weight: normal;">for north-south traffic</span>)</li></ol></h3><div><div class="separator" style="clear: both; text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhtgC4CMhiSc7Dr0rxzd1efod__f2Mr2W0FAZCfoH79YhuSHYNr4pkSfvZkm6PxAQ4fo48LWwb3SlECJ_c2XQxBtRkmDdY0BeQvpqxbwV5uQx4OAaTgVT678B-4TfjXQyG0XRs4f9hRLwc/" style="margin-left: 1em; margin-right: 1em;"><img data-original-height="464" data-original-width="1126" height="264" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhtgC4CMhiSc7Dr0rxzd1efod__f2Mr2W0FAZCfoH79YhuSHYNr4pkSfvZkm6PxAQ4fo48LWwb3SlECJ_c2XQxBtRkmDdY0BeQvpqxbwV5uQx4OAaTgVT678B-4TfjXQyG0XRs4f9hRLwc/w640-h264/image.png" width="640" /></a></div> Fig:1 (credit: vmware.com)</div><div>The distributed firewall is a hypervisor, kernel-embedded stateful firewall: </div><div><ul style="text-align: left;"><li>It resides in the kernel of the hypervisor and outside the guest OS of the VM. </li><li>It controls the I/O path to and from the vNIC.</li></ul>The gateway firewall is used for north-south traffic between the NSX-T gateways and the physical network:</div><div><ul style="text-align: left;"><li>Its is also called as perimeter firewall protect to and from the physical environment.</li><li>It applies to Tier-0 and Tier-1 gateway uplinks and service interfaces. </li><li>It support both Tier-0 and Tier-1 gateway. If its applies to Tier-0 or Tier-1 gateway then HA status of that gateway should be active-standby.</li><li>It is a centralized stateful service enforced on the NSX Edge node.</li></ul></div><div><br /></div><p></p><div><br /></div><div>Lets discuss both of the above firewall types in detail:</div><div><br /></div><div><h4><ol style="text-align: left;"><li>Distributed Firewall</li></ol></h4><div><br /></div><div>DFW(Distributed Firewall) works on ZTNA( Zero trust network architecture) or you can say TNO (Trust no one). All this can be achived with micro-segmentation and where distributed firewall fall in picture.</div><div><br /></div><div>DFW basically pushes the firewall rules down to the virtual machine virtual nic as mentioned in below fig:2. </div><div><div class="separator" style="clear: both; text-align: center;"><br /></div><div class="separator" style="clear: both; text-align: center;"><br /></div><div class="separator" style="clear: both; text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjPVSQPw_PdA-gsguhgMC2_6i7k7jBCXk11mF84Zvo5cM0bB3RNueq-Yz57URBhXy_vTo_lTAhk6-jDHma6x5NDKP2wVHUQ0MlP-MULKrXCLzqC1gPupLYZVNJCD9vYwXoC_BPU57tibkA/" style="margin-left: 1em; margin-right: 1em;"><img data-original-height="387" data-original-width="1232" height="202" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjPVSQPw_PdA-gsguhgMC2_6i7k7jBCXk11mF84Zvo5cM0bB3RNueq-Yz57URBhXy_vTo_lTAhk6-jDHma6x5NDKP2wVHUQ0MlP-MULKrXCLzqC1gPupLYZVNJCD9vYwXoC_BPU57tibkA/w640-h202/image.png" width="640" /></a></div><br /> Fig:2 (Credit: vmware.com)</div><div><br /></div><div>Its something pushing the intelligence as close to the source of the traffic as possible. Here source of the traffic is going to be virtual machine, virtual appliances, containers or even baremetal servers. As mentioned above workload could be different kind of which is being secure by DFW.</div><div><br /></div><div>The beauty of microsegmentation is not only pushes the DFW firewall ruleset down to the VM virtual nic but also as that VM moves to other host using vMotion during balancing the cluster resouces or any other reason as per the need like who communicate to whom where the VM vmnic policy also sustain with the VM and secure its traffic. Same has ben demonstrated in below figure.</div><div><br /></div><div><div class="separator" style="clear: both; text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgrepM788uBOs2FzUuGkrqUQbY30S-I2aHvR_kTDbEslhqSlD6uFSVpRIIsTE_h49ms1Bp_Cx6oB1bblhsJUJ5DoVNpmks_CnhWt3LzoqlcjBy_olwdhfTdtmonDnB-tP0BSpDqojYu-Ko/" style="margin-left: 1em; margin-right: 1em;"><img data-original-height="623" data-original-width="632" height="259" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgrepM788uBOs2FzUuGkrqUQbY30S-I2aHvR_kTDbEslhqSlD6uFSVpRIIsTE_h49ms1Bp_Cx6oB1bblhsJUJ5DoVNpmks_CnhWt3LzoqlcjBy_olwdhfTdtmonDnB-tP0BSpDqojYu-Ko/w352-h259/image.png" width="352" /></a></div><br /> Fig:3 (Credit: vmware.com)</div><div><br /></div><h4 style="text-align: left;">Features of Distributed Firewall:</h4><div><ul style="text-align: left;"><li>Support for multiple hypervisors (ESXi, KVM)</li><li>Support for multiple workloads (VM and container) </li><li>On-premises and public cloud support </li><li>Static and dynamic grouping based on compute objects and tags.</li><li>Firewall rule enforcement regardless of the network transport type (overlay or VLAN).</li><li>vSphere vMotion support: Firewall policies move with VMs.</li><li>Centralized configuration through the NSX UI or API.</li><li>Layer 2 stateless firewall rules .</li><li>Layer 3 stateless and stateful firewall rules.</li><li>Context-aware (layer 7) firewall rules </li></ul></div><div><br /></div><div><div class="separator" style="clear: both; text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiqOTt37chQ2jPYbDfViD5OM3HhPJq353PAX4yjtpmhimONrVF0JWpC6i5vHNASUDT9m2PTHkm1h-eZkad3fpEGW2_42UAZ1yXpXPEtcimNYI5fglK7yAScYQqOqMbaWSLCceesl8OWI78/" style="margin-left: 1em; margin-right: 1em;"><img data-original-height="667" data-original-width="884" height="302" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiqOTt37chQ2jPYbDfViD5OM3HhPJq353PAX4yjtpmhimONrVF0JWpC6i5vHNASUDT9m2PTHkm1h-eZkad3fpEGW2_42UAZ1yXpXPEtcimNYI5fglK7yAScYQqOqMbaWSLCceesl8OWI78/w400-h302/image.png" width="400" /></a></div><br /> Fig:4 (Credit: vmware.com)</div><div><br /></div><h4 style="text-align: left;">Distributed Firewall Architecture</h4><h4 style="text-align: left;"><b style="font-family: courier;"><u>PS: Below config supports on hypervisor type ESXi only</u></b></h4><div><ul style="text-align: left;"><li>nsx-proxy: Retrieve configuration change from CCP (Central Control Plane) and configure datapath module.</li></ul><ul style="text-align: left;"><li>DataPath Modules:<br />- VSIP: Receive firewall rules and downloads to each VM vmnic.<br />- VDPI: Perform L7 packet inspection.</li></ul><ul style="text-align: left;"><li>stats Exporter: Collect flow records from the distributed firewall data plane kernel module and generate rule statistics.</li></ul><ul style="text-align: left;"><li>nsx-proxy: Passes rules statistics and real-time data to management plane.</li></ul><div><br /></div></div><h3 style="text-align: left;">2. <u>Gateway Firewall</u></h3><div><br /></div><div>The NSX-T Data Center gateway firewall provides essential perimeter firewall protection that can be used in addition to a physical perimeter firewall. The gateway firewall data path uses the Data Plane Development Kit (DPDK) framework supported on NSX Edge to provide better throughput. </div><div><br /></div><div><div>The NSX-T Data Center gateway firewall is instantiated per logical router and supported at both Tier-0 and Tier-1.</div></div><div><br /></div><div>The Tier-0 Gateway firewall supports stateful firewall filtering only with active-standby high availability mode. The active-active mode supports only stateless rules.</div><div><br /></div><div>The NSX-T Edge cluster must support NSX gateway to provide statefull firewall services.</div><div><br /></div><div>Some characteristics of Gateway Firewall</div><div><br /></div><div><ul style="text-align: left;"><li>Enforced on the northbound-facing interface of the gateway</li><li>Implemented per NSX gateway node and supported at both Tier-0 and Tier-1</li><li>A centralized service requiring the SR component of the router</li><li>A statefull firewall for north-south traffic, generally used as a perimeter firewall </li></ul><div><br /></div></div><div><div class="separator" style="clear: both; text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiPR2FpSRsriCvBZ3KdFrVtj9or6HOEIOE7q9GyOV8lynowdv2EZuj5kCo3QOut7Z-3wg9khqupErZv-_xMPPmnGr9cg2-CQKCVPeGA7ZdUpg4Jv6S7B7m7hNBYyDk5kMg9uvN1HE29RVM/" style="margin-left: 1em; margin-right: 1em;"><img data-original-height="680" data-original-width="945" height="288" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiPR2FpSRsriCvBZ3KdFrVtj9or6HOEIOE7q9GyOV8lynowdv2EZuj5kCo3QOut7Z-3wg9khqupErZv-_xMPPmnGr9cg2-CQKCVPeGA7ZdUpg4Jv6S7B7m7hNBYyDk5kMg9uvN1HE29RVM/w400-h288/image.png" width="400" /></a></div><br /><br /></div><div> Fig:5 </div><div><br /></div><div>As mentioned in above figure, Distributed firewall can be applied at Tier-0 and Tier1 gateway as statefull and stateless. For statefull GW its require to have instantiation of SR router and Edge HA status require to be in active-standby state.</div><div> </div></div><div>Hope this article help you in getting more insight about DFW and GW Firewall. :)</div><p></p>Sachin Bhardwajhttp://www.blogger.com/profile/00246998315096670256noreply@blogger.com0tag:blogger.com,1999:blog-7301826463672350299.post-70221808618514488602021-07-26T13:54:00.019+05:302021-11-08T18:44:13.619+05:30Collecting Logs from NSX-T Edge nodes using CLI<p><span style="font-family: arial;"> </span></p><p><span style="font-family: arial;">This article explains how to </span>extract the logs from NSX-T Edge nodes from CLI.</p><p><br /></p><p>Let's view the steps involved:</p><p>1) Login to NSX-T Edge node using CLI from <b><u>admin</u></b> credentials.</p><div class="separator" style="clear: both; text-align: left;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiUMZgqL-egkjWk2zYMr6V6ABDZCqe1G_FHNIa2iNsU_yluXKWZCdBkGBijX_qJCzKEM-cRSRMTVCYEO_eGypKgiNbkFn-Hkxsjsk1k7yTttZqQSCVIJ31EH1i3b1Jm5bj_PCetlptGE2g/s1212/Screenshot+2021-07-26+at+2.21.02+PM.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="642" data-original-width="1212" height="340" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiUMZgqL-egkjWk2zYMr6V6ABDZCqe1G_FHNIa2iNsU_yluXKWZCdBkGBijX_qJCzKEM-cRSRMTVCYEO_eGypKgiNbkFn-Hkxsjsk1k7yTttZqQSCVIJ31EH1i3b1Jm5bj_PCetlptGE2g/w640-h340/Screenshot+2021-07-26+at+2.21.02+PM.png" width="640" /></a></div><div class="separator" style="clear: both; text-align: center;"><br /><br /></div><p>2) <span style="font-family: arial; font-size: medium;">Use of </span>"<span style="font-family: courier; font-size: medium; white-space: pre;">get support-bundle</span><span style="font-family: monospace; font-size: medium; white-space: pre;">"</span><span style="font-family: monospace; font-size: 12px; white-space: pre;"> </span><span style="white-space: pre;"><span style="font-family: arial; font-size: medium;">for Log extraction.</span></span></p><p><span style="font-family: arial;"><span style="white-space: pre;">get support-bundle command will extract the complete logs from NSX-T manager/Edge nodes.</span></span></p><p><span style="font-family: monospace; font-size: medium; white-space: pre;">nsx-manager-1> get support-bundle file support-bundle.tgz</span></p><p></p><div class="separator" style="clear: both; text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiyWEmkskoEkfrRpsJn-jbENRWvMJlG6zZNp5ZF2xoqU8ZUNDwXi62mYTZ9T5VGdtTVfvlrzTRM9r2Q35y56R2zMWeVH6_1mmbFAlWl2QQDvKqWENOCdUjGLR0rc3Lv4wnA4IIjpnqR_5o/s1258/Screenshot+2021-07-26+at+1.44.11+PM.png" style="clear: left; float: left; margin-bottom: 1em; margin-right: 1em;"><img border="0" data-original-height="168" data-original-width="1258" height="86" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiyWEmkskoEkfrRpsJn-jbENRWvMJlG6zZNp5ZF2xoqU8ZUNDwXi62mYTZ9T5VGdtTVfvlrzTRM9r2Q35y56R2zMWeVH6_1mmbFAlWl2QQDvKqWENOCdUjGLR0rc3Lv4wnA4IIjpnqR_5o/w640-h86/Screenshot+2021-07-26+at+1.44.11+PM.png" width="640" /></a></div><p><br /></p><p><span style="font-family: monospace; font-size: 12px; white-space: pre;"><br /></span></p><p><span style="white-space: pre;"><span style="font-family: arial;">3)</span></span><span style="font-family: monospace; font-size: 12px; white-space: pre;"> </span><span style="font-family: arial; font-size: medium; white-space: pre;">Last step is to us</span><span style="white-space: pre;"><span style="font-family: arial;">e of</span></span><span style="font-family: monospace; font-size: 12px; white-space: pre;"> </span><span style="font-family: arial; font-size: large; white-space: pre;">"</span><span style="white-space: pre;"><span style="font-family: courier; font-size: medium;">copy file support-bundle.tgz url</span><span style="font-family: arial; font-size: large;">"</span></span><span style="font-family: monospace; font-size: 12px; white-space: pre;"> </span><span style="white-space: pre;"><span style="font-family: arial; font-size: medium;">command.</span></span></p><p><span style="white-space: pre;"><span style="font-family: arial;">copy file will forward your collected logs from the NSX-T manager to the destination(URL) host from where you can download the logs.</span></span></p><p><span><span style="font-family: courier; font-size: medium; white-space: pre;">copy file support.bundle.tgz url scp://root@192.168.11.15/tmp</span></span></p><p>Here, the URL specified is the ESXi host ( 192.168.11.15) under /tmp partition where logs will be copied and from there one can extract it for further log review.</p><p><br /></p><p>Happy Learning. :)</p><p><br /></p><p><br /></p><p><span style="font-family: monospace;"><span style="font-size: 12px; white-space: pre;"><br /></span></span></p><p><span style="font-family: monospace; font-size: 12px; white-space: pre;"><br /></span></p>Sachin Bhardwajhttp://www.blogger.com/profile/00246998315096670256noreply@blogger.com0tag:blogger.com,1999:blog-7301826463672350299.post-36956135237452516022021-07-04T21:14:00.017+05:302021-07-04T23:23:05.949+05:30NSX-T BGP Neighbor validation<h1 style="text-align: left;"><span style="font-family: Georgia;"><br /></span></h1><h1 style="text-align: left;"><span style="font-family: Georgia;">NSX-T BGP Neighbor validation </span></h1><p style="text-align: left;"></p><div style="text-align: justify;"><span style="font-family: inherit;"><br /></span></div><span style="font-family: inherit;"><div style="text-align: justify;"><span>BGP is one of the most popular options for establishing routing adjacencies between NSX and existing networks. It can be configured on the Tier-0 Logical Router</span><span class="Apple-converted-space">.</span></div></span><p></p><p class="p2" style="font-stretch: normal; font-variant-east-asian: normal; font-variant-numeric: normal; line-height: normal; margin: 0px; text-align: justify;"></p><div class="separator" style="clear: both; text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiyIl9suTBjD6DPnQdtSBkq4vVIAPk8Xz7Diru7MCxiBNfzJnoLeiIhMJwAJd8Cp8uTLODf1T5qM9ZwZrHgku9Hlv2h13hiaCduQAUvWrWRNWiMlJJFxCBIKnF7shhtZs0iHJI6PbAvxfI/s726/Screenshot+2021-07-04+at+11.20.56+PM.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="286" data-original-width="726" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiyIl9suTBjD6DPnQdtSBkq4vVIAPk8Xz7Diru7MCxiBNfzJnoLeiIhMJwAJd8Cp8uTLODf1T5qM9ZwZrHgku9Hlv2h13hiaCduQAUvWrWRNWiMlJJFxCBIKnF7shhtZs0iHJI6PbAvxfI/s320/Screenshot+2021-07-04+at+11.20.56+PM.png" width="320" /></a></div><br /><span class="Apple-converted-space" style="font-family: inherit;"><br /></span><p></p><p class="p2" style="font-stretch: normal; font-variant-east-asian: normal; font-variant-numeric: normal; line-height: normal; margin: 0px; text-align: justify;"><span class="Apple-converted-space" style="font-family: inherit;">This article demonstrates various ways from where you can validate the BGP Neighbor status from T0 to its associated ToR switches into the rack.</span></p><p class="p2" style="font-stretch: normal; font-variant-east-asian: normal; font-variant-numeric: normal; line-height: normal; margin: 0px;"><span class="Apple-converted-space" style="font-family: inherit;"><br /></span></p><p class="p2" style="font-stretch: normal; font-variant-east-asian: normal; font-variant-numeric: normal; line-height: normal; margin: 0px; text-align: justify;"><span class="Apple-converted-space" style="font-family: inherit;">Let's get started..</span></p><p class="p2" style="font-stretch: normal; font-variant-east-asian: normal; font-variant-numeric: normal; line-height: normal; margin: 0px; text-align: justify;"><span class="Apple-converted-space" style="font-family: inherit;"><br /></span></p><p class="p2" style="font-stretch: normal; font-variant-east-asian: normal; font-variant-numeric: normal; line-height: normal; margin: 0px; text-align: justify;"><span class="Apple-converted-space" style="font-family: inherit;"><br /></span></p><p class="p2" style="font-stretch: normal; font-variant-east-asian: normal; font-variant-numeric: normal; line-height: normal; margin: 0px; text-align: justify;"><span class="Apple-converted-space" style="font-family: inherit;">Methods from where one could validate BGP status are as below.</span></p><p class="p2" style="font-stretch: normal; font-variant-east-asian: normal; font-variant-numeric: normal; line-height: normal; margin: 0px; text-align: justify;"><span class="Apple-converted-space" style="font-family: inherit;"><br /></span></p><p class="p2" style="font-stretch: normal; font-variant-east-asian: normal; font-variant-numeric: normal; line-height: normal; margin: 0px; text-align: justify;"></p><ol><li><span class="Apple-converted-space" style="font-family: inherit;">Using NSX-T Manager UI</span></li><li><span class="Apple-converted-space" style="font-family: inherit;">From NSX-T Edge CLI</span></li></ol><p></p><p class="p2" style="font-stretch: normal; font-variant-east-asian: normal; font-variant-numeric: normal; line-height: normal; margin: 0px; text-align: justify;"><span class="Apple-converted-space" style="font-family: inherit;"><br /></span></p><p class="p2" style="font-stretch: normal; font-variant-east-asian: normal; font-variant-numeric: normal; line-height: normal; margin: 0px; text-align: justify;"><span style="font-family: inherit;">First thing first, let's discuss using <u><b>NSX-T Manager UI </b></u>method.</span></p><p class="p2" style="font-stretch: normal; font-variant-east-asian: normal; font-variant-numeric: normal; line-height: normal; margin: 0px; text-align: justify;"><span style="font-family: inherit;"><br /></span></p><p class="p2" style="font-stretch: normal; font-variant-east-asian: normal; font-variant-numeric: normal; line-height: normal; margin: 0px; text-align: justify;"></p><ul><li><span style="font-family: inherit;">Login to NSX-T Manager UI</span></li><li>Click on MANAGER mode</li></ul><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgo9UXzK3l40RVDsASW-0YvLs-Nk1B-Dnap5bvEtd2GHD8YzAdVHh6xCzwOJsjOux5spcmDJ7OGtsppK2NzWnErcEtK8rHFtOST1XBjT5uAfoUa2V3KpLOMatDOy4AwJ89uSno5T4ZpVVU/s628/managerview.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em; text-align: center;"><img border="0" data-original-height="112" data-original-width="628" height="114" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgo9UXzK3l40RVDsASW-0YvLs-Nk1B-Dnap5bvEtd2GHD8YzAdVHh6xCzwOJsjOux5spcmDJ7OGtsppK2NzWnErcEtK8rHFtOST1XBjT5uAfoUa2V3KpLOMatDOy4AwJ89uSno5T4ZpVVU/w640-h114/managerview.png" width="640" /></a><br /><ul><li>Click on Network</li></ul><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjWwkee6RT9uKtW9gMWjB4y2MawKPlJVb2vGZKeDd3vzQ39SmPQOB5LVX2MzYgqoRvz5NB4BtjNxct38DASHkSeoC2mnMG-oP_Rgq9E1c7drZF4qc3PLcgvLp-__Q8I-QBT6YvWwESQhpA/s2642/Screenshot+2021-07-04+at+10.18.12+PM.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em; text-align: center;"><img border="0" data-original-height="376" data-original-width="2642" height="57" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjWwkee6RT9uKtW9gMWjB4y2MawKPlJVb2vGZKeDd3vzQ39SmPQOB5LVX2MzYgqoRvz5NB4BtjNxct38DASHkSeoC2mnMG-oP_Rgq9E1c7drZF4qc3PLcgvLp-__Q8I-QBT6YvWwESQhpA/w400-h57/Screenshot+2021-07-04+at+10.18.12+PM.png" width="400" /></a><p></p><p class="p2" style="font-stretch: normal; font-variant-east-asian: normal; font-variant-numeric: normal; line-height: normal; margin: 0px; text-align: justify;"></p><ul><li>Select the desired T0 Gateway > Action > Generate BGP Summary</li></ul><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEigRr4X5rBq5VqYF9ePA0DSbBbGic21XqWm08IQZ9ozPpEiNlR8xYxkK2MSZl4wVOZMGu8OdXh0B-QWJNZ9TictRbJnmA1aaT_gGc2fpOV2o85QNOWXGEuikH7fm6vAXCrFjDFQpLynVN0/s1978/Screenshot+2021-07-04+at+10.20.27+PM.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em; text-align: center;"><img border="0" data-original-height="676" data-original-width="1978" height="219" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEigRr4X5rBq5VqYF9ePA0DSbBbGic21XqWm08IQZ9ozPpEiNlR8xYxkK2MSZl4wVOZMGu8OdXh0B-QWJNZ9TictRbJnmA1aaT_gGc2fpOV2o85QNOWXGEuikH7fm6vAXCrFjDFQpLynVN0/w640-h219/Screenshot+2021-07-04+at+10.20.27+PM.png" width="640" /></a><p></p><p class="p2" style="font-stretch: normal; font-variant-east-asian: normal; font-variant-numeric: normal; line-height: normal; margin: 0px; text-align: justify;"><br /></p><p class="p2" style="font-stretch: normal; font-variant-east-asian: normal; font-variant-numeric: normal; line-height: normal; margin: 0px; text-align: justify;"></p><ul><li>This will show the BGP Connection status. If Connection status is showing as "ESTABLISHED". This means that T0 router has successfully peering with ToR switch.</li></ul><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEik64aKVfUfOCG3yKOpEkZZys-0qzfmO8NufBLjmQNIiJhgiHpG0-4vwXY9vtikuteKzcNn1lyycwHBNYjlkyxueVB4yfixH1WrqIGhTxigXfcnJTO5iP2H9n_AxZZMpAMQbmfsJPJIf4k/s2016/Screenshot+2021-07-04+at+10.25.58+PM.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em; text-align: center;"><img border="0" data-original-height="780" data-original-width="2016" height="248" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEik64aKVfUfOCG3yKOpEkZZys-0qzfmO8NufBLjmQNIiJhgiHpG0-4vwXY9vtikuteKzcNn1lyycwHBNYjlkyxueVB4yfixH1WrqIGhTxigXfcnJTO5iP2H9n_AxZZMpAMQbmfsJPJIf4k/w640-h248/Screenshot+2021-07-04+at+10.25.58+PM.png" width="640" /></a><p></p><div><br /></div><div><br /></div>The second method where you can validate the BGP Connection status is from <b><u>NSX-T Edge nodes.</u></b><div><br /></div><div>Steps involved:</div><div><br /></div><div><ul style="text-align: left;"><li>Login to NSX-T Edge node using SSH</li></ul><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgPUdZ13mwILCRQwE3skbOFTkMoFTddRiKde6ZX9ok4MShwA0AT3x7LzXUTLw349Lo34z6AsAMzk-intzukvIwAMFyNZMg5e17V1CsixvL37z_3b4iNKgtXscMCN5gtIr9hDeld9yaaQAE/s1358/Screenshot+2021-07-04+at+10.59.40+PM.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em; text-align: center;"><img border="0" data-original-height="862" data-original-width="1358" height="254" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgPUdZ13mwILCRQwE3skbOFTkMoFTddRiKde6ZX9ok4MShwA0AT3x7LzXUTLw349Lo34z6AsAMzk-intzukvIwAMFyNZMg5e17V1CsixvL37z_3b4iNKgtXscMCN5gtIr9hDeld9yaaQAE/w400-h254/Screenshot+2021-07-04+at+10.59.40+PM.png" width="400" /></a></div><div><ul style="text-align: left;"><li>Get into the logical router using command > get logical-router</li><li>Select the service router T0 vrf number 1</li></ul><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEg4ExxKsNQIsxr0BZcs2mOIzc4dfNB9xvEWfFOglTXdwq6TxoDIl5kS0vwPlxtGGh42HwTxEg3PM4n-NrYPaK7qJyXGiQ8w08QUX9naHcO0894BLigZbyrCNg6F99yBfNcoKQsKjQI8HhQ/s2086/Screenshot+2021-07-04+at+11.01.56+PM.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em; text-align: center;"><img border="0" data-original-height="282" data-original-width="2086" height="86" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEg4ExxKsNQIsxr0BZcs2mOIzc4dfNB9xvEWfFOglTXdwq6TxoDIl5kS0vwPlxtGGh42HwTxEg3PM4n-NrYPaK7qJyXGiQ8w08QUX9naHcO0894BLigZbyrCNg6F99yBfNcoKQsKjQI8HhQ/w640-h86/Screenshot+2021-07-04+at+11.01.56+PM.png" width="640" /></a></div><div><br /></div>SR, the service router get placed on the Edge nodes which provide connectivity to the external world (North-south routing)<div><br /><div><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgQf7DCqnKdfkUqP8SbHLHSeBkXuPVRhbzlskDa9lYQriT5P5slVYYd0ebbh14QFO4eJ97xsRTPM5AhXOMzc-fVGCIrgNqv0mxsB37UDNEAPk9rGdAIm_n2sKFuJ1oXLuXNB1NG9IXs7sE/s2082/Screenshot+2021-07-04+at+11.07.41+PM.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em; text-align: center;"><img border="0" data-original-height="400" data-original-width="2082" height="122" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgQf7DCqnKdfkUqP8SbHLHSeBkXuPVRhbzlskDa9lYQriT5P5slVYYd0ebbh14QFO4eJ97xsRTPM5AhXOMzc-fVGCIrgNqv0mxsB37UDNEAPk9rGdAIm_n2sKFuJ1oXLuXNB1NG9IXs7sE/w640-h122/Screenshot+2021-07-04+at+11.07.41+PM.png" width="640" /></a></div><div><ul style="text-align: left;"><li>Insert the command > get bgp neighbor summary</li></ul><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjkwk1PQ4-romvXUrbCoQdo6hm8rZe-snwKfk1LeGQx50d3yR6leIkyPJB2Fd5L_W64nDhsCm5JNYIWsN7G6XorJJavMmC902ox3ER9kjq1UdvpWaoC9x93Gc55RTbFMgSVvzlu7m6Gcuo/s1770/Screenshot+2021-07-04+at+11.11.20+PM.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em; text-align: center;"><img border="0" data-original-height="452" data-original-width="1770" height="164" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjkwk1PQ4-romvXUrbCoQdo6hm8rZe-snwKfk1LeGQx50d3yR6leIkyPJB2Fd5L_W64nDhsCm5JNYIWsN7G6XorJJavMmC902ox3ER9kjq1UdvpWaoC9x93Gc55RTbFMgSVvzlu7m6Gcuo/w640-h164/Screenshot+2021-07-04+at+11.11.20+PM.png" width="640" /></a></div><div><br /></div><div>The above figure shows that it's having a single neighbor (Single ToR) connected to the Edge node and reflecting the status as "ESTABLISHED" means that the edge node is having successful paring with the ToR switch and running stable.</div><div><br /></div><div><br /></div><div>Hope you like the summarization.</div><div>Happy learning...</div><div><br /></div><div><br /></div><div><br /></div><br /></div>Sachin Bhardwajhttp://www.blogger.com/profile/00246998315096670256noreply@blogger.com0Bengaluru, Karnataka, India12.9715987 77.5945627-15.338635136178846 42.4383127 41.281832536178847 112.7508127tag:blogger.com,1999:blog-7301826463672350299.post-91341396745154286602020-11-16T12:50:00.011+05:302021-07-04T21:24:48.633+05:30VSAN VM Storage Policy failed to retrieve data from the server<p> </p><p style="text-align: justify;">Last week I got into an issue in my lab environment where some of my VM's under the vSAN 7.0 cluster was unable to migrate from one ESXi host to another ESXi host.</p><p style="text-align: justify;">During vMotion the VM from one host to another host, I was getting an error that the storage profile missing.</p><div class="separator" style="clear: both; text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEh9UXRExMBHMgbeGgz0UuriChtOF8FcR8KzdXQn42B9X1sIVUxaKR_iQ2TdSK9xfLnTsO84EnhQkmsblRf8ZYNoTrlW-I5dPrBwAHL5alorxypwFQjrqVlj5ps82NJ3m_CcJDF8DpDLLlo/s2048/Screenshot+2020-11-16+at+1.38.51+PM.png" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="1099" data-original-width="2048" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEh9UXRExMBHMgbeGgz0UuriChtOF8FcR8KzdXQn42B9X1sIVUxaKR_iQ2TdSK9xfLnTsO84EnhQkmsblRf8ZYNoTrlW-I5dPrBwAHL5alorxypwFQjrqVlj5ps82NJ3m_CcJDF8DpDLLlo/s320/Screenshot+2020-11-16+at+1.38.51+PM.png" width="320" /></a></div><blockquote style="border: none; margin: 0px 0px 0px 40px; padding: 0px; text-align: center;"><span style="font-size: x-small;">Credit: yellow-bricks.com</span></blockquote><p><br /></p><p style="text-align: justify;">On validating the VM storage profile from vCenter which is on 7.0 it's identified that none of the VM storage policies was visible there and flashing error " Failed to retrieve data from the server".</p><p style="text-align: justify;">vCenter Storage providers were also showing blank as it looks not in sync.</p><div class="separator" style="clear: both; text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjdTvKRKsNs_tDg0tYxS-AxTaHJ2pIPhOWlLR7EbwhavA9jgBjDPTUU6YWKukyLctc8K_8Am7o0IimgZTyCS_-vnIxUSJhSnubITRKvGflqn_94gKgKCFdQWu5g1guXA-7892F9HlPBqwM/s2264/Screenshot+2020-11-16+at+12.13.24+PM.png" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="742" data-original-width="2264" height="210" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjdTvKRKsNs_tDg0tYxS-AxTaHJ2pIPhOWlLR7EbwhavA9jgBjDPTUU6YWKukyLctc8K_8Am7o0IimgZTyCS_-vnIxUSJhSnubITRKvGflqn_94gKgKCFdQWu5g1guXA-7892F9HlPBqwM/w640-h210/Screenshot+2020-11-16+at+12.13.24+PM.png" width="640" /></a></div><div class="separator" style="clear: both; text-align: center;">Fig-1</div><div class="separator" style="clear: both; text-align: left;">Further, investigating through with the vCenter logs, I identified the below error:</div><div class="separator" style="clear: both; text-align: left;"><br /></div><table align="center" cellpadding="0" cellspacing="0" class="tr-caption-container" style="float: left; margin-right: 1em; text-align: left;"><tbody><tr><td style="text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgwQoODCGeh-JKYWETg5wCiuHrxLxGSNDX5RpFJWYW16F8V07_3b7dQXDsjnsGiSz5oTKYvMbn0adb6yHVBex31GKulusApfw3NSPR6Sf8cQZmwqsq5OROl4aQGSnth6MOpf6FGfTvpqDQ/s2806/Screenshot+2020-11-16+at+12.26.59+PM+1.png" style="margin-left: auto; margin-right: auto;"><img border="0" data-original-height="150" data-original-width="2806" height="63" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgwQoODCGeh-JKYWETg5wCiuHrxLxGSNDX5RpFJWYW16F8V07_3b7dQXDsjnsGiSz5oTKYvMbn0adb6yHVBex31GKulusApfw3NSPR6Sf8cQZmwqsq5OROl4aQGSnth6MOpf6FGfTvpqDQ/w828-h63/Screenshot+2020-11-16+at+12.26.59+PM+1.png" width="828" /></a></td></tr><tr><td class="tr-caption" style="text-align: center;"><br /></td></tr></tbody></table><br /><div class="separator" style="clear: both; text-align: justify;">As per the logs, it's showing Failed to register vSAN VP services.</div><div class="separator" style="clear: both; text-align: justify;"><br /></div><div class="separator" style="clear: both; text-align: justify;">vSAN health services are up and running on the vCenter Server, but found the service log file had a significant size.</div><div class="separator" style="clear: both; text-align: justify;"><br /></div><div class="separator" style="clear: both; text-align: justify;">--rw-r--r-- l. 1 vsan-health users 8.3G Oct 13 10:14 vmware-vsa-health-service.log</div><div class="separator" style="clear: both; text-align: justify;"><br /></div><div class="separator" style="clear: both; text-align: justify;">As the vSAN-health logs were occupying a significant amount of space of 8.3 GB on the partition and due to unavailability of space health services were unable to write new logging into /var/log/vmware/vsan-health partition.</div><div class="separator" style="clear: both; text-align: left;"><br /></div><div class="separator" style="clear: both; text-align: left;"><u>To troubleshoot this issue, the below steps were taken into action.</u></div><div class="separator" style="clear: both; text-align: left;"><br /></div><div class="separator" style="clear: both; text-align: justify;">1) Stopped vSAN health services on the vCenter Server.</div><div class="separator" style="clear: both; text-align: justify;"><br /></div><div class="separator" style="clear: both; text-align: justify;">2) Moved the vSAN health services logs file to other partitions for later reference or you can delete if you don't feel it's not useful for you.</div><div class="separator" style="clear: both; text-align: justify;"><br /></div><div class="separator" style="clear: both; text-align: justify;">3) Start vSAN health services. >> Validated the service.log file has been recreated successfully.</div><div class="separator" style="clear: both; text-align: justify;"><br /></div><div class="separator" style="clear: both; text-align: justify;">4) Restarted SPS services on the vCenter Server.</div><div class="separator" style="clear: both; text-align: justify;"><br /></div><div class="separator" style="clear: both; text-align: justify;"><br /></div><div class="separator" style="clear: both; text-align: justify;">After applying the above steps, all Storage providers were available again in vCenter Server.</div><div class="separator" style="clear: both; text-align: justify;"><br /></div><div class="separator" style="clear: both; text-align: justify;">After this, all VM storage profiles were visible as vSAN and VM level also able to successfully managed to vMotion VM from one host to another host.</div><div class="separator" style="clear: both; text-align: justify;"><br /></div><div class="separator" style="clear: both; text-align: justify;"><br /></div><div class="separator" style="clear: both; text-align: justify;"><br /></div><div class="separator" style="clear: both; text-align: justify;">Thanks for reading.. and keep sharing ...</div><div class="separator" style="clear: both; text-align: justify;"><br /></div><div class="separator" style="clear: both; text-align: left;"><br /></div><div class="separator" style="clear: both; text-align: left;"><br /></div><div class="separator" style="clear: both; text-align: left;"><br /></div><div class="separator" style="clear: both; text-align: left;"><br /></div><div class="separator" style="clear: both; text-align: left;"><br /></div><br /><p><br /></p>Sachin Bhardwajhttp://www.blogger.com/profile/00246998315096670256noreply@blogger.com1tag:blogger.com,1999:blog-7301826463672350299.post-64316588688137398182020-09-14T18:59:00.022+05:302020-09-16T12:13:30.904+05:30What's new in NSX-T 3.0<p class="MsoNormal" style="font-family: calibri; font-size: 12pt; margin: 0cm 0cm 0.0001pt;"><br /></p><p class="MsoNormal" style="margin: 0cm 0cm 0.0001pt;"><span lang="EN-US" style="font-family: verdana;"><br /></span></p><p class="MsoNormal" style="margin: 0cm 0cm 0.0001pt;"><span style="font-family: verdana;">There is various enhancement done in NSX-T version 3.0 by VMware. </span></p><p class="MsoNormal" style="margin: 0cm 0cm 0.0001pt;"><span style="font-family: verdana;"><br /></span></p><span style="font-family: verdana;"><br class="Apple-interchange-newline" />Let's talk about architecture change in NSX-T version 3.0</span><div><span style="font-family: verdana;"><br /></span></div><div><span style="font-family: verdana;">Some of the below changes were made concerning the internal communication mechanism within the NSX-T components. </span></div><div><span style="font-family: verdana;"><br /></span></div><div><span style="font-family: verdana;">T</span><span style="font-family: verdana;">hey are:</span></div><div><span style="font-family: verdana;"><br /></span></div><div><span style="font-family: verdana;"><span style="font-size: x-large;"><b>Architecture ramp-up:</b></span></span></div><div><p class="MsoListParagraphCxSpMiddle" style="margin: 0cm 0cm 0.0001pt 36pt;"></p><ul style="text-align: left;"><li><span lang="EN-US"><span style="font-family: verdana;">NSX Manager and its cluster communicate with their transport nodes through APH Server (<u>Appliance Proxy Hub</u>)<br /><br /></span></span></li><li><span lang="EN-US"><span style="font-family: verdana;">NSX Manager communicates with NSX-Proxy through port <u>1234.</u><br /><br /></span></span></li><li><span lang="EN-US"><span style="font-family: verdana;">CCP (Central control plane) communicates with NSX-Proxy through port <u>1235</u>.<br /><br /></span></span></li><li><span lang="EN-US"><span style="font-family: verdana;">RabbitMQ messaging is replaced with NSX-RPC between the management plane and CCP.</span></span></li></ul><p></p><p class="MsoListParagraphCxSpMiddle" style="font-family: calibri; font-size: 12pt; margin: 0cm 0cm 0.0001pt 36pt;"><span lang="EN-US"> </span></p><p class="MsoNormal" style="font-family: calibri; font-size: 12pt; margin: 0cm 0cm 0.0001pt;"><span lang="EN-US"></span></p><p class="MsoListParagraphCxSpMiddle" style="font-family: calibri; font-size: 12pt; margin: 0cm 0cm 0.0001pt 36pt;"><span lang="EN-US"> </span></p><p class="MsoNormal" style="font-family: calibri; font-size: 12pt; margin: 0cm 0cm 0.0001pt;"></p><table align="center" cellpadding="0" cellspacing="0" class="tr-caption-container" style="margin-left: auto; margin-right: auto;"><tbody><tr><td style="text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEinNHRhfQ1lX0mlsjAUNAiKaD74-BxBfoNSmUjAvLc9i0IQPehp007fjE-HmHgz8fIB3MhgyJcRebSoXoMETH83rHIhrZXdWR4TVRRAjj_KQQGrGgCeEnbFRSVI_QjWessdPkMrNK4euDQ/s1130/NSX-Tarchitecture+3.0.png" style="margin-left: auto; margin-right: auto;"><img border="0" data-original-height="1102" data-original-width="1130" height="482" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEinNHRhfQ1lX0mlsjAUNAiKaD74-BxBfoNSmUjAvLc9i0IQPehp007fjE-HmHgz8fIB3MhgyJcRebSoXoMETH83rHIhrZXdWR4TVRRAjj_KQQGrGgCeEnbFRSVI_QjWessdPkMrNK4euDQ/w493-h482/NSX-Tarchitecture+3.0.png" width="493" /></a></td></tr><tr><td class="tr-caption" style="text-align: center;">Add caption<br /></td></tr></tbody></table><h1 style="margin: 0cm 0cm 0.0001pt 36pt; text-align: left;"><span><span lang="EN-US" style="font-size: x-large;"> <br /></span><span lang="EN-US"><span style="font-family: verdana; font-size: x-large;">Alarm and Events</span></span></span></h1><p class="MsoListParagraphCxSpMiddle" style="margin: 0cm 0cm 0.0001pt 36pt;"><span lang="EN-US"><span style="font-family: verdana;"> </span></span></p><p class="MsoListParagraphCxSpMiddle" style="margin: 0cm 0cm 0.0001pt 36pt;"><span lang="EN-US"><span style="font-family: verdana;">In NSX-T version 3.0, there is an introduction of Alerts and Events which help in the active monitoring of different components of the environment.<span><o:p></o:p></span></span></span></p><p class="MsoListParagraphCxSpMiddle" style="margin: 0cm 0cm 0.0001pt 36pt;"><span lang="EN-US"><span style="font-family: verdana;"><br /></span></span></p><p class="MsoListParagraphCxSpMiddle" style="margin: 0cm 0cm 0.0001pt 36pt;"><span lang="EN-US"><span style="font-family: verdana;"> </span></span></p><h1 style="margin: 0cm 0cm 0.0001pt 36pt; text-align: left;"><span lang="EN-US"><span style="font-family: verdana; font-size: x-large;">Network Topology UI</span></span></h1><p class="MsoListParagraphCxSpMiddle" style="margin: 0cm 0cm 0.0001pt 36pt;"><span lang="EN-US"><span style="font-family: verdana;"> </span></span></p><p class="MsoListParagraphCxSpMiddle" style="margin: 0cm 0cm 0.0001pt 36pt;"><span lang="EN-US"><span style="font-family: verdana;">In NSX-T 3.0 there is a view of the network topology which gives a diagram of each component of NSX-T. This view gives about numbers of VM connected to segments, numbers of segments, T1, T0. Numbers of uplinks connected to T0.<o:p></o:p></span></span></p><p class="MsoListParagraphCxSpMiddle" style="margin: 0cm 0cm 0.0001pt 36pt;"><span lang="EN-US"><span style="font-family: verdana;"> </span></span></p><p class="MsoListParagraphCxSpMiddle" style="margin: 0cm 0cm 0.0001pt 36pt;"><span lang="EN-US"><span style="font-family: verdana; font-size: x-large;"><br /></span></span></p><h1 style="margin: 0cm 0cm 0.0001pt 36pt; text-align: left;"><span lang="EN-US"><span style="font-family: verdana; font-size: x-large;">NSX-T on VDS</span></span></h1><div><span lang="EN-US"><span style="font-family: verdana;"><br /></span></span></div><p class="MsoListParagraphCxSpMiddle" style="margin: 0cm 0cm 0.0001pt 36pt;"><span lang="EN-US"><span style="font-family: verdana;">In the NSX-T 3.0 version, now we can leverage the vCenter VDS as well as NVDS.<o:p></o:p></span></span></p><p class="MsoListParagraphCxSpMiddle" style="margin: 0cm 0cm 0.0001pt 36pt;"><span lang="EN-US"><span style="font-family: verdana;"><br /></span></span></p><p class="MsoListParagraphCxSpMiddle" style="margin: 0cm 0cm 0.0001pt 36pt;"><span lang="EN-US"><span style="font-family: verdana;">In the ESXi host which are managed by the vCenter server can now be configured using VDS during transport node preparation.<o:p></o:p></span></span></p><p class="MsoListParagraphCxSpMiddle" style="margin: 0cm 0cm 0.0001pt 36pt;"><span lang="EN-US"><span style="font-family: verdana;"><br /></span></span></p><p class="MsoListParagraphCxSpMiddle" style="margin: 0cm 0cm 0.0001pt 36pt;"><span lang="EN-US"><span style="font-family: verdana;">For the standalone ESXi host environments, NSX Manager installs the NSX-T virtual distributed switch (NVDS) on transport nodes.<o:p></o:p></span></span></p><p class="MsoListParagraphCxSpMiddle" style="margin: 0cm 0cm 0.0001pt 36pt;"><span lang="EN-US"><span style="font-family: verdana;"><br /></span></span></p><p class="MsoListParagraphCxSpMiddle" style="margin: 0cm 0cm 0.0001pt 36pt;"><span lang="EN-US"><span style="font-family: verdana;">The distributed port group and NSX distributed port groups can coexist on the same VDS.<o:p></o:p></span></span></p><p class="MsoListParagraphCxSpMiddle" style="margin: 0cm 0cm 0.0001pt 36pt;"><span lang="EN-US"><span style="font-family: verdana;"> </span></span></p><p class="MsoListParagraphCxSpMiddle" style="margin: 0cm 0cm 0.0001pt 36pt;"><span lang="EN-US"><span style="font-family: verdana;"><u>The requirement</u> of the VDS environment on NSX-T requires having vCenter 7 & ESXi host 7, as well as VDS, must be configured with VDS7. MTU value of VDS7 should be in 1600.<o:p></o:p></span></span></p><p class="MsoListParagraphCxSpMiddle" style="margin: 0cm 0cm 0.0001pt 36pt;"><span lang="EN-US"><span style="font-family: verdana;"> </span></span></p><p class="MsoListParagraphCxSpMiddle" style="margin: 0cm 0cm 0.0001pt 36pt;"><span lang="EN-US"><span style="font-family: verdana;"> </span></span></p><h1 style="margin: 0cm 0cm 0.0001pt 36pt; text-align: left;"><span lang="EN-US"><span style="font-family: verdana; font-size: x-large;">VRF Lite</span></span></h1><div><span lang="EN-US"><span style="font-family: verdana;"><br /></span></span></div><p class="MsoListParagraphCxSpMiddle" style="margin: 0cm 0cm 0.0001pt 36pt;"><span lang="EN-US"><span style="font-family: verdana;">The new introduction of version 3.0 is VRF Lite where multiple routing instances can be configured without deploying additional Tier-0 gateway along with edge nodes.</span></span></p><p class="MsoListParagraphCxSpMiddle" style="margin: 0cm 0cm 0.0001pt 36pt;"><span lang="EN-US"><span style="font-family: verdana;"><br /></span></span></p><p class="MsoListParagraphCxSpMiddle" style="margin: 0cm 0cm 0.0001pt 36pt;"><span style="font-family: verdana;"> </span></p><p class="MsoListParagraphCxSpMiddle" style="margin: 0cm 0cm 0.0001pt 36pt;"><span lang="EN-US"></span></p><div class="separator" style="clear: both; text-align: center;"><span lang="EN-US"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEigqoMmbQ9SD5QjlDesWK4s43QACDhYBldfp8vXyulkgw3z1stE0pK9Xi0Hc_TDsAtxsZC4r45Xt637jlSTLA62yi1xquyLvt5uWbFfMWN1-V8RIE35RwJUJRnI_Xq8sd5cejusG1S5-04/s1316/Screenshot+2020-09-16+at+11.58.03+AM.png" style="clear: right; float: right; margin-bottom: 1em; margin-left: 1em;"><img border="0" data-original-height="724" data-original-width="1316" height="340" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEigqoMmbQ9SD5QjlDesWK4s43QACDhYBldfp8vXyulkgw3z1stE0pK9Xi0Hc_TDsAtxsZC4r45Xt637jlSTLA62yi1xquyLvt5uWbFfMWN1-V8RIE35RwJUJRnI_Xq8sd5cejusG1S5-04/w618-h340/Screenshot+2020-09-16+at+11.58.03+AM.png" width="618" /></a></span></div><span lang="EN-US"><br /><span style="font-family: verdana;"><br /></span></span><p></p><p class="MsoListParagraphCxSpMiddle" style="margin: 0cm 0cm 0.0001pt 36pt;"><span lang="EN-US"><span style="font-family: verdana;"><br /></span></span></p><p class="MsoListParagraphCxSpMiddle" style="margin: 0cm 0cm 0.0001pt 36pt;"><span lang="EN-US"><span style="font-family: verdana;"><br /></span></span></p><p class="MsoListParagraphCxSpMiddle" style="margin: 0cm 0cm 0.0001pt 36pt;"><span lang="EN-US"><span style="font-family: verdana;"><br /></span></span></p><p class="MsoListParagraphCxSpMiddle" style="margin: 0cm 0cm 0.0001pt 36pt;"><span lang="EN-US"><span style="font-family: verdana;"><br /></span></span></p><p class="MsoListParagraphCxSpMiddle" style="margin: 0cm 0cm 0.0001pt 36pt;"><span lang="EN-US"><span style="font-family: verdana;"><br /></span></span></p><p class="MsoListParagraphCxSpMiddle" style="margin: 0cm 0cm 0.0001pt 36pt;"><span lang="EN-US"><span style="font-family: verdana;"><br /></span></span></p><p class="MsoListParagraphCxSpMiddle" style="margin: 0cm 0cm 0.0001pt 36pt;"><span lang="EN-US"><span style="font-family: verdana;"><br /></span></span></p><p class="MsoListParagraphCxSpMiddle" style="margin: 0cm 0cm 0.0001pt 36pt;"><span lang="EN-US"><span style="font-family: verdana;"><br /></span></span></p><p class="MsoListParagraphCxSpMiddle" style="margin: 0cm 0cm 0.0001pt 36pt;"><span lang="EN-US"><span style="font-family: verdana;">VRF Lite does not use MPLS/MP-BGP protocol as other traditional VRF.</span></span></p><p class="MsoListParagraphCxSpMiddle" style="margin: 0cm 0cm 0.0001pt 36pt;"><span lang="EN-US"><span style="font-family: verdana;"><br /></span></span></p><p class="MsoListParagraphCxSpMiddle" style="margin: 0cm 0cm 0.0001pt 36pt;"><span lang="EN-US"><span style="font-family: verdana;">Through VRF lite it provides isolation of logical routing and extents peers that are compatible with VRF lite technology.<o:p></o:p></span></span></p><p class="MsoListParagraphCxSpMiddle" style="margin: 0cm 0cm 0.0001pt 36pt;"><span lang="EN-US"><span style="font-family: verdana;"> </span></span></p><p class="MsoListParagraphCxSpMiddle" style="margin: 0cm 0cm 0.0001pt 36pt;"><span lang="EN-US"><span style="font-family: verdana;"><u>The requirement of VRF lite</u> </span></span></p><p class="MsoListParagraphCxSpMiddle" style="margin: 0cm 0cm 0.0001pt 36pt;"><span lang="EN-US"><span style="font-family: verdana;"><br /></span></span></p><p class="MsoListParagraphCxSpMiddle" style="margin: 0cm 0cm 0.0001pt 36pt;"><span lang="EN-US"><span style="font-family: verdana;">To have a default Tier-0 gateway with eternal connectivity with layer 3 peer. </span></span></p><p class="MsoListParagraphCxSpMiddle" style="margin: 0cm 0cm 0.0001pt 36pt;"><span lang="EN-US"><span style="font-family: verdana;"><br /></span></span></p><p class="MsoListParagraphCxSpMiddle" style="margin: 0cm 0cm 0.0001pt 36pt;"><span lang="EN-US"><span style="font-family: verdana;">The peer device supports the 802.1Q protocol for VLAN tagging.<o:p></o:p></span></span></p><p class="MsoListParagraphCxSpMiddle" style="margin: 0cm 0cm 0.0001pt 36pt;"><span lang="EN-US"><span style="font-family: verdana;"><br /></span></span></p><p class="MsoListParagraphCxSpMiddle" style="margin: 0cm 0cm 0.0001pt 36pt;"><span lang="EN-US"><span style="font-family: verdana;"> </span></span></p><p class="MsoListParagraphCxSpMiddle" style="margin: 0cm 0cm 0.0001pt 36pt;"><span lang="EN-US"><span style="font-family: verdana;"><u>Limitation of VRF lite</u> </span></span></p><p class="MsoListParagraphCxSpMiddle" style="margin: 0cm 0cm 0.0001pt 36pt;"><span lang="EN-US"><span style="font-family: verdana;"><br /></span></span></p><p class="MsoListParagraphCxSpMiddle" style="margin: 0cm 0cm 0.0001pt 36pt;"><span lang="EN-US"><span style="font-family: verdana;"> It's not compatible with VPN and Load Balancer.<o:p></o:p></span></span></p><p class="MsoListParagraphCxSpMiddle" style="margin: 0cm 0cm 0.0001pt 36pt;"><span lang="EN-US"><span style="font-family: verdana;"><br /></span></span></p><p class="MsoListParagraphCxSpMiddle" style="margin: 0cm 0cm 0.0001pt 36pt;"><br /></p><h1 style="margin: 0cm 0cm 0.0001pt 36pt; text-align: left;"><span lang="EN-US"><span style="font-family: verdana; font-size: x-large;">EVPN</span></span></h1><p class="MsoListParagraphCxSpMiddle" style="margin: 0cm 0cm 0.0001pt 36pt;"><span lang="EN-US"><span style="font-family: verdana;"><br /></span></span></p><p class="MsoListParagraphCxSpMiddle" style="margin: 0cm 0cm 0.0001pt 36pt;"><span lang="EN-US"><span style="font-family: verdana;">Ethernet VPN (EVPN) is an IEEE standard and has the following characteristics.<o:p></o:p></span></span></p><p class="MsoListParagraphCxSpMiddle" style="margin: 0cm 0cm 0.0001pt 36pt;"><span lang="EN-US"><span style="font-family: verdana;"><br /></span></span></p><p class="MsoListParagraphCxSpMiddle" style="margin: 0cm 0cm 0.0001pt 36pt;"></p><ul style="text-align: left;"><li><span lang="EN-US"><span style="font-family: verdana;">Provides L2 VPN and L3 VPN services.<br /><br /></span></span></li><li><span style="font-family: verdana;">Provides control plane and data plane separation.<br /><br /></span></li><li><span lang="EN-US"><span style="font-family: verdana;">Supports several types of encapsulation, such as VXLAN, Multiprotocol label switching.<br /><br /></span></span></li><li><span lang="EN-US"><span style="font-family: verdana;">Uses Multiprotocol BGP (MP-BGP) for the control plane.</span></span></li></ul><p></p><h1 style="margin: 0cm 0cm 0.0001pt 36pt; text-align: left;"><span style="font-family: verdana;"><span lang="EN-US"><span style="font-size: small;"> </span><span style="font-size: x-large;"><br /></span></span></span><span style="font-family: verdana;"><span lang="EN-US" style="font-size: x-large;">NSX Edge and Routing Enhancement.</span></span></h1><p class="MsoListParagraphCxSpMiddle" style="margin: 0cm 0cm 0.0001pt 36pt;"><span lang="EN-US"><span style="font-family: verdana;"> </span></span></p><p class="MsoListParagraphCxSpMiddle" style="margin: 0cm 0cm 0.0001pt 36pt;"><span lang="EN-US"><span style="font-family: verdana;">The following enhancement has been made in NSX Edge in 3.0<o:p></o:p></span></span></p><p class="MsoListParagraphCxSpMiddle" style="margin: 0cm 0cm 0.0001pt 36pt;"><span lang="EN-US"><span style="font-family: verdana;"><br /></span></span></p><p class="MsoListParagraphCxSpMiddle" style="margin: 0cm 0cm 0.0001pt 36pt;"></p><ul style="text-align: left;"><li><span lang="EN-US"><span style="font-family: verdana;">New Extra large form factor with 16 vCPUs and 64 GB of RAM.</span></span></li></ul><p></p><p class="MsoListParagraphCxSpMiddle" style="margin: 0cm 0cm 0.0001pt 36pt;"></p><ul style="text-align: left;"><li><span lang="EN-US"><span style="font-family: verdana;">The NSX Edge nodes settings can be changed after deployment.</span></span></li></ul><p></p><p class="MsoListParagraphCxSpMiddle" style="margin: 0cm 0cm 0.0001pt 36pt;"></p><ul style="text-align: left;"><li><span lang="EN-US"><span style="font-family: verdana;">A nice feature is where Edge VM is configured to automatically power on in vSphere Cluster where high availability is disabled.</span></span></li></ul><p></p><h1 style="margin: 0cm 0cm 0.0001pt 36pt; text-align: left;"><span style="font-size: x-large;"><span lang="EN-US"><span style="font-family: verdana;"><span><br /></span></span></span><span lang="EN-US"><span style="font-family: verdana;">QoS( Quality of Services profile)</span></span></span></h1><div><span lang="EN-US"><span style="font-family: verdana;"><br /></span></span></div><p class="MsoListParagraphCxSpMiddle" style="margin: 0cm 0cm 0.0001pt 36pt;"><span lang="EN-US"><span style="font-family: verdana;">QoS profiles are only supported on the Tier-1 gateway and applied on the uplink ports.<o:p></o:p></span></span></p><p class="MsoListParagraphCxSpMiddle" style="margin: 0cm 0cm 0.0001pt 36pt;"><span lang="EN-US"><span style="font-family: verdana;"><br /></span></span></p><p class="MsoListParagraphCxSpMiddle" style="margin: 0cm 0cm 0.0001pt 36pt;"><span lang="EN-US"><span style="font-family: verdana;"> <u>Characteristics of the QoS profile.</u><o:p></o:p></span></span></p><p class="MsoListParagraphCxSpMiddle" style="margin: 0cm 0cm 0.0001pt 36pt;"><span lang="EN-US"><span style="font-family: verdana;"> </span></span></p><p class="MsoListParagraphCxSpMiddle" style="margin: 0cm 0cm 0.0001pt 36pt;"></p><ul style="text-align: left;"><li><span lang="EN-US"><span style="font-family: verdana;">Profiles for different Tier-1 gateway ono the same NSX Edge are isolated from each other.</span></span></li><li><span lang="EN-US"><span style="font-family: verdana;">An individual profile can be configured for ingress and egress traffic.</span></span></li><li><span lang="EN-US"><span style="font-family: verdana;">Also, the individual profile can be configured with a single rate.</span></span></li><li><span lang="EN-US"><span style="font-family: verdana;">Rate-limiting is applied to all traffic (Unicast, BUM, IPV4/IPV6)</span></span></li></ul><p></p><h1 style="margin: 0cm 0cm 0.0001pt 36pt; text-align: left;"><span><span lang="EN-US"><span style="font-family: verdana; font-size: x-large;"><br /></span></span></span></h1><h1 style="margin: 0cm 0cm 0.0001pt 36pt; text-align: left;"><span><span lang="EN-US"><span style="font-family: verdana; font-size: x-large;">Time-Based Firewall Rules:</span></span></span></h1><div><span lang="EN-US"><span style="font-family: verdana;"><br /></span></span></div><p class="MsoListParagraphCxSpMiddle" style="margin: 0cm 0cm 0.0001pt 36pt;"><span lang="EN-US"><span style="font-family: verdana;">One can use time-based firewall rules to configure security rules that are valid for a specific period.<o:p></o:p></span></span></p><p class="MsoListParagraphCxSpMiddle" style="margin: 0cm 0cm 0.0001pt 36pt;"><span lang="EN-US"><span style="font-family: verdana;"> </span></span></p><p class="MsoListParagraphCxSpMiddle" style="margin: 0cm 0cm 0.0001pt 36pt;"></p><ul style="text-align: left;"><li><span lang="EN-US"><span style="font-family: verdana;">They are available for distribution and gateway firewalls.</span></span></li><li><span lang="EN-US"><span style="font-family: verdana;">They are configured at the firewall policy level.</span></span></li><li><span lang="EN-US"><span style="font-family: verdana;">Both recurring and once-off firewall rules can be configured.</span></span></li><li><span lang="EN-US"><span style="font-family: verdana;">They are only supported on ESXi host and NSX Edge nodes</span></span></li><li><span lang="EN-US"><span style="font-family: verdana;">These are only configured on the Tier-1 gateway.</span></span></li><li><span lang="EN-US"><span style="font-family: verdana;">Use cases for Time-based Firewall rules:</span></span></li><li><span lang="EN-US"><span style="font-family: verdana;">Allow users to access the internet during a specific time slot.</span></span></li><li><span style="font-family: verdana;">Allow users to only specific services only during the maintenance window.</span></li></ul><p></p><p class="MsoListParagraphCxSpMiddle" style="margin: 0cm 0cm 0.0001pt 36pt;"><span lang="EN-US"><span style="font-family: verdana;"><u>The requirement for Time-based Firewall rules</u>: </span></span></p><p class="MsoListParagraphCxSpMiddle" style="margin: 0cm 0cm 0.0001pt 36pt;"></p><ul style="text-align: left;"><li><span lang="EN-US"><span style="font-family: verdana;">NTP services should be on all participating transport nodes.</span></span></li><li><span lang="EN-US"><span style="font-family: verdana;">Validate the ntp setting on transport nodes using /etc/init.d/ntpd status.</span></span></li><li><span lang="EN-US"><span style="font-family: verdana;">On Edge nodes validate the services using “ get service NTP”</span></span></li><li><span style="font-family: verdana;">Validate the NTP Client to successfully communicate to configure NTP serve # ntpd –p</span></li></ul><p></p><p class="MsoNormal" style="margin: 0cm 0cm 0.0001pt;"><span style="font-family: verdana;"> </span></p><p class="MsoNormal" style="margin: 0cm 0cm 0.0001pt;"><span style="font-family: verdana;"> <br /></span></p></div>Sachin Bhardwajhttp://www.blogger.com/profile/00246998315096670256noreply@blogger.com0tag:blogger.com,1999:blog-7301826463672350299.post-72530841976106214532020-09-13T03:22:00.012+05:302020-09-14T13:23:52.783+05:30 Reason's for instability of NSX-T Cluster<p> </p><p>Some time back I had an issue where my NSX-T lab e<span style="font-family: inherit;">nvironment was showing unstable status. My environment consists of 3 NSX-T manager nodes aligned with the VIP IP address. </span></p><div class="separator" style="clear: both; text-align: center;"><br /><div class="separator" style="clear: both; text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjy9Hu3E9ws_L-ItICIxYWVJ2LGoKq5VLQsChfdxMODTw1UFjpD4-fdgLM5zL1AKyVN6-71clexWpR858KypYjkeNcrfrMJ4oxqhdGNh1tA0YrhsCQgKauHhL1xK8evVye2C943aRwxdzA/s320/Screenshot+2020-09-13+at+4.22.00+PM.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="124" data-original-width="320" height="99" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjy9Hu3E9ws_L-ItICIxYWVJ2LGoKq5VLQsChfdxMODTw1UFjpD4-fdgLM5zL1AKyVN6-71clexWpR858KypYjkeNcrfrMJ4oxqhdGNh1tA0YrhsCQgKauHhL1xK8evVye2C943aRwxdzA/w256-h99/Screenshot+2020-09-13+at+4.22.00+PM.png" width="256" /></a></div><br /></div><p style="text-align: justify;">The issue where I was unable to access my NSX-T console through VIP IP address nor with my other NSX-T nodes. It's quite intermittent I was able to access console UI from one of the manager node using admin account. However, unable to login to the manager's node using SSH with admin or root account.</p><p>As I said its quite intermitted where I managed to access the manager UI console. </p><p>In the below Figure:1, it states that 1-2 manager nodes were showing unavailable.</p><p></p><div class="separator" style="clear: both; text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEj7HGDlamLZRsBBDS2tdV0OxkZ-YER3UkTnbwDW9T7bVNgmxAUuFmIIIJEyHolKHpMYDSdIJvo_XCfeSdIm35oI2vNhZ0UB6IP-1gTi6ELp7-MOu4_whOVMvd0R0x1bMgI7BIitzL-tCtY/s1596/nsx-t+degraded.png" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="646" data-original-width="1596" height="255" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEj7HGDlamLZRsBBDS2tdV0OxkZ-YER3UkTnbwDW9T7bVNgmxAUuFmIIIJEyHolKHpMYDSdIJvo_XCfeSdIm35oI2vNhZ0UB6IP-1gTi6ELp7-MOu4_whOVMvd0R0x1bMgI7BIitzL-tCtY/w625-h255/nsx-t+degraded.png" width="625" /></a></div><div class="separator" style="clear: both; text-align: center;">Figure:1</div><div class="separator" style="clear: both; text-align: center;"><br /></div><div class="separator" style="clear: both; text-align: left;">On validating the "VIEW DETAILS" it clearly shows that /var/log partition was 100% full.</div><div class="separator" style="clear: both; text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEi5_SbkqX76dHnt-zcPvARqGYuvNIciYaVpFozTdfTb-COt4Xzf9FUiB-TUN9Uoqv09MBipNShrF9pgjdhHm8CewrCFr_QstKaGfuZ3ql3Cust6xW0G735A7MCm-L3bCDbPiCRjJqbnbZQ/s1022/Screenshot+2020-09-13+at+2.41.53+AM.png" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="644" data-original-width="1022" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEi5_SbkqX76dHnt-zcPvARqGYuvNIciYaVpFozTdfTb-COt4Xzf9FUiB-TUN9Uoqv09MBipNShrF9pgjdhHm8CewrCFr_QstKaGfuZ3ql3Cust6xW0G735A7MCm-L3bCDbPiCRjJqbnbZQ/s320/Screenshot+2020-09-13+at+2.41.53+AM.png" width="320" /></a></div><div class="separator" style="clear: both; text-align: center;"><br /></div><div class="separator" style="clear: both; text-align: center;">Figure:2</div><div class="separator" style="clear: both; text-align: center;"><br /></div><div class="separator" style="clear: both; text-align: left;">Now the main objective is to either compress or delete the old logs from /var/log partition to bring back the manager's node's. </div><div class="separator" style="clear: both; text-align: left;"><br /></div><div class="separator" style="clear: both; text-align: left;">To accomplish this I booted the NSX-T node VM sequentially, mounting the Ubuntu image using rescue mode to clean up the required space under /var/log.</div><div class="separator" style="clear: both; text-align: left;"><br /></div><div class="separator" style="clear: both; text-align: left;">Verified the /var/log partition in manager nodes and found Syslog.1 was occupying a large space on this partition.</div><div class="separator" style="clear: both; text-align: left;"><img border="0" data-original-height="290" data-original-width="1426" height="101" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEil_HmFyot4q5f9HYGwhaqfrAZ_LDfq2sbsEC8fc5ABSpso3NY3vziBm95LxlU9G-TH7sSNIDPqO6hhI-cgUXSk9URbPBrtvfZCKA0_uYdV20-QoTq_2wTWOT2Yx4d1qYGtJvDYHVAzRGU/w500-h101/Screenshot+2020-09-13+at+2.45.46+AM.png" width="500" /></div><div class="separator" style="clear: both; text-align: center;">Figure:3</div><div class="separator" style="clear: both; text-align: center;"><br /></div><div class="separator" style="clear: both; text-align: left;">As per the above figure, it states that the Syslog was occupying huge space under /var/log. </div><div class="separator" style="clear: both; text-align: left;">Also, is states that Syslog.1 was not rotated for a long time.</div><div class="separator" style="clear: both; text-align: left;"><br /></div><div class="separator" style="clear: both; text-align: left;">We can compress or delete the old logs file to maintain free space into /var/log location. From my view, I have deleted the old Syslog and other logs to maintain relevant space into the partition.</div><div class="separator" style="clear: both; text-align: left;"><br /></div><div class="separator" style="clear: both; text-align: left;">Later, I was able to login from SSH using Root password. However, system asked to change the password as the Root password got expired.</div><div class="separator" style="clear: both; text-align: left;"><br /></div><div class="separator" style="clear: both; text-align: left;">I used the below command to reset the root password and validating the expiry status.</div><div class="separator" style="clear: both; text-align: left;"><br /></div><div class="separator" style="clear: both; text-align: left;"><u>Reset root password of NSX-T manager</u></div><p></p><pre style="background: rgb(255, 255, 255); border: 1px solid rgb(229, 229, 229); box-sizing: border-box; color: #555555; font-size: 0.9em; padding: 0.75em; white-space: pre-wrap;"><span style="box-sizing: border-box;"><span style="font-family: verdana;">set user <username> password <new password> old-password <old-password>
ie:
set user root password VMware1!VMware1!! old-password VMware1!VMware1!</span></span></pre><div class="separator" style="clear: both; text-align: left;"></div><p></p><div class="separator" style="clear: both; text-align: left;"><br /></div><div class="separator" style="clear: both; text-align: left;">After all the above mechanisms validated the NSX-T environment and found all NSX-T managers in good shape and showing in stable status. partition of <u>/var/log</u> is having quite relevant space.</div><div class="separator" style="clear: both; text-align: center;"><br /></div><div class="separator" style="clear: both; text-align: center;"><br /></div><div class="separator" style="clear: both; text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjlyWb_bDDIx2kYAipBIEIvQnuU-U2nBUbnlBMAh_NCvVhfOMgnpibGnF8xYRLXxQI9oo27RGhZXXiMLwHbeREAug6WKISIyAFSKtDjagwQz0cwZFV7FdJo0NMrhwgHEVKNTdkEsjs33vE/s924/NSX-TVAR%253ALOGSTABLE.png" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="322" data-original-width="924" height="220" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjlyWb_bDDIx2kYAipBIEIvQnuU-U2nBUbnlBMAh_NCvVhfOMgnpibGnF8xYRLXxQI9oo27RGhZXXiMLwHbeREAug6WKISIyAFSKtDjagwQz0cwZFV7FdJo0NMrhwgHEVKNTdkEsjs33vE/w625-h220/NSX-TVAR%253ALOGSTABLE.png" width="625" /></a></div><div class="separator" style="clear: both; text-align: center;">Figure:5</div><div class="separator" style="clear: both; text-align: left;"><br /></div><div class="separator" style="clear: both; text-align: left;">Now, curiosity increases to identify the root cause of the issue where SYSLOG was unable to rotate from log time.</div><div class="separator" style="clear: both; text-align: left;"><br /></div><div class="separator" style="clear: both; text-align: left;"><span style="font-family: inherit;">To get more information I referred</span> the logrotate file under <i>/etc/logrotate.conf</i></div><div class="separator" style="clear: both; text-align: left;"><br /></div><div class="separator" style="clear: both; text-align: left;">l<u>ogrotate.conf</u></div><div class="separator" style="clear: both; text-align: left;"><span><b><span style="font-family: Helvetica Neue;">#</span><span style="font-family: courier;">user the syslog group by default, since this is the owning group</span></b></span></div><div class="separator" style="clear: both; text-align: left;"><span style="font-family: courier;"><b># of /var/log/syslog.</b></span></div><div class="separator" style="clear: both; text-align: left;"><span style="font-family: courier;"><b>Su root syslog</b></span></div><p></p><div class="separator" style="clear: both;"><p class="p1" style="font-stretch: normal; font-variant-east-asian: normal; font-variant-numeric: normal; line-height: normal; margin: 0px;"><span style="font-family: inherit;">As per the above Logrotate.conf snippets, It states that the Syslog rotation was owned by the Root user.</span></p><p class="p1" style="font-stretch: normal; font-variant-east-asian: normal; font-variant-numeric: normal; line-height: normal; margin: 0px;"><span style="font-family: inherit; font-size: medium;"><br /></span></p><p class="p1" style="font-stretch: normal; font-variant-east-asian: normal; font-variant-numeric: normal; line-height: normal; margin: 0px; text-align: justify;"><span style="font-family: inherit; font-size: medium;"><span style="font-size: medium;">The log rotate runs as a CRON daily task, executed by the "root" user. Since the Root password had expired, the daily log rotation CRON job was failed to authenticate for the rotation.</span></span></p><p class="p1" style="font-stretch: normal; font-variant-east-asian: normal; font-variant-numeric: normal; line-height: normal; margin: 0px; text-align: justify;"><span style="font-family: inherit; font-size: medium;"><span style="font-size: medium;"><br /></span></span></p><p class="p1" style="font-stretch: normal; font-variant-east-asian: normal; font-variant-numeric: normal; line-height: normal; margin: 0px; text-align: justify;"><span style="font-family: inherit; font-size: medium;">The log rotation runs as a CRON daily task, executed by the ‘root’ user. Since the root password expired, the daily log rotation CRON job was failing to authenticate.</span></p><p class="p1" style="font-stretch: normal; font-variant-east-asian: normal; font-variant-numeric: normal; line-height: normal; margin: 0px; text-align: justify;"><span style="font-family: inherit; font-size: medium;">logrotate.conf</span></p><p class="p1" style="font-stretch: normal; font-variant-east-asian: normal; font-variant-numeric: normal; line-height: normal; margin: 0px; text-align: justify;"><span style="font-family: inherit; font-size: medium;"><br /></span></p><p class="p1" style="font-stretch: normal; font-variant-east-asian: normal; font-variant-numeric: normal; line-height: normal; margin: 0px; text-align: justify;"><span style="font-family: inherit; font-size: medium;">All the above logs state that the issue with unstable of NSX-T is due to /var/log full occupancy by 100% and that's because unable to rotate the syslog. As logrotate.conf for syslog was governed by root partition and in this case root partition was expired and confirm the root cause of this issue.</span></p><p class="p1" style="font-stretch: normal; font-variant-east-asian: normal; font-variant-numeric: normal; line-height: normal; margin: 0px;"><span style="font-family: inherit;"><br /></span></p><p class="p1" style="font-family: "helvetica neue"; font-stretch: normal; font-variant-east-asian: normal; font-variant-numeric: normal; line-height: normal; margin: 0px;"><span class="s1" style="text-decoration-line: underline;"><b>Auth.log</b></span></p><p class="p1" style="font-size: 12px; font-stretch: normal; font-variant-east-asian: normal; font-variant-numeric: normal; line-height: normal; margin: 0px;"><b><span style="font-family: courier;"><87>1 0000-00-00T10:34:01.345432_00+00 <a href="http://nxt000010.virtualvmx.com"><span class="s2" style="color: #dca10d;">nsxt000010.virtualvmx.com</span></a> CRON 5324—pam_unix{cron:account_:exipred password for user root (password aged)</span></b></p><p class="p1" style="font-size: 12px; font-stretch: normal; font-variant-east-asian: normal; font-variant-numeric: normal; line-height: normal; margin: 0px;"><b><span style="font-family: courier;"><87>1 0000-00-00T10:34:01.494949_00+00 <a href="http://nxt000010.virtualvmx.com"><span class="s2" style="color: #dca10d;">nsxt000010.virtualvmx.com</span></a> CRON 3423—pam_unix{cron:account_:exipred password for user root (password aged)</span></b></p><p class="p1" style="font-size: 12px; font-stretch: normal; font-variant-east-asian: normal; font-variant-numeric: normal; line-height: normal; margin: 0px;"><b><span style="font-family: courier;"><87>1 0000-00-00T10:34:01.928345_00+00 <a href="http://nxt000010.virtualvmx.com"><span class="s2" style="color: #dca10d;">nsxt000010.virtualvmx.com</span></a> CRON 8765—pam_unix{cron:account_:exipred password for user root (password aged)</span></b></p><p class="p1" style="font-size: 12px; font-stretch: normal; font-variant-east-asian: normal; font-variant-numeric: normal; line-height: normal; margin: 0px;"><b><span style="font-family: courier;"><87>1 0000-00-00T10:34:01.492823_00+00 <a href="http://nxt000010.virtualvmx.com"><span class="s2" style="color: #dca10d;">nsxt000010.virtualvmx.com</span></a> CRON 4323—pam_unix{cron:account_:exipred password for user root (password aged)</span></b></p><p class="p1" style="font-size: 12px; font-stretch: normal; font-variant-east-asian: normal; font-variant-numeric: normal; line-height: normal; margin: 0px;"><b><span style="font-family: courier;"><87>1 0000-00-00T10:34:01.492384_00+00 <a href="http://nxt000010.virtualvmx.com"><span class="s2" style="color: #dca10d;">nsxt000010.virtualvmx.com</span></a> CRON 7665—pam_unix{cron:account_:exipred password for user root (password aged)</span></b></p><p class="p1" style="font-size: 12px; font-stretch: normal; font-variant-east-asian: normal; font-variant-numeric: normal; line-height: normal; margin: 0px;"><b><span style="font-family: courier;"><87>1 0000-00-00T10:34:01.492838_00+00 <a href="http://nxt000010.virtualvmx.com"><span class="s2" style="color: #dca10d;">nsxt000010.virtualvmx.com</span></a> CRON 4827—pam_unix{cron:account_:exipred password for user root (password aged)</span></b></p><p class="p1" style="font-family: "helvetica neue"; font-size: 12px; font-stretch: normal; font-variant-east-asian: normal; font-variant-numeric: normal; line-height: normal; margin: 0px;"><br /></p><p class="p1" style="font-stretch: normal; font-variant-east-asian: normal; font-variant-numeric: normal; line-height: normal; margin: 0px;"><br /></p><p class="p1" style="font-stretch: normal; font-variant-east-asian: normal; font-variant-numeric: normal; line-height: normal; margin: 0px; text-align: justify;"><span style="font-size: large;">All the above logs state that the issue with unstable of NSX-T is due to /var/log full occupancy by 100% and that's because unable to rotate the syslog. As logrotate.conf for syslog was governed by root partition and in this case root partition was expired and confirm the root cause of this issue.</span></p><p class="p1" style="font-stretch: normal; font-variant-east-asian: normal; font-variant-numeric: normal; line-height: normal; margin: 0px;"><span style="font-family: inherit;"><br /></span></p><p class="p1" style="font-stretch: normal; font-variant-east-asian: normal; font-variant-numeric: normal; line-height: normal; margin: 0px;"><span style="font-family: inherit;"><br /></span></p><p class="p1" style="font-stretch: normal; font-variant-east-asian: normal; font-variant-numeric: normal; line-height: normal; margin: 0px;"><span style="font-family: inherit;">One can validate the root password in NSX-T using the below command.</span></p><p class="p1" style="font-stretch: normal; font-variant-east-asian: normal; font-variant-numeric: normal; line-height: normal; margin: 0px;"><br /></p><pre style="background: rgb(255, 255, 255); border: 1px solid rgb(229, 229, 229); box-sizing: border-box; color: #555555; font-size: 0.9em; padding: 0.75em; white-space: pre-wrap;"><span style="font-family: verdana;"><span style="box-sizing: border-box;">get user <username> password-expiation</span>
<span style="box-sizing: border-box;">ie:</span>
<span style="box-sizing: border-box;">get user root password-expiration</span></span></pre><p class="p1" style="font-stretch: normal; font-variant-east-asian: normal; font-variant-numeric: normal; line-height: normal; margin: 0px;"><br /></p><p class="p1" style="font-stretch: normal; font-variant-east-asian: normal; font-variant-numeric: normal; line-height: normal; margin: 0px;">So, Its quite important to validate the root password expiration to avoid this kind of scenario into your environment.</p></div><p></p><div class="separator" style="clear: both; text-align: left;"><br /></div><div class="separator" style="clear: both; text-align: left;"><br /></div><div class="separator" style="clear: both; text-align: left;"><br /></div><div class="separator" style="clear: both; text-align: left;"><br /></div><p><br /></p><br /><div class="separator" style="clear: both; text-align: center;"><br /></div><div class="separator" style="clear: both; text-align: center;"><br /></div><div class="separator" style="clear: both; text-align: left;"><br /></div><br /><div class="separator" style="clear: both; text-align: left;"><br /></div><div class="separator" style="clear: both; text-align: left;"><br /></div><br /><p></p><p><br /></p><p><br /></p><p><br /></p><p><br /></p><p><br /></p><p><br /></p><p><br /></p>Sachin Bhardwajhttp://www.blogger.com/profile/00246998315096670256noreply@blogger.com0tag:blogger.com,1999:blog-7301826463672350299.post-23518482054674152302020-08-10T02:20:00.006+05:302020-09-13T02:07:54.126+05:30IDS/IPS (Intrusion Detection System) & (Intrusion Prevention System)<h3 style="text-align: left;"> IDS (Intrusion Detection System)</h3><p style="text-align: justify;">As its name suggest that it's designed to detect malicious or suspicious activity in the network by scanning data packets and monitoring the network traffic. It detects packet forwarding if its a good or bad packet where bad packet determines of malicious threats or any kind of risk.</p><p style="text-align: justify;">It generates logs to identify suspicious activity.</p><p style="text-align: justify;">It can not prevent malicious threats or attacks from inside the environment or outside, the aim behind the design the IDS to give warnings of that suspicious or malicious activity or threats to the system administrators or security/network admin.</p><p style="text-align: justify;">It continuously monitors and analyzes the incident, violations, and threats which may be breaking the network security.</p><div class="separator" style="clear: both;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhkDxm0JQOSyHXR_uly7KK1bbpw-PIC8lKMt5Ih-0mxm-c0oMkTCvfSOhbPTjUlaTgHPokCxOF7A98-vfZUckaoGJfbBl4ekK_JODYtLO3j6W6QoZa-7ZHzqJKyWm70N08Nnec8u8cA3kA/s750/Screenshot+2020-08-10+at+2.16.56+AM.png" style="display: block; padding: 1em 0px; text-align: justify;"><img border="0" data-original-height="290" data-original-width="750" height="124" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhkDxm0JQOSyHXR_uly7KK1bbpw-PIC8lKMt5Ih-0mxm-c0oMkTCvfSOhbPTjUlaTgHPokCxOF7A98-vfZUckaoGJfbBl4ekK_JODYtLO3j6W6QoZa-7ZHzqJKyWm70N08Nnec8u8cA3kA/w320-h124/Screenshot+2020-08-10+at+2.16.56+AM.png" width="320" /></a><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhkDxm0JQOSyHXR_uly7KK1bbpw-PIC8lKMt5Ih-0mxm-c0oMkTCvfSOhbPTjUlaTgHPokCxOF7A98-vfZUckaoGJfbBl4ekK_JODYtLO3j6W6QoZa-7ZHzqJKyWm70N08Nnec8u8cA3kA/s750/Screenshot+2020-08-10+at+2.16.56+AM.png" style="display: block; padding: 1em 0px;">Credit: pngio.com</a></div><p><br /></p><h3 style="text-align: left;">IPS (Intrusion Prevention System)</h3><p style="text-align: justify;">Its is designed to prevent the malicious or suspicious threat and activities which are detected by IPS in the network.</p><p style="text-align: justify;">Its design to block suspicious and malicious activities and threats before it develops and succeeds.</p><p style="text-align: justify;">By using security policies and rules one can configure it in the environment.</p><p style="text-align: justify;"><br /></p><p style="text-align: justify;">IDS/IPS feature can be leverage from hardware-based security devices like (Firewall) or Host-based application (Network security application like NSX-T IPS/IDS for the distributed environment and application-specific) to secure the network & endpoint security</p><p style="text-align: justify;">In my next post, I'll be discussing more on NSX-T IPS/IDS methodology as a host-based application.</p>Sachin Bhardwajhttp://www.blogger.com/profile/00246998315096670256noreply@blogger.com2tag:blogger.com,1999:blog-7301826463672350299.post-4613055120329090592020-08-07T22:46:00.008+05:302020-08-08T01:14:22.548+05:30NSX-T Manager Node Recovery <p>In the NSX-T environment, there were scenarios where it's required to bring down the manager node instances off from the cluster due to several abnormal reasons.</p><p>Scenarios like if there were some issues during the upgrade of the manager node instance or having any abnormal circumstances where is node unable to recover from NSX-T Manager UI. </p><p>To recover/replace the node from the manager cluster its require to attempt with the <u>manual process</u>.</p><div class="separator" style="clear: both;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhTyHtmXU4XpuqG1zA6Y3ieLDo5UueK-pBF-fqTKBZb8-NFtbJRk2G_MO3GkhyphenhyphenBd2qPue8K1XsqKSvu3jDpe9-yNASb0ypJOPnSYXAAoQP-wNW8xEWzUeHjdgvWcup1vGUn4Y4oqLdiZqA/s650/Screenshot+2020-08-07+at+11.27.21+PM.png" style="display: block; padding: 1em 0px;"><img border="0" data-original-height="614" data-original-width="650" height="189" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhTyHtmXU4XpuqG1zA6Y3ieLDo5UueK-pBF-fqTKBZb8-NFtbJRk2G_MO3GkhyphenhyphenBd2qPue8K1XsqKSvu3jDpe9-yNASb0ypJOPnSYXAAoQP-wNW8xEWzUeHjdgvWcup1vGUn4Y4oqLdiZqA/w200-h189/Screenshot+2020-08-07+at+11.27.21+PM.png" width="200" /></a></div><p>Let's discuss the manual path to recover/Replace a Manager Node in the Cluster.</p><p>1) Login to NSX-T manager using CLI</p><p>2) Use command '<b>get cluster status</b>'</p><p>This command will list all the NSX-T manager/controllers nodes into the cluster.</p><p>Find the UUID of the existing node and Cluster to identify the node which requires recover/replace.</p><div class="separator" style="clear: both;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjMWfD49HXdDEn4VaXz_fcxs6i1XyisSD72wd76sluoMO-fe8RwXYbvRxot_ufQE8vULodi0OhrE-nJ3lrdqKOsGzZpgf3g_xM-M9otTr4WhkJ8jzPERssLZgqcCNubKsz6Hls76Z6XPTE/s1662/Screenshot+2020-08-07+at+9.56.36+PM.png" style="display: block; padding: 1em 0px;"><img border="0" data-original-height="426" data-original-width="1662" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjMWfD49HXdDEn4VaXz_fcxs6i1XyisSD72wd76sluoMO-fe8RwXYbvRxot_ufQE8vULodi0OhrE-nJ3lrdqKOsGzZpgf3g_xM-M9otTr4WhkJ8jzPERssLZgqcCNubKsz6Hls76Z6XPTE/s640/Screenshot+2020-08-07+at+9.56.36+PM.png" width="640" /></a></div><p>3) Now that we have identifying the manager node ID from the above command, its time to detect the node from the cluster. </p><p>Using <b>detach node command "node id" </b>will remove the node from the cluster.</p><p>This process will delete that specific node completely from the cluster and NSX-T enviornment.</p><div class="separator" style="clear: both;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhGRyTI-M0JKAYN_L1C5CqMsftksyKgyYqUqv4I4SJrIxCgbFSKtp80MjQ039X8jbLFfV12AV16hl0y0DIvDY4s0wuqV07brNnkDYikaeoKX5m2V9NBDfgGFowjlcz1CaUUkd6VWn5XcuM/s1044/Screenshot+2020-08-07+at+9.56.52+PM.png" style="display: block; padding: 1em 0px;"><img border="0" data-original-height="90" data-original-width="1044" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhGRyTI-M0JKAYN_L1C5CqMsftksyKgyYqUqv4I4SJrIxCgbFSKtp80MjQ039X8jbLFfV12AV16hl0y0DIvDY4s0wuqV07brNnkDYikaeoKX5m2V9NBDfgGFowjlcz1CaUUkd6VWn5XcuM/s640/Screenshot+2020-08-07+at+9.56.52+PM.png" width="640" /></a></div><div class="separator" style="clear: both;">Now once you deploy a new NSX-T manager node, its require to add the node into the cluster.</div><div class="separator" style="clear: both;"><br /></div><div class="separator" style="clear: both;">4) To add the node manually its require to know the API thumbprint certificate of the cluster to associate the node with the cluster</div><div class="separator" style="clear: both;"><br /></div><div class="separator" style="clear: both;">Using <b>get certificate api thumbprint</b> will get the certificate api.</div><div class="separator" style="clear: both;"><div class="separator" style="clear: both;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjpyhnLdzN-8Mqj-Khf-bgawZ6Wr1R3nyxKZePW42Z_-Xf3NXXmCbkFAIciCUXzr-N67_enuDzR_lq-LgxhA6ilAs0GB4PL5QCSoXq0K4WArcZuSKYSBP3shg_xQz_Hprn8KwefbmC0xcA/s1454/Screenshot+2020-08-07+at+11.19.15+PM.png" style="display: block; padding: 1em 0px;"><img border="0" data-original-height="94" data-original-width="1454" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjpyhnLdzN-8Mqj-Khf-bgawZ6Wr1R3nyxKZePW42Z_-Xf3NXXmCbkFAIciCUXzr-N67_enuDzR_lq-LgxhA6ilAs0GB4PL5QCSoXq0K4WArcZuSKYSBP3shg_xQz_Hprn8KwefbmC0xcA/s640/Screenshot+2020-08-07+at+11.19.15+PM.png" width="640" /></a></div></div><div class="separator" style="clear: both;"><br /></div><div class="separator" style="clear: both;">5) Now, once we get the API thumbprint certificate, we can add the node using the node ID with API thumbprint certificate.</div><div class="separator" style="clear: both;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjj5Pta-SODaFetStV84t8bNi3ATaxwtjAcyMtRe7PuSUNwh9YMsOqP-CB-3Z8WIuLlJjhObLxgrgX2pMZByoRtKZAHQLVF-8JVRl4NceTUUkD5aapglTZJ7jhWS0FyB-15_4-uC58zPTo/s2268/Screenshot+2020-08-07+at+11.20.20+PM.png" style="display: block; padding: 1em 0px;"><img border="0" data-original-height="144" data-original-width="2268" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjj5Pta-SODaFetStV84t8bNi3ATaxwtjAcyMtRe7PuSUNwh9YMsOqP-CB-3Z8WIuLlJjhObLxgrgX2pMZByoRtKZAHQLVF-8JVRl4NceTUUkD5aapglTZJ7jhWS0FyB-15_4-uC58zPTo/s640/Screenshot+2020-08-07+at+11.20.20+PM.png" width="640" /></a></div><div class="separator" style="clear: both;"><div class="separator" style="clear: both;">This will successfully add the new node into the NSX-T Cluster in full motion.</div><div class="separator" style="clear: both;"><br /></div><div class="separator" style="clear: both;">6) Here, we need to identify which manager node is the orchestrator node within the cluster.</div><div class="separator" style="clear: both;"> It is a self-contained web application that
orchestrates the upgrade process of hosts, NSX Controller cluster, and Management
plane.</div><div class="separator" style="clear: both;"><br /></div><div class="separator" style="clear: both;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiyNl6lADBllpjH7eZPWDMa0nCt-u6OFRjrtW0bb7elVsloLJ2NmLvyYf3r_sR0ftkYhb4oxlA7iMofyby1M9wcMM0LxjmLnHiKQtkz2Lh7R7VKQYjxtF620qaIeulYx8HQWp9W9ZYVenE/s1524/Screenshot+2020-08-07+at+11.13.20+PM.png" style="display: block; padding: 1em 0px;"><img border="0" data-original-height="592" data-original-width="1524" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiyNl6lADBllpjH7eZPWDMa0nCt-u6OFRjrtW0bb7elVsloLJ2NmLvyYf3r_sR0ftkYhb4oxlA7iMofyby1M9wcMM0LxjmLnHiKQtkz2Lh7R7VKQYjxtF620qaIeulYx8HQWp9W9ZYVenE/s640/Screenshot+2020-08-07+at+11.13.20+PM.png" width="640" /></a></div><div class="separator" style="clear: both;"><br /></div><div class="separator" style="clear: both;">Users can check which node is orchestrator node by running CLI "<b>get service install-upgrade</b>". The IP of the orchestrator node will be shown in the "Enabled-on" output.</div><div class="separator" style="clear: both;"><br /></div><div class="separator" style="clear: both;">"<b>set repository-ip</b>' will make a manager node the orchestrator node. It is needed if the node on which install-upgrade server is enabled (orchestrator node) is being detached from MP Cluster. </div><div class="separator" style="clear: both;"><br /></div><div class="separator" style="clear: both;"><br /></div><div class="separator" style="clear: both;">Note: Changing the IP address of the Manager Node needs to follow the same procedure.</div><div class="separator" style="clear: both;"><br /></div><div class="separator" style="clear: both;">This conclude the process to add the NSX-T manager/controller node into the cluster using the manual method.</div><div class="separator" style="clear: both;"><br /></div><div class="separator" style="clear: both;">If you like the contents of this article then please share it further on the social platforms. :)</div><div class="separator" style="clear: both;"><br /></div><div class="separator" style="clear: both;"><br /></div><div class="separator" style="clear: both;"><br /></div><div class="separator" style="clear: both;"><br /></div></div>Sachin Bhardwajhttp://www.blogger.com/profile/00246998315096670256noreply@blogger.com0tag:blogger.com,1999:blog-7301826463672350299.post-4654509011724524642020-04-13T19:01:00.004+05:302020-04-13T22:12:06.024+05:30NSX-T Datacenter Firewall<div dir="ltr" style="text-align: left;" trbidi="on">
<br />
In NSX-T we have two types of firewall which we will discuss into this post.<br />
<h2 style="text-align: left;">
<br />
1) Distributed firewall<br />2) Gateway firewall</h2>
<br />
Lets talk about one by one..<br />
<h3 style="text-align: left;">
1) Distributed firewall:</h3>
<br />
<div style="text-align: justify;">
A distributed firewall hosted at the host (hypervisor) level which is kernel-embedded statefull firewall. This kind of firewall mostly used in between the transport nodes or you can say within in east-west network.</div>
<div style="text-align: justify;">
<br /></div>
<div style="text-align: justify;">
Basically distributed firewall helps protecting the virtual machine at the virtual machine level from the hacking attack.</div>
<div style="text-align: justify;">
<br /></div>
<div style="text-align: justify;">
Many people have a question like , if we have perimeter firewall at the physical layer to protect the network then why we require a firewall (distributed firewall) at the VM level......<br />
<br /></div>
<div style="text-align: justify;">
To answer this question, Yes many of you are correct that perimeter firwall is there to protect the network at the top level. However, there are some attach which directly attach at the VM level like attach from USB drive, phishing emails and advertisements attracts.<br />
<br /></div>
<div style="text-align: justify;">
To protect at VM level kind of attach its quite essential to deploy something which is (distributed firewall) in case of NSX-T.</div>
<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjzmi5VeOKI_1DtpYLEZggGVC-mOtLjbO1h5NHsG1IdZFVEOuU-RChwwmWLZ89ADPXVVxH2JhO4mbd5TNbtbtUchTWu87HqUcLytmpXfSjH_Ko0C7SFl52vngj0WOBw_OtKw_CPIanNlIw/s1600/distributed_firewall.JPG" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="699" data-original-width="695" height="320" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjzmi5VeOKI_1DtpYLEZggGVC-mOtLjbO1h5NHsG1IdZFVEOuU-RChwwmWLZ89ADPXVVxH2JhO4mbd5TNbtbtUchTWu87HqUcLytmpXfSjH_Ko0C7SFl52vngj0WOBw_OtKw_CPIanNlIw/s320/distributed_firewall.JPG" width="318" /></a></div>
<div class="separator" style="clear: both; text-align: center;">
Fig:1 Distributed firewall flow</div>
<br />
Lets point some of the highlights of distributed firewall.<br />
<br />
<ul style="text-align: left;">
<li style="text-align: justify;">It resides outside the VM guest OS.</li>
<li style="text-align: justify;">It control the I/O path and from the nic (vnic). Now, lets say a VM has 4 nics, then in that case distributed firewall will protect all the nics of the VM individually.</li>
<li style="text-align: justify;">It monitor the states of active connection and used this information to traverse the VM vnic.</li>
<li style="text-align: justify;">It validates all the tables (connection and Rules) to validate and compare the packets if connection needed to accept or deny the connection on VM from the firewall.</li>
</ul>
<div>
<div style="text-align: justify;">
<br /></div>
</div>
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhp383ompdBmBc131hb0OYN4tRDB3tIglxp85Plm_s33UVyhyTxSfxA3ER2JStaMABRqPRfbRviyvHAu59ikj9FI4jejgyU5o4AiN33Mzx5BEW9qIzyvXKiIrCHSTJ6pQ5BOF-0kVrevG0/s1600/NSX-T+LOGO.JPG" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="190" data-original-width="456" height="83" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhp383ompdBmBc131hb0OYN4tRDB3tIglxp85Plm_s33UVyhyTxSfxA3ER2JStaMABRqPRfbRviyvHAu59ikj9FI4jejgyU5o4AiN33Mzx5BEW9qIzyvXKiIrCHSTJ6pQ5BOF-0kVrevG0/s200/NSX-T+LOGO.JPG" width="200" /></a></div>
<h3 style="text-align: left;">
2) Gateway firewall</h3>
<div>
<br /></div>
<div>
<div style="text-align: justify;">
Gateway firewall is also knows as perimeter firewall which protect the traffic to and from the physical environment.<br />
<br />
It provide both North-South and East-West connectivity which enables tenants to access the public network, as well as connecting between different network with the same tenants.<br />
<br />
The gateway router is a configured partition of a traditional network hardware router, commonly refereed to as <u>virtual routeing and forwarding</u> (VRF). It replace the hardware functionality create multiple routing domain with single router.<br />
<br />
<br />
<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEidPJvEt9UcmAz0qAHpwciY00TE66WHO1dgTJ7HNbTF0JQU5wLpetrpYHGx9ImuAYBIGmdjRnbrexAKTuexZeBcffP5IqiN-nce_EIb8aDyRcNZ0k3JI_qvoRhC-s6Ws8H9X406fgZLCG4/s1600/gateway+router.JPG" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="498" data-original-width="525" height="303" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEidPJvEt9UcmAz0qAHpwciY00TE66WHO1dgTJ7HNbTF0JQU5wLpetrpYHGx9ImuAYBIGmdjRnbrexAKTuexZeBcffP5IqiN-nce_EIb8aDyRcNZ0k3JI_qvoRhC-s6Ws8H9X406fgZLCG4/s320/gateway+router.JPG" width="320" /></a></div>
<div class="separator" style="clear: both; text-align: center;">
Fig. Gateway router</div>
<div class="separator" style="clear: both; text-align: center;">
<br /></div>
<div class="separator" style="clear: both; text-align: left;">
<br /></div>
<div class="separator" style="clear: both; text-align: left;">
Gateway router perform a subset of the task that can be handled by physical router and each can contain multiple routing instance and routing table.</div>
<div class="separator" style="clear: both; text-align: left;">
<br /></div>
<div class="separator" style="clear: both; text-align: left;">
Using Gateway router can be an efficient way to maximize router usage, because a set of gateway router with a single physical router can perform the operation previously performed by several piece of equipment.</div>
<br /></div>
</div>
<div>
<div style="text-align: justify;">
<br /></div>
</div>
<div>
<div style="text-align: justify;">
Some of the highlights of distributed firewall</div>
</div>
<div>
<ul style="text-align: left;">
<li style="text-align: justify;">It is similar to the port based firewall and applied to Tier-0 and Tier-1 Gateway nodes.</li>
<li style="text-align: justify;">NSX gateway must be backed with NSX Edge Cluster which is combination of 2 or more Edge nodes VM or baremental.</li>
<li style="text-align: justify;">Destination (NAT) and source NAT rules are implemented to uplink and back-plane interface of the service router (SR).</li>
<li style="text-align: justify;">The gateway firewall is implemented only on the uplink of Tier-0 and Tier-1 gateway nodes.</li>
</ul>
<div style="text-align: justify;">
<br /></div>
<div style="text-align: justify;">
<div>
A Gateway router is comprised of up to two components: a distributed router (DR), and optionally one or more service routers (SR).<span style="white-space: pre;"> </span> </div>
<div>
<span style="white-space: pre;"> </span> </div>
<div>
The DR is kernel based and spans hypervisors, providing local routing functions to those VMs that are connected to it, and also exists in any edge nodes the logical router is bound to. Functionally, the DR is responsible for one-hop distributed routing between logical switches and/or Gateway routers connected to this logical router, and functions similar to the distributed logical router (DLR) in earlier viersions of NSX.</div>
<div>
<br /></div>
<div>
The SR is responsible for delivering services that are not currently implemented in a distributed fashion, such as stateful NAT, load balancing, DHCP or VPN services. Service Routers are deployed on the Edge node cluster that is selected when the T0/T1 router is initially configured.</div>
<div>
<br /></div>
<div>
To reiterate, a Gateway router in NSX-T always has an associated DR, regardless of whether it's deployed as a T0 or a T1. It will also have an associated SR created if either of the following is true:</div>
<div>
<br /></div>
<div>
The Gateway router is a Tier-0 router, even if no stateful services are configured</div>
<div>
The Gateway router is a Tier-1 router, is linked to a Tier-0 router, and has services configured that do not have a distributed implementation (such as NAT, LB, DHCP or VPN)</div>
<div>
<br /></div>
<div>
--Happy Learing --- :)</div>
</div>
<div>
<div style="text-align: justify;">
<br /></div>
</div>
</div>
</div>
Sachin Bhardwajhttp://www.blogger.com/profile/00246998315096670256noreply@blogger.com0tag:blogger.com,1999:blog-7301826463672350299.post-73986455611784294102020-04-05T01:05:00.000+05:302020-04-05T01:29:27.290+05:30Dockers.. Basic commandlets<div dir="ltr" style="text-align: left;" trbidi="on">
<br />
In this article we will go through some of the basic commands used in dockers.<br />
<br />
So lets get started.<br />
<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiJXynhfyLxWw6diF7I-Ll1Pppl6D6lpbRv3L7xVJmVSI2VLwjRx75bhtiBSSRn6RzUA4zeqElmH7bucNK5dxrVE-oDMZAsqBFNVaozlSaDrLbn_le-lelwQAYQi0yl-kCwh1M3Gx3_tHg/s1600/docker-icon.PNG" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="354" data-original-width="495" height="228" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiJXynhfyLxWw6diF7I-Ll1Pppl6D6lpbRv3L7xVJmVSI2VLwjRx75bhtiBSSRn6RzUA4zeqElmH7bucNK5dxrVE-oDMZAsqBFNVaozlSaDrLbn_le-lelwQAYQi0yl-kCwh1M3Gx3_tHg/s320/docker-icon.PNG" width="320" /></a></div>
<br />
<h3 style="text-align: left;">
1) <b>docker ps</b></h3>
This command is used to list all the running containers<br />
ie:<br />
$ docker ps<br />
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES<br />
4ba5baace270 couchbase "/entrypoint.sh couc…" 8 seconds ago Up 5 seconds 8091-8096/tcp, 11207/tcp, 11210-11211/tcp, 18091-18096/tcp naughty_hopper<br />
6c1773f25479 nginx "nginx -g 'daemon of…" 5 minutes ago Up 5 minutes 80/tcp compassionate_dijkstra<br />
<br />
<br />
<h3 style="text-align: left;">
2) docker ps -a</h3>
This command list all the container into the docker, whether its in running, stopped or exited.<br />
<br />
$ docker ps -a<br />
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES<br />
<div style="text-align: justify;">
5b0868097f28 ubuntu "/bin/bash" 7 seconds ago Exited (0) 5 seconds ago kind_banach</div>
<div style="text-align: justify;">
158f85fad233 ubuntu "/bin/bash" 51 seconds ago Exited (0) 46 seconds ago amazing_hertz</div>
<div style="text-align: justify;">
4ba5baace270 couchbase "/entrypoint.sh couc…" About a minute ago Up About a minute 8091-8096/tcp, 11207/tcp, 11210-11211/tcp, 18091-18096/tcp naughty_hopper</div>
<div style="text-align: justify;">
6c1773f25479 nginx "nginx -g 'daemon of…" 7 minutes ago Up 7 minutes 80/tcp compassionate_dijkstra</div>
<br />
<br />
<h3 style="text-align: left;">
3) docker images ( Deleting image)</h3>
This command list all the images available into the docker host or system.<br />
<br />
$ docker images<br />
REPOSITORY TAG IMAGE ID CREATED SIZE<br />
nginx latest ed21b7a8aee9 4 days ago 127MB<br />
couchbase latest fe5da7e004db 6 weeks ago 1.17GB<br />
redis latest 857c4ab5f029 8 months ago 98.2MB<br />
weaveworks/scope 1.11.4 a082d48f0b39 8 months ago 78.5MB<br />
ubuntu latest 3556258649b2 8 months ago 64.2MB<br />
alpine latest b7b28af77ffe 8 months ago 5.58MB<br />
<br />
<h3 style="text-align: left;">
<br />4) docker stop... ( Deleting a container)</h3>
This command is used to stop the running container from the docker host or system.<br />
<br />
#First list the images into the local repository.<br />
$ docker ps<br />
<div style="text-align: justify;">
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES</div>
<div style="text-align: justify;">
f8cc904381dc ubuntu "sleep 100" 51 seconds ago Up 50 seconds gracious_dhawan</div>
<div style="text-align: justify;">
4ba5baace270 couchbase "/entrypoint.sh couc…" 11 minutes ago Up 11 minutes 8091-8096/tcp, 11207/tcp, 11210-11211/tcp, 18091-18096/tcp naughty_hopper</div>
<div style="text-align: justify;">
<br /></div>
<br />
Stopping the container with ID f8cc904381dc<span style="white-space: pre;"> </span><br />
<span style="white-space: pre;"> </span><br />
$ docker stop f8cc904381dc<br />
f8cc904381dc<br />
<br />
<h3 style="text-align: left;">
5) docker rm ( Deleting the container)</h3>
This command is specifically used to delete the container or containers.<br />
<br />
$ docker rm f8cc904381dc<br />
f8cc904381dc<br />
<br />
<br />
<h3 style="text-align: left;">
6) Docker rmi ( Deleting images)</h3>
Lets see how many images we have at present.<br />
<br />
$ docker images<br />
REPOSITORY TAG IMAGE ID CREATED SIZE<br />
nginx latest ed21b7a8aee9 4 days ago 127MB<br />
couchbase latest fe5da7e004db 6 weeks ago 1.17GB<br />
redis latest 857c4ab5f029 8 months ago 98.2MB<br />
weaveworks/scope 1.11.4 a082d48f0b39 8 months ago 78.5MB<br />
ubuntu latest 3556258649b2 8 months ago 64.2MB<br />
alpine latest b7b28af77ffe 8 months ago 5.58MB<br />
<br />
Now lets delete redis image<br />
<br />
$ docker rmi redis<br />
Untagged: redis:latest<br />
Untagged: redis@sha256:854715f5cd1b64d2f62ec219a7b7baceae149453e4d29a8f72cecbb5ac51c4ad<br />
Deleted: sha256:857c4ab5f0291ecbb4de238be9d5f9676e63dcc9608f70c8acc3748fe9689911<br />
Deleted: sha256:cf8131ebc8cf48e212a6cba652c19328eb997fa360e59dfc1d5ae4e9841e52d6<br />
Deleted: sha256:ad2aeea9a0026ba9194c4143de8846e93cea2a8851ac1c30b669c0c1040c4798<br />
Deleted: sha256:e7a18a4c63c68b5c3848d87b970aea938032e78a14093b794e3bc8cfac4b3ab7<br />
Deleted: sha256:2de5fabe69e135fd6c8e3ac5d5537d8943b9e964ec3b542eabc3b97ae810a4a2<br />
Deleted: sha256:64c3e67d2d7fdeb252803ce9ed76375c756327bf88cc072b22c0fd1e24a9af2e<br />
Deleted: sha256:d8a33133e477d367977987129313d9072e0ec80894ed4c52c2d88186f354c29a<br />
<br />
Here the "redis" repository is completely deleted from Docker host.<br />
<br />
<h3 style="text-align: left;">
7) Docker pull</h3>
Lets says, if you want to keep some of the images into docker repositories but don't want to install at present. In that case<br />
docker pull comand is quite usefull.<br />
<br />
$ docker pull ubuntu<br />
Using default tag: latest<br />
latest: Pulling from library/ubuntu<br />
5bed26d33875: Pull complete<br />
f11b29a9c730: Pull complete<br />
930bda195c84: Pull complete<br />
78bf9a5ad49e: Pull complete<br />
Digest: sha256:bec5a2727be7fff3d308193cfde3491f8fba1a2ba392b7546b43a051853a341d<br />
Status: Downloaded newer image for ubuntu:latest<br />
<br />
<h3 style="text-align: left;">
8) Docker run</h3>
This command is used to run a containter using images.<br />
<br />
In below example, docker create a container called "redis". Here in this case, the there was no redis images into the repository, this<br />
will download the images if not present in repository and run the container.<br />
<br />
$ docker run redis<br />
Unable to find image 'redis:latest' locally<br />
latest: Pulling from library/redis<br />
c499e6d256d6: Already exists<br />
bf1bc8a5a7e4: Pull complete<br />
7564fb795604: Pull complete<br />
ec6e86f783e4: Pull complete<br />
1371d6223f46: Pull complete<br />
021fd554320f: Pull complete<br />
Digest: sha256:a732b1359e338a539c25346a50bf0a501120c41dc248d868e546b33e32bf4fe4<br />
Status: Downloaded newer image for redis:latest<br />
<br />
<h3 style="text-align: left;">
9) Exec - execute a command</h3>
The "exec" command print the specific result as per given command.<br />
<br />
In below command, exec command print the output of "cat /etc/hosts/<br />
$ docker exec 6c1773f25479 cat /etc/hosts<br />
127.0.0.1 localhost<br />
::1 localhost ip6-localhost ip6-loopback<br />
fe00::0 ip6-localnet<br />
ff00::0 ip6-mcastprefix<br />
ff02::1 ip6-allnodes<br />
ff02::2 ip6-allrouters<br />
172.18.0.2 6c1773f25479<br />
<br />
<h3 style="text-align: left;">
10) Docker run - attach and detach</h3>
Lets run a container called "redis"<br />
<br />
$ docker run redis<br />
1:C 04 Apr 2020 18:57:56.714 # oO0OoO0OoO0Oo Redis is starting oO0OoO0OoO0Oo<br />
1:C 04 Apr 2020 18:57:56.715 # Redis version=5.0.5, bits=64, commit=00000000, modified=0, pid=1, just started<br />
1:M 04 Apr 2020 18:57:56.720 # WARNING you have Transparent Huge Pages (THP) support enabled in your kernel. This will create latency and memory usage issues with Redis. To fix this issue run the command 'echo never > /sys/kernel/mm/transparent_hugepage/enabled' as root, and add it to your /etc/rc.local in order to retain the setting after a reboot. Redis must be restarted after THP is disabled.<br />
1:M 04 Apr 2020 18:57:56.720 * Ready to accept connections<br />
|<br />
<br />
Here, in this command "docker run httpd" the container run infinite as we are unable to execute any other command because there was no $ prompt avaialble to execute new command.<br />
<br />
Now, lets run the same command with detach mode (-d)<br />
$ docker run -d redis<br />
6c2762e502925a8ae9d371749057c41d80c1a91a85b51393e9d173e9d929197f<br />
$<br />
<br />
Using detached mode (-d) the container run at the background and free to execute any new command further.<br />
<br />
<h3 style="text-align: left;">
<br />11) Run - tag</h3>
<br />
Using default "docker run redis" command will install the latest redis version of container. It will pull whatever the latest version is available in docker hub repository.<br />
<br />
$ docker run redis<br />
Unable to find image 'redis:latest' locally<br />
latest: Pulling from library/redis<br />
c499e6d256d6: Pull complete<br />
021fd554320f: Pull complete<br />
Digest: sha256:a732b1359e338a539c25346a50bf0a501120c41dc248d868e546b33e32bf4fe4<br />
Status: Downloaded newer image for <b><u><span style="color: red;">redis:latest</span></u></b><br />
1:C 04 Apr 2020 19:07:55.080 # oO0OoO0OoO0Oo Redis is starting oO0OoO0OoO0Oo<br />
1:M 04 Apr 2020 19:07:55.082 * Ready to accept connections<br />
<br />
We can also run container with specific version of application using TAGS. TAGS can be found from dockerhub repository<br />
<br />
<u>https://hub.docker.com/_/redis</u><br />
<u><br /></u>
<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhtn9-cov17JLGrAUYE5BofW6TUpNAvZtTNRxUNB9QOo8Jfmew8p7sNdbkrxbqMstnILt1hlVOWblqwTMqkGEfSnDqWV1quEyTTYqWgoKnt2rB0viAIyNBx6kpuv_UIX3gWINAFqD4bHE0/s1600/docker-redis.PNG" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="601" data-original-width="1104" height="348" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhtn9-cov17JLGrAUYE5BofW6TUpNAvZtTNRxUNB9QOo8Jfmew8p7sNdbkrxbqMstnILt1hlVOWblqwTMqkGEfSnDqWV1quEyTTYqWgoKnt2rB0viAIyNBx6kpuv_UIX3gWINAFqD4bHE0/s640/docker-redis.PNG" width="640" /></a></div>
<u><br /></u>
<br />
Using below command, we add the tag docker run redis:rc-buster, wehere rc-buster is the tag of version 6.0-rc3<br />
<br />
$ docker run redis:rc-buster<br />
Unable to find image 'redis:rc-buster' locally<br />
rc-buster: Pulling from library/redis<br />
7564fb795604: Already exists<br />
3cd873a7c410: Pull complete<br />
fd94dfb55d0e: Pull complete<br />
Digest: sha256:cd55cd7447488fc644884bfece112c619f7940ac39b03df826c36d0ec84772fc<br />
Status: <u><b>Downloaded newer image for <span style="color: red;">redis:rc-buster</span></b></u><br />
1:C 04 Apr 2020 19:15:42.567 # oO0OoO0OoO0Oo Redis is starting oO0OoO0OoO0Oo<br />
1:C 04 Apr 2020 19:15:42.568 # Redis version=5.9.103, bits=64, commit=00000000, modified=0, pid=1, just started<br />
1:M 04 Apr 2020 19:15:42.569 * Running mode=standalone, port=6379.<br />
<br />
<br />
<br />
<br />
<br />
<br />
<br />
<br />
<br />
<br />
<br />
<br /></div>
Sachin Bhardwajhttp://www.blogger.com/profile/00246998315096670256noreply@blogger.com0tag:blogger.com,1999:blog-7301826463672350299.post-65496572954697305762020-03-10T16:47:00.001+05:302020-03-10T17:01:02.419+05:30Removing NSX-T manager extension from vCenter<div dir="ltr" style="text-align: left;" trbidi="on">
<br />
<br />
<div style="text-align: justify;">
In NSX-T starting from ver 2.4 NSX-T appliance got decoupled from vCenter where now its not mandatory to run NSX-T on vCenter platform only. Now NSX-T can be managed through standalone ESXi host, KVM or through container platform.</div>
<div style="text-align: justify;">
<br /></div>
<div style="text-align: justify;">
As in version 2.4 there is still an option available to connect vCenter to NSX-T using Compute Manager.<br />
<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgPmt8Bq7qZr6SFDEvuZ9HB2YScoPN_nmSs7RWDAMhyXAIKVNX755TSKHTYOaiXDu39Z6_-Y5wZm_TxuZspsIpHR7QW0apJSpOtMvB8kTiTVuYS8A03egFaqRp00fgam8g-WY2G_rqJyPw/s1600/NSX-T+LOGO.PNG" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="249" data-original-width="614" height="128" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgPmt8Bq7qZr6SFDEvuZ9HB2YScoPN_nmSs7RWDAMhyXAIKVNX755TSKHTYOaiXDu39Z6_-Y5wZm_TxuZspsIpHR7QW0apJSpOtMvB8kTiTVuYS8A03egFaqRp00fgam8g-WY2G_rqJyPw/s320/NSX-T+LOGO.PNG" width="320" /></a></div>
<br /></div>
<div style="text-align: justify;">
<br /></div>
<div style="text-align: justify;">
Here in this blog we will learn how we can unregister and register NSX-T extenstion from vCenter in case of any sync or vCenter connectivity issue with NSX-T.</div>
<br />
Lets get started..<br />
<br />
<br />
1) Login to NSX-T UI<br />
<br />
Go to -> System ->Compute Manager<br />
<br />
Here, vCenter is showing in Down status where the status is showing as "Not Registered"<br />
<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgWuJCfnkWIg-OPzGoIGFLbvRP0WxoL5PlAJJUYyg0WpUVf1PT26Sm8XFQaYZQExrYA8pnazFL4gVNH1YP3jc3Bvvb807NN0aagT9j3FJBseyuUivVO9QzDd5LM9qXqcNr6mbRlXVvgoM0/s1600/vcenter-showing-notregister.PNG" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="478" data-original-width="1600" height="190" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgWuJCfnkWIg-OPzGoIGFLbvRP0WxoL5PlAJJUYyg0WpUVf1PT26Sm8XFQaYZQExrYA8pnazFL4gVNH1YP3jc3Bvvb807NN0aagT9j3FJBseyuUivVO9QzDd5LM9qXqcNr6mbRlXVvgoM0/s640/vcenter-showing-notregister.PNG" width="640" /></a></div>
<br />
<br />
<br />
<br />
<br />
2) When we click on "Not Registered" option its states below error.<br />
<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgB1YMjnex4wDCGGZmMlr7kpt_KMtOsrQnUWr7spspTYNXuKtLkTx4HcHKh6xkNHjh-dCBnrN_R1L31QZQ6Kz5thPzd0nWjHwlS7K6Z18hlUFhrGuegWT12EGQREjog-ecsX8MYgVaoQP8/s1600/step-3-trying+to+resolve.PNG" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="369" data-original-width="526" height="448" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgB1YMjnex4wDCGGZmMlr7kpt_KMtOsrQnUWr7spspTYNXuKtLkTx4HcHKh6xkNHjh-dCBnrN_R1L31QZQ6Kz5thPzd0nWjHwlS7K6Z18hlUFhrGuegWT12EGQREjog-ecsX8MYgVaoQP8/s640/step-3-trying+to+resolve.PNG" width="640" /></a></div>
<br />
<div class="separator" style="clear: both; text-align: left;">
<br /></div>
<div class="separator" style="clear: both; text-align: left;">
3) When try to click on Resolve option its states below.</div>
<div class="separator" style="clear: both; text-align: left;">
<br /></div>
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhd1azvTOTn7WnR27bQRM9lnzCjOc-WVMU75cKGvZ7ZngcI-WqQLq2DXfqP7T6iimkz3Lel9uwpCc_nBWIBKWqQrMV1ZNOHiVvtdqEA3RZanT9UanZmfkZ30Hqq1O_m0mHWTMPSafXZYKU/s1600/resolve-error.PNG" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="296" data-original-width="534" height="354" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhd1azvTOTn7WnR27bQRM9lnzCjOc-WVMU75cKGvZ7ZngcI-WqQLq2DXfqP7T6iimkz3Lel9uwpCc_nBWIBKWqQrMV1ZNOHiVvtdqEA3RZanT9UanZmfkZ30Hqq1O_m0mHWTMPSafXZYKU/s640/resolve-error.PNG" width="640" /></a></div>
<div class="separator" style="clear: both; text-align: left;">
<br /></div>
<div class="separator" style="clear: both; text-align: left;">
<br /></div>
<div class="separator" style="clear: both; text-align: justify;">
At this stage if the Resolve option doesn't work then its require the remove the NSX-T extenstion from vCenter.</div>
<div class="separator" style="clear: both; text-align: justify;">
<br /></div>
<h3 style="clear: both; text-align: justify;">
To remove the NSX-T extenstion from vCenter please use below steps.</h3>
<ul style="text-align: left;">
<li>Login to vCenter using "https://vCenterFQDN/mob</li>
<li>Click on "Content" under Properties</li>
</ul>
<br />
<ul style="text-align: left;"></ul>
<div class="separator" style="clear: both; text-align: left;">
</div>
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhlfzJqfe4F247VARaLkbkwjxZj00H4uq4cTcojV1tJyrAQfAf7NaSqenj_MabwiFp3BgMCNBSY8YtcQ_9KSO95WJc6h5I5IWACOtpOb7WE-3yqXHQCFmiUZow0H82lHvQ3IE2kzugf7sk/s1600/mob+step1.PNG" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="513" data-original-width="622" height="526" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhlfzJqfe4F247VARaLkbkwjxZj00H4uq4cTcojV1tJyrAQfAf7NaSqenj_MabwiFp3BgMCNBSY8YtcQ_9KSO95WJc6h5I5IWACOtpOb7WE-3yqXHQCFmiUZow0H82lHvQ3IE2kzugf7sk/s640/mob+step1.PNG" width="640" /></a></div>
<div class="separator" style="clear: both; text-align: left;">
</div>
<ul style="text-align: left;">
<li>Click on ExtensionManger</li>
</ul>
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgN89DU4o6iVzJrUqzbfVXIDpkDtFJPJIhSqDrwzDDOWiEi0EXNePK6lw6yJdZkn83EdQq1zv855Ji_ASl6kArv3I9AjTZwl4fIUpZj_cyNHsJSxe6vFlQFxthhviLZ5e92rceI_EEnFBU/s1600/extension+manager.PNG" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="624" data-original-width="979" height="406" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgN89DU4o6iVzJrUqzbfVXIDpkDtFJPJIhSqDrwzDDOWiEi0EXNePK6lw6yJdZkn83EdQq1zv855Ji_ASl6kArv3I9AjTZwl4fIUpZj_cyNHsJSxe6vFlQFxthhviLZ5e92rceI_EEnFBU/s640/extension+manager.PNG" width="640" /></a></div>
<div>
<br /></div>
<br />
<div>
<div style="text-align: left;">
<ul style="text-align: left;">
<li>Click on more... to expend extension to view nsx-extension.</li>
</ul>
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEi0TU6yRdREWttbsgydez1h1i0Qzquw-cMrdrcP82VSBXpABH-X_lpS9azkU7KpJzna9SVVjTGKhKNbBCRlCpNrAwE6qK_b6iHqLla4QVRol0_rsqXK3lw7uPMWtHGwcDj6V3n44VtWUAY/s1600/extension+manager-more.PNG" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="624" data-original-width="807" height="494" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEi0TU6yRdREWttbsgydez1h1i0Qzquw-cMrdrcP82VSBXpABH-X_lpS9azkU7KpJzna9SVVjTGKhKNbBCRlCpNrAwE6qK_b6iHqLla4QVRol0_rsqXK3lw7uPMWtHGwcDj6V3n44VtWUAY/s640/extension+manager-more.PNG" width="640" /></a></div>
<div class="separator" style="clear: both; text-align: left;">
</div>
<ul style="text-align: left;">
<li>Click on nsx extension "extensionList["com.vmware.nix.management.nsxt"]</li>
</ul>
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEj25V84jXIAJkhnL5NpYNM8s2eNZJ7OBMOfmIaYDMfNuUO-uhezzGaHq4WCI6Ggpg0gCwYDRzZDZDR_oK2Cb2bR_8nmcVQTJtWajmxO9K7LXbIMz0fAX55oqKmMgMqK0yAyirlio5vtumQ/s1600/nsx-extension+select.PNG" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="619" data-original-width="800" height="494" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEj25V84jXIAJkhnL5NpYNM8s2eNZJ7OBMOfmIaYDMfNuUO-uhezzGaHq4WCI6Ggpg0gCwYDRzZDZDR_oK2Cb2bR_8nmcVQTJtWajmxO9K7LXbIMz0fAX55oqKmMgMqK0yAyirlio5vtumQ/s640/nsx-extension+select.PNG" width="640" /></a></div>
<div>
<br /></div>
<div>
<ul style="text-align: left;">
<li>validate the key String value.</li>
<li>Copy the highlighted value nsx manager and next step in invoke process.</li>
</ul>
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjl74U9_h6towKuS8Lxqnp5sBq28h6v6PsIps9YnqK8Ro1DO0mym0_9UtF-s5Iz46MEvwjsqg40zZFNR1YGObBIOvaWzt-R2q2axJrEmNk1NlAM0ZU-aDBVkYuJRomL13v8eWvTd_DbwSo/s1600/nsx-mgr-string.PNG" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="683" data-original-width="717" height="608" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjl74U9_h6towKuS8Lxqnp5sBq28h6v6PsIps9YnqK8Ro1DO0mym0_9UtF-s5Iz46MEvwjsqg40zZFNR1YGObBIOvaWzt-R2q2axJrEmNk1NlAM0ZU-aDBVkYuJRomL13v8eWvTd_DbwSo/s640/nsx-mgr-string.PNG" width="640" /></a></div>
</div>
<div>
<ul style="text-align: left;">
<li>Go back to Home page and again click content -> ExtensionManager.</li>
<li>Click on unregister Extension.</li>
</ul>
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjpL2VZql6o81IoWUkriyvAinDTU14vNKfjKwD7-tqcTEgvCSPeqTojpFsDto_pzfufW6uzusdZP0IZMyq9rbfh4kbdmtkiqMeAviTdY4gCPSnlg8Xc1HdcG1Y8v7sZCKxMfF4HMYMptqQ/s1600/unregister-extension-screenshot.PNG" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="630" data-original-width="759" height="530" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjpL2VZql6o81IoWUkriyvAinDTU14vNKfjKwD7-tqcTEgvCSPeqTojpFsDto_pzfufW6uzusdZP0IZMyq9rbfh4kbdmtkiqMeAviTdY4gCPSnlg8Xc1HdcG1Y8v7sZCKxMfF4HMYMptqQ/s640/unregister-extension-screenshot.PNG" width="640" /></a></div>
<div class="separator" style="clear: both; text-align: left;">
</div>
<ul style="text-align: left;">
<li>Paste the value which we copied in previous step to invoke.</li>
</ul>
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgXGqUQzAckzqh7mMIYnmqYhufqSFOLy0kJhONSXbkImGWnA1rUHgRYgJ3vTy9vOm1-DOGMUGdCNkaVnpcbCIz9luHVaaxpR25mV8oTXhA0uzonRfHgWiXrL6mlDDCSVUVt8Qn0o6FHufg/s1600/invoke-nsxstring.PNG" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="401" data-original-width="598" height="428" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgXGqUQzAckzqh7mMIYnmqYhufqSFOLy0kJhONSXbkImGWnA1rUHgRYgJ3vTy9vOm1-DOGMUGdCNkaVnpcbCIz9luHVaaxpR25mV8oTXhA0uzonRfHgWiXrL6mlDDCSVUVt8Qn0o6FHufg/s640/invoke-nsxstring.PNG" width="640" /></a></div>
<div>
<br /></div>
<div>
<ul style="text-align: left;">
<li>Click on Invoke Method. </li>
</ul>
<div>
<div style="text-align: justify;">
This process will remove the NSX-T extension from vCenter and now you can register the Compute Manager (vCenter) again into NSX-T manager.</div>
</div>
<div>
<div style="text-align: justify;">
<br /></div>
</div>
<div>
<br /></div>
<div>
Happy Sharing.... :)</div>
<div>
<br /></div>
<div>
</div>
</div>
</div>
</div>
</div>
</div>
Sachin Bhardwajhttp://www.blogger.com/profile/00246998315096670256noreply@blogger.com0tag:blogger.com,1999:blog-7301826463672350299.post-80652407589608357902020-01-04T12:35:00.001+05:302020-01-07T01:11:23.103+05:30Secret in Kubernetes<div dir="ltr" style="text-align: left;" trbidi="on">
<span style="font-size: x-large;">Secret in Kubernetes</span><br />
<span style="font-size: x-large;"><br /></span>
<br />
<div style="text-align: justify;">
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgup5IIbp8V0iVGIg8XfbTh3Q2MowYDHQJAJ9o7lV_f_wVlQ3nmMGEVHGwB4nN7xDfRMq4asrdmG9rbVQFl8-PKE1BAC8juoZbcsz5DLJayUDrVoVWKz1WQK2mTmOYIwcDu23yKE9mzMdk/s1600/secret-kubernetes.JPG" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="228" data-original-width="587" height="248" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgup5IIbp8V0iVGIg8XfbTh3Q2MowYDHQJAJ9o7lV_f_wVlQ3nmMGEVHGwB4nN7xDfRMq4asrdmG9rbVQFl8-PKE1BAC8juoZbcsz5DLJayUDrVoVWKz1WQK2mTmOYIwcDu23yKE9mzMdk/s640/secret-kubernetes.JPG" width="640" /></a></div>
<span style="font-size: x-large;">Secrets in Kubernetes are sensitive information like Shh keys, tokens, credentials etc. As in general its must require to store such kind of secret object in encrypted way rather than plantext to reduce the risk of exposing such kind of information to unauthorised species.</span><br />
<span style="font-size: x-large;"><br /></span>
<span style="font-size: x-large;">A secret is not encrypted, only base64-encoded by default. Its require to create an <span style="font-family: "courier new" , "courier" , monospace;">EncryptionConfiguraton</span> with a key and proper identity.</span><br />
<span style="background-color: white; color: #656565; font-family: "sintony"; font-size: 16px;"><br /></span>
<span style="font-size: x-large;">All secret data and configuration are stored onto etcd which is accessible via API server. Secret data on nodes are stored on </span><span style="font-family: "courier new" , "courier" , monospace; font-size: x-large;">tmpfs</span><span style="font-size: x-large;"> volumes. Individual secret size is limited to 1MB in size. The larger size limit is discouraged as it may exhausted apiserver and kubelet memory. </span><br />
<span style="font-size: x-large;"><br /></span>
<span style="font-size: x-large;">To use secret its require that pod needs to reference with secret. A secret can be used in 2 ways with pod: as file in a volume mounted on one or more containers, or use by kubelets while pulling images from the pod.</span></div>
<div style="text-align: justify;">
<span style="font-size: x-large;"><br /></span></div>
<div style="text-align: justify;">
<span style="font-size: x-large; text-align: left;">There are two steps involved in setting up secret into pod definition yaml file.</span></div>
<span style="font-size: x-large;"><br /></span>
<span style="font-size: x-large;">1) Creating secrets</span><br />
<span style="font-size: x-large;">2) Injecting the secrets into POD</span><br />
<br />
<span style="font-size: x-large;">Secrets in K8s has two ways to create</span><span style="font-size: x-large;">.</span><br />
<span style="font-size: x-large;">Imperative method & Declarative method.</span><br />
<span style="font-size: x-large;"><br /></span>
<span style="font-size: x-large;"><u><b>Imperative method</b>:</u> In this method we can create secrets without using secrets definition file, just by using kubectl command.</span><br />
<h4 style="text-align: left;">
<span style="font-size: x-large;">Step 1: Creating secret</span></h4>
<span style="font-size: small;"><span style="font-family: "courier new" , "courier" , monospace; font-size: large;"><b>> kubectl create secret generic</b></span></span><br />
<span style="font-size: large;"><b>ie: </b></span><br />
<span style="font-size: large;"><b>> <span style="font-family: "courier new" , "courier" , monospace;">kubectl create secret generic (secret-name) --from-literal=(key)=(value)</span></b></span><br />
<span style="font-family: "courier new" , "courier" , monospace; font-size: large;"><b>> kubectl create secret generic app-secret --from-literal=DB_Host=mysql</b></span><br />
<ul style="text-align: left;">
<li><span style="font-family: "courier new" , "courier" , monospace; font-size: x-large;"><span style="font-size: x-large;"><span style="color: #212121; font-family: "courier new" , "courier" , monospace;"><b>generic:</b></span><span style="color: #212121; font-family: "roboto" , sans-serif;"> Create a secret from a local file, director or literal value.</span></span></span></li>
<li><span style="font-family: "courier new" , "courier" , monospace; font-size: x-large;"><span style="font-size: x-large;"><b style="font-family: "courier new", courier, monospace;"><span style="font-family: "courier new" , "courier" , monospace;">docker-registry</span>:</b> <span style="font-family: "times" , "times new roman" , serif;">Creates a dockercfg Secret for use with a Docker registry. Used to authenticate against Docker registries.</span></span></span></li>
<li><span style="font-family: "courier new" , "courier" , monospace; font-size: x-large;"><span style="font-family: "courier new" , "courier" , monospace; font-size: x-large;"><b>tls:</b> </span><span style="font-family: "times" , "times new roman" , serif; font-size: x-large;">Create a TLS secret from the given public/private key pair.</span></span></li>
</ul>
<ul style="text-align: left;">
<li><span style="font-size: x-large;"><b><code style="background: rgb(247, 247, 247); box-sizing: inherit; color: #37474f; font-family: "Roboto Mono", monospace; font-stretch: normal; font-variant-east-asian: normal; font-variant-numeric: normal; line-height: 1; padding: 1px 4px; word-break: break-word;">from-file</code><span style="color: #212121; font-family: "roboto" , sans-serif;"> or </span><code style="background: rgb(247, 247, 247); box-sizing: inherit; color: #37474f; font-family: "Roboto Mono", monospace; font-stretch: normal; font-variant-east-asian: normal; font-variant-numeric: normal; line-height: 1; padding: 1px 4px; word-break: break-word;">--from-env-file:</code></b><span style="color: #212121; font-family: "roboto" , sans-serif;"> Its a</span><span style="color: #212121; font-family: "roboto" , sans-serif;"> path to a directory containing one or more configuration files.</span></span></li>
<li><span style="font-size: x-large;"><span style="background-color: #f7f7f7; color: #37474f; font-family: "roboto mono" , monospace;"><b>--from-literal:</b> </span><span style="color: #212121; font-family: "roboto" , sans-serif;">key-value pairs, each specified using.</span></span></li>
</ul>
<br />
<span style="font-size: x-large;">We can specify key value multiple times in secret definition file. like,</span><br />
<span style="font-size: large;"><span style="font-family: "courier new" , "courier" , monospace; font-size: large;"><b>> kubectl create secret generic app-secret -from- =DB_USER=Root</b></span></span><br />
<span style="font-family: "courier new" , "courier" , monospace; font-size: large;"><b>> kubectl create secret generic app-secret -from-literal=Password=password</b></span><br />
<span style="white-space: pre;"><span style="font-size: x-large;"> </span></span><br />
<div style="text-align: justify;">
<span style="font-size: x-large;">Specifying multiple key value pair could be complicated and make the definition file confusing. So, we have other way around where we can specify file name instead of writing multiple key value using <span style="font-family: "courier new" , "courier" , monospace;">--from-file=(path-to-file)</span></span></div>
<span style="font-size: x-large;">ie: </span><br />
<span style="font-family: "courier new" , "courier" , monospace; font-size: large;"><b>> kubectl create secret generic \ app-secret --from-file=new_secret.properties</b></span><br />
<span style="font-size: x-large;"><b><u><span style="font-size: large;"><br /></span>
</u></b></span><span style="font-size: x-large;"><b><u>Declarative method:</u></b> Secrets can be created using definition file.</span><br />
<span style="font-size: x-large;"> </span><span style="font-size: large;"><b> <span style="font-family: "courier new" , "courier" , monospace;">> kubectl create -f xyz.yaml</span></b></span><br />
<div class="separator" style="clear: both; text-align: center;">
<span style="font-size: x-large; margin-left: 1em; margin-right: 1em;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiX3nJ9DNbxI3UssTCMID5QkU-N0q0X9I6mmPZvmM5FVh-b1yQskefsOBd_DGCGfrA45IvETbRrzfOIYNGx_2-Qi08Rp7jyKofDHeYh7vlKw7nzarJ_W5XX_JU2GWX3WWFIvSbwX2dzdIA/s1600/secret-kubernetesk8s.JPG" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="323" data-original-width="558" height="185" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiX3nJ9DNbxI3UssTCMID5QkU-N0q0X9I6mmPZvmM5FVh-b1yQskefsOBd_DGCGfrA45IvETbRrzfOIYNGx_2-Qi08Rp7jyKofDHeYh7vlKw7nzarJ_W5XX_JU2GWX3WWFIvSbwX2dzdIA/s320/secret-kubernetesk8s.JPG" width="320" /></a></span></div>
<span style="font-size: x-large;">Layout of xyz.yaml Secret definition file</span><br />
<span style="font-family: "courier new" , "courier" , monospace; font-size: large;">apiVersion:v1</span><br />
<span style="font-family: "courier new" , "courier" , monospace; font-size: large;">kind:secret</span><br />
<span style="font-family: "courier new" , "courier" , monospace; font-size: large;">metadata:</span><br />
<span style="font-family: "courier new" , "courier" , monospace; font-size: large;"> name:new_secret</span><br />
<span style="font-family: "courier new" , "courier" , monospace; font-size: large;"><b>data:</b></span><br />
<span style="font-family: "courier new" , "courier" , monospace; font-size: large;"><b> DB_Host:postgrac</b></span><br />
<span style="font-family: "courier new" , "courier" , monospace; font-size: large;"><b> DB_USER: root</b></span><br />
<span style="font-family: "courier new" , "courier" , monospace; font-size: large;"><b> DB_Password: password</b></span><br />
<br />
<h4 style="text-align: left;">
<span style="font-size: x-large;"><b>Step 2: <u>Inject secret into pod</u></b></span></h4>
<span style="font-size: x-large;">As in Step 1 we have created Secret using Imperative and Declarative method. Now, its time to inject those secret into pod definition file.</span><br />
<span style="font-size: x-large;"><br /></span>
<span style="font-size: x-large;">In pod.definition.yaml file , add environment variable "<span style="font-family: "courier new" , "courier" , monospace;">envFrom</span>" which state as list under <span style="font-family: "courier new" , "courier" , monospace;"><b>spec</b>:</span></span><br />
<span style="font-size: x-large;"><br /></span>
<span style="font-size: x-large;"><b><span style="font-family: "courier new" , "courier" , monospace;">envFrom</span>:</b> Its a environment variable</span><br />
<span style="font-size: x-large;"><b><span style="font-family: "courier new" , "courier" , monospace;">secretRef</span>:</b> Reference of secret definition file which we are pointing.</span><br />
<span style="font-size: x-large;"><span style="font-family: "courier new" , "courier" , monospace;"><b>key:</b> </span>This describe the content of secret</span><br />
<span style="font-size: x-large;"><br /></span>
<span style="font-family: "courier new" , "courier" , monospace; font-size: x-large;"> </span><span style="font-family: "courier new" , "courier" , monospace; font-size: large;"><b>envFrom:</b></span><br />
<span style="font-family: "courier new" , "courier" , monospace; font-size: large;"><b> -secretRef:</b></span><br />
<span style="font-family: "courier new" , "courier" , monospace; font-size: large;"><b><span style="white-space: pre;"> </span> name:new-secret</b></span><br />
<span style="font-family: "courier new" , "courier" , monospace; font-size: large;"><b> key:DB_Password</b></span><br />
<span style="font-size: x-large;"><br /></span>
<span style="font-size: x-large;">Run below command to create the pod using pod-definition.yaml</span><br />
<span style="font-family: "courier new" , "courier" , monospace; font-size: large;"><b>> kubectl create -f pod-defination.yaml</b></span><br />
<span style="font-family: "courier new" , "courier" , monospace; font-size: large;"><b><br /></b></span>
<br />
<h3 style="text-align: left;">
<ul style="text-align: left;">
<li><span style="font-family: "times" , "times new roman" , serif; font-size: x-large;">Encode a Secret</span></li>
</ul>
</h3>
<div style="text-align: justify;">
<span style="font-size: x-large;">Now, in this there is a issue. The password which we have specify is readable and its not safe to specify and prone to risk of attack. To take care of it it's require to hash or encoded the password using <span style="font-family: "courier new" , "courier" , monospace;">echo</span> command.</span></div>
<span style="font-size: x-large;"><br /></span><span style="font-size: x-large;">From any linux server use below <span style="font-family: "courier new" , "courier" , monospace;">echo</span> command to hash or encode the password.</span><br />
<span style="font-family: "courier new" , "courier" , monospace; font-size: large;"><b>> echo -n 'root' | base64</b></span><br />
<span style="font-family: "courier new" , "courier" , monospace; font-size: large;"><b> cm94v9a==</b></span><br />
<span style="font-family: "courier new" , "courier" , monospace; font-size: large;"><b>> echo -n 'password' | base64</b></span><br />
<span style="font-family: "courier new" , "courier" , monospace; font-size: large;"><b> cGFzd3d33==</b></span><br />
<br />
<div style="text-align: justify;">
<span style="font-size: x-large;"><br /></span></div>
<span style="font-size: x-large;"><div style="text-align: justify;">
So, it would be as mentioned below which is now safe to code below encoded username and password in definition file.</div>
</span><br />
<span style="font-size: x-large;"><br /></span><span style="font-family: "courier new" , "courier" , monospace; font-size: large;"><b>data:</b></span><br />
<span style="font-family: "courier new" , "courier" , monospace; font-size: large;"><b> DB_Host:postgrac</b></span><br />
<span style="font-family: "courier new" , "courier" , monospace; font-size: large;"><b> DB_USER: cm94v9a==</b></span><br />
<span style="font-family: "courier new" , "courier" , monospace; font-size: large;"><b> DB_Password: cGFzd3d33==</b></span><br />
<h3 style="text-align: left;">
<ul style="text-align: left;">
<li><span style="font-size: x-large;">Decode a secret</span></li>
</ul>
</h3>
<div style="text-align: justify;">
<span style="font-size: x-large;">We can also decode the password or key which we have encrypted using below method from any linux server using "--decode"</span></div>
<span style="font-family: "courier new" , "courier" , monospace; font-size: large;">echo -n 'cm94v9a==' | base64 <b>--decode</b></span><br />
<ul style="text-align: left;">
<li><b><span style="font-size: x-large;">Mounting Secret as Volume</span></b></li>
</ul>
<div>
<div style="text-align: justify;">
<span style="font-size: x-large;">Secrets can be mount as file using a volume definition file into pod. The mount path consist of file whose name will be a key of secret created with the kubectl create secret step earlier.</span></div>
</div>
<div>
<span style="font-size: x-large;"><br /></span></div>
<div>
<span style="font-size: x-large;">Example of mounting secret as volume</span></div>
<div>
<span style="font-family: "courier new" , "courier" , monospace; font-size: large;">spec:</span><br />
<span style="font-family: "courier new" , "courier" , monospace; font-size: large;"> containers:</span><br />
<span style="font-family: "courier new" , "courier" , monospace; font-size: large;"> - image: nginx</span><br />
<span style="font-family: "courier new" , "courier" , monospace; font-size: large;"> command:</span><br />
<span style="font-family: "courier new" , "courier" , monospace; font-size: large;"> </span><span style="font-family: "courier new" , "courier" , monospace; font-size: large;">- sleep</span><br />
<span style="font-family: "courier new" , "courier" , monospace; font-size: large;"> - "4000"</span><br />
<span style="font-family: "courier new" , "courier" , monospace; font-size: large;"> volumeMounts:</span><br />
<span style="font-family: "courier new" , "courier" , monospace; font-size: large;"> - mountPath: /nginxpassword</span><br />
<span style="font-family: "courier new" , "courier" , monospace; font-size: large;"> name: vPostgres</span><br />
<span style="font-family: "courier new" , "courier" , monospace; font-size: large;"> volumes:</span><br />
<span style="font-family: "courier new" , "courier" , monospace; font-size: large;"> - name: vPostgress</span><br />
<span style="font-family: "courier new" , "courier" , monospace; font-size: large;"> secret:</span><br />
<span style="font-family: "courier new" , "courier" , monospace; font-size: large;"> secretName: dbase</span><br />
<span style="font-family: "courier new" , "courier" , monospace; font-size: large;"> </span><br />
<span style="font-family: "courier new" , "courier" , monospace; font-size: large;">
</span></div>
<div>
<div style="text-align: justify;">
<span style="font-size: x-large;">A secret is only sent to a node if a pod on that node requires it. Kubelet stores the secret into a /</span><span style="font-family: "courier new" , "courier" , monospace; font-size: x-large;">tmpfs </span><span style="font-size: x-large;">so that the secret is not written to disk storage. Once the Pod that depends on the secret is deleted, kubelet will also delete its local copy of the secret data as well.</span></div>
</div>
<h4 style="text-align: left;">
<ul style="text-align: left;">
<li><span style="font-size: x-large;">Commands to keep in mind: </span></li>
</ul>
</h4>
<span style="font-size: x-large;">To view the secret</span><br />
<span style="font-family: "courier new" , "courier" , monospace; font-size: large;"><b>> Kubectl get secrets</b></span><br />
<span style="font-size: x-large;"><br /></span><span style="font-size: x-large;">To view the detail of secrets with attributes</span><br />
<span style="font-family: "courier new" , "courier" , monospace; font-size: large;"><b>> kubectl describe secrets new-secret</b></span><br />
<span style="font-size: x-large;"><br /></span><span style="font-size: x-large;">To view the complete full function of secrets</span><br />
<span style="font-family: "courier new" , "courier" , monospace; font-size: large;"><b>> kubectl get secret new-secret -o yaml</b></span><br />
<span style="font-family: "times" , "times new roman" , serif; font-size: x-large;"><b><br /></b></span>
<span style="font-family: "times" , "times new roman" , serif; font-size: x-large;">To edit the secret</span><br />
<span style="font-family: "courier new" , "courier" , monospace; font-size: large;"><b>>kubectl edit secret new-secret</b></span><br />
<br />
<div style="text-align: justify;">
<span style="font-size: x-large;"><br /></span></div>
<span style="font-size: x-large;"><div style="text-align: justify;">
Having said that, there are other better ways of handling sensitive data like passwords in Kubernetes, such as using tools like Helm Secrets, HashiCorp Vault</div>
</span><br />
<span style="font-size: x-large;"><br /></span>
<span style="font-size: x-large;"><br /></span>
</div>
Sachin Bhardwajhttp://www.blogger.com/profile/00246998315096670256noreply@blogger.com0tag:blogger.com,1999:blog-7301826463672350299.post-5961075566211721342019-12-31T23:59:00.002+05:302020-01-01T17:47:45.093+05:30Project Pacific VMware<div dir="ltr" style="text-align: left;" trbidi="on">
<div style="background-color: white; box-sizing: border-box; color: #404040; line-height: 24px; margin-bottom: 10px;">
<span style="font-family: "arial" , "helvetica" , sans-serif; font-size: x-large;"><br /></span>
<br />
<div style="text-align: justify;">
<span style="font-family: "arial" , "helvetica" , sans-serif; font-size: x-large;"><b>Project Pacific</b></span><br />
<span style="font-family: "arial" , "helvetica" , sans-serif; font-size: x-large;"><b><br /></b></span></div>
</div>
<div style="background-color: white; box-sizing: border-box; color: #404040; line-height: 24px; margin-bottom: 10px;">
<div style="text-align: justify;">
<span style="font-family: "arial" , "helvetica" , sans-serif; font-size: large;"><br /></span></div>
</div>
<div style="background-color: white; box-sizing: border-box; color: #404040; line-height: 24px; margin-bottom: 10px;">
<div style="text-align: justify;">
<span style="font-family: "arial" , "helvetica" , sans-serif; font-size: large;">Project Pacific is a re-architecture of vSphere with Kubernetes as its control plane. To a developer, Project Pacific looks like a Kubernetes cluster where they can use Kubernetes declarative syntax to manage cloud resources like virtual machines, disks and networks. To the IT admin, Project Pacific looks like vSphere – but with the new ability to manage a whole application instead of always dealing with the individual VMs that make it up.</span></div>
</div>
<div style="background-color: white; box-sizing: border-box; color: #404040; line-height: 24px; margin-bottom: 10px;">
<div style="text-align: justify;">
<span style="font-family: "arial" , "helvetica" , sans-serif; font-size: large;">Project Pacific will enable enterprises to accelerate development and operation of modern apps on <a href="https://www.vmware.com/products/vsphere.html?int_cid=70134000001Caa3&src=WWW_us_VMW_XAa7eBfF5Crp1KEmV6Ly" style="background-color: transparent; box-sizing: border-box; color: #337ab7; text-decoration-line: none;">VMware vSphere</a> while continuing to take advantage of existing investments in technology, tools and skillsets. By leveraging Kubernetes as the control plane of vSphere, Project Pacific will enable developers and IT operators to build and manage apps comprised of containers and/or virtual machines. This approach will allow enterprises to leverage a single platform to operate existing and modern apps side-by-side.</span></div>
</div>
<div style="background-color: white; box-sizing: border-box; color: #404040; line-height: 24px; margin-bottom: 10px;">
<div style="text-align: justify;">
<span style="font-family: "arial" , "helvetica" , sans-serif; font-size: large;">The introduction of Project Pacific anchors the announcement of VMware Tanzu, a portfolio of products and services that transform how the enterprise builds software on Kubernetes.</span></div>
</div>
<div style="background-color: white; box-sizing: border-box; color: #404040; line-height: 24px; margin-bottom: 10px;">
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjRcM1jnBl7ef90vKUVEt8wJd7nSc6UQMDhNx1KCWlJM8FYmDGG5jCz9pk2bfXIAnWsaJzpB6-wQuvmrEo2mgXmzqpX2PRlVzLd_5cr3Wx614Y50rBJfl2n5u8ouNKqtwzNKX69ZYdCmF8/s1600/project-pacific.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><span style="font-family: "arial" , "helvetica" , sans-serif; font-size: large;"><img border="0" data-original-height="791" data-original-width="760" height="640" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjRcM1jnBl7ef90vKUVEt8wJd7nSc6UQMDhNx1KCWlJM8FYmDGG5jCz9pk2bfXIAnWsaJzpB6-wQuvmrEo2mgXmzqpX2PRlVzLd_5cr3Wx614Y50rBJfl2n5u8ouNKqtwzNKX69ZYdCmF8/s640/project-pacific.png" width="614" /></span></a></div>
<span style="font-family: "arial" , "helvetica" , sans-serif; font-size: large;"><br /></span></div>
<div style="background-color: white; box-sizing: border-box; color: #404040; line-height: 24px; margin-bottom: 10px;">
<span style="font-family: "arial" , "helvetica" , sans-serif; font-size: large;"><br /></span></div>
<h3 style="background-color: white; box-sizing: border-box; color: #0095d3; line-height: 24px; margin-bottom: 10px; margin-top: 0px;">
<span style="font-family: "arial" , "helvetica" , sans-serif; font-size: x-large;">
Kubernetes as a platform platform</span></h3>
<div style="background-color: white; box-sizing: border-box; color: #404040; line-height: 24px; margin-bottom: 10px;">
<div style="text-align: justify;">
<span style="font-family: "arial" , "helvetica" , sans-serif; font-size: large;">The key insight we had at VMware was that Kubernetes could be much more than just a container platform, it could be the platform for ALL workloads. When Joe Beda, co-creator of Kubernetes, talks about Kubernetes, he describes it as a platform platform; a platform for building new platforms. Yes, Kubernetes is a container orchestration platform, but at its core, Kubernetes is capable of orchestrating anything!</span></div>
</div>
<div style="background-color: white; box-sizing: border-box; color: #404040; line-height: 24px; margin-bottom: 10px;">
<div style="text-align: justify;">
<span style="font-family: "arial" , "helvetica" , sans-serif; font-size: large;">What if we used this “platform platform” aspect of Kubernetes to reinvent vSphere? What if when developers wanted to create a virtual machine, or a container, or a kubernetes cluster, they could just write a kubernetes YAML file and deploy it with kubectl like they do with any other Kubernetes object?</span></div>
</div>
<div style="background-color: white; box-sizing: border-box; color: #404040; line-height: 24px; margin-bottom: 10px;">
<span style="font-family: "arial" , "helvetica" , sans-serif; font-size: large;"><br /></span></div>
<div style="background-color: white; box-sizing: border-box; color: #404040; line-height: 24px; margin-bottom: 10px;">
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEg3EwJHC2djMYEeyjJcKaPsp25GucJmLWuSHOuGM7rA8hKkR2VgqQzGulDvLqo5GFwi1OBXYh7eD7nGzt3jIF3bEwU9sxC0_I6Z0vLA1dOGwTFBzPxU5MgLS0ai7ZjPPhMPMrXSYG7jOkY/s1600/project-pacific+-2.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><span style="font-family: "arial" , "helvetica" , sans-serif; font-size: large;"><img border="0" data-original-height="379" data-original-width="974" height="248" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEg3EwJHC2djMYEeyjJcKaPsp25GucJmLWuSHOuGM7rA8hKkR2VgqQzGulDvLqo5GFwi1OBXYh7eD7nGzt3jIF3bEwU9sxC0_I6Z0vLA1dOGwTFBzPxU5MgLS0ai7ZjPPhMPMrXSYG7jOkY/s640/project-pacific+-2.png" width="640" /></span></a></div>
<span style="font-family: "arial" , "helvetica" , sans-serif; font-size: large;"><br /></span></div>
<div class="wp-caption alignnone" id="attachment_28139" style="background-color: white; box-sizing: border-box; color: #404040; height: 376.688px; max-width: 100%; width: 984px;">
<div class="wp-caption-text" style="box-sizing: border-box; line-height: 24px; margin-bottom: 10px;">
<span style="font-family: "arial" , "helvetica" , sans-serif; font-size: large;">Using Kubernetes as the vSphere API</span><br />
<span style="font-family: "arial" , "helvetica" , sans-serif; font-size: large;"><br /></span>
<span style="font-family: "arial" , "helvetica" , sans-serif; font-size: large;"><br /></span>
<br />
<h3 style="box-sizing: border-box; color: #0095d3; line-height: 24px; margin-bottom: 10px; margin-top: 0px;">
<span style="font-family: "arial" , "helvetica" , sans-serif; font-size: x-large;">A kubernetes native vSphere platform</span></h3>
<div style="box-sizing: border-box; line-height: 24px; margin-bottom: 10px; text-align: justify;">
<span style="font-family: "arial" , "helvetica" , sans-serif; font-size: large;">Project Pacific transforms vSphere into a kubernetes native platform. We integrated a Kubernetes control plane directly into ESXi and vCenter – making it the control plane for ESXi and exposing capabilities like app-focused management through vCenter.</span></div>
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhCqD2hOAFcpp953sZBcG6I-HGhfTCe1xnNev60Nwdz17lhukF14fRM0I19ZNvl7WdmPsXTM8qVvEm4HbhFzk7j2BMtHHAhRy8NgCUToIObpULmFxoto7JNOD7reIQkfk4JPiPsUqrfkmo/s1600/project-pacific+-3.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><span style="font-family: "arial" , "helvetica" , sans-serif; font-size: large;"><img border="0" data-original-height="325" data-original-width="974" height="212" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhCqD2hOAFcpp953sZBcG6I-HGhfTCe1xnNev60Nwdz17lhukF14fRM0I19ZNvl7WdmPsXTM8qVvEm4HbhFzk7j2BMtHHAhRy8NgCUToIObpULmFxoto7JNOD7reIQkfk4JPiPsUqrfkmo/s640/project-pacific+-3.png" width="640" /></span></a></div>
<div>
<span style="font-family: "arial" , "helvetica" , sans-serif; font-size: large;"><br /></span></div>
</div>
</div>
<div style="background-color: white; box-sizing: border-box; color: #404040; line-height: 24px; margin-bottom: 10px;">
<span style="font-family: "arial" , "helvetica" , sans-serif; font-size: large;"><br /></span></div>
<div style="background-color: white; box-sizing: border-box; color: #404040; line-height: 24px; margin-bottom: 10px;">
<span style="font-family: "arial" , "helvetica" , sans-serif; font-size: large;"><br /></span>
<span style="font-family: "arial" , "helvetica" , sans-serif; font-size: large;"><br /></span>
<br />
<div style="text-align: justify;">
<span style="font-family: "arial" , "helvetica" , sans-serif; font-size: large;">This is a pretty powerful concept. This brings the great Kubernetes developer experience to the rest of our datacenter. It means developers can get the benefits of Kubernetes not just for their cloud native applications, but for ALL of their applications. It makes it easy for them to deploy and manage modern applications that span multiple technology stacks.</span></div>
<span style="font-family: "arial" , "helvetica" , sans-serif; font-size: x-large;"><br /></span>
<br />
<h3 style="box-sizing: border-box; color: #0095d3; line-height: 24px; margin-bottom: 10px; margin-top: 0px;">
<span style="font-family: "arial" , "helvetica" , sans-serif; font-size: x-large;">Supervisor clusters</span></h3>
<div style="box-sizing: border-box; line-height: 24px; margin-bottom: 10px; text-align: justify;">
<span style="font-family: "arial" , "helvetica" , sans-serif; font-size: large;">The supervisor is a special kind of Kubernetes cluster that uses ESXi as its worker nodes instead of Linux. This is achieved by integrating a Kubelet (our implementation is called the Spherelet) directly into ESXi. The Spherelet doesn’t run in a VM, it runs directly on ESXi.</span></div>
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhML3Q_lOyyx_ilEFFOGQhW5cUsiT5XYegOpN5aV55ONP3cTMY5aTa4HDaXK_eEQlDVzDbXIgi4cLrZYoW5xBZ2x_SjR38WCj0TswF3ZyB_l_RWy956-WWwal0KUaE5VYxnuJdWvkEiudk/s1600/project-pacific+-4.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><span style="font-family: "arial" , "helvetica" , sans-serif; font-size: large;"><img border="0" data-original-height="356" data-original-width="747" height="304" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhML3Q_lOyyx_ilEFFOGQhW5cUsiT5XYegOpN5aV55ONP3cTMY5aTa4HDaXK_eEQlDVzDbXIgi4cLrZYoW5xBZ2x_SjR38WCj0TswF3ZyB_l_RWy956-WWwal0KUaE5VYxnuJdWvkEiudk/s640/project-pacific+-4.png" width="640" /></span></a></div>
<div style="box-sizing: border-box; line-height: 24px; margin-bottom: 10px;">
<span style="font-family: "arial" , "helvetica" , sans-serif; font-size: large;"><br /></span></div>
<div class="wp-caption aligncenter" id="attachment_28136" style="box-sizing: border-box; height: 400px; max-width: 100%; width: 757px;">
<div class="wp-caption-text" style="box-sizing: border-box; line-height: 24px; margin-bottom: 10px;">
<span style="font-family: "arial" , "helvetica" , sans-serif; font-size: large;">The supervisor cluster is a Kubernetes cluster of ESXi </span><span style="font-family: , sans-serif;"><span style="font-size: large;">instead of Linux.</span></span></div>
<div class="wp-caption-text" style="box-sizing: border-box; line-height: 24px; margin-bottom: 10px;">
<span style="font-family: , sans-serif;"><span style="font-size: large;"><br /></span></span></div>
<h3 style="box-sizing: border-box; color: #0095d3; font-family: proxima-nova, sans-serif; font-size: 24px; line-height: 24px; margin-bottom: 10px; margin-top: 0px;">
ESXi Native Pods</h3>
<div style="box-sizing: border-box; font-family: proxima-nova, sans-serif; line-height: 24px; margin-bottom: 10px; text-align: justify;">
<span style="font-size: large;">Workloads deployed on the Supervisor, including Pods, each run in their own isolated VM on the hypervisor. To accomplish this we have added a new container runtime to ESXi called the CRX. The CRX is like a virtual machine that includes a Linux kernel and minimal container runtime inside the guest. But since this Linux kernel is coupled with the hypervisor, we’re able to make a number of optimizations to effectively paravirtualized the container.</span></div>
<div style="box-sizing: border-box; font-family: proxima-nova, sans-serif; line-height: 24px; margin-bottom: 10px; text-align: justify;">
<span style="font-size: large;">Despite the perception of virtualization as being slow, ESXi can launch native pods in 100s of milliseconds, supporting over 1000 pods on a single ESXi host (<a href="https://configmax.vmware.com/guest?vmwareproduct=vSphere&release=vSphere%206.7&categories=2-1,2-2,2-3,2-4,2-5,2-6" name="&lpos=apps_scodevmw : 31" style="background-color: transparent; box-sizing: border-box; color: #337ab7; text-decoration-line: none;">same limits as for VMs on ESXi</a>). Are Pods in a VM slow? Well, in our internal testing we’ve been able to demonstrate that ESXi Native Pods achieve 30% higher throughput on a standard Java benchmark than regular Pods in a virtual machine, and 8% faster than Pods on bare metal Linux.</span></div>
<div style="box-sizing: border-box; font-family: proxima-nova, sans-serif; line-height: 24px; margin-bottom: 10px; text-align: justify;">
<span style="font-size: large;"><br /></span></div>
<h3 style="box-sizing: border-box; color: #0095d3; font-family: proxima-nova, sans-serif; line-height: 24px; margin-bottom: 10px; margin-top: 0px; text-align: justify;">
<span style="font-size: large;">Virtual Machines</span></h3>
<div style="box-sizing: border-box; font-family: proxima-nova, sans-serif; line-height: 24px; margin-bottom: 10px; text-align: justify;">
<span style="font-size: large;">The supervisor includes a Virtual Machine operator that allows kubernetes users to manage VMs on the Supervisor. You can write deployment specifications in YAML that mix container and VM workloads in a single deployment that share the same compute, network and storage resources.</span></div>
<div style="box-sizing: border-box; font-family: proxima-nova, sans-serif; line-height: 24px; margin-bottom: 10px; text-align: justify;">
<span style="font-size: large;">The VM operator is just an integration with vSphere’s existing virtual machine lifecycle service, which means that you can use all of the features of vSphere with kubernetes managed VM instances. Features like RLS settings, Storage Policy, and Compute policy are supported.</span><br />
<span style="font-size: large;"><br /></span></div>
<div style="box-sizing: border-box; font-family: proxima-nova, sans-serif; line-height: 24px; margin-bottom: 10px; text-align: justify;">
<span style="font-size: large;">In addition to VM management, the operator provides APIs for Machine Class and Machine Image management. To the VI admin, Machine Images are just Content Libraries.</span></div>
</div>
<div style="text-align: justify;">
<span style="font-family: "arial" , "helvetica" , sans-serif; font-size: large;"><br /></span></div>
<br /></div>
</div>
Sachin Bhardwajhttp://www.blogger.com/profile/00246998315096670256noreply@blogger.com0tag:blogger.com,1999:blog-7301826463672350299.post-35148520696981678772019-12-31T20:16:00.002+05:302019-12-31T20:19:44.129+05:30vMotion<div dir="ltr" style="text-align: left;" trbidi="on">
<br />
<span style="background-color: white; color: #707070; font-family: "arial" , "verdana" , "tahoma" , "helvetica" , sans-serif; font-size: 2em;"><b>vMotion</b></span><br />
<div>
<br /></div>
<div class="post-content" style="background-color: white; color: #707070; font-family: Arial, Verdana, Tahoma, Helvetica, sans-serif; margin: 0px; padding: 0px;">
<div style="margin-bottom: 8px; padding: 0px 20px 0px 0px; text-align: justify;">
<span style="font-size: x-large;">VMware vMotion enables the live migration of running virtual machines from one physical server to another with zero downtime, continuous service availability, and complete transaction integrity. It is transparent to users.</span></div>
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEi3F6WPIW_qGEsRS97h6dBXG9eocdUMTTWkRIwQ8IoxqnaJFXyF1jmMOWvsX_Qg5tBVacg7K2-S48R795URiL1zQUreDHHJwwM9GaIr92b6gPOr-D1rFm5YM5qidGCqzc2Pw-YcV2xtJGQ/s1600/vmotion.JPG" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="153" data-original-width="387" height="252" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEi3F6WPIW_qGEsRS97h6dBXG9eocdUMTTWkRIwQ8IoxqnaJFXyF1jmMOWvsX_Qg5tBVacg7K2-S48R795URiL1zQUreDHHJwwM9GaIr92b6gPOr-D1rFm5YM5qidGCqzc2Pw-YcV2xtJGQ/s640/vmotion.JPG" width="640" /></a></div>
<div style="margin-bottom: 8px; padding: 0px 20px 0px 0px;">
<span style="font-size: x-large;"><br /></span></div>
<div style="margin-bottom: 8px; padding: 0px 20px 0px 0px;">
<span style="font-size: x-large;">vMotion advantage:</span></div>
<ul style="list-style: none; margin: 0px 0px 15px 12px; padding: 0px;">
<li style="background: url("../images/redesign/content/bullet.gif") 0px 7px no-repeat; margin: 0px; padding: 0px 0px 0px 10px; position: relative; text-align: justify;"><span style="font-size: x-large;">Automatically optimize and allocate entire pools of resources for maximum hardware utilization and availability.</span></li>
<li style="background: url("../images/redesign/content/bullet.gif") 0px 7px no-repeat; margin: 0px; padding: 0px 0px 0px 10px; position: relative; text-align: justify;"><span style="font-size: x-large;"><br /></span></li>
<li style="background: url("../images/redesign/content/bullet.gif") 0px 7px no-repeat; margin: 0px; padding: 0px 0px 0px 10px; position: relative; text-align: justify;"><span style="font-size: x-large;">Perform hardware maintenance without any scheduled downtime.</span></li>
<li style="background: url("../images/redesign/content/bullet.gif") 0px 7px no-repeat; margin: 0px; padding: 0px 0px 0px 10px; position: relative; text-align: justify;"><span style="font-size: x-large;"><br /></span></li>
<li style="background: url("../images/redesign/content/bullet.gif") 0px 7px no-repeat; margin: 0px; padding: 0px 0px 0px 10px; position: relative; text-align: justify;"><span style="font-size: x-large;">Proactively migrate virtual machines away from failing or underperforming servers.</span></li>
</ul>
<div style="text-align: justify;">
<span style="background-color: #fafafa; color: #212529; font-family: "metropolis" , "avenir next" , "helvetica neue" , "arial" , sans-serif; font-size: x-large;">Virtual machine and its host must meet resource and configuration requirements for the virtual machine files and disks to be migrated with vMotion in the absence of shared storage.</span></div>
<div style="text-align: justify;">
<div class="p" id="GUID-9F1D4A3B-3392-46A3-8720-73CBFA000A3C__P_551377608F224545A648BFFB55D4D4B9" style="background-color: #fafafa; box-sizing: border-box; color: #212529; font-family: Metropolis, "Avenir Next", "Helvetica Neue", Arial, sans-serif; margin-bottom: 1rem; margin-top: 1rem; text-align: justify;">
<span style="font-size: x-large;">vMotion in an environment without shared storage is subject to the following requirements and limitations:</span></div>
<ul class="ul" id="GUID-9F1D4A3B-3392-46A3-8720-73CBFA000A3C__UL_5380AF940F404B0D8964878C09732883" style="background-color: #fafafa; box-sizing: border-box; color: #212529; font-family: Metropolis, "Avenir Next", "Helvetica Neue", Arial, sans-serif; margin-bottom: 1rem; margin-top: 0px; text-align: left;">
<li class="li" id="GUID-9F1D4A3B-3392-46A3-8720-73CBFA000A3C__LI_AB7854AC89B949A5B6542500913661FC" style="box-sizing: border-box; margin-top: 0.6em;"><div class="p" id="GUID-9F1D4A3B-3392-46A3-8720-73CBFA000A3C__d187t33" style="box-sizing: border-box; margin-bottom: 1rem; margin-top: 1rem; text-align: justify;">
<span style="font-size: x-large;">The hosts must be licensed for vMotion.</span></div>
</li>
<li class="li" id="GUID-9F1D4A3B-3392-46A3-8720-73CBFA000A3C__LI_617F2FDF0B6F419D9AEFF76CF4A8D6F7" style="box-sizing: border-box; margin-top: 0.6em;"><div class="p" id="GUID-9F1D4A3B-3392-46A3-8720-73CBFA000A3C__d187t35" style="box-sizing: border-box; margin-bottom: 1rem; margin-top: 1rem; text-align: justify;">
<span style="font-size: x-large;">The hosts must be running <span class="ph productname" id="GUID-9F1D4A3B-3392-46A3-8720-73CBFA000A3C__PRODUCTNAME_151DEB637A324DC9B6DDD7091D718B38" style="box-sizing: border-box;">ESXi</span> 5.1 or later.</span></div>
</li>
<li class="li" id="GUID-9F1D4A3B-3392-46A3-8720-73CBFA000A3C__LI_036668F07A3A420D8DB88790FCAF8787" style="box-sizing: border-box; margin-top: 0.6em;"><div class="p" id="GUID-9F1D4A3B-3392-46A3-8720-73CBFA000A3C__d187t40" style="box-sizing: border-box; margin-bottom: 1rem; margin-top: 1rem; text-align: justify;">
<span style="font-size: x-large;">The hosts must meet the networking requirement for vMotion. See <a class="xref" href="https://docs.vmware.com/en/VMware-vSphere/6.5/com.vmware.vsphere.vcenterhost.doc/GUID-3B41119A-1276-404B-8BFB-A32409052449.html#GUID-3B41119A-1276-404B-8BFB-A32409052449" style="background-color: transparent; box-sizing: border-box; color: #007cbb; text-decoration-line: none;">vSphere vMotion Networking</a></span></div>
</li>
<li class="li" id="GUID-9F1D4A3B-3392-46A3-8720-73CBFA000A3C__LI_686C16DB861B4E5FBBEBB3B223098F69" style="box-sizing: border-box; margin-top: 0.6em;"><div class="p" id="GUID-9F1D4A3B-3392-46A3-8720-73CBFA000A3C__d187t46" style="box-sizing: border-box; margin-bottom: 1rem; margin-top: 1rem; text-align: justify;">
<span style="font-size: x-large;">The virtual machines must be properly configured for vMotion. See <a class="xref" href="https://docs.vmware.com/en/VMware-vSphere/6.5/com.vmware.vsphere.vcenterhost.doc/GUID-0540DF43-9963-4AF9-A4DB-254414DC00DA.html#GUID-0540DF43-9963-4AF9-A4DB-254414DC00DA" style="background-color: transparent; box-sizing: border-box; color: #007cbb; text-decoration-line: none;">Virtual Machine Conditions and Limitations for vMotion</a></span></div>
</li>
<li class="li" id="GUID-9F1D4A3B-3392-46A3-8720-73CBFA000A3C__LI_9E405134F3FF41E8BF75CD8ADABD4E01" style="box-sizing: border-box; margin-top: 0.6em;"><div class="p" id="GUID-9F1D4A3B-3392-46A3-8720-73CBFA000A3C__d187t51" style="box-sizing: border-box; margin-bottom: 1rem; margin-top: 1rem; text-align: justify;">
<span style="font-size: x-large;">Virtual machine disks must be in persistent mode or be raw device mappings (RDMs). See <a class="xref" href="https://docs.vmware.com/en/VMware-vSphere/6.5/com.vmware.vsphere.vcenterhost.doc/GUID-A16BA123-403C-4D13-A581-DC4062E11165.html#GUID-A16BA123-403C-4D13-A581-DC4062E11165" style="background-color: transparent; box-sizing: border-box; color: #007cbb; text-decoration-line: none;">Storage vMotion Requirements and Limitations</a>.</span></div>
</li>
<li class="li" id="GUID-9F1D4A3B-3392-46A3-8720-73CBFA000A3C__LI_BBC29ED63C3041F7B1C0CE9DDCBBB018" style="box-sizing: border-box; margin-top: 0.6em;"><div class="p" id="GUID-9F1D4A3B-3392-46A3-8720-73CBFA000A3C__d187t57" style="box-sizing: border-box; margin-bottom: 1rem; margin-top: 1rem; text-align: justify;">
<span style="font-size: x-large;">The destination host must have access to the destination storage.</span></div>
</li>
<li class="li" id="GUID-9F1D4A3B-3392-46A3-8720-73CBFA000A3C__LI_278A3BEC460A4B87B66630F0D3E58094" style="box-sizing: border-box; margin-top: 0.6em;"><div class="p" id="GUID-9F1D4A3B-3392-46A3-8720-73CBFA000A3C__d187t59" style="box-sizing: border-box; margin-bottom: 1rem; margin-top: 1rem; text-align: justify;">
<span style="font-size: x-large;">When you move a virtual machine with RDMs and do not convert those RDMs to VMDKs, the destination host must have access to the RDM LUNs.</span></div>
</li>
<li class="li" id="GUID-9F1D4A3B-3392-46A3-8720-73CBFA000A3C__LI_25A72982A42E431AA1EE5BE40E803032" style="box-sizing: border-box; margin-top: 0.6em;"><div class="p" id="GUID-9F1D4A3B-3392-46A3-8720-73CBFA000A3C__d187t61" style="box-sizing: border-box; margin-bottom: 1rem; margin-top: 1rem; text-align: justify;">
<span style="font-size: x-large;">Consider the limits for simultaneous migrations when you perform a vMotion migration without shared storage. This type of vMotion counts against the limits for both vMotion and Storage vMotion, so it consumes both a network resource and 16 datastore resources</span></div>
</li>
</ul>
</div>
</div>
</div>
Sachin Bhardwajhttp://www.blogger.com/profile/00246998315096670256noreply@blogger.com0tag:blogger.com,1999:blog-7301826463672350299.post-21277867056885211912019-12-31T19:45:00.002+05:302020-01-03T22:50:46.344+05:30Enhanced vMotion <div dir="ltr" style="text-align: left;" trbidi="on">
<br />
<b style="font-size: xx-large;">Enhanced vMotion (EVC)</b><br />
<span style="font-size: x-large; text-align: justify;"><br /></span>
<span style="font-size: x-large; text-align: justify;">vSphere Enhanced vMotion is a feature through which workload can be live migrated from one ESXi host to another ESXi host which are running on different CPU generation but with same cpu vendor.</span><br />
<div style="text-align: justify;">
<span style="font-size: x-large;"><br /></span></div>
<div style="text-align: justify;">
<span style="font-size: x-large;">EVC in vSphere was introduced in vSphere 5.1 using vMotion and Storage vMotion terminology. EVC can be enabled at the vSphere ESXi Cluster and on VM's.</span></div>
<div style="text-align: justify;">
<span style="font-size: x-large;"><br /></span></div>
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgW0K47ikJJMd1m4Zotr3gkjpvu2NlXzu4g15sQKd77XPEGxLqNOSkNf3HRMb7oDgCzUSRjTYWwbAWS2m7hyphenhyphenBh_JBV3jEGoN-6Jvod8NSvon8E-EH7Pa4-R3ofFPgdyTGWSeB8L3oJzwrQ/s1600/howevcworks.JPG" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="406" data-original-width="847" height="306" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgW0K47ikJJMd1m4Zotr3gkjpvu2NlXzu4g15sQKd77XPEGxLqNOSkNf3HRMb7oDgCzUSRjTYWwbAWS2m7hyphenhyphenBh_JBV3jEGoN-6Jvod8NSvon8E-EH7Pa4-R3ofFPgdyTGWSeB8L3oJzwrQ/s640/howevcworks.JPG" width="640" /></a></div>
<div class="separator" style="clear: both; text-align: center;">
Figure 1</div>
<div style="text-align: justify;">
<span style="font-size: x-large;">VMware EVC Mode works by masking unsupported processor having different generation of same vendor and presenting a homogeneous processor to all the vm's in a cluster.</span></div>
<div style="text-align: justify;">
<span style="font-size: x-large;"><br /></span></div>
<div style="text-align: justify;">
<span style="font-size: x-large;">The benefit of EVC is that you can add ESXi host consist of latest processors to exising cluster without incurring any downtime.</span></div>
<div style="text-align: justify;">
<br /></div>
<div style="text-align: justify;">
<br /></div>
<div style="text-align: justify;">
<span style="font-size: x-large;">The VMware Compatibility Guide is the best way to determine which EVC modes are compatible with the processors used in your cluster. </span><br />
<span style="font-size: x-large;"><br /></span>
<span style="font-size: x-large;">Below in figure 1 demonstrates how to determine which EVC mode to use given 3 types of Intel processors.</span></div>
<div style="text-align: justify;">
<a href="https://www.vmware.com/resources/compatibility/search.php?deviceCategory=cpu" style="text-align: left;">https://www.vmware.com/resources/compatibility/search.php?deviceCategory=cpu</a></div>
<br />
<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjfHHYWK2rtKcLWLqkYLwOJHyNZvF8VpeOuyeY-QbqpXiTPSrHGfIrVCzeunn2njabnXKCB-4hyphenhyphenEGY1-bi8djk7idG2Svz5o9W1GSEG9ZJCjP-4RwKzO3l9zGtm8lEXbLOPBZAYThDa5J8/s1600/cpuseries+evcmatrix.JPG" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="635" data-original-width="984" height="412" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjfHHYWK2rtKcLWLqkYLwOJHyNZvF8VpeOuyeY-QbqpXiTPSrHGfIrVCzeunn2njabnXKCB-4hyphenhyphenEGY1-bi8djk7idG2Svz5o9W1GSEG9ZJCjP-4RwKzO3l9zGtm8lEXbLOPBZAYThDa5J8/s640/cpuseries+evcmatrix.JPG" width="640" /></a></div>
<div class="separator" style="clear: both; text-align: center;">
</div>
<div style="text-align: center;">
Figure 2</div>
<br />
<span style="font-size: x-large;"><i>The steps consists of to identify.</i></span><br />
<ul style="text-align: left;">
<li style="text-align: justify;"><span style="font-size: x-large;">Locate the ESXi version </span></li>
<li style="text-align: justify;"><span style="font-size: x-large;">Hold down the CTRL key and select the type of processors from the CPU Series list.</span></li>
<li style="text-align: justify;"><span style="font-size: x-large;">Press the CPU/EVC matrix button to view the results.</span></li>
</ul>
<br />
<span style="font-size: x-large; text-align: justify;">To enable EVC, one must ensure that ESXi hosts in cluster satisfy</span><span style="font-size: x-large; text-align: justify;"> below conditions:</span><br />
<br />
<ul style="text-align: left;">
<li style="text-align: justify;"><span style="font-size: x-large;">All ESXi host in the cluster must be configured with vMotion</span></li>
<li style="text-align: justify;"><span style="font-size: x-large;">All ESXi in cluster must have one CPU vendor (Either AMD or Intel.</span></li>
<li style="text-align: justify;"><span style="font-size: x-large;">ESXi host must be connected to the vCenter Server.</span></li>
<li style="text-align: justify;"><span style="font-size: x-large;">Virtualization feature like Intel-VT and AMD-V must be enabled for all the ESXi host in server BIOS.</span></li>
</ul>
<br />
<div style="text-align: justify;">
<span style="font-size: x-large;">The results states that we can only use EVC modes Merom or the Penryn. This means we have to sacrifice some features exclusive to the Intel i7 processor. </span><br />
<span style="font-size: x-large;"><br /></span>
<span style="font-size: x-large;">This is the stage at which you have to decide whether you’re better off getting new servers as opposed to adding old ESXi host of the cluster.</span></div>
<div style="text-align: justify;">
<span style="font-size: x-large;"><br /></span></div>
<div style="text-align: justify;">
<span style="font-size: x-large;"><br /></span></div>
<div>
<br /></div>
</div>
Sachin Bhardwajhttp://www.blogger.com/profile/00246998315096670256noreply@blogger.com0