vRNI and Micro-segmentation with NSX.

One of the biggest use cases I personally come across with NSX Datacenter is focused around security, in particular the use of Micro-segmentation to secure virtual machines and get to the desired goal of a zero trust security model. If you’re not sure what this is then have a quick read of VMware https://www.vmware.com/uk/products/nsx-security-microsegmentation.html Part of my day job involves discussions with clients around how they secure their environment, applications and data. The conversation usually begins at the perimeter where there’s a firewall, they paid a lot of money for it and it has a ton of funky features that helps to protect their environment against threats etc. When the conversation moves inwards to the next layer we discuss how virtual machines are protected and the topics of conversations include VLANs, Access Control Lists, DMZs and with some client, separate hardware platforms or clusters. After 10 minutes or so I usually ask what protection they have between virtual machines or what visibility they have of the type of traffic flows and most of the time the conversation comes to a halt. At this point I tend to get a white board going and start to map some of these things…

Read More

NSX Data Center for vSphere 6.4.5

I’ll admit I’m still getting used to the names but I would have called this NSX-V 6.4.5. Anyway a minor release was announced recently and whilst there’s not a huge amount of features I’m writing this very brief post to shout out the updates to the HTML5 UI. You can now (finally) configure Routing, Bridging and Load Balancing in the vSphere Client. Whilst feature parity is still a way off this is definitely a step in the right direction as we begin to see the end of the legacy flex client. A good link to check what is and isn’t supported with the HTML5 UI can be found below along with the full release notes. https://docs.vmware.com/en/VMware-NSX-Data-Center-for-vSphere/6.4/rn/nsx-vsphere-client-65-functionality-support.html https://docs.vmware.com/en/VMware-NSX-Data-Center-for-vSphere/6.4/rn/releasenotes_nsx_vsphere_645.html

NSX-T 2.4

Today saw the release of NSX-T 2.4 which believe it or not is the 7th release of this software since 1.0 first launched in mid 2016. VMware have been on a bit of a journey until now with NSX-T but it’s quite clear this is the primary focus moving forward.  The Vision Connect and Protect Any Workload Across Any Environment  With the release of 2.4 VMware have now realised this vision being able to support both cloud and on-premises workloads running on ESXi KVM AWS Azure VMConAWS Installation and Operations  The HTML5 UI has had a face lift and now offers a context based search option and can offer suggestions based on your search phrase. The UI is meant to be friendly enough to be used by people with limited exposure to NSX-T. Improvements have been made to the dashboards including the NSX-T overview which offers high level information with the option to drill down into feature based dashboards for further detail. To help with installation and setup tasks, a significant amount of work has gone into creating workflows to deploy components or features such as deploying load balancers or preparing ESXi clusters. The upgrade coordinator has also been enhanced and…

Read More

Veeam 9.5 U4 – Object Storage Part 1

One of the new features I’ve been keen to try in the lab is the use of object storage with Scale Out Backup Repositories (SOBR) to understand how it works. To begin I need to create a new backup repository. Click Add Repository 5. Next I need to connect to provide credentials to access the object storage. You can set this up ahead of time but in this example I need to click Add and provide valid credentials for my Azure account. It is possible to configure a gateway server if the SOBR extents don’t have direct internet access. 6. Next I need to enter my Azure Storage account and shared key. 7. Once authenticated I need to choose the container and folder I wish to use with. I’ve already created a new container called veeam-be-test and I’ll click browse to select a folder. 8. Ahead of time in the Azure Portal I created a folder called VeeamBackup to use. I’ll choose this and click OK 9. Review the summary page to double check everything is correct before clicking finish. 10. The newly created Azure Blob Storage account is now showing under the backup repositories. To make use of Cloud…

Read More

Veeam 9.5 Update 4

Veeam 9.5 U4 has been out in the wild for a few weeks now and I’ve been keen to get this installed in my lab to review some of the new features.  There were a couple of key announcements that caught my attention with this release, first of all I’m loving the new splash screen! vSphere (and Microsoft) Support  It’s great to see U4 support vSphere 6.7 U1 as well as full support 6.5 U2. In my day jobs this has certainly caused a few headaches with upgrades over the last couple months. Whilst I’m a die hard VMware guy I can’t ignore the fact Windows Server 2019, including Hyper-V is supported. Cloud Tier One of the announcements that jumped out for me was the Cloud Tier feature. This works with the Scale Out Backup Repository (SOBR) feature and allows object storage to be added from cloud providers such as Azure,  Amazon (S3) or IBM (Cloud Object Storage). The tiering of data is done automatically and policy driven. You set the operational restore window on the SOBR and once data passes this point it can be tiered out to object storage. There is builtin intelligence to assist with restores to…

Read More

My Home Lab

Just a quick post to share what I run in my home lab. It’s a straight forward setup and most of the hardware was purchased in 2015 to replace my previous lab which ran on HP Microservers and HP ML115’s. I know there are some guys out there with mini DC’s / enterprise setups but this suits me fine for now and has a high scoring WAF (Wife Acceptance Factor). As of early 2019 my lab has the following, 3 x Lenovo TS140 servers, each with a quad core CPU and 32GB RAM 1 x Synology DS1815+ with SSD caching to improve performance 1 x Cisco SG300-10 1Gb switch 1 x Cisco SG300-20 1Gb switch I’ve configured the Synology to support both iSCSI and NFS storage and have a few datastores presented to the cluster. I try to keep the lab as clean as possible and only run a few core VMs. Everything else runs in a nested environment. Why? Nested labs are easy to deploy/automate and if I nuke something I can just blow it away and start again. All the VMware software is licensed using my vExpert licensing entitlement. For those just getting started I’d encourage you to…

Read More

The what, the why and the how?

Welcome and thanks for stopping by.  I’ve created this site to share my thoughts, opinions and guides on various topics around virtualisation and cloud.   Having contributed to a blog site run by my employer for several years I thought it was about time I branched out and started my own alongside this. I’m also hoping that I’m not the only person to start an IT related blog in 2019 as I feel very late to the party!  Having been accepted onto the VMware vExpert program in 2018 I feel I need to create my own online presence to further develop myself within the VMware community. So over the coming months the plan is to hammer my home lab until the hamster wheel is at top speed and create some (hopefully) useful content around vSphere, vSAN, NSX, with a sprinkling of Veeam, Zerto and Dell EMC thrown in for good measure.