Yes, for the fifth year in a row I got the VMware vExpert status.
Being a VMware enthousiast, I blog about my experiences (not as much as I want too) and try to be an active community member of some Facebook VMware expert groups.
For this year I hope to blog more about my experiences transitioning into CNA (Cloud Native Applications), focusing on the platform technology for supporting CNA. Think about VMware Tanzu TAS, software like, Confluence, BOSH, Cloudfoundry, (Kubernetes)…..
This week I attended VMware Explore Europe. Finally a life event and back in Barcelona.
And for the first time being part of an orange ‘army’ the ITQ workforce.
I had a great time. Getting to know my colleagues, learning some interesting stuff, meeting customers.
Multi cloud, yeah, you couldn’t have missed it during Explore. It was the buzz word (and even the WIFI password…..) It was no surprise of course. VMware is advertising for years that their vision is to run any application on any infrastructure on any cloud. And even when you think you are not using the bits and bytes from VMware, well there is a good change you still do. Does spring.io ring a bell ??
Eventhough compared to the last VMworld in Barcalona, VMware Explore was a bit tuned down, there was still more then enough to do. It just depends on what your focus is. For me this year, I wanted to focus more on cloud native session. And just some session about new features for vSphere. And just merge into the vExpert en Code communities.
Being part of the vExpert community, you had a treat this year if you signed up for a barebone nuc. The nuc, sponsored by Cohesity is going to be a great addition to my homelab and with make life a bit easier for my esxi host.
I will run pfsense on the nuc, so my esxi is dedicated for homelab, and not running also my pfsense. Which gives me more flexibility when upgrading esxi (impact at the moment would be that internet access is down, which is not appreciated at my home 🙂 ). And I don’t have to reserve CPU and memory resources anymore.
But that is for another time, another blog(story).
My key takeaways / highlights of Explore 2022 are
What are your key take aways of VMware Explore 2022 , and why ?
re-visiting an old friend ?
I’ve been quite on my blog for the last half year. That is what moving to a new house, seeing my son growing up, renovating a bathroom, setting up my home automation etc… will do…
So at the last day of 2021, looking to the morning sky from my office at home, I decided to blog about my reintroduction experience with vRA 8
Yeah, reintroduction.
A few years ago I followed the VMware ICM (installation, configuration and management) course for vRA 7. Five days of learing about fabric groups, blueprints, orchestrator, the several VMs needed to build a vRealize Automation platform. By trade I’m a developer / automation engineer. The course was more a meaning to an end. But that end never happened. Yeah I’ve been building a vRA 7 platform. And on another assignment, rescuing a vRA 7 platform ( it was falling apart)… But really developing automation with vRA.. Never happened.
And my warm feelings for vRA 7 went away. A complex platform, a memory game in finding the correct terminology and links in the vRA portal… and that awfull java client for orchestrator. No succes stories for me.
Until this year…
I’m working with a customer who has already a vRealize platform in place, but needs support in developing. In helping their administrators developing a developer mindset. And they have vRA 8
Of course I had seen VMware’s presentation about vRA 8. And to be honest I started to become positive about vRA. No mix of appliances and windows VMs, no MS SQL VM… just one type of appliance, running kubernetes and distributed the several services over kubernetes pods.
vRA8 is underneath the hood a completely different than its predecessor. And no java client. And the principe that everything should be code…
In the last two weeks I’ve (with some help) deployed a new vRA 8 platform, and developed some automation, using the exisiting vRA 7 platform. We decided not to use the migration tool. But to rebuild the functionality. The main reason for this is the different approaches between vRA 7 and 8.
vRA 8 is focused on tag policy driven placement. Meaning you tag resources with several kind of metadata, like enviroment (DMZ,Dev,Production,Test) , OS, storage SLA, backup SLA. And you use constraints in blueprints and projects to guide the deployment.
You use vRO actions as external sources for option values, default values in the vRA request forms to help the end user in making selections.
You don’t develop one big monolithic automation, but need to slice it up in smaller parts. Thinking of ‘can I reuse it’, ‘can I make it more task general and dynamic’, etc.
And in the end you have some simple workflows and blueprints, but build a catalog with dynamic items, helping the administrator and/or developers in deploying VMs
My experience with developing in vRA 8 is a positive one. As for any language or automation platform, the main points to take away are:
As you can tell, my experiences with vRA8 are positive. You need to invest time to understand the platform… but it makes more sense then vRA7 did. And it is completely different.
One of the main challenges with automation is, selling it to the organisation… and making it donkey proof… it takes time… take small steps so the changes for succes are bigger. And celebrate them.
I’ve changed my code repository on github.
And as someone already noticed this breaks some links on my blog.
I’m in the progess of fixing them, but if you find a link that is not working anymore, please leave a comment. I’ll try to fix it as soon as possible.
The new code repository can be found here
It has been a while since my last blog post. And there has happened some stuff.
This month I started a new adventure. I started to work at B-Critical in the roll off Senior VMware Consultant.
The goal of this adventure is to work closely with VMware at B-Critical, to be critical at IT infrastructure challenges, to have a lot of fun while answering these challenges and help customers.
Also I want to thank my former colleagues at Conoscenza for the fun and challenges during the projects we worked on.
One of my projects recently was migrating from a vSphere 5.5 enviroment, running on Widows OS, to vSphere 6.5 running on VCSA.
VMware did a good job with the tools for migrating to VCSA 6.5.
In vSphere 5.5 it was a challenge to replace the self-signed certificates, especially if they where expired…. From 6.0 on VMware introduced certificate managed for the vSphere enviroment. And where the PSC would be the CA for the vSphere enviroment.
With this, you can choose to let vCenter be a subCA in your PKI infrastructure.
You can find enough how-to’s for configuring the VCSA as a subCA. Like here:
I just want to add some Gotcha’s, maybe you think ‘Yeah, of course…. duh….. why don’t you know that…’ well… then that Gotcha’s wasn’t meant for you 🙂
Gotcha’s
At some point you need to download the CSR (certificate request) and copy it in your PKI enviroment. The most common method is to use SCP for file access… but the shell of the VCSA doesn’t support this by default.
This is what you need to do:
To change the shell setting back to its original configuration, run
>chsh -s “/bin/appliancesh” root
This was a, a-yes-off-course moment…. but it did cost me some headache….
When running the steps to configure the VCSA as a subCA in your PKI, you get a few times the question
Enter proper value for ‘Name’ [Default value : CA] : ……
Make sure you use unique names here. This is the name of a certificate that is going to be generated for you. The certificate manager doesn’t check these settings, and in the end it will make a rollback…. a.k.a. waste of time.
My suggestion is for a naming convention: <hostname>-<file name being configured>
For instance, when your VCSA hostname is: VCSA-01 and your busy with the questions for the vpxd.cfg file, then the value you would enter would be ‘VCSA-01-vpxd’
But you are (off course) free to choose your own. Just make sure that these values are unique.
The certificate manager is asking values for the following files:
As a good practise, the CA is installed on a windows server that is not part of the AD domain and normally is powered off.
When requestion a certificate you normaly would use a browser and go to the url <hostname subca>/certsrv. But if this isn’t available on a offline root, you can use the cmd-line.
The cmd is:
> certreq -submit -attrib CertificateTemplate:<name of CA template> <filepath of CSR>
Steps to issue a the subCA certificate
The script has been modified to exclude certain vibs. The reason is that with some configurations we found out that the wrong vib was loaded on a vspherer host. Resulting in a PSOD, due to driver, hardware, ESXi version conflicts.
With this in mind, I added the functionality to exclude VIBs. The excluded VIBs are listed in the parameters.ps1 file.
After the new image profile has been configured, the script will exclude the VIBs, if they are present. VIBs that are excluded are reported in excluded.txt file.
The script creates a parameters.ps1 file in the project folder, containing the names of the Vibs that are excluded. This file is used to re-create an image if necessary.
You can find the script at github, here
Yes, it is another blog site about virtualization and related subjects. I’m not sure how often this will be updated.
My intend is to write posts about virtualization. Mostly it will have a relation with VMware and their suites (like VMware vSphere, vRealize Log Insight, PowerCLI).
vB(art)log 