Tagnsx

vRealize Automation and NSX with App Isolation: Internal error

My colleague Erik Scholten (vRealize specialist) was building a demo environment for a customer this week. In this environment, he wanted to demonstrate vRealize Automation (vRA) in all its glory and have NSX coupled to it so vRA could use NSX to micro-segment rolled out blueprints using the App Isolation option.

NSX is pretty easy to get off the ground for first use, which he did himself with ease. All that’s needed for one to be able to use the distributed firewall to micro-segment, is to deploy NSX Manager, connect it to vCenter and prepare the ESXi hosts. NSX was … Read more

Using PowerNSX to get all routes on NSX Edges

This is going to be a short one! I received an interesting question from Sander Martijn about retrieving all IP routes from an NSX Edge. There is no API endpoint available in NSX to get the current routes and the only way this information can get retrieved is using the NSX Central CLI. You can easily see all routes on the Central CLI by using the command: show edge edge-id ip route.

PowerNSX has an Invoke-NsxCli cmdlet which executes the Central CLI with a specific query. Because of this, you can retrieve the routes with a PowerShell script and … Read more

Learning NSX SD-WAN by VeloCloud – Orchestrator Configuration Basics

This post is a part of my NSX SD-WAN by VeloCloud series to dive deeper into the acquisition of VeloCloud by VMware, late last year. In an earlier post, I explained the concepts behind the architecture of NSX SD-WAN and with this post, I will dive into the VeloCloud Orchestrator (VCO) to see what you need to configure to generate an SD-WAN network. Please note that the Orchestrator can be used to monitor and troubleshoot the SD-WAN as well, I will cover those topics in a future post.

NSX SD-WAN Architecture - Orchestrator

VeloCloud Orchestrator (VCO) – What is it?

The VCO is the management … Read more

NSX-v 6.4.1 Released – Extended HTML5, vSphere 6.7 support & more

NSX for vSphere 6.4.1 has been released and it brings a couple of good nuggets. Most of all, it is now compatible with vSphere 6.7 – so if you want to go to vSphere 6.7 and NSX was holding you back, start your upgrade engines!

HTML5 UI Extended

It fills me with joy to see this happening – 6.4.1 brings a bunch of new functionality to the HTML5 UI instead of the old vSphere-Client UI. The additions are:

  • Distributed Firewall Management
  • The Service Composer: Security Groups, Policies and Tags.
  • SpoofGuard Management
  • IPFIX Configuration & Flow Monitoring
  • Groups & Tags: all
Read more

Storing the VMware NSX config in version control

Almost any organization that I’ve had the pleasure of talking with, uses Git either for code repositories where their developers work or for doing version control on their infrastructure systems. Git is an excellent version control tool and is widely used for both developers and also infrastructure configuration. This post goes into how to put the VMware NSX configuration into version control using Git.

Not all infrastructure components (server systems, network devices, etc) have a proper audit log on what happens in the configuration and who is doing what exactly. This is where version control can lend a helping hand … Read more

VMware NSX & OTRS – Automating Security with Help Desk Systems

Over the last couple of months, Sander, Anne Jan and I have been working on a security whitepaper that lays out a practical implementation of zero trust while interfacing with a helpdesk system. In this case, OTRS.

It’s all about how engineers can get access to servers to perform maintenance, once your environment is properly micro-segmented. This whitepaper talks about the challenges you have when you’re micro-segmented and how you can resolve these challenges. Using OTRS as an example, this document lays out how to configure a help desk system like OTRS to interface with NSX to gain network … Read more

GRE Tunnels & Dynamic Routing in NSX 6.4

There was a line in the NSX 6.4 release notes that caught my eye: “Support for BGP and static routing over GRE tunnels.” – First thought was “awesome, dynamic routing over a VPN”. But then I realized that that GRE tunnel in itself is a new feature as well, which the release notes don’t really mention. The VMware Docs website also doesn’t mention anything about it.

After a bit of digging, it appears that this feature has been added primarily to support the VMware on AWS architecture and connectivity towards that platform. But that doesn’t mean us mortals can’t use … Read more

© 2018 Lostdomain

Theme by Anders NorénUp ↑