Sometimes networks are so firewalled off that you need management appliances with 2 network interfaces to manage the devices inside the quarantined network. This is sometimes true for network device management, where there’s no way to connect to the switch, router, firewall, or load balancer over the regular network and a jump host is always needed. If you want to monitor them, the monitoring appliances would have 1 interface in the quarantined network and 1 interface in a network where it can be accessed by admins. While it’s a different discussion about whether that’s safe or not (compromise the monitoring … Read more
API calls towards VMware Cloud are typically done using refresh tokens. Most examples you can find about the VMC API are around refresh tokens. These are personally bound to a VMC user. Which makes sense, you are doing something (creating an SDDC, or getting info, etc.). But, what if you’re building a service against VMware Cloud and need all API calls not to be bound to an individual? That’s where OAuth apps come in.
I wanted to document my tinkering to get an OAuth app to work and retrieving information around SDDCs, using that way of authentication.
Create OAuth App… Read more
That’s a long post title, right?! Well, a lot of moving parts for this one. 😉
Terraform is a powerful tool to achieve infrastructure-as-code. You can do many things, from configuring Cisco ACI to creating and maintaining a VMware Cloud on AWS and everything in between. There’s also a vSphere provider that allows you to deploy VMs from OVA templates. That’s where this story begins.
vRealize Network Insight Cloud has a platform where the data is stored and a collector, which does the collecting. This collector needs to be placed as close to the data source as possible. For VMware … Read more
By default, the NSX-T Manager has a protection mechanism in place to prevent the API from being overloaded. This is a good thing, protecting the NSX-T Manager.
But, the increasing integrations into NSX-T, make it so that more and more products are using the NSX-T API to monitor or configure NSX (vRealize Network Insight, vRealize Operations, vRealize Automation, etc.). I’ve hit this limit several times and needed to push that limit up.
vRealize Network Insight (vRNI) captures all traffic going through the network. It stores the traffic in flow records, and these are made up out of a source, destination, protocol, and port number. The metrics are attached so you can get a nice graph of the traffic behavior.
After creating the flow, vRNI goes on and attaches a lot of context to that flow: Is it coming from a VM? Is there a firewall rule attached? Which vCenter is this flow going through? What kind of SD-WAN Policies are attached? If any of this context changes (i.e., a VM got renamed), … Read more
You can create some pretty cool and quick dashboards with vRealize Log Insight. Send it some data, set some filters, and create widgets that represent the data in a good way.
I just finished creating some good usage dashboards for the vRealize Network Insight Field Demo instances we have. The NGINX logs are sent via the log insight agent to vRLI, and then I filter out the unique visitors, popular searches, pinboards, and more. I wanted to see how often the field demo gets used and what’s being used.
The only problem is that vRLI doesn’t support generating scheduled reports, … Read more
Formerly known as VeloCloud, the VMware SD-WAN solution is a combination of hardware (the branch routers) and software. The software is the magic sauce, which they prove by providing virtual Edges for vSphere, so you can place the edge anywhere. vSphere isn’t the only virtual format; they’ve also made it available for AWS, Azure, AliCloud, and GCP.
I’ve been deploying regional (US, EMEA, APJ) POPs of SD-WAN HUBs to better replicate an enterprise SD-WAN in the vRealize Network Insight demo lab (more on that in a future post), and ran into some things to take notice of, or even fix … Read more