Adjusting the VCF API Swagger

These go to 11 / Spinal Tap | Know Your Meme

The API for VCF is hands down, one of the most powerful in the industry. Allowing you to accomplish everything from scheduling backups, to rotating certificates and passwords across the deployment, to deploying an NSX Edge Cluster complete with Tier-0 and Tier-1 routers configured!

While the Developer Center is a great place to start and try out API’s, making it part of your enterprise automation/orchestration systems should be the goal. For that you’ll want the VCF API swagger file to import into your API Orchestration engine. While this isn’t able to happen straightaway, it’s easy to complete with just a few simple tweaks.

Continue reading Adjusting the VCF API Swagger

Keystore Management with VCF

Keystores contain certificates used by Java-based applications to authenticate and encrypt HTTPS traffic. VMware Cloud Foundation (VCF) leverages a keystore and automates a significant part of the interaction with it. As a result, management of the keystore is often overlooked.

In this article, I’ll discuss the keystore used by VCF, why you would need to manage it, and demonstrate some of the commands you might use.

Continue reading Keystore Management with VCF

When passwords expire…

Most platforms today implement a password aging system that requires a user to change the passwords used within a specific interval or have access automatically disabled. VMware is no different. By default, password aging is enabled on most VMware products, including vCenter, NSX, and so on.

In this article, I’ll discuss what can happen when passwords expire within a VMware Cloud Foundation (VCF) environment and demonstrate how you can avoid issues.

Continue reading When passwords expire…

Deployment or Host Commissioning Certificate Error

During VCF 4.2 deployment I ran into a new error that I hadn’t see previously. Usually I am using VLC and all the pre-reqs have been taken care of for me. However in this instance I needed to deploy VCF in a nested environment under vCloud Director where VLC wouldn’t work. I loaded up my ESXi hosts and configured their IP/DNS/NTP settings, enabled ntp and ssh, and setup their networks and disks etc. Deployed Cloud Builder and populated my deployment spreadsheet. When I got to the validations after submitting my spreadsheet I ran into the following error:

SSL Certificate common name doesn’t match ESXi FQDN.
Continue reading Deployment or Host Commissioning Certificate Error

VMware Cloud Foundation Security

Securing a VMware Cloud Foundation (VCF) environment can be a daunting task at times. There are several products that can be deployed, and each has specific things that need to be looked at. It’s especially important to think of VCF as a solution though, as actions that you may take on an individual product can impact the functionality of the solution as a whole. Today, however, this just got a bit easier…

Continue reading VMware Cloud Foundation Security

Removing Failed Edge Cluster

Sometimes.. things just don’t work right, I am writing another blog entry that required me to deploy an edge cluster and well.. I fat fingered an IP address so there was a failure. While it would be nice to just make a change to the submitted configuration, we can’t in this instance. Rather we need to remove and then redeploy the edge cluster. There is a KB for this, but I like visuals to go along with my text so let’s walk through it together!

Continue reading Removing Failed Edge Cluster

Building a VCF lab with pfSense (Part 1)

Part 1: Defining the Architecture

Building a lab running VCF is made easy through the use of the VCF Lab Constructor (VLC). When run in the ‘automated’ mode, VLC will build out a nested environment and deploy VCF in it. It even abstracts a lot of the networking setup to make it as easy as possible. But what if you want to build out the network manually? In this series of posts, I’ll walk you through doing exactly that!

Continue reading Building a VCF lab with pfSense (Part 1)