Tag:

NSx

CloudVMware Cloud Foundation

New VMware Cloud Foundation & vSphere Foundation Offerings and Licensing model

by Tommy Grot
written by Tommy Grot 4 minutes read

Official Announcement about the new offerings from VMware

VMware is here to shake things up with their latest offerings, VMware Cloud Foundation and VMware vSphere Foundation!

With VMware Cloud Foundation, managing your cloud infrastructure has never been easier, providing a unified platform for seamless deployment and management of applications across private, public, and hybrid clouds. And that’s not all! VMware vSphere Foundation takes virtualization to the next level for smaller businesses and their needs, delivering enhanced scalability, reliability, and security for your business-critical applications.

Announcement of VMware Cloud Foundation and vSphere Foundation Products and Support Services offerings, same information where @ William Lam has shared on his blog.

VMware Cloud Foundation (VCF)

Products & Support Services includes:

  • SDDC Manager
  • vSphere Enterprise Plus
    • vCenter Server Standard
    • vSphere with Tanzu (includes TKG Runtime)
    • vSphere ESXi
  • vSAN Enterprise (includes 1TiB per CPU Core)
  • NSX Enterprise Plus
  • Aria Suite Enterprise
    • Aria Automation
    • Aria Operations
    • Aria Operations for Logs
  • Aria Operations for Networks Enterprise
  • HCX Enterprise
  • VMware Data Service Manager (COMING SOON)
  • Activation & Upgrade Support Service
  • Select Support Service (recommended)

Available Add-Ons for purchase for VCF:

  • VMware Cloud Disaster Recovery (VCDR)
    • Sold as protected TiB and Per Protected VM
  • VMware Ransomware Recovery (RWR)
    • Sold as Per Protected VM
  • VMware Site Recovery (SRM)
    • Sold as pack of 25 VMs
  • vSAN Enterprise
    • Sold as 8TiB per CPU socket
  • VMware Load Balancer (NSX Advanced Load Balancer)
    • Sold as per service unit
  • VMware Firewall
    • Sold as per CPU Core
    • Distributed Firewall
    • Gateway Firewall
    • Security Intelligence
    • Container Security with Antrea
  • VMware Firewall + Advanced Threat Protection (ATP)
    • Sold as per CPU Core
    • Distributed Firewall
    • Gateway Firewall
    • Security Intelligence
    • Container Security with Antrea
    • Distributed and Gateway Intrusion Detection and Prevention Service (IDS/IPS)
    • Malware Prevention
    • Network Traffic Analysis (NTA) and Network Detection and Response (NDR)
  • Tanzu Mission Control (TMC)
    • Sold as per CPU Core
    • TMC SaaS
    • TMC (Self-Managed)
  • Tanzu Application Platform (TAP)
    • TAP
      • Sold as per vCPU
    • Tanzu Spring Runtime
      • Sold as per CPU Core
  • Tanzu Spring Runtime (TSR)
    • Sold as per CPU Core
  • Tanzu Guardrails Enterprise (TGE)
    • Sold as per resource
    • Tanzu Hub
    • Tanzu Guardrails
    • Aria Automation Config (formally Saltstack)
    • Automation for Secure Clouds
    • Automation for Secure Host
  • Tanzu Guardrails Advanced (TGA)
    • Sold as per resource
    • Tanzu Hub
    • Tanzu Guardrails
    • Automation for Secure Clouds
  • Tanzu Cloudhealth Enterprise (TCE)
    • Sold as percentage of monthly cloud spend
  • Tanzu Application Catalog (TAC)
    • Sold as active artifact
  • Tanzu Ops for Apps (formally Wavefront)
    • Sold as packets per second (PPS)
  • Tanzu Insights (TI)
    • Sold as event per month
  • CSP Entitlement
    • Partner must be signed up to Broadcom Expert Advantage program
    • Cloud Director
    • Cloud Director Availability
    • Cloud Director Plugins and Extension
    • Chargeback
    • Usage Meter
  • VMware Private AI Foundation  (COMING SOON)
  • Support Account Manager (SAM) Support Services
  • Dedicated Technical Support Engineer (DTSE) Support Services

VMware vSphere Foundation (VVF)

Products & Support Services includes:

  • vSphere Enterprise Plus
    • vCenter Server Standard
    • vSphere with Tanzu (includes TKG Runtime)
    • vSphere ESXi
  • vSAN Enterprise (*includes 100GiB per CPU Core per host)
  • Aria Suite Standard
    • Aria Suite Lifecycle
    • Aria Operations
    • Aria Operations for Logs
  • Production Support Service

Available Add-Ons for purchase for VVF:

  • VMware Cloud Disaster Recovery (VCDR)
    • Sold as protected TiB and Per Protected VM
  • VMware Ransomware Recovery (RWR)
    • Sold as Per Protected VM
  • VMware Site Recovery (SRM)
    • Sold as pack of 25 VMs
  • vSAN Enterprise
    • Sold as 8TiB per CPU socket
  • VMware Load Balancer (NSX Advanced Load Balancer)
    • Sold as per service unit
  • Tanzu Mission Control (TMC)
    • Sold as per CPU Core
    • TMC SaaS
    • TMC (Self-Managed)
  • Tanzu Application Platform (TAP)
    • TAP
      • Sold as per vCPU
    • Tanzu Spring Runtime
      • Sold as per CPU Core
  • Tanzu Spring Runtime (TSR)
    • Sold as per CPU Core
  • Tanzu Guardrails Enterprise (TGE)
    • Sold as per resource
    • Tanzu Hub
    • Tanzu Guardrails
    • Aria Automation Config (formally Saltstack)
    • Automation for Secure Clouds
    • Automation for Secure Host
  • Tanzu Guardrails Advanced (TGA)
    • Sold as per resource
    • Tanzu Hub
    • Tanzu Guardrails
    • Automation for Secure Clouds
  • Tanzu Cloudhealth Enterprise (TCE)
    • Sold as percentage of monthly cloud spend
  • Tanzu Application Catalog (TAC)
    • Sold as active artifact
  • Tanzu Ops for Apps (formally Wavefront)
    • Sold as packets per second (PPS)
  • Tanzu Insights (TI)
    • Sold as event per month
  • Note: The included 100GiB of vSAN Storage per CPU core will be available in a future vSphere patch update.

Also additional offers for customers:

  • VMware vSphere Standard (VVS)
  • VMware vSphere Essentials Plus Kit (VVEP)

Products & Support Services includes:

Available Add-Ons for purchase for VSS:

  • VMware Cloud Disaster Recovery (VCDR)
    • Sold as protected TiB and Per Protected VM
  • VMware Ransomware Recovery (RWR)
    • Sold as Per Protected VM
  • VMware Site Recovery (SRM)
    • Sold as pack of 25 VMs

VMware vSphere Essentials Plus Kit (VVEP)

Products & Support Services includes:

Available Add-Ons for purchase for VVEP:

  • VMware Cloud Disaster Recovery (VCDR)
    • Sold as protected TiB and Per Protected VM
  • VMware Ransomware Recovery (RWR)
    • Sold as Per Protected VM
  • VMware Site Recovery (SRM)
    • Sold as pack of 25 VMs

VMware Validated Solutions (VVS) for VCF

Available VVS for VCF:

0 comments 3K views
0 FacebookTwitterLinkedinEmail
VMware NSX

NSX 4.x Certificate Replacement

by Tommy Grot
written by Tommy Grot 2 minutes read

Tonight’s topic is on replacing NSX Certificate for each NSX Manager appliance and also the VIP. If you’re tired of battling with certificate issues and are looking for a straightforward solution, you’ve come to the right place! In this blog post, we will guide you through the process of replacing NSX certificates for each manager and the VIP in a hassle-free manner. We will break down the steps and provide you with expert tips to ensure a smooth transition. Let’s get started!

What you will need:

  • Postman client
  • Certificate CSR
  • Certificate Generated by your Enterprise CA (I use Microsoft CA)
  • Your Enterprise Root CA Cert
  • Your newly generated Private Key
  1. With your admin account, log in to NSX Manager.
  2. Select System > Certificates.

Import your Certificate and Private Key Into your NSX Manager via Web UI

Service Certificate – No

Certificate Contents

  • (Cert)
  • (Intermediate – if exists)
  • (Root Cert)

Once you have all pre-requisites ready lets open up postman client and what you will need to do is prepare the authentication portion of your postman to authenticate successfully to the NSX Managers. Once you will then you can start getting the API calls ready.

First lets validate the certificate we imported –

  • GET https://<nsx-mgr>/api/v1/trust-management/certificates/<cert-id>?action=validate
https://nsx01a.prd.virtualbytes.io/api/v1/trust-management/certificates/6d78f17d-f58c-4c27-99fd-31b572dfb1e8?action=validate

Once, you see Status OK then proceed to the next step below.

POST https://<FQDN>/api/v1/trust-management/certificates/<cert-id>?action=apply_certificate&service_type=API&node_id=<node-id>

https://nsx01a.prd.virtualbytes.io/api/v1/trust-management/certificates/6d78f17d-f58c-4c27-99fd-31b572dfb1e8?action=apply_certificate&service_type=API&node_id=7cbf2942-086e-9316-b277-95beed9d91b1

Repeat the follow for the additional NSX Managers – Below you can grab the UUID from System – Appliances – UUID (Copy to Clipboard)

https://nsx01.prd.virtualbytes.io/api/v1/trust-management/certificates/6d78f17d-f58c-4c27-99fd-31b572dfb1e8?action=apply_certificate&service_type=MGMT_CLUSTER

There we go, the VIP of my NSX cluster has a enterprise CA signed certificate!

2 comments 2K views
1 FacebookTwitterLinkedinEmail
CloudNetworkingVMware NSX

Deploying VMware NSX Advanced Load Balancer

by Tommy Grot
written by Tommy Grot 2 minutes read

Today’s topic is on VMware NSX Advanced Load Balancer (AVI). We will walk through the steps of deploying a NSX ALB overlayed on top of your NSX Environment.

Features

  • Multi-Cloud Consistency – Simplify administration with centralized policies and operational consistency
  • Pervasive Analytics – Gain unprecedented insights with application performance monitoring and security
  • Full Lifecycle Automation – Free teams from manual tasks with application delivery automation
  • Future Proof – Extend application services seamlessly to cloud-native and containerized applications

More information at VMware’s site here

What You Will Need:

  • A Configured and running NSX Environment
  • NSX ALB Controller OVA (controller-22.1.3-9096.ova)
  • Supported Avi controller versions: 20.1.7, 21.1.2 or later versions
  • Obtain IP addresses needed to install an appliance:
    • Virtual IP of NSX Advanced Load Balancer appliance cluster
    • Management IP address
    • Management gateway IP address
    • DNS server IP address
  • Cluster VIP and all controllers management network must be in same subnet.

Lets start with deploying controller OVF

I like to keep neat and consistent names the following names I utilized:

Virtual Machine Names:
  • nsx-alb-01
  • nsx-alb-02
  • nsx-alb-03

You need total of 3 Controllers deployed to create a High Available NSX ALB.

Click the Ignore All, or you will get this error as show below

Select your datastore ->

Click Next ->

My DNS Records:

  • nsx-alb-01.virtualbytes.io
  • nsx-alb-02.virtualbytes.io
  • nsx-alb-03.virtualbytes.io

We are deploying!

Access your first appliance via its FQDN that you have set in the steps above.

Create your password for local admin account

Create your passphrase, and your DNS resolvers, and DNS Search Domains.

Skip SMTP if not needed, but if you need a mail server please fill out your required SMTP IP and Port

  • Service Engines are managed within the tenant context, not shared across tenants to enable the Tenant Context Mode.
  • Service Engines are managed within the provider context, shared across tenants to enable the Provider Context Mode.

That is it for the initial deployment, next we will add our other 2 additional NSX ALB nodes for HA setup.

Go to Administration -> Controller -> Nodes

Click Edit ->

For your 2 additional NSX ALB nodes you will need to provide an IP Address and hostname and password.

Sample of what it should look like for all 3 ALB appliances

A simple topology of what we have deployed.

That is it! from now on you can configure for what use case you will NSX-ALB for. A next blog post will go through how to step up a NSX-T Cloud.

Licensing Flavors – If you click on the little cog icon next to the Licensing. You will see different tiers.

Different License Tiers that are apart of NSX-ALB Licensing model.

0 comments 2.6K views
0 FacebookTwitterLinkedinEmail
Cloud

Load Balancing VMware Cloud Director 10.4.x Cells with NSX ALB (AVI)

by Tommy Grot
written by Tommy Grot 2 minutes read

Topic of the Day – Load Balancing VMware Cloud Director 10.4.x multi cell deployment. For this deployment I am using 3 VCD Cells, they consist of Small Size ( 2vCPU and 12GB, these are not recommended specifications for a production appliance – Per VMware.)

This walkthrough will show you how to load balancer the appliances only, we are not integrating NSX ALB into VMware Cloud Director for Tenants to consume, stay tuned for a future walkthrough for VCD and NSX ALB Integration!

What you will need:

  • Multiple VCD Appliances
  • Certificate with multiple SANs ( I used my wildcard cert)
  • Certificates and Public Addresses configured already on all VCD Appliances
  • 4 DNS A Records, 1 A Record Pointing to VIP IP address of ALB VS Pool, 3 A Records for individual appliances

More information on VMware Cloud Director 10.4.1 Certificate Implementation here

Lets login to NSX ALB, Go to Virtual Services and top right click on “Create Virtual Service”

-> Advanced Setup

Select your NSX Cloud which we will deploy the VIP pool

Select VRF Context, which for my deployment I am used my t1-edge-01-m01-gw, which is my Tier 1 Router attached to my primary Tier-0.

Next we will configured Virtual Service VIP for our Service Engine for ALB.

Attach the VsVIP to your Tier 1 Logical Router

Add a Virtual IP that is free from within your VIP Pool that is pre-allocated manually or can be via IPAM Dynamically. For my implementation I am setting the IP address statically.

Click Save -> Then it will take us back to the main page where we are deploying the Virtual Service

Next step we will set the Profile of our Virtual Service to the following

  • System-TCP-Proxy
  • System-L4-Application


(Side topic, VMware Cloud Director works better with a Layer 4 Load Balancer, there are issues that occur if a Layer 7 HTTP load balancer is utilized)

Now that our Profile is set, next we will create our Pool. I named my “VMware-Cloud-Director-Appliances-Pool”

The Following Settings that should be set are:

  • Default Server Port: 443
  • Least Connections (can use other Algorithms based on your needs)
  • Tier1 Logical Router – t1-edge01-m01-gw (this is my Tier1)
  • Servers – Created IP Address Group
  • Health Monitor
  • SSL – System-Standard, (Service Edge Client Certificate)

  1. Any other settings will depend on your implementation

Once all settings have been configured, now we will hit save and proceed to the last page “Advanced”

Ensure to select your Service Engine Group, or ALB will deploy it on the default group and might cause issues.

After you have the AVI Service Engine deploying, now you can go to VCD, and setup Public Addresses – Pre reqs are that you need to have VCD SSL CA Signed or Self Signed already configured and just need to enabled Public Addresses for the Web Portal and API.

That’s it! Very simple implementation to utilize VMware NSX Advanced Load Balancer and Load Balance VMware Cloud Director Appliances!

0 comments 2.5K views
1 FacebookTwitterLinkedinEmail