Tag:

security

Events

Who’s Excited for VMware Explore 2023!?

by Tommy Grot
written by Tommy Grot 3 minutes read

Are you ready to explore the future of multi cloud technology? If so, you won’t want to miss VMware Explore 2023 in Las Vegas!

This year’s conference promises to be the most exciting yet, showcasing the latest and greatest innovations in the world of virtualization, cloud computing, and digital transformation. From cutting-edge demos to inspiring keynotes and general session, you’ll have the opportunity to learn from the brightest minds in the industry and network with fellow tech enthusiasts. Whether you’re a seasoned IT pro or just getting started in your career, this conference is the perfect opportunity to deepen your knowledge, expand your horizons, and have some fun along the way. So mark your calendars, book your tickets here, and get ready to explore the future of tech!

How VMware Explore has helped my career?

VMware Explore 2022 was a blast, with experiencing and hearing and seeing all the new features and solutions VMware offers it has helped my career path and skillset in many ways:

1. Broadened knowledge of VMware products: VMware explore provides cloud engineers with an opportunity to learn about different VMware product offerings and how they can be implemented for various cloud environments.

2. Certifications: VMware explore offers certifications that help cloud engineers to validate their expertise in different areas. These certifications are highly valued in the IT industry and can open up opportunities for career advancement. At VMware Explore VMware Education is on site, which I have utilized the half off discounts at VMware Explore to take an exam!

3. Network with IT professionals: VMware explore provides a platform for cloud engineers to network with other IT professionals, share experiences, and exchange ideas. This networking can lead to new job opportunities and other professional engagements.

4. Hands-on experience: VMware explore provides cloud engineers with hands-on experience in different VMware products and how they can be used in different cloud environments with the state of the art VMware Hands on Labs! This experience is valuable as it can be applied in real-world scenarios and is highly valued by employers.

5. Professional growth: The knowledge and skills gained from VMware explore can help cloud engineers to grow professionally and take on new challenges in their careers. This growth can lead to higher salaries, promotions, and new job opportunities.

What Sessions am I most exited to attend?

  • Elevate Your Application Modernization Journey with a Developer-Ready Cloud [CEIB2614LV] by Stephen Evanchik
  • VMware Cloud Foundation Architecture Lessons Learned [CSXM1510LV] by
    Jonathan McDonald
  • What Minecraft Has Taught Me About Building VM Templates With Automation [VMTN2813LV] by Sean Massey

What was your best Explore story?

At VMware Explore 2022, the first day started with a keynote session where industry experts shared their insights on emerging technologies, and the future of enterprise IT and multi-cloud. After that, everyone went and explored and attended their own sessions, but I had an awesome opportunity to participate in meetings with different business units, such as Cloud Director/VCPP, vRealize (Aria), AVI Vantage (NSX ALB), Cloud Foundation (VCF) and it was an enriching experience to collaborate with Vice Presidents, R&D Managers/Engineers, Architects and show case what I have deployed and architected.

In conclusion, the VMware Explore event was an enriching experience, and I was excited that I got to participate in different business units meetings. I gained a broader understanding of how the company operates, and the role of each team in delivering value to customers. I left VMware Explore feeling more enlightened and empowered, ready to tackle any challenge in the business world.

VMware Explore – Las Vegas Links

0 comments 541 views
1 FacebookTwitterLinkedinEmail
Cloud

VMware Cloud Director 10.4.X & Terraform Automation Part 2

by Tommy Grot
written by Tommy Grot 6 minutes read

Tonight’s multi-post is about VMware Cloud Director 10.4.x and Terraform!

With Terraform there are endless possibilities, creating a virtual data center and being able to tailor to your liking and keeping it in an automated deployment. In this multi-part blog post we will get into VCD and Terraform Infrastructure as Code automation. If you would like to see what we did in Part 1, here is the previous post – VMware Cloud Director 10.4.X & Terraform Automation Part 1

What You will Need:

  • A Linux VM to execute Terraform from
  • Latest Terraform Provider (I am using beta 3.9.0-beta.2 )
  • Gitlab / Code Repo (Optional to store your code)
  • VMware Cloud Director with NSX-T Integrated already
  • Local Account with Provider Permissions on VCD (mine is terraform)

Lets Begin!

First part we will add on to our existing Terraform automation which we have continued in Part 1 of this multi-part blog. Below is the provider information for reference.

terraform {
  required_providers {
    vcd = {
      source  = "vmware/vcd"
      version = "3.9.0-beta.2"
    }
  }
}

provider "vcd" {
  url                  = "https://cloud.virtualbytes.io/api"
  org                  = "system"
  user                 = "terraform"
  password             = "VMware1!"
  auth_type            = "integrated"
  max_retry_timeout    = 60
  allow_unverified_ssl = true
}

Next, we will add Data Center Groups to our terraform template, what we are doing here is Creating the virtual data center group to span multiple organizations, if need be, but for this demonstration – I am using a DCG for Distributed Firewall purposes.

#### Create VDC Org Group 

resource "vcd_vdc_group" "demo-vdc-group" {
  depends_on = [vcd_org_vdc.demo-org-10]
  org                   = "demo-org-10"
  name                  = "demo-vdc-group"
  description           = "Demo Data Center Group"
  starting_vdc_id       = vcd_org_vdc.demo-org-10.id
  participating_vdc_ids = [vcd_org_vdc.demo-org-10.id]
  dfw_enabled           = true
  default_policy_status = true
}

The next code snippet – here we will set and configure the Data Center Group firewall from an Internal to Internal and Drop to Any to Any and Allow. Configuration where by default it keeps Internal DFW rule.

##### DFW VDC Group to Any-Any-Allow
resource "vcd_nsxt_distributed_firewall" "lab-03-pro-dfw" {
  depends_on = [vcd_org_vdc.demo-org-10]
  org = "demo-org-10"
  vdc_group_id = vcd_vdc_group.demo-vdc-group.id
  rule {
    name        = "Default_VdcGroup_demo-vdc-group"
    direction   = "IN_OUT"
    ip_protocol = "IPV4"
    source_ids = [vcd_nsxt_security_group.static_group_1.id]
    destination_ids = []
    action      = "ALLOW"
  }
}

If you are wanting to create multiple rules within a Distributed Firewall, here below I will show some examples – This will not be a part of the code implementation.

##### Sample DFW Rule Creation
resource "vcd_nsxt_distributed_firewall" "lab-03-pro-dfw-1" {
  depends_on = [vcd_org_vdc.demo-org-10]
  org = "demo-org-10"
  vdc_group_id = vcd_vdc_group.demo-vdc-group.id
  rule {
    name        = "rule-1" # Here you will create your name for the specific firewall rule
    direction   = "IN_OUT" # One of IN, OUT, or IN_OUT. (default IN_OUT)
    ip_protocol = "IPV4"
    source_ids = []
    destination_ids = []
    action      = "ALLOW"
  }
}

Some more detailed information from Terraform site –

Each Firewall Rule contains following attributes:

  • name – (Required) Explanatory name for firewall rule (uniqueness not enforced)
  • comment – (Optional; VCD 10.3.2+) Comment field shown in UI
  • description – (Optional) Description of firewall rule (not shown in UI)
  • direction – (Optional) One of INOUT, or IN_OUT. (default IN_OUT)
  • ip_protocol – (Optional) One of IPV4IPV6, or IPV4_IPV6 (default IPV4_IPV6)
  • action – (Required) Defines if it should ALLOWDROPREJECT traffic. REJECT is only supported in VCD 10.2.2+
  • enabled – (Optional) Defines if the rule is enabled (default true)
  • logging – (Optional) Defines if logging for this rule is enabled (default false)
  • source_ids – (Optional) A set of source object Firewall Groups (IP Sets or Security groups). Leaving it empty matches Any (all)
  • destination_ids – (Optional) A set of source object Firewall Groups (IP Sets or Security groups). Leaving it empty matches Any (all)
  • app_port_profile_ids – (Optional) An optional set of Application Port Profiles.
  • network_context_profile_ids – (Optional) An optional set of Network Context Profiles. Can be looked up using vcd_nsxt_network_context_profile data source.
  • source_groups_excluded – (Optional; VCD 10.3.2+) – reverses value of source_ids for the rule to match everything except specified IDs.
  • destination_groups_excluded – (Optional; VCD 10.3.2+) – reverses value of destination_ids for the rule to match everything except specified IDs.

Now that we have established firewall rules within our template, next you can IP Sets which are kind of a Group that you can use for ACL’s and integrate them into a firewall and static groups etc!

#### Demo Org 10 IP sets
resource "vcd_nsxt_ip_set" "ipset-server-1" {
  org = "demo-org-10" # Optional

  edge_gateway_id = vcd_nsxt_edgegateway.lab-03-pro-gw-01.id

  name        = "first-ip-set"
  description = "IP Set containing IPv4 address for a server"

  ip_addresses = [
    "10.10.10.50",
  ]
}

Static Groups are another great way to assign networks and members. For this example, my Static Group consists of my domain network segment and with this I can utilize the group into firewall rules.

#### Create Static Group
resource "vcd_nsxt_security_group" "static_group_1" {
  org = "demo-org-10"
  edge_gateway_id = vcd_nsxt_edgegateway.lab-03-pro-gw-01.id

  name        = "domain-network"
  description = "Security Group containing domain network"

  member_org_network_ids = [vcd_network_routed_v2.nsxt-backed-2.id]
}

###########################################################
An example of how to use a Static Group within a firewall rule.
  rule {
    name        = "domain-network" ## firewall rule name
    action      = "ALLOW" 
    direction   = "IN_OUT"
    ip_protocol = "IPV4"
    source_ids = [vcd_nsxt_security_group.sg-domain-network.id]
    destination_ids = [vcd_nsxt_security_group.sg-domain-network.id]
    logging   = true
  }

That is it for the automation for Part 2 of VMware Cloud Director! Stay Tuned for more automation!

0 comments 1.3K views
0 FacebookTwitterLinkedinEmail