VMware Project Pacific – Making Kubernetes mainstream

This post was originally published on this site

Happy New Year!! Hopefully, everyone had a great end of year/end of decade party and are now scrolling through their inboxes. As far as new year resolutions go, I did a terrible job last year at keeping up with my blog. Publishing only a few blogs wasn’t great, so I want to fix that this … Continue reading VMware Project Pacific – Making Kubernetes mainstream

Documenting vRealize Orchestrator Code with JSDoc and Confluence

This post was originally published on this site

Recently I’ve been working on improving HobbitCloud’s DevOps practices, specifically around committing code to version control and documenting it. Once a developer checks code in, this should compile, and if successful be deployed to the test environment. Once here it will undergo automated testing before progressing to staging for unit and integration tests. A key … Continue reading Documenting vRealize Orchestrator Code with JSDoc and Confluence

vSphere APIs for I/O Filtering (VAIO)

This post was originally published on this site

VAIO is a Framework that enables third parties (Partners) to develop filters that run in ESXi and can intercept any IO requests from a guest operating system to a virtual disk. An IO will not be issued or committed to disk without being processed by IO Filters created by 3rd parties. Filters execute inside ESXi […]

The post vSphere APIs for I/O Filtering (VAIO) appeared first on VMarena.

VMware Radius – Stories at the Edge

This post was originally published on this site

VMware Radius has been around for a while but I still believe that there are a number of people out there that do not know that it exists.  Radius delivers news, insights, perspectives and thought leadership articles to everyone. It can be accessed here:  vmware.com/radius/ As an example of the types of article that are on there at the moment, […]

HCX Migration PowerCLI Scripts

This post was originally published on this site

So I have been spending more and more time working with HCX and the web interface for migrations is all well and good….but really when you are wanting to do bulk migrations you are really going to want to script it Now these scripts aren’t totally my own, I have butchered other peoples and amended them for my own use cases. The guys working at Global Migration Center (GMC) helped and they actually used William Lam scripts as a base point and a couple of other PSO engineers I work with added their bits too….so credit where credit is due 🙂 Script 1 Now with the above script, you have to put in: The HCX Enterprise Manager as the source The […]

The post HCX Migration PowerCLI Scripts appeared first on .

Функции Code Capture на платформе VMware vSphere в интерфейсе vSphere Client.

This post was originally published on this site

Не все администраторы виртуальной инфраструктуры VMware vSphere в курсе, что в этой платформе доступен удобный инструмент, который позволяет сгенерировать PowerCLI-сценарий из последовательности действий, которые выполняет администратор в интерфейсе vSphere Client.

Эта функция называется Code Capture, и появилась она весной прошлого года в обновлении платформы VMware vSphere 6.7 Update 2, о которой мы писали вот тут. Этот механизм VMware тестировала еще в далеком 2009 году, тогда он назывался Project Onyx.

Чтобы получить доступ к этой фиче, нужно в меню vSphere Client выбрать пункт Developer Center, где есть переключатель Enable Code Capture:

После того, как вы включите Code Capture, в верхнем тулбаре клиента появится красная кнопка записи:

Например, можно нажать на нее и, как показано на скриншоте выше, запустить клонирование виртуальной машины, а затем включить созданную ВМ.

После того, как вы запишете сессию, можно нажать кнопку Stop Recording, после чего будет сгенерирован PowerCLI-сценарий, с помощью которого можно автоматизировать развертывание новой машины:

Полученный скрипт можно скопировать или скачать для последующего его изменения уже в собственном редакторе. Надо отметить, что поскольку сценарий генерируется автоматически – он получается далеко не самым оптимальным с точки зрения структуры и времени работы. Поэтому если вы умеете разрабатывать сценарии на PowerCLI, то лучше делать их вручную с нуля. С другой стороны, не все действия в клиенте понятно, как автоматизировать, и какие командлеты использовать – поэтому Code Capture определенно может помочь подобрать нужные.

Если хочется сделать сценарий по-новой, то можно нажать кнопку “Clear and start another” – это удалит прошлый скрипт (не забудьте сохранить его, если он нужен) и начнет новую сессию записи.

Чтобы отключить функцию code capture для всех пользователей, нужно добавить строчку “codecapture.disabled=true” в файл конфигурации клиента vSphere Client (надо будет его перезапустить): /etc/vmware/vsphere-client/vsphere-client/webclient.properties.

NSX-T Installation Series: Step 8 – Create Transport Node Profile

This post was originally published on this site

Reading Time: 3 minutes The previous step, discussed “what is an Uplink Profile”, Compute Host’s networking design, Uplink Profile for Edge VM consideration and finally the step-by-step instructions to create one. This blog is the “Step 8” of the NSX-T Installation series, where we will discuss Transport Node Profiles, its considerations and step-by-step instructions

The post NSX-T Installation Series: Step 8 – Create Transport Node Profile appeared first on Virtualization Blogs – Primarily focusing on VMware NSX.

Creating an internal PowerShell module repository

This post was originally published on this site

I was at client location and online Microsoft PSGallery was blocked as per company security policy, They wanted to only allow to use local respository which will only have tested and verified PowerShell modules. For this we suggested to configure a solution local PowerShell repository. In the Microsoft Powershell there is a option to configure local central PSGallery for better collaboration and security. Once the automation team writes new PS modules or download/review the modules from online PSGallery and keep on local repo, Basically plan was Powershell designer will write code and host on local repository for Ops team/Administrators use.

Check other articles
Get-PSRepository WARNING Unable to find module repositories
Invoke-WebRequest : The underlying connection was closed: An unexpected error occurred on a send

Download this script here or from github.com/kunaludapi.


#Create PowerShell repository folder on server
$localPath = 'C:OnPremRepo' 
New-Item -Path $localPath -ItemType Directory

#Share Powershell repository folder with everyone
$smbShareParam = @{
	Name = 'OnPremRepo'
	Path = $localPath
	Description = 'In House PS Repository'
	FullAccess = 'Everyone'
New-SmbShare @smbShareParam


#Create PowerShell repository and configure it as trusted repo
Get-NetIPAddress | Where-Object {$_.AddressFamily -eq 'IPv4'} | Select-Object IPAddress
#Check which PSRepositories are configured

$remotePath = ''
$localPsRepoParam = @{
	Name = 'OnPremRepo'
	SourceLocation = $remotePath
	PublishLocation = $remotePath
	InstallationPolicy = 'Trusted'
Register-PSRepository @localPsRepoParam

#Check again which PSRepositories are configured

#Create a OSInfo module folder 
New-Item C:OSInfo -ItemType Directory

#Create a very simple module
$moduleCode = @"
Function Get-OsInfo
	Get-CimInstance -ClassName win32_OperatingSystem | Select CSName, Caption, Version, OSArchitecture
Set-Alias OSInfo Get-OsInfo
$moduleCode | Out-File C:OSInfoOSInfo.psm1

#Load and test the OSInfo module
Import-Module -Name C:OSInfo

#Run module cmdlets

#Create a powershell module manifest for OSInfo Module
$moduleMetaDataParam = @{
	Path = 'C:OSInfoOSInfo.psd1'
	RootModule = 'OSInfo.psm1'
	Description = 'CIM operating system information module'
	Author = 'kunaludapi@gmail.com'
	FunctionsToExport = 'Get-OsInfo'
    CompanyName = 'vcloud-lab.com'
New-ModuleManifest @moduleMetaDataParam

#Check whats on OnPremRepo powershell repository
Find-Module -Repository OnPremRepo

#Do web request over TLS1.2 and Publish Module on local PSRepository
[Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls12
Publish-Module -Path C:OSInfo -Repository OnPremRepo -Force

#Look at what is in the C:OnPremRepo folder
Get-ChildItem -Path C:OnPremRepo

#View the result of OnPremRepo
Find-Module -Repository OnPremRepo

#Install and test module from local OnPremRepo
Install-Module -Name OSInfo -Repository OnPremRepo -Scope CurrentUser

Above script is split into 2 phases, Both first and second phase can run on psserver, where it will be hosted modules centrally. Instead of below commands you can do the  same on gui by creating a shared folder with everyone providing full controls (You can assign strict privileges to only required users, for simple demo purpose I am using everyone). After running first phase script it created a new directory and assigning permissions verify, I made sure share path is accessible over network. 

Phase 1: Script lines 01 to 03: Create a new folder C:OnPremRepo
Phase 1: Script lines 06 to 12: Share folder C:OnPremRepo and provided full control access to everyone

Microsoft Powershell repository new-item itemtype directory path new-smbshare fullaccess everyone description path configure local remote powershell repo module scopename.png

I am running all the commands from psserver.

Phase 2: Script lines 01: On the psserver I will just grab the IPAddress, This is IP of share path and I will keep using it.
Phase 2: Script lines 04: Check the current list of registered PSrepositories, by default it will list online PSGallery with SourceLocation https://powershellgallery.com/api/v2.
Phase 2: Script lines 06 to 13: Register newly created local PSRepository.
Phase 2: Script lines 16: Reverify new local psrepository is added successful by fetching list

Powershell get-NetIPaddress where-object get-repository powershellgallary publishlocation installationpolicy sourcelocation setup configure powershell internal repository powershellget.png

If you are planning to run below commands for other team members system, You will need to execute command numbers from Phase 2: 1 to 13, I am still on psserver and using it to execute commands.

Phase 2: Script Line 19: I will create new PowerShell module for testing, for this new folder is required, module name must equals folder name.
Phase 2: Script Line 22 to 29: I am creating very basic small module function and saving text contents to module folder with same file name, and extension is .psm1
Phase 2: Script Line 32: Import the newly created module.
Phase 2: Script Line 35: Test Imported module by running cmdlet, All looks good.

microsoft windows powershell module psm1 new-item -itemtype directory function get-ciminstance -classname win32_operatingsystem select-object import-module local psrepository psgallary fileshare cmdlet.png

Phase 2: Script Line 38 to 46: Generate powershell module manifest, A module manifest is a PowerShell data file ( . psd1 ) that describes the contents of a module and determines how a module is processed.
Phase 2: Script Line 49: Modules are created but PSRepository is empty, verify the same using finding on local repo, it is empty as we haven’t published any modules yet.

microsoft windows Powershell automation location module manifest module functionstoexport new-modulemanifest find-module repository psd1 psm1 metadata module data file rootmodule parameters.png

Phase 2: Script Line 52 to 53: While publishing module on local repository I faced few issues and I have written separate article to resolve Invoke-WebRequest : The underlying connection was closed: An unexpected error occurred on a send, Publishing file to local repo may take some time based on module folder size. New nupkg package is created.
Phase 2: Script Line 56: You will see new file package generated on local repo with version no, filename extension is .nupkg.
Phase 2: Script Line 59: Try finding module from local PSRepository, it will show the result now.

Microsoft Powershell collobration tool psrepository local remote net.servicepointmanager securityprotocol get-childitem find-module net.securityprotocoltype tls12 nupkg cim operting system psgallery remote repo.png

So far all the above commands where successful executed on PSserver and output was good, now I will test repo from another computer.

Get-ChildItem -Path SharePathPSRepo: Check and verify if PSRepository share path is accessible over network
Phase 2: Script Line 6 to 13: Register the local repository on another computer.
Install-Module -Name ModuleName -Repository Localrepo -Scope CurrentUser : Test Installing the module to currently logged in users module folder, Additionally you can test cmdlets in the module,  to verify all is fine.

Microsoft Windows Powershell get-childitem remotepath publishlocation sourcelocation installationpolicy trusted register-PSrepository get-psrepository install-module -scope currentuser psgallery.png

Useful Articles
Different ways to bypass Powershell execution policy :.ps1 cannot be loaded because running scripts is disabled
Powershell Trick : Execute or run any file as a script file
Set Powershell execution policy with Group Policy
Powershell execution policy setting is overridden by a policy defined at a more specific scope

New Book – Zero Trust Networks with VMware NSX: Build Highly Secure Network Architectures for Your Data Centers

This post was originally published on this site

Secure your VMware infrastructure against distrusted networks using VMware NSX. This book shows you why current security firewall architecture cannot protect against new threats to your network and how to build a secure architecture for your data center.

Author Sreerjith Keeriyattil teaches you how micro-segmentation can be used to protect east-west traffic. Insight is provided into working with Service Composer and using NSX REST API to automate firewalls.

You will analyze flow and security threats to monitor firewalls using VMware Log and see how Packet Flow works with VMware NSX micro-segmentation. 

The information presented in Zero Trust Networks with VMware NSX allows you to study numerous attack scenarios and strategies to stop these attacks, and know-how VMware Air Watch can further improve your architecture.