WilliamLam.com

Clarifying Minimum Required ESX Hosts for VCF Deployments

by // Leave a Comment

The VMware Cloud Foundation (VCF) 9.x Installer includes a built-in resource calculator that automatically determines the required compute and storage resources, along with the estimated number of ESX hosts needed to support the selected deployment configuration.


Understanding the compute and storage requirements is fairly straightforward, but the minimum number of ESX hosts required for a deployment is not always as clear, especially when factoring in the different supported principal storage types (vSAN, NFS and VMFS on Fibre Channel).

[Read more...]

VCF 9.1 - Auditing VCF Management Services (VCFMS) IP Pool Usage 

by // Leave a Comment

As part of deploying the new VCF Management Services (VCFMS) component, a pool of IP addresses is provided to support the automatic deployment and scale-out of additional worker nodes for Day-N services such as Log Management and Real-time Metrics. In addition, these IP addresses are also reserved for lifecycle operations such as node recovery, rolling upgrades and scaling out additional service replicas, all of which may require additional IP capacity.


While you can view the current IP allocations by logging into VCF Operations and navigating to Build->Lifecycle->VCF Management and selecting the VCF Services Runtime component (VCFMS), there is currently no high-level view showing how many IP addresses have been consumed relative to the configured IP address pool(s). This can make capacity planning difficult and leave users unsure when additional IP pools may need to be added.

With the help of the VCF Fleet LCM APIs, we can easily audit the IP usage for a given VCFMS deployment and generate a more friendly report

[Read more...]

VCF 9.1 - Auditing vCenter Server Connections using the Connection Utilization API

by // Leave a Comment

vCenter Server has had the ability to audit vSphere logins, whether through the API or UI, for nearly two decades using vSphere Events, which provide detailed information on who connected, when the login occurred and the client IP address associated with the session.

While looking up something in the latest vSphere 9.1 Automation REST API, I came across a new Connection Utilization API that provides visibility into all HTTP and HTTPS connections established with vCenter Server.

While most organizations deploy vCenter Server on a dedicated management network as a best practice, it does not eliminate the possibility of unexpected or unauthorized connections. Having additional visibility into those connections and the ability to audit them can help organizations quickly identify and investigate suspicious activity.

[Read more...]