WilliamLam.com

Quick Tip - How to disable viewing of vSphere Tags?

by // 3 Comments

I just answered an interesting inquiry that came from our field on how to prevent users in vCenter Server from viewing vSphere Tags? The use case here is that the data contained in the vSphere Tags may not be something administrators want general users to be able to see, especially if they contain sensitive information, which hopefully folks are not using to store things like credentials or secrets.

If you navigate to the vSphere Roles, you will see a number of vSphere Tagging privileges, but there is nothing that covers the ability to remove read only access.


One very important thing to understand about the authorization of vSphere Tags is that it is NOT controlled by standard vSphere Permissions that you would assign in the vSphere Inventory but that it is controlled via vSphere Global Permissions, which are outside of the vSphere Inventory, which also includes vSphere Content Library and other vCenter Servers.

If you wish to disable the ability to view vSphere Tags for a VM while still maintaining basic read only view for VM, you need to ensure there is not a read only role assignment for your user under Global Permissions. You can check by navigating to vSphere UI under Administrator->Global Permissions. If the user that you are logging in with does not have a Read Only Global Permission, they will not see any of the vSphere Tagging information nor vSphere Content Library, which is another side affect.

vSphere Event-Driven Automation using Tanzu Application Platform (TAP) on Tanzu Kubernetes Grid Service

by // Leave a Comment

Right before the holiday, I had spent some time exploring Tanzu Application Platform (TAP), which also recently GA'ed. TAP provides developers with an application-aware platform that focuses on making the developer experience easy for developing, building and running applications on Kubernetes.


If you are interested in a quick technical deep dive into TAP, check out this video by Scott Sisil, introducing TAP:

One of the core components of TAP is the Cloud Native Runtime (CNR), which is VMware's commercial offering of the popular open source project Knative. The VMware Event Broker Appliance (VEBA) project also makes use of Knative as our backend to provide customers with an event-driven automation solution.

Early on in the VEBA project, we knew that we wanted to develop and innovate with the community in the open but we also understood there would be users who would want an officially supported offering that they can call or file support requests when needed. Early last year, Michael Gasch, the lead architect for VEBA started to port the code from the VMware Event Router, which is the heart of VEBA into CNR's Tanzu Sources for vSphere and start unifying the two code bases. The goal is to ensure that users of the open source project VEBA will also have a consistent user experience in terms of function deployment when using the commercial offering.

As shared back in Dec, I was able to successfully deploy TAP, CNR and Sources for vSphere all running on our Tanzu Kubernetes Grid Service which includes both our on-premises offering called vSphere with Tanzu and our managed service offering called VMware Cloud with Tanzu services. For those interested, you can find the instructions below on how to deploy and configure TAP to enable vSphere event-driven automation capabilities for your infrastructure.

[Read more...]

Application Transformer for VMware Tanzu is more than just an App Modernization Engine

by // Leave a Comment

Application Transformer for VMware Tanzu is an exciting solution that was launched last year as a Tech Preview, initially on VMware Cloud on AWS and shortly after for any vSphere environment. Application Transformer (App Transformer) is a continuous application modernization engine that enables organizations to easily assess all workloads running in a vSphere-based environment and provide a detailed application analysis including their topology and external dependencies, which can then be containerized by leveraging the App Transformer solution.

Note: If you are interested in deep diving into App Transformer and how it can help with your app modernization initiatives, check out my VMworld 2021 session recording MCL2290 - App Modernization Deep Dive with VMware Cloud on AWS and VMware Tanzu to learn more.


Although the primary use case for App Transformer is for application modernization, I quickly realized App Transformer can actually benefit our broader VMware customers.

Regardless if you are starting a Cloud Migration or App Modernization project, I do believe App Transformer can be an invaluable tool that can provide organizations with deep insights into their overall application portfolio to help make better and informed decisions when managing and supporting their VMware infrastructure. In addition to this visibility, the information from App Transformer can also empower our IT Admins, which I also believe can be a key enabler to their organizations App Modernization efforts.

[Read more...]