WilliamLam.com

VUM UMDS Docker Container for vSphere 6.5

by // Leave a Comment

Early last week, I had published an article on how to automate the deployment of VUM's Update Manager Download Service (UMDS) in vSphere 6.5 for an Ubuntu 14.04 distribution. The interesting backstory to that script is that it started from a Docker Container that I had initially built for the VUM UMDS. I found that being able to quickly spin up UMDS instance using a Docker Container purely from a testing standpoint was much easier than needing to deploy a full VM, especially as I have Docker running on my desktop machines. Obviously, there are limitations with using a Docker Container, especially if you plan to use UMDS for a longer duration and need persistence. However, for quick lab purposes, it may just fit the bill and even with Docker Containers, you can use Docker Volumes to help persist the downloaded content.

You can find the Dockerfile and its respective scripts on my Github repo here: https://github.com/lamw/vum-umds-docker

Below are the instructions on how to use the VUM UMDS Docker Container.

[Read more...]

vCommunity "shorts" on their experiences w/the VCSA Migration

by // 2 Comments

The feedback from our customers on both the initial release of the vCenter Server Appliance (VCSA) Migration Tool (vSphere 6.0 Update 2m) as well as the updated version included in the release of vSphere 6.5 has just been absolutely fantastic! The feedback has not only been positive in terms of customers experience with using the Migration Tool to go from a Windows-based vCenter Server to the VCSA, but also with their experience with the VCSA itself which has come a long from when it was first released back with vSphere 5.0.

As with any customer feedback (good as well as the bad), I share this feedback directly with the Engineering/Product teams so that they know which areas customers have found useful and which areas we can still improve upon. One source of customer feedback which I see quite a bit of discussions on regarding the VCSA Migration Tool is on Twitter and being an active user myself, it is also makes it quite easy to collect and share this feedback internally. I even created the #migrate2vcsa hashtags a few years back to make it easy for customers to provide feedback for all things related to the VCSA Migration.

Most recently, I was looking for a better way to share as well as aggregate some of the feedback from Twitter regarding the VCSA Migration Tool. Instead of manually tracking individual tweet links via an email or document, I wanted to anyone to be able to get a quick glance at the overall feedback. I started to look around and came across an interesting SaaS solution called Storify which allows you to tell "stories" by using content from various Social Media sources such as blog posts, Youtube or Twitter for example.

[Read more...]

KMIP Server Docker Container for evaluating VM Encryption in vSphere 6.5

by // 10 Comments

There are a number of vSphere Security enhancements that were introduced in vSphere 6.5 including the much anticipated VM Encryption feature. To be able to use the new VM Encryption feature, you will need to first setup a Key Management Interoperability Protocol (KMIP) Server if you do not already have one and associate it with your vCenter Server. There are plenty of 3rd party vendors who provide KMIP solutions that interoperate with the new VM Encryption feature, but it usually can take some time to get access to product evaluations.

During the vSphere Beta, VMware had provided a sample KMIP Server Virtual Appliance based on PyKMIP, which allowed customers to quickly try out the new VM Encryption feature. Many of you have expressed interest in getting access to this appliance for quick evaluational purposes and the team is currently working on providing an updated version of the appliance for customers to access. In the mean time, for those who can not wait for the appliance or would like an alternative way of quickly standing up a sample KMIP Server, I have created a tiny (163 MB) Docker Container which can be easily spun up to provide the KMIP services. I haver published the Docker Container on Docker Hub at lamw/vmwkmip. The beauty of the Docker Container is you do not need to deploy another VM and for resource constrained lab environments or quick demo purposes, you could even run it directly on the vCenter Server Appliance (VCSA) as shown here, obviously not recommended for production use.

The Docker Container bundles the exact same version of PyKMIP that will be included in the virtual appliance, this is just another consumption mechanism. It is also very important to note that you should NOT be using this for any production workloads or any VMs that you care about. For actual production deployments of VM Encryption, you should be leveraging a production grade KMIP Server as PyKMIP stores the encryption keys in memory and will be lost upon a restart. This will also be true even for the virtual appliance, so this is really for quick evaluational purposes.

UPDATE (10/08/22) - The KMIP Docker Container is now available for both x86 and Arm platforms. Simply run docker pull lamw/vmwkmip and the correct architecture will automatically be downloaded.

Note: The version of PyKMIP is a modified version and VMware plans to re-contribute their changes back to the PyKMIP open-source project so others can also benefit.

Below are the instructions on using the KMIP Server Docker Container and how to configure it with your vCenter Server. I will assume you have worked with Docker before, if you have not, please have a look at Docker online resources before continue further or wait for the virtual appliance to be posted.

[Read more...]