WilliamLam.com

Changing the default behavior of the NSX-T Distributed Firewall (DFW) in VMC to Deny All

by // 3 Comments

In VMware Cloud on AWS (VMC), the default behavior of the NSX-T Distributed Firewall (DFW) is to currently allow all traffic between compute workloads even across different logical networks (Segments). Today, the default behavior is currently not configurable and is something the NSX team is looking into with a few update of the VMC Service.


Having said that, it is actually pretty straight forward to create a new Deny All policy that would achieve the same desired behavior of blocking all traffic by default. Since this topic has come up a few times, I figure it would be useful to share the quick fix and big thanks to Michael Kolos, one of our VMC Customer Success Engineers who shared the original tidbit with me.

[Read more...]

Quick Tip - Import OVF/OVA as VM Template using OVFTool 4.3 Update 1

by // 5 Comments

OVFTool is an extremely versatile command-line utility for importing and exporting Virtual Machines to and from the OVF/OVA format and it supports a number of VMware platforms including VMware Cloud on AWS (VMC), vSphere (vCenter Server and ESXi), Fusion, Workstation, Player and even vCloud Director (vCD).

An infrequent asks that I have seen from customers is the ability to deploy an OVF/OVA as a VM Template rather than just a Virtual Machine in a vSphere-based environment. OVFTool has had the ability to deploy to vAppTemplate for vCD-based environments, so it would make sense to also support vCenter Server VM Templates as well. Today, the workflow is a two-step process, deploy the OVF/OVA and then use the vSphere API to convert the VM to a VM Template.

With the latest OVFTool 4.3 Update 1 which was a minor release last year, we now have a new parameter called importAsTemplate which will allow customers to easily import an OVF/OVA directly into as a VM Template. Below is a quick sample using this new option and I am deploying to a VMC-based environment (see this article for requirements when using OVFTool with VMC)

ovftool.exe `
--acceptAllEulas `
--allowAllExtraConfig `
--name=PhotonOS-Template `
--datastore=WorkloadDatastore `
--net:None=sddc-cgw-network-1 `
--vmFolder=Templates `
--importAsTemplate `
C:\Users\william\Desktop\photon-hw13_uefi-3.0-49fd219.ova `
'vi://*protected email*@vcenter.sddc-a-b-c-d.vmwarevmc.com/SDDC-Datacenter/host/Cluster-1/Resources/Compute-ResourcePool/'

Once the upload has completed, we can take a look at our vSphere UI and see that our imported OVA been automatically been converted to a VM Template!

PowerShell for PhotonOS on Raspberry Pi 3

by // 4 Comments

Did you know VMware PhotonOS can also run on a Raspberry Pi (rPI) 3? I definitely did not until recently when I found out the latest 3.0 version also had an image for the rPI. This is great for anyone who is already familiar with PhotonOS and wish to run it in an even smaller form factor such as an rPI. There are definitely some interesting use cases for an rPI such as a tiny management host, troubleshooting tool for consultants or even a quick PowerShell/PowerCLI host that contains some basic tools and scripts which you can quickly access.

I was definitely interested in getting PowerShell and PowerCLI running on top PhotonOS on the rPI. Although you can already run PowerShell on an rPI using the Raspbian OS, the current distribution from Microsoft is actually only 32-Bit, which is a problem for PhotonOS as it is a 64-Bit OS. I was about to give up but while browsing the Microsoft PowerShell repo, I came across their upcoming PowerShell 6.2.0 (Preview) release which now looks to include a 64-Bit ARM build, which is exactly what I needed. For PowerCLI, although I was able to get the modules loaded, I was not able to connect to a vCenter Server or ESXi endpoint, you can find more details at the bottom of this post.

Below are the instructions for installing PhotonOS on the rPI and getting PowerShell setup:

Step 1 - Download and install the Etcher tool which will be used to flash our rPI

Step 2 - Download and install PhotonOS 3.0 RC rPI image using Etcher


Once PhotonOS has been installed, you can login (default credentials are root/changeme) and we now have PhotonOS running on our rPI!


Next we will install PowerShell as well as the latest PowerCLI modules.
[Read more...]