WilliamLam.com

Easily try out vSAN 6.6 Encryption feature using KMIP Docker Container

by // 4 Comments

One of biggest feature introduced in the upcoming vSAN 6.6 release is the native vSAN Data-at-Rest Encryption capability. My good friend Duncan Epping even posted a video recently demo'ing the feature and showing how easy it is to enable with just a couple of clicks. Just like VM Encryption which was introduced in vSphere 6.5, vSAN Encryption also requires a Key Management Interoperability Protocol (KMIP) Server which needs to be associated with your vCenter Server.

The really nice thing about this is that because both VM Encryption and vSAN Encryption uses the exact same encryption library, as long as you have a supported KMS (which you can find over on the VMware KMS HCL here, more are being certified and added), you can actually leverage the same KMS for both types of encryption across different vSphere Clusters with different requirements. For the ultra paranoid, you could even "double" encrypt by running Encrypted VMs on top of a vSAN Encrypted Datastore 😉

As with any feature that relies on 3rd party tools, it can take some time to acquire evaluational licenses. For those of you who would like to try out either vSAN or VM Encryption from a functional standpoint, you can quickly get started in under a few minutes by using the KMIP Docker Container that I had built last year. This is a great way to familiarize yourself with the workflow or even try out some of the new vSphere and vSAN APIs if you plan to automate the KMIP configuration or even deployment of encrypted VMs. Another great use case for this is doing live demos and all you need is just a couple of Nested ESXi VMs and a Docker Container Host like Photon OS or even just your laptop for example. Below are the instructions on how to get started.

Disclaimer: It is also very important to note that you should NOT be using this for any production workloads or any VMs that you care about. For actual production deployments of VM Encryption or vSAN Encryption, you should be leveraging a production grade KMIP Server as PyKMIP stores the encryption keys in memory and will be lost upon a restart. This will also be true even for the virtual appliance, so this is really for quick evaluational purposes, do NOT run anything important that you care about due to the risks mentioned earlier.

[Read more...]

Project USB to SDDC - Part 2

by // 1 Comment

In the previous article, I provided some background on the origin of the project. In this article, we will now focus on the technical details and how the solution actually works.

Hardware

This solution was originally developed against an Intel NUC but I had designed it to be generic so that it could run on any system which meets the minimum requirements which is just having two disks (HDD & SSD or two SSDs) which is used to create a vSAN datastore.

Here is the BOM for the Intel NUC that we had used:

During the Sydney VMUG, we had did a live demo using an Intel NUC. Prior to the Melbourne VMUG, fellow VMware colleague Tai Ratcliff reached out and offered to let us borrow his Supermicro kit for the demo which was great as the hardware was much beefier than the NUC. Thanks Tai!


I had already been hearing great things about E200-8D platform but I had not had the opportunity to get my hands on the system to play with. After only spending a little bit of time with the platform while prepping for the VMUG event, I can see why is a pretty slick system for a vSphere/vSAN based home lab, especially if you need to go beyond 32GB of memory which is where the Intel NUCs currently max out at.

The other appealing features for this platform is that it comes with 2x10GbE, 2x1GBe and an IPMI interface for remote management which is a huge benefit for not needing to connect an external monitor and keyboard. The system is also Xeon based w/6-Cores and can go all the way up to 128GB of memory. Tai had also recently published a blog article comparing the Supermicro E200-8D and the Intel NUC, which I think is worth a read if you are deciding between these two platforms.

Note: If you are considering purchasing the Supermicro E200-8D or any other system for that matter, check out this exclusive vGhetto discount here.

[Read more...]

Exclusive vGhetto discount on homelab hardware from MITXPC

by // 4 Comments

On a regular basis I already receive a number of inquires from both internal VMware folks as well as external partners and customers about VMware homelabs and the type of hardware that can be used. After demo'ing our recent USB to SDDC project, the requests have literally tripled! Most folks are generally inquiring BOM details and/or where to purchase the Intel NUC or the SuperMicro E200-8D.

In particular, the SuperMicro E200-8D has probably received the most amount of interest lately. In fact, I am also interested in one after having an opportunity to play with one during the Melbourne VMUG. One thing I had noticed while talking to several colleagues who have purchased this system both locally within the Bay Area as well as overseas such as Australia was that one particular reseller kept coming up over and over again. That vendor was MITXPC which is a local bay area company located over in Fremont which specializes in Mini-ITX systems.

The reason MITXPC was being used by the majority of these folks was simple, they had the best price for the SuperMicro E200-8D which was significantly cheaper than other vendors including Amazon.

Vendor Price
E200-8D on MITXPC $799 USD ($783.02 w/discount code)
E200-8D on Amazon $849 USD

Having heard good things about MITXPC, I decided to reach out to them and see if there was anything special they could do for the VMware Community. I was able to get a special discount code that would offer folks an additional 2% off their entire purchase at MITXPC. For those of you who have been holding off on a refresh your home lab or itching to build your own, this is a great time! If you would like to take advantage of this offer, simply use the discount code VIRTUALLYGHETTO2OFF when you check out. I would like to give a huge thanks to Eric Yui of MITXPC for working with me on this and helping out the VMware Community.

Disclaimer: I am not affiliated with MITXPC.