WilliamLam.com

Configuring TLS Cipher Suites in ESXi 8.0 Update 1

by // 1 Comment

For organizations that mandate specific TLS cipher suites for compliance purposes, you may have used the instructions outlined in this VMware KB 79476 to modify the ESXi Reverse Proxy Configuration File to select the desired supported TLS cipher suites prior to ESXi 8.0 Update 1.

As of ESXi 8.0 Update 1, all configurations including configuration files have been migrated to the new ESXi Configuration Store, which was initially introduced back in vSphere 7.0 Update 1 and you can learn more about it HERE and HERE. Additionally, I recently came to learn from one of our customers, who had inquired about changing the TLS cipher suites for ESXi that as of vSphere 8.0 Update 1, ESXi now runs two reverse proxy: rhttpproxy and Envoy with port 443 now being owned by the Envoy service, which is a popular and lightweight solution for reverse proxy usage.

The implication of this change is that modifying the TLS cipher suites for ESXi as of 8.0 Update 1 now requires the use of the ESXi Configuration Store and with Envoy as the reverse proxy, it is helpful to understand the types of TLS cipher suites that can be supported will be based on Google's BoringSSL TLS implementation, which Envoy itself consumes.

[Read more...]

Building custom Tanzu Kubernetes Releases (TKR) for vSphere with Tanzu

by // 1 Comment

Right before going on PTO, I caught this really interesting tweet from my buddy Robert Guske that we now support building your own custom Tanzu Kubernetes Releases (TKR), the Kubernetes software distributions that is signed and supported by VMware, which is typically provided by VMware through the online TKR Content Library.

While there are already a number of existing customizations that can be applied when deploying a Tanzu Kubernetes Workload Cluster (TKC), there may still be certain VM configurations that you would like to add, which is simply not possible today. In some of the customer requests, it can be as simple as changing the default size of the primary disk for a TKR, which is statically configured today as 20GB.

With this and many other use cases, it is nice to see that we now finally provide customers with a supported method to build their own custom TKR that might include additional customizations that is required by their organization for use with vSphere with Tanzu.

I recently got a chance to play with the new vSphere Tanzu Kubernetes Grid Image Builder tool, which is also an open source project from VMware and leverages the existing Kubernetes Image Builder, which I have also used before (see this blog post HERE for more details). While getting started, it took me a few tries but I eventually got it working after speaking with the Developers as I ran into a few issues.

[Read more...]

VMware Cloud (VMC) Console Inventory with various vSphere "Linked Modes"

by // 1 Comment

While I have covered a number of popular topics across our vSphere+, vSAN+ and VCF+ Cloud Service in my recent 7-part blog series, which I definitely recommend folks check out first, direct links below:

One reoccurring theme that has come up and for good reasons is what users would see in the VMware Cloud (VMC) Console as it pertains to the different types of vSphere-based deployments from vSphere+, VCF+ and VMware Cloud on AWS (VMC-A), especially when incorporating the different "Linked Mode" configurations that are supported today?

[Read more...]