Search Results for: configstore cli

First look at Project Keswick

08.28.2023 by William Lam // 2 Comments

VMware Edge Cloud Orchestrator (VECO) was announced at VMware Explore US last week and one of the components that it is built on is using something called Project Keswick.

@alanrenouf and Elliot now on stage to talk about Project Keswick which VECO is built on #VMwareExplore pic.twitter.com/v9r29qDLIX

— William Lam (@lamw.bsky.social | @*protected email*) (@lamw) August 23, 2023

In fact, at VMware Explore, Project Keswick was officially launched and is now available for customers to try out! I was fortunate enough to attend the Project Keswick technical deep dive session in person, but if you were not able to make the session or you were not at VMware Explore, the session recording is already available online for free to watch #VIB2169LV Scaling and Deploying ESXi at the Edge with Desired State Management and GitOps.

[Read more...]

Changing the default HTTP(s) Reverse Proxy Ports on ESXi 8.0 Update 1

07.31.2023 by William Lam // 6 Comments

Pre-ESXi 8.0 Update 1, if you needed to modify the default ESXi HTTP(s) Reverse Proxy Ports, you would simply edit the HTTP reverse proxy configuration file, which I have previously blogged about HERE (pre-ESXi 8.0) and HERE (ESXi 8.0).

For ESXi 8.0 Update 1, the process is slightly diffrent as all ESXi configurations including configuration files have been completely migrated to the new ESXi Configuration Store, which was initially introduced back in vSphere 7.0 Update 1, which you can learn more about it HERE and HERE.

While most users stick with the system defaults with port 80 (HTTP) and port 443 (HTTPS), I know there are some organizations that require these ports to be changed to meet certain internal compliance requirements. Below are the updated instructions for modifying the ESXi HTTP(s) Reverse Proxy Ports when using ESXi 8.0 Update 1 or later.

Disclaimer: VMware does not officially support modifying the default HTTP/HTTPS ports on an ESXi host.

[Read more...]

Configuring TLS Cipher Suites in ESXi 8.0 Update 1

07.20.2023 by William Lam // 1 Comment

For organizations that mandate specific TLS cipher suites for compliance purposes, you may have used the instructions outlined in this VMware KB 79476 to modify the ESXi Reverse Proxy Configuration File to select the desired supported TLS cipher suites prior to ESXi 8.0 Update 1.

As of ESXi 8.0 Update 1, all configurations including configuration files have been migrated to the new ESXi Configuration Store, which was initially introduced back in vSphere 7.0 Update 1 and you can learn more about it HERE and HERE. Additionally, I recently came to learn from one of our customers, who had inquired about changing the TLS cipher suites for ESXi that as of vSphere 8.0 Update 1, ESXi now runs two reverse proxy: rhttpproxy and Envoy with port 443 now being owned by the Envoy service, which is a popular and lightweight solution for reverse proxy usage.

The implication of this change is that modifying the TLS cipher suites for ESXi as of 8.0 Update 1 now requires the use of the ESXi Configuration Store and with Envoy as the reverse proxy, it is helpful to understand the types of TLS cipher suites that can be supported will be based on Google's BoringSSL TLS implementation, which Envoy itself consumes.

[Read more...]