WilliamLam.com

Search Results for: content library

Easily try out vSAN 6.6 Encryption feature using KMIP Docker Container

by // 4 Comments

One of biggest feature introduced in the upcoming vSAN 6.6 release is the native vSAN Data-at-Rest Encryption capability. My good friend Duncan Epping even posted a video recently demo'ing the feature and showing how easy it is to enable with just a couple of clicks. Just like VM Encryption which was introduced in vSphere 6.5, vSAN Encryption also requires a Key Management Interoperability Protocol (KMIP) Server which needs to be associated with your vCenter Server.

The really nice thing about this is that because both VM Encryption and vSAN Encryption uses the exact same encryption library, as long as you have a supported KMS (which you can find over on the VMware KMS HCL here, more are being certified and added), you can actually leverage the same KMS for both types of encryption across different vSphere Clusters with different requirements. For the ultra paranoid, you could even "double" encrypt by running Encrypted VMs on top of a vSAN Encrypted Datastore 😉

As with any feature that relies on 3rd party tools, it can take some time to acquire evaluational licenses. For those of you who would like to try out either vSAN or VM Encryption from a functional standpoint, you can quickly get started in under a few minutes by using the KMIP Docker Container that I had built last year. This is a great way to familiarize yourself with the workflow or even try out some of the new vSphere and vSAN APIs if you plan to automate the KMIP configuration or even deployment of encrypted VMs. Another great use case for this is doing live demos and all you need is just a couple of Nested ESXi VMs and a Docker Container Host like Photon OS or even just your laptop for example. Below are the instructions on how to get started.

Disclaimer: It is also very important to note that you should NOT be using this for any production workloads or any VMs that you care about. For actual production deployments of VM Encryption or vSAN Encryption, you should be leveraging a production grade KMIP Server as PyKMIP stores the encryption keys in memory and will be lost upon a restart. This will also be true even for the virtual appliance, so this is really for quick evaluational purposes, do NOT run anything important that you care about due to the risks mentioned earlier.

[Read more...]

VMXNET3 driver now included in Mac OS X 10.11 (El Capitan)+

by // 15 Comments

Yesterday I received a pretty interesting comment from one of my Twitter followers @NTmatter who wrote:

This is a pretty neat find because currently today, the only network adapter that is functional with an Apple Mac OS X guest running on either VMware vSphere or Fusion is the e1000{e} driver. This update was definitely news to me and after sharing it internally to see if I could find some more details, it turns out this news also came as surprise to the folks internally. Darius, one of the Engineers who I frequently reach out to on Apple related topics did some digging and found out that Apple started to bundle this VMXNET3 driver starting with Mac OS X 10.11 (El Capitan) release. You can find the driver located in /System/Library/Extensions/IONetworkingFamily.kext/Contents/PlugIns/AppleVmxnet3Ethernet.kext

Disclaimer: Given that this VMXNET3 Mac OS X driver was not developed by VMware nor has it been tested by VMware, it currently would not be officially supported by VMware.

If you wish to try out the VMXNET3 driver, you will need to install Mac OS X 10.11 or newer on a VM running on vSphere or Fusion. By default, the only available network adapter type is e1000{e}. To add a VMXNET3 network adapter, you can either manually tweak the .VMX file or you can easily add it by using either the vSphere Web/C# Client or ESXi Embedded Host Client. Below are the instructions on configuring the VMXNET3 network adapter for your Mac OS X guests.

Step 1 - Remove the existing network adapter and then temporarily change the GuestOS type to "Other" (no need to save setting, just update it in VM reconfigure wizard) so that you will be allowed to add a VMXNET3 network adapter. Once you have added it to the VM reconfigure wizard, go ahead and toggle back the GuestOS type to Mac OS X 10.10 and then save the settings as shown in the screenshots below.

mac-os-x-el-capitan-10-11-vmxnet3-driver-0
mac-os-x-el-capitan-10-11-vmxnet3-driver-1
Step 2 - Open a terminal inside of the Mac OS X guest and run the following command to load the VMXNET3 driver:

sudo kextload /System/Library/Extensions/IONetworkingFamily.kext/Contents/PlugIns/AppleVmxnet3Ethernet.kext

Step 3 - You can verify that the VMXNET3 driver was successfully loaded by running the following command:

kextstat | grep -i vmxnet3

mac-os-x-el-capitan-10-11-vmxnet3-driver-2
Once the driver has been loaded, you should now have networking connectivity to your Mac OS X VM using the VMXNET3 network adapter. Below is a screenshot of the system info showing the VMXNET3 network adapter.

mac-os-x-el-capitan-10-11-vmxnet3-driver-3
In addition to having an optimized networking when using the VMXNET3 driver, the other benefit is being able to get a link speed of 10GbE which is something customers have been inquiring about when virtualizing Mac OS X guests. Below is a screenshot of the media link shown in this Mac OS X 10.11 guests.

mac-os-x-el-capitan-10-11-vmxnet3-driver-4
Although this a great development for Apple customers who uses VMware vSphere and Fusion, it also does raise an interesting question on whether Apple would be officially supporting this VMXNET3 driver going forward? If I do receive any more details on this, I will update the article. Until then, you can play with this new capability if you are running Mac OS X 10.11 or greater on VMware. Big thanks to Thomas for this great find and sharing it with the VMware Community!

VMware PowerCLI for Mac OS X, Linux & More? Yes, please!

by // 10 Comments

powercli_for_mac_osx_linux_1There were a several announcements at last weeks VMworld US Conference, but one of the most exciting piece of news in my opinion was from Alan Renouf, Product Manager for all things API/SDK/CLI at VMware. During Alan's What's New PowerCLI session, he announced that PowerCLI is finally coming to both Mac OS X as well as Linux! As you can imagine, the news was very well received from customers and partners. In fact, after I had tweeted the update here & here, I literally had folks pinging/IM'ing/DM'ing me non-stop about when they could get access 🙂

UPDATE (10/18/16) - PowerCLI Multi-Platform (MP) for Linux and Mac OS X has now been released as a VMware Fling. Please find the download here and provide any feedback in the comments section.

This exciting update was only possible with the help of our friends over at Microsoft who had recently open sourced both .NET Core & PowerShell. Once that news broke, Alan and the PowerCLI Engineering team have been working hard on porting over the existing PowerCLI code which uses the Windows .NET library over to the new .NET Core which is now open sourced. I have been very impressed at how fast the PowerCLI team have already made available many of the default cmdlets as well as the Get View cmdlet which exposes the entire functionality of the vSphere API.

Now, before you get too excited, this new version of PowerCLI is currently not available yet. As Alan mentioned in his session, we plan to release an early Tech Preview of PowerCLI for both Mac OS X and Linux as a VMware Fling shortly after VMworld. It is also very important to note that Microsoft PowerShell for Mac OS X & Linux which PowerCLI uses is just at an Alpha release milestone. There is still much work to do on both sides but I am really looking forward to enabling our customers with the choice of platform when it comes to consuming PowerCLI.

powercli_for_mac_osx_linux_2
A few of us have been quite fortunate to have been involved in the early development of this new version of PowerCLI. In fact, we even built a simple Docker Container for PowerCLI which will allow you to easily access PowerCLI from any system that can run Docker. Here is a quick screenshot of spinning up a PowerCLI Docker Container which will also be part of the Fling release.

powercli_for_mac_osx_linux_3
Lastly, we want customers to be able to quickly and securely set up a persistent PowerCLI environment in which they can use to manage and configure their VMware-based products that support PowerCLI. With that, we have also built a PowerShell package for Photon OS which is VMware's minimal Linux container host distribution. Not only is it free to download and use, but it literally takes a few seconds to install (tdnf -y install powershell) and even less time to boot up and import the PowerCLI module. This was literally done the week before VMworld by the Photon team and huge kudos for their support! As you can see, not only do we want to provide choice for our customers but also simplifying how you might consume PowerCLI whether its natively on Windows, Mac OS X, Linux, Docker Container or running on top of VMware Photon OS. I hope you are excited as I am and stay tuned for more details on the Fling release!

If you have any feedback or what you are most excited regarding this news, please leave a comment and I will make sure it makes it way back to our Product Manager.