Docker – Page 2

Easily try out vSAN 6.6 Encryption feature using KMIP Docker Container

04.14.2017 by William Lam // 4 Comments

One of biggest feature introduced in the upcoming vSAN 6.6 release is the native vSAN Data-at-Rest Encryption capability. My good friend Duncan Epping even posted a video recently demo'ing the feature and showing how easy it is to enable with just a couple of clicks. Just like VM Encryption which was introduced in vSphere 6.5, vSAN Encryption also requires a Key Management Interoperability Protocol (KMIP) Server which needs to be associated with your vCenter Server.

The really nice thing about this is that because both VM Encryption and vSAN Encryption uses the exact same encryption library, as long as you have a supported KMS (which you can find over on the VMware KMS HCL here, more are being certified and added), you can actually leverage the same KMS for both types of encryption across different vSphere Clusters with different requirements. For the ultra paranoid, you could even "double" encrypt by running Encrypted VMs on top of a vSAN Encrypted Datastore 😉

As with any feature that relies on 3rd party tools, it can take some time to acquire evaluational licenses. For those of you who would like to try out either vSAN or VM Encryption from a functional standpoint, you can quickly get started in under a few minutes by using the KMIP Docker Container that I had built last year. This is a great way to familiarize yourself with the workflow or even try out some of the new vSphere and vSAN APIs if you plan to automate the KMIP configuration or even deployment of encrypted VMs. Another great use case for this is doing live demos and all you need is just a couple of Nested ESXi VMs and a Docker Container Host like Photon OS or even just your laptop for example. Below are the instructions on how to get started.

Disclaimer: It is also very important to note that you should NOT be using this for any production workloads or any VMs that you care about. For actual production deployments of VM Encryption or vSAN Encryption, you should be leveraging a production grade KMIP Server as PyKMIP stores the encryption keys in memory and will be lost upon a restart. This will also be true even for the virtual appliance, so this is really for quick evaluational purposes, do NOT run anything important that you care about due to the risks mentioned earlier.

[Read more...]

Project USB to SDDC - Part 2

04.13.2017 by William Lam // 1 Comment

In the previous article, I provided some background on the origin of the project. In this article, we will now focus on the technical details and how the solution actually works.

Hardware

This solution was originally developed against an Intel NUC but I had designed it to be generic so that it could run on any system which meets the minimum requirements which is just having two disks (HDD & SSD or two SSDs) which is used to create a vSAN datastore.

Here is the BOM for the Intel NUC that we had used:

1 x Intel NUC 6th Gen NUC6i3SYH (supports 2 drives: M.2 & 2.5)
2 x Crucial 16GB DDR4
1 x Samsung SM951 NVMe 128GB M.2 for "Caching" Tier
1 x Samsung 850 EVO 500GB 2.5 SATA3 for “Capacity” Tier

During the Sydney VMUG, we had did a live demo using an Intel NUC. Prior to the Melbourne VMUG, fellow VMware colleague Tai Ratcliff reached out and offered to let us borrow his Supermicro kit for the demo which was great as the hardware was much beefier than the NUC. Thanks Tai!

I had already been hearing great things about E200-8D platform but I had not had the opportunity to get my hands on the system to play with. After only spending a little bit of time with the platform while prepping for the VMUG event, I can see why is a pretty slick system for a vSphere/vSAN based home lab, especially if you need to go beyond 32GB of memory which is where the Intel NUCs currently max out at.

The other appealing features for this platform is that it comes with 2x10GbE, 2x1GBe and an IPMI interface for remote management which is a huge benefit for not needing to connect an external monitor and keyboard. The system is also Xeon based w/6-Cores and can go all the way up to 128GB of memory. Tai had also recently published a blog article comparing the Supermicro E200-8D and the Intel NUC, which I think is worth a read if you are deciding between these two platforms.

Note: If you are considering purchasing the Supermicro E200-8D or any other system for that matter, check out this exclusive vGhetto discount here.

[Read more...]

Project USB to SDDC - Part 1

04.05.2017 by William Lam // 2 Comments

A couple of weeks back, Alan Renouf and I co-presented at the Sydney and Melbourne VMUG UserCon, here are some great write-ups about the events here and here. We were very honored to have been invited out and to also deliever the closing keynote. Having traveled halfway around the world, we thought it was only fitting to share something really special.

For the last couple of months, we had been working on a small pet project that I personally had been referring to as the "vGhetto SDDC". This was not something we had not shared with anyone before and thought the VMUG UserCon was the perfect venue to demo our new project. For the session, we decided to rename the project/session to USB to SDDC (better ring than the previous title) which might give you a hint on what the project might be about.

The inception for this project really stemmed from the work we did at last years VMworld Hackathon which was another idea that both Alan and I had came up and worked with the VMware Code team to deliver at both VMworld US and Europe. Like all great Automation stories, the motivation for this project was born out of pure laziness. With the huge success of the Hackathon at VMworld US, there was a huge demand for us to also deliver it again at VMworld Europe.

[Read more...]