WilliamLam.com

Enhanced vCenter Server Audit Event & Logging in vSphere 6.7 Update 2

by // 8 Comments

A couple of years back I had published a detailed analysis on vCenter Server's Authentication (AuthN) and Authorization (AuthZ) from an auditing and logging standpoint. This has been the go to reference for many of our customers and the posts also includes a number of log samples which I have documented in the following Github repository.

In addition to serving as a reference for our customers, it has also helped our Product and Engineering teams understand where we still had some gaps and how we could improve the overall user experience. As hinted in the recently announced vSphere 6.7 Update 2 release, which will be available soon, there are number of new auditing enhancements that have been made to both vCenter Server and the vCenter Single Sign-On (SSO) service that I think customers will really appreciate.

"Real" client IP address in Events

When you look at a login or logout Event in vCenter Server today, you may have noticed the user's client IP Address is actually of the vCenter Server rather than the actual remote client's address and the reason for this is explained here. In vSphere 6.7 Update 2, the real client IP Address is now captured and is included in all successful login/logout and failed logins. This information can now enable administrators to easily identify unauthorized access and be able to quickly track down the systems initiating the connections.

[Read more...]

Getting started with VMware Pivotal Container Service (PKS) Part 9: Logging

by // Leave a Comment

In this blog post, we will walk through configuring the various components within a PKS deployment such as vSphere (vCenter Server & ESXi), NSX-T (Manager, Controllers & Edges), BOSH and PKS Control Plane to forward their logs to an external syslog system such as a VMware vRealize Log Insight (vRLI) which includes 25 free OSI licenses for any vSphere customer.

If you missed any of the previous articles, you can find the complete list here:

[Read more...]

Getting started with VMware Pivotal Container Service (PKS) Part 8: Monitoring Tool Overview

by // 1 Comment

I had received a few questions about the monitoring capabilities for VMware PKS and some of the VMware tools that can help provide visibility and audibility of the platform. Different consumers of PKS will care about different things, as you can imagine the cloud admin/platform operator is primarily concerned with the underlying infrastructure (compute, storage, network) including the PKS Management components. Developers want to know how their application is doing and if there are any issues, how to quickly access the information they need to debug and fix the problem.

Logging

Complete end-to-end logging is a mandatory requirement for many customers, especially when it comes to dealing with large and complex application deployments. Being able to provide centralized access of all logs to both operators and developers is key to be able to quickly triage and resolve an issue. Remote syslog can be configured throughout the PKS stack from the infrastructure and going all the way up to the application if developers decides to instrument logging and sending it to the same syslog target. VMware customers can take advantage of vRealize Log Insight (vSphere customers receive 25 free OSI licenses) which is a on-premises log management solution. If you prefer a SaaS-based solution, VMware also has Log Intelligence which can be used to service both premises infrastructure as well as other cloud hosted deployments.

Infrastructure Monitoring

For Cloud Admins/Platform Operators, vRealize Operations Manager (vROPs) will be the tool of choice which many of our customers are already familiar with. vROps provides analytics, capacity management and alerting for all of your underlying compute, storage and networking infrastructure. This information can be trended over time and provide help proactive identify any anomalies within the infrastructure before they arise. There are a number of Management Packs that can be used to provide easy to consume and out of the box dashboards such as vSphere which gives you information about your vCenter Server and the ESXi hypervisor, NSX-V as well as NSX-T for networking/security and core storage including VSAN.

Application Monitoring

Unlike traditional applications, Cloud Native Apps require a completely different way of monitoring to ensure Developers can easily access the important information they require for development purposes. VMware Wavefront is a SaaS-based solution that is metrics monitoring and analytics platform that can handle the high-scale requirements of modern cloud-native applications. Not only can Developers instrument their own applications and forward that to Wavefront, but Wavefront also provides complete visibility into a Kubernetes (K8S) deployment from namespaces, nodes, pods and all the way down to the individual containers.

Here is a diagram to help illustrate the visibility that each solution provides:


In the next three posts, I walk through the configuration steps to setup vRLI, vROPs and Wavefront with VMware PKS.

If you missed any of the previous articles, you can find the complete list here: