Skip to content

Florian Grehl

How to use SSH Key Authentication in NSX-T

If you are working with Linux you are very likely familiar with SSH Keys. Public Key authentication is an authentication method that relies on a generated public/private keypair and enables a secure method to login without entering a password.

Usually, you would use ssh_copy_id to transfer keys to a remote system or add it to the authorized_keys file manually but NSX-T does not support those methods. This article explains how to enable ssh key authentication for NSX-T Managers and Edge Appliances.

Read More »How to use SSH Key Authentication in NSX-T

Quick Tip: Remove NSX-T SSH and HTTP Session Timeout

If you are like me and keep browser tabs and SSH sessions open forever, I guess you are annoyed when that happens:

Default timeouts in NSX-T are:

  • 1800 seconds (30 minutes) for the Web Interface
  • 600 seconds (10 minutes) for SSH

This article explains how to remove session timeouts for SSH and the Web interface in NSX-T to stay logged in forever.

Read More »Quick Tip: Remove NSX-T SSH and HTTP Session Timeout

Quick Tip: Remove NSX-T Password Expiration

VMware NSX-T has a preconfigured password expiration policy of 90 days. When the password expiration day is near, a notification is displayed in the Web interface. There are 3 preconfigured local users: admin, audit, and root. All passwords have to be changed after 90 days. This article explains how to remove the password expiration.

The password for local user 'admin' will expire in [x] days.
The password for local user 'root' will expire in [x] days.
The password for local user 'audit' will expire in [x] days.
The password for local user 'guestuser1' will expire in [x] days.
The password for local user 'guestuser2' will expire in [x] days.

Please keep in mind that not only the password for NSX-T Manager expires, but also for Edge Transport Nodes (Edge VMs). When the password has expired, some functions (API / Web-Interface Login) are no longer possible, so make sure you either change the password regularly or remove the expiration policy.

Read More »Quick Tip: Remove NSX-T Password Expiration

Retrieve VMware Virtual Machine Password from OVF properties

When you deploy a Virtual Machine from OVF/OVA you can sometimes preconfigure passwords using OVF properties. All configuration parameters set during the deployment can be viewed later in the Web Client within VM > Configure > Settings > vApp Options but when you want to retrieve the password, the actual value is hidden:
You can't access the password from the Client, MOB, or using the API. This article explains how you can retrieve vApp option passwords from the vCenter Database.

Read More »Retrieve VMware Virtual Machine Password from OVF properties

Run pgAdmin in a Docker container on the vCenter Server Appliance

In the last article, I've explained how to manage the vCenter Server Appliance vPostgres Databases with pgAdmin. This article goes a step further and explains how to run pgAdmin in a Docker Container on the vCenter Server Appliance itself. This method works with vCenter Server Appliance version 6.5, 6.7, and 7.0.

Read More »Run pgAdmin in a Docker container on the vCenter Server Appliance

NSX-T 3.0 Evaluation - How to Download and get License Key

When you download and deploy NSX-T 3.0, the following message is displayed after login:

Some features are not supported with the Endpoint license. Please upgrade the license to use more supported features.

Unlike ESXi and vCenter, which are automatically running in a fully-featured 60-day evaluation mode after installation, NSX-T requires a license. The non-expiring license which is active by default is called "NSX for vShield Endpoint" and has a limited feature set.

This article explains how to register for an evaluation license and get access to NSX-T product downloads.

Read More »NSX-T 3.0 Evaluation - How to Download and get License Key

VMware ESXi 7.0 - Hardware not yet certified for upgrade

Double-check your vendor support when updating ESXi hosts to vSphere 7.0. Some systems have not been certified by their vendor yet. The following servers were supported in vSphere 6.7 but are according to VMware's HCL not yet supported in vSphere 7.0.

Your server is listed and you want to upgrade?

  • Usually, the list gets smaller a couple of weeks after a new vSphere version has been released. I will update this post when I notice changes.
  • Not supported does not say that it does not work.
  • Servers get certified by their vendor, not VMware. If you want a server to get certified, ask your vendor.
  • Vendor support matrices sometimes differ from VMware HCL. Please ask your vendor or VMware whether you are allowed to upgrade.
  • The list has been created with the help of my HCL in JSON Format.
  • Follow the comments to get notified of updates.
  • Did I miss something? Please comment.
  • The list only contains systems by the following vendors: Cisco, DELL, Fujitsu, Hewlett Packard Enterprise, Hitachi, IBM, Lenovo, and Supermicro

Read More »VMware ESXi 7.0 - Hardware not yet certified for upgrade

Demystifying vCenter Version and Build Number Mismatches

Have you ever wondered that the VMware vCenter Server build number mentioned in Release Notes does not match with the build number displayed in the vSphere Client? There are many different versions and build numbers used through the product. How the numbering works is different from Releases to Release. Here is an example of version numbers used in vSphere 6.7:

  • vCenter Server 6.7 U3f
  • Appliance Version: 6.7.0.43000
  • Windows Application Version: 6.7.0.31288
  • ISO/Installer/Update Build: 15976714
  • Appliance Build Number: 15976728
  • Windows Build Number: 15976721

In this article, I am going to explain where these numbers are used and also how the numbering differs from vSphere Release to vSphere Release (eg. vSphere 6.7 numbering standards differ from vSphere 6.5).

Read More »Demystifying vCenter Version and Build Number Mismatches