Skip to content

Quick Tip: How to Master NSX-ALB (AVI) Resources in Terraform

Using the Terraform AVI Provider can be quite challenging because it required you to understand complex object definitions. All resources in the AVI Provider are mapped directly to the corresponding Avi Vantage API which you can find here. The problem is that some objects have a huge amount of attributes, some of them even have a nested depth of 5.

I'll show you a little trick to quickly get the required information to write NSX-ALB / AVI resources.

Read More »Quick Tip: How to Master NSX-ALB (AVI) Resources in Terraform

NSX-ALB Integration in VMware Cloud Director 10.3 with Terraform

In an earlier article, I've explained how to integrate VMware NSX-T Advanced Loadbalancer (formerly known as AVI) into VMware Cloud Director. Today, I want to show how to automate those steps with Terraform. Terraform is an open-source infrastructure as code software tool created by HashiCorp. The following steps are part of the automated configuration:

  • Create vCenter Content Library for SE Images
  • Create Service Engine Management Network with DHCP in NSX-T
  • Create NSX-T Cloud in NSX-ALB
  • Create Service Engine Group in NSX-ALB
  • Add NSX-ALB Controller to VMware Cloud Director
  • Import NSX-T Cloud to VMware Cloud Director
  • Import Service Engine Group to VMware Cloud Director

Read More »NSX-ALB Integration in VMware Cloud Director 10.3 with Terraform

VMware ESXi 7.0 Update 3 on Intel NUC

VMware vSphere ESXi 7.0 Update 3 has been released in October and before you start to deploy it to production, you want to evaluate it in your testing environment or homelab. If you have Intel NUCs or similar hardware you should be very careful when updating to new ESXi releases as there might be issues. Please always keep in mind that this is not an officially supported platform and there might be compatibility issues.

In vSphere 7.0, there are ups and downs with consumer-grade network adapters. Since the deprecation of VMKlinux drivers, there is no option to use Realtek-based NICs, and previous versions had problems with the ne1000 driver. Luckily there is the great Community Networking Driver for ESXi Fling that adds support for a bunch of network cards and VMKUSB-NIC-FLING always covers your back.

I've updated my NUC portfolio to check which NUCs are safe to update and what considerations you have to take before installing the update. Additionally, I'm taking a look at the consequences of the recently deprecated USB/SD-Card usage for ESXi Installations and some general Issues in 7.0u3.

Read More »VMware ESXi 7.0 Update 3 on Intel NUC

VMware NSX-T 3.1 Edge Node Sizing

Edge Nodes in NSX-T 3.1 are available as Virtual Machines and Bare Metal Edges. When you deploy a Virtual Edge Node using the embedded deployment function in NSX-T, you can choose between 4 sizes - Small, Medium, Large and Extra Large. In this article, I'm trying to collect information about the different sizing options, what they are intended for and how to resize Edge Nodes.

Read More »VMware NSX-T 3.1 Edge Node Sizing

How to configure Multiple TLS Certificates with SNI in NSX-T Load Balancer

When you want to use the same public IP address for multiple websites, you have to leverage the SNI extension. Server Name Indication (SNI) is an extension to the Transport Layer Security (TLS) protocol which allows a client to indicate which hostname it wants to connect to. This allows a server to present specific certificates on the same IP address and hence allows multiple secure (HTTPS) websites to be served by the same server.

The NSX-T Load Balancer supports SNI Certificates on a single Virtual Server (IP Address) with different Server Pools in the backend. This article explains how to configure SNI-based Load Balancing with 3 different secure HTTPS Websites on a single IP Address with the NSX-T 3.1 Load Balancer.

Read More »How to configure Multiple TLS Certificates with SNI in NSX-T Load Balancer

Import of Let's Encrypt Certificates in NSX-T Fails With "Certificate chain validation failed"

When you try to import a Let's Encrypt SSL Server Certificate in NSX-T, the following error message is displayed:

Error: You have 1 Error(s)
Certificate chain validation failed. Make sure a valid chain is provided in order leaf,intermediate,root certificate. (Error code: 2076)

Read More »Import of Let's Encrypt Certificates in NSX-T Fails With "Certificate chain validation failed"

SSL Load Balancer in VMware Cloud Director with NSX-ALB (AVI)

With the NSX Advanced Load Balancer integration in Cloud Director 10.2 or later, you can enable SSL offloading to secure your customer's websites. This article explains how to request a Let's Encrypt certificate, import it to VMware Cloud Director and enable SSL offloading in NSX-ALB. This allows tenants to publish websites in a secure manner.

Read More »SSL Load Balancer in VMware Cloud Director with NSX-ALB (AVI)

Shared Service Engine Groups in VMware Cloud Director with NSX Advanced Load Balancer

In the Getting Started with NSX Advanced Load Balancer Integration in VMware Cloud Director 10.3 Guide, I've explained how to enable "Load Balancing as a Service" in VCD with dedicated Service Engines. With this Service Engine deployment model, each Edge Gateway is statically assigned to a dedicated NSX-ALB Service Engine Group. That means, for each EGW you create in VCD, you have to create a Service Engine Groups, which consists of multiple Service Engines (Virtual Machines).

Service Engine Groups can also be deployed in a shared model. Shared Service Engine groups can be assigned to multiple Edge Gateways. In this deployment model, a single Service Engine (Virtual Machine) can handle traffic for multiple customers. For obvious security reasons, and to prevent problems with overlapping networks, VRFs are used inside the SE to fully separate the data traffic.

This article explains how to use Shared Service Engine Groups in VMware Cloud Director 10.3.

Read More »Shared Service Engine Groups in VMware Cloud Director with NSX Advanced Load Balancer