Skip to content

Howto

Deploy High Available Firewall Appliances in VMware Cloud Director

When customers are deploying their services to a Cloud Datacenter delivered with VMware Cloud Director they quite often want to use their own virtual Firewall Appliance rather than the Edge and Distributed firewall that is built into the NSX infrastructure. Many Administrators prefer to use their well-known CheckPoint, Fortinet, or pfSense for seamless configuration management. While using standalone virtual Firewall Appliances is not an issue in general, there are some caveats with HA deployments, which can be addressed with features implemented in recent versions of VMware Cloud Director.

This article explains how to deploy High-Available Firewall Appliances in VMware Cloud Director 10.5

Read More »Deploy High Available Firewall Appliances in VMware Cloud Director

How to Update ESXi 8.0 with USB NIC Fling

The USB Network Native Driver Fling is a popular driver for ESXi to allow the usage of USB-based Network cards. When you downloadaing the driver, you might notice that there are separate versions for each ESXi Update release (eg.  8.0 and 8.0U1).  Both versions are only compatible with their corresponding ESXi version, which makes direct updates a little bit more complex.

This article explains two options to upgrade ESXi hosts with USB-based network adapters.

Read More »How to Update ESXi 8.0 with USB NIC Fling

How to Install PowerCLI 13 with Python 3.7 on Windows (Required for ImageBuilder)

With the release of PowerCLI 13, VMware has introduced some major enhancements. One of the most exciting features is that PowerCLI is now fully Multi-platform, which means that all functions are available for all PowerShell Core supported operating systems including Windows, macOS, and Linux. If you are planning to use the ImageBuilder module, you will need to have Python 3.7 installed on your machine.

If you want to use ImageBuilder-based commands in PowerCLI 13, you might see the following error:

Add-EsxSoftwareDepot: Could not initialize the VMware.ImageBuilder PowerCLI module. Make sure that Python 3.7 is installed and that you have set the path to the Python executable by using Set-PowerCLIConfiguration -PythonPath. See the PowerCLI Compatibility Matrixes for information on the Python requirements.

This article explains how to install and configure PowerCLI 13 with Python 3.7 to be ready to use ImageBuilder.

Read More »How to Install PowerCLI 13 with Python 3.7 on Windows (Required for ImageBuilder)

How to create a bootable ESXi Installer USB Flash Drive with Linux, Windows or Mac

This article explains how to create a bootable ESXi Installer USB Flash Drive with Linux, Windows, and Macs. Installing ESXi with a USB flash drive is a convenient method for physical servers that do not have remote management.

ESXi Image Download

Read More »How to create a bootable ESXi Installer USB Flash Drive with Linux, Windows or Mac

VMware NSX-T 3.1 Edge Node Sizing

Edge Nodes in NSX-T 3.1 are available as Virtual Machines and Bare Metal Edges. When you deploy a Virtual Edge Node using the embedded deployment function in NSX-T, you can choose between 4 sizes - Small, Medium, Large and Extra Large. In this article, I'm trying to collect information about the different sizing options, what they are intended for and how to resize Edge Nodes.

Read More »VMware NSX-T 3.1 Edge Node Sizing

How to configure Multiple TLS Certificates with SNI in NSX-T Load Balancer

When you want to use the same public IP address for multiple websites, you have to leverage the SNI extension. Server Name Indication (SNI) is an extension to the Transport Layer Security (TLS) protocol which allows a client to indicate which hostname it wants to connect to. This allows a server to present specific certificates on the same IP address and hence allows multiple secure (HTTPS) websites to be served by the same server.

The NSX-T Load Balancer supports SNI Certificates on a single Virtual Server (IP Address) with different Server Pools in the backend. This article explains how to configure SNI-based Load Balancing with 3 different secure HTTPS Websites on a single IP Address with the NSX-T 3.1 Load Balancer.

Read More »How to configure Multiple TLS Certificates with SNI in NSX-T Load Balancer

Import of Let's Encrypt Certificates in NSX-T Fails With "Certificate chain validation failed"

When you try to import a Let's Encrypt SSL Server Certificate in NSX-T, the following error message is displayed:

Error: You have 1 Error(s)
Certificate chain validation failed. Make sure a valid chain is provided in order leaf,intermediate,root certificate. (Error code: 2076)

Read More »Import of Let's Encrypt Certificates in NSX-T Fails With "Certificate chain validation failed"

SSL Load Balancer in VMware Cloud Director with NSX-ALB (AVI)

With the NSX Advanced Load Balancer integration in Cloud Director 10.2 or later, you can enable SSL offloading to secure your customer's websites. This article explains how to request a Let's Encrypt certificate, import it to VMware Cloud Director and enable SSL offloading in NSX-ALB. This allows tenants to publish websites in a secure manner.

Read More »SSL Load Balancer in VMware Cloud Director with NSX-ALB (AVI)

Shared Service Engine Groups in VMware Cloud Director with NSX Advanced Load Balancer

In the Getting Started with NSX Advanced Load Balancer Integration in VMware Cloud Director 10.3 Guide, I've explained how to enable "Load Balancing as a Service" in VCD with dedicated Service Engines. With this Service Engine deployment model, each Edge Gateway is statically assigned to a dedicated NSX-ALB Service Engine Group. That means, for each EGW you create in VCD, you have to create a Service Engine Groups, which consists of multiple Service Engines (Virtual Machines).

Service Engine Groups can also be deployed in a shared model. Shared Service Engine groups can be assigned to multiple Edge Gateways. In this deployment model, a single Service Engine (Virtual Machine) can handle traffic for multiple customers. For obvious security reasons, and to prevent problems with overlapping networks, VRFs are used inside the SE to fully separate the data traffic.

This article explains how to use Shared Service Engine Groups in VMware Cloud Director 10.3.

Read More »Shared Service Engine Groups in VMware Cloud Director with NSX Advanced Load Balancer