Howto

Filter specific Domains (FQDN) with NSX-T Distributed Firewall

This article explains how to set up Firewall Rules in NSX-T that allow users to only access specific domains. In many high-security environments, outgoing traffic is filtered using a firewall. When you want to access an external service, you usually create IP-based firewall rules. In some cases, you don't know which IP addresses hide behind a domain. This is where domain filters come in handy.

While this feature has been available in NSX-T for a while, it was limited to a predefined set of domains. With the Release of NSX-T 3.1, you can finally define your own FQDN lists.

In this example, I'm going to set up NSX-T Distributed Firewall to only allow access to www.virten.net and reject all other domains.

Read More »Filter specific Domains (FQDN) with NSX-T Distributed Firewall

Deploy NSX-T Edge VM SSH Keys with Ansible

While working with NSX-T, there are many reasons to access edge appliances using SSH. Most troubleshooting options are only available using nsxcli on the appliance itself. During the deployment, each appliance has 3 user account: root, admin, and audit. Alle Accounts are configured with password-based authentication. In a previous article, I've already described how to deploy SSH Keys using nsxcli, which allows a secure and comfortable authentication method. In this article, I'm explaining how to use ansible to deploy SSH public keys to NSX-T Edges. This option allows you to easily manage keys on a large platform.

Read More »Deploy NSX-T Edge VM SSH Keys with Ansible

How to add AD Authentication in vCenter 7.0

The vCenter Server has an internal user database that allows you to add and manage users very easily. Users management and Single Sign-On is provided by the embedded Platform Service Controller which is available since vSphere 6.0. In a large environment, you might want to connect your virtualization infrastructure to a centrally manage Active Directory.

This article explains how to add AD authentication in vSphere 7.0 and how to get the "Use Windows session authentication" checkbox to work with the "Enhanced Authentication Plugin".

Read More »How to add AD Authentication in vCenter 7.0

How to use SSH Key Authentication in NSX-T

If you are working with Linux you are very likely familiar with SSH Keys. Public Key authentication is an authentication method that relies on a generated public/private keypair and enables a secure method to login without entering a password.

Usually, you would use ssh_copy_id to transfer keys to a remote system or add it to the authorized_keys file manually but NSX-T does not support those methods. This article explains how to enable ssh key authentication for NSX-T Managers and Edge Appliances.

Read More »How to use SSH Key Authentication in NSX-T

How to Install VMware vSphere Perl SDK on Debian 9 (stretch)

Download the latest Perl SDK for your vSphere version from code.vmware.com and copy it to the system. The download is free, but an My VMware account is required.

Make sure that your system up to date:

# apt-get update && apt-get upgrade -y

Read More »How to Install VMware vSphere Perl SDK on Debian 9 (stretch)

How to silence VMware vSAN Health Checks

A new feature in vSAN 6.6 is the ability to silence Health Checks. In previous versions, it was already possible to disable alerts that are triggered by health checks. Silencing health checks is one step further and enables you to have a clean vSAN health. Silenced checks are displayed with a green checkmark and are marked as "Skipped".

Especially for home labs, where unsupported hardware is used, this is a great feature.

Read More »How to silence VMware vSAN Health Checks