Securing Workloads on Bare-Metal Windows Servers via the VMware NSX-T Agent (Kernel Module)

Reading Time: 6 minutes

Software-defined data centres, software-defined networks, software-defined storage – they are all great, aren’t they? They enable us to abstract software-defined-X from the physical and allows us to scale at speed via automation. However, physical servers, the elephant in the room, still exist, and they likely will for some time.

So then, can we integrate physical devices into a software-defined world? Yes. But, NSX-T micro-segmentation is only available to virtual machines, right? No. By using the VMware NSX-T Agent/kernel module, we can provide connectivity to bare-metal workloads and enable them to participate and leverage the same security functions as those enjoyed by virtual machines.

In this article, we deploy the NSX-T Agent to a Windows Server 2019 webserver hosting IIS and secure the physical, bare-metal server utilising the NSX-T Distributed Firewall (DFW).

Continue reading → Securing Workloads on Bare-Metal Windows Servers via the VMware NSX-T Agent (Kernel Module)

London VMUG - LonVMUG

London VMUG – 15th July 2021

Reading Time: < 1 minute

Earlier this month, I was honoured to have been able to present at the London VMware User Group. My session focussed on a discussion and demonstration around how we can leverage VMware vRealize Network Insight (vRNI) to visualise applications, their dependencies, and their application traffic flows to effectively micro-segment an application using the VMware NSX-T Distributed Firewall (DFW).

Continue reading → London VMUG – 15th July 2021

Replacing the VMware NSX-T Self-Signed SSL Certificate

Reading Time: 4 minutes

Out of the box, NSX-T Data Center utilises self-signed certificates for its cluster and manager nodes; however, it is recommended that you replace the self-signed certificates with CA-signed certificates to improve security.

In this article, we step through creating a certificate signing request and private key, generating a signed certificate in conjunction with your Certificate Authority, and finally applying the new certificate to your NSX-T cluster and manager nodes.

Continue reading → Replacing the VMware NSX-T Self-Signed SSL Certificate

BANNER-vGareth Lewis-VMware-vRealize-Network-Insight-vRNI-On-Prem-Install-and-Configure

VMware vRealize Network Insight (vRNI) – Part 6 – Importing Recommended Firewall Rules into NSX-T via Python Script

Reading Time: 5 minutes

As the holiday season is almost upon us (just two days), why not finish with one final article in my vRNI series and an article that will likely finalise my blog posts for the year.

In my previous article (VMware vRealize Network Insight (vRNI) – Part 5 – Data Flow Analysis & Micro-Segmentation), we analysed collected data flows in vRNI to manually micro-segment an application utilising the VMware NSX-T Distributed Firewall (DFW). However, what if we want to automate this process? After all, applications that require a small number of firewall rules (such as the application used in the previous article) are rare.

This article looks at Martijn Smit‘s great script, which imports vRNI recommended firewall rules into VMware NSX-T Data Center via a Python script.

Continue reading → VMware vRealize Network Insight (vRNI) – Part 6 – Importing Recommended Firewall Rules into NSX-T via Python Script

BANNER-vGareth Lewis-VMware-vRealize-Network-Insight-vRNI-On-Prem-Install-and-Configure

VMware vRealize Network Insight (vRNI) – Part 5 – Data Flow Analysis & Micro-Segmentation

Reading Time: 6 minutes

In the previous articles of this series, we covered the installation (VMware vRealize Network Insight (vRNI) – Part 1 – Installation) and configuration (VMware vRealize Network Insight (vRNI) – Part 2 – Configuration) of vRealize Network Insight, before integrating vRNI with Microsoft Active Directory via LDAP (VMware vRealize Network Insight (vRNI) – Part 3 – Identity & Access Management via LDAP).

In the most recent article (VMware vRealize Network Insight (vRNI) – Part 4 – Application Discovery), we delved into application discovery. We defined four applications via several options – manual creation of an application, as well as automated discovery based on vSphere Tags/Custom Attributes and VM naming conventions.

In this final article of the series, we will explore and analyse the collected data flows of one of the previously defined applications. The goal here is to identify all valid traffic flows required to secure the application utilising the NSX-T Distributed Firewall (DFW). My friends, today we look at micro-segmentation.

Continue reading → VMware vRealize Network Insight (vRNI) – Part 5 – Data Flow Analysis & Micro-Segmentation

BANNER-vGareth Lewis-VMware-vRealize-Network-Insight-vRNI-On-Prem-Install-and-Configure

VMware vRealize Network Insight (vRNI) – Part 4 – Application Discovery

Reading Time: 9 minutes

In the previous articles in this series, we covered the installation (VMware vRealize Network Insight (vRNI) – Part 1 – Installation) and configuration (VMware vRealize Network Insight (vRNI) – Part 2 – Configuration) of vRealize Network Insight, before integrating vRNI with Microsoft Active Directory via LDAP (VMware vRealize Network Insight (vRNI) – Part 3 – Identity & Access Management via LDAP).

In this article, we will dive a little deeper and begin looking at how we can define our applications and, in Part 5 (VMware vRealize Network Insight (vRNI) – Part 5 – Data Flow Analysis & Micro-Segmentation), begin analysing the collected data flows to implement micro-segmentation via the NSX-T Distributed Firewall.

Continue reading → VMware vRealize Network Insight (vRNI) – Part 4 – Application Discovery

Upgrading VMware NSX-T Data Center to 3.1

Reading Time: 7 minutes

With the recent announcement and general availability of VMware NSX-T Data Center 3.1 on Friday 30th October 2020, we have a number of enhancements, new features, and functionality. The new features and functionality can be seen in a previous post (VMware NSX-T 3.1.0 Release Announcement), however, I realise I’ve never discussed the upgrade procedure itself.

Upgrading NSX-T Data Center couldn’t be easier. Yes, there are some disruptive elements, however, if your NSX-T design has redundancy built-in, we aren’t talking much. Upgrading the edge and transport nodes is as simple as you can imagine, as is the process of upgrading the NSX Managers themselves and, in this article, I cover the process from start to finish.

Continue reading → Upgrading VMware NSX-T Data Center to 3.1