BANNER-vGareth Lewis-VMware-vRealize-Network-Insight-vRNI-On-Prem-Install-and-Configure

VMware vRealize Network Insight (vRNI) – Part 5 – Data Flow Analysis & Micro-Segmentation

Reading Time: 6 minutes

In the previous articles of this series, we covered the installation (VMware vRealize Network Insight (vRNI) – Part 1 – Installation) and configuration (VMware vRealize Network Insight (vRNI) – Part 2 – Configuration) of vRealize Network Insight, before integrating vRNI with Microsoft Active Directory via LDAP (VMware vRealize Network Insight (vRNI) – Part 3 – Identity & Access Management via LDAP).

In the most recent article (VMware vRealize Network Insight (vRNI) – Part 4 – Application Discovery), we delved into application discovery. We defined four applications via several options – manual creation of an application, as well as automated discovery based on vSphere Tags/Custom Attributes and VM naming conventions.

In this final article of the series, we will explore and analyse the collected data flows of one of the previously defined applications. The goal here is to identify all valid traffic flows required to secure the application utilising the NSX-T Distributed Firewall (DFW). My friends, today we look at micro-segmentation.

Continue reading → VMware vRealize Network Insight (vRNI) – Part 5 – Data Flow Analysis & Micro-Segmentation

Patch VMware vSphere Host via ESXCLI

Reading Time: 2 minutes

There may be some scenarios where you will need to patch a vSphere Host manually. Maybe the host is air-gapped for security purposes, or maybe the host is simply a standalone ESXi Server and isn’t connected to a vCenter Server.

Patching the host is a simple enough exercise, and in this article, I detail both the implementation and validation steps.

Continue reading → Patch VMware vSphere Host via ESXCLI

Upgrading VMware NSX-T Data Center to 3.1

Reading Time: 7 minutes

With the recent announcement and general availability of VMware NSX-T Data Center 3.1 on Friday 30th October 2020, we have a number of enhancements, new features, and functionality. The new features and functionality can be seen in a previous post (VMware NSX-T 3.1.0 Release Announcement), however, I realise I’ve never discussed the upgrade procedure itself.

Upgrading NSX-T Data Center couldn’t be easier. Yes, there are some disruptive elements, however, if your NSX-T design has redundancy built-in, we aren’t talking much. Upgrading the edge and transport nodes is as simple as you can imagine, as is the process of upgrading the NSX Managers themselves and, in this article, I cover the process from start to finish.

Continue reading → Upgrading VMware NSX-T Data Center to 3.1

VMware NSX-T Manager FQDN Registration

Reading Time: 3 minutes

By default, NSX-T transport nodes access NSX-T Manager nodes via their IP address, however, changing this behaviour so that the NSX-T Manager FQDN is used instead is an easy fix and is implemented by a simple REST API call.

FQDN registration is an NSX-T Multisite requirement. As such, FQDN registration is not required for single-site deployments.

In the scenario whereby a customer needs to failover NSX-T operations to a secondary site (by deploying a new NSX-T Manager and restoring from backup), the NSX-T Manager(s) and Cluster VIP address will likely change unless they have implemented stretched-L2. As such, the NSX-T Manager(s)/Cluster FQDN needs to be registered with all NSX-T transport nodes and, once a new NSX-T Manager is deployed to the secondary site and restored from backup, DNS can be amended, and management operations restored.

Continue reading → VMware NSX-T Manager FQDN Registration

VMware NSX-T – Modifying the Default Admin Password Expiration

Reading Time: < 1 minute

In NSX-T, the Admin and Audit user passwords for both the NSX Manager and NSX Edge appliances expire, by default, after 90 days. When these passwords expire, you will not be able to log in and manage your NSX-T components. This includes any API calls where administrative credentials are required.

In this article I detail the simple process of amending the expiration period or, if so required, removing the password expiration altogether (the latter being perfect for POC and/or lab environments).

Continue reading → VMware NSX-T – Modifying the Default Admin Password Expiration