Page 2 of 7

flock of birds flying
Posted on

VMware NSX for vSphere to NSX-T Migration – End-to-End User Defined Topology

Reading Time: 12 minutes

Article Updated: 20th July 2023

In my previous post, I covered the end-to-end migration of VMware NSX for vSphere to NSX-T Data Center (VMware NSX from v4.0.0.1) via the Fixed Topology Option, however, in real life I don’t see this option utilised very often due to the limited number of supported topologies.

How then can we achieve the same in-place, end-to-end migration of unsupported topologies? This is where the User Defined Topology option comes into play, and it offers much greater flexibility by enabling customers to define/map their own logical routing topologies. This, of course, will require a design and, like the message I tried to impart in my previous post, this must be planned ahead of your proposed change/maintenance/migration window.

Continue reading → VMware NSX for vSphere to NSX-T Migration – End-to-End User Defined Topology

flock of white birds against a black background
Posted on

VMware NSX for vSphere to NSX-T Migration – End-to-End Fixed Topology

Reading Time: 9 minutes

In a previous post, we discussed the value of pre-migration validation checks, identifying whether a customer environment is aligned to the supported fixed topologies and the process of creating and viewing the JSON output following the successful import of NSX for vSphere configuration.

In this post, we continue on the same theme and will use the NSX-T (VMware NSX from v4.0.0.1) Migration Coordinator to migrate an NSX for vSphere environment, end-to-end, to NSX-T via the Fixed Topology option.

Continue reading → VMware NSX for vSphere to NSX-T Migration – End-to-End Fixed Topology

magnifying glass on top of document
Posted on

VMware NSX-T Migration Coordinator Report Export for Fixed Topology Migration

Reading Time: 4 minutes

With VMware NSX for vSphere (NSX-V) having gone end of general support on January 16th 2022, there are numerous customers now busily working on migrating to VMware NSX-T Data Center (VMware NSX as of v4.0.0.1).

In future posts, I will detail the end-to-end migration process for both Fixed and User Defined Topologies utilising the NSX-T Migration Coordinator, however, before we jump in, let us look at a rather handy report which is often helpful in validating customer readiness and environmental health for those looking to migrate via the Fixed Topology option.

Continue reading → VMware NSX-T Migration Coordinator Report Export for Fixed Topology Migration

Posted on

VMware NSX-T Data Center One-Arm Load Balancer for VLAN-Backed Workloads

Reading Time: 4 minutes

Scenario – Let us say I have a Customer who has a load balancing requirement, however, they do not utilise Overlay networking and, as a result, no Tier-0 or Tier-1 Gateways exist to form a software-defined routing architecture. As such, an Inline load balancer topology will not be possible. However, VLAN-backed NSX-T Segments are in place, as the customer currently utilises distributed firewalling.

This article looks at how we can deploy a Tier-1 Gateway for one-arm load balancing to backend virtual machines housed on VLAN-backed NSX-T Segments. Should we wish, we could expand the server pool by adding physical devices as well.

Continue reading → VMware NSX-T Data Center One-Arm Load Balancer for VLAN-Backed Workloads

Posted on

Lab-Ready Workload Virtual Machines via VMware Photon OS – Static IP Assignment

Reading Time: 2 minutes

Like most of us in the virtualisation ecosystem, I run a lab. Actually, I run multiple labs, however, unlike some, my labs are nested environments running on a single ESXi host, specifically, the awesome SuperMicro SuperServer E300-9D-8CN8TP. My labs are just that – testing environments for personal development, study, validation of customer designs, etc. They don’t run any production/home applications, so they’re spun up and down fairly often.

As some of these labs can be resource hungry (multi-site VMware NSX-T Federation environments or VMware Cloud Foundation to name two examples), the workload VMs I deploy for testing within these environments must be small.

Welcome VMware Photon OS.

Continue reading → Lab-Ready Workload Virtual Machines via VMware Photon OS – Static IP Assignment

Posted on

Securing Workloads on Bare-Metal Windows Servers via the VMware NSX-T Agent (Kernel Module)

Reading Time: 6 minutes

Software-defined data centres, software-defined networks, software-defined storage – they are all great, aren’t they? They enable us to abstract software-defined-X from the physical and allows us to scale at speed via automation. However, physical servers, the elephant in the room, still exist, and they likely will for some time.

So then, can we integrate physical devices into a software-defined world? Yes. But, NSX-T micro-segmentation is only available to virtual machines, right? No. By using the VMware NSX-T Agent/kernel module, we can provide connectivity to bare-metal workloads and enable them to participate and leverage the same security functions as those enjoyed by virtual machines.

In this article, we deploy the NSX-T Agent to a Windows Server 2019 webserver hosting IIS and secure the physical, bare-metal server utilising the NSX-T Distributed Firewall (DFW).

Continue reading → Securing Workloads on Bare-Metal Windows Servers via the VMware NSX-T Agent (Kernel Module)

London VMUG - LonVMUG
Posted on

London VMUG – 15th July 2021

Reading Time: < 1 minute

Earlier this month, I was honoured to have been able to present at the London VMware User Group. My session focussed on a discussion and demonstration around how we can leverage VMware vRealize Network Insight (vRNI) to visualise applications, their dependencies, and their application traffic flows to effectively micro-segment an application using the VMware NSX-T Distributed Firewall (DFW).

Continue reading → London VMUG – 15th July 2021

BANNER-vGareth Lewis-VMware-vRealize-Network-Insight-vRNI-On-Prem-Install-and-Configure
Posted on

VMware vRealize Network Insight (vRNI) – Part 5 – Data Flow Analysis & Micro-Segmentation

Reading Time: 6 minutes

In the previous articles of this series, we covered the installation (VMware vRealize Network Insight (vRNI) – Part 1 – Installation) and configuration (VMware vRealize Network Insight (vRNI) – Part 2 – Configuration) of vRealize Network Insight, before integrating vRNI with Microsoft Active Directory via LDAP (VMware vRealize Network Insight (vRNI) – Part 3 – Identity & Access Management via LDAP).

In the most recent article (VMware vRealize Network Insight (vRNI) – Part 4 – Application Discovery), we delved into application discovery. We defined four applications via several options – manual creation of an application, as well as automated discovery based on vSphere Tags/Custom Attributes and VM naming conventions.

In this final article of the series, we will explore and analyse the collected data flows of one of the previously defined applications. The goal here is to identify all valid traffic flows required to secure the application utilising the NSX-T Distributed Firewall (DFW). My friends, today we look at micro-segmentation.

Continue reading → VMware vRealize Network Insight (vRNI) – Part 5 – Data Flow Analysis & Micro-Segmentation

Posted on

Patch VMware vSphere Host via ESXCLI

Reading Time: 2 minutes

There may be some scenarios where you will need to patch a vSphere Host manually. Maybe the host is air-gapped for security purposes, or maybe the host is simply a standalone ESXi Server and isn’t connected to a vCenter Server.

Patching the host is a simple enough exercise, and in this article, I detail both the implementation and validation steps.

Continue reading → Patch VMware vSphere Host via ESXCLI