Categories
VMware

vRealize Suite LifeCycle Manager – Environment

Intro

As part of my new role, I have worked extensively on a project deploying VMware’s vRealize Suite Lifecycle Manager. It’s a project that is fairly new in the VMware ecosystem and not a lot of people have come across it.  If you run any of the following products then it’s worth checking it out.

vRealize Automation

vRealize Operations

vRealize Log Insight

vRealize Network Insight

This is the first post of a few that I’m going to do on vRSLCM showing a bit of the environment Management and a product deployment

 

Split Personality

vRSLCM performs two fairly distinct roles.   These are Environment and Content Management. The Content management part of the product is a replacement for codestream (Houdini)

Environment management is used for deployment, Patching, Certificate and environment config management.

Environment Management

To deploy a component you must first set up an environment within vRSLCM

This involves creating a datacentre where you also add the target vCentre

 

When that is done you can create an environment.   An environment is like a wrapper for the products and controls them as a set. You can have multiple of these with the idea that you would have production, test development etc.   You can have multiple of each of these if required.

When you have your environment created its time to deploy a product. vRSLCM will do this step for you but it needs to have the relevant files within the appliance.  These are added in the settings section under product binaries.

You can use three different ways to add the relevant files into the appliance.  Connect it to an NFS share with the relevant files,  Manually upload via SSH or by far the easiest is to add your “My VMware” details and then vRSLCM will download them automatically.     The advantage to the My VMware method is that it can also track the available patches for the products.

I used a combination of NFS and My VMware to add the product binaries

Product Patches

 

Once that was done I added two separate environments  (one for testing and one to simulate production) and then deployed some workloads

Here you can see that I have vROPS deployed in test and both Log Insight and vROPS in the production environment.

I am now going to use vRSLCM to deploy Log Insight Into the test environment by adding it as a product

 

Here you can see I have selected Log Insight to be added (It is possible to add multiple at the same time.). I have gone for a “small” config and I have chosen version 4.6.0.

You will then be asked to confirm the user agreement and vRSLCM will take you into the deployment step.  Here you will provide the specific info. A really nice feature is that as part of this wizard if you provided the My VMware details earlier it will list the keys for you.

 

Most of the Infrastructure details are taken from the environment set up earlier Including vCentre, Cluster, Network details, Datastore NTP etc. It will also deploy certificates for you at this step (a really nice feature)

 

These are the only questions that the wizard can’t answer which is basically the node size to be deployed.   The name for the VM, Hostname and IP address.  Once you have added these to the wizard check that both forward and reverse DNS Is in place before going any further. This is because on the next step the vRSLCM does a prerequisite check.

 

Here you can see that the precheck failed as I had a clash of virtual machine names between my test and production environments. This is an issue as they are in the same vCentre/Cluster

With the precheck passing, you submit this and vRSLCM will go off and deploy.  Obviously, this can take quite a while depending on the config you have asked to deploy.   This can be monitored in the requests section.

Here you can see all the steps and if required can troubleshoot any failures.    When complete it should look something like the below

 

Going back to the Environment we now see that Test matches Production

Categories
Homelab

Lab Storage

Lab Storage Update.

 

Since starting my new role with Xtravirt my Homelab has gone under a number of fairly significant changes.  At the moment its very much focused around the VMware stack and one of the things I needed was some more storage and especially some more storage performance.  With that in mind, I purchased a new Synology a  DS918+

It’s a very compact unit with a quad-core Intel Celeron & I have left the Ram at 4 GB for now.

I have added some of the existing SSD’s that I had giving me about 3TB of usable flash.  I am presenting this back to my VMware hosts using NFS 4.1.   I must have missed the announcement as this is now built into the Synology GUI ( It used to be a command line only option) I have verified the VAAI works as expected in this configuration.  At present I am using this with a single network connection however I will be testing NFS Multipathing shortly.

The performance improvement has been noticeable and I have now removed all non-Synology systems from primary storage.   This has left me with the DS918+ detailed here and a DS216+ with 2TB of Raid1 WD Reds. I am using this for ISO’s and some general file storage.

 

 

Categories
Homelab Hosting

Sophos UTM – Lets Encrypt

Lets Encrypt

 

I have written previously around my use of Sophos UTM within my homelab.   Now I know it’s not a perfect device and some diehard network engineers will say it doesn’t have a CLI. But for my lab, my requirements and my level of skill its a dam good device with SO many features.  It may not have a CLI but it does have an API which has been on my backlog to look into for a long time.

Version 9.6 has just been released and one of the features that has been added was the integration of let’s encrypt certificates. Here is a quick intro to get up and running with them.

Create a certificate

To get started first of we need to enable Lets Encrypt.  This is done in the advanced section of the Certificate Management console with a simple tickbox.

Once that’s been enabled its time to request some certificates.

Navigate to Webserver Protection > Certificate Management > Certificates.

Click on +New Certificate…  

Hosting.jameskilby.net Certificate Creation

 

When you select save the UTM Appliance creates a self signed certificate that can be used immediatly.  In the background it requests a certificate from lets encrypt and providing it passes the validation checks the signed Let’s Encrypt certicate is recieved back from Let’s encrypt.

 

Lets Encrypt Certificate

 

Then its simply a case of applying it. In this example I have added to the Web Application Firewall section protecting the webserver

This can then be validated by visiting the site and as can be seen its displaying properly.

I have created Lets Encrypt certificates for all of the services that I run on the UTM,  they auto renew and generally make life a lot easier.