Posts

Posted on

Monitor Tanzu K8s Compliance with Runecast Analyzer

Checking the cluster’s compliance for security or hidden problems is meanwhile a standard task. There are automated tools to do the job such as VMware Skyline or Runecast Analyzer. In addition to standard vSphere clusters, the latter can also check vSAN, NSX-T, AWS, Kubernetes and, since version 5.0, Azure for compliance.

In this blog post I’d like to outline how to connect a vSphere with Tanzu [*] environment to Runcast Analyzer. [* native Kubernetes Pods and TKG on vSphere]

Some steps are simplified because it is a Lab environment. I will point this out at the given point.

Before we can register Tanzu in Runecast Analyzer, we need some information.

  • IP address or FQDN of the SupervisorControlPlane
  • Service account with access to the SupervisorControlPlane
  • Service account access token
Continue reading “Monitor Tanzu K8s Compliance with Runecast Analyzer”
Posted on

vExpert Pro 2021

This year I applied for the VMware vExpert Pro program for the first time and was delighted to receive the news on Monday that I had been accepted.

What is vExpert Pro?

The idea behind the launch of the vExpert Pro program is to create a worldwide network of vExperts who are willing to find, support, and mentor new vExperts in their local communities.

VMware launched the program 2018 and describes vExpert Pro as cited below.

A vExpert Pro is a current vExpert who excels in their local region, adding value to the program and giving back to the community. This person has a strong relationship with the local IT community in general, and works as an advocate for the vExpert program, recruiting, mentoring and training people.

What does vExpert Pro mean for me?

I see it as an honor and recognition for the work I have been doing in and for the community over the last several years.

There is a large number of unknown experts around the world with a high level of knowledge and a willingness to share this expertise with others. They often lack just a little push to apply for the vExpert program. Many don’t consider themselves good enough or worthy of becoming part of the vExpert program. This is where the vExpert Pro will come into play. It is their mission as mentors to assist new experts in finding their way into the community.

I’ve been actively blogging since 2010, and for a long time I too considered my own content to be insignificant or not good enough. So it finally wasn’t until 2017 that I applied to become a vExpert for the first time. Back then, I would have appreciated a mentor like a vExpert Pro. This would have certainly helped me get to the vExpert program with more confidence and also much sooner. I consider this to be my primary mission as a vExpert Pro.

I have been actively mentoring in the VMUG Mentorship Program for some time now and have been coaching two candidates (mentees) from Indonesia and Poland. Here the focus is on personal development, training and improvement of communication skills such as public speaking. The vExpert Pro is the logical next step in this activity. I would like to guide talents in my region on the path to the vExpert and support them in every way possible.

Get in touch

Have you ever thought about joining the vExpert program? Did you abandon the idea because you lacked the courage or motivation? Then don’t hesitate to get in touch with me.

You can reach out on my Twitter handle @Microlytix, or LinkedIn, or my VMUG profile.

Posted on

Don’t confuse a blog post with a deployment guide

Lab environments are a great thing. We can test new products on a small scale platform and demonstrate them as a proof of concept (PoC).

Like many of my fellow bloggers I write down my lab experience in little blog posts that I share with the community. I regularly read blogs and tutorials to keep myself informed about new products and techniques. There is hardly a topic in the field of virtualization that someone hasn’t written something about at some point. This is invaluable, as it gives you a quick introduction to what is usually a complex subject.

When reading my (and other) blog posts, you may get the impression that the described setup procedure follows the simple skip-skip-finish principle. In other words, accept the default values, click three times and the installation is complete. This might be true in the lab, but a real life deployment is miles away from a lab setup.

In the lab many things are simplified to the max according to the KISS principle (keep it simple and stupid). Some of the methods used are not necessarily in compliance with the manufacturer’s recommendations, or are outright forbidden in productive environments.

This means : Having read a tutorial by my favorite blogger [insert name here] does not enable me to transfer what I have learned 1:1 to a real project.

I have had several discussions about this in preliminary project meetings. People have asked why the planning phase takes so much time. They said that (they thought) the product was totally easy to install, as you can read on [insert name here]’s blog.

As a blogger and lab user, I know how to view these posts. They are to be understood as a quick introduction and an easy to understand overview of a new technology. This has very little to do with real world deployments. In this posting, I would like to point this out with the help of a few examples:

Continue reading “Don’t confuse a blog post with a deployment guide”
Posted on

Heads up! Watch your NIC order when adding more hosts to VCF

VMware Cloud Foundation is a unified SDDC platform for the hybrid cloud. It is based on VMware’s compute, storage, and network virtualization.

VCF can be expanded with more workload domains by adding further hosts, or it can be stretched over two availability zones (AZ). The expansion is initiated by and under control of the SDDC-Manager. The procedure is fairly straightforward and SDDC-Manger does all the configuration tasks in the background, i.e. forming vSAN clusters, networks, kernel ports, vCenters and NSX control planes.

  • setup hosts with ESXi base image
  • confige a management IP address
  • set root credentials
  • configure DNS and NTP
  • import new hosts into SDDC-Manager
  • deploy new WLD

There is a pitfall that can be easily overseen: The order of the new host’s NICs. Before we can import new hosts, we’ll get to see a checklist about the host requirements. The hosts need to have two NICs with at least 10 GBit.

While reading the list there’s a little detail that is often overlooked. Traditional numbering means that both NICs must have numbers vmnic0 and vmnic1. Unfortunately this seems to be hard coded and cannot be changed (as of current version 4.2). To make matters worse, many server systems have onboard 1 GBit network adapters. There’s a KB article that explains how VMware ESXi determines the order in which names are assigned to network devices. It’ll start with onboard NICs and then continues with PCIe cards. As a result you’ll might end up with two 1 GBit onboard NICs as vmnic0 and vmnic1. In this case the bringup of the VCF expansion will fail.

While you can choose NICs during initial VCF bringup, this is not possible during expansion and this time there’s no such thing as a bringup sheet. You can’t select more than two NICs either when using SDDC-Manager. In that case you’ll need to use API-calls.

Workaround

Currently there’s no other way than to disable onboard NICs in the system BIOS. If your desired NICs still show a higher number you’ll need to put the PCIe card into a lane with lower number.