Eric Sloof

Entries from September 2012

Wednesday, September 5. 2012

VMworld TV - Having fun at the Solutions Exchange

Tuesday, September 4. 2012

Replacing Default vCenter Server 5.0 and ESXi Certificates

vSphere encrypts session information using standard digital certificates. Using the default certificates that vSphere creates might not comply with the security policy of your organization. If you require a certificate from a trusted certificate authority, you can replace the default certificate.

Certificate checking is enabled by default and SSL certificates are used to encrypt network traffic. However, ESXi uses automatically generated certificates that are created as part of the installation process and stored on the server system. These certificates are unique and make it possible to begin using the server, but they are not verifiable and are not signed by a trusted, well-known certificate authority (CA). These default certificates are vulnerable to possible man-in-the-middle attacks.

To receive the full benefit of certificate checking, especially if you intend to use encrypted remote connections externally, install new certificates that are signed by a valid internal certificate authority or public key
infrastructure (PKI) service. Alternatively, purchase a certificate from a trusted security authority. 

VMware products use standard X.509 version 3 (X.509v3) certificates to encrypt session information sent over Secure Socket Layer (SSL) protocol connections between components. For example, communications between a vCenter Server system and each ESXi host that it manages are encrypted, and some features, such as vSphere Fault Tolerance, require the certificate verification provided by SSL.

The client verifies the authenticity of the certificate presented during the SSL handshake phase, before encryption, which protects against "man-in-the-middle" attacks. When you replace default vCenter and ESXi certificates, the certificates you obtain for your servers must be signed and conform to the Privacy Enhanced Mail (PEM) key format. PEM is a key format that stores data in a Base-64 encoded Distinguished Encoding Rules (DER) format.

The key used to sign certificates must be a standard RSA key with an encryption length that ranges from 512 to 4096 bits. The recommended length is 2048 bits. Certificates signed by a commercial certificate authority, such as Entrust or Verisign, are pre-trusted on the Windows operating system. However, if you replace a certificate with one signed by your own local root CA, or if you plan to continue using a default certificate, you must pre-trust the certificate by importing it into the local certificate store for each vSphere Client instance. You must pre-trust all certificates that are signed by your own local root CA, unless you pre-trust the parent certificate, the root CA’s own certificate.

http://www.vmware.com/files/pdf/techpaper/replacing-vCenter-Server-5-ESXi-Certificates.pdf

VMworld TV - Book Signing



Eric Sloof interviews VMware authors Bill Ferguson, Harley Stagner, Mostafa Khalil, Mike Laverick, Alan Renouf, and Luc Dekens about their new books at VMworld 2012.

Technical White Paper - What’s New in VMware vSphere 5.1 – Performance

VMware vSphere 5.1 continues to enhance the performance features and capabilities of the vSphere platform, making it the most robust and highest-performing cloud platform. vSphere 5.1 supports even larger virtual machines and physical hosts to accommodate even the most demanding of workloads. It also introduces several new features that reduce latency and increase throughput for network, storage and compute.

The following are some of the performance highlights in vSphere 5.1:

VMware vCenter Server

• VMware vSphere Web Client
• VMware vCenter™ Single Sign-On server scalability
• vCenter Server database and statistics collection enhancements

Core platform

• 64-way vCPU scalability
• 256 pCPU support
• New physical processor enablement
• Memory overhead reduction
• Virtualized CPU performance counters
• Latency setting

Storage

• VMware vSphere Storage I/O Control enhancements
• VMware vSphere Storage DRS enhancements
• 16GB Fibre Channel support
• Hardware iSCSI jumbo frames support

Network

• Single-root I/O virtualization (SR-IOV)
• VMware vSphere Distributed Switch (VDS) scalability improvements

VMware vSphere vMotion

• vMotion enhancements
• VMware vSphere Storage vMotion enhancements

Platform features for VMware vCloud Director and VMware View

• 3D graphics
• VMware vSphere APIs – Array Integration (VAAI) snapshots
• VXLAN

http://www.vmware.com/files/pdf/techpaper/Whats-New-VMware-vSphere-51-Performance-Technical-Whitepaper.pdf

VMworld TV - Real Cool Overview Of Day Two

Monday, September 3. 2012

Technical White Paper - VXLAN Performance Evaluation on VMware vSphere 5.1

Cloud computing services have experienced rapid growth over the past few years because they can keep costs down by allowing multiple tenants to share system resources. One requirement of making this multiple tenancy possible is to provide each tenant with network isolation. Segmenting the traffic using VLAN is a typical solution to this problem. However, service providers also need to keep up with customer demand by being able to move workloads to those servers that have spare resources.

To do so, network traffic needs to be encapsulated so that the workload is not tied to the underlying hardware. This can be a problem because the networking architecture ties the workloads to the underlying hardware, which restricts the movements of these workloads and limits where these workloads can be placed. In addition, segmenting the physical LAN using VLANs does not scale beyond a certain limit.

Virtual extensible LAN (VXLAN) is a network encapsulation mechanism that enables virtual machines to be deployed on any physical host, regardless of the host’s network configuration. It solves the problems of mobility and scalability in two ways:

  • It uses MAC in UDP encapsulation, which allows the virtual machine to communicate using an overlay network that spans across multiple physical networks. It decouples the virtual machine from the underlying network thereby allowing the virtual machine to move across the network without reconfiguring the network.
  • VXLAN uses a 24-bit identifier, which means that a single network can support up to 16 million LAN segments. This number is much higher than the 4,094 limit imposed by the IEEE 802.1Q VLAN specification.

Since VXLAN is an additional encapsulation mechanism introduced at the hypervisor layer, there are certain performance implications. This paper demonstrates that the performance of VXLAN on vSphere 5.1 is very close to a configuration without VXLAN, and vSphere 5.1 with VXLAN configured can meet the demands of today’s network-intensive applications. 

VMware has used industry-standard benchmarks to conduct our experiments that demonstrate:

  • A virtual machine configured with VXLAN achieved similar networking performance to a virtual machine without VXLAN configured, both in terms of throughput and CPU cost.
  • vSphere 5.1 scales well as we add more virtual machines on the VXLAN network.


Sunday, September 2. 2012

New VMware Certifications: VCP-Cloud, VCAP-CID and VCAP-DTD

During last week’s VMworld 2012 event in San Francisco, VMware has released three new certifications; VCP-Cloud, VCAP-CID and VCAP-DTD.

The VMware Certified Professional – Cloud (VCP-Cloud) certification validates your ability to install, configure and administer a Cloud environment using vCloud Director and related components. Achieving this certification demonstrates your understanding of basic cloud concepts including public/private/hybrid clouds, multi-tenancy and cloud security, as well as your skills in using vCloud Director to create and manage vApps, service catalogs, and organization/provider VDCs, as well as administering cloud enabled networking and storage.

Earning VMware Certified Advanced Professional – Cloud Infrastructure Design (VCAP-CID) certification shows that you have continued to enhance your cloud skills, and gives you a new, industry-recognized credential for your list of accomplishments.

The VCAP-CID certification is designed for architects who can devise a conceptual framework based on business requirements, organize its elements into distinct components, and design a cloud infrastructure that meets those requirements. It also verifies that you can define goals for the architecture, analyze elements of the framework, and make design decisions that ensure the proper physical and virtual components exist in the design. Achieving VCAP-CID status shows that you have skills with:

  • Conceptual, Logical, and Physical Design
  • Security and Availability Design
  • Extended Cloud Design
  • Metering and Compliance
  • vApp Design

Earning VMware Certified Advanced Professional – Desktop Design (VCAP-DTD) certification shows that you have continued to enhance your desktop virtualization skills, and gives you a new, industry-recognized credential for your list of accomplishments.

VCAP-DTD is designed for architects who can devise a conceptual end user infrastructure framework based on business requirements, organize its elements into distinct components, and design an architecture that meets those requirements. It also shows that you have experience defining goals for the architecture, analyzing elements of the framework, and making design decisions that ensure the proper physical and virtual components exist in the design for the desktop users.

previous page (Page 4 of 4, totaling 37 entries)

Recent Entries

InfiniBand on VMware vSphere 8: Updated Setup and Performance Insights
Tuesday, April 15 2025
Boosting VM Performance with vSphere 8.0 Virtual Topology: What You Need to Know
Friday, March 28 2025
Bridging Cloud and Edge AI: VMware Meets Azure Machine Learning
Saturday, March 22 2025
Unlocking AI Inference with VMware and NVIDIA: A Scalable Private AI Foundation
Wednesday, March 19 2025
Beginner’s Guide to Automation with vDefend Firewall
Saturday, March 15 2025
Deploying Nested VMware Cloud Foundation Environments with Holodeck 5.2
Sunday, March 9 2025
For the 17th Time: vExpert! 🎉
Wednesday, February 26 2025
VMware Tanzu RabbitMQ 1.3 vs. Confluent Kafka: Performance Study Insights
Saturday, February 22 2025
Optimizing VMware vSphere 8 for Latency-Sensitive Workloads
Sunday, February 16 2025
VMware Cloud Disaster Recovery - Networking Essentials for Business Continuity
Sunday, February 9 2025
Best Practices for Running NFS with VMware vSphere
Sunday, February 9 2025
Introduction to VMware vSphere Clustering Service (vCLS)
Sunday, February 9 2025
Exploring VMware’s vSAN Availability Technologies
Sunday, February 9 2025
Enhancing Performance with VMware vCenter 8.0 U3 Tagging Best Practices
Thursday, February 6 2025
Running AI Without GPUs Using VMware and Intel's Latest Technologies
Thursday, February 6 2025
Enhancing Data Security with VMware vSAN Encryption Services
Thursday, February 6 2025
Unlocking Storage Efficiency with VMware vSAN
Thursday, February 6 2025
Managing Recovery SDDC Deployment with VMware Cloud on AWS
Thursday, February 6 2025
Automating IaaS with VCF: A Path to Self-Service Cloud Efficiency
Wednesday, February 5 2025
Streamlining Automation with VCF Automation 5.2
Wednesday, February 5 2025
VMware NSX Multi-Locations Reference Design Guide for version 4.2
Saturday, January 25 2025
VCF Shorts: Quick Insights into VMware Cloud Foundation
Tuesday, January 14 2025
VMware Cloud Foundation | Poster
Sunday, January 12 2025
My Experience with the VCF Architect Exam: A Challenging Path to Success
Friday, January 10 2025
Metro/Stretched Storage Clustering Best Practices with Virtual Volumes (vVols) on VMware vSphere 8
Tuesday, December 24 2024
Protecting and Recovering Mission-Critical Applications in a VMware Hybrid Cloud with VMware Live Site Recovery
Thursday, December 12 2024
Improving VDI Workload Consolidation with VMware vSGA and Intel Data Center GPU Flex Series
Monday, November 18 2024
VMware Cloud Foundation Automation ABX Actions for Ansible Automation Platform - Deployment Guide
Monday, November 18 2024
VMware Cloud Foundation Automation ABX Actions for Ansible Automation Platform - User Guide
Monday, November 18 2024
Secure Networking for Multi-Tenant High Performance Computing and Machine Learning - Reference architecture and performance study
Tuesday, October 15 2024
New Certification - VMware Certified Professional: VMware Cloud and vSphere Foundation Administrator 2024
Tuesday, September 24 2024
Reference architecture and performance study - Secure Networking for Multi-Tenant High Performance Computing and Machine Learning
Tuesday, September 17 2024
Performance Best Practices for VMware vSphere 8.0 Update 3
Tuesday, September 17 2024
Troubleshooting TCP Unidirectional Data Transfer Throughput on VMware vSphere Packet Trace Analysis Using Wireshark
Monday, September 9 2024
VMware vSphere 8 Performance Is in the “Goldilocks Zone” for AI/MLTraining and Inference Workloads
Tuesday, August 27 2024
Unlocking Knowledge: Free Access to VMware Explore Video Library
Sunday, July 21 2024
Ensuring High Availability and Disaster Recovery in NSX-T Management Cluster
Sunday, June 9 2024
New Book - VMware vSphere Essentials
Tuesday, April 30 2024
CoolTool: VirtualC64
Friday, April 12 2024
Cilium Certified Associate Exam - Preparation Manual
Monday, March 25 2024
Python Mastery From Basics to Brilliance - How-to Video on Configuring an OpenAI API Key
Thursday, February 22 2024
Free Training Course - Designing, Configuring, and Managing the VMware Cloud
Saturday, February 17 2024
Discover the Versatility of ElevenLabs Voice Technology
Wednesday, February 14 2024
Exploring the World of Matter: The Future of Smart Home Technology
Wednesday, February 7 2024
Navigating the World of Artificial Intelligence: A Guide to the Latest AI Technologies
Wednesday, February 7 2024
UTM: The Ultimate Virtual Machine Experience for iOS and macOS
Friday, January 19 2024
Streamlining vSphere Operations with ChatGPT
Monday, January 15 2024
The vSphere Metrics Book - 3rd edition
Friday, January 12 2024
Setting Up ESXi ARM on the Raspberry Pi 5
Friday, January 12 2024
Mastering vCenter Operations with Python: A Script to Manage Your VMs
Tuesday, January 9 2024
Harvesting Data: Python's Gateway to Aria Operations Metrics
Tuesday, January 9 2024
TensorFlow Management Pack For VMware Aria Operations
Saturday, December 23 2023
VMware Aria Operations API – Postman Collection
Tuesday, December 19 2023
Integrating the Raspberry Pi Pico with Aria Operations - Introduction
Monday, December 11 2023
vSAN Adaptive Quorum Control in a stretched cluster
Sunday, November 26 2023
TensorFlow Lite on a Raspberry Pi 5 with Camera Module 3
Friday, November 24 2023