Meetup: Enterprise Docker and DevOps

This week, Tuesday the 16th,  was the first meetup organized by Amazic. The nice thing for me is that Amazic is located in Nieuw-Vennep which is also my hometown. After the food and drinks, Luke Hasty started the evening. Mohamed Yassini, the founder of Amazic told us a bit about the background of this meetup. His goal is to have meeeup sessions with a focus on security. This session was around Twistlock. Next session will have as topic Sonatype.

This meetup will look at how to apply automated security policies for every stage of the DevOps workflow, including seamless CI integration, extensive API support, and dev-to-production security controls that enforce consistent policies across the container lifecycle, be that on premise, virtualised or in the cloud.

 

Ashley Ward (Solutions Architect) at Twistlock told us his vision of security in general and after went into the possibilities that Twistlock offers. The presentation of the meetup can be found here under Twistlock.

Very good session with an enthousiatic speaker and also an interesting product. I liked the fact that the product scans all the layers of the docker file. I also liked the fact that you put the responsibility for the security of the container application on the level of the developer, as part of you build it, you run it. All in all a good meetup. Thanks Amazic for arranging it.

New fling: Autopology – wysiwyg Designer for NSX

NSX is a very powerful network virtualization platform that allows the users to spin up large scale complex networks within seconds. For new users, the inventory-based interface that NSX exposes might be a little overwhelming. To ease the network creation process and the workloads’ attachment to such networks we present ‘Autopology’ – a graphical interface aimed to complement NSX and simplify workflows for customers and people stepping into the realm of virtual networking.

What Autopology Offers

  • Drag and drop interface to create logical networks so that the customers can design topologies tuned to their environments
  • Single click replication of sections of topologies
  • Ability to view the drawn network for future reference
  • Ability to easily navigate to NSX Manager interface to further customize the logical entities as and when needed
  • Ability to attach multiple VMs to logical entities. VMs could be residing on ESX or KVM hypervisors

Benefits

  • One cohesive view to design logical networks as opposed to filling out tedious forms across multiple views
  • Intelligent defaults help bypass advanced configuration for network objects
  • Rapid scaling of logical networks
  • Inventory of workloads across multiple hypervisors
  • Combine compute and network in a single view

Requirements:

VMWare Products
Autopology Server

Ubuntu 16.04 with the following packages installed:

  • apt-get install python-pip
  • apt-get install python-libvirt
  • apt-get install libssl-dev
  • apt-get install python-dev
  • apt-get install libffi-dev
Autopology Web Interface
  • Chrome, the latest version from Google
  • Firefox, version 35 and above from Firefox

Installation instructions

  1. Download the autopology-1.0.20170421-py2-none-any.whl package from this page on the Ubuntu 16.04 machine
  2. Install the package on Ubuntu 16.04 machine using the command:
    pip install autopology-1.0.20170427-py2-none-any.whl
    l
  3. Start Autopology Server using the command:
    autopology.server
  4. Follow the prompts to complete server startup
  5. Post install, use the Autopology Web Interface URL, typically, https://<Ubuntu machine ip>:<port number> to design and deploy NSX topologies.

For detailed instructions, please refer to the Autopology Installation & Quick Start Guide.

VMware to Deliver VMware Horizon Cloud on Microsoft Azure

Today VMware announced VMware Horizon Cloud on Microsoft Azure. The solution helps customers bring VMware virtual desktops and applications to the increasing global presence of Microsoft Azure in the enterprise.

The addition of VMware Horizon Cloud on Microsoft Azure puts VMware in a unique position to offer customers several infrastructure options for virtual desktops and applications with the flexibility to move between different platforms,” said Sumit Dhawan, senior vice president and general manager, End-User Computing, VMware. “This is an example of VMware executing against its cross-cloud strategy and bringing innovation to the desktop-as-a-service (DaaS) category it pioneered in 2009.”

Horizon Cloud is unique in its ability to use a single cloud control plane to give customers the flexibility to choose their preferred infrastructure for delivering and managing virtual desktops and applications. Leveraging VMware’s cross cloud strategy, customers can choose from several deployment options and can dynamically switch options if use cases change, employees move or economics shift. Only Horizon Cloud offers this flexible scale-out of virtual desktops and applications with options including:

  • Fully Managed Public Cloud Infrastructure from VMware – Designed for organizations looking to outsource management of infrastructure to the cloud for a desktop-as-a-service (DaaS) experience and great for quick scaling and predictable economics.
  • Leverage Public Cloud Infrastructure from Microsoft – Connect Azure Infrastructure-as-a-Service (IaaS) to Horizon Cloud to deliver and manage Horizon virtual desktops and applications, ideal for organizations with an Azure subscription.
  • Bring Your Own On-Premises Infrastructure with Hyperconverged Infrastructure (HCI) Appliances – Designed for organizations that desire greater control over their virtual desktop infrastructure and ideal for those with tight security or performance requirements.

Horizon gives customers the ability to use an industry-leading solution that has been recognized for having, “…the most complete mix of business and solution strategies and capabilities for delivering virtual desktops and applications” according to the 2016 IDC Marketscape.2

“Enterprises all over the world are rapidly looking to the cloud to consume their IT solutions,” said Steven Guggenheimer, corporate vice president, developer and platform evangelism, Microsoft Corporation. “We are excited to see VMware bring their Horizon Cloud offering and enterprise customers to Azure.”

“DaaS has matured over the years and today offers the cost savings, performance and agility that appeals to businesses in search for a modern desktop strategy,” said Robert Young, research director, IDC. “The addition of a major cloud platform such as Microsoft Azure has the potential to accelerate the adoption of VMware Horizon among customers searching for a different way to manage and deliver Windows 10 desktops and applications.”

“We believe the future of computing is virtual and VMware Horizon Cloud enables us to deploy desktops and applications to new employees significantly faster, and offers greater platform agility,” said Kevin Klosiewski, cloud services manager, Hydrite Chemical Company. “Whether it’s our sales team using tablets in the field or staff working with thin clients, they can easily access their desktops or applications without skipping a beat.”

Availability

VMware Horizon Cloud on Microsoft Azure is expected to be available in the second half of 2017.

For more info and answer  read: Horizon Cloud on Azure FAQ

Get new fling: Host Profiles CLI

The Host Profiles CLI Fling (hostprofilescli) is a command-line utility that allows vSphere administrators to perform several operations with Host Profiles that are either not currently possible through existing user interfaces, or possible only through graphical interfaces.

Recall that Host Profiles is a feature of VMware vSphere that allows identical configurations to be applied to multiple hosts. Customers typically use one profile per cluster, but depending on hardware and storage consistency, a single profile can be used more broadly.

This CLI utility can be used to perform the following operations:

  • Customize Auto Deploy stateless hosts prior to booting and joining vCenter Server
  • Import/Export Host Profile to or from local file
  • Attach a profile to an existing cluster
  • Set root password in a profile or configure a profile to use unique root passwords per host
  • Configure system image cache setting (stateless, cached, or stateful install)
  • List all host profiles in vCenter Server

Administrators of large VMware vSphere deployments who regularly deploy new clusters of VMware ESXi hosts can benefit from this additional automation for Auto Deploy and Host Profiles.

Overview of Capabilities

Pre-Customization of Auto Deploy Hosts

When using Host Profiles, most configuration settings apply equally to every host in a cluster, but certain items are unique to each individual node. These unique settings, such as a hostnames or static IP addresses, are known as customizations and are sometimes referred to as answer files. Administrators normally input these customizations with a graphical vSphere interface during the deployment process. vSphere 6.5 introduced a mechanism that allows editing customizations through a CSV file, but the feature only applies to hosts that have already been added to the vCenter Server inventory.

The stateless-template feature of this CLI utility allows administrators to pre-populate a vSphere cluster with all customizations applicable to the associated Host Profile so that VMware ESXi hosts can be fully configured and ready for use with zero manual intervention – without a GUI. The customization data, such as static IP addresses or unique root passwords, are specified using a standard CSV file. As such, this configuration data can be generated programmatically and tracked though version control mechanisms.

See the Instructions tab for more information on how to use this feature.

Host Profile Import and Export

The hostprofilescli utility can also be used to export a specific profile to a local file for backup or, in some cases, to move between test and production environments. Keep in mind that Host Profiles are very closely tied to specific hardware, I/O devices, and storage. Attempting to use a profile in another environment that is not virtually identical may require significant troubleshooting to become operational.

Examples:

hostprofilescli hostprofile --profile esxi65-nfs-gen8 export --file esxi65-nfs-gen8.vpf
hostprofilescli hostprofile --profile esxi65-nfs-gen8 import --file esxi65-nfs-gen8.vpf

(Examples on this page omit the authentication parameters for brevity.)

Root Credential Management

Host Profiles can be used to specify passwords for ESXi accounts. However, since passwords are not extracted from the reference host during profile creation, they must always be set by an administrator afterwards through the Host Profile editor. The hostprofilescli utility can be used to set the root password on a profile, eliminating the need to log in and use a vSphere GUI.

Alternatively, Host Profiles can be configured to prompt a user for host passwords during customization – useful if security standards require unique root passwords for each individual ESXi host. This utility can also enable such a configuration, and if it is selected then root passwords can be specified in the customization data through the stateless-template feature described above.

Examples:

hostprofilescli hostprofile --profile esxi65-nfs-gen8 useraccount-password set --type allhosts
hostprofilescli hostprofile --profile esxi65-nfs-gen8 useraccount-password set --type perhost

Attach Profile to Cluster

Once a Host Profile exists in vCenter Server, either by extracting from a host or uploading form a file, it can be attached to an existing cluster using the attach subcommand.

Example:

hostprofilescli hostprofile --profile esxi65-nfs-gen8 attach --entity dbcluster

System Image Cache Configuration

Although the most common deployment architecture for Auto Deploy is to use stateless, diskless VMware ESXi hosts, there are two other options: stateless caching and stateful installation. The hostprofilescli utility can also be used to modify this setting.

Stateless caching is used to mitigate potential performance degradation during boot storms, such as during recovery after a mass outage. With this configuration, hosts boot from a cached copy of ESXi on local storage if PXE or Auto Deploy services are not available. Important to note is that these hosts will boot and wait until Auto Deploy is available before they are re-connected to vCenter Server. Therefore, caching is not a high-availability architecture.

Stateful install is a means of using Auto Deploy to perform a traditional installation of ESXi to disk. After installation, the host is identical to hosts installed from ISO image and is no longer dependent on Auto Deploy. Choosing this option requires that physical hosts be configured to boot first from hard disk, not from network, after installation is complete.

Examples:

hostprofilescli hostprofile --profile esxi65-nfs-gen8 system-image host set \
--type stateful-install --firstdisk_arguments localesx,local --ignore_ssd --overwrite_vmfs

For more information on system image cache, see the product documentation

Requirements

The hostprofilescli binary was tested on the following Linux distributions

  • CentOS Linux release 7.3.1611
  • Ubuntu 16.04.2 LTS
  • VMware PhotonOS 1.0 build 13c08b6
  • vCenter Server Appliance (VCSA) 6.5

Alternatively, the Python source is included and can be copied and executed directly on vCenter Server for Windows or VCSA 6+.

Tested with vSphere 6.0U3 and vSphere 6.5, on both Windows and VCSA platforms, with the following specific requirements:

All versions and platforms

  • Auto Deploy service functional
  • Host Profile adequately tested with intended target host hardware and storage
  • Cluster in vCenter Server with above Host Profile attached

Additional prerequisites for vSphere 6.5 only

  • Image Builder service functional
  • Software Depot (online or custom) with desired ESXi image profile accessible

Additional prerequisites for vSphere 6.0U3 only

New fling: vCenter Cluster performance tool

vCenter Cluster Performance Tool is a Powershell script that uses vSphere PowerCLI to obtain performance data for a cluster by aggregating information from individual hosts. You have the following options to specify in the script.

  • An “interval” of 20s or 300s. The default is 20s, and corresponds to real time statistics. 300s corresponds to the 5 min interval statistics.
  • A stats query flag to obtain the list of counter IDs available on the vCenter Server. You can then pass the desired counter ID from that list to obtain Performance metrics for the cluster.

Features

  • Gathers all data of the specified interval type that is available on each host in the specified cluster
  • Easy and a quick way of obtaining performance data for a vCenter cluster
  • Data is saved in a CSV file, which can then easily be fed into any charting software
  • A chart, in PNG format, is also generated for visualization

Note:The core distribution model for VMware PowerCLI was changed from Snapins to modules in PowerCLI 6.0. Which means that we will have to modify our scripts to not use snapins any more, in order to make them work with newer versions of vSphere.

Requirements

  • VMware vCenter Server 5.0 and above
  • PowerShell supporting Windows system (Windows XP and later)
  • VMware vSphere PowerCLI that is compatible with the vCenter Server
  • Microsoft Chart Controls for Microsoft .NET Framework 3.5

vSphere Docker Volume Service is now Docker…

vSphere Docker Volume Service is now Docker Certified! [blogs.vmware.com/virtualblocks]

vSphere Docker Volume Service is now Docker…

We are happy to announce that VMware has joined Docker Certification Program and vSphere Docker Volume Service (vDVS) plugin is now available on Docker Store!


VMware Social Media Advocacy

Kubernetes and VMware NSX

Kubernetes and VMware NSX [blogs.vmware.com/networkvirtualization]

Kubernetes and VMware NSX

Organizations are moving away from static infrastructure to full automation on every aspect of IT. This major shift is not happening overnight. It is an evolutionary process, and people decide to evolve their IT at different speeds based on organizational needs.


VMware Social Media Advocacy

VMware Validated Design for SDDC 4.0…

VMware Validated Design for SDDC 4.0 Architecture Reference Poster [blogs.vmware.com]

VMware Validated Design for SDDC 4.0…

On March 2nd 2017 we released the VMware Validated Design for Software-Defined Data Center 4.0. A milestone release in our commitment to delivering our customers standardized, proven, and robust data-center level designs for the Software-Defined Data Center.


VMware Social Media Advocacy

%d bloggers like this: