Change an Air-Gapped vSphere Lifecycle Manager from Baseline to Single Image

Reading Time 2 Minutes

A few days back i had the challenge to convert a vSphere 7.0 U3 Cluster (which was still managed in Lifecylce Manager with Baselines –> which are finally going away after vSphere 8, btw., so it’s time to migrate, folks!) to a Single Image.

I’m not going into details about vSphere Lifecycle Manager with Single Image and/or Baselines here, there’s lot’s of other stuff to read about that on the internet.

The challenge here was that the vCenter had no connection to the internet, so all the benefits like giving me a long list of ESXi releases and Vendor Add-Ons was not the case, and I couldn’t find any advice in the documentation on how to do it “offline” and seperated from the World Wide Web.

So, let me show you how I did it.

Continue reading

vSphere Replication and Traffic Separation

Reading Time 4 Minutes

Recently I had more to do with vSphere Replication and Site Recovery Manager (more specifically with versions 8.6) and would like to share my experiences with Traffic Separation for vSphere Replication with you.

What is Traffic Separation?

Traffic separation is the possibility of splitting network traffic between different networks/port groups/VLANs and thereby possibly achieving an increase in security and performance.

So why separate?

Continue reading

Replacing the vCenter Machine Certificate …and don’t forget the VxRail Manager!

Reading Time 3 Minutes

The topic of certificates seems to be haunting me at the moment.
Anyway, I want to briefly show here how easy it is nowadays to replace the SSL certificate of the vCenter with an Enterprise CA-signed one.

If you look at the KB article from VMware (Replacing a vSphere 6.x /7.x Machine SSL certificate with a Custom Certificate Authority Signed Certificate), the “certificate-manager” is still quoted here on the command line.

Create CSR in vSphere Client

But it is also very easy via the vSphere Client. In my case, there are a couple of VxRail clusters connected to this vCenter, here you also have to do something in the VxRail Manager (in this case still via CLI), but it’s also easy, see below.
To the Demo!

Continue reading

vSphere+ – Installation and First Impressions

Reading Time 4 Minutes

Everyone has been talking about vSphere+ for a few weeks now, so I wanted to get a (technical) impression of what’s behind all the marketing-heavy blog articles and announcements.

A short diagram in advance so that it is clear what we are dealing with:

Traditional vSphere Environment converted to vSphere+ Subscription, graphic courtesy of VMware

In a classic vSphere environment, there are one to many vCenters that need to be managed. With vSphere+, a vCenter Cloud Gateway is introduced which acts as a relay between the VMware Cloud and the on-premises vCenters. This allows services from the VMware Cloud to be used with the on-premises datacenter. Sounds pretty easy!

Continue reading

VMware NSX ALB / AVI Certificate Signing Request (CSR) with Microsoft CA

Reading Time 2 Minutes

Since I was dealing with VMware NSX Advanced Load Balancer (or NSX ALB aka AVI Loadbalancer, take your pick!) in connection with vSphere with Tanzu in our ITQ Lab environment, I also wanted to make it trustworthy with an “official” certificate and replace the “Self Signed Certificate”.

In the Lab environment, a Windows Certificate Authority (CA) and the CA Web Enrollment already exist on a Windows 2019 VM. I will not go into detail about the installation of the CA; here I followed an article on the VirtuallyThere Blog.

In addition, I have created a Certificate Template according to VMware specifications. In the future, I would like to use this for all VMware product deployments in the lab. I have written another blog article about this (Creating a Microsoft CA Template for vSphere 6.x/7.x), or if you want to read it directly from VMware, here is the KB article: Creating a Microsoft Certificate Authority Template for SSL certificate creation in vSphere 6.x/7.x

Continue reading