Friday, 12 February 2016

Tagging Firewall rules within NSX

One of the new features that was introduced as part of NSX 6.2 was the ability to tag a particular firewall rule with a text string which would then be sent as part of the syslog message.  This could then allow you to easily search / filer for that rule within vRealize Log Insight or any other logging application.  This can be particular handy if you have multiple tenants and you want to be able to filer rules based on tenants:

I've created two rules, one to allow access to WEB01 and log with Tenant 1 and another to allow access to WEB02 and log with Tenant 2:

Now if I ping both servers to hit the rules, the syslog messages should be sent with the appropriate tags, and then I can check vRealize Log Insight and I should now be able to filter my logs based on those tags:

Wednesday, 3 February 2016

North East VMUG - Thursday 25th February

It's that time again, the next North East VMware User Group is happening on Thursday 25th February and boy do we have a great line up of speakers for you.  Joe Baguley (twitter) Chief Technical Officer for EMEA will be delivering a keynote session and Duncan Epping (blog | twitter) will be talking about Virtual SAN.  We have two community sessions at the event, one from Matthew Bunce (blog | twitter) and Marco Van Baggum (blog | twitter) on NSX in the real world and another from Kyle Jenner (blog | twitter) on the importance of a VDI assessment for an accurate design and ultimately a successful project.  We have some great prizes to give away but you have to be there during the draw to win and then onto vBeers afterwards.

You can register here and the event will take place at Campus North:

Campus North
Sunco House
5 Carliol Square
Newcastle, Tyne and Wear

Click here for directions

The agenda is as follows:

  • 11:30 - Registration and Networking – Light lunch, Teas and Coffees will be provided
  • 12:00 - NEVMUG Introduction
  • 12:15 - Keynote – Joe Bagluey (VMWare VP / CTO, EMEA)
  • 13:15 - Networking – time to interact with our sponsors and enter vendor giveaways.  Grab yourselves a drink and have a chat!
  • 13:40 - Duncan Epping (VMWare Chief Technologist – Storage and Availability) - Virtual SAN, the story up to 6.2
  • 14:30 - Networking – time to interact with our sponsors and enter vendor giveaways. Don't just sit there – get up and mingle!
  • 14:45 - Community Session: Matthew Bunce (Xtravirt) / Marco Van Baggum (ITQ) – NSX in the real world
  • 15:30 - Networking – time to interact with our sponsors and enter vendor giveaways. Come on you know you want to!
  • 15:45 - Gold Sponsor Presentation: Tegile – Consolidate all your workloads onto a single flash array that's fast, flexible and economical.
  • 16:30 - Networking – time to interact with our sponsors and enter vendor giveaways. Grab yourselves a beer and have a natter!
  • 16:45 - Community Session: Kyle Jenner (SITS Group) – The importance of a VDI assessment for an accurate design and ultimately a successful project
  • 17:30 - NEVMUG Close – Q&A and prize giveaway – all these prizes have to go, but you have to be here to win them!

Big thanks go to our sponsors of the day as without you the leadership team would not be able to put these events on:

Gold - Tegile
Silver - 10Zig


Thursday, 7 January 2016

New Book - VMware vRealize Operations Essentials

Have you ever wanted to understand vRealize Operations?  Well, my colleague and friend Matthew Steiner (Blog | Twitter) has written a book entitled VMware vRealize Operations Essentials which is now available on Amazon and Packet Publishing.

So, why should you buy this book?  If you've ever seen Matt present at a VMUG or had the please of attending a meeting with him you'll very quickly learn that he knows his stuff when it comes to vRealize Operations Manager whether is be policies, super metrics or capacity planning and 3rd party integration.

Secondly Matt is very generously donating all his royalties to the Princes Trust in Scotland.  He is hoping to raise £5,000 in the next 18 months so this is all for a very good cause.

So if you want to improve your knowledge and skills on vRealize Operations and help out a charity then purchase the book.

Tuesday, 1 December 2015

Cross vCenter Networking and Security with Service Composer - NOT SUPPORTED

With the recent release of NSX 6.2 we now allow for cross vCenter Networking and Security.  This allows the security posture of your virtual machine to follow it when migrating from one vCenter to another.  As per the NSX 6.2 Cross vCener Installation Guide on page 18 service composer isn't actually supported but we can create local policies on each vCenter that populate a security group based on the name of the virtual machine.  When the VM vMotions from one vCenter to another the VM is removed from one security group and populate in the other.


In my environment I have two vCenter servers called NY-VCSA-01 and PA-VCSA-02 with the following compute, management and workloads:

The default Distributed Firewall Policy for both vCenters is to reject:

I'm now going to create a new security group within Service Composer and populate it based on the virtual machine name containing the work "web".  First go into Service Composer and create a new security group:

Give it a name and click Next:

Set the correct matching criteria which in my case is to populate the group if the VM Name contains the word "web" then click Finish:

Ensure the same Security Group is created on both the Primary and Secondary NSX Managers.  Once completed if you have any VM's with the name "web" in the text then they should be members of the security group:

We are now going to create the policy that we will apply to the security group.  The policy will be configured accordingly:

ANY -> Security Group -> HTTP/HTTPS -> Allow
ANY -> Security Group -> SSH -> Allow
ANY -> Security Group -> ICMP Echo / ICMP Echo Reply -> Allow

Go back into Service Composer and create a new policy and give it a name:

Create the firewall rules as required and then click Finish:

Apply the policy to the security group:

Ensure you have identical security groups and policies on both the primary and secondary NSX Managers.  

I currently have WEB01 running in NY-VCSA-01 and WEB02 running in PA-VCSA-01 and I can check what distributed firewall rules are currently being applied:

Now when I vMotion WEB01 from NY-VCSA-01 to PA-VCSA-02 the VM will be removed from the Web Servers security group in NY-VCSA-01 and then populated into the Web Servers security group in PA-VCSA-01.  I've tested this via pinging WEB01 during the migration.  As you can see the VM pings fine and then the connectivity drops.  This happens when the VM is removed from the security group on NY-VCSA-01 and not yet a member of the security group in PA-VCSA-01 so the default deny rule is being applied.  Once the VM is populated in the security group in PA-VCSA-01 the rules apply and connectivity is restored:

As we can see the VM is now in PA-VCSA-01 and the same firewall rules are being applied:

Remember this is NOT SUPPORTED but it just shows that it is possible.

Saturday, 24 October 2015

North East VMUG - Thursday 26th November

Registrations for the next North East VMUG are open and you can register via the link below:

Register Now

The event is taking place at Campus North:

Campus North
Sunco House
5 Carliol Square
Newcastle, Tyne and Wear
Click here for directions

Agenda is as follows:

12:00 - Registration and Networking
12:30 - Introduction – North East VMware User Group Committee.
12:45 - Zerto Gold Sponsor Presentation: People Depend on Your Data; Your Data Depends on Zerto. Ensure IT availability: protect, migrate & recover workloads on any infrastructure or cloud.
13:30 - Lunch and Break out Session – Breakout session time to interact with our sponsors and enter vendor giveaways for a very good chance of winning some great gadgets.
14:00 - VMware Presentation – Lee Dilworth, @leedilworth, Principle Systems Engineer VMware Site Recovery Manager across Metro stretched clusters.
14:45 - Community Presentation – Nick Evans, Senior Infrastructure Engineer. Nick runs a demo of his Zerto environment and discusses use of the product in a real world disaster recovery scenario. This is a no sales honest account of actual use of the Zerto solution by a real North East company. Attend this session to learn from Nick’s experience.
15:15 - Breakout session – Breakout session time to interact with our sponsors and enter vendor giveaways
15:30 - Nimble Gold Sponsor Presentation – Consolidate hybrid and all flash workloads in one platform for businesses of any size. At this presentation you will learn how Nimble makes this happen.
16:15 - VMware Presentation – Michael Armstrong, @m80arm, North East VMware System Engineer. In this session we will introduce you to Network Virtualization and VMware's NSX which provides Layer 2 to 7 network services.
17:00 - Breakout session – Breakout session time to interact with our sponsors and enter vendor giveaway.
17:15 - Community Presentation – Andy Ferguson, NHS design engineer. The benefits and realisation of automation from real world implementations. Andy will discuss how your business can reap the unlimited benefits of automation across multiple technologies using Powershell.
18:15 - Questions and Answers
18:45 - Closing statement and giveaways – All these prizes have to go
19:00 - vBeers and networking at location

Big thanks to our sponsors as without them these events wouldn't happen:

Friday, 25 September 2015

We're Slacking at the North East VMware User Group

Duncan (Twitter) and Alan (Twitter) who are both VMUG Leaders for the North East VMware User Group have setup a Slack account / channel / forum or whatever the correct term is for the North East VMware User Group.  Slack allows people to chat and collaborate in real time and we though it would be a good idea to get the North East VMUG community involved and use it for general chat, announcements and ideas for the future events.  So, if you want to get involved create an account and join us via the URL below:

All the VMUG leaders participate so the more members we get the better community we will have. So, what are you waiting for, sign up and join us.  Just remember to turn off notifications if you install the mobile app, it can get quite busy.

Friday, 18 September 2015

North East VMUG MIni Meet

The North East VMUG Leaders are having a catch up on Friday 25th September and would like to extend the invite out to the community as per below:

What’s happening?
We've been busy behind the scenes planning the next VMUG and decided to have a mini VMUG meeting in September. As this is a community group, we'd like to extend the planning to all our members so you have a part in shaping the next event.

When's it happening?
25th September 2015
4:30PM - 5:30PM (leaders meet)
5:30 PM - 6:30PM (All community members)

All VMUG members welcome.

Why are we meeting?
  • Test out an awesome new location
  • Discuss content our community would like to see at the next meeting
  • Requests for community presentation
  • Provide forum to support for community speakers
  • Launch an exciting new channel for community collaboration
  • Requests for VMUG leader volunteers
  • Social catch up for group members
  • Make people aware of Campus North and the excellent facilities available
  • See who will be at VMworld to share contact details
    You can register for the event and find all location details here or feel free to turn up.  I'm sure knowing the leaders that there may be a few selected drinks on offer if that's enough to tempt you.

    See you there