Author: Jameseydoyle
-
Applying Transport Node Profile is not allowed when vLCM Config Manager is enabled on the cluster
I came across an issue with a customer earlier today that impacts the installation of NSX 4.1 on a vSphere 8.0 cluster with the new image-based vLCM configured. The error message you might see when you try to apply a transport node profile to a cluster is as follows:Error: vLCM Config Manager is enabled on…
-
Creating NSX-T Segments with Segment Profiles using PowerCLI
I recently had a customer who needed to create several hundred segments in NSX-T, each with non-default Mac Discovery and Segment Security profiles. Obviously, we weren’t going to try and do this manually and really needed to find a way to script this. I did come across this post in GitHub by Zsoldier, which worked…
-
Configuring PyKMIP for testing KMS functionality with vSphere/vSAN
In today’s security conscious world, using encryption to secure workloads is becoming the norm, rather than the exception. To facilitate this requirement, VMware provides two distinct technologies to help customers simply and securely encrypt their workloads – virtual machine encryption and VMware vSAN data-at-rest encryption. In each case, a key provider is required to generate…
-
Troubleshooting vSAN Encryption and KMS Connectivity
Troubleshooting vSAN Encryption Checklist Ensure the KMS server is reachable and responding on the KMIP port (5696 by default). For initial configuration of vSAN Encryption, the vCenter and the ESXi hosts in the cluster will require connectivity, but for ongoing operation, only the hosts require it. vCenter is only required when configuration needs to…
-
VMware VM Encryption Powershell scripts #2
As a follow up to my previous post, there are occasions when you will need to know which keys are currently in use in your environment. For example, how do you know which keys is required to encrypt your VM, which KMS Cluster provided the key and which hosts have that key in their keyCache?…
-
VMware VM Encryption Powershell scripts
With the release of vSphere 6.5, there is a cool new feature with which I have worked extensively – VM Encryption. VM Encryption is pretty awesome, in my honest opinion, due to the granularity of control you have over which entities to encrypt. Other encryption methodologies for data at rest, such as native device encryption…
-
Beacon Probing
Why am I talking about Beacon Probing? Simply because, in my experience, it is a very misunderstood feature in vSphere and I hope to clear up some of the confusion around its implementation and behaviour. What is Beacon Probing? With virtual switches, multiple connections (uplinks) to the physical network switches can be configured to allow…
-
First Post
Hello everyone, I am a total newbie when it comes to blogging so I am embarking on this project with a mix of excitement and trepidation. However, I am really looking forward to deep-diving into some of the less understood features of vSphere and simply presenting thoughts on virtualization in general. I look forward to…
theVirtualPaddy 