Piszki Lab | EN

My case study in the clouds…

2019/09/04
by Piotr Pisz
2 Comments

Microsoft WSFC and vSAN 6.7U3

Recently, I decided to perform AD migration from 2012R2 to 2019 in my lab, and follow the blow, migrate all services (DFS, SQL and others) to 2019. I decided to use the new feature that appeared in vSphere 6.7U3, i.e. support for RDM (SCSI-3 PR), and run the new Microsoft Windows Server Failover Cluster on this. As Piszki Lab is already two physical servers, such a cluster has more sense, of course it is only over the lab. There is also official VMware documentation describing the whole process, in addition, you can use the detailed instructions for placing WSFC.

msc0

Continue Reading →

2019/05/29
by Piotr Pisz
3 Comments

Kerberos with OpenLDAP backend configuration in CentOS 7

Today we will deal with LDAP kerberization, it sounds a bit strange, but it comes down to installing and configuring a cluster consisting of multiple nodes (N +) operating in active mode. This cluster will serve LDAP and Kerberos services for Linux systems. The kerberosa database will be stored in OpenLDAP, thanks to this service, kerberos will also work as multi master. In addition to the cluster itself, we will also configure the client system to authenticate the user at the LDAP level and that the user can use the kerberos ticket to move freely between the systems. This exercise aims to prepare an authorization system for use in the subsequent installation of Hadoop.

ticket

Continue Reading →

2018/07/18
by Piotr Pisz
0 comments

Upgrade Trend Micro Deep Security in vSphere 6.7 i NSX 6.4 (to new version).

The title of this post is quite enigmatic, but it touches a very serious problem. How to perform an upgrade of such a complex environment as vSphere with NSX and Trend Micro Deep Security without interruption in ensuring security? The Trend Micro statement says that to perform the upgrade, you must remove the protection, unregister the service, uninstall DSVA, perform the upgrade, re-register in NSX, install DSVA and enable protection. This means a long break in the operation of the environment. Can we resolve this problem in the production system? Fortunately, you can bend this and that and upgrade so that you do not destroy anything by the way. Upgrade Trend Micro Deep Security Management Server to version 11 is quite a simple task and in my opinion there is no point in describing it in detail (just run exe).

tmup00

Continue Reading →

2018/07/18
by Piotr Pisz
0 comments

Error connecting to VMware CEIP – Server chain certificate is not trusted (with external PSC)

In our configuration (as a past after vSphere 5.5) we have a vCenter server with external PSC. When testing vSAN, we decided to join to the VMware CEIP program due to the extension of vSAN cluster monitoring. Unfortunately, the connection turned out to be unsuccessful. After a long search for the cause, it turned out that the error (as usual) is in the certificate. In the virgo log of the vSphere client (flex and html5), the following errors were shown (Server certificate chain is not trusted and thumbprint does not match):

sso2

sso1

 

Continue Reading →

2018/06/19
by Piotr Pisz
1 Comment

Configuration of TPM 2.0 in vSphere 6.7

TMP is a system that stores information that allows the authentication of the hardware platform. This information is certificates, passwords and cryptographic keys. There are many applications for this system, for example support for BitLocker in Windows. In the case of vSphere, support for TPM 2.0 appeared in version 6.7 (in the lower versions, e.g. 6.5, the layout of TPM 2.0 will not be visible). Does it affect us and how can we use the TPM 2.0? If our server is equipped with a TPM system that is in UEFI enabled (only UEFI is supported, there is no support in the traditional BIOS) and visible to the server, then an interesting message will appear in ESXi:

esxi1

Continue Reading →

2018/02/09
by Piotr Pisz
0 comments

VMware Integrated Containers 1.3 – HTML5 Plugin SSL Hadshake error (EN)

One of the main innovations in VMware Integrated Containers 1.3 (VIC) is the extended plugin for vSphere Client UI (html5) with which you can configure and run the VMware Container Host (VCH). This plugin depends on the correct SSL configuration in vCenter. And here the river theme appears, what is the correct configuration? As it turns out, everyone who has generated a certificate from VMCA signed by Root CA (aka custom certificate) has an almost good configuration. Where the problem arises, I will describe below.

vic-product

Continue Reading →