Piszki Lab | EN

My case study in the clouds…

2018/07/18
by Piotr Pisz
0 comments

Error connecting to VMware CEIP – Server chain certificate is not trusted (with external PSC)

In our configuration (as a past after vSphere 5.5) we have a vCenter server with external PSC. When testing vSAN, we decided to join to the VMware CEIP program due to the extension of vSAN cluster monitoring. Unfortunately, the connection turned out to be unsuccessful. After a long search for the cause, it turned out that the error (as usual) is in the certificate. In the virgo log of the vSphere client (flex and html5), the following errors were shown (Server certificate chain is not trusted and thumbprint does not match):

sso2

sso1

 

Continue Reading →

2018/06/19
by Piotr Pisz
0 comments

Configuration of TPM 2.0 in vSphere 6.7

TMP is a system that stores information that allows the authentication of the hardware platform. This information is certificates, passwords and cryptographic keys. There are many applications for this system, for example support for BitLocker in Windows. In the case of vSphere, support for TPM 2.0 appeared in version 6.7 (in the lower versions, e.g. 6.5, the layout of TPM 2.0 will not be visible). Does it affect us and how can we use the TPM 2.0? If our server is equipped with a TPM system that is in UEFI enabled (only UEFI is supported, there is no support in the traditional BIOS) and visible to the server, then an interesting message will appear in ESXi:

esxi1

Continue Reading →

2018/02/09
by Piotr Pisz
0 comments

VMware Integrated Containers 1.3 – HTML5 Plugin SSL Hadshake error (EN)

One of the main innovations in VMware Integrated Containers 1.3 (VIC) is the extended plugin for vSphere Client UI (html5) with which you can configure and run the VMware Container Host (VCH). This plugin depends on the correct SSL configuration in vCenter. And here the river theme appears, what is the correct configuration? As it turns out, everyone who has generated a certificate from VMCA signed by Root CA (aka custom certificate) has an almost good configuration. Where the problem arises, I will describe below.

vic-product

Continue Reading →

2017/09/18
by Piotr Pisz
0 comments

Trend Micro Deep Security – SSL Traffic Inspection

About Trend Micro Deep Security on this blog I wrote many times, but I have not mentioned yet one of the features of this solution, ie SSL traffic inspection. According to recent Google statistics, more than 70% of network traffic is already encrypted. This means that all IDS/IPS/WAF solutions that can not sniff SSL traffic and inspect it are immune to attacks! For Deep Security, we have the ability to enable SSL inspection at the Intrusion Prevention module level. Of course, we will not achieve such efficiency and effectiveness as in the case of BIG-IP F5 , but we will clearly increase the level of security of the protected services.

pobrane

Continue Reading →

2017/09/04
by Piotr Pisz
0 comments

vSphere Integrated Containers 1.1.1 – create base image and push it into Harbor (and run container with persistent volume)

For how to install and configure vSphere Integrated Containers I recently wrote here. Today we will create our own base docker image (with CentOS 7 system) with any application, and load it into the registry (image repository) on Harbor. In addition, we will create a persistent volume that will connect to our new container. The topic of VIC is quite new, so there is not much information on the Internet related to it, this article was created as an attempt to systematize the knowledge associated with it.

doc8

Continue Reading →

2017/09/04
by Piotr Pisz
1 Comment

vSphere Integrated Containers 1.1.1 – Installation and configuration

VMware has long been unable to react to the Docker revolution. Ultimately, it was decided that no changes had been made to ESXi so that the containers would not run directly in the ESXi kernel. VMware went the other way, interesting enough to look at it. Their own interpretation of the containerization is based on the PhotonOS project (CentOS-based ultra-light Linux system) and is called vSphere Integrated Containers. In this solution, VMware allows you to run a single container as an ultralight virtual machine. Sounds like a denial of the Docker idea? No, its development, with this approach, Docker host  is a whole vSphere environment, not a single Linux machine. From the viewpoint of the vSphere Administrator, machines with running dockers are the same problems, they are large, loaded, it is not known what is running on them. Using VMware’s approach, it is much easier to manage containers in a vSphere environment. In this article, I will show you how to install VIC, how to start VCH docker host, and how to use Admiral and Harbor.

vic1

Continue Reading →

.

Enjoyed the post? Support Piszki Lab | EN, click on the AD! :-)

.