NSX Archives -

Creating #VMConAWS #NSX-T Firewall Rules and Segments with #PowerCLI

June 6, 2022 Bilal Ahmed 0

Well hello there. I had a customer that was wanting to do some work using scripting to create NSX-T segments and DFW rules in VMConAWS, for their PROD SDDC and for their new VCDR SDDC. Over the years I have seen a lot of people think that copying the VM data and being able to recover is the hard part when that can be the easiest part. Things like VCDR are designed to get your copies of the VMs up and running, but what about the networking and firewall rules you need to ensure communication works and is still secure? So, this ended up being a discussion on the various ways to create rules on both SDDCS and this led […]

NSX CSM (Cloud Service Manager) CA Certificate

February 3, 2022 Chris Noon 0

I recently worked on a customer project where they replaced the NSX Manager certificate with a company-signed certificate using their own CA. This caused an issue when pairing the CSM with the NSX Manager, i.e. certificate error. This short blog post will run through the steps ran through to allow the CSM to peer with the NSX Manager. I understand this post won’t receive a lot of traffic, my hope is it helps someone in the future. The Procedure SSH to the CSM and login as root. Prepare your root CA cert in perm format and upload it to the CSM. On the CMS, get the JKS password from the following file: PASSWORD=`cat /config/http/.http_cert_pw` Add the root CA cert to […]

NSX ALB (Advanced Load Balancer) Design

December 6, 2021 Chris Noon 0

I wrote three (3) blogs on Avi Load Balancing, now rebranded as VMware NSX ALB (Advanced Load Balancer). These were around the basic concepts, base configuration, and that configuration using API. https://vmusketeers.com/2020/05/09/avi-networks-the-advanced-nsx-load-balancer/ https://vmusketeers.com/2020/05/24/avi-networks-base-configuration/ https://vmusketeers.com/2020/06/19/avi-network-base-configuration-via-api/ I noticed it was difficult to find a single post that discusses the different types of design solutions. In this post, I want to discuss the design decisions when deploying an ALB solution and expand on my previous blogs. Management Components The management components in the ALB solution are the controllers. The controllers are what the users interact with that which pushes instructions to the data plane components. They can be deployed in one (1) of two (2) ways: Single Controller: A single controller is deployed […]

Complement your VDI environment with NSX: Advanced Load Balancer

April 11, 2021 Chris Noon 5

@Twitter@Linkedin Part 1: Complement your VDI environment with NSX.Part 2: Complement your VDI environment with NSX: dFW.Part 3: Complement your VDI environment with NSX: IDFW.Part 4: Complement your VDI environment with NSX: Introspection Services.Part 5: Complement your VDI environment with NSX: IDS/IPS.Part 6: Complement your VDI environment with NSX: Advanced Load Balancer Thanks to Siegfried Huijgen I ended up receiving a lot of attention on the 5 part series, which spun off into a request for a part 6 on Avi Networks Load Balancing. While the other posts have focused on security, it makes perfect sense to include the NSX Advanced Load Balancer (Avi Networks) into the mix of complementary services for VDI’s. For the remainder of the post please […]

Complement your VDI environment with NSX: IDS/IPS.

March 16, 2021 Chris Noon 5

@Twitter@Linkedin Part 1: Complement your VDI environment with NSX.Part 2: Complement your VDI environment with NSX: dFW.Part 3: Complement your VDI environment with NSX: IDFW.Part 4: Complement your VDI environment with NSX: Introspection Services.Part 5: Complement your VDI environment with NSX: IDS/IPS.Part 6: Complement your VDI environment with NSX: Advanced Load Balancer The final post of this series will be around NSX IDS (Intrusion Detection System) and IPS (Intrusion Prevention System). Both these products are used to highlight attacks targetted around a VMware environment. While the dFW does a great job of providing zero trust access, what if someone tries to take advantage of that open access? This is the use case for IDS/IPS. IDS and IPS used to be […]

Complement your VDI environment with NSX: Introspection Services.

February 28, 2021 Chris Noon 5

@Twitter@Linkedin Part 1: Complement your VDI environment with NSX.Part 2: Complement your VDI environment with NSX: dFW.Part 3: Complement your VDI environment with NSX: IDFW.Part 4: Complement your VDI environment with NSX: Introspection Services.Part 5: Complement your VDI environment with NSX: IDS/IPS.Part 6: Complement your VDI environment with NSX: Advanced Load Balancer Unfortunately, this post will be more of a theoretical one. I don’t have access to any introspection service providers. That said, I think it is something that should be discussed as it adds huge benefits. If any partner out there is reading this and wants to give me a trial of their product, I’m happy to write a Part 4.5 of this series. Introspection Services Concepts. Introspection services […]

Complement your VDI environment with NSX: IDFW.

January 29, 2021 Chris Noon 5

@Twitter@Linkedin Part 1: Complement your VDI environment with NSX.Part 2: Complement your VDI environment with NSX: dFW.Part 3: Complement your VDI environment with NSX: IDFW.Part 4: Complement your VDI environment with NSX: Introspection Services.Part 5: Complement your VDI environment with NSX: IDS/IPS.Part 6: Complement your VDI environment with NSX: Advanced Load Balancer Before I start. Shout out to Bilal Ahmed, a fellow vMusketeer who helped me with this post. In this part of the series, we will look into IDFW (Identity Firewalling). IDFW is becoming an increasingly popular feature in VDI and RDSH environments. It allows security constructs to be applied to AD (Active Directory) groups, rather than the IP addresses. This promotes ease of mobility and reduction of operational […]

Complement your VDI environment with NSX: dFW.

January 3, 2021 Chris Noon 5

@Twitter@Linkedin Part 1: Complement your VDI environment with NSX.Part 2: Complement your VDI environment with NSX: dFW.Part 3: Complement your VDI environment with NSX: IDFW.Part 4: Complement your VDI environment with NSX: Introspection Services.Part 5: Complement your VDI environment with NSX: IDS/IPS.Part 6: Complement your VDI environment with NSX: Advanced Load Balancer I started the series discussing the different features within NSX that can complement a VDI environment. I’ll focus on dFW today, a well-known NSX feature. Recap: East/West Traffic between VDI’s. dFW, one of NSX’s well known and most marketable features, with good reason. Many attacks don’t target the motherload first time, but rather something lightly protected (think webserver) and then move laterally within the DC to something of […]