It's been a long time since I've last posted any new content on here. The truth is, I've got a few blog articles drafted, but I've just not had the time to post them properly. Since March, I've been very busy on two customer projects, one of which came to an end successfully at the end of May. I'm still in the middle of the second customer project where we are deploying the VMware vRealize Suite across the Americas, EMEA and APAC regions for a global customer. For the vRealize Operations part of this project, we are really pushing the product beyond it's officially supported limits in terms of objects monitored, however as we are working with VMware on this particular deployment, we have a custom support statement that will see this huge environment supported regardless of what the office limitations of the products may be (in terms of the number of monitored objects).
Anyway, during the course of the current project, we have encountered many stumbling blocks with the vRealize Operations and Hyperic products. Hyperic in particular has a rather problematic "defect" that I am surprised has not been picked up by anyone until now. It's in the way that the default Hyperic agent configuration is used on both Windows and Linux distributions which could cause major performance problems on monitored endpoints (up to a constant 100% CPU utilisation). However, working with VMware GSS, we have now been able to raise an official bug ticket for the issue.
I'm working on two particular posts regarding Hyperic. In the first post, I cover the bug that we have found and how to work around it, or rather preempt it. The second post is focused on how to replace Hyperic 5.8.4 SSL certificates. During this post I will generate SSL certificates with OpenSSL and format them in a Java keystore that is used by the Hyperic server, with the root and subordinate root certificate authority certificates included. I'll go through the process of replacing the self signed keystore with our own custom keystore as well as performing the necessary database queries and updates required to replace the certificates properly.
I'm hoping to get at least one of these posts completed before the end of the weekend.
vSphere 6 makes managing SSL certificates a lot easier than previous releases. It ships with its own Certificate Authority, (VMCA) that issues certificates for all components on your behalf, rather than having to replace each service certificate manually, or relying on self-signed certificates. This new VMCA comes with the Platform Services Controller (PSC) that can be installed as a separate appliance, or embedded within the vCenter Server installation or Appliance.
By default, the VMCA will self-sign its own certificate to be used as a CA certificate that will sign all requests for certificates. This self-signed CA certificate can be replaced by a certificate that is signed by a 3rd party root CA or your own root CA. Any certificate signed by the VMCA, which is an intermediate CA to your root CA, can then be validated by clients with the root CA and VMCA certificates installed.
I've decided to create this dedicated page where I'll place "one line scripts". I sometimes use these one line commands to run reports on vSphere or SCVMM inventories, if I'm not permitted or able to run full length scripts in an environment.
Yesterday I found myself in the middle of a debate on Twitter surrounding DevOps and the future of infrastructure admins. The whole thing was really triggered by a tweet sent by John Troyer where he stated; "Both O'Grady (New Kingmakers) & Chen (Developer-Driven Infrastructure) say "Devs Rool, IT Droolz". How do IT pros adapt?"
I've built up and tore down my vRealize Automation lab several times in the past month in order to familiarize myself with some of the pitfalls. As a result, I've run into some installation gotchas that I noted down, and decided to post them here.
VMware vRealize Automation makes it easy for us to provide our end users with the ability to request and manage their own virtual machines using a “self-service” portal. With very little configuration required, we can add vSphere virtual machine templates to a vRA service catalog for users to consume. vRA can then handle the request management for new virtual machines and when approved by the appropriate approvers, even provision the new VMs by cloning the template.