Posts

Showing posts from 2024

VMware Products Overview

VMware Hypervisor   A VMware hypervisor is a software layer that allows a physical computer to run multiple virtual machines (VMs) at the same time:  How it works: A hypervisor acts as an intermediary between the physical computer's resources and the operating systems (OS) running on the VMs. It allocates the computer's resources, like memory and processing, to each VM, and isolates them so they can run independently.  Benefits: A hypervisor allows you to run multiple operating systems without rebooting the computer. It also protects sensitive data with encryption, and makes it easier to manage and audit the VMs.  VMware hypervisor products VMware offers a variety of hypervisor products, including:  VMware Workstation Pro: A desktop hypervisor for Windows that allows you to run Windows, Linux, and other VMs  VMware Fusion: A desktop hypervisor for Mac that allows you to run VMs  ESXi: A native hypervisor that's part of the VMware Infrastructure softwar...

vROPS appliances password remediation tasks failed from SDDC manager

Image
Issue details:-   Password remediation tasks on SDDC manager getting failed with below error. However, we are able to connect SSH with root password on the vROPS appliances, no issues with credentials. I checked Operations logs on SDDC manager and found below logs, indicating the SSH connectivity issues from SDDC to vROPS appliances. Tried to do SSH vROPS appliance from SDDC manager, getting below error... Seems some issue with ECDSA key.. Resolution:- SSH to vROPS appliance and retrieve the ECDSA ssh keys as below. Now, we have 2 options to update the correct SSH keys for vROPS appliance on SDDC manager known_Hosts files located at below location.   /root/.ssh/known_hosts   /etc/vmware/vcf/commonsvcs/known_hosts   /home/vcf/.ssh/known_hosts   /opt/vmware/vcf/commonsvcs/defaults/hosts/known_hosts First option is manually copy and paste the SSH key on all the known_hosts files and restart the SDDC manager services and then try to remediate the password again...

VMware Avi Load Balancer

Image
 Hello, As you all know that VMware NSX has native Load Balancing capabilities which provides Basic Load balancing to the virtualized environment.  But now VMware is planning to depreciate the native load balancing features and asking the VMware NSX customers to move to AVI Load Balancer product which will give advanced level of load balancing features which are supported by other third party LB vendors like F5, Cisco ACE etc... VMware NSX Advanced Load Balancer (Avi) is an API (Application Programming Interface) first, self-service Multi-Cloud Application Services Platform that ensures consistent application delivery, bringing software load balancers, web application firewall (WAF), and container Ingress for applications across data centers and clouds.    VMware’s Avi is a modern, software-defined elastic application delivery fabric. It is composed of a central control plane and a distributed data plane. VMware Avi Controller provides a centralized policy engi...

How to migrate the N-VDS as the host switch to VDS 7.0 in NSX-T 3.x

Image
  Hello There, In this article, i am covering how to migrate the ESXi host switch from N-VDS to VDS 7.0 switch in NSX-T 3.2.x version. When using N-VDS as the host switch,  NSX-T  is represented as an opaque network in  vCenter Server . N-VDS owns one or more of the physical interfaces (pNICs) on the transport node, and port configuration is performed from  NSX-T Data Center . You can migrate your host switch to  vSphere  Distributed Switch (VDS) 7.0 for optimal pNIC usage and manage the networking for  NSX-T  hosts from  vCenter Server . When running  NSX-T  on a VDS switch, a segment is represented as an  NSX-T  Distributed Virtual Port Groups. Any changes to the segments on the  NSX-T  network are synchronized in  vCenter Server. We have an NSX-T environment running with NSX-T 3.2.2.1 version. this environment was designed and implemented with NSX-T 2.x version and that time we used the N-VDS as host...

Edge node vmid not found on NSX manager

Image
  Hello There, Recently , we faced an issue in our NSX-T envrironment running with 3.2.x version. We saw below error message while running the pre-check for NSX upgrade to 4.x version.  " Edge node 31c2a0ba-e10a-48eb-940d-85f1e48c811f vmId is not found on NSX manager " So to fix this vmId issue for Edge Nodes, we need to edit the DeploymentUnitInstance and EdgeNodeExternalConfig in NSX Corfu DB tables. Steps to be done: 1) Login to NSX Manager UI . Start a backup by going to the NSX Manager UI System > Lifecycle Management > Backup and Restore and click on the START BACKUP button. 2) Log into any of NSX Manager node's CLI using the admin and switch to root account and stop the corfu service using the following command:    /etc/init.d/corfu-server stop 3) Stop the proton service    /etc/init.d/proton stop 4) Start the corfu service    /etc/init.d/corfu-server start 5) Execute the following DB commands to make the changes in...

VMware VCF and vSphere Diagnostic tool-VDT

Image
VMware VDT- VCF Diagnostic Tool Overview VDT (developed and built by VMware Support) is a utility designed to run a series of comprehensive checks live on a target appliance. In its current state, VDT supports the vCenter Server and SDDC Manager appliances. The VCF Diagnostic Tool (VDT) is a diagnostic tool that is run directly on the SDDC Manager or vCenter server. It runs through a series of checks on the system configuration and reports user-friendly PASS/WARN/FAIL results for known configuration issues. It also provides information (INFO) messages from certain areas which we hope will make detecting inconsistencies easier. The goal of these tests is to provide live diagnostic information to the user about their environment which might otherwise be missed.   This tool is completely read-only for the entire environment. hence, it will not make any changes to the environment and no risks to use it. Another important thing about this tool that, it is completely offline a...

CVE-2023-48795 Impact of Terrapin SSH Attack

Image
CVE-2023-48795 describes a vulnerability in OpenSSH v9.5 and earlier. This vulnerability, also known as the "Terrapin attack", could allow an attacker to downgrade the security of an SSH connection by manipulating information transferred during the the connection's initial handshake/negotiation sequence.  The attacker must have already gained access to the local network, and must be able to both intercept communications and assume the identity of both the recipient and the sender.   The CVSS 3.x rating of "Medium" reflects the difficulty in successfully exploiting this vulnerability. CVE-2023-48795 has since been resolved in OpenSSH v9.6. It's mitigation requires both client and server implementations to be upgraded to this fixed or later version. Additionally, this vulnerability can also be addressed by disabling use of the "ChaCha20-Poly1305" cipher in affected OpenSSH implementations.  This vulnerbility affects all systems having...