How to Install a TLS Certificate on vCenter Server Appliance (VCSA) 8.0

Quickstart First, create your key and your CSR (Certificate Signing Request). In the following example, we are creating a CSR for our vCenter host, “vcenter-80.nono.io”: CN=vcenter-80.nono.io # "CN" is the abbreviation for "Common Name" openssl genrsa -out $CN.key 3072 openssl req \ -new \ -key $CN.key \ -out $CN.csr \ -sha256 \ -subj "/C=US/ST=California/L=San Francisco/O=nono.io/OU=homelab/CN=${CN}/emailAddress=brian.cunnie@gmail.com" \ -config <(cat <<EOF [ req ] distinguished_name = req_distinguished_name req_extensions = req_ext [ req_distinguished_name ] [ req_ext ] subjectAltName = @alt_names [alt_names] DNS.1 = ${CN} EOF ) You’ll have two files, vcenter-80.nono.io.key and vcenter-80.nono.io.csr. ...

November 2, 2022 · 6 min · Brian Cunnie

How To Enable IPv6 on Your Cloud Foundry's HAProxy

0. Abstract HAProxy is an optional load balancer included in the canonical open source Cloud Foundry deployment. Its intended use is on IaaSes (Infrastructures as a Service) that do not offer built-in load balancers [0]. On vSphere, this means without the optional network virtualization solutions, NSX-T and NSX-V. This blog post describes how to assign an IPv6 address to an HAProxy load balancer in a Cloud Foundry deployment. 1. Pre-requisites Users following this blog post should be familiar with BOSH, BOSH’s manifest operations files, IPv6, and deploying Cloud Foundry using cf-deployment. ...

February 1, 2020 · 7 min · Brian Cunnie

How to Install a TLS Certificate on vCenter Server Appliance (VCSA) 6.7 [Updated for vCenter 7]

The following section is the new Quickstart for installing a TLS certificate on vCenter 7 vCenter 7 Quickstart On your vCenter, navigate to Menu → Administration → Certificates → Certificate Management On the __MACHINE_CERT tile, click Actions, select Generate Certificate Signing Request (CSR). Enter the appropriate info; for inspiration, this is what we entered: ...

May 9, 2018 · 10 min · Brian Cunnie

Deploy To vSphere NSX-T Opaque Networks Using BOSH

VMware’s vSphere is an Infrastructure as a Service (IaaS) which runs Virtual Machines (VMs). BOSH is a VM orchestrator which automates the creation of VMs. NSX-T is a pluggable Network backend for vSphere (and other hypervisors). NSX-T allows the creation of opaque networks in vSphere, networks whose detail and configuration of the network is unknown to vSphere and which is managed outside vSphere. With the release of BOSH vSphere CPI v40, users can attach their BOSH-deployed VMs to an NSX-T opaque network. ...

April 17, 2017 · 5 min · Brian Cunnie

Leveraging NSX's Features with BOSH's vSphere CPI

VMWare NSX is a network virtualization platform (frequently paired with the vSphere IaaS (Infrastructure as a Service)). It includes features such as Load Balancers (LBs) and firewall rules, features often found in public-facing IaaSes (e.g. AWS (Amazon Web Services), GCE (Google Compute Engine), and Microsoft Azure) but not native to vSphere. BOSH, a VM orchestrator, includes hooks to interoperate with NSX’s LB and Distributed Firewall features. These hooks enable BOSH to attach created VMs to existing NSX Load Balancer Pools and NSX Distributed Firewall rulesets. BOSH uses NSX’s Security Groups [NSX Security Groups] as the underlying mechanism. ...

November 1, 2016 · 9 min · Brian Cunnie