Abstract By using tcpdump to troubleshoot an elusive error, we uncovered a man-in-the-middle (MITM) ssh proxy installed by our information security (InfoSec) team to harden/protect a set of machines which were accessible from the internet. The ssh proxy in question was Palo Alto Network’s (PAN) Layer 7 (i.e. it worked on any port, not solely ssh’s port 22) proxy, and was discovered when we observed a failure to negotiate ciphers during the ssh key exchange. ...

When customers with vSphere+NSX-T-based foundations apply a stemcell update, update a tile, or upgrade PAS (Pivotal Application Service) from 2.2 to 2.3, their Cloud Foundry may become unreachable as their NSX-T static load balancer server pools have been emptied. This blog post describes a method to ensure availability during upgrades. We use a combination of customized Operations Manager resource configs and BOSH VM Extensions. The sample workflow in this post is for upgrading PAS 2.2 to PAS 2.3 with an Operations Manager upgrade; however, it can also be adapted to stemcell or tile upgrades as well. ...

The following section is the new Quickstart for installing a TLS certificate on vCenter 7 vCenter 7 Quickstart On your vCenter, navigate to Menu → Administration → Certificates → Certificate Management On the __MACHINE_CERT tile, click Actions, select Generate Certificate Signing Request (CSR). Enter the appropriate info; for inspiration, this is what we entered: ...

0. Overview [Disclaimer: the author works for Pivotal Software, of which Dell is an investor. Dell is also an owner of VMware] It’s helpful to know the performance characteristics of disks when selecting a disk type. For example, the performance of a database server will be greatly affected by the IOPS of the underlying storage. Similarly, a video-streaming server will be affected by the underlying read throughput. 0.0 Highlights: If you need a fast disk, nothing beats a local vSphere NVMe drive. Nothing. Whether its IOPS, read throughput, or write throughput, NVMe is the winner hands down. Google’s SSD (Solid State Drive) storage has 22× the IOPS of its standard storage. For general purpose use, always go with the SSD; however, if you’re doing streaming (long reads or writes), the standard storage may be the better (and cheaper) choice. AWS’s io1 disk is a waste of money unless you need an IOPS > 4k (the gp2 disk has an IOPS of ~4k). AWS’s now-deprecated standard storage has a decent IOPS of ~2k. The key to getting IOPS out of Azure is to enable Host Disk Caching, which can catapult an anemic 120 IOPS to a competitive 8k IOPS. 0.1 Metrics, IaaSes, and Results In this blog post we record three metrics: ...

0. Abstract BOSH is a VM orchestrator; a BOSH Director creates, configures, monitors, and deletes VMs. The BOSH Director interoperates with a number of IaaSes (Infrastructure as a Service), one of which is VMware vSphere, a virtualization platform. BOSH traditionally operates exclusively within the IPv4 networking space (i.e. the BOSH Director has an IPv4 address (e.g. 10.0.0.6), and the VMs which it deploys also have IPv4 addresses); however, recent changes have enabled IPv6 networking within the BOSH Framework. ...