VMworld 2021 – 11 Sessions I’m Excited About!!!!

While I’m disappointed I can’t see my coworkers and customers again this year at VMworld this October 5-7, I’m still looking forward to all the great content that will be shared. One of the benefits of virtual is again this year is that it’s free for all attendees! Here’s my Top 11.

VMware vSAN – Dynamic Volumes for Traditional and Modern Applications [MCL1084] – Duncan Epping and Cormac Hogan are at it again presenting their deep knowledge of VSAN in both traditional and modern application use cases. I’m looking forward to see their take on VMware vSphere container storage interface (CSI) in Kubernetes! 

William Lam – App Modernization Deep Dive with VMware Cloud on AWS and VMware Tanzu [MCL2290] – Is VMworld even VMworld without William?! I have been waiting for a long time to talk VMWonAWS and Tanzu!! For those of you who want to see modern apps with Tanzu on VMWonAWS, this session is a must!

Achieving Happiness: The Quest for Something New [IC1484] – Those of you who have met Amanda Blevins know that she’s not only about technology but is also passionate about personal development and brand building. Many things have changed over the past 18 months with our day to day profession and I’m anxious to see what insights Amanda and Steve Athanas (CIO UMass Lowell) will have for us!

A Guide to vSphere with VMware Tanzu: Day 2 Operations for the VI Admin [APP1718] – No doubt Dean Lewis and Simon Conyard will bring their technical acumen and British wit to the session as they cover basic Kubernetes architecture in a way that makes sense for the VI Admin. Kubernetes is a fun word to say, but it’s a completely different thing to say AND do in the enterprise….at the end of the day, you still need to manage the application. These two gents will show you how!

An End-to-End Demo of Day 0 to Day 2 VMware Tanzu Management with vRealize [APP1586] – Matt Bradford and Sam McGeown always create great demos for their sessions. This is a must see for those on the Tanzu and modern application path and want to see how the vRealize suite is making Day 0-2 a cinch.

A Guide to the Cloud Operating Model [MCL1115] – Clouds are becoming the new silos. SaaS can grow your environment exponentially at a rapid pace and before you know it, you’re in the same siloed chaos you were in before cloud. Taruna and Martijn walk you through VMware’s multi-cloud approach when creating a consistent cloud operating model. It’s great to leverage multiple clouds based on specific use cases but it’s important to know how to best manage them.

Design Principles: Cloud Architecture Design and Operations [MCL2151] – Without a doubt these two Principal Architects are some of the smartest people I know at VMware. Mitesh and Andrea have been designing Enterprise VMWonAWS deployment since the service has been available. If you want to know how best to design VMWonAWS for production, this session is #1!

Automate VMware HCX Workload Migration to VMware Cloud on AWS [MCL1050] – This session would be #2 to the one above. Now that you have the VMWonAWS SDDC deployed, it’s time to migrate! Phoebe and Asaf bring their VCDX (between them, they have four!) and HCX knowledge to show you how to automate your migrations.

Cloud Workload Security and Protection on VMware Cloud [SEC1296] – While you’ve migrated workloads to VMWonAWS, you still need to secure them. Being in the cloud does not remove you from needing to protect the asset. Using the security features of NSX on VMWonAWS is a great start. To be even more secure, this panel will show how you can leverage Carbon Black on VMWonAWS.

A Guide to Application Migration Nirvana [MCL1264] – Bottom line….application migrations can be HARD! vRealize Network Insight has quickly become one of the main tools used to help customers understand applications and how to effectively plan for migrations to VMware’s Cloud. Martijn Smit has a wealth of experience to share do be sure to add this to the schedule!!

VMware DRaaS – Combine Two Services for Comprehensive Disaster Recovery Plans [MCL1202] – This session should be awesome! It’s not just about Site Recovery Manager (SRM) anymore. If you haven’t taken a look at VMware Cloud Disaster Recovery (VCDR aka Datrium) yet, you should. This session will cover both solutions and how we’re allowing customers to recover from ransomeware attacks, outages, and more. It’s all about flexibility and this session will give you the information you need to make those critical business continuity and disaster recovery decisions.

I admit that most of these sessions are cloud and application based but that’s where my passion lies and that’s where my customers are headed! Don’t forget to register today and Enjoy VMworld 2021!!!!

NSX Inventory Groups and Memberships to Manage Edge Firewall Rules in VMware Cloud on AWS

I have been using this feature of NSX heavily as of late so I wanted to highlight the power and flexibility of inventory groups that allow you to configure firewall rules that best fit your organization. The grouping of VMs and network services within VMware Cloud on AWS allows you put VMs that have common characteristics such as databases, web servers, operating systems, IP addresses and tags together to more easily publish firewall rules. By default, VMware Cloud on AWS creates two primary management groups and a service inventory when the SDDC is created. The two “parent groups” as I will call them are the Management Group and Workload Group respectively. The Management groups are system defined groups of infrastructure components such as ESX hosts, vCenter, NSX Manager or any other management appliances such as HCX. Workload groups are user defined groups of Virtual Machines or IP addresses.

Network and Security Inventory Groups

As you can see above, I added sub groups to the Workload Group based on function (Web, SQL, etc.). Recently, I have been testing the Membership Criteria option as this feature leverages tags and can also group based on Virtual Machine names that contain or start with a defined string. To add a new group, select Add Group, name your group, and then choose one of three membership types, Virtual Machine, IP Address or Membership Criteria. For this example, I used Membership Criteria. Once Membership Criteria is selected, pick the member VMs based on one of the two criteria (VM Name or Tag). For VM name you can choose contains or equals to categorize your VM grouping. The tag criteria can only be leveraged by having the tag name be equal to the VM(s) that is defined. In order to leverage the tag membership criteria, the the VM must be already tagged.

**Public Service Announcement** vCenter Tags and Attributes are NOT manifest in Networking & Security in the SDDC. These tags can only be added via Virtual Machines under Networking & Security > Inventory > Groups > Virtual Machines. Right click on the VM, select Edit and add your tag.

For the sake of this blog, I have created several VMs with different names but the same tag to show how tagging is leveraged.

VMs with their respective tags

Once VMs are tagged correctly, verify tagging is working by going to the Workload Groups by selecting the group > View Members.

Web Server members based on tags.

Now that VMs are properly grouped and tagged, Compute Gateway rules can now be configured and published. Go to Networking & Security > Compute Gateway > Add New Rule > Name the rule and select your source and destination. You should see your newly created group in the selection.

To verify that the rule is applied correctly, go to Networking & Security > Inventory > Groups > Workload Groups > Select the group that was added to the edge firewall rule > Select View Reference.

Below is a demo showing how VMs (tagged “Web”) on different Network segments can all access the internet with one rule.

Refer to the Networking & Security Guide what was updated on January 27,2020. Lastly, if you want to see how to leverage the Distributed Firewall (DFW) to protect 3 Tier Applications be sure to check out Michael Armstrong’s latest blog!!!

AWS re:Invent 2018 – Day 1

This is where things really get moving. I’m happy to say I didn’t regret gorging myself with wings the night before and was ready to hit the ground running to see re:Invent in full swing. Day 1 step count…15,308 (7.57 mi). I started off the morning by attending everyone’s favorite topic….SECURITY!!! This session was spent debunking 13 Cloud Security Myths. A few things that I already knew were reinforced. One, public clouds are more secure that on-prem data centers. Two, security should be the first thing you think about when deploying everything from applications to infrastructure. Three, if you continue to follow older security models that have been around for years, you are missing the entire point of the cloud!

 

Next up was a two-hour workshop getting some hands-on experience with the AWS Virtual Private Cloud (VPC). VPCs are the backbone to everything AWS including VMware Cloud on AWS. Although I have taken some online classes via AWS and A Cloud Guru, it was great to spend more time setting up VPCs as it is core to understanding how AWS works. We worked in groups of six where we set up VPC peering with each other. My main takeaway….have a concrete plan for the CIDR blocks you choose for your VPCs. If you don’t plan correctly, you will have to start over. A tool given out by the architects running the session was http://subnet-calculator.org/cidr.php . Bookmark it! An added benefit to the workshop was $25 in AWS credits!

Next stop was the Expo Hall and welcome reception. Of course, the hall was massive with hundreds of booths and all the SWAG you can handle. I decided to take a look around beforehand so I knew where to get “the good stuff.” Since I’m a VMware guy, it was awesome to see us well represented we even have our newest members of the family in Heptio (met Joe Beda at the booth) and Cloud Health with booths of their own.

The last session of the day was a VMware Cloud on AWS Deep Dive with Andy Reedy and Jin Zhang. If you ever get a chance to spend time with Andy, I would recommend it. I met him two years ago at some customer meetings and he is a fantastic architect. He got into the weeds with VMWonAWS regarding the host hardware and the interconnectivity between the vSphere hosts and AWS native services. We even went into the i3 and r5 models for EBS backed VSAN. It was a great session. As I have said before, AWS and VMware have a deep partnership to make this service available. The pace of innovation is blinding! Day 2 is next!!

This slideshow requires JavaScript.