Category Archives: Uncategorized

VMware Cloud on AWS – SDDC to SDDC VPN and MS AD Replication

This is part two of my blog on how to leverage Microsoft Active Directory as an Identity Source and have AD replicate between two VMware Cloud on AWS SDDCs. Now that I have Active Directory running in US East, I will setup a route based VPN between my US East SDDC and US West SDDC. For my lab, I am using a Route Based VPN to replicate Active Directory Traffic. To add Route Based VPNs to both SDDCs, take note of your SDDC Public IPs on your Management Networks, determine what you want your Autonomous System Numbers (ASN) to be, and determine your IPs for both BGP local IPs. To keep the BGP IP scheme simple, I chose 169.254.x.x/30 to only allow for two available IP addresses. FYI, There are two different number ranges for Public and Private ASN numbers. Public is 1-64,511 and Private is 64,512-65,535. Route based VPN makes things simple in this scenario since we are leveraging Border Gateway Protocol (BGP) where both SDDCs are able to exchange routes and leverage BGP peering. For a deeper dive into BGP peering specifically around AWS Direct Connect and VMware Cloud on AWS, check out Nico Vibert’s Blog. It will not disappoint!

SDDC Public IP Info

Once you have the ASN and SDDC Public IP information, you can add your route based VPN by going to Networking & Security tab -> Network -> VPN -> Route Based -> “Add VPN”. For my lab, I have kept all the defaults for the tunnel and IKE settings. You may need to make changes here based on your security requirements. You must, however, select a pre shared key that will be used for both VPN connections to establish a secure connection. I have also left the Remote Private IP field blank. Once you click “Save”, you will see the status of the VPN and BGP Remote IP go to a yellow status as the negotiations take place. If successful, you should see both Remote BGP IP and VPN status turn green.

SDDC to SDDC VPN once completed

The next step in the process is to deploy a second Domain controller inside the second SDDC. Before you can promote the second DC, you need to first deploy a Windows Server VM in SDDC #2. Once the VM is deployed, you will then need to establish two-way communication across the VPN tunnel to be able to add the Windows Server to the domain and promote it. Although the VPN is up, you still need to configure additional Gateway Firewall rules in order for Domain Controllers to talk to each other across networks. Go back to Networking & Security -> Security -> Gateway Firewall -> Compute Gateway -> Add New Rule. For two-way communication, add two rules that allow traffic to and from the Domain Controller. Make sure that you have this traffic go over the VPN Tunnel Interface and NOT the Internet Interface. Make these rules for both SDDCs.

Gateway Firewall Rules for VPN Tunnel Interface

Before promoting your soon-to-be Domain Controller, make sure you can ping across the VPN via IP and DNS FQDN. The next step in the process is to deploy a second Domain Controller inside SDDC #2. I will not go through the process in this blog but the steps are similar to setting up the first DC in that you need to promote the server to a Domain Controller. There are several blogs out there on how to do this but here’s one just in case. Once added, you can verify Active Directory is syncing across SDDCs and Domain Controllers by running “repadmin /replsummary” via the Command Prompt. You can now add users, GPOs, etc to either side and both SDDCs will have the same info. To take things even further, add your new Domain Controller as an identity source to the new SDDC. This will allow users to login to either vCenter as long as they have an account on the domain. If you missed my blog on setting up AD as an identity source with VMWonAWS, click here.

Just Make It To The Next Cone…..

This blog entry is a bit on the personal side but I hope it will help those who are feeling overwhelmed with life whether it be personally or professionally. Like most, I have been dealt some pretty bad hands throughout the years. Actually, the entire deck of cards has been filled with Jokers at times. Several years ago a mentor of mine reminded me to always have an “eternal perspective” and that most things don’t lasts forever. While this is true, I’ve found it difficult to keep that perspective when I’m in the thick of it. Life happens. Things break, relationships fail, you get passed up for a promotion, you don’t get the job you want, on and on it goes until you question your circumstances and how can you escape?!

A month ago, one of my children reminded me of a core life principal I was taught long ago. Just make it to the next cone……aka “win the day”. To provide a bit more context, every July 4th, Provo, UT has the Freedom Run where individuals and families enter in a 1 mile, 5K or 10K race followed by a parade down University Ave. This year, my youngest son wanted to run a race so we signed him up for the mile. At packet pickup, he was stoked to get his bib and SWAG bag and couldn’t wait to get on the course the next morning (EARLY the next morning)! Once the gun sounded to start the race, he took off like a shot even though I recommended he slow down and pace himself. No more than 2/10 of a mile had passed when it began…”I so tired”, “I can’t do this”, “this is too hard”, “can we stop?!” One of the guiding principles at the Lambert House is “if you start something, you finish…don’t quit”. As I was trying to not push my five year to the point of tears, I looked up and saw a bright orange traffic cone in the distance and it hit me! “Hey see that cone up there?! Run to that cone and touch it!” He ran and touched it. “Ok, you see that other cone ahead? Go touch it!”. Once again he ran and touched it. Whether it was a cone or a tree along the rest of the course, he worked on just getting to the next stop.

My son, running to the next cone

After 14 minutes and several seconds, my son had finished something he said he couldn’t do. FINISH!!

Life is tough. Social media is great for many things but I personally think Facebook, Twitter, Instagram, make it way too easy for us to compare ourselves to others and we are left feeling inadequate in some ways. For me, I’ve been in IT for 15 years and some days I feel like I’m being passed by like I’m standing still. There are so many smart and talented people at VMware and our partners that I find it hard to keep up. I’ve failed at becoming a vExpert (finally made it this past year though!), failed certifications, failed at maintaining customer relationships, etc. However, I’ve had my share of successes to! To those who are struggling to keep up and/or find their place in the ever changing world of IT….or just life in general…take a step back! Take time to reflect and see what you HAVE accomplished…then ask yourself what you want to do next. Decide what you want that next cone to be and got for it! Then repeat over and over. Before you know it, like my son, you will have reached your BHAG (Big Hairy Audacious Goal)!!!

My little big man and his finisher medal!

P.S. I won’t deny that at some point your cone may be moved by something or someone. To assist with that challenge, I have found the following books to be of assistance. Dr Spencer Johnson’s “Who Moved My Cheese” and the Steven Covey classic “The 7 Habits of Highly Effective People”

AWS re:Invent 2018 – Takeaways

re:Invent 2018 was a week full of exciting announcements that kept me running from one session to another as well as took me out of my comfort zone as a technologist. There was so much going on that it was difficult to digest every session let alone keep up with all of the services and industries that AWS is in. However, these are my takeaways…..

  1. The AWS-VMware partnership runs deep! As previously mentioned, VMware CEO Pat Gelsinger was the only other CEO to join Andy Jassey on stage during his keynote where they announced AWS Outposts. I’m excited to see how customers use the service and the use cases behind them. In addition to the keynote, the VMware Code booth was busy from opening to close as we covered IoT (Raspberry Pi with sensors), Wavefront, VMware Cloud on AWS, and more. It was great to see so much activity and help customers realize that VMware is heavily invested in the cloud and can bring immediate value as customers continue to develop their cloud strategy.
  2. If you haven’t heard the words, Artificial Intelligence, Machine Learning, Deep Learning, Reinforced Learning, or Neural Networks….you WILL!! With services like SageMaker, RoboMaker, DeepRacer, DeepLens, Polly and more, intelligent software is here. From a VMware standpoint, we changed the SDDC acronym at VMworld 2018  from Software Driven Data Center to the Self Driving Data Center as we are working to build intelligent software in products such as vRealize Operations, NSX Data Center, and AppDefense as well as services like NSX Cloud and VMware Cloud on AWS. I would advise everyone to get a base understanding of AI and ML. It will benefit you greatly as skills will need to shift due to learning being built into software. I personally believe that things such as host and server configurations will be a thing of the past. Infrastructure as code is here and we all must learn to adapt. I recommend picking up Prediction Machines: The Simple Economics of Artifical Intelligence by Ajay Argwal, Joshua Gans,  and Avi Goldfarb.
  3. Get outside your comfort zone! re:Invent hosts some of the smartest people I have ever been around. re:Invent is not the time to keep to yourself and only bounce from session to session. Go see the exhibit halls, demo booths and more. Although you may get your badge scanned countless times and receive pointless swag, you may come away with some valuable connections and insight. Take this amazing opportunity to grow your professional network!
  4. There is too much to learn in one week! Consider re:Invent a conference that you will never be able to attend every session you want. The sheer scale of this event makes getting to everything impossible. However, with YouTube at your fingertips, you have an opportunity to review sessions you attended as well as see some you may have missed.

I know this post is a little late. I have been wanting to post this for some time. re:Invent was awesome and I can’t wait to attend next year!

AWS re:Invent 2018 – Day 2

After seeing the VMware Code Facebook and Twitter accounts blow up on Day 1, I decided to check it out for myself. I’ll admit that we have a sweet set up with a barista and tons of tech toys to play with; in the form of Raspberry Pi and various sets of sensors.  I didn’t have time to do the hands-on activities but I plan on coming back on Day 4. I spent pretty much all morning at the Code booth watching Brian Graf deliver various demos highlighting how to build hybrid applications with VMWonAWS and AWS. The coolest demo that set what hair I have left on fire was showing how to leverage various APIs with VMWonAWS with Lex and other services to use Slack to deploy a Photon VM.

Another fantastic session was an Eric Nielsen deep dive on Raspberry Pi sensors. It was packed! If you’re up for it, you can run through the lab here if you feel like going nuts.  It only takes a few dollars of capital to get started.

IMG_5148

After spending considerable time at the VMware Code booth, it was off to go really deep on AWS Direct Connect. This was great to gain a detailed understanding of what makes up Direct Connect (DX). Click on the link above to see the full session on YouTube!

Next, it was off to spend some time in the Expo Hall to do some SWAG shopping.  I was on the hunt for socks but came away with plenty of other stuff. Hopefully, our spam filters are work will block most of the email that is going to come through. I really wanted the LEGO Millennium Falcon but that will have to wait….

To end the day I went to a session on Machine Learning on AWS Storage.  There was a lot of content in this one. It’s fascinating to see how customers are leveraging data to make critical business decisions. The first half it a bit dry but there’s some good content if you want to dive in. Day 2 was a good one….14,253 steps (7.05 mi)…..using the shuttle and staying in one casino has its benefits.

IMG_5153