Pages

Tuesday, 10 July 2018

VMware vSphere Certificate Management

In this blog will be focussing on how vSphere Manages Certificates using VMware Certificate Authority (VMCA) and also talk about different type of certificate managed by VMCA including CA certificates, Solutions Users Certificates and Machine Certificates (SSL). But before we go ahead with VMCA let’s talk about certificates in general and discuss about certificates authority.

Public key or Digital Certificates are electronic documents which are digitally signed by a trusted certificate source for example Certificate Authority, a certificate can be signed by a CA or it can also be self signed however other parties are not likely to trust certificates as these signing certificates that are used are not embedded in their system, we can make use of self signed certificates for internal use by adding the public key to all the internal systems so as they can trust the Self - Signed certificates.

Certificate Authority plays an important role in Public Key Infrastructure systems (PKI) where a SSL or TLS client connects to a server and the server sends it Public Key to the Client to Authenticate the server, the exchange of Public Key is not done through Plain text however X.509 certificate (Server Name and Public Key) is sent to the client. Client trusts the CA because client already has the CA’s Public Key which was preinstalled (Safari, Firefox, IE) or manually installed by us.

In VMware vSphere 5.x and earlier versions each service listed on a defined port for example (vpxd 443,Apache Tomcat 8443, Inventory Service 10433, vCenter Single-Sign On 7444, vSphere Web Client 9443 and so on, required it’s own certificate because the authentication methodology was based on SSL thumbprint trust which has to be unique, Starting from vSphere 6.0 the individual service endpoints has been replaced by a reverse HTTP proxy which routes traffic to appropriate service based on the type of incoming request.

With VMware vSphere 6.0 VMware Certificate Authority provisions each ESXi hosts and each vCenter Server service with certificates that are signed by VMware CA by default and are stored in VMware Endpoint Certificate Store (VECS) implemented using VMware Authentication Framework Daemon and finally used by vCenter Single-Sign and VMDIR. Confused ?  

Let’s try to simplify it using an example wherein VMware CA is the Bank who has Issued the ATM CARD, VECS is your wallet where you are going to store ATM CARD and finally SSO is the ATM CARD Machine where you need to show your ATM card so as it can verify the authenticity of you as a Valid user and can issue you money.

Image Source -VMware Tech Pubs
Types of vSphere Certificates

1 ) ESXi Certificates are stored locally on ESXi hosts in the /etc/vmware/ssl directory, which are provisioned by VMware CA by default however we can also make use of custom certificates instead.

2 ) Machine SSL Certificates are used to create SSL socket on the server side to make the SSL client connect to the server, Machine SSL certificates are available for each of the node and are used to expose the SSL endpoints by each node (vCenter Server Instance, Platform Services Instances).Services which make use of Machine SSL certificates are Reverse proxy service (which then  redirect them to individual services), vpxd vCenter Service on each vCenter Node and VMDIR service.

3) Solution User Certificates are used to authenticate to vCenter Single-Sign on through SAML tokens, it does so by encapsulating one or more vCenter Server services.A solution user presents the certificate to vCenter Single Sign-On when authenticating for the first time, after a reboot, and after a timeout has elapsed. Solutions users are certificates stores and are part of VECS on each management node and embedded node deployment, vpxd uses this certificates to authenticate to Single Sign-On, vpxd-extensions (for example auto deploy) also get the solution users certificates, vsphere-webclient solution users certificates are also stored in VECS used by performance chart services and machine which is used by component manager, license server and the logging service.

* vCenter Single Sign-On Signing Certificate (), VMware Directory Service SSL Certificate and Virtual Machine Encryption certificates are not stored in VECS and referred as Internal Certificates.























Thursday, 21 June 2018

Vembu Backup Support for VMware vSphere 6.7

Vembu is all set to support the new VMware vSphere 6.7 with its latest release Vembu BDR Suite 3.9.1 update 1. the update is GA now and is ready for Download.




Follow the registration link for their upcoming webinar walking through the release of Vembu latest update Vembu BDR Suite 3.9.1 with support for VMware vSphere 6.7 and few other topics that will be discussed during webinar including VMware Backup, VM Replication, Multiple Recovery options, Automated Backup Verification with Live Demo plus an opportunity to win a $100 Amazon gift voucher*, by registering for this Webinar.

Thursday, 17 May 2018

Vembu BDR Suite v3.9.1 is now GA

Vembu announced the latest release of their flagship offering, i.e. Vembu BDR Suite v3.9.1 which includes standard edition which is designed and priced by keeping the Small and Medium businesses in mind, which will help them meet the modern SLAs for backup and recovery.

In the previous versions, Vembu BDR Suite was available only in the single edition for all businesses. However with the latest release of v3.9.1, Vembu BDR Suite is now available in 3 editions: Free, Standard and Enterprise. Vembu BDR Suite Edition Comparison
** Vembu also offers a flat 50% discount with Vembu VMBackup for Small and Mid-sized businesses that sustain with environments upto 6 CPU sockets.

The most daunting task for SMBs in implementing a BDR solution for their IT infrastructure is the budgetary constraints. Considering this in mind, Vembu announced the Standard edition of its flagship offering to keep the cost of the product affordable for everyone.
Vembu BDR Suite – Standard Edition, comprises a rich set of backup and disaster recovery features for SMB data center needs. The objective is to offer a powerful and hassle-free data protection solution to Small and Medium Businesses at an affordable price.
With this new standard edition of Vembu BDR Suite, SMBs can protect their entire virtual IT infrastructure with predominant features like Agentless VM backup for VMware and Hyper-VQuick VM recovery Instant File Recovery, Granular recovery for MS applications to ensure RTO less than 15 minutes.
Businesses can add any type of storages to meet their retention and storage needs. The Standard Edition of Vembu BDR Suite also offers inbuilt compression and deduplication to use the storage resources efficiently. And, through AES-256 encryption algorithm, it assures data security at flight and on rest.
The price points have been worked upon this time. Vembu extensively looked into their customer base and analyzed from various fronts like the features a medium business wanted and their ability to spend.Small businesses didn’t want to shell out for products that had way too many features than required. They didn’t want to spend on what they didn’t need.
Vembu agreed with them. Although their pricing has been very affordable for the features Vembu offered, they decided to make it even simpler with their Standard Edition.
The Standard Edition for VMware Backup is priced at USD 216/CPU-socket/annum. If our requirement comes under 6 CPU sockets, we can get an additional discount of 50% that could lead to USD 108/CPU-socket/annum!
The Standard Edition for Hyper-V Backup also has surprises. Priced at a reasonable USD 144/CPU-socket/annum, it gets down to USD 72/CPU-socket/annum if it falls under the above-mentioned discount category.
Generally, implementing a BDR Solution is preferred to ensure data availability at all times for continuous business operations. With the new Standard Edition of Vembu BDR Suite, the SMBs can now enforce the best Backup and Disaster recovery solution in their IT environment at a reasonable price to achieve superior data protection along with Business Continuity.
The v3.9.1 edition comes with significant enhancements and bug fixes aimed at improving the performance of our flagship offering Vembu BDR Suite.
No matter how simple or complex IT environment is, the Standard Edition of Vembu BDR Suite will be a competent BDR solution for our business, thereby ensuring the right value for our money.
Download Vembu BDR Suite v3.9.1 today and experience the best modern data protection for your environment. The release notes are available here
Interested in trying Vembu BDR suite?, Try Now on a 30-days free trial

Thursday, 22 March 2018

VMware vRealize Automation - Creating & Configuring Tenants Part 1

I have dedicated couple of blog posts earlier in vRealize Automation section wherein we discussed about Installation, Architecture, Roles and LayersCreating blueprints, Custom properties and What's new with the latest releases.  Here are few links for quick reference vRealize Automation Installation Part 1vRealize Automation Installation Part 2 , vRA Roles and Layers , vRealize Automation Architecture , Provisioning Machines in vRA , Multi Machine Blueprints , Custom Properties , and What's New in vRA7.
 
Recently did the fresh installation of vRA 7.0 in my Home Lab environment and added another tenant QA, synced users and also configured branding and created fabric groups so thought of dedicating a series of blog post which will serve as step by step guide for my reference and also help others to understand the procedure from creating a Tenant, configuring Branding, adding users, creating Fabric Groups, Creating machine prefixes and also talk about the creation of reservation policies, business groups.

*Note: Installation/Configurations/Specifications methods used here has been Tested in My Home Lab Nested Environment

The steps involved when creating/configuring a tenant is to access the default tenant (vSphere.local) and name the new Tenant/ Create a tenant specific URL and finally specify the users who can access the Tenant and can assign the Tenant and Administrator roles to the newly created users.






As shown in the above screenshot I logged in to my default tenant and created a new tenant  (QA) after providing some details including the Name of the new Tenant / Description/URL/Contact Email.  Next task on the list is to add local users and assigning them Tenant Administrators/ IaaS administrator roles and do some branding for our newly created tenant QA.


























After the successful creation of my new tenant QA and giving the local users the IaaS administrator and Tenant Administrator roles it was time for me to access the newly created Tenant https://vRealize Automation Appliance FQDN /VCAC/ORG/Qa/Domain and do some Branding for the same. 

Wherein we have the option to customize the look and feel of the login screen including logo, background color and specify Header and Footer Settings.























Once the branding is done the next task on the list is to make use of Directory Management Feature to configure a link to Active Directory (Over LDAP) (Integrated Windows Authentication) to support user authentication. By Specifying Directory Name, FQDN of vRealize Automation Appliance,Domain Name, Domain Administrator Username/ Password.  Once the Directory is configured we can further go ahead and provide details including SYNC Settings, Group Information (Group DN's) to sync for example CN=users,DC=example,DC=company,DC=com, by selecting the Active Directory Groups that we want to Sync with the directory the users part of the groups are also synced. 




















After we saved the directory configuration the next task on the list is to assign Tenant and IaaS administrator roles to the QA tenant, which will be done by connecting to the default tenant (vsphere.local) using the administrator account and editing the properties of QA tenant and then selecting the Administrators options.



Once we have added both the Tenant and IaaS administrator roles will be creating a Fabric Group and assigning Fabric Administrators, all these tasks will be performed using the IaaS admin role we have configured in our last step as IaaS admin is responsible for configuration of Infra Fabric by connecting various endpoints, and also for creation of Fabric Group/ Assignment of Fabric Admin role to a Fabric Group

Will be dedicating another article Part 2 of the series further explaining the steps involved for the creation of Fabric Groups,Machine Prefixes, Reservation Policies, Network Profiles, Business Groups and Reservations.

Tuesday, 6 March 2018

Vembu BDR Suite Free Edition


I have been associated with Vembu as a Blogger for more than two years and have seen some great enhancements in the overall product portfolio, be it the Vembu BDR Suite or Vembu Cloud Services there has been a lot of new features and functionalities that has been added in every release while working parallely with vendors and following their release cycle. I have already dedicated blogs covering some of these features and what’s new with Vembu BDR here is the link for your reference Vembu BDR Suite v3.9.0 is now GA.

Dedicated this article to talk about the New Vembu BDR Suite Free Edition which offers backup and recovery for both virtual and physical environment without any hidden costs. Vembu BDR Suites comes with a 30 days of free trial with no restriction in terms of available features and post 30 days we can opt out for free edition to continue using the features with some restrictions or we can purchase license as required.

Free VMware Backup

Suitable for those businesses, that do not have sophisticated data protection systems, Vembu VMBackup provides an exclusive Free Edition for VMware environments where the user can take unlimited agentless VMware Backup hosted in VMware ESXi host (6.5, 6.0,5.5,5.1) and vCenter server (6.5, 6.0, 5.5, 5.1 and 5.0) at zero cost. It also Supports multiple VMware transport modes like Direct SAN, HotAdd and Network based (NBD & NBDSSL). VMBackup automatically analyses and chooses the appropriate transport mode to improve the VM data transfer rate.


Vembu offers free Hyper-V backup using their proprietary driver to protect the production VMs running on the Hyper-V environments (Microsoft Windows Server Hyper-V 2016, 2012 R2, 2012 and 2008 R2) by taking consistent snapshots of the VMs having highly transactional applications like Exchange, SQL, Active Directory and SharePoint using Microsoft VSS writer and truncate the transaction log files during the backup job.


Vembu’s Free Windows Server Backup will protect the entire Windows Servers machine including operating system, applications and data at zero cost. Vembu ImageBackup uses application-aware technology to take a consistent backup of the windows server machine running the Microsoft application like Exchange, SQL Database, Active Directory and SharePoint.


Vembu Image Backup offers comprehensive Backup and Disaster Recovery solution for Windows Desktops and Laptops at FREE of cost. It backs up entire system image or individual volumes of Windows Desktops and Laptops. During system crash or any major disaster, Bare-metal Recovery (BMR) helps to recover the backed up Windows machines into same or different hardware.


Backing up workstations is as important as backing up a server ,Data loss in a business may happen due to any of the reasons like system crash, hard disk corruption, power interruption, improper shutdown, accidental file deletion,A data loss in these workstations may badly affect the productivity of a business. Vembu File Backup of workstations using Vembu Network Backup can help to backup unlimited files, folders and applications of the workstations with no restriction on size of files and folders.

Free Vembu Universal Explorer

Vembu Universal Explorer instantly recover the individual Microsoft application items from the backed up data. Be it physical or virtual machine data, Vembu Universal Explorer recovers application items from Microsoft Exchange, SharePoint, SQL and Active Directory without restoring the entire VM backup and disk image backup. Vembu has turned down all the difficulties faced by an IT administrator in restoring the Microsoft applications and related items through Vembu Universal Explorer. It provides an easy-to-use and intuitive UI, so the user can browse the required application items easily from the backed up data without any complication and restore to live application servers or download them into specific formats.


Vembu Recovery CD eases up Bare-metal Recovery process by restoring the backed up image data of the source disk or partition to the same or new hardware. The backed up image data of a physical or virtual machine stored in BDR server can be restored to a physical machine by using Recover entire disk or a partition option from the Vembu Recovery CD. This can be done by downloading the virtual disk file (VHD/VHDX) and configuration file of the backup from the BDR backup server and restoring them through Vembu Recovery CD.

Sunday, 21 January 2018

Vembu BDR Suite v3.9.0 is now GA

It is highly important that data needs to be backed up and there should be an effective Disaster Recovery plan in case of data threat or a catastrophe. While data continues to grow and there are number of technology providers who offer better and comprehensive storage techniques to businesses, there has not been an alternative to the concept of backup. While costs are a major factor for businesses, having a steady backup plan to counter data threats and compliant to strict regulatory standards(including the upcoming EU’s GDPR) is necessary. Be it virtual environment backup like VMware Backup, Microsoft Hyper-V Backup or legacy environment backup like Windows Server Backup, Workstation backup, Vembu BDR Suite has been offering Backup & Recovery with their own file-system, VembuHIVE thereby easing the backup process, storage management at an extremely affordable pricing. 

Last week, they did announce the release of Vembu BDR Suite v3.9.0 which offers manifold features and enhancements to meet the different needs of Diverse IT environments. According to them, the overall goal of the new version v3.9.0 is to provide advancements in terms of Storage, Security, and Data Restoration. 


Vembu BDR Suite v3.9.0 release is distinct because a number of critical features are incorporated for maintaining business continuity and to function effectively for high availability. Here are some of the key highlights of this release.

Tape Backup Support 

Vembu now provides the popular 3-2-1 backup strategy( copies of backup in 2 medias(Disk and Tape) and 1 backup copy at offsite) to businesses by announcing the support for Native Tape Backup for  Image-based Backups (VMware, Hyper-V, and Physical Windows Servers & Workstations) providing an option for Long-Term Archival and Offsite storage.  Also, Vembu Tape Backup Support makes the DR possible on any physical or virtual environment. Thus Vembu Tape backup is designed keeping in mind the future needs of the ever evolving IT demands.


Quick VM Recovery on ESXi host for Hyper-V and Windows Image Backups

As we speak of data backup, recovery of data is equally important, if not more. While data recovery is crucial, the amount of time taken to restore data decides the business continuity of any organization. In the previous versions, Vembu has provided instant recovery capabilities only for VMware Backups from the GUI. From this release v3.9.0, Vembu makes the instant recovery process much simpler and quicker than before by making the Quick VM Recovery possible on VMware ESXi from Vembu BDR backup server console for all image-based backups(VMware, Hyper-V and Microsoft Windows). Thus, Vembu lowers the Recovery Time Objectives of the organizations and provides quicker data regain and access.


Backup-level Encryption

With the newest release, Vembu provides the ability to encrypt the data while creating a backup job. Each backup job that is configured from the distributed agents or through the Vembu BDR backup server is now highly secured through Backup-level Encryption. By using customized passwords, users will now be able to enable additional security for their backup jobs. And the backup data can be restored/accessed only by providing the password. Thus, the data is encrypted and can only be accessed by authorized users. This step is to fight data threats and also to ensure data compliances. 


Auto Authorization at Vembu OffsiteDR Server

Offsite data protection is critical in terms of business continuity and is primarily done to keep a backup instance of key business data. To increase data security, Vembu BDR Suite v3.9.0 has Auto Authorization feature at Vembu OffsiteDR server that lets only the registered BDR backup servers to connect to the OffsiteDR server. Vembu BDR servers are authorized through unique registration key generated at the OffsiteDR server. Thus, safeguard all your backup data even if they are transferred to offsite through Auto-Authorization at OffsiteDR server.



Many businesses are in a need to execute certain business logic before or after a backup job. But running these logics manually through scripts is difficult and is not feasible for organizations having multiple backup jobs running in their IT infrastructure. To make this process simpler, Vembu BDR Suite v3.9.0 provides a separate wizard in NetworkBackup, OnlineBackup and ImageBackup clients, where one can add a number of pre and post executable commands/scripts. This helps in automatically executing the added commands/scripts at specific stages based on the configuration and provides the ability to run the custom actions before/after the backup schedules.


Besides all the listed features, Vembu BDR Suite v3.9.0 has few interesting features like Windows Event Viewer Integration along with some Enhancements.

Interested in trying Vembu BDR suite?, Try Now on a 30-days free trial: https://www.vembu.com/vembu-bdr-suite-download/