I recently had to rebuild part of my home lab due to a very poor decision to host all of my nested ESXi hosts on a single SSD. Kids, Do NOT do that at home! Obviously this is a lab and budget was a constraint, but it was a bummer when my SSD finally failed. It might be useful to review some steps used to build ESXi Servers inside VMware Workstation. Especially since Workstation 10 can clone ESXi which makes things much quicker. ...
When I work with smaller sized customers, I often hear that they don’t have any networking monitoring software available. Usually there is some server monitoring there, and something that pings network devices, but nothing that can display how much bandwidth is being used, and when. If you are in this situation, I implore you to check out PRTG monitor from Paessler. This is a great piece of software, that can do much more than monitor your Internet bandwidth, but that’s what I use it the most for. There is a full version, but the free version will allow you to monitor up to 10 ports which is plenty if you’re just monitoring your WAN, or a few ports like your ESXi hosts in your home lab! ...
I never thought that I’d be writing this post, but the day has come where I decided to switch to an Apple laptop. If you’ve known me, you were probably aware of my disdain for Apple products. I was of the opinion that they are offering the same equipment with a higher price tag and people who purchased that stuff were suckers. So now, either I’ve been snookered into this mass hysteria of Mac Madness, or things aren’t really how I originally thought. ...
In this day and age, almost all the programs we interact with are web pages. Many of the applications we deploy end up having a web front end and are configured with a default SSL Certificate. It’s much more secure to have your own trusted certificate and in previous posts I’ve gone over how to setup the Public Key Infrastructure (PKI) in a home lab, as well as deploying Web Certificate Templates for our applications. ...
Hey! You got your VMworld in my Tech Field Day! The makers of Tech Field Day are having an “Extra” set of sessions at VMworld 2014 this year in San Francisco. As you may already know, the Tech Field Day group gets together a set of delegates to engage with some vendors about a variety of solutions. These discussions are all streamed live, as well as posted for later viewing. The discussions are to be technical in nature and can be directed in a much different path than a normal “set” presentation. ...
Congratulations, if you’ve made it this far, you’re almost done with the replacing of your VMware SSL Certificates! If you’ve followed the previous posts, you’ll know that this has been a long path to completing your goal. This post finishes installing those certificates on your vCenter server. If you missed a part please check out the previous posts to get caught up. Create a Home Lab Certificate Authority Deploy Root Certificates via Autoenrollment Create VMware-SSL Web Certificate Template Create VMware Services Certificate Requests ...
I’ve seen quite a few VMware environments where when you login, you get that silly error message about a certificate not being trusted. This is something we can fix and more importantly be sure that the connections are trusted and encrypted. Prerequisites Trusted root certificates deployed to workstations - Instructions for Lab Environment Web-Certificate Template Deployed - Instructions for Lab Environment Certificate Authority Web Enrollment server - (If you followed the Lab Environment setup this should be on your CA already) Download OpenSSL and install it. I used 1.01h as the version for my lab which worked fine on a Server 2012 R2 Server which is also my vCenter Server. Download and install the vCenter Certificate Automation Tool from VMware. This is also found in the vCenter install media for vSphere 5.5. I prefer to create my certificate requests right from the VMware vCenter Server, so I install both the SSL Automation Tool and OpenSSL directly on the vCenter Server. If you’re using the VMware vCenter Server Appliance you’ll need to do this someplace else and there are some additional steps not listed in this post. Please see this KB article for more info: vCSA SSL Certs ...
In order to replace our VMware SSL Certifactes, we need to create a web certificate template that we can then reuse to deploy all of the individual service certificates like vCenter, SSO, Update Manager, vCenter Orchestrator, etc. This certificate will be issued on the vCenter Server and requested in a later process. In part one of this series, we installed a certificate authority. In part two of this series, we deployed client authentication certificates to all our workstations and servers. ...
Home Lab SSL Certificates aren’t exactly a high priority for most people, but they are something you might want to play with before you get into a production environment. In part one of this series, I went over installing an Enterprise Root CA just to get us up and running. Again, be aware that for a production environment you should use an Offline Root CA and a Subordinate CA, but we’re in a lab and don’t need the additional layer of security. ...
If you would like to setup SSL certificates for your home lab, this guide should get you to a minimal installation. The goal of this post is to show you a basic way to setup certificates and should not be followed verbatim if you are planning a production deployment. For one thing, this post uses an Enterprise Root Certificate Authority and in a production environment you really should have an offline Root CA and an online Subordinate CA for security purposes. ...