Posts

We’ve discussed Initial configuration steps, Claims, and Resource Properties and we’re starting to see the power of Microsoft’s Dynamic Access Control, but we need a better way to manage these and that’s why we’ve come to “Rules and Policies”. A Central Access Rule can be used to take claims such as users in a department and match them up with permissions on a filefolder with specific resource properties. This is where the real power comes into play because now we don’t have to go through and map these for each individual file. We’re setting a general policy for the entire organization all at once. ...

In the first four parts of the Dynamic Access Control Series we covered Initial Configurations, Claims, Resource Properties and Rules Policies. These are working great in our environment but we still have to go through and manage the classification tags. Wouldn’t it be easier to have some files automatically tagged with a certain resource classification? Enter File Server Resource Manager to the rescue! Classification Rules From within File Server Resource Manager (FSRM) go to Classification Rules and choose to “Create Classification Rule…” ...

There are two terms used in IT that are often used in conjunction when learning about how technologies are built. These two terms are “Control Plane” and “Data Plane”. A quick and dirty definition of these two terms would be: Control Plane - The decision making part of any system. Usually considered the brains of the system. Data Plane - The part of a system that carries out an operation. This would be the routine tasks needed to make the system work. Just as a sidebar, if you are looking for me to site my source on those definitions you’re out of luck. These are my basic definitions that I’ve made up for purposes of this post. If for some reason these definitions become common place, then I want some royalties. :) ...

VMware vCloud Networking and Security (vCNS) can provide Network Address Translation (NAT) services from the vCNS Edge appliance. There are two types of NAT that the edge appliance can provide. Destination NAT (DNAT) is used to provide access to a private IP Address from a (usually) public IP Address for incoming traffic. Source NAT (SNAT) is used to translate a private IP Address into a (usually) public IP Address for outgoing traffic. This type of NAT can also be called “masquerading”. (It’s a subtle difference that we won’t go into in this post.) ...

If you have an MCITP or similar certification from Microsoft on Server 2008 and want to keep your certifications up to date, chances are you will need to take the 70-417 exam. I recently sat this test and wanted to share some of my experiences with you. My certification background in Information Systems started with my journey to become an MCSE 2003 so Microsoft is kind of my first love when it comes to certs. I deal a little bit less with the day to day configuration and maintenance of Windows, but Windows Server will always have a certain place in my heart and I try to keep up to date with my credentials. ...

One of the most basic tasks that happens on a network is assigning IP Addresses. Once a VMware vCNS Edge appliance has been deployed, you can now hand out IP address through Dynamic Host Control Protocol (DHCP). In previous posts, I’ve walked through installing vCNS Manager and installing vCNS Edge appliances. These are prerequisites to setting up DHCP on the VMware vCloud Network and Security appliance. vCNS Edge DHCP Setup Log into your vShield Manager and click on the Datacenter. Click the “Network Virtualization” Tab where you’ll find the Edge appliance you’ve already deployed. Go to Actions and click “Manage”. ...

vCloud Networking and Security has the capabilities to provide edge services inside of your virtual environment. Edge firewalls, network address translation, DHCP, routing are all things that vCNS Edge can do for you. This post goes into the steps necessary to deploy vCNS Edge. I should mention that vCNS and the previous name vShield may be used interchangeably in this article. Logical Diagram The picture below is a diagram of what our environment will look like when we’re done. We have production VMs as you might expect, and our new vCNS Edge VM. We’ve also got our new Edge network and a Shielded VM which will not be connected to the production vSwitch directly. ...

We’ll be giving away a pair of the Sony MDR-X10 headphones courtesy of Veeam. If you’re in the market for a stylish set of shiny new headphones and don’t want to shell out hard earned cash for them, this is your lucky day. During the vsphere-land.com top virtualization blog contest I was fortunate enough to win a pair of these to give away on my site. Here is how you can win a pair of these headphones for yourself. ...

Each year Eric Siebert at vsphere-land.com has a voting process where you can cast your ballot for your favorite virtualization blogs. He lists those blogs on his vlaunchpad site if you’re curious to see who made the list. Luckily again this year my friends over at whateverinspires.com were kind enough to provide a logo for any bloggers who made this prestigious list. This year there are Gold, Silver, and Bronze badges depending on your status. If you made the list, please feel free to download the image and use it on your site. ...

If you’re a vSphere Administrator and have compliance regulations to deal with, vShield Endpoint might save you a lot of hassle. From my own experience with PCI-DSS, it was important to limit the cardholder data environment scope. The fewer devices that touch credit card data, the fewer items that had to be protected. In the same breath, it was important to have Anti-Virus, malware protection, firewall rules and file integrity monitoring. vShield Endpoint allows for all of these things to be handled in a single package. This post looks specifically at Trend Micro’s Deep Security Product. ...