Looking Back and Looking Forwards

Back in May 2015 I wrote about moving forwards and my decision to join Xtravirt as a Senior Consultant and push my career forward to a new level. It was a big jump of faith for me and I was worried I had made the wrong decision initial. Oh how wrong was I! 18 months later and I’m a Lead Consultant,  VCDX #222, VCIX-NV, NSX Ninja, vExpert 2015, 2016 and vExpert NSX. I’ve presented at VMUGs, participated in podcasts, presented vBrownBag sessions and spoke on a panel at VMworld Europe. None of this would have been possible without the support from Xtravirt, their management team and the amazing people who work for them. 

I set myself an 18 month plan – VCDX-DCV. Less than 12 months into that plan, on the 9th May 2015 I received an email “VCDX-DCV Defense Results” welcoming me to the VCDX programme and awarding me VCDX #222. I never thought I’d be able to achieve it in 18 months, let alone 12. Again, this wouldn’t have been possible without the support of Xtravirt, my colleagues and my VCDX partner, Marco van Baggum.

As part of my journey to VCDX, I developed and gained the skills needed to become a Lead Consultant. Being able to show to my manager how I had met the criteria for the role and how it related to what I’d learned for my VCDX I was promoted to Lead Consultant alongside my colleagues Sam McGeown and Gregg Robertson (now since moved to Dell EMC).

new_op

Fast forward to today and it’s my last day at Xtravirt. I’m leaving behind a great team of people and it certainly wasn’t an easy decision. Joining Xtravirt was an incredible experience and has enabled me to take my career in directions I never thought possible in such a small amount of time. If anyone want’s to turbo charge their career and work with some of the smartest and most dedicated people in the Virtualisation community I would highly recommended getting in touch with Mike Jones.

On Monday 31st October I start a new role as Global Cloud Architect at Dell EMC. It presents my next challenge and one that I’ve spent the last several years working towards. It’s going to be a busy couple of months, getting to grips with everything the new job involves and preparing to defend the VCDX-NV, but I will make sure I stay active within the vExpert community, twitter and attend as many events, VMUGs, vBeers and everything else that I can going forwards. I’ll be working with a number of people as a VCDX mentor and part of the VCDX Study Group to help them achieve the goals just like I have.

 

vExpert Slack – August 2016 Update

slack

As the 2nd half 2016 vExpert announcements are due out on the 19th August I thought I’d better update my original vExpert post.

There are now 384 vExperts on the vExpert Slack and 31 channels covering topics from EUC to OpenStack and everything in between. We usually have around 150-200 vExperts active at anytime. It’s been great fun over the last year and the community is growing day by day. We now have 3 admins looking after the day to day running and I hope to add a forth in the next few weeks so we have someone around 24 hours a day.

To make the process for requesting an invite easier, I’ve created a Twitter account (vExpert Slack) which is monitored by the vExpert Slack admin team and you should get a response a lot quicker than emailing or tweeting me directly. We now have 3 admins looking after the day to day running and I hope to add a forth in the next few weeks so we have someone around 24 hours a day.

When requesting an invite please can you DM (DM’s are open and don’t require the account to follow you) a link to your vExpert profile and the email address you would like the invite sending to. This will save a lot of time and allow us to get an invite out to you as soon as possible. If you don’t get a response within 48 hours please drop me a message. Unfortunately, the vExpert Slack is only open to current vExperts and VCDX.

Cloud Insiders Podcast

cloudinsider

This week saw the launch of Cloud Insiders, a podcast that brings the cloud down to earth. Backed by leading cloud and virtualisation solution provider Xtravirt, Cloud Insiders will explore the IT transformation issues facing today’s organisations, and the technology solutions that have been developed to help them.

As an independent partner engaged in IT transformation projects, Xtravirt saw the need for a forum to provide high level discussion and insights available via a podcast to those who make decisions around technology and need to learn quickly.

Cloud Insiders will provide thought-provoking insights into trends facing the cloud computing and virtualisation arena, as observed by industry experts.

The first episode of the podcast went live on 11 May and features guest speaker Peter Grant (Xtravirt CTO) answering ‘Cloud: Does it hold water?’ This inaugural episode covers the business drivers leading to cloud computing, caveats to avoid and trends Peter is seeing in the adoption of cloud into global IT.

I’ll be featuring on the second episode “I’m too NSXY for my shirt” along with Xtravirt’s Technical Presales Consulant, Andy Hind. We will be discussing NSX and how it effects the future of everything and what we predict will happen with SDN.

In addition to Peter, Andy & myself, a number of guests are already lined up to contribute to future episodes which will be released over the coming weeks.

Cloud Insiders brings an exciting concept to the IT community: a platform for users, vendors and industry experts to debate and explore the issues and technologies that are shaping the way we deliver IT.

The podcast is being made available through iTunes, Stitcher, Google Play.

Show notes and free resources will also be available at cloudinsiders.fm.

North East VMUG – Thursday 25th February

vmug_logo

I will be speaking at the North East VMware User Group on Thursday 25th February in Newcastle along with Marco Van Baggum from ITQ in the Netherlands. We will be presenting “NSX In The Real World”, where we will talk about how we have deployed NSX in production environments over the last 6 months and any issues we have encountered and answer any questions.

We will be speaking alongside Joe Baguley, Chief Technical Officer for VMware EMEA, who will be delivering the keynote and Duncan Epping, VMWare Chief Technologist – Storage and
Availability, who will be talking about Virtual SAN. Kyle Jenner from SITS Group will also be delivering a session on the importance of a VDI assessment for an accurate design and ultimately a successful project.

Tegile, 10Zig and Simplivity are sponsoring the event and there will be vBeers after at Centurion Bar.

The event will take place at Campus North:

Campus North
Auditorium
Sunco House
5 Carliol Square
Newcastle, Tyne and Wear
NE1 6UF

 

Public CA certificates with Internal Server Names & IP Addresses

padlock

While working on a recent engagement I had a discussion with a customer’s Architect about how we would issue certificates for a vSphere, vRA & vROPS deployment. The customer had no internal CA and relied instead on a public CA to issue all certificates that would be user facing.

This simplified the management of the certificates and meant they did not need to maintain an internal PKI infrastructure or root certificates on client devices. I explained to him that while this worked currently for their servers which used internal names or reserved private IPs it would soon change and they would need to look at deploying their own PKI infrastructure.

As of the 1st November 2015, public Certificate Authorities like Symantec and GlobalSign will no longer issue certificates with a subjectAltName extension or Subject commonName field containing a IP address within the IPv4 RFC 1918 reserved address space or  IPv6 address in the RFC 4193 range:

This is also the case for Internal Names. An Internal Name is a Common Name (CN) or Subject Alternative Name (SAN) field of a certificate  does not end with a valid Top Level Domain (TLD) i.e. .local, .internal etc. CN or SANs which end with valid TLD i.e. .com or .net will still be valid.

This will also affect certificates which use NetBIOS names or short hostnames i.e vCenter01, WebServer, Beeblebrox etc.

Any certificate which expires after the 1st November 2015 will not be reissued and after the 1st October 2016 all certificates which are still valid will be revoked by the issue CAs and will no longer work as a valid certificate.

This is not just a VMware issue and will impact all servers using certificates described above. However, if you are affected by this issue in your VMware environment, VMware have posted a KB article which covers the issue here.

VCIX-NV Study Resources

NSX

I recently passed my VCP-NV exam and I am now studying for the VCIX-NV. I thought I would gather together the resources I’m using in a single place for my own reference and to help anyone else studying. I’ll update this page whenever I find new resources.

VMware NSX Documentation (6.0.x)

NSX for vSphere Installation and Upgrade Guide
NSX for vSphere Administration Guide
NSX for vSphere API Reference Guide
NSX for vSphere Command Line Interface Reference

Securing VMware NSX

VMware NSX Network Design Guide

Deploying VMware NSX with Cisco UCS and Nexus 7000

VMware NSX-v Hands-on Guide – Lessons Learned in Real Life Deployments

Understanding and troubleshooting VMware NSX Manager

VCIX-NV Blueprint

Version 1.9 – August 2015

Study Guides

The (Un)Official VCIX-NV Study Guide

VMware Hands on Labs

HOL-SDC-1603 VMware NSX Introduction
HOL-SDC-1625 VMware NSX Advanced

Plural Sight Videos

VMware NSX for vSphere  – Introduction & Installation
VMware NSX for vSphere – Network Services

Videos

VMware Network Virtualization Fundamentals

ESXi 6 Update 1a & ESXi5.5 Update 3a Released

VMware have released ESXi 6.0 Update 1a which fixes the issues noted in KB2124669 – ESXi 6.0 network connectivity is lost with NETDEV WATCHDOG timeouts in the vmkernel.log.

The update is available here.

Also, VMware have released  ESXi 5.5 Update 3a which incorporates the patch for KB2133118 where Snapshot Consolidation caused Virtual Machines to crash.

Update 3a is available here

Hopefully vendors will released updated custom ISOs for both ESXi 5.5 U3a and 6.0 U1a over the next few days.

 

vExpert on #slack

—-UPDATED POST FOR AUGUST 2016 vEXPERTS HERE—–

giphy

Earlier tonight I noticed a tweet from Zach Milleson (twitter) who asked if there was a #slack channel for vRO or vRA which got me thinking. We’ve just started to use #slack internally at Xtravirt and it’s had a great uptake and has increased the amount of collaboration within the professional services teams as well as given other teams opportunity to get help with issues when needed.

Having seen the impact #slack can have and with Zach’s tweet in mind, I’ve set up a #slack team for vExperts- https://vexpert.slack.com. The idea being that vExperts can use the various channels to communicate and collaborate across common topics.

It’s only using the basic package for now until I see how much usage we get. With this in mind it’s set to be invite only so if you want access please send a DM or tweet to “vExpert_slack” and I will add you to the team. I’ve created channels for things like vRA, VRO, VCIX and VCDX and can add additional channels if requested. It will probably take a little time to reach critical mass and as more people join the more useful it will become.

vRO ERR_SSL_WEAK_EPHEMERAL_DH_KEY error

I’m currently working on a project for VMware Professional Services in Schiphol-Rijk, The Netherlands along with Marco van Baggum (twitter/blog). While testing the deployment of vRO my colleague and I noticed that we were getting errors when using certain browsers.

vRO-DH-Error01

This error hadn’t occurred previously and nothing had changed with the SSL certificates. After a bit of head scratching I noticed that Chrome had recently updated to Version 45 (also disabling Java!) and was now blocking access to sites with weak ephemeral Diffie-Hellman keys. This is also the case for Firefox v40 and above but I’ve not come across the issue with Internet Explorer 11.

After some research I found VMware KB (link) which pointed me in the right direction.

vRO 6.x has the following keys enabled by default:

This includes the weak ephemeral Diffie-Hellman keys:

SSH to the vRO appliance, and edit the file /etc/vco/app-server/server.xml

Search for the line :

Remove the weak ciphers so the line is now:

Repeat the above for the file /var/lib/vco/configuration/conf/server.xml

Save the files and reboot the appliance.

When you access the vRO URL you should now see the following:

vRO-DH-Error02

 

vExpert 2015

vExpert-2015

Late yesterday evening (UK time) while I was working away in the Netherlands, the 2015 Second Half vExperts was announced (VMTN Blog). This is the first year I have felt I’ve done enough to qualify so was amazed to see that I had been named along with my colleague Giuliano Bertello (blog.bertello.org / @GiulianoBerteo). This now takes the number of vExpert’s at Xtravirt upto 13 (Jason Meers having moved on during the last 6 months).

So what is a vExpert? VMware vExpert is an honorary title VMware grant to outstanding advocates of the company’s products. A “vExpert” is not a technical certification or even a general measure of VMware expertise. The judges select people who are particularly engaged with their community and who have developed a substantial personal platform of influence in those communities. There were a lot of smart, accomplished people, even VCDXs, that weren’t named as vExperts this year. This accreditation means that the person is at the top of their game as well as an evangelist for VMware’s products.

To be included in this list of people is a huge honour and something I will work hard over the next 12 months to make sure I continue to justify my nomination,