vRealize Log Insight

New SDDC Certificate Replacement Fling

07/11/2018 by William Lam 7 Comments

Certificate lifecycle management is not something anyone looks forward to, it is time consuming and usually not automated. However, it is a necessity for many of our customers. The process gets even more challenging when needing replace certificates across multiple VMware products, not only careful orchestration but also properly reestablishing trust between product just adds another layer of operational complexity. Within the Integrated System Business Unit (ISBU) at VMware, which produces both the VMware Validated Design (VVD) and VMware Cloud Foundation (VCF), the team has been working on a way to simplify certificate management, not only for individual products (working with product teams) but also holistically at the VMware SDDC level.

This initially started with the development of a tool called Certificate Generation Utility (CertGen), which helps customers generate new certificates for various products within the VMware SDDC. Although it was developed for the VVD, any VMware customer who consumed products within the VVD, could also leverage this tool. We all know certificate generation can be a pain, but it is not as challenging or as complex as the actual certificate replacement process itself which is also fully documented by the VVD team here.

This is where the new Fling comes in, the SDDC Certificate Tool, which automates the manual steps outlined by the VVD and helps customers easily replace certificates that they have created (CertGen or another process) and automatically orchestrates this across the different products within the SDDC. The tool is command-line driven and uses a JSON configuration file which can contain all or a subset of the VMware SDDC products, which is great for supporting different environments and allows for easy source control. Extensive pre-checks are also built into the tool to validate the certificates themselves (e.g. expiry, chain validation, etc) also also preventing miss-match of information (e.g. SAN entries, number of nodes, etc) which then get compared against your actual environment before any changes are applied. The JSON also contains a section referred to as Service Accounts, which is merely other VMware product accounts that the tool supports to reestablish trust after replacing the certificate for given product.

Getting started with VMware Pivotal Container Service (PKS) Part 9: Logging

04/26/2018 by William Lam Leave a Comment

In this blog post, we will walk through configuring the various components within a PKS deployment such as vSphere (vCenter Server & ESXi), NSX-T (Manager, Controllers & Edges), BOSH and PKS Control Plane to forward their logs to an external syslog system such as a VMware vRealize Log Insight (vRLI) which includes 25 free OSI licenses for any vSphere customer.

If you missed any of the previous articles, you can find the complete list here:

Getting started with VMware Pivotal Container Service (PKS) Part 8: Monitoring Tool Overview

04/24/2018 by William Lam 1 Comment

I had received a few questions about the monitoring capabilities for VMware PKS and some of the VMware tools that can help provide visibility and audibility of the platform. Different consumers of PKS will care about different things, as you can imagine the cloud admin/platform operator is primarily concerned with the underlying infrastructure (compute, storage, network) including the PKS Management components. Developers want to know how their application is doing and if there are any issues, how to quickly access the information they need to debug and fix the problem.

Logging

Complete end-to-end logging is a mandatory requirement for many customers, especially when it comes to dealing with large and complex application deployments. Being able to provide centralized access of all logs to both operators and developers is key to be able to quickly triage and resolve an issue. Remote syslog can be configured throughout the PKS stack from the infrastructure and going all the way up to the application if developers decides to instrument logging and sending it to the same syslog target. VMware customers can take advantage of vRealize Log Insight (vSphere customers receive 25 free OSI licenses) which is a on-premises log management solution. If you prefer a SaaS-based solution, VMware also has Log Intelligence which can be used to service both premises infrastructure as well as other cloud hosted deployments.

Infrastructure Monitoring

For Cloud Admins/Platform Operators, vRealize Operations Manager (vROPs) will be the tool of choice which many of our customers are already familiar with. vROps provides analytics, capacity management and alerting for all of your underlying compute, storage and networking infrastructure. This information can be trended over time and provide help proactive identify any anomalies within the infrastructure before they arise. There are a number of Management Packs that can be used to provide easy to consume and out of the box dashboards such as vSphere which gives you information about your vCenter Server and the ESXi hypervisor, NSX-V as well as NSX-T for networking/security and core storage including VSAN.

Application Monitoring

Unlike traditional applications, Cloud Native Apps require a completely different way of monitoring to ensure Developers can easily access the important information they require for development purposes. VMware Wavefront is a SaaS-based solution that is metrics monitoring and analytics platform that can handle the high-scale requirements of modern cloud-native applications. Not only can Developers instrument their own applications and forward that to Wavefront, but Wavefront also provides complete visibility into a Kubernetes (K8S) deployment from namespaces, nodes, pods and all the way down to the individual containers.

Here is a diagram to help illustrate the visibility that each solution provides:

In the next three posts, I walk through the configuration steps to setup vRLI, vROPs and Wavefront with VMware PKS.

If you missed any of the previous articles, you can find the complete list here:

Automating vRealize stack based on VVD using new vRealize Suite Lifecycle Management

09/19/2017 by William Lam 1 Comment

Our Cloud Management Business Unit (CMBU) at VMware just GA'ed the highly anticipated vRealize Suite Lifecycle Management or vRSLCM for short. As the name suggests, this new solution provides customers a simple and consistent mechanism for managing the entire lifecycle management (Day 0 to Day N) for all VMware vRealize Products including but not limited to Install, Upgrade, Configuration Management, Drift Remediation and Health Monitoring. vRSLCM is delivered as a Virtual Appliance which can be used in either a greenfield and/or existing brownfield environment. You can also manage multiple environments that consists of different vRealize products that have been deployed giving customers 100% visibility into all their different vRealize environments using a single interface. For more information, be sure to check out this blog post here.

One specific feature that I think is worth calling out and not because our team was involved with it is the ability to deploy what vRSLCM calls "Solutions". These Solutions not only correspond to the specific vRealize products being deployed but they also align to the three VMware Validated Design 4.1 Use Cases: IT Automating IT, Micro-Segmentation and Intelligent Operations as shown in the screenshot below.

This means for customers who wish to deploy the vRealize stack based on the VMware Validated Designs can now easily do so by simply selecting one of these solutions and providing their environment specific information such as DNS, NTP, etc. and vRSLCM will deploy and configure the vRealize products as prescribed in the VVD. Customers no longer have to manually read through pages and pages of documentation to get the desired outcome. [Read more...] about Automating vRealize stack based on VVD using new vRealize Suite Lifecycle Management

How to purge all logs in vRealize Log Insight?

02/01/2017 by William Lam 7 Comments

I had just deployed a new vRealize Log Insight (vRLI) 4.0 instance in my home lab environment to investigate a behavior that I was seeing with another product, non-vRLI related. Due to the nature of the work, I needed to have a pristine vRLI environment each time to study the results. I had already forwarded some logs into vRLI and rather than deploying another instance or re-deploy the current instance, what I really wanted to be able to do is to just wipe all the logs in vRLI but did not see an option within the UI. I also could have used VM snapshots, but was hoping there was a cleaner solution that vRLI provided out of the box.

The next place I looked immediately after was Mr. Log Insight's site aka Steve Flanders blog but there was nothing there about this other than archiving. After a few Google searches, I came across this exact same question on the vRLI Ideas site but sadly there was no solution and it was dated back in 2014. Though Steve makes a good point about just letting the logs rotate out automatically, in my case, this was not an option and I needed a pristine environment.

Being the curious one, I figured there has to be a way, even if it is not officially recommended nor supported. As you probably have guessed, I did find a way but I would caution that you read the disclaimer below before proceeding further. This was something I needed to do in my lab to test a few scenarios that was non-vRLI related, but I needed syslog target, so this is why I am using vRLI 🙂

Disclaimer: This is probably not officially supported nor recommended by VMware. Please use at your own risk. YOU WILL LOSE ALL YOUR LOGS