When Hashicorp Vault, Systemd, and SELinux collide
April 09, 2021
Some time ago, I found myself struggling to get the Vault agent to work as I expected it to after installing it from the HashiCorp repository. What came next was a journey into systemd sandboxing behaviour, Linux capabilities, and my...
Securing GitHub access with Hashicorp Vault
June 01, 2020
All of the major version control systems (VCS) allow you to use SSH keys as a means of proving your identity. Simply upload the public key from your SSH keypair, and when you attempt any operation to a remote repository,...
Randomising vSphere Datastore Selection With Terraform
May 27, 2020
This week I ran into a customer who wasn’t using datastore clusters in their vSphere environment and was looking for ways to randomise the placement of workloads.
Dynamic Password Rotation for vCenter with HashiCorp Vault
April 30, 2020
The proliferation of sharing code over the last few years has led to an exponential number of usernames and passwords being accidentally exposed to the world. This is true for both hard coded application credentials in XML files, and infrastructure...
Terraform Modules: vRealize Automation Administration - Cloud Accounts
April 12, 2020
Let’s revisit the requirements I put together for the Cloud Accounts module, and then we can delve into the code and see how each of these requirements was addressed.
Terraform Modules: vRealize Automation Administration - Introduction
April 10, 2020
A few weeks back (six to be exact), I woke up to a message from my friend Jad asking about recommended practices on Terraform code organisation. He was looking at this in the context of managing the configuration of a...
Dynamic Cloud-Init Content with Terraform File Templates
January 07, 2020
In my previous post, we took a look at how you could use cloud-init to provide a consistent workflow for image initialisation across both public and private cloud. The simple example passed a set of hardcoded values into a virtual...
Terraform, vSphere, and Cloud-Init oh my!
January 04, 2020
One recurring pattern that I’ve seen over the last number of years is that organsiations who adopt public cloud build out processes and workflows that allow them to build and deploy in a highly automated and reliable manner. Once they...
Enhancing vRealize Automation 8 with Terraform
January 02, 2020
VMware announced vRealize Automation 8 (vRA8) a few months ago at VMworld. It is a nice step forward from the previous version, and if you are all in on VMware’s Software Defined Datacenter story, then it can add some real...
Securing Environment Variables with 1Password
September 23, 2019
When I received my new laptop at Hashicorp, I began personalising it as we all do. I used dotfiles to configure iTerm, and quickly pulled down Brew to get (almost) everything I needed installed.
New Beginnings
September 20, 2019
After 6 years, 8 months and 7 days, my time with VMware has come to an end. On Monday, I’ll be joining Hashicorp as a Systems Engineer.
Working with Blueprint Inputs
May 02, 2019
Credits: Huge thanks to Rambubu Duddukuri for his work on the code behind inputs, and his patience in taking my questions as I put this blog together.
Cloud Assembly
Blueprints
Getting Started with the Cloud Automation Services API
October 10, 2018
Getting started with the Cloud Automation Services API is a pretty smooth affair. Nonetheless, it is helpful to get a few pointers on the way, which is exactly what this post is for. The first thing to do is authenticate,...
Cloud Assembly
Code Stream
API
Blueprint Versioning in Cloud Assembly
September 23, 2018
One benefit of moving to Infrastructure as Code is that you can use version control to gain visibility into changes in your definition. When you are working with a simple blueprint construct, it is easy to understand the changes that...
Cloud Assembly
Blueprints
Version Control
Basic Blueprinting in Cloud Assembly
September 22, 2018
Blueprints are the workhouse of Cloud Assembly, and the main workspace when it comes to authoring blueprints is the canvas. In this post we will take a look at some of the information you need to know in order to...
Cloud Assembly
Blueprints
Introducing VMware Cloud Automation Services
September 21, 2018
This series of posts is focused on the VMware Cloud Automation Services (CAS), which contains three separate but related services. These services represent VMware’s intent towards the multi-cloud market, focused on ease of consumption, and delivering a choice of consumption...
CAS
Cloud Assembly
Code Stream
Service Broker
Tao of Lab
July 05, 2018
Have you ever gone to your lab in order to test something out, and find yourself in a rabbit hole of troubleshooting base capabilities? You look at the clock four hours later and you haven’t yet started on what you...
DevOps
Security
Automation
Infrastructure as Code for the vSphere Admin - Part 1
January 17, 2018
In the second half of 2017, I had the chance to get quite hands on with Terraform. There were two main factors involved with this. Firstly, a number of my customers have invested heavily in Hashicorp, and in Terraform as...
Terraform
IaC
Hashicorp
Creating Custom Roles for vRealize Automation
December 11, 2017
Over the last little while, I’ve been working with a pretty advanced customer of ours. This customer in turn has some pockets of even more advanced business units who have some needs that force me to be particularly creative.
vRA
API
Terraform Provider for vRealize Automation - First Look
November 29, 2017
For those of you who I speak with in person (or even via Slack) you would know that I have been spending quite a lot of time with Terraform recently. The Infrastructure as Code space is one that I am...
vRA
IaC
Dynamically Retrieving Compute Resource Locations
April 04, 2017
One of the most common queries I get is how to make the Location value mandatory. Following closely on the heels of this query is how you can use the Location value as a means of filtering other elements as...
Learning the vRA API: Part 3 – The Consumer API: Requesting a Catalog Item
February 10, 2017
In this post we are going to slip into Scott’s shoes – our “user” persona as discussed in the previous post. Scott is primarily interested in being able to request catalog items, as well as interacting with items that he...
Revisiting Multi-Tenancy in vRealize Automation
January 27, 2017
One of the things that I am asked about at each dot release of vRealize Automation is what changes to multi-tenancy have been introduced. While I took a fairly hard stance on this back in the 6.x days, I am...
Learning the vRA API: Part 2 – Building Your First API Call
January 27, 2017
This will be the last “admin” style post that I will write before we really start to get into the meat of working with the API. It’s not exciting, but important to get right. Read on, and if I’m going...
Learning the vRA API: Part 1 – Getting Started
January 19, 2017
I seem to spend a lot of my time responding to queries about the vRealize Automation API these days. That being the case, I thought it might be worth starting to put together a few blog posts to address some...
VCDX – Doing it Your Way
November 15, 2016
I drafted this post approximately thirty seven times to try and minimise the amount of time that I spent on the soapbox. I’ll let you decide if I succeeded or not.
Integrating ADFS with vRealize Automation
September 15, 2016
I was asked this week about the process for using a SAML provider such as ADFS for authentication in vRA. To start off with, you want to create a new Identity Provider.
Keeping Multiple Disks Together
July 06, 2016
Often the most basic examples of a request involve a machine with a single disk. In that simple use case, exposing a dropdown to the user to select a specific datastore, datastore cluster or storage policy isn’t onerous.
Viewing All Users with a Given Role
June 27, 2016
Have you ever wondered who is assigned a particular role? Yeah, me too – all the freaking time.
Property Dictionary Relationships in vRA7
June 16, 2016
I’ve been working with a number of customers recently to upgrade their environments to vRA7, and one of the most common questions that is coming up is how we can emulate the relationships that were available in 6.x. The good...
A Visual Guide to vRA7 Permissions
June 07, 2016
One of my more popular posts is the mind maps from the old vCAC days. I figured it was time to update them, so here they are for your viewing pleasure. If you notice anything incorrect, please leave me a...
About the Book
March 16, 2016
It’s been roughly a week since my somewhat cryptic “the book is dead, long live the book” tweet.
So, what prompted it and what has happened?
Postman Collection for the vRA7 API
February 18, 2016
If you find yourself needing to validate API calls, it’s handy to have them all ready to go in something like Postman.
Real Single Sign On with vRA7
February 14, 2016
It appeals to my sense of humour that removing vCenter SSO from vRA has allowed for the introduction of real single sign on in vRA7.
Dynamic Reservation Selection in vRA7
February 12, 2016
A common question that comes up is whether or not you can select a reservation at request time with vRealize Automation. In previous versions this was pretty clunky, but in 7 it is now pretty straightforward to setup.
Platypus – vRA7 API Documentation
February 03, 2016
One of the most underrated features of vRealize Automation 7 is the new API. With additional platform coverage (I haven’t completely validated but we’re talking upwards of 90%) and the use of HATEOAS, the capabilities that we now have at...
vRealize Orchestrator and SQL Force Encryption
December 12, 2015
I’m currently working on an engagement where the customer’s security team has mandated the use of “Force Encryption” on all SQL connections within their SQL 2012 environment. This posed a few challenges when setting up vRO, and since I haven’t...
vRealize Automation for Service Providers
September 26, 2015
EDIT: This post is quite old now, and based on information from vRA 6.x. Rather than editing it, I have written an updated post to address improvements in this area.
vRA Hands On Lab Preview
August 13, 2015
The Hands On Labs present a pretty cool model for getting stick time with VMware solutions that you don’t have access to. This year, I was lucky enough to be involved with a lab that orbits around my favourite product....
Conceptual, Logical and Physical Design
August 10, 2015
Short and sweet today! I shared this with a few people as part of the content review for our upcoming book and it got some really good feedback, so thought I’d share it with you all.
For the People, by the People
July 20, 2015
At this time last year, I was neck deep in Mastering vSphere 6. I’d agreed to work with my good friend Nick Marshall on this book as a way to gain some experience in writing a book and working with...
Removing Data Security After an NSX Upgrade
March 31, 2015
I’ve recently started studying for the VCIX-NV. One of the first objectives on the blueprint is to upgrade from vCNS to NSX. This seemed pretty straightforward, as I’ve done this when NSX first came out. Admittedly I wasn’t using all...
vRealize Automation and the Platform Services Controller
March 30, 2015
With the release last week of vSphere 6.0 also came the introduction of the Platform Services Controller (PSC). The Platform Services Controller combines Single Sign-on (SSO 2.0), Licensing and the VMware Certificate Authority. When you are installing vCenter Server, you...
vCAC
vRA
vCloud Automation
vRealize Automation
PSC
vSphere 6
What Happened to the Tech Community?
March 18, 2015
You know what’s really starting to annoy me? Seeing people sell out to the companies they’ve joined. The word “annoy” is quite mild. It’s actually really starting to make me quite fucked off.
Exam Routines Make for Routine Exams
March 12, 2015
Today I got notification from VMware Education that I had passed my VCAP-CIA. A nice feeling, especially after the end of availability notice meant that I only had one shot at it!
vRA without Windows – The Business Group API
February 20, 2015
I’ve been asked a few times now if it’s possible to use vRA without Windows.
Updating vRA Self-signed Certificates with new Self-Signed Certificates
February 01, 2015
It has been a little over a year since vCAC 6.0 was released, so many folks who have deployed it in their labs, POCs or other environments for testing purposes are likely to have used the self-signed certificates created in...
Replacing the vRealize Automation Favicon
January 22, 2015
An application “favicon” (sometimes referred to as a shortcut icon or Web site icon), is typically a 16×16 pixel image associated with a Web site or Web page. This special icon appears in the tab when the Web site or...
VCP6-Cloud Exam
January 20, 2015
This morning I sat the VCP6-Cloud exam. I looked at the Blueprint for the first time this morning on the train which is where I got my first shock – this wasn’t an exam that tackled a single product. In...
vRA 6.1 API – Catalog Requests
December 05, 2014
In the previous post on vRA APIs, we took a look at authentication and getting a bearer token. Some questions have come up for a local project around how we can enumerate the vRA catalog, and then subsequently request something...
Shut the FUD Up
October 30, 2014
Three opinion pieces in two weeks. Too much? Perhaps I’ve just had more things that I’m procrastinating about lately, and my brain is looking for creative ways to avoid doing them…
Defining Vendor Lock In
October 29, 2014
At Tech Summit last week, someone brought up a blog article which was discussing Virtual SAN vs VSA. One of the cons listed for Virtual SAN was “vendor lock in” (henceforth referred to as VLI – because we need more...
vRA Application Architecture: Introduction
October 22, 2014
I recently shared my philosophy about the importance of understanding the “how” of technology, in order to be able to articulate the “why” of it’s behaviour, and from there be able to explain the “what” in terms of the design...
Want to be Valued? Do Something Valuable
October 16, 2014
I recently got mentioned in a conversation on twitter where some statements were made about the need for companies to make an effort to retain their VCDXs if they didn’t want them to go where they were valued more.
vRA Appliance Clustering in Under 3 Minutes
September 10, 2014
Yep, it’s that easy.
vCAC 6.1 API – Authentication
September 10, 2014
With the release of vCAC 6. 1(or rather vRealize Automation – that still takes some getting used to), the API which was in beta and a real pain to interact with in 6.0 has been made publicly available.
Application Director Part 3: Creating a Cloud Provider and Deployment Environment
July 24, 2014
In the previous post we registered AppD to the vCAC Component Registry. In effect, this makes vCAC aware of AppD, but it doesn’t quite make AppD aware of vCAC. First of all, you need to ensure that you’re working within...
Enforcing vCAC Service Availability with vCO
July 16, 2014
I was having a chat with Nathan at work today about this recent post and the fact that the “service availability” is only an informational piece and doesn’t actually enforce access to the service. For some people this is a...
Defining Service Support Days
July 15, 2014
I was over on the VMware Communities tonight, as I often am when I need to settle my mind (don’t ask, I have problems) when the following post popped up.
VCAC DESIGN CONSIDERATIONS PART 2 – RQ001 Deployment of Virtual Machine(s) with an Operating System
July 08, 2014
Requirement Summary
vCAC Design Considerations Part 1 – Introduction
July 08, 2014
You know what I love about vCAC? It’s the overlap of business logic and technology.
Application Director Part 2: Basic Setup
May 20, 2014
Following on from the previous post Deploying the Appd OVA, there are a couple more steps before we get onto registering AppD with vCAC. Typically after an OVA deployment you can just browse to the VAMI or Web Interface of...
Application Director Part 1: OVA Deployment
May 20, 2014
I’ve always silently cursed people like Brandon Sanderson who begin writing epic multi-part book series and then diverge off on side projects. Unfortunately, I’m now finding myself behaving more and more like that with my blog posts – but now...
vCAC Redirects to the Incorrect SSO Address
May 16, 2014
I was working on a build this week where I ran into an interesting problem. I thought it would be worth sharing in case anyone comes across this in the wild.
vCAC Redirects to the Incorrect SSO Address
Exploring the vCAC API – Part 1
April 25, 2014
As VMware’s portfolio expands, it’s inevitable that we’re going to move into markets where our customers talk different languages. Don’t get me wrong, at the end of the day CxOs will continue make their decisions based on business needs –...
The Measure of Value
April 18, 2014
I recently read this post from Anthony Spiteri with some interest. A few disclaimers before I head into a response. Anthony is a good friend of mine, despite the fact that we live on opposite sides of the country. I...
Enabling SSH Access from vCAC to Workloads in AWS
April 12, 2014
One of the things I’ve been looking to expand in our Melbourne vCAC demo environment is the AWS side of things. Sure, provisioning a workload is great but it doesn’t really show you the full extent of what we can...
Migrating Your vCAC Embedded Postgres DB to an External DB
April 11, 2014
When deploying vCAC in a distributed architecture you need to use an external database. So what happens when you’ve deployed a single vCAC appliance, and then decide you want to scale out? Registering your vCAC Appliance to an external Postgres...
Protecting vCAC Workloads with NSX Security Groups
April 09, 2014
One of the most tedious processes I had to navigate as both a user and an engineer was to get firewall rules defined and implemented when a new application was due to be provisioned.
vCAC Custom Properties Order of Precedence
March 17, 2014
If you’ve used the vCAC Interface from an administrative perspective, you’ll have noticed that Custom Properties can be appended in a number of areas. This gives you a great deal of flexibility in as much as you can define that...
A Visual Guide to vCAC Permissions
March 13, 2014
I like to visually represent objects. This is an attempt to make it a little easier to identify which menu items (aka permissions) each vCAC Role is granted.
vCAC Network Topology for vCNS or NSX Integration
March 04, 2014
This is a topic that seems to come up a lot – I’ve added the vShield Manager details in my vSphere Endpoint, so how do I now deploy Multi-Machine Blueprints that can sit behind an Edge? Do the Edges deploy...
Using Brian’s vCAC Prereq Script in an Offline Environment
March 04, 2014
Time for another “PoC Lesson Learned”. This time I had to overcome the fact that I had no Internet for the environment that I was deploying to. The upside of this was that this meant I didn’t have to fight...
Configuring vCAC VA Network Configuration After the Fact
March 04, 2014
This week is dedicated to a PoC for one of our customers. I’ve come across a few interesting tidbits along the way that I’d like to share – corner cases sure, but they may be of use to somebody. This...
Datastore Cluster Placement Property
February 28, 2014
A super short post today.
VM Placement on a vSphere Metro Storage Cluster with vCAC
February 20, 2014
I often get asked for some ideas outside of the usual in which hooking vCO into vCAC stubs provide a practical application. Our standard examples of this include IPAM and CMDB hooks, but sometimes the same old examples get a...
Restricting Enumeration of vSphere Objects in vCAC
February 19, 2014
I got asked today about how we could prevent certain objects from being enumerated in vCAC – ostensibly to prevent provisioning to them, or simply to provide less clutter when you are creating Reservations. Objects that you may want to...
vCAC, vCNS and Datastore Clusters Gotcha
February 11, 2014
I’ve been attempting to get vCAC to consume vCNS in our lab for the last few nights. It seemed like a good topic for a blog post, and it is – just not in the way I expected.
Configuring an External vPostgres Database for vCAC 6.0
January 07, 2014
This post is going to take you through implementing an external vPostgres database for the vCAC 6.0 Appliance. There are a few situations where you will want to look at doing this, such as deploying a load balanced pair of...
Replacing vCAC 6.0 IaaS Certificates
January 04, 2014
Replacing the self signed certificates for vCAC it not a particularly difficult process, just a tedious one. In this post we’ll take a look at what you need to do to update the certificates on your vCAC IaaS server.
vCAC 6.0 IaaS Installation
January 04, 2014
Having deployed the vCAC Virtual Appliance(s) we can now move onto the vCAC IaaS server installation.
The Value of a Study Group
December 29, 2013
The last three months or so have seen a significant acceleration in my rate of learning. I put this down to the fact that I’ve been spending time (both structured and unstructured) with three people – Nathan Wheat, Greg Mulholland...
vCAC 6.0 SSO Design Considerations
December 23, 2013
A week or so ago a mention was made on twitter of a soon to be released patch that would allow the use of an existing vCenter 5.5 SSO instance as an identity source for vCAC.
vCAC 6.0 Virtual Appliance Configuration
December 18, 2013
Note: This guide has been written for vCloud Automation Center 6.0 (vCAC 6.0) using the following software builds:
VMware-vCenter-Server-Appliance-5.5.0.5100-1312297_OVF10.ova
VMware-VMvisor-Installer-5.5.0-1331820.x86_64.iso
VMware-Identity-Appliance-2.0.0.0-1445146_OVF10.ova
VMware-vCAC-Appliance-6.0.0.0-1445145_OVF10.ova
vCAC 6.0 Virtual Appliance Installation
December 17, 2013
Note: This guide has been written for vCloud Automation Center 6.0 (vCAC 6.0) using the following software builds:
VMware-vCenter-Server-Appliance-5.5.0.5100-1312297_OVF10.ova
VMware-VMvisor-Installer-5.5.0-1331820.x86_64.iso
VMware-Identity-Appliance-2.0.0.0-1445146_OVF10.ova
VMware-vCAC-Appliance-6.0.0.0-1445145_OVF10.ova
Replacing vCAC 6.0 Appliance Certificates
December 13, 2013
I noticed while reading the vCAC documentation that the information to replace your certificates on the appliances was a little light on so decided to take a leaf out of Derek Seaman’s book. This post shamelessly follows the format of the...
vCAC 6.0 Common Installation Issues
December 11, 2013
I’ve been privileged to be a part of the vCAC Beta Program, and as such I’ve seen a lot of “installation issues”. There have been a few valid bugs, but the vast majority of people have simply failed to RTFM...
My VCAP-CID Experience
December 03, 2013
I’d been umm-ing and ahh-ing over whether to tackle the VCAP-CID for a little while. A number of people have asked why I would pursue this based on the planned lifecycle of vCD, so I’ll tackle that first up.
Navigating the vCAC 6.0 Logical Model
November 27, 2013
######
You’re Always Being Evaluated
September 13, 2013
I remember my first formal performance review.
Cloudy with a chance of…. Suits?
August 05, 2013
Melbourne is a fashionable city.
Another Year, Another Slew of vExperts
May 30, 2013
Well, I think everyone has said it but I need to add my thanks to the community and VMware for being awarded vExpert for 2013.
SRM and VR Ports Diagrams
April 17, 2013
I’ve been doing some prep for my PEX presentation the last week. One area that I wanted to visualise was the relationship with VR and SRM.
To bill or not to bill?
January 15, 2013
I’ve been ruminating on the balance of billable and non billable time for a few months now. The more time I spend dwelling on it, the more I am coming to believe that while billable time determines your income, it...
The Power of Perception
December 21, 2012
I recently read this article on The Register about the VCDX certification, which was contributed to by Michael Webster. Generally I find that articles around certification focus on a two key themes: