A closer look at vSphere with Kubernetes Permissions

In many of my recent posts about vSphere with Kubernetes, I use a single user (administrator@vsphere.local) to do all of my work. This allows me to carry out a range of activities without worrying about permissions. This vSphere Single Sign-On (SSO) administrator has “edit” permissions on all of the vK8s namespaces. In this post, I want to look at how to assign some different vSphere SSO users and permissions to different namespaces, and also how these permissions are implemented in the vK8s platform (through the Kubernetes ClusterRole and RoleBinding constructs). Let’s start with a view of what a namespace looks…

vSphere 7.0, Cloud Native Storage, CSI and encryption support

A common request we’ve had for the vSphere CSI (Container Storage Interface) driver is to support encryption of Kubernetes Persistent Volumes using the vSphere feature called VMcrypt. Although we’ve had VM encryption since vSphere 6.5, this was a feature that we could not support in the first version of the CSI driver that we shipped with vSphere 6.7U3. However, I’m pleased to announce that we can now support this feature with the new CSI driver shipping with vSphere 7.0. The reason we can support it in vSphere 7.0 is that First Class Disks, also known as Improved Virtual Disks, now…

New steps to use HyTrust KMIP with vSAN Encryption

I’m back in the lab this week, looking at some of the newer features around vSAN. As part of this, I needed vSAN Encryption enabled, so I downloaded the latest HyTrust KeyControl appliance as this has an easy to use KMIP Server. This new version is 4.2.1,  and it has a few new steps compared to the previous versions I used, which were a little confusing to begin with. First I deployed the OVA, supplied the password, logged into the web interface, and enabled KMIP as before. However, that is where things are now a little different to before.

A closer look at VMware’s latest Cloud Launch

Today VMware has another cloud launch update, and this one is significant for many reasons. Our underlying goals of VMware Cloud are many. From an infrastructure perspective, the goal is to provide operational consistency no matter where the application is running, whether this is from an automation, security or governance perspective. But one thing that is often overlooked is what this operational consistency means to the developer. The goal, I feel, is to make it as simple as possible for developers to create their apps and make it as simple as possible to consume services that they might need for…

Preventing selection of certain datastores with SPBM

One of the great things about presenting at VMware User Group meetings is actually talking to customers and finding out about what their pain points are, and how  VMware can improve on our products and features. At the most recent VMUG I attended (in Poland), I was asked a question about storage policies, and if there was a way to  allow some users to use some policies, and other users to use a different policy. Unfortunately there is no permissions associated with policies at this time, so any user can select any policy. With that in mind, I had a…

Getting to grips with NFSv4.1 and Kerberos

Over the past few weeks, I’ve been looking to update some of our older white papers on core storage topics. One of the outdated papers was on NFS, and a lot had changed in this space since the paper was last updated. Most notably, was the introduction of support for NFS v41 in vSphere 6.0, along with Kerberos based authentication. In vSphere 6.5, we also added Kerberos integrity checking. I decided to have a go at configuring this in my own lab. Before going any further, I need to thank Justin Parisi of NetApp for this guidance through this setup.…

VMworld 2017 Session on vSphere 6.5 Core Storage now on YouTube

A quick note to let you know that the session that I delivered on day 1 of VMworld 2017 is now available on YouTube. The session is entitled “A Deep Dive into vSphere 6.5 Core Storage Features and Functionality” and I delivered this with Cody Hosterman of Pure Storage. Judging by the feedback, and the number of passing comments I received in the hallways at VMworld over the past 2 days, it seems that this session was very well received indeed. Hope you like it.