New steps to use HyTrust KMIP with vSAN Encryption

I’m back in the lab this week, looking at some of the newer features around vSAN. As part of this, I needed vSAN Encryption enabled, so I downloaded the latest HyTrust KeyControl appliance as this has an easy to use KMIP Server. This new version is 4.2.1,¬† and it has a few new steps compared to the previous versions I used, which were a little confusing to begin with. First I deployed the OVA, supplied the password, logged into the web interface, and enabled KMIP as before. However, that is where things are now a little different to before.

A closer look at VMware’s latest Cloud Launch

Today VMware has another cloud launch update, and this one is significant for many reasons. Our underlying goals of VMware Cloud are many. From an infrastructure perspective, the goal is to provide operational consistency no matter where the application is running, whether this is from an automation, security or governance perspective. But one thing that is often overlooked is what this operational consistency means to the developer. The goal, I feel, is to make it as simple as possible for developers to create their apps and make it as simple as possible to consume services that they might need for…

VMworld 2017 Session on vSphere 6.5 Core Storage now on YouTube

A quick note to let you know that the session that I delivered on day 1 of VMworld 2017 is now available on YouTube. The session is entitled “A Deep Dive into vSphere 6.5 Core Storage Features and Functionality” and I delivered this with Cody Hosterman of Pure Storage. Judging by the feedback, and the number of passing comments I received in the hallways at VMworld over the past 2 days, it seems that this session was very well received indeed. Hope you like it.

Deploying a new HyTrust KMS on vSphere 6.5

Many regular readers will be aware of new encryption features added recently to VMware’s portfolio, such as vSAN¬† data-at-reset encryption and vSphere VM encryption in vSphere 6.5. I had to return to a configuration task that I hadn’t done in a while, which was the deployment of a new Key Management Server (KMS) on my vSphere 6.5 / vSAN 6.6.1 setup. I had done this a few times before, but it has been a while and I’d forgotten what exactly I’d needed to do, so I decided to document the steps in this post for future reference. Those of you…

Does enabling encryption on vSAN require on an-disk format change?

vSAN 6.6 shipped earlier this year. It comes with a new on-disk format to support, among other things, data at rest encryption (also known as DARE). This is version 5 of the on-disk format. I’ve been asked this question a number of times over the past week, so I thought I would quickly write a few words on whether or not enabling encryption on vSAN 6.6 requires an on-disk format change, more commonly referred to as a DFC. Now this post is not going to cover vSAN encryption in any great detail; I just want to answer this one question…

A closer look at Portworx

Last month I had the opportunity to attend DockerCon17. One of the break-out sessions that I attended was from a company called Portworx. Portworx provide a solution for stateful docker container storage, which is what caught my interest. There are lots of companies who have already created docker volume plugins for their existing storage solutions, including VMware. However Portworx seem to be approaching this a bit differently, and are providing a layer of abstraction from the underlying host storage. So you might be using cloud (e.g. EBS from AWS), or SAN or NAS or indeed you might only have local…

A closer look at Cohesity 4.0

Last week, I had a chance to catch up with my pal, Rawlinson Rivera. Rawlinson and I worked closely on a lot of storage related stuff at VMware, but he has since moved on to pastures new, and is currently the CTO for the Global Field over at Cohesity. I’ve written about Cohesity a number of times on this blog. I think the first time I wrote about them was during VMworld 2015, just before the 1.0 product launched, and they were still pitching the idea of secondary storage and how they would take care of things like snaps, clones,…