Data Services Manager 2.1.1 – Certificate Management (Videos)

I’ve been adding a number of videos to my Data Services Manager (DSM) 2.1.x playlist on YouTube. The latest additions related to Certificate Management. In particular, I wanted to show viewers how they can add their own custom certificates to both the Data Services Manager Provider appliance/VM as well as to the databases provisioned by DSM. This ensures that connections to the DSM UI, the DSM Gateway API and the databases can be secured and adhere to customer security and compliance requirements. I have added two video below.  One shows how to add a custom certificate to the DSM Provider,…

Data Services Manager 2.1.1 – Initial Configuration (Video)

Today sees the release of VMware Data Services Manager  (DSM) v2.1.1. To coincide with his release, I decided to create a few short videos to highlight some of the updates we have made to the product. This video demonstrates how to get started with DSM v2.1.1. It shows the how to download the product from the support portal and talks about the use of vSphere client plugins to deploy DSM to your on-premises vSphere infrastructure. It goes on to show how to create your first infrastructure policy to guard-rail your vSphere resources when provisioning databases and data services. The video…

Replacing Data Services Manager Database Certificate

Earlier this week, I published an blog on how to replace the certificates on the DSM Provider VM/Appliance with an admin’s own custom certificates for secure communication to the appliance. In this post, I want to do something similar, but this time show how an admin can add a custom certificate to a DSM provisioned database. This means that customers will be able to add additional trust and security measures to the connections that clients are making to the databases. The process will be quite similar to that outlined in the previous post for the appliance. Once again, I will…

Replacing Data Services Manager Provider Appliance Certificate

One of the key goals in Data Services Manager (DSM) 2.1 is to enhance security. To that end, we have made a number of improvements around certificate management. One improvement is to allow customers to replace the default certificate in the DSM Provider Appliance with their own custom certificate. There are numerous ways to create your own custom certificate. You could choose the very manual process of using the openssl command, or if you have access to a Kubernetes cluster, you could use a ClusterIssuer Certificate Management Service (cert-manager). If you have the vSphere IaaS Control Plane (formerly known as…

New Webinar: VCF Data Services Manager for Practitioners

Hey all! Quick note to let you know that we are running another 1 hour Data Services Manager webinar. This one is part of the VCF webinar series and will take place on August 14th, 2024 at 11am PST. This is 7pm for those of us in Ireland and the UK, and 8pm for most of western Europe. This webinar will be technical and is focused at practitioners – essentially VI Admins and anyone responsible for managing data and data services on vSphere infrastructure. For those of you who are not aware, Data Services Manager is a way to deploy,…

Encrypting Data Service Manager databases with vSphere Native Key Provider

Following on from last weeks post on encrypting Kubernetes Persistent Volumes, I now wanted to see if I could use the vSphere Native Key Provider to encrypt databases provisioned by Data Services Manager version 2.1. The good news is that this is indeed possible, but we need to make some changes to the DSM Administrator Role’s privileges to enable it to perform encryption operations. Of course, the infrastructure policy used to provision the databases must also have a storage policy that has encryption. And, as stated in the previous article, this functionality is dependent on vSphere 8.0U3. This applies to…

Kubernetes Persistent Volume (PV) Encryption with Native Key Provider in vSphere 8.0U3

Security is top of mind for most, if not all, of our customers these days. Many years ago, I wrote a blog post on how customers could encrypt Kubernetes Persistent Volumes with an external Key Provider. One of our customers recently reached out to me to ask if we had any plans to provide similar support with the Native Key Provider. As my focus has been in other areas recently, I reached out to our CSI engineering team for an update. I then found out that support was added in our most recent release, vSphere 8.0U3. While no changes we…