DSM + MinIO: Certificate chain obtained from endpoint is incomplete or empty

I recently worked with one of our customers to configure MinIO object storage on-premises.  The plan was to create a number of S3 compatible buckets to provide image, backup and log repositories for VMware Data Services Manager v2.0.x. For security reasons, the customer wanted to create an intermediate certificate of authority (CA), and use that to sign the leaf certificates rather than sign them with a root CA. This is common practice. However, the customer hit the above issue when trying to use the MinIO object store buckets with the leaf certs created from the intermediate cert. I decided to…

Creating a “least privileged” service account for Data Services Manager 2.0.x

Earlier this week, a customer reached out about the installation requirements for Data Services Manager 2.0.x. One of the steps in the installation documentation states the requirement for a vCenter SSO Username. The doc added that this has to be the vCenter server administrator’s SSO username. And even though these SSO admin credentials are not stored, and are in fact discarded after creating a dedicated vCenter service account for VMware Data Services Manager, the customer asked if there was a way to create a “least privileged” user for creating a DSM service account. The answer is yes. This post will…

Getting started with VCF Data Services Manager 2.x – Part 12: Aria Operations for Logs

In this post we are going to look at the log forwarding mechanism in VCF Data Services Manager (DSM). Logs come from two places in DSM. The first is from the DSM Provider Appliance itself, and the second is from the databases and data services which are provisioned by DSM. Two techniques are used to forward the logs to Aria Operations for Logs, formerly known as Log Insight. For the DSM Provider Appliance, we use the Operations for Logs / Log Insight agent. For the databases and data services we use FluentBit. FluentBit can be considered a lightweight version of…

Data Services Manager v2.0.2 available with new Aria Automation Integration

Data Services Manager (DSM) version 2.0.2 is now available. Possibly the most eagerly anticipated feature associated with this release is a new set of DSM capabilities for Aria Automation. A new Custom Resource allows DSM PostgreSQL and MySQL databases to be provisioned from Data Services Manager via Aria Automation. If your organisation already uses Aria Automation and you are looking for a DBaaS (Database as a Service) solution, then you should definitely take a closer look. The engineering team has done a great job in making the deployment process of the Custom Resource as seamless as possible, and the README.md…

New Fling – VMware Cloud Foundation (VCF) Configuration File Generator

Its been some time since I wrote an article on VMware Cloud Foundation. However, I recently caught up with my good pal Gary Blake who informed me about a significant new development in the VCF space. This is the release of a new fling called the VMware Cloud Foundation Configuration File Generator. This new fling will enable us to replace the Deployment Parameter Workbook with a containerized web application. This new application has the ability to validate all of the configuration inputs before generating the JSON file. This file is then used by the Cloud Builder appliance to bring up…

VMware Explore 2022: What’s new in vSphere 8 & vSAN 8

VMware Explore 2022 kicked off this week. There are of course many announcements taking place across the whole suite of VMware products. In this post, I will focus primarily on the announcements related to the products that I work with on a regular basis. Those products are vSphere 8, vSphere Tanzu Standard (vSphere with Tanzu), and vSAN 8. vSphere 8 In the vSphere 8 space, the most significant announcement in my opinion is the fact that we are delivering on Project Monterey. We got our first technical preview of Project Monterey back in 2020 by the VMware CTO, Kit Colbert.…

Multi-Factor/External Authentication on VMware Cloud Foundation

I recently had a question about multi-factor authentication within VCF, VMware Cloud Foundation. I was able to find out the answer after sending the query to a few folks on the VCF team. It transpires that VMware have recently delivered MFA (Duo support) and external Authn/AuthZ (Oasis, SAML, OKtA, AzureAD, PING) via a joint partner solution with Entrust. Support for VMware Cloud Foundation (VCF) and SDDC Manager appears in HyTrust CloudControl, Version 6.4. Per the CloudControl Administration Guide, when SDDC manager is added to CloudControl, the inventory of the vSphere and NSX-T resources can be viewed. Access control policies can…