I recently has a question about retrieving the Certificate Authority (CA) from a PostgreSQL database which has been provisioned by Data Services Manager (DSM). The customer in question wanted his clients to use the verify-ca option on database connections for additional security. To allow secure connections with verify-ca, the CA needs to be downloaded from the database to the device where the client is making the connection from. In this post, we will go through how to get the certificate so that the Verify-CA option is used to make client connections to a PostgreSQL database secure. Note that this is…
We have recently released a new update to Data Services Manager (DSM), bringing the latest version to 2.1.3. In the release notes, you will find reference to a new customer-requested feature, namely feature called Postgres Host-Based Authentication Configuration API. In a nutshell, this features enables users to make updates to the pg_hba.conf file via the gateway API available in DSM. This file essentially controls who can access a particular database, and from which network. Definitely a useful feature, and so I wanted to try it out and provide the steps on how to use this new hbaRef API. I created…
Autumn has arrived in Europe. That can only mean one thing – VMware Explore is almost here. This year, it is once again back in the beautiful city of Barcelona, and I am delighted to be presenting again. This year I only have one two speaking slots. The first is VCFB1809BCN – Accelerate App Innovation with VMware Cloud Foundation Data Services. I’ll be delivering this session with the Data Services Manager (DSM) Product Manager, Junchi Zhang. So if you are looking at a way to provision, manage and monitor open source, modern databases such as PostgreSQL and MySQL running on…
In my previous blog posts on Data Services Manager, I showed how to integrate DSM with both Aria Automation and the Cloud Consumption Interface (CCI). However, another DSM integration available to our customers is through VMware Cloud Director extension for Data Solutions. Customers, especially Cloud Service Providers (CSPs), can now leverage this integration to allow their tenants to provision both Postgres and MySQL databases through DSM, whilst at the same time getting all of the day 2 features of DSM managed databases. This includes lifecycle-management, automatic backup and restore, LDAPS integrated access control to the database and so on. Now,…
I’ve been adding a number of videos to my Data Services Manager (DSM) 2.1.x playlist on YouTube. The latest additions related to Certificate Management. In particular, I wanted to show viewers how they can add their own custom certificates to both the Data Services Manager Provider appliance/VM as well as to the databases provisioned by DSM. This ensures that connections to the DSM UI, the DSM Gateway API and the databases can be secured and adhere to customer security and compliance requirements. I have added two video below. One shows how to add a custom certificate to the DSM Provider,…
Today sees the release of VMware Data Services Manager (DSM) v2.1.1. To coincide with his release, I decided to create a few short videos to highlight some of the updates we have made to the product. This video demonstrates how to get started with DSM v2.1.1. It shows the how to download the product from the support portal and talks about the use of vSphere client plugins to deploy DSM to your on-premises vSphere infrastructure. It goes on to show how to create your first infrastructure policy to guard-rail your vSphere resources when provisioning databases and data services. The video…
Earlier this week, I published an blog on how to replace the certificates on the DSM Provider VM/Appliance with an admin’s own custom certificates for secure communication to the appliance. In this post, I want to do something similar, but this time show how an admin can add a custom certificate to a DSM provisioned database. This means that customers will be able to add additional trust and security measures to the connections that clients are making to the databases. The process will be quite similar to that outlined in the previous post for the appliance. Once again, I will…