One of the key goals in Data Services Manager (DSM) 2.1 is to enhance security. To that end, we have made a number of improvements around certificate management. One improvement is to allow customers to replace the default certificate in the DSM Provider Appliance with their own custom certificate. There are numerous ways to create your own custom certificate. You could choose the very manual process of using the openssl command, or if you have access to a Kubernetes cluster, you could use a ClusterIssuer Certificate Management Service (cert-manager). If you have the vSphere IaaS Control Plane (formerly known as…
Hey all! Quick note to let you know that we are running another 1 hour Data Services Manager webinar. This one is part of the VCF webinar series and will take place on August 14th, 2024 at 11am PST. This is 7pm for those of us in Ireland and the UK, and 8pm for most of western Europe. This webinar will be technical and is focused at practitioners – essentially VI Admins and anyone responsible for managing data and data services on vSphere infrastructure. For those of you who are not aware, Data Services Manager is a way to deploy,…
Following on from last weeks post on encrypting Kubernetes Persistent Volumes, I now wanted to see if I could use the vSphere Native Key Provider to encrypt databases provisioned by Data Services Manager version 2.1. The good news is that this is indeed possible, but we need to make some changes to the DSM Administrator Role’s privileges to enable it to perform encryption operations. Of course, the infrastructure policy used to provision the databases must also have a storage policy that has encryption. And, as stated in the previous article, this functionality is dependent on vSphere 8.0U3. This applies to…
Security is top of mind for most, if not all, of our customers these days. Many years ago, I wrote a blog post on how customers could encrypt Kubernetes Persistent Volumes with an external Key Provider. One of our customers recently reached out to me to ask if we had any plans to provide similar support with the Native Key Provider. As my focus has been in other areas recently, I reached out to our CSI engineering team for an update. I then found out that support was added in our most recent release, vSphere 8.0U3. While no changes we…
Data Services Manager version 2.1 introduces a much anticipated feature. This is the ability to use LDAPS to give users access to databases. Version 2.0.x already had LDAPS support for user access to the DSM Provider Appliance Portal/UI. Version 2.1 extends that support to the databases which DSM provisions. In this post, we will see how to configure secure LDAPS to connect to Active Directory, and then the steps which are used to grant users access to the databases. We will see how this can be done at database creation time, but also how it can be done after the…
Welcome to the 4th and final part of configuring the Cloud Consumption Interface (CCI) in Aria Automation to enable a user to provision databases using one or more Supervisor Cluster Namespaces. In the previous 3 parts to this setup, we saw how to install Aria Automation v8.17 for CCI support, and how to install the CCI Service onto the Supervisor. In the most recent post, we went through the steps to configure the CCI to allow an Aria Automation user create Namespaces on a Supervisor and subsequently provision Kubernetes clusters using the TKG Service and VMs via the VM Service.…
The latest version of Data Services Manager (DSM) is now available. DSM version 2.1 delivers a new set of capabilities and functionality, including simplified deployment, MySQL Clustering, LDAP access to databases, Certificate Management, and log shipping enhancements. In this post, I will go through the deployment process of DSM version 2.1 as there are some significant differences when compared the 2.0.x user experience. Our aim is to make the whole process of deployment in 2.1 a lot easier. In future posts, I will look at the other enhancements in more detail, but for now I just want to focus on…