Replacing Data Services Manager Database Certificate

Earlier this week, I published an blog on how to replace the certificates on the DSM Provider VM/Appliance with an admin’s own custom certificates for secure communication to the appliance. In this post, I want to do something similar, but this time show how an admin can add a custom certificate to a DSM provisioned database. This means that customers will be able to add additional trust and security measures to the connections that clients are making to the databases. The process will be quite similar to that outlined in the previous post for the appliance. Once again, I will…

Replacing Data Services Manager Provider Appliance Certificate

One of the key goals in Data Services Manager (DSM) 2.1 is to enhance security. To that end, we have made a number of improvements around certificate management. One improvement is to allow customers to replace the default certificate in the DSM Provider Appliance with their own custom certificate. There are numerous ways to create your own custom certificate. You could choose the very manual process of using the openssl command, or if you have access to a Kubernetes cluster, you could use a ClusterIssuer Certificate Management Service (cert-manager). If you have the vSphere IaaS Control Plane (formerly known as…

New Webinar: VCF Data Services Manager for Practitioners

Hey all! Quick note to let you know that we are running another 1 hour Data Services Manager webinar. This one is part of the VCF webinar series and will take place on August 14th, 2024 at 11am PST. This is 7pm for those of us in Ireland and the UK, and 8pm for most of western Europe. This webinar will be technical and is focused at practitioners – essentially VI Admins and anyone responsible for managing data and data services on vSphere infrastructure. For those of you who are not aware, Data Services Manager is a way to deploy,…

Encrypting Data Service Manager databases with vSphere Native Key Provider

Following on from last weeks post on encrypting Kubernetes Persistent Volumes, I now wanted to see if I could use the vSphere Native Key Provider to encrypt databases provisioned by Data Services Manager version 2.1. The good news is that this is indeed possible, but we need to make some changes to the DSM Administrator Role’s privileges to enable it to perform encryption operations. Of course, the infrastructure policy used to provision the databases must also have a storage policy that has encryption. And, as stated in the previous article, this functionality is dependent on vSphere 8.0U3. This applies to…

Kubernetes Persistent Volume (PV) Encryption with Native Key Provider in vSphere 8.0U3

Security is top of mind for most, if not all, of our customers these days. Many years ago, I wrote a blog post on how customers could encrypt Kubernetes Persistent Volumes with an external Key Provider. One of our customers recently reached out to me to ask if we had any plans to provide similar support with the Native Key Provider. As my focus has been in other areas recently, I reached out to our CSI engineering team for an update. I then found out that support was added in our most recent release, vSphere 8.0U3. While no changes we…

Configuring LDAPS for database access in DSM v2.1

Data Services Manager version 2.1 introduces a much anticipated feature. This is the ability to use LDAPS to give users access to databases. Version 2.0.x already had LDAPS support for user access to the DSM Provider Appliance Portal/UI. Version 2.1 extends that support to the databases which DSM provisions. In this post, we will see how to configure secure LDAPS to connect to Active Directory, and then the steps which are used to grant users access to the databases. We will see how this can be done at database creation time, but also how it can be done after the…

Provisioning databases with Aria Automation, Cloud Consumption Interface and Data Services Manager – Part 4: DSM

Welcome to the 4th and final part of configuring the Cloud Consumption Interface (CCI) in Aria Automation to enable a user to provision databases using one or more Supervisor Cluster Namespaces. In the previous 3 parts to this setup, we saw how to install Aria Automation v8.17 for CCI support, and how to install the CCI Service onto the Supervisor.  In the most recent post, we went through the steps to configure the CCI to allow an Aria Automation user create Namespaces on a Supervisor and subsequently provision Kubernetes clusters using the TKG Service and VMs via the VM Service.…