In this post, we will take a look at another new feature of VCF Automation, IaaS Resource Policies. I will demonstrate how these IaaS policies can be used with Data Service Policies and DSM provisioned databases to fine-tune certain parameters related to the database. You may have already seen the concept of Data Service Policies in previous posts. These are policies set at the Provider level which can dictate which database engines, which database versions and which backup locations a tenant of an organization can consume. However additional validations or constraints in an IaaS policy can be applied at an…
Another new feature in Data Services Manager 9.0.1 is the ability to setup access to a Postgres database using Client Certificates. This security features removes the need for “password” based authentication. In order to be able to use this functionality, the Postgres database must already be configured with external/custom certificates. This includes the PEM formatted certificate chain that has the server leaf cert, any intermediate certs and of course the Certificate Authority (CA). It also includes the PEM Private Key. With the custom server certificates associated with the database in place, we can proceed with updating the pg_hba.conf (host based…
In this post, I will look at the steps involved in creating your own Harbor Registry, setting it up as a Supervisor Container Registry, and then pulling DSM Consumption Operator images for version 9.0.1 from the DSM appliance and pushing them up to the Harbor Registry. We will then deploy the Consumption Operator using the images in the Harbor registry, and modify the package.yaml and values.yaml to provide a true air-gapped environment for DSM 9.0.1. Other image registries can also be used. Overview of Steps If you operate in an air-gapped environment, you can use images and manifests bundled in…
In my most recent post, we saw how to setup a privileged user which would write SPNs for database users to enable Windows Authentication. We also saw how this user could update DNS entries automatically when a database is created. We followed these steps and provisioned a SQL Server instance. Once the instance was provisioned, we create a login for the owner and saw how the user could successfully login to the instance using Windows Auth. This is all great, but really one of the key points of DSM is self-service or DBaaS, database as a service. Therefore, what I…
Whilst Microsoft SQL Server is still in technical preview in Data Services Manager 9.0.1, our team continues to release significant enhancements for our customers as we gravitate towards full support. As I mentioned in the DSM 9.0.1 overview post, this release includes the ability to specify a privileged AD user who can create Service Principal Names (SPNs) for database users and update DNS entries. This means that the privileged user can now do the necessary tasks in Active Directory to allow Windows Authentication to work seamlessly on MS SQL Server instances and databases which have been provisioned via DSM. You…
The most visible feature in Data Services Manager (DSM) 9.0.1 is the appearance of some additional new objects in the navigation menu on the left hand side of the DSM UI. These are Namespaces and Data Services Policy. Customers who have already looked at VCF Automation, particularly as it integrates with DSM, may have some familiarity with these. Their purpose in DSM 9.0.1 is to align with RBAC features that are already in VCF Automation, specifically around multi-tenancy controls. Through the use of Namespaces and Data Service Policies in DSM 9.0.1, a DSM admin can now control which DSM users…
It gives me great pleasure to announce the availability of VMware Data Services Manager (DSM) version 9.0.1. Over the coming weeks I will be deep-diving into many of these new features, but for now I want to provide you all with a brief overview of the capabilities and enhancements that you can find in this release. Automated Active Directory integration for MS SQL Server We continue to enhance our MS SQL Server integration. Although the data service is still in tech preview in DSM 9.0.1, a significant enhancement in this release is the ability to specify a privileged Active Directory…