I recently has a question about retrieving the Certificate Authority (CA) from a PostgreSQL database which has been provisioned by Data Services Manager (DSM). The customer in question wanted his clients to use the verify-ca option on database connections for additional security. To allow secure connections with verify-ca, the CA needs to be downloaded from the database to the device where the client is making the connection from. In this post, we will go through how to get the certificate so that the Verify-CA option is used to make client connections to a PostgreSQL database secure. Note that this is…
We have recently released a new update to Data Services Manager (DSM), bringing the latest version to 2.1.3. In the release notes, you will find reference to a new customer-requested feature, namely feature called Postgres Host-Based Authentication Configuration API. In a nutshell, this features enables users to make updates to the pg_hba.conf file via the gateway API available in DSM. This file essentially controls who can access a particular database, and from which network. Definitely a useful feature, and so I wanted to try it out and provide the steps on how to use this new hbaRef API. I created…
Autumn has arrived in Europe. That can only mean one thing – VMware Explore is almost here. This year, it is once again back in the beautiful city of Barcelona, and I am delighted to be presenting again. This year I only have one two speaking slots. The first is VCFB1809BCN – Accelerate App Innovation with VMware Cloud Foundation Data Services. I’ll be delivering this session with the Data Services Manager (DSM) Product Manager, Junchi Zhang. So if you are looking at a way to provision, manage and monitor open source, modern databases such as PostgreSQL and MySQL running on…
Following on from last weeks post on encrypting Kubernetes Persistent Volumes, I now wanted to see if I could use the vSphere Native Key Provider to encrypt databases provisioned by Data Services Manager version 2.1. The good news is that this is indeed possible, but we need to make some changes to the DSM Administrator Role’s privileges to enable it to perform encryption operations. Of course, the infrastructure policy used to provision the databases must also have a storage policy that has encryption. And, as stated in the previous article, this functionality is dependent on vSphere 8.0U3. This applies to…
Data Services Manager version 2.1 introduces a much anticipated feature. This is the ability to use LDAPS to give users access to databases. Version 2.0.x already had LDAPS support for user access to the DSM Provider Appliance Portal/UI. Version 2.1 extends that support to the databases which DSM provisions. In this post, we will see how to configure secure LDAPS to connect to Active Directory, and then the steps which are used to grant users access to the databases. We will see how this can be done at database creation time, but also how it can be done after the…
I have been using Aria Operations and True Visibility Management Packs quite a bit recently. This is mostly to get visibility into databases that are being provisioned by VMware Data Services Manager (DSM). I just learnt that we released a bunch of new Management Packs (v9.1) only last week, including updated Management Packs for both PostgreSQL and MySQL. In this post, I will deploy a new PostgreSQL database via Data Services Manager (DSM) 2.0, add the necessary database configuration options and extensions, and then add the database to Aria Operations True Visibility for PostgreSQL databases for monitoring. You might ask…
I have created a new video showing how to create an PostgreSQL database in Data Services Manager (DSM) version 2.0. The objective is to show how simple it is to not only deploy a database, but also how the provisioning steps allows different vSphere infrastructure resources to be selected during the provisioning stage. This is achieved through Infrastructure Policies which we learnt about in the previous video. The demo also touches on features such as automated backups, automated lifecycle management and advanced settings, all of which may be configured at database deployment time.