Securing PostgreSQL client connections in VMware Data Services Manager v1.5 using TLS

I had an interesting question recently about how best to secure client access to databases that are provisioned via VMware Data Services Manager (DSM). The good news is that we can achieve secure client connections in a single step, directly from the DSM Provider UI. Simply navigate to the database view, and in the Details page, there is a Security section. In the Actions drop-down from this page, we can very simply enable “Client TLS”. What this means is that clients will no longer be able to connect to the database with SSL. Only SSL connections will be allowed. Below…

Securing LDAP with TLS certificates using ClusterIssuer in TKG v1.4

Over the last month or so, I have looked at various ways of securing Tanzu Kubernetes Grid (TKG) clusters. One recent post covered the integration of LDAP through Dex and Pinniped so you can control who can access the the non-admin context of your TKG cluster. I’ve also looked at how TKG clusters that do not have direct access to the internet can use a HTTP/HTTPS proxy. Similarly,  I looked at some tips when deploying TKG in an air-gapped environment, pulling all the necessary images from our external image registry and pushing them to a local Harbor registry. In another…