I recently has a question about retrieving the Certificate Authority (CA) from a PostgreSQL database which has been provisioned by Data Services Manager (DSM). The customer in question wanted his clients to use the verify-ca option on database connections for additional security. To allow secure connections with verify-ca, the CA needs to be downloaded from the database to the device where the client is making the connection from. In this post, we will go through how to get the certificate so that the Verify-CA option is used to make client connections to a PostgreSQL database secure. Note that this is…
We have recently released a new update to Data Services Manager (DSM), bringing the latest version to 2.1.3. In the release notes, you will find reference to a new customer-requested feature, namely feature called Postgres Host-Based Authentication Configuration API. In a nutshell, this features enables users to make updates to the pg_hba.conf file via the gateway API available in DSM. This file essentially controls who can access a particular database, and from which network. Definitely a useful feature, and so I wanted to try it out and provide the steps on how to use this new hbaRef API. I created…
Autumn has arrived in Europe. That can only mean one thing – VMware Explore is almost here. This year, it is once again back in the beautiful city of Barcelona, and I am delighted to be presenting again. This year I only have one two speaking slots. The first is VCFB1809BCN – Accelerate App Innovation with VMware Cloud Foundation Data Services. I’ll be delivering this session with the Data Services Manager (DSM) Product Manager, Junchi Zhang. So if you are looking at a way to provision, manage and monitor open source, modern databases such as PostgreSQL and MySQL running on…
Earlier this week, I published an blog on how to replace the certificates on the DSM Provider VM/Appliance with an admin’s own custom certificates for secure communication to the appliance. In this post, I want to do something similar, but this time show how an admin can add a custom certificate to a DSM provisioned database. This means that customers will be able to add additional trust and security measures to the connections that clients are making to the databases. The process will be quite similar to that outlined in the previous post for the appliance. Once again, I will…
One of the key goals in Data Services Manager (DSM) 2.1 is to enhance security. To that end, we have made a number of improvements around certificate management. One improvement is to allow customers to replace the default certificate in the DSM Provider Appliance with their own custom certificate. There are numerous ways to create your own custom certificate. You could choose the very manual process of using the openssl command, or if you have access to a Kubernetes cluster, you could use a ClusterIssuer Certificate Management Service (cert-manager). If you have the vSphere IaaS Control Plane (formerly known as…
Hey all! Quick note to let you know that we are running another 1 hour Data Services Manager webinar. This one is part of the VCF webinar series and will take place on August 14th, 2024 at 11am PST. This is 7pm for those of us in Ireland and the UK, and 8pm for most of western Europe. This webinar will be technical and is focused at practitioners – essentially VI Admins and anyone responsible for managing data and data services on vSphere infrastructure. For those of you who are not aware, Data Services Manager is a way to deploy,…
The latest version of Data Services Manager (DSM) is now available. DSM version 2.1 delivers a new set of capabilities and functionality, including simplified deployment, MySQL Clustering, LDAP access to databases, Certificate Management, and log shipping enhancements. In this post, I will go through the deployment process of DSM version 2.1 as there are some significant differences when compared the 2.0.x user experience. Our aim is to make the whole process of deployment in 2.1 a lot easier. In future posts, I will look at the other enhancements in more detail, but for now I just want to focus on…