Aaron Rombaut

January 23, 2024February 6, 2024

Nested VMware NSX

Disclaimer:

While I worked for VMware from March 2019 and up until the Broadcom acquisition in November 2023, and continued on with Broadcom, this post (and website as a whole) is solely for my purposes and in no way represents VMware or Broadcom’s views or best practices. Heck, for all I know, this is accidentally working in my lab. Either way, VMware nor Broadcom are officially backing this post.

Introduction

It’s odd to me that I have been a part of the virtual world for quite a while now and have just finally come to terms that I really should figure out the basics of VMware NSX. With Broadcom’s shift to pushing VMware VCF, this just makes sense. However, even with a Cisco CCNA certification under my belt for the last seven years and working with networking equipment for the past ten years, VMware NSX continues to confuse me and only recently am I starting to make sense of it.

Hopefully this post will help others out there that are trying to learn VMware NSX and the nuances that go long with it, especially in a nested lab.

December 19, 2023February 16, 2024

Nested VCF Lab: Virtual Machines

Overview

There are a few necessary services that need to be running for a Nested VCF lab. These services include Domain Name System (DNS) and Network Time Protocol (NTP). A few additional services, while not necessary, are very helpful. These services include a file server and a management virtual machine.

December 19, 2023February 7, 2024

Nested VCF Lab: Networking

Overview

The networking component for the nested VCF lab is very important. There are certain things that must be configured for a successful deployment. These settings do not apply in a production scenario where the physical hosts are connected to Top-of-Rack Switches. Doing so could open up a serious security situation.

November 22, 2023November 30, 2023

Configuring Smart Card | Common Access Card (CAC) | Personal Identity Verification (PIV) in VMware vSphere and VMware Horizon

Overview

I use a YubiKey 5Ci (by Yubico) in my lab. This allows me to log in with a smart card interface. If you are looking for information on how to configure smart card access in your lab, please reference the following post: MyLab: Smart Card Authentication

November 21, 2023November 21, 2023

VMware Horizon Best Practices

Overview

There are a few things that should be configured to ensure the best possible user experience when it comes to a Virtual Desktop Infrastructure (VDI). After all, if the users cannot use it or are logging endless incidents, then we have failed our customer.

November 14, 2023November 14, 2023

VxRail: Upgrade Notes

Overview

There are some things that should be done prior to upgrading the VxRail that will help with a smooth upgrade. I will not be performing a VxRail upgrade, here, but rather list resources that I have been provided or used in the past. Some of the resources below require you to log in to the Dell Support page.

Disclaimer: I do not work for Dell; these are my notes and should not be used without Dell Support involved in a production scenario.

November 9, 2023November 9, 2023

MyLab: Configuring VMware Horizon on Unified Access Gateway (UAG)

Overview

This post will document how to configure VMware Horizon on Unified Access Gateway (UAG). To get this working the first time, ensure the following appliances are configured. A Unified Access Gateway should already be deployed and configured. Reference the link for more information on how to:
* Log into the Appliance Settings
* Configure NTP servers
* Configure TLS settings (Admin and Internet interfaces)
* Configure a SAML Identity Provider (IdP)
* Configure High Availability Settings (if required)
* Configure network settings.

The other technology that should already be configured are the VMware Horizon Connection servers. It is ideal to have separate Horizon Connection servers for internal and external endpoints. The configurations for these servers are different when dealing with tunnels and secure gateways. Ensure the Horizon Connection servers have TLS certificates configured.