Home > Blogs > VMware vSphere Blog

Download DMZ Design and Deployment Guide

Posted on May 20, 2013 by Ranga Maddipudi

I am happy to announce the availability of the VMware vCloud Networking and Security – DMZ Design and Deployment Guide. This paper highlights how securing a virtual DMZ environment using vCloud Networking and Security can be a strategic enabler to your organization as it helps you to reduce your capital expenditure and increase agility, while building a cloud ready, secure and scalable environment for business applications. The paper also highlights the different design approaches to securing business critical applications and enables you to make the choice that is most suited to your organization in the cloud journey. Further, it gives prescriptive configuration guidance to help you get started with the deployment of your preferred approach.

Get notification of these blogs and more vCloud Networking and Security information by following me on Twitter @vCloudNetSec.

VXLAN Series – Multiple logical networks mapped to one Multicast group address – Part 4

Posted on May 13, 2013 by Vyenkatesh Deshpande

In this post I am going to address a common question about the security and performance impact when multiple logical Layer 2 networks are mapped to one multicast group address.

As mentioned in earlier post here, vCloud Networking and Security (vCNS) Manager is responsible for mapping the logical Layer 2 networks to multicast group addresses. If you provide less number of multicast group addresses than the logical layer 2 networks, vCNS manager will assign the logical layer 2 networks to multicast addresses in a round robin fashion. For example, if there are 4 logical L2 networks (A1,A2,A3,A4) and 2 multicast group addresses (M1, M2), Logical networks A1 and A3 will be mapped to multicast group address M1 while A2 and A4 are mapped to M2.

Continue reading →

How Smart Is Your Hadoop?

Posted on May 7, 2013 by Stacey Schneider

EMC World kicked off today in Las Vegas, and much of this week’s buzz is focused squarely on big data. Specifically, VMware’s CEO Pat Gelsinger is hot on how to build big data solutions into the enterprise as a service. During his keynote, Gelsinger and VMware data architect Michael West showed attendees how smart organizations will be deploying and managing Hadoop clusters in the future that will dramatically improve time-to-insight and productivity.

What they demonstrated was Apache Hadoop running on Serengeti on vSphere. What attendees saw was some innovative thinking about how to get more mileage out of their data as well as their datacenter. Continue reading →

VXLAN Series – Multicast usage in VXLAN – Part 3

Posted on May 6, 2013 by Vyenkatesh Deshpande

I covered some basics on Multicast in the last blog entry here. Let’s now take a look how multicast is utilized in VXLAN deployments. During the configuration of VXLAN, it is required to allocate a multicast address range and also define the number of logical Layer 2 networks that will be created. For more details on the configuration steps please refer to the VXLAN Deployment Guide.

Ideally, one logical Layer 2 network is associated with one multicast group address. Sixteen million logical Layer 2 networks can be identified in VXLAN, using 24 bit field in the encapsulation header, but the multicast group addresses are limited (224.0.0.0 to 239.255.255.255). In some scenarios it might not be possible to have one to one mapping of a logical Layer 2 network to multicast group address. In such scenarios the vCloud Networking and Security Manager maps multiple logical networks to a multicast group address. After the discussion on the association of multicast group to logical network, let’s take a look at some details on the logical network properties.

Continue reading →

Using App Firewall with VXLAN Networks

Posted on May 6, 2013 by Ranga Maddipudi

VMware vCloud Networking and Security App Firewall is a hypervisor-based firewall that protects applications in the virtual datacenter from network-based attacks. In this blog, let’s look at how to micro-segment a VXLAN network to deploy a 3-tier application using vCloud Networking and Security 5.1 App Firewall.

Use Case

Each application is deployed using a separate VXLAN network as shown below. To keep the diagram simple, only one application is shown below. The application has three tiers – web, app and db.

Continue reading →

How To Import An OVA Into vCloud Director?

Posted on May 6, 2013 by William Lam

For those of you who have tried to import an OVA directly into vCloud Director have probably noticed that this is not supported and only an OVF file can be uploaded. However, it is possible to upload an OVA directly into vCloud Director, but it does require the use of another tool called the ovftool which is multi-platform command-line utility for OVF/OVA management. This article was motivated by a recent internal discussion and I thought I share this little tidbit in case it was not very well known.

Continue reading →

VXLAN Series – Multicast Basics – Part 2

Posted on May 3, 2013 by Vyenkatesh Deshpande

In the last post here, I provided some details on vSphere hosts configured as VTEPs in a VXLAN deployment. Also, I briefly mentioned that Multicast protocol support is required in the physical network for VXLAN to work. Before I discuss how Multicast is utilized in VXLAN deployment, I want to briefly talk about some of basics on Multicast.

In the diagram below you see three main types of communication modes that are common in a network – Unicast, Broadcast and Multicast.

Figure 1

Continue reading →

SIOC considerations with mixed HBA environments

Posted on May 3, 2013 by Cormac Hogan

I’ve been involved in a few conversations recently related to device queue depth sizes. This all came about as we discovered that the default device queue depth for QLogic Host Bus Adapters was increased from 32 to 64 in vSphere 5.0. I must admit, this caught a few of us by surprised as we didn’t have this change documented anywhere. Anyway, various Knowledge Base articles have now been updated with this information. Immediately, folks wanted to know about the device queue depth for Emulex. Well, this hasn’t changed and continues to remain at 32 (although in reality it is 30 for I/O as two slots on the Emulex HBAs are reserved). But are there other concerns?

Continue reading →

The vCloud Suite Digest (Apr, 2013) with Pang Chen and Mike Laverick

Posted on May 1, 2013 by Tom Stephens

With contributions from: Massimo Re Ferre, Eric Fulton, Tomas Fojta, Ray Budavari, Jesse Schachter, Kyle Smith, Francois Misiak, Benham Chia, Ranga Maddipudi, Trevor Gerdes and Ben Byer

We hope you enjoy this month’s vCloud Suite Digest. This is where we take some questions that we get and disseminate the answers in the hopes that it will help someone else who might have a similar question. This month, we have some great tidbits on guest OS clustering, elastic VDCs, and networking among other things. Enjoy!

Continue reading →

vSphere 5.1 Hardening Guide goes mobile!

Posted on April 30, 2013 by Mike Foley

Hi,

In order to get a wide audience for this topic, I’ve cross posted this post from the VMware Security and Compliance Blog. Enjoy!

It has been a couple of weeks since the release of the vSphere 5.1 Hardening Guide. Right around that time there was a call for updated content for the VMware Mobile Knowledge Portal app Well, I really wanted to see the updated Hardening Guide available on that platform. That presented a challenge. For most customers, the format of releasing it as an Excel spreadsheet meets their need but have you looked at a spreadsheet on an iPad? Not a pretty sight.

Continue reading →

Begin the journey to a private cloud with datacenter virtualization