By Mark Ma
With the recent release of App Volumes 2.12, we officially support Microsoft SQL Server Always On Availability Groups.
SQL Always On Availability Groups is a great way to provide high availability and disaster recovery because live copies of your databases reside on secondary servers. By integrating SQL Always On with App Volumes, we ensure the most popular application layering product can be enjoyed by users in any situation.
In this blog post we will take a look at how digitally signing packages in VMware vRealize® Orchestrator™ (vRO) may affect the way you deploy vRO in your environment.
In some use cases, digitally signing workflow packages may affect your vRO architecture and deployment. Let’s consider a few examples.
Let’s say you have vRO ServerA and vRO ServerB in your environment. You’ve performed the steps outlined in How to Change the Package Signing Certificate of a vRO Appliance (SKKB1029) to change the PSC on vRO ServerA , export the keystore, and import it on vRO ServerB. This will allow the following:
Now what happens when you add vRO ServerC?
In this blog post we will look at how to secure your end-to-end PowerShell Execution from VMware vRealize® Orchestrator™ (vRO)—including how not to show passwords when using the Credential Security Support Provider (CredSSP) protocol in a double-hop authentication scenario.
Let’s look at a few common use cases regarding the configuration of vRO, the PowerShell host, the Windows Remote Management (WinRM) protocol, and the PowerShell script/command, and how we can best secure all of them.
Web Services (WS)-Management encrypts all traffic by default, and this is controlled by the AllowUnencrypted client and server WinRM configuration parameter—even if you only work with HTTP (the default configuration) and not with HTTPS. Prior to Windows Server 2003 R2, WinRM in an HTTP session was not encrypted.
What we did in the previous changer was to change the PSC certificate on a vRO server to match our company requirements. The certificate will be used to digitally sign packages we export from vRO.
If you will import digitally signed workflow packages only to their original vRO, no further steps are required.
If you will import digitally signed workflow packages to a different vRO, additional configuration steps are required on the destination vRO. Continue reading
VMware Hybrid Cloud Manager™ is VMware’s management extension for VMware vSphere® and VMware vCloud® Air™. Hybrid Cloud Manager aims to simplify the implementation of a true hybrid cloud.
My Definition of Hybrid Cloud
What is hybrid cloud? In my mind, hybrid cloud means extending my on-premises estate into a data center facility owned and provided by a third party. The key to this definition is in the word “extension.” A true extension means I can retain my existing operating model, security model, and provisioning systems and seamlessly migrate applications from my on-premises environment to my provider’s platform, just as I do within my on-premises environment.
Microsoft® SQL Server® can use Secure Sockets Layer (SSL) to encrypt data that is transmitted across a network between an instance of SQL Server and a client application.
SSL can be used for server validation when a client connection requests encryption. If the instance of SQL Server is running on a computer that has been assigned a certificate from a public certification authority, identity of the computer and the instance of SQL Server is vouched for by the chain of certificates that lead to the trusted root authority. Such server validation requires that the computer on which the client application is running be configured to trust the root authority of the certificate that is used by the server.
For the purposes of this article, the client application that will be configured with an encrypted connection to the database is VMware® vRealize® Orchestrator™. I will show you how to configure vRealize Orchestrator Appliance™ to use an SSL connection when communicating with a Microsoft SQL Server database.
