Thursday, November 13, 2014

SSL Certificate Automation Tool - Past Blogs

I wanted to post these here as they were my first initial Blog Posts, created prior to this blog existing. I was heavy into the development and testing of the Tools until I transitioned into Professional Services Engineering.  The following should still be of great use though, as the process is still incredibly complex.  I hope to see everything get much simpler in the future.

Originally Posted: April 4, 2013

Introducing the vCenter Certificate Automation Tool 1.0

Fresh out of development today VMware has a new tool to help everyone with the implementation of custom certificates. The vCenter Certificate Automation Tool 1.0, will help customers update certificates needed for running vCenter Server and supporting components. This is primarily of interest to customers who use custom certificates either generated internally from Corporate CAs, or from public CA’s like VeriSign.

To add a little background information various components within vSphere and the vCenter platform use certificates for identifying themselves as well as for secure communication with external software entities (browsers, API clients).  These can broadly be classified into the following categories:

  1. Secure token Service Certificate – Certificate used by vCenter Single Sign On (SSO) for encryption tokens
  2. Solution User Certificates – Certificates used by each solution to identify themselves as users to SSO
  3. SSL Certificates  – certificates needed for SSL communication for the UI and API layer
  4. Host Certificates – These certificates are deployed in each ESXi host and used for secure vCenter to ESXi communication.

Note: The new certificate tool automates the updating of certificates in the management layer only (a, b, c above). This tool does NOT handle replacement of certificates in ESXi hosts.

The vCenter Certificate Automation Tool aims to automate the process of uploading certificates and restarting the following components within the vCenter Platform:

  • vCenter Server
  • vCenter Single Sign On
  • vCenter Inventory Service
  • vSphere Web Client
  • vCenter Log Browser
  • VMware Update Manager (VUM)
  • vCenter Orchestrator (VCO)

For more information on how to download, install, and use the tool, refer to KB article: Deploying and Using the SSL Certificate Automation Tool (2041600).

Originally Posted: May 21, 2013

SSL Certificate Automation Tool version 1.0.1

Last month we announced a new SSL Certificate Automation tool to help everyone with the implementation of custom certificates. Yesterday, we released the second version of it (version 1.0.1). This is a minor update which aims to simplify the replacement of certificates further by adding Certificate Signing Request (CSR) functionality to the tool. This functionality allows a user to quickly generate certificate requests (and consequently the private keys) for submission to the Certificate Authority.  The CSR functionality was the largest portion of manual steps, and as a result the update reduces the number of steps by over 15.

In addition, there are several minor bug fixes which were fixed which impacted tool functionality.

For further details and to download the latest version of the SSL tool see: Deploying and Using the SSL Certificate Automation Tool (2041600).

We hope these additions provide useful for everyone!


Look forward to more to come!

First Post - About Me - Why not start now right?

First Post.  I figure I would start off on this blog by getting some detail about myself posted.  As many of you may know, I have been working at VMware for 9 years as of the end of November, 2014.  It definitely has been a journey, to say the least.

I started my journey at VMware in 2005 (yes...seems so weird to say that...crazy how time flies) after having previously worked for Microsoft for a couple of years.  At the time, ESX (I think it was version 2.5...can anyone say MUI) was not really something that was widely used or known in the industry.  I, in fact, started out working with VMware Workstation 4.x as well as GSX 3.x (good old GSX), back when the virtualization technology spectrum was much smaller.

Within about a year of me starting at VMware I had been moved over to the enterprise side of the house supporting ESX and VirtualCenter.  Back in those days, there was no specialties at all, merely fellow engineers who knew storage, or were proficient at networking.  Definitely talk about being thrown into the deep end of the pool.  I remember distinctly being blown away when I saw my first VMotion, so much so that I decided to go more of the Management side of technology rather than the infrastructure side.

Eventually the team was broken up into specialties, of which I ended up being part of the System Operations side of the house, supporting vCenter, ESXi, Certificates, VMotion, DRS, just name a few of the different technologies.

This lead me to a program that allowed me to feed back all of the data from customers into the development teams, and greatly improve the issues which I saw.  Although this was great and I truly enjoy troubleshooting these things to this day, I was eventually offered my current position in the VMware Global Center of Excellence, and subsequently Professional Services Engineering.

Although we are still under the same senior leadership, we have a completely different focus in that we are focused on developing designs, collecting and curating knowledge, and enablement for Professional Services here at VMware. In particular, I am focused with core virtualization elements, including vSphere, Virtual SAN, and Health Check Services.

Though I have only been here for a year and a half now, I have truly grown to appreciate the complexities of all the different products.  From Cloud, to Operations Management the amount that I see about the different offerings that VMware has, is crazy and I truly sometimes even now feel lost in how big it actually all is.

In this blog I intend to discuss anything interesting that I come across,  I hope you enjoy it.