All Posts

InPKSSeries

Istio and Service Discovery in Kubernetes

Microservice Architecture Microservice architecture is way of designing applications where developers split a large application into many independent services, or microservices. Applications that are not composed of services are called monolithic, as the entire code base runs as one giant process. When you start a monolithic web app, you typically start it up by running…
InChalkboard

NSX Architecture By Plane

Management, Control, and Data Planes A device’s networking functions can be divided into separate planes of operation: the management plane, the control plane, and the data plane. This applies to both physical networking hardware as well as virtual networking components found in Software-Defined Data Centers. Physical vs Virtual The primary difference is not in WHAT…
InBottom Line

VMware HCX

VMware Hybrid Cloud Extension (HCX) is a solution for simplified migrations from one environment to another, be it on-prem, private cloud, or public cloud. Although it has Cloud in its title, migrating from on-prem to Cloud is only one of the use cases. It also simplifies on-prem to on-prem migrations. A number of network functions…
InBottom Line

It’s All About Automation

SDN and Cloud Computing Software Defined Networking (SDN) and cloud computing are two sides of the same coin. It’s all about automation. SDN is the automation of networking. Cloud computing provides services that are on-demand through automation. To give an example of cloud computing automation, consider a site that hosts Minecraft servers. With a few…
InPKSSeries

Istio and Service Discovery in Kubernetes

Microservice Architecture Microservice architecture is way of designing applications where developers split a large application into many independent services, or microservices. Applications that are not composed of services are called monolithic, as the entire code base runs as one giant process. When you start a monolithic web app, you typically start it up by running…
InPKSSeries

PKS and Security 

When it comes to Security, VMware PKS has several levels and considerations. We can leverage the Microsegmentation of Microservices all the way to scanning an image in Harbor, and permit or deny a developer from downloading or pushing a particular image.  Let’s take a look at the different levels that PKS Security is working to help provision a trusted environment.  When we think…
InEducation

Study Notes: NSX Virtualization

Learning NSX doesn’t have to be difficult. If you are new to NSX, this series will start from the beginning and will explain things along the way, in short, but easy to follow bite-sized chunks.   Virtualization Virtualization is the first concept we need to really understand. It is primarily about decoupling. With virtual machines,…
InPKSSeries

PKS and NSX-T Design

VMware PKS fully leverages vSphere NSX-T. Let’s take a look at the supported NSX-T design and implementation. NSX-T licenses come with PKS, so there is no reason not to leverage the best in class network virtualization. First, let’s take a look at what is available by using open source networking, and what the advantages are…
InTool Box

Timed Access Lists

Different Rules, Different Hours Timed access lists give you the ability to use a different policy within a specific time range. This can be handy as way to enforce different rules during a planned maintenance window, peak hours, or off hours. As a simple example, all traffic is permitted during normal business hours, Monday through…
InUnder The Hood

Infrastructure Automation with Ansible

Infrastructure Automation Automating infrastructure increases efficiency, reliability, repeatability, and more. Managing servers through GUIs can be laborious, and it’s difficult to keep track of all the appropriate buttons to click for a correct deployment and configuration. Moving from a GUI (graphical user interface) to a CLI (command line interface) is a start, though you still…
InPKSSeries

Managing State in Kubernetes

State Many people associate state with databases, and that’s fair enough; databases are most certainly stateful and a prime use case. State as a concept is broader than databases, and so to understand state in Kubernetes, and in particular the difference between StatefulSets and PersistentVolumes, let’s dive into state abstractly. State is the condition or…
InBottom Line

VMware’s new Service Defined Firewall

Last week ago at the RSA Conference, Pat Gelsinger, VMware’s CEO, announced the arrival of a new and exciting security solution, which strengthens VMware’s security presence. VMware has announced a new firewall offering, named the Service-Defined Firewall. This new offering combines capabilities of the existing NSX platform and App Defense. The goal of this is to…
InPKS

PKS and vSAN Design

Today we are going to talk about storage design with PKS. Before we can talk about what is supported and how it works, let’s make sure we understand why we need persistent storage. Datadog has given us statistics that in 2018, seven out of ten cloud-native applications needed persistent storage. So how can the application…
InPKS

Scaling and Load Balancing in Kubernetes

Disposability Kubernetes is designed to facilitate many cloud native principles; for example, disposability. Disposability means that workloads should be ephemeral where possible – easily replaced rather than migrated, fixed or upgraded directly. Disposability is often described as managing servers like “cattle not pets.” That means don’t groom long living servers, dialing them in manually, SSH’ing…
InPKS

PKS and vSphere Design 

VMware PKS fully leverages vSphere clusters. Let’s take a look at the supported cluster design and implementation. When we look at vSphere clusters, the minimum amount of host is 2 and the maximum is 64, and those are the guidelines according to vSphere limits. You can have many clusters per vCenter server. There is not…
InPKS

Secrets and ConfigMaps

Overview Twelve-Factor Apps are apps that follow modern cloud native principles. Kubernetes is designed for such modern cloud native app development, and as such, many of Kubernetes features are intended to enable adherence to these principles. One such principle is “strict separation of config from code,” which is accomplished in Kubernetes through Secrets and ConfigMaps….
InBottom Line

VMware AppDefense Basics

The security climate is ever-changing, a constant game of “cat and mouse,” where the good guys are always trying to stay one step ahead of the bad guys. This traditionally has been in the form of adding additional security in small blocks, which continue to stack-up like Legos in my daughter’s room. While this approach…
InPKS

PKS the Big Picture

Coming from the engineering and operational side of the house, you are probably wondering what changes are coming down the pipeline, in order to support this new era of development that we have reached. So now you have VMware PKS, and you want to leverage the technology to its maximum potential to support the new…
InPKS

Deploying Workloads on Kubernetes

Overview Since this is the first week of our new PKS Blog Series, we’re going to start off with the basics of Kubernetes and cover how to deploy workloads to Kubernetes, then expose them internally or externally. Kubernetes is an open-source container orchestration platform designed to help wrangle the complexity of a cloud native, microservice…
InBottom Line

App Refactoring and Considerations

When we say “app refactoring,” we are referring to the process of rewriting parts, or the entirety of, a software application without changing the app’s functionality. This may occur for many reasons, such as scalability, deprecated stacks, different resource consumption requirements or limitations reached due to technical debt. Sometimes to take advantage of highly scalable…
InBottom Line

Begun the Source Wars Have

Last week on January 9th, AWS launched DocumentDB, a managed Database as a Service that uses the MongoDB API while competing directly with MongoDB’s own similar paid offering, MongoDB Atlas on the AWS Marketplace. This is only the latest development in a battle that’s been brewing for half a year between cloud providers and open…
InBottom Line

Embracing the Change

Embracing a Change and Learning to Automate   For many companies, we typically see a dedicated group of engineers who handle the infrastructure side of the house, then we have another dedicated group of engineers who handle the development side. This has been the norm for many years and each group has felt comfortable taking…
InBottom Line

What is Cloud Computing?

The problem with the term Cloud, in its popular usage in IT, is that it’s intended to obfuscate complexity to help a varied audience grapple with fundamental shifts in the industry. It’s a marketing term leveraged to sell products, rather than a technical classification described by the IEEE. Real clouds are amorphous and ethereal, and those attributes intentionally drive the metaphors inherent ambiguity. The fundamental point is that something provided to you by the Cloud is flexible and easy, in some way managed for you, and at least initially, hosted by the provider rather than in your own datacenter.
InTool Box

Troubleshooting Cheat Sheets

ICMP is a message service for networking devices. It works in the background supplying information related to network connectivity, but it is also used under the hood in diagnostic utilities. You might already be familiar with echo and echo-reply messages. These are ICMP packets sent and received with a ping. ping 10.1.1.1 !!!!!    …
InChalkboard

Google Cloud Platform 

What’s Google Cloud Platform Google Cloud Platform (GCP) is a Cloud Computing solution that offers IaaS, CaaS, PaaS, SaaS, FaaS. It’s biggest competitors are Amazon Web Services and Microsoft Azure.    Google Cloud Platform Products    GCP is a suite of products and services that Google has been using internally with applications like Google Search, Google Maps, Gmail, and YouTube, and now are available…
InBottom Line

Resistance is Futile

Why Kubernetes is taking DevOps by storm The Coming of Borg In the mid 2000s, Google unleashed Borg upon its datacenters, to assimilate datacenter resources, and manage clusters of containers across them. This system enabled a combination of high availability, efficient resource utilization, and ease of consumption of datacenter resources for developers running their workloads….
InUnder The Hood

Healthcare SDDC Transformation

The mission of most medical institutions is to provide the best possible medical care to their patients while balancing costs. The goal of their IT departments is to empower this mission by deploying technologies that improve health care, reduce cost or both. For the data center teams, the best way to achieve this is by providing an infrastructure the reduces the friction of application owners to consume data center resources.
InChalkboard

Network Definitions

“It is going to be ok…”. That’s what I usually tell Data Center Network folks when we talk about the future of Data Center networking. And just before they can finish the sigh of relief, I follow it up with “…if you are open to learning the new ways of doing things”. One thing we…