Managing Docker Containers on Ubuntu 20.04

Today, I want to install the Docker on Ubuntu 20.04.

Content:

1- What is Docker and its use case?
2- Set up Docker's apt repository
3- Install the Docker packages
4- Verify installation

1- What is Docker and its use case?

Docker is an application that simplifies the process of managing application processes in containers. Containers let you run your applications in resource-isolated processes. They’re similar to virtual machines, but containers are more portable, more resource-friendly, and more dependent on the host operating system.

Prerequisites

  • One Ubuntu 20.04 server
  • An account on Docker Hub if you wish to create your images and push them to Docker Hub

Installing Using the apt repository

We must ensure we get the latest version, we’ll install Docker from the official Docker repository. To do that, we’ll add a new package source, add the GPG key from Docker to ensure the downloads are valid, then install the package.

1- Set up Docker’s apt repository.

# Add Docker's official GPG key:
sudo apt-get update
sudo apt-get install ca-certificates curl
sudo install -m 0755 -d /etc/apt/keyrings
sudo curl -fsSL https://download.docker.com/linux/ubuntu/gpg -o /etc/apt/keyrings/docker.asc
sudo chmod a+r /etc/apt/keyrings/docker.asc

# Add the repository to Apt sources:
echo \
  "deb [arch=$(dpkg --print-architecture) signed-by=/etc/apt/keyrings/docker.asc] https://download.docker.com/linux/ubuntu \
  $(. /etc/os-release && echo "$VERSION_CODENAME") stable" | \
  sudo tee /etc/apt/sources.list.d/docker.list > /dev/null
sudo apt-get update

2- Install the Docker packages.

 sudo apt-get install docker-ce docker-ce-cli containerd.io docker-buildx-plugin docker-compose-plugin

3- Verify installation

Verify that the Docker Engine installation is successful by running the hello-world image.

 sudo docker run hello-world

Note:

To generate this message, Docker took the following steps:

  1. The Docker client contacted the Docker daemon.
  2. The Docker daemon pulled the “hello-world” image from the Docker Hub. (amd64)
  3. The Docker daemon created a new container from that image, which runs the executable that produces the output you are currently reading.
  4. The Docker daemon streamed that output to the Docker client, which sent it to your terminal.

Step By Step Install Bind DNS Slave Server on Ubuntu 20.04

Today, I want to install the Bind DNS Slave server on Ubuntu 20.04. In the last post, I wrote about how to install the Bind Master server.

Content:

  1. What is Bind and, its requirement for installing??
  2. Master Bind Server
    1. Install Bind on the Master Server
    2. Configure Forward and Reverse Zones
    3. Create the Forward zone file
    4. Create the Reverse zone file
    5. Configure Options File
  3. Slave Bind Server
    1. Install Bind on the Slave Server
    2. Configure Forward and Reverse Zone

1- What is Bind and, its requirements for installing?

Berkeley Internet Name Domain (BIND) is the most popular Domain Name System (DNS) server in use today. It was developed in the 1980s at the University of Berkley and is currently in version 9. BIND is an open-source system free to download and use, offered under the Mozilla Public License.

1-1-LAB Requirement:

1- 2X Ubuntu Servers version 20.04 from here.

2- update and upgrade your Ubuntu Servers to the latest with this command:

     apt update -y && apt upgrade -y

1-2-LAB Configuration:

  • 1- Master Bind Server:
    • FQDN: Bind01.khoshraftar.com
    • IP: 172.17.116.10
  • 2-Slave Bind Server:
    • FQDN: Bind02.khoshraftar.com
    • IP: 172.17.116.11

3- Bind Slave Server

3-1-Install Bind on the Slave server

     sudo apt install bind9  bind9-utiles

3-2-Create the Forward zone directory

     mkdir /var/lib/bind/zones

3-3-Create the Reverse zone directory

     mkdir /var/lib/bind/reverse

3-4-Configure Forward and Reverse Zone

     sudo vim /etc/bind/named.conf.local

Add the following parameters in the file:

## Forward zone
zone "khoshraftar.com" IN {
    type slave;                                         #Type is Slave
    file "/var/lib/bind/zones/khoshraftar.com.db";      #where save the zone sync
        masters {
                172.17.116.10;                          #who is the Master server?
        };
         allow-query { any; };
         allow-transfer {none; };                       #Not allow zone transfer
};
## Reverse zone
zone "116.17.172.in-addr.arpa" IN {
    type slave;
    file "/var/lib/bind/reverse/116.17.172.in-addr.arpa";
        masters {
                172.17.116.10;
        };
        allow-query { any; };
        allow-transfer { none; };
};

3-5-Verify the syntax of the /etc/named.conf file:

      named-checkconf /etc/bind/named.conf.options

If the command displays no output, the syntax is correct.

Step By Step Install Bind DNS Master Server on Ubuntu 20.04

Today, I want to install the Bind DNS Master server on Ubuntu 20.04.

Content:

  1. What is Bind and, its requirement for installing??
  2. Master Bind Server
    1. Install Bind on the Master Server
    2. Configure Forward and Reverse Zones
    3. Create the Forward zone file
    4. Create the Reverse zone file
    5. Configure Options File

1- What is Bind and, its requirements for installing?

Berkeley Internet Name Domain (BIND) is the most popular Domain Name System (DNS) server in use today. It was developed in the 1980s at the University of Berkley and is currently in version 9. BIND is an open-source system free to download and use, offered under the Mozilla Public License.

1-1-LAB Requirement:

1- 2X Ubuntu Servers version 20.04 from here.

2- update and upgrade your Ubuntu Servers to the latest with this command:

     apt update -y && apt upgrade -y

1-2-LAB Configuration:

  • 1- Master Bind Server:
    • FQDN: Bind01.khoshraftar.com
    • IP: 172.17.116.10
  • 2-Slave Bind Server:
    • FQDN: Bind02.khoshraftar.com
    • IP: 172.17.116.11

2- Master Bind Server

2-1- Install Bind on the Master Server

     sudo apt install bind9  bind9-utiles
  • bind9 – The BIND 9 DNS server software.
  • bind9utils – Utilities that make working with BIND 9 easier.
  • bind9-doc – A documentation package for BIND 9.

After installation, the BIND 9 service should be running. You can check the status with this command:

     systemctl status bind9 

2-2- Configure Forward and Reverse Zones

     sudo vim /etc/bind/named.conf.local

Add the following parameters:

## Forward zone
zone "khoshraftar.com" IN {
    type master;
    file "/etc/bind/zones/khoshraftar.com.deb";
        allow-query { any; };
        allow-transfer { 172.17.116.11; };          #Slave Ip address
};

## Reverse zone
zone "116.17.172.in-addr.arpa" IN {
    type master;
    file "/etc/bind/reverse/116.17.172.in-addr.arpa";
        allow-query { any; };
        allow-transfer { 172.17.116.11; };          #Slave Ip address
};

2-3-Create the Forward zone file and directory

mkdir /etc/bind/zones   
sudo vim /etc/bind/zones/khoshraftar.com.db

Add the following parameters:

; base zone file for khosharftar.com

$TTL         2d    ;  	                default TTL
$ORIGIN	     khoshraftar.com. ; 	base domain-name

; Start of Authority RR defining the key characteristics of the zone (domain)
@         IN      SOA   bind01.khoshraftar.com.      admin.khoshraftar.com. (
                                2024042702           ; serial number
                                12h                  ; refresh
                                15m                  ; update retry
                                3w                   ; expiry
                                2h                   ; minimum
                                )
; name server for Master Bind
@                   IN      NS      bind01.khoshraftar.com.
; name server for Slave Bind 
@                   IN      NS      bind02.khoshraftar.com.

bind01              IN      A       172.17.116.10
bind02              IN      A       172.17.116.11
www                 IN      A       172.17.116.13

2-4-Create the Reverse zone file and directory

mkdir /etc/bind/reverse
sudo vim /etc/bind/reverse/116.17.172.in-addr.arpa

Add the following parameters:

; Reverse zone file for 116.17.172.in-addr.arpa
;
$TTL 3600
@   IN   SOA   bind01.khoshraftar.com.   admin.khoshraftar.com. (
                  2024042703     ; Serial
                  3600           ; Refresh
                  1800           ; Retry
                  604800         ; Expire
                  86400          ; Minimum TTL
                  )

@       IN      NS      bind01.khoshraftar.com.
@       IN      NS      bind02.khoshraftar.com.
; Write your PTR Record
10      IN      PTR     bind01.khoshraftar.com.
11      IN      PTR     bind02.khoshraftar.com.
13      IN      PTR     www.khoshraftar.com.

2-5-Configure Options File

     sudo vim /etc/bind/named.conf.options

Add the following parameters:

acl  "trusted"  {       #An acl directive that defines our local area network (LAN).
     	 172.17.116.0/24;
     	 172.17.116.10;
    	 172.17.116.11;
	};
options {
       	 directory "/var/cache/bind";
	 recursion yes;  		#enable_Recursion_Queries
       	 allow-recursion {
                      		  trusted;
        		};
      	  allow-query {   
                    		    trusted;
      		  };
      	  listen-on {
                     		   172.17.116.10; 172.17.116.11;	
        		};
        	allow-transfer {
                     		   trusted;
       		 };
       	 forwarders {
                      		  4.2.2.4;
     		   };
      	 dnssec-validation auto;
};

2-6-Verify the syntax of the /etc/named.conf file:

      named-checkconf /etc/bind/named.conf.options

If the command displays no output, the syntax is correct.

Step By Step Install Nested Proxmox on ESXi

Today, I want to install Nested Proxmox on ESXi. First:

What is the purpose of Proxmox?

Proxmox VE is an open-source server virtualization platform to manage two virtualization technologies: Kernel-based Virtual Machine (KVM) for virtual machines and LXC for containers – with a single web-based interface.

  1. Intel EMT64 or AMD64 with Intel VT/AMD-V CPU flag.
  2. Memory, minimum 2 GB for OS and Proxmox VE services. Plus designated memory for guests. For Ceph or ZFS additional memory is required, approximately 1 GB memory for every TB used storage.
  3. Fast and redundant storage, best results with SSD disks.
  4. OS storage: Hardware RAID with batteries-protected write cache (“BBU”) or non-RAID with ZFS and SSD cache.
  5. VM storage: For local storage use a hardware RAID with battery-backed write cache (BBU) or non-RAID for ZFS. Neither ZFS nor Ceph is compatible with a hardware RAID controller. Shared and distributed storage is also possible.
  6. Redundant Gbit NICs, and additional NICs depending on the preferred storage technology and cluster setup – 10 Gbit, and higher is also supported.
  7. For PCI(e) pass-through, a CPU with a VT-d/AMD-d CPU flag is needed.

Prepare Installation Media

Download the installer ISO image from: https://www.proxmox.com/en/downloads/proxmox-virtual-environment/iso

The Proxmox VE installation media is a hybrid ISO image. It works in two ways:

  • An ISO image file ready to burn to a CD or DVD.
  • A raw sector (IMG) image file ready to copy to a USB flash drive (USB stick).

I download the ISO image.

Second, Login to your vCenter server or ESXi and Create a New Virtual Machine.

Choose a name for your Proxmox VM.

Now, Select the destination compute resource for this operation

Then, select the storage for the configuration, and disk files.

Select compatibility for this virtual machine depending on the hosts in your environment

Choose the guest OS that will be installed on the virtual machine

Nested Proxmox like ESXi Nested needs some specific configuration like :

Expose hardware-assisted virtualization to the guest OS in the CPU

Mount Proxmox ISO to CD-ROM

In VM options, In Boot Options, Configure Boot Delay = 5000 MS

Now, power on your VMs, and after that Press F2.

In the Boot Tab, Select CD-ROM Drive as the first boot device, and Press F10 to save these settings.

Now you see Proxmox Virtual Environment, I press on Graphical Environment.

Click on I agree

Select Target Hard Disk

Select Country and Time Zone

Enter your password and email address

Select Management Network

You see the Summary page and finally, click on the Installation button

After installation, you can see this page, now we can connect to the Proxmox portal.

Enter username and password.

Now you can see the Proxmox Page.

Finish 🙂

How to change vCenter Server Certificate

Hi, Today I decided to change my VCSA 8.0 certificate. For this purpose, we must do 4 things:

  1.  Create CSR from the vCenter server
  2.  Get a Certificate from an authority CA (I use a Microsoft CA server)
  3.  Install OpenSSL and Convert the CER format certificate to PEM format
  4. Assign it to vCenter

Let’s start.

1. Create CSR from the vCenter server:

1-1 Login to vCenter Server

1-2 Go to the Inventory

1-3 Go to the Certificate –> Certificate Management –> Generate Certificate Signing Request(CSR)

1-4 Enter your information

1-5 Copy CSR Request

2. Get a Certificate from an authority CA (I use a Microsoft CA server)

2-1 Go to your Microsoft CA server (or other Authority Certificate) http;//your_CA-Server_IP/certsrv

Click on the “Request a certificate

2-2 Click on the “advanced certificate request

2-3 Past your CSR request here (We copy CSR Request in 1-5) and choose Web Server, then click submit.

2-4 Download Certificate (Base 64 encoded)

3.  Install OpenSSL and Convert the CER format certificate to PEM format

3-1 Now, we need to convert this certificate to PEM, so we need a tool for covering the certificate.

I used OpenSSL tools.

How to install OpenSSL?

3-2 I downloaded the MSI version. And click on it.

3-3 Accept the agrrement and Next.

3-4 Select a path for installation.

3-5 Next

3-6 Click on the Install button.

3-7 Open the Command prompt as an administrator account, then go to the installation_path\OpenSSL-Win64\bin

3-8 Used this command to convert .cer to .pem. (for vCenter Server certificate)

openssl x509 -in certnew.cer -out certnew-vc01.pem

3-9 Used this command to convert .cer to .pem. (for root certificate)

openssl x509 -in root.cer -out root.pem

4. Assign it to vCenter

4-1 Now, click on the “Import and Replace Certificate” button.

4-2 Choose to Replace with external CA certificate where CSR is generated from vCenter Server.

4-3 Click on the Browse File button, then

4-4 Select vCenter PEM format certificate

4-5 Click on the Browse File button, then

4-6 Select root PEM format certificate

4-7 The vCenter ask you to wait some minutes and after that try to refresh your browser.

Finish 🙂

How to install an unattended vCenter

Estimated reading time: 6 minutes

Hi, Today, I decided to install an unattended vCenter (vCSA) server appliance. You can use the CLI installer to perform a silent deployment of a vCenter Server appliance on an ESXi host or vCenter Server instance.

The CLI deployment process includes downloading the vCenter Server installer on a network virtual machine or physical server from which you want to perform the deployment, preparing a JSON configuration file with the deployment information, and running the deployment command.

Steps:

Step 1– Register your vCenter Server appliance A and PTR record on your DNS server. Like this: vc01.khoshraftar.com. Then:

vCenter
vCSA

Step 2– You can choose where you want vCSA installed, on one ESXi or one existing vCenter. I will be installing it on an ESXi. Then:

Step 3– Download vCSA ISO, mount it, and navigate to \vcsa-cli-installer\templates\install. This folder contains JSON configuration files, which you can edit and then use with the vCSA command line installer. The JSON files, used in conjunction with command line parameters, provide a way to run an unattended vCSA installation. Then:

I selected the embedded_vCSA_on_ESXi.json file to match the deployment type that I wanted.

khoshraftar.com
vCenter

Step 4– Copy the selected JSON file (embedded_vCSA_on_ESXi.json) to a local folder on your computer; where you’re running the installer from. Then:

I copy it here, then:

C:\Users\Administrator\Downloads\source\embedded_vCSA_on_ESXi.json

Step 5– Using Visual Studio Code or Notepad ++, edit the JSON file as follows. Refer to this link for a complete list of parameters. Then:

Sections 1: Target ESXi Server details.

HostnameThe FQDN or IP of the ESXi host on which vCSA is installed.
Username & passwordThe credentials needed to access the ESXi.
Deployment.networkThe portgroup to which vCSA Management connects.
khoshraftar.com
vCenter

Sections 2: vCSA deployment details

You must provide the ‘deployment_option’ key with a value, that will affect the vCenter Server Appliance’s configuration parameters, such as the vCenter Server Appliance’s number of vCPUs, the memory size, the storage size, and the maximum numbers of ESXi hosts and VMs which can be managed. For a list of acceptable values, run the supported deployment sizes help, i.e. vcsa-deploy –supported-deployment-sizes.

thin.disk.modeDetermines if the vCSA’s disks are created using thin disk mode.
Deployment.option Refer to this to review the available deployment types.
Name The name assigned to vCSA’s VM; is displayed in the inventory.
khoshraftar.com
vCenter

Sections 3: vCSA network details

ip.family The IP version used (4 or 6) for the network configuration.
mode Determines if static and dhcp network settings are used.
ip The IP address assigned to the vCSA.
dns.servers 
A comma-separated IP address list of DNS servers configured on vCSA.
prefix Subnet mask in prefix format (Ex. 255.255.255.0 = 24, 255.255.240.0 = 20).
gateway The IP address of the default gateway set on vCSA
system.name The FQDN (hostname) for the appliance.
khoshraftar.com
vCenter

Sections 4: vCSA OS

password The root password is used to access vCSA’s via SSH, VAMI, or otherwise.
ntp_serversSet your NTP server IP address
ssh.enable Set to true to enable SSH access by default.

khoshraftar.com
vCenter

Sections 5: SSO details

password This is the password for administrator@vsphere.local.
domain-name The SSO domain name (you can leave it as is).
khoshraftar.com
vCenter

Step 6– Open an administrative command prompt and navigate to \vcsa-cli-installer\win32 on the mounted ISO image. Then:

khoshraftar.com
vCenter

Step 7– Perform an Installation using vcsa-deploy install. Then:

khoshraftar.com
vCenter
vcsa-deploy install --no-ssl-certificate-verification --acknowledge-ceip --accept-eula C:\Users\Administrator\Downloads\source\embedded_vCSA_on_ESXi.json
khoshraftar.com
vCenter

Deploying vCSA OVF. Then:

khoshraftar.com
vCenter

And the Final result.

khoshraftar.com
vCenter

Finally, you can find your logs file from here:

khoshraftar.com
vCenter

Finish 🙂

My Latest Posts:

Error 421 while connecting to Horizon via HTML Web Console after an upgrade to 2306 or Later

Hi, I experienced an issue where end users received an HTTP 421 error when connecting to a VMware Horizon web after it was upgraded to 2306. 

What is an HTTP 421 error?

The HTTP 421 Misdirected Request client error response code indicates that the request was directed to a server that is not able to produce a response. This might be possible if a connection is reused or if an alternative service is selected.

Symptoms:

While connecting to Horizon over an HTML Web console, users encounter an error 421.

Cause:

The default value of the security configuration setting allowUnexpectedHost has changed from true to false.

This means that connections using the name or IP address of a proxy, gateway, or load balancer that is not defined in locked.properties will fail, even if checkOrigin and enableCORS are both set to false.

Resolution:

Add security configuration setting allowUnexpectedHost = true in your locked.properties in connection servers after that restart Horizon services.

You can find locked.properties from below address:

C:\Program Files\VMware\VMware View\Server\sslgateway\conf\locked.properties

Finish 🙂

Update the Unified Access Gateway Appliance Using PowerShell

Estimated reading time: 8 minutes

If you want to Update the Unified Access Gateway Appliance (UAG), You have two methods:
1- Update it Manually.
2- Update with PowerShell.
In this post, I talk about updating UAG with PowerShell.

What is UAG?

Unified Access Gateway equips remote workers anywhere, anytime with secure access to Horizon virtual desktops and applications.

How can I update it?

UAG doesn’t have an update engine solution on itself. You must install it again from scratch, and replace the configuration on it. You must spend more time installing it again. But you can use the PowerShell script for quick deployment.

What is the requirement?

1- You need to download Unified Access Gateway (UAG) PowerShell Scripts.

2- You need to download the INI file of the UAG configuration.

3- You need to download the OVF Tool. (The PowerShell deploy script requires these tools)

Procedure:

Step 1- Download the OVF Tool from Here.

I downloaded the OVF Tool for Windows 64-bit.

1-1 -Install the OVF Tool on the VM where you are going to run the UAG Deploy script.

Update the Unified Access Gateway Appliance Using PowerShell

1-2 – Click Next, after that:

Update the Unified Access Gateway Appliance Using PowerShell

1-3 – I accept the terms in the License Agreement. Then:

Update the Unified Access Gateway Appliance Using PowerShell

1-4 – Choose the destination Folder, Then:

Update the Unified Access Gateway Appliance Using PowerShell

1-5 -Install it.

Update the Unified Access Gateway Appliance Using PowerShell

1-6- Finally, Click on the Finish button

Update the Unified Access Gateway Appliance Using PowerShell

Step 2– Download the Unified Access Gateway OVA from the Customer Connect portal to your machine.

You download the latest version.

Step 3– Create an INI configuration file for the Unified Access Gateway virtual appliance.

3-1 – Login to UAG server: https://UAG_Address_Server:9443/admin, Then:

Update the Unified Access Gateway Appliance Using PowerShell

3-2 – Click on the Configure Manually button, Then:

Update the Unified Access Gateway Appliance Using PowerShell

3-3 – In the Support Settings Section, Click on the INI and download it. Then:

Update the Unified Access Gateway Appliance Using PowerShell

Step 4– Download the Unified Access Gateway (UAG) XXX PowerShell Scripts files into a folder on the machine. The ZIP files are available on the Customer Connect page for the Unified Access Gateway.

4-1 – Extract the Zip file and copy and paste the UAG ova file and INI file here. Then:

Update the Unified Access Gateway Appliance Using PowerShell

Step 5– open UAG_Settings.ini, you need to configure these parameters:

5-1 – You can choose diskMode deployment is thin or thick:

5-2 – You must write the vsphere datastore name for deploying UAG OVA. Then:

5-3 – Give a name for your UAG VM.Then:

name= khoshraftar-UAG01

5-4 – Enter the Backend Network port group.Then:

netBackendNetwork= Edge-PG-MGMT-V3001

5-5 – Enter the Internet Network port group.Then:

netInternet= khoshraftar-DMZ

5-6 -Enter the management Network port group.Then:

netManagementNetwork=Edge-PG-MGMT-V3001

5-4 – You must write the path of UAG OVA.Then:

source= C:\uagdeploy-23.09.0.0-22617266\uagdeploy\euc-unified-access-gateway-23.03.0.0-21401666_OVF10.ova

5-5 – You must write vCenter_name/ Datacenter_name/ host/ Cluster_name

(you must use host in your address)

target= vi://vc01.khoshraftar.com/DatacenterA/host/ClusterMGMT/

Update the Unified Access Gateway Appliance Using PowerShell

5-6 – If you have an error, you can change secureRandomSource from default to /dev/random

secureRandomSource= /dev/random

5-7 – save the INI file.

Step 6– Open PowerShell as administrator and use this command

& "C:\uagdeploy-23.09.0.0-22617266\uagdeploy\uagdeploy.ps1" -iniFile "C:\uagdeploy-23.09.0.0-22617266\uagdeploy\UAG_Settings.ini"

I use &, Because I have quotes in INI and PS1 path, PowerShell executes the path instead of just echoing the string.

6-1 – Enter admin user password for UAG, Then:

6-2 – Re-enter the admin user password for UAG, Then:

6-3 -Enter the admin user password for UAG Admin UI and Rest API, Then:

6-4 -Re-enter the admin user password for UAG Admin UI and Rest API, Then:

6-5 – For CEIP, enter no., Then:

6-6 – Accept SSL fingerprint, Then:

6-6 – Enter the Username and Password of the vCenter server, Then:

6-7 -Deploying Start, Then:

Update the Unified Access Gateway Appliance Using PowerShell

Finally, The transfer is completed.

For more information, use this link.

Finish 🙂

My Latest Posts:

NSX Multi-Tenancy and VPC

Hi, Today I would like to talk about NSX Multi-tenancy and VPC.

Multi-tenancy

Multi-tenancy is the ability to offer NSX networking and security services to multiple tenants completely isolated from each other. Every tenant will also have its own RBAC configuration and can be assigned quotas to limit the number of objects that can be created inside a tenant. Multi-Tenancy has been a long-awaited feature in NSX which enables not only service providers but also end customers to provide NSX services tailored and scoped down to a department/team level on the same NSX instance, previously that was only possible by deploying different NSX instances per tenant/department.

Multi-Tenancy in NSX is achieved by creating NSX projects, where every project represents a logical container of network and security resources (tenant) where every project can have its own set of users, assigned privileges, and quotas. Multi-Tenancy has different use cases such as offering networking as a Service, Firewall as a Service, and so on.

Multi-Tenancy was introduced in NSX UI starting from VMware NSX 4.1, and it uses a two-tier data model, the first tier is called /Infra tier which is referred to as Default space, Default space contains non-isolated objects and is accessible to Enterprise admin and other system-wide users who are not a member of projects. In short, the Default view contains NSX objects that do not belong to any project. The other data model is referred to as the Org model (branch) under which projects (tenants) provision their resources, which implies that every tenant (project) will also have a sub-Infra branch with only objects that are created and available to that project (tenant).

Project configurations are set up under /orgs/default/projects/<project-id>/infra

NSX Virtual Private Clouds (VPC)

Starting in NSX 4.1.1, a project can optionally contain one or more NSX Virtual Private Clouds (VPC).

A VPC represents a self-contained private network within an NSX project that application developers or DevOps engineers in your organization can use to host their applications and consume networking and security objects by using a self-service consumption model.

NSX VPCs can be created only in projects. They cannot be created in the default space.

VPC configurations are set up under the following path of the NSX Policy data model:

/orgs/default/projects/<project-id>/vpcs/<vpc-id>
 

Tier-0 gateways and edge clusters are owned by the default space, and they can be allocated to projects under the org. You cannot create tier-0 gateways and edge clusters inside a project.

Each project can optionally have its own tier-1 gateways, which must be configured in the project. In other words, the tier-1 gateways must be owned by the project. A project cannot use the tier-1 gateways that are configured in the default space.

The first figure shows the default space and two projects under the org.

  • Multi-tenancy Policy data model shows the default space, org, and two projects under the org.The next figure shows the hierarchy of objects in both projects. Under the org, projects 1 and 2 have their own hierarchy of NSX networking and security objects that are created inside the project. Hierarchy of NSX objects in projects 1 and 2 under the org.

How we can create it?

When an Enterprise Admin logs into NSX Manager, the Default view is displayed, as shown in the following screen capture.

 
 

Click on Default

Click on the Manage

Click on the ADD PROJECT, I give a name to it.

I create 3 projects.

I click on the khoshraftar-Production, You can see this project has its own Menu, You can also create a VPC in your project.

In the future, I am going to create a VPC in another post.

Finish 🙂

Step by Step, Install vCenter 8.0 update1

Hi, Today I want to install vCenter 8.0 Update1.

You can find system prerequisites on this page.

I downloaded VCSA 8.0 ISO from VMware.com and run the installer.

I choose Install.

1-Introduction

Note: The external Platform Services Controller deployment has been deprecated.

Note: Installing the vCenter Server is a two-stage process. The first stage involves deploying a new vCenter Server to the target ESXi host or a compute resource in the target vCenter Server. The second stage completes the setup of the deployed vCenter Server. Next

2- License agreement, click on the checkbox. Next

3- Specify the vCenter Server deployment target settings. The target is the ESXi host or vCenter Server will be deployed.

On this page, fill in all the blank fields, Next

Accept the certificate warning and click  NEXT

4- Enter the new VM name for your VCSA 7.0 Update 3 and set the root password for it, NEXT

5- Select your deployment size, I choose Medium Size. NEXT

6- Select data store, you can select Thin or Thick disk mode, NEXT

7- Configure your network settings, NEXT

10- The installer will begin deploying the new VCSA according to the settings you provided. Finish

1- The second stage process. NEXT

2- Set your Time and NTP servers, and you can enable or Disable SSH access to vCenter Server.

3- You have two option2: 1-Create a new SS domain or 2-Join an existing SSO domain

4- You can now join VMware Customer Experience Improvement Program. This basically allows VMware to collect certain sanitized data from your environment, which could help with future releases.

5-Install – Stage 2

6- This process took about 45 minutes for me.

9- Login to the VCSA by the FQDN or IP address and proceed.

Finish 🙂