vCenter and the certificate saga

So have you ever been through the process of replacing your vCenter and ESXi host default certificates? It’s not something to look forward to in my opinion. Now is this really necessary or not is beyond the scope of this post. But please dont replace the certificates just because you can.

So make that assessment for yourself. Just because you have the option doesn’t mean you have to do it. It is definitely more secure but then again the most secure network is the one with no user. Understand what it takes to manage the replacement certs, what does it mean for future hosts that need to be added, how will these certs be renewed, is their a compliance that you need that require you to have CA signed or self signed certs. All these are good questions to assess if this is the route you want to take. Also, this is not something new with 5.x, the ability to replace certificates have existed for a long time.

This morning, I came across Duncan’s post  where he compiled a list of very helpful links to those painful processes. Again, the process may not be as painful to some. It really depends on the size of the environment that could make this process either a few minute thing or a project within a project. While I was going through the KB articles, I remembered an awesome product I saw around the VMworld SF 2012 time. vCert Manager was by far the simplest way I have seen to manage certificates for vSphere. I don’t recall sharing this information earlier so I figured now would be a good time to do so. Below is an introductory video of what the tool is capable of doing. It is excepted to be released later this year.

New Cards @CloudPhysics

Some of you may remember I mentioned a pretty cool product by a company CloudPhysics about a month or so ago. In August I got an opportunity to meet the smart brains behind it, and did I mention their product also won the “VMworld Best Innovation” award.

As you may already know by now, CloudPhysics included a HA simulation tool which is my favorite card as of now (but I know many more are coming). What it does is saves you time and ultimately money. Ever wondered what your available capacity is and will be if you were to change your admission control setting? Well you can read a few posts I wrote about that topic here or here for example, or you can simply head over to CloudPhysics and save you a lot of time and pain. Its really that simple. And oh did I mention that it will factor in the version of vCenter/ESX(i) you are running so there should not be any gotchas.

Recently, CloudPhysics released two more cards:

  • VM reservations and Limits
  • Snapshots Gone Wild

I like these guys, the cards do exactly as their names suggest. The first one will look at your environment and list out any VM that may have a limit or a reservation. Pretty good aye! Whats even better is that it will flag any VM that may have limits of more than 50% or even less that 50% of whats configured. Both of these could pose an interesting situation. Luckily for me, I only have one reservation in my setup as its pointed out.

The other card is the snapshot police which will list out a list of VMs with their snapshot information. Information like when these were created, number of child, snapshot name to name a few. If you are getting excited about this, you have probably been burned by the snapshot brigade at least once or know what it means. A lot of times that happens beacuse there has not been a simple way to keep track of these. Well now you do.

Head over to CloudPhysics, there are over 900 cards suggested by the community and pretty soon we will start seeing a bunch of them making all our lives a lot simpler so we can do even bigger better things.