First set of VMworld 2012 / SFO photos. Please see the full Flickr set for more.
Update #3: I’ve had zero time to work on my photos. Had a family emergency over the Labor Day Weekend (not fun calling 911 on Saturday). Photos coming soon, I promise! Please check back.
Here’s a teaser photo from the VMworld 2012 Party last night. There will be many more photos to come, so please check back!
Has the smart phone supplanted the Zippo? Empirical evidence provided.
Here’s the Ghandi statue in the Ferry Building parking lot:
The Setup
The VMware View 5.1 Installation Guide recommends replacing the default self-signed SSL certificates on all servers (Connection, Security, and Composer) with a certificate signed by a Certificate Authority (CA). For the externally-facing Security server role, you should purchase a signed cert from an established CA provider. For your internal Connection and Composer servers, however, it makes more sense to deploy an internal CA.
The other day, myself and a co-worker ran into a situation where we had configured Microsoft’s CA server on a Windows Server 2008 Enterprise server, but were having issues getting the Connection servers to connect to it and generate a certificate request (CSR). After spending too much time trying to get past the RPC error, I decided to by-pass that process by using openssl on an ancient MacBook Pro to generate the CSR.
The following is an account of the process I used, noting some of the pitfalls that hung me up along the way and providing references to Web sites which were helpful.
The Procedure
- Generate the CSR on the Mac:
- Generate an RSA key by issuing: openssl genrsa -aes128 -out server1.key 2048
- Generate the CSR using that key: openssl req -new -key server1.key -out server1.csr
- Answer the questions during the CSR generation, making sure to enter the FQDN of the connection server in the Common Name field.
- Sign the CSR using the Microsoft CA’s Web interface:
- Connect to http://<CA Server fqdn>/certsrv
- Select “Request a certificate”
- Select “advanced certificate request”
- Select “Submit a certificate request using a base-64-encoded CMC. . .”
- The next form will allow you to copy and past the text of the server1.csr file into it.
- You can use the Web Server Certificate Template, or create a custom template earlier on the CA.
- Click Submit.
- Download the Base 64 encoded certificate (don’t need the whole chain).
- Generate a .pfx file on the Mac:
- Combine the .csr and .crt files into a .pfx: openssl pkcs12 -export -in server1.crg -inkey server1.key -name vdm -passout pass:<password> -out server1.pfx
- The key here is the ‘-name vdm‘ option which sets the friendly name so that View will use this certificate.
- Install the .pfx file on the View Connection server:
- Transfer the .pfx file from the Mac to the View Connection server. smbclient on the Mac works well for this.
- Open the Certificates (Local Computer) -> Personal -> Certificates snap-in in the mmc.
- Import the .pfx certificate. It will prompt you for the password you gave during generation of the .pfx.
- Make sure to check “Mark this key as exportable. . .”
- Also, make sure the internal Microsoft CA server is imported as a Trusted Root Certification Authority.
- If the self-signed certificate with the Friendly name of vdm is still present, change its Friendly name to something else so that the View server only sees one cert with this Friendly name.
- Reboot the View Connection server. If you just restart the services, the new certificates may not get picked up by View. I’ve had better success simply rebooting.
The Pitfalls
Here are some of the ways I messed up along the way, causing myself more grief than was necessary:
- Spent too much time troubleshooting the RPC issue. While using the CA server Web interface would have made generating the .csr file easier, it wasn’t that much more difficult to create the .csr on my Mac. I still need to fix the RPC issue, but this work-around helped to make progress.
- At first, I skipped the encapsulation of the signed certificate and the private key into a .pfx. After reviewing some of the other blogs which step through this process, I realized I was missing the prompt during import for the private key password.
- Perhaps I was just impatient, but simply re-starting the VMwareVDMDS service didn’t result in a recognized, valid certificate. Rebooting the View server resulted in the certificate being recognized as soon as the services came up.
The References
- Start with this site, as it gives a very good step-by-step process.
- This site shows the steps to generate the CSR using openssl for Windows. The commands don’t translate to a Mac, but the rest of the steps are spot on. The openssl commands for generating the .pfx file, however, do work on the Mac version of openssl.
- This site has the proper options for generating the CSR on a Mac with openssl. Note that I used -aes128 instead.
- VMware View 5.1 documentation on generating the certificates was also helpful in steering me in the right direction.
My wife and I were very fortunate to be guests of the EverFi sponsored ThorSport #98 driven by Dakota Armstrong. I traveled light with my point-and-shoot, but still managed to get a few photos of the inspection process.
As you may know, the session catalog for VMWorld 2012 came out a few days ago. I just took a few moments to peruse the catalog and pick out a list of sessions I though sounded interesting. I still need to prioritize and weed out this list before session registration begins. I will also need to reconcile the sessions I attend with my desire to complete a lot more of the hands on lab sessions than I did at VMWorld 2010. I’m hoping to be more of a lab rat this time around!
In no particular order, here are the sessions on my list so far:
- INF-VSP1504 – Ask the Expert vBloggers
- EUC1190 – VMware View 5.1 Reference Architecture
- INF-BCO1505 – vSphere Replication: Technical Walk-through with Engineering
- APP-CAP2165 – BOSH
- EUC1455 – Horizon Deep Dive and Best Practices
- EUC2030 – VMware View and Storage: Thinking Outside the Box of Disks
- INF-BCO2360 – Disaster Recovery With Site Recovery Manager Customer Case Study
- INF-SEC1172 – Using vShield and vCenter Configuration Manager to Achieve Better Than Physical Security for Business Critical Applications
- INF-STO1545 – Architecting Storage DRS Datastore Clusters
- INF-STO2564 – Supercharged SAN: Fine-tune Your VAAI Enabled vSphere SAN with This Collection of Configuration and Performance Best Practices
- INF-VSP1168 – Architecting a Cloud Infrastructure
- INF-VSP1196 – vCloud Director Networking Deep Dive
- INF-VSP1423 – esxtop for Advanced Users
- INF-VSP2825 – DRS: Advanced Concepts, Best Practices and Future Directions
- OPS-CSM1209 – Securing the Virtual Environment: How to Defend the Enterprise
- EUC1920 – A Case Study: Implementing Zimbra as a Private Cloud Collaboration Solution
- EUC2792 – View 5.1: Security Deep Dive
- INF-BCO2147 – VMware vCenter Site Recovery Manager – What’s New and Technical Overview
- INF-NET2162 – VXLAN Deep Dive
- INF-NET2207 – vSphere Distributed Switch – Technical Deep Dive
- INF-VSP1365 – Understanding VMware ESXi Security
- INF-VSP1475 – vSphere 5 Design Discussions
- INF-SEC1388 – VMware Go: The Zen for SMB IT Management (Business Value)
- PAR1895 – Creating a Highly Profitable Virtualization Practice with VMware Go Pro
- PAR2674 – Opening up the SMB Market with the Zimbra Software Virtual Appliance for Email and Collaboration
If you plan on going, but haven’t registered yet, hop to it!
Just had to whip out a quick blog post about my experience installing the dead-simple Yubikey plugin for WordPress. It really is as easy as the Installation page states:
- Buy a Yubikey
- Create a Yubico ID & API Key (This URL is wrong, I’ve posted the right one below)
- Unzip plugin into your /wp-content/plugins/ directory.
- Enter Key ID on the Users -> Profile and Personal options page.
- Enter Yubico ID & API key on the Settings -> Yubikey options page.
Id/key confused ? Well the Key ID is the first 12 chars from the output Your Yubikey generates, they don’t change, the Yubico ID and API Key is used when communicating with the Yubico authentication server.
I only had one issue, but it was minor. After installing the plugin per the directions above, my login screen had a message stating that Yubikey authentication was disabled because I was missing the PHP Curl and Hash modules. A quick ‘sudo apt-get install php5-curl phg5-mhash; sudo /etc/init.d/apache2 restart’ later, and I was good to go!
Finally, the updated URL for generating a Yubico API key. You need to complete step 1 first, however, because you’ll need to provide an OTP and an e-mail address to generate the API key.
It has been awhile. I didn’t get too many photos from this Farmers Market.
As always, please visit my Flickr Set, or click on each photo below to go directly to it on Flickr. Please share and enjoy these photos, and remember that they are licensed under the Creative Commons Attribution, Non-Commercial, Share Alike (BY-NC-SA) license.
Our third Farmers’ Market of the 2012 season, and another super crowd. This was also the second annual Des Moines Flickr Friend Photowalk. Be sure to check out the other amazing photos there.
As always, please visit my Flickr Set for more photos (there are 23 in this set), or click on each photo below to go directly to it on Flickr. You can also skip straight to the slide show if you’d like. Please share and enjoy these photos, and remember that they are licensed under the Creative Commons Attribution, Non-Commercial, Share Alike (BY-NC-SA) license.
Not too many photos this time, so they are all posted here. Please visit my Flickr Photostream or skip directly to the slideshow for my latest photos. To view larger versions on Flickr, just click an image.
As always, these photos are licensed under the Creative Commons Attribution, Non-Commercial, Share Alike (BY-NC-SA) license.
Our second Farmers’ Market of the 2012 season, and another great crowd. This time, I got some wonderful photos of the talented Brocal Chords vocal group performing on the street corner. I was also able to capture several couples strolling the market.
As always, please visit my Flickr Set for more photos (there are 19 in total), or click on each photo below to go directly to it on Flickr. You can also skip straight to the slide show if you’d like. Please share and enjoy these photos, and remember that they are licensed under the Creative Commons Attribution, Non-Commercial, Share Alike (BY-NC-SA) license.
