This blog will cover how we can pass custom values into the SaltStack state that make up the security checks. Such customisation provides the ability to define SaltStack compliance policies with a custom variable value. It essentially supports applying certain checks with required variables using the out-of-the-box CIS benchmarks, e.g. security compliance check “Ensure password expiration is 365 days or less”, which will ensure password expiration is 365 days or less. However, my standard policy accepts password expiration to 180 days. Variables are used to customize policies to the specific organization’s internal policies. Please note that this process is not applicable If you like to create and test custom compliance…
-
-
Patching Linux VM using VMware SaltStack Config Management
This blog will cover VM workload configuration management by using SaltStack, which provides configuration management besides compliance and vulnerability capabilities for the workload. Before we dive into how to use SaltStack config management functionalities, I will quickly share a bit more on VMware SaltStack. SaltStack, by default, comes as SaltStack Config, which helps maintain configuration and perform day 2 actions. Essentially, the benefit of SaltStack is to provide native config management, self-healing config with event-driven automation & orchestration. It supports building and scheduling repeatable jobs for self-service automation. Also, preserve tons of workload/systems with fast, hyper-scale automation. SaltStack supports flexible control with agents, agentless, and API proxy agents. For more…
-
Enabling VMware SaltStack SecOps functionality for Compliance & Vulnerability Management.
This blog will cover enabling SecOps functionality on SaltStack, which provides compliance and vulnerability capabilities for the workload. Before we dive into how to enable the SecOPs feature, I will quickly share a bit more on VMware SaltStack. SaltStack, by default, comes as SaltStack Config, which helps maintain configuration and perform day 2 actions. Essentially, the benefit of SaltStack is to provide native config management, self-healing config with event-driven automation & orchestration. It supports building and scheduling repeatable jobs for self-service automation. Also, preserve tons of workload/systems with fast, hyper-scale automation. SaltStack supports flexible control with agents, agentless, and API proxy agents. For more details on SaltStack, please refer to…
-
vRealize Automation 8 Code Stream – Part 3 Continuous Integration & Deployment
vRealize Automation 8 Code Stream – Part 3 Continuous Integration & Deployment In part 1 of this blog series, I covered how to create vRealize Automation Code Stream Endpoint for Jenkins Server. In part 2 of this blog series, we went through how to create vRealize Automation Code Stream Pipeline with Jenkins Jobs. In this last part of the blog series, I will cover CI/CD for a webapp and run the vRA Code Stream Pipeline which will trigger Jenkins job in the backend that uses Git & Ansible. vRealize Automation Code Stream Introduction – You will find more information about vRA Code Stream in VMware Docs. However, a high level,…
-
vRealize Automation 8 Code Stream – Part 2 Create Pipeline for Jenkins CI/CD Job with Git.
vRealize Automation 8 Code Stream – Part 2 Create Pipeline for Jenkins CI/CD Job with Git. In part 1 of this blog series, I covered how to create vRealize Automation Code Stream Endpoint for Jenkins Server. In this 2nd part of the blog series, I will cover how to create vRealize Automation Code Stream Pipeline with Jenkins for CI/CD with Git as Source Code Management. vRealize Automation Code Stream Introduction – You will find more information about vRA Code Stream in VMware Docs. However, a high level, vRealize Automation Code Stream models the tasks in your software release process and automates the development and test of developer code to release…
-
vRealize Automation 8 Code Stream – Part 1 Create Endpoint for Jenkins CI/CD Job with Git.
vRealize Automation 8 Code Stream – Part 1 Create Endpoint for Jenkins CI/CD Job with Git. In this 1st part of the blog series, I will cover how to integrate vRA 8 Code Stream with Jenkins, Create a Code Stream Endpoint to run Jenkins Job for CI/CD with Git as Source Code Management. vRealize Automation Code Stream Introduction – You will find more information about vRA Code Stream in VMware Docs. However, a high level, vRealize Automation Code Stream models the tasks in your software release process and automates the development and test of developer code to release it to production. It integrates your release process with developer tools to…
-
vSphere 7 with Kubernetes Part 6 – Cloud Native Storage with vSphere CSI for Persistent Volumes
vSphere 7 with Kubernetes Part 6 – Cloud Native Storage with vSphere CSI for Persistent Volumes In part 1 of this blog series, I covered how to create Storage tag and Policy to be used for the Workload management. In part 2 of this blog series, I covered how to enable Workload Management on vSphere 7. In part 3 of this blog series, we discovered how to set up the Content Library. In part 4 of this blog series, we enabled Harbor Image Registry. In part 5 of this blog series, we deployed a Tanzu Kubernetes Grid (TKG) cluster. In this 6th part of this blog series, I am going to cover how…
-
vSphere 7 with Kubernetes Part 5 – Create Tanzu Kubernetes Grid Cluster
vSphere 7 with Kubernetes Part 5 – Create Tanzu Kubernetes Grid Cluster In part 1 of this blog series, I covered how to create Storage tag and Policy to be used for the Workload management. In part 2 of this blog series, I covered how to enable Workload Management on vSphere 7. In part 3 of this blog series, we discovered how to set up the Content Library. In part 4 of this blog series, we enabled Harbor Image Registry. In this 5th part of the blog series, we will see how to deploy Tanzu Kubernetes Grid (TKG) cluster. Previously, these clusters were referred to as ‘Guest Cluster’. TKG cluster is a Kubernetes cluster…
-
vSphere 7 with Kubernetes Part 4 – Image Registry Configuration
vSphere 7 with Kubernetes Part 4 – Image Registry Configuration In part 1 of this blog series, I covered how to create Storage tag and Policy to be used for the Workload management. In part 2 of this blog series, I covered how to enable Workload Management on vSphere 7. In part 3 of this blog series, we discovered how to set up the Content Library. In this 4th part of the blog series, I will cover how to configure Image Registry. This Registry will enable cloud native repository for the container images. Every cluster enabled with vSphere with Kubernetes also has a Registry service enabled which includes a Harbor cloud native repository…
-
vSphere 7 with Kubernetes Part 3 – Configure Content Library
vSphere 7 with Kubernetes Part 3 – Configure Content Library In part 1 of this blog series, I covered how to create Storage tag and Policy to be used for the Workload management. In part 2 of this blog series, I covered how to enable Workload Management on vSphere 7. In this 3rd part for the blog series, I will configure Content Library that contains the latest distributions of Kubernetes and accompanying OS. The content library has been around since previous versions of vSphere. And, many of you would have seen or used it for VM templates, IOS images etc. In vSphere 7, we will use Content Library for the latest…