About

I specialize in datacenter and end user computing virtualization, including the servers, storage, and peripherals supporting it.  I like memes, learning new things, BBQ, and fast cars.  Jack of all trades master of none.

Some of my certifications include, in no particular order:

Microsoft MCSE:  Private Cloud
VMware VCP5-DVC
VMware VCP6-NV
Citrix Certified Expert
Nutanix Platform Professional
EMC VNX Technology Architect

Connect with me on LinkedIn

Advertisements

4 comments

  1. Hey hey – just read your NSX write up – NICE! Great tips!

    We just ran into the bug where the exclusion list was emptied out.. ugghhh what a disaster..

    I was poking around searching for a smoking gun when I stumbled across your write up. Do you recall what version of NSX contained this bug and where it was fixed? I really appreciate if you could reply with this, VMware support is dragging their feet.. as usual.

    1. Hi Ken, sorry to hear about your “fun”. If I recall correctly, the bug I referenced involved two simultaneous GUI connections to the Exclusion List causing one or more VM’s to be removed from it. I was able to find that as a known issue in the release notes beginning in 6.3.0 (referenced issue 1676043), and the first mention of it being fixed is in 6.3.3. https://docs.vmware.com/en/VMware-NSX-for-vSphere/6.3/rn/releasenotes_nsx_vsphere_633.html Not sure if that is applicable to your situation, or maybe you discovered a fun new bug yourself 🙂

      For this reason I am still leaving the “global” default rule as allow in the Distributed Firewall Config to this day, and each tenant or application I segment gets their own “default rule” within that section, and that section is scoped to a specific “applied to” security group. Let me know what you find out, always curious. Thanks!

      1. Great Advice, this makes sense, although the actual article states the issue is caused by 2 simultaneous interactions within the interface, but looking at the logs this wasn’t the case, I hadn’t touched the list for over an hour until the next admin performed his work, so I think your assessment is more accurate in that it was two people logged in and accessing the exclusion list interface. Thanks again!

  2. I had this happen to me in our lab, both GUI connections were my own but in different browser tabs, and I definitely was not simultaneously editing the list in both tabs…I think that issue may be a little broader in scope than the release notes indicate, but who knows.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s