Wednesday, March 25, 2015

How do you say...

Okay folks, pet peeve time. I admit, I mispronounce some words. I’ve been guilty of saying “on premise” when in fact the correct term is “on premises” (this particular one has gotten a lot of air time in my Twitter stream recently). There are a couple of words that I overheard and thought “wow, do I say that word wrong, or is [redacted] saying it wrong?” Read and heed. Comments? You know the drill.

1. Chassis - Don’t say it like it looks in the English language. It’s pronounced “chassy” (ryhmes with “classy” and originates from French). BONUS: The plural for this word ends in the Z sound. Ref: http://www.merriam-webster.com/dictionary/chassis 

2. Silicon - There are actually two ways to say this, but “silicone” with a long O sound isn’t one of them. Silicone is a Carbon-chain polymer used in caulks, adhesives, and, well, other things. Silicon’s correct American-English pronunciations can be heard here: https://www.youtube.com/watch?v=vlbSxSqRgg4

Monday, March 9, 2015

Aruba Atmosphere 2015 Conference - Review And Feedback

I’m very fortunate to work for an employer that sends me to conventions to “get smart” and bring it back to apply to our IT systems. Having just concluded my first Aruba Atmosphere conference at The Cosmopolitan Hotel in Las Vegas, I wanted to take a few minutes to summarize my experience and provide feedback to the great people that organized and ran the event.

On-Site Registration

From the first day at on-site registration, I felt very welcome. I had received an e-mail with a bar-code to use at check-in, but I hadn’t yet seen it or printed it, so I simply searched for myself by name in the system on a touch-screen kiosk. They system printed my badge and a member of the event staff gave it to me with a lanyard and directions across the room. At that booth I had my badge scanned and received an Atmosphere 2015 bag with my requested t-shirt size.

Certified Training

Although the conference didn’t officially kick-off until Monday evening’s welcome reception, I arrived early for a 2+ day training class. I attended the WLAN Fundamentals class taught by Kimberly Graves (@kimberlyAgraves) and David Westcott (@davidwestcott), and other offerings included Mobility Fundamentals,  Airwave Fundamentals, and ClearPass Fundamentals. These all were in preparation for different Aruba-based certifications, but I was more interested in learning the topic than taking a test. The class was great with sufficient breaks and well-written hands-on labs using remote access to VMware Horizon virtual desktops (referred to in the lab as virtual laptops or VLTs) connected to actual physical wireless NICs.

Welcome Reception

The official kickoff event was in the Tech Playground, the typical trade show floor with vendor booths that event attendees are familiar with. There was also a Tech Playground Theater that held certain presentations by Aruba and their partners who sponsored the show. Behind the assembly of booths was a large area of the ballroom replete with tables of food, such as carving stations with beef and other more international fare. Included with the food were several bars serving beer and soda.

Keynotes

There were two Keynotes held on Tuesday and Wednesday mornings in The Chelsea theater.  Tuesday’s event featured Aruba’s President and CEO Dominic Orr with a special virtual visit by HP’s CEO Meg Whitman. We attendees had all received letters slipped under our hotel room doors officially announcing HP's rumored acquisition of Aruba, and Dom spent a fair amount of time trying to set the attendees at ease and give us confidence in Aruba’s future.

Wednesday’s keynote featured Aruba’s CTO and Co-Founder Keerti Melkote and showed off a number of Aruba’s recent technical innovations.  The one that stands out in my mind was the Meridian-based Bluetooth Low-Energy (BLE) beacons and the ways they can be used in such industries as Retail, Medical, and Education.

Breakout Sessions

Since I’ve mainly been attending Cisco Live and VMworld the last few years, which are upwards of 20,000 strong, it was refreshing being at a conference with about 2500 people. One benefit was that the sessions were rarely packed and my badge was never scanned at the door. All the sessions I attended were very well presented and, usually included other people from their team such as technical marketing and product management. It was fantastic having access to these people to ask questions and provide direct feedback on their products. 

I thought the spacing of time between the sessions was excellent and the lengths of the sessions were just about right. I would suggest the additional training class start Sunday morning instead of afternoon, so the class could be done earlier and we could have more time to attend the other great sessions.

I was hearing WAY too many ringing phones. Truth be told, I even forgot to silence mine and was bitten by it during a session. Please incorporate a standard slide deck that includes a “PLEASE SILENCE YOUR ELECTRONIC DEVICES” so we can show the speaker and other attendees the respect they deserve. Also last slide of the deck could say “remember to fill out your survey."

Meals

During my training sessions, before the official kickoff, meals provided were mainly bagels, cereal, muffins, and fresh fruit for breakfast (pretty good) and boxed meals for lunch (meh). The first day’s lunch was good with plain chips, apple, cookie, and choice of veggie, ham, or turkey (if I recall correctly). The second day’s boxed lunch included the apple and cookie, but the sandwiches were what I would consider fairly exotic and the chips were all choices that I personally didn’t appreciate. Fortunately there are many restaurants in the hotel that are just a short walk away. All meals had great camaraderie with attendees and great conversations.

After the official kick-off, meals were all hot buffet-style and tables were all set with silverware and glasses in advance. The plates were large and allowed us to get all the food we wanted without having to waste time going back for seconds. However, attendees would sometimes waste time looking for a spot at a table that didn’t already have used cutlery. Also, one would have to wait (though not more than a couple minutes) for conference center staff to come by with a pitcher of the meal’s drink selection and fill up your glass.

I suggest Aruba save some money and just provide silverware and napkins as we go through the buffet lines. Then have drink stations scattered around the room for us to choose from. Notably missing from EVERY meal was any selection of soda. This was really unacceptable to a lot of folks who like to have our caffeine but don’t drink coffee. Put some coolers with iced-down cans of soda and let us just grab our own. Even at breakfast. That way we can take a can with us to our first session after breakfast.

Breaks Between Sessions

During my certified training class, there was one break the first day that provided snacks, though they were almost completely gone by the time my class took our break. Also, I believe that break included soda (Diet Coke FTW!) with ice and cups. Most breaks the rest of the conference included a snack of some kind sponsored by one of Aruba's partners at the show (popcorn sponsored by MobileIron, for instance). Unfortunately, I don’t remember a single break the rest of the conference that offered soda. Repeated requests for this on Twitter apparently fell on deaf ears, so I purchased some myself from a small casino shop downstairs for a premium. Even some people I talked to that drink coffee (I don’t) said they were getting tired of it and would have enjoyed soda for a change.

Social Media

The display of social media was great around the conference center in the form of LCD TVs displaying tweets that used the show’s #ATM15 hashtag. I saw regularly released announcements on Twitter reminding us of certain events (e.g., “Don’t miss out on the most important meal of the day” with a fun graphic showing where breakfast was). I also commend the coordination shown by the social media team early in the week with folks on Twitter, particularly Monday morning when some folks couldn’t get on the wireless. Perhaps more people could be dedicated to “manning the Twitter account” for the week to be more responsive to needs and requests of attendees.

Another way to engage with social media is to take advantage of “influencers” that blog, are active on social media, and folks active on the Airheads Community forum. As I’ve seen at other conferences, I suggest tables with plenty of power plugs either at the keynote or in a separate “hang space” where the keynotes get live-streamed to where influencers can take notes, write blogs, and engage in social media outlets like Twitter. The marketing value of these influencers can’t be underestimated. Check out the podcast called “Geek Whisperers” for more ideas on this.

Tech Playground

Many Aruba partners in attendance had technical displays and smart people manning their booths to answer questions. In addition, there was a great variety of Aruba booths set up to showcase their latest technology. One challenge I had was in finding someone to answer a question about Aruba’s VIA remote-access VPN system. I happened to find an employee that talked with me about it, and it turns out this particular employee was quite involved in the setup of the Tech Playground.

While all the Aruba booths did a good job showing the latest tech, I suggest there be someplace set aside, either a set of booths or a bunch of large whiteboards, manned by TAC folks, technical marketing engineers, or some other experts in all the currently available and supported products. That way, there would be no doubt where someone like me should go to ask a question. Ideas for a name might be “Ask The Expert” or “Technical Solutions Clinic.”

Another idea, to help “newbies” like me get better acquainted with all the Aruba gear, the hardware displays could show all past and present gear produced by Aruba, a kind of “Aruba Archive” of sorts. The conference organizers could add onto this every year along with tags showing year and month introduced, date of last support, and some technical facts about each controller, AP, and physical appliance.

Atmosphere 2015 App

As with all great conferences, this one had a mobile app. Available on Android and iOS, it featured an interactive map using BLE beacons placed around the conference center to show accurate indoor location and turn-by-turn directions. The app also included “My Agenda” which is a must for those of us that sign up for classes and forget months later what we signed up for. :-)  The information included in the app was extremely useful, albeit somewhat disorganized. I recommend streamlining it to allow one-touch access to My Agenda and make the Full Agenda more mobile-friendly. Kudos on the successful integration of Meridian technology and being able to showcase that for us! It was fun to look around and find some of the beacons and where they were hiding, and it was great getting popups such as “Welcome To Atmosphere 2015” when I first entered the lobby of the hotel.

One idea for the app would be to permit opt-in location tracking to let other attendees find where we are. This would facilitate impromptu meetings, though it should be opt-in to prevent a potential privacy concerns (a.k.a. "creepiness factor”).

The app included the ability to fill out surveys for each session, which was very convenient! However, asking us to rate the session and speaker isn’t relevant for meals. Please make sure the survey questions are relevant for the type of session. If we check into a room for a session by either being scanned or by location tracking of our phone, a database can then tell if we’ve attended and only ask us to answer survey questions for the sessions we’ve attended. There’s no need to ask me to rate a session that I didn’t attend, and if I attended one that wasn’t on my schedule to begin with, I should be prompted to answer survey questions for THAT session instead.

I also recommend turning the map to the vertical rather than horizontal, as that would more efficiently use screen space on the user’s mobile device.

Atmosphere 2015 Network

I had the opportunity to attend the “Lessons Learned” session presented by the team that built and ran the show network and was enlightened by some of the lessons they learned. My compliments to all involved on providing us a solid wireless experience—I would expect nothing less from Aruba Networks! That being said, there are some improvements that can be made for next year. I understand some may be harder to do than others, but I just wanted to provide some “brainstorm ideas”:

  • Provide IPv6 (I believe this was mentioned as being planned for next year)
  • Don’t use NAT/PAT - Get a block of IPs from the service provider, both IPv4 and IPv6, just for the show. IPv6 especially was designed to eliminate the need for NAT, and I personally know people that have a seething hatred for NAT. My dislike for it isn’t quite that strong, but NAT is commonly (and incorrectly) assumed to be and used for a security mechanism. It’s not.
  • Ensure upstream redundancy - maybe it was there but the presentation didn’t go into that level of detail on the wired network
  • Provide read-only access to AirWave and ClearPass used for the show. This provides 100% transparency for what is going on and would be a HUGE selling point and learning experience for all attendees. An alternative to this would be to set up a NOC of some kind with outward facing screens that provide read-only access for us to take turns on and click around to learn more.
  • Use the network overall to showcase products and technologies made by Aruba and Aruba’s partners. Perhaps physical security cameras attached to the show network with an HP storage array back-end? Aruba isn’t just about wireless anymore—prove it to us with this unique opportunity.

General

I had several positive comments on Twitter based on my sharing of the conference events. I live-tweeted the two keynotes as well as the lessons-learned session I attended. People genuinely want to participate and learn, even those that aren’t able to attend in person. Aruba could take advantage of this by providing live-streaming of key sessions, such as the keynotes and more popular breakouts, to virtual attendees for a cost lower than the on-site conference. This would of course require a fair amount of coordination and work, but I can see huge benefits to Aruba’s brand and it’s ability to cast it’s message far and wide. Virtual attendance combined with an increased stress on influencers in social media could be a major boon for Aruba, it’s partners, and increasing customer base.

The Firing Line was a panel of Aruba corporate leadership that listen as attendees step up to the microphone and ask any question they want. I understand this is the traditional close of the conference and I think it’s fantastic. It really adds transparency. I recommend this be live-streamed to virtual attendees, and it would be great if there was a live Twitter chat or some other online channel where virtual attendees can ask questions even though they’re not on-site.

The Tone

I was frankly shocked witnessing the open and verbal hostility towards Cisco at this conference. I’ve been a longtime Cisco customer and I love how Aruba systems like AirWave and ClearPass can interoperate with Cisco gear as well as kit from other vendors. In the interest of full disclosure, I participate in the Cisco Champion program and I use many of their products. No vendor has ever sold me something by putting down their competitor. In fact, when I hear a vendor doing that, it turns me off to considering them at all. You’ve got great equipment, and great people. Some Aruba employees used to work for Cisco, and I talked to several Aruba folks that also didn’t like the hostile tone struck during this conference. When I heard Meg Whitman say “We’re going to beat Cisco” I saw that as totally inappropriate for this audience. It may be appropriate to say internally in a company, and maybe even to your partners. But definitely not to customers who still happily use “the enemy’s” products. You’re classier than that Aruba. Don’t give your competitor any of your airtime (pun intended). Just sell me on the merits of your stuff. I’m smart enough to see the benefits, and that’s why I use your gear.

Conclusion

Overall, I found the conference to be very informative, enjoyable, and beneficial. I’m taking a gigaton of useful information and ideas to improve our systems and workflows back home, and I made new friendships and kindled old ones that will continue to benefit me throughout the year on Twitter. Many thanks to those that planned and ran the event. And thanks to Aruba employees, partners, and ultra-smart customers for making me smarter. I would certainly enjoy attending Atmosphere 2016 if I’m able to.

Got questions or comments? Hit me up on Twitter (@swackhap) or drop a comment below.

 

 

 

 

 

Thursday, June 26, 2014

Cisco Nexus 7000 - Basic Design Case Study and Lessons Learned

As a senior-level engineer with my company, I have the opportunity to do some basic system design. It’s not the kind of experience I would get with a VAR or a larger enterprise, but I count my blessings every chance I get to install and play with new gear.

We deployed a Nexus 7000 in our main datacenter three years ago for 10Gbps connectivity, and we’re now getting around to doing the same thing in our collocated DR site.  Due to tech advancements, though, it doesn’t make sense for us to use identical hardware for the DR location.  Here I’ll compare the old to the new and some of the lessons learned while getting the new one set up.

Our older Nexus 7010 uses Sup1 supervisor engines and M1-series line cards.  We started with a single VDC (virtual device context) model, then later added an L2-only VDC to introduce mass in-line firewall functionality. Having all M1 line cards made this really easy. We’re still running NX-OS v5.1.5 because we’ve had no particular reason to upgrade. Installation was made easier with help from our Cisco partner.

Now there are M1, M2, F1, F2, F2e, and F3 line card models that use different architectures.  I’ve been reading entire slide decks from Cisco Live that talk about how certain features can be implemented with particular combinations of models of line cards. Combining that plethora of information, along with our requirements, presents a formidable challenge. Add on the fact that we MAY WANT to do certain things in the future (like OTV for instance) and it’s even more interesting.

Our new N7K, which is also a 7010, has dual Sup2 supervisors along with M1 and F2e line cards. The M1 cards (model M148GT-11L) provide 48-port copper 1Gbps RJ45 connections, and the F2e cards (model F248XP-25E) are for 1/10Gbps connections using either fiber optics transceivers or twinax cables. One key thing I’ve learned in my cram course on N7K modules is that we will need NX-OS v6.2 in order to support the same VDC model we already use in production. When running in this “proxy routing” mode, the F2e ports defer the L3 decisions to the M1 cards in the same VDC. In my case there’s also a key takeaway: we cannot connect other routers to F2e ports when using M1 for proxy routing.

Screenshot 2014 06 26 08 24 49

All our existing routers in the same location are 1Gbps only so can be connected to the M1 cards, but we’ll have to keep this in mind for future connections. We may need to create an F2e-only VDC in the future if we want to terminate 10Gbps routers. I welcome your comments if you have experience with this.

The resources I’ve been using include some very smart folks on Twitter such as Ron Fuller (@ccie5851) and David Jansen (@ccie5952). Ron and David, as well as countless others, referred me to the F2e and M Series Design Guide for NX-OS 6.2. Honestly, I might not have known about this doc had it not been for Ron’s apparent omnipresence on Twitter.  Many made references to http://ciscolive.com/online and the great presentations there.  Also, here’s a relevant discussion on Cisco’s Support Forums site: https://supportforums.cisco.com/discussion/11673636/nexus-f2e-series-modules

 As always, hit me up on Twitter @swackhap if you have questions or comments. Or leave them below this post.

Tuesday, June 3, 2014

Using Aruba ClearPass for iPod Mobile Point-Of-Sale (POS) with EAP TLS and Aruba Instant (IAP)

I'm happy to report that, with a lot of help, I was able to get a basic framework in place and working yesterday for our new Mobile POS effort to connect to a store's IAP. We'll be onboarding these iPod units with ClearPass OnBoard, downloading unique cert per device as well as network settings to enforce the use of EAP TLS. Then with the same SSID the device will auto-connect with a different role on the IAP.
 
Couple things I still need to work on:
1. Why isn't forced redirect working for the onboarding role specified on the IAP (ClearPass is handing it back to IAP correctly)?
2. Need to set up API account on AirWatch MDM and configure CPPM to point to it, then lock down the authentication to require the device to be enrolled in the MDM.
3. Lock down firewall rules on the IAP for the onboarding and mobile-pos roles. If you have a captive portal enforcement redirecting to an external site, do you have to allow traffic to that site? Or is it inferred automatically that traffic is allowed? 
 
What am I forgetting? Any hints/tips/tricks? Thanks to @sethfiermonti and others for the help!
 
Swack
Twitter: @swackhap

Tuesday, May 27, 2014

A10 Load Balancer Default Health Checks

If you work with load balancers, you know that one of the keys to setting up a virtual server (VIP) is the health check that is used to monitor the health of the servers being balanced.  My original experience with load balancers was with F5 LTMs, but in the last few years I’ve added A10 AX to my vocabulary.  

For a long time I assumed that the health check assigned to the server pool (F5 lingo), or service group (A10 parlance), was THE health check that determined the status of the VIP.  However, it turns out that there are two default health checks that A10 uses that I wasn’t aware of (or perhaps I knew at one point and just forgot).

Each server (not virtual server, but actual server) on an A10 AX has a default L3 health check (ICMP), and each port that is defined for the server has a default L4 health check (TCP 3-way handshake).  The overall up/down status of the pool/service group is the logical AND of the L3, L4, and, if defined, L7 health check for each server. If there is one web server in a pool, and the AX cannot ping it, even if it can do an HTTP GET and sees “200 OK”, the pool status will be DOWN and thus the VIP will be DOWN.

To get around this, you can easily disable the default health checks with an example. Consider the following two real web servers. 

slb server WebServerA 192.168.1.10
  port 80 tcp

slb server WebServerB 192.168.1.11
   no health-check
   port 80 tcp
      no health-check

In the case of WebServerA, there is a default L3 health check which will periodically ping the server at 192.168.1.10 as well establish and tear-down a TCP connection at 192.168.1.10:80. If either of these checks fails, then the service group (pool) that this server belongs to will flag the server as down.

For WebServerB, the first “no health-check” command disables the default L3 check and the second iteration of the command disables the L4 test. In this case, the only health check that matters will be the L7 health check assigned to the service group.

I hope this information can prove to be useful to someone else before they pull their hair out as I did before learning about it.

Got questions? Hit me up on Twitter (http://twitter.com/swackhap) or comment below.

Friday, August 30, 2013

VMworld Wednesday Lessons Learned

One of the strengths of a conference such as VMworld is being able to direct questions to strangers across the table at meals and often get a useful answer.  At lunch Wednesday I struck up a conversation with the folks at the table about PowerCLI to see if I could accomplish this task:
 
3. Learn some basic functions of PowerCLI
 
It turns out they were easily able to get me pointed in the right direction.  PowerCLI is an application available for download from VMware that an administrator can run on their workstation to help with mundane and repetitive tasks related to vSphere management.  PowerCLI is a VMware tool that is based on Microsoft's PowerShell which is available on most (or all?) modern Windows OS versions.  PowerGUI, as the name suggests, is a free graphical front-end for PowerShell that can incorporate components to managed vSphere.  One of the top 10 VMworld sessions this year was "VSVC4944: PowerCLI Best Practices: A Deep Dive" (available on YouTube here)
 
I attended "Key Lessons Learned from Deploying a Private Cloud Service Catalog" (OPT5051), presented by two consultants from Greenpages Technology Solutions that implemented such a system for one of their customers. In their case study, five people spent 6-8 months working with their corporate customer building consensus between different groups within the company for what should be in the service catalog, what could be automated, and what things were deemed too complicated and would take too much effort to implement in the initial engagement.
 
They initially started the project by gathering all requirements up front and attempted to implement, but because there was so much "mission creep" after they completed some initial integrations they modified their approach to use individual "Sprints" of 2-3 weeks to build functionality incrementally.
 
The idea of having a service catalog implies the use of on-demand procurement by end-users. Setting up such a system inevitably leads to higher demand, so the system should have usage monitoring in place. When the available pools drops below a certain threshold, it should be agreed in advance that IT will procure new resources either for the internally based "private cloud" or to be able to take advantage of "hybrid cloud" technology such as VMware's recently announced vCloud Hybrid Service (vCHS).
Service catalog offerings are meant to provide on-demand service, but it's important to include financial management tools that will track costs and either "show-back" or "bill-back" the costs to the lines of business using the service.
 
Finally, I was able to complete the NSX hands-on lab. Not surprisingly, this particular lab was the most taken lab of the week with about 6500 sittings.  Of course, the NSX lab was so long it required 2 sittings, but it's still impressive that over 3000 people presumably took that lab.
NSX Lab Stats

Wednesday, August 28, 2013

VMworld Tuesday Lessons Learned

Today's accomplishments are focused around these particular goals I mentioned in my "Swack's VMworld To-Do List" post:
 
1. Gain better understanding of NSX (came from vCNS/vShield and Nicira) and dive more into details of VMware networking

4. What is DevOps all about?

An Introduction to Network Virtualization" (NET5516)
For NSX, I attended an excellent session titled "An Introduction to Network Virtualization" (NET5516) with Eric Lopez and Thomas Kraus (@tkrausjr) from VMware, both formerly of Nicira.  Following are some notes I took down from their slides.

Cloud Consumers want the following, and these are driving network virtualization:

  • Ability to deploy apps at scale and with little preplanning (provisioning speed and efficiency)
  • Mobility to move workloads between different geographies and providers (investment protection and choice)
  • Flexibility to create more diverse architectures in a self service manner (rich L3-L7 network services)
NSX System Architecture consists of 3 planes familiar to most network engineers: Management, Control, and Data Planes
  • Management Plane = NSX Manager - programmatic web services api to define logical networks
  • Control Plane = Control Cluster
  • Clustered App runs on x86 servers, controls and manages 1000s of edge switching devices, does NOT sit in data plane
  • Data Plane = OVS/NVS
    • Open vSwitch (OVS) vmWare-led open source project
    • NSX vSwitch (NVS) is a software vSwitch in ESXi kernel
  • Switch software designed for remote control and tunneling installed in hypervisors, NSX gateways or hardware VTEP devices
  • Can work with vSphere, KVM, XenServer
  • vSwitch in each hypervisor controlled through API by Controller Cluster
  • NSX manager uses this API, so does cloudstack, openstack, CMS/CMP, VMware 
  • To get between physical and virtual networks, Open vSwitch NSX Gateway or HW Partner VTEP Device is used
  • NSX Controller Cluster establishes an overlay network
  • Multiple tunneling protocols including STT, GRE, VXLAN
  • Packets encapsulate with Logical Switch info
  • The tunneling protocol is NOT network virtualization, rather, it is a component of it 
NSX use cases include:
  1. Automated network provisioning
  2. Inter rack or inter DC connectivity
  3. P2V and V2V migration
  4. Burst or migrate enterprise to cloud 

NSX Whiteboard Sketch

The Whiteboard snapshot above was drawn to demonstrate the basic components of NSX and how VMs communicate using the virtual overlay netowrk

The example uses ESXi on left and KVM hypervisor on right (HV1 and HV2)

  • Each connected to IP fabric
  • 3 controllers drawn in the middle
  • Intelligent Edge NVS installed on ESXi and OVS installed on KVM
  • Controllers talk with ESXi on vmkernel management interface, something similar with KVM
  • Addresses assigned that used for encapsulation and direct communication between hypervisors: 172.16.20.11/24 on left, 172.16.30.11/24 on right
  • Customer A is green, they have a VM on each hypervisor (192.168.1.11 on left, 192.168.1.12 on right)
  • Customer B is red, they have VM on each hypervisor with SAME IP ADDRESSES - logically separated similar to VRFs (I didn't get a picture of this--sorry) 
  • Controller cluster controls virtual ports, so they can programmatically control QoS, Security, Distributed Routing
NSX Hands-On-Lab HOL-SDC-1303, continued
I was able to continue, but not yet finish, the NSX lab I started yesterday in the VMworld Hands-on-Labs (HOL-SDC-1303). This portion of the lab went into more technical detail surrounding the following diagram:

Screen Shot 2013 08 27 at 4 02 07 PM

The network drawing depicts a 3-tier web application which includes web, application, and database servers. Each server tier is on a different subnet, and thus connected to a different port group. The NSX Edge shown acts as the external layer 3 (L3) gateway for each subnet shown in blue, green, and orange.  At the beginning of this lab section we verify the web app is working properly by connecting to the website and verifying data is served from the back 2 tiers (application and database servers).  Then we disconnect the NSX Edge from the App and DB subnets/port groups and validate that the website is broken (can get to web servers but get an HTTP error saying service not working).  Next, we connect to the vCenter web client and verify that each cluster is configured and loaded with the virtual router and virtual firewall components of the NSX suite, and we configure the router and firewall to connect to the App and DB tiers and allow the appropriate traffic. Finally we verify that service is restored on the website. Part of the configuration includes OSPF connectivity between the virtual distributed router on the ESXi hosts and OSFP running in the NSX Edge routing engine. Looking at the snapshot below of the NSX Edge you can see the similarities with Cisco IOS. For instance, "show ip ospf neighbor" and "show ip route" commands are identical.
Screen Shot 2013 08 27 at 3 51 27 PM
 
I hope to complete this lab tomorrow.
 
What is DevOps?
While spending some time in the Solutions Exchange I discussed what DevOps means with someone involved in that space at the Cisco booth.  As I understand it, companies usually first get virtualized, then they implement a service catalog, then they implement a "cloud" such that it's self-service enabled. DevOps refers to IT working closely with developers such that they create the development environment as well as production environment that the developers will deploy to. If you know more about DevOps and I've misunderstood, please keep me honest.
 
VMware IT Business Management Suite 
Finally, in the VMware booth I learned about the VMware IT Business Management Suite. It enables companies to understand costs and, as I understand it, implement chargeback to IT's internal customers. The demo looked pretty impressive, and I think there is a lot of value in such a tool. It can pull General Ledger data directly from standard systems such as Oracle and SAP and presents data in a well-thought-out manner. It's something to share with the CIO and/or accounting folks back home.