Change NSX Controller AdminPassword

How to modify the password of "admin" user of NSX Controller once it is up and running.

 

Make the SSH access to NSX Controller Appliance and Login with the admin user using current password.

 

 

 

at the prompt nsx controller # run the command ": user <username>" example: ": user admin"

 

 

now the prompt changes to nsx controller : user admin # run the command "set password" it will prompt us to type the new password. So enter your new password for the NSX Controller Cluster.

 

 

 

NSX Management Plane

VMware NSX uses Management plane, Control plane and Data plane models, Components on one plane have minimal or no effect on other.

 

Management Plane: NSX Manager is the component we need to deploy manually and integrate it with vCenter and it can only be 1 to 1 correlation, NSX Manager registers with vCenter and inject a plugin into the vSphere Web Client for providing the User interface.  NSX Manager is the interface for NSX API (REST API)for 3rd party application integration, NSX manager like firewall and security software. NSX Manager handles all the management tasks.

 

NSX Manager includes OVA files to deploy:

1. NSX Edge gateways

2. NSX Controller Cluster

3. VIBs pushed to ESXi hosts for distributed switches.

 

NSX manager also creates certificates and stores them in database, and push these certificates to the NSX controller instances as they deployed, and for each ESXi hosts that join NSX domain, Hosts and NSX controller verifies the certificate, so that the control plane communication should be encrypted.

 

NSX Manager uses the message bus to talk to the host for deploying VIBs. NSX Controller and the host communicates through User World (UWA) daemons

Image is from VMware document.

NSX Manager backup and restore can be configured from the NSX Manager virtual appliance web interface. Backups can be scheduled on an hourly, daily or weekly basis. 

  

The backup file is saved to a remote FTP or SFTP location that NSX Manager can access. NSX Manager data includes configuration, events, and audit log tables. Configuration tables are included in every backup. 

 

Thanks for Reading  

 

 

NSX Controller

NSX Controller serves as the central control point for all logical switches within a network and maintains information about all hosts, VXLANs and Distributed Logical Routers.

NSX Controllers are required if we are planning to deploy:
1. Distributed Logical Router
2. VXLAN using Unicast mode and Hybrid mode.

NSX Controller cluster contain Maximum or Minimum 3 controller node.

Their are few roles, which should be perform by these node.

1. API Provider: Used to handle HTTP web service requests from external clients (handles northbound REST API traffic) and initiates processing by other controller node task.
To configure the listen-ip we can use the following command.

set control-cluster role switch_manger listen-ip <IP address>

2. Persistence Server: stores data from the Network Virtualization Platform (NVP) API and vDS devices that must be persisted across all controller nodes in case of node failures or shutdowns.

3. Logical Manager: Monitors when end hosts arrive or leave vDS devices (such as host joining VXLAN VTEP,UTEP,MTEP) and configures the vDS forwarding states to implement logical connectivity and policies.

4. Switch Manager: Maintains management connections for one or more vDS devices.

5. Directory Server: manage VXLAN and the distributed logical routing directory of information.

run the following command to find which host is master node for each role: "Show control-cluster roles"

this result shows that a single controller cluster node is master for all the roles.

If master NSX controller instance for a role fails, the cluster elects a new master for that role from the available NSX controller instances.

NSX controller instances are on the control plane, so an NSX controller failure does not affect data plane traffic.

vRealize Orchestrator Secure Connection Failed

If we are working with vRealize Automation and using the integrated vRealize Orchestrator. And after starting the vRealize Orchestrator Configurator service, if you receive an error while connecting to vRealize Orchestrator configurator Page (https://vCAC.vmfootprints.Org:8283/vco-config), Secure Connection Failed. An error occurred during a connection to vCAC.vmfootprints.org:8283. SSL received a weak ephemeral Diffie-Hellman Key in Server Key Exchange handshake message.

This is because that the webserver we are trying to reach is vulnerable to recently published logjam vulnerability: http://arstechnica.com/security/2015/05/https-crippling-attack-threatens-tens-of-thousands-of-web-and-mail-servers/ please report that to webmaster of the site in question to fix that issue...

But if you want to ignore it and want to continue here is a workaround for Firefox 39 and above:

1.       Open a new tab in Firefox and enter “about:config” in the URL field and press enter

2.      Accept the “I’ll be careful, I promise!”

3.      In the search field at the top, enter "security.ssl3.dhe_rsa_aes"

4.      Double click each result (128 and 256) to toggle the Value to "false"

Now retry your site - it should work now. Remember to change these settings back when you're done.

 

Thanks for Reading

vRealize Orchestrator User Unlock

If we are working with vRealize Automation and using the integrated vRealize Orchestrator. We may type a wrong password too many time and end up with an account locked.

When the default account (user=vmware) is locked out we will receive the error.

 

You can reset/unlock your account tweaking passwd.properties file, depending where vRO is running on you will find this file at:

 Running on Windows vCenter Server: install_directory\VMware\Infrastructure\Orchestrator\configuration\conf\

Running standalone on Windows: install_directory\VMware\Orchestrator\configuration\conf\

Running on the vCenter appliance: /etc/vco/configuration/

Running on the vRealize Automation appliance: /etc/vco/configuration/

Let’s suppose we are working with vRA appliance:

Login through SSH on vRealize Automation Appliance and change to directory:
cd /etc/vco/configuration/

Make a copy of the file as for restore point
cp passwd.properties passwd.properties.bkp

Edit the file with vi editor

Add the following line to the passwd.properties file.

vmware=SHA512WithSalt\:GZ5wTW6Ni5x7\:wNCp8I8zHv7GQItrKDRjAgKsddjD4GUZ6nrOYhuEl3D
+x4BT5Xs1KL8f/R2T3K2nYPzMwVTW9E9mmbvESAU3ww\=\=


 Save the passwd.properties file.

If you are using the Orchestrator Appliance, you might need to set the ownership of the passwd.properties file by running the chown vco.vco passwd.properties command.

Restart the vCenter Orchestrator Configuration service.
service vco-configurator restart