This years VMworld was back in San Francisco, taking up the Moscone Centers and numerous hotels nearby.  This was a nice change from Las Vegas, and since I am originally from California, I enjoyed the chance to be back for a while.
And it would seem that San Francisco is the popular choice with our VMware's CEO, as you can read below.
Once again I was part of the support staff to VMware Hands On Labs, check out the latest lab catalogs here 

VMware Hands On Labs are a fantastic way to gain experience on current and new products, and to test drive new full versions of products you may be considering.
At this years VMworld in San Francisco, over 14, 000 labs were take on site. That was a 22% increase from 2018.
That nuber equated to 127,000 virtual machines,
17,000+ VMware NSX  networks, and
9 PB of VMware vSAN provisioned storage.
The products used to deliver this capacity included:
VMware vSphere Products, which included vCenter, NSX-v as mentioned, and ESXi 6.7
The primary portal for the Labs uses VMware vCloud Director
Of course being a Cloud company, all of the actual labs and content were running in 5 dispersed data centers.
These included two public  clouds, VMware Cloud on Amazon Web Services, and the other hosted by IBM. The other three clouds were hosted at internal VMware data centers, spread throughout the globe.  This meant that one lab could be  taken from the VMware Cloud on AWS, and another on VMware’s internal cloud!!

When deploying all of the five clouds, we also 
install and configure monitoring to provide life
alerting and capacity data during the show.
The Hands On Labs Command Center was set
up to showcase all  the VMwar products that we
used, and to show live data during the show.
VMware vRealize Operations provided us with utilization and capacity data, and we created ​a number of custom dashboards showing  for each clouds data ​center usage.

Tours of the Hands On Labs gave us the opportunity to show off the Command Center, and to answer questions on how we deploy all the different cloud environments.  I gave an overview of the Command Center, and the capacities created for VMworld 2019 to a number of groups. 
The one to the left was one from China, and a tip I learned, don't talk too much when the interpreter has to translate all your info...

One highlight was getting to talk with our
CEO, Pat Gelsinger
One thing he asked me was, did I prefer Las Vegas or San Francisco for VMworld?
Well I had to say I liked San Francisco,
which is what he prefers as well, so that was the correct answer!!

So what is the big line pictured to the left for?  Yep, the VMworld 2019 t-shirts!  Really.
​
If you were unable to attend VMworld 2019, you can check out the VMworld On-Demand Library for a full list of the sessions from the show. 

VMworld 2019 US will again be in San Francisco, I hope to see you all there once again!

The 2019 vExperts were announced in March, and I am extremely honored to be selected for the seventh year!
As the email shows-
You're in!
​Hi,
It is with great pleasure that we welcome you to the vExpert program.

The official announcement and details on the vExpert program can be found at vExpert 2019 Announcement 
The coolest vExpert swag I got this year is an awesome fleece from STK Promotions
It is embroidered with the  vExpert logo and  with the stars for each year I have been selected to the program!

Congratulations to all of the 2019 vExperts!!  I sure hope to be selected once more in 2020!!!

As you probably know, an NSX Edge Services Gateway can be configured to provide Load Balancing services.
The most common would be to load balance between a pool of web servers and accessed by a unique IP or DNS name, nothing real new here.
The Load Balancer Edge supports several SSL Certificate options, from creating a self-signed one, adding one from an internal CA server, and installing one purchased from a public Certificate Authority.
But, a somewhat overlooked option is the ability to add an SSL Certificate onto your ESG Load Balancer.  The Edge terminates the client HTTPS (SSL) sessions, Offloading the SSL sessions to the Edge!
The Edge then load balances the clients on new HTTPS connection to the servers, saving you time to install the same exact Certificate onto each of your web servers, or whatever servers are in your pools.

Chained SSL Certificates- A chained certificate will have 3 sections, the first one is the Server Certificate, the name to be used for the virtual server, it may also contain multiple or wildcard names, to cover sub domains.  The second is the Intermediate Certificate, the third is the Root Certificate.
When you download the .pem file and open it in notepad, the certificates will be listed in the order as shown here-
​
-----BEGIN CERTIFICATE-----
    Server cert
-----END CERTIFICATE-----
-----BEGIN CERTIFICATE-----
    Intermediate cert
-----END CERTIFICATE-----
-----BEGIN CERTIFICATE-----
    Root cert
-----END CERTIFICATE-----
 
Disclaimer- I am not a Certificate Expert, but I have installed quite a few, for Microsoft Exchange Servers and on several physical and virtual load balancers.
 
Getting a Certificate for your Load Balancer Edge-
​
First you will need to generate a CSR (Certificate Signing Request) Make sure you have the exact name that will be needed and select the Edge that is configured as your Load Balancer.
Select Settings, Certificates then Actions and Generate CSR-

​Fill in all the details for the CSR then click OK

​Now select the CSR, copy the contents in the PEM Encoding box and save it to a text file.
This file is then emailed or uploaded to you Certificate Authority.

​Depending on the Certificate Authority you use, they will generate the Chained Certificate and provide you the file or files to download. 
For my latest Certificate, we used DigiCert and they email you a download link as shown here-

​As you see, the 3 individual certificates can be downloaded separately.
You can also download all 3 in one file, just select the down arrow next to File Type
Then select A single .pem file containing all the certs-

​You can open the .pem file in any editor of your choice, (I prefer Notepad ++) and review the 3 certificates-

​Install the Chained Certificate on the Load Balancer Edge
Select the CSR once again and then select Actions, then Import Certificate-

​Next, copy the contents of the .pem file you downloaded and paste it into the
Signed Certificate Content box and click OK-

​Now under Certificates, you will have the 3 Certificates listed
Selecting the certificate with the server name will show the details and the
Chain of Certificates-

​The final step is to apply the certificate to your Load Balancer edge.
From the Load Balancer tab, click on the green plus to create a new Application Profile,
or you can edit an existing one.
Name the Application Profile, select HTTPS in the Type drop down,
Check the box next to Server Certificates and then click the radio button next to your
Certificate you added above-

I hope these steps will be helpful in installing Certificates onto your Load Balancers,
And shows more of the features that can be used in NSX!

​As you know, from vSphere 6.5 on you can only use the web client for administration.  Nope, sadly the c-client is not coming back!
But luckily VMware is making great improvements to the web interface.  And in the 6.7 version, the HTML5 ui has loads of new features with improved performance as well.
You do still need to use the FLEX ui for some administrative tasks, but more on that later.

​When you first log in you see a nice overview of your environment on the Home screen.  The shortcuts to other administrative areas are listed
on the left, and you can also access them from the Menu dropdown from the top bar.

​One small change that I personally like is for creating and viewing vCenter Roles.  It used to be on its own separate section, but it is now nicely under
the Administration Access Control where it should be.  I like the way the Privileges are listed when you select a specific Role.

​Another nice added section is for Certificate Management.  Once again nicely grouped under the Administration section, you can connect to any of your
vCenters that are in the same SSO domain.

​Just select the vCenter you want and log in with the [email protected] account, or one that you have given privileges to.

Once connected you can display and update the certificates for your vCenter as listed here:

​NSX also gets a huge change in the new HTML5 ui:

And with the addition of running a support log bundle on each NSX Manager and hosts:

And a new section for configuring IPFIX and adding your Netflow collectors.

​

The biggest addition is the Upgrade section.  This has features to Plan Upgrade, which will show you the sequence needed for a specific upgrade.
And you can also upgrade components from this one section.  I am currently running a through an NSX upgrade and will and another post on the outcome.

​Ah, but as you can see from the above screens, there is no section listed for edges or logical switches??  No, you still need to administer these from the Flex client..

My next post on the new 6.7 HTML5 features will include some things I noticed on configuring Host Profiles..

I am also teaming up with my good friend and co worker Brandon Bazan,  for some additional details on the new NSX features!
​