My VCAP6-CMA Design (Beta) Experience


I recent sat the VCAP6-CMA Design beta and thought it might be worth writing up a few words on the experience. The beta is under NDA so please don’t expect a brain dump here, I enjoy sitting certification exams and I have no interest in getting barred from sitting others just to have a few extra page hits on my blog! (Sorry!) I have already sat the VCAP5 DCD & CID exams so the exam itself wasn’t as daunting as my first time taking them as I knew what to expect.
The difference this time around for me was:
1. There was no multiple choice questions. It was drag & drop style questions with plenty of Visio questions mixed in.
2. The exam was 4 hours long however the actual exam is likely to be 2-2.5 hours long when it goes GA.
3. I could go forward and back between questions which was very useful when I figured I might have screwed up an earlier question. It also was a way to validate that I’d joined all the elements in the visio questions the way I wanted.
4. Some of the questions were slam dunks and others were mightily perplexing. Not from the point of view of not having studied enough but from either the odd misspelling or the instructions that begged for a little more context.
5. If you have sat the VCP6-Cloud/CMA exam you’re probably well aware of certain obsessions the question setters loved to ask about. More of the same I’m afraid!
6. The exam itself is one of the most ‘do-able’ design exams I’ve had yet and if you know your stuff you’ll breeze through it. There’s no nasty questions really, just some unclear ones but I’m hoping my comments that I left during the exam will be read and acted upon for the good of future test takers.
7. Was it a good test of design knowledge? Well it will validate your knowledge of how vRA is put together and how it interlinks with each component. I think the DCV Design exam validates actual design principles a lot more than the CMA version. It might be controversial but I also think the multiple choice questions had a place in the exam. They tended to be able to ask a lot more probing questions and allowed far more items in the blueprint to to questioned. [I fear that I’m going to regret that statement if they add them back into the VCAP7 Design exams!]
8. Is this exam actually worthwhile? It’s based on 6.x but 7.0 has already been released. The exam validates a general vRA knowledge but some questions would be answered somewhat differently if it was a vRA 7.0 exam. I’m not so sure this exam should have been released based on 6.x but it has and it’s unlikely to be changed in this calendar year so no point in whinging about it! 😉
9. I wish to morn the lack of VCD questions. There is some vCloud Air and VCD references but if you’re a vCloud Air Partner then this exam won’t validate your staff or prospective employee’s knowledge which I think is a bit of a shame. VCD is making a quiet comeback after the Virtustream debacle and I think there’s still a place for it in a certification track.

Did I pass? I honestly don’t know! If I didn’t pass I’m pretty sure I’ll pass the second time as I’ve a sure fire knowledge of the types of questions asked. There’s been exams I thought I barely scraped a pass on and ended up with high marks and then others I thought I nailed and had barely passed. There was nearly 40 design questions over the 4 hours but in some documents I saw online it stated about half that number of questions will be on the actual exam so I won’t know which questions will get pulled from the beta and carry on to the GA version.

To sum up it’s not an exam it be feared if you’ve already worked on a real vRA 6.x deployment. If you haven’t then you really need to study hard all the reference documentation thoroughly and study every diagram meticulously!

Categories: VMWare | Tags: , , , , , | 3 Comments

NSX Guest Introspection & Data Security – Simple DLP

This week has been pretty heavy on demonstrating NSX and its various security capabilities. One of capabilities that is the slightly ignored is the inbuilt DLP capabilities for finding private data such as credit card numbers, SWIFT codes, VAT numbers, driving licence ID numbers etc on deployed VMs. Usually most conversations around NSX are about Microsegmentation and the L7 deep packet inspection capabilities that will help with Data Leakage however I’d like to point out there is yet another side to the product namely the Guest Introspection & Data Security services.

One of the usual threats customers can have is insider threats where an employee or contractor may copy sensitive data from a main server and leave it on their desktop to do with what they will at a later stage. If you are using NSX within a Horizon VDI deployment with NSX underneath then it’s only a matter of a few clicks and you’ll be able to keep track of where your sensitive data is on your infrastructure. From a real world experience I’ve seen text files of customer banking details being left on unsecured fileshares without the proper permissions structure (by accident) but in the wrong hands it would have been enough to trigger a trip to the Data Protection Commissioner and get scolded and fined for such a security breach. This one NSX service would have caught that file and potential data breach.

I certainly am not claiming the out of the box capabilities are as good as third party security tooling however when you have the capability to secure your data at no added cost to you as part of your NSX deployment you’d be foolish not to try it out and see the results!


You will find below a handful of screenshots showing the simple steps I took to deploy these capabilities and the results.

These services are native to the NSX platform and require no special licences. They are deployed on the next tab along from where you would configure vxlan. The deployment is simple and at most requires an IP Pool or DHCP scope to be available.

Screen Shot 2016-02-24 at 17.48.12

Once deployed you will hopefully see that the installation has succeeded and the services are ‘Up’.

Screen Shot 2016-02-24 at 17.42.32

So at this point you have simply deployed a couple of service VMs on each host that aren’t doing a hell of a lot. What you now need to do is decide on what VMs in your environment you want to monitor and create a Security Group in Service Composer to match those VMs. In my case I simply wanted to scan the Windows 7 VMs in my lab so my Security Group was dynamically created based on the VM OS being Windows 7!

Next was actually setting up a Security Policy which again was pretty straightforward.

Screen Shot 2016-02-24 at 17.54.59

As you can see from the screenshot I am looking to find some credit card data one the VMs. Once this security policy is created it needs to be applied to the security group you wish to scan. This is done just like if you were applying firewall polices to a security group.

The final step to setup the scanning for my credit card data is to configure the elements of the data security tab in the NSX manager.

Screen Shot 2016-02-24 at 17.59.27


As you can see I was scanning for certain types of credit card and financial details within a myriad of file types. There are plenty of other data types preconfigured within the system but at this point I haven’t spotted how to add other RegEx formats (probably just need to RTFM!).

Screen Shot 2016-02-24 at 17.31.04


So what were the results of setting the policy? Well other than a false positive within an Adobe Reader cab file it picked up my Visa, MasterCard and Swift banking codes in some text files I left on my W7 desktop.


Screen Shot 2016-02-24 at 15.50.08

Screen Shot 2016-02-24 at 18.06.35


Categories: NSX, VMWare | Tags: , , , | Leave a comment

Hello Triangle!

Today I start my new role as a Technical Architect Consultant with Triangle specialising in Datacenter Automation.

Triangle have been a VMware Partner for over 10 years and they were recently made one of 13 Elite partners worldwide for their work with delivering SDDC solutions.

How I first encountered Triangle was as a customer back in 2008 when they were hired to conduct an assessment of our production environment to see what we could virtualise. At the time I found them to be knowledgeable and easy to work with and based on more recent experiences with talking to Donal, Miriam & Christian there is still that ambition to help solve problems for customers and deliver a quality solution.

Having worked in various large 24×7 enterprises for the last 9 years the time was right to move into a customer facing design and implementation role where I could bring my knowledge and experience to a wider set of clients. I’m also very much looking forward to working with the new team and learning from them.

Let the adventure commence!

Categories: General | 1 Comment

Farewell Betfair

After 3 years & over 100,000 deployed VMs it’s time to move on. Amongst all the project work and cool tech I had the fortune to use I got to make some really good friends and probably the odd enemy but hey that’s life…
I’d like to think I’ve embraced the 5 Betfair values (Will to Win, Pace, Respect, Smart & Disciplined). Certainly working at pace in an agile environment you learn to roll with the punches and start to expect the unexpected! Almost every 2 weeks we were set automation challenges that had never been done before, those late nights with the guys writing code and testing it to death made us firm friends with a level of respect and trust that can only be earned through cold pizza & Nerf guns. Even after most of the team left we’re still in constant contact swapping war stories and keeping tabs on each others’ families.
We wouldn’t have succeeded in delivering what we did without the incredible support of Ronan, Scott, Brendan & the management in VMware GSS in Cork. The number of P1 & P2 tickets they reacted to was absurd and yet helped us deliver solutions at a ridiculous pace. The vCAC, VCO, AppD & NSX teams also deserve a solid pat on the back for helping us deliver what we did.
So farewell Betfair… I wish you all the best with the imminent merger with Paddy Power. With the inrush of two pretty amazing IT teams it’s going to be an awesome talent pool!
What’s next? Well that deserves another blog post in a couple of days time…



Categories: General | 1 Comment

Containers with VMware Photon

A few days ago I was set a challenge by a buddy to test out VMware’s new containerisation solution called Photon. I had heard the theory and seen the demos at the VMworld keynotes but had never tried to deploy it before.

I have used Docker before as part of the slick implementation on my Synology NAS. From which I’ve ran cacti and the usual lamp stack so I had a vaguely enough skills to try Photon.

What I came across was a well documented installation blog post by Massimo Re Ferre & presumably the rest of the Photon team. Download a script, change its permissions and execute. It was a slick installation routine (I’ll attach the install log shortly) which installed everything I needed on my Mac. An ESX 6 VM, the Photon controller and all the relevant networking plus three images to deploy (Kubernetes, Swarm & Mesos).

I managed to deploy a Kubernetes cluster quite quickly:


However the Mesos image doesn’t seem to be valid as I got the same error each time I tried to execute the usual ‘photon image create …’. To be honest that was the only fly in the ointment and for all I know it was something I did wrong.

Now that Photon can be deployed on my Mac I intend to deploy it on a couple of ESX hosts and perhaps get this blog (or at least the WordPress front end running it) running from a Photon container (or containers plural). It’ll be a good test of an actual implementation.

So go read up about Photon on GitHub and if you’re so inclined contribute and improve it!

I’ll be writing a further blog post in the coming weeks on my thoughts about Photon & NSX integration, Photon in vCloud Air & also then the management & operational overhead this will demand in your IT department.


Categories: VMWare | Leave a comment

Solar Astrophotography

I’ve been turning my hand to Astrophotography recently and usually we all think of it being a nighttime activity however after some experimentation I’m going to be trying some daytime shots of the surface of our Sun.

My first proper attempt revealed some active sunspot activity on the surface of the Sun!



I was able to verify that it wasn’t simply dirt on my sensor by visiting the Soho spacecraft’s website which gave an almost live view of the Sun’s surface. The picture below is from two days after the shot above however with the sun taking 11 days to rotate you can still see the primary sunspots in both images.

Soho Sunspots

To develop further I’ll need to find myself a mylar or ND filter as it took my camera to extremes to get the picture (1/8000 sec, f64, iso 32, 1000mm using the Nikon 200-500mm f5.6e with 2x tele). Not only that but I had to wait for a passing cloud to go by do as to reduce the light even further, hence the haze across the shot.

Categories: Astrophotography, Nikon, Photography, Space | Tags: , , , , | 1 Comment

Supermoon Eclipse

New Lens, Eclipse, Insomnia. The perfect combination… Luckily there were no clouds in the sky at the time which is a rarity in Ireland however the big challenge was to get the focusing right on the moon when there was almost no light to help, after about 100 photos I managed to pull out some of my better attempts. I have 18 years to learn from last night before the next Supermoon Eclipse in 2033!
All shots were taken at 1000mm (200-500mm with 2x tele converter) on the morning of 28th Sept 2015.


Categories: Astrophotography, Photography, Space | Tags: , , , , , | Leave a comment

Astrophotography – A First Attempt

I’ve recently been admiring a friend’s amazing shots on Flickr and got the urge to try my hand on some astrophotography myself. I live in Dublin city where light pollution is pretty bad so my options are limited so while on a trip down the country I couldn’t resist a clear nights sky!

The photos were all taken at Woodstown Strand in Waterford, it’s a beach that doesn’t show up on many maps so if you’re in the locality stick the following GPS coordinates into your iPhone: 52.190827, -6.983683

The other aim for the trip was to try out the new Nikon 200-500mm f5.6E lens I recently received. When the moon shots were taken at 500m it was already far sharper than my previous attempts using a 70-200mm VRII with a 2x tele. When I added the teleconverter to the 200-500mm the moon suddenly filled the frame. My next issue was that the moon moves, and not just moves but races through shot pretty quickly if you zoom in on live view. As a 1000mm alternative to a telescope I was quite happy with the outcome of the moon shots. I can only imagine what an 800mm exotic lens would make if it all!

For a city boy I was amazed not only by how many stars were visible but also that I could easily make out satellites and shooting stars with the naked eye, indeed there’s plenty of streaks in the photos above if you look closely enough. I think the next steps will be invest in a star tracking rig and have one of my long lens aimed some of the interesting features in the sky!

Categories: Nikon, Space | Tags: , , , , , | Leave a comment

Nikon 200-500mm f5.6E Unboxing

Today I got a delivery of the latest Nikon super telephoto lens, the immense 200-500mm f5.6E. So far my main comment is that it’s a beast to hold but I can see the new possibilities for my photography career, airshows and birding will be a lot more interesting.

One interesting note is that with the TC20E-III I was still able to get autofocus to work even though it’s not meant to work beyond f8.

Here’s some unboxing pics, hopefully I’ll get some decent daylight in the next few days for some decent samples.

IMG_4318  IMG_4319
IMG_4320  IMG_4321
Above & below: compared with a 70-200mm VR II. Camera attached is a Nikon D810 with MB-D12 battery pack

IMG_4323I was tired so dug out the monopod for some late evening shots (TC20-III attached)

Categories: General | Leave a comment

My VCIX-NV Exam Experience

VCIX-NVLast week I sat the new VCIX-NV exam from VMware which is based all around NSX 6.0 for vSphere. The exam itself is just like a VCAP-DCA/CIA type exam with a real live lab and having to conduct various tasks relating to what I would consider BAU operational tasks and proper deep-dive networking troubleshooting questions.

There were 18 questions to be answered in 3 hours with some being relatively easy and others being time consuming and rigorous. Unusually there was a comment section to give feedback which was dually used due to some inaccuracies and a misspelling in the questions.

The exam lab itself was pretty straightforward and a casual review of the environment in viClient was enough to understand the setup. Unfortunately to administrate NSX you must use the web client and, unsurprisingly, it was its usual self whereby it was sluggish and prone to crashing.

I didn’t use any online resources or study guides as my day to day job for the last 2 months has been around NSX 6.1 and setting up DLR’s, ESG’s and DFW in a production environment. Getting actual time with the NSX product is vital to pass the exam so if you can’t get your hands on the software then you will need to spend several hours using the hands on labs.

I can probably sum up the exam with a list of Pros and Cons:


  • The exam covers what is in the Blueprint and no more
  • The tasks can be done within the timescale (but the screen refresh issue will impact you if outside the US)
  • The tasks are real life operational type activities that an NSX admin will be required to know
  • There was a good emphasis on network routing knowledge and not just the usual vSphere admin tasks. A network guy won’t need to know a huge amount about ESX & vCenter to get the job done but must be familiar with the basic administration of a vSphere environment
  • The troubleshooting element of the exam means you need to have at least a CCNA R&S knowledge of networking, it’s not an exam you can wing with knowledge of vSphere dvSwitches and vShield Manager.


  • The usual screen refresh issue for the Admin exams occurred making the most basic of tasks take minutes instead of seconds. Ask for more time if you’re having a pretty horrific time of it. Please VMware/Pearson place a few labs in the EU. Based on the system time in the environment it was likely to have been running from somewhere on the west coast of the US, 5000 miles away!
  • There were errors in some questions which can really throw you. Also some of the questions are vague so you have to put a security hat on and make a solid guess at what might be the right end result.
  • It’s possible to trash the environment within the first few questions so BE CAREFUL!!!!

I received the result after 5 working days and am pretty chuffed to have passed.

Categories: Computing, NSX, VMWare | Tags: , , , | 4 Comments