Tag: Cloud

Why VMware VKS Is a Stronger Enterprise Choice Than KubeVirt | vmtechie.blog KubeVirt is a capable open-source project and a legitimate choice in the right context. But when the workload is enterpr…

Contribute to noclue/vtui development by creating an account on GitHub.

Getting error 8007EFE when checking for Windows Updates on your old version of Windows? Legacy Update continues support for Windows XP, Vista, 7, 8.1, etc. where Microsoft left off.

Browser-based utilities for VCF 9, NSX, vSAN, and networking. No install. Zero data collected.

VMware vSAN stands as a cornerstone of the modern Software-Defined Data Center (SDDC), offering robust, high-performance, and scalable storage solutions integrated directly into the hypervisor. As the

AvSAN stretched clusteris a deployment model where a single vSAN cluster is extended acrosstwo geographically separated data centers, with a third site hosting theWitness Appliance. This architecture

Tu viens de monter un nouveau serveur Linux (un VPS, une VM Proxmox, un Raspberry Pi), SSH est activé, tu t'y connectes avec ton mot de passe, ça marche, affaire classée. Sauf que si ton serveur est exposé sur internet, il se fait scanner en continu par des bots qui

Complete guide to using NGINX as an API gateway in 2026, covering configuration, load balancing, rate limiting, and the Kubernetes ingress-nginx retirement.

Introduction
Knock Knock Knock ! Connaissez-vous le port knocking ?
Le tocage à la porte, ou port-knocking, est une méthode...

Step-by-step field note for running OpenCode with LM Studio locally using Qwen3.5 9B and 0.8B, including Telegram bot workflow, local config, and M1 performance tradeoffs.

NixOS : comment j'ai troqué 13 ans de Debian contre un système déclaratif, reproductible et sans mauvaise surprise.

Talk to your infrastructure in plain language, get instant answers, and keep everything on-prem if you want.

Storage Policy–Based Management (SPBM)is the backbone of how VMware vSAN delivers predictable, workload‑aligned outcomes. Instead of carving LUNs or managing fixed RAID groups the old-fashioned way,po

How to build a single global queue for distributed systems on object storage: Start with a single file on object storage, then add write batching, a stateless broker, and high-availability.

Zero-touch node patching for Proxmox clusters bygyptazy.

Trial expired and vCenter won’t boot? Learn how to license a standalone ESX 9.0 host using a private license file and esxcli entitlement commands.

Create and configure Tunnels for public applications, Workers VPC, and Load Balancing without leaving the Core Dashboard — now with native integrations and unified visibility.

See how I built a Proxmox and Ceph home lab with 5 nodes, 17TB NVMe storage, dual 10Gb LACP, and Talos Kubernetes running on distributed Ceph.

Installer Datadog sur un homelab vSphere peut sembler contre-intuitif à cause du coût habituel de la plateforme, mais cela présente des avantages réels en termes de gain de temps et de fonctionnali…

Work around hard NATs and tricky networks with production-grade connectivity nodes you control

Is ProxCenter the vCenter for Proxmox? A deep look at ProxCenter for Proxmox, including DRS, HA, rolling updates, and multi-cluster management.

When you request a certificate from Let’s Encrypt, our servers validate that you control the hostnames in that certificate using ACME challenges. For subscribers who need wildcard certificates or who prefer not to expose infrastructure to the public Internet, the DNS-01 challenge type has long been the only choice. DNS-01 works well. It is widely supported and battle-tested, but it comes with operational costs: DNS propagation delays, recurring DNS updates at renewal time, and automation that often requires distributing DNS credentials throughout your infrastructure.

Deploy More Resilient Apps. Hatchet is a platform for building distributed web apps that solves scaling problems like concurrency, fairness, and rate limiting.

Give LLM agents shell access without risking your host system. A practical libvirt guide covering VM creation, snapshots for safe experimentation, and remote access options.

On January 14, 2026, global telnet traffic observed by GreyNoise sensors fell off a cliff. A 59% sustained reduction, eighteen ASNs going completely silent, five countries vanishing from our data entirely. Six days later, CVE-2026-24061 dropped. Coincidence is one explanation.

I recently picked up a Starlink Mini to use as a backup connection for my home network. The underlying technology is fascinating - thousands of satellites in low Earth orbit delivering broadband almost anywhere. With the new £4.50 standby plan, it's an excellent way to keep things online.

Creating Talos Kubernetes cluster using VMware.

If you work with Proxmox clusters long enough, you will likely have a cluster that you need to remove a node from. This is a fairly easy process using...

Short blog about my experiences with Nutanix CE and which workarounds I needed.

Crack, splash, boom! In 2024, the VMware ecosystem endured a seismic shift. Broadcom acquired VMware and quickly introduced a controversial change in its pricing model — shifting from a vRAM-based system to one centered on per physical core (pCore) licensing — and shaking the veritable ground users stood upon. What once allowed customers to pay for […]

The Nutanix Cloud Bible - A detailed narrative of the Nutanix architecture, how the software and features work and how to leverage it for maximum performance.

Author: Nemanja Ilic

Get early access to our brand-new v4 APIs and SDKs! Covering Python, Java, Javascript, and Go there's an SDK for many of our users, along with client REST APIs for those languages that don't yet have an official SDK.

Author: Nemanja Ilic

VCF Automation (VCFA) provides very easy way to deploy vSphere Kubernets Service (VKS) Clusters in a multitenant environments. This can be done via UI, Kubernetes API or CLI. This is in my opinion …

We built an open-source proxy that adds tenant isolation to Prometheus, Loki, and Tempo by rewriting queries based on user identity.

Walkthrough on how to build and deploy a Telegram bot to Cloudflare Workers. Durable Objects are used for per-person DB and grammY is used to interact with the Telegram API

Accurate vNIC-to-IP mapping is fundamental for virtual networking visibility, security, and troubleshooting. On the Nutanix AHV hypervisor, this mapping becomes especially important for services like Flow Virtual Networking, microsegmentation,...

Instant Linux boxes via SSH. Create stock boxes or OCI image-backed VMs. Scale to zero and pay only for what you use.

This guide covers patching the entire VCF 9 platform including all fleet level and domain level components with a full end to end guide

A comprehensive step-by-step guide series to creating Kubernetes managed clusters on Proxmox using Cluster API and Cilium as a CNI.

Today is a big day for us, and for everyone who cares about transparency, privacy, and having full control over their own traffic. We’re finally open-sourcing the protocol that powers AdGuard VPN. And it now has a name: TrustTunnel.

iximiuz Labs founder shares a grounded, hands-on look at agentic coding in a real production codebase: massive speedups, surprising failures, and why domain knowledge still matters most.

| Small Office/Home Office (SOHO)| Small-to medium-sized business (SMB)| Medium-to large-sized enterprises (MLE)

●

GoReplay is a versatile open-source tool designed to capture and replay live HTTP traffic. Perfect for replay production traffic and conducting comprehensive traffic replay testing, it allows you to seamlessly record and replay traffic in staging environments for effective debugging and quality assurance.

Datadog cut off our observability overnight. We migrated to an open Grafana stack in 48 hours. Here’s why vendor lock-in is fading in an AI-native world.

Terra is the community Fedora repository which makes it easy to install and maintain software packages.

Let’s start with a question. What is DevOps all about?

A quick introduction to VCF 9 Automation in All Apps mode

Why zombie instances survive health checks, and what the choice between server-side and client-side load balancing means for how fast your system detects and reacts to failure.

A few months ago, users started reporting that Ghostty was consuming absurd
amounts of memory, with one user reporting37 GBafter 10 days of uptime.
Today, I'm happy to saythe fix has been found and me

A curated list of awesome resources, tools, libraries, and projects for the Mistral AI ecosystem. - samouraiworld/awesome-mistral

Protection & more importantly, recovery of VMware Cloud Foundation (VCF) is something I and Ken Gould have worked closely on for a number of years now. Whether it was a VVD based deployment or …

In VMware Cloud Foundation (VCF) 9.0, identity management takes a leap forward with the introduction of the VCF Identity Broker (VIDB)—a modern, flexible solution for enabling Single Sign-On (SSO) …

The world tried to kill Andy off but he had to stay alive to to talk about what happened with databases in 2025.

Harvest a host's real configuration and turn it into Ansible roles/playbooks. Safe-by-default, with optional SOPS encryption.

Running six Claude Code agents in parallel from an iPhone. A cloud VM, Tailscale, mosh, and push notifications enable async development from anywhere.

Last month i shared a screenshot of a single switch validation. 12 tests.

“Bye bye bye.” It took some time, and a serious amount of research, but I have finally crossed the finish line. I have officially migrated my digital life to pure, EU-hosted solutions.

VMs, on the internet, quickly

How I built MacThrottle, a menu bar app that tells me when my Mac is thermal throttling, and the journey to find the right macOS APIs.

Découvrez comment déployer un cluster Kubernetes entièrement en IPv6 avec Talos OS.

Minimal Linux container host. Contribute to vmware/photon development by creating an account on GitHub.

Userspace WireGuard® Implementation in Rust. Contribute to mullvad/gotatun development by creating an account on GitHub.

Learn how to clone PostgreSQL databases instantly using reflinks. Turn slow template copies into milliseconds with PostgreSQL 18's new file copy options.

In previous blog post here, VMware vCloud Foundation 9 – Licensing Part 1 We talked about registering VCF Operations on the Broadcom Portal and applying licenses to VCF Operations. Let’s conti…

VCF 9 adopts a streamlined, subscription-based licensing model that simplifies management and compliance: Single license file replaces multiple component-specific keys (vCenter, ESXi, NSX, etc.) Li…

What Kabir Writes

How NSVisualEffectView renders blur effects under the hood, and building a custom material view from scratch using CABackdropLayer.

Master Japanese naturally while watching Netflix, YouTube, and Bilibili. AI-powered tool that turns your streaming time into effective language learning.

I got hacked, my server started mining Monero this morning.

In an air-gapped or disconnected environment, license entitlement for VMware Cloud Foundation (VCF) involves a multi-step file exchange between the VCF Business Service Console (BSC) and your deplo…

Firstyear's blog

In VCF Operations 9 we introduced a feature called Log Assist which allows you to upload Support Bundles to Broadcom Support from VCF Operations itself. Here's how it works.First, you must Register and License your VCF Operations instance, documentation on how to do that can be found here.Second, you must have a Unified Cloud Proxy deployed in your environment. I covered how to deploy these previously here. Be sure to confirm Log Assist is Activated on your Unified Cloud Proxy.Third, you must

vSphere Zones in VMware Cloud Foundation (VCF) 9.0 have been enhanced to offer greater flexibility in resource consumption and isolation for both vSphere Supervisor Control Plane VMs (Management), …

Brian Scott made an app that's safe, simple, and educational for kids to chat in, using Tailscale's tsnet and connectivity.

Introduces the benefits of running VCF virtual networking vs. a traditional hardware-vendor based solution.

The Challenge: When Granularity Is Your Only Option We were dealing with a legacy "beast" of a platform: a critical and systemic service running on traditional infrastructure, glued behind a single IP address. This IP hosted hundreds of distinct TCP ports, each representing different customers, prot

For resource constrained environments, deploying VMware Cloud Foundation (VCF) can take longer, especially when deploying on top of a Nested ESXi configuration. However, the VCF Installer does prov…

VMware Cloud Foundation 9 has brought the ⁠Virtual Private Cloud networking model⁠ front and center in the vSphere UI. Not only has it become extremely easy to provide a self-service solution for networking, but it also comes with a plethora of networking services and capabilities.

Recent advancements in Cloudflare Python Workers means fast cold starts, comprehensive package support, and a great developer experience. We explain how they were achieved and show how Python can be used to build serverless applications on Cloudflare.

ProxUI - Interface IA pour Proxmox VE et PBS

The Excavator Doesn't Care About Your Diversity We'd done everything right. Diverse and multiple fiber paths to our remote site.

Learn how to create and manage a multi-machine Uncloud cluster from scratch. This hands-on tutorial walks you through initializing a cluster, adding machines, managing contexts, and deploying your first containerized service.

With a Red Hat Developer Subscription (for Individuals) it’s possible to get Red Hat Enterprise Linux (RHEL) licensing valid for up to 16 systems for a home lab at no cost!

PDM 1.0 atteint le statut GA après une phase de développement d’environ douze mois, ponctuée par des versions alpha et bêta successives. Proxmox Data Center Manager se présente comme une plateforme de gestion unifiée, visant à fournir une alternative aux solutions établies comme vCenter ou Xen Orchestra pour l’administration d’infrastructures virtualisées sous Proxmox VE.

VMware Cloud Foundation (VCF), deleting failed tasks is often necessary to avoid clutter in the SDDC Manager UI and free up resources. Failed tasks can also block further operations, espe…

Lately, I’ve been spending a lot of time getting our company lab set up and configured with all the bells and whistles that VCF 9 brings to the table. The new SSO experience was something I was really looking forward to. Previously, you had to configure the identity provider for every single product and platform, then add in the permissions and then manage that connection seperately. The new SSO experience, powered by the all new Identity Broker, is supposed to alleviate a lot of that management overhead.

A guide on building a simple Linux distribution from scratch. Detailed guide on building the kernel and the init process. Finally, a little distribution is built with u-root that is capable of connecting to the Internet.

Bun has been acquired by Anthropic. Anthropic is betting on Bun as the infrastructure powering Claude Code, Claude Agent SDK, and future AI coding products & tools.

Today, I will play with the Offline Depot Web Server. There is an official documentation provided by BROADCOM which I followed in general. But there are some details the link does not describe deta…

An exploration of DNS and Name-to-IP translation. This deep dive explores NSS, getaddrinfo, systemd-resolved and more!

Learn how to attach your VM to multiple Virtual Private Cloud subnets, leveraging Guest VLAN Tagging.

Cloudflare suffered a service outage on November 18, 2025. The outage was triggered by a bug in generation logic for a Bot Management feature file causing many Cloudflare services to be affected.

We made the switch from AWS-hosted MongoDB Atlas to a self-hosted solution on Hetzner, resulting in a 90% reduction in costs while maintaining performance and reliability.

The Grafana Stack can be an incredible powerful monitoring solution, but through my experience I found out how maintenance intensive it is and how uncertain the…

Kasm Workspaces delivers zero-trust remote browser isolation (RBI), desktop as a service (DaaS) and open-source intelligence (OSINT) workloads to the web browser.

💚 Secure remote browsing anywhere. . Contribute to BrowserBox/BrowserBox development by creating an account on GitHub.

BrowserBox streams a full modern browser to any client with low latency. Keep web risk off the endpoint while teams browse, automate, and embed safely.

Windows 11 now supports 1Password and Bitwarden passkeys, enabling faster, safer, and passwordless sign-ins across devices.

We saved 76% on our cloud bills while tripling our capacity by migrating to Hetzner from AWS and DigitalOcean. Digital Society is a not-for-profit cooperative helping you get your projects off the ground and realise the value of your data.

Phase 3: Role AssignmentAssign the service roles in vCenterAssign the service roles in NSXAssign the service roles in VCF OperationsAssign the service roles in VCF AutomationAssign the service role…

In VCF 9, VMware introduces a major shift in Single Sign-On (SSO) architecture via the new “Identity Broker” service. This change not only consolidates identity management across the VCF stack, but…

Resolve the “Invalid redirect URL” error when logging into VMware Cloud Foundation (VCF) Operations with VCF Identity Broker SSO. Learn the cause and how to fix it by updating the System Access URL…

Last week I completed my VCF 9 lab, which I will explain in more detail later, including hardware and overall lab design. Now I want to deploy VCF Operations for Logs in my home lab. Deploying VCF Operations for Logs is pretty straightforward. You first need to download the binary file and then start the workflow. This is typically a […]

When users log in to a vCenter Server to manage roles and permissions within a VMware Cloud Foundation (VCF) 9.0 environment, they may notice several accounts that already have vSphere permissions …

Maintaining availability of data and the applications that produce or consume that data might be the most important responsibility of data center administrators. Capabilities like high performance or special data services mean very little if the applications and the data they produce or consume is not readily available. Ensuring availability is a complex topic, as … Continued

When deploying a new VMware Cloud Foundation (VCF) Fleet, users can choose from two different deployment models: Simple (one-node) or High-Availability (3-node) within the VCF Installer, which appl…

How Tailscale can work with and inside Google Cloud, Microsoft Azure, and Amazon Web Services.

Updates on Tailscale's efforts to improve NAT traversal, for its client and for the web at large.

Anthropic this morning introduced Claude Skills, a new pattern for making new abilities available to their models: Claude can now use Skills to improve how it performs specific tasks. Skills …

Disaggregating Prefill and Decode: Faster First Tokens, Faster Streams

Cloudflare investigated CPU performance benchmark results for Workers, uncovering and fixing issues in infrastructure, V8 garbage collection, and OpenNext optimizations. These improvements have made Cloudflare Workers faster for all customers.

build your own minimal BSD UNIX system

I’ve usedMullvadas my VPN provider for a few years. Their service is good, they provide keys for 5 devices, rely on the Wireguard protocol, and offer alternative configurations as well. Despite that,

Multipath TCP (MPTCP) for Linux, an extension to TCP that enhances connection redundancy and performance by utilizing multiple underlying TCP sessions simultaneously. This site provides installation guides, debugging tools, FAQs, and a list of apps supporting MPTCP, aimed at facilitating the adoption and implementation of MPTCP for Linux users and developers.

Kuvasz is an open-source, self-hosted uptime monitoring solution that provides comprehensive monitoring capabilities for websites and services.

Distributed monitoring ting. Contribute to rippleFCL/meshmon development by creating an account on GitHub.

How to access to a DSM provisioned Postgres database using User or Client Certificates

I recently shipped anon-trivial Ghostty feature (unobtrusive macOS automatic updates)that waslargelydeveloped with AI.

VCF.JSON Generator release with content transfer functionality

Découvrez comment remplacer votre box Internet SFR, Free, Bouygues ou Orange par du matériel UniFi. Guide complet opérateur par opérateur.

Most organizations rely on a single Identity Provider (IdP) such as Symantec VIP AuthHub, Okta, Microsoft Entra ID, or PingFederate to provide common identity and access management. However, for so…

Simple and efficient cron job monitoring. Get instant alerts when your cron jobs, background workers, scheduled tasks don't run on time.

An hour after celebrating a successful validation in the VCF 9.0 installer and getting ready for real deployment testing (which I made a short LinkedIn post about yesterday), things went sideways. …

How we built blockdiff, an open-source tool for rapid block-level diffs and snapshots of VM disks.

The VMware Cloud Foundation (VCF) Installer (Day 0) and SDDC Manager (Day N) supports two common methods for downloading VCF software into a users environment. Connect to Broadcom's online depot (s…

Free lance Free mVPN, un VPN grand public intégré au réseau mobile et inclus dans les forfaits Free 5G et Série Free. Activation en 1 clic, session 12h, chiffrement, blocage des sites malveillants et sortie en Europe (Italie / Pays-Bas). Disponible dès aujourd’hui sur iOS et Android.

Whilst Microsoft SQL Server is still in technical preview in Data Services Manager 9.0.1, our team continues to release significant enhancements for our customers as we gravitate towards full support.

DSM 9.0.1 aligns with RBAC features that are already in VCF Automation, specifically around multi-tenancy controls

Tackling a larger systems programming project with AI tools.

Contribute to poulpreben/keycloak-to-vcf-scim development by creating an account on GitHub.

I recently migrated my self-hosted services from a VPS (virtual private server) at a remote data center to a physical server at home. This change was motivated by wanting to be in control of the hardw

Over two years ago, inone of my first public talks about Ghostty,
I shared my vision forlibghostty: an embeddable library for any application
to embed their own fully functional, modern, and fast term

Everything you wanted to know about using Cloudflare Zero Trust Argo tunnels for your personal network

License management for both VMware vSphere Foundation (VVF) and VMware Cloud Foundation (VCF) 9.0 is now handled by VCF Operations, which supports keyless entitlement in both Connected and Disconne…

Akvorado 2.0 is out! It introduces a major architectural change with a new outlet service, as well as smaller changes detailed in this post.

With the release of VMware Cloud Foundation 9.0, VMware is ushering in a new era of private cloud management, where data services become an integral part of the automated platform. A key element of this transformation is VMware Data Services Manager (DSM) 9.0, an advanced Database-as-a-Service (DBaaS) tool that is now fully integrated with VCF...

While preparing for my Black Hat and DEF CON talks in July of this year, I found the most impactful Entra ID vulnerability that I will probably ever find. One that could have allowed me to compromise every Entra ID tenant in the world (except probably those in national cloud deployments). If you are an Entra ID admin reading this, yes that means complete access to your tenant. The vulnerability consisted of two components: undocumented impersonation tokens that Microsoft uses in their backend for service-to-service (S2S) communication, called “Actor tokens”, and a critical vulnerability in the (legacy) Azure AD Graph API that did not properly validate the originating tenant, allowing these tokens to be used for cross-tenant access.

News about asciinema development and new releases

This blog post provides a detailed guide for deploying VCF Instance using Terraform. It covers prerequisites, installation steps for Terraform and VCF, and necessary configurations in Terraform fil…

JiraTUI revolutionizes task management for developers by enabling seamless interaction with Jira from the terminal. Create, update, and track tasks efficiently, all while maintaining focus on your cod

This is a scenario that is not covered very well in our current VCF 9.0 docs (I am working to rectify that), where a customer has more than 1 existing VCF 5.x instance and they want to move to VCF …

A brief guide to upgrading from VCF5.X to VCF9 on a brownfield site.

The Intel 285K CPU in my high-end 2025 Linux PC died again! 😡 Notably, this was the replacement CPU for the original 285K that died in March, and after reading through the reviews of Intel CPUs on my electronics store of choice, many of which (!) mention CPU replacements, I am getting the impression that Intel’s current CPUs just are not stable 😞. Therefore, I am giving up on Intel for the coming years and have bought an AMD Ryzen 9950X3D CPU instead.

WinBoat lets you run any Windows application on Linux with seamless desktop integration. Elegant interface, automated installs, filesystem integration, and native OS-level windows.

Getting Started

After publishing my long awaited Automated VMware Cloud Foundation (VCF) 9.0 Lab Deployment Script yesterday, I already had a request for a simliar solution to deploy VMware vSphere Foundation (VVF…

Image Factory generates customized Talos Linux images based on configured schematics.

“It’s always DNS” is a famous meme among network people. Name resolution is technically quite simple. It’s “just” translating a hostname like jan.wildeboer.net to an IP address. What could possibly go wrong? I am a radical optimist and detail-obsessed knowledge collector, so I decided to find out. As part of my goal to make my home network a little island of Digital Sovereignty, meaning that everything at home should JustWork™, even with no working internet connection, a DNS server is needed.

Home internet in the 90s felt simple. You plugged into [Ethernet](https://en.wikipedia.org/wiki/Ethernet), got an [IPv4](https://en.wikipedia.org/wiki/IPv4) address, and you could expose a service dir...

Datacenter-Scale Heat Management

Real-time monitoring for Proxmox, Docker, and Kubernetes with AI-powered insights, smart alerts, and a beautiful unified dashboard - rcourtman/Pulse

Just wanted to share my (successful) procedure for creating in PVE9 a VM Template for a Debian Trixie Server with Cloud-Init, which I have done in the past for previous Debian versions in PVE8. This is most useful to quickly spin up a Debian server for any purpose.

On August 21, 2025, an influx of traffic directed toward clients hosted in AWS us-east-1 caused severe congestion on links between Cloudflare and us-east-1. In this post, we explain what the failure was, why it occurred, and what we’re doing to make sure this doesn’t happen again.

Good news here for customers who use iSCSI in their current vSphere environments and are looking to move to VCF

Bonjour à tous ! Aujourd'hui un article pour parler d'une chose simple : la configuration de la solution rsyslog sur un serveur GNU/Linux en utilisant les …

Setting up a Wake-on-LAN server you can reach from a browser, using Tailscale, a webapp, and a little Raspberry Pi.

An open source, self-hosted implementation of the Tailscale control server - juanfont/headscale

This was a tough decision, having used Gmail since 2007/2008. However, I had to draw the line and stop giving Google my data for free.
The problem with email is …

Note:`libasound2-dev`system library is required to be installed for Sampler to
play thetriggersound. Usually this library is in
place, but if not - you can install it with your

If you have a Synology NAS and want to use an iSCSI LUN with Proxmox Backup Server, check out this post for the full details.

Follow this How-to to configure a Synology NFS share for use with Proxmox Backup Server as a backup datastore. Bonus includes virtualizing PBS on your Synology NAS.

In this article I will walk you through how to install Proxmox Backup Server (PBS) 4.0 inside of a VM running on Proxmox 9.0.

This post describes how to configure Avi Load Balancer in front of of VCF Automation (VCFA) to provide more secure access to the cloud service. Usage of Avi Load Balancer for tenant IaaS services i…

In today’s multi-tenant cloud environments, VMware Cloud Foundation Automation (VCFA) offers a robust layered architecture that seamlessly bridges enterprise-grade infrastructure management with de…

Kener is a free, open-source status page and uptime monitor. Deploy with Docker in under 2 minutes. Track 11 service types, manage incidents, schedule maintenance, and notify subscribers — all from one platform.

how to add read-write-many (RWX) volumes to a Pod in VKS which were initially created by the Volume Service

After 15 years on macOS, I made the leap to Arch Linux using Omarchy. Here's what I discovered about the trade-offs, workflow changes, and why shorter battery life and fan noise haven't sent me back to my MacBook.

The monitoring and analysis of a complex data center can be much easier with the right tools. The right tool for VMware Cloud Foundation (VCF) is VCF Operations. It gathers the extraordinary amount of metrics generated within the environment, and distills it down into meaningful and actionable information for your optimization, troubleshooting, and planning efforts. … Continued

The visual policy editor gives you a tabular view of each section of your policy file, and allows you to add, edit, and delete individual policy entries using visual forms.

On a few occasions, I have noticed that after the initial deployment of VMware Cloud Foundation (VCF) 9.0 that also includes VCF Automation (VCFA), the VCFA VM can experience a sustained CPU usage …

After years of self-hosting on a VPS in a datacenter, I’ve decided to move my services at home. But instead of just porting services, I’m using this as an opportunity to migrate to a more flexible and

Deploy VMs and LXCs using Proxmox Terraform templates. Includes cloud-init, LXC provisioning, and real-world IaC examples for automation.

Connect everything, from cloud to IoT, with the next-generation global network solution. Simple, resilient, and secure networking in minutes.

Free, self-hosted customer support platform with shared inbox, automation, and team collaboration. Deploy with a single binary.

Stop vibe-coding blindly! Why reading AI-generated code is crucial in 2025. Avoid security flaws, architectural decay, and knowledge loss when using Claude Code or any other tool.

You can shell out to `cp -c` using `subprocess`, or you can make a `clonefile()` syscall using the `ctypes` library.

I recently deployed the latest release of VMware Data Services Manager (DSM) 9.0 in my VMware Cloud Foundation (VCF) 9.0 lab to explore the new integration with VCF Automation (VCFA), allowing orga…

This post is part of a short series that builds on our minimal VMware Cloud Foundation (VCF) 9.0 deployment (2x Minisforum MS-A2) and showcases how to fully leverage the exciting new capabilities i…

In this post, I will show you the steps to create a static volume via the Volume Service, and then create the appropriate manifests in your VKS cluster to make the volume available to Pods running on your cluster.

After Claude Pro changed to weekly limits, I explored self-hosting Qwen3-Coder-480B with 400k context windows. Here's what I learned about costs, alternatives, and why Claude Code still dominates the landscape.

VCF 9 services like VCF Operations now use token based service accounts to connect and integrate to VCF Automation aka VCFA. The use of token based service accounts is not limited to VCF 9 services…

I have been exploring some new tools here and there. When I started watching Primeagen, I took a note of several tools that he was using and advocating for. One of them was tmux.
What is tmux? tmux is a terminal multiplexer. What that means is you can have many terminals in one. According to tmux wiki:
tmux is a program which runs in a terminal and allows multiple other terminal programs to be run inside it. Each program inside tmux gets its own terminal managed by tmux, which can be accessed from the single terminal where tmux is running - this called multiplexing and tmux is a terminal multiplexer.

How to migrate from RAIDZ1 to RAIDZ2 without a spare ZFS server or a boatload of extra disks.

Tailscale and Grafana Labs partner to provide private connectivity between data sources on tailnets and Grafana Cloud instances.

The anatomy of UNC3944's vSphere-centric attacks, and a fortified, multi-pillar defense strategy required for mitigation.

We explore the critical risks of integrating VMware vSphere with Active Directory, especially as it relates to ransomware.

VMware Cloud Foundation (VCF) 9.0 continues to support one of the most popular and powerful load balancer, VMware Avi Load Balancer. When you deploy a new VMware Avi Load Balancer within a given VC…

On July 14th, 2025, Cloudflare made a change to our service topologies that caused an outage for 1.1.1.1 on the edge, resulting in downtime for 62 minutes for customers using the 1.1.1.1 public DNS Resolver as well as intermittent degradation of service for Gateway DNS.

In the DSM 9.0 Release Notes, the following item about metrics is listed in the What’s New section: You can use the VMware Data Services Manager API to publish PostgreSQL and MySQL metrics to VMware Cloud Foundation 9.0 (VCF) Operations and Prometheus [..] enabling better visibility, alerting, and performance management for all databases that VMware Data Services manages. In this post, I will show how to configure DSM 9.0 to send Postgres and MySQL database metrics to VCF 9.0 Operations. While this process is rather manual in VCF 9.0, we plan to significantly improve this overall experience for users going forward.…

A brief guide on how to switch from a VCF9 Operations instance to a central VCF Operations instance.

Octelium is a unified zero trust architecture (ZTA) that is built to be generic enough to operate as a zero-config remote access VPN, a Zero Trust Network…

Powerful SSL certificate management system with multi-DNS provider support and REST API

One of the ways how to start using VMware Cloud Foundation 9 is to convert existing vSphere environment. Let’s have a look what is the process. VCF Fleet VCF consists of a Fleet Management wi…

Bring all of your authentication into a unified platform.

Fast terminal, state-of-the-art agents, and cloud orchestration for the full software development lifecycle.

Documentation

Unique 0-click deanonymization attack targeting Signal, Discord and hundreds of platform - research.md

TSDProxy is a proxy for tailscale

How I built a seven-figure business with Rails

Sysxplore explores DevOps, Cloud, and Linux topics in a straightforward way, making complex concepts easy to grasp. Our goal is to deliver technical information and make it enjoyable to learn.

Ah,Zig. I have a love-hate relationship with this one. A “new” (reading:appeared a couple years ago,
already — yes,already), language with high ambitions. Zig was made to run at low-level, with a simp

Uplinq Accounting AI offers comprehensive financial solutions for small businesses. From tax planning to real-time bookkeeping, we guide you through each financial milestone. Simplify your small businesses accounting journey with Uplinq.

Xe Iaso's personal website.

Xe Iaso's personal website.

The horizontal scaling layer for PostgreSQL, deployed as a simple proxy.Load balance queries and shard databases, without application changes.

The pitch of modern SaaS is "don't reinvent the wheel." But every wheel you bolt on comes with some friction.

RustDesk is the best open-source remote desktop software. Secure alternative to TeamViewer and AnyDesk with self-hosted servers. Cross-platform support for Windows, macOS, Linux, and Android.

Record right where you work - in a terminal.
To start, runasciinema rec demo.cast, to end pressctrl+dor typeexit.

Zero trust access to all your infrastructure, self-hosted applications, and SaaS tools. Easy to deploy and scale. Better than your existing VPN.

The cloud you own. Hardware, with the software baked in, for running infrastructure at scale.

We finished pulling seven cloud apps, including HEY, out of AWS and onto our own hardware last summer. But it took until the end of that year for all the long-term contract commitments to end, so 2024 has been the first clean year of savings, and we've been pleasantly surprised that they've been even better than originally estimated. F...

Real-time infrastructure monitoring with per-second metrics, ML anomaly detection, and AI troubleshooting. Open source, #1 on GitHub. Cut MTTR by 80%.

Litestream is an open-source, real-time streaming replication tool that lets you safely run SQLite applications on a single node.

Use declarative language to build simpler, faster, scalable and flexible workflows

A satellite project of labs.iximiuz.com - an indie learning platform to master Linux, Containers, and Kubernetes the hands-on way 🚀

Anthropic publish most of the system prompts for their chat models as part of their release notes. They recently shared the new prompts for both Claude Opus 4 and Claude …

HashiCorp Validated Designs

Let's Encrypt for VMware ESXi with easy installation using pre-built VIB or offline bundle. Auto-renewal of certificates. - w2c/letsencrypt-esxi

Interactive Streaming Telemetry lab with Nokia SR Linux nodes forming a Clos topology - srl-labs/srl-telemetry-lab

Contribute to srl-labs/clab-api-server development by creating an account on GitHub.

Automate deployment and configuration of nested VMware Software-Defined Data Center environments including solutions like vSphere, vSAN, NSX, vSphere Kubernetes Service, Avi Load Balancer, Aria Ope...

Go-based SSH and SCP client with userspace Tailscale connectivity. Secure shell access and file transfers over Tailnet without requiring a full Tailscale daemon. - derekg/ts-ssh

Recall your SSH sessions (also search your SSH config file) - byawitz/ggh

A secure WireGuard VPN management system with invitation-based registration, multi-device support, QR code setup, and admin tools. Built with Next.js 15. - arashvakil/LeiaGuard

Firezone is a fast, flexible VPN replacement built on WireGuard® that eliminates tedious configuration and integrates with your identity provider.

Keeping my laptop clean by developing in a virtual machine

Discover how to design tailored multicloud connectivity scenarios with Megaport and Megaport Cloud Router (MCR). From physical layer configurations to cloud-specific connectivity options, explore resilient and scalable architectures that simplify network complexity. Gain insights into HA designs, dual data center strategies, and step-by-step guidance for building a better network.

From bare metal to cloud VMs using Docker, deploy web apps anywhere with zero downtime.

Build powerful software environments and containerized operations from modular components and simple functions. Perfect for complex software delivery and AI agents. Built by the creators of Docker.

Caddy is a powerful, enterprise-ready, open source web server with automatic HTTPS written in Go

AI SRE and MCP server, incident management, on-call, logs, metrics, traces, and error tracking. 7,000+ happy customers. 60-day money back guarantee.

For everything that happens after you deploy. Antimetal is the AI platform to better understand, manage, and automate your infrastructure.

Nutanix Builder v1.0.0 released and good to go for EUC image builds

Introduction K8s is already a crucial part in the VMware ecosystem for many years and the level of integration in other products like NSX and AVI changed a lot in the past. That is also true for the naming like “vSphere with Tanzu”, “vSphere IaaS” and “VKS” and perhaps more changes in the future. For this blog post we will bring some spotlight to the integration for VKS with NSX VPCs, which is from my point of view a great enhancement from tenancy point of view.

A technical blog about Rust, Linux and other topics.

I’m delighted to announce that Sniffnet v1.4 is finally available! This major release brings a bunch of improvements and fixes, making Sniffnet more powerful and reliable than ever before. One of the most exciting new features is the ability to process network data from PCAP files in addition to network...

DSM is providing is the DBaaS solution for VCF. In this post, I will attempt to highlight the overall benefits of DSM. I will do this for three different personas; the VI Admin, the DBA and the end-user/developer.

A short article about VPCs in NSX 9 and VCF 9 Part 2.

Since launching the MS-01 in 2024, Minisforum has steadily gained popularity for its unique design that sets it apart from established players in the small form factor (SFF) market. Following the s…

Published onJun 25, 2025

PowerCLI has long established itself as a trusted and widely adopted automation tool across VMware environments. It remains one of the most preferred tools among our customers, and its popularity is reflected in the numbers—we estimate over 1.5 to 2 million downloads each year.

By default, the VMware Cloud Foundation (VCF) 9.0 Installer requires a minimum of 3 ESXi hosts when you select vSAN (OSA or ESA) for storage or 2 ESXi hosts when you choose to use external storage …

Data Services Manager is the DBaaS for VMware Cloud Foundation (VCF), offering multi-tenanted data services to your end users on-premises, on vSphere.

Dans cet article, j’expose 3 problèmes que j’ai rencontré dans ma carrière avec le DNS sur Kubernetes. Le 3eme est d’ailleurs un bug non corrigé à ce jour sur kube-proxy en mode iptables, et impacte n

We all want to do awesome things and make an impact at work. However, what we call “work” is a relationship between employer and employee that's inherently and persistently designed to benefit the former over the latter. How do we meaningfully contribute, earn a living, and maybe even enjoy ourselves when the organization simply does not care about us?

Having the latest compatible software for one’s NVIDIA vGPU investment should be a priority. New features are added all the time, or there may be security enhancements. In this post I’ll demonstrate a new PowerShell module I’ve built that employs the NVIDIA License System (NLS) API to be able to list and download vGPU software like drivers or the NVIDIA Delegated License Service (DLS).

The latest VMware Cloud Foundation (VCF) 9 resources

Securely connect to anything on the internet with Tailscale. Built on WireGuard®️, Tailscale enables you to make finely configurable connections, secured end-to-end according to zero trust principles, between any resources on any infrastructure.

A short article about VPCs in NSX 9 and VCF 9.

VMware Cloud Foundation 9 (VCF 9) has been released and with it comes brand new Cloud Management Platform – VCF Automation (VCFA) which supercedes both Aria Automation and VMware Cloud Direct…

How to get generated passwords via Fleet Management API, and login to Automation appliance via SSH

The power of Zig's comptime code execution

Recently I’ve been working on a pretty big rust project and to my surprise Icouldn’t get tests to work properly.

The Situation I was working in our lab and ran into an issue where the hosts I wanted to use had different NIC configurations. I was building a cluster using two different types of hosts because on…

I run Claude Code with --dangerously-skip-permissions flag, giving it full system access. Let me show you a new way of approaching computers.

J.HOMMET.NET - Humain analogue dans un monde numérique.

When you read my blog articles and stuff – you may get the idea that everything I do – just happens to be right and that I succeed at every attempt. This article is here to remind you t…

Mostly to make use of an animation I made for a different blog post that hasn't materialised, let me take a moment to explain to you the fundamental technical difference between 'streaming' and 'downloading'. Which won't take long... because there isn't one!

An honest look at why Nix's complex but powerful approach to package management and reproducible environments is worth considering.

2025-05-20

IPv4 is expensive, and moving network resources around is hard. Previously, when customers wanted to use multiple Cloudflare services, they had to bring a new address range. Now, they can use their resources more efficiently, saving space and reducing operational costs.

Getting the length of a string seems simple and is something we do in our code every day. Limiting the length of a string is also extremely common in both frontend and backend code. But both of those

Manage your data science projects effectively with loguru. Track stages and control logging levels with ease.

Burstable VMs run on a fraction of CPU and burst to a higher level of CPU usage to support occasional usage spikes. To implement them, we leveraged Control Groups v2 (cgroups v2), a Linux kernel feature that helps manage resource usage. We thought our open-source implementation of burstable VMs might be interesting enough to write about. We also learned a lot about Linux cgroups in the process!

Dumping a SQLite database to a text file can make it much smaller, which means you can download it faster.

A deep dive into KubeVirt for vSphere admins. Learn VM creation, storage, networking, and operations mapped to familiar VMware concepts.

Minimalist doesn't mean Talos isn't extensible. Let's dive into the topic of extensions to customize and adapt it to our needs.

Not sure when it happened, but I have been binging self-hosted identity providers like Netflix shows, this season features Authentik, KeyCloak, Synology SSO and Pocket ID. To add to my collection, …

Omni est un outil incroyable qui va vous permettre de gérer des machines Talos n'importe où. Laissez-moi vous présenter Omni, et comment l'interfacer avec Kubevirt pour créer des clusters Kubernetes en un claquement de doigts.

Learn to simulate external services in testing with mock objects for reliable Python unit tests. Master pytest mock today.

SDDC Manager oprations may not be allowed due to System Lock held by Password Manager operation in progress. A password rotation task may have failed on individual components for various reasons. S…

We all love Python’s comprehensive standard library, but let’s face it – PyPI’s wealth of packages often becomes essential. Sharing single-file, self-contained Python scripts that rely on these external tools can be a headache. Historically, we’ve relied on requirements.txt or full-fledged package managers such as Poetry or pipenv, which can be overkill for simple scripts and intimidating for newcomers. But what if there was a simpler way? That’s where uv and PEP 723 come in. This article delves into how uv harnesses PEP 723 to embed dependencies directly within scripts, making distribution and execution extremely easy.

Omnissa recently released their Ports and Protocols tool! There are listings for Horizon1, Omnissa Access and UEM at present. Customized lists can be downloaded in Excel and PDF formats. I wanted to see if I could somehow find this information JSON-formatted. The Horizon listing also includes information for App Volumes, Dynamic Environment Manager and Unified Access Gateway. ↩︎

Take an interactive journey through the history of IO devices, and learn how IO device latency affects performance.

Part 2 VCF Import Cluster with NFS and activating the overlay.

Today we’re excited to release Railpack — the next iteration of the Railway builder, developed from the ground up based on everything we’ve learned from building over 14 million apps with Nixpacks.

Introduction to the deploy.sh Script The deploy.sh script is a fundamental tool in the VMware Aria Automation ecosystem (formerly vRealize Automation), responsible for deploying, configuring, and managing all components of this advanced environment. Located in the /opt/scripts/ directory on the Aria Automation virtual machine, it serves as the central orchestration point for the entire system....

I want to write a post about Pitchfork, explaining where it comes from, why it is like it is, and how I see its future. But before I can get to that, I think I need to share my mental model on a few things, in this case, HTTP/2.

Much of what I do, in multiple fields, could be reduced to one skill: troubleshooting.

post Philosophy My overarching goals with writing notes are 2 fold: To help me think clearly To serve as a personal knowledge base I can reference later One of the great things about Obsidian is how it’s infinitely customizable.

We're Rivet, a new open-source, self-hostable serverless platform. We've been in the weeds with SQLite-on-the-server recently and – boy – do we have a lot of thoughts to share. Give us a star on GitHub, we'll be sharing a lot more about SQLite soon!

GitHub Actions suggests using code like echo ... >> $GITHUB_ENV, but echo ... | tee -a $GITHUB_ENV is often better.

MicroVMs need bare-metal or nested virtualisation with /dev/kvm. But what if that's not available? The PVM virtualisation framework may be the answer.

Migrate VMware to Proxmox for free using Veeam Community Edition. The steps are easy and quick for VMware to Proxmox migration

The article outlines how to automate the deployment and configuration of VMware NSX using Terraform, focusing on components like NSX Manager, Fabric, and Edge Transport Nodes. It details installati…

Lors d’une nouvelle installation de NSX Intelligence (ou plutôt Security Intelligence maintenant), j’ai rencontré un petit problème inattendu !

The introduction of VPCs (Virtual Private Cloud) at the network level provides a "self-service" for network, security and other network services in an isolated environment. Those responsible for the VPC can create networks and security rules (within their limits), thus relieving the burden on the network and security teams. It also enables the VPC owners to provide new services more quickly.

This blog post provides a detailed guide for installing VMware vSphere Supervisor using Terraform. It covers prerequisites, installation steps for Terraform and vSphere Supervisor, and necessary co…

Oracle is not a very popular cloud hosting service, but they have an unusually attractive free tier offering. You can run the following two VMs for free 24/7:

With the new Broadcom licensing changes related to NSX only the stateless firewall is included in the base VCF/NSX license while statefull firewall needs to be licensed separately. VMware Cloud Dir…

Let’s Encrypt protects a vast portion of the Web by providing TLS certificates to over 550 million websites—a figure that has grown by 42% in the last year alone. We currently issue over 340,000 certificates per hour. To manage this immense traffic and maintain responsiveness under high demand, our infrastructure relies on rate limiting. In 2015, we introduced our first rate limiting system, built on MariaDB. It evolved alongside our rapidly growing service but eventually revealed its limits: straining database servers, forcing long reset times on subscribers, and slowing down every request.

Exploring how to break up a system architecture diagram to make it more readable and informative

Live Migration of Workloads with VMware HCX: A Customer Story

Build reproducibility is often considered as a de facto feature provided by functional package managers like Nix. Although the functional package manager model...

When you deploy a component using VMware Aria Suite Lifecycle, it stores the credentials in it’s locker. If you need to SSH to a VCF Operations appliance and you dont know the root password, …

What are these distroless images, really? Why are they needed? What's the difference between a container image built from a distroless base and a container image built from scratch? Let's take a deeper look.

My tools and how I use them.

Todays post is about configuring Jumbo frames in NSX for VM to VM communication (East / West) and for upstream connectivity (North / South). NSX supports switching and routing of Jumbo frames. We’re t

When it comes to infrastructure engineering, building a data center is probably closer to building a house than to deploying a Terraform stack.

the latest version of Data Services Manger (DSM) is now available. Version 2.2 has a wealth of new features

While answering a recent question on the VMware Reddit Community, I came to learn about Authentik, an open source identity provider (IdP), which is pretty feature rich and best of all, you can self…

Introduction Some of you are using NSX for many years already and are aware of the different changes and improvements implemented in the last years. I personally started with NSX in version 2.3 and one of the first important improvements I recognized is “MultiTEP” for edge nodes from type VM. It was released with NSX 2.5 and officially added to the reference design guide.
By the way: The reference design guide is still a great resource to learn the design pricipals for NSX implementaions. This is especially interesting for those who might be new to NSX.

Change your tools and change your life in 2025.

Some of the interesting and insane facts I learned about SQLite

How I connected Kubernetes clusters across 4 countries with my own ASN, BGP peering, and perhaps too many IPsec tunnels

Hola,
Recently, I have made several changes to the AsBuiltReport.Veeam.VBR script, so I will summarize here all the new capabilities added.
Here is the link to the most recent report in HTML format: Report The first change I will discuss is the support for Microsoft Entra ID. In this case the Veeam Backup & Replication (VBR) Powershell module allows extracting the information of the Tenants that are configured in the VBR infrastructure.

Mac's Tech Blog

In a previous post, I covered a method to automatically generate DNS zones from an embedded YAML list.
This wasn't the most useful on its own, only ensuring …

Deploying modern web apps – with all the provisions needed to be fast and secure while easily updateable – has become so hard that many developers don’t dare do it without a PaaS (platform-as-a-service). But that’s ridiculous. Nobody should have to pay orders of magnitude more for basic computing just to make deployment friendly and usable. That’s a job for open source, and Rails 8 is ready to solve it. So it’s with great pleasure that we are now ready with the final version of Rails 8.0, after a successful beta release and several release candidates!

In this new version, we’ve added the “official” support for the newvSphere and vSAN 8.3 APIsand Veeam Backup & Replication v12.

You've been lied to. You don't need the cloud – you can just run servers and save 10x your AWS costs. It's not that difficult.

Bare metal to production ready in mins; imagine fly.io on your VPS
Sidekick is made to make your life easy as you deploy your applications. It’s meant for people who care about shipping as fast as possible while doing things the right way. Sidekick is designed to allow you to host multiple applications on a single VPS and take care of making them production ready. If you get enough traction, scale up your VPS and call it a day!

transhumanist and high functioning loser; instantiated simulation, statically stuck in superposition, calculated computationally complex, technomancer at will

Extension du lab à l ecosystème Xen via XCP-ng et Xen Orchestrator. Installation des solutions et principes de base

Ça fait un moment que j’utilise Github comme support OAuth2 pour m’authentifier sur des applications. Toutefois, je me suis toujours contenté de suivre une documentation sans réellement chercher à comprendre ce qu’il se passait sous mes yeux chaque fois que je voulais m’authentifier.
De ce fait, je me suis motivé à écrire cet article à propos du SSO. L’objectif est de découvrir les mécanismes disponibles pour gérer une grande quantité d’utilisateurs et leurs accès aux applications de l’infrastructure.

After having automated the downloading of bundles for an offline depot in my lab I got the idea of experimenting with hosting it using a containerized nginx instance.

In this post I will demonstrate how one can automate the downloading of VMware Cloud Foundation bundles with Ansible, for later use with the offline depot functionality, which promises to relieve laborious bundle uploads to SDDC Manager.

While I was testing the new Release 8.0.3 from Broadcom, I ran into a few problems getting my nested lab...

Kubernetes doesn't load balance long-lived connections, and some Pods might receive more requests than others. If you're using HTTP/2, gRPC, RSockets, AMQP or any other long-lived connection such as a database connection, you might want to consider client-side load balancing.

Créer une infrastructure VPN hybride avec Headscale pour connecter des serveurs locaux et distants.

Posted:2024-05-25

Découvrons ensemble comment utiliser le GPG pour sécuriser ses échanges (fichiers, mail, commits) et comment stocker ses clés sur une Yubikey pour plus de sécurité !

Golden images were supposed to simplify infrastructure, but many teams still build Linux systems like it's 2009. Let's do it differently.

Inmy previous postI showed how to install automatically a virtual machine with pfSense. The automation I reached was around 90%, as I didn’t know how to automate the installation of the software. Than

Adventures trying to minimise disk usage for servers

In my 2022 December rumination about vCF I delved into how a union between VMware Cloud Foundation and a credential storage solution could make for a powerful combination.

As someone familiar with VMware and vCenter, but coming reasonably fresh to Proxmox Virtual Edition (PVE) there are a number of important differences when …

Vault est un outil de gestion des secrets développé par Hashicorp. Il permet de stocker et de gérer ces derniers de manière sécurisée. Dans cet article, nous allons voir comment utiliser Vault pour gérer les secrets de vos applications.

Slow Rust Builds?
Here are some tips to speed up your compile times.
This list was originally released on my private blo…

J'utilise constamment des machines virtuelles pour tester des scripts, pour héberger des services, pour faire des tests de déploiement, etc. J'ai pour habitude d'utiliser Proxmox dans le cadre de mon lab, et Libvirt au travail.
Depuis peu, j'approfondis mes connaissances sur les clouds publiques comme AWS, GCP, Azure, etc. Et s'il y a bien une chose qui me fascine, c'est la vitesse à laquelle on peut créer une machine virtuelle.
Il m'arrive d'utiliser Cloud-Init pour automatiser la création de mes machines virtuelles ou Packer pour créer des templates de VM, mais nous parlons de quelques minutes (et non de secondes).
C'est en faisant mes recherches sur ce sujet que je suis tombé sur Firecracker, un projet open-source d'AWS qui permet de créer des microVMs en quelques millisecondes (oui oui, millisecondes). Alors, je veux pouvoir créer des machines virtuelles en quelques millisecondes, mais aussi pouvoir les détruire et les recréer à la volée. De ce fait, ces machines virtuelles pourront être utilisées pour des tests, pour des déploiements, pour des services, etc.

Découvrez la sélection de nos derniers travaux. Des projets Cyllene multiples regroupant de nombreux métiers afin de vous offrir une prestation sur-mesure.

Overview VMware recently released full support for Azure Active Directory (now called Entra ID) integration with vCenter with release 8.0 U2. Unfortunately, their documentation about integration had some major gaps, compelling us to write this guide. VMware’s documents initially recommended opening your vCenter server URL to the public (which you should NEVER do). They’ve since...

Sysadmin doing syadmin stuff

Instead of using sshpass to non-interactively provide an SSH password, here is a simpler approach by harnessing the built-in features of OpenSSH...

Prometheus est une solution de supervision créée par Soundcloud en 2012 et open-sourcée en 2015. C'est un incontournable qui se démarque via l'intégration à de nombreux services tiers non supportés nativement.

I want my services to be sturdy, cheap & easy to maintain. I want very few moving parts, and I treat the hardware as disposable and unreliable. Ansible allows me to achieve a lot at very little cost.

Consul Associate est une certification officielle de HashiCorp. Celle-ci permet de valider vos connaissances sur Consul via un examen en ligne. Je vous partage mon expérience dans cet article !

Recently I’ve been looking into setting up BGP EVPN between VMware NSX and VyOS router. I’m using VyOS quite a lot in labs and demos, often as the counterpart to a Tier-0 gateway, and w…

Consul est un outil permettant de gérer des micro-services, de la haute-disponibilité, mais aussi la sécurité et la communication entre les services. Cette page est condensé de ce que j'ai pu apprendre sur le sujet.

Five years of technical blogging followed by six months of active development resulted in an online learning-by-doing platform for DevOps, SRE, and Platform Engineers.

Everyone loves the Cluster API, but there are some cases where it's not the best solution. We chose not to build with it for several reasons.

Want to secure your Proxmox server with a trusted SSL certificate from Let's Encrypt? Check out my post! Includes Home Assistant integration too!

Cert-Manager est un programme permettant de gérer les certificats (ainsi que leurs renouvellements) sur des clusters Kubernetes. Nous allons voir comment déployer Cert-Manager et générer nos premiers certificats

Ce guide vous explique comment configurer un serveur DNS et DHCP en utilisant DNSMASQ. Il couvre l'installation, la configuration du DHCP et du DNS, ainsi que la gestion des baux statiques.

Lorsque nous avons de nombreux serveurs, il convient d'automatiser chacun des déploiements que nous réalisons. Et lorsque la majorité sont sous Debian, ces déploiements peuvent prendre la forme de fichiers .deb. Nous verrons donc sur cette page comment créer notre propre dépôt Debian

A next-generation sharing platform built on top of OpenZiti, a programmable zero-trust network overlay.

Lorsqu'on multiplie les infrastructures (locales, distante etc..), avoir un VPN de Mesh permet de vous faciliter la vie. Nous allons donc installer et configurer Tinc

Historically, we have rarely talked about how our servers fetch
the content from the Internet. In this blog we’re going to cover
this gap. We'll discuss how we manage Cloudflare IP addresses
used to retrieve the data from the Internet, how our egress
network design has evolved, how we optimized it for best use
of available IP space and introduce our soft-anycast technology.

SSH port forwarding explained in a clean and visual way. How to use local and remote port forwarding. What sshd settings may need to be adjusted. How to memorize the right flags.

This is my documentation of how I publish my notes from a private [[Obsidian]] vault to my

The need I went into some troubles when I wanted to implement NSXT rules. My aim was to keep the order of the rules as intended by the user when he wrote his data without asking him to enter a rule ID manually. If the order is kept then it’s easy to prioritize the rules according to their placement. With the NSX-T Terraform provider the rules are in the form below :

Thus far, this series of posts have all been about Layer 2 over Layer 3 models; the customer ethernet frames encapsulated in UDP, traversing L3 networks. The routing has been confined underlay, the customer traffic has stayed within the same network.

Starting today, we are thrilled to announce that you can start building many segregated virtual private networks over Cloudflare Zero Trust, beginning with virtualized connectivity for the connectors Cloudflare WARP and Cloudflare Tunnel

Whiletroubleshooting of a failed SDDC Manager deploy taskin Cloud Foundation 4.4 together with VMware support, the engineer showed a way to update the SDDC bring-up parameters. This can be very helpfu

A technical dive into traditional TCP proxying over HTTP

Traefik est un reverse-proxy qui se démarque des autres par son systeme de provider et de middleware. Il ne réinvente pas la roue, mais il est particulièrement efficace lorsque l'on a un grand nombre de redirections à paramétrer ou que nous avons des règles qui changent régulièrement.

Delivering consistent performance while maintaining data resiliency is a key tenet behind enterprise storage solutions. VMware vSAN is the industry leading distributed storage system built right into VMware vSphere, and is designed to offer the highest level of resiliency and performance, with the maximum amount of agility should hardware faults occur, or demands of the … Continued

In this blog post, I will help you with the set of steps needed to enable MinIO service on a “vSphere with Tanzu” Supervisor cluster. I will not explain about MinIO, feel free to read about MinIO o…

Today at 1651 UTC, we opened an internal incident entitled "Facebook DNS lookup returning SERVFAIL" because we were worried that something was wrong with our DNS resolver 1.1.1.1. But as we were about to post on our public status page we realized something else more serious was going on.

Lorsqu'il s'agit d'initialiser une machine virtuelle dans une infrastructure VMWare vSphere, les systèmes Linux sont le parent pauvre....

Easily create a Proxmox Ubuntu cloud-init image for use with Terraform, Ansible, and other automation tools

Learn how to create a Kubernetes cluster on Azure, Amazon Web Services (AWS) and Google Cloud

Software-Defined Datacenters | NSX-T | NSX-ALB | VMware Cloud Foundation (VCF)

If you have ever tried to troubleshoot an NSX-v Management Appliance or Edge, you probably noticed that you are quite limited in the execution of your controls. That’s because in NSX-v you are standardly limited with most of the time only esxcli, even when you are logged in as admin.

To get past

Todays topic is VMware Cloud Director inter-tenant routing with a NSX-T backed provider VDCs (pVDC). The reason for writing this post is that some use-cases require routed connectivity between Org VDC

A post about a community function contribution to the open source project VMware Event Broker Appliance to notify you if a ESXi host failure occured.

In this post, we will investigate the performance of disk encryption on Linux and explain how we made it at least two times faster for ourselves and our customers!

A rundown of seven common mistakes is system architecture diagrams and how to fix them

Replacing Orange Livebox with another router is widely documented but too kludgy for my taste. I expose a cleaner setup.

Troubleshooting in Kubernetes can be a daunting task. In this article you will learn how to diagnose issues in Pods, Services and Ingress.

If you work with computer networks sooner or later you will have to learn how to efficiently work with IP addresses and networks. As you probably guessed from the title of this post, we'll be learning how to create, modify and perform operations on IP objects using Python. Having to

Monitor CPU, GPU, and storage, clean junk files, check battery health, and keep your Mac fast with Sensei. Free download.

Using CAPV to deploy K8s clusters with vSphere CNS

How to backup and restore K8s applications on vSphere

Step by step guide for using cloud-init on vSphere

Intro
I have been experimenting a lot over the past 18 months with containers and in particular, Kubernetes, and one of the core things I always seemed to get hung up on was part-zero - creating the VMs to actually run K8s. I wanted a CLI only way to build a VM template for the OS and then deploy that to the cluster.
It turns out that with Ubuntu 18.04 LTS (in particular the cloud image OVA) there are a few things need changed from the base install (namely cloud-init) in order to make them play nice with OS Guest Customisation in vCenter.

Checkmk is a leading tool for Infrastructure and Application Monitoring. Simple configuration, scalable, flexible. Open Source and Enterprise.

Introduction Traditionally, Data Centers used lots of Layer 2 links that spanned entire racks, rows, cages, floors, for as far as the eye could see. These...

For ease of configuration, virtual guests are usually connected to a layer 2 network. However, hypervisors can be turned into layer 3 routers...

Linux uses an LPC-trie for looking up routes. It provides good performance with low memory use even with millions of routes.

A short while back I participated in an internal event. A number of priority customers of our internal cloud service were invited for a feedback session, to voice their thoughts, listen to roadmap sessions and just to get to know each other.
There was one comment made there by one of the participants that has been on my mind since then, and it was something along the lines of:
“I have been using AWS longer than I have been using our internal cloud service – that is more than 5 years.