Tag: Infrastructure

VMware Cloud Foundation (VCF) 9.1 is now generally available! 🥳 In addition to the revamped VCF 9.1 Technical Documentation which includes the 9.1 release notes, which everyone should be reviewing …

In the VCF 9.1 full deployment guide we cover everything in the private cloud platform, and adding workload domains, hosts, clusters and scaling your fleet

Last Updated May 4, 2026

Self-hosted homelab infrastructure visualizer — interactive network diagram with live status monitoring - Pouzor/homelable

In the ever-evolving landscape of private cloud, technical debt often hides in the most fundamental places, like your DNS naming convention. For many years, .local was the go-to Top-Level Domain (TLD) for internal Active Directory environments. However, as per RFC 6762, .local is now officially reserved for Multicast DNS (mDNS) and is no longer recommended … Continued

Adding clarity after the NC2 on Google Cloud article and illustrating how OVHcloud completes the picture.

A complete guide to replacing the default OVHcloud gateway with a pfSense firewall on Nutanix NC2.

Why we started running our office lab on FreeBSD with Sylve, and how a simpler stack ended up fitting our workflow better.

CRD ou APIService ? Deux façons d'étendre l'API Kubernetes avec des philosophies radicalement différentes. On compare les deux avec des exemples concrets !

With VCF 9.0, Broadcom has announced the deprecation of the SDDC Manager UI, pushing Day-N workflows to the VCF Operations Console. In this post we explore what password management looks like in the new console, what capabilities have landed including Update, Remediate and a polished filtering experience, and what still requires SDDC Manager directly such as Rotate, scheduled auto-rotation and credential retrieval via the API

Browser-based utilities for VCF 9, NSX, vSAN, and networking. No install. Zero data collected.

Cloudflare’s Gen 13 servers double our compute throughput by rethinking the balance between cache and cores. Moving to high-core-count AMD EPYC ™ Turin CPUs, we traded large L3 cache for raw compute density. By running our new Rust-based FL2 stack, we completely mitigated the latency penalty to unlock twice the performance.

Découvrez fault, un proxy de chaos engineering qui injecte des pannes réseau entre vos services pour révéler leurs faiblesses avant la production.

Let's make a tiny, standalone CA! We'll use a Raspberry Pi 4, YubiKey 5 NFC, and Infinite Noise TRNG.

Complete guide to using NGINX as an API gateway in 2026, covering configuration, load balancing, rate limiting, and the Kubernetes ingress-nginx retirement.

NixOS : comment j'ai troqué 13 ans de Debian contre un système déclaratif, reproductible et sans mauvaise surprise.

Talk to your infrastructure in plain language, get instant answers, and keep everything on-prem if you want.

How to build a single global queue for distributed systems on object storage: Start with a single file on object storage, then add write batching, a stateless broker, and high-availability.

See how I built a Proxmox and Ceph home lab with 5 nodes, 17TB NVMe storage, dual 10Gb LACP, and Talos Kubernetes running on distributed Ceph.

Comprenez la différence MTU MSS pour éviter la fragmentation réseau. Tutoriel complet : config, tests ping, Jumbo Frames et exemples Kubernetes.

Give LLM agents shell access without risking your host system. A practical libvirt guide covering VM creation, snapshots for safe experimentation, and remote access options.

On January 14, 2026, global telnet traffic observed by GreyNoise sensors fell off a cliff. A 59% sustained reduction, eighteen ASNs going completely silent, five countries vanishing from our data entirely. Six days later, CVE-2026-24061 dropped. Coincidence is one explanation.

Short blog about my experiences with Nutanix CE and which workarounds I needed.

Comment j'ai obtenu mon propre ASN et utilisé BGP pour annoncer des routes IPv6 depuis chez moi.

Author: Nemanja Ilic

A comprehensive step-by-step guide series to creating Kubernetes managed clusters on Proxmox using Cluster API and Cilium as a CNI.

A curated list of awesome resources, tools, libraries, and projects for the Mistral AI ecosystem. - samouraiworld/awesome-mistral

The Excavator Doesn't Care About Your Diversity We'd done everything right. Diverse and multiple fiber paths to our remote site.

PDM 1.0 atteint le statut GA après une phase de développement d’environ douze mois, ponctuée par des versions alpha et bêta successives. Proxmox Data Center Manager se présente comme une plateforme de gestion unifiée, visant à fournir une alternative aux solutions établies comme vCenter ou Xen Orchestra pour l’administration d’infrastructures virtualisées sous Proxmox VE.

Cloudflare suffered a service outage on November 18, 2025. The outage was triggered by a bug in generation logic for a Bot Management feature file causing many Cloudflare services to be affected.

Découvrez comment remplacer votre box Internet SFR, Free, Bouygues ou Orange par du matériel UniFi. Guide complet opérateur par opérateur.

🔧 pyinfra turns Python code into shell commands and runs them on your servers. Execute ad-hoc commands and write declarative operations. Target SSH servers, local machine and Docker containers. Fas...

This blog post provides a detailed guide for deploying VCF Instance using Terraform. It covers prerequisites, installation steps for Terraform and VCF, and necessary configurations in Terraform fil…

I’ve started writing more Python code lately (because of… AI, you know). In this post, I share the tools, libraries, configs, and other integrations I use for building production-grade Python applications following a frontend-backend architecture.

HashiCorp Validated Designs

Make beautiful isometric infrastructure diagrams. Contribute to stan-smith/FossFLOW development by creating an account on GitHub.

A lightweight Server management script set, backend is Docker, Caddy Web Server. Makes the life of the infra guy a little simpler and easier. - nguyenanhung/infra-caddy-guy

For everything that happens after you deploy. Antimetal is the AI platform to better understand, manage, and automate your infrastructure.

I'm fortunate enough to live in a place where 10Gbps fiber (FTTH) is not only available but also cheap. Here's how I'm taking advantage of this.

Omni est un outil incroyable qui va vous permettre de gérer des machines Talos n'importe où. Laissez-moi vous présenter Omni, et comment l'interfacer avec Kubevirt pour créer des clusters Kubernetes en un claquement de doigts.

Omnissa recently released their Ports and Protocols tool! There are listings for Horizon1, Omnissa Access and UEM at present. Customized lists can be downloaded in Excel and PDF formats. I wanted to see if I could somehow find this information JSON-formatted. The Horizon listing also includes information for App Volumes, Dynamic Environment Manager and Unified Access Gateway. ↩︎

Today we’re excited to release Railpack — the next iteration of the Railway builder, developed from the ground up based on everything we’ve learned from building over 14 million apps with Nixpacks.

The article outlines how to automate the deployment and configuration of VMware NSX using Terraform, focusing on components like NSX Manager, Fabric, and Edge Transport Nodes. It details installati…

This blog post provides a detailed guide for installing VMware vSphere Supervisor using Terraform. It covers prerequisites, installation steps for Terraform and vSphere Supervisor, and necessary co…

Live Migration of Workloads with VMware HCX: A Customer Story

When it comes to infrastructure engineering, building a data center is probably closer to building a house than to deploying a Terraform stack.

Introduction Some of you are using NSX for many years already and are aware of the different changes and improvements implemented in the last years. I personally started with NSX in version 2.3 and one of the first important improvements I recognized is “MultiTEP” for edge nodes from type VM. It was released with NSX 2.5 and officially added to the reference design guide.
By the way: The reference design guide is still a great resource to learn the design pricipals for NSX implementaions. This is especially interesting for those who might be new to NSX.

Abstract Now that we have a Vault, with a TLS Issuing CA, and some idea of how to get certs out of it, lets look at how we can use this in a “real” world scenario to put a valid TLS profile onto a Network Appliance (fancy word for a switch I guess).
Why did I say appliance, and not Router or Switch? Weeeeeell, think about it. You manage a lot of network stuff over HTTPS protocols these days, even when its not actually a web interface you are using to do it.

How I connected Kubernetes clusters across 4 countries with my own ASN, BGP peering, and perhaps too many IPsec tunnels

Hola,
Recently, I have made several changes to the AsBuiltReport.Veeam.VBR script, so I will summarize here all the new capabilities added.
Here is the link to the most recent report in HTML format: Report The first change I will discuss is the support for Microsoft Entra ID. In this case the Veeam Backup & Replication (VBR) Powershell module allows extracting the information of the Tenants that are configured in the VBR infrastructure.

30 November 2024

Mac's Tech Blog

WebVM is a full Linux environment running in the browser, client-side. It is a complete virtual machine, with support for persistent data storage, networking and, as of today’s release, Xorg and complete desktop environments.

In a previous post, I covered a method to automatically generate DNS zones from an embedded YAML list.
This wasn't the most useful on its own, only ensuring …

Deploying modern web apps – with all the provisions needed to be fast and secure while easily updateable – has become so hard that many developers don’t dare do it without a PaaS (platform-as-a-service). But that’s ridiculous. Nobody should have to pay orders of magnitude more for basic computing just to make deployment friendly and usable. That’s a job for open source, and Rails 8 is ready to solve it. So it’s with great pleasure that we are now ready with the final version of Rails 8.0, after a successful beta release and several release candidates!

Let's walk through a common scenario.

Sample Dashboard Designs to review first thing in the morning while drinking your Coffee or Energy Drink.

In this new version, we’ve added the “official” support for the newvSphere and vSAN 8.3 APIsand Veeam Backup & Replication v12.

You've been lied to. You don't need the cloud – you can just run servers and save 10x your AWS costs. It's not that difficult.

Bare metal to production ready in mins; imagine fly.io on your VPS
Sidekick is made to make your life easy as you deploy your applications. It’s meant for people who care about shipping as fast as possible while doing things the right way. Sidekick is designed to allow you to host multiple applications on a single VPS and take care of making them production ready. If you get enough traction, scale up your VPS and call it a day!

A rant about caring

transhumanist and high functioning loser; instantiated simulation, statically stuck in superposition, calculated computationally complex, technomancer at will

Hola,
Today I am going to share the improvements I have made to the Veeam Backup & Replication infrastructure diagramming tool. This tool uses Graphviz as the engine to draw the diagram and the PSGraph module to generate the code from PowerShell. Here is the link to the project on GitHub:
https://github.com/rebelinux/Veeam.Diagrammer In version 0.6.8 information about SureBackup was added to the infrastructure diagram. In particular, the ability to diagram Application Groups and Virtual Labs has been added.

Découvrons NATS de A à Y. Ensemble, nous développerons un projet à base de micro-services en Golang pour tester les particularités de NATS et fiabiliser les échanges entre nos applications.

Extension du lab à l ecosystème Xen via XCP-ng et Xen Orchestrator. Installation des solutions et principes de base

Ça fait un moment que j’utilise Github comme support OAuth2 pour m’authentifier sur des applications. Toutefois, je me suis toujours contenté de suivre une documentation sans réellement chercher à comprendre ce qu’il se passait sous mes yeux chaque fois que je voulais m’authentifier.
De ce fait, je me suis motivé à écrire cet article à propos du SSO. L’objectif est de découvrir les mécanismes disponibles pour gérer une grande quantité d’utilisateurs et leurs accès aux applications de l’infrastructure.

After having automated the downloading of bundles for an offline depot in my lab I got the idea of experimenting with hosting it using a containerized nginx instance.

In this post I will demonstrate how one can automate the downloading of VMware Cloud Foundation bundles with Ansible, for later use with the offline depot functionality, which promises to relieve laborious bundle uploads to SDDC Manager.

While I was testing the new Release 8.0.3 from Broadcom, I ran into a few problems getting my nested lab...

Créer une infrastructure VPN hybride avec Headscale pour connecter des serveurs locaux et distants.

Posted:2024-05-25

Golden images were supposed to simplify infrastructure, but many teams still build Linux systems like it's 2009. Let's do it differently.

Inmy previous postI showed how to install automatically a virtual machine with pfSense. The automation I reached was around 90%, as I didn’t know how to automate the installation of the software. Than

Adventures trying to minimise disk usage for servers

In my 2022 December rumination about vCF I delved into how a union between VMware Cloud Foundation and a credential storage solution could make for a powerful combination.

As someone familiar with VMware and vCenter, but coming reasonably fresh to Proxmox Virtual Edition (PVE) there are a number of important differences when …

After a homelab crash, the VCSA file-based backup isn't working anymore. In this post I'm describing how I was able to get the VMware Postgres Archiver service back into operating state by interfere with vCenters vPostgres instance.

Vault est un outil de gestion des secrets développé par Hashicorp. Il permet de stocker et de gérer ces derniers de manière sécurisée. Dans cet article, nous allons voir comment utiliser Vault pour gérer les secrets de vos applications.

Some time ago I bumped into a blog post from Rutger Blom about implementing EVPN integration between NSX-T and vYOS. As I was involved in my recent past with Arista in DC deployments, I was curious…

Learn why DNS needs security through tacos, crabs, and cryptographic laughs. How DNSSEC Works turns complex internet plumbing into an illustrated adventure.

Slow Rust Builds?
Here are some tips to speed up your compile times.
This list was originally released on my private blo…

J'utilise constamment des machines virtuelles pour tester des scripts, pour héberger des services, pour faire des tests de déploiement, etc. J'ai pour habitude d'utiliser Proxmox dans le cadre de mon lab, et Libvirt au travail.
Depuis peu, j'approfondis mes connaissances sur les clouds publiques comme AWS, GCP, Azure, etc. Et s'il y a bien une chose qui me fascine, c'est la vitesse à laquelle on peut créer une machine virtuelle.
Il m'arrive d'utiliser Cloud-Init pour automatiser la création de mes machines virtuelles ou Packer pour créer des templates de VM, mais nous parlons de quelques minutes (et non de secondes).
C'est en faisant mes recherches sur ce sujet que je suis tombé sur Firecracker, un projet open-source d'AWS qui permet de créer des microVMs en quelques millisecondes (oui oui, millisecondes). Alors, je veux pouvoir créer des machines virtuelles en quelques millisecondes, mais aussi pouvoir les détruire et les recréer à la volée. De ce fait, ces machines virtuelles pourront être utilisées pour des tests, pour des déploiements, pour des services, etc.

Découvrez la sélection de nos derniers travaux. Des projets Cyllene multiples regroupant de nombreux métiers afin de vous offrir une prestation sur-mesure.

Overview VMware recently released full support for Azure Active Directory (now called Entra ID) integration with vCenter with release 8.0 U2. Unfortunately, their documentation about integration had some major gaps, compelling us to write this guide. VMware’s documents initially recommended opening your vCenter server URL to the public (which you should NEVER do). They’ve since...

Sysadmin doing syadmin stuff

Instead of using sshpass to non-interactively provide an SSH password, here is a simpler approach by harnessing the built-in features of OpenSSH...

Prometheus est une solution de supervision créée par Soundcloud en 2012 et open-sourcée en 2015. C'est un incontournable qui se démarque via l'intégration à de nombreux services tiers non supportés nativement.

I want my services to be sturdy, cheap & easy to maintain. I want very few moving parts, and I treat the hardware as disposable and unreliable. Ansible allows me to achieve a lot at very little cost.

Terraform Associate est une certification officielle de HashiCorp. Celle-ci permet de valider vos connaissances sur Terraform via un examen en ligne. Je vous partage mon expérience dans cet article !

Consul Associate est une certification officielle de HashiCorp. Celle-ci permet de valider vos connaissances sur Consul via un examen en ligne. Je vous partage mon expérience dans cet article !

Recently I’ve been looking into setting up BGP EVPN between VMware NSX and VyOS router. I’m using VyOS quite a lot in labs and demos, often as the counterpart to a Tier-0 gateway, and w…

Consul est un outil permettant de gérer des micro-services, de la haute-disponibilité, mais aussi la sécurité et la communication entre les services. Cette page est condensé de ce que j'ai pu apprendre sur le sujet.

Tmux est un multiplexeur de terminal, celui-ci permet de créer et contrôler des sessions. Il est souvent utilisé pour lancer une commande en fond et pouvoir fermer le terminal sans crainte que le processus ne soit stoppé. Nous allons voir comment l'utiliser.

Five years of technical blogging followed by six months of active development resulted in an online learning-by-doing platform for DevOps, SRE, and Platform Engineers.

New talk: Learning DNS in 10 years

Everyone loves the Cluster API, but there are some cases where it's not the best solution. We chose not to build with it for several reasons.

Want to secure your Proxmox server with a trusted SSL certificate from Let's Encrypt? Check out my post! Includes Home Assistant integration too!

Dagger.IO est un outil maintenu par Solomon Hykes, celui-ci permet de créer un CI local (ou distant) n'étant pas dépendant du Yaml ou d'un DSL

Créer ses propres packages Debian n'est pas aussi compliqué qu'on peut le croire. Nous allons voir comment packager ses propres scripts/programmes de manière facile et efficace

Cert-Manager est un programme permettant de gérer les certificats (ainsi que leurs renouvellements) sur des clusters Kubernetes. Nous allons voir comment déployer Cert-Manager et générer nos premiers certificats

Ce guide vous explique comment configurer un serveur DNS et DHCP en utilisant DNSMASQ. Il couvre l'installation, la configuration du DHCP et du DNS, ainsi que la gestion des baux statiques.

Lorsque nous avons de nombreux serveurs, il convient d'automatiser chacun des déploiements que nous réalisons. Et lorsque la majorité sont sous Debian, ces déploiements peuvent prendre la forme de fichiers .deb. Nous verrons donc sur cette page comment créer notre propre dépôt Debian

A next-generation sharing platform built on top of OpenZiti, a programmable zero-trust network overlay.

Lorsqu'on multiplie les infrastructures (locales, distante etc..), avoir un VPN de Mesh permet de vous faciliter la vie. Nous allons donc installer et configurer Tinc

Historically, we have rarely talked about how our servers fetch
the content from the Internet. In this blog we’re going to cover
this gap. We'll discuss how we manage Cloudflare IP addresses
used to retrieve the data from the Internet, how our egress
network design has evolved, how we optimized it for best use
of available IP space and introduce our soft-anycast technology.

SSH port forwarding explained in a clean and visual way. How to use local and remote port forwarding. What sshd settings may need to be adjusted. How to memorize the right flags.

Learn all about network bonding in XCP-ng and some tricks to configure it.

This is my documentation of how I publish my notes from a private [[Obsidian]] vault to my

The need I went into some troubles when I wanted to implement NSXT rules. My aim was to keep the order of the rules as intended by the user when he wrote his data without asking him to enter a rule ID manually. If the order is kept then it’s easy to prioritize the rules according to their placement. With the NSX-T Terraform provider the rules are in the form below :

How Relational Databases Work. This post talks about how indexes and transactions work on the inside of relational databases.

Thus far, this series of posts have all been about Layer 2 over Layer 3 models; the customer ethernet frames encapsulated in UDP, traversing L3 networks. The routing has been confined underlay, the customer traffic has stayed within the same network.

Starting today, we are thrilled to announce that you can start building many segregated virtual private networks over Cloudflare Zero Trust, beginning with virtualized connectivity for the connectors Cloudflare WARP and Cloudflare Tunnel

Whiletroubleshooting of a failed SDDC Manager deploy taskin Cloud Foundation 4.4 together with VMware support, the engineer showed a way to update the SDDC bring-up parameters. This can be very helpfu

A technical dive into traditional TCP proxying over HTTP

Traefik est un reverse-proxy qui se démarque des autres par son systeme de provider et de middleware. Il ne réinvente pas la roue, mais il est particulièrement efficace lorsque l'on a un grand nombre de redirections à paramétrer ou que nous avons des règles qui changent régulièrement.

Delivering consistent performance while maintaining data resiliency is a key tenet behind enterprise storage solutions. VMware vSAN is the industry leading distributed storage system built right into VMware vSphere, and is designed to offer the highest level of resiliency and performance, with the maximum amount of agility should hardware faults occur, or demands of the … Continued

In this blog post, I will help you with the set of steps needed to enable MinIO service on a “vSphere with Tanzu” Supervisor cluster. I will not explain about MinIO, feel free to read about MinIO o…

Today at 1651 UTC, we opened an internal incident entitled "Facebook DNS lookup returning SERVFAIL" because we were worried that something was wrong with our DNS resolver 1.1.1.1. But as we were about to post on our public status page we realized something else more serious was going on.

Lorsqu'il s'agit d'initialiser une machine virtuelle dans une infrastructure VMWare vSphere, les systèmes Linux sont le parent pauvre....

Easily create a Proxmox Ubuntu cloud-init image for use with Terraform, Ansible, and other automation tools

Applying DevOps to networks.

Learn how to create a Kubernetes cluster on Azure, Amazon Web Services (AWS) and Google Cloud

Software-Defined Datacenters | NSX-T | NSX-ALB | VMware Cloud Foundation (VCF)

CNI is the container network interface that provides a pluggable application programming interface to configure network interfaces in Linux containers.

If you have ever tried to troubleshoot an NSX-v Management Appliance or Edge, you probably noticed that you are quite limited in the execution of your controls. That’s because in NSX-v you are standardly limited with most of the time only esxcli, even when you are logged in as admin.

To get past

Learn how NAT traversal works, how Tailscale can get through and securely connect your devices directly to each other.

Todays topic is VMware Cloud Director inter-tenant routing with a NSX-T backed provider VDCs (pVDC). The reason for writing this post is that some use-cases require routed connectivity between Org VDC

A post about a community function contribution to the open source project VMware Event Broker Appliance to notify you if a ESXi host failure occured.

Cheatsheet to a more maintainable configuration.

Docker vous permet d’empaqueter facilement vos applications et services dans des conteneurs afin de pouvoir les utiliser partout. Cependant, lorsque vous tra…

In this post, we will investigate the performance of disk encryption on Linux and explain how we made it at least two times faster for ourselves and our customers!

A rundown of seven common mistakes is system architecture diagrams and how to fix them

Replacing Orange Livebox with another router is widely documented but too kludgy for my taste. I expose a cleaner setup.

Troubleshooting in Kubernetes can be a daunting task. In this article you will learn how to diagnose issues in Pods, Services and Ingress.

If you work with computer networks sooner or later you will have to learn how to efficiently work with IP addresses and networks. As you probably guessed from the title of this post, we'll be learning how to create, modify and perform operations on IP objects using Python. Having to

Guest Post: Why does half the Internet use a TTL of 1 minute or less?

Using CAPV to deploy K8s clusters with vSphere CNS

How to backup and restore K8s applications on vSphere

Step by step guide for using cloud-init on vSphere

People tend to be visual: we use pictures to understand problems. Mainstream programming languages, on the other hand, operate in an almost completely different kind of abstract space, leaving a big g

Intro
I have been experimenting a lot over the past 18 months with containers and in particular, Kubernetes, and one of the core things I always seemed to get hung up on was part-zero - creating the VMs to actually run K8s. I wanted a CLI only way to build a VM template for the OS and then deploy that to the cluster.
It turns out that with Ubuntu 18.04 LTS (in particular the cloud image OVA) there are a few things need changed from the base install (namely cloud-init) in order to make them play nice with OS Guest Customisation in vCenter.

Blog

Checkmk is a leading tool for Infrastructure and Application Monitoring. Simple configuration, scalable, flexible. Open Source and Enterprise.

Introduction Traditionally, Data Centers used lots of Layer 2 links that spanned entire racks, rows, cages, floors, for as far as the eye could see. These...

Implementation of redundant site-to-site VPNs on Linux with WireGuard (instead of IPsec) and BGP.

Linux IPsec implementation is usually policy-based. However, route-based VPNs with a pseudo-interface are also available.

Linux uses an LPC-trie for looking up routes. It provides good performance with low memory use even with millions of routes.

VXLAN is an overlay network for L2 traffic over an existing IP network. One deployment option is BGP EVPN.

VXLAN is an overlay network for L2 traffic over an existing IP network. Let's explore how to configure it on Linux.

On Linux, a network bridge without any IP address configured will still process IP packets. How to disable such a feature?

Automation is an increasingly interesting topic in pretty much every technology discipline these days. There’s lots of talk about tooling, practices, skill set evolution, and more - but little conversation about fundamentals. What little is published by those actually practicing automation, usually takes the form of source code or technical whitepapers. While these are obviously valuable, they don’t usually cover some of the fundamental basics that could prove useful to the reader who wishes to perform similar things in their own organization, but may have different technical requirements.

A short while back I participated in an internal event. A number of priority customers of our internal cloud service were invited for a feedback session, to voice their thoughts, listen to roadmap sessions and just to get to know each other.
There was one comment made there by one of the participants that has been on my mind since then, and it was something along the lines of:
“I have been using AWS longer than I have been using our internal cloud service – that is more than 5 years.

In a recently published article, Paul Vixie, past author and architect of BIND, one of the most popular internet domain servers, explains why DNS...

tcpdump is the world's premier network analysis tool—combining both power and simplicity into a single command-line interface. This guide will show