Increasing Velocity - Refresh and updates
There is a a lot of reasons to do things but security is a big motivater — I am on a refresh of the VCF guides, deeper salt integration and automation bits. This is the start.
Been another big couple of weeks and starting to get into VCF 9.1. I have been running it in the lab for a while and been using it for testing out a bunch of new features including the realtime data for ops.
Security is the thread running through all of this, so I want to put it up front. The chart above is from Zero Day Clock, and it is the best motivation I know of for getting into updates: the gap between a CVE going public and being exploited in the wild has collapsed from years to barely a day. Staying current stopped being housekeeping a while ago — it is now one of the controls. So alongside the VCF 9.1 work I will be weaving security practices in as I go: secrets management, autonomous fixes, and process-based release rather than event-based release, among others — not bolted on at the end.
Recent Broadcom documentation has been on a bit of a ramp up with more pictures and better workflow, so with my guides it will be data and screenshot driven rather than step by step like my previous guide was. I have just rebuilt my lab after initial testing and published the installer steps.
With the lab this time around I have been using Salt to build most elements of the lab, so I will publish some of my Salt processes around them as well. Something I am keen to publish is validation tests with Salt, which are great for making sure not only VCF is running but it an other components are working and as secure as the process intends.
There are a lot of automation pieces coming as well, as I work through multi-tenancy at all levels.
I also added an RSS feed to the site, which was a bit of an oversight…
Pete