Using the vCenter in VMware Cloud on AWS

    No Comments

    In this simulation, the SDDC has already been deployed.  You will log into the VMware Cloud on AWS to configure Firewall Rules and then accessing the vCenter you will configure Content Libraries, create a Logical Network, create a Linux customization spec, deploy a virtual machine, and then convert that virtual machine to a template.

    First I would like to suggest the great content provided by Andrea Siviero, Principal Architect, Global
    Jennifer Schmidt, Consulting Architect, USA @ VMware in their Hands-On-Labs and their manual http://docs.hol.vmware.com/HOL-2019/hol-1987-01-hbd_pdf_en.pdf

    I went through the process and here are the steps.

    By default, the firewall for the management gateway is set to deny all inbound and outbound traffic. In order to get access to vCenter in VMware Cloud on AWS, additional firewall rules are needed to allow access to reach vCenter Server and allow other traffic as needed.

    There are a couple of ways to create the necessary Firewall Rules for access to vCenter Server and allow other Management Traffic through the management gateway:

    1. Manually enter Firewall Rules
    2. Firewall Rule Accelerator

    Manual Firewall Rule Creation

    1. Click View Details on your Software Defined Data Center
    2. Click the Network tab
      • This is the area within the VMware Cloud on AWS portal where the Firewall Rules are created.
    3. Click the Scroll Bar
    4. Click to expand Firewall Rules
    5. Click ADD RULE
    6. Click the Rule Name field and type “vCenter Access”
    7. Click the Source field and type “Any”
    8. Click  <Select Option> under Service
    9. Click HTTPS (TCP 443)
    10. Click the Save button

    Firewall Rule Accelerator

    The Firewall Rule Accelerator helps create appropriate firewall policies in the management gateway. This enables communication over the IPsec VPN tunnel with key management infrastructure components such as vCenter Server and ESXi from your on-premises data center.

    After you set up an IPsec VPN for the Management Gateway, you can use the Firewall Rules Accelerator to quickly set up the firewall rules. Setting these rules is a prerequisite for Hybrid Linked Mode for single pane of glass management, performing hybrid migrations, and many other tasks.

    1. Click to expand Firewall Rule Accelerator
    2. Click the Scroll Bar
    3. Click  CREATE FIREWALL RULES

    Logging Into vCenter

    1. Click the Settings tab
    2. Click Default vCenter User Account to expand
    3. Click vSphere Client (HTML5) to expand
    4. Click vCenter Server API Explorer to expand
    5. Click Power CLI Connect to expand
    6. Click the Scroll Bar
    7. Click vCenter FQDN to expand
    8. Click the Scroll Bar
    9. Click the Copy button under Password
    10. Click the URL under the vSphere Client (HTML5) area to open the vCenter Server interface
    11. Click the User Name field box and type “cloudadmin@vmc.local”
    12. Click the Password field box and press any key to copy the Password to login to vCenter Server
    13. Click Login 
    14. Click to expand the SDDC-Datacenter in the left pane
    15. Click to expand Cluster-1
      • It’s important to note that while customer have visibility to the entire cluster, including the management stack within VMware Cloud on AWS, as a consumer of the service, customers work on a limited access model when it comes to vCenter. VMware is responsible for the entire virtual layer while customers’ responsibilities are limited to the Virtual Machines and Logical Networks created in the VMware Cloud on AWS environment.

    Insert username and password and click login

    Subscribe to an Existing Content Library

    Content libraries are container objects for VM templates, vApp templates, and other types of files like ISO images.

    You can create a content library in the vSphere Web Client, and populate it with templates, which you can use to deploy virtual machines or vApps in your VMware Cloud on AWS environment or if you already have a Content Library in your on-premises data center, you can use the Content Library to import content into your SDDC.

    1. Click Menu
    2. Click Content Libraries
    3. Click the “+” sign in your Content Library window to add a new Content Library
    4. Click the Name field and type “My On Premises Content Library”
    5. Click the Notes field box and type in notes
    6. Click the Next button
    7. Click the Radio Button next to Subscribed content library to select it
    8. Click the Subscription URL field and press any key to paste the URL of the Content Library to subscribe to
    9. Click the Check Box for Enable Authentication
    10. Click the Password field and press any key to type out the password
    11. Click the Scroll Bar to display the rest of the information
    12. Click the Next button
    13. Click the WorkloadDatastore to select the storage location
    14. Click the Next button
    15. Click the Finish button

    Create a Logical Network

    1. Click the Menu button in the vSphere Client
    2. Click Global Inventory Lists from the drop down menu
    3. Click on Logical Networks in the left pane
    4. Click on the + ADD button to create a Logical Network
    5. Click the Name field and type “LN2” for the name of the Logical Network
    6. Click the CIDR Block field and type “192.168.2.0/24”
    7. Click the Default Gateway IP field and type “192.168.2.1”
    8. Click on the Check Box to enable the DHCP field
    9. Click the IP Range field and type “192.168.2.100-192.168.2.200”
    10. Click the DNS Domain Name field and type “corp.local”
    11. Click the OK button to create your logical network

    Create Linux Customization Specification

    Deploy a Virtual Machine From Template

    As you can see, just like on-premises activities most common administrative activities can be performed in the same manner. Below we point out the differences in the restrictive access model in the vCenter Server in VMware Cloud on AWS.

    In a cloud SDDC, VMware performs host administration and other tasks for you. Because of that, a Cloud Administrator requires fewer privileges than an Administrator user on an on-premises data center.

    VMware  assigns a different role on different objects to a cloud administrator: either the CloudAdmin role or the CloudGlobalAdmin role. As a result, you can either perform global tasks on that object, or you can perform specific tasks such as creating virtual machines or folders.

     

     

     

    Leave a Reply

    Your email address will not be published. Required fields are marked *

    This site uses Akismet to reduce spam. Learn how your comment data is processed.