VMware Cloud on AWS – Let’s create our first VMware SDDC on AWS!

VMware Cloud on AWS quick overview

–edited on January, 2018 to align with some changes in the Service–

VMware Cloud on AWS has been released two years ago and has got a lot of impressive positive feedback from customers.
There are tons of official and unofficial blog posts out there explaining what the VMware Cloud on AWS service is, the advantages for customers and all the use cases, so I’ll give you just a quick overview:
VMware Cloud on AWS is a unified SDDC platform that integrates VMware vSphere, VMware vSAN and VMware NSX virtualization technologies, and will provide access to the broad range of AWS services, together with the functionality, elasticity, and security customers have come to expect from the AWS Cloud.
Integrates VMware’s flagship compute, storage, and network virtualization products (vSphere, vSAN and NSX) along with vCenter management, and optimizes it to run on next-generation, elastic, bare-metal AWS infrastructure.
The result is a complete turn-key solution that works seamlessly with both on-premises vSphere based private clouds and advanced AWS services.
The service is sold, delivered, operated and supported by VMware. The service is delivered over multiple releases with increasing use-cases, capabilities, and regions.

VMware Cloud on AWS

SDDC Creation Steps

The first step we have to do is connecting to the VMC on AWS console, pointing to the following URL https://vmc.vmware.com/console/
The landing page provides an overview of the available SDDCs (if any).

VMware Cloud on AWS

Create SDDC

To create a new SDDC, we have to click on the “Create SDDC” button.

SDDC Properties

The SDDC creation wizard starts, we must choose an AWS Region that will host the SDDC, we must give the SDDC a unique name, and we must select the number of ESXi Hosts our Cluster will be made of. The minimum number of Hosts for a production Cluster is 3. You can create a 1-node Cluster for test and demo purposes, this single Host Cluster will expire under 30 days and can be converted to a full SDDC before expiration.

VMware Cloud on AWS

Stretched Cluster option

When we Select Multi-Host for a production deployment, we can choose to have our SDDC (vSphere Cluster) hosted in a single AWS Availability Zone (one subnet) or distributed across two AZs on two different subnets (vSphere Stretched Cluster).

VMware Cloud on AWS

Connect AWS Account

The next step in the wizard is to choose an AWS Account that will be connected to the VMware Cloud account. This enables us to choose the VPC and Availability Zone(s) where we want our SDDC to be Hosted. In the case we’ll use native AWS Services, these will be charged on this AWS Account.

VMware Cloud on AWS

Choose VPC and Subnet (Availability Zone)

In the next step we must choose the VPC and Subnet that will host our SDDC.

VMware Cloud on AWS

Management Subnet CIDR

The final step of the wizard is to choose a CIDR for the Management Network. This step is optional and you can leave the default, being sure that the default CIDR doesn’t overlap with any network that will connect to the SDDC (e.g. on-premises network that will connect to the SDDC trough a VPN connection). We can now deploy the SDDC.

VMware Cloud on AWS

Check SDDC creation progress

The progress window will show. As you can see, we are going to have our 4-node SDDC ready in less than 2 hours!

VMware Cloud on AWS

New SDDC deployed

Once deployed, we’ll be able to see our brand new SDDC under the SDDCs tab in the console.

VMware Cloud on AWS

SDDC details

Clicking on “VIEW DETAILS” we can access the SDDC Summary and all the available options such as adding and removing Hosts from the Cluster or accessing the network configuration.

VMware Cloud on AWS

Add a new Host

Let’s add a new Host to our SDDC. It’s simple like clicking on “ADD HOST”. If this new Host is only needed to manage a burst in our compute power needs, we can simply remove the Host when it will not be needed anymore and we’ll have an additional charge, for the additional capacity we added, only for the time frame the additional Host existed.

VMware Cloud on AWS

Specify number of Hosts to add

We can specify how many Hosts we want to add, till the maximum supported size of 16 Hosts per Cluster.

VMware Cloud on AWS

New Host(s) addition task progress

We’ll see a task in progress for the new Host addition to the Cluster.

VMware Cloud on AWS

Expanded SDDC

After a few minutes, we’ll have our SDDC made of 5 Hosts.

VMware Cloud on AWS

Manage SDDC Networking

One we have our SDDC in place, we’ll need to manage it remotely and to configure firewall and NAT rules to publish services. This is managed in the Network tab. Once we enter the network configuration tab, the first thing we are shown is a very nice diagram that highlights the network and security configuration of our SDDC.
Here we can see the Management and Compute Gateway configuration overview and any VPN or Firewall rule we have in place.

Management Gateway

Scrolling Down we can see the Management Gateway section, where we can create and manage IPsec VPNs and Firewalling to/from the Management Network.

VMware Cloud on AWS

Compute Gateway

Under the Compute Gateway section we can create and manage IPsec VPNs, L2VPNs, Firewall Rules, NAT to/from the Compute Networks, where our workloads reside.

VMware Cloud on AWS

Direct Connect

The last section we find under the Network tab is the Direct Connect section. Here we can manage the Virtual Interfaces (vifs) in case we have a Direct Connect in place to connect our SDDC with another on-premises or Service Provider hosted environment.

VMware Cloud on AWS

Tech Support real-time CHAT

In the bottom right corner of the console you can always find the Chat button. This is a fantastic feature that enables you to have real-time support from VMware Technical Support.

VMware Cloud on AWS

SDDC Add Ons

In the Add Ons tab we can manage the available add ons to the VMware Cloud on AWS offering: Hybrid Cloud Extension and Site Recovery.
Hybrid Cloud Extension is included in the VMware Cloud on AWS offering and enables us to seamlessly migrate workloads from remote vCenters to the SDDC.
Site Recovery is a paying add on that enables our SDDC as a target for Disaster Recovery from remote vCenters.

VMware Cloud on AWS

SDDC Troubleshooting

The troubleshooting tab gives us a tool to check and validate connectivity for a selected use case.

VMware Cloud on AWS

SDDC Settings

The settings tab provides us the overview of all the main settings for the SDDC.

VMware Cloud on AWS

SDDC Support

The Support tab provides us all the information we should provide to Technical Support when needed.

VMware Cloud on AWS

This concludes the creation of our first SDDC in VMware Cloud on AWS.
In a couple of hours we can have a powerful VMware full-stack SDDC deployed in AWS, enabling us to quickly respond to a lot of use cases such as Disaster Recovery, Geo expansion and global scale, bursting.
What a great stuff!


Certified Reference Design for Service Providers

Certified Reference Design for Service Providers 2.0

The Certified Reference Design (CRD) for VMware Cloud Providers is a pre-validated set of software components that simplify the deployment of a VMware vCloud Director based multi-tenant Cloud in a predictable and efficient manner.
Even if not yet completely automated, the intent of the CRD is to reduce the complexity of deploying, upgrading, and managing dependencies between the VMware components required for a vCloud Director based service.

Check it out here: https://www.vmware.com/content/dam/digitalmarketing/vmware/en/pdf/vcat/vmware-certified-reference-design-core-2-0.pdf

CRD 2.0
CRD 2.0

vCloud Director Extender configuration – Tenant side

In this second post about vCloud Director Extender, I’ll guide you through the necessary steps to configure the vCloud Director Extender Service from a Customer (Tenant) perspective.

vCloud Director Extender enables a Tenant to cold or warm migrate its workloads from vSphere to a vCloud Director based Public Cloud. All the easy steps are wizard-driven and the Tenant also has the option to leverage the automatic creation of a L2VPN connection that can stretch the networking between on premises and the vCloud Director Cloud.

You can read vCloud Director Extender release notes here.

vCloud Director Extender Tenant deployment

All the initial steps needed on the Tenant side are the same we’ve seen on the Service Provider side, first you download the vCloud Director Extender OVA file, then you deploy it in your source vCenter. See the Service Provider Setup paragraph in my previous post to view all the steps.
The only difference you must pay attention to is to choose “cx-connector” as the deployment type.
vCloud Director Extender - Architecture

vCloud Director Extender Tenant configuration

Once deployed, you can access the vCloud Director Extender Virtual Appliance via https on the configured IP Address.
You will be presented with the OnPrem Setup page.
Enter your Local or vCenter (SSO) credentials to access the application and start the configuration wizard.
vCloud Director Extender - Tenant Setup

Select “SETUP WIZARD” to start the Service configuration.
vCloud Director Extender - Tenant Setup Wizard

In Step 1, you’ll enter the parameters needed to connect to the source vCenter. Then click “Next”.
vCloud Director Extender - OnPrem vCenter

Wait for the confirmation message, then click “next”
vCloud Director Extender - OnPrem vCenter OK

In Step 2, you confirm the registration of the vCloud Director Extender as a plugin in the source vCenter, then click “Next”.
vCloud Director Extender - Register Plugin

Wait for the confirmation message, then click “Next”.
vCloud Director Extender - Plugin OK

In Step 3, provide the parameters needed to configure the Tenant Replicator service, then click “Next”.
vCloud Director Extender - Tenant Replicator

Wait for the confirmation message, then click “Next”.
vCloud Director Extender - Replicator OK

In Step 4, you provide the parameters needed to activate the Replicator, then click “Next”.
vCloud Director Extender - Activate Replicator

Wait for the confirmation message, then click “Next”.
vCloud Director Extender - Activate Replicator OK

In Step 5, we’ve finished the OnPrem Setup. Click “Finish”.
vCloud Director Extender - Finish

After the initial Wizard that provides the connection to the source vCenter and the Replicator Service setup, you must access the “DC Extensions” tab to provide necessary parameters to deploy the L2VPN Appliance.
If NSX Manager is deployed on Premises, it is mandatory to choose “ADD NSX CONFIGURATION”.
In our scenario, we don’t have NSX on Premises so we’ll choose “ADD APPLIANCE CONFIGURATION” in the L2 Appliance Configuration section.
vCloud Director Extender - L2VPN Appliance Deploy

Provide the needed parameters to deploy the L2VPN Appliance. Pay attention to the following fields: Uplink Network, which maps to the PortGroup that grants Internet connectivity to the appliance, and Uplink Network Pool IP, which is the source IP Address used to connect to the L2VPN Server. Click “Create”.
vCloud Director Extender - L2VPN Appliance Creation

Wait for the confirmation message that confirms the L2 Appliance configuration.
vCloud Director Extender - L2VPN Appliance Setup OK

This concludes the configuration steps for the L2VPN appliance.
Accessing the Web Client, the Tenant can now configure L2 Extensions and manage workloads migration to the Cloud.


vCloud Director Extender Tenant operations

After the configuration steps ends, you can find a new Service registered in the source vCenter inventory: vCloud Director Extender. Click on the icon to launch the Management page for the Service.
vCloud Director Extender - Web Client Plugin

On the vCloud Director Extender management page, you can find two dashboard that show you the overall Migration Health and the DC Extension Status for the L2VPNs.
Select “New Provider Cloud” to connect to your Service Provider.
vCloud Director Extender - Web Client UI

Provide a descriptive name for the target Cloud, the URL of the target vCloud Director Organization for the Tenant, the URL of the target Extender Cloud Service (provided by the Service Provider) and finally your Org Admin credentials. Click “Test” to test the connection, wait for the confirmation message  then click “Add”vCloud Director Extender - Add Provider

You can now see your target vCloud Director Organization appearing in the Provider Clouds tab.
vCloud Director Extender - Provider Running

We’ll now create a new L2 Extension from onPrem to the Cloud. Access the DC Extensions tab and click on “New Extension”.
vCloud Director Extender - New Extension

Enter a name for this extension, select the source Datacenter, the source Network, the target Provider Cloud, vDC and Org Network. The “Enable egress” option enables you to have a local default gateway in each site with the same IP address, to optimize Egress traffic. With Egress optimization enabled, packets sent towards the Egress optimization IP will be routed locally by the Edge, everything else will be sent thru the bridge.
Click “Start” to enable the connection and make the L2 extension.
vCloud Director Extender - New Extension Start

In the vSphere Web Client task console, you can view the “Trunk” Port Group being created with a SINK port. You can also see the Standalone Edge deployment is in progress.
vCloud Director Extender - Task Console

After the tasks complete, you can see the L2VPN status as “Connected”. L2 Extension beetween the source and the target network is in place, so you can safely migrate your workloads to the Cloud without change in IP addressing, keeping the same connectivity you have on Premises. This is really Hybrid Cloud!
vCloud Director Extender - L2VPN Connected

In the vCloud Director Extender Home, you can now see the DC Extension Status dashboard showing the L2VPN Tunnel is in place.
vCloud Director Extender - L2VPNClient Connected Dashboard

If we look at the L2VPN Statistics in vCloud Director, we can see the Tunnel Status as “up”.
vCloud Director Extender - L2VPN Connected vCD

It’s now time to migrate a workload to the Cloud leveraging this new L2VPN Tunnel to keep connectivity with on Premises. Access the Migrations tab and click on “NEW MIGRATION”.
vCloud Director Extender - New Migration

Select the type of migration you want to perform: Cold migration requires the source VM to be powered off while Warm migration enables you to keep your VM runnning on Premises, starting a continuous file sync to the Cloud and completing the cutover when replica is completed. As the wizard highlight, Warm migration is not a vMotion. Click “Next” after the selection.
vCloud Director Extender - Cold Warm

Select the source VM(s), then click “Next”. You can select more than one VM for each migration job.
vCloud Director Extender - Select VM

Specify the target Cloud parameters: target Cloud, vDC, Storage Profile, Org. Network and vApp layout to create if you are migrating more than one VM. Click “Next” when finished.
vCloud Director Extender - Target Parameters

Specify when you want to start the synchronization, the target RPO and the disk type (thin, thick). You can additionally specify a Tag for this migration job. When finished, click “Start”.
vCloud Director Extender - Migration Finish

When the synchronization finishes, the workload will have a Status named “Cutover Ready”. This means that you can start the cutover process, that will Power Off the source VM and will Power On the VM in the Cloud. Click “Start Cutover” to specify the cutover parameters and start the process .
vCloud Director Extender - Cutover Ready

Specify the target cloud, the desired final power status of the target VM after cutover, then click “Start”.
vCloud Director Extender - Cutover Start

The workload Status will became “Completed” once the Cutover finishes.
vCloud Director Extender - Cutover Completed

The migrated VM will be powered off on Premises.
vCloud Director Extender - VM off onPremises

On the target vCloud Director, we’ll find the migrated VM powered on.
vCloud Director Extender - VM in Cloud

Let’s use PING to test connectivity between VM1, still on Premises, and VM2, migrated to the Cloud. The connection will leverage the L2 Extension between on Premises and the Cloud. (Note: DUP! packets message occurs because I’m working in a nested environment).
vCloud Director Extender - Ping Succeed

There’s a 1:1 mapping between source VLAN and target VXLAN when you configure Datacenter Extension in vCloud Director Extender.
To stretch multiple VLANs you must create different Extensions in vCD Extender.

To show this let’s create a new PortGroup on Premises and a new Org vDC Network in the Cloud to see what happens when we need to create an additional network extension.

We configure a new Extension, mapping a local VLAN to the target Org vDC Network. The Status will show as “Connected” when the creation process finishes.
vCloud Director Extender - New L2 Stretch

Looking at the changes automatically made in vCloud Director, we’ll find the new Org Network added as a stretched interface to the existing Site Configuration.
vCloud Director Extender - ESG New L2VPN Config

This concludes the CX Service On Prem configuration.