In this blog post I will be introducing one of the newly launched services by VMware called Cloud Assembly and how it can be used to manage another very famous service VMware Cloud on AWS (VMConAWS)
What is Cloud Assembly
VMware Cloud Assembly orchestrates and expedites infrastructure and application delivery in line with DevOps principles. It uniquely provides broad and deep support for VMware-based private and hybrid clouds including VMware Cloud on AWS as well as native AWS and Azure public clouds
What is VMConAWS
vSphere based Cloud hosted on AWS public cloud. It allows you to modernize, protect and scale mission-critical vSphere-based applications leveraging AWS
Cloud Assembly Terminology
Cloud Accounts
|
Cloud accounts allow you to bring your public cloud and on-prem data centers under management
|
Cloud Zones
|
Cloud zones are the aggregation of the compute resources where the workloads will be provisioned You can link it with Project to define which users have access to provision to the same.
|
Projects
|
Projects link users and cloud zones. A project allows user/groups to deploy their blueprint to linked Cloud Zones
|
Flavor Mappings
|
It is an instance type. You could create similar to t-shirt sizes like small, medium or large. You will need to specify that in a blueprint
|
Image Mappings
|
An image which is needed for the deployment. It could be template, ovf, content library item, snapshot etc
|
Network Profile
|
It is a collection of network resources in the cloud zone. It provides an ability to configure policies based on which network resource would be chosen
|
Storage Profile
|
It is a collection of storage/datastore. It provides an ability to configure policies based on which storage resource would be chosen
|
Blueprints
|
Blueprints are the specifications for the resources that you deploy. You can continuously improve a blueprint after you deploy it.
|
Cloud Proxy
|
AKA RDC is a virtual appliance that spins up a series of docker containers for interacting with on-premises services
|
Pr-requisites for VMConAWC specific Configuration
As per standard design for VMC, cloudadmin@vmc.local only has access to following resources
- Compute-ResourcePool
- Workloads folder
- sdddc-cgw-network-1 port group/segment (or Manually created by a user in Compute Gateway)
- WorkloadDatastore
VMC Pre-requisites
Create following firewall rules to allow access needed
|
Firewall
|
Rule Name
|
Source
|
Destination
|
Services
|
Action
|
Comments
|
|
Management Gateway
|
vCenter Inbound
|
Any or Compute
Network where Cloud Proxy is deployed
|
vCenter
|
HTTPS
|
Allow
|
To Allow Inbound access
to vCenter from Cloud Proxy
|
|
Management Gateway
|
NSX Inbound
|
Any or Compute
Network where Cloud Proxy is deployed
|
NSX Manager
|
HTTPS
|
Allow
|
To Allow Inbound access
to NSX Manager from Cloud Proxy
|
|
Management Gateway
|
ESXi Inbound
|
Any or Compute
Network where Cloud Proxy is deployed
|
ESXi
|
HTTPS
|
Allow
|
To Allow Inbound access
to ESXi from Cloud Proxy when using OVF deployment
|
|
Compute Gateway
|
Cloud Proxy
|
Any or Compute
Network where Cloud Proxy is deployed
|
Any
|
HTTPS
|
Allow
|
To Allow Outbound access
to the Internet so that service containers are downloaded
|
Note - Screenshots were captured before NSX operations were supported in case you get confused
Cloud Assembly Pre-requisites
Cloud Zones
|
By default, there are 3 compute which are discovered (Cluster, Mgmt-ResourcePool & Compute-ResourcePool) You will need to use tags and filter out so that it only provisions to Compute-ResourcePool
|
Network Profile
|
By default, you can only provision to network segements in Compute Gateway. You could use the default segment which is created (sddc-cgw-network-1) or create a new one and choose that
|
Storage Profile
|
By default, you can only provision to WorkloadDatastore. You need to have a policy configured and choose the same
|
Blueprints
|
By default, you can only provision to Workloads folder only. For all the machines you will need to specify the folder where the VMs will be provisioned using “folderName” field
|
Configuration
The following section will give you step by step procedure how to configure Cloud Assembly with VMConAWS
1 - Cloud Proxy
Provision a Cloud Proxy in the same SDDC which you want to manage using Cloud Assembly
Navigate to Cloud Proxy Page under Manage and click New which will open “Setup a Data Cloud Proxy Virtual Appliance” from where you will need following
- OVA link- To deploy the virtual appliance
- OTK Key – This is a one-time key to authorize the Cloud Proxy and link it to your Org
Once you deploy and Power on the VM it should connect to the Cloud services. You can navigate the Cloud Proxy Page and ensure your newly deploy RDC is visible with Active. It usually takes 5-10 mins
2 - Obtain API
Navigate to My Account to obtain API token. This is needed to onboard VMConAWS SDDC in Cloud Assembly
3 - Configure Cloud Account
Cloud Assembly supports the following types of cloud account
In Cloud Assembly, Navigate to Infrastructure Tab -> Manage -> Cloud Accounts and click Add Cloud Account and select VMware Cloud on AWS type
Paste the API token and click Apply API token. This will make API calls in the backend and detect the current SDDCs deployed in the Org.
Once you select the SDDC it will auto-populate the IP and default username however you will need to enter the password and choose the data collector you deployed earlier,
Specify the name and click Validate. Once it will display the message "Credentials Validated Successfully" ensure to select the Data Center to allow provisioning and click ADD
Once it successfully adds you will be able to view as Cloud Account with status OK
We will have to filter out the Cloud Zone to only provision to Compute-ResourcePool
Choose Compute-ResourcePool and click Tags & add a new tag
Next, you will need to Filter Compute by Tag so that it only shows Compute-ResourcePool
Paste the API token and click Apply API token. This will make API calls in the backend and detect the current SDDCs deployed in the Org.
Note - Cloud Assembly only supports NSX-T SDDCs
Once you select the SDDC it will auto-populate the IP and default username however you will need to enter the password and choose the data collector you deployed earlier,
Specify the name and click Validate. Once it will display the message "Credentials Validated Successfully" ensure to select the Data Center to allow provisioning and click ADD
Once it successfully adds you will be able to view as Cloud Account with status OK
4 - Configure Project
Navigate to Projects and Click New Project
Specify the name of the Project and navigate to Cloud Zones Tab and click Add Cloud Zone and select the default VMC Cloud Account
Once created you will be able to see in under Projects
5 - Configure Cloud Zone
Navigate to Flavor Mappings under Policies and Click New Flavor Mapping
Note - By default, there are 3 compute which are discovered and if you are aware of the VMC architecture cloudadmin@vmc.local only has access to provision to Compute-ResourcePool
We will have to filter out the Cloud Zone to only provision to Compute-ResourcePool
Choose Compute-ResourcePool and click Tags & add a new tag
Next, you will need to Filter Compute by Tag so that it only shows Compute-ResourcePool
6 - Configure Flavor Mappings
Navigate to Flavor Mappings under Policies and Click New Flavor Mapping
Specify the Flavor name, select the VMC Cloud Account and specify the Number of vCPU and Memory
Once created you will be able to see in under Flavor Mappings
7 - Configure Image Mappings
Navigate to Image Mappings under Policies and Click New Image Mapping
Specify the Image name and select the VMC Cloud Account and specify the template to be used
Once created you will be able to see in under Image Mappings
8 - Configure Network Profile
Navigate to Network Profiles under Policies and Click New Network Profile
Specify the Network Profile name and select the VMC Cloud Account and navigate to network tab to select the existing network which will be used for provisioning
Note - If you are aware of VMC architecture, cloudadmin@vmc.local only has access to provisioning on Compute Network(s)
Once created you will be able to see in under Network Profiles
9 - Configure Storage Profile
Navigate to Storage Profiles under Policies and Click New Storage Profile
Specify the Storage Profile name and select the VMC Cloud Account and click New Policy and select the existing Datastore which will be used for provisioning
Note - If you are aware of VMC architecture, cloudadmin@vmc.local only has access to provisioning on Workload Datastore
Once created you will be able to see in under Storage Profiles
10 - Setup Blueprint
Navigate to Blueprints Tab click New
Specify the name and select the Project you created in Step 4 above
You will see a Blank Canvas
You can use the following Blueprint to provision your first Deployment
inputs: {}
resources:
VMC-Demo_Machine_1:
type: Cloud.vSphere.Machine
properties:
image: VMC-Demo-ImageMapping
flavor: VMC-Demo-FM
folderName: Workloads
resources:
VMC-Demo_Machine_1:
type: Cloud.vSphere.Machine
properties:
image: VMC-Demo-ImageMapping
flavor: VMC-Demo-FM
folderName: Workloads
Click Deploy to bring up the deployment wizard. Specify the Deployment Name and click Deploy
It will navigate you to Deployments page automatically where you can monitor the status of the deployment
Once it is completed it will give the details on the Deployments page in Cloud Assembly
It's very easy to get you started. Once you have your access to the Org. The setup time to configure and provision your first VM if you have a template already uploaded to the VC then its less then 1 hour (No Kidding😁 )
You can visit the website to get more details or for free trial reach out to your local TAM
