Saturday, November 3, 2018

Use Cloud Assembly to provision on VMConAWS

In this blog post I will be introducing one of the newly launched services by VMware called Cloud Assembly and how it can be used to manage another very famous service VMware Cloud on AWS (VMConAWS)

What is Cloud Assembly


VMware Cloud Assembly orchestrates and expedites infrastructure and application delivery in line with DevOps principles. It uniquely provides broad and deep support for VMware-based private and hybrid clouds including VMware Cloud on AWS as well as native AWS and Azure public clouds

What is VMConAWS

vSphere based Cloud hosted on AWS public cloud. It allows you to modernize, protect and scale mission-critical vSphere-based applications leveraging AWS


Cloud Assembly Terminology 


Cloud Accounts
Cloud accounts allow you to bring your public cloud and on-prem data centers under management
Cloud Zones
Cloud zones are the aggregation of the compute resources where the workloads will be provisioned  You can link it with Project to define which users have access to provision to the same.
Projects
Projects link users and cloud zones. A project allows user/groups to deploy their blueprint to linked Cloud Zones
Flavor Mappings
It is an instance type. You could create similar to t-shirt sizes like small, medium or large. You will need to specify that in a blueprint
Image Mappings
An image which is needed for the deployment. It could be template, ovf, content library item, snapshot etc
Network Profile
It is a collection of network resources in the cloud zone. It provides an ability to configure policies based on which network resource would be chosen
Storage Profile
It is a collection of storage/datastore. It provides an ability to configure policies based on which storage resource would be chosen
Blueprints

Blueprints are the specifications for the resources that you deploy. You can continuously improve a blueprint after you deploy it.
Cloud Proxy
AKA RDC is a virtual appliance that spins up a series of docker containers for interacting with on-premises services

Pr-requisites for VMConAWC specific Configuration

As per standard design for VMC, cloudadmin@vmc.local only has access to following resources
  • Compute-ResourcePool
  • Workloads folder
  • sdddc-cgw-network-1 port group/segment (or Manually created by a user in Compute Gateway)
  • WorkloadDatastore

VMC Pre-requisites

Create following firewall rules to allow access needed 

Firewall
Rule Name
Source
Destination
Services
Action
Comments
Management   Gateway
vCenter Inbound
Any or Compute Network where Cloud Proxy is deployed
vCenter
HTTPS
Allow
To Allow Inbound access to vCenter from Cloud Proxy
Management   Gateway
NSX Inbound
Any or Compute Network where Cloud Proxy is deployed
NSX Manager
HTTPS
Allow
To Allow Inbound access to NSX Manager from Cloud Proxy
Management   Gateway
ESXi Inbound
Any or Compute Network where Cloud Proxy is deployed
ESXi
HTTPS
Allow
To Allow Inbound access to ESXi from Cloud Proxy when using OVF deployment
Compute Gateway
Cloud Proxy
Any or Compute Network where Cloud Proxy is deployed
Any
HTTPS
Allow
To Allow Outbound access to the Internet so that service containers are downloaded

Note - Screenshots were captured before NSX operations were supported in case you get confused 

Cloud Assembly Pre-requisites


Cloud Zones
By default, there are 3 compute which are discovered (Cluster, Mgmt-ResourcePool & Compute-ResourcePool) You will need to use tags and filter out so that it only provisions to Compute-ResourcePool
Network Profile
By default, you can only provision to network segements in Compute Gateway. You could use the default segment which is created (sddc-cgw-network-1) or create a new one and choose that
Storage Profile
By default, you can only provision to WorkloadDatastore. You need to have a policy configured and choose the same
Blueprints
By default, you can only provision to Workloads folder only. For all the machines you will need to specify the folder where the VMs will be provisioned using “folderName” field

Configuration

The following section will give you step by step procedure how to configure Cloud Assembly with VMConAWS

1 - Cloud Proxy 


Provision a Cloud Proxy in the same SDDC which you want to manage using Cloud Assembly

Navigate to Cloud Proxy Page under Manage and click New which will open “Setup a Data Cloud Proxy Virtual Appliance” from where you will need following
  • OVA link- To deploy the virtual appliance
  • OTK Key – This is a one-time key to authorize the Cloud Proxy and link it to your Org
Once you deploy and Power on the VM it should connect to the Cloud services. You can navigate the Cloud Proxy Page and ensure your newly deploy RDC is visible with Active. It usually takes 5-10 mins









2 - Obtain API 


Navigate to My Account to obtain API token. This is needed to onboard VMConAWS SDDC in Cloud Assembly




3 - Configure Cloud Account


Cloud Assembly supports the following types of cloud account




In Cloud Assembly, Navigate to Infrastructure Tab -> Manage -> Cloud Accounts and click Add Cloud Account and select VMware Cloud on AWS type 




Paste the API token and click Apply API token. This will make API calls in the backend and detect the current SDDCs deployed in the Org. 


Note - Cloud Assembly only supports NSX-T SDDCs 



Once you select the SDDC it will auto-populate the IP and default username however you will need to enter the password and choose the data collector you deployed earlier,  



Specify the name and click Validate. Once it will display the message "Credentials Validated Successfully" ensure to select the Data Center to allow provisioning and click ADD



Once it successfully adds you will be able to view as Cloud Account with status OK 




4 - Configure Project

Navigate to Projects  and Click New Project



Specify the name of the Project and navigate to Cloud Zones Tab and click Add Cloud Zone and select the default VMC Cloud Account





Once created you will be able to see in under Projects



5 - Configure Cloud Zone

Navigate to Flavor Mappings under Policies and Click New Flavor Mapping



Note - By default, there are 3 compute which are discovered and if you are aware of the VMC architecture cloudadmin@vmc.local only has access to provision to Compute-ResourcePool 

We will have to filter out the Cloud Zone to only provision to Compute-ResourcePool 




Choose Compute-ResourcePool and click Tags & add a new tag 




Next, you will need to Filter Compute by Tag so that it only shows Compute-ResourcePool





6 - Configure Flavor Mappings

Navigate to Flavor Mappings under Policies and Click New Flavor Mapping



Specify the Flavor name, select the VMC Cloud Account and specify the Number of vCPU and Memory


Once created you will be able to see in under Flavor Mappings




7 - Configure Image Mappings

Navigate to Image Mappings under Policies and Click New Image Mapping


Specify the Image name and select the VMC Cloud Account and specify the template to be used 


Once created you will be able to see in under Image Mappings



8 - Configure Network Profile

Navigate to Network Profiles under Policies and Click New Network Profile 


Specify the Network Profile name and select the VMC Cloud Account and navigate to network tab to select the existing network which will be used for provisioning 

Note - If you are aware of VMC architecture, cloudadmin@vmc.local only has access to provisioning on Compute Network(s) 


Once created you will be able to see in under Network Profiles 


9 - Configure Storage Profile


Navigate to Storage Profiles under Policies and Click New Storage Profile 






Specify the Storage Profile name and select the VMC Cloud Account and click New Policy and select the existing Datastore which will be used for provisioning 


Note - If you are aware of VMC architecture, cloudadmin@vmc.local only has access to provisioning on Workload Datastore 




Once created you will be able to see in under Storage Profiles 


10 - Setup Blueprint


Navigate to Blueprints Tab click New 






Specify the name and select the Project you created in Step 4 above 



You will see a Blank Canvas 



You can use the following Blueprint to provision your first Deployment


inputs: {}
resources:
  VMC-Demo_Machine_1:
    type: Cloud.vSphere.Machine
    properties:
      image: VMC-Demo-ImageMapping
      flavor: VMC-Demo-FM
      folderName: Workloads



Click Deploy to bring up the deployment wizard.  Specify the Deployment Name and click Deploy



It will navigate you to Deployments page automatically where you can monitor the status of the deployment


In vCenter you will notice that it will clone the VM from template and provision the VM





Once it is completed it will give the details on the Deployments page in Cloud Assembly 



Congratulations you have deployed your first VM to VMC using Cloud Assembly. 

It's very easy to get you started. Once you have your access to the Org. The setup time to configure and provision your first VM if you have a template already uploaded to the VC then its less then 1 hour (No Kidding😁 ) 

You can visit the website to get more details or for free trial reach out to your local TAM