Log Forwarding from Log Intelligence to OnPrem vRealise Log Insight

In this blog, I will describe a new feature of VMware Log Intelligence which allows you to forward logs to OnPrem vRealize Log Insight

Why?

You will be asking why would you want to do this. This is not applicable to each and every environment.

There are a couple of use cases which I can think. There might be other scenarios as well.

• VMware Cloud on AWS logs
• VMware Log Intelligence is the only logging solution which gives you Audit and NSX Logs from VMware Cloud on AWS. If you have OnPrem vRealize Log Insight which is your centralized logging server than you can forward VMware Cloud on AWS logs from Log Intelligence
• OnPrem vRealize Log Insight Server for long term archival and compliance restrictions

Steps

1 - Cloud Proxy Appliance

We will need to have a Cloud Proxy deployed in your OnPrem VC which will be talking to the vRealize Log Insight server. In my Introduction and Getting Start blog, I have mentioned the procedure how to deploy Data Collector (renamed to Cloud Proxy) in case you are not aware of the same http://bit.ly/2MhvsX9

2 - Configure Log Forwarding in Log Intelligence

Authenticate to Log Intelligence and Expand Manage and click Log Forwarding which will open Log Forwarding Page which lists the existing forwarding rules and allows you to configure new one as well

Click New Configuration. This will open Configuration Page and ask for the details of the log forwarding rule

Input	Description
Name	Display Name of the rule
Cloud Proxy	A collector which will be used to forward logs to vRealize log insight
Endpoint Type	There are 3 options as of today. Default, vRealize Log Insight and Splunk As we are going to forward to vRealize log insight we will select the same
Endpoint URL	https://< loginsightserver IP or hostname >/api/v1/events/ingest/test-agent
Tags (Optional)	If you would like to add tags for the logs being forwarded you can add that as well
Headers (Optional)	vRealize log insight doesn’t require any headers however if your endpoint needs then you can use the same for e.g. If you are forwarding to Splunk then you will need to authorization header
Query	As an example, we want to forward logs/events which shows the successful authentication event on the VMware Cloud VC text contains vim.event.UserLoginSessionEvent

Click Save once you have filled all the information

Once you have saved the configuration you will see the rule

Wait for a couple of mins and ensure Events Posted numbers starts to increase. This would be logs have started forwarding

3 - Verify in vRealize Log Insight

Now you can log in to your vRealize log insight to search the forwarded logs. As an example, I will use the tag which we added in our log forwarding configuration rule in the query

environment contains vmwarecloud

Conclusion

This way you can forward specific logs from Log Intelligence to your OnPrem vRealize Log Insight. Depending on your use case you can create multiple log forwarding rules.

Use OnPrem vRealize Automation to provision on VMConAWS

In this blog, I will be describing the process of how to use OnPrem vRealize Automation (vRA) with VMware Cloud on AWS SDDC

What is VMware Cloud on AWS (VMConAWS)

vSphere based Cloud hosted on AWS public cloud. It allows you to modernize, protect and scale mission-critical vSphere-based applications leveraging AWS

As per standard design for VMConAWS, cloudadmin@vmc.local only has access to following resources

•       Compute-ResourcePool
•       Workloads folder
•       sdddc-cgw-network-1 port group/segment (or Manually created by a user in Compute Gateway)
•       WorkloadDatastore 

Pre-requisites

Following are the pre-requisites to be able to successfully provision on VMConAWS using vRA  

•       vRA 7.2 and above deployed OnPrem
•      Compute Segment which will be used to provision VMs in VMConAWS
•      IPSEC VPN between OnPrem and VMConAWS for both Management & Compute CIDR
•       Firewall Rules for Management & Compute Gateways to allow communication from OnPrem vRA setup 

vRA Configuration

The following section describes the steps how to configure vRA to add VMConAWS as a vCenter endpoint

Quick Note

• There is no NSX integration available vRA with VMCon AWS 
• Ensure that all vRealize Automation VMs are configured to use TLS 1.2

In my setup, I am using the latest vRA which is 7.5.1

Add vCenter Endpoint

 Login to vRA  and navigate to Infrastructure > Endpoints

Click New > Virtual > vSphere (vCenter)

Specify the following details

Input	Description
Name	Name of the endpoint
Address	vCenter fqdn https://fqdn/sdk
Username	cloudadmin@vmc.local If you have integrated with AD then a user which is added to CloudAdmin Group in VMConAWS vCenter
Password	Password for the account specified above

Click Test Connection and ensure the test is successful

Click on Fabric Groups under Infrastructure and Click New to add Cluster in fabric groups and assign fabric administrators to manage them

Click Reservations under Infrastructure and Click New to create reservations to allocate resources to business groups for VMConAWS vCenter

This is the most important part else your provisioning will fail due to a permissions error

Resource	Value
ResourcePool	Compute-ResourcePool
Datastore	WorkloadDatastore
VM & Template Folder	Workloads This is done through Custom Property Vmware.VirtualCenter.Folder
Network	Use the logical network that you created as part of the prerequisites

Create Blueprint with vSphere(Center) Machine using VC Template – Standard vRA configuration

Publish the Blueprint and perform standard configuration for Catalog Management (Standard vRA Configuration)

Request Deployment from the Catalog and you will see a successful deployment

Conclusion

Once it is configured it will be same as any other vCenter however couple of things to remember

•       There is no NSX integration available vRA with VMCon AWS hence Admin has to create network manually in SDDC
•      Please ensure appropriate network configurations are enabled to install software components. Remember VC is in cloud hence the Firewall rules are key and the most important part of the config