Monday, January 28, 2019

Log Forwarding from Log Intelligence to OnPrem vRealise Log Insight

In this blog, I will describe a new feature of VMware Log Intelligence which allows you to forward logs to OnPrem vRealize Log Insight















Why?

You will be asking why would you want to do this. This is not applicable to each and every environment.

There are a couple of use cases which I can think. There might be other scenarios as well.

  • VMware Cloud on AWS logs
    • VMware Log Intelligence is the only logging solution which gives you Audit and NSX Logs from VMware Cloud on AWS. If you have OnPrem vRealize Log Insight which is your centralized logging server than you can forward VMware Cloud on AWS logs from Log Intelligence
  • OnPrem vRealize Log Insight Server for long term archival and compliance restrictions

Steps


1 - Cloud Proxy Appliance


We will need to have a Cloud Proxy deployed in your OnPrem VC which will be talking to the vRealize Log Insight server. In my Introduction and Getting Start blog, I have mentioned the procedure how to deploy Data Collector (renamed to Cloud Proxy) in case you are not aware of the same http://bit.ly/2MhvsX9

2 - Configure Log Forwarding in Log Intelligence


Authenticate to Log Intelligence and Expand Manage and click Log Forwarding which will open Log Forwarding Page which lists the existing forwarding rules and allows you to configure new one as well




















Click New Configuration. This will open Configuration Page and ask for the details of the log forwarding rule


















Input
Description
Name
Display Name of the rule
Cloud Proxy
A collector which will be used to forward logs to vRealize log insight
Endpoint Type
There are 3 options as of today.
Default, vRealize Log Insight and Splunk
As we are going to forward to vRealize log insight we will select the same
Endpoint URL
https://< loginsightserver IP or hostname >/api/v1/events/ingest/test-agent
Tags (Optional)
If you would like to add tags for the logs being forwarded you can add that as well
Headers (Optional)
vRealize log insight doesn’t require any headers however if your endpoint needs then you can use the same for e.g. If you are forwarding to Splunk then you will need to authorization header
Query
As an example, we want to forward logs/events which shows the successful authentication event on the VMware Cloud VC
text contains vim.event.UserLoginSessionEvent

Click Save once you have filled all the information

















Once you have saved the configuration you will see the rule








Wait for a couple of mins and ensure Events Posted numbers starts to increase. This would be logs have started forwarding







3 - Verify in vRealize Log Insight

Now you can log in to your vRealize log insight to search the forwarded logs. As an example, I will use the tag which we added in our log forwarding configuration rule in the query

environment contains vmwarecloud
















Conclusion


This way you can forward specific logs from Log Intelligence to your OnPrem vRealize Log Insight. Depending on your use case you can create multiple log forwarding rules.


Sunday, January 27, 2019

Use OnPrem vRealize Automation to provision on VMConAWS

In this blog, I will be describing the process of how to use OnPrem vRealize Automation (vRA) with VMware Cloud on AWS SDDC

What is VMware Cloud on AWS (VMConAWS)


vSphere based Cloud hosted on AWS public cloud. It allows you to modernize, protect and scale mission-critical vSphere-based applications leveraging AWS

As per standard design for VMConAWS, cloudadmin@vmc.local only has access to following resources
  •       Compute-ResourcePool
  •       Workloads folder
  •       sdddc-cgw-network-1 port group/segment (or Manually created by a user in Compute Gateway)
  •       WorkloadDatastore 

Pre-requisites


Following are the pre-requisites to be able to successfully provision on VMConAWS using vRA  
  •       vRA 7.2 and above deployed OnPrem
  •      Compute Segment which will be used to provision VMs in VMConAWS
  •      IPSEC VPN between OnPrem and VMConAWS for both Management & Compute CIDR
  •       Firewall Rules for Management & Compute Gateways to allow communication from OnPrem vRA setup 


vRA Configuration


The following section describes the steps how to configure vRA to add VMConAWS as a vCenter endpoint

Quick Note

  • There is no NSX integration available vRA with VMCon AWS 
  • Ensure that all vRealize Automation VMs are configured to use TLS 1.2

In my setup, I am using the latest vRA which is 7.5.1


Add vCenter Endpoint

 Login to vRA  and navigate to Infrastructure > Endpoints
Click New > Virtual > vSphere (vCenter)















Specify the following details

Input
Description
Name
Name of the endpoint
Address
vCenter fqdn
https://fqdn/sdk
Username
cloudadmin@vmc.local

If you have integrated with AD then a user which is added to CloudAdmin Group in VMConAWS vCenter
Password
Password for the account specified above

Click Test Connection and ensure the test is successful












Click on Fabric Groups under Infrastructure and Click New to add Cluster in fabric groups and assign fabric administrators to manage them









Click Reservations under Infrastructure and Click New to create reservations to allocate resources to business groups for VMConAWS vCenter

















This is the most important part else your provisioning will fail due to a permissions error

Resource
Value
ResourcePool
Compute-ResourcePool
Datastore
WorkloadDatastore
VM & Template Folder
Workloads
This is done through Custom Property
Vmware.VirtualCenter.Folder
Network
Use the logical network that you created as part of the prerequisites


























































Create Blueprint with vSphere(Center) Machine using VC Template – Standard vRA configuration
















Publish the Blueprint and perform standard configuration for Catalog Management (Standard vRA Configuration)

Request Deployment from the Catalog and you will see a successful deployment







































Conclusion

Once it is configured it will be same as any other vCenter however couple of things to remember

  •       There is no NSX integration available vRA with VMCon AWS hence Admin has to create network manually in SDDC
  •      Please ensure appropriate network configurations are enabled to install software components. Remember VC is in cloud hence the Firewall rules are key and the most important part of the config