Author Archives: Anthony Spiteri

Creating Policy Based Backup Jobs for vCloud Director Self Service Portal with Tenant Creation

For a long time Veeam has lead the way in regard to the protection of workloads running in vCloud Director. Veeam first released deep integration into vCD back in version 7 of Backup & Replication that talked directly to the vCD APIs to facilitate the backup and recovery of vCD workloads and their constructs. More recently in version 9.5, the vCD Self Service Portal was released which also taps into vCD for tenant authentication.

This portal leverages Enterprise Manager and allows service providers to grant their tenants self-service management of their vCD workloads. It’s possible that some providers don’t even know that this portal exists let alone the value it offers. I’ve covered the basics of the portal here…but in this post, I want to talk about how to use the Veeam APIs and PowerShell SnapIn to automatically enable a tenant, create a default backup jobs based on policies, tie backup copy jobs to default job for longer retention and finally import the jobs into the vCD Self Service Portal ready for use.

Having worked with a service provider recently, they requested to have previously defined service definitions for tenant backups ported to Veeam and the vCD Self Service Portal. Part of this requirement was to have tenants apply backup policies to their VMs…this included short term retention and longer term GFS based backup.

One of the current caveats with the Veeam vCD Self Service Portal is that backup copy jobs are not configurable via the web based portal. The reason for this is that It’s our belief that service providers should be in control of longer term restore operations, however some providers and their tenants still request this feature.

Translated to a working solution, the PowerShell script combines a previously released set of code by Markus Kraus that uses the Enterprise Manager API to setup a new tenant in the vCD Self Service portal and a set of new functions that create default backup and backup copy jobs for vCD and then imports them into the portal ready for use. The variables are controlled by a JSON file making the script portable for Veeam Cloud and Service Providers to use as a base and build upon.

The end result is that when a tenant first logs into the vCD Self Service Portal they have jobs, dictated by the desired polices ready for use. The backup jobs are set to disabled without a schedule set. The scope of the default jobs is the tenant’s Virtual Datacenter. If there is a corresponding backup copy job, this is tied to the backup job and is ready to do its thing.

From here, the tenant can choose which policy that want to apply to their workloads and edit the desired job, change or leave the scope and add a schedule. The job name in the Backup and Replication console is modified to indicate which policy the tenant selected.

Again, if the tenant chooses a policy that requires longer term retention, the corresponding backup copy job is enabled in the Backup & Replication console…though not managed by the tenant.

Self service recovery is possible by the tenant for through the portal as per usual, including full VM recovery, file and application item level recovery. For recovery of the longer term workloads and/or items, this is done by the Service Provider.

This is a great example of the power of the Veeam API and PowerShell SnapIn providing a solution to offer more than what is out of the box and enhance the offering around the backup of vCloud Director workloads with Veeam’s integration. Feel free to use as is, or modify and integrate into your service offerings.

GitHub Page: https://github.com/anthonyspiteri/powershell/tree/master/vCD-Create-SelfServiceTenantandPolicyJobs

Veeam on the VMware Cloud Marketplace Protecting VMware Cloud on AWS Workloads

At VMworld 2018, myself and Michael Cade gave a session on automating and orchestrating Veeam on VMware Cloud on AWS. The premise of the session was to showcase the art of the possible with Veeam and VMware that resulted in a fully deployed and configured Veeam platform. We chose VMware Cloud on AWS for the demo to showcase the power of the Software Defined Datacenter with Veeam, however our solution can be deployed onto any vSphere platform.

Why Veeam with VMware Cloud on AWS:

I’ve have spent a lot of time over the past couple of months looking into VMware Cloud on AWS and working out just where Veeam fits in terms of a backup and recovery solution for it. I’ve also spent time talking to VMware sales people as well as solution providers looking to wrap managed services around VMC and the question of data protection is often raised as a key concern. There is a good article here that talks about the need for backup and how application HA or stretched clustering is not a suitable alternative.

Without prejudice, I truly believe that Veeam is the best solution for the backup and recovery of workloads hosted on VMware Cloud on AWS SDDCs. Not only do we offer a solution that’s 100% software defines it’s self, but we can extend protection of all workloads from on-premises, through to the SDDC and also natively in AWS covering both backup, replication as well as offering the ability to use Cloud Connect to backup out to a Veeam Cloud and Service Provider. I’ll go into this in greater detail in a future post.

Veeam on the VMware Cloud on AWS Marketplace:

At the same time as our session on the Monday there was another session that introduced the VMware Cloud Marketplace that was announced in Technical Preview. As part of that launch, Veeam was announced as an initial software partner. This allows for the automated deployment and configuration of a Veeam Backup & Replication instance directly into a deployed SDDC and also configures an AWS EC2 EBS backed instance to be used as a Veeam Repository.

The VMware Cloud Marketplace will offer the ability to browse and filter validated third-party products and solutions, view technical and operational details, facilitate Bring Your Own License (BYOL) deployments, support commercial transactions, and deliver unified invoices. We plan to open Cloud Marketplace to a limited Beta audience following VMworld and are working on additional features and capabilities for future releases. We envision the Cloud Marketplace will quickly expand, introducing new third-party vendors and products over time and becoming the de-facto source for customers to extend the capabilities of VMware Cloud on AWS and VMware Cloud Provider Partner environments.

Compared to what Michael and I showcased in our session, this is a more targeted vanilla deployment of Veeam Backup & Replication 9.5 with Update 3a into the SDDC. At the end of the process, you will be able to access the Veeam Console, have it connected to the VMC vSphere endpoint and have the EC2 Veeam repository added.

This is done via CloudFormation templates and a little bit of PowerShell embedded into the Windows Image.

Being embedded directly into the VMware Cloud Marketplace is advantageous for customers looking to get started quick with their data protection for workloads running on VMware Cloud o AWs. Look out for more collateral from myself, Veeam and VMware on protecting VMC with Veeam as well as a deeper look at our VMworld session which digs into the automation and orchestration of Veeam on VMware Cloud on AWS using Chef, Terraform, PowerShell and PowerCLI.

References:

Introducing VMware Cloud Marketplace

https://cloud.vmware.com/cloud-marketplace

https://marketplace.vmware.com/vsx/solutions/veeam-availability-suite-for-vmware-cloud-on-aws-9-5?ref=search#summary

VMworld 2018 Recap Part 2 – Community and Veeam Recap

VMworld 2018 has come and gone and after a couple of days recovery from the week that was, i’ve had time to reflect on what was a great week and an another great VMworld in Las Vegas. For me, the dynamic of what it is to be at a VMworld has changed. The week is not just about the event, the announcements or the sessions…but more about what myself and my team are able to achieve. While we are participants of VMworld we are also working and need to be adding value on all fronts.

This year I left Las Vegas with a sense of achievement and the belief that the week was extremely successful both personally and from a Veeam Product Strategy point of view. In this post (which is Part 2 of my VMworld 2018 recap) I am going to go over what went down with the VMware community during the event and close off with a quick Veeam roundup.

Community:

I felt like the community spirit was in full effect again at VMworld. Between all the sessions, parties and events my overall feeling was that there was a lot of community activity going on. Twitter it’s self came to life and everyones timelines where filling up with #VMworld media. The grass roots community still fuels a lot of VMware’s success and you can’t underestimate the value of influence and advocacy at this level. Certainly, Veeam and other vendors understand this and cater to supporting community events while looking after members with vendor branded swag.

One important thing I would like to highlight is the power of the local community and how something small can turn into something huge. My good friend from Australia, Tim Carman had an idea last year to create an As Built PowerShell Documentation script. He first presented it at his local VMUG…then a few months later he presented it at the Melbourne VMUG UserCon and last week, he presented it with Matt Allford in front of 500 plus people at VMworld. Not only that, but the session was voted into the daily top ten and is currently the second most downloaded via the online session download page!

Hackathon:

Another amazing thing that happened at VMworld was the team that I was lucky enough to be a member of took out the Hackathon. Aussie vMafia 2.0, lead by Mark Ukotic took out the main prize on the back of an idea to put a terminal in the (H5) Client and running commands. Again, what I was most pleased about with Mark, Tim and Matt’s success was exposure from the sessions and Hackathon win. They are great guys and well deserving of it. It goes down as one of my best VMworld highlights of all time!

Veeam Highlights and Sessions:

Finally to wrap things up, it was a great VMworld for Veeam. I spoke to a lot of customers and partners and it’s clear that our Availability Platform that’s driven through our strong ecosystem alliances is still very much resonating and seen to be leading the industry. Being hardware agnostic and software only carries massive weight and it was pleasing to have that validated by talking to customer and partners during the course of the event.

In terms of our sessions, we had two different breakouts. One covering some of the brilliant new features in Update 4 of Backup & Replication 9.5 presented by Danny Allan and Rick Vanover.

And myself and Michael Cade presented on automation and orchestration of Veeam on VMware Cloud on AWS. Michael talks about the session here, but in a nutshell we came up with a workflow that orchestrates the deployment of a Veeam Backup & Replication Server with Proxies onto a vSphere environment (VMC used in this case to highlight the power of the SDDC) and then deploys and configures a Veeam Linux Repository in AWS, hooks that into a VeeamPN extended network and then configures the Veeam Server ready to backup VMs.

Finally…it wouldn’t be VMworld without a Veeam party, and this year didn’t fail to live up to expectation. Held at the Omnia nightclub on Tuesday night it was well received and we managed to fill the club without the need to pull in a headline act. And as I tweeted out…

Wrap Up:

Overall, VMworld ticked a lot of boxes and was well received by everyone that I came across. IT’s been a good run of three VMworld’s in a row in Vegas, however it’s time to move back to where it all started for me in 2012 in San Fransisco. It’s going to be interesting going back to the Mascone Center and a city that hasn’t got the best reputation at the present moment due to social issues and the cost of accomodation is astronomical compared to Vegas. However, location is one thing…it’s what VMware and it’s ecosystem partners bring to the event. This year it worked! Hopefully next year will be just as successful.

VMworld 2018 Recap Part 1 – Major Announcement Breakdown!

VMworld 2018 has come and gone and after a couple of days recovery from the week that was, i’ve had time to reflect on what was a great week and an another great VMworld in Las Vegas. In this post I wanted to break down what I saw as the major announcements at the 2018 event and highlight some of the cool stuff VMware is bringing out for their customers, partners and technology partners.

VMware have kept up the momentum from last years VMworld and have continued on their pivot from a hyper-visor company to one that truly spans a multi-platform ecosystem of partners and other technologies. This post again is all about VMware at VMworld…i’ll focus on the Veeam happenings and my community experiences at VMworld in part 2.

VMware Cloud on AWS:

I’m a believer! I am personally excited with what VMware have delivered here. The focus of my session on Automating and Orchestrating Veeam was around VMware Cloud on AWS (VMC) utilising a Single Node SDDC for our live demo. Having presented at VeeamON with Emad Younis on VMC and Veeam I have since had my head deeply in the offering. VMware seem to be addressing the pricing concerns myself and others have and are now allowing smaller host deployments (from three to two later down the track) along with more flexible licensing.

The M5 release will feature NSX-T which offers a lot more hard core networking capabilities which will directly connect to AWS Direct Connect. The announcement of high-capacity storage option built into the vSAN cluster using Amazon EBS is an interesting one and an example of the mushing together of VMware and AWS technologies.

With all that said, I’m still not sure where this offering sits when compared to VCPP hosted IaaS and how it has the potential to impact that side of VMware’s business. That maybe a topic for a dedicated blog post…but not now.

Amazon Relational Database Service (RDS) on VMware:

This came as a surprise, but is in itself an interesting announcement. Having the ability to run RDS on-premises with the ability to migrate/move the workloads to and from AWS opens up a number of possabilities. With support Microsoft SQL Server, Oracle, PostgreSQL, MySQL, and MariaDB databases it’s covering a lot of existing use cases. No doubt this is a mechanism for complete cloud transition, but the choice to run this on-premises or in a hybrid setup is genius.

vCloud Provider Announcements:

Having been on the beta program for the next version of vCloud Director I knew what was coming, but I didn’t think it would be announced at VMworld. Suffice to say the next version of vCD will be another significant one. Version 9.5 continues to build on the momentum of the 9.x releases and continues to enhance the platform as the flagship Cloud Management Platform for Service Providers.

New innovations include cross-site networking improvements powered by deeper integration with NSX and Initial integration with NSX-T. A full transition to an HTML5 UI for the cloud tenant with improvements to role-based access control. There is also going to be a virtual appliance option. I’m looking forward to this dropping later in the year and continuing to #LongLivevCD!

One thing to touch on as well is the native integrated data protection capabilities using Avamar. This is directly integrated into the vCD HTML5 UI via the extensibility plugin. I’ve had a lot of requests from service providers who use Veeam as their trusted availability platform for vCD if we will release similar functionality. At this stage, we can’t make any promises but it’s something getting face time at the top levels of our R&D and Product Management and Strategy teams.

There was also a new VMware Cloud Foundation version announced. Details here.

vSphere and vSAN:

vSAN continues to evolve and improve and there is also a lot to look forward to in the vSphere 6.7 Update 1. There is a new quickstart wizard that walks you through the setup of a cluster that includes a number of tasks that where previously not hard to install…but not as well thought out in terms of ease of use. Operationally, dealing with vSAN Firmware and driver updates has always been painful, but again this update looks to streamline that process by moving the functionality into the HTML5 vSphere Update Manager.

There has also been enhancements to maintenance mode activities, improved health checking and diagnostics as well as TRIM/UNMAP support that uses less storage through the process of automatic space reclamation. This can automatically reclaim capacity that is no longer used, reduces the capacity needed for workloads without administrator interaction.

In terms of vSphere, all administrative functions have been completed for the vSphere Client so in theory there should be no more switching between the old Flex and HTML5 clients. vSphere Platinum is a new edition of vSphere that combines vSphere Enterprise Plus along with AppDefense which is their SaaS based  security product built to alert and remediate against anything that looks out of the norm. It seems like most vendors are releasing SaaS based offerings with Machine Learning behind them in this space as security tools…I do wonder if the market is flooded?

Other Notables:

Project Dimension looked interesting, but as with any VMware project I tend to wait for more concrete announcements closer to release. And it seems as though Edge computing is here to stay as a term. Remote offices are now the Edge!

Project Dimension will extend VMware Cloud to deliver SDDC infrastructure and hardware as-a-service to on-premises locations.  Because this is will be a  service, it means that VMware can take care of managing the infrastructure, troubleshooting issues, and performing patching and maintenance.  This in turn means customers can focus on differentiating their business building innovative applications rather than spending time on day-to-day infrastructure management.

Speaking of the Edge, I did like the sound of the announcement around ESXi on 64bit ARM. VMware demonstrated ESXi on 64bit ARM running on a windmill farm at the Edge. VMware sees an opportunity to work with selected embedded OEMs to scope and explore opportunities for focused, ARM-enabled offering at the edge. This is the current 64bit ARM CPU architecture used on Apple TV 4 so we could have ESXi on AppleTVs in the near future!

References:

https://ir.vmware.com/overview/press-releases/press-release-details/2018/AWS-and-VMware-Announce-Amazon-Relational-Database-Service-on-VMware/default.aspx

https://blogs.vmware.com/virtualblocks/2018/08/27/whats-new-in-vsan-6-7-update-1/

https://blogs.vmware.com/vcloud/2018/08/vmware-vcloud-director-9-5.html

https://ir.vmware.com/overview/press-releases/press-release-details/2018/VMware-Previews-Technology-Innovations-at-VMworld-2018/default.aspx

http://vmblog.com/archive/2018/08/27/aws-and-vmware-announce-amazon-relational-database-service-on-vmware.aspx

Released – NSX-v 6.4.2 – What’s in it for Service Providers (Networking Enhancements)

The week before VMworld, VMware released version 6.4.2 (Build 9643711) of NSX-v. There is a lot of enhancements that Service Providers can take advantage of in this release. The focus seems to be on edge and distributed network services which translates to more power for service providers to create features upon while also meaning they can take advantage of the same enhancements to improve performance and efficiencies within their our virtualised network.

In terms of interoperability, for the moment the latest vSphere 6.7 and 6.5 U2 releases are supported, however vCloud Director is not support at all. Interestingly, only 6.4.0 is supported through the main vCloud Director installs presently installed on service provider platforms.

Networking and Edge Services:

  • Multicast Support: Adds ability to configure L3 IPv4 multicast on Distributed Logical Router and Edge Service Gateway through support of IGMPv2 and PIM Sparse Mode
  • Default Limit of MAC identifiers: Increases from 2048 to 4096
  • Hardware VTEP: Added multi PTEP cluster capability to facilitate environments with multiple vCenters

Security Services:

  • Context-Aware Firewall: Additional Layer 7 Application Context Support (EPIC, MSSQL, BLAST AppIDs)
  • Firewall Rule Hit Count: Monitor rule usage and easily identify unused rules for clean-up
  • Firewall Section Locking: Enables multiple security administrators to work concurrently on the firewall
  • NSX Application Rule Manager: Improved scale to 100 vNICs per session, further simplifying the process of creating security groups and whitelisting firewall rules for existing applications.

Operations and Troubleshooting:

  • Authentication & Authorization: Introduces 2 new roles (Network Engineer and Security Engineer). Adds ability to enable/disable basic authentication.
  • NSX Scale Dashboard: Provides visibility into 25 new metrics. Adds ability to edit usage warning thresholds and filter for objects exceeding limits.
  • NSX Controller Cluster Settings: Specify common settings (DNS, NTP, Syslog) to apply to NSX Controller Cluster
  • Support for VM Hardware version 11 for NSX components: For new installs of NSX 6.4.2, NSX appliances (Manager, Controller, Edge, Guest Introspection) are installed with VM HW version 11.

Also as promised, the improvements to the HTML5 NSX user interface continues. TraceFlow, User Domains, Audit Logs, Events & Tasks have been added to the HTML5 vSphere Client. The other pleasing thing to see is that comparatively speaking the number of resolved issues is much lower than previous releases. This points to the 6.4.x code being a lot more stable and bug free than previous iterations…which is pleasing to see.

There are some changes to consider as well in the 6.4.2 release. Starting with version 6.4.2, when you install NSX on hosts that have physical NICs with ixgbe drivers, Receive Side Scaling (RSS) is not enabled on the ixgbe drivers by default. You must enable RSS manually on the hosts before installing NSX. There is also a change to the API call to set Syslog against the controller. That said, it’s still worth looking through the Known Issues section in the release notes.

Those with the correct entitlements can download NSX-v 6.4.2 here.

References:

https://docs.vmware.com/en/VMware-NSX-for-vSphere/6.4/rn/releasenotes_nsx_vsphere_642.html

Released – Runecast Analyser 2.0

Earlier this week, Runecast released into General Availability version 2.0 of their vSphere analyser platform. I’ve been a keen follower of the progress of Runecast since their inception a couple of years ago. There was a space in the market to be filled and they have been able to improve in the initial release by releasing new functionality often. It wasn’t that long ago that they added vSAN support…and more recently NSX support.

This release brings the following new functionalities:

  • Ability to store and display all detected and resolved issues over time for every connected vCenter.
  • The completely new monitoring dashboard with The Most Affected hosts and trending.
  • Automation of PCI-DSS VMware rules and new PCI-DSS profile UI
  • Support for vSphere 6.7 HTML5 plugin
  • Usability, performance and security improvements for increased ease of use.
  • Latest VMware Knowledge Base updates.

First thing to notice in the new release is the new Dashboard that has been improved and for mine is now more logically laid out. But for me the biggest feature added in this release is the enhancement to Historical Trending and a new analysis function. As someone who spent a time managing and operating vSphere platforms over the years, the ability to see trends is crucial in troubleshooting.


Historical Analysis is new in version 2.0 and aims to help isolate the root cause of a reported incident as fast as possible and detect new problems caused by product update or configuration changes. 2.0 will store at least 3 months worth of vCenter, vSAN and NSX-V scan results, including issue description. This provides trending information on the dashboard.

The introduction of PCI-DSS checks is something that will assist in compliancy situations. As someone who has had the pain of going through compliancy, any tool that makes the process easier is welcomed.

Im looking forward to meeting up with the guys at VMworld 2018 in Las Vegas next week and I would recommend and vSphere admin to take a look at Runecast!
You can download Runecase 2.0 from here and take it for a spin: https://runecast.biz/profile

Veeam @VMworld 2018 Edition…

VMworld 2018 is less than a week away, and I can’t wait to fly into Las Vegas for my sixth VMworld and second with Veeam. It’s been an interesting year or so since the last VMworld and the industry has shifted a little when it comes to the backup and recovery market. Data management is the new buzz and lots of vendors (us included) have jumped onto the messaging around data growing at more than exponential rates…sprawling to more platforms than ever before and finally…being more critical than ever. The criticality and power of data is real and VMware still have a lot to say about where an how that data is processed and stored!

VMworld is still a destination event and Veeam recognises VMware’s continued influence in the IT industry by going all in at VMworld 2018. The ecosystem that VMware has built over the past ten to fifteen years is emense and though challenged a few years ago, came back with a bang in 2017. I’m looking forward to seeing VMware’s continues evolution at this years event! Like VMware,

Veeam is evolving as well, and we are building out own own strong ecosystem based on a software first, hardware agnostic platform that results in the greatest flexibility in the backup and recovery market. We continue to support VMware as our number 1 technology partner and this year we look to build on that with support for VMware Cloud on AWS and enhanced VMware features sets built into our core Backup & Replication product as we look to release Update 4 of 9.5 later in the year.

Veeam Sessions @VMworld:

Officially we have two breakout sessions this year, with Danny Allan and Rick Vanover presenting a What’s New in Update 4 for Veeam Backup & Replication and Michael Cade and myself presenting a session on Automation and Orchestration of VMware and Veeam on VMware Cloud on AWS. There are also a couple of vBrownBag Tech Talks where Veeam features including talks from Michael Cade and Michael White while Dave Russell will be presenting a Partner Spotlight session.

https://my.vmworld.com/widget/vmware/vmworld18us/uscatalog?search=Veeam

Veeam @VMworld Solutions Exchange:

This year, as per usual we will have significant presence on the floor, with a Main Booth Area doing demo’s prize, giveaways, having an Experts Bar and acting as sponsor of the opening night hall crawl. We also have an in booth Theatre where I will be presenting on our new vCloud Director integration with Veeam Cloud Connect.

Veeam Community Support @VMworld:

Veeam still gets the community and has been a strong supporter historically of VMworld community based events. This year again, we have come to the party are have gone all-in in terms of being front and center in supporting community events. Special mention goes to Rick Vanover who leads the charge in making sure Veeam is doing what it can to help make these events possible:

  • Opening Acts
  • VMunderground
  • vBrownBag
  • Spousetivities
  • vRockstar Party
  • Vanguard Takeover

Party with Veeam @VMworld:

Finally, it wouldn’t be VMworld without attending Veeam’s seriously legendary party. This year we are looking to top last years event at Hakkasan nightclub by taking over one of the hottest club in Vegas… Omnia Nightclub! If it’s anything like the VeeamON 2015 Party that I attended it’s going to go off!! I know how hard it is to plan evening activities at VMworld and there is no doubt that there are a lot of decent competing parties on the Tuesday night…however whatever you do, you need to make sure that you at least stop by Caesars Casino and party in green. RSVP here.

https://www.eventbrite.com/e/veeams-legendary-vmworld-party-2018-tickets-45869296300

Final Word:

Again, this year’s VMworld is going to be huge and Veeam will be right there front and center of the awesomeness. Please stop by our sessions, visit our stand and attend our community sponsored events and feel free to chase me down for a chat…I’m always keen to meet other members of this great community. Oh, and don’t forget to get to the party!

Veeam Availability Console 2.0 Update 1 Important Patch Release

Earlier this month a patch was released for Veeam Availability Console 2.0 Update 1. Contained in the list of fixes is an important note about those that manage Windows Agents through VAC that are sending backups via backup copy jobs. In short there was an issues with the reporting and billing leading to some incorrect value for the tenant quota usage.

There are also a number of other resolved issues including some monitoring and alarm fixes as well as for those using the ConnectWise Plugin. The patch is advised to be deployed to all VCSPs running VAC especially those with tenants sending backup copy jobs as mentioned above.

To apply the patch, head to the VeeamKB here and follow the instructions. You need to have at least VAC 2.0 Update 1 Build 2.0.2.1750 as shown below.

From there, make sure you have a backup of the database, close down the Web UI and execute both MSI packages as administrator on the server.

The first one updates the VAC server.

The second one updates the ConnectWise Manage Plugin. Once completed the patches are applied and VAC 2.0 Update 1 is up to date running on version number Server Version 2.0.2.1807. Note that updated Windows for Agent Builds have been pushed out and can be upgraded as per my post a few months back.

References:

https://www.veeam.com/kb2694

Automating the Creation of AWS VPC and Subnets for VMware Cloud on AWS

Yesterday I wrote about how to deploy a Single Host SDDC through the VMware Cloud on AWS web console. I mentioned some pre-requisites that where required in order for the deployment to be successful. Part of those is to setup an AWS VPC up with networking in place so that the VMC components can be deployed. While it’s not too hard a task to perform through the AWS console, in the spirit of the work I’m doing around automation I have gotten this done via a Terraform plan.

The max lifetime for a Single Instance deployment is 30 days from creation, but the reality is most people will/should be using this to test the waters and may only want to spin the SDDC up for a couple of hours a day, run some tests and then destroy it. That obviously has it’s disadvantages as well. The main one being that you have to start from scratch every time. Given the nature of the VMworld session around the automation and orchestration of Veeam and VMC, starting from scratch is not an issue however it was desirable to look for efficiencies during the re-deployment.

For those looking to save time and automate parts of the deployment beyond the AWS VPC, there are a number of PowerShell code example and modules available that along with the Terraform plan, reduce the time to get a new SDDC firing.

I’m using a combination of the above scripts to deploy a new SDDC once the AWS VPC has been created. The first one actually deploys the SDDC through PowerShell while the second one is a module that allows some interactivity via commandlets to do things such as export and import Firewall rules.

Using Terraform to Create AWS VPC for VMware Cloud on AWS:

The Terraform plan linked here on GitHub does a couple of things:

  • Creates a new VPC
  • Creates a VPC Network
  • Creates three VPC subnets across different Availability Zones
  • Associates the three VPN subnets to the main route table
  • Creates desired security group rules

https://github.com/anthonyspiteri/vmc_vpc_subnet_create

[Note] Even for the Single Instance Node SDDC it will take about 120 minutes to deploy…so that needs to be factored in in terms of the window to work on the instance.

Creating a Single Host SDDC for VMware Cloud on AWS

While preparing for my VMworld session with Michael Cade on automating and orchestrating the deployment of Veeam into VMware Cloud on AWS, we have been testing against the Single Host SDDC that’s been made available for on demand POCs for those looking to test the waters on VMware Cloud on AWS. The great thing about using the Single Host SDDC is it’s obviously cheaper to run than the four node production version, but also that you can spin it up and destroy the instance as many times as you like.

Single Host SDDC is our low-cost gateway into the VMware Cloud on AWS hybrid cloud solution. Typically purchased as a 4-host service, it is the perfect way to test your first workload and leverage the additional capability and flexibility of VMware Cloud on AWS for 30 days. You can seamlessly scale-up to Production SDDC, a 4-host service, at any time during the 30-days and get even more from the world’s leading private cloud provider running on the most popular public cloud platform.

To get started with the Single Host SDDC, you need to head to this page and sign up…you will get an Activation email and from there be able to go through the account setup. This big thing to note at the moment is that a US Based Credit Card is required.

There are a few pre-requisites before getting an SDDC spun up…mainly around VPC networking within AWS. There is a brilliant blog post here, that describes the networking that needs to be considered before kicking off a fresh deployment. The offical help files are a little less clear on what needs to be put into place from an AWS VPC perspective, but in a nutshell you need:

  • An AWS Account
  • A fresh VPC with a VPC Networking configured
  • At least three VPC Subnets configured
  • A Management Subnet for the VMware Objects to sit on

Once this has been configured in the AWS Region the SDDC will be deployed into the process can be started. First step is to select a region (this is dictated by the choices made at account creation) and then select a deployment type followed by a name for the SDDC.

The next step is to link an existing AWS account. This is not required at the time of setup however it is required to get the most out of the solution. This will go off and launch an AWS CloudFormation template to connect the SDDC to the AWS account. It creates IAM role to allow communication between the SDDC and AWS.

[Note] I ran into an issue initially where the default location for the CloudFormation template to be run out of was not set to the region where the SDDC was to be deployed into. Make sure that when you click on the Launch button you take not the the AWS region and change where appropriate by change the URL to the correct region.

After a minute or so, the VMware Cloud on AWS Create an SDDC page will automatically refresh as shown below

The next step is to select the VPC and the VPC subnets for the raw SDDC components to be deployed into. I ran into a few gotcha’s on this initially and what you need to have configured is the subnets configured to size as listed in the user guides and the post I linked to that covers networking, but you also need to make sure you have at least three subnets configured across different AWS Availability zones within the region. This was not clear, but I was told by support that it was required.

If the AWS side of things is not configured correctly you will see this error.

What you should see…all things being equal is this.

Finally you need to set the Management Subnet which is used for the vCenter, Hosts, NSX Manager and other VMware components being deployed into the SDDC. There is a default, but it’s important to consider that this should not overlap with any existing networks that you may look to extend the SDDC into.

From here, the SDDC can be deployed by clicking on the Deploy SDDC button.

[Note] Even for the Single Instance Node SDDC it will take about 120 minutes to deploy and you can not cancel the process once it’s started.

Once completed we can click into the details of the SDDC, which allows you to see all the relevant information relating to it and also allows you to configure the networking.

Finally, to access the vCenter you need to configure a Firewall rule to allow web access through the management gateway.

Once completed you can login to the vCenter that’s hosted on the VMware Cloud on AWS instance and start to create VMs and have a play around with the environment.

There is a way to automate a lot of what i’ve stepped through above…for that, i’ll go through the tools in another blog post later this week.

References:

Selecting IP Subnets for your SDDC

« Older Entries