VMware 2v0-731 VCP Cloud Management – Basic Configuration Tasks
Create an SDDC Now what we want to do is go over to the browser on the left-hand side of the console and select the Google Chrome browser icon. Now what we need to do is essentially check into the lab. This will actually provision the VMC services. Go ahead and put in your email that you used to sign up for the VMware hands-on Lab account, and then you want to press Search, and your email should come up under the Lab SKU. If it doesn’t, you may need…
Now what we want to do is go over to the browser on the left-hand side of the console and select the Google Chrome browser icon. Now what we need to do is essentially check into the lab. This will actually provision the VMC services. Go ahead and put in your email that you used to sign up for the VMware hands-on Lab account, and then you want to press Search, and your email should come up under the Lab SKU. If it doesn’t, you may need to just close the browser, log in again, and do another search just to make sure. What you want to do is click “validate,” and when you click “validate,” it will bring you to the VMware Cloud Services page. This is essentially the VMC login. Let’s go ahead and select Next. And now you should enter the password you used to create the account and click Sign in. To make this easier, let’s go ahead and minimize the manual and select Maximize. Now this is the VMC console into which we are now logged in.
This is pretty much what it still looks like, and you will see that some of the services are still in beta. But the service that we want to use is the VMware cloud on AWS. What we want to do is select “Open.” When we select “Open,” it will initialise the VMC. It’ll go ahead and bring us over to the initial page. This initial page is going to require us to set up our first software-defined data center. Let’s go ahead and select Create SDDC. You can now see that the SDDC has three steps. We have the connect AWS, the STDC properties, and a network configured.
Now, because this is a hands-on lab, we’re not actually going to tie this in to our AWS account. This is done for you in the background, and this is just for you to get practice. However, if you’re using AWS resources now and you want to tie them in to your SDDC, then you could certainly do that if you know your account information. Of course, in this case, let’s select Next. Now the SDDC properties are essentially a bunch of variables that you would have access to if you had a subscription. In this case, you have a couple different regions that are available. We’re heading east. Northern Virginia, Oregon, the EU, East Asia, Ireland, and London Let’s go ahead and select Northern Virginia.
What we want to do now is give this an STDC name. Now, in general, it is a good idea to name this SCDC something that you can easily identify because you may have several STDCs set up. And you may want to have an STDC for one region and another, one for another, or, let’s say, for one geography or one company department, whatever that provisioning requirement is.
It’s up to you. to determine what makes sense. In this case, we’re just going to go ahead and name this the SDDC demo Site One. If this was a subscription, the number of configurable hosts could range from four to sixteen. Again, because this is a hands-on lab, it’s only four that they’re allowing you to provision. The host capacity is two sockets, 36 cores, 512 GB of RAM, and 10.7 terabytes of storage per host. Now, we have four hosts. So you simply multiply the four host capacity variables by four, and that’s how they get the total capacity.
After you select Next, let’s go ahead and configure the network. In this case, we just want to go ahead and select the default network, and it will select it for us even if we don’t type it in. Now, if you’re configuring your management subnet for your enterprise, you, of course, would want to identify the proper cedar range and subnet ranges to ensure that this meets your networking requirements. However, let’s go ahead and just go ahead and deploy the SCDC, and it’ll go ahead and set off the default network. As you can see, this is fairly simple. Now, what this is essentially doing is creating an SDDC in the AWS cloud. The VMware cloud on AWS is essentially a private container service that VMware is maintaining and managing. Now you can see that Demo Site One is available. What we want to do now is just go ahead and select Demo Site One. This will tell us the number of hosts, the capacity of the resources that have been utilized, and what is available.
Now in this exercise, let’s go ahead and talk about the STDC configuration. When we go through and set up an STDC, there are essentially three steps to setting it up. Now that we’ve set one up, we now need to configure it to our requirements. Essentially, we have some options here, but before we get into the different options like add host, remove host, configure networking, add on features, connectivity, and support, we want to go ahead and go over to Actions and take a look at that. This allows us to add hosts, remove hosts, and then we could also delete the SDDC as well. Could I also go over here and open VCenter if we want as well? In this case, we want to go ahead and select Network. Now that we’re looking at the SDDC configuration, it’s important to understand how the network diagram is actually laid out. We have here a very simple diagram that really shows you what you need to know about the VMware cloud on AWS. We have a management gateway, we have a compute gateway, and essentially both of these are the two main components.
Remember that the gateways are essentially NSX devices. The management gateway is essentially an edge that connects the V centre from your on-premises environment to the NSX device in the management gateway. What we want to pay attention to here is the lines, the connections; you can see that there are data lines, and the dotted lines indicate that there are no firewall rules configured. Essentially everything is “deny all” to allow HTTP, HTTPS, SSH, or whatever protocol we want to enable. We need to go over to Actions and add a firewall rule or add a net rule if we want that as well. But before we do that, let’s go ahead and scroll down a bit and take a look at what’s here. Now the management gateway and the compute gateway, which you could see, are labelled down here. This is where we want to go to configure the management gateway and the compute gateway. In this exercise, What we want to do is go ahead and take a look at add-ons.
You can see that if we so choose, we could add Site Recovery Manager capabilities to protect our on-premises workloads and recover them to the SCDC. If there was an event that required this, it will be an additional cost, and you’ll need to activate it if you want to do that. Connection Info: This is the connection information for this specific lab. You can see that the user is a cloud user at VMC local. We could go over here to show credentials if we want to go over there. This is the command-line connection if we want to copy that to the clipboard. We could select that. There is the HTML 5 VMware client as well as the API Explorer. And then over here, we have support. This is actually really nice because it gives you all the information that is available for you to use to contact support. When we go back to the summary, we could go over here and add a host. You can see that we could go and add additional hosts. Now we could scale this from one to four to be added.
Now you can see that the number of hosts is four, the maximum number of hosts in this configuration that we have. We could scale up to an additional four. That will bring our capacity to essentially eight hosts that we could add to the cluster. And again, we can go ahead and add those hosts. And you will see over here that it’s saying that it’s going through the process of adding hosts, and when it’s done, you’ll see that it will come back as completed, and then the number of hosts should change to eight. And now it says it’s completed, and you can see that we have eight hosts. If we go back to network, we go back, and now what we want to do is go through setting up the networking, so we’ll go ahead and proceed and configure networking. We’ll go ahead and configure the compute gateway in the management gateway in the upcoming demos as well. Let’s proceed on to the next lesson.
When it comes to configuring your virtual machines on the VMware cloud on AWS, it’s important to understand how the firewall works on the service itself. Now, even though it’s a managed service, there are going to be some requirements where you need to configure your firewall ports. When you connect your service to your on-premises VMs, you’ll need to understand that there are specific resources you’ll have to enable firewall ports on. For example, the service, the port, and the notes are listed here. Port 443 is required by the VCenter server.
The platform services controller requires three-eight, nine, and six-three-six. This is for LDAP and directory services. DNS port 53, Active Directory, and open LDAP Again, identify what ports you need to have open for the specific services that you’re using. ESXi requires ports 902 and 903. When it comes to configuring your rules, you’ll want to be aware that each of the rules will require a name. You’ll need to specify an action as well. It will either allow or deny. You’ll need to specify the source and the destination, as well as the service and the port itself. For example, the ports will be custom TCP, UDP, or ICMP services, and again, you’ll need to specify the port number that is going to be used by this service. By default, the firewall is set to deny all.
In this demo, What we’d like to do is set up a firewall rule for our management gateway to communicate with our in-house server, which is basically our on-premises VCenter server. Let’s proceed and do that. Let’s select the STDC demo site. As you can see, our configuration for the SCDC demo site is there. What we want to do is go over to network and select Network. O
n the screen, we can see the SCDC configuration as it is right now. If you notice that all the network connections are set to deny all, This is essentially the firewall rules, and by default, the rules are deny all. What we want to do is enable a rule for the management gateway. Let’s proceed and set up a firewall rule. Let’s scroll down to the management gateway. As you can see, the rule for the firewall is set to deny all. Let’s proceed and change that. Let’s go ahead and expand the firewall rules menu. As we go down, you can see the information is set to deny action. Source, destination, and port are set to any, so basically all traffic is denied. Let’s go ahead and change that. In this scenario, let’s choose Add Rule. I’m going to go ahead and call this the V-Center rule. What we want to do now is, of course, allow traffic. Let’s select the source IP range, and in this case, we’re going to go ahead and put in ten 800:16. This gives us our range for that cedar configuration.
And what we want to do now is enable communication with the VCenter. Before we do that, let’s just take a look at the available choices. We could set up rules between our Vcenter, ESXi Site Recovery Manager, Visa Replication, and NSX Manager Management Gateway. For example, let’s select Vcenter. Now what we need to do is allow traffic to specifically communicate with the destination from the specified source. Let’s go ahead and select the specific option here. When you select this, just be careful when you select the option and be aware of the specific port. What we want to do now is simply choose HTTPS port 443. Now that that’s been selected, what we could do now is save that firewall rule. That firewall rule has been created. Let’s go ahead and scroll back and see what is available. Now, as you can see, there is a root VCenter rule that has been configured. Now, in order for this to appear as a green line, as a configured firewall rule, we must also configure it on-premises in this lab. We won’t do that, but just be aware that that’s what you would need to do.
In this demo, What we’d like to do is create a management VPN that allows us to securely access the VCenter server system and content library, which are deployed in the SDDC. Let’s go ahead and configure an IPCC VPN between our on-premises infrastructure and our cloud SD.SDDC. Let’s go select the demo site one.
And now what we want to do is select the network. So in this exercise, what we want to do is set up our IPsec VPN between our on-premises network and our management gateway. The way we want to do that is to select Actions and select Add VPN. You could see that it brings us down to the drop-down menu of IPsec VPNs.
We’d like to refer to this as the VMware VPN. Let’s say in this exercise we want to go ahead and put in the remote gateway. In this case, it’s going to be one, two, three, and four. And then we want to put in the remote network, which will be ten. Then we want to validate our encryption. In this case, it is AES 256, which is fine. We also want to make sure that our secrecy is enabled, which it is. We’re going to use the DH 14. Leave that there. And we want to enter a pre-shared key. In this case, We could do VMware one, two, three, or whatever we want for our shared key. And then all we do is get saved. And you can see that it shows the status as disconnected, which would make sense in this case. However, this will become apparent when we connect our management gateway in the real world rather than the hands-on lab. assuming that our configuration is correct.
In this exercise, what we’d like to do is configure DNS so that if we’re setting up our VMC, we want to be able to communicate with our onsite infrastructure, our private cloud. Let’s go ahead and do that. The first step we want to do is understand the proper SCDC that we are using. For example, you may have several set up in your environment, but in this case, we have one at the STDC demo site in US-Eastern Northern Virginia. We want to select a network. As you can see, we have a network diagram. We have our management gateway and our compute gateway. We have some VPNs set up. We need to set up some additional firewall rules. But in this exercise here, what we want to do is just go ahead and select DNS. As you can see, there are no entries for DNS.
We want to fix that. Let’s go ahead and select Edit on the right side of the menu. Now, if we’re setting up our private cloud or want to configure connectivity to resolve to DNS, say, your private cloud, In this case, essentially what we want to do is, of course, select the DNS servers that we want to have in our organisation or enterprise, and then put them in the primary and secondary DNS. In this exercise, we’ll enter the temporary addresses of eight eight eight for the primary address and eight four four for the secondary address. We could now choose to resolve this via the Internet or a VPN. You’ll need to make the right decision there based on your use case. In this case, I’m just going to go ahead and leave it resolvable from the Internet. As you can see, it’s been successfully updated. We now have our DNS configured. Let’s go ahead and move on to the next exercise.
SY0-501 Section 1.1- Implement security configuration parameters on network devices and other technologies.