VMware 2v0-731 VCP Cloud Management – Connectivity Options

1. Connectivity options

When it comes to connectivity on the VMware cloud with AWS, it’s really important to appreciate that when you deploy your SCDC, it is configured with two networks. The first network is your management network. This is essentially your clusters. This is essentially the managed service that VMware is providing for you. It will deploy hosts, your VCenter server for management, the NSX manager, and other management functions.

As a cloud administrator, you really don’t have a lot of capacity to change the variables. The second is the compute network. This is going to handle your production traffic. With the Compute network, you can change, for example, NAT, DNS, your firewall, et cetera. Another area to be aware of is connectivity and gateways. When it comes to deploying your networks, your compute and management networks When the SDGC and networks are deployed, they are essentially deploying gateways. These gateways provide access and security capabilities, such as NSX.

Just be aware that these edge devices are pre-deployed and pre-configured, and you really don’t have any management capacity with them. The second thing to be aware of is the traffic. When you’re looking at directing traffic to your on-premises environment, you could use a layer-3 VPN connection, or you could use an AWS VPC with an Eni. Now, an Eni is an elastic network interface. This is your virtual network card. You must reconfigure it with the IP, your Mac address, and ETCA. Whatever the variables need to be with ESXi hosts, they’re connected to an AWS VPC with an AWS end adapter. This is an Elastic Networking Adapter. This supports throughput up to 25 gigabits.

Now, just to confirm, this is different than an Eni. An Eni is a custom network adapter. It’s essentially an Elastic Networking adapter, but it’s highly customized. Now, an ENA is going to usually be deployed on a Linux instance. However, Windows support will be available down the road. But at the time of writing, this is not the case. When you deploy the enhanced networking capabilities, just be aware that these capabilities with your customization are only going to be available with specific Amis. For example,. C five, F one, and G three. These are going to be specific variables that you could deploy with the Amis that you’re using. All workload virtual machines are connected to the Compute Gateway. And just remember, this is going to be your production traffic. Direct Connect is also supported as well.

It is a service provided by AWS. Direct Connect is essentially a high-speed, low-latency connection between your on-premises data centre and AWS services. Direct Connect traffic travels over one or more virtual interfaces that you create in your customer’s AWS account. Virtual interfaces are classified into two types: private and public.

You could use either type of interface alone or both types. Aside from that, support for Direct Connect with the VMware Cloud on AWS is still quite limited. You’ll need to validate the exact configuration requirements before you consider deploying it with Direct Connect. So definitely review your support material, contact support, or review the documentation that may be available as well with the AWS services and VMware cloud on AWS.

2. Set a public IP address

In this demo, What we’d like to do is request a public IP address. The reason we need a public IP is because we’re going to want to configure a NAT address by default. Though the VMC Service does create an outbound by default, However, if we want inbound NAT, we need to go ahead and configure that ourselves. Let’s go ahead and find out how we do it. We’re going to go over to the network submenu here under the SDDC that we want to configure.

Let’s scroll down to the compute gateway, and we can see public IPS right there. Let’s go ahead and expand public IPS. As you can see, there is no IP that has been provisioned. Otherwise, it would show up when we expand it. Let’s go ahead and request a public IP. Now, to do this, you simply need to hit “Request.” When we hit request, the VMC Service will assign us an IP address from a pool of IP addresses. Let’s go ahead and hit “Request.” As you can see, it states that a public IP has been allocated. In this case, it is 565-6566. We go over here to edit, and if we wanted to, we could add notes.

We could go ahead and say “public IPtest,” let’s say, and then hit save. This will save that. Now, we could also request another IP. For example, we may require several public IPS for specific Nat requirements. For example, we could set up specific instances—whatever we want to do. Or we could just come here and edit. And let’s say we don’t want to have that public IP address anymore. We could simply select Release, and it would release that public IP address. Now, since this is a lab environment, we’ll go ahead and request it, and chances are it will be the same one that we just released. However, the VMC Service will likely distribute a very different IP address when you go through the process. With that said, that is how you request and release a public IP address. Let’s move on to the next exercise.

3. NAT

In this demo, What we’d like to do is essentially configure a NAT address. The VMC service now configures an outbound NAT address by default. This is for the compute gateway. However, you may want to configure an inbound Nat as well. To do that, you simply go under the network of the SDDC that you want to set this up on and scroll down to “Compute gateway.” You can see that we have Nat. Let’s expand that. There are currently no NAT rules.

The Add Nat rule is what we want to select. Now you can see that it’s got some preconfigured information there. That doesn’t mean you have to accept it. But what I want to point out first is that before we name it, just realise that we have a public IP here. If we didn’t configure a public IP here first, then there would be no public IP, and it wouldn’t make a lot of sense to configure that. So the first thing you should do before configuring Nat is, of course, request a public IP address from the pool.

Since we only have one public IP, we’re going to leave that the same. Let’s go ahead and call this Nat in for Nat Inbound. And in this case, we want to allow specific traffic. Assume, for example, that we want to allow DNS. We could select TCP or UDP. We want to be careful, of course, with just allowing any traffic. Again, this is not a good use case for allowing all traffic. So just be aware of what you want to select. Now, VMware has essentially reset a lot of these ports for you. You could also do a custom TCP and a custom UDP. So you do have some flexibility in the services that you want to allow Nat to be used with. Let’s go ahead and remember that this is for inbound as well. Let’s just say I’m going to go ahead and select Syslog. As far as the ports, We can go ahead and change the port if we want, but by default we’ll leave it at that. And then we need to add a valid IP address or a C address range. Of course, in this case, I’m just going to go 100.

And again, you want to choose whatever the internal IP address is that you’re going to allow that service to go to. Let’s go ahead and save the Nat Rule. We now have a Nat rule configured, and we can see in the notification section that the Nat rule is complete. That’s simply all you have to do to configure an AT rule. But remember, before you do it, make sure you set up a public IP. Let’s proceed on to the next lesson.

4. Connectivity for vCenter

In this demo, What we’d like to do is just validate our connection information. This is specifically the connection information that provides the connectivity information for the VCenter server that’s associated with this environment. This information includes URLs accessing the VCenter server. Authentication in PowerCL provides example scripts for connecting. You can see here that we have the HTML client. If we click that, and it is configured for environments, we will be taken to our Vsphere client. We also have the V Center server. This would allow us to connect via API to the VCenter server. We have authentication that is provided here and with the Power CLI connect as well. That is how you can go ahead and validate how to connect to your VCenter server. Let’s proceed on to the next lesson.