VMware 2v0-731 VCP Cloud Management – Introduction
Welcome We will be covering specific use cases, specific subscription models, and deployment options for your enterprise. I’m Joe Holbrook, and I’d like to welcome you aboard the course. Let’s get started. Understanding why enterprises use the VMware cloud on AWS service by VMware for an on-demand service experience that enables the organization What you should know What you should know The expectation or knowledge would be to have some VMware experience, such as being able to spin up and spin down a virtual machine. AWS experience would be helpful…
We will be covering specific use cases, specific subscription models, and deployment options for your enterprise. I’m Joe Holbrook, and I’d like to welcome you aboard the course.
Let’s get started. Understanding why enterprises use the VMware cloud on AWS service by VMware for an on-demand service experience that enables the organization
What you should know The expectation or knowledge would be to have some VMware experience, such as being able to spin up and spin down a virtual machine. AWS experience would be helpful as well, since some of the terminology we’ll be discussing will be AWS-specific. In order to learn the material most effectively, it would be advisable to sign up for the free VMware hands-on lab. You can do this at www.vmware.com.
Why VMware on AWS? The combination of VMware and AWS extends your hybrid cloud in a manner that it would not be able to scale otherwise. Let’s discuss the power of the VMware cloud on AWS. VMware is a hybrid cloud computing market leader, with capabilities and services that extend your data center virtualization capability. It also has simple and consistent operations for it.
In other words, your team does not have to learn significant new technical capabilities to use the VMware cloud on AWS. It has full enterprise scale for your hybrid cloud. It is also fully operated and supported directly by VMware. This allows your organisation to go directly to VMware and not have to make separate calls for AWS and VMware. This is all handled by VMware.
This would also be known as a “one-stop shop” for support. VMware on AWS has global scale. Essentially, you’re able to use regions and availability zones in AWS configurations. It has seamless bidirectional application portability and migration services. You also have the capability to use this service on demand or as a service subscription. You have flexibility in how you want to provision the services. Your existing team members can also have a minimal learning curve. This can enable a go-to-market strategy much quicker.
It’s important to understand the purpose of the Compute Gateway, as it’s related to the VMware cloud on AWS. The compute gateway essentially connects the workload VMs to the software-defined data center. The compute gateway provides connectivity for the virtual machines, and the VMware cloud on AWS essentially creates a logical network to provide networking capabilities for these virtual machines. This is essentially a component that is an NSX edge.
You also use the Compute gateway to access your Compute virtual machines? The compute gateway connects your VMs to the software-defined data center. Looking at the picture, you can see that the Compute Gateway has two logical networks and three public IPS. It’s important to understand that when this is being configured, you’ll also have to configure firewall rules and specific capabilities around traffic flow as well.
Traffic can be directed to your on-premises environment using a layer-3 VPN connection. Traffic can also be directed to your AWS VPC via an elastic network interface, which is an Eni. It is important to understand that a connection to your AWS account is required, and you’ll also need to select a VPC as well as a subnet within that account. As a side note, you can only connect an STDC to a single Amazon VPC and an SDC that has a minimum of four hosts.
Now, in terms of the compute gateway, the purpose is the same. The goal of the compute gateway is to provide communications between the logical networks. Now, you could see that there are two logical networks that are there, and if we wanted to view them, we could see that there is one public IP, but we could also add additional public IPs.
Now, the compute gateway, like the management gateway, essentially provides north-south network connectivity for the virtual machines running in the SCDC. Now, the VMware cloud service also provisions these IP addresses automatically. This is called “simplified networking.” You can also add additional networks as well. Now, if we go down here to the compute gateway, you’ll notice that we have a little more configuration flexibility than we do in the management gateway. when it comes to the compute gateway. We could configure logical networks. For example, if we wanted to create a production network or a testing or QA network, we could certainly create additional logical networks and add additional firewall rules.
We would not set up the VPNs. This is where we would go to connect to an Amazon virtual private cloud. Because this is a demonstration, there is no connectivity available. This is where we would also link up our AWS account as well. DNS could be configured, and then we would request our public IP here as well. That’s essentially the compute gateway. Just remember that whether it’s the computer or the management gateway, the main goal of the gateway is to enable connectivity from the STDC to your on-premises environment. Layer 3 VPNs are used for this. You could set this up securely between your on-premises environment and your VCenter. With that said, let’s proceed on to the next lesson.
Management gateway. It’s important that you understand what the management gateway does in the VMware cloud during AWS implementation. When it comes to the management gateway, this connects the SCDC data centre management infrastructure to your on-premises environment. This is a component that is essentially an NSX Edge security gateway.
This security gateway provides connectivity to the VCenter server and the NSX manager running in the SCDC. You would also use this to access your Venter management virtual machines. When it comes to the management gateway, this connects your V centres to the SCDC NSX manager. The Internet-facing IP address, for example, is assigned from a pool of AWS public IP addresses during the SCDC creation process.
When you deploy your SDDC, essentially by default, the management gateway and the compute gateway get assigned public IP addresses, and these public IP addresses are essentially provisioned by AWS from a pool. It’s also critical to understand that communication between logical networks occurs via the gateway, whether it’s communication between the management gateway and your on-premises infrastructure or communication between your on-premises infrastructure and your compute gateway. Just be aware that this communication is enabled essentially through a VPN, which you can configure, but you also need to add firewall rules. When it comes to the management gateway, I like to call it an NSX Edge security device because it essentially provides north and south traffic between your VCenter server and your NSXManager in the STDC.
Now, when it comes to the management-logical network, essentially this is assigned by default by the Cedar block by default. This is provisioned by the VMware service. Essentially. You can also assign a different address block if you want to prevent address conflicts, especially if you’re connecting to your on-premises network as well. So there are a few things that you could do there, but not too much. This is basically an example of what’s called “simplified networking.” And you have connection information if we go here. You can see here that you could add a VPN and a firewall rule, and on this side here, you could add a firewall rule to the internet as well. If we go down to the management gateway, you can see that we could update firewall rules, we could add VPN access, and we could also add our DNS as well. Let’s proceed on to the next lesson.
In this module, Let’s go ahead and talk about VMware support for VMware cloud on AWS. Vrealize automation support allows you to connect your Vrealize automation to your cloud SCDC and allows you to create blueprints, allowing users to deploy virtual machines. One of the areas that you have to be aware of is that you have to ensure that your VRE-realized automation VMs are configured to use TLS because SSH is not supported.
For example, Also, before you consider deploying Vrealized products with your SDDC, there’s a checklist called Prepare Your SDDC to Work with Vrealized Products. I highly recommend that you take the time to read this checklist. This will allow you to be successful in your deployment of Vrealize automation in the SCDC. VMware automation seven two or seven three is currently supported by the VMware cloud on AWS. Essentially, you need to prepare, connect, and enable Vrealize once again. Check the checklist. Make sure you go through the requirements to successfully set this up. There are a fair number of requirements that need to be met for this to work properly.
SY0-501 Section 1.1- Implement security configuration parameters on network devices and other technologies.