By David Davis
In part one of this series, I covered why vCloud Express is so appealing for SMBs and large enterprises alike. From there, I showed you how to get started using vCloud Express by creating your first virtual machine. Once we had our VM up and running, there are still a few tasks left that you still need to perform. You'll want to configure outbound Internet access, inbound VPN access, inbound Internet access, and install your applications. Let me show you how.
Outbound Internet Access
With Terremark vCloud Express, you are provided a block of private IP addresses for your "virtual data center". In my case, I had the 10.112.123.64/26 private IP network. As you can see in the graphic below, I assigned one of those private IPs to my first server.
As I add more servers, they would be able to communicate on this internal LAN by default.
But what if I want to download applications or patches from the Internet? Does this VM on the private LAN have outbound Internet access? The answer is yes, by default outbound NAT'ed Internet access is configured. I went to the Network tab in vCloud Express and could see my assigned public Internet address, as you see in the graphic below.
However, there is no INBOUND Internet access to my new VM, just as you would have with a home/SMB NAT router.
Inbound VPN Access
Once your VM is up and running, the first thing you will want to do is connect to it via RDP to configure it and begin installing your applications. This is actually available by default if you use Terremark's VPN Connect – a private SSL VPN. Of course, this VPN could be used for other things besides just RDP to a Windows server. You could use the SSL VPN for SSH or SCP to a Linux VM or FTP to a any VM to transfer the apps that you need to install.
To connect to your virtual datacenter via the SSL VPN, click VPN Connect.
If this is the first time you have used it, this will launch the Cisco AnyConnect VPN Client. When you are done, you'll have a new Windows system tray icon for this client. If you click on it, you can see your VPN IP address and status.
Once connected, you are on the same network as your vCloud VM. That means that you can RDP to the IP address of the VM, like I did here.
Notice how I'm connected via RDP to the same private 10-net IP address that my VM was assigned, above.
Inbound Internet Access
At some point, you will want to configure inbound Internet access to your vCloud VMs. This could be just to RDP to a public IP address for management but, more than likely, it is to allow your new VM to be, for example, a public Internet web server (or any other application port you would want to open).
To do this, you'll go to the Network tab and you need to do two things:
1. Create a new Service
2. Create a new Node
In my mind, the service is the NAT rule allowing traffic inbound and the node is the server (or servers) that will be joined to the NAT rule to complete the inbound access. Note that these are NOT firewall rules. There is a whole separate configuration in Terremark vCloud Express called Security Services which is essentially your virtual data center firewall configuration.
Let's say that we want to configure inbound public RDP access to our new VM. This way, we don't have to connect to the VPN before we can use RDP (note that this could be a security concern for some). To do this, we would first create a new service by clicking on Create Service in the Network tab.
From here, the Create Internet Service wizard comes up. I opted to use the default Internet IP (but I could have request a new IP). Then, I used TCP as my protocol and port 3389 as that is the port for RDP. I named the service, you guessed it, "RDP". I accepted that I will have to pay $0.01 more per hour for inbound network traffic from the Internet and here's what it looked like:
Next, to be able to actually RDP, I needed to map this service to a Node. I selected the new Internet service and clicked on Create Node.
This brought up the Create Node Service wizard where I filled out the server name, server IP, and server port, as you see below.
And here is what we have…
Finally, I tested this inbound RDP NAT by using Remote Desktop on my local PC and going to the external Internet IP address I mapped to my internal private IP. Here are the results of my RDP attempt:
Notice the IP address that I was able to RDP to after I created the service, created the node, and mapped them together.
You would want to administer the vCloud VM either through RDP to the private IP using the SSL VPN or via RDP to the public IP address.
Installing Applications in your vCloud Express VM
So how do I get applications on my vCloud VM? You could have chosen to install your Windows VM with SQL Server already installed – that's one option to get an application. It doesn't appear that local ISO or remote ISO mounting is supported at this time. The recommended way to get apps to your VM is to FTP (or some other file transfer protocol) to the VM and then install them from there. I can see installing an FTP server on the VM (opening up the service and mapping it to a node) and then FTP'ing ISO files to the VM to be mounted with something like Daemon-Tools and then installed.
Besides downloading applications directly from the software provider's website on the Internet, another option to copy applications over to the new VM is to use RDP and map your local drives. From there you could copy or run anything (but, of course the performance is going to be very limiting). Here is a network drive from my house, mapped through RDP, as seen by the vCloud Express VM.
From here, I could copy over Veeam Backup (an application that I had on my local network drive) and install it in the vCloud VM. However, with the upload speed of my local Internet connection, it would be much faster to just download that application from the software company to the vCloud VM, directly (I was actually getting 6MB per second download speeds from the Internet to the vCloud VM – amazing!)
Some of you may be wondering what this is costing me. Well, I've only been trying this for 24 hours but I checked my bill and, so far, I have only built up $0.70 in charges (yes that is 70 cents) and I'm sure that I can afford that 🙂
Plus, I really like the resource utilization screen…
In summary, I can see so many uses for this "VM in the cloud". I could use it to replicate and store data from my local storage, I could run my lab environment inside it, or use it as an Internet web server. I'm sure that IT admins out there have a long list of use cases for this easy to use and affordable virtual environment. What about you?
David Davis is a VMware Evangelist and vSphere Video Training Author for Train Signal. He has achieved CCIE, VCP,CISSP, and vExpert level status over his 15+ years in the IT industry. David has authored hundreds of articles on the Internet and nine different video training courses for TrainSignal.com including the popular vSphere video training package. Learn more about David at his blog or on Twitter and check out a sample of his VMware vSphere video training course from TrainSignal.com.