So you’ve setup your customer VPC in AWS, deployed your VMware Cloud on AWS SDDC into the cloud and configured the required connectivity to secure your management traffic, enable vMotion and extend your on-premises networks into the cloud. In this blogpost we’re going to be looking into the tools that you can use to manage your environment post-deploy. Let’s get started with VMware Cloud on AWS – Your Management Toolset.
VMware Cloud on AWS – Hybrid Linked Mode
As you may be aware, we’ve long provided the capability to link together vCenter Servers into what we call Linked Mode (also encompassing Enhanced Linked Mode and Embedded Linked Mode). This allows you as a vSphere Admin to manage multiple vCenter Servers from a single user interface, including sharing information regards licenses, tags & roles ., search globally through all vCenter inventories and drag and drop migrate VMs between vCenter Servers. While it’s entirely possible to manage your VMware Cloud on AWS SDDC on it’s own, connecting your on-premises SDDC up helps manage workloads in both on-premises and cloud SDDCs.
When deployed on-premises Linked Mode has a couple of requirements: firstly, all PSCs and vCenter Servers need to be in the same SSO domain. Secondly, all PSCs and vCenter Servers need to be running the same code version. When running VMware Cloud on AWS the cloud SDDC will normally be running newer code than the on-premises SDDC, so this prevents traditional linked mode being deployed. Hybrid Linked Mode solves both of these problems.
You have 2 methods available to configure Hybrid Linked Mode. The first is to deploy the Cloud Gateway virtual appliance into your on-premises datacenter and use this to establish the connection into your cloud SDDC. Once this is done you login to the Cloud Gateway in order to manage both on-premises and cloud environments. Alternatively you can login to the vSphere Client in the cloud SDDC and manage both your cloud and on-premises SDDC environment from there. A limitation of this second method is that you can link only one on-premises domain, this restriction does not apply to the Cloud Gateway method.
Deploy the Cloud Gateway
Let’s setup the Cloud Gateway appliance and enable Hybrid Linked Mode from there. First things first, we need to download the Cloud Gateway installer. Login to the VMware Cloud on AWS console. Select the Tools tab, then click the Download button in the right hand side vCenter Cloud Gateway column.
Download the Cloud Gateway ISO and mount it in your admin workstation. Browse to /ui-installer and then the relevant subfolder for your workstation. Here I’ll be running it from a Windows machine, so I’ll browse into the win32 subfolder, then launch installer.exe.
Click Get Started, then click Start in the Deploy vCenter Cloud Gateway column.
Read and accept accept the EULA and click Next.
Step through the wizard specifying the deployment target and credentials, deployment folder and cluster, VM name and root password, datastore, network configuration, NTP and SSO server. If you are using Integrated Windows Authentication you can also select to join your Cloud Gateway to Active Directory.
Click Finish, and you’ll be taken back to the Deployment screen, where you’ll see the deployment running. This will take a short while for the OVA to be deployed and configured, at which point we can move on. Stage 2 is where we configure Hybrid Linked Mode. Before you do this, we recommend that you validate the prerequisites which are detailed in the documentation.
Configure Hybrid Linked Mode
Click Start under Stage 2. You’ll see a brief explanation of what HLM is, and a link to the prerequisite documentation that I linked above. Click Next.
Here we specify the management address of our vCenter Server in the cloud SDDC s well as the password for the firstname.lastname@example.org account. To retrieve this, login to your VMware Cloud on AWS console and select your SDDC, then click Settings and expand the Default vCenter User Account field.
Click on the clipboard icon to copy the password to your clipboard, then paste this into the configuration wizard.
For Identity Source select your on-premises AD domain that you wish to configure access for.
Specify the domain groups that you swish to grant access to manage your cloud SDDC to, then click Finish. After a few moments you should see that your SSO domains have been linked.
VMware Cloud on AWS – Content Library
Content Library is a super cool feature that has been in vSphere for some time now. In case you’re not familiar it really helps to manage your content in a centralised location. If (like me!) you’ve had a sprawl of folders in various datastores across your environment with VM templates, virtual appliances and ISO files then this is for you! Content Library is a construct within vCenter, but you can publish a CL for consumption by other vCenter Server CLs. Choose to either synchronise all data immediately, or on demand when the content is required. This can be super helpful as it means you can use the same templates to deploy your workloads across both on-premises and cloud SDDCs. Consistency is key!
Let’s setup a new Content Library, subscribing to our existing CL. In your vSphere Client click Menu > Content Libraries.
Click the Add button to setup a new Content Library
Name your Content Library and ensure you select your cloud SDDC vCenter Server. Click Next.
Note that in this case we’re subscribing to a Content Library that is backed by an AWS bucket. You can equally subscribe to your on-premises Content Library – paste the subscription URL into the Subscription URL field.
For more information on publishing a local Content library please see the documentation.
Select to either download all content immediately or only as required, then click Next.
Select the datastore that you wish to store your Content Library in, then click Next, then Finish. After a short period you’ll see your newly created Content Library.
Click into your Content Library. You can see the content held within, broken down into VM Templates, OVF/OVA Templates and other files such as ISO files.
From here you can right click a template and deploy a new VM from it. You can also force synchronisation with the publishing library if required.
VMware Cloud on AWS – Accounts, Roles and Privileges
One important thing to consider when deploying into VMware Cloud on AWS is that this is a managed service. It’s VMware managed, so you don’t get root access to your VMware Cloud on AWS vCenter Server or ESXi hosts. Rather than spend too much time covering this here, I’d urge you to look at the VMware Cloud Blog where my colleague Jeremiah Megie explains in detail how this all plugs together, including the extra roles that you will see in your environment when leveraging Hybrid Linked Mode.
VMware Cloud Log Intelligence
Log Intelligence is a complementary cloud service which can handle all of your SDDC (and other AWS) logging requirements. It can really help you to provide visibility into your infrastructure and extract value from unstructured logging data. If you’re familiar with VMware Log Insight on-premises then you’re going to feel at home with the interface! A free 30 day trial is available, with further pricing information at https://cloud.vmware.com/log-intelligence/pricing
For more information about VMware Cloud Log Intelligence please see the cloud management blog.
I hope that you’re found this post useful! Join me next time, when I’ll be discussing policies and the importance of policy based management.
As we’ve previously discussed, VMware Cloud on AWS can be a great fit for a number of use cases. We’re going to be walking you through everything that you need to get up and running in this blog series. If you would like to learn more, then sign up for the VMware Cloud on AWS Hands-on-Lab. To go even further, consider getting started with a single node environment and use the VMware Cloud on AWS Evaluation Guide to get the most out of your testing.