Every VMware Cloud on Dell EMC SDDC rack has a vCenter Server Appliance (VCSA) running on the cluster. Roles and permissions are set so that VMware can use this vCenter for monitoring and management of the infrastructure, while customers access it to manage their workload virtual machines. VMware will always access from the cloud control plane, but as an administrator of the workloads, it’s important to know that there are two different network paths to the VCSA for you to consider for your architecture.
After the initial SDDC rack deployment, the default configuration for vCenter Server access is for traffic to proxy through a public IP address in the cloud and over the VeloCloud SD-WAN tunnel that securely terminates at the rack. This enables you to get up and running immediately after SDDC rack deployment, providing the ability to connect to vCenter Server to copy VMs, templates, or ISO files to the new SDDC even before the top-of-rack switches are connected to your data center network.
Considering Direct vCenter Server Access
At some point, you may prefer to have management traffic flow directly from your data center network to the SDDC rack instead of through the public cloud endpoint. The more direct path may reduce latency and boost bandwidth for more demanding workflows, but for certain deployment scenarios, such as branch offices, you may find that the public access endpoint is actually simpler. The choice is yours.
Once the top-of-rack connectivity has been established, it’s very simple to change the vCenter access configuration – but first we need to create a firewall rule to allow access to the VCSA on the rack.
Log into the hybrid cloud control plane, navigate to your desired SDDC in the list, and under the Networking & Security section jump down to the Gateway Firewall settings. Create a new rule on the Management Gateway that allows HTTPS and ICMP access to the vCenter destination:
Once that rule is in place, click on the “vCenter Settings” tab. Click the Edit button and change the access mode to “Via internal network only” and click Save. Done!
Behind the scenes, the DNS entry for the vCenter Server FQDN will be changed from the public IP address to the private IP address that was selected from the applicable CIDR block that you specified during the initial SDDC provisioning process. The VCSA IP address is typically given the “.196” address from the /24 SDDC management network.
Keep in mind that it may take up to an hour for the change to take effect, so please plan accordingly. This is due to the time-to-live (TTL) setting for this DNS record. It’s easy to monitor the status of the change by using the dig utility, as shown in the demo above.
In the meantime, as a workaround, you can shortcut the DNS propagation delay by making an entry in the /etc/hosts file on your local machine. Just remember to remove it later on to avoid potential inconsistencies down the road!
With VMware Cloud on Dell EMC, you get a cloud-like experience for on-prem infrastructure that is fully managed by VMware. There are two paths to the vCenter Server appliance running on the SDDC rack in your data center. Chose the path that is best for your particular architecture requirements.
To learn more about this new offering, talk to your VMware account team or visit the website to get started!