If you’re getting started with VMware Cloud on AWS then you should be aware of all the points in which you can block traffic with a firewall. Or, if you look at it another way, the places where you might need to create allow rules for traffic to traverse your cloud. This post is used to show where those choke points live both within your VMware Cloud on AWS SDDC, as well as the Amazon VPC in which your SDDC lives. ...
VMware has been busy over the last year trying to re-invent themselves with more focus on cloud. With that they’ve added some new SaaS products that can be used to help manage your cloud environments and provide some additional governance IT departments. Cloud makes things very simple to deploy and often eliminates the resource request phases that usually slow down provisioning. But once you start using the cloud, you can pretty quickly lose track of the resources that you’ve deployed, and now are paying for on a monthly basis, so it’s important to have good visibility and management of those resources. ...
Recently, I’ve been going through and updating my lab so that I’m all up to date with the latest technology. As part of this process, I’ve updated my certificates so that all of my URLs have the nice trusted green logo on them. Oh yeah, and because it’s more secure. I updated my vSphere lab to version 6.5 and moved to the vCenter Server Appliance (VCSA) as part of my updates. However, after I replaced the default self-signed certificates I had a few new problems. Specifically, after the update, NSX wouldn’t connect to the lookup service. This is particularly annoying because as I found out later, if I’d have just left my self-signed certificates in tact, I would never have had to deal with this. I thought that I was doing the right thing for security, but VMware made it more painful for me to do the right thing. I’m hoping this gets more focus soon from VMware. ...
The number of clusters that should be used for a vSphere environment comes up for every vSphere design. The number of clusters that should be used isn’t a standard number and should be evaluated based on several factors. Number of Hosts Let’s start with the basics, if the design calls for more virtual machines than can fit into a single cluster, then it’s obvious that multiple clusters must be used. The same is true for a design that calls for more hosts that can fit into a single cluster or any other cluster maximums. ...
Amazon has a pretty cool service that allows you to create a template for an entire set of infrastructure. This isn’t a template for a virtual machine, or even a series of virtual machines, but a whole environment. You can create a template with servers, security groups, networks and even PaaS services like their relational database service (RDS). Hey, in today’s world, infrastructure as code is the direction things are going and AWS has a pretty good solution for that already. ...
In the previous post we went over how to get the basics configured for NSX and vRealize Automation integration. In this post we’ll build a blueprint and deploy it! Let’s jump right in and get started. Blueprint Designer Login to your vRA tenant and click on the Design Tab. Create a new blueprint just like we have done in the past posts. This time when you are creating your blueprint, click the NSX Settings tab and select the Transport zone. I’ve also added a reservation policy that can help define with reservations are available for this blueprint. ...
Its time to think about deploying our networks through vRA. Deploying servers are cool, but deploying three tiered applications in different networks is cooler. So lets add VMware NSX to our cloud portal and get cracking. The first step is to have NSX up and running in your vSphere environment. Once this simple task is complete, a Distributed Logical Router should be deployed with an Uplink interface configured. The diagram below explains what needs to be setup in vSphere prior to doing any configurations in vRealize Automation. A Distributed Logical Router with a single uplink to an Edge Services Gateway should be configured first, then any new networks will be built through the vRealize Automation integration. While the section of the diagram that is manual, will remain roughly the same throughout, the section handled by vRealize Automation will change often, based on the workloads that are deployed. Note: be sure to setup some routing between your Provider Edge and the DLR so that you can reach the new networks that vRA creates. ...
XaaS isn’t a made up term, well maybe it is, but it supposed to stand for “Anything as a Service.” vRealize Automation will allow you to publish vRO workflows in the service catalog. This means that you can publish just about any thing you can think of, and not just server blueprints. If you have a workflow that can order your coffee and have it delivered to you, then you can publish it in your vRA service catalog. Side note, if you have that workflow, please share it with the rest of us. ...
In a previous post we went over installing an Enterprise Install of vRealize Automation behind a load balancer. This install required us to setup a Load Balancer with three VIPs but also required that we only had one active member in each VIP. A load balancer with a single member doesn’t really balance much load does it? After the installation is done, some modifications need to be made on the Load Balancer. The instructions on this can be found in the official vRealize Automation Load Balancing Configuration Guide if you want to learn more. There are several examples on how to setup load balancing on an F5 load balancer and NSX for example. This post will focus on a KEMP load balancer which is free for vExperts and it will all be shown through with GUI examples. ...
OK, You’ve done a vRealize Automation 7 simple install and have the basics down. Now it’s time to put your grown up pants on, and get an enterprise install done. This is a pretty long process, so be ready, but trust me, this is much better in version 7 than in the past. Load Balancer To start with, you will want to configure your load balancer. An enterprise install means that you’ll want at least two of each type of service so that you can protect yourself from a failure. There are three Virtual IPs (VIPs) that should be created prior to starting your install. The table below lists an example list of VIPs with their associated members and ports. ...