VMware Cloud on AWS

First Published On: February 27, 2018

Last Updated On: March 07, 2018

1
 VMware Cloud on AWS

Table of Contents

1. Hybrid Operations
1.1.Hybrid Linked Mode
1.2.Setting Up a Content Library
2. Virtual Machine Operations
2.1.Deploying a Virtual Machine from a Content Library
2.2.Connecting Virtual Machines to the Public Internet

2
 VMware Cloud on AWS

1. Hybrid Operations
This section covers features that make VMware Cloud on AWS the best choice for seamless hybrid
cloud management.

3
 VMware Cloud on AWS

1.1 Hybrid Linked Mode

This walkthrough is designed to provide a step-by-step overview on how to configure Hybrid Linked Mode for VMware
Cloud on AWS. Use the arrow keys to navigate through the screens.

Hybrid Linked Mode provides the ability to extend an on-premises vSphere Single Sign-On domain to a VMware Cloud on
AWS vSphere Single Sign-On domain. An administrator is granted the ability to manage both their on-premises vCenter
Server and Cloud SDDC vCenter Server in a single view. Open the [Network] tab in the VMware Cloud on AWS console.

4
 VMware Cloud on AWS

Prior to getting started with Hybrid Linked Mode, a VPN connection must be established between the on-premises
datacenter and the Cloud SDDC management gateway. Use the arrow key to navigate to the next slide.

Scrolling down, you can see the DNS section. Expand the ‘DNS’ section and click [EDIT].

5
 VMware Cloud on AWS

Update the Cloud SDDC DNS entries including the vCenter Server FQDN to resolve the private IP Address range of the on-
premises datacenter, and then click [SAVE].

After the DNS configuration has been saved, click [OPEN VCENTER].

6
 VMware Cloud on AWS

[Login] to the Cloud SDDC vCenter Server using the local cloud admin account.

Under the ‘Menu’ option, select [Administration].

7
 VMware Cloud on AWS

On clicking the ‘Linked Domains’ option in the left-hand pane, you will be presented with the three steps necessary to
configure hybrid linked mode. The first step is to add an on-premises identity source. Click [ADD].

In this demonstration, we’ll select the option 'Active Directory over LDAP'. The remaining fields require information from the
on-premises Active Directory environment to be entered. Use the arrow key to navigate to the next slide.

8
 VMware Cloud on AWS

All the necessary information such as Domain Name and Base Distinguished Name for groups and users can be found in
the Active Directory Users and Computer console. To obtain the Base DN for users, expand ‘CPBU’. Right-click ‘Users’ and
select [Properties].

Switch to the ‘Attribute Editor’ tab. Select ‘distinguishedName’ and then click [View].

9
 VMware Cloud on AWS

Copy the attribute value. Use the arrow key to navigate to the next slide.

Paste the copied content in the ‘Base DN for users’ section. Use the arrow key to navigate to the next slide.

Similarly, to obtain the Base DN for groups, expand ‘CPBU’. Right-click ‘Groups’ and select [Properties].

10
 VMware Cloud on AWS

Switch to the ‘Attribute Editor’ tab. Select ‘distinguishedName’ that will be used on VMware Cloud on AWS console and
then click [View].

Copy the attribute value. Use the arrow key to navigate to the next slide.

11
 VMware Cloud on AWS

Paste the copied content in the ‘Base DN for groups’ section. After providing the necessary information, enter a username
and password of an account with rights to join the active directory domain. Use the arrow key to navigate to the next slide.

Finally, select whether to auto-discover an on-premises domain controller or specify a particular domain controller or
multiple. In this demonstration, we will go with the 'Specific domain controllers'. Click [OK].

Notice that the identity source has now been added successfully. The second step is to add a group whose members will be
granted cloud admin rights in the Cloud SDDC vCenter Server. Click [ADD].

12
 VMware Cloud on AWS

Select the identity source that was added in the previous step, and then type the name or search for the group that should
be granted access. Click [OK].

You can now see that the cloud administrators group was successfully added. The third and final step is to link the on-
premises vSphere Single Sign-On domain with the Cloud SDDC vSphere Single Sign-On domain. Click [LINK].

13
 VMware Cloud on AWS

Specify the hostname of the on-premises platform services controller, the vSphere Single Sign-on domain name, and
credentials. Click [LINK].

You will receive a confirmation that both the on-premises vSphere Single Sign-On domain and the Cloud SDDC vSphere
Single Sign-On domain have been successfully linked. Click [OK].

14
 VMware Cloud on AWS

To use hybrid linked mode, [Login] to the Cloud SDDC vCenter Server using an account that is a member of the group that
was granted cloud admin access from the on-premises identity source.

After logging in with an on-premises account, you will notice a confirmation that the domains have been linked. Click
[vSphere Client].

Click [Hosts and Clusters].

15
 VMware Cloud on AWS

The Hosts and Clusters view will show both the Cloud SDDC as well as on-premises vCenter servers. Click [Linked vCe] to
see their linked partners as well.

Here, you can see the linked partner. Use the arrow key to navigate to the next slide.

16
 VMware Cloud on AWS

To view the added identity source, open the 'Menu' and select [Administration].

Open the ‘Configuration’ tab. Under ‘Identity Sources’, you can see the newly added Identity Source. Click [vSphere Client].

17
 VMware Cloud on AWS

Click [Hosts and Clusters].

The inventory of both the on-premises and cloud SDDC vCenter Servers are now available to view and manage from a
single user interface within the vSphere Client.This concludes the walkthrough.

1.2 Setting Up a Content Library

18
 VMware Cloud on AWS

This walkthrough is designed to provide a step-by-step overview of how to set up a content library. Use the arrow keys to
navigate through the screens.

VMware Cloud on AWS allows users to leverage the content library feature of vCenter Server to easily import virtual
machine files such as templates, OVF and ISO files to the cloud software-defined data center. This allows easy onboarding
of workloads from the data center to the cloud SDDC. Open the menu and click [Content Libraries].

19
 VMware Cloud on AWS

Click the [+] button to add a new content library.

Give your subscribed library a name and click [NEXT].

20
 VMware Cloud on AWS

Choose ‘Subscribed content library’, which will allow you to synchronize data from a published content library on another
vCenter Server. Add the URL found in the ‘Publisher’ content library to allow the content library to create a secure
connection. For the purpose of this demonstration, we provide the URL of a content library running in an on-premise data
center in Palo Alto.

If you’ve enabled authentication, you may enter the password. Choose whether to download all content immediately from
the content library, or only synchronize files and templates on-demand, as needed. For this instance, we choose 'when
needed'. Click [NEXT] to proceed.

21
 VMware Cloud on AWS

Accept the SSL thumbprint of the certificate from the publisher content library. Click [YES] to proceed.

Choose ‘WorkloadDatastore’ as the repository location for the objects from content library. Click [NEXT] to proceed.

22
 VMware Cloud on AWS

Once you’ve reviewed all the settings, click [FINISH].

Notice that we have the subscribed content library in the Content Libraries window. Click the new content library,
[Subscribed-CL] to browse through all the available files and templates.

23
 VMware Cloud on AWS

If you chose to synchronize the files on demand, you will see that these are only the titles and that the actual files have not
been downloaded as indicated by the file sizes.

Right-click on any of the files and select [Synchronize Item] to fetch the rest of the data and download it locally to your
vSAN datastore. This automatically copies the selected virtual machine files from the on-premise datacenter to your SDDC.

24
 VMware Cloud on AWS

Notice that the files have now been downloaded. This concludes the walkthrough. Select the next walkthrough of your
choice using the navigation panel.

25
 VMware Cloud on AWS

2. Virtual Machine Operations

This section shows how to perform common virtual machine operations in your VMware Cloud on AWS
SDDC.

26
 VMware Cloud on AWS

2.1 Deploying a Virtual Machine from a Content Library

This walkthrough is designed to provide a step-by-step overview of how to deploy a virtual machine from a content library.
Use the arrow keys to navigate through the screens.

Once the Windows server 2012 template has been synchronized, we can deploy a new virtual machine from this template.
Right-click the file and select [New VM from This Template].

27
 VMware Cloud on AWS

Enter a name for this virtual machine and select a folder location where the VM will reside. For the purpose of this
demonstration, we’ll name it ‘Server2012R2-01’ and put it in the ‘Workloads’ folder. Click [NEXT].

Next, we’ll have to choose our compute resource. We select ‘Compute-ResourcePool’, as this is the resource pool given to
VMware Cloud on AWS customers to run their workloads in. Click [NEXT].

28
 VMware Cloud on AWS

Review the details of the template and then click [NEXT].

Choose the datastore of the new VM - in this case, ‘WorkloadDatastore’, and click [NEXT].

29
 VMware Cloud on AWS

Select the logical network this virtual machine will be placed on. For this demonstration, we’ll select [sddc-cgw-network-1].

Give this network an IP address for network connectivity and click [NEXT].

30
 VMware Cloud on AWS

Review the information and click [FINISH] to begin the deployment of the virtual machine.

Expand the menu and select [Hosts and Clusters].

31
 VMware Cloud on AWS

Here, notice the virtual machine that you just created. Once it has been deployed, you may power it on by right-clicking it,
expanding ‘Power’, and selecting [Power On].

You have now successfully deployed a virtual machine from this content library template.This concludes the walkthrough.
Select the next walkthrough of your choice using the navigation panel.

2.2 Connecting Virtual Machines to the Public Internet

32
 VMware Cloud on AWS

This walkthrough is designed to provide a step-by-step overview of how to connect your virtual machines to the public
internet for external access. Use the arrow keys to navigate through the screens.

We start at the vSphere client and select the virtual machine. In this case, we select an [Ubuntu WordPress] VM.

33
 VMware Cloud on AWS

Copy the IP address to the clipboard. We then go to the VMware Cloud on AWS Console.

Click [VIEW DETAILS].

34
 VMware Cloud on AWS

On the ‘network’ tab, we can view the network configuration. The first step is to request a public IP address that can be
associated with the VM.

This can be done within the Compute Gateway in the ‘Public IPs’ section. Expand 'Public IPs' and click [REQUEST PUBLIC
IP].

35
 VMware Cloud on AWS

Add a description of what this public IP is being used for. Click [Request].

Notice that the public IP has been successfully allocated. Take note of the public IP address that got generated. The next
step is to define a firewall rule that allows selected traffic from the public internet to the virtual machine. Expand the
[Firewall Rules] section.

36
 VMware Cloud on AWS

Enter a name for the rule. Since we are allowing external access, the source will be ‘Any’ and the destination will be the
Public IP address that was just generated. As we want to allow web traffic to the VM, we will select ‘HTTP’ over ‘TCP Port
80’. Click [Save] and wait for the operation to complete.

Now that we have enabled traffic through our firewall, the final step is to configure the network address translation to
transmit the traffic from the public IP address to the internal IP address of our virtual machine. Expand the [NAT] section.

37
 VMware Cloud on AWS

Click [ADD NAT RULE].

We will give this rule a description. If there is more than one Public IP generated in your VMware Cloud on AWS account,
you will need to select the desired Public IP from the Public IP drop down list. Ensure the ‘service’ matches the same
‘service’ that was used in the Firewall Rules you created. In this case, we choose ‘HTTP’ over ‘TCP Port 80’. For ‘Internal IP’,
add the IP address of the virtual machine that was saved to the clipboard earlier. Click [Save].

38
 VMware Cloud on AWS

Notice that the NAT rule has been successfully created.

You can test the settings by entering the public IP address in a web browser.

39
 VMware Cloud on AWS

As the WordPress site has loaded successfully, our firewall rules, public IP, and NAT settings are all correct. This concludes
the walkthrough. Select the next walkthrough of your choice using the navigation panel.

40