VMware Cloud on Dell EMC User Guide - VMware Cloud on Dell EMC › en ›...

VMware Cloud on Dell EMC User Guide

VMware Cloud on Dell EMC

You can find the most up-to-date technical documentation on the VMware website at:

https://docs.vmware.com/

If you have comments about this documentation, submit your feedback to

[email protected]

VMware, Inc.3401 Hillview Ave.Palo Alto, CA 94304www.vmware.com

Copyright © 2019-2020 VMware, Inc. All rights reserved. Copyright and trademark information.


VMware, Inc. 2

https://docs.vmware.com/

mailto:[email protected]

http://pubs.vmware.com/copyright-trademark.html

Contents

1 Introduction 5

2 Onboarding Checklist 6Read Your Service Welcome Email 6

View Your Subscription Purchase Program Fund 7

Log In to the VMware Cloud Services Console 7

Add Organization Owners and Users 8

3 Account Creation and Management 9Creating an Organization Owner Account 9

Create an Organization Owner Account with a My VMware Account 9

Create an Organization Owner Account Without a My VMware Account 10

Invite a New User 10

Accept an Account Invitation 11

Assign a Role to an Organization Member 12

4 Ordering SDDC 14Add SDDC Locations 15

Select a Rack Configuration 16

Specify Number of Hosts 16

Configure SDDC Network Addresses 17

Determine the Subscription Term 18

Place the Order 18

Check Your Order History and Status 19

5 Ordering Additional Hosts 20

6 Connecting SDDC and Going Live 22

7 SDDC Decommissioning 23

8 Networking and Security 24Network Settings 24

Uplink Connectivity 26

Set Up Physical Connections 26

Configure Uplink Connections 27

NSX-T Networking and Security 28

Connect to vCenter Server 28

VMware, Inc. 3

Connect to vCenter Through VMware Cloud on Dell EMC Portal 29

Connect to vCenter Through Your Network 29

Setting Up L2VPN 30

9 Deploy Workload VMs 31

10 Hybrid Linked Mode 32Prerequisites for Configuring Hybrid Linked Mode 33

Configure vCenter Settings 35

Configure DNS Forwarding for Management Network 36

Configure Hybrid Linked Mode with vCenter Cloud Gateway Appliance 36

Installing and Configuring the vCenter Cloud Gateway Appliance 37

Link the vCenter Cloud Gateway Appliance to Your VMware Cloud on Dell EMC SDDC from the Gateway Client UI 42

Configuring Hybrid Linked Mode from the VMware Cloud on Dell EMC SDDC 43

Add an Identity Source to the SDDC LDAP Domain 43

Link to an On-Premises Data Center 45

11 Get Help and Support 47Creating Support Request 47


VMware, Inc. 4

Introduction 1VMware Cloud on Dell EMC provides Software-Defined Data Center (SDDC) infrastructure and hardware to on-premise locations where VMware manages the end-to-end life cycle of both software and hardware.

This guide provides information about creating and managing your VMware account, ordering SDDC, and activating your SDDC to deploy your workloads.

Intended AudienceThis information is intended for anyone who wants to use VMware Cloud on Dell EMC to order an SDDC and use it on-premises to host the workloads. The information is written for readers who have used vSphere in an on-premises environment and are familiar with virtualization concepts.

VMware, Inc. 5

Onboarding Checklist 2This onboarding checklist highlights the steps and resources that are available to you as you prepare to create your first VMware Cloud on Dell EMC Software Defined Data Center (SDDC).

Procedure

1 Read Your Service Welcome Email

After your organization decides to use the VMware Cloud on Dell EMC service, your cloud sales specialist creates funds and fund owners. After your account is set up, VMware sends a service welcome email to the Fund Owner and Fund User.

2 View Your Subscription Purchase Program Fund

You can purchase Subscription Purchase Program (SPP) credits, which can be redeemed against VMware Cloud on Dell EMC in a subscription consumption model.

3 Log In to the VMware Cloud Services Console

The service activation link provided to you in the service welcome email directs you to the VMware Cloud Services Console.

4 Add Organization Owners and Users

VMware Cloud on Dell EMC accounts are based on an Organization, which corresponds to a group or line of business subscribed to VMware Cloud on Dell EMC services.

Read Your Service Welcome EmailAfter your organization decides to use the VMware Cloud on Dell EMC service, your cloud sales specialist creates funds and fund owners. After your account is set up, VMware sends a service welcome email to the Fund Owner and Fund User.

The welcome email contains a unique service activation link that directs you to the VMware Cloud Services Console. It is important to use this service activation link when you log in to the VMware Cloud Services Console for the first time.

n Find your "Welcome to VMware Cloud on Dell EMC" welcome email, which includes your unique service activation link.

n If the email is not in your inbox, check your corporate spam filter.

VMware, Inc. 6

n If you still cannot find the email, ask your Cloud Sales Specialist or Customer Success Manager to resend the email or provide you with the service activation link.

n If you have an My VMware account and if you want to update it, ensure that you do it before clicking the service activation link. For more information on updating your VMware account, see https://kb.vmware.com/s/article/2086266.

n If you do not have a VMware account, you can create one as part of the sign-up process. For more information creating a My VMware account as part of the sign-up process, see Create an Organization Owner Account Without a My VMware Account.

View Your Subscription Purchase Program FundYou can purchase Subscription Purchase Program (SPP) credits, which can be redeemed against VMware Cloud on Dell EMC in a subscription consumption model.

Fund Owners and Fund Users can direct VMware Cloud on Dell EMC to use the SPP fund as a payment method.

n View your SPP fund balance on My VMware: https://kb.vmware.com/s/article/2143195.

Note If you don't see an SPP fund listed under Accounts > Hybrid & Subscription Purchasing Programs (HPP/SPP), you must contact your Cloud Sales Specialist or Customer Success Manager.

n For more information on adding or removing fund users, see https://kb.vmware.com/s/article/2094497.

n To change a Fund Owner, perform one of the following actions:

n Select Support > Product Licensing

n Select Account > VMware Cloud Services - User Management.

n Speak to your Customer Success Manager.

Log In to the VMware Cloud Services ConsoleThe service activation link provided to you in the service welcome email directs you to the VMware Cloud Services Console.

Procedure

1 Click the service activation link that was provided to you in the service welcome email.

You are directed to the VMware Cloud Services Console.

2 Use the email and password from your My VMware account to log in.

This account should be either the Fund Owner or Fund User and have access to the SPP fund.


VMware, Inc. 7

https://kb.vmware.com/s/article/2086266





Add Organization Owners and UsersVMware Cloud on Dell EMC accounts are based on an Organization, which corresponds to a group or line of business subscribed to VMware Cloud on Dell EMC services.

Each Organization has one or more Organization Owners, who have access to all the resources and services of the Organization and can invite additional users to the account. By default, these additional users are Organization Users, who can create, manage, and access SDDCs belonging to the Organization, but cannot invite new users.

n Read Chapter 3 Account Creation and Management.

n For more information on inviting a new user, see Invite a New User.

n For more information on accepting an account invitation, see Accept an Account Invitation.

n For more information on assigning roles to organization member, see Assign a Role to an Organization Member.


VMware, Inc. 8

Account Creation and Management 3VMware Cloud on Dell EMC accounts are based on an organization, which corresponds to a group or line of business subscribed to VMware Cloud on Dell EMC services.

Each Organization has one or more Organization Owners, who have access to all the resources and services of the Organization and can invite additional users to the account. By default, these additional users are Organization Users, who can create, manage, and access SDDCs belonging to the Organization, but cannot invite new users.

This chapter includes the following topics:

n Creating an Organization Owner Account

n Invite a New User

n Accept an Account Invitation

n Assign a Role to an Organization Member

Creating an Organization Owner AccountYou receive an email invitation containing a link that you can use to sign up for a VMware Cloud on Dell EMC account. This link can be used only once.

When you sign up for the service, an Organization is created with an Organization ID and Organization Name. You are designated as the Organization Owner and can invite other users in your organization to use the service.

You can create an Organization Owner account with or without a My VMware account.

Create an Organization Owner Account with a My VMware AccountIf you have a My VMware account, you can use it to create an Organization Owner account after you receive the invitation email.

Procedure

1 Click the activation link in your invitation email.

You are taken to the sign-up page.

2 Enter the email address associated with your My VMware account, and click Next.

VMware, Inc. 9

3 Enter the password associated with your My VMware account, and click Log In.

4 Accept the service terms and conditions and click Next.

You see a page acknowledging successful completion of your account creation. You are directed to a login page.

5 Log in with your My VMware credentials.

If you are not automatically redirected to the VMware Cloud Services Console, go to https://console.cloud.vmware.com/csp/gateway/discovery and log in.

Create an Organization Owner Account Without a My VMware AccountIf you do not have a valid My VMware account, you can create one as part of the sign-up process.

Procedure

1 Click the activation link in your invitation email.

You are taken to the sign up page.

2 Click Create an Account.

3 Fill in the required information and select the terms of service check boxes.

Registration fails if:

n You don't provide a valid address.

n You don't enter the full name of your state. For example, if you enter CA instead of California, registration fails.

4 Click Sign Up.

You receive an activation email within the next 10 minutes.

5 Open the email and click the activation link.

The link is unique and can be used only once.

6 On the Welcome page, enter and confirm a password, and click Save.

You are directed to a login page where you can sign in with your credentials.

7 Log in with your My VMware credentials.

8 If you are not automatically redirected to the VMware Cloud Services Console, go to https://console.cloud.vmware.com/csp/gateway/discovery and log in.

Invite a New UserAs an Organization Owner, you can invite additional users to your Organization.


VMware, Inc. 10

https://console.cloud.vmware.com/csp/gateway/discovery




Procedure

1 Log in to the VMware Cloud Services Console at https://console.cloud.vmware.com/csp/gateway/discovery.

2 Click the services icon at the top right of the window, and select Identity and Access Management.

3 Click Active Users.

You see a list of all the users currently in your organization.

4 Click Add Users.

5 For each user you want to add, enter an email address separated by a comma, space, or on a new line.

6 Select an organization role to assign.

n Organization Owner

n Organization Member

7 Click Add Service Access and then select the required service and the associated roles.

For more information on the organization and service roles, see Assign a Role to an Organization Member.

8 Click Add.

Results

Invitation emails are sent to each of the users you invited. They can use these emails to active their accounts.

Accept an Account InvitationAfter an Organization Owner has invited you to their organization in VMware Cloud on Dell EMC, you can accept the invitation to create your account and gain access to the service.

Procedure

1 In the invitation email you received, click Sign in to console.

The registration page opens in your Web browser.


VMware, Inc. 11



2 Register your account.

Option Description

If you already have a My VMware account associated with your email

Enter your email address and My VMware password, and click Next.

If you do not already have a My VMware account associated with your email

a Click CREATE YOUR VMWARE ACCOUNT.

b Enter your Email ID, First Name, Last Name, and other information.

c Accept the VMware Terms of Use Agreement.

d Click Sign up.

Assign a Role to an Organization MemberOrganization members are assigned organization roles and service roles. As an organization owner, you can change both types of role assignments for members of your organization.

Organization roles specify the privileges that an organization member has over organization assets. Service roles specify the privileges that an organization member has when accessing VMware Cloud Services that the organization uses. All service roles can be assigned and changed by a user with organization owner privileges, so restrictive role such as NSX Cloud Auditor should be assigned along with the role of organization member to prevent modification.

When multiple service roles are assigned to an organization user, permissions are granted for the most permissive role. For example, if the VMC on Dell EMC Cloud Auditor Role for NSX is selected along with the VMC on Dell EMC Cloud Admin Role for NSX, a user can delete SDDCs and clusters. Therefore, to ensure proper enforcement of the role, organization owners should select only VMC on Dell EMC Cloud Auditor Role for NSX.

Procedure

1 On the VMware Cloud Services toolbar, click Identity & Access Management

2 Select a user and click Edit Roles to open the Edit Roles page.

3 To assign an organization role, select a role name from the Assign Organization Roles drop-down menu.

For information about Organization Roles, see Organization Roles and Permissions in the VMware Cloud Services documentation.

4 To assign a service role, select the VMware Cloud on Dell EMC service name under Assign Service Roles and select one or more VMC on Dell EMC service roles to assign.

The following roles are available:

VMC on Dell EMC - Administrator

This role has full cloud administrator rights to all service features in the VMware Cloud on Dell EMC console.

VMC on Dell EMC - Read-Only


VMware, Inc. 12

This role has read-only access to all service features in the VMware Cloud on Dell EMC console.

VMC on Dell EMC Cloud Auditor Role for NSX

This role can view NSX service settings and events but cannot make any changes to the service.

VMC on Dell EMC Cloud Admin Role for NSX

This role can perform all tasks related to deployment and administration of the NSX service.

A user must be assigned one of these roles to access the VMware Cloud on Dell EMC services: VMC on Dell EMC - Administrator or VMC on Dell EMC - Read-Only.

A user must be assigned of these roles to access the VMware NSX platform: VMC on Dell EMC Cloud Auditor Role for NSX or VMC on Dell EMC Cloud Admin Role for NSX

5 Click Save to save your changes.

What to do next

The changes to roles are saved, and take effect after users log out and log back in.


VMware, Inc. 13

Ordering SDDC 4Order an SDDC to host your workloads. To order an SDDC, you must first choose a location where you want to install it, select a rack, specify how many hosts you want the SDDC to contain and set up the management and VeloCloud networks.

Prerequisites

Read through the following order processing checklist as you prepare to order your first SDDC.

n Plan adequate space for the rack based on its dimensions and ensure that you have accommodations for network cabling, power accessibility, and environmental conditions that meet the rack’s requirements. Also, provide enough space for servicing and maintenance.

n Ensure that the equipment is not exposed to direct sunlight and the site maintains the specified temperature and humidity levels.

n Plan for electrical power sources that meet the requirements of the rack.

n Ensure that your existing network at the SDDC location can route traffic from the VeloCloud WAN interface to the VeloCloud Gateways and Orchestrator in the cloud with the ports, TCP 443, and UDP 2426.

Procedure

1 Add SDDC Locations

Select the location where you want to deploy the SDDC.

2 Select a Rack Configuration

Select a rack configuration for your hardware according to your requirement.

3 Specify Number of Hosts

Specify the number of hosts you want as part of the subscription.

4 Configure SDDC Network Addresses

Specify IP addressing information for configuring the management subnets such as Virtual Private Cloud (VPC), SDDC, Out-Of-Band (OOB), and VeloCloud networks.

5 Determine the Subscription Term

You can use the VMware Cloud on Dell EMC services up to the term that you subscribe. After the subscription period ends, you can either renew or end the contract.

VMware, Inc. 14

6 Place the Order

Review the order summary and make the required changes, if any. You cannot change the settings after you complete the order process.

7 Check Your Order History and Status

After you place an SDDC order, VMware verifies the order and begins the provisioning tasks such as assigning the hardware and updating various hardware and software configurations. The rack is assembled based on the specifications you provide at the time of ordering SDDC. After the rack is ready, it is dispatched to your location. The deployment engineer connects the rack to the network at the designated site. You can then connect to the vCenter Server and host your workloads.

Add SDDC LocationsSelect the location where you want to deploy the SDDC.

Procedure


2 Click the VMware Cloud on Dell EMC service.

3 Click Order SDDC.

4 Enter the following information under Location Details:

a SDDC name.

b The address of the physical location where you want to install the hardware.

5 Under Contact Details, enter the details of the primary contact person.

6 Click Add Contact to enter the details of alternate contact persons, if necessary.

You can add up to five contact persons. Generally, the contact persons are responsible for confirming the order. VMware contacts any of these persons, especially the primary contact person, for verifying the details before shipping the hardware and during the shipment until the arrival and installation of hardware on site.

7 (Optional) You can provide additional information about the location under Notes.

8 Click Save and continue to save the details.

Results

The SDDC you created is listed in the SDDCs page.

You can edit the location details, contact details, and notes after placing the order. However, you cannot edit the location details after the order is shipped. To edit the details, on the SDDCs page, click the SDDC name > Location Info > Edit.

What to do next

After you create the locations, you can order the SDDC immediately or later.


VMware, Inc. 15



Select a Rack ConfigurationSelect a rack configuration for your hardware according to your requirement.

Specifying a rack configuration helps you plan and allocate a dedicated physical space for the hardware. You are also informed about the power and networking requirements.

For more information about rack components, power and networking requirements, suitable environmental conditions, and so on, see VMware Cloud on Dell EMC Data Sheet.

Procedure

1 Search for the SDDC name that you created.

2 Select the SDDC name and click Order SDDC.

The Order SDDC page appears.

3 Review the rack configurations and select one of the following:

n R1.110V

n R1.220V

n R2.220V (Single-phase)

n R2.220V (Three-phase)

If you select R1.110V or R1.220, specify the following information:

a Extension Cord Length: Select the extension cord length if you need one.

If the power source is more than eight feet from the bottom of the rack, you can request VMware to provide an extension cord.

For R2.220V (Single-phase) or R2.220V (Three-phase), specify the following information:

a Power Source Location: Select Ceiling or Floor based on where your power source is located.

If the distance between the power source location and your hardware is more than 10 feet, you must provide an extension cord.

In the Requirements section, the specifications of the rack that you select are displayed.

4 Review and confirm that you meet the following requirements at your location by selecting the check boxes:

n Rack Dimension

n Power

n Environment

5 Click Save and Continue to save the rack configuration.

Specify Number of HostsSpecify the number of hosts you want as part of the subscription.


VMware, Inc. 16

https://docs.vmware.com/en/VMware-Cloud-on-Dell-EMC/Service/VMware%20Cloud%20on%20Dell%20EMC%20on%20Datasheet.pdf

A RAS (Reliability, Availability, and Serviceability) node is automatically added to your rack. For example, if you choose three hosts, an additional host is placed in the rack to serve as a RAS node.

Note A RAS node is used to replace an existing host if its hardware fails, and also provides spare capacity for SDDC upgrades and maintenance.

Procedure

1 Select the host type.

2 Select the number of hosts.

The capacity of the sockets, cores, memory, and storage varies based on the number of hosts you select, and is displayed under Total Capacity.

3 Click Save and Continue.

Configure SDDC Network AddressesSpecify IP addressing information for configuring the management subnets such as Virtual Private Cloud (VPC), SDDC, Out-Of-Band (OOB), and VeloCloud networks.

Prerequisites

n Verify that the SDDC location has an existing network that can handle multiple subnets.

n Verify that the SDDC location has a router with internet connectivity to which the rack can be connected.

n Ensure that you provide the underlay networking details for the uplink network to establish connection between the SDDC and your network.

For more information on networking, see Network Settings.

Procedure

1 Org Cloud Network: In the Org Cloud Subnet text box, enter an IP address subnet for accessing the VMware Cloud network .

VMware Cloud establishes a one-time cloud network that is used for your organization. This network is used to monitor, manage, and provide services to all VMware Cloud on Dell EMC SDDCs.

2 VeloCloud IP Settings: From the IP assignment drop-down menu, select a VeloCloud IP assignment to connect to VMware Cloud.

n Static: Select this option to provide an IP address that is manually configured on the cloud-facing interfaces of the VeloCloud devices. Provide the following details:

n IPv Address

n IP Address Prefix

n IP Gateway


VMware, Inc. 17

n DHCP: Select this option to allow your network to assign an IP address dynamically, which is configured by default on the cloud-facing interfaces of the VeloCloud devices.

3 Out-of-band Management Network: In the Out-of-band management subnet text box, enter an out-of-band management subnet to connect and manage the hardware devices such as the management and ToR switches.

Ensure that the out-of-band management network is not in use on your network.

4 SDDC Management Subnet: Enter an SDDC Management Network subnet to connect the software components such as NSX, ESXi, ePoP, and vCenter.

The SDDC Management Network is routed to your network through the uplink from the SDDC.

5 Under Requirements, select the Ports check box to confirm that the ports TCP 443 and UDP 2426 are open.

6 Click Save and Continue.

Determine the Subscription TermYou can use the VMware Cloud on Dell EMC services up to the term that you subscribe. After the subscription period ends, you can either renew or end the contract.

Procedure

u Select a suitable subscription period between one and three-year terms.

You can select 2-Month Paid Pilot and subscribe the on-premises SDDC for a period of two months at a minimum price, if necessary.

Place the OrderReview the order summary and make the required changes, if any. You cannot change the settings after you complete the order process.

Procedure

1 Click Order SDDC.

The SDDC Order Confirmation window appears.

2 Read the information and click Order SDDC.

Results

Your order is listed in the SDDCs page, and the status of your order is displayed as Order Created.

What to do next

You can track your order. For more information, see Check Your Order History and Status.


VMware, Inc. 18

Check Your Order History and StatusAfter you place an SDDC order, VMware verifies the order and begins the provisioning tasks such as assigning the hardware and updating various hardware and software configurations. The rack is assembled based on the specifications you provide at the time of ordering SDDC. After the rack is ready, it is dispatched to your location. The deployment engineer connects the rack to the network at the designated site. You can then connect to the vCenter Server and host your workloads.

The SDDC order passes through various stages of the ordering process flow.

Procedure



3 Click the SDDC name to expand and view the status of your order.

Note Alternatively, you can click the SDDC name, navigate to the Order History tab, and view the status of your order.

Note The current status is indicated in green

The following table captures the order statuses and a brief description of what each order status indicates.

Order Status Description

Order Not Complete You have begun the ordering process flow, but not placed the order yet.

Order Created You have selected the hardware, provided networking information and successfully placed the order.

Order Processed Your order has been processed and is in production.

Order Shipped The hardware is ready and has been shipped to your location.

Connected The hardware is deployed at your location and connected to VMware Cloud, but is pending activation.

Live The SDDC is activated and live. You can access the vCenter Server and deploy your workloads.


VMware, Inc. 19



Ordering Additional Hosts 5After the initial deployment of the rack, you can order additional hosts to manage your increasing workloads. Based on the rack type, the maximum number of additional hosts you can order varies. For R1, you can order up to two additional hosts. For R2 single phase, you can order up to 12 and R2 three-phase, you can order up to 16 additional hosts.

For more information on R1 and R2, see R1.110V and R1.220V Datasheet.

However, if you are on a two-month paid-pilot term, you are not eligible for requesting additional hosts.

Procedure



3 Click the SDDC name for which you want to add additional hosts.

Note The SDDC must be live to order additional hosts. For more information on SDDC statuses, see Check Your Order History and Status.

4 Click Actions > Order Additional Hosts.

A notification window appears, which displays a message that the estimated delivery time of additional hosts is 15 days and a separate term commitment is created for additional hosts.

5 Click Continue on the notification window.

6 Select the number of additional hosts required.

7 Review the To be added column and note the CPU, memory, and storage capacities for the additional host that you selected.

8 Click Save & Continue.

9 Review the term period of the additional hosts.

Note The commitment term of additional hosts is the same as the original SDDC. However, the start date begins when the additional hosts go live, which is about 15 days from the order date. Since the term of the original SDDC expires before the term of the additional hosts, you can renew the term of the original SDDC after its term expires. However, if you do not renew the term, the original SDDC is billed on a monthly basis after its term expires.

VMware, Inc. 20

https://docs.vmware.com/en/VMware-Cloud-on-Dell-EMC/services/vmc.dell.emc.datasheet/GUID-9252D1FC-FE9C-4317-8EEB-4C019A21CAA9.html



10 Click Save & Continue.

11 Review the details of the additional hosts and then click Order Hosts to place the order.

The Additional Hosts Order Confirmation window appears.

12 Read the message and click Order Hosts to confirm the order.

Results

Your order is listed in the SDDCs page and the status of your order is displayed as Order Created.

What to do next

You can track your order. For more information, see Check Your Order History and Status.


VMware, Inc. 21

Connecting SDDC and Going Live 6After the rack is installed at your location, a deployment engineer connects it to the network. You must activate the SDDC and connect to the vCenter Server to host your workloads.

At this point, the order status in the Order History tab shows Connected.

Procedure



3 Search for the order and select it.

4 Navigate to the Order History tab.

5 Click Activate SDDC.

The Activate SDDC pop-up menu appears.

6 Select the check boxes and click Activate.

Results

The status of the order changes to Live.

What to do next

Connect to the vCenter Server and host your workloads.

VMware, Inc. 22



SDDC Decommissioning 7Decommissioning is a process that involves the withdrawal of hardware and software from your location.

Your SDDC is withdrawn in the following scenarios:

n Your two-month paid-pilot subscription term ends and you do not intend to purchase a long-term service.

n Your 1-year or 3-year subscription term ends and you do not intend to renew the subscription term.

The decommission services are:

n The VMware SRE performs a remote soft reset of the infrastructure.

n A notification is sent to the Dell engineer that the hardware is ready for pickup.

n The Dell engineer collects the hardware from your location and securely performs a National Institute of Standards and Technology (NIST) 800-88 data sanitization offsite.

VMware, Inc. 23

Networking and Security 8To begin using VMware Cloud on Dell EMC to run workloads in your SDDC, you need to set up a network connecting your on-premises data center to VMware Cloud.


n Network Settings

n Uplink Connectivity

n NSX-T Networking and Security

n Connect to vCenter Server

n Setting Up L2VPN

Network SettingsWhile you are ordering an SDDC, in the Network section, you configure four IP subnets.

You are not allowed to change the configurations after you complete the ordering process. Therefore, ensure that these network configurations are accurate before placing the order.

The four IP subnets are:

n Org Cloud Management Network

n VeloCloud SD-WAN IP Address

n Out-of-Band Management Network

n SDDC Management Network

VMware, Inc. 24

Figure 8-1. VMware Cloud on Dell EMC Networking

Org Cloud Management NetworkThe Org Cloud Management Network is a /24 subnet and there is only one Org Cloud Management Network for an organization. This subnet should not be used within your network and should also not be routable from your network.

The Org Cloud Management Network is a dedicated AWS Virtual Private Cloud (VPC) network, which is used for automated life cycle management and monitoring. The VMware site reliability engineers use this network for life cycle management, monitoring, and troubleshooting.

VeloCloud SD-WAN IP AddressA pair of SD-WAN VeloCloud devices is part of the rack. The VeloCloud SD-WAN network establishes an encrypted tunnel to connect securely and manage the VMWare Cloud on Dell EMC deployment. You can assign the IP address through static or DHCP. If you are using static IP addressing, you need to provide a single IP address that can route to the internet.

To enable this network connection, your firewall should allow traffic through the ports, TCP 443 and UDP 2426, and establish a tunnel from VeloCloud to secure VeloCloud gateways on the internet.


VMware, Inc. 25

Out-of-Band Management NetworkVMware engineers use the out-of-band management network for troubleshooting by connecting directly to the out-of-management ports of all hardware components in the rack. This subnet should not be used within your network and should not be routable in your network. The size of this subnet is /26.

SDDC Management NetworkThe SDDC Management Network is a /24 CIDR block, which needs to be routable in your network. This network is used for VMware ESXi management interfaces, vCenter Server, and such other related virtual appliances.

Uplink ConnectivityVMware Cloud on Dell EMC has two ToR switches. Based on L3 Equal-cost multi-path routing (ECMP), uplink connectivity establishes a connection between the VMware Cloud on Dell EMC ToR switches and your network.

You can set up one or two uplink connections for each ToR switch. Two uplink connections for each ToR switch provide high redundancy, even if one of the uplink connections is down, the other one serves as a backup and provides the network connectivity. The bandwidth of each uplink connection can be 1 Gbps or 10 Gbps. The SFP+ (10 GbE) and SFP (1 GbE) modules for fiber on the overpack box are shipped to you.

To set up the uplinks, you must:

n Set Up Physical Connections

n Configure Uplink Connections

.

Set Up Physical ConnectionsBefore configuring the Layer 3 uplink connections, you need to plug in and connect the SFP module to the Top of Rack (ToR) switches, ToR Switch 1 and ToR Switch 2.

Procedure

1 Choose one of the following SFP modules that are shipped to you:

n SFP+ (10 GbE)

n SFP (1 GbE)

2 Determine whether you need two or four Layer 3 uplink connections.

For two Layer 3 uplink connections, do the following:

a Plug in the SFP module to: ToR Switch 1, Port 19 and ToR Switch 2, Port 19.

b Connect the ToR Switch 1 to your Router 1 and ToR Switch 2 to your Router 2.


VMware, Inc. 26

For four Layer 3 uplink connections, do the following:

a Plug in the SFP module to: ToR Switches 1 and 2, Port 19 and ToR switches 1 and 2, Port 20.

b Connect the ToR Switches: ToR Switch 1 to your Routers 1 and 2, and ToR Switch 2 to your Routers 1 and 2.

Configure Uplink ConnectionsYou can configure a Layer 3 uplink connectivity with two or four uplink connections based on your requirement.

Prerequisites

Verify that your SDDC is live.

Procedure



3 Search for your SDDC and click the SDDC name.

4 Click Network > Uplink Connectivity.

5 Select 2 or 4 from the drop-down menu.

6 Provide IPv4 addresses and netmask in the following format: IPv4 address/prefix. For example, 172.16.21.1/31.

7 Click Save and continue.

8 Click Test connections and ensure that all connections pass.

Figure 8-2. Two Uplink Connections


VMware, Inc. 27



Figure 8-3. Four Uplink Connections

What to do next

You can migrate your workloads between VMware Cloud on Dell EMC rack and your network.

NSX-T Networking and SecurityNSX-T is the networking and security platform used in VMware Cloud on Dell EMC to create and manage internal SDDC networks.

Figure 8-4. Networking & Security Tab

NSX-T provides a full set of logical network and security services decoupled from the underlying physical infrastructure. Distributed functions such as switching, routing, and firewalling not only provide L2 extension capabilities but also enhanced distributed networking and security functions.

For security purpose, the logical network is separated into management network and workload network. All the management components, such as vCenter and VMware NSX® Manager™ reside on networks connected to the Management Gateway (MGW) and VMware manages these components. You are not allowed to deploy workloads on the management network through MGW. You must create NSX network segments that are automatically connected to the Compute Gateway (CGW) and deploy your workloads on these network segments.

For more information on NSX-T networking, see the VMware Cloud on AWS Networking and Security document.

Connect to vCenter ServerAfter you activate your SDDC, the status of your order changes to Live. You can now access the vCenter Server and host your workloads.


VMware, Inc. 28

You can connect to the vCenter Server either by connecting through the VMware Cloud on Dell EMC portal or through your network.

Connect to vCenter Through VMware Cloud on Dell EMC PortalYou can connect to vCenter to host your workloads by clicking the Open Vcenter button.

Note Accessing vCenter through the internet can cause security issues. Therefore, use an internal network to access vCenter.

Procedure



3 Search for your SDDC and select it.

4 Click the Open Vcenter button to open the vSphere Client and log in to vCenter.

Connect to vCenter Through Your NetworkYou can connect to vCenter through your network by the setting up the gateway firewall rules.

For information on accessing vCenter Server through the VMware Cloud on Dell EMC console, see Connect to vCenter Server.

Note For more information, see the Log In to vCenter Server by Using the vSphere Client section in the VMware vSphere Product Documentation.

Prerequisites

Ensure that the physical uplink connection and IP addresses are configured.

Procedure

1 Set Up the Management Gateway Firewall Rules.

2 Open vCenter using the IP address.

Note For more information, see the Log In to vCenter Server by Using the vSphere Client section in the VMware vSphere Product Documentation.

Set Up the Management Gateway Firewall RulesBy default, the management gateway blocks traffic to all destinations from all sources. Add Management Gateway firewall rules to allow traffic as needed. Management Gateway firewall rules specify actions to take on network traffic from a specified source to a specified destination.


VMware, Inc. 29



Procedure

1 Log in to the VMware Cloud Services Console at https://console.cloud.vmware.com/csp/gateway/discovery



4 Click Network > Networking & Security > Gateway Firewall.

Figure 8-5. Gateway Firewall Page

5 Click Add New Rule.

6 Add the following vCenter Inbound Rules:

a Source: Any

b Destination: vCenter

c Services: ICMP(ALL ICMP) and HTTPS(TCP 443)

d Action: Allowed

e Logging: Enabled

Setting Up L2VPNYou can extend L2 networks from your SDDC to VMware Cloud on Dell EMC SDDC using the NSX L2 VPN feature.

By extending the L2 network, you can migrate VMs to and from your VMware Cloud on Dell EMC SDDC without changing their IP addresses. Also, you can use an extended L2VPN network for a disaster recovery. For more information on setting up L2VPN, see the Configure a Layer 2 VPN and Extended Network in the VMware Cloud on AWS Networking and Security guide. However, you must log in to VMware Cloud Services Console at https://console.cloud.vmware.com/csp/gateway/discovery and not https://vmc.vmware.com as mentioned in the AWS documentation.


VMware, Inc. 30




Deploy Workload VMs 9After connecting to the vCenter Server, you can deploy workload VMs in your VMware Cloud on Dell EMC SDDC.

You can add pre-configured virtual machines or vApps to your vCenter Server by deploying an OVF or OVA template.

Procedure

1 Search for VMware Photon and click Photon OS - VMware® Open Source Software in an Internet search engine.

The Photon Open Source Program Office page opens.

2 Click OVA and download the OVA with virtual hardware v11 template.

3 Deploy the OVA template to your vCenter Server.

For more information on deploying the OVA template, see the Deploy an OVF or OVA Template section in the vSphere Virtual Machine Administration documentation.

Results

A new task for creating the virtual machine appears in the Recent Tasks pane. After the task is complete, the new virtual machine is created on the selected resource.

VMware, Inc. 31

Hybrid Linked Mode 10Hybrid Linked Mode links your VMware Cloud on Dell EMC vCenter Server instance with an on-premises vCenter Single Sign-On domain. You can configure the Hybrid Linked Mode between VMware Cloud on Dell EMC SDDC and on-premises SDDC either directly or through vCenter Cloud Gateway to manage both the SDDCs in a single user interface. This can also be used to support VM migration across these SDDCs.

Before you can use Hybrid Linked Mode with VMware Cloud on Dell EMC, you must configure your on-premises vCenter to enable single sign-on. For more information, see vSphere Authentication with vCenter Single Sign-On.

If you link your cloud vCenter Server to a domain that contains multiple vCenter Server instances linked using Enhanced Linked Mode, all those instances are linked to your VMware Cloud on Dell EMC SDDC.

Using Hybrid Linked Mode, you can:

n View and manage the inventories of both your on-premises and VMware Cloud on Dell EMC SDDC from a single vSphere Client interface, accessed using Single Sign On (SSO) credentials.

n Migrate workloads between your on-premises data center and VMware Cloud on Dell EMC SDDC.

n Share tags and tag categories from your vCenter Server instance to your VMware Cloud on Dell EMC SDDC.

Hybrid Linked Mode supports on-premises vCenter Server systems running 6.7 and later with either embedded or external Platform Services Controller (both Windows and vCenter Server Appliance). vCenter Server systems with external Platform Services Controller instances linked in Enhanced Linked Mode are also supported up to the scale limits documented in vSphere 6.7 Configuration Maximums.

You have two options for configuring Hybrid Linked Mode. You can use only one of these options at a time.

n You can install the vCenter Cloud Gateway Appliance and use it to link from your on-premises data center to the VMware Cloud on Dell EMC SDDC. In this case, SSO users and groups are mapped from your on-premises environment to the SDDC and you do not need to add an identity source to the SDDC LDAP domain.

n You can link your VMware Cloud on Dell EMC to your on-premises vCenter Server. In this case, you must add an identity source to the SDDC LDAP domain.


VMware, Inc. 32

https://docs.vmware.com/en/VMware-vSphere/6.7/com.vmware.psc.doc/GUID-B98DF9C2-FE7D-483F-9521-C17C138B59D8.html

https://docs.vmware.com/en/VMware-vSphere/6.7/com.vmware.psc.doc/GUID-B98DF9C2-FE7D-483F-9521-C17C138B59D8.html

n Prerequisites for Configuring Hybrid Linked Mode

n Configure Hybrid Linked Mode with vCenter Cloud Gateway Appliance

n Configuring Hybrid Linked Mode from the VMware Cloud on Dell EMC SDDC

Prerequisites for Configuring Hybrid Linked ModeEnsure that you have fulfilled the following prerequisites before configuring Hybrid Linked Mode.

Common Prerequisitesn Configure an uplink connectivity between VMware Cloud on Dell EMC SDDC and your network. See

Configure Uplink Connections.

n Ensure that VMware Cloud on Dell EMC network resolves to the SDDC hostnames that you have provided. See Configure DNS Forwarding for Management Network.

n Ensure that vCenter Management traffic is handled through your private network or through Internet. See Configure vCenter Settings.

n Ensure that your on-premises data center and your VMware Cloud on Dell EMC SDDC are synchronized to an NTP service or other authoritative time source. When using Hybrid Linked Mode, VMware Cloud on Dell EMC can tolerate a time skew of up to 10 minutes between the on-premises data center and the VMware Cloud on Dell EMC SDDC.

n The maximum latency between your VMware Cloud on Dell EMC SDDC and on-premises data center cannot exceed 100 msec roundtrip.

The following prerequisites apply when linking with the vCenter Cloud Gateway Appliance.

n Install the Cloud Gateway Appliance as described in Installing and Configuring the vCenter Cloud Gateway Appliance.

n Your on-premises environment is running vSphere 6.5 patch d or later.

n Ensure that the vCenter Cloud Gateway Appliance and your vCenter Server instances can reach each other over your network. Ensure that the following firewall ports are open.

Source Destination Port Purpose

User's web browser vCenter Cloud Gateway Appliance

5480 Gathering support bundle

vCenter Cloud Gateway Appliance

On-premises vCenter Server

443 Hybrid Linked Mode


On-premises Platform Services Controller

443, 389 Hybrid Linked Mode


Cloud SDDC vCenter Server

443 Hybrid Linked Mode


VMware, Inc. 33

Source Destination Port Purpose


Cloud ESXi host 902 Virtual Machine Console


On-premises Active Directory server (ports dependent on your usage)

389, 636, 3268, 3269 Identity source


https://vcgw-updates.vmware.com/

443 Cloud Gateway Auto-update

The following figure shows the ports required to be open for linking with the vCenter Cloud Gateway Appliance.

Prerequisites for Linking from the VMware Cloud on Dell EMC SDDCThe following prerequisites apply when linking from the VMware Cloud on Dell EMC SDDC:

n Your on-premises vCenter Server system is running one of the following:

n vSphere 6.0 Update 3 patch c and later.

n vSphere 6.5 patch d and later.

n Ensure that you have the login credentials for your on-premises vSphere SSO domain.

n Ensure that you have login credentials for a user who has a minimum of read-only access to the Base DN for users and groups in your on-premises environment. This is used when adding an identity source.


VMware, Inc. 34

n Ensure that an on-premises DNS server is configured for your management gateway so that it can resolve the FQDN for the identity source and on-premises VMware Cloud on Dell EMC systems.

n Ensure that your on-premises gateway or firewall allows access to the necessary ports from your SDDC for the following services.

Source Destination Ports Purpose

VMware Cloud on Dell EMC SDDC

On-premises vCenter Server 443 Hybrid Linked Mode


On-premises Platform Service Controller

389, 443 Hybrid Linked Mode


On-premises Active Directory server (ports dependent on your usage)

389, 636, 3268, 3269 Identity Source


On-premises DNS 53 Resolving FQDN of on-premises vCenter and Active Directory Server


On-premises ESXi host 902 Virtual Machine Console

The following figure shows the ports that are required to be open for linking from the VMware Cloud on Dell EMC SDDC.

Configure vCenter SettingsYou can configure the Fully Qualified Domain Name (FQDN) to resolve to a vCenter public IP address or a vCenter private IP address.

Prerequisites



VMware, Inc. 35

Procedure




4 Click vCenter Settings.

5 In the Access drop-down menu, select one of the following:

n Via Internal Network Only: FQDN resolves to the vCenter private IP address.

n Via the Internet: FQDN resolves to the vCenter public IP address.

Configure DNS Forwarding for Management NetworkConfigure DNS forwarding to resolve to the on-premises Fully Qualified Domain Name (FQDN).

Prerequisites


Procedure




4 Click Network > Network & Security > DNS.

5 Click DNS Zones.

6 Click corresponding to the Management Gateway Default Zone DNS server address that you want to configure.

7 Edit the DNS server address in the DNS Servers text box.

Configure Hybrid Linked Mode with vCenter Cloud Gateway ApplianceInstall and configure the vCenter Cloud Gateway Appliance to enable Hybrid Linked Mode from your on-premises environment.


VMware, Inc. 36





Prerequisites

Ensure that you have fulfilled Prerequisites for Configuring Hybrid Linked Mode before configuring Hybrid Linked Mode.

Procedure

1 Installing and Configuring the vCenter Cloud Gateway Appliance

The Cloud Gateway Appliance is an appliance installed in your on-premises data center. It connects an on-premises data center to your VMware Cloud on Dell EMC SDDC.

2 Link the vCenter Cloud Gateway Appliance to Your VMware Cloud on Dell EMC SDDC from the Gateway Client UI

Use this procedure to link the vCenter Cloud Gateway Appliance to your VMware Cloud on Dell EMC SDDC using Hybrid Linked Mode.

Installing and Configuring the vCenter Cloud Gateway ApplianceThe Cloud Gateway Appliance is an appliance installed in your on-premises data center. It connects an on-premises data center to your VMware Cloud on Dell EMC SDDC.

Install the vCenter Cloud Gateway Appliance from the Graphical InstallerDownload and install the vCenter Cloud Gateway Appliance if you want to enable Hybrid Linked Mode from your on-premises SDDC or access other features of the vCenter Cloud Gateway Appliance.

Prerequisites

Verify that the host on which you intend to the install the vCenter Cloud Gateway Appliance appliance meets the following hardware requirements.

Hardware Minimum required

CPUs 8

Memory 24 GB

Storage 190 GB

Procedure

1 Download the VMware vCenter Cloud Gateway appliance from https://my.vmware.com/en/web/vmware/details?downloadGroup=VMC_GA&productId=664.

You are directed to My VMware, where you can complete the download of the appliance installer ISO image.

2 In the installer ISO image, browse to the ui-installer folder and open the folder for the operating system from which you want to install the appliance.

n For Windows OS, go the win32 subdirectory and run the installer.exe file.

n For Linux OS, go to the lin64 subdirectory, and run the installer file.


VMware, Inc. 37

https://my.vmware.com/en/web/vmware/details?downloadGroup=VMC_GA&productId=664


n For Mac OS, go to the mac subdirectory and run the Installer.app file.

3 Click Get Started.

4 Under Deploy vCenter Cloud Gateway, click Start.

5 Accept the End-User License agreement.

6 Specify the Gateway deployment parameters and click Next.

Option Steps

You can connect to an ESXi host on which to deploy the appliance.

1 Enter the FQDN or IP address of the ESXi host.

2 Enter the HTTPS port of the ESXi host.

3 Enter the user name and password of a user with administrative privileges on the ESXi host, for example, the root user.

4 Click Next.5 Verify that the certificate warning displays the SHA1 thumbprint of the SSL certificate that is

installed on the target ESXi host, and click Yes to accept the certificate thumbprint.

You can connect to a vCenter Server instance and browse the inventory to select an ESXi host or DRS cluster on which to deploy the appliance.

1 Enter the FQDN or IP address of the vCenter Server instance.

2 Enter the HTTPS port of the vCenter Server instance.

3 Enter the user name and password of user with vCenter Single Sign-On administrative privileges on the vCenter Server instance, for example, the administrator@your_domain_name user.

4 Click Next.5 Verify that the certificate warning displays the SHA1 thumbprint of the SSL certificate that is

installed on the target vCenter Server instance, and click Yes to accept the certificate thumbprint.

6 Select the data center or data center folder that contains the ESXi host or DRS cluster on which you want to deploy the appliance, and click Next

Note You must select a data center or data center folder that contains at least one ESXi host that is not in lockdown or maintenance mode.

7 Select the ESXi host or DRS cluster on which you want to deploy the appliance, and click Next.

7 Set up the target appliance VM and click Next.

Parameter Description

VM name Enter a name for the vCenter Cloud Gateway Appliance VM. The appliance name must not contain a percent sign (%), backslash (\), or forward slash (/) and must be no more than 80 characters in length.

Set root password Set a root password for the vCenter Cloud Gateway Appliance VM.

The password must contain only lower ASCII characters without spaces, at least eight characters, a number, uppercase and lowercase letters, and a special character, for example, an exclamation mark (!), hash key (#), at sign (@), or brackets (()).

Confirm root password Confirm the password you set above.


VMware, Inc. 38

8 Select the datastore location for the vCenter Cloud Gateway Appliance and click Next.

a Select the datastore where you want to place the vCenter Cloud Gateway Appliance.

b Select Enable Thin Disk Mode to conserve disk space by deploying the appliance using a thin disk.

9 Configure the network settings for the appliance and click Next.

Parameter Description

Network Select the network.

The networks displayed in the drop-down menu depend on the network settings of the target server. If you are deploying the appliance directly on an ESXi host, non-ephemeral distributed virtual port groups are not supported and are not displayed in the drop-down menu.

IP version Select the version for the appliance IP address.

You can select either IPv4 or IPv6.

IP assignment Select how to allocate the IP address of the appliance.

n static

The wizard prompts you to enter the IP address and network settings.

Note Avoid using an IP address as a system name. If you use an IP address as a system name, you cannot change the IP address and update the DNS settings after deployment.

n DHCP

A DHCP server is used to allocate the IP address. Select this option only if a DHCP server is available in your environment.

FQDN If you have an enabled DDNS in your environment, you can enter a fully qualified domain name (FQDN) for the appliance. If you enter a FQDN that exists, the installer warns you that this will cause an error in deployment unless you isolate the network that the appliance is on. For example, you can deploy the appliance on a different port group from the existing FQDN.

IP address If you selected a static IP address, enter the IP address for the appliance. If you enter an IP address that exists, the installer warns you that this will cause an error in deployment unless you isolate the network that the appliance is on. For example, you can deploy the appliance on a different port group from the existing IP address.

Subnet mask or prefix length Enter the subnet mask or prefix length for the IP address.

Default Gateway Enter the default gateway to be used by the appliance.

DNS Servers Enter the addresses of the DNS servers used by the appliance.

10 Configure appliance Settings and click Next.

n Select Synchronize Time with NTP servers and enter the address of one or more NTP servers in the text box to use NTP servers for time synchronization.

n Select Synchronize Time with ESXi host to synchronize time to the host you're deploying to.

11 Log in to your on-premises SSO domain and click Next.

12 Click Yes to accept the certificate warning.


VMware, Inc. 39

13 Click Finish to deploy the appliance.

Results

The vCenter Cloud Gateway Appliance is deployed to your on-premises environment. A progress bar shows the progress of deployment.

What to do next

After you have installed the appliance, consider configuring appliance log collection following the guidelines in VMware Knowledge Base article 67158. Appliance logs are useful when requesting support.

Install the vCenter Cloud Gateway Appliance Using the Command-Line InstallerUse the command-line installer to script or automate your Cloud Gateway Appliance installation.

Prerequisites

Verify that the host on which you intend to the install the vCenter Cloud Gateway Appliance appliance meets the following hardware requirements.

Hardware Minimum required

CPUs 8

Memory 24 GB

Storage 190 GB

Procedure

1 Download the VMware vCenter Cloud Gateway appliance from https://my.vmware.com/en/web/vmware/details?downloadGroup=VMC_GA&productId=664.

You are directed to My VMware, where you can complete the download of the appliance installer ISO image.

2 Prepare a JSON template for the installation.

a In the installer ISO image, browse to the cli-installer/templates folder.

This folder contains sample JSON templates for installing the vCenter Cloud Gateway Appliance either directly on an ESXi host or through a vCenter Server system.

b Copy a template to a working directory and edit it to include the necessary parameters.

For more information about available template parameters, invoke the installer with the option --template-help. For example, on Windows, enter vcgw-deploy.exe install --template-help.

3 From the command line, change to the cli-installer folder and run the installation prechecks.

n For Windows OS, enter vcgw-deploy.exe install path-to-template --precheck-only.

n For Linux OS, enter vcgw-deploy install path-to-template --precheck-only.


VMware, Inc. 40




n For Mac OS, enter vcgw-deploy install path-to-template --precheck-only.

The prechecks identify problems with the template and parameters provided, so that you can fix any errors before launching the installation.

4 Launch the installer.

n For Windows OS, enter vcgw-deploy.exe install path-to-template --accept-eula.

n For Linux OS, enter vcgw-deploy install path-to-template --accept-eula.

n For Mac OS, enter vcgw-deploy install path-to-template --accept-eula.

What to do next

Link the vCenter Cloud Gateway Appliance to your cloud SDDC as described in Link the vCenter Cloud Gateway Appliance to Your VMware Cloud on Dell EMC SDDC from the Gateway Client UI.

Replace the Certificate for the vSphere Cloud Gateway ApplianceYou can replace the certificate for the Cloud Gateway Appliance when the certificate expires or when you want to use a certificate from another certificate provider.

Prerequisites

Generate certificate signing requests (CSRs) for each certificate you want to replace. Provide the CSR to your Certificate Authority. When the Certificate Authority returns the certificate, place it in a location that you can access from the Cloud Gateway Appliance.

Procedure

1 In a web browser, go to http://cga-address/ui where cga-address is the IP address or FQDN of the vCenter Cloud Gateway Appliance.

2 Log in with your on-premises credentials.

3 Navigate to the Certificate Management UI.

a From the Home menu, select Administration.

b Under Certificates, click Certificate Management.

4 Enter your credentials and click Login and Manage Certificates.

5 On the Machine SSL Certificate, select Actions > Replace.

6 Click the browse button on the Certificate Chain and provide the path of the certificate chain file.

This file should contain the machine SSL certificate, the Root CA certificate, and the entire chain of trust.

7 Click the browse button on the private key and provide the private key for the certificate.

8 Click Replace.


VMware, Inc. 41

What to do next

When the certificate is successfully replaced, restart all services on the Cloud Gateway Appliance. See https://kb.vmware.com/s/article/2109887.

Backing Up the Cloud Gateway ApplianceBacking up the Cloud Gateway Appliance is not necessary, because it is stateless and can be redeployed if needed.

File-based backup and restore solutions are not supported for the Cloud Gateway Appliance..

Link the vCenter Cloud Gateway Appliance to Your VMware Cloud on Dell EMC SDDC from the Gateway Client UIUse this procedure to link the vCenter Cloud Gateway Appliance to your VMware Cloud on Dell EMC SDDC using Hybrid Linked Mode.

Prerequisites

n You must have Administrator privileges to perform the tasks specific to linking the vCenter Cloud Gateway Appliance to your VMware Cloud on Dell EMC SDDC.

n You must have installed the vCenter Cloud Gateway Appliance. See Install the vCenter Cloud Gateway Appliance from the Graphical Installer.

Procedure

1 Under Configure Hybrid Linked Mode, click Start.

2 Enter your on-premises SSO settings and user groups that can access vCenter, and then click Finish.

Option Description

vCenter Server in VMC Enter the IP address or FQDN of the VMware Cloud on Dell EMC vCenter Server.

Username Enter the Single Sign-On administrator user name in the form user@sso-domain.

Password Enter the Single Sign-On administrator password.

Identity Source Select the identity source.

Group Enter the name of the group. Configuring SSO takes approximately 2–3 minutes.

3 Accept the certificate.

4 Click Launch vSphere Client and Connect to the VMware Cloud on Dell EMC vCenter Server.

Option Description

User Name Enter the user name for Cloud Administrator.

Password Enter the password for Cloud Administrator.


VMware, Inc. 42


5 Add the groups you have defined in your on premises environment to serve as cloud administrator groups.

a Select the on-premises identity source.

b Enter the name of the administrator group in the search box and select the group.

6 Log in to your Cloud Gateway Appliance using the on-premises SSO domain.

What to do next

When the linking process is complete, you can use the Cloud Gateway Appliance to view and manage the inventories of your on-premises and VMware Cloud on Dell EMC SDDCs. Access this interface at http://cga-address/ui where cga-address is the IP address or FQDN of the Cloud Gateway Appliance.

Configuring Hybrid Linked Mode from the VMware Cloud on Dell EMC SDDCAs an alternative to using the vCenter Cloud Gateway Appliance, you can configure Hybrid Linked Mode from the VMware Cloud on Dell EMC SDDC.

Prerequisites

Ensure that you have fulfilled the Prerequisites for Configuring Hybrid Linked Mode before configuring Hybrid Linked Mode.

Procedure

1 Add an Identity Source to the SDDC LDAP Domain

2 Determine which of your on-premises users need cloud administrator permissions and perform the following:

a Add the users to a group within your identity source.

b Ensure that this group has access to your on-premises environment and VMware Cloud on Dell EMC SDDC.

3 Link to an On-Premises Data Center.

Add an Identity Source to the SDDC LDAP DomainThe first step toward configuring Hybrid Linked Mode from your SDDC is to add your on-premises LDAP domain as an identity source for the SDDC vCenter Server.

You can configure Hybrid Linked Mode from your SDDC if your on-premises LDAP service is provided by a native Active Directory (Integrated Windows Authentication) domain or an OpenLDAP directory service.

Important If you are using OpenLDAP as the identity source, see the VMware knowledge base article at http://kb.vmware.com/kb/2064977 for additional requirements.


VMware, Inc. 43

http://kb.vmware.com/kb/2064977

Prerequisites

Ensure that you meet the Common Prerequisites in Prerequisites for Configuring Hybrid Linked Mode.

Procedure

1 Log in to the vSphere Client for your SDDC.

To add an identity source, you must be logged in as [email protected] or another member of the Cloud Administrators group.

2 Bring up the Add Identity Source dialog.

Use case Description

Hybrid Linked Mode a Select Menu > Administration.

b Under Hybrid Cloud, select Linked Domains.

c Under Add Cloud Administrator, select Add Identity Source from the Identity Source drop-down menu.

All other use cases a Select Menu > Administration.

b Under Single Sign On, click Configuration.

c Click Identity Sources and click Add.

3 Configure the identity source settings.

Option Description

Identity Source Type Select Active Directory as an LDAP Server to use a Windows Active Directory Server or OpenLDAP to use an OpenLDAP server.

Name Enter the name of the identity source.

Base DN for users Enter the Base Distinguished Name for users.

Base DN for groups Enter the Base Distinguished Name for groups.

Domain Name FQDN of the domain. Do not enter an IP address here.

Domain Alias Enter an alias for the domain.

For Active Directory identity sources, the domain's NetBIOS name. Add the NetBIOS name of the Active Directory domain as an alias of the identity source if you are using SSPI authentications.

Username Enter the ID of a user in the domain who has a minimum of read-only access to Base DN for users and groups. Use UPN format (for example, [email protected]), rather than DN format.

Password Enter the password of the user who is specified by Username.


VMware, Inc. 44

Option Description

Connect To Select which domain controller to connect to.

n Select Any domain controller in the domain to connect to any domain controller.

n Select Specific domain controllers to specify the domain controllers.

If you select Specific domain controllers, specify the URL for the primary server and the secondary server used for failover. Use the format ldap://hostname:port or ldaps://hostname:port. The port is typically 389 for ldap: connections and 636 for ldaps: connections. For Active Directory multi-domain controller deployments, the port is typically 3268 for ldap: connections and 3269 for ldaps: connections.

SSL Certificates If you use ldaps:, select Browse and select a certificate file to upload to provide security for the ldaps: connection. Certificates can be exported in several formats. Be sure to export the format supported by the Identity Source Type you've chosen.

Results

When the identity source is added, on-premises users can authenticate to the SDDC, but have the No access role. Add permissions for a group of users to give them the Cloud Administrator role.

Link to an On-Premises Data CenterTo complete the configuration of Hybrid Linked Mode from the cloud SDDC, link your on-premises data center from your VMware Cloud on Dell EMC vCenter Server.

Procedure

1 If you haven't already, log in to the vSphere Client for your SDDC and browse to the Linked Domains page.

a Select Menu > Administration to display the Administration page.

b Under Hybrid Cloud, select Linked Domains.

2 Connect to the on-premises vCenter Server.

Option Description

Platform Services Controller Enter the IP address or FQDN of the Platform Services Controller instance in your on-premise data center.

HTTPS Port Enter the HTTPS port used by the Platform Services Controller.

Username Enter the username for the on-premises SSO administrator.

Password Enter the password for the on-premises SSO administrator.


VMware, Inc. 45

3 Add the groups you have defined in your on-premises environment to serve as cloud administrator groups.

a Select the on-premises identity source.

If you haven't already added the on-premises identity source, do so as described in Add an Identity Source to the SDDC LDAP Domain.

b Enter the name of the administrator group in the search box and select the group.

4 Click Link.


VMware, Inc. 46

Get Help and Support 11You can get help and support in using your VMware Cloud on Dell EMC environment.

Procedure

1 Before you contact VMware for support, have the SDDC information ready.

a Log in to the VMware Cloud Services Console at https://console.cloud.vmware.com/csp/gateway/discovery.

b Click VMware Cloud on Dell EMC service.

c Click the SDDC name to view the details.

d Click Support to view the SDDC information.

2 Select a method for getting help or support.

Option Description

Chat Click and click Chat with VMware Support. Enter your message in the chat window. You can include images by dragging them into the chat window.

Note This support is available from Monday through Friday between 8:00 AM PST to 6:00 PM PST.

Support request You can file a support request online or contact the VMware technical support team by phone.

For information on filing a support request from the VMware Cloud on Dell EMC portal, see Creating Support Request.

For information on filing a support request by phone, see https://www.vmware.com/support/file-sr.html.

Creating Support RequestYou can create a support request from the VMware Cloud on Dell EMC portal.

Procedure


VMware, Inc. 47



https://www.vmware.com/support/file-sr.html

https://www.vmware.com/support/file-sr.html



2 Click > Support Requests.

The Link VMware ID window appears.

3 Enter your email ID and click Next.

You are redirected to the Support Center tab.

Note If you do not have a VMware ID, click Create a VMware ID to create one.

4 Click Create Support Request.

The Create Support Request form appears.

5 Enter the required details.

Select the category as VMware Cloud on Dell EMC and ensure that the time zone reflects your local time.

6 Click Submit to create the support request.

Your support request is listed in the Support Center tab and you can view the details. Also, an email notification is sent to your registered email ID with the subject Support Request <Support Request Number> Received [ref:_<Reference Number>:ref].


VMware, Inc. 48

VMware Cloud on Dell EMC User Guide - VMware Cloud on Dell EMC › en ›...

Documents

Transcript of VMware Cloud on Dell EMC User Guide - VMware Cloud on Dell EMC › en ›...