azarpara.vahid@gmail.

com

VMware ou on A : Dep oy,

~on igure, Manage 2 :_: 21

Lab Manual

VMware® Education Services

VMware, Inc.
www.vmware.com/ education

mcse2012.blogfa.com
 [email protected]

VMware Cloud on A WS: Deploy, Configure, Manage 2021

Lab Manual

Cloud on AWS

Part Number EDU-EN-A WSDCM2021-LAB (08-APR-2022)

Copyright © 2022 VMware, Inc. All rights reserved. This manual and its accompanying
materials are protected by U.S. and international copyright and intellectual property laws.
VMware products are covered by one or more patents listed at
http://www.vmware.com/go/patents. VMware is a registered trademark or trademark of
VMware, Inc. in the United States and/or other jurisdictions. All other marks and names
mentioned herein may be trademarks of their respective companies. VMware vSphere®
vMotion®, VMware vSphere® Replication™, VMware vSphere® Client™, VMware vSphere®
2015, VMware vSphere®, VMware vRealize® Network Insight Cloud™, VMware vRealize®
Log Insight Cloud™, VMware vRealize®, VMware vCloud®, VMware vCenter Server®,
VMware View®, VMware Horizon® View™ , VMware Verify™ , VMware Transit Connect™,
VMware Site Recovery™ for VMware Cloud™ on AWS, VMware HCX®, VMware HCX® for
Telco Cloud, VMware Customer Connect™, VMware Cloud™ on A WS, VMware Cloud™ on
A WS GovCloud (US), VMware Cloud™ on A WS Outposts, VMware Site Recovery
Manager™, VMware Site Recovery™, VMware Platform Services Controller™, VMware NSX
Cloud™, VMware NSX®, VMware vCenter® Log Insight™, vCenter Linked Mode, VMware
HCX® Enterprise, VMware Go™, Elastic DRS for VMware Cloud™ on A WS, VMware ESXi™,
and VMware ESX® are registered trademarks or trademarks of VMware, Inc. in the United
States and/ or other jurisdictions

The training material is provided "as is," and all express or implied conditions, representations,
and warranties, including any implied warranty of merchantability, fitness for a particular
purpose or noninfringement, are disclaimed, even if VMware, Inc., has been advised of the
possibility of such claims. This material is designed to be used for reference purposes in
conjunction w ith a training course.

The training material is not a standalone training tool. Use of the training material for self-
study without class attendance is not recommended. These materials and the computer
programs to which it relates are the property of, and embody trade secrets and confidential
information proprietary to, VMware, Inc., and may not be reproduced, copied, disclosed,
transferred, adapted or modified w ithout the express written approval of VMware, Inc.

www.vmware.com/ education

mcse2012.blogfa.com
Typographical Conventions

The following typographical conventions are used in this course.

Conventions Usage and Examples

Mono space Identifies command names, command options, parameters, code

fragments, error messages, filenames, folder names, directory names,
and path names:

• Run the esxtop command.

• ... found in the /var I log /messages file.

Mono space Identifies user inputs:

Bold
• Enter ipconfig /release.

Boldface Identifies user int erface controls:

• Click the Configuration tab.

Italic Identifies book titles:

• vSphere Virtual Machine Administration

<> Indicates placeholder variables:

• <ESXi host name>

• ... the Sett i ngs/ <Your_Narne>. txt file

www.vmware.com/ education
 '-'ontents

Lab 1 (Simulation) Creating an Amazon VPC ........................................................................ 1

Task 1: Create the Amazon V PC ................................................................................................................................. 2
Task 2: Verify the Components o f the Amazon V PC ......................................................................................... 2

Lab 2 (Demonstration) VMware Cloud Identity and Access Management .............. 5

Task 1: Log In to VMware Cloud ..................................................................................................................................6
Task 2: Add a User and Assign Service Access Roles ....................................................................................... 6
Task 3: Log In as the New User ................................................................................................................................... 7

Lab 3 Deploying a vSphere SDDC in VMware Cloud ....................................................... 9

Task 1: Log In to VMware Cloud ................................................................................................................................10
Task 2: Create an SDDC and Connect Your AWS Account .......................................................................... 10

Lab 4 Adding and Deleting Clusters in an SDDC .............................................................. 13

Task 1: Add a Cluster to the SDDC .......................................................................................................................... 14
Task 2: Add Hosts to the Cluster .............................................................................................................................. 15
Task 3: Remove a Host from the Cluster ............................................................................................................... 15
Task 4: Delete the Cluster from the SDDC ........................................................................................................... 16
Lab 5 Connecting to vCenter Server .....................................................................................17
Task 1: Record the Network Information ................................................................................................................ 18
Task 2: Create the Groups ........................................................................................................................................... 19
Task 3: Create the Firewall Rules ............................................................................................................................. 20
Task 4: Log In t o the VMware Cloud SDDC vCenter Server Instance ...................................................... 22

Lab 6 Creating a Virtual Machine ........................................................................................... 23

Task 1: (Optional) Log In to the vCenter Server Instance in the V Mware Cloud SDDC ...................... 24
Task 2: Create a Subscribed Content Library ..................................................................................................... 25

•
IV
Task 3: Create a Virtual Machine ...............................................................................................................................27
Task 4: Verify Network Connectivity for the V irtual Machine ....................................................................... 28
Task 5: Allow Outbound Network Access for the Virtual Machine ............................................................. 29
Lab 7 Creating a Policy-Based VPN ...................................................................................... 31
Task 1: Log In to the On-Premises vCenter Server Instance ......................................................................... 32
Task 2: Create a Policy-Based VPN ........................................................................................................................ 33
Task 3: Configure an On-Premises VPN ................................................................................................................ 34
Task 4: Verif y the Policy-Based V PN ..................................................................................................................... 35
Task 5: Verify Connectivity Over the V PN .......................................................................................................... 36

Lab 8 Creating Services and Groups .....................................................................................37

Task 1: Create Services ................................................................................................................................................ 38
Task 2: Create Groups ................................................................................................................................................. 39
Task 3: Apply Groups and Services to Firewall Rules ...................................................................................... 40
Task 4: Create a Firewa ll Rule for Amazon EFS and Amazon RDS ............................................................. 41
Lab 9 Configuring a Layer 2 VPN and Extended Network ......................................... 43
Task 1: Configure a Layer 2 V PN Tunnel in the SDDC ..................................................................................... 44
Task 2: Configure a Layer 2 V PN Tunnel in the On-Premises Environment ............................................ 45
Task 3: Configure a Layer 2 V PN Extended Segment .................................................................................... 4 7
Task 4: Configure the Management Gateway DNS Forwarder ................................................................... 47
Lab 10 Connecting VMs to Amazon Web Services ....................................................... 49
Task 1: Obtain Amazon EFS and Amazon RDS Details .................................................................................... 50
Task 2: (Optional) Log In to the vCenter Server Instance in the VMware Cloud SDDC ..................... 52
Task 3: Verify Connectivity to Amazon Services .............................................................................................. 52
Task 4: Mount Amazon EFS and Connect Amazon RDS to the VM Application .................................. 53

Lab 11 Connecting a Virtual Machine to a Public IP Address ....................................... 55

Task 1: Request a Public IP Address ....................................................................................................................... 56
Task 2: Add a NAT Rule for the Virtual Machine ................................................................................................ 56
Task 3: Create a Firewall Rule ....................................................................................................................................57
Task 4: Connect to Your New Public-Facing Virtual Machine ....................................................................... 58

Lab 12 Deploying VMware Cloud Add-Ons ....................................................................... 59

Task 1: Deploy VMware HCX .....................................................................................................................................60
Task 2: Activate Site Recovery ................................................................................................................................. 61

Lab 13 Configuring Hybrid Linked Mode ............................................................................. 63

v
Task 1: (Optional) Log In to the vCenter Server Instance in the VMware Cloud SDDC ...................... 64
Task 2: Add an Identity Source for the SDDC vCenter Server .................................................................... 64
Task 3: Configure Hybrid Linked Mode from the Cloud SDDC .................................................................... 65
Task 4: Access the Virtual Machine Application ................................................................................................. 67
Task 5: Migrate a Virtual Machine from On-Premises to VMware Cloud .................................................. 67
Lab 14 Configuring and Using VMware HCX ..................................................................... 69
Task 1: Verify VMware HCX Deployment ............................................................................................................. 70
Task 2: Create the Firewall Rules for VMware HCX ...........................................................................................71
Task 3: Download the HCX Enterprise Client OVA File ...................................................................................72
Task 4: Deploy the VMware HCX Manager VM from an OVF Template ..................................................72
Task 5: Activate and Configure VMware HCX ................................................................................................... 7 4
Task 6: Create a Site Pairing and Service Mesh .................................................................................................. 75
Task 7: Create a Network Extension ...................................................................................................................... 80
Task 8: Use VMware HCX to Migrate a VM .......................................................................................................... 81
Lab 15 Performing Operations with API .............................................................................. 83
Task 1: Run AP I Commands Against VMware Cloud on A WS ..................................................................... 84
Task 2: Generate a New API Token in VMware Cloud Services ................................................................. 87
Task 3: Create an Env ironment in Postman by Using a Token ..................................................................... 88
Task 4: Generate an Access Token Using Postman ......................................................................................... 89
Task 5: Use Postman t o View a List of SDDCs .................................................................................................. 90
Task 6: Update Environmental Variables in Postman ........................................................................................ 91
Task 7: Use Postman to Get Primary Cluster Information ............................................................................... 91
Lab 16 Deploying Site Recovery Instances ........................................................................ 9 3
Task 1: Deploy the On-Premises Site Recovery Components ..................................................................... 94
Task 2: Register the On-Premises vSphere Replication Instance with vCenter Server ...................... 99
Task 3: Register the On-Premises Site Recovery Instance w ith vCenter Server ............................... 100
Task 4: Create the Firewall Rules for VMware Site Recovery ..................................................................... 101
Task 5: Create a Site Pair .......................................................................................................................................... 103

Lab 17 Using Site Recovery .................................................................................................... 105

Task 1: Create VMware Cloud Network Segments ......................................................................................... 106
Task 2: Access the Site Recovery Management Interface ...........................................................................107
Task 3: Create Site Recovery Inventory Mappings ......................................................................................... 108
Task 4: Configure Site Recovery Replications ..................................................................................................... 111
Task 5: Run a Recovery Plan and Reprotect Operation on a Virtual Machine ........................................ 112

•
VI
Lab 18 Creating SDDC Groups ................................................................................................ 113
Task 1: Create an SDDC Group .................................................................................................................................114
Task 2: Unlink the Cloud SDDC from Hybrid Linked Mode ............................................................................114
Task 3: Link vCenter Server Instances in an SDDC Group ............................................................................. 115
Task 4: Remove SDDCs from an SDDC Group and Delete an SDDC Group ......................................... 116

••
VII
 •••
V III
 •
La 1 imu ation reat1ng an
Amazon VP

Objective and Tasks

Create an A mazon virtual private cloud (VPC) that can be used to deploy a VMware Cloud on
AWS SDDC:

1. Creat e the Amazon VPC

2. Verify the Components of the Amazon VPC

To open the simulation, go t o https://vmware.bravais.com/s/3XOicBdcGEhni9KXGf7h.

Your browser has a bookmark called Create Amazon VPC - iSIM in the VMC on AWS
bookmarks folder.

IMPORTANT

Do not refresh, navigat e away from, or minimize the browser hosting the simulation. These
actions can pause the simulation after which it might not continue.

1
Task 1: Create the Amazon VPC
You create a Amazon VPC and associated components for later use with a VMware Cloud on
AWS SDDC.

1. Under Recently visited services, select VPC.

2. Click Launch VPC W izard.

3. To create a VPC with a single public subnet, click Select.

4. Click the VPC name text box to populate it wit h New VMC-VPC.

5. Under Service endpoints, select Add Endpoint.

6. Select the Service drop-down menu.

7. Select the S3 service.

8. Click the scroll bar to move down the webpage.

9. Click Create VPC.

10. Click OK.

Task 2: Verify the Components of the Amazon VPC

You verify and examine the components of the newly created Amazon VPC.

1. Select New-VMC-VPC from the list.

Record the VPC ID and Network AC L ID.

2. In the VPC Dashboard navigation menu on the left, select Subnets.

3. Select the new Public subnet with the matching VPC ID.

4. In the VPC Dashboard navigation menu, select Route Tables.

5. Select the route table with the matching Route Table ID and subnet association.

6. Select the Routes tab for the new route table.

7. Click the scroll bar to view all of the routes.

8. In the VPC Dashboard navigation menu, select Internet Gateways and review the details.

9. In the VPC Dashboard navigation menu, select Endpoints.

10. Select the endpoint with the matching VPC ID and review the details.

11. In the VPC Dashboard navigation menu, select Network ACLs.

12. Select the matching Network ACL and review the details.

2
13. Select the Inbound Rules t ab for the new network ACL.

14. Click t he scroll bar to v iew all of t he inbound ru les.

15. Select the Outbound Rules tab.

16. In the VPC Dashboard navigation menu, select Security Groups.

17. Select the Security Group wit h the matching VPC ID and review the det ails.

18. Select the Inbound Rules t ab for the new security group.

19. Select the Outbound Rules tab.

20. Close the simulation browser tab.

3
4
 VMware

Objective and Tasks

Access the VMware Cloud services console:

1. Log In to VMware Cloud

2. Add a User and Assign Service Access Roles

3. Log In as the New User

NOTE

Your instructor w ill demonst rate this lab. Organization members do not have t he required
permissions t o access VMware Cloud Identity and Access Management.

5
Task 1: Log In to VMware Cloud
You log in to t he VMware Cloud services console so that you can assign service access roles.

1. Click t he Google Chrome icon on the t askbar.

2. In the browser, go to https:/ /vmc.vmware.com

Your browser has a bookmark called VMware Cloud Services - Log In in t he VMC on AWS
bookmarks folder.

The VMware Cloud Services page opens.

3. Click SIGN IN .

4. In the Email address text box, enter your email address and click NEXT.

5. Enter your password.

6. Click SIGN IN .

Task 2: Add a User and Assign Service Access Roles

You use identity and access management settings to add permissions for a new user.

1. In the SD DC console, click the VMware Cloud Services Applications Menu icon (nine-dot
icon) in t he top-right corner.

2. Under A DMI NISTR A TION, select Identity & Access Management.

3. On the Active Users page, click ADD USERS.

4. In the Email Addresses text box, enter an email address.

5. In the Assign Organization Roles drop-down menu, select Organization Owner.

6. Select the Support User check box.

7. Under Assign Service Roles, click ADD SERVICE ACCESS.

8. In the first drop-down menu for assigning service roles, select VMware Cloud on A WS.

9. In the second drop-down menu (with roles), select Administrator, NSX Cloud Admin, and
NSX Cloud Auditor and click SELECT.

10. Click ADD SERVICE ACCESS.

11. In the first drop-down menu, select VMware HCX wit h role Administrator as the default
value.

12. Click ADD SERVICE ACCESS.

13. In the first drop-down menu, select VMware vRealize Log Insight Cloud with role vRealize
Log Insight Cloud Admin as t he default value.

6
14. Click ADD SERVICE ACCESS.

15. In the first drop-down menu, select VMware vRealize Network Insight Cloud with role
Network Insight Administrator as t he default value.

16. Click ADD.

17. Click t he Pending Invitations tab.

Your new user persists under Pending Invitations until the user accepts the invit ation.

You can also resend or revoke an invitation from this page.

Task 3: Log In as the New User

You log out of VMware Cloud and log in as the newly creat ed user.

1. From t he User Name drop-down menu, click SIGN OUT.

You are signed out of VMware Cloud services.

2. Click SIGN IN AGAIN .

3. Click Sign in using another account.

4. In the Email address text box, enter t he new email address and click NEXT.

5. Enter your new password.

6. Click SIGN IN .

7
8
 •
La 1n
VMware

Objective and Tasks

Deploy a VMware Cloud SDDC:

1. Log In to VMware Cloud

2. Create an SDDC and Connect Your A WS Account

9
Task 1: Log In to VMware Cloud
You log in to the VMware Cloud services console.

1. Click the Google Chrome icon on the taskbar.

2. In the browser, go to https:/ /vmc.vmware.com

Alternatively, your browser has a bookmark called VMware Cloud Services - Log In in the
VMC on A WS bookmarks folder.

The VMware Cloud Services login page appears.

3. Click SIGN IN .

4. In the Email address text box, enter your student email address and click NEXT.

This email address is provided by your instructor.

5. In the Password text box, enter your student password.

This password is provided by your instructor.

6. Click SIGN IN .

The VMware Cloud Services landing page appears.

7. Verify that you are logged in to the correct VMware Cloud Organization.

a. Click the user name drop-down menu in the top-right corner.

The VMware Cloud Organization name appears under your user name.

b. If the organization name does not correspond w ith your assigned organization, select
the correct organization in the Change Organization drop-down menu.

8. Under My Services, click VMware Cloud on A WS.

Task 2: Create an SDDC and Connect Your AWS Account

You create a software-defined data center (SDDC) in the SDDC console.

NOTE

Zerocloud is a simulated SDDC and does not have any physical back-end resources.

1. From the VMware Cloud landing page, click Inventory in the left pane.

2. Click CREATE SDDC.

The Create Software-Defined Data Center (SDDC) wizard opens.

10
3. On the SDDC Properties page, configure t he options.

Option Action

Cloud Select ZEROCLOUD.

Do not select A WS.

AWS Region Select US West (Oregon).

Deployment Select Multi-Host.

Host Type Select 13 (Local SSD).

SDDC Name Enter ZEROCLOUD-<SDDC ID>

For example, enter ZEROCLOUD-studentl

Number of Hosts Select 1.

4. Click NEXT.

A connection to your A WS account is successfully established.

5. On the Connect to A WS page, click NEXT.

6. On the VPC and subnet page, select the VPC (assigned by your instructor) in the VPC drop-
down menu.

It might take a few minutes for the VPC drop-down menu to populate.

7. In the Subnet drop-down menu, select the first subnet in the list and click NEXT.

8. On the Configure Network page, accept the default and click NEXT.

9. Select the Charges start once your SDDC has finished deploying. Accrued charges will be
billed at end of the month check box.

10. Select the Pricing is per host-hour consumed for each host, from the time a host is
launched until it is deleted check box.

11. Click DEPLOY SDDC.

11
12
 •
La 4 A 1ng an usters in
an DD

Objective and Tasks

Use a custom core count to add a cluster to an SDDC and then delete this cluster:

1. Add a Cluster to the SDDC

2. Add Hosts to the Cluster

3. Remove a Host from the Cluster

4. Delete the Cluster from the SDDC

13
Task 1: Add a Cluster to the SDDC
You add a new cluster to the SDDC and configure a custom core count for the hosts.

1. From the VMware Cloud console, click VIEW DETAILS on your Zerocloud SDDC tile.

A Zerocloud label appears on the SDDC tile.

(-) SDDC

Zero cloud

Region us West (Oregon) Clusters 2

Type VMCon AWS Hosts 6
Availability Zones us-west-2a Cores 216

CPU Memory Storage

496.8 GHz 3 TiB 62.21 TiB

a. If you do not see CPU, memory and storage values on the Capacity and Usage tile, click
Back, and then click VIEW DETAILS tab again of your Zerocloud SDDC.

The Summary tab of the SDDC opens.

2. On the Summary tab, click ADD CLUSTER on the Capacity and Usage tile.

The Review SDDC Information page opens.

3. In the Number of CPU Cores Per Host drop-down menu, select 16.

4. In the Number of Hosts drop-down menu, select 1.

5. Click ADD CLUSTER.

A tile for the New Cluster and a tile for the existing Cluster-1 appear.

This process takes approximately 20 minutes when you use an SDDC that is supported with
physical resources. In this Zerocloud lab, the process takes approximately 1 minute.

14
Task 2: Add Hosts to the Cluster
You add hosts to the newly created cluster in the SDDC.

1. On the Summary tab, click ADD HOST on the Cluster-2 tile.

The following warning appears: Elast i c DRS i s enabled for this

cluster. Are you sure you want to manually add a host?

2. Click CONTINUE.

The Add Hosts page opens.

3. In the Number of Hosts to Add drop-down menu, select 3 .

4. Click ADD HOSTS.

The label DEPLOYING_HOSTS appears on the Cluster-2 tile. This process takes a few
minutes.

When the host is successfully added, a notification appears in the upper-right corner.

Task 3: Remove a Host from the Cluster

You remove a single host from an existing cluster in the SDDC.

1. On the Summary tab, select Remove Host in the ACTIONS drop-down menu on the
Cluster-2 tile.

The following warning message appears: Elast i c DRS i s enabled for thi s
cluster. Are you sure you want to manually remove a host?

2. Click CONTINUE.

The Remove Hosts page opens.

3. In the Number of Hosts to Remove drop-down menu, select 1.

4. Select the I understand that this action cannot be undone check box.

5. Click REMOVE.

The label DELET ING_HOSTS appears on the Cluster-2 tile. The host removal process takes
a few minutes.

When the host is successfully removed, a notification appears in the upper-right corner.

15
Task 4: Delete the Cluster from the SDDC
You delete the cluster that you added.

1. On the Summary tab, select Delete Cluster in the ACTIONS drop-down menu on the
Clust er-2 tile.

The following warning might appear: E l ast i c DRS is enabl ed for t hi s

c luster. Are you sure you want to manua l ly add a host?

2. Confirm that you are aware of t he consequences of deleting your clust er.

a. Select the All workloads in this cluster will be terminated check box.

b. Select the You w ill lose all data and configuration settings in this cluster check box.

c. Select the You w ill lose all UI and API access to this cluster check box.

d. Select the All public IP addresses for this cluster will be released check box.

3. Click DELETE CLUSTER.

The label DELETING_ CLUSTER appears on the Cluster-2 tile. The delet ion process t akes a
few minutes.

When t he cluster is successfully removed, a notification appears in the upper-right corner.

NOTE

The Cluster-1 tile no longer appears. The Cluster-1 tile is visible only when the SDDC has
multiple clusters.

4. Click Back to return to the inventory of SDDCs.

16
 •
5 onnect1ng to v enter

Objective and Tasks

Create firewall ru les t o allow access to vCenter Server in the VMware Cloud SDDC from specific
servers:

1. Record the Network Information

2. Creat e the Groups

3. Creat e the Firewall Rules

4. Log In to the VMware Cloud SDDC vCenter Server Inst ance

17
Task 1: Record the Network Information
You record network information that is used in lat er labs.

1. Identify your student SDDC on t he VMware Cloud console Inventory page.

You use a full VMware Cloud SDDC for this lab and all subsequent labs. This SDDC is
predeployed for you. You do not use the Zerocloud SDDC.

Your SDDC has a name associated with your student number, for example, student1,
student 2, and so on.

a. On the VMware Cloud console, click Inventory in the left pane.

b. Click the name of your student SDDC or click V IEW DETAILS.

The Summary tab of the SDDC opens.

2. Select the Networking & Security tab.

The Overview page opens.

3. Using the workbook. txt file (Notepad) on t he student desktop, record the net work
information that appears on the Overview page.

If prompt ed to update Notepad, click No.

Setting Value

V PN Public IP (Record values in Notepad.)

Appliance Subnet

Infrastructure Subnet

Source NA T Public IP

You cannot copy and paste from t he overview diagram. You must enter t he information in
the workbook. txt file.

If necessary, you can click and drag the diagram to move it or use the zoom but ton to
increase t he size of the diagram.

4. Under Net works, select Segments.

The Segment List tab opens.

18
5. Record the CIDR details associated with the sddc-cgw-network-1 segment .

Setting Value

sddc-cgw-network-1 CI DR (Record in Notepad.)

6. Open a new browser tab to https:/ /ifconfig.me

7. In the work book . t x t file, record the public IP address that is provided on the What Is My
IP Address? webpage.

This address is the public IP address of the on-premises lab environment.

Setting Value

On-premises Public IP (Record in Not epad.)

IMPORTANT

The networking information that you record is used in throughout t he labs.

Task 2: Create the Groups

You create inventory groups and add the membership criteria.

Based on your securit y model, you should not grant access to the management servers from any
client through t he management gat eway. Instead, you configure your firewall ru le to access your
management servers only from trusted source addresses and net works.

1. On the Networking & Security t ab, click Groups under Invent ory.

2. On the Management Groups tab, create a group t o access the vCenter Server through the
management gateway.

a. Click ADD GROUP.

b. Enter vCenter and HCX access through the management gateway

for the Group Name.

c. Click Set Members.

The Select Members window appears.

d. Enter the On-premises Public IP for the IP address.

e. Click APPLY.

f. Click SA VE .

19
3. On the Management Groups tab, create a group t o access t he ESXI through t he
management gateway.
a. Click ADD GROUP.
b. Enter ESXi, VR and SRM access through the management
gateway f or t he Group Name.
c. Click Set Members.
The Select Members window appears.
d. Enter 172. 20 .10. 0/24 and 172. 20 .11. 0/24 for the IP add resses.
e. Click APPLY.
f. Click SA VE.

Task 3: Create the Firewall Rules

You create a gateway f irewall rule t hat allows you to access the VMware Cloud SDDC vCenter
Server instance from the student desktop.

1. In the VMware Cloud console, open the SDDC Summary page.

2. In the Networking & Security tab, select Gateway Firewall under Security.

3. Click t he Management Gateway t ab.

4. Creat e a firewall rule t o allow all the traffic t o vCenter Server.

a. Click ADD RULE.
b. Enter vCenter Inbound in t he Name text box for the rule.
c. Click the edit icon in t he Sources t ext box.
The Set Sources w indow appears.

d. Select User Defined Groups.

e. Select vCenter and HCX access through the management gateway.

f. Click APPLY.
g. Click the edit icon in t he Destinations text box.
The Set Destination window appears.
h. Select vCenter and click APPLY.
i. Click the edit icon in t he Services text box.
j. Select the services.
• HTTPS (TCP 443)
• SSO (TCP 7444)
• ICMP (ALL ICMP)
k. Leave Allow selected in the Action drop-down menu.
I. Click PUBLISH .

20
5. Creat e a firewall rule to allow all the traffic t o ESXi t hrough the management gat eway.

a. Click ADD RULE.

b. Enter ESXi Inbound in t he Name text box.

c. Click the edit icon in t he Sources t ext box.

T he Set Sources w indow appears.

d. Select User Defined Groups.

e. Select ESXi access through the management gateway.

f. Click APPLY.

g. Click the edit icon in t he Destinations text box.

T he Set Destination window appears.

h. Select ESXi and click APPLY.

i. Click the edit icon in the Services text box.

j. Select t he services.

• HTTPS (TCP 443)

• ICMP (ALL ICMP)

• vMotion (TCP 8000)

• Provisioning & Remote Console (TCP 902)

k. Leave Allow selected in the Action drop-down menu.

I. Click PUBLISH .

21
Task 4: Log In to the VMware Cloud SDDC vCenter Server Instance
You log in to t he vSphere Client t o view your new SDDC.

1. In the VMware Cloud console, click OPEN VCENTER in the top-right corner.

The Open Access to vCenter dialog box appears.

2. Click SHOW CREDENTIALS.

3. Click t he Copy password to clipboard icon.

4. Click OPEN VCENTER.

A new browser t ab opens for the VMware vSphere login page.

5. Enter cloudadmin@vmc. local in the User name t ext box.

6. In the Password t ext box, paste the password that you copied.

IMPORTANT

You use these credentials throughout the lab tasks.

For easy retrieval o f the cloudadmin@vmc. local credentials, you can copy and paste the
credentials into the wor kbook. txt file on your student deskt op. These credentials are for
class purposes only.

Do not store credentials in plain text outside of this class.

7. Click LOGIN .

The vSphere Client appears.

8. If the following alarms or warnings appear, click Reset to Green for each one.

• Key Management Server Health St atus alarm

• Skyline Healt h has detected issues in your vSphere environment .

• Certificate Status alarm

22
 Machine

Objective and Tasks

Create a virtual machine using a content library and provide network connectivity for the virtual
machine:

1. (Optional) Log In to the vCenter Server Instance in the VMware Cloud SDDC

2. Creat e a Subscribed Cont ent Library

3. Creat e a Virtual Machine

4. Verify Network Connectivity for t he Virtual Machine

5. A llow Outbound Net work Access for the Virtual Machine

23
Task 1: (Optional) Log In to the vCenter Server Instance in the
VMware Cloud SDDC
You log in to t he vSphere Client t o view your SD DC.

NOTE

If you are logged in to the SDDC vCenter Server instance, you can continue to the next task.

1. In the VMware Cloud console, navigate to the SDDC Summary page and click OPEN
VCENTER.

The Open Access to vCenter dialog box appears.

2. Click SHOW CREDENTIALS.

3. Click t he Copy password to clipboard icon.

4. Click OPEN VCENTER.

A new browser t ab opens for the VMware vSphere login page.

5. Enter cloudadmin@vmc. local in the User name t ext box.

6. In the Password t ext box, paste the password that you copied.

7. Click LOGIN.

The vSphere Client opens.

24
Task 2: Create a Subscribed Content Library
You create a subscribed content library so that you can create virtual machines from this
template.

1. Log in to the A WS Management console.

a. In the browser, open a new tab and go to https://signin.aws.amazon.com/console
Your browser has a bookmark called AWS Management Console in the VMC on AWS
bookmarks folder.
b. On the A WS sign-in page, select IAM user.
c. In the Account ID text box, enter your A WS account ID and click Next.
The A WS account ID is provided by your instructor.
d. In the IAM user name text box, enter your student user name.
For example, a user name might enter studentl
e. Enter VMwarel ! in the Password text box.
f. Click Sign in.
You are logged in to the A WS Management console.

2. Verify that you are logged in to the correct Amazon region.

a. In the region drop-down menu, select US West (Oregon) us-west-2.

25
3. Obtain t he content library subscription UR L.
a. In the A WS Management console, click t he Services drop-down menu in the top-left
corner of the page.
b. Select Storage under All Services and select S3 in the list on the right .
The A mazon S3 console opens and one or more buckets are list ed.
c. Click the bucket w ith t he name beginning wit h vmcosaws-acc-xx-xx-xxxx-x, for
example, vmcosaws-acc-01-us-west-2.
The name of the bucket varies depending on t he region.
d. Click ContentLib/ in the list of objects.
e. Click lib.json.
f. In the lib.json Object overview pane, locate the Object URL.
g. Click the copy icon next to the URL t o copy the URL to t he clipboard.
This URL is t he cont ent library subscription URL for a cont ent library t hat is precreated in
an Amazon S3 bucket. The content library contains a virtual machine t emplate that is
used in subsequent tasks.
4. Creat e a subscribed content library in t he VMware Cloud SDDC vCenter Server.
a. Navigate to the browser tab for the SD DC vSphere Client instance.
b. In the SDDC vSphere Client, select Content Libraries from the hamburger menu in the
upper-left corner.
c. Click CREA TE.
The New Content Library wizard opens.
d. On t he Name and location page, enter VMC-CL-01 in the Name text box and click
NEXT.
e. On the Configure content library page, select Subscribed Content Library.
f. For t he Subscription URL, past e t he lib.json object URL that you copied from the
Amazon S3 console.
g. Leave t he other options as t he defau Its and click NEXT.
The message Unabl e to ver i fy a u t henticity appears.
h. Click YES.
i. On the Apply security policy page, click NEXT.
j. On the Add storage page, select WorkloadDatastore and click NEXT.
k. Click FINISH to complete the creation of the new content library.
The content library is created and a task called Sync Library is initiated to download the
Lychee-ubuntu virtual machine t emplate.
The Sync Library task takes approximately 5 minutes to complete.

26
Task 3: Create a Virtual Machine
You create a virtual machine (VM) from a content library.

1. In the SD DC vSphere Client browser tab, select Content Libraries in the hamburger menu.

2. On the Content Libraries page, click VMC-CL-01 .

3. Select the Templates t ab and click OVF & OVA Templates.

The Lychee-ubuntu t emplate appears in the list of templates.

4. Deploy a new virtual machine from the Lychee-ubuntu template.

a. Right-click t he Lychee-ubuntu template and click New VM from This Template.

The New Virtual Machine from Content Library wizard opens.

b. On t he Select a name and folder page, enter Photo-App-01 for the Virtual machine
name.

c. Expand the location tree and select the Workloads folder.

d. Click NEXT.

e. On the Select a compute resource page, expand the compute resource tree and select
Compute-ResourcePool.

f. Click NEXT.

g. On the Review details page, click NEXT.

h. On the Select storage page, select WorkloadDatastore and click NEXT.

i. On the Select networks page, select sddc-cgw-network-1 from the Destination

Network drop-down menu and click NEXT.

j. On the Ready t o complete page, click FINISH.

The Deploy OVF template t ask is st arted.

k. Wait for t he Deploy OVF template task to finish.

5. Power on the newly creat ed Phot o-App-01 VM.

a. In the hamburger menu at the top-left corner, select Inventory.

b. In the left pane, expand the entire inventory tree and find the new VM Photo-App-01
under Compute-ResourcePool.

c. Right -click the Photo-App-01 VM and select Power > Power On.

The VM powers on and acquires an IP address using DHCP from the 192.168.xxx.0/24
range.

27
Task 4: Verify Network Connectivity for the Virtual Machine
You run connectivity test s on the VM to determine whether it can access the student desktop
machine and communicate w ith an external address.

1. In the SD DC vSphere Client browser tab, open a virtual machine console to the Photo-App-
01 VM.

a. On the VM Summary tab, click LAUNCH WEB CONSOLE.

The virtual machine console opens in a new browser tab.

b. Log in to the VM:

• Username: ubuntu

• Password: VMware1!

2. Record the VM networking det ails and test connectivity.

a. Run the i p a command to return t he IP address of the VM.

The IP address example might differ in your lab.

b. Record the IP address of the VM.

Setting Value

Photo-App-01 VM IP Address (Record in Not epad.)

c. Run the ip r command to return t he gateway address o f the VM.

The gateway example might differ in your lab.

28
 d. Using the ping command, verify that t he VM can communicate wit h the gat eway
address.

The ping command is successful.

e. Press Ctrl+C to exit the ping.

f. Using the ping command, verify that t he VM can communicate wit h an external
Internet address (8.8.8.8).

The ping command fails.

g. Press Ct rl+C to exit the ping.

Task 5: Allow Outbound Network Access for the Virtual Machine

You create a firewa ll rule for the VM that allows outbound network access so t hat the VM can
communicate with ext ernal addresses.

1. In the VMware Cloud console, navigate to your assigned SDDC, for example, student1,
student 2 and so on.

2. Click t he Networking & Security tab.

3. Under Security, select Gateway Firewall.

4. Click t he Compute Gateway tab.

5. Creat e a firewall rule to allow all traffic.

a. Click ADD RULE.

b. For t he Name of the rule, enter Allow-All .

c. Leave Any as the value for Sources, Destinations, and Services.

d. Leave All Uplinks as the value for Applied To.

e. Leave Allow selected in the Action drop-down menu.

f. Click PUBLISH.

6. Return to t he virtual machine console t ab and run the p i ng command to verify that the VM
can communicate with an external Internet address (8.8.8.8).

The ping command is successful because t he compute gateway firewall allows traffic
based on the new ru le.

29
30
 7 VPN

Objective and Tasks

Create a policy-based VPN in VMware Cloud:

1. Log In to the On-Premises vCenter Server Instance

2. Creat e a Policy-Based VPN

3. Configure an On-Premises V PN

4. Verify the Policy-Based V PN

5. Verify Connectivit y Over the VPN

You create a policy-based VPN between the Tier-0 gateway of the VMware Cloud on AWS
SD DC and t he VyOS gat eway appliance in the on-premises environment.
- -
~) VMware Cl,o ud on AWS 1111111
1111111
On-Premises Data Center

~-
""':

I
~-
""':

Man .cement Network

Infrastruct ure Su bnet
sddc·covJ-net..vork -1 Subnet v Motio n Network

..
.
MGW CGW

I rt'
~-----· - -+ +-
__ ,_ _ _ :.1I
/ '"
-+ +-
'-.: ,
" VyOS Gateway
) (
Policy-Ba5'ed IPSec VPN Policy- Ba5'ed IPSec V PN
•
I
I
I
I
''
I
I
I I
I ,....___________________,I
'-!-.----------- ---------

31
Task 1: Log In to the On-Premises vCenter Server Instance
You log in to t he vSphere Client t o view your on-premises vCenter Server instance, verif y the
vCenter Server healt h, and power on the virtual machines.

1. Log in to the on-premises vCenter Server inst ance using the Active Directory (AD)
credentials.

a. Open a browser t ab and go t o https:/ /sa-vcsa-01.vclass.local/ui.

The vSphere Client in the on-premises vCent er Server opens. Your browser includes a
bookmark to vSphere Client (SA-VCSA-01) in the vSphere Infrastructure bookmarks
folder.

b. Log in to the vCenter Server instance.

• User name: [email protected]

• Password: VMware1!

c. Click LOGIN.

The vSphere Client in the on-premises vCent er Server instance opens.

2. Navigat e t o the Hosts and Clust ers view in the vSphere Client and locate the on-premises
vSphere environment .

a. In the Menu drop-down menu, select Host and Clusters.

b. In the left pane, expand the vSphere invent ory t ree.

c. Observe that the on-premises vSphere environment appears in the menu.

The on-premises vSphere environ ment includes two clusters, SA-Comput e-01 and SA-
Management.

3. Verify that all the ESXi hosts are connect ed.

4. Verify that no alarms are visible.

5. Power on the on-premises virtual machines.

a. Right -click t he db-1a v irtual machine and select Power > Power On.

b. Right-click t he app-1a virtual machine and select Power > Power On.

c. Right -click t he web-1a virtual machine and select Power > Power On.

d. Right -click t he web-2a virtual machine and select Power > Power On.

e. Right -click t he web-VIP virtual machine and select Power > Power On.

32
Task 2: Create a Policy-Based VPN
You create a policy-based VPN in VMware Cloud so that you can connect to anot her dat a
center.

1. In the VMware Cloud console, navigate to the SDDC Summary page.

The name of your SDDC is associated w ith your student number, for example, student1,
student 2, and so on.

2. On the Networking & Security t ab, click VPN under Network.

3. Select the Policy Based tab.

4. Creat e a policy-based V PN.

a. Click ADD VPN.

b. Enter On-Prem-VPN for the VPN Name.

c. In the Local IP Address drop-down menu, select Public IP1 (XX.XX.XX.XXX).

The IP address varies for each lab instance.

d. In the Remote Public IP t ext box, enter the on-premises public IP address that you
recorded to your text file (Notepad) earlier.

You can open a new browser tab to https:/ /ifconfig.me to find this address again.

e. In the Remote Networks t ext box, enter 172. 20 .10. 0 I 24

The 172.20.10.0/24 net work is the on-premises management network.

f. In the Remote Networks t ext box, enter 172. 20 .11. 0/24

The 172.20.11.0/24 network is t he on-premises vSphere vMotion network.

g. For Local Networks, select sddc-cgw-network-1 and select Infrastructure Subnet.

h. Enter VMwarel ! in the Preshared Key text box.

i. Enter 172 . 2 0 . 0 . 2 5 4 in the Remote Private IP text box.

This address is the uplink address of the on-premises VyOS rout er that is used in t his lab
environment.

j. Expand IKE Profile and select IKE V1 from the IKE Version drop-down menu.

k. Click SA VE.

The VPN status appears as Down, which is expected. You can continue to the next lab
task.

5. In the What to do next dialog box, click OK.

33
Task 3: Configure an On-Premises VPN
You configure the on-premises VPN for connecting to another data center.

1. On the student desktop, launch Windows PowerShell from the taskbar shortcut.

2. Using the cd command, change the directory to C : \Too 1 s \.

cd C:\Tools\
3. Using the Get-Help command, enter the command to display the example syntax for the
set-IPSecConf i g .psl PowerShell script.

Get-Help .\set-IPSecConfig.psl -examples

The set- IPSecConf ig. ps 1 PowerShell script requ ires several parameters.

The parameters of the set-IPSecConf ig. psl PowerShell script correspond to values
that you previously recorded in your text file.

Parameter Value Example

-peer IP VP N public IP XX.XX.XX.XX

-localnetworkl 172.20.10.0/24

-localnetwork2 172.20.11.0/24

-remoteNetworkl Infrastructure subnet YY.YY.YY.YY /YY

-remoteNetwork2 sddc-cgw-network-1 CIDR ZZ.ZZ.ZZ.ZZ/ZZ

34
4. Enter the set-IPSecConfig . p s l PowerShell script with all the appropriat e
parameters .

. \set-IPSecConfig.psl -peerIP XX.XX.XX.XX -localNetworkl

172.20.10.0/24 -loca1Network2 172.20.11.0/24 -remoteNetworkl
YY.YY.YY.YY/YY -remoteNetwork2 ZZ.ZZ.ZZ.ZZ/ZZ
The PowerShell script runs the commands and configures the VyOS router.

WARNING : Configuration exported to C:\tools\vpn_ updated.txt

WARNING : Upload config to vyos
WARNING : change file permi ssions and run script
Savi ng configuration to '/config/config.boot' ...
Done

NOTE

If the values of the set- IPSecConf i g. ps 1 script are incorrectly entered, you must
rerun the script with the correct values.

Task 4: Verify the Policy-Based VPN

You verify the status of the policy-based VPN in VMware Cloud on A WS.

1. In the VMware Cloud console, navigate to the SDDC Summary page.

2. Click the Networking & Security tab.

3. Under Network, click VPN and select the Policy Based tab on the VPN page.

4. Under the Status column, click the REFRESH icon.

The status of the VPN appears as Success.

35
Task 5: Verify Connectivity Over the VPN
From the on-premises environment, you verify connect ivity to the VM in t he VMware Cloud
SD DC.

1. On the student desktop, launch Windows PowerShell from the taskbar shortcut.

2. Run t he p i ng command to test network connectivity from the on-premises student

desktop to the Photo-App-01 VM in the VMware Cloud SDDC.

ping 192.168.xxx.x
You can obtain t he IP address of the VM from the vSphere Client Summary tab of the VM
that runs in t he VMware Cloud SD DC.

Using t he V PN, you can connect from the on-premises environment to a virtual machine
running in t he VMware Cloud SDDC.

NOTE

It might take approximately 1 minute for the VMware Cloud to on-premises V PN to be fu lly
established and for pings to return successfully.

3. Obtain t he vSphere vMotion VMkernel interface IP address of the SDDC ESXi host.

a. Navigate to the browser tab for the SD DC vSphere Client instance.

b. In the SDDC vSphere Client instance, select Inventory from t he hamburger menu.

c. Select any ESXi host and click t he Configure t ab.

d. Click VMkernel adapters.

e. From the list of VMkernel adapters, record the IP address for the VM kernel adapter with
t he net work label VMOTION.

Setting Value

SDDC vMotion IP Address (Record in Notepad.)

4. Run t he p i ng command to test network connectivity from the on-premises student

desktop to the vSphere vMotion network in the VMware Cloud SDDC.

You use the SDDC vSphere vMotion IP address that you recorded in t he previous step.

36
 •
erv1ces an roups

Objective and Tasks

Create services and groups and apply the services and groups to firewal l rules:

1. Create Services

2. Create Groups

3. Apply Groups and Services to Firewall Rules

4. Create a Firewa ll Rule for Amazon EFS and Amazon RDS

37
Task 1: Create Services
You create a custom service to use with VMware Cloud on AWS firewa ll rules.

1. In the VMware Cloud console, navigate to the SDDC Summary page.

2. Click t he Networking & Security tab.

3. Under Inventory, click Services.

4. Creat e a custom service for Amazon EFS connectivity using port 2049.

a. Click ADD SERVICE.

b. Enter AWS-EFS for the Name of the service.

c. Click Set Service Entries.

The Set Service Entries w indow opens.

d. On the Port-Protocol tab, click ADD SERVICE ENTRY.

e. Enter EFS for the Service Entry Name.

f. In the Service Type drop-down menu, select TCP.

g. Leave the Source Ports text box empty.

h. In the Destination Ports text box, enter 2 0 4 9

i. Click APPLY.

j. Click SA VE.

38
Task 2: Create Groups
You create inventory groups and add membership criteria.

1. On the Networking & Security tab for the SDDC, click Groups under Inventory.

2. On the Compute Groups tab, create a group associated with the on-premises management
network.
a. Click ADD GROUP.
b. Enter on-prem-management for the Group Name.

c. Click Set Members.

The Select Members window opens.

d. Click the IP Addresses tab.

e. Enter 17 2. 20 .10. 0 I 24 for the IP address.

f. Click APPLY.
g. Click SA VE.

3. Create a group associated with the VMware Cloud segment network.

a. Click ADD GROUP.
b. Enter vmc-subnet-1 for the Group Name.

c. Click Set Members.

The Select Members window opens.

d. Click the Members tab.

e. In the Category drop-down menu, select Segments.
f. Select the sddc-cgw-network-1 check box.

g. Click APPLY.

h. Click SA VE.
4. Create a group associated with the Photo-App-01 virtual machine.
a. Click ADD GROUP.

b. Enter Photo-App for the Group Name.

c. Click Set Members.

The Select Members window opens.
d. Click the Members tab.
e. In the Category drop-down menu, select Virtual Machines.

f. Select the Photo-App-01 virtual machine check box.

g. Click APPLY.

h. Click SA VE.

39
Task 3: Apply Groups and Services to Firewall Rules
You apply groups and services t o comput e firewall ru les.

1. On the Networking & Security t ab for t he SDDC, click Gateway Firewall under Security.

2. On the Compute Gateway tab, edit t he Allow-All compute gateway firewa ll rule.

a. In the Name text box, click Allow-All and enter Allow-VPN as t he new ru le name.

b. In the Sources text box for the Allow-VPN rule, click t he edit icon.

The Set Source window opens.

c. Select the on-prem-management check box and click APPLY.

d. In the Destinations t ext box, click t he edit icon.

The Set Destination window opens.

e. Select the vmc-subnet-1 check box and click APPLY.

f. In the Services text box, click the edit icon.

The Set Services window opens.

g. Select the ICMP ALL, SSH, and HTTP check boxes.

You can use Apply Filter t o search for the services.

h. Click APPLY.

i. Click PUBLISH to save t he modifications to the firewal l rule.

40
Task 4: Create a Firewall Rule for Amazon EFS and Amazon RDS
You create a firewa ll rule to allow traff ic from Amazon Elastic File System (EFS) and Amazon
Relational Database Service (RDS) to the virtual machine.

NOTE

T he custom services, groups, and firewal l rules that you create are used when Amazon
services are consumed by a virt ual machine.

1. On the Network & Security tab f or the SDDC, click Gateway Firewall under Securit y and
open the Compute Gateway tab, if not already open.

2. Creat e a firewall rule to allow t raffic from the Photo-App-01 VM to Amazon EFS and
Amazon RDS (MySQ L).

a. Click ADD RULE.

b. Enter AWS-Services in the Name text box.

c. In the Sources text box, c lick the edit icon.

T he Set Source w indow opens.

d. Select the Photo-App check box and click APPLY.

e. In the Destinations text box, cl ick the edit icon.

T he Set Destination window opens.

f. Select the Connected VPC Prefixes check box and click APPLY.

g. In the Services text box, click the edit icon.

T he Set Services window appears.

h. Select the A WS-EFS and MYSQL check boxes.

You can use t he Apply Filter text field to search for t he services.

i. Click APPLY.

j. Click PUBLISH to save the modifications to the firewall rule.

41
42
La
Exten

Objective and Tasks

Create a VMware Cloud on A WS extended network that uses a layer 2 VPN:

1. Configure a Layer 2 VPN Tunnel in the SDDC

2. Configure a Layer 2 VPN Tunnel in the On-Premises Environment

3. Configure a Layer 2 VPN Extended Segment

4. Configure the Management Gateway DNS Forwarder

You create a layer 2 V PN tunnel between the Tier-0 gateway of the VMware Cloud on AWS
SDDC and t he on-premises NSX Autonomous Edge.

~ --
V
<. • VMware Cloud on A W S 111111
•
1 11 111•
On-Premises Data Center

web-la
.. m
--
VLAN10_ SOOC Segment
VLAN 10 Network

- •
. CGW t-+t
.H

- - --!t2- - -·
( ____
·1~ :J
•
,-+''
~ NSX Autonomous
'-..= ' Edge
1 l2VPN
L2 VPN

I
I
I '
I
I
• I

'-------- ,.. ------- - Tunnel 100

J

43
Task 1: Configure a Layer 2 VPN Tunnel in the SDDC
You create and configure the VMware Cloud on A WS side of a layer 2 (L2) V PN tunnel t o
connect to another data center.

1. On the student desktop, launch Windows PowerShell from the taskbar shortcut.

2. Run t he c d command to change the directory t o C : \Too 1 s \.

cd C:\Tools\
3. Run t he L2_publ i c_IP. psl PowerShell script to return the L2 public IP address .

. \L2 public_ IP.psl

4. Record the L2 public IP address that the PowerShell script returns.

Setting Va lue

L2 Public IP (Record in Not epad.)

5. In the VMware Cloud console, navigate to the SDDC Summary page.

6. Click t he Networking & Security tab.

7. Under Net work, select VPN.

8. Click t he Layer 2 tab.

9. Creat e a VPN tunnel.

a. Click ADD VPN TUNNEL.

b. For Local IP Address, click t he drop-down menu and select Public IP1.

c. For Remote Public IP, enter the L2 public IP address that you recorded in a previous
st ep.

d. Enter 172 . 2 0 • 2 5 5 • 7 9 in the Remote Private IP text box.

This IP address is the uplink IP address of the on-premises NSX Autonomous Edge.

e. Click SA VE.

f. Click CLOSE.

The layer 2 VPN is created. The Status appears as Down, which is expected at this point
in the lab.

44
10. Download the L2 VPN tunnel configuration file.

a. Expand the details of the layer 2 VPN configuration.

b. Click DOWNLOAD CONFIG.

A Warning dialog box appears.

c. Click YES.

The L2VPNSession_L2VPN_conf ig. txt file is downloaded to the F: \

directory.

d. Open the L2VPNSession_L2VPN_conf ig. txt file in Notepad or Notepad++

and locate the peer_code section of the file.
[{"t ransport_tunnel_pat h" : "/infra/tier-0s/vmc/tocale-services/default/ipsec-vpn-services/default/
sessions/
a9a5dd40- 9c6d- lleb- 8dce- 9fbfb7b49633 11 , "peer_code.. : "MCw2YjcSMTNiLHsic2l0ZU5hbWUi OiJ"'1lZQTi islnNyY1RhcElwi j
oiHTYS L j I1NC4yMC4yi iwiZ~0VGfwSXAiO iixNjkuM j U 0 Lj lwl j E iLCJpa2VP c HRpb24 iO iJpa2V2M iisimVuY2fwUHJvdG8 iOiJncmU
vaXBzzw..ti LCJkaEdyb3VwljoiZGgxNCisimVuY3J5cHRBbmREaWdl c3QiOiJhZXHtZ2Nt L3NoYS0yNTYi LCJwc2siOiJOb251IiwidHVu
bmVscyI6W3sibG9jYWxJZCI6I j E3Mi4yMC4yNTUuNzkiLCJwZWVySWQiOiI1Mi40MC43NS4xMzgiLCJsb2NhbFZ0aUtwijoiMTYSLj l l N
C4zMS4yNTQvMzAi fV19"})

In the next task, you use all the text between the double-quotation marks (") in the
peer_code section.

Task 2: Configure a Layer 2 VPN Tunnel in the On-Premises

Environment
You configure an NSX Autonomous Edge to provide an L2 VPN tunnel from on-premises to
VMware Cloud.

1. Open a browser tab to the NSX Autonomous Edge at ht tps://sa-aut o-edge-

0 1.vclass.local/ login

Your browser has a bookmark to the NSX Autonomous Edge in the NSX bookmarks folder.

A warning that the connection is not private might appear.

2. Click Advanced and click Proceed to sa-auto-edge-01.vclass.local (unsafe).

3. Log in to the NSX Autonomous Edge.

• User name: admin

• Password: VMware1!VMware1!

45
4. Add a new port t o extend the V LAN10 network.

a. Click PORT in the left menu.

b. Click ADD PORT.

c. Enter VLAN 10 in t he Port Name text box.

d. Enter 10 in the VLAN t ext box.

e. In the Exit Interface drop-down menu, select eth2.

f. Click SA VE.

5. Add a new L2 V PN session.

a. Click L2VPN in t he left menu.

b. Click ADD SESSION.

c. Enter L2 VMC in t he Session Name text box.

d. Enter 17 2. 20. 255. 7 9 in t he Local IP t ext box.

e. In the Remote IP t ext box, enter the V PN Public IP address that is recorded in your
wor k b ook . txt file.
f. In the Peer Code text box, past e the pee r_code from the
L2VPNSess i o n_L2VPN_ conf i g . txt file.
g. Click SA VE.

The new session appears.

6. Attach a port t o the session.

a. Click ATTACH PORT.

b. In the Session drop-down menu, select L2_VMC.

c. In the Port drop-down menu, select VLAN_ 10.

d. Enter 10 0 in the Tunnel ID t ext box.

The tunnel ID must mat ch at t he source and destination.

e. Click ATTACH.

f. Click REFRESH and the status of t he session appears as UP.

46
Task 3: Configure a Layer 2 VPN Extended Segment
You configure an extended network segment to use w ith a L2 V PN t unnel.

1. In t he VMware Cloud console, navigat e to the SDDC Summary page.

2. Click the Networking & Security tab.

3. Under Net work, click VPN .

4. Click the Layer 2 tab.

5. In t he Status column, click t he REFRESH icon.

The st atus o f t he Layer 2 V PN appears as Success.

6. Creat e an ext ended segment to extend the on-premises V LAN 10 net work to t he SDDC.

a. Click ADD SEGMENT.

b. Enter VLANlO SDDC in t he Segment Name t ext box.

c. Enter 100 for Tunnel ID.

The Tunnel ID must be t he same ID used in the previous task.

d. Click SA VE .

The segment is added successfully.

Task 4: Configure the Management Gateway DNS Forwarder

You configure t he management gat eway DNS forwarder to use the on-premises DNS server.

1. Click the Networking & Security tab.

2. Under Syst em, click DNS.

3. Click the DNS Services tab.

4. Edit the Management Gateway DNS Forwarder.

a. In the list of DNS services, click t he Available actions menu for the Management
Gateway DNS Forwarder.

b. Select Edit DNS Server I Ps.

c. Enter 17 2. 20 .10 .10 in t he Server IP 1 text box.

d. Delete the address in the Server IP 2 t ext box.

e. Click SA VE .

47
48
Objective and Tasks
Use Amazon Web Services to provide elastic file systems and databases to VMs running in
VMware Cloud:

1. Obtain Amazon EFS and Amazon RDS Details

2. (Optional) Log In to the SDDC vCenter Server Instance

3. Verify Connectivity to Amazon Web Services

4. Mount Amazon EFS and Connect Amazon RDS to the VM Application

49
Task 1: Obtain Amazon EFS and Amazon RDS Details
You log in to Amazon Web Services and record Amazon EFS and Amazon RDS information.

1. Log in to the A WS Management console.

a. In the browser, open a new tab and go to https://signin.aws.amazon.com/console

Alternatively, your browser has a bookmark to the A WS Management Console in the

VMC on A WS bookmarks folder.

b. On the A WS sign-in page, select IAM user.

c. In the Account ID text box, enter your A WS account ID and click Next.

The A WS account ID is provided by your instructor.

d. In the IAM user name text box, enter your student user name.

For example, a user name might be studentl.

e. Enter VMwarel ! in the Password text box.

f. Click Sign in.

You are logged in to the A WS Management console.

2. Verify that you are logged in to the correct Amazon region.

a. Click the region drop-down menu and select US West (Oregon) us-west-2.

50
3. Obtain the IP address that is used to connect to the Amazon EFS instance.

a. In the A WS Management console, click the Services drop-down menu in the top-left of
t he page.

b. Select Storage under All Services and select EFS in the list on t he right.

The Amazon Elastic File System console opens and one or more file systems are listed.

c. Click the file system name that is associated with your student number.

d. In the file system general view, click Attach in the top-right corner of the page.

The Attach window opens.

e. In the Attach window, select Mount via IP.

The command that appears shows the IP address in red font.

f. Using Notepad, record the Amazon EFS mount IP address.

Setting Value

Amazon EFS Mount IP (Record in Notepad.)

g. Click Close.

4. Obtain the IP address that is used to connect to the Amazon RDS instance.

a. In the AWS Management console, click t he Services drop-down menu.

b. Select Databases and select RDS in the list on t he right.

The Amazon RDS dashboard appears.

c. In the left pane, click Databases.

d. Click the link w ith the name that is associated with your student number, for example,
vmc-student1-db.

e. In the database summary view, click t he Connectivity & security tab.

f. Using Notepad, record the endpoint URL and RDS port.

Setting Value

Amazon RDS endpoint URL (Record the values in Notepad.)

RDS port

51
Task 2: (Optional) Log In to the vCenter Server Instance in the
VMware Cloud SDDC
You log in to t he vSphere Client t o view your SD DC.

NOTE

If you are logged in to the SDDC vCenter Server instance, you can continue to the next task.

1. In the VMware Cloud console, navigate to the SDDC Summary page and click OPEN
VCENTER.

The Open Access to vCenter dialog box appears.

2. Click SHOW CREDENTIALS.

3. Click t he Copy password to clipboard icon.

4. Click OPEN VCENTER.

A new browser t ab opens for the VMware vSphere login page.

5. Enter cloudadmin@vmc. local in the User name t ext box.

6. In the Password t ext box, paste the password that you copied.

7. Click LOGIN.

The vSphere Client opens.

Task 3: Verify Connectivity to Amazon Services

You verify that the Photo-App-01 virtual machine can access the Amazon EFS and Amazon RDS
•
services.

1. On the student desktop, click the MTPuTT Y icon in the t askbar to launch the MTPuTTY
application.

2. Click YES on the PuTTY Securit y Alert .

3. To open an SSH session to t he VM, double-click the server that corresponds with the IP
address o f the Photo-App-01 virtual machine in your environment.

The entry is either 192.168.101.2 or 192.168.102.2.

52
4. Using the Amazon EFS mount IP address that you recorded previously, run the n c
command t o test connectivity from t he VM to the Amazon EFS instance.

nc -z -v 172.xxx.xx.xx 2049
The command returns Con nec t i on to XXX . XXX . XXX . XXX 2 0 4 9 por t
[tcp / nf s] s u cceeded !

5. Using the RDS endpoint URL and RDS port that you recorded in a previous task, run t he nc
command t o test connectivity from the VM to the Amazon RDS instance.

nc -z -v vmc-studentl-db . . . . . . . . . rds.amazonaws.com 3306

The command returns Con nec t i on to vmc-student l -
d b . . . . . . . . . r ds.ama z o n aws.com 3306 p o r t [tcp / mysql ]
s u cceeded !

6. Leave the SSH session open for the next task.

Task 4: Mount Amazon EFS and Connect Amazon RDS to the VM

Application
You mount Amazon EFS and connect Amazon RDS services to t he VM application.

1. In the Photo-App-01 VM SSH session, run t he c d ,..., command to change to the user home
directory.

The user home directory contains two scripts:

prep- web ser ver .sh
test e f s mo unt.sh

2. As the sudo user, run t he tes t_e f s _mount. sh script using t he Amazon EFS mount IP
address as a parameter.

sudo ./test_ efs_mount.sh 172.XXX.XX.XX

You use the Amazon EFS mount IP address that you recorded in a previous task.

3. If prompt ed, enter VMware! as t he password for the ubuntu user.

The script returns Moun te d 1 72. XXX. XX. XX, indicating that the Amazon EFS instance
can be mounted.

4. As the sudo user, run t he p r ep-web se r ver. sh script using t he Amazon EFS mount IP
address as a parameter.

sudo ./prep-webserver.sh 172.XXX.XX.XX

53
5. If prompt ed, enter VMwarel ! as t he password for the ubuntu user.

Thescriptreturns T es t mo u nt o f 1 72.XXX.XX.XX s u cceeded.

Con ver t ing L ych ee a ppl ication to use EFS storage ...
This message indicat es that the Amazon EFS inst ance is mounted.

6. Open a browser tab t o the IP address of the Photo-App-01 VM: htt p://192.168.xxx.x.

The Lychee application database connection details window appears.

a. If necessary, obt ain t he IP address from the vSphere Client VM Summary tab in the
SDDC vCenter Server instance.

7. Connect t he application t o the Amazon RDS inst ance.

a. For t he Database Host, enter the RDS endpoint URL.
vmc-studentl-db . . . . . . . . . rds.amazonaws.com
b. For t he Database Username, ent er your student ID.
For example, you might enter studentl.
c. For t he Database Password, ent er <your student /0>-Password.
For example, you might enter studentl-Password.
d. Click Connect.
The Ent er a username and password for your installation window appears.
e. For t he New Username, enter your student ID.
For example, you might enter studentl.
f. Enter VMwarel ! as the Password.
g. Click Create Login.
You are logged in to t he application.

8. Upload photo files to the application.

a. Click the plus icon and select Upload Photo.

The Windows Explorer Open w indow appears.
b. If necessary, navigate to F: \.
The following three files are stored in F: \:
1. j pg
2. j pg
3.j pg

c. Select all three files and click Open.

The Uploading w indow appears and the files are uploaded to t he application. The
Uploading window closes automatically.

54
 Machine
ic IP A ress

Objective and Tasks

Connect a VM to a public IP address and add NAT and firewall rules for t he VM:

1. Request a Public IP Address

2. Add a NAT Rule for the Virtual Machine

3. Creat e a Firewall Rule

4. Connect t o Your New Public-Facing Virtual Machine

55
Task 1: Request a Public IP Address
You assign a public IP address to the VM to make it accessible from the Internet.

1. In the VMware Cloud console, navigate to the SDDC Summary page.

2. Click the Networking & Security tab.

3. Under System, click Public IPs.

4. Click REQUEST NEW IP.

5. Enter Photo-App- 01 in the Notes text box.

6. Click SA VE.

7. In Notepad, record the public IP address that is generated.

Setting Value

Photo-App-01 Public IP (Record in Notepad.)

Task 2: Add a NAT Rule for the Virtual Machine

You add a NAT rule to map the public IP address to the VM.

1. In the VMware Cloud console, click NAT under Network.

2. Create a NAT ru le to direct traffic from the public IP address to the application IP address.
a. Click ADD NAT RULE.

b. Enter Photo-App-Rule-1 in the Rule Name text box.

The Public IP value is pre-selected with the public IP address that was created in the
previous task.
For multiple public IP addresses, you select the appropriate public IP address from the
drop-down menu.

c. In the Service drop-down menu, select HTTP.

The Public Port is automatically populated with port 80.

d. In the Internal IP text box, enter the local IP address for the Photo-App-01 virtual
machine.

192.168.xxx.x
You can find the Photo-App-01 VM IP address recorded in your workbook. txt file.

e. In the Firewall drop-down menu, select Match Internal Address.

f. Click SA VE.

56
3. Open a browser to the Photo-App-01 public IP address that was generated in the previous
task.

http : //XX.XX.XX.XX
The application is not accessible because the firewall does not allow inbound t raffic to the
virtual machine.

Task 3: Create a Firewall Rule

You enable access to a web application through the VMware Cloud on AWS gateway firewall.

1. In the VMware Cloud console, click Gateway Firewall under Security.

2. Select the Compute Gateway tab, if not already selected.

3. Create a firewall rule to allow HTTP traffic from any source to the public IP address of the
Photo-App-01 application.

a. Click ADD RULE.

b. Enter Photo-App-Public as the Name.

c. Leave Any as the value for Sources.

d. In the Destinations text box, click the edit icon.

The Set Destination window appears.

e. Select the Photo-App check box and click APPLY.

f. In the Services text box, click the edit icon.

The Set Services window appears.

g. Select the HTTP check box.

You can use the Apply Filter text field to search for the service.

h. Click APPLY.

i. Click PUBLISH to save the modifications to the firewal l rule.

57
Task 4: Connect to Your New Public-Facing Virtual Machine
You open a web browser and use the IP address that was generated in a previous task to
connect to the public-facing VM.

1. Open a browser to the Photo-App-01 public IP address that was generated in a previous
task.

http : //XX.XX.XX.XX

NOTE

You can open a browser to this IP address from a browser outside of your lab environment.
The IP address is accessible on the Internet.

The Lychee Photo Application appears.

2. Click the login icon in the top-left corner.

a. Enter your student ID as the user name, for example, studentX .

b. Enter VMwarel ! as the password.

3. Observe that the uploaded photos appear.

58
La -
ns

Objective and Tasks

Deploy VMware HCX and activate Sit e Recovery for VMware Cloud:

1. Deploy VMware HCX

2. Activate Sit e Recovery

59
Task 1: Deploy VMware HCX
You deploy VMware HCX in the VMware Cloud SDDC.

1. In the VMware Cloud console, navigate to the SDDC Summary page.

2. Click the Add Ons tab.

3. On the VMware HCX tile, click OPEN HCX.

A new browser tab opens to https:/ I connect.hex. v mware.com/

4. Deploy VMware HCX to your SDDC.

a. Under your student SDDC, click DEPLOY HCX.

The Confirm Deployment window appears.

b. Click CONFIRM .
The deployment is initiated and takes approximately 30 minutes.

c. Click CLOSE.

5. Record the VMware HCX activation key.

a. Click the Activation Keys tab.

b. Click CREA TE ACTIVATION KEY.

The Create Activation Key window appears.

c. Click CONFIRM.
Your activation key appears.

d. Using Notepad, record the activation key in your workbook. txt file.
You use this key in a later task.

Setting Value

HCX Activation Key (Record in Notepad.)

e. Click CLOSE.
Your activation key is listed in the table of activation keys.

6. Close the VMware HCX browser tab.

7. In the SDDC vSphere Client, expand the Mgmt-ResourcePool resource pool.

It takes approximately 5 minutes for the virtual machine called hcx_ cloud_manager to
appear in the resource pool.

8. Wait for the hcx_cloud_manager virtual machine to appear before continuing to the next
task.

60
Task 2: Activate Site Recovery
You activat e Site Recovery for the SD DC and configure an initial Sit e Recovery inst ance for t he
SD DC.

1. In the VMware Cloud console, navigate to t he SDDC Summary page.

2. Click t he Add Ons tab.

3. Under Sit e Recovery, click ACTIVATE.

The Activate Site Recovery window opens.

4. Select Default extension ID and click ACTIVATE.

The Site Recovery deployment begins and takes approximately 25 minutes.

In the VMware Cloud vSphere Client, t he vr (vSphere Replication) and srm (Site Recovery
Manager) virtual machines are deployed under Mgmt -ResourcePool. You must be logged in
as the [email protected] user to view Mgmt -ResourcePool.

61
62
 •
r1 Linke

Objective and Tasks

Configure Hybrid Linked Mode to link the on-premises and VMware Cloud environments:

1. (Optional) Log In t o the vCenter Server Instance in the VMware Cloud SDDC

2. Add an Identity Source for t he SDDC vCent er Server

3. Configure Hybrid Linked Mode from the Cloud SDDC

4. Access the Virtual Machine Application

5. Migrate a Virtual Machine from On-Premises to VMware Cloud

63
Task 1: (Optional) Log In to the vCenter Server Instance in the
VMware Cloud SDDC
You log in to t he vSphere Client t o view your SD DC.

NOTE

If you are logged in to the SDDC vCenter Server instance, you can continue to t he next task.

1. In the VMware Cloud console, navigate to your SD DC and click OPEN VCENTER.

The Open Access to vCenter dialog box appears.

2. Click SHOW CREDENTIALS.

3. Click t he Copy password to clipboard icon.

4. Click OPEN VCENTER.

A new browser t ab opens for t he VMware vSphere login page.

5. Enter cloudadmin@vmc. local in the User name t ext box.

6. In the Password t ext box, paste t he password that you copied.

7. Click LOGIN.

The vSphere Client opens.

Task 2: Add an Identity Source for the SDDC vCenter Server

You add an on-premises LDAP domain as an identit y source for the SDDC vCenter Server.

1. In the SD DC vSphere Client, select Administration from the hamburger menu in the top-left
corner.

2. Click Configuration under Single Sign On.

3. Click t he Identity Sources tab.

4. Click ADD.

5. Select Active Directory over LDAP from t he Identity Source Type drop-down menu.

64
6. On the Add Identity Source page, configure the options.

Option Action

Identity source name vclass.local

Base distinguished name for users CN =Users,DC=vclass,DC =local

Base distinguished name for groups CN =Users,DC=vclass,DC =local

Domain name vclass.local

Domain alias vclass

Username Enter administrator@vclass. local

Password Enter VMwarel !

Connect to Specific domain controllers

Primary server URL ldap:/I de. vclass. local

7. Click ADD.

Task 3: Configure Hybrid Linked Mode from the Cloud SDDC

You link the on-premises vCent er instance t o vCenter Server in the SDDC.

1. In the SDDC vSphere Client, select Administration from the hamburger menu.

2. Click Hybrid Management under Hybrid Cloud.

3. Click LINK VCENTER on the Hybrid Management page.

4. Review the prerequisites and click NEXT.

5. Grant Cloud Admin access to the on-premises group.

a. In the Identity Source drop-down menu, select vclass.local.

b. Enter Domain Admins in the Group(s) text box.

c. Select Domain Admins from the resu lts list.

Domain [email protected] is added to the list.

d. Click NEXT.

65
6. Provide the on-premises single sign-on (SSO) details.

a. Enter sa-vcsa-01. vclass. local in the Platform Services Controller t ext box.

b. Enter administrator@vsphere. local as t he SSO Username.

c. Enter VMwarel ! as t he SSO Password.

7. Click FINISH.

8. In the Certificate Warning dialog box, click CONTINUE.

Configuring SSO begins and t akes approximately 5 minutes. Wait for the Configuring SSO
t ask to complete before continuing.

9. Log In to the vCenter Server Inst ance in t he VMware Cloud SDDC using Active Directory
Credentials.

a. From the [email protected] drop-down menu, click Logout.

b. Enter administrator@vclass. local in t he User name text box.

c. Enter VMwarel ! in t he Password text box.

d. Click LOGIN.

10. Verify that you can view the on-premises vSphere environment and the VMware Cloud
SDDC environment in the vSphere Client.

a. From the hamburger menu, select Inventory.

b. In the left pane, expand the vSphere invent ory tree.

c. Observe that the on-premises vSphere environment and the VMware Cloud SDDC
environment appear.
~I'.' (J"""'t ~ • . •.: • J .J , ,. • • J • '

- ~ ...
..
- ..
I

c
...
-· '

.......

-
..
----

66
Task 4: Access the Virtual Machine Application
You access t he virtual machine application to verify t hat the application is functional before it is
migrat ed to t he VMware Cloud environment.

1. Access the three-tier application.

a. Open a browser tab to the web-1a front -end at ht tp://web-01.vclass.local/cgi-

bin/app.py

Your browser cont ains a bookmark to WebServer-01 in the 3-Tier-App bookmarks

folder.

2. The application loads.

3. Close the browser tab to t he web-1a front-end.

Task 5: Migrate a Virtual Machine from On-Premises to VMware Cloud

You log in to t he vCenter Server instance in t he VMware Cloud SD DC using Active Directory
Credentials and use vSphere vMotion to migrate a VM from t he on-premises environment to t he
VMware Cloud environment.

1. Navigat e t o the Inventory view in the vSphere Client.

a. From the hamburger menu, select Inventory.

2. In the left pane, expand t he vSphere inventory tree, if it is not already expanded.

3. Migrate the web-1a v irtual machine from on-premises t o VMware Cloud.

a. In the left navigation pane, right-click web-1a and select Migrate.

The Migrate wizard opens.

b. Select Change both compute resource and storage and click NEXT.

c. Expand the VMware Cloud vCenter Server inventory and select Compute-
ResourcePool.

d. Click NEXT.

e. Select WorkloadDatastore and click NEXT.

f. Select the Workloads folder and click NEXT.

g. In the Destination Network drop-down menu, select VLAN10 _SDDC.

A compatibility warning appears.

h. Click NEXT.

i. Select Schedule vMotion with high priority (recommended) and click NEXT.

j. On the Ready t o complete page, click FINISH .

67
4. Monitor the Recent Tasks pane and wait for the Relocate virtual machine task to finish.

5. If the migration fails the first time, repeat the migration steps.

6. To access the three-t ier application, open a browser t o the web-1a front-end at http://web-
01.vclass.local/cgi-bin/app.py or click WebServer-01 in the 3-Tier-App bookmarks folder.

The application loads.

You might need to wait a few minutes and refresh t he browser for the application to load
successfully.

This step confirms that the V LAN10 net work is successfully stret ched from the on-premises
environment to the VMware Cloud environment.

7. Close the browser tab to t he web-1a front-end.

68
 • •
La 14 on 1gur1ng an
H x

Objective and Tasks

Deploy and activate VMware HCX, create a sit e pairing, and use VMware HCX t o migrate a VM:

1. Verify VMware HCX Deployment

2. Creat e the Firewall Rules for VMware HCX

3. Download the HCX Enterprise Client OVA File

4. Deploy the VMware HCX Manager VM from an OVF Template

5. Activate and Configure VMware HCX

6. Creat e a Site Pairing and Service Mesh

7. Creat e a Network Extension

8. Use VMware HCX to Migrate a VM

69
Task 1: Verify VMware HCX Deployment
You verify VMware HCX in the VMware Cloud SDDC.

1. In the VMware Cloud console, navigate to the SDDC Summary page.

2. Click t he Add Ons tab.

3. On the VMware HCX tile, click OPEN HCX.

A new browser t ab opens to https:/ I connect.hex. v mware.com/

4. Verify that VMware HCX is deployed in your SDDC.

The VMware HCX icon is visible in the top right o f your SDDC tile when VMware HCX is
deployed.

Subscr ptions Actrvation Keys SODCs

SDDCs

student1
e us WMt (Ot4!90fi)

OPEN HCX UND£PLOY HCX

5. If your VMware Cloud HCX deployment failed, notify your instructor and retry the
deployment .

70
Task 2: Create the Firewall Rules for VMware HCX
You create a gateway firewall ru le t o provide access to the VMware HCX deployment from the
student desktop.

1. In t he VMware Cloud console, navigat e to SDDC Summary page.

2. Click t he Networking & Security tab.

3. Under Securit y, click Gateway Firewall.

4. Click t he Management Gateway t ab.

5. Creat e a firewa ll rule to allow t he inbound traffic t o VMware HCX.

a. Click ADD RULE.

b. Enter HCX Inbound in the Name text box.

c. Click the edit icon in t he Sources t ext box.

The Set Sources w indow appears.

d. Select User Defined Groups.

e. Select t he vCenter and HCX access through the management gateway check box.

f. Click APPLY.

g. Click the edit icon in t he Destinations text box.

The Set Destination window appears.

h. Select HCX and click APPLY.

i. Click the edit icon in t he Services text box.

j. Select t he services.

• HTTPS (TCP 443)

• Appliance Management

• ICMP

• SSH

k. Leave Allow selected in the Action drop-down menu.

I. Click PUBLISH .

71
Task 3: Download the HCX Enterprise Client OVA File
You download the HCX Enterprise client OVA so that you can deploy it to the on-premises
SDDC.
1. On the SDDC Summary page, click the Add Ons tab.
2. On the VMware HCX tile, click OPEN HCX.
A new browser tab opens to https:/ I connect.hex. vmware.com/
3. Under your student SDDC, click OPEN HCX.
A new browser tab opens to your VMware HCX cloud instance.
4. Log in to the VMware HCX cloud console and download the VMware HCX appliance OVA.
a. To locate your [email protected] credentials, click V IEW DETAILS on your SDDC
tile, select the Settings tab, and expand Default vCenter User Account under vCenter
Information.
b. Enter your [email protected] credentials.
c. Click LOG IN.
The Dashboard opens.
d. Under Administration, click System Updates.
e. Click REQUEST DOWNLOAD LINK.
f. If the REQUEST DOWNLOAD LINK button is not clickable, wait a minute or two and
refresh the page.
g. Click the VMWARE HCX download link.
The download of the VMware HCX OVA begins. The download is stored in the software
(F : \) drive on the student desktop.

Task 4: Deploy the VMware HCX Manager VM from an OVF Template

You deploy and power on the HCX Enterprise client VM in the on-premises SDDC.
1. Log in to the on-premises vCenter Server instance using Active Directory (AD) credentials.
a. Open a browser tab to the vSphere Client in the on-premises vCenter Server at
https:/ I sa-vcsa-01. vclass.local/ui
Your browser includes a bookmark to the vSphere Client (SA-VCSA-01) in the vSphere
Infrastructure bookmarks folder.
b. Enter the login credentials.
• User name: [email protected]
• Password: VMware1!

c. Click LOGIN.
The vSphere Client in the on-premises vCenter Server instance opens.

72
2. Deploy the on-premises VMware HCX OVA.
a. Right -click t he SA-Management cluster and select Deploy OVF Template.
The Deploy OVF Template wizard appears.
b. On the Select an OVF Template page, select Local file and click UPLOAD FILES.
A Windows Explorer Open dialog box opens.
c. Select the VMware-HCX-Connector-X.X.X-XXXXXXXX.OV A f ile and click Open.
d. Click NEXT.
e. On the Select a name and f older page, ent er SA-HCX-01 for the v irtual name and
click NEXT.
f. On the Select a compute resource page, select SA-Management and click NEXT.
g. On the Review details page, click NEXT.
h. On the License agreements page, click the I accept all license agreements check box
and click NEXT.
i. On the Select storage page, select Datastore-01 .
j. In the Select virtual disk format drop-down menu, select Thin Provision.
k. Click NEXT.
I. On the Select networks page, select sa-mgmt in the Destination Network drop-down
menu.
m. Click NEXT.
n. On the Customize temp late page, configure the template settings.
Option Action
CLI ''admin'' User Password Ent er VMwarel !
root Password Ent er VMwarel !
Hostname Ent er sa-hcx-01.vclass. local
Network 1 1Pv4 Address Ent er 172 . 2 0 . 10 . 71
Network 1 1Pv4 Prefix Length Ent er 2 4

Default 1Pv4 Gateway Ent er 172 . 2 0 . 10 . 1

DNS Server list Ent er 172 . 2 0 . 10 . 10
Domain Search List Ent er vclass. local
NTP Server List Ent er 172 . 2 0 . 10 . 10
Enable SSH Select the check box.

You can ignore the opt ions that are not listed in the table.
o. Click NEXT.
p. On the Ready t o complete page, click FINISH .
The SA-HCX-01 virtual machine is deployed to the SA-Management clust er. This task
takes approximately 10 minutes.

73
3. Power on the SA-HCX-01 virtual machine.

a. Right-click the SA-HCX-01 virtual machine and select Power> Power On.

The VMware HCX appliance must complete a first boot configuration before the
management interface is available. This process takes approximately 10 minutes.

Task 5: Activate and Configure VMware HCX

You activate and configure t he on-premises VMware HCX instance.

1. Log in to the VMware HCX on-premises appliance.

a. In the browser, open a new tab and navigate to https:/ /sa-hcx-01.vclass.local:9443

Your browser includes a bookmark to the HCX-MGMT in the vSphere Infrastructure

bookmarks folder.

The HCX Manager login page appears.

b. Enter the login credentials.

• User name: admin

• Password: VMware1!

c. Click LOG IN.

You are logged in to the HCX Manager.

2. Activate your VMware HCX instance.

a. In the HCX License Key text box, enter t he VMware HCX activation key t hat you
recorded in your workbook. txt file in a previous task.

b. Click ACTIVATE.

The VMware HCX instance is activated. This process takes approximately 5 minutes.

3. In the Location of your datacenter text box, enter Virginia and select US East (N.
Virginia).

4. Click CONTINUE.

5. Click CONTINUE on the System Name page, where the system name is autopopulated w ith
sa-hcx-01. vclass.local-enterprise.

6. Click YES, CONTINUE.

The Connect your vCenter page opens.

74
7. Connect VMware HCX to the on-premises vCenter Server instance.

a. Enter https: I I sa-vcsa-01. vclass. local in t he vCenter Server text box.

b. Enter administrator@vsphere. local in the Username text box.

c. Enter VMware! ! in t he Password text box.

d. Click CONTINUE.

The Configure SSO/PSC page opens.

e. Enter ht tps: I I sa-vcsa-01. vclass. local in the Identity Sources t ext box.

f. Click CONTINUE.

The summary page opens.

g. Click RESTART.

The SA-HCX-01 services are restart ed. This task takes approximately 5 minutes.

The browser tab automatically refreshes to the HCX Manager dashboard.

h. Close t he HCX Manager browser tab.

Task 6: Create a Site Pairing and Service Mesh

You create a site pairing to link the on-premises VMware HCX instance and the VMware HCX
instance in VMware Cloud on A WS. You also deploy t he HCX Interconnect service.

1. Log in to the VMware HCX user interface.

a. Open a browser tab to the VMware HCX UI at https://sa-hcx-01.vclass.local

Your browser includes a bookmark to the HCX-UI in t he vSphere Infrastructure

bookmarks folder.

b. Enter the login credentials.

• User name: [email protected]

• Password: VMware1!

c. Click LOG IN.

The VMware HCX dashboard opens.

NOTE

The VMware HCX user int erface is also accessible using the vSphere Client plug-in.

75
2. Creat e a sit e pairing.

a. In the left pane, click Site Pairing.

b. On t he Site Pairings window, c lick CONNECT TO REMOTE SITE.

The Connect to Remote Site window opens.

c. In the Remote HCX URL text box, ent er t he FQDN of your VMware HCX instance in
VMware Cloud.

You can o btain the VMware HCX FQD N from t he Settings tab in the VMware Cloud
SDDC.

d. Enter cloudadmin@vmc. local in t he Username text box.

e. Enter the password for your [email protected] account in the Password text box.

You can obtain the [email protected] credent ials f rom the Settings tab in t he
VMware Cloud SD DC.

f. Click CONNECT.

The on-premises and VMware Cloud inst ances of VMware HCX are paired. This process
takes approximately 3 minut es.

3. Creat e a management network profile.

a. Under Inf rastructu re, click Interconnect.

b. Click the Network Profiles tab.

c. Click CREATE NETWORK PROFILE.

The Create Network Prof ile w indow opens.

d. Under Network, select sa-mgmt.

e. Fo r Prefix Length, enter 24

f. For Gateway, enter 17 2. 20 .10 .1

g. In the IP Ranges text box, enter 172. 20 .10 .170-172. 20 .10 .179

h. Fo r Primary DNS, enter 17 2. 20 .10 .10

i. Fo r DNS Suffix, enter vclass. local

j. Select the Management, HCX Uplink and vSphere Replication check boxes.

k. Click CREA TE.

The profile is created.

76
4. Creat e a vSphere vMotion net work profile.
a. Click CREA TE NETWORK PROFILE.
The Create Net work Profile window opens.

b. Under Network, select sa-vmotion.

c. For Prefix Length, enter 2 4 .

d. For Gateway, enter 17 2. 20 .11.1

e. In the IP Ranges text box, enter 172. 20 .11.170-172. 20 .11.179

f. For Primary DNS, enter 17 2. 20 .10 .10

g. For DNS Suffix, enter vclass. local

h. Select the vMotion check box.

i. Click CREA TE.

The network profile is created.

5. Creat e a compute profile.

a. On t he Compute Profiles tab, click CREA TE COMPUTE PROFILE.
The Create Compute Profile window opens.

b. In the Name text box, enter compute-01 and click CONTINUE.

c. Click the services t o enable them.

• Hybrid Interconnect

• WAN Optimization

• Cross-Cloud vMotion Migration

• Bulk Migration

• Replication Assisted vMotion Migration

• Network Extension

• Disaster Recovery

All available services should be enabled by default.

d. Click CONTINUE.
The Select Service Resources page opens.

e. Click the Select Resources drop-down menu, select the SA-Compute-01 check box,
and click OK.

f. Click CONTINUE.
The Select Deployment Resources and Reservations page opens.

g. Click the Select Resources drop-down menu, select the SA-Management check box,
and click CLOSE.

77
 h. Click the Select Datastore drop-down menu, select the Datastore-02 check box, and
click CLOSE.

i. Click CONTINUE.

T he Select Management Net work Prof ile page opens.

j. Click the Select Management Network Profile drop-down menu, select sa-mgmt, and
click CLOSE.

k. Click CONTINUE.

T he Select Uplink Network Profile page opens.

I. Click the Select Uplink Network Profile drop-down m enu, select sa-mgmt, and c lick
CLOSE.

m. Click CONTINUE.

T he Select vMot ion Network Profile page opens.

n. Click the Select vMotion Network Profile drop-down menu, select sa-vmotion, and cl ick
CLOSE.

o. Click CONTINUE.

T he Select vSphere Replication Network Profile page opens.

p. Click the Select Uplink vSphere Replication Network Profile drop-down menu, select
sa-mgmt, and click CLOSE.

q. Click CONTINUE.

T he Select Network Containers Eligible for Network Extension page opens.

r. Click the Select Network Containers drop-down menu, select t he dvs_datacenter

check box, and c lick CLOSE.

s. Click CONTINUE.

Connections that are required bet ween t he on-premises environment and VMware
Cloud HCX instance are list ed.

t. Click CONTINUE.

T he Ready to Complete page opens.

u. Click FINISH .

T he compute profile is creat ed .

78
6. Creat e a service mesh.

a. Select the Service Mesh tab.

b. Click CREA TE SERVICE MESH.

The Create Service Mesh window opens.

c. On the Select Sites page, click CONTINUE.

The Select Compute Profiles page opens.

d. Click the Select Source Compute Profile drop-down menu, select compute-01, and c lick
CLOSE.

e. Click the Select Remote Compute Profile drop-down menu, select

ComputeProfile(vcenter), and click CLOSE.

Validation of the configuration occurs and takes approximately 2 minutes.

f. Click CONTINUE.

The Select Services to be activated page opens.

g. Click the services to enable them.

• Hybrid Interconnect

• WAN Optimization

• Cross-Cloud vMotion Migration

• Bulk Migration

• Replication Assisted vMotion Migration

• Network Extension

• Disaster Recovery

A ll available services should be enabled.

h. Click CONTINUE.

The Advanced Configuration - Override Uplink Network profiles page opens.

i. Click the Select Source Site Uplink Network Profile(s) drop-down menu, select the sa-
mgmt check box, and click CLOSE.

j. Click the Select Destination Site Uplink Network Profile(s) drop-down menu, select the
externalNetwork check box, and c lick CLOSE.

k. Click CONTINUE.

The Advanced Configuration - Network Extension Appliance Scale Out page opens.

I. Leave the default value of 1 for appliance count.

79
 m. Click CONTINUE.

The Advanced Configuration - Traffic Engineering page opens.

n. Select t he Application Path Resiliency and TCP Flow Conditioning check boxes.

o. Click CONTINUE.

The Review T apology Preview page appears.

p. Click CONTINUE.

The Ready t o Complet e page appears.

q. Enter vmc-mesh-01 in t he user friendly name text box.

r. Click FINISH .

The service mesh is deployed. This process t akes approximately 15 minutes.

Task 7: Create a Network Extension

You create a net work extension to extend the virtual machine net work t o a VMware HCX
activated remote site.

1. Under Services, click Network Extension.

2. Click CREATE A NETWORK EXTENSION.

The Extend Networks w indow opens.

3. Select the VLAN-20-App-Tier check box and click NEXT.

4. In t he Gateway IP Address text box, enter 172 .16. 20 .1/24

5. Click SUBMIT.

The net work extension is created. This process takes approximately 3 minutes.

6. If the Network Ext ension w indow does not refresh automatically, click REFRESH in the
VMware HCX user interface.

80
Task 8: Use VMware HCX to Migrate a VM
You use VMware HCX to migrate a VM from the on-premises environment to the VMware Cloud
environment.

1. Under Services, click Migration.

2. Click the Management tab and click MIGRATE.

The Workload Mobility w indow opens.

3. Select the app-1a check box and click ADD.

4. Under Transfer and Placement, click Mandatory: Compute Container.

The Destination Compute Container window opens.

5. Select Compute-ResourcePool and click SELECT.

6. Under Transfer and Placement, click Specify Destination Folder.

The Destination Folder window opens.

7. Select Workloads and click SELECT.

8. Under Transfer and Placement, click Mandatory: Storage.

The Destination Storage window opens.

9. Select WorkloadDatastore and click SELECT.

10. Under Transfer and Placement, click the Migration Profile drop-down menu and select
vMotion.

11. Click VALIDATE.

Validation is successful.

12. Click GO.

The migration task starts. It takes approximately 10 minutes to complete.

In the vSphere Client, the app-1a virtual machine moves to t he special jump-host
(172.20.10.170) before moving to t he VMware Cloud Compute-ResourcePool.

13. Monitor the connectivity to the app-1a virtual machine.

a. Open a command prompt.
b. Enter the ping -t command to run a continuous ping to the virtual machine.
ping -t 172.16.20.10
c. Confirm that the pings continue to return after the VMware HCX migration finishes.
The ping time increases from less than 1 millisecond to approximately 150 milliseconds
when the VM completes migration to VMware Cloud.

14. After t he migration completes successfully, close the command prompt window.

81
82
La
API

Objective and Tasks

Use the VMware Cloud API Explorer and Postman application to make API requests to VMware
Cloud services:

1. Run API Commands Against VMware Cloud on A WS

2. Generate a New API Token in VMware Cloud Services

3. Create an Environment in Postman by Using a Token

4. Generate an Access Token Using Postman

5. Use Postman to View a List of SDDCs

6. Update Environmental Variables in Postman

7. Use Postman to Get Primary Cluster Information

83
Task 1: Run API Commands Against VMware Cloud on A WS
You use the VMware Cloud services API Explorer to run API commands against VMware Cloud
on AWS.

1. From the VMware Cloud console, access the Developer Center.

a. On the VMware Cloud console, click Developer Center in the left pane.

b. Click the API Explorer tab.

84
2. Use the API Explorer to obtain your SDDC ID.

a. Under Available A Pis, click VMware Cloud on A WS to expand the menu.

b. Click General.

The general API categories display.

c. In the API categories list, click sddc to expand the menu.

The list of sddc APls displays.

d. In the list of sddc APls, click GET /orgs/{org}/sddcs/.

The List of all SDDCs in the organization is expanded.

e. Scroll down to the Try it out section of the API.

The org value is autopopulated.

f. Copy and paste the org ID into Notepad.

Setting Value

Org ID (Record in Notepad.)

g. Click EXECUTE.

The API response displays.

h. Under Response, click your SDDC name link to expand the API response.

Details about the SDDC are shown.

i. Under your SDDC name link, locate the " i d" : parameter.

Sddc (studentl)
{
"account l i nk state" : null,
"created" : "2021-04-28T21 : 46 : 40.000102Z",
"expiration_ date" : nul l,
''id'': ''261f0022-04 7c-48e2-a1b3-7 4452940a4 f6'',
"name " : " student 2 " ,
"org_ id" : "a75a5cfb-002d-4dab-b291-47fc070ac34c",
"provider" : "AWS" ,
"resource_ config" :
j. Copy and paste the SDDC ID into Notepad.

Setting Value

SDDC ID (Record in Notepad)

85
3. Use the API Explorer to obtain your cluster details.

a. In the list of sddc APls, click GET /orgs/{org}/sddcs/{sddc}/primarycluster.

The Retrieves the primary cluster in provided customer sddc UUID API is expanded.

b. Scroll down to the Try it out section of the API.

The org value is autopopulated.

c. In the sddc text field, paste in the ID value copied in the previous step.

d. Click EXECUTE.

The API response displays.

e. Under Response, click the cluster link to expand the API response.

Details about the cluster are shown.

f. Click the AwsEsxHost (esx-0) link to expand the view.

g. Under AwsEsxHost ( esx-0), locate the "hostnarne": parameter.

AwsEsxHost (esx-0)
{
"availability_zone": "us-west-2b",
•
"custorn_propert1es":
{} '
"esx id": "006d0cd8-5c93-4cl6-b7ed-62d9c9bfl7ac",
"esx_state": "READY",
''hostname'': ''10.202.2.4 '',
"instance_type": " i3.metal",
"internal_public_ip_pool":
[

h. Verify that the IP address value for the hos tnarne parameter matches the IP address
of the ESXi host in your VMware Cloud environment.

86
Task 2: Generate a New API Token in VMware Cloud Services
You generate a new API token and copy the token so that you can use it later.

1. From the VMware Cloud console, access user account settings.

a. On the VMware Cloud console, click your user name in the top-right corner of the page.

b. Under USER SETTINGS, click My Account.

2. Generate an API token.

a. Under My Account, click API Tokens.

b. Click GENERATE A NEW API TOKEN.

c. In the Token Name text box, enter studentID-token, for example, studentl-
token .
d. Click the Token TTL drop-down menu and select days.

e. Under Organization Roles, select the Organization Member check box.

f. Under Service Roles, select the VMware Cloud on A WS check box.

g. Click GENERATE.

A new token is generated.

3. Click COPY and past e the token into Notepad.

Setting Value

API Token (Record in Notepad.)

a. If t he COPY button does not copy the token to the clipboard, highlight the entire token
string, right-click, and select Copy.

4. Click CONTINUE.

87
Task 3: Create an Environment in Postman by Using a Token
You create an environment in Postman and set it as your default environment.

1. Click t he Post man icon on your taskbar.

2. Configure Post man environmental variables.

a. Click New.

b. In the Create New tab, click Environment.

c. Enter VMC in t he Environment Name text box.

d. Enter ref re sh token in the Add a new variable text box.

e. In the Current value t ext box, past e the token that you generated in the previous task.

f. Enter org_ id in the Add a new variable text box.

g. In the Current value t ext box, past e the org value that you copied in t he previous task.

h. Click Add.

i. Click X in the top-right corner of the Manage Environments window.

j. In the No Environment drop-down menu, select VMC to make it your def ault
environment.

88
Task 4: Generate an Access Token Using Postman
You generate an access token in Postman using the API token that you created in an earlier task.

After you generate an API token, you can use it to interact with VMware Cloud service A Pis by
exchanging it for an access or authorization token.

1. In the left pane, expand VMware Cloud on A WS.

2. Select POST Log in.

3. Click the Tests tab.

The code that is shown takes the API response and stores the access token as an
environment variable.

4. Click Send.

The response from the API request displays.

5. Click the eye icon at the top right of the page.

An access - token variable is shown.

6. Click the eye icon again to close this page.

89
Task 5: Use Postman to View a List of SDDCs
You run a GE T command in Postman to display a list o f your SDDCs.

1. In the left pane, click List SDDCs.

The API URL contains the { { org_ id}} variable. This API request uses t he org_ id variable t hat
you defined in the Postman environment.

2. Point to {{org_id}} to display the value of the variable.

3. Click t he Authorization tab.

4. Point to {{access_token}} t o display the value of t he variable.

The value was generated by the POST login API that was used in the previous t ask.

5. Click Send.
The response from the API request is displayed.

6. Click t he search icon and enter your student ID, for example, studentl.
Body Coe .. Heeders (11) TenRewts

Prmy
ser_ e : se ra are.c ,
•cr~a·~· : •X)21-1>"·28T2l:46:'6.009776:· , • j _1 of1 I I ::-
•vt!r s1on• : 64,
1
1507
•io•: ·913 S196·5~42·4523· e·l689c32 t40!0" ,
·~l>dateo_cy_user_it•: •6e a /Se48·3197·30d3·l)e85·63Seo9~7d68· 1 -
1 • !Xia\ o_~_us,r_na •: •:L&P39frl ~~ l u ~ OJOOo'i\lQPlc ~ · ,

1509 • poatec· : ·~21 -9' - 3.aTOE:03:e.i.~:· ,

1s1e •n •:
1511 •Pf'(IVider·: ·1.ws· 1

1512 •rcsocrrce_conLl1" : (
1513 ·sooc_io·: ·91J 82'96·5 •4 2-C513·90~-1~32'4t130· ,
1514 •r 1on•: -US_W!ST_2•,
1515 ·c-~b!ic_i~_poo!•: (] ,
1516 "•icn s·: [
1~17 ~

9 Boote.amp

7. Locat e t he sddc id value.

Body C-oc ... He~ders (t 1) TenR~:s

Pr tty Q
senr• • are. cca ,
•create(!•: ·2021-0L·2!T21:'6:'6.00\!77o?" , stu4ent1I- - - - - • 1of1 -
1505 • ersion•: fl4 ,
15
1507
150
•io": ·913 S196·5 •~2- 4523-90Se·l6!9c32 t4 0!0" ,
·~IXlateo.~-u~er_io•: •oaa /Se48·3197·38da·!)e85·63Seo9~ 7o6S· .
•ltl>Clatcd_b}_1.1str _ •: •:L pJ!frl~ l U!~ CIOdo'f'\fQ?lc.:.·,
-
1509 ·~::icatec·: •2921 -0&-JaTCE:03:1)4.~!· ,

1s1e
1511 •orcvider•: ·Aws·,
1512 "' ('If ...
1513 •$ddc_!c1• : •91J68296·5 •4 2-4S23·90~-l~32•4dJO• ,
151.C re on :
1515 ·C!Jb!ic_ip_poo!•: (] ,
1516
1~17 (

9 Bootcomp

8. Copy and paste the sddc_ id value into Not epad.

The value should match the sddc id copied from the VMware Cloud API Explorer.

90
Task 6: Update Environmental Variables in Postman
You update t he environment variables in Postman to include an SDDC ID variable.

1. Access the Environment Management window.

a. Click the eye icon in t he top-right corner of t he page.
b. Click Edit.

2. Update the Postman environmental variables.

a. Enter sddc id in the Add a new variable text box.

b. Click the Current value text box and past e the sddc_ id value that you copied in the
previous task.

c. Click Update.
d. Click X in the top-right corner of t he Manage Environments window.

Task 7: Use Postman to Get Primary Cluster Information

You run a GE T command in Postman to display a list o f your clusters.

1. In the left pane, click Get Primary Cluster.

The A PI URL contains the { { org_ id}} variable and { {sddc_id}} variable. This API request uses
the variables that you defined in the Postman environment .

2. Point to {{org_id}} to display the value of the variable.

3. Point to { {sddc_id}} to display the value of t he variable.

4. Click Send.
The response from the API request is displayed.

5. Locat e t he value for t he hos t name parameter.

l •
2 •c1uster_id• : •10S7bee?>-~f~ · • S8 1 -9l , o-096c7S919c~f· ,
) •clvster_ •: •c1uster·1· ,
•s •c!v~ter_s:ete • : •READY" ,

6 {
7
8
g

11 • "1"ovidf'r•: • •,
12 ·e~x-~tete•: • REA::>Y" ,
tl ·cus•on oro~rties•: () , •
9' Bootcamp

6. Verify that t he IP address value for the hos tname parameter matches the IP address of
the ESXi host in your VMware Cloud environment.

7. Exit Postman.

91
92
Objective and Tasks
Deploy Site Recovery on-premises and creat e a site pair:

1. Deploy the On-Premises Site Recovery Components

2. Register the On-Premises vSphere Replication Instance with vCenter Server

3. Register the On-Premises Site Recovery Instance with vCenter Server

4. Creat e the Firewall Rules for VMware Site Recovery

5. Creat e a Site Pair

93
Task 1: Deploy the On-Premises Site Recovery Components
You download and deploy the on-premises Site Recovery components.

1. On the VMware Cloud console, navigat e t o the SDDC Summary page.

2. Click t he Add Ons tab.

3. Under Sit e Recovery, click DOWNLOAD ON-PREMISES COMPONENTS.

A new browser t ab to the Download VMware Cloud on A WS page opens.

4. Log in to VMware Customer Connect using your assigned student account email address and
password.

a. Click Login in the top-right corner of the page.

b. Enter your student VMware Customer Connect credentials.

c. Click SIGN IN.

The VMware Customer Connect home page opens.

5. Download the Site Recovery components.

a. Click the Products and Accounts menu and click All Products.

b. Click the Products A-Z tab.

c. Scroll down the page to locat e VMware Cloud on A WS.

d. Click View Download Components next to VMware Cloud on A WS.

The Download VMware Cloud on A WS page opens.

e. On the Product Downloads tab, click GO TO DOWNLOADS.

The Download Product page opens.

f. On the Product Downloads tab, click the DOWNLOAD NOW butt on for VMware Site
Recovery Manager 8.5.x Appliance.

The End User License Agreement appears.

g. Select the check box and click ACCEPT.

The download of the Site Recovery Manager ISO begins. The download is stored in the
software (F : \) drive on the student deskt op.

h. On the Product Downloads tab, click the DOWNLOAD NOW butt on for VMware
vSphere Replication 8.5.x Appliance.

The download of the vSphere Replicat ion ISO begins. The download is stored in t he
software (F : \) drive on the student deskt op.

94
6. Mount the vSphere Replication ISO and vSphere Site Recovery ISO.

a. On t he student desktop, open a W indows Explorer window and navigate to the

software (F : \) drive.

b. Double-click t he VMware-vSphere_Replication-8.5.x-xxxxxxxx.iso file to mount it.

c. Double-click t he VMware-srm-va-8.5.x-xxxxxxxx.iso f ile to mount it .

7. Log in to the on-premises vCenter Server inst ance using Active Directory (A D) credent ials.

a. Open a browser tab to the vSphere Client in t he on-premises vCent er Server at

https:/ I sa-vcsa-01. vclass.local/ui

Your browser includes a bookmark to the vSphere Client (SA-VCSA-01) in t he vSphere

Infrastructure bookmarks folder.

b. Enter the login credentials.

• User nam e: [email protected]

• Password: VMware1!

c. Click LOGIN.

T he vSphere Client in the on-premises vCent er Server instance opens.

8. Deploy t he on-premises vSphere Replicat ion Appliance.

a. Right -click the SA-Management cluster and select Deploy OVF Template.

T he Deploy OVF Template wizard opens.

b. On t he Select an OVF Template page, select Local file and click UPLOAD FILES.

A Windows Explorer Open dialog box opens.

c. Navigate to the mounted vSphere Replication ISO bin directory.

d. Select t he vSphere_Replication_OVF10.ovf, vSphere_Replication-support.vmdk, and

vSphere_Replication-system.vmdk files and click Open.

e. Click NEXT.

f. On t he Select name and folder page, enter SA-VR-01 and click NEXT.

g. On t he Select a comput e resource page, select SA-Management and click NEXT.

h. On t he Review det ails page, click NEXT.

i. On the License agreements page, select the I accept all license agreements check box
and click NEXT.

j. On t he Configuration page, select 2 vCPU and c lick NEXT.

k. On the Select storage page, select Datastore-01 .

95
 I. In the Select virtual disk format drop-down menu, select Thin Provision and click
NEXT.

m. On the Select networks page, select sa-mgmt from the Destination Network drop-
down menu and click NEXT.

n. On the Customize template page, configure the options.

Option Action

Enable SSHD Select the check box.

Initial root Password Enter VMwarel !

Initial admin user Password Enter VMwarel !

NTP Servers Enter 17 2. 20 .10 .10

Hostname Enter sa-vr-01.vclass. local

File Integrity Flag Leave unselected.

Host Network IP Address Family Select ipv4.

Host Network Mode Select static.

Default Gateway Enter 17 2. 20 .10 .1

Domain Name Enter sa-vr-01.vclass. local

Domain Search Path Enter vclass. local

Domain Name Servers Enter 17 2. 20 .10 .10

Network 1 IP Address Enter 172. 20 .10. 76

Network 1 Netprefix Enter 24

You can ignore the options that are not listed in this table.

o. Click NEXT.

p. On the Ready t o complete page, click FINISH .

The SA-VR-01 virtual machine is deployed to the SA-Management cluster. This process
takes approximately 5 minut es.

96
9. Deploy the on-premises Site Recovery Appliance.

a. Right -click t he SA-Management cluster and select Deploy OVF Template.

The Deploy OVF Template wizard opens.

b. On the Select an OVF Template page, select Local file and click UPLOAD FILES.

A Windows Explorer Open dialog box opens.

c. Navigate to the mounted vSphere Site Recovery ISO bin directory.

d. Select the srm-va_ OVF10.ovf, srm-va-support.vmdk, and srm-va-system.vmdk files

and click Open.

e. Click NEXT.

f. On the Select name and folder page, enter SA-SRM- 01 and click NEXT.

g. On the Select a compute resource page, select SA-Management and click NEXT.

h. On the Review det ails page, click NEXT.

i. On the License agreements page, select the I accept all license agreements check box
and click NEXT.

j. On the Configuration page, select 2 vCPU and c lick NEXT.

k. On the Select storage page, select Datastore-02.

I. In the Select virtual disk format d rop-down menu, select Thin Provision.

m. Click NEXT.

n. On the Select networks page, select sa-mgmt in the Destination Network drop-down
menu and click NEXT.

97
 o. On the Customize templat e page, configure the options.

Option Action

Enable SSHD Select the check box.

Initial root Password Enter VMwarel !

Initial admin user Password Enter VMwarel !

NTP Servers Enter 17 2. 20 .10 .10

Hostname Enter sa-srm-01.vclass. local

Initial database Password Enter VMwarel !

File Integrity Flag Leave unselected.

HCX Flag Leave unselected.

Host Network IP Address Family Select ipv4.

Host Network Mode Select static.

Default Gateway Enter 17 2. 20 .10 .1

Domain Name Enter sa-srm-01.vclass. local

Domain Search Path Enter vclass. local

Domain Name Servers Enter 17 2. 20 .10 .10

Network 1 IP Address Enter 172. 2 0. 10. 7 5

Network 1 Netprefix Enter 24

You can ignore the other options on the page.

p. Click NEXT.

q. On t he Ready t o complete page, click FINISH .

The SA-S RM-01 virtual machine is deployed to the SA-Management clust er. This
process t akes approximately 5 minut es.

10. Power on the SA-VR-01 and SA-S RM-01 virtual machines.

a. Right-click the SA-VR-01 virtual machine and select Power > Power On .

b. Right-click the SA-SRM-01 virtual machine and select Power > Power On .

98
Task 2: Register the On-Premises vSphere Replication Instance with
vCenter Server
You register and configure t he on-premises vSphere Replication instance.

1. Log in to the vSphere Replication Appliance Management interface.

a. Open a browser tab to the vSphere Replication Appliance Management interface at
https:/ I sa-vr-01. vclass.local:5480

T he browser includes a bookmark to t he VR-V AMI in t he vSphere Infrastructure

bookmarks folder.

b. Enter the login credentials.

• User name: admin
• Password: VMware1!

c. Click LOGIN.
The vSphere Replicat ion Appliance Management int erface summary page appears.

2. Configure the vSphere Replication appliance and connect it to vCenter Server.

a. On the vSphere Replication Appliance Management interface summary page, click
CONFIGURE APPLIANCE.

The Configure vSphere Replicat ion w indow opens.

b. Enter sa-vcsa-01.vclass. local f or the PSC host name.

c. Enter administrator@vsphere. local f or the User name.
d. Enter VMware! ! for the Password.

e. Click NEXT.

A Security Alert window opens.

f. Click CONNECT.

g. Select sa-vcsa-01.vclass.local and click NEXT.

A Security Alert window opens.

h. Click CONNECT.

i. Enter Site-A for the Site name.

j. Enter administrator@vclass. local for the Administrator email.
k. Click NEXT.

I. Click FINISH .

Conf iguring vSphere Replication begins. T his process takes approximately 3 minutes.

You can close this browser tab aft er the process finishes.

99
Task 3: Register the On-Premises Site Recovery Instance with
vCenter Server
You register and configure t he on-premises Sit e Recovery inst ance.

1. Log in to the Site Recovery Appliance Management interface.

a. Open a browser tab to the Site Recovery Appliance Management interface at
ht t ps:/ I sa-srm-01. vclass.local:54 80
T he browser includes a bookmark to SRM-VAMI in the vSphere Infrastructure
bookmarks folder.
b. Enter the login credentials.
• User nam e: admin
• Password: VMware1!
c. Click LOGIN.
The SRM Appl iance Management interface summ ary page opens.

2. Configure the Site Recovery appliance and connect it to vCenter Server.

a. On the SRM Appliance Management interf ace summary page, click CONFIGURE
APPLIANCE.

The Configure Site Recovery Manager window opens.

b. Enter sa-vcsa-01.vclass. local f or the PSC host name.

c. Enter administrator@vsphere. local f or the User name.
d. Enter VMwarel ! for the Password.

e. Click NEXT.
A Security Alert window opens.

f. Click CONNECT.

g. Select sa-vcsa-01.vclass.local and click NEXT.

A Security Alert window opens.

h. Click CONNECT.

i. Enter Site-A for the Site name.

j. Enter administrator@vclass. local for the Administrator email.
k. Click NEXT.

I. Click FINISH .
Conf iguring Sit e Recovery Manager begins. T his process takes approximately 3 m inutes.

You can close this browser tab aft er the process finishes.

100
Task 4: Create the Firewall Rules for VMware Site Recovery
You create two gateway f irewa ll rules to provide access to the Site Recovery Manager
appliances deployed in your SDDC.

Based on your securit y model, you can determine whether you can grant access to the Sit e
Recovery Manager appliances f rom any client. Instead, you can provide specific IP ranges from
which the site recovery access is expect ed.

When the Site Recovery Manager configuration is ready, you must provide access to t he
vSphere Replication appliance.

1. In the VMware Cloud console, navigate to the SDDC Summary page.

2. Click your student nam e link to the SDDC.

3. On the Networking & Security t ab, click Gateway Firewall under Securit y.

4. Click t he Management Gateway t ab.

5. Creat e a firewall rule to allow inbound traff ic to Site Recovery Manager.

a. Click ADD RULE.

b. Enter SRM Inbound f or the Name.

c. Click the edit icon in t he Sources t ext box.

T he Set Sources w indow appears.

d. Select User Defined Groups.

e. Select ESXi, VR and SRM access through the management gateway.

f. Click APPLY.

g. Click the edit icon in t he Destinations text box.

T he Set Destination window appears.

h. Select Site Recovery Manager and click APPLY.

i. Click the edit icon in t he Services text box.

j. Select VMware Site Recovery SRM .

k. Leave Allow selected in the Action drop-down menu.

I. Click PUBLISH .

101
6. Creat e a firewall rule to allow out bound t raffic f rom Site Recovery Manager.

a. Click ADD RULE.

b. Enter SRM Outbound f or t he Name.

c. Click the edit icon for Sources.

T he Set Source window appears.

d. Select System Defined groups.

e. Select Site Recovery Manager and c lick APPLY.

f. Leave Any as the value for Destinations.

g. Leave Any as the value for Services.

h. Leave Allow selected in the Action drop-down menu.

i. Click PUBLISH.

7. Creat e a firewall rule to allow inbound traffic to vSphere Replication.

a. Click ADD RULE.

b. Enter VR Inbound for the Name.

c. Click the edit icon in t he Sources t ext box.

T he Set Sources w indow appears.

d. Select User Defined Groups.

e. Select ESXi, VR and SRM access through the management gateway.

f. Click APPLY.

g. Click the edit icon for Destinations.

T he Set Destination window appears.

h. Select vSphere Replication and click APPLY.

i. Click the edit icon for Services.

j. Select VMware Site Recovery vSphere Replication.

k. Leave Allow selected in Action drop-down menu.

I. Click PUBLISH.

102
8. Creat e a firewa ll rule to allow out bound t raffic from vSphere Replication.

a. Click ADD RULE.

b. Enter VR Outbound for t he Name.

c. Click the edit icon for Sources.

The Set Source window appears.

d. Select System Defined groups.

e. Select vSphere Replication and click APPLY.

f. Leave Any as the value for Destinations.

g. Leave Any as t he value for Services.

h. Leave Allow selected in the Action drop-down menu.

i. Click PUBLISH.

Task 5: Create a Site Pair

You pair the on-premises Sit e Recovery instance wit h the V Mware Cloud Site Recovery instance.

1. Log in to the Site Recovery Appliance Management interface.

a. Open a browser tab to the Site Recovery Appliance Management interface at

ht t ps:/ I sa-srm-01. vclass.local/ dr

The browser includes a bookmark t o the SRM-UI in the vSphere Infrastructure

bookmarks fo lder.

b. Enter the login credentials.

• User name: [email protected]

• Password: VMware1!

c. Click LOGIN.

The Sit e Recovery interface appears.

103
2. Creat e a site pair.

a. Click NEW SITE PAIR.

The New Pair w indow appears.

b. Select Pair with a peer vCenter Server located in a different SSO domain and click
NEXT.

c. In the PSC host name t ext box, enter your VMware Cloud vCenter Server FQD N.

You can obtain the VMware Cloud vCenter Server FQDN from the VMware Cloud
SDDC Settings tab.

When copying the vCent er Server FQDN into the VMware Cloud SDDC Set tings t ab,
use t he fol lowing format: vcenter.sddc-35-162-185-71.vmwarevmc.com
Do not include t he st arting https:/ I or the ending slash (/).

The FQDN is an example only. In your lab, the vCenter Server FQDN is different.

d. Enter cloudadmin@vmc. local for the User name.

e. Enter the password for your cloudad [email protected] account.

You can obtain the [email protected] l credent ials f rom the VMware Cloud SDDC
Set tings t ab.

f. Click FIND VCENTER SERVER INSTANCES.

A list o f available vCenter Server inst ances appears.

g. Select the VMware Cloud vCenter Server inst ance and click NEXT.

h. Select the Site Recovery Manager and vSphere Replication check boxes and click
NEXT.

A Security Alert window opens.

i. Click CONNECT.

j. Click FINISH.

The on-premises sit e and VMware Cloud site are paired.

NOTE

If t he site pair is not visible, you should click the Sit e Recovery interface ref resh icon.

k. Close the Site Recovery browser tab.

104
Objective and Tasks
Use Site Recovery features:

1. Create VMware Cloud Network Segments

2. Access the Site Recovery Management lnterface

3. Create Site Recovery Inventory Mappings

4. Configure Site Recovery Replications

5. Run a Recovery Plan and Reprotect Operation on a Virtual Machine

105
Task 1: Create VMware Cloud Network Segments
You create net work segments in VMware Cloud t hat are used by Site Recovery network
•
mappings.

1. In the VMware Cloud, navigate to t he SDDC Summary page.

a. Click your student name link t o the SDDC.

2. Click t he Networking & Security tab.

3. Under Net work, click Segments.

4. Click t he Segment List tab.

5. Creat e a segment for V LAN 10.

a. Click ADD SEGMENT.

b. Enter VLAN_ lO_ DR for the Segment Name.

c. In the Type drop-down menu, select Disconnected.

d. Enter 17 2 .16 .10 .1/ 24 for Subnets.

e. Click SA VE.

The Segment is successfully created.

f. When asked to continue configuring the segment, click NO.

6. Creat e a segment for V LAN 30.

a. Click ADD SEGMENT.

b. Enter VLAN_ 30_DR for the Segment Name.

c. In the Type drop-down menu, select Disconnected.

d. Enter 17 2 .16. 30 .1/ 24 for Subnets.

e. Click SA VE.

The Segment is successfully created.

f. When asked to continue configuring the segment, click NO.

106
Task 2: Access the Site Recovery Management Interface
You access and use the paired Site Recovery management interface.

1. Log in to the on-premises vCenter Server instance using Active Directory (AD) credentials.

a. Open a browser tab to the vSphere Client in the on-premises vCenter Server at
https:/ I sa-vcsa-01. vclass.local/ui

Your browser includes a bookmark to the vSphere Client (SA-VCSA-01) in the vSphere
Infrastructure bookmarks folder.

b. Enter the login credentials.

• User name: [email protected]

• Password: VMware1!

c. Click LOGIN.

The vSphere Client in the on-premises vCenter Server instance opens.

2. Refresh the browser tab to ensure that all plug-ins are loaded.

At the top of the vSphere Client, a banner might show the message P 1 ug ins have
been successfully deployed.
3. Access the Site Recovery interface.

a. In the vSphere Client, select Menu > Site Recovery.

If the Site Recovery plug-in does not appear, log out of the vSphere Client and log in
•
again.

b. Click OPEN Site Recovery.

A new browser tab opens to Site Recovery.

NOTE

The Site Recovery interface might display alerts that certificates are due to expire.
These alerts can be ignored. For this lab, the VMware Cloud Site Recovery instances
have a short certificate life cycle by design.

4. In the tile that includes the paired vCenter Server instances, click V IEW DETAILS.

A Log In Site dialog window appears.

5. Enter the [email protected] credentials and click LOGIN.

107
Task 3: Create Site Recovery Inventory Mappings
Using Site Recovery, you create network, folder, resource, and storage policy m appings
bet ween on-premises inventory and VMware Cloud invent ory. You also configure p laceholder
datastores.

1. Creat e network mappings.

a. On the Site Pair tab, click Network Mappings in the navigat ion menu.

b. Click NEW.

T he New Network Mappings window opens.

c. Select Prepare mappings manually and click NEXT.

d. In the on-premises invent ory t ree, select VLAN-10-Web-Tier.

e. In the VMware Cloud inventory tree, select VLAN_ 10 _DR.

f. Click ADD MAPPINGS.

T he m apping appears at the bottom o f the window.

g. In the on-premises invent ory t ree, select VLAN-20-App-Tier.

h. In the VMware Cloud inventory tree, select L2E_ VLAN-20-App-Tier-XX-XXXXXXXX.

i. Click ADD MAPPINGS.

j. In the on-premises invent ory t ree, select VLAN-30-DB-Tier.

k. In the VMware Cloud inventory tree, select VLAN_30 _DR.

I. Click ADD MAPPINGS.

T hree mappings appear.

m. Click NEXT.

n. Select all three check boxes and click NEXT.

o. Click NEXT.

p. Click FINISH.

T he network mappings are created successf ully.

108
2. Creat e folder mappings.

a. On the Site Pair tab, click Folder Mappings in the navigation menu.

b. Click NEW.

The New Folder Mappings window opens.

c. Select Prepare mappings manually and click NEXT.

d. In the on-premises inventory t ree, select SA-Datacenter.

e. In the VMware Cloud inventory tree, select Workloads.

f. Click ADD MAPPINGS.

g. Click NEXT.

h. Select the check box and click NEXT.

i. Click FINISH.

The folder mappings are created successfully.

3. Creat e resource mappings.

a. On the Site Pair tab, click Resource Mappings.

b. Click NEW.

The New Resource Mappings window opens.

c. In the on-premises invent ory t ree, select SA-Compute-01.

d. In the VMware Cloud inventory tree, select Compute-ResourcePool.

e. Click ADD MAPPINGS.

f. Click NEXT.

g. Select the check box and click NEXT.

h. Click FINISH.

The resource mappings are created successfully.

109
4. Creat e storage policy mappings.
a. On the Site Pair tab, click Storage Policy Mappings.

b. Click NEW.
The New Storage Policy Mappings window opens.

c. Select Automatically prepare mappings for storage policies with matching names and
click NEXT.

d. In the on-premises invent ory t ree, select sa-vcsa-01 .vclass.local.

e. In the VMware Cloud inventory tree, select vcenter.sddc-XX-XXX-X-

XXX.vmwarevmc.com.

f. Click ADD MAPPINGS.

A Discovered Mappings dialog box appears.

g. Click OK.

h. Click NEXT.

i. Select all the check boxes and click NEXT.

j. Click FINISH.
The storage policy mappings are created successfully.

5. Configure placeholder datastores.

a. On the Site Pair tab, click Placeholder Datastores.

b. Click the sa-vcsa-01.vclass.local tab.

c. Select the check box associated w ith the datastore name beginning with ma-ds and
associated w ith host 172.20.10.170.

d. Click REMOVE.

The Remove Placeholder Datastore window opens.

e. Click REMOVE.

Datastore-02 is the only datastore listed under Placeholder Dat astores for sa-vcsa-
01. vclass.local.

f. Click the vcenter.sddc-XX-XXX-X-XXX.vmwarevmc.com tab.

g. Click NEW.

h. Select WorkloadDatastore and click ADD.

i. Verify that WorkloadDat astore is the only dat astore listed under Placeholder Datast ores
for vcenter.sddc-XX-XXX-X-XXX. vmwarevmc.com.

If other dat astores are listed, remove t hem from the list .

110
Task 4: Configure Site Recovery Replications
You configure a new replication, protection group, and recovery plan for on-premises virtual
machines.

1. In Sit e Recovery, navigate to the Configure Replication wizard.

a. Click the Replications tab.
b. In the left pane, click Outgoing.

c. Click NEW.
The Configure Replication wizard opens.

2. Select the vSphere Replication server that handles the replication.

a. Select Auto-assign vSphere Replication Server.

b. Click NEXT.
3. Select the virtual machines that you want t o protect.
a. Select db-1a.
b. Click NEXT.
4. Select a target datastore for the replicat ed fi les.
a. Select WorkloadDatastore.

b. Click NEXT.
5. Configure the replication server settings for the virtual machine.
a. Leave the default values.

b. Click NEXT.
6. Add virtual machines t o a prot ection group.
a. Select Add to new protection group.

b. Enter protection_ group_ Ol for the Protection group name.

c. Click NEXT.
7. Add t he protection group to a recovery plan.
a. Select Add to new recovery plan.

b. Enter recovery_ plan_ a1 for the for the Recovery plan name.

c. Click NEXT.

d. Click FINISH.
The replication is configured successfully.
8. Monitor the progress of the replication task.
a. Click the arrow next to db-1a to expand the replication det ails for this virtual machine.
The sync operation progress bar is shown. The replication task takes approximately 3
minutes to complete.

111
Task 5: Run a Recovery Plan and Reprotect Operation on a Virtual
Machine
You run the recovery plan to fail over to the replicated virtual machine instance. You also
pertorm a reprotect operation to initiate replication in t he reverse direction.

1. In Sit e Recovery, navigate to the recovery plan wizard.

a. Click the Recovery Plans t ab.

b. Select recovery _plan_ 01 and click RUN.

2. Confirm that running the plan in recovery mode attempts to shut down the VMs at the
protect ed site and recover the VMs at the recovery site.

a. Select the I understand that this process will permanently alter the virtual machines
and infrastructure of both the protected and recovery datacenters check box.

b. Under Recovery t ype, select Planned migration.

c. Click NEXT.

d. Click FINISH.

The recovery plan is started. This process takes approximately 1 minut e.

In the on-premises environment, the db-1a virtual machine is powered off. In the VMware
Cloud environment, t he replicated db-1a virtual machine is powered on.

3. Wait for the status t o change to Recovery complete.

4. Select recovery _plan_ 01 and click RUN .

a. Select recovery _plan_01 and click the ellipses (three dots) menu.

b. Click Reprotect.

5. Confirm that running reprot ect on the plan commits the resu lts of the recovery and
configures protection in the reverse direction.

a. Select the I understand that this operation cannot be undone check box.

b. Click NEXT.

c. Click FINISH.

The reprotect is started. This process takes approximat ely 3 minutes. T he reprotect
task is complete when t he st at us changes to Ready.

If t he reprotect task f ails to complete. Reboot t he SA-VR-01 appliance and try again
after reboot process is complet ed.

112
 •
reat1ng roups

Objective and Tasks

Create an SDDC group consisting of t wo SDDCs:

1. Creat e an SDDC Group

2. Unlink the Cloud SDDC from Hybrid Linked Mode

3. Link vCenter Server Inst ances in an SDDC Group

4. Remove SDDCs from an SDDC Group and Delet e an SDDC Group

IMPORTANT

This lab requires that two students work t ogether. One student perform tasks 1, 2, and 3, and
t he other student performs task 4.

113
Task 1: Create an SDDC Group
You create an SD DC group using two student SDDCs.

1. From the VMware Cloud console, click Inventory in the left navigation pane.

2. Click t he SDDC Groups tab.

3. Creat e an SDDC group.

a. In the ACTIONS drop-down menu in top-right corner, select CREATE GROUP.
b. In the Name text box, enter SDDC-Group
c. Click NEXT.
d. Select both student SD DCs and click NEXT.
Do not use the Zerocloud SDDCs.
e. Select the Configuring VMware Transit Connect for your group will incur charges per
attachment and data transfers check box and click CREA TE GROUP.
The SD DC group is created.

4. Click t he SDDC group name.

T he SDDC group Summary tab opens.

5. Monitor the status of the SDDCs under the Connectivity Status column and wait f or the
status t o appear as CONN ECT ED.
T he connection process takes a few minut es.

Task 2: Unlink the Cloud SDDC from Hybrid Linked Mode

You must unlink the cloud SDDC from Hybrid Linked Mode because Hybrid Linked Mode over a
VPN connection is incompatible with SDDC groups.

IMPORTANT

Hybrid Linked Mode over a DX connect ion is unaffect ed when an SDDC is added to a group.

1. In the SDDC vSphere Client, click t he hamburger menu and select Administration.
2. Click Hybrid Management under Hybrid Cloud.
3. On the Hybrid Management page, click REMOVE for t he vCenter Server sa-vcsa-
01.vclass.local.

114
4. Provide t he on-premises single sign-on (SSO) credentials.

NOTE

You provide your on-premises administrator credentials to remove on-premises

configuration data t hat is associated with the Hybrid Linked Mode setup.

a. Enter adrninistrator@vsphere. local as the Username.

b. Enter VMware 1 ! as the Password.
Unlinking takes approximately 2 minutes.

5. Click OK.

Task 3: Link vCenter Server Instances in an SDDC Group

You link all vCenter Server instances in the SDDC group.

1. From the VMware Cloud console, click SDDCs.

2. Click the SDDC Groups tab.

3. Click the SDDC group name.

The SDDC group Summary tab opens.

4. Click the vCenter Linking tab.

5. Click LINK ALL VCENTERS.

6. Click the I understand the firewall rules and wish to proceed with vCenter linking check
box.

7. Click LINK.
Appropriate firewall rules are automatically created in both SDDCs.

The vCenter linking process takes approximately 2 minutes. The vCenter Server instances
are linked when the vCenter Linking Status appears as Linked for both SDDCs.

8. Open a new browser tab and go to the vSphere Client in your VMware Cloud vCenter
Server instance.

You can obtain the VMware Cloud vCenter Server vSphere Client URL from the Settings tab
in the VMware Cloud SDDC.

9. Log in using your [email protected] credentials.

10. Observe that both student instances of VMware Cloud SDDC vCenter Server are shown.

You can view only the VMware Cloud vCenter Server instances. The on-premises vCenter
Server instances do not appear.

11. If both student vCenter Server instances do not appear, log out of the vSphere Client and
log in again.

115
Task 4: Remove SDDCs from an SDDC Group and Delete an SDDC
Group
You remove SDDCs from the SDDC group and delete the group.

1. From the VMware Cloud console, click SDDCs.

2. Click t he SDDC Groups tab.

3. Click t he SDDC group name.

The SDDC group Summary tab opens.

4. Unlink vCent er Server instances.

a. Click the vCenter Linking tab.

b. Click UNLINK ALL VCENTERS.

c. Select the All vCenter linking will be unlinked and you will no longer manage all
vCenter servers collectively check box.

d. Click UNLINK.

The unlinking process begins and takes approximately 1 minute.

5. Remove SDDCs from the SDDC group.

a. Click the Summary tab.

b. Select the check boxes for both SDDCs.

c. Click REMOVE SDDCS.

A Removing 2 group members window opens.

d. Click CONTINUE.

The SD DCs are removed from the group. This process takes approximately 5 minutes.

6. Delete t he SDDC group.

a. Click the ACTIONS drop-down menu in the upper-right corner of the SDDC Group
Summary tab.

b. Click DELETE GROUP.

c. Select the You will lose all configurations and settings for the SDDC Group check box.

d. Select the All connectivity settings will be deleted check box.

e. Click DELETE GROUP.

The SDDC group is deleted.

116