diff --git a/content/en/ced/Student Access/_index.md b/content/en/ced/Student Access/_index.md new file mode 100644 index 00000000000..4df31b5b94e --- /dev/null +++ b/content/en/ced/Student Access/_index.md @@ -0,0 +1,58 @@ +--- +title: "Student Access Instructions" +linkTitle: "Student Access Instructions" +weight: 10 +date: 2020-03-13 +description: > + Below are the instructions for Student Access to Customer Experience Day Labs +--- +As VMware Cloud on AWS is a publicly accessible service, you are able to use your local browser on your laptop for the majority of the interactions you will make with the platform during this training class. This may be helpful if you are using non-english language regional settings. However there are modules in this lab that require using PowerShell and the API tool, Postman, if you are using a Mac and do not have Powershell Core installed or if you do not wish to install Postman, you will then need to use the provided Horizon Desktop session in order to complete these tasks. Please see the details on accessing this environment below. + +## Horizon Client Access + +[Download VMware Horizon Client for your OS](https://my.vmware.com/web/vmware/info?slug=desktop_end_user_computing/vmware_horizon_clients/4_0) + +Downloaded the client and install. + +Once you have the Horizon client running. + +1. Click the *+* button to add a new connection server. +2. Enter the connection server name as **desktop.vmc.ninja** +3. You may be prompted to accept an un-trusted certificate, please do so. + +You will now have a new Horizon session to connect to named **desktop.vmc.ninja** please click on this connection and you will be presented with a login prompt for the desktop session you will use for the class. + +Please use the credentials supplied to you by your Instructors + +## Horizon Web Access + +You may also access the environment through a web browser, if you do not want to download a client onto your laptop. + +Follow the steps below to access the desktop via the web browser + +[VMware Horizon HTML Portal Access](https://desktop.vmc.ninja/portal/webclient/index.html) + +The Password for these desktops will be shared by the instructor. + +| SDDC Name | VMC Console Login | Student Number | Horizon Login | +|------------|----------------------|----------------|---------------------| +| Student-1 | ced01@vmware-hol.com | Student 1 | student1@set.local | +| Student-2 | ced02@vmware-hol.com | Student 2 | student2@set.local | +| Student-3 | ced03@vmware-hol.com | Student 3 | student3@set.local | +| Student-4 | ced04@vmware-hol.com | Student 4 | student4@set.local | +| Student-5 | ced05@vmware-hol.com | Student 5 | student5@set.local | +| Student-6 | ced06@vmware-hol.com | Student 6 | student6@set.local | +| Student-7 | ced07@vmware-hol.com | Student 7 | student7@set.local | +| Student-8 | ced08@vmware-hol.com | Student 8 | student8@set.local | +| Student-9 | ced09@vmware-hol.com | Student 9 | student9@set.local | +| Student-10 | ced10@vmware-hol.com | Student 10 | student10@set.local | +| Student-11 | ced11@vmware-hol.com | Student 11 | student11@set.local | +| Student-12 | ced12@vmware-hol.com | Student 12 | student12@set.local | +| Student-13 | ced13@vmware-hol.com | Student 13 | student13@set.local | +| Student-14 | ced14@vmware-hol.com | Student 14 | student14@set.local | +| Student-15 | ced15@vmware-hol.com | Student 15 | student15@set.local | +| Student-16 | ced16@vmware-hol.com | Student 16 | student16@set.local | +| Student-17 | ced17@vmware-hol.com | Student 17 | student17@set.local | +| Student-18 | ced18@vmware-hol.com | Student 18 | student18@set.local | +| Student-19 | ced19@vmware-hol.com | Student 19 | student19@set.local | +| Student-20 | ced20@vmware-hol.com | Student 20 | student20@set.local | diff --git a/content/en/ced/VMware Cloud on AWS Labs/AWS Integration/_index.md b/content/en/ced/VMware Cloud on AWS Labs/AWS Integration/_index.md new file mode 100644 index 00000000000..7e423db2b07 --- /dev/null +++ b/content/en/ced/VMware Cloud on AWS Labs/AWS Integration/_index.md @@ -0,0 +1,397 @@ +--- +title: "AWS Integration" +linkTitle: "AWS Integration" +date: 2020-03-13 +weight: 20 +description: > + One of the most compelling reasons to adopt VMware Cloud on AWS is to integrate your existing systems which sit in your VMware Cloud environment, with application platforms which reside in your AWS Virtual Private Cloud (VPC) environment. The integration which VMware and AWS have created allows for these services to communicate, for free, across a private network address space for services such as EC2 instances, which connect into subnets within a native AWS VPC, or with platform services which have the ability to connect to a VPC Endpoint, such as S3 Storage. +--- + +## Understanding Integrations with AWS Services + +![aws-1](https://s3-us-west-2.amazonaws.com/vmc-workshops-images/aws-integrations/AWS-1.jpg) + +As the above diagram illustrates, the VMware stack not only sits next to the AWS services, but is tightly integrated with these services. This introduces a new way of thinking about how to design and leverage AWS services with your VMware SDDC. Some integrations our customers are using include: + +* VMware front-end and RDS backend +* VMware back-end and EC2 front-end +* AWS Application Load Balancer (ELBv2) with VMware front-end (pointing to private IPs) +* Lambda, Simple Queueing Service (SQS), Simple Notification Service (SNS), S3, Route53, and Cognito +* AWS Lex, and Alexa with the VMware Cloud APIs + +These are only a few of the integrations we've seen. There are many different services that can be integrated into your environment. +In this exercise we'll be exploring integrations with both AWS Simple Storage Service (S3) and AWS Relational Database Service (RDS). + +{% capture notice-2 %} +**Note:** There is a requirement in this lab to have completed the steps in the [Working with your SDDC Lab](https://vmc-field-team.github.io/labs/v2/working-with-sddc-lab/) concerning Content Library creation, Network creation, and Firewall Rule creation. +{% endcapture %} + +
+ {{ notice-2 | markdownify }} +
+ +### How these integrations are possible + +In addition to sitting within the AWS Infrastructure, there is an Elastic Network Interface (ENI) connecting VMware Cloud on AWS and the customer's Virtual Private Cloud (VPC), providing a high-bandwidth, low latency connection between the VPC and the SDDC. This is where the traffic flows between the two technologies (VMware and AWS). There are no EGRESS charges across the ENI within the same Availability Zone and there are firewalls on both ends of this connection for security purposes. + +How is traffic secured across the ENI? + +![aws-2](https://s3-us-west-2.amazonaws.com/vmc-workshops-images/aws-integrations/AWS-2.jpg) + +From the VMware side (see image below), the ENI comes into the SDDC at the Compute Gateway (NSX Edge). This means, on this end of the technology we allow and disallow traffic from the ENI with NSX Firewall rules. By default, no ENI traffic can enter the SDDC. Think of this as a security gate blocking traffic to and from AWS Services on the ENI until the rules are modified. + +![aws-3](https://s3-us-west-2.amazonaws.com/vmc-workshops-images/aws-integrations/AWS-3.jpg) + +On the AWS Services side (see image below), Security Groups are utilized. For those who are not familiar with Security Groups, they act as a virtual firewall for different services (VPCs, Databases, EC2 Instances, etc). This should be configured to deny traffic to and from the VMware SDDC unless otherwise configured. + +![aws-4](https://s3-us-west-2.amazonaws.com/vmc-workshops-images/aws-integrations/AWS-4.jpg) + +In this exercise, everything has been configured on the AWS side for you. You will however walk through how to open AWS traffic to come in and out of your VMware Cloud on AWS SDDC. + +### Compute Gateway Firewall Rules for Native AWS Services + +![aws-5](https://s3-us-west-2.amazonaws.com/vmc-workshops-images/aws-integrations/AWS-5.jpg) + +1. In the VMware Cloud on AWS portal click the **Networking & Security** tab +2. Click **Groups** in the left pane +3. Click **ADD GROUP** + +#### Name Workload Group + +![aws-6](https://s3-us-west-2.amazonaws.com/vmc-workshops-images/aws-integrations/AWS-6.jpg) + +1. Type **PhotoAppVM** for the Name +2. Leave **Virtual Machine** select for Member Type +3. Click **Set VMs** under Members + +#### Select VMs - Workload Group + +![aws-7](https://s3-us-west-2.amazonaws.com/vmc-workshops-images/aws-integrations/AWS-7.jpg) + +1. Click to select **Webserver01** +2. Click **SAVE** + +#### Save Group - Workload Group + +![aws-8](https://s3-us-west-2.amazonaws.com/vmc-workshops-images/aws-integrations/AWS-8.jpg) + +1. Click **SAVE** + +### Firewall Rules + +![aws-9](https://s3-us-west-2.amazonaws.com/vmc-workshops-images/aws-integrations/AWS-9.jpg) + +1. Click **Networking & Security** tab in your VMware Cloud on AWS Portal +2. Click **Gateway Firewall** in the left pane +3. Click and select **Compute Gateway** +4. Click **ADD NEW RULE** + +#### Add New Rule - AWS Inbound + +![aws-10](https://s3-us-west-2.amazonaws.com/vmc-workshops-images/aws-integrations/AWS-10.jpg) + +1. Name your new rule **AWS Inbound** +2. Click on **Set Source** + +#### Select Source - AWS Inbound + +![aws-11](https://s3-us-west-2.amazonaws.com/vmc-workshops-images/aws-integrations/AWS-11.jpg) + +1. Click to select **Connected VPC Prefixes** +2. Click **SAVE** + +#### Set Destination - AWS Inbound + +![aws-12](https://s3-us-west-2.amazonaws.com/vmc-workshops-images/aws-integrations/AWS-12.jpg) + +1. Click on **Set Destination** + +#### Select Destination - AWS Inbound (Continued) + +![aws-13](https://s3-us-west-2.amazonaws.com/vmc-workshops-images/aws-integrations/AWS-13.jpg) + +1. Click to select **PhotoAppVM** +2. Click **SAVE** + +#### Set Service - AWS Inbound + +![aws-14](https://s3-us-west-2.amazonaws.com/vmc-workshops-images/aws-integrations/AWS-14.jpg) + +1. Click on **Set Service** + +#### Set Service - AWS Inbound (Continued) + +![aws-15](https://s3-us-west-2.amazonaws.com/vmc-workshops-images/aws-integrations/AWS-15.jpg) + +1. Click to select **Any** +2. Click **SAVE** + +#### Publish - AWS Inbound + +![aws-16](https://s3-us-west-2.amazonaws.com/vmc-workshops-images/aws-integrations/AWS-16.jpg) + +1. Click on **PUBLISH** + +**Note:** Make sure to leave **All Uplinks** in the **Applied To** section. + +#### Add New Rule - AWS Outbound + +![aws-17](https://s3-us-west-2.amazonaws.com/vmc-workshops-images/aws-integrations/AWS-17.jpg) + +1. Click **ADD NEW RULE** +2. Name your new rule **AWS Outbound** +3. Click on **Set Source** + +#### Select Source - AWS Outbound + +![aws-18](https://s3-us-west-2.amazonaws.com/vmc-workshops-images/aws-integrations/AWS-18.jpg) + +1. Click to Select **PhotoAppVM** +2. Click **SAVE** + +#### Set Destination - AWS Outbound + +![aws-19](https://s3-us-west-2.amazonaws.com/vmc-workshops-images/aws-integrations/AWS-19.jpg) + +1. Click on **Set Destination** + +#### Select Destination - AWS Outbound + +![aws-20](https://s3-us-west-2.amazonaws.com/vmc-workshops-images/aws-integrations/AWS-20.jpg) + +1. Click to select **Connected VPC Prefixes** +2. Click **SAVE** + +#### Set Service - AWS Outbound + +![aws-21](https://s3-us-west-2.amazonaws.com/vmc-workshops-images/aws-integrations/AWS-21.jpg) + +1. Click on **Set Service** + +#### Set Service - AWS Outbound (Continued) + +![aws-22](https://s3-us-west-2.amazonaws.com/vmc-workshops-images/aws-integrations/AWS-22.jpg) + +1. Under **Select Services** type **3306** +2. Select **MySQL** checkbox +3. Click **SAVE** + +#### Publish - AWS Outbound + +![aws-23](https://s3-us-west-2.amazonaws.com/vmc-workshops-images/aws-integrations/AWS-23.jpg) + +1. Click **PUBLISH** + +**Note:** Make sure to leave **All Uplinks** in the **Applied To** section. + +### Add New Rule - Public In + +![aws-23a](https://s3-us-west-2.amazonaws.com/vmc-workshops-images/aws-integrations/AWS-24.jpg) + +1. Click on **ADD NEW RULE** + +#### Add New Rule - Public In (Continued) + +![aws-24](https://s3-us-west-2.amazonaws.com/vmc-workshops-images/aws-integrations/AWS-25.jpg) + +1. Type **Public In** for Name +2. Click on **Set Source** + +#### Select Source - Public In + +![aws-25](https://s3-us-west-2.amazonaws.com/vmc-workshops-images/aws-integrations/AWS-26.jpg) + +1. Click to select **Any** +2. Click **SAVE** + +#### Set Destination - Public In + +![aws-26](https://s3-us-west-2.amazonaws.com/vmc-workshops-images/aws-integrations/AWS-27.jpg) + +1. Click on **Set Destination** + +#### Select Destination - Public In + +![aws-27](https://s3-us-west-2.amazonaws.com/vmc-workshops-images/aws-integrations/AWS-28.jpg) + +1. Click to select **PhotoAppVM** +2. Click **SAVE** + +#### Set Service - Public In + +![aws-28](https://s3-us-west-2.amazonaws.com/vmc-workshops-images/aws-integrations/AWS-29.jpg) + +1. Click **Set Service** + +#### Set Service - Public In (Continued) + +![aws-29](https://s3-us-west-2.amazonaws.com/vmc-workshops-images/aws-integrations/AWS-30.jpg) + +1. Type **HTTP 80** under **Select Services** +2. Click to Select **HTTP** +3. Click **SAVE** + +#### Publish - Public In + +![aws-30](https://s3-us-west-2.amazonaws.com/vmc-workshops-images/aws-integrations/AWS-31.jpg) + +1. Click **PUBLISH** + +**Note:** Make sure to leave **All Uplinks** in the **Applied To** section. + +## AWS Relational Database Service (RDS) Integration + +Amazon RDS makes it easy to set up, operate, and scale a relational database in the cloud. It provides cost- efficient and resizable capacity while automating time-consuming administration tasks such as hardware provisioning, database setup, patching and backups. It frees you to focus on your applications so you can give them the fast performance, high availability, security and compatibility they need. + +In this exercise, you will be able to integrate a VMware Cloud on AWS virtual machine to work in conjunction with a relational database running in Amazon Web Services (AWS) that has been previously setup on your behalf. + +### Make Note of Webserver01 IP Address + +![aws-31](https://s3-us-west-2.amazonaws.com/vmc-workshops-images/aws-integrations/RDS1.jpg) + +You will be using the VM created in the previous module in order to complete this exercise. + +1. In your vCenter interface for VMware Cloud on AWS, find your **Webserver01** VM you deployed, and ensure it has been assigned an IP address as shown in the graphic. + +### Assign Public IP + +![aws-32](https://s3-us-west-2.amazonaws.com/vmc-workshops-images/aws-integrations/RDS2.jpg) + +1. Go back your VMware Cloud on AWS portal and click on the **Networking & Security** tab in order to request a Public IP address +2. Click **Public IPs** in the left pane +3. Click on **REQUEST NEW IP** +4. In the notes area type **PhotoAppIP** +5. Click **SAVE** + +### Note New Public IP + +![aws-33](https://s3-us-west-2.amazonaws.com/vmc-workshops-images/aws-integrations/RDS3.jpg) + +Take note of your newly created Public IP. + +### Create a NAT Rule + +![aws-34](https://s3-us-west-2.amazonaws.com/vmc-workshops-images/aws-integrations/RDS4.jpg) + +1. Click **NAT** in the left pane +2. Click **ADD NAT RULE** +3. Type **PhotoApp NAT** for Name +4. Ensure the Public IP you requested in the previous step appears under Public IP +5. Leave **All Traffic** (no change) +6. Type the IP address of your **Webserver01** VM you noted at the beginning of this exercise +7. Click **SAVE** + +### AWS Relational Database Service (RDS) Integration Exercise + +![aws-35](https://s3-us-west-2.amazonaws.com/vmc-workshops-images/aws-integrations/RDS24.jpg) + +On your browser, open a new tab and go to: + +1. Account ID or alias - Please refer to the information on the card provided to you for Account ID information +2. IAM user name - **Student#** (where # is the number assigned to you) +3. Password - **VMCworkshop1211** +4. Click **Sign In** + +Please note you might get either of the 2 sign on screens above. If you get the one on the right, enter Account ID and click **Next** + +### RDS Information + +![aws-36](https://s3-us-west-2.amazonaws.com/vmc-workshops-images/aws-integrations/RDS6.jpg) + +1. You are now signed in to the AWS console. Make sure the region selected is **Oregon** +2. Click on the **RDS** service (You may need to expand **All services**) + +### RDS Instance + +![aws-37](https://s3-us-west-2.amazonaws.com/vmc-workshops-images/aws-integrations/RDS07.jpg) + +1. In the left pane click on **Databases** +2. Click on the RDS instance that corresponds to designated number + +{% capture notice-2 %} +**Note: Be aware that you may need to look on Page 2 of this view to find your DB** +{% endcapture %} +
+ {{ notice-2 | markdownify }} +
+ +### Navigate to Security Groups + +![aws-38](https://s3-us-west-2.amazonaws.com/vmc-workshops-images/aws-integrations/RDS08.jpg) + +1. Scroll down to the **Details** area and under **Connectivity & security** notice that the RDS instance is not publicly accessible, meaning this instance can only be accessed from within AWS +2. Click in the blue hyperlink under **Security groups** + +### Security Groups + +![aws-39](https://s3-us-west-2.amazonaws.com/vmc-workshops-images/aws-integrations/RDS9.jpg) + +1. Choose the **Student##-RDS-Inbound** RDS Security group corresponding to you (may not match your student number) +2. After highlighting the appropriate security group click on the **Inbound** tab below + +{% capture notice-2 %} +**Note: VMware Cloud on AWS establishes routing in the default VPC Security Group, only RDS can leverage this or create its own** +{% endcapture %} +
+ {{ notice-2 | markdownify }} +
+ +### Outbound Traffic + +![aws-40](https://s3-us-west-2.amazonaws.com/vmc-workshops-images/aws-integrations/RDS10.jpg) + +1. Click **Outbound** tab +2. You can see All traffic (internal to AWS) allowed, this includes your VMware Cloud on AWS SDDC logical networks. + +### Elastic Network Interface (ENI) + +![aws-41](https://s3-us-west-2.amazonaws.com/vmc-workshops-images/aws-integrations/RDS11.jpg) + +AWS Relational Database Service (RDS), also creates its own Elastic Network Interface (ENI) for access which is separate from the ENI created by VMware Cloud on AWS. + +1. Click on **Services** to go back to the Main Console +2. Click on **EC2** + +### ENI (Continued) + +![aws-42](https://s3-us-west-2.amazonaws.com/vmc-workshops-images/aws-integrations/RDS12.jpg) + +1. In the EC2 Dashboard click **Network Interfaces** in the left panel +2. All Student environments belong to the same AWS account, therefore, hundreds of ENI's may exist. In order to minimize the view type **RDS** in the search area and press Enter to add a filter +3. Highlight your **Student##-RDS-Inbound** security group corresponding to your student number based on the second octect of the CIDR block in the last column. + + In this example the CIDR block is 172.6.8.187, this would correspond to student **6** + +4. Make note of the **Primary private IPv4 IP** address for the next step + +### Photo App + +![aws-41](https://s3-us-west-2.amazonaws.com/vmc-workshops-images/aws-integrations/RDS13.jpg) + +1. On your smart phone (tablet or personal computer), open up a browser and type your public IP address you requested in the VMware Cloud on AWS portal in the browser address bar followed by /Lychee (case sensitive) ie: 1.2.3.4/Lychee +2. Enter the database connection information below (__case sensitive__), using the IP address you noted in the previous step from the RDS ENI: + + Database Host: x.x.x.x:3306 + Database Username: student# (where # is the number assigned to you) + Database Password: VMware1! + +3. Click **Connect** + +### Enter Login Information + + ![aws-42](https://s3-us-west-2.amazonaws.com/vmc-workshops-images/aws-integrations/RDS15.jpg) + + 1. Type **student#** (where # is the number assigned to you) for user name and **VMware1!** for password. + 2. Click **Sign In** + +### Photo Albums + +![aws-43](https://s3-us-west-2.amazonaws.com/vmc-workshops-images/aws-integrations/RDS16.jpg) + +Congratulations, you have successfully logged in to the photo app! + +OPTIONAL: Feel free to take a picture of the room with your smart phone and upload it to the Public folder. + +In summary, the front end (web server) is running in VMware Cloud on AWS as a VM, the back end which is a MySQL database is running in AWS Relational Database Service (RDS) and communicating through the Elastic Network Interface (ENI) that gets established upon the creation of the SDDC. + +You have completed the AWS Integraton Lab. \ No newline at end of file diff --git a/content/en/ced/VMware Cloud on AWS Labs/VMware Cloud on AWS APIs/_index.md b/content/en/ced/VMware Cloud on AWS Labs/VMware Cloud on AWS APIs/_index.md new file mode 100644 index 00000000000..efd35a39e7a --- /dev/null +++ b/content/en/ced/VMware Cloud on AWS Labs/VMware Cloud on AWS APIs/_index.md @@ -0,0 +1,499 @@ +--- +title: "VMware Cloud on AWS APIs" +linkTitle: "VMware Cloud on AWS APIs" +date: 2020-03-13 +weight: 30 +description: > + In this lab exercise we will be showing how you can interact with the VMware Cloud on AWS platform through programmatic means. We will go through how we can use PowerShell as a means to interact with the Cloud Solution Platform as well as the vCenter instance. We will then delve into how we can interact with the VMware Cloud on AWS REST API and perform actions in both the integrated "Developer Center" view in the console, and also through popular third party and open source REST clients. For the purposes of our lab exercise we will be making use of "Postman" as our REST Client. +--- +## Using PowerShell + +![APIs1](https://s3-us-west-2.amazonaws.com/vmc-workshops-images/APIs/APIs1.jpg) + +1. Click on **Start**, and scroll down until you see the Windows PowerShell menu +2. Right click on the **PowerShell** CLI shortcut icon and select **Run as Administrator** + + ![APIs3](https://s3-us-west-2.amazonaws.com/vmc-workshops-images/APIs/APIs3.jpg) + +Install the VMware PowerCLI module + +```powershell +Install-Module VMware.PowerCLI +``` + +**NOTE**: You will be asked to install the NuGet provider, take the default or press **Y** and press enter, you will then be asked to trusted an untrusted repository, **DO NOT** take the default but type **Y** and press Enter. + +![APIs4](https://s3-us-west-2.amazonaws.com/vmc-workshops-images/APIs/APIs4.jpg) + +We now need to set the execution policy to Remote Signed. + +```powershell +Set-ExecutionPolicy -ExecutionPolicy RemoteSigned -Force +``` + +![APIs5](https://s3-us-west-2.amazonaws.com/vmc-workshops-images/APIs/APIs5.jpg) + +You now will need to set the PowerCLI Configuration to Ignore Invalid Certificates. + +**IMPORTANT STEP:** + +```powershell +Set-PowerCLIConfiguration -InvalidCertificateAction Ignore -Confirm:$false -WarningAction:SilentlyContinue +``` + +**NOTE**: Be sure the "i" in "Ignore" is capitalized if you are not using copy/paste + +![APIs6](https://s3-us-west-2.amazonaws.com/vmc-workshops-images/APIs/APIs6.jpg) + +We now need to install the VMware CLI commands + +```powershell +Install-Module -name VMware.VMC -scope AllUsers -Force +``` + +![APIs7](https://s3-us-west-2.amazonaws.com/vmc-workshops-images/APIs/APIs7.jpg) + +Let's take a quick look at the VMware CLI commands + +```powershell +Get-VMCCommand -WarningAction:SilentlyContinue +``` + +![APIs8](https://s3-us-west-2.amazonaws.com/vmc-workshops-images/APIs/APIs8.jpg) + +We now need to get your Refresh Token from the VMC console. Switch back to or open the web browser and log into **vmc.vmware.com** + +If you are not already logged in + +3. Open a new tab +4. Click on the VMware Cloud on AWS shortcut +5. Fill in your email address +6. Click on **Next** + + ![APIs9](https://s3-us-west-2.amazonaws.com/vmc-workshops-images/APIs/APIs9.jpg) + +7. Click on the drop down next to your **Name/Org ID** +8. Click on **My Account** + + ![APIs10](https://s3-us-west-2.amazonaws.com/vmc-workshops-images/APIs/APIs010.jpg) + + We will now create a new Refresh Token for the ID linked to this Org + +9. Click on **API Tokens** tab. +10. Click **Generate a New API Token** + + ![APIs011](https://s3-us-west-2.amazonaws.com/vmc-workshops-images/APIs/APIs011.jpg) + +11. Give the token a name. +12. Select checkbox by **Organization Owner.** +13. Select checkbox by **VMware Cloud on AWS.** +14. Click **Generate** button. + + ![APIs012](https://s3-us-west-2.amazonaws.com/vmc-workshops-images/APIs/APIs012.jpg) + +15. Click on **Copy** button to save refresh token to clipboard. + +***Note:*** Make sure to save this refresh token in a safe place to be used in the next section when using API's in Postman. + +Now let's attach to the VMC server, input the command below and append the refresh token after the -refreshtoken parameter + +```powershell +connect-vmc -refreshtoken +``` + +![APIs13](https://s3-us-west-2.amazonaws.com/vmc-workshops-images/APIs/APIs13.jpg) + +Now that we are connected to our VMC organization through PowerShell, we can see what Orgs we have access to using the following command + +```powershell +Get-VMCorg +``` + +Note the Org Display_Name and ID + +![APIs14](https://s3-us-west-2.amazonaws.com/vmc-workshops-images/APIs/APIs14.jpg) + +Now that we know the Org Display_Name we can find out information about the SDDC's inside our org. + +**NOTE**: replace # with your workstation number + +```powershell +Get-VMCSDDC -Org VMC-WS# +``` + +![APIs15](https://s3-us-west-2.amazonaws.com/vmc-workshops-images/APIs/APIs15.png) + +Another cool thing you can do is see the Default Credentials for your SDDC + +```powershell +Get-VMCSDDCDefaultCredential -org VMC-WS# +``` + +**NOTE**: replace # with your workstation number + +## REST APIs through Developer Center + +In this module we will be using the VMware Cloud on AWS REST API to get some basic information about your VMware Cloud on AWS Organization and SDDC deployment. To do this we will be using the new Developer Center feature in VMware Cloud on AWS. This was built specifically to focus on using APIs and scripts to create SDDCs, add and remove hosts, plus connect to and use the full vCenter API set. To get started, let go back to your VMC environment. + +![DeveloperCenter1](https://s3-us-west-2.amazonaws.com/vmc-workshops-images/APIs/DeveloperCenter1.jpg) + +Launch the Chrome browser on your Student View Desktop + +![DeveloperCenter2](https://s3-us-west-2.amazonaws.com/vmc-workshops-images/APIs/DeveloperCenter2.jpg) + +If you are not already logged in, log into your VMware Cloud on AWS organisation. + +1. From within the VMware Cloud on AWS tab, click on the Developer Center menu + + ![DeveloperCenter3](https://s3-us-west-2.amazonaws.com/vmc-workshops-images/APIs/DeveloperCenter3.jpg) + + In the Developer Center there are a lot of great resources for you to explore. For example, let's check out a code sample that was uploaded by one of our API developers. If you scroll through this screen you will see there are code samples for Postman (a REST API Development Tool) + + You will also find samples for Python, PowerCLI, and many others. Anyone can contribute code samples to the community, if that interests you go to or click on the link **VMware{code} Sample Exchange**. +2. Click on *Code Samples* in the menu +3. Click on *Download* in the "PowerCLI - VMC Example Script" box + + ![DeveloperCenter4](https://s3-us-west-2.amazonaws.com/vmc-workshops-images/APIs/DeveloperCenter4.jpg) + + After the script downloads +4. Click on the dropdown arrow +5. Click on **Show in Folder** +6. Unzip the **PowerCLI-Example-Scripts-master.zip** file +7. Open the **PowerCLI-Example-Scripts-master** folder +8. Open **Scripts** folder +9. Open **VMware_Cloud_on_AWS** folder +10. Right click on the **VMC Example Script.ps1** script +11. Click on edit + + This will open the PowerShell ISE environment. Now you can see the PowerShell commands you used in the previous module as well as other commands you can use with your SDDC. Close the PowerShell ISE windows + + ![DeveloperCenter6](https://s3-us-west-2.amazonaws.com/vmc-workshops-images/APIs/DeveloperCenter6.jpg) + + Let's now run some simple REST API commands built into Developer Center, go back to your browser + +12. Click on the API Explorer menu +13. Make sure you select your SDDC +14. Click on the drop down arrow next to Organization +15. Click on the drop down arrow next to the first "GET" API +16. Click on *Execute* + + ![DeveloperCenter7](https://s3-us-west-2.amazonaws.com/vmc-workshops-images/APIs/DeveloperCenter7.jpg) + + What did we not do?? We did not put in any authentication to pull this data. The reason is we are using the session authentication to execute these commands. To run these commands in other application, like PowerShell or Postman, you will need to get your resource and session tokens before you can run these commands. + + Let's look through the response. +17. Here you see the Organization's alphanumeric name. Which you can also find in *\#3* +18. The organization *ID*. *NOTE*: Copy the ID number, without the quotes, for possible use in the next step. +19. The organization *Display_Name* +20. The organization Version + + ![DeveloperCenter8](https://s3-us-west-2.amazonaws.com/vmc-workshops-images/APIs/DeveloperCenter8.jpg) + + In this step, we will GET some information about our organization +21. Click on the drop down arrow by SDDCs +22. Click on **GET** +23. The Org ID should already be filled in for you, another great feature the developers built in based on customer feedback. *NOTE*: If this Org ID did not automatically fill in, paste it in. +24. Click on **Execute** + + ![DeveloperCenter9](https://s3-us-west-2.amazonaws.com/vmc-workshops-images/APIs/DeveloperCenter9.jpg) + + Now let's look at the response body +25. The creation date of the SDDC +26. The SDDC ID +27. the SDDC state + +## Postman + +In this module, we will be exploring how to use Postman to execute REST API requests and build automation through collections. Postman is an API Explorer tool. As an example, you can create variables for use within the APIs, test the response, and use webhooks to integrate with collaboration platforms. + +![Postman1](https://s3-us-west-2.amazonaws.com/vmc-workshops-images/APIs/Postman1.jpg) + +Postman is very easy to install, so let's get started. + +1. Open a new browser tab and go to +2. Click on *Download the App* + + ![Postman2](https://s3-us-west-2.amazonaws.com/vmc-workshops-images/APIs/Postman2.jpg) + +3. Select Postman for **Windows (64-bit)**. Click **Download**. Double-click on the downloaded file, the install will execute without interaction. + + *NOTE*: For cleanup you can close all postman tabs in Chrome + + ![Postman3](https://s3-us-west-2.amazonaws.com/vmc-workshops-images/APIs/Postman3.jpg) + +4. Click on the text: *Skip Signing in and Take me straight to the app* + + ![Postman4](https://s3-us-west-2.amazonaws.com/vmc-workshops-images/APIs/Postman4.jpg) + +5. Uncheck *Show this window on launch* +6. Close this window + + ![Postman5](https://s3-us-west-2.amazonaws.com/vmc-workshops-images/APIs/Postman5.jpg) + + Go back to your browser window, if you do not have a tab opened for VMware Cloud on AWS, follow the below instructions + +7. Navigate to to download the vSphere Automation REST SDK. + + Our internal API development team has done a great job pre-creating SDKs for many of the popular languages in use today. For this module, we will be using the SDK for REST to show you how you can easily import and reuse some pre-built collections to create your own. + + ![Postman7](https://s3-us-west-2.amazonaws.com/vmc-workshops-images/APIs/Postman7.jpg) + +8. *This step intentionally left blank* +9. *This step intentionally left blank* +10. Click on the download menu +11. Click on *Open* + + ![Postman8](https://s3-us-west-2.amazonaws.com/vmc-workshops-images/APIs/Postman8.jpg) + +12. Click on *Extract* +13. Click on *Extract all* + + ![Postman9](https://s3-us-west-2.amazonaws.com/vmc-workshops-images/APIs/Postman9.jpg) + + We will keep the default file path. + +14. Uncheck the box +15. Click on *Extract* + + Close the file explorer window + + ![Postman10](https://s3-us-west-2.amazonaws.com/vmc-workshops-images/APIs/Postman10.jpg) + + Now that we have Postman installed and our REST samples on our local system, lets import the VMC collection and use some the requests to build our own collection. + +16. Click on *Import* +17. Click on *Choose Files* + + ![Postman11](https://s3-us-west-2.amazonaws.com/vmc-workshops-images/APIs/Postman11.jpg) + + To import the VMC collection json file we downloaded earlier. + +18. Browse to the directory we extracted the zip file to earlier. That directory should be *C:\downloads\vsphere-automation-sdk-rest-master\vsphere-automation-sdk-rest-master\samples\postman* +19. Click *VMware Cloud on AWS APIs.postman_collection.json* +20. Click *Open* + + ![Postman12](https://s3-us-west-2.amazonaws.com/vmc-workshops-images/APIs/Postman12.jpg) + + We now need to get our refresh token for our Org in VMC. Go back to your VMware Cloud on AWS tab in your browser + +21. Click on the drop down next to your *Name/Org ID* +22. Click on *My Account* + + We will now create a new Refresh Token for the ID linked to this Org. + + ***NOTE***: If you have already generated a token, use the same token that was generated. You can also regenerate a new token if needed. + + ![Postman13](https://s3-us-west-2.amazonaws.com/vmc-workshops-images/APIs/APIs010.jpg) + +23. Click on **API Tokens** tab. +24. Click **Generate a New API Token** + + ![APIs011](https://s3-us-west-2.amazonaws.com/vmc-workshops-images/APIs/APIs011.jpg) + +25. Give the token a name. +26. Select checkbox by **Organization Owner.** +27. Select checkbox by **VMware Cloud on AWS.** +28. Click **Generate** button. + + ![APIs012](https://s3-us-west-2.amazonaws.com/vmc-workshops-images/APIs/APIs012.jpg) + +29. Click on **Copy** button to save refresh token to clipboard. + + ![Postman16](https://s3-us-west-2.amazonaws.com/vmc-workshops-images/APIs/Postman16.jpg) + + Return to the Postman app. We now need to setup a Postman environment for use with VMC. An environment is where we will be creating and storing our variables. These variables can be local or global, depending on your use within Postman. In this module, we will only be using local variables. + +30. Click on **New** +31. Click on **Environment** + + ![Postman17](https://s3-us-west-2.amazonaws.com/vmc-workshops-images/APIs/Postman17.jpg) + +32. Name the environment **VMC** +33. In the Key column type in **refresh_token** +34. In the Value column use CTRL-V to paste your actual refresh token you copied in a previous step. +35. Click on **Add** +36. Close the window + + ![Postman18](https://s3-us-west-2.amazonaws.com/vmc-workshops-images/APIs/Postman18.jpg) + + Now set this as our default environment. + + *NOTE*: If you don't set the default environment to *VMC*, then the variables that get created will not be accessible. + +37. Click on the drop down arrow +38. Select **VMC** + + ![Postman19](https://s3-us-west-2.amazonaws.com/vmc-workshops-images/APIs/Postman19.jpg) + + Now we will start to build our own collection by using some request that came in the SDK we imported earlier. + +39. Click on **Collections** +40. Click on - **Authentication and Login** +41. See how this request is our refresh token variable we defined in an earlier step. + + *NOTE*: If the environment is not set to VMC, this will request will fail because the refresh_token variable is not defined. + +42. Click on **Send** +43. You will now see the access token that was generated with the refresh token. This is the body or payload of the response to our request. + + ![Postman20](https://s3-us-west-2.amazonaws.com/vmc-workshops-images/APIs/Postman20.jpg) + +44. Click on the Eye icon + + You will see that we have stored your access token into a variable so we can use it for futurecalls. How did we do that? We ran a "test" on the response body. You will see how in the next step. + + ![Postman21](https://s3-us-west-2.amazonaws.com/vmc-workshops-images/APIs/Postman21.jpg) + +45. Click on **Tests** + + The access_token variable was set by running some java script code against the response. We are also using the Postman setEnvironmentVariable function to create it. + + ![Postman22](https://s3-us-west-2.amazonaws.com/vmc-workshops-images/APIs/Postman22.jpg) + + Lets save this request to our own collection so we can use it later. + +46. Click on the drop down arrow +47. Click on **Save As** + + ![Postman23](https://s3-us-west-2.amazonaws.com/vmc-workshops-images/APIs/Postman23.jpg) + +48. Change the Request name to **Authorize** +49. Change the Request description to *Get Access Token* +50. Click on **Create Collection** +51. Type **Workshop** and click the *check box* + + ![Postman24](https://s3-us-west-2.amazonaws.com/vmc-workshops-images/APIs/Postman24.jpg) + +52. Select the **Workshop** folder +53. Click on **Save to Workshop** + + ![Postman25](https://s3-us-west-2.amazonaws.com/vmc-workshops-images/APIs/Postman25.jpg) + + A new window will pop open indicating that you created a new collection. We will not do anything here at this time. + +54. Close this window + + ![Postman26](https://s3-us-west-2.amazonaws.com/vmc-workshops-images/APIs/Postman26.jpg) + + Let's request some details from our Org so we can send them to Slack. + +55. Click on **Orgs** and **List Orgs** +56. Click on **Headers** +57. Click **Send** +58. You see here how we are using the **access_token** variable for the **csp-auth-token**. This will authorize our request. *NOTE*: This access token is only good for 30 minutes. If you run this request and get a response of **400 unauthorized**, go back and run the authorize request. +59. Look through the response body for your Org's **display_name** + + ![Postman27](https://s3-us-west-2.amazonaws.com/vmc-workshops-images/APIs/Postman27.jpg) + + Let's save this request to our own collection so we can use it later. + +60. Click on the drop down arrow +61. Click on **Save As** + + ![Postman28](https://s3-us-west-2.amazonaws.com/vmc-workshops-images/APIs/Postman28.jpg) + +62. Change the Request name to **Org list** +63. Change the Request description to **Get a list of your Orgs** +64. Be sure *Workshop* is selected under **Select a collection or folder to save to:** +65. Click on **Save to Workshop** + + ![Postman29](https://s3-us-west-2.amazonaws.com/vmc-workshops-images/APIs/Postman29.jpg) + + We need to replace the Test code that came with the SDK so we can create variable we want to use when send our message to Slack. + +66. Click on **Tests** + Copy and paste the below code into the **Tests** section. *NOTE*: You may have to press CTRL-V to paste into the text box. +67. Click **Send** + + ```javascript + var jsonData = JSON.parse(responseBody); + + if (responseCode.code === 200) { + for (i = 0; i < jsonData.length; i++) { + pm.environment.set("name", jsonData[i].display_name); + pm.environment.set("ID", jsonData[i].id); + pm.environment.set("version", jsonData[i].version); + pm.environment.set("state", jsonData[i].project_state); + } + } + ``` + + ![Postman30](https://s3-us-west-2.amazonaws.com/vmc-workshops-images/APIs/Postman30.jpg) + + We can verify if the variables have been created and assigned values. + +68. Click on the eye icon +69. Scroll down to see if the new variables were created. + Once verified click on the "eye" icon again to close the window + + ![Postman31](https://s3-us-west-2.amazonaws.com/vmc-workshops-images/APIs/Postman31.jpg) + + Lets save the changes we made to this request. +70. Click on **Save** + + ![Postman32](https://s3-us-west-2.amazonaws.com/vmc-workshops-images/APIs/Postman32.jpg) + + Now that we have details of our Org lets send them to slack inn a message. + + To post to slack a link needs to be generated for the slack channel that we want to post to. This has already been done for you and is listed below. One of the instructors will have this slack channel displayed on the screens. So you can see the results. + + Slack channel URL: + + ```link + https://hooks.slack.com/services/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 + ``` + + Now we need to setup the request: + +71. Click on the **+** sign for a new request +72. Change the request type to **POST** +73. Cut and paste the above slack channel URL to the *address* box +74. Select **Body** +75. Change the format type to **raw** +76. Type the below code, or cut and paste it into the Body section. *NOTE*: You may have to press CTRL-V to past into the text box. + + ```json + { + "text" : "{% raw %}Your Org ID is: {{ID}}\nYour Org version is: {{version}}\nAnd your Org state is: {{state}}{% endraw %}", + "username" : "{% raw %}{{name}}{% endraw %}" + } + ``` + +77. Click **Send** + + ![Postman33](https://s3-us-west-2.amazonaws.com/vmc-workshops-images/APIs/Postman33.jpg) + + Lets save this request to our own collection so we can use it later. + +78. Click on the drop down arrow +79. Click on **Save As** + + ![Postman34](https://s3-us-west-2.amazonaws.com/vmc-workshops-images/APIs/Postman34.jpg) + +80. Change the Request name to **Post to Slack** +81. Change the Request description to **Post some Org details to slack** Be sure Workshop is selected under *Select a collection or folder to save to:* +82. Click on **Save to Workshop** + + Check and see if your request posted the Name, ID, Version, and Status of your Org. + + ![Postman35](https://s3-us-west-2.amazonaws.com/vmc-workshops-images/APIs/Postman35.jpg) + + The last thing to show you with Postman is the way that you can run a collection to automate a series of tasks. What we have been doing in this module is building a collection. As you see in the screen shot there are 3 tasks in the Workshop collection. + +83. Click on the Arrow in the Workshop window +84. Click on **Run** + + ![Postman36](https://s3-us-west-2.amazonaws.com/vmc-workshops-images/APIs/Postman36.jpg) + +85. Click on **Run Workshop** +86. Be sure the **Environment** is set to VMC + + ![Postman37](https://s3-us-west-2.amazonaws.com/vmc-workshops-images/APIs/Postman37.jpg) + + If all your work was saved and ran individually, they should run here as well. + +87. Check out the status of each request. + +If you have all "200 OK" then you will see another post in slack for your workshop Org. + +Please add comments below if you would like to give feedback on this lab. \ No newline at end of file diff --git a/content/en/ced/VMware Cloud on AWS Labs/VMware Hybrid Cloud Extension (HCX)/_index.md b/content/en/ced/VMware Cloud on AWS Labs/VMware Hybrid Cloud Extension (HCX)/_index.md new file mode 100644 index 00000000000..88b54cbd235 --- /dev/null +++ b/content/en/ced/VMware Cloud on AWS Labs/VMware Hybrid Cloud Extension (HCX)/_index.md @@ -0,0 +1,218 @@ +--- +title: "VMware Cloud on AWS HCX" +linkTitle: "VMware Cloud on AWS HCX" +date: 2020-03-13 +weight: 40 +description: > + In this lab exercise you will learn about Hybrid Cloud Extension (HCX), Primarily this is a tool, bundled with VMware Cloud on AWS, which will allow you to bulk migrate workloads to VMware Cloud on AWS and significantly reduce the time and complexity of moving workloads into the public cloud sphere. +--- + +## What is Hybrid Cloud Extension (HCX) + +![HCX1](https://s3-us-west-2.amazonaws.com/vmc-workshops-images/HCX/HCX1.jpg) + +Hybrid Cloud Extension abstracts on-premises and cloud resources and presents them to the apps as one continuous hybrid cloud. On this, Hybrid Cloud Extension provides high-performance, secure and optimized multi-site interconnects. The abstraction and interconnects create infrastructure hybridity. Over this hybridity, Hybrid Cloud Extension facilitates secure and seamless app mobility and disaster recovery across on-premises vSphere platforms and VMware Clouds. Hybrid Cloud Extension is a multi-site, multi cloud service, facilitating true hybrid cloud. + +### Hybrid Cloud Extension Features + +![HCX2](https://s3-us-west-2.amazonaws.com/vmc-workshops-images/HCX/HCX2.jpg) + +#### Any-to-Any vSphere Cloud App Mobility + +* Rapidly move existing workloads from a vSphere platform to the latest SDDC +* Reduce upfront planning time for cost and resource analysis +* Accelerate cloud adoption and avoid retrofitting on-premises environment Business Continuity with Lower TCO + +#### Business Continuity with Lower TCO + +* IP and MAC address remapping is not required +* No need to retrofit existing VM environment +* Hybrid Cloud Extension provides warm and cold bulk migration, and bidirectional migration +* Hybrid Cloud Extension simplifies your operational model + +#### Architected for Security + +* Ensure highly secure tethering of private and public clouds +* Protect resources with resilient disaster recovery capabilities +* Hybrid Cloud Extension hybrid DMZ enables portability of enterprise network and security practices to the cloud +* Security policies migrate with applications High-Performance Infrastructure Hybridity + +#### High Performance Infrastucture Hybridity + +* In-built WAN optimization is tuned for the needs of hybrid use cases +* Hybrid Cloud Extension provides agile, intelligent routing +* Traffic load balancing overlay is policy-enforced +* Multiple VM migration models (including vMotion, warm, cold) make it easy to migrate to and from the cloud without any changes + +## Configure HCX + +Click on the link below to walk through on how to install and configure HCX within your on-prem vCenter environment. + +[HCX Install and Configuration](https://s3-us-west-2.amazonaws.com/vmc-workshops-images/HCX/HCX-OnPrem-Installation.htm){:target="_blank"} + +## HCX - vMotion Migration + +Now that you are familiar with installing and configuring HCX. Let's do an actual vMotion (live) migration of a virtual machine to VMware Cloud on AWS. + +{% capture notice-1 %} +Note: Be aware that the following exercise will use a pre-configured on-premise and VMware Cloud on AWS environment to demonstrate HCX migrations, the migrated VMs will not appear in your own Student SDDC you have been using. +{% endcapture %} +
+ {{ notice-1 | markdownify }} +
+ +### Log into On-Prem vCenter + +We have provided an on-prem vCenter with virtual machines to migrate. Based on your student ## please select the appropriate VM to migrate. + +From your Horizon desktop (desktop.vmc.ninja) open Google Chrome and access the on-prem vCenter + +{% capture notice-2 %} +Note: Refer to the [Student Access](https://vmc-field-team.github.io/student-access/){:target="_blank"} page to log into your Horizon desktop +{% endcapture %} +
+ {{ notice-2 | markdownify }} +
+ +![HCX01](https://s3-us-west-2.amazonaws.com/vmc-workshops-images/HCX/hcx01.jpg) + +1. Open Google Chrome and enter for the URL. +2. Type in your student (student#@set.local) credentials. +3. Type in your password assigned to you. +4. Click **Login** to continue. + +### Migrate Virtual Machine to the Cloud + +![HCX02](https://s3-us-west-2.amazonaws.com/vmc-workshops-images/HCX/hcx02.jpg) + +1. Click the arrow to expand **Datacenter**. +2. Click the arrow to expand **VSAN-Cluster** cluster. +3. Click the arrow to expand **Migrate** resource pool. +4. Click on the **Student##** virtual machine. +5. Make note of the **IP Address** to ping later. + +![HCX02-1](https://s3-us-west-2.amazonaws.com/vmc-workshops-images/HCX/hcx02-1.jpg) + +1. Right click on the Windows Icon in the lower left of your desktop. +2. Click on **Command Prompt**. + +![HCX02-2](https://s3-us-west-2.amazonaws.com/vmc-workshops-images/HCX/hcx02-2.jpg) + +1. In case you didn't capture the IP Address of the virtual machine. +2. Type in the command prompt **ping -t 172.60.2.xxx**. + +![HCX03](https://s3-us-west-2.amazonaws.com/vmc-workshops-images/HCX/hcx03.jpg) + +1. Go back to vCenter console and right click on your **Student##** virtual machine. +2. Hover your mouse over **Hybridity Actions**. +3. Click on **Migrate to the Cloud**. + +![HCX04](https://s3-us-west-2.amazonaws.com/vmc-workshops-images/HCX/hcx04.jpg) + +To migrate your virtual machine VMware Cloud on AWS you will have to select the destinations for the folder, resource pool and datastore. + +**Note: Make sure to select the Migrate folder and resource pool to ensure you can find the same virtual machine when migrating back to on-prem.** + +1. Click on **Specify Destination Folder** and select the **Migrate** folder. +2. Click on **Specify Destination Container** and select the **Migrate** resource pool. +3. Click on **Select Storage** and select the **WorkloadDatastore** datastore. +4. Click on **Select Migration Type** and select **Cloud Motion with vSphere Replication**. + Leave the **schedule failover** as is to make sure the migration happens immediately. +5. Click **Next** to validate your selection. + +![HCX05](https://s3-us-west-2.amazonaws.com/vmc-workshops-images/HCX/hcx05.jpg) + +1. Verify the validation is successful. +2. Click on **Finish** to migrate your virtual machine to VMware Cloud on AWS. + +### Check Migration Progress + +![HCX06](https://s3-us-west-2.amazonaws.com/vmc-workshops-images/HCX/hcx06.jpg) + +1. Click on **Menu**. +2. Click on **HCX**. + +![HCX07](https://s3-us-west-2.amazonaws.com/vmc-workshops-images/HCX/hcx07.jpg) + +Dashboard gives you the number of virtual machines migrated, in progress and scheduled. + +1. Click on **Migration** on the left side. + +![HCX08](https://s3-us-west-2.amazonaws.com/vmc-workshops-images/HCX/hcx08.jpg) + +1. Make note of the progress of the vMotion migration. +2. Click on the **Refresh** button to update the progress. + +![HCX09](https://s3-us-west-2.amazonaws.com/vmc-workshops-images/HCX/hcx09.jpg) + +While the migration is in progress lets look at the ping response. + +1. Click on the **Command Prompt** to return to the ping test. +2. Observe the ping test left running from a previous step and notice it hasn't dropped. + +**Note: Make sure the migration is successful before continuing on to the next step.** + +Once the virtual machine has been successfully migrated to VMware Cloud on AWS, lets take the same virtual machine and migrate it back to the on-prem vCenter. + +### Migrate Virtual Machine Back to On-Prem Datacenter + +We will use vMotion to migrate the virtual machine back to the on-prem vCenter. Please note that this is a serialized operation and depending on how many are being vMotioned back it could take some time to complete. + +![HCX010](https://s3-us-west-2.amazonaws.com/vmc-workshops-images/HCX/hcx010.jpg) + +1. Verify the virtual machine has been migrated to the SDDC in VMware Cloud on AWS. +2. Click on **Migrate Virtual Machines** button. + +![HCX011](https://s3-us-west-2.amazonaws.com/vmc-workshops-images/HCX/hcx011.jpg) + +1. Click on **Reverse Migration** checkbox to switch to the VMware Cloud on AWS vCenter. +2. Click on **Migrate** resource pool to display the migrated virtual machines. +3. Click on your **Student##**. +4. Click on **Specify Destination Folder** and select the **Migrate** folder. +5. Click on **Specify Destination Container** and select the **Migrate** resource pool. +6. Click on **Select Storage** and select the **vsanDatastore** datastore. +7. Click on **Select Migration Type** and select **vMotion**. +8. Click **Next** to validate your selection. + +![HCX012](https://s3-us-west-2.amazonaws.com/vmc-workshops-images/HCX/hcx012.jpg) + +1. Verify the validation is successful. +2. Click on **Finish** to migrate your virtual machine back to your on-prem vCenter. + +![HCX013](https://s3-us-west-2.amazonaws.com/vmc-workshops-images/HCX/hcx013.jpg) + +1. Make note of the progress of the vMotion migration. +2. Click on the **Refresh** button to update the progress. + +![HCX014](https://s3-us-west-2.amazonaws.com/vmc-workshops-images/HCX/hcx014.jpg) + +{% capture notice-2 %} +**Optional Exercises** +{% endcapture %} +
+ {{ notice-2 | markdownify }} +
+ +1. Click on the **Command Prompt** to return to the ping test. +2. Observe the ping test left running from a previous step and notice it hasn't dropped while migrating back to on-prem vCenter. +3. Use ctrl-c to cancel ping. + +### Other Migration Methods + +Feel free to try the other migration Types. Use the same virtual machine **Student##** and follow the same steps but instead of vMotion try **Bulk Migration** or **vMotion**. + +![HCX015](https://s3-us-west-2.amazonaws.com/vmc-workshops-images/HCX/hcx015.jpg) + +#### Cloud Motion with vSphere Replication + +This latest option provides zero downtime for workload mobility from source to Destination. First, the workload disks get replicated to the destination site. The replication is handled using the HCX built-in vSphere replication. This process is dependent on the amount of data and available network bandwidth. Once the data sync is complete the HCX switchover initiates a vMotion. The vMotion migrates the workload to the destination site and synchronizes only the remaining data (delta) and workload memory state. There is an option to schedule a maintenance window for the vMotion data sync swithcover otherwise it happens immediately. + +#### Bulk Migration + +Bulk Migration creates a new virtual machine on the destination site. This can either be on-premises or VMC and retains the workload UUID. Then it uses vSphere Replication to copy a snapshot of the workload from source to destination site while the workload is still powered on. In this case, a snapshot is a point of the time of the workload disk state, but not the traditional vSphere snapshot. The Bulk Migration is managed by the HCX interconnect cloud gateway proxy. During the data sync, there is no interruption to the workloads. The data sync is dependent on the amount of data and available bandwidth. There is an option to schedule a maintenance window for the switchover otherwise, the switchover happens immediately. Once the initial data sync completes, a switchover takes place (unless scheduled). The source site workloads are quiesced and shut down leveraging VMware Tools. If VMware Tools is not available, HCX will prompt you to force power off the workload(s) to initiate the switchover. During the switchover process, a delta sync occurs based on changed block tracking (CBT) to sync the changes since the original snapshot. The workloads on the destination site will begin to power on once the data sync is complete (including delta data changes). There are checks in place to ensure resources are available to power on the workloads. If a destination workload cannot power on due to resources, the source workload will get powered back on. + +#### vMotion "Live Migration" + +HCX supports the vMotion we know and love today. The workloads are migrated live with no downtime similar to Cloud Motion with vSphere Replication. vMotion should not be used to migrate hundreds of workloads or workloads with large amounts of data. Instead, use Cloud Motion with vSphere Replication or Bulk Migration. Usually, a vMotion network needs to be configured and routed to the target vSphere host, in this case, the vMotion traffic is handled by the HCX Interconnect cloud gateway for cross-cloud vMotion. vMotion through HCX encapsulates and encrypts all traffic from source to destination removing network complexity of routing to cloud. + +HCX has a built-in option to retain the workloads MAC address. If this option is not checked, the workloads will have a different MAC on the destination site. Workloads must be at compatibility (hardware) version 9 or greater and 100 Mbps or above of bandwidth must be available. With vMotion and bi-directional migration, it's important to consider Enhanced vMotion Compatibility (EVC). The good news here is HCX also handles EVC. The workloads can be migrated seamlessly and once rebooted will inherit the CPU features from the target cluster. This allows a cross-cloud vMotion between different chipset versions (e.g. Sandy Bridge to Skylake) but within the same CPU family (e.g. Intel). **Also, an important thing to note is vMotion is done in a serialized manner.** Only one vMotion occurs at a time and queues the remaining workloads until the current vMotion is complete. diff --git a/content/en/ced/VMware Cloud on AWS Labs/Working with your SDDC/_index.md b/content/en/ced/VMware Cloud on AWS Labs/Working with your SDDC/_index.md new file mode 100644 index 00000000000..6e898ffcbc4 --- /dev/null +++ b/content/en/ced/VMware Cloud on AWS Labs/Working with your SDDC/_index.md @@ -0,0 +1,738 @@ +--- +title: "Working with your SDDC" +linkTitle: "Working with your SDDC" +weight: 10 +description: > + In this lab we are going to start with looking at the basic tasks which you will perform in the VMware Cloud on AWS user interface when you are administering the platform. +--- + +## Viewing your SDDC + +![SDDC-Network-Login](https://s3-us-west-2.amazonaws.com/vmc-workshops-images/working-with-sddc-lab/sddc-login.jpg) + +Access VMware Cloud on AWS console using and use your assigned login credentials **ced##@vmware-hol.com**. + +After you login, you should see two single-node SDDC's in the user interface following the naming format Student-##. An SDDC is a fully deployed environment including vSphere, NSX, vSAN and vCenter Server. Deployment of a fully configured SDDC takes about 90 minutes so for the purposes of this lab, we have already deployed it for you. + +This SDDC is in the same state it would be if you have deployed it. + +Let's take a look at the SDDC properties. + +![SDDC-Network-01](https://s3-us-west-2.amazonaws.com/vmc-workshops-images/working-with-sddc-lab/sddc01.jpg) + +1. First identify your SDDC that is assigned to you (Student-##). +2. Click on **View Details** to open the SDDC properties. + +![SDDC-Network-02](https://s3-us-west-2.amazonaws.com/vmc-workshops-images/working-with-sddc-lab/sddc02.jpg) + +You will start with the Summary of the SDDC. There are a number of other tabs available as follows: + +1. **Support**: You can contact Support with your SDDC ID, Org ID, vCenter Private and Public IPs and the date of your SDDC Deployment. +2. **Settings**: Gives you access to your vSphere Client (HTML5), vCenter Server API, PowerCLI Connect, vCenter Server and reviews your Authentication information. +3. **Troubleshooting**: Allows you to run network connectivity tests to ensure all necessary access is available to perform select use cases. +4. **Add Ons**: Here you will find Add On services for your VMware Cloud on AWS environment like Hybrid Cloud Extension and VMware Site Recovery. +5. **Networking & Security**: Provides a full diagram of the Management and Compute Gateways. This is where you can configuration locgical networks, VPN's and firewall rules. We will cover this in more detail later. Click on **Networking & Security** to proceed to the next article to learn more about VMware Cloud on AWS Network and Security Configuration. + +## Create a Logical Network + +![SDDC-Network-03](https://s3-us-west-2.amazonaws.com/vmc-workshops-images/working-with-sddc-lab/sddc03.jpg) + +From the previous article, you should see the **Network & Security** information for the SDDC. +VMware Cloud on AWS allows you to quickly and easily create new logical network segments on demand. Let's create a new network segment in the SDDC. + +1. Click the **Networking & Security** tab, then click on **Segments** to show all of the existing network segments. +2. Click on **Add Segments** to create a new network segment. +3. Enter **Demo-Net** for the Name of the new network segment. +4. For the Gateway/Prefix Length enter **10.10.xx.1/24** (xx depicts your student number). This represents the default gateway of the network and the prefix length of the network. For more details on IP addressing see below. +5. For **DHCP**, click the down arrow and select **Enabled** to enable DHCP on the network. +6. Enter **10.10.xx.10-10.10.xx.200** for the **DHCP IP Range**. This is the range of IP addresses the DHCP server will grant to workloads attached to the network. +7. Click **Save** to save the logical network. + +**Note: Make sure you leave the default of Routed for Type and do not enter anything for the DNS suffix.** + +{{< alert title="Note - CIDR Notation" >}} + +CIDR notation is a compact representation of an IP address and its associated routing prefix. The notation is constructed from an IP address, a slash('/') character, and a decimal number. The number is the count of leading bits in the routing mask, traditionally called the network mask. The IP address is expressed according to the standards of IPv4 or IPv6. + +The address may denote a single, distinct interface address or the beginning address of an entire network. The maximum size of the network is given by the number of addresses that are possible with the remaining, least-significant bits below the prefix. The aggregation of these bits is often called the host identifier. + +For example: + +* 192.168.100.14/24 represents the IPV4 address 192.168.100.14 and its associated routing prefix 192.168.100.0, or equivalently, its subnet mask 255.255.255.0, which has 24 leading 1-bits. +* The IPV4 block 192.168.100.0/22 represents the 1024 IPV4 addresses from 192.168.100.0 to 192.168.103.255. +{{< /alert >}} + +## Verify Network Segment Configuration + +![SDDC-Network-04](https://s3-us-west-2.amazonaws.com/vmc-workshops-images/working-with-sddc-lab/sddc04.jpg) + +1. Verify the network segment was added correctly. Your information should match the highlighted area above. + +## Configure Firewall Rule for vCenter Access + +![SDDC-Network-05](https://s3-us-west-2.amazonaws.com/vmc-workshops-images/working-with-sddc-lab/sddc05.jpg) + +By default, all inbound firewall rules are set to Deny in VMware Cloud on AWS. In order to access vCenter server, we will need to configure a firewall rule allowing inbound access. + +**Note: In most enterprise environments, you would create VPN or Direct Connect VIF to allow limited access firewall rules to vCenter. In this environment, we will open it to any IP address on the internet which is not recommended.** + +1. Click on **Gateway Firewall** on the lefthand side of the screen. +2. If it is not already selected, click on **Management Gateway** to create a firewall rules that allow access to management components in the SDDC. +3. Click **Add New Rule** to add a new rule to the edge gateway. +4. For the **Name** enter **vCenter Inbound Rule**. +5. Click **Set Source** to define the source for the firewall rule. + +### Select the Firewall Rule Source + +![SDDC-Network-06](https://s3-us-west-2.amazonaws.com/vmc-workshops-images/working-with-sddc-lab/sddc06.jpg) + +1. Click the radio button next to **Any**. +2. Click **Save** to save the source information in the rule. + +### Configure Firewall Rule for vCenter Access (Continued) + +![SDDC-Network-07](https://s3-us-west-2.amazonaws.com/vmc-workshops-images/working-with-sddc-lab/sddc07.jpg) + +1. Click **Set Destination** to launch a new window to set the destination for the rule. + +### Select the Firewall Rule Destination + +![SDDC-Network-08](https://s3-us-west-2.amazonaws.com/vmc-workshops-images/working-with-sddc-lab/sddc08.jpg) + +1. Click the radio button next to **System Defined Groups**. +2. Select the checkbox next to **vCenter**. +3. Click **Save** to save the destination information in the rule. + +### Configure Firewall rule for vCenter Access (Contined) + +![SDDC-Network-09](https://s3-us-west-2.amazonaws.com/vmc-workshops-images/working-with-sddc-lab/sddc09.jpg) + +Continue configuring the vCenter Inbound Rule: + +1. Click box below **Services** and select **HTTPS (TCP 443)** to allow SSL access to the vCenter server. +2. Publish the rules by clicking **Publish** button to activate the firewall rule. + +vCenter should now be accessible from anywhere in the internet. in the next section, we will access vCenter HTML5 client to being configuring virtual machines. + +## Log into VMware Cloud on AWS vCenter + +![SDDC-vcenter-010](https://s3-us-west-2.amazonaws.com/vmc-workshops-images/working-with-sddc-lab/sddc010.jpg) + +The settings to connect to the vCenter server associated with the SDDC is available on the setting tab for the SDDC. Let's connect to the vCenter server and login. + +1. Click on the **Settings** tab for the SDDC we configured in the last lesson. +2. Click the **arrow** next to Default vCenter User Account to expose the login details. In this lab we will use the default cloudadmin@vmc.local user. +3. Copy the **password** by clicking the two squares next to the password. This will copy it to the consoles clipboard. +4. Click the **arrow** next to **vSphere Client (HTML5)** to expose the URL for vCenter. +5. Click the **URL** link to **open** the vSphere Client in another tab. + +**NOTE: If you experience any login issues below, you can click the two boxes next to the URL below to paste the URL into an incognito window. This should not be needed normally.** + +### Login to the vSphere Client (HTML5) + +To login to the vSphere Client (HTML5): + +![SDDC-vcenter-011](https://s3-us-west-2.amazonaws.com/vmc-workshops-images/working-with-sddc-lab/sddc011.jpg) + +1. In the User name field enter **cloudadmin@vmc.local** +2. Right-click in the **Password** field and paste the password copied in the previous step. +3. Click **Login**. + +### vSphere Client (HTML5) + +![SDDC012](https://s3-us-west-2.amazonaws.com/vmc-workshops-images/working-with-sddc-lab/sddc012.jpg) + +You are now logged in to your VMware Cloud on AWS vCenter Server as cloudadmin@vmc.local user. + +## Create Content Library + +Content libraries are container objects for VM templates, vApp templates, and other types of files like ISO images. + +You can create a content library in the vSphere Client (HTML5), and populate it with templates, which you can use to deploy virtual machines or vApps in your VMware Cloud on AWS environment or if you already have a Content Library in your on-premises data center, you can use the Content Library to import content into your SDDC. + +You can create two types of libraries: local or subscribed library. + +### Local Libraries + +You use a local library to store items in a single vCenter Server instance. You can publish the local library so that users from other vCenter Server systems can subscribe to it. When you publish a content library externally, you can configure a password for authentication. + +VM templates and vApps templates are stored as OVF file formats in the content library. You can also upload other file types, such as ISO images, text files, and so on, in a content library. + +### Subscribed Libraries + +You subscribe to a published library by creating a subscribed library. You can create the subscribed library in the same vCenter Server instance where the published library is, or in a different vCenter Server system. In the Create Library wizard you have the option to download all the contents of the published library immediately after the subscribed library is created, or to download only metadata for the items from the published library and later to download the full content of only the items you intend to use. + +To ensure the contents of a subscribed library are up-to-date, the subscribed library automatically synchronizes to the source published library on regular intervals. You can also manually synchronize subscribed libraries. + +You can use the option to download content from the source published library immediately or only when needed to manage your storage space. + +Synchronization of a subscribed library that is set with the option to download all the contents of the published library immediately, synchronizes both the item metadata and the item contents. During the synchronisation the library items that are new for the subscribed library are fully downloaded to the storage location of the subscribed library. + +Synchronization of a subscribed library that is set with the option to download contents only when needed synchronizes only the metadata for the library items from the published library, and does not download the contents of the items. This saves storage space. If you need to use a library item you need to synchronize that item. After you are done using the item, you can delete the item contents to free space on the storage. For subscribed libraries that are set with the option to download contents only when needed, synchronizing the subscribed library downloads only the metadata of all the items in the source published library, while synchronizing a library item downloads the full content of that item to your storage. + +If you use a subscribed library, you can only utilize the content, but cannot contribute with content. Only the administrator of the published library can manage the templates and files. + +### Access Content Libraries in the vSphere Client + +![SDDC013](https://s3-us-west-2.amazonaws.com/vmc-workshops-images/working-with-sddc-lab/sddc013.jpg) + +1. Click on **Menu** +2. Click on **Content Libraries** + +### Subscribe to an existing Content Library + +![SDDC014](https://s3-us-west-2.amazonaws.com/vmc-workshops-images/working-with-sddc-lab/sddc014.jpg) + +1. In your Content Library window, click the **+ (plus)** sign to add a new Content Library. + +![SDDC015](https://s3-us-west-2.amazonaws.com/vmc-workshops-images/working-with-sddc-lab/sddc015.jpg) + +1. Enter **VMC Content Library** for the Name of the library. +2. Click the **Next** button. + +![SDDC016](https://s3-us-west-2.amazonaws.com/vmc-workshops-images/working-with-sddc-lab/sddc016.jpg) + +1. Select the radio button next to **Subscribed content library.** +2. Under **Subscription URL** enter the following: +3. Leave the checkbox **unchecked** next to **Enable Authentication**. +4. Make sure **Download content** is set to **immediately**. +5. Click **Next** to continue. + +![SDDC017](https://s3-us-west-2.amazonaws.com/vmc-workshops-images/working-with-sddc-lab/sddc017.jpg) + +1. Click on **WorkloadDatastore** for content library storage. +2. Click the **Next** button. + +![SDDC018](https://s3-us-west-2.amazonaws.com/vmc-workshops-images/working-with-sddc-lab/sddc018.jpg) + +1. Click the **Finish** button. + +**Note: Depending the size and number of templates it can take a while to sync the content. This content library should only take a few minutes to synchronize.** + +## Create Linux Customization Specification + +When you clone a virtual machine or deploy a virtual machine from a template, you can customize the guest operating system of the virtual machine to change properties such as the computer name, network settings, and license settings. + +Customizing guest operating systems can help prevent conflicts that can result if virtual machines with identical settings are deployed, such as conflicts due to duplicate computer names. + +You can specify the customization settings by launching the Guest Customization wizard during the cloning or deployment process. Alternatively, you can create customization specifications, which are customization settings stored in the vCenter Server database. During the cloning or deployment process, you can select a customization specification to apply to the new virtual machine. + +Use the Customization Specification Manager to manage customization specifications you create with the Guest Customization wizard. + +### Navigate to Customization Specifications + +![SDDC019](https://s3-us-west-2.amazonaws.com/vmc-workshops-images/working-with-sddc-lab/sddc019.jpg) + +1. Click **Menu**. +2. Click on **Policies and Profiles**. + +### Add a new VM Customization Specification + +![SDDC020](https://s3-us-west-2.amazonaws.com/vmc-workshops-images/working-with-sddc-lab/sddc020.jpg) + +1. Click on **+ New** to add a new Linux Customization Specification. + +### Define Customization Specification Details + +![SDDC021](https://s3-us-west-2.amazonaws.com/vmc-workshops-images/working-with-sddc-lab/sddc021.jpg) + +1. Enter a **Name** for the Linux Customization Specification (**LinuxSpec** in this example). +2. Optionally enter a **Description**. +3. Select the radio button for **Linux** next to **Target guest OS**. +4. Click the **Next** button to continue. + +### Define Specification Naming Standard + +![SDDC022](https://s3-us-west-2.amazonaws.com/vmc-workshops-images/working-with-sddc-lab/sddc022.jpg) + +1. Click the radio button next to **Use the virtual machine name**. +2. For **Domain name** enter **corp.local**. +3. Click the **Next** button to continue. + +### Select Time Zone + +![SDDC023](https://s3-us-west-2.amazonaws.com/vmc-workshops-images/working-with-sddc-lab/sddc023.jpg) + +1. Select the appropriate **Area** by clicking on the arrow next to the dropdown field. +2. Select the appropriate **Location**. +3. Click the **Next** button to continue. + +### Select Network Settings + +![SDDC024](https://s3-us-west-2.amazonaws.com/vmc-workshops-images/working-with-sddc-lab/sddc024.jpg) + +1. Ensure the radio button next to **Use standard network settings for the guest operating system, including enabling DHCP in all network interfaces** is selected. +2. Click **Next** to continue. + +### Enter DNS Settings + +![SDDC025](https://s3-us-west-2.amazonaws.com/vmc-workshops-images/working-with-sddc-lab/sddc025.jpg) + +1. Enter **8.8.8.8** for the Primary DNS server. +2. Enter **8.8.4.4** for the Secondary DNS server. +3. For the DNS Search paths enter **corp.local**. +4. Click the **Add** button to add the corp.local domain to the DNS search path. +5. Click **Next** to continue. + +### Finish Creating the Customization Spec + +![SDDC026](https://s3-us-west-2.amazonaws.com/vmc-workshops-images/working-with-sddc-lab/sddc026.jpg) + +1. Review your entries and click on the **Finish** button. + +### Customization Spec Created + +![SDDC027](https://s3-us-west-2.amazonaws.com/vmc-workshops-images/working-with-sddc-lab/sddc027.jpg) + +Congratulations! You have successfully created your VM Customization Spec for your Linux VM's. You can also Export (Duplicate), Edit, Import, and Export a VM Customization Spec. + +## Deploy a Virtual Machine + +![SDDC-deploy-vm-013](https://s3-us-west-2.amazonaws.com/vmc-workshops-images/working-with-sddc-lab/sddc013.jpg) + +In the vSphere client window already opened, deploy a template from the content library: + +1. Click **Menu**. +2. Click on **Content Libraries**. + +### Select Content Library + +![SDDC-deploy-vm-028](https://s3-us-west-2.amazonaws.com/vmc-workshops-images/working-with-sddc-lab/sddc028.jpg) + +1. Click on the **VMC Content Library** that was previously synchronized. + +### Deploy a New Virtual Machine from Template + +![SDDC-deploy-vm-029](https://s3-us-west-2.amazonaws.com/vmc-workshops-images/working-with-sddc-lab/sddc029.jpg) + +1. Click the **Templates** tab to access the template synchronized in the content library. +2. Right-click on the **photoapp-u** template to expose the Actions menu. +3. Click on **New VM from This Template** to deploy a virtual machine from template. + +### Choose Virtual Machine Name and Location + +![SDDC-deploy-vm-030](https://s3-us-west-2.amazonaws.com/vmc-workshops-images/working-with-sddc-lab/sddc030.jpg) + +{% capture notice--custspec1 %} +**Note:** +Please skip adding the customization specification by not checking the box next to **Customize the operating system** +{% endcapture %} + +
+ {{ notice--custspec1 | markdownify }} +
+ +1. Enter **webserver01** for the virtual machine name. +2. Click the **arrow** next to SDDC-Datacenter to expose the folders available. +3. In VMware Cloud on AWS customer workloadds should be placed in the Workloads folder (or subfolder). Click the **Workloads** folder. +4. Select the checkbox next to **Customize the operating system**. +5. Click **Next** to continue. + +### Choose Virtual Machine Customization Specification + +![SDDC-deploy-vm-031](https://s3-us-west-2.amazonaws.com/vmc-workshops-images/working-with-sddc-lab/sddc031.jpg) + +We will utilize the customization specification created in a previous module to customize the operating system. + +1. Click to select the **LinuxSpec** customization specification. +2. Click **next** to continue. + +### Select Resource Pool + +![SDDC-deploy-vm-032](https://s3-us-west-2.amazonaws.com/vmc-workshops-images/working-with-sddc-lab/sddc032.jpg) + +1. Click the arrow next to **Cluster-1** to expose the resource pools available. +2. In VMware Cloud on AWS customer workloads should be placed in the **Compute-ResourcePool** (or subpool). Click **Compute-ResourcePool**. +3. Click **Next** to continue. + +### Review the Template Details + +![SDDC-deploy-vm-033](https://s3-us-west-2.amazonaws.com/vmc-workshops-images/working-with-sddc-lab/sddc033.jpg) + +Review the details of the template to be deployed. There may be a security warning displayed, but you can safely ignore that for the purpose of this lab. + +1. Click **Next** to continue. + +### Select Storage + +![SDDC-deploy-vm-034](https://s3-us-west-2.amazonaws.com/vmc-workshops-images/working-with-sddc-lab/sddc034.jpg) + +Each VMware Cloud on AWS SDDC will include two datastores in order to separate management and customer workloads. All customer workloads should be placed in the datastore named WorkloadDatastore. + +1. Click **WorkloadDatastore** to select the datastore where the virtual machine will be provisioned. +2. Click **Next** to continue. + +### Select the Network for the Virtual Machine + +![SDDC-deploy-vm-035](https://s3-us-west-2.amazonaws.com/vmc-workshops-images/working-with-sddc-lab/sddc035.jpg) + +We will use the logical network created in a previous exercise for these virtual machines. + +1. Click the arrow below **Destination Network** to select the network for the virtual machine. +2. Click **Demo-Net** to select the network previously created. +3. Click **Next** to continue. + +### Complete the Virtual Machine Deployment + +![SDDC-deploy-vm-036](https://s3-us-west-2.amazonaws.com/vmc-workshops-images/working-with-sddc-lab/sddc036.jpg) + +1. Review the information for accuracy and click **Finish** to deploy the virtual machine + +It should take a couple of minutes for the virtual machine to deploy. Continue to the next exercise to clone this virtual machine in order to create a second webserver. + +## Clone a Virtual Machine + +In this exercise, you will clone the virtual machine created in the previous exercise in order to create a second webserver. + +### Navigate to VMs and Templates + +![SDDC-clone-vm-037](https://s3-us-west-2.amazonaws.com/vmc-workshops-images/working-with-sddc-lab/sddc037.jpg) + +1. Validate the virtual machine deployment completed in the previous exercise by looking for the **Deploy OVF Template** task and verifying it is **Complete**. +2. If complete, click on **Menu**. +3. Click **VMs and Templates** to navigate to the VMs and Templates view. + +### Select and Power On Webserver01 + +![SDDC-clone-vm-038](https://s3-us-west-2.amazonaws.com/vmc-workshops-images/working-with-sddc-lab/sddc038.jpg) + +Before we can clone the web server, we will first need to power the VM on so the customization specification can execute: + +1. Click the **arrow** next to **SDDC-Datacenter** to expose the sub-folders. +2. Click the **arrow** next to workloads to expose **webserver01** +3. Click on the virtual machine **webserver01** +4. Click the **green arrow** in the top center of the screen to execte the power on operation. + +**Note: Please wait until the virtual machine is fully powered on before proceeding to the next step.** + +{% capture notice-3 %} +If the webserver doesn't connect to the network and does not receive an IP address from DHCP. Ensure the NIC is connected by right-clicking on **webserver01** and then **Edit Settings** and make sure the checkbox next to **Connected** is selected. You may need to repeat this step for the cloned VM **webserver02** +{% endcapture %} +
+ {{ notice-3 | markdownify }} +
+ +### Initiate Cloning of the Virtual Machine + +![SDDC-clone-vm-039](https://s3-us-west-2.amazonaws.com/vmc-workshops-images/working-with-sddc-lab/sddc039.jpg) + +We will now begin the process of cloning this virtual machine. + +1. Right-click on **webserver01** to expose the Actions menu. +2. Click on **Clone** to expose a secondary menu of options. +3. Click **Clone to Virtual Machine** to initiate the cloning wizard. + +### Select Virtual Machine Name and Folder + +![SDDC-clone-vm-040](https://s3-us-west-2.amazonaws.com/vmc-workshops-images/working-with-sddc-lab/sddc040.jpg) + +1. Next to **Virtual machine name** enter **webserver02**. +2. Click the **Workloads** folder for the virtual machine location. +3. Click **Next** to continue. + +### Select Virtual Machine Compute Resource + +![SDDC-clone-vm-041](https://s3-us-west-2.amazonaws.com/vmc-workshops-images/working-with-sddc-lab/sddc041.jpg) + +1. Click on **Compute-ResourcePool** to ensure it is selected for the target virtual machine. +2. Click **Next** to continue. + +### Select Virtual Machine Datastore + +![SDDC-clone-vm-042](https://s3-us-west-2.amazonaws.com/vmc-workshops-images/working-with-sddc-lab/sddc042.jpg) + +1. Click on **WorkloadDatastore** to ensure it is selected as the destination for the virtual machine. +2. Click **Next** to continue. + +{% capture notice--custspec %} +**Note:** +Please skip adding the customization specification by not checking the box next to **Customize the operating system** +{% endcapture %} + +
+ {{ notice--custspec | markdownify }} +
+ +### Select Cloning Options + +![SDDC-clone-vm-043](https://s3-us-west-2.amazonaws.com/vmc-workshops-images/working-with-sddc-lab/sddc043.jpg) + +We will now set the options for cloning. We will need to customize the operating system to change the server name and als power on the virtual machine after cloning is complete. + +1. Click the checkbox next to **Customize the operating system**. +2. Click the checkbox next to **Power on virtual machine after creation**. +3. Click **Next** to continue. + +### Choose the Virtual Machine Customization Specification + +![SDDC-clone-vm-044](https://s3-us-west-2.amazonaws.com/vmc-workshops-images/working-with-sddc-lab/sddc044.jpg) + +We will utilize the customization specification created in a previous exercise to customize the operating system. + +1. Click to select the **LinuxSpec** customization specification. +2. Click **Next** to continue. + +### Complete a Virtual Machine Deployment + +![SDDC-clone-vm-045](https://s3-us-west-2.amazonaws.com/vmc-workshops-images/working-with-sddc-lab/sddc045.jpg) + +1. Review the information for accuracy and click **Finish** to clone the virtual machine. + +It should take a couple of minutes fort the virtual machine to clone. Continue to the next exercise to learn about securing workloads in VMware Cloud on AWS. + +{% capture notice-4 %} +If the webserver doesn't connect to the network and does not receive an IP address from DHCP. Ensure the NIC is connected by right-clicking on **webserver01** and then **Edit Settings** and make sure the checkbox next to **Connected** is selected. You may need to repeat this step for the cloned VM **webserver02** +{% endcapture %} +
+ {{ notice-4 | markdownify }} +
+ +## Testing connectivity between the Virtual Machines + +In this exercise we will test the connectivity between webserver01 and webserver02, which we created in the previous exercises. + +### Open Console to Webserver01 + +![SDDC-test-vm-046](https://s3-us-west-2.amazonaws.com/vmc-workshops-images/working-with-sddc-lab/sddc046.jpg) + +We need to open a console session to webserver01 to validate it can communicate with webserver02. + +1. In the vSphere Client (HTML5) click on Webserver01 to bring it into focus. +2. Click the black box below Summary in the middle of the screen. This will attempt to launch a console session but it may fail because the pop-up was blocked. If this occurs follow steps 3-6, otherwise proceed to the next section. +3. Click the icon with the small red x in the Chrome address bar to launch to pop-up blocker dialog. +4. Click the radio button next to Always allow pop-ups from +5. Click the Done button. +6. Return to the black box below the Summary and click it again. The console session should launch in a new tab. + +### Find the IP Address for Webserver02 + +![SDDC-test-vm-047](https://s3-us-west-2.amazonaws.com/vmc-workshops-images/working-with-sddc-lab/sddc047.jpg) + +Before we can test connectivity between the two servers, we need to find the IP address of webserver02. + +1. Click the **Chrome Tab** of the vSphere Client (HTML5) to bring it back into focus. +2. Click on the virtual machine **webserver02**. +3. Take note of the **IP Address** for webserver02 in the middle of the screen. This will be needed in the next step. +4. Click the **Chrome Tab** of the console session for webserver01 to bring it back into focus. + +### Login and Ping Webserver02 + +![SDDC-test-vm-048](https://s3-us-west-2.amazonaws.com/vmc-workshops-images/working-with-sddc-lab/sddc048.jpg) + +Now that we have to IP address for Webserver02 let's setup a continuous ping to the server to verify communication. + +Before beginning click anywhere inside the console window to bring it into focus + +1. At the login prompt enter **root** and press Enter. +2. At the password prompt enter **VMware1!** and press Enter. +3. At the console prompt, enter **ping 10.10.xx.xxx** and press Enter. The third octet is based on student number and the last octet of the IP address in most cases it will be 101, but verify this in your configuration. +4. Verify the pings are successful. + +**NOTE: Please leave this ping and console Window open for the next lesson. We will revisit it to verify the web servers can no longer communicate.** + +Congratulations! You have now deployed two web servers in VMware Cloud on AWS SDDC and verified they can communicate with each other. In the next lesson we will create firewall rules to block the servers from communicating with each other and also make webserver02 accessible from the internet. + +## Configuring VMware Cloud on AWS Advanced Network Services + +VMware Cloud on AWS Advanced Network Services is now available for new SDDC deployments. + +### Distributed Firewall in VMware Cloud on AWS Advanced Network Services + +![DFW-01](https://s3-us-west-2.amazonaws.com/vmc-workshops-images/working-with-sddc-lab/dfw01.jpg) + +Using VMware Cloud on AWS Advanced Network Services, users have the capability to implement micro-segmentation with Distributed Firewall. Granular security policies can be applied at the VM-level allowing for segmentation within the same L2 network or across separate L3 networks. This is shown in the diagram above. + +All networking and security configuration is now done through the VMware Cloud on AWS console via the Networking & Security tab, including creating network segments. This provides ease of operations and management by having all networking and security access through the console. + +### Distributed Firewall + +![DFW-02](https://s3-us-west-2.amazonaws.com/vmc-workshops-images/working-with-sddc-lab/dfw02.jpg) + +From the above screenshot, you can see, in addition to the ability to create multiple sections, users can organize Distributed Firewall rules into groups (Emergency Rules, Infrastructure Rules, Environment Rules, and Application Rules. The rules are hit from the top-down. + +### Security Groups + +![DFW-03](https://s3-us-west-2.amazonaws.com/vmc-workshops-images/working-with-sddc-lab/dfw03.jpg) + +In addition to the new Distributed Firewall capabilities, grouping objects can now be leveraged within security policies. Security groups support the following grouping criteria/constructs: + +* IP Address +* VM Instance +* Matching criteria of VM Name +* Matching Criteria of Security Tag + +As shown above, Security Groups can be created under Workload Groups or Management Groups. Workload Groups can be used in DFW and CGW firewall policies and Management Groups can be used under MGW firewall policies. Management Groups only support IP addresses as these groups are infrastructure based. Predefined Management Groups groups already exist for vCenter, ESXi hosts, and NSX Manager. Users can also create groups here based on IP address for on-prem ESXi hosts, vCenter, and other management appliances. + +### View VM's in a Security Group + +![DFW-04](https://s3-us-west-2.amazonaws.com/vmc-workshops-images/working-with-sddc-lab/dfw04.jpg) + +Here you can see we have deployed some VMs in vCenter and you can see the VMs in inventory within the console. Additionally, we have tagged the VMs with Web, App, and DB Security Tags respectively. + +### Tagging Virtual Machines + +![DFW-tag-05](https://s3-us-west-2.amazonaws.com/vmc-workshops-images/working-with-sddc-lab/dfw05.jpg) + +Through the VMware Cloud on AWS console we can apply security tags to virtual machines and then group them. + +We will now switch back to the VMware Cloud on AWS console. + +1. Click on the **VMware Cloud on AWS Chrome tab** and login with the information you were provided if your session has expired. +2. Click on **View Details** to access the details for the SDDC. + +### Edit Tags for Webserver01 + +We will now begin tagging the virtual machines with security tags. + +![DFW-tag-06](https://s3-us-west-2.amazonaws.com/vmc-workshops-images/working-with-sddc-lab/dfw06.jpg) + +1. Click on the **Networking & Security** tab to access the networking configuration. +2. On the left-hand side of the screen click on **Groups**. +3. Under Groups, click on **Virtual Machines** to access the virtual machines that are part of the SDDC. +4. Locate **webserver01** and click the three vertical dots and click **Edit**. + +### Add Security Tag for Web + +![DFW-tag-07](https://s3-us-west-2.amazonaws.com/vmc-workshops-images/working-with-sddc-lab/dfw07.jpg) + +1. Under Tags, enter **Web** for webserver01. +2. Click **Save** to commit the changes. + +### Edit Tags for Webserver02 + +![DFW-tag-08](https://s3-us-west-2.amazonaws.com/vmc-workshops-images/working-with-sddc-lab/dfw08.jpg) + +We will now tag Webserver02 with the same Web tag. We will use this to create a group for both web servers. + +1. Locate **webserver02** and click the three vertical dots and click **Edit**. + +### Add Security Tag for Webserver02 + +![DFW-tag-09](https://s3-us-west-2.amazonaws.com/vmc-workshops-images/working-with-sddc-lab/dfw09.jpg) + +1. Under Tags, Enter **Web** for webserver02. +2. Click **Save** to commit the changes. + +### Creating a Dynamic Group + +![DFW-tag-010](https://s3-us-west-2.amazonaws.com/vmc-workshops-images/working-with-sddc-lab/dfw010.jpg) + +Groups can be used in VMware Cloud on AWS Advanced Network Services to group virtual machines and simplify rulebase configuration. In this exercise we will group the two webservers into a group and then create a firewall rule to block communication between them. In a properly architected traditional application there is usually no need for servers in the web tier to communicate. + +We will now create a group of web servers based on the dynamic security tag we applied earlier. + +1. Click on **Workload Groups**. +2. Click on **Add Group**. +3. Under Name enter **Web** for the name of the group. +4. Under Member Type, click the **drop down** and select **Membership Criteria**. +5. Under Members click **Set Membership Criteria**. + +### Add Membership Criteria + +![DFW-tag-011](https://s3-us-west-2.amazonaws.com/vmc-workshops-images/working-with-sddc-lab/dfw011.jpg) + +We will now add the criteria to group machines based on security tag. + +1. Click on **+ Add Criteria**. +2. Under Property, click the **drop-down** and select **Tag**. +3. Under Value, enter **Web**. +4. Click **Save** to continue. + +### Save Workload Group Changes + +![DFW-tag-012](https://s3-us-west-2.amazonaws.com/vmc-workshops-images/working-with-sddc-lab/dfw012.jpg) + +1. Click **Save** to commit the changes. + +### View Members + +![DFW-tag-013](https://s3-us-west-2.amazonaws.com/vmc-workshops-images/working-with-sddc-lab/dfw013.jpg) + +We can now validate the group membership is working as expected. + +1. Click the **three vertical** dots next to the Web group. +2. Click on **View Members** to show the current members of the dynamic group. + +### Validate Group Members + +![DFW-tag-014](https://s3-us-west-2.amazonaws.com/vmc-workshops-images/working-with-sddc-lab/dfw014.jpg) + +1. Validate that both **webserver01** and **webserver02** appear in the group membership. If they do not, go back and verify there are no typos. +2. Click **Close**. + +Now that this group is created, you can easily add new members by simply applying a security tag. + +### Create a Firewall Rule Section + +![DFW-tag-015](https://s3-us-west-2.amazonaws.com/vmc-workshops-images/working-with-sddc-lab/dfw015.jpg) + +Now that we have created our dynamic group, let's create a firewall rule to block access between the web servers. + +1. Click **Distributed Firewall** on the left-hand side of the screen. +2. Click **Application Rules**. +3. Click **Add New Section** to create a new section for the rule. This functionality allows you to group rules logically to make operating the environment simpler. +4. Under Name, enter **Web Tier**. +5. Click **Publish** to commit the changes. + +### Add Firewall Rule + +![DFW-tag-016](https://s3-us-west-2.amazonaws.com/vmc-workshops-images/working-with-sddc-lab/dfw016.jpg) + +Now that we have the section created, we can now add a firewall rule. + +1. Click the **arrow** next to the Web Tier section. +2. Click **Add New Rule** in the menu above the rules. +3. Under Name, enter **Block Web To Web**. +4. Under Action, click the **drop-down** and select **Drop**. +5. Under Sources click **Any**. + +### Select Source + +![DFW-tag-017](https://s3-us-west-2.amazonaws.com/vmc-workshops-images/working-with-sddc-lab/dfw017.jpg) + +1. Click the **checkbox** next to Web. +2. click **Save** to commit the changes to the rule. + +### Add Destination + +![DFW-tag-018](https://s3-us-west-2.amazonaws.com/vmc-workshops-images/working-with-sddc-lab/dfw018.jpg) + +1. Under Destinations click **Any**. + +### Select Destination + +![DFW-tag-019](https://s3-us-west-2.amazonaws.com/vmc-workshops-images/working-with-sddc-lab/dfw019.jpg) + +1. Click the **checkbox** next to Web. +2. click **Save** to commit the changes to the rule. + +### Publish Firewall Rule + +![DFW-tag-020](https://s3-us-west-2.amazonaws.com/vmc-workshops-images/working-with-sddc-lab/dfw020.jpg) + +1. Click **Publish** to commit the rule and begin blocking traffic between the web servers. + +### Testing the Distributed Firewall Rule + +![DFW-tag-021](https://s3-us-west-2.amazonaws.com/vmc-workshops-images/working-with-sddc-lab/dfw021.jpg) + +You should still have the console session opened from the previous exercise to webserver01 and it should be running a ping command. + +1. Click the Chrome Tab for **webserver01**. +2. Ping webserver02 IP address 10.10.xx.xxx. + +The pings should have stopped responding meaning that the distributed firewall rules have been correctly applied. This simple demonstration should give you an idea of the power of the distributed firewall. + +## Conclusion + +In this module, we explored the setup of configuration of a VMware Cloud on AWS SDDC including utilizing the content library, deploying virtual machines, modifying firewall rules and working with virtual machines. + +## Single Host SDDC + +If you like the Lab and want to continue experiment and test the VMware Cloud on AWS capabilities, please scan the QR Code below to start your 1-Host experience. + +![DFW-tag-022](https://s3-us-west-2.amazonaws.com/vmc-workshops-images/working-with-sddc-lab/dfw022.jpg) + +You have completed this module. + +Please add comments below if you would like to give feedback on this exercise. \ No newline at end of file diff --git a/content/en/ced/VMware Cloud on AWS Labs/_index.md b/content/en/ced/VMware Cloud on AWS Labs/_index.md new file mode 100644 index 00000000000..8c75f78a51b --- /dev/null +++ b/content/en/ced/VMware Cloud on AWS Labs/_index.md @@ -0,0 +1,34 @@ +--- +title: "Workshop Manual" +linkTitle: "Workshop Manual" +date: 2020-03-13 +weight: 20 +description: > + The VMware Cloud on AWS workshop is your chance to test drive this unique solution in the market place in a classroom session with VMware Cloud on AWS experts and work through hands on lab exercises to understand and gain experience with the solution to understand how it can be used in your business. + + The class is a one-day workshop in which we will set up a VMware SDDC environment in AWS, work through common administration activities of the platform and explore integrations with native AWS services and vRealize Suite solutions including vRealize Automation and vRealize Operations. +--- + +## Workshop Details + +### Horizon Access + +At the start of the workshop, your instructor will have given you logon details to use in a VMware Horizon session. In order to access details regarding how to connect to Horizon, you will have been directed to the following link to [Student Access Instructions](https://vmc-field-team.github.io/student-access/) + +### VMware Cloud on AWS Org Access + +You will also receive details from your instructor regarding how to access your VMware Cloud on AWS organization where you will be able to use and configure your SDDC solution in AWS. Your instructor will inform you of these details when you start the lab exercises. + +### Workshop Urls + +Below are a list of the URLs you will use over the course of the lab exercises. + +VMware Cloud on AWS Login + +Swagger API Interface + +AWS Console + +## Labs + +Listed below are the lab exercises which are available as part of this experience day event. Please ensure that you complete the **Working with your SDDC** lab, the **AWS Integration** lab relies on sections of the Working with your SDDC lab to be completed. Please note that you will not be able to complete all of the content. For this reason we typically state that the first 3 labs listed below are mandatory lab content. After those labs are complete you can choose your own path. Please enjoy these labs, if you have any questions, please do not hesitate to speak to the VMware Cloud on AWS specialists in the room with you. diff --git a/content/en/ced/_index.md b/content/en/ced/_index.md new file mode 100644 index 00000000000..e40f9b17f7f --- /dev/null +++ b/content/en/ced/_index.md @@ -0,0 +1,9 @@ +--- +title: "Customer Experience Day" +linkTitle: "Customer Experience Day" +date: 2020-03-13 +weight: 20 +menu: + main: + weight: 10 +---