Category Archives: Networking

Day 2 VMware Cloud on AWS SDDC Scale Up…in Four Clicks or Keystrokes!!!!!

As customers continue to build their cloud strategy with a combination of VMware products and services, one thing has been heard loud and clear…”Make Day 2 Operations easy!” As customers continue to move and increase their footprint in VMWonAWS, the SDDC’s demand for management resources will increase. While the VMC Sizer is a great tool to help understand the recommended size of an new SDDC, there will be times when SDDC growth is too big for the management VMs to handle after the SDDC is deployed…kind of like the time when Sheriff Brody realized he was going to need something much larger to catch a Great White shark.

When an SDDC is created, two resource pools are created. One named “Compute- ResourcePool” and one named “Mgmt-ResourcePool”. Mgmt-ResourcePool (MRP) is VMware managed and is comprised of vCenter, 2 NSX Edges, and 3 NSX Managers by default. In order ensure uptime and performance, all resources in this MRP have reservations assigned so these appliances always have what they need.

For more information, Product Manager Vish Kalsi wrote a quick blog on choosing the correct SDDC deployment. In short, medium management appliances require 34 vCPU and 116GB memory to run vCenter, NSX Manager and other management appliances. Large management appliances require 68 vCPU and 240GB memory. Large SDDCs are ideal for addressing a larger density of workloads . Large SDDCs support enhanced network throughput on the NSX Edge appliance. VMware recommends large-sized deployments with more than 30 hosts or 3000 VMs, or if the resources (CPU or memory) are oversubscribed in the management cluster.

Previously, a VMware support ticket needed to be opened in order to convert a regular aka medium SDDC to large. This method was obviously not preferred by most as this is the opposite of a self-service cloud operation model. However, begging with VMWonAWS 1.10, you can now upscale your SDDC to large with just a few clicks….or keystrokes!!!

Start by logging into the Cloud Services Portal, select your SDDC and go to Settings > SDDC > Management Appliance. You will see your SDDC as well as the “Upsize” option listed as seen below.

Upsize Option within the Cloud Services Portal

The only thing left to do is accept the addition of hosts if necessary and understand that you can never go back to a regular size SDDC. Once Upsize is selected, the process takes about 2 hours to complete and you will lose connectivity. It is recommended to do this during a maintenance window.

Once complete, the Management appliances will reflect as a “Large”

Once, in vCenter, you will see that the NSX Edges have gone from 4 CPU x 8 GB RAM to 8 CPU x 32 GB RAM and vCenter has gone from 8 CPU x 28 GB RAM to 16 CPU x 37 GB RAM (only 12 of the 16 CPUs are reserved in this configuration). You can check the before and after in the VM summary as seen below.

Regular SDDC vCenter
Large SDDC vCenter

Now that the SDDCs have been upscaled, it’s onto bigger and better things for your VMWonAWS SDDC!

Deploying a VMware Cloud on AWS SDDC End to End

For those of you who are ready to deploy your first Software Defined Data Center (SDDC) on VMware Cloud on AWS, there is a little bit more than meets the eye when it comes to the initial deployment. As a part of the VMware TAM Lab series, I demonstrate how to deploy an SDDC from start to finish, including the configuration of the VPC in AWS.

**SHAMELESS PLUG** – Subscribe to the TAM Lab YouTube channel. We are covering all VMware Technologies and use cases….including how to go about building your own home lab. Check it out!!!

Dive in!!!!! Learning all about VMware Cloud on AWS and HCX

Lately, I’ve been asked by peers and customers alike “How can I learn more about VMware Cloud on AWS?!” Many of us are finding ourselves in front of screens much more than normal these days so what better way to fill in some time gaps than by learning more about VMware Cloud on AWS and HCX?! While search engines are helpful, I hope my “definitive list” helps!!! If you need more, feel free to reach out!!! Happy Learning!!!

VMware Cloud on AWS

YouTube

VMware Cloud on AWS Customer Success YouTube Channel

VMware Cloud YouTube Channel

VMware Cloud on AWS Blogs

Nico Vibert – https://nicovibert.com/

Gilles Chekroun – http://www.gilles.cloud/

Ryan Kelly – http://www.vmtocloud.com/

William Lam – https://www.virtuallyghetto.com/

Tom Twyman – https://occasional-it.com/

Dustin Spinhirne – https://dspinhirne.github.io/vmcbook/

VMware Cloud Blog – https://cloud.vmware.com/community/blog/

Community Sites

VMware Cloud on AWS Blog Community – https://cloud.vmware.com/community/vmware-cloud-on-aws/

VMTN Forum –https://communities.vmware.com/community/vmtn/vmc-on-aws/overview

VMware Cloud on AWS VMUG- https://community.vmug.com/communities/community-home169?CommunityKey=df5b4c52-4f7b-48dc-b5ad-ea0be799e128

Documentation

VMware Cloud on AWS Sizer and Workload Profiles – https://vmc.vmware.com/sizer/workload-profiles

VMware Cloud on AWS Documentation – https://docs.vmware.com/en/VMware-Cloud-on-AWS/index.html

Configuration Maximums – https://docs.vmware.com/en/VMware-Cloud-on-AWS/services/com.vmware.vmc-aws-operations/GUID-10A0804B-04F4-4B8A-9EBA-85169F533223.html

Getting Started – https://docs.vmware.com/en/VMware-Cloud-on-AWS/services/vmc-on-aws-getting-started.pdf

Operations Guide – https://docs.vmware.com/en/VMware-Cloud-on-AWS/services/vmc-aws-operations.pdf

Feature Walkthrough – https://featurewalkthrough.vmware.com/t/vmware-cloud-on-aws/

Hands on Labs

HOL-2052-01-ISM – VMware Horizon on VMware Cloud on AWS – https://labs.hol.vmware.com/HOL/catalogs/lab/6542

HOL-2087-01-HBD – VMware Cloud on AWS – Getting Started – https://labs.hol.vmware.com/HOL/catalogs/lab/6593

HOL-2087-91-HBD – VMware Cloud on AWS – Lightning Lab- https://labs.hol.vmware.com/HOL/catalogs/lab/6053

Hybrid Cloud Extension (HCX)

Blogs

Gabe Rosas – https://hcx.design/ THIS IS A ONE STOP SHOP FOR HCX!!!!!

Emad Younis – https://emadyounis.com/

Communities

https://cloud.vmware.com/community/vmware-hcx/

Documentation

HCX Overview – https://docs.vmware.com/en/VMware-HCX/services/user-guide/GUID-A7E39202-11FA-476A-A795-AB70BA821BD3.html

Hands on Labs

HOL-2081-01-HBD – VMware HCX – Getting Started with Cross-Cloud Mobility- https://labs.hol.vmware.com/HOL/catalogs/lab/6352

NSX Inventory Groups and Memberships to Manage Edge Firewall Rules in VMware Cloud on AWS

I have been using this feature of NSX heavily as of late so I wanted to highlight the power and flexibility of inventory groups that allow you to configure firewall rules that best fit your organization. The grouping of VMs and network services within VMware Cloud on AWS allows you put VMs that have common characteristics such as databases, web servers, operating systems, IP addresses and tags together to more easily publish firewall rules. By default, VMware Cloud on AWS creates two primary management groups and a service inventory when the SDDC is created. The two “parent groups” as I will call them are the Management Group and Workload Group respectively. The Management groups are system defined groups of infrastructure components such as ESX hosts, vCenter, NSX Manager or any other management appliances such as HCX. Workload groups are user defined groups of Virtual Machines or IP addresses.

Network and Security Inventory Groups

As you can see above, I added sub groups to the Workload Group based on function (Web, SQL, etc.). Recently, I have been testing the Membership Criteria option as this feature leverages tags and can also group based on Virtual Machine names that contain or start with a defined string. To add a new group, select Add Group, name your group, and then choose one of three membership types, Virtual Machine, IP Address or Membership Criteria. For this example, I used Membership Criteria. Once Membership Criteria is selected, pick the member VMs based on one of the two criteria (VM Name or Tag). For VM name you can choose contains or equals to categorize your VM grouping. The tag criteria can only be leveraged by having the tag name be equal to the VM(s) that is defined. In order to leverage the tag membership criteria, the the VM must be already tagged.

**Public Service Announcement** vCenter Tags and Attributes are NOT manifest in Networking & Security in the SDDC. These tags can only be added via Virtual Machines under Networking & Security > Inventory > Groups > Virtual Machines. Right click on the VM, select Edit and add your tag.

For the sake of this blog, I have created several VMs with different names but the same tag to show how tagging is leveraged.

VMs with their respective tags

Once VMs are tagged correctly, verify tagging is working by going to the Workload Groups by selecting the group > View Members.

Web Server members based on tags.

Now that VMs are properly grouped and tagged, Compute Gateway rules can now be configured and published. Go to Networking & Security > Compute Gateway > Add New Rule > Name the rule and select your source and destination. You should see your newly created group in the selection.

To verify that the rule is applied correctly, go to Networking & Security > Inventory > Groups > Workload Groups > Select the group that was added to the edge firewall rule > Select View Reference.

Below is a demo showing how VMs (tagged “Web”) on different Network segments can all access the internet with one rule.

Refer to the Networking & Security Guide what was updated on January 27,2020. Lastly, if you want to see how to leverage the Distributed Firewall (DFW) to protect 3 Tier Applications be sure to check out Michael Armstrong’s latest blog!!!