HOL- HBD-1482 - VMware Hands
Contents
1. Configure Services hol de1 vpe1 3 g x DHCP NAT Firewall Static Routing VPN Load Balancer Rules can be added to the Firewall ta allow ar deny specific network traffic The order ofthese rules can be changed by selecting one ar mare rules dragging and E e desired location in the list The order of any selected rules is preserved after dropping them into a different location within the list I Enable firewall Deny Allow Log Applicable to trattic that does not match the rules in the list Rule Id Source Destination Protocol Enabled Adding Source 1 Please fill in the information as it appears in the screen with the following information Name Web Production Source 192 168 109 2 Source port 443 you must enter this port id in Destination 10 0 1 11 HOL HBD 1482 Page 114 HOL HBD 1482 Destination port 443 you must enter this port id in Protocol TCP Click OK Add Firewall Rule go IY Enabled Mame Web Production oat SOUrCE 192 168 109 2 ui Valid values can be IP address CIDR IP range any internal and external auurce port 445 Destination 10 0 1 114 os Valid values can be IP address CIDR IP range any internal and external Destination port M Protocol Tee 7 Actian v Allow Deny m Log network traffic far firewall rule HOL HBD 1482 Page 115 HOL HBD 1482 Adding Firewall Services Click Add Configure Services hol2. Module 3 Architecture Diagram Oiodule 3 Architecture Diagram Local Edge Gateway 20 vCloud Air Gateway LocalID 192 168 110 102 RER Local ID 192 168 220 102 e Local Endpoint 192 168 110 102 Local Endpoint 192 168 220 102 e Local Subnet 10 0 1 0 24 Local Subnet 192 168 109 0 24 amp Peer ID 192 168 220 102 a Peer ID 192 168 110 102 Peer Endpoint 192 168 220 102 Peer Endpoint 192 168 110 102 Peer Subnets 192 168 109 0 24 Peer Subnets 10 0 1 0 24 192 168 220 102 I 1 192 168 109 1 hol dc1 vpc1 3 default routed network 192 168 109 0 24 Prod Local Network 10 0 1 0 24 V N Traffic Ap pP roduction DB P roduction internet Traffic Web_P roduction IP 10 0 1 11 IP 10 0 1 12 IP 192 168 109 2 HOL HBD 1482 Page 83 HOL HBD 1482 Configuring VPN tunnel between the Local Data Center and VMware vCloud Air In this lab we will configure a VPN connection between the local Data Center and VMware vCloud Air In the second part of this module we will change the firewall configuration between our two sites This gives us the opportunity to test the most important part of any Data Center SECURITY Let s begin Launching Firefox Double click on the Mozilla Firefox icon on the desktop Recycle Bin Mozilla Firefox HOL HBD 1482 Page 84 HOL HBD 1482 Logging into vCloud Air Click the Sign in button as th
3. HOL HBD 1482 Page 127 HOL HBD 1482 Adding Source 2 Click the symbol again in order to add the second source Edge Gateways Edge Gateways 41 vce hol sitea Settings Statistics Configure Firewall DHCP Load Balancer This rule set has unsaved changes Click an Publish Changes button to start deploying db X f Generated rules are currently shown Hide rules Search Ma Hame Type Source Destination Semice e 1 firewall Internal e vse any any e Ipsec Internal IP internal ipset ipse JF internal ipset ipse 3 internal applica Fe al LE internal ipset ipse F internal ipset ipse L internal applica Qa Default Rule Default any any any HOL HBD 1482 Page 128 HOL HBD 1482 Adding IP Addresses Local Data Center The configuration window will appear Notice that our previous name appears on the top of the screen In order to add the configuration please select the New IP Addresses option Edge Gateways Edge Gateways vce hol sitea il settings Statistics Configure Firewall HTE Load Balancer This rule set has unsaved changes Click on Publish Changes button to start deploying waes oo ap LL X j Ho Mame Destination ei firewall bs any P internal ipset high4vailability fw 2 Ipsec F internal ipset ipse E p UN LEJ internal ipset dns fw F internal ipset ipse LF internal ipset
4. Internal applicatn Qa Default Rule Default any any any IP internal ipset iose Adding IP Addresses As we did in the previous steps we need to add the new IP Addresses HOL HBD 1482 Page 125 HOL HBD 1482 Click the New IP Addresses link Edge Gateways Edge Gateways Load Balancer This rule set has unsaved changes Click on Publish Changes button to start deploying aae 1L ap ip X j Mo Hame Destination i firewall ae any LF internal ipset highAvailability fw E e z2 Ipsec F internal ipset ipse IP 1 E LP internal ipset dns fw Gq internal ipset ipse LP internal ipset ipsec fw localips LF internal ipset ipsec fw peerips m z J P Default LF internal ipset Izvpn fw localips LP internal ipset sslypn Tw serverip EIEL aa a i P ermpty ipset tw New IP Addresses k Advanced options OK Cancel HOL HBD 1482 Page 126 HOL HBD 1482 Web Production IP Enter in the following information Name Web Production IP Addresses 192 168 109 2 Click OK r Add IP Addresses X IP addresses grouping must be defined under the global scope or under the scope of a datacenter or a partgroup IP address grouping defined under the global scope is visible at all datacenters and portgroups Scope vce hal sitea M Name Or Description IP Addresses 192 168 109 2
5. vmware vCloud Hybrid pod Dashboard Virtual Machines e ctenays m Data Frotection HOL HBD 1482 Page 16 HOL HBD 1482 HOL DC1 VPC1 3 Gateway Here we can see the vCloud Networking and Security Edge gateway instance deployed for use in the HOL DC1 VPC1 3 vDC DOUBLE CLICK HOL DC1 VPC1 3 GATEWAYS Showing 1 of 1 HOL DC1 VPC1 3 GATEWAY IP 192 168 220 102 CONFIGURATION 4 compact HIGH AVAILABILITY Enabled NETWORKS 1 Public IPs 3 1 USED 2 FREE HOL HBD 1482 Page 17 HOL HBD 1482 Accessing the vCloud Director views Click the Manage in vCloud Director button This will automatically log you into vCloud Director GATEWAYS gt GATEWAY DETAILS HOL DC1 VPC1 3 ON HOL DC1 VPC1 3 NAT Rules Firewall Rules Networks Public IPs Showing 1 of 1 Add One d Manage in vCloud Director HOL DC1 VPC1 3 DEFAULT ROUTED TYPE GATEWAY GATEWAY hol dci vpci 3 192 168 220 102 24 DEFAULT GATEWAY IP 192 168 109 1 24 VMs 1 Connected 0 ON PUBLIC IPs 3 Allocated 1 Used 2 Free IP RANGE 192 168 109 2 192 168 109 100 HOL HBD 1482 Page 18 HOL HBD 1482 HOL DC1 VPC1 3 Networks via vCloud Director The image above shows you the networks that are available for the HOL DC1 VPC1 3 Organization You will notice that there are two networks available here as well In addition to the two default networks routed and isolated that VMware vCloud Air creates you
6. Edge Gateways vce hol sitea SSL VPN Plus Settings Load Balancer IPSec VPN Service Status Enabled U Disable Global configuration status Not Configured Change Logging Policy Enable logging Log level INFO e7x vo ef Mame Local Endpoint Local Subnets Peer Endpoint Feer Subnet Status Channel Status Tunnel Status Local Datacenter ta 192 1568 110 102 10 0 1 0 24 zc pu aps BET RH cs 192 158 109 0 24 yf yf 1 UF 0 DOW HOL HBD 1482 Page 123 HOL HBD 1482 Add rule Hit the green symbol Note that already highlighted rule 4 and therefore a new rule will be added above it Edge Gateways Edge Gateways 4 vce hol sitea Settings Statistics Configure Firewall DHCP Load Balancer ci x t Generated rules are currently shown Hide rules Mame Type Source Destination Ipsec Internal F internal ipset ipse LIP internal ipset ipse ital ee E iral PAR NO nee 3 Default Rule Default any any Firewall Rule Configuration Local Data Center Click the top right corner of the Name column in order to add the Name Edge Gateways Edge Gateways vce hol sitea Settings Statistics Firewall MAT VPM Load Balancer This rule set has unsaved changes Click on Publish Changes button to start deploying Pi db E X Generated rules are currently shown Hide rules Search Ha Mame Type Source Destination Sernice e 1i f
7. HOL HBD 1481 HOL HBD 1483 and HOL HBD 1484 HOL HBD 1482 Page 80 HOL HBD 1482 Module 3 Public and Private Cloud Multi Tiered Application Networking 45 Min HOL HBD 1482 00 age 81 HOL HBD 1482 Introduction The purpose of this lab is to show you how your organization can utilize a local data center and a public cloud such as VMware vCloud Air for a multi tier environment We will be utilizing the local data center for the App and Database virtual machines and the Web virtual machine will be located in vCloud Air We will test the firewall rules that are implemented when the connection is initially established and make the appropriate changes to ensure that the Web virtual machine can only talk to the App virtual machine and not the Database virtual machine Security is an important part to any hybrid implementation and here at VMware we want to ensure that when you put your virtual machines in our vCloud Air that they have the same security policies that they would have if they were located in your private virtual data center We want to ensure mobility between the two sites and that your private virtual data center runs as efficiently as possible and as securely as possible because wait for it that is what we do best at VMware If you are interested in seeing the Architecture Diagram for module feel free to review the diagram below HOL HBD 1482 Page 82 HOL HBD 1482
8. we will HOL HBD 1482 Page 34 HOL HBD 1482 configure a vCloud Connector Node to a VMware vCloud Air virtual data center so you can see how it is configured against vCloud Director and in a public setting HOL HBD 1482 Page 35 HOL HBD 1482 vCloud Connector Node In this module we will configure vCloud Connector Node In the previous section we used videos to demonstrate the installation of the vCloud Connector Server and vCloud Connector Node within the local data center Here we will configure an already deployed vCloud Connector Node within vCloud Air Just a reminder that vCloud Connector nodes are virtual appliances that handle transferring content from one cloud to another Transfers between clouds that are interrupted for example because of network problems can be resumed at the point that they were interrupted A vCloud Connector Node must be installed in every vSphere or vCloud Director cloud that vCloud Connector oversees Launch Google Chrome On the desktop double click the Google Chrome shortcut vCloud Connector Node Login Expand the Bookmarks Toolbar Menu and choose vCC vSphere Node tor E RainpoleCloud vCCServer vCC vCHS Node 4 vCC vSphere Node BD vcHsPortal HOL HBD 1482 Page 36 HOL HBD 1482 Accept Security Certificate lf prompted about the site security certificate click Proceed anyway A The site s security certifica
9. Check 7 1 2014 8 43 18 AM 7 11 2014 8 43 18 AM 7 1 2014 8 43 18 AM Actions For the purposes of this lab we will not be registering any other nodes however please take a moment to review the steps and options involved in the process To begin click the Register Node button vmware vCloud Connector Server Manage Nodes Cloud Local Content Library http localhost 60 Rainpole Local Datacenter https 182 168 110 22 Hainpole VCHS Production https vcd 01b vchs int uymware com cloud org hol dc 1 vpc 1 3 Cloud Type Content Directory VMware vCenter Server VMware vCloud Director Node URL http localhost 60 https vccn 01a corp local Up https vccn 1b vchs int vmware com Help Logout user admin RegisterNode cuu Last Health s Status Check Actions 7 11 2014 T UP 843 48 AM 7 11 2014 8 43 18 AM j 7 11 2014 a ter UP 84318 AM HOL HBD 1482 Page 71 HOL HBD 1482 Register Node with Server Here you would provide such information as 1 The desired Display name 2 The Node URL 3 Whether this is a Public Node if a Proxy is used and if the SSL Certificate should be ignored The Could Type either vSphere or vCloud Director the VCD Org Name if the Cloud Type is vCloud Director The Username and Password oe ga Register Node with Server Node details Display name Node URL e g https node1 example com Public J
10. Edge Gateways There is also the ability to Configure Public IPs for the external networks Configure Services hol dc1 vpc1 3 DHCP NAT Firewall Static Routing VPN Load Balancer IPSec VPN service helps you create secure VPNs between gateways Site to Site VPN can be configured between edge gateways in this organization across organizations and even to third party VPN gateways C Enable VPN Configure Public IPs Public IPs can be configured for each af the external networks this is useful if you are using NAT in your environment Marre Local End Point Peer End Point Enabled Status Local Metwork Peer Network Peer Organization cancer Load Balancer Services Pool Servers In the Load Balancer tab we have the ability to configure Pool Servers and Virtual Servers Note that a pool is a construct used to manage and share backend member instances A pool manages its backend members health check monitors and load balancer distribution method This also allows you to see the service and health check for the individual load balancing member pools HOL HBD 1482 Page 25 HOL HBD 1482 Let s review the Virtual Servers screen Configure Services hol dc1 vpc1 3 c DHCP NAT Firewall Static Routing VPN Load Balancer Pool Servers Virtual Servers Fool is a construct used to manage and share the backend member instances more flexibly and efficiently A pool manages its backend members health che
11. HBD 1482 Please note the above video does not contain audio vCloud Connector Node Installation This video demonstrates the installation of vCloud Connector Node e Deploying vCloud Connector Node via the provided OVF template e Booting up and showing the web based configuration screen Configuration of vCloud Connector beyond that needed for basic installation will be covered later in the module Please note the above video does not contain audio HOL HBD 1482 Page 33 HOL HBD 1482 vCloud Connector Configuration This video will cover the configuration of the node and server as well as the addition of the local data center serviced by the node into vCloud Connector User Interface in vSphere e Configure vCloud Connector Node connecting it to the local vSphere instance e Configure vCloud Connector Server adding the Node above as a resource e Configure the vCloud Connector User Interface adding the local vSphere instance as a cloud resource Please note the above video does not contain audio Conclusion In this article we provided a series of videos illustrating how vCloud Connector Server and vCloud Connector Node were installed into this lab After the installation we covered configuring one Node to connect to the local vSphere instance and added it to vCloud Connector User Interface At some points later in the lab will have vCloud Connector Server and Nodes configured for you However in the next portion
12. Settings We will not be making any changes here but please take a moment to review the information provided Note that the Type is VMware vCloud Director The option to change the Username amp Password used by vCloud Connector is available here HOL HBD 1482 Page 78 HOL HBD 1482 Click Cancel to close this window Rainpole VCHS Production Edit Settings Name Rainpole VCHS Production Type URL hit ps Jcd 0 1b vchs i ntymwar e camiclaud org hal dc1 vpc1 3 Username Fp connector Password Po nene f cance 7 HOL HBD 1482 Page 79 HOL HBD 1482 Conclusion In this module we used videos to demonstrate how vCloud Connector Node and vCloud Connector Server were installed We went through the user interfaces for both vCloud Connector Node and Server and identified all the options available we configured both vCloud Connector Node and vCloud Connector Server and we reviewed the information used connecting these to the vCloud Connector User Interface Connecting these components allows us to copy our virtual machines between our local data center and VMware vCloud Air We also have the ability to publish the catalogs across all the sites To see a use case demonstration of vCloud Connector Node amp Server please proceed to the next module in this lab Public and Private Cloud Multi Tiered Application Networking Also please be aware that there are three other VMware vCloud Air Hands on Labs
13. VPMs between gateways Site to Site YPN can be configured between edge gateways in this organization across organizations and even to third party YPN gateways v Enable VPN configure Public IPs Public IP s can be configured for each ofthe external networks this is useful if you are using MAT in your environment Hame Local End Foint Feer End Point Enabled Status Local Meteo rk Peer Meta rk Feer Organization CHS to Local Datac 192 168 220 102 192 168 110 102 v e 182 158 109 1 24 10 0 1 0 24 HOL HBD 1482 Page 103 HOL HBD 1482 Configure Services NOTE Before continuing on with the following steps please wait for at least one minute for the VPN settings to synchronize with the vShield Edge Device Select the hol dc1 vpc1 3 default routed network Select the down arrow to the right of the blue gear Select Configure Services 4 1 fi Home My Cloud Catalogs 5 Administration Administration Cloud Resources Cg Virtual Datacenters Recent fens if hal dc1 v pc1 3 Members Bj Users x Groups amp Lost amp Found Settings ct General FAL vApps vw pp Templ Configure Services a a Connected vApps Delete Properties Media amp Oth Storage Pol al Actions hol dc1 vpc1 3 default routed pICUENSCECUIMCUSUDUNPIE E E dr Ty Edge Gate Connected 8 124 Isolatec 09 1224 Routed Y nol dc1
14. dc 1 vpc 1 3 F DHCP HWAT Firewall Static Routing VPN Load Balancer Rules can be added to the Firewall to allow ar deny specific network traffic The order of these rules can be changed by selecting ane ar mare rules dragging and dropping them atthe desired location in the list The order of any selected rules is preserved after dropping them into a different location within the list I Enable firewall Default action Deny Allow LJ Log Applicable to traffic that does not match the rules in the list Rule Id Hame Source Destination Frotogol Enabled Web Production 192 168 109 2 443 10 0 1 11 443 TEF kai Adding Source 2 Please fill in the information as it appears in the screen with the following information Name Web Production Source 192 168 109 2 Source port any Destination 10 0 1 11 Destination port any Protocol ICMP HOL HBD 1482 Page 116 HOL HBD 1482 Click OK Add Firewall Rule v Enabled Mame Web Production SOURCE 192 168 109 2 zm Valid values can be IP address CIDR IP range any internal and external Source part any Destination 10 0 1 11 x Valid values can be IP address CIDR IP range any internal and external Destination port any zd Protocol CMP Action e Allow Deny LI Log network traffic far firewall rule Cancel HOL HBD 1482 Page 117 HOL HBD 1482 Adding Firewall Services Click Add
15. for vCloud Air with the following information Please note there are TWO scroll bars that you may need to adjust in order to add all the configurations Name vCHS to Local Data Center Establish VPN to a remote network NOTE you will need to select the down arrow to select this option Click to select the network hol dc1 vpc1 3 default routed under Local Networks Peer Networks 10 0 1 0 24 Local ID 192 168 220 102 HOL HBD 1482 Page 101 HOL HBD 1482 Peer ID 192 168 110 102 Peer IP 192 168 110 102 Encryption protocol AES 256 Shared Key VMworld2014isthebestconference123 Add a Site to Site VPH configuration d x Marra WCHS to Local Datacenter oat Description v Enable this PN configuratigg Establish WPN ta a remote network Local amp Peer Networks Local Networks hal dc1 vpc1 3 default routed 192 16 Peer Networks 10 0 1 0 4 Enter network address in CIDR format For example 192 1662 0 24 192 1665 0 24 PH connection settings Local Endpoint CORP Local ID 192 166 270 102 Peer ID 192 166 110 102 An ID to uniquely identity the peer If the peer elul ee ee dll A T an HOL HBD 1482 Page 102 HOL HBD 1482 Verify VPN Configuration In order to verify that the Status is up click the OK button Configure Services hnl dc 1 mc 1 3 x DHCP NAT Firewall Static Routing VPN Load Balancer IPSec YPN serice helps you create secure
16. internal ipset ipse LEJ internal ipset ipse LJ internal appl e internal appl IF JF internal ipset ipse 4 Default Rule Default any any any Adding Sources In previous steps we created the IP addresses In the top right corner enter in Production and select the two options Web Production and App Production Click OK 1P adresses gt Hame Ww F Web Production Mew IP Addresses z objects selected me HOL HBD 1482 Page 131 HOL HBD 1482 Adding Service 1 In the Service column click the in the top right corner like we did in previous steps Edge Gateways Edge Gateways vce hol sitea Settings Statistics Firewall MAT VPN Load Balancer This rule set has unsaved changes Click on Publish Changes button to start deploying Publish db Im X Generated rules are currently shown Hide rules Search Ho Hame Type Source Destination Service A e 1 firewall Internal e vse any any 4 2 IPsec Internal internal ipset ipse internal ipset ipse J internal applicatia n lal sal LF internal ipset ipse LE internal ipset ipse EJ internal applicatia Default Rule Default any any L Adding ICMP Echo In the top right screen enter ICMP The ICMP names will appear Select ICMP Echo Click OK Hame J ICMP Destination Unreachable a H ICMP Redirect L J ICMP Time Exceeded L J ICMP Ro
17. ipsec fw localips LF internal ipset ipsec fw peerips LP internal ipset Izvpn fw localips Default LP internal ipset sslypn fw serverip OE ngap ELEI a LFP empty Ipset fuw Mew IP Addresses k Advanced options ok Cancel HOL HBD 1482 Page 129 HOL HBD 1482 App Production IP Enter in the following information Name App Production IP Addresses 10 0 1 11 Click OK Add IP Addresses x IP addresses grouping must be defined under the glabal scope or under the scope of a datacenter ar a partgroup IP address grouping defined under the global scope is visible at all datacenters and partgroups Scope vce hal sitea Name 1 App Production Description IP Addresses 10 0 1 11 o eg 192 168 200 12 192 168 200 2 24 192 1568 200 1 192 168 200 24 9 o HOL HBD 1482 Page 130 HOL HBD 1482 Adding Destination 1 In the Destination column click the symbol like we did in the previous steps Edge Gateways Edge Gateways vce hol sitea Settings Statistics Firewall Load Balancer This rule set has unsaved changes Click on Publish Changes button to start deploying db LL X f Generated rules are currently shown Hide rules Search Ma Mame Tvpe Source Destination Senice i firewall Internal e vss any any 2 IPSec Internal F
18. is powered on the window above will appear Please DO NOT shut down the Firefox browser as we will use it in later steps vmwa re vCloud Hyb rid 5e virtual Machine virtual Machine Web Production powered X ii an Dashboard EPA virtual Machines Gateways Eo MY VIRTUAL MACHINES MY VMS AT A 1 Used 5 1 Powered On 0 Powered Off 1 0 Suspended Showing 1 of 1 5 See More v Add Virtua Name Owner IBSDUI E OS vAPP Virtual Data Center CPU Memory E D Web Production hol vmware com 1vCPUs 512 MB SUSE Linux Enterpri Web Production VApp hol dc1 vpc1 3 Open vSphere Client Open vSphere Client from the desktop T YMware vSphere Client HOL HBD 1482 Page 87 HOL HBD 1482 Login to vSphere Client 1 Ensure that the Use Windows session credentials is checked and vcsa Ola corp local is the selected vCenter 2 Select the Login button VMware vSphere Client E4 vmware VMware eT v S CS Client In Sphere 5 5 all new vSphere Features are available only through the Sphere web Client The traditional Sphere Client will continue to operate supporting the same Feature set as vSphere 5 0 but not exposing any of the new Features in v5phere 5 5 The vSphere Client is still used Far the vSphere Update Manager YUM and Hast Client along with a Few solutions e g Site Recovery Manager Ta directly manage a single host enter the IP address or host name To manage multiple hosts en
19. large amounts of data from your private data center to VMware vCloud Air The vCloud Connector consists of three distinct components vCloud Connector User Interface UI vCloud Connector Server and vCloud Connector Nodes The vCloud Connector UI is the user interface that the vCloud Connector server produces It is registered to and accessed from the vSphere Client You decide where to register the UI during the configuration process vCloud Connector Server is a virtual appliance that coordinates the activity of vCloud Connector controls vCloud Connector Nodes and produces vCloud Connector UI Only one vCloud Connector Server is needed vCloud Connector nodes are virtual appliances that handle transferring content from one cloud to another A vCloud Connector node must be installed in every vSphere or vCloud Director based cloud that vCloud Connector oversees On public vCloud Director based clouds the service provider can install a vCloud Connector node as a multitenant node for multiple customers to use so that each customer does not have to install a node This configuration can also be used by private vCloud Director administrators who have multiple organizations In vCloud Air a vCloud Connector multitenant node is installed by VMware by default This module is broken into four parts HOL HBD 1482 Page 30 HOL HBD 1482 Part 1 vCloud Connector Server and Node Installation Here we will provide a video example
20. may also create additional ones as indicated in the introduction from this screen In your own environment this would be done by clicking the green plus icon and walking through the wizard Please do not add a new network to this lab environment Note vCloud Director provides role based security and therefore the view above may not necessarily be available to all users and roles 4 hol dc1 vpc1 3 hol vmware com VPC Administrator Preferences Help Logout Gj Home My Cloud amp Catalogs 2 Administration Administration T hol dci vpct 3 v Cloud Resources vApps vAppTemplates Media amp Other Storage Policies Edge Gateways Org VDC Networks v GR Virtual Datacenters Recent items All c 9 di hol dc1 vpc1 Name 1A Status Gateway Address Type Connected To IP Pool Used Total Shared Owner m v Members amp hol dc1 vpc1 3 def o 192 168 99 1 24 Isolated 0 00 hol dc1 vpc1 3 User a S hol dc1 vpc1 3 def o 192 168 109 1 24 Routed Q9 hol dc1 vpc1 3 0 00 hol dc1 vpc1 3 Groups 2 Lost amp Found Routed network Configure Services 1 Click the HOL DC1 VPC1 3 default routed network line to highlight it 2 Click the arrow to the right of the blue wheel A drop down menu will appear 3 Click Configure Services G Home My Cloud i Catalogs amp Administration Administration A hol det vpe13 v Cloud Resources Gig Virtu
21. of the actual service and used here for demonstration purposes only vmware vCloud Hybrid Service hol vmware gt Help Dashboard EE Virtual Machines Gateways m Data Protection ann Users RESOURCE SNAPSHOT RELATED LINKS Activity Log CPU 2 0 GHz PURCHASED 2 0 GHz ALLOCATED TO VDCs 0 MHz UNALLOCATED VIRTUAL MACHINES MEMORY 1 0 GB PURCHASED 1 0 GB ALLOCATED TO VOCs 0 MB UNALLOCATED 3 PUBLIC IPS ALLOCATED k STORAGE 10 GB PURCHASED 10 GB ALLOCATED TO VDCs 0 MB UNALLOCATED VIRTUAL DATA CENTERS 1 HOL DC1 VPC1 3 ah On Multi Tenant Cloud CPU 2 0 GHz ALLOCATED 250 MHz USED 1 7 GHz FREE HOL HBD 1482 Page 10 HOL HBD 1482 vDC Network Settings HOL DC1 VPC1 3 Click on the HOL DC1 VPC1 3 virtual datacenter VIRTUAL DATA CENTERS 1 HOL DCT1 VPC1 3 aa On Multi Tenant Cloud CPU 2 0 GHz ALLOCATED 260 MHz USED 1 7 GHz FREE MEMORY 1 0 GB ALLOCATED 512 MB USED 512 MB FREE STORAGE 10 GB ALLOCATED 2 5 GB USED 7 5 GB FREE vDC Network Settings HOL DC1 VPC1 3 Click on the Gateways tab vmware vCloud Hybrid Service Dashboard at Virtual Machines e Gateways J Data Protection HOL HBD 1482 Page 11 HOL HBD 1482 HOL DC1 VPC1 3 Gateway Here we can see the vCloud Networking and Security Edge gateway instance deployed for use in the HOL DC1 VPC1 3 vDC DOUBLE CLICK HOL DC1 VPC1 3 We have 192 168 220 102 as the external IP for the Edge gateway devi
22. tier environment that utilizes both VMware vCloud amp Air and the local datacenter We will also set up firewall rules to ensure the environment is secure Please continue to Module 2 will discuss IP Address Portability Between Customer and VMware vCloud Air Data Centers Data Center Extension HOL HBD 1482 Page 28 HOL HBD 1482 Module 2 IP Address Portability Between Customer and VMware vCloud Air Data Centers Data Center Extension 45 Min HOL HBD 1482 ee Page29 HOL HBD 1482 Introduction In this module we will explore different aspects of the vCloud Connector and how it enables seamless transfer of content between multiple public and private clouds vCloud Connector is an enterprise product that provides a single user interface for overseeing multiple public and private clouds and for transferring cloud content from one cloud to another It allows you to connect multiple clouds both internal and external in a single user interface Using vCloud Connector you can manage virtual machines deploy templates and transfer virtual machines vApps and templates from one cloud to another vCloud Connector also provides the following key features e Content Sync lets you set up a Content Library to distribute and synchronize templates across clouds Data Center Extension Stretch Deploy lets you extend your private data center to a public vCloud e Offline Data Transfer enables you to transfer
23. vpc IP Pool Used Total nos 0 00 soil Shar eo Owner TT hol dc1 pc1 3 hal dc1 vpc1 3 HOL HBD 1482 Page 104 HOL HBD 1482 Confirming Status Once you have gone back into the VPN tab you should see the status is now UP Wasn t that easy In this lab we created a VPN tunnel between edge devices However you can setup the VPN between any network device and the edge device in the vCloud Air PLEASE NOTE If it continues to show down and you have verified your settings you can verify tunnel status via vShield Manager on the local Data Center Remember that you launched vShield Manager via the vSphere Client Configure Services hoal dc 1 vnc 1 3 ga x DHCP NAT Firewall Static Routine oad Balancer IPSec VPM service helps you create secure VPMs between gateways Site to Site YFM can be configured between edge gateways in this organization across organizations and even to third party VPM gateways v Enable VPN Configure Public IPs Public IPs can be configured for each ofthe external networks this is useful ifvau are using MA vour environment Hame Local End Foint Feer End Foint Enabled Status Local Metwark Feer Hetwark Feer Organization WOHS to Local Datac 192 168 220 102 192 168 110 102 ka had 182 158 109 1 24 10 0 1 0 24 HOL HBD 1482 Page 105 HOL HBD 1482 Verify and Test Network and Security Configuration Now that we have configured the VPN tunnel between our
24. 0 Suspended Seem More Showing 1 of 1 E Add Virtual Machi Resources O5 CPU Memon CPUs 512 MB Mame Owner WP SUSE Lin hal dc1 vpc1 3 Web Prod E D web Prod halicvmwa HOL HBD 1482 Page 107 HOL HBD 1482 Launch Console for Web Production Virtual Machine Click the Launch Console option for this particular machine vmware vCloud Hybrid Service Dashboard EB Virtual Machines e Gateways Data Protection MY VIRTUAL MACHINES i nr vg el S See Mare Showing 1 of 1 Resources Mame Lower SEI ETT DS wAFF Wirt 4 view amp Edit Details E D Web Prod hol vrnwa TvCPUs 512 MB SUSE Lin Web Prod ho t CJ power Off Suspend oO Reset 9 Create Snapshot ME Revert Snapshot Kk ike Delete Snapshot m ps portal vchs ink vmware com page vnis a Launch console HOL HBD 1482 Page 108 HOL HBD 1482 Log into Web Production Virtual Machine Now that the console is open the screen may be black so you will need to click in the screen and hit enter in order to get it to respond Log into the virtual machine with the following credentials portal login root Password VMwarel Welcome to SUSE Linux Enterprise Server 11 5PZ for VMware x85 b1 Kernel 3 0 1 ttyl baze sles 0 001 login root Password Last login Fri Jul 11 17 41 47 PDT 2014 on ttyl Test Connectivity to DB Production At the prompt si
25. 82 HOL DC1 VPC1 3 Production Double click the HOL DC1 VPC1 3 Virtual Data Center vmware vCloud Hybrid Service Dashboard Virtual Machines e Gateways Data Protection RESOURCE SNAPSHOT CPU 2 0 GHz PURCHASED 2 0 GHz ALLOCATED TO VDCs 0 MHz LINALLOCATED MEMORY 1 0 GB PURCHASED LOGE ALLOCATED TO VOCs MB UNALLOCATED STORAGE 10 GB PURCHASED 10 GB ALLOCATED TO VOCs 0 MB UNALLOCATED VIRTUAL DATA CENTERS 1 HOL DCT VPC1 2 d HOL HBD 1482 Page 111 HOL HBD 1482 Launching vCloud Director You should automatically be taken to the Networks tab If you are not at the Networks tab please proceed to it and select Manage in vCloud Director vmware vCloud Hybrid Service Dashboard n Virtual Machines im Gateways Data Protection DASHBOARD gt VIRTUAL DATA CENTER DETAILS HOL DC1 VPC1 3 ON MULTI TENANT CLOUD Usage amp Allocation Virtual Machines Gateways Users NETWORKS Add One Manage in vCloud Director Showing 2 af 2 HOL B t VPC1 3 DEFAULT ISOLATED HOGL DCT VP C1 2 DEFAULT ROU TED TYPE INTERNAL TYPE GATEWAY DEFAULT GATEWAY IP 192 168 99 1 24 GATEWAY hol dci vpci 3 192 168 220 102 24 VMs 0 Connected 0 ON DEFAULT GATEWAY IP 192 168 109 1 24 IP RANGE 192 168 09 2 192 168 99 100 Wikis 1 Connected 1 ON PUBLIC IPs 3 Allocated 1 Used 2 Free Routed Network in vCloud Director Highlight the Routed hol dc1 vpc1 3 default routed network Administration C h
26. AK AK A A A IK I IK AK AK AK AK AK AK KK AK Follow up steps If you haven t done so already you may wish to take labs HOL HBD 1481 HOL HBD 1483 and attend the Expert led Workshop ELW HBD 1484 to further expand your knowledge of VMware vCloud Air COPY PASTE NOTE Please note that you will not be able to copy paste from the user manual into the lab console If you need to copy a username password to enter into a lab exercise please open and use the README txt file that is on the desktop If that doesn t work you can also try the Send Text button found under the console window in the NEE interface HOL HBD 1482 Page 4 HOL HBD 1482 Module 1 Introduction to VMware vCloud Air Networking and Security 15 Min HOL HBD 1482 HOL HBD 1482 Introduction VMware vCloud Air is built on the trusted foundation of vSphere and is compatible with your on premise data center VMware vCloud Air allows you to extend your workloads into the cloud with ease You can migrate existing virtual machines VMs from on premises to the public cloud or start up new application VMs directly in the cloud You can also easily port VMs and other business critical workloads back and forth to the location of your choice all with the secure and capable foundation of vSphere In this module we will give you an introduction to the networking components exposed via the VMware vCloud Air portal as well as those availa
27. Applications gt ih vShield p ga vesa O la ou are lo view Edges Iv A Q Em Settings amp Reports UU vShield App me pets li Data Security ae pu EZ x Service Insertion 2 E pt M M Load Balancer SSL VPN Plus IPSec VPN Service Status Disabled Global configuration status Not Configured Change Logging Policy Enable logging Log level INFO x dox wv Search Name Local Endpoint Local Subnets Peer Endpoint Peer Subnets Status Chanm Local Datacen 192 168 110 1 10 0 1 0 24 192 168 220 1 192 168 109 C F Publish Changes And we have to publish these changes again so please click the Publish Changes button this is a safeguard just in case you hit the Enable button by accident gt Home b Solutions and Applications p vShield p vcsa 1a ire Search Inventory E are logged in View Edges v e Edge Eei Edge Gateways a Bgm Settings amp Reports Lr BOESERCNES TE vshield App Settings Statistics Configure Firewall DHCP NAT VPN Load Balancer p 8 Data Security Sa ie E Service Insertion ae i Object M Changes to the IPSec VPN configuration will take effect only after being Wc published Please click on Publish Changes to publish SSL VPN Plus Publish Changes dd Edge Gateways IPSec VPN Service Status Enabled U Disable Global configuration status Not Configured Change Logging Policy m Enabl
28. Configure Services hol dc 1 vpc 1 3 g DHCP NAT Firewall Static Routing YPN Load Balancer Rules can be added to the Firewall to allow or deny specific network traffic The order ofthese rules can be changed by selecting ane or mare rules dragging and dropping them atthe desired location in the list The order of any selected rules is preserved after dropping them into a different location within the list Y Enable firewall Default action Deny Allow m Log Applicable to traffic that does not match the rules in the list Rule Id Hame Source Destination Proto cal Enabled Web Production 182 158 108 2 443 10 0 1 11 443 MER v Web Production 192 158 103 2 10 0 1 11 ICMP x Adding Source 3 Please fill in the information as it appears in the screen with the following information Name App Production Source 10 0 1 11 Source port 443 you must enter this port id in Destination 192 168 109 2 Destination port 443 you must enter this port id in Protocol TCP HOL HBD 1482 Page 118 HOL HBD 1482 Click OK Add Firewall Rule c Enabled Mame App Production SOUrCe 10 0 1 11 oa Valid values can be IP address CIDR IP range any internal and external Source port 443 Destination 192 168 109 2 F Valid values can be IP address CIDR IP range any internal and external Destination port 443 Protocal TCF Action v Allow Deny L Log network traffic fo
29. HOL HBD 1482 Table of Contents Lab Overview HOL HBD 1482 VMware vCloud Air Networking amp Security 2 E leXClor rs 3 Module 1 Introduction to VMware vCloud Air Networking and Security 15 Min 5 ge AUCO qM T um 6 VMware vCloud Air Portal Networking eese mme 8 VMware vCloud Air Networking in vCloud Director ccccececeeeeeeeeeeeeeeeenees 16 Conclusion for VMware vCloud Air Networking eee 28 Module 2 IP Address Portability Between Customer and VMware vCloud Air Data Centers Data Center Extension 45 Min esssseeenn mme 29 MOGU CO o c 30 vCloud Connector Server and Node Installation and Configuration 32 vCloud Connector Node ssssssee mmm emnes esses sess ne es asn a n a nnnn 36 vCloud Connector Server essssssssssee nemen ense esee se ssa seas i 58 vCloud Connector User Interface ssssssssss nmm meme nemen enne 73 Soaeilci 80 Module 3 Public and Private Cloud Multi Tiered Application Networking 45 Min 81 MOU CO o hth ht ne 82 Configuring VPN tunnel between the Local Data Center and VMware vCloud v X 84 Verify and Test Network and Security Configuration s esessessseresrere
30. L section and highlight 443 in the URL and delete it vmware vCloud Connector Node System Network Update Cloud Registration Cloud Type vCloud Director Cloud URL ware comei amp cloud orgihal dc1 vpc1 3 https vc ip or https vcloud ip cloud Ignore SSL Cert Use Proxy O w HOL HBD 1482 Page 55 HOL HBD 1482 Update Configuration Now click the Update Configuration box vmware vCloud Connector Node System Network Update Cloud Registration Cloud Type vCloud Director Y Cloud URL https ved 01 b vchs intvmware com clou https vc ip ar https vecloud ip cloud Ignore SSL Cert Use Proxy Update Configuration HOL HBD 1482 Page 56 HOL HBD 1482 Cloud Registration Updated Note that a Cloud Registration updated message is displayed in the top of the window once registration is complete We will now proceed with configuring the vCloud Connector Server vmware vCloud Connector Node System Network Update General SSL Cloud vCloud Director Cloud URL https Jvcd 015b vchs int ymware com clou https vc ip ar https vcloud ip claud Ignore SSL Cert Use Proxy D HOL HBD 1482 Page 57 HOL HBD 1482 vCloud Connector Server The vCloud Connector Server is a virtual appliance that coordinates the activity of vCloud Connector controls the vCloud Connector nodes and produces the vCloud Connector User Interf
31. L A Subnets shoud be entered in CIOR format Ww cormrmnaas separator Peer Id 192 1585 220 1 0z2 Peer Endpoint amp 192 158 220 102 Peer Subnets 192 168 109 07 24 wth connie as separator Encryption Algorithm AES256 SUTNE NICATION l PSE X CEFtTfICarte Subnets should be entered in CIDE format Pre Shared Key WMworld2014isthebestco vl Display shared key Diffle Hellman Group DH2 _ DH5 AAT IH Io 4 rmm Cle Cancel HOL HBD 1482 Page 95 HOL HBD 1482 Publish Changes Click the Publish Changes button in order for this VPN configuration to be enabled Edge Gateways Edge Gateways vce hol sitea Publish Changes Revert tion will take effect only after bein EN aj IPSec VPN Service Status Disabled U Enable Global configuration status Not Configured Change Logging Policy iml Enable logging Log level INFO T xv0O c Name Local Endpoint Local Subnets Peer Endpoint Peer Subnets Status Channel Status Tunnel Status Local Datacen 192 168 110 1 10 0 1 0 24 192 168 220 1 192 168 109 C a e 0 UF 0 DOWN Page 96 HOL HBD 1482 HOL HBD 1482 Enable the VPN Local Data Center Notice that the IPSEC VPN Service Status is disabled Although we published the changes we need to Enable the configuration Please select the Enable button don t be shy do it SIS Search In A Home gt a Solutions and
32. NAT Firewall Static Routing VPN Load Balancer Dynamic Host Configuration Protocol DHCP automates IP address assignment to virtual machines connected ta organization VDC networks You can configure and manage IP address ranges and lease parameters for each of the organization VDC networks connected to this edge gateway C Enable DHCP Applied On IP Range Default Lease Wax Lesse Enabled JK Cancel HOL HBD 1482 Page 21 HOL HBD 1482 NAT Services The NAT screen gives you the ability to add a Source NAT and Destination NAT for the vCloud Networking and Security Edge gateway The Source NAT translates the source address of a packet before leaving the gateway The Destination NAT translates the destination IP address port of a packet received by the gateway Configure Services hol dc1 vpc1 3 amp DHCP NAT Firewall Static Routing VPN Load Balancer Network Address Translation NAT modifies the source destination IP addresses of packets arriving to and leaving from this Edge Gateway Source NAT SMAT translates the source address of a packet before leaving this gateway whereas Destination NAT DMAT translates the destination IP address part of a packet received by this gateway Applied On Type Original IP Original Port Translated IP Translated Port Protocol Enabled Add SNAT Add DNAT Cancel HOL HBD 1482 Page 22 HOL HBD 1482 Firewall Services In this Firewall tab we have
33. PC1 3 ON HOL DC1 NAT Rules Firewall Rules Networks Public IPs Edge gateways are configured to deny incoming traffic by default To make workloads available on the public internet for consumption you ll need to add a NAT rule Add a NAT Rule EDIT HOL DC1 VPC1 3 DEFAULT ROUTED 1 Click the Down Arrow 2 Click the Edit Network button HOL DC1 VPC1 3 DEFAULT ROUTED T TYPE GATEWAY GATEWAY hol dci vpc1 3 Edit Network e 192 168 220 102 24 DEFAULT GATEWAY IP 192 168 109 1 24 Delete Network VMs 1 Connected 0 ON PUBLIC IPs 3 Allocated 1 Used 2 Free IP RANGE 192 168 109 2 192 168 109 100 HOL HBD 1482 Page 13 HOL HBD 1482 Edit Network Here you can edit your network if needed DO NOT EDIT NETWORK Click X when completed Edit Network Network name holdcl vpc1 3 default routed Description This routed network was created with Create VDC VDC gateway Network Gateway IP Range 192 168 109 2 192 168 109 100 Edit Network VMware vCloud Air Dashboard Let s return back to the main dashboard by either clicking on the DASHBOARD breadcrumb or on the main Dashboard icon vmware vCloud Hybrid Service m Gateways m Data Frotection HOL HBD 1482 Page 14 HOL HBD 1482 Conclusion We have just reviewed the networking components available via the VMware vCloud Air portal In the next module we will explore in greater det
34. Use Pro B 6 se Proxy y Ignore SSL Certificate iw Cloud Credentials Cloud Type vSphere voog M Ss V reger EE Password HOL HBD 1482 Page 72 HOL HBD 1482 vCloud Connector User Interface In this part of the module we will review the process for adding the vCloud Connector Node and vCloud Connector Server to the vCloud Connector User Interface UI vSphere Client Open the vSphere client using the desktop shortcut HOL HBD 1482 Page 73 HOL HBD 1482 vSphere Client Select Server Ensure that vcsa Ola corp local is selected in the IP Address Name pulldown menu Clear the Use Windows session credentials checkbox if it is not already VMware vSphere Client vmware VMware vSphere Client Li In vSphere 5 5 all new vSphere features are available only through the vSphere Web Client The traditional vSphere Client will continue to operate supporting the same feature set as vSphere 5 0 but not exposing any of the new features in vSphere 5 5 The vSphere Client is stil used for the vSphere Update Manager VUM and Host Client along with a few solutions e g Site Recovery Manager ect pisos te ager rc HOL HBD 1482 Page 74 HOL HBD 1482 vSphere Client Login Login using User name root Password VMwarel1 Click the Login button VMware vSphere Client vmware VMware ST v TT S Client Li In vSphere 5 5 all new vSphere features are a
35. ace UI Only one vCloud Connector Server is needed The vCloud Connector server admin web console is used to perform basic configuration tasks such as defining the time zone specifying proxy servers or setting log levels What is needed depends on the particular installation Open New Tab in Chrome In Chrome click the light blue shape to the right of the current tab to open a new tab 4 vCloud Connector Node xh 1 gt C amp bitps vccn O01a corpalocal 5480 Site A VCSA Admin 2 Site A Web Client di staa TMymomt 2 vCloud Connector Server Login On the Bookmarks Toolbar choose vCC Server You Gmail Images TH HOL HBD 1482 Page 58 HOL HBD 1482 Accept Security Certificate If prompted about the site security certificate click Proceed anyway A The site s security certificate is not trusted Y ou attempted to reach vccs 0Ta corp local but the server presented a certificate issued by an entity that is not trusted by your computers operating system This may mean that the server has generated its own security credentials which Chrome cannot rely on for identity information or an attacker may be trying to intercept your communications b Y ou should not proceed especially if you have never seen this warning before for this site Proceed anyway Back to safety Help me understand Enter Username and Password Login with User name admin Password vmware vCloud Co
36. ail these networking settings from within the vCloud Director instance Managing the network settings via vCloud Director allows the administrator to manage the network settings of their vDC with greater granularity To continue with this lab module do not close the Firefox browser HOL HBD 1482 Page 15 HOL HBD 1482 VMware vCloud Air Networking in vCloud Director Now that we have have explored the networking views in VMware vCloud Air let s review the networking capabilities available to us via vCloud Director for your HOL DC1 VPC1 3 virtual datacenter Note that in addition to the default routed and isolated networks that VMware vCloud Air creates automatically you can create up to nine total networks for use within your virtual data center These can be used for the creation of multi tiered network enclaves to isolate data or various other reasons Due to space and size restriction within the lab environment we will not be creating additional networks today however we will call out the appropriate screen later in this module vDC Network Settings HOL DC1 VPC1 3 Click on the HOL DC1 VPC1 3 virtual datacenter VIRTUAL DATA CENTERS 1 HOL DC1 VPC1 3 ex On Multi Tenant Cloud CPU 2 0 GHz ALLOCATED 260 MHz USED 1 7 GHz FREE MEMORY 1 0 GE ALLOCATED 512 MB USED 512 MB FREE STORAGE 10 GB ALLOCATED 2 5 GB USED 7 5 GB FREE vDC Network Settings HOL DC1 VPC1 3 Click on the Gateways tab
37. al Datacenters vApps vAppTempl Media amp Oth Storage Pol Edge Gate Org VDC Ne em m a eo Actions hol dc1 vpc1 3 default routed P Pool Used Total Shared Owner m 1 pP IP Allocations 4 Isolated 0 00 hol dc1 vpc1 3 Connected vApps 24 Rou hol de1 vpct 1 01 hol dc1 vpc1 3 Delete Properties HOL HBD 1482 Page 19 HOL HBD 1482 Services available for the routed network As you can see there are six services available for configuration within vCloud Director Let s walk through each of these individually Configure Services hol dc1 vpc1 3 ali f orice mar Firewan static Routng VPN LoadBalancer y 0 Dynamic Host Configuration Protocol DHCP automates IP address assignment to virtual machines connected to organization VDC networks You can configure and manage IP address ranges and lease parameters for each ofthe organization VOC networks connected to this edge gateway C Enable DHCP Applied On IF Range Default Lease Max Lease Enabled HOL HBD 1482 Page 20 HOL HBD 1482 DHCP Services The DHCP services tab allows you to automate the IP address assignments for the virtual machines connected to this network Note that you can add DHCP configurations from this screen as well The IP Range Lease information and whether it is enabled is viewable from this screen Configure Services hol dc1 vpc1 3 G x DHCP
38. ateways vce hol sitea Eg Settings amp Reports EG vShield App Settings Statistics DHCP ps ej Data Security SSL VPN Plus Z Service Insertion T d Object Library aH Edge Gateways IPSec VPN Service Status Disabled U Enable Global configuration status Mot Configured Change Logging Policy Enable logging Log level INFO xv Name Local Endpoint Local Subnets Peer Endpoint VPN Configuration Local Data Center Fill in the following information Note that you may need to scroll down the screen in order fill in all the steps When completed it should look like the picture above Name Local Data Center to vCHS Local Id 192 168 110 102 Local Endpoint 192 168 110 102 Local Subnets 10 0 1 0 24 Peer Id 192 168 220 102 Peer Endpoint 192 168 220 102 Peer Subnets 192 168 109 0 24 Encryption Algorithm AES256 NOTE you will need to select the down arrow in order to choose this option HOL HBD 1482 Page 94 HOL HBD 1482 Pre shared Key VMworld2014isthebestconference123 Feel free to scroll through the rest of the configuration options but note that the default values should be applied When finished click the ok button on the bottom of the screen Edit IPSec VPN wW Enabled Mame Local Id amp 192 168 110 102 Local Endpoint a 1 1927 166 110 102 Local Subnets 10 0 1 0 24 a T E I qu cr m T i 4 cr m 7 rt m lt C
39. ble and configurable from within vCloud Director As the VMware vCloud Air evolves many tasks still performed within vCloud Director or vShield Manager will start to be exposed from the VMware vCloud Air as well making it an even easier service to consume As we progress through the following steps you will become familiar with the high level aspects of the VMware vCloud Air from a networking and security point of view This will assist you in the coming modules of this lab where we explore vCloud Connector Data Center Extensions and Multi Tiered Application Networking Thank you for taking a moment to work through and see what the VMware vCloud Air has to offer What is VMware vCloud Air laaS Cloud Owned and Operated by VMware Based on VMware Software VMWARE vSPHERE amp vCLOUD SUITE VMWARE vCLOUD HYBRID SERVICE TAPP TAPP i APP Existing amp New Apps OS 11 OS 11 0S VMware laa Your Data Center Seamless Networking Common Management One Support Call Data Center Any Application No Change HOL HBD 1482 Page 6 HOL HBD 1482 Video VMware vCloud Air Overview HOL HBD 1482 Page 7 HOL HBD 1482 VMware vCloud Air Portal Networking In this module we will give you an introduction to the networking components exposed via the VMware vCloud Air portal IMPORTANT This lab is a facsimile of the vCloud Air Issues that might arise in th
40. cal Data Center to select it then click the Pencil icon to edit vmware vCloud Connector Browser EE Goc kbi Clouds Objects p En Rainpole Local Datacen i E b BZ Rainpole VCHS Produd X 9j Actions Tasks Name Classification Last updated Search Rainpole Local Datacenter tf Private 07H 1 2014 11 10 01 Content Libra i i a i Rainpole VCHS Production Private 06 28 2014 03 23 12 a Import Local Data Center Edit Settings We will not be making any changes here but please take a moment to review the information provided Notice that the Type is VMware vCenter Server HOL HBD 1482 Page 77 HOL HBD 1482 The option to change the Username amp Password used by vCloud Connector is available here Click Cancel to close this window Rainpole Local Datacenter Edit Settings Rainpole Local Datacenter URL https 192 168 110 22 Username f oot Password Update Review Rainpole VCHS Production In the Clouds pane click Rainpole VCSHS Production to select it then click the Pencil icon to edit vmware vCloud Connector kbi Clouds Obiects di Rainpole Local Datacen b BZ Rainpole VCHS Produd T X Ob Actions Tasks Name Classification Last updated A Search Rainpole Local Datacenter Private 07 11 2014 11 10 04 Content Libra r 2 Rainpole_VCHS _ Production P 06 28 2014 03 23 12 4 Import Rainpole VCHS Production
41. ce We deployed the compact Edge gateway Also note that the Edge gateway is deployed in an HA configuration to cover any potential failure of the node 1 Click the HOL DC1 VPC1 3 Gateway GATEWAYS Showing 1 of 1 HOL DC1 VPC1 3 GATEWAY IP 192 168 220 102 CONFIGURATION 4 compact HIGH AVAILABILITY OP Enabled NETWORKS 1 Public IPs 3 o 1 USED 2 FREE HOL DC1 VPC1 3 Networks Now that we ve seen our gateway configuration let s see what networks are available for us to deploy VMs on Click on the Networks tab Here we can see networks 1 The Default Routed network allows VMs to access the external environment Routed networks within VMware vCloud Air provide a gateway and network services such as DHCP NAT Firewall etc These services with the exception of DHCP are not available on isolated type networks within VMware vCloud Air or vCloud Director Additionally take note of the IP Range shown in the picture and on your screen This range represents the range of network addresses available and assigned to Virtual Machines provisioned to this network The network range and IP addresses are configurable from within vCloud Director HOL HBD 1482 Page 12 HOL HBD 1482 Notice that this screen has additional information below feel free to browse around the different settings Dashboard Be Virtual Machines um Gateways amp Data Protection GATEWAYS gt GATEWAY DETAILS HOL DC1 V
42. ck monitors and loadbalancer distribution method Service and health check Hame Desciption Members Status Monitor Port Balancing Methoc Interval sec Timeout sec Cancel HOL HBD 1482 Page 26 HOL HBD 1482 Load Balancer Services Virtual Servers In this Load Balancer section we can configure the Load Balancer for the virtual servers A virtual server is a highly scalable and highly available server built on a cluster of real servers called members Click the Cancel button to exit out of this screen Configure Services hol dc1 vpc1 3 E x DHCP NAT Firewall Static Routing WPN Load Balancer Pool Servers Virtual Servers Virtual server is a highly scalable and highly available server built on a cluster or real servers called members The architecture of server cluster is fully transparent ta tenants and the tenants interact with the cluster system as ifit were only a single high performance virtual server Services Marte IF Address Description Pool Legging Enabled Name Port Persistence OK Cancel HOL HBD 1482 Page 27 HOL HBD 1482 Conclusion for VMware vCloud Air Networking In conclusion we have shown you the network and security capabilities for VMware vCloud Air that are available in vCloud Director There are two additional modules available in this lab We will discuss the vCloud Connector Node and Server capabilities and configurations We will show you a multi
43. ction DASHBOARD gt VIRTUAL DATA CENTER DETAILS HOL DCT VPC1 3 ON MULTI TENANT CLOUD Usage amp Allocation Virtual Machines Gateways Users NETWORKS E Add One Manage in vCloud Director Showing 2 af 2 HOL DCt VPCI 2 DEFAULT ISOLATED A HOL DCIAPCI 2 DEFAULT ROUTED TYPE INTERNAL TYPE GATEWAY DEFAULT GATEWAY IP 192 168 90 1 24 GATEWAY hol dc1 vpci 3 192 169 220 102 24 v Ms 0 Connected 0 ON DEFAULT GATEWAY IP 192 168 109 1 24 IP RANGE 192 168 99 2 192 168 99 100 Ws 1 Connected 1 ON PLIBLIC IPs 3 Allocated 1 Used 2 Free IP RANGE 192 168 109 2 192 168 109 100 Routed Network in vCloud Director Highlight the Routed hol dc1 vpc1 3 default routed network fi Home My Cloud Catalogs amp amp Administration inii hol de1 vpe1 3 Cloud Resources vApps vAppTempl Media amp Oth Storage Pol Edge Gate Org VDC Ne Resource P Cp Virtual Datacenters Recent tems e A co ifi hol dc1 pc1 3 Name 1 Stat Gateway Addr Ty Connected IP Pool Used Total Shar Owner TT v Members amp hol dc1 vpc1 3 default isolat 192168 99 1 24 Isolatec 0 00 5 hol dc1 vpc1 3 1 Users j p ial pa hal dc1 vpc1 3 default route d o 192 168 109 124 Routed Qi hol dc1 vpc 0 00 hol dc1 vpc1 3 Groups ciii amp Lost amp Found Settings HOL HBD 1482 Page 99 HOL HBD 1482 Configure Services S
44. d Connector Server SE Appliance Version YCC Server 2 6 0 0 Build 1578976 Hostname vccs 01a OS Name SUSE HOL HBD 1482 Page 61 HOL HBD 1482 System Time Zone tab We will not be making any changes here but please take a moment to review the information The System Time Zone section allows setting the apropriate time zone The Time Zone setting displays all the time zones of the world Note that the changes in time zone settings are not reflected in logs etc until the service is reset The virtual hardware clock is always maintained in UTC which the virtual appliance converts to local time Correct local time is important for the update repository and VMware Update Manager vmware yvCloud Connector Server mE Network m Sewer Nodes Help Logout user admin Time Zone Settings System Time Zone Actions m Network Tab The Network tab provides a view of network related information about the appliance allows switching between DHCP and static IP addresses and configuration of proxy information As you can see the Network tab is broken into Status Address and Proxy sub tabs Now we will look at these individually vmware yCloud Connector Server System Hetwork Update Server Hodes HOL HBD 1482 Page 62 HOL HBD 1482 Network Status Sub Tab The Network Status section provides already configured network information about the appliance such as DNS serv
45. e Username and Password have already been entered for you PLEASE NOTE If for some reason this does not auto populate the account information Is Username hol vmware com Password VMwarel H VMware vCloud Hybrid Service E B cos ejn amp https fportal vchs ink vmware com login vmware vCloud Hybrid Service LIsername holi vrwere com Password WRLAN Learn Mare Forgot password HOL HBD 1482 Page 85 HOL HBD 1482 Select Virtual Machines Click on Virtual Machines in order to see all the virtual machines available to you vmware vCloud Hybrid Service Dashboard Ss Virtual Machines Gateways Data Protection RESOURCE SNAPSHOT GPU 2 0 GHz PURCHASED 2 0 GHz ALLOCATED TO YOC 0 MHz LINALLOCATED 4 VIRTUAL MACHINES MEMORY 1 0 GB PURCHASED 1 0 GB ALLOCATED TO VOCs MB UNALLOCATED STORAGE 10 GB PURCHASED 10 B ALLOCATED TO VOCs 0 MB UNALLOCATED 3 PUBLIC IPS ALLOCATED Powering on Virtual Machine 1 Highlight the Web Production virtual machine 2 Select the Power On option vmware vCloud Hybrid Service Dashboard EP Virtual Machines um Gateways Data Protection MY VIRTUAL MACHINES Showing 1 of 1 See More Mame Caner Resources Os vAPP Wirtual Data Center CPU Memory halievrmmware com SUSE Linux Enterpri VVeb Productian SApp hal dc1 vpc1 3 HOL HBD 1482 Page 86 HOL HBD 1482 Powered on Virtual Machine Once the machine
46. e com to continue your lab experience online Lab SKU HOL HBD 1482 Version 20150406 081231 HOL HBD 1482 Page 137
47. e logging Log level INFO z HOL HBD 1482 Page 97 HOL HBD 1482 Return to vCloud Air Return to the Firefox browser and select the Dashboard tab vmware vCloud Hybrid Service Dashboard cep Virtual Machines Gateways Data Protection MY VIRTUAL MACHINES See Mare Showing 1 af 1 Mame Cwner Resources Os WAP P Wirtual Data Center CPU Maman O D Web Production halfzivimware com vCPls 512 MB SUSE Linux Enterpr Web Production A amp pp hal dc1 vpc1 3 T HOL DCI VPCI 3 Virtual Data Center Double click the HOL DC1 VPC1 3 virtual Data Center vmware vcloud Hybrid Service Dashboard Em Virtual Machines um Gateways Data Protection MEMORY 1 0 GB PURCHASED 1 0 GB ALLOCATED TO VOCs 0 MB UNALLOCATED STORAGE 10 GB PURCHASED 10 GB ALLOCATED TO VOCs 0 MB LINALLOCATED VIRTUAL DATA CENTERS 1 HOL DCT1 V P CT 3 a On Multi Tenant Cloud CPL 2 0 GHz ALLOCATED 260 MHz USED 1 7 GHz FREE az MEMORY 10GB ALLOCATED 512 MB USED 512 MB FREE Saas STORAGE 10GB ALLOCATED 2 5 GB USED 7 5 GB FREE HOL HBD 1482 Page 98 HOL HBD 1482 Launch vCloud Director We now want to setup the VPN service to connect the vCloud Air to the local Data Center You should automatically be taken to the Networks tab If you are not at the Networks tab please proceed to it and select Manage in vCloud Director vmware vCloud Hybrid Service Dashboard Virtual Machines Gateways E Data Prote
48. elect the down arrow on the blue gear and select Configure Services fi Home My Cloud Catalogs Administration l Administration hol de1 vpe1 3 Cloud Resources vApps vAppTempl Media amp Oth Storage Pol Edge Gate fp Virtual Datacenters co or Used Tatal Shar Owner TT Recent tems Actions hol dc1 vpc1 3 default routed air hol dc1 vpc1 3 Configure Services IP Allocations 8 124 Isolatec 0 00 hol de1 vpc1 3 Users vA Sine aiite 09 1 24 Routed hokdci wpc 0 005 hol dci pci 3 amp Groups Nei saccis Delete amp Lost amp Found Settings c General Properties EA HOL HBD 1482 Page 100 HOL HBD 1482 Enabling VPN Proceed to VPN tab Ensure the Enable VPN box is selected Click Add Configure Services hol dc1 vpc1 3 x DHCP NAT Firewall _ static Routing IPSec VPN service helps you create secure VPNs between gateways Site to Site VPN can be configured between edge gateways in this organization across organizations and even to third party VPN gateways V Enable VPN Public IPs can be configured for each of the external networks this is useful if you are using MAT in your environment Hame Local End Point Peer End Point Enabled Status Local Hetwork Peer Network Peer Organization VPN Configuration for vCloud Air Configure the VPN
49. ers network interfaces and IP addresses Notice the refresh button for updating the information vmware vCloud Connector Server Help Logout user admin Network Status Hostname vccs 01a Actions IPv4 Default Gateway 192 168 110 1 IPv amp Default Gateway Preferred DMS Server 192 168 110 10 Alternate DNS Server Interface TIN Managed N IPv4 Info IPv6 Info by VAMI Type Unassigned Type Static Address etho Address 192 168 110 55 TCM Yes Netmask 255 255 255 0 Auto Address Auto Prefix HOL HBD 1482 Page 63 HOL HBD 1482 Network Address Sub Tab We will not be making any changes here but please take a moment to review the information The Network Address settings section allows configuration of static IP information for the appliance or to retrieve IP settings from a DHCP server Notice that this screen has additional information below scroll down to view all the options data vmware vCloud Connector Server System Network Update Server Hodes m Proxy Network Address Settings Nameserver Source From Configuration Actions IPv4 Default Gateway IPv amp Default Gateway Po Preferred DNS Server Alternate DNS Server LC O OE eth info IPv4 Address Type IPv4 Address HOL HBD 1482 Page 64 HOL HBD 1482 Network Proxy Sub Tab We will not be making any changes here but please take a moment to review the information The Network Proxy Settings allows configurati
50. es Click on Publish Changes button to start deploying Publish di LJ X f Generated rules are currently shown Hide rules Ma Mame Type Source Destination Senice i firewall Internal e ss any any 2 Ipsec Internal LEJ internal ipset ipse HEJ internal ipset ipse internal applicatio LEJ internal ipset ipse HEJ internal ipset ipse internal applicatio Default Rule Default Test Connectivity to DB Production Proceed back to the Web Production VM in the vCloud Air to test the firewall rules via a ping command to the DB Production Click in the box if the screen has gone black You may also need to hit the enter key in order to get a response At the prompt enter ping 10 0 1 12 You will see the ping still does not respond Again Ctrl c to exit you out of the ping command ping 10 0 1 1Z PING 10 0 1 12 10 0 1 124 56064 bytes of data a 10 0 1 14 ping statistics 19 packets transmitted received 190 packet loss time 17999ms Test Connectivity to App Production Now let s test the firewall rules via a ping command to the App Production HOL HBD 1482 Page 134 HOL HBD 1482 At the prompt enter ping 10 0 1 11 You will see the ping DOES work Exactly how we drew it up You did it Enter Ctri c to cancel ping 10 0 1 11 PING 10 0 1 11 10 0 1 11 56064 bytes of data 64 bytes from 10 0 icmp seq 1 ttl bz time 5 64 bytes from 10 0 icmp seq
51. ew Certificate Logging into vShield Manager Local Data Center Log in to vShield Manager with the following credentials sorry we could not auto log you in this time User name admin HOL HBD 1482 Page 91 HOL HBD 1482 Password default Select the Login button File Edit View Inventory Administration Plug ins Help EJ A Home 4 Solutions and Applications amp vshield ga vcsa D1a E Search Inventory VMware vShield Manager User name admin Password freer Copyright 1998 2013 VMware Inc All rights reserved Edge view Local Data Center Proceed to the View option hit the down arrow and select Edges A Home f Hel Solutions and Applications i vShield e vcsa 01a View Hai st amp Clus ters Host amp Clusters Summary Networks c Edges Eg Settings amp Reports Sm wShield App Blij Data Security ES Service Insertion E Object Library Er i Datacenters Manager IP Address Cluster Name wShields IP Address Lo 192 168 110 42 TOTAL for the System HOL HBD 1482 Page 92 HOL HBD 1482 Edge device Local Data Center Double click the edge 1 A Home p J Solutions and Applications P amp vshield p e vcsa 01a EM Search Inventory are logaed in view Edges Iv d Edge Gateways a ET Settings amp Reports LH amp Data Security E aj Service Insertion d Meme Status Tenant Interfaces Datacenter Name Datacen
52. g z ttl 62 time z 64 bytes from 10 0 icmp seq 3 ttl 62 time z 64 bytes from 10 0 icmp seq 4 ttl b5b Z time z 64 bytes from 10 0 icmp seq 5 ttl b24 time z 1 1 1 1 1 64 bytes from 10 0 1 icmp seq b ttl b24 time 3 cc 10 0 1 11 ping statistics 6 packets transmitted 6 received 0 packet loss time 5008ms rtt min avg max mdev 24 21773 01075 94071 3945 ms HOL HBD 1482 Page 135 HOL HBD 1482 Conclusion In conclusion we created a tunnel between the local data center and VMware vCloud Air Once the tunnel connectivity was established we wanted our security policies were consistent even when using machines in VMware vCloud Air We set up some firewall rules to ensure that the Web Production VM can only communicate with App Production VM This configuration is common because when you start moving virtual machines to the public cloud you want to make sure your local data center stays safe This lab has shown that you can continue to have consistent security policies no matter where the virtual machines are being deployed We hope you enjoyed our lab and again if you are interested in other VMware vCloud Air labs HOL HBD 1481 HOL HBD 1483 and HOL HBD 1484 are available Thank you so much for taking our lab We really appreciate it HOL HBD 1482 Page 136 HOL HBD 1482 Conclusion Thank you for participating in the VMware Hands on Labs Be sure to visit http hol vmwar
53. gn enter in ping 10 0 1 12 This is the DB Production VM You will see the the ping is not responding In other words the Web VM can not access the DB Production VM Press Ctrl c in order to get the ping attempt to stop ping 10 0 1 1Z PING 10 0 1 12 10 0 1 12 565CB4 bytes of data re 10 0 1 142 ping statistics 1 packets transmitted 0 received 100 packet loss time 15999ms Test Connectivity to App Production At the prompt sign enter in ping 10 0 1 11 This is the App Production VM HOL HBD 1482 Page 109 HOL HBD 1482 You will see that again the ping is not responding Or shall we say the Web VM can not access the App Production Press Ctrl c in order to get the ping attempt to stop In order to get out of the console select Ctrl Alt ping 10 0 1 11 PING 10 0 1 11 10 0 1 11 56064 bytes of data C 10 0 1 11 ping statistics 14 packets transmitted received 100 packet loss time 12999ms Return to vCloud Air Return to the Firefox browser and select the Dashboard tab vmware vCloud Hybrid Service D oen FE MY VIRTUAL MACHINES Virtual Machines Gateways E Data Pratection Showing 1 of 1 See More Name Cwiner Resources es WAPP Virtual Data Center CPU Memon E D web Production halic vmware com wvCPLUs 512 MB SUSE Linux Enter Web Production X hal dc1 vpc1 3 HOL HBD 1482 Page 110 HOL HBD 14
54. his screen has additional information below please scroll down to view all the options data The Update Settings section allows configuration of update settings such as frequency and Update Repository Leave the Use Default Repository button selected vmware wvGCloud Connector Server Network Help Logout user admin Update Settings Automatic Updates a Actions Na automatic updates e C Automatic check for updates C Automatic check and install Updates Schedule a frequency for the updates Every Day Fi at 300 AM Update Repository Use Default Repository RepasitanURL http Arapp updates wimware com ai catalong almmw i4 1042eca etii LS C Use CDROM Updates we Server Tab On the Server tab configuration is available for the Server administrative password adjust log levels and manage SSL certificates As before the Server tab is broken into sub tabs Now we will look at these individually vmware wviCloud Connector Server System Hetwork Update Server Hodes General vSphere Client HOL HBD 1482 Page 67 HOL HBD 1482 Server General Sub Tab We will not be making any changes to this tab but please take a moment to review the information In the Server General tab the administrative password for the Server can be changed Set log levels and download logs using this section Use the drop down menu to select the log level from TRACE DEBUG INFO WARN or ERROR and the cl
55. ick Change Log Level Scroll down to review additional options vmware vCloud Connector Server System Network Update Nodes Help Logout user admin General yvophere Client General Settings Change admin user password Old password o New password fo Confirm new password o Change password Log levels Server lag level Change log level Server SSL Sub Tab We will not be making any changes here but please take a moment to review the information Notice that this screen has additional information below please scroll down to view all the options data In the Server SSL tab certificate management is available vCloud Connector Server includes a self signed certificate HOL HBD 1482 Page 68 HOL HBD 1482 In this section the certificate currently assigned to your vCloud Connector Server is displayed The option to create a Certificate Signing request or use a self signed certificate is provided on this screen vmware vCloud Connector Server System Network Update Server Nodes Help Logout user admin Manage SSL certificates Status SSL Disabled Service Port 80 Disable SSL Enable SSL Key Information Signature algorithm SHA256wIthRSA Public key algorithm RSA Common Name esx 05a corp local Organizational Unit Cloud Organization VMware Inc Locality Palo Alto State California HOL HBD 1482 Page 69 HOL HBD 1482 Server vSphere Client Sub Tab We wil
56. irewall Internal e vse any any 2 IPSec Internal F internal ipset ipse F internal ipset ipse al internal applicatio ua internal ipset ipse F internal ipset ipse al Internal applicatia Default Rule Default HOL HBD 1482 Page 124 HOL HBD 1482 Rule Name Local Data Center For Rule Name add App Production VM to portal Click OK Edge Gateways Edge Gateways vce hol sitea Load Balancer This rule set has unsaved changes Click on Publish Changes button to start deploying Put 7 X t Generated rules are currently shown Hide rules Search Ma Mame Tvpe Source Destination Sernice e 1 firewall Internal i vse any any e Ipsec Internal LEJ internal ipset ipse P internal ipset ipse e internal applicatio LEJ internal ipset ipse LF internal ipset ipse internal applicatio Default Rule any Adding Source 1 In the Source column click the in the top right corner Edge Gateways Edge Gateways 4d1 vce hol sitea Settings Statistics Configure irewall NAT Load Balancer This rule set has unsaved changes Click an Publish Changes button to start deploying db in X t Generated rules are currently shown Hide rules search Ma Mame Type Source Destination Senice e 1 firewall Internal e vse any any 2 IPSec Internal HEJ internal ipset ipse JF internal ipset ipse sl Internal applicatn LP internal ipset ipse
57. is environment are not an indicator of the performance or reliability of the actual service Before you launch Firefox and attempt to login make absolutely sure the DesktopInfo watermark on the desktop says Ready see graphic HOL HBD Launch Portal To begin let s launch the VMware vCloud Air portal by clicking on Firefox from the desktop Proceed to the following URL https portal vchs int vmware com login Internet Explorer Mozilla Firefox HOL HBD 1482 Page 8 HOL HBD 1482 VMware vCloud Air Login We will login with the hol vmware com user which should already be auto populated on the page Click on the Sign in button PLEASE NOTE If for some reason this does not auto populate the account information Is Username hol vmware com Password VMwarel HOL HBD 1482 Page 9 HOL HBD 1482 VMware vCloud Air Portal The dashboard is the main overview of resources available for administrators As you can see there is a listing of all the resources that we have available to us In this lab we will be focusing on the networking options gateways and controls that administrators have for the deployed virtual datacenters vDC Notice that this screen has additional information below feel free to scroll down to view all the options data NOTE For the purposes of this lab you have a 2GHz by 1GB by 10GB slice of resources purchased This resource division is not representative
58. l access from the lab environment to the internet The simulated environment has limited resources assigned to it the performance and stability of the lab may not match what you can expect from the publicly accessible hosted vCloud Air Module Overview The concepts introduced in HOL HBD 1482 are divided up into three modules Each module is independent and can be completed in any order within the allotted time Module 1 Introduction to Networking and Security Description In this module we will guide you through the vCloud Air networking capabilities and the various access rights and roles available Duration 15 minutes Lab Captain s Jason Scanga Jon Pawlowski and Cabot Harrington HOL HBD 1482 Page 3 HOL HBD 1482 Module 2 IP Address Portability Between Customer Data Centers and VMware vCloud Air Description In this module we will demonstrate how the IP address range in private data centers can be extended to the vCloud Air environment Duration 45 minutes Lab Captain s Jason Scanga Jon Pawlowski and Cabot Harrington Module 3 Public and Private Cloud Multi Tiered Application Networking Description In this module we will demonstrate how to implement network features needed to deploy a multi tiered application across a private data center and VMware vCloud Air Duration 45 minutes Lab Captain s Jason Scanga Jon Pawlowski and Cabot Harrington KKK AIK IK AIK AK AK AK AR AR AR AK AR AR A
59. l not be making any changes here but please take a moment to review the information In the Server vSphere Client sub tab the vCenter configuration information can be provided When reviewing the vSphere Client tab it may take a moment for the information to display Notice that vCloud Connector Server is already registered to the vCenter in Site A vmware vCloud Connector Server Update Server Hodes System Register with vSphere Client Server is registered with https vcsa 01a corp local vCloud Connector Server URL ttpvccs 01a carp lac vCenter Server IP FODN vCenter username vCenter password Overwrite existing registration Use Proxy Update Registration HOL HBD 1482 Page 70 HOL HBD 1482 Nodes Tab The Nodes tab identifies all the nodes that are already registered to vCloud Connector Server To proceed we will connect another node to this server vmware vCloud Connector Server Update Help Logout user admin Manage Nodes Cloud Local Content Library http localhost 60 Rainpole Local Datacenter https 192 166 110 22 Rainpole VCHS Production https ved 01b vchs int vmware com cloud org hal de1 vpe1 3 Register Node Cloud Type Content Directory VMware vCenter Server VMware vCloud Director Node URL http localhost 60 Register Node Status Up https vccn 01a corp local Up https vccn 1b vchs int ymware com Last Health
60. local data center and VMware vCloud Air we will walk through the process of ensuring network connectivity and that the security is implemented correctly Again we want the Web Production VM to talk to the App Production VM and only the App Production VM Let s get started Logging in to the vCloud Air Proceed back to the Firefox browser and the first tab vCloud Air Click Sign in PLEASE NOTE If for some reason this does not auto populate the account information ts Username hol vmware com Password VMwarel H YMware vCloud Hybrid Service ir E Google pP E z i A li https portal vchs int vmware com login w vmware vCloud Hybrid Service sername halte vrmware cam Password ku Learn Mare Forgot password HOL HBD 1482 Page 106 HOL HBD 1482 Virtual Machines in the vCloud Air Click on the Virtual Machines tab vmware vCloud Hybrid Service Dashboard cp Virtual Machines Gateways m Data Protection RESOURCE SNAPSHOT CPU 2 0 GHz PURCHASED 2 0 GHz ALLOCATED TO VDxCs 0 MHz UNALLOCATED 4 Options for VM Do you notice the down arrow for the virtual machine If not move the mouse over to the right side of the row and the arrow will appear Select the down arrow vmware vCloud Hybrid Service hol mwar Dashboard cpi virtual Machines e Gateways Data Protection fin MY VIRTUAL MACHINES MY VMS AT A GLAI 1 Used 9 1 Powered On 0 Powered Off D
61. nnector Node Update MEM cones SSL Node Cloud Sub Tab In the Node Cloud section we have the ability to specify vSphere or vCloud Director configuration We will be working in the tab later in the lab but feel free to review it now vmware vCloud Connector Node Cloud Registration Cloud Type Cloud URL E httoscive ip or httpsvcloud ip cloud Ignore SSL Cert E Use Proxy C Update Configuration HOL HBD 1482 Page 46 HOL HBD 1482 Node General Sub Tab We will not be making any changes here but please take a moment to review the information In the Node General section the option to change the administrative password for the Node is provided Set log levels and download logs using this section Use the drop down menu to select the log level from TRACE DEBUG INFO WARN or ERROR and the click Change Log Level Please note that we will not be working with the logs in this lab so please do not change Please review the options by scrolling down on the screen vmware vCloud Connector Node System Network Update General Settings b Change admin user password Old password o New password o Confirm new password O O Change password Log levels Server log level ERROR Y Change log level Node SSL Sub Tab We will not be making any changes here but please take a moment to review the information Notice that this screen has additional information bel
62. nnector Server Login HOL HBD 1482 Page 59 HOL HBD 1482 vCloud Connector Server Interface Use the vCloud Connector Server admin web console to perform basic configuration tasks such as defining time zone specifying proxy servers or setting log levels vCloud Connector Server admin web console is divided into System Network Update Server and Nodes tabs Now we will review these tabs individually vmware vCloud Connector Server System Network Update Server Nodes System Tab The System Information tab provides general information for the virtual appliance allows configuration of time zones and provides buttons to shutdown and reboot the appliance As you can see the System tab is broken into information and Time Zone sub tabs Now we will look at these individually vmware yvCloud Connector Server System Hetwork Update Server Hodes Information TimeZone HOL HBD 1482 Page 60 HOL HBD 1482 System Information Sub Tab We will not be making any changes here but please take a moment to review the information The system information section provides general information on the virtual appliance such as the version number and the hostname It also contains Reboot and Shutdown buttons vmware vCloud Connector Server Network Update Server Help Logout user admin System Information Vendor VMware Inc Actions Appliance Name vwClou
63. ny internal and external Destination port any zal Protocol CMP Action v Allow Deny L Log network traffic far firewall rule ox Ji cancel HOL HBD 1482 Page 121 HOL HBD 1482 Saving All Firewall Settings Click OK to save all firewall settings Configure Services hol dc1 vpe1 3 E x DHCP NAT Firewall Static Routing VPN Load Balancer Rules can be added to the Firewall ta allow or deny specific network traffic The order af these rules can be changed by selecting ane ar more rules dragging and dropping them atthe desired location in the list The order af any selected rules is preserved after dropping them inta a different location within the list WW Enable firewall Default action Deny Allow LJ Log Applicable to traffic that does not match the rules in the list Rule Id Hame Source Deztination Fratocal Enabled Web Production 192 168 1709 2 445 10 0 1 11 443 Mele v Web Production 192 168 109 2 10 0 1 11 IC MP wl App Praduction 10 0 1 11 443 182 158 108 2 443 TOF v wl App Production 10 0 1 11 192 168 109 2 ICMP mE cance HOL HBD 1482 Page 122 HOL HBD 1482 Firewall at Local Data Center Return to vSphere Client Note that the VPN section shows the Channel Status as a green checkbox Click the Firewall button Note that vShield Manager may log you out The credentials to log back in are User name admin Password default Edge Gateways
64. of vCloud Connector Server and Node Installation for review Please note that these steps have already been completed in the lab to save time Part 2 vCloud Connector Node Here we will go through configuration of the vCloud Connector Node already installed as demonstrated in Part 1 Part 3 vCloud Connector Server Here will review various configuration aspects of the vCloud Connector Server as well as providing some configuration information to register our lab node Part 4 vCloud Connector User Interface UI Here we will review the information used to connect the vCloud Connector Node and vCloud Connector Server to the Ul HOL HBD 1482 Page 31 HOL HBD 1482 vCloud Connector Server and Node Installation and Configuration In this portion of the lab we will demonstrate the requirements and procedures necessary to install both the vCloud Connector Server and the vCloud Connector Node inside our environment Due to the length and process involved we have provided this information in video format vCloud Connector Server Installation This video demonstrates the installation of vCloud Connector Server from within vSphere Steps in this video include e Deploying vCloud Connector Server via the provided OVF template e Booting up and showing the web based configuration screen Configuration of vCloud Connector beyond that needed for basic installation will be covered later in the module HOL HBD 1482 Page 32 HOL
65. ol det vpce13 v Cloud Resources vApps vApp Templates Media amp Other Storage Policies Edge Gateways Org VDC Networks G Virtual Datacenters Recent tems O a a c di hol dc1 vpc1 3 Name 1A Status Gateway Address Type Connected To IP Pool Used Total Shared Owner embers amp hol dc1 vpc1 3 default isolated 192 168 99 1 24 Isolated 0 00 hol dc1 vpc1 3 Ni GL hol de1 vpe1 3 defaultrouted 192 168 109 1 24 Routed 9 hokdci vpci 3 0 40108 hol dc1 vpc1 3 roups HOL HBD 1482 Page 112 HOL HBD 1482 Select Configure Services Select the down arrow on the blue gear and select Configure Services fi Home My Cloud Catalogs Administration l Administration hol de1 vpe1 3 Cloud Resources vApps vAppTempl Media amp Oth Storage Pol Edge Gate fp Virtual Datacenters co m c Used Total Shar Owner TT Recent tems J Actions hol dc1 vpc1 3 default routed air hol dc1 vpc1 3 Configure Services IP Allocations 8 124 Isolatec 0 00 hol de1 vpc1 3 Users a Sine aiite 09 1 24 Routed hokdci wpc 0 00 hol dci pci 3 amp Groups Nei saccis Delete amp Lost amp Found Settings c General Properties EA HOL HBD 1482 Page 113 HOL HBD 1482 Adding Firewall Services Select the Firewall tab Select the Enable Firewall box Click Add
66. olbar Menu and choose vCHS Portal Enter User Name and Password Log in with Username hol vmware com Password VMwarel vmware vCloud Hybrid Service Username hol vmware com Password Learn More Forgot password HOL HBD 1482 Page 50 HOL HBD 1482 HOL DC1 VPC1 3 Virtual Data Center Double click in the HOL DC1 VPC1 3 Virtual Data Center box vmware vCloud Hybrid Service Dashboard Eg virtual Machines Gateways Sp Data Protection RESOURCE SNAPSHOT CPU 2 0 GHz PURCHASED 2 0 GHz ALLOCATED TO VDCs 0 MHz UNALLOCATED MEMORY 1 0 GB PURCHASED 1 0 GB ALLOCATED TO VDCs 0 MB UNALLOCATED kSTORAGE 10 GB PURCHASED 10 GB ALLOCATED TO VDCs 0 MB UNALLOCATED Rainpole Admin Help an Users P RELATED LINKS O E Activity Log PUBLIC IPS ALLOCATED VIRTUAL DATA CENTERS 1 pe ii HOL DC1 VPC1 3 a On Multi Tenant Cloud CPU 2 0 GHz ALLOCATED 0 MHz USED 2 0 GHz FREE HOL HBD 1482 Page 51 HOL HBD 1482 vCloud Director API URL Select the vCloud Director API URL and a box will appear below with the appropriate URL to be placed in vCloud Connector Node section previously mentioned Note If the URL does not show up on the first click try again vmware vCloud Hybrid Service Rainpole Admin Help Dashboard E virtual Machines Gateways Ec Data Protection fain Users DASHBOARD gt VIRTUAL DATA CENTER DETAILS HOL DC1 VPC1 3 ON MULTI TENANT CLOUD VM QUOTA Unlimi
67. on of any necessary proxy settings including address and port vmware vCloud Connector Server System Network Update Help Logout user admin Proxy Settings usea proxy server Actions HTTP Proxy Server Pe Proxy Username Optional Proxy Password Optional o HOL HBD 1482 Page 65 HOL HBD 1482 Update Tab The Update tab allows review of update status of the virtual appliance and to set the update policy As before the Update tab is broken into sub tabs We will now look at these individually vmware yvCloud Connector Server System Hetwork Update Status Sub Tab We will not be making any changes here but please take a moment to review the information The Update Status section allows provides a view of information about the virtual appliance and to check for and install updates By clicking Check Updates the system will check for updates from the update repository This repository is shown in the Available Updates pane vmware vCloud Connector Server Lens System Network Server ERR Help Logout user admin Update Status Vendor VMware Inc Actions Appliance Name vCloud Connector Server F Appliance Version vCC Server 2 6 0 0 Build 1578976 Details Check Updates Install Updates Update Settings Sub Tab We will not be making any changes here but please take a moment to review the information HOL HBD 1482 Page 66 HOL HBD 1482 Notice that t
68. ow please scroll down to view all the options data In the Node SSL tab certificate management is available vCloud Connector Node includes a self signed certificate HOL HBD 1482 Page 47 HOL HBD 1482 In this section the certificate currently assigned to your vCloud Connector Node is displayed The option to create a Certificate Signing request or use a self signed certificate Is provided on this screen vmware vCloud Connector Node System Network Update Help Logout user admin Manage SSL certificates Status SSL Enabled Service Port 443 Disable SSL Enable SSL Key Info Signature algorithm SHA256wIthRSA Public key algorithm RSA Common Name vecn 01a corp local Organizational Unit Cloud Organization VMware Inc Locality Palo Alto State California Country Code US HOL HBD 1482 Page 48 HOL HBD 1482 Cloud Registration Proceed back to the Node Cloud tab Change Cloud Type to vCloud Director DO NOT UPDATE CONFIGURATION AT THIS TIME please proceed to the next step vmware vCloud Connector Node Cloud Registration Cloud Type vGloud Director Cloud URL vCloud Director https vc ip or https vcloud ip cloud Use Proxy B Update Configuration Ignore SSL Cert E Launch Firefox Click on the Mozilla Firefox icon on your desktop HOL HBD 1482 Page 49 HOL HBD 1482 Login to VMware vCloud Air Expand the Bookmarks To
69. r firewall rule l Cancel HOL HBD 1482 Page 119 HOL HBD 1482 Adding Firewall Services Click Add Configure Services hol dc 1 vpc 1 3 DHCP WHAT Firewall Static Routing VPN Load Balancer Rules can be added to the Firewall to allow ar deny specific network traffic The order of these rules can be changed by selecting ane ar mare rules dragging and dropping them atthe desired location in the list The order of any selected rules is preserved after dropping them into a different location within the list WW Enable firewall Default action Deny 3 Allow LJ Log Applicable to traffic that does not match the rules in the list Rule Id Hame Source Destination Web Production 192 166 7109 2 443 10 0 1 11 443 Web Production 192 168 109 2 10 0 1 11 App Production 10 0 1 11 443 182 158 109 2 443 Adding Source 4 Frotogol TEF ICMP TER Please fill in the information as it appears in the screen with the following information Name App Production Source 10 0 1 11 Source port any Destination 192 168 109 2 Destination port any Protocol ICMP HOL HBD 1482 Page 120 HOL HBD 1482 Click OK Add Firewall Rule PEROS W Enabled Hame App Production oat Source 10 0 14 11 os Valid values can be IP address CIDR IP range ans internal and external Source poart any z Destination 192 168 109 2 oat Valid values can be IP address CIDR IP range a
70. rk Update Node HOL HBD 1482 Page 38 HOL HBD 1482 System Information Sub Tab We will not be making any changes here but please take a moment to review the information The system information section provides general information on the virtual appliance such as the version number and the hostname It also contains Reboot and Shutdown buttons vmware vCloud Connector Node Network Update Help Logout user admin Information System Information Vendor VMware Inc Actions Appliance Name vCloud Connector Node e Appliance Version vCCHode 2 6 0 0 Build 1578977 Hostname vccn 01a OS Name SUSE HOL HBD 1482 Page 39 HOL HBD 1482 System Time Zone Sub Tab We will not be making any changes here but please take a moment to review the information The System Time Zone section allows setting the apropriate time zone The Time Zone setting displays all the time zones of the world Note that the changes in time zone settings are not reflected in logs etc until the service is reset The virtual hardware clock is always maintained in UTC which the virtual appliance converts to local time Correct local time is important for the update repository and VMware Update Manager vmware vCloud Connector Node Time Zone Settings System Time Zone Actions Network Tab The Network tab provides a view of network related information about the appliance allows switching between DHCP and s
71. rrrrsrrrrererene 106 COC IST OM NU UT EA 136 HOL HBD 1482 Page 1 HOL HBD 1482 Lab Overview HOL HBD 1482 VMware vCloud Air Networking amp Security HOL HBD 1482 HOL HBD 1482 Lab Guidance Lab Introduction and Overview Introduction VMware announced the rebranding of VMware vCloud Hybrid Service to VMware vCloud Air on Thursday August 21st The new name represents VMware s transformation into a cloud services provider and and our plans to extend the vCloud Air beyond Infrastructure as a Service The new name has been rolled out in marketing content and documentation and it will begin to show up in service Uls videos and other assets in the weeks ahead Some references to vCloud Hybrid Service remain in the lab manual This lab will help build your VMware vCloud Air skills by introducing you to the Advanced Networking and Security features of vCloud Air After completing this lab you will Have an overview of the vCloud Air networking and security features e Know how to install configure and understand the features of vCloud Connector in both your local and remote vCloud Air hosted data centers e Explore a use case around a multi tiered architecture that utilizes the isolation features of vCloud Networking and Security Firewall IPSEC VPN and vCloud Air hosting IMPORTANT P ease note that in this lab you are working in a fully self contained SIMULATED vCloud Air instance There is no externa
72. s multiple couds d wCenter Service Status VMware Inc 9 9 Enabled Displays the health status of vCenter services h wCenterHardware Status VMware Inc 5 5 Enabled Displays the hardware stats of hasts CIM monitoring Network and Security Solutions Noclientsided vSphere Replication Management VRM VR Management Copy to Clipboard Ctrl C Home Button Select the Home button csa Ola Sphere Client File Edit View Inventory Administration Plug ins Help vcsa 1a El Datacenter Site 4 Ej BH Cluster Site A n esx O1a corp local esx 2a corp local What is a Virtual Machine id base sles 1a HOL HBD 1482 Page 90 HOL HBD 1482 Open vShield Manager Local Data Center Select vShield under Solutions and Applications Settings Managt us PF Maps Host Profiles VM Storage Customize Profiles Specificat Manag Solutions and Applications vCloud Connector vShield Accept Security Alert If a Security Alert appears click Yes Security Alert E4 The identity of this web site or the integrity of this connection cannot be verified The security certificate was sued by a company vou have nat chosen to trust View the certificate to determine whether vau want to trust the certifying authority e The security certificate date is walid A The name an the security certificate ix invalid or does not match the name of the site Do you want to proceed Vi
73. server Source From Configuration a Actions Hosiname IPv4 Default Gateway IPv6 Default Gateway Preferred DNS Server Alternate DNS Server Doo NE eth info IPv4 Address Type IPv4 Address HOL HBD 1482 Page 42 HOL HBD 1482 Network Proxy Sub Tab We will not be making any changes here but please take a moment to review the information The Network Proxy Settings allows configuration of any necessary proxy settings including address and port vmware yvCloud Connector Node Logout user admin Proxy Settings Dusea proxy server Actions HTTP Proxy Server Doo E T cEES Proxy Port Cancel Changes Proxy Username Optional f Proxy Password Optional Update Tab The Update tab allows review of update status of the virtual appliance and to set the update policy As before the Update tab is broken into sub tabs We will now look at these individually vmware vCloud Connector Node Update Status Sub Tab We will not be making any changes here but please take a moment to review the information HOL HBD 1482 Page 43 HOL HBD 1482 The Update Status section allows provides a view of information about the virtual appliance and to check for and install updates By clicking Check Updates the system will check for updates from the update repository This repository is shown in the Available Updates pane vmware vCloud Connector Node System Network Help Logout
74. tatic IP addresses and configuration of proxy information As you can see the Network tab is broken into Status Address and Proxy sub tabs Now we will look at these individually vmware vCloud Connector Node System Update Node HOL HBD 1482 Page 40 HOL HBD 1482 Network Status Sub Tab The Network Status section provides already configured network information about the appliance such as DNS servers network interfaces and IP addresses vmware vCloud Connector Node System Network Update Node Help Logout user admin Network Status Hostname vccn 0 1a Actions IPv4 Default Gateway 192 168 110 1 e IPv amp Default Gateway Preferred ONS Server 192 168 110 10 Alternate DNS Server Interface Managed N IPv4 Info IPv6 Info by VAMI Type Unassigned Type Static Address eth Address 192 168 110 56 Fe No Hetmask 255 255 255 0 Mm Addis Auto Prefix HOL HBD 1482 Page 41 HOL HBD 1482 Network Address Sub Tab We will not be making any changes here but please take a moment to review the information The Network Address settings section allows configuration of static IP information for the appliance or to retrieve IP settings from a DHCP server Notice that this screen has additional information below scroll down to view all the options data vmware vCloud Connector Node System Network Update Node Help Logout user admin Network Address Settings Name
75. te RELATED LINKS Usage amp Allocation Virtual Machines Gateways Networks Users vCloud Di API URL vCloud Director API URL 2 Lk Manage Catalogs in vCloud Dir CPU 2 0 GHz ALLOCATED int vmware com 443 cloud org hol dcl vpc1 3 MEMORY 1 0 GB ALLOCATED STORAGE 10 GB ALLOCATED 1 0 GB USED 3 0 GB FREE SSD Accelerated 10 GB ALLOCATED 1 0 GB USED 3 0 GB FREE HOL HBD 1482 Page 52 HOL HBD 1482 Copy vCloud Director API URL Right mouse click the URL and select Copy RELATED LINKS Users vCloud Director API URL vCloud Director API URL X Shttps vcd 01b vchs int vmware com 443 cloud org hot dcl vpcl 3 Manage Catalogs in vClou Select All Search Google for https fvcd 0 1b Check Spelling HOL HBD 1482 Page 53 HOL HBD 1482 Cloud Registration Proceed back to the vCloud Connector Node Tab in Chrome and paste the URL in the Cloud URL section Check the box for Ignore SSL Cert Leave Use Proxy in default setting DO NOT UPDATE CONFIGURATION AT THIS TIME please proceed to the next step vmware yvCloud Connector Node System Network Update Cloud Registration Cloud Type vCloud Director T Cloud URL hitps ved 01 b vchs intvmware com442 https ve ip ar https Jvcloud ipicloud Ignore SSL Cert Use Proxy D Update Configuration HOL HBD 1482 Page 54 HOL HBD 1482 Remove 443 Proceed back to the Cloud UR
76. te is not trusted You attempted to reach vccn Ta corp local but the server presented a certificate issued by an entity that is not trusted by your computer s operating system This may mean that the server has generated its own security credentials which Chrome cannot rely on for identity information or an attacker may be trying to intercept your communications u Y ou should not proceed especially if you have never seen this warning before for this site Proceed anyway Back to safety Help me understand Enter User Name and Password Log in with User name admin Password vmware vmware vCloud Connector Node Login Username admin Login HOL HBD 1482 Page 37 HOL HBD 1482 vCloud Connector Node Interface Use the vCloud Connector vCC Node admin web console for each node to perform basic configuration tasks such as defining time zone specifying proxy servers or setting log levels vCC Node admin web console is divided into System Network Update and Node tabs Now we will review these tabs individually System System Tab The System tab provides general information for the virtual appliance allows configuration of time zones and provides buttons to shutdown and reboot the appliance As you can see the System tab is broken into Information and Time Zone sub tabs Now we will look at these individually vmware vCloud Connector Node System Netwo
77. ter Id ur da hs T edge 1 f 2 Compact Datacenter datacenter iV Object Library a vce hol sitea Deployed TONER Site A 21 rar ACIES EE Edge Gateways Review Configuration and Setup VPN Review the configuration detail for the Edge device in our local Data Center For instance this is Edge Gateway is setup as Compact and HA is disabled Select the VPN button i A Home p iJ Solutions and Applications gt i vShield p gt e vcsa 01a feb Search Inventory are View Edges v g Edge Gateways l Edge Gateways 4 vce hol sitea El p Settings amp Reports PRU Load Balancer Lf vShield App SEL EZ Data Security iG Service Insertion RB Object Library ous Edge Gateways Services Status last updated on Thu Jul 10 E uc T Static Routing Applied SSL VPN Plus Not Configured Auto generate rules Enabled Syslog Not Configured Syslog servers IPSec VPN Not Configured Server 1 DHCP Not Configured Server 2 HA Configuration Change DNS Configuration Chan HA Status Disabled DNS Server 1 wNIC DNS Server 2 Declare Dead Time 6 seconds Cache Size 16 Logging Disabled HOL HBD 1482 Page 93 HOL HBD 1482 Adding a VPN Local Data Center Select the green symbol to add the VPN configuration information Home Ep iJ Solutions and Applications gt i vShield gt e vcsa 01a You are logged In as a Sy Logger View Edges mI Edge Gateways Edge G
78. ter the IP address or name of a vCenber Server IP address Name vcsa 01a corp local User name CORP administrator Password M Use Windows session credentials HOL HBD 1482 Page 88 HOL HBD 1482 Power on Virtual Machines Due to the nature of this environment 3 virtual machines need to be manually powered on Right click each virtual machine below and select Power gt Power On Please wait a minute or so for the virtual machines to boot up Patience is a virtue 1 vShield Manager 2 App Production 3 DB Production J vcsa Ola E Eg Datacenter Site A E pj Cluster Site A esx 01a corp local esx DJa corp local App Production J oC Enable vShield Manager Plug in In order for the vShield Manager console to appear the vShield Manager Plug in will need to be enabled On the top menu click Plug ins gt Manage Plug ins File Edit View Inventory Administration Plugins E3 gt A Home Manage Plug ins HOL HBD 1482 Page 89 HOL HBD 1482 Enable vShield Manager Plug in Continued In the Plug in Manager dialog right click vShield Manager and click Enable Close out the dialog box Plug in Manager Plug in Name Vendor Version Status Description Installed Plug ins m VMware venter Storage Mon VMware Inc 9 9 Enabled Storage Monitoring and Reporting amp vCloud Connedor VMware Inc 2 6 0 Enabled Manage VMs vApps and templates acros
79. the ability to add edit or delete firewall rule ids You will see in subsequent chapters of this lab that we use the firewall rules to establish greater security for our virtual machines that are located in the local datacenter and in VMware vCloud Air Configure Services hol dc1 vpc1 3 amp DHCP WAT Firewall Static Routing VPN Load Balancer Rules can be added to the Firewall to allow or deny specific network traffic The order of these rules can be changed by selecting one or more rules dragging and dropping them atthe desired location in the list The order of any selected rules is preserved after dropping them into a different location within the list W Enable firewall Default action Deny amp Allow LJ Log Applicable to traffic that does not match the rules in the list Rule Id Destination Protocol Enabled m HOL HBD 1482 Page 23 HOL HBD 1482 Static Routing Services As you can see in this tab you have the ability to add Static Routing to this network Configure Services hol dc1 vpc1 3 Qt DHCP NAT Firewall Static Routing VPN Load Balancer Static routes allow traffic between networks Ensure that the firewall rules are configured appropriately _ Enable static routing Mame Hetecrk Mext Hop IP Applied On cancel HOL HBD 1482 Page 24 HOL HBD 1482 VPN Services In the VPN tab we have the ability to add an IPSEC VPN to connect two vCloud Networking and Security
80. user admin Update Status Vendor VMware Inc Actions Appliance Mame vCloud Connector Node dato Appliance Version vCCNode 2 6 0 0 Build 1578977 Details eee Install Updates HOL HBD 1482 Page 44 HOL HBD 1482 Update Settings Tab We will not be making any changes here but please take a moment to review the information Notice that this screen has additional information below please scroll down to view all the options data The Update Settings section allows configuration of update settings such as frequency and Update Repository Leave the Use Default Repository button selected vmware vCloud Connector Node System Network Help Logout user admin Update Settings Automatic Updates Z etn ie No automatic updates CO Automatic check for u pdates Save Seinos Automatic check and install updates Cancel Changes Schedule a frequency far the updates at 3 00 AM Update Repository P Use Default Re pository Repositor URL https vapp updates vmware com vai catalog valm vmwib81 4407 7 98 x b337 4d3d bc2d e25fb5712814 2 6 0 0 latest O Use CDROM Updates O Use Specified Repository HOL HBD 1482 Page 45 HOL HBD 1482 Node Tab On the Node tab configuration is available for the Node administrative password adjust log levels and manage SSL certificates As before the Node tab is broken into sub tabs Now we will look at these individually vmware vCloud Co
81. uter Advertisement BEJICMP Router Solicitation i Mew objects selected Cancel HOL HBD 1482 Page 132 HOL HBD 1482 Adding Service 2 Select the in the top right corner in order to add the second service Edge Gateways Edge Gateways vce hol sitea Settings Statistics Firewall NAT YPN Load Balancer This rule set has unsaved changes Click on Publish Changes button to start deploying Publish de X t Generated rules are currently shown Hide rules Search Ma Name Type Source Destination Semice A e 1 firewall Internal e vse any any 2 Ipsec Internal F internal ipset ipse F internal ipset ipse al internal applicatio A LF internal ipset ipse LF internal ipset ipse al internal applicatio Default Rule Default any any E Adding HTTPS Service In the top right box enter in HTTPS The HTTPS names will appear Select HTTPS Click OK Hame SAP HTTPS ad HTTPS net tcp binding J v Mware VCo Vico HTTPS KJ vMmare V CO WebHTTPS CIM HTTPS selected LI LI LI L a New CK Cancel HOL HBD 1482 Page 133 HOL HBD 1482 Publish Firewall Rule Now that our rule is completed in the Local data center we can publish it Click the Publish button Edge Gateways Edge Gateways vce hol sitea Settings Statistics Configure Irewa MAT Load Balancer This rule set has unsaved chang
82. vailable only through the vSphere Web Client The traditional vSphere Client will continue to operate supporting the same feature set as vSphere 5 0 but not exposing any of the new features in vSphere 5 5 The vSphere Client is still used for the vSphere Update Manager VUM and Host Client along with a few solutions e g Site Recovery Manager To directly manage a single host enter the IP address or host name To manage multiple hosts enter the IP address or name of a vCenter Server IP address Name Jvesa 0 la corp local HOL HBD 1482 Page 75 HOL HBD 1482 vCloud Connector From Home screen in the vSphere client click vCloud Connector under Solutions and Applications vcsa 0la vSphere Client File Edit View Inventory Administration Plug ins Hosts and Clusters HOL HBD 1482 Page 76 HOL HBD 1482 Review Data Center Information Note For the purposes of this lab we will be reviewing information already added Ina new installation this information would be added during installation and configuration vcsa 1a vSphere Client File Edit View Inventory Administration Plugins Help Home b jj Solutions and Applications p i wCloud Connector p A Vimware vCloud Connector Se fo ili Clouds Obiects ainipole Local Datacen gt ike Rainpole_VCHS_Produq do GX actions Tasks Name Review Local Data Center In the Clouds pane click Rainpole Lo
Download Pdf Manuals
Related Search