Deploying the Velostrata Backend

The Velostrata On-Premises Backend virtual appliance connects to VM disks in your on-premises data center and streams or migrates them to Google Cloud using Cloud Extensions.

The Velostrata Backend is distributed as an Open Virtualization Format (OVF) package.

Sizing a VM for the Velostrata Backend

The Velostrata Backend requires the following, based on the number of VMs to be migrated concurrently:

Migration Size Resources
<=100 concurrent migrating VMs 2 vCPU, 4GB RAM
>100 concurrent migrating VMs 4 vCPU, 8GB RAM

Deploying and configuring the Velostrata Backend

  1. Download the Velostrata Backend OVA file, available from the Downloads page. You can verify the integrity of the files using the Velostrata Backend sha256 available from the Downloads page.
  2. Sign in to vSphere via the Flash Web Client.

  3. Right-click a parent object of one of the VMs to be migrated (such as a datacenter) and select Deploy OVF Template.

  4. Select the Migrate for Compute Engine OVA file.

  5. Choose the Host/ Cluster in your vSphere datacenter where you want to run the Velostrata Backend.

  6. Select a Disk Format, and click Next.

  7. Select the Network information that will host the Velostrata Backend. Click Next.

  8. Expand the Migrate for Compute Engine Backend Configuration section.

  9. Paste the token you copied from the Velostrata Manager on Google Cloud into Migrate for Compute Engine Backend Token.

    Note that this token includes the IP address of the Velostrata Manager so that the Velostrata Backend can access it.

  10. Enter and confirm a Password for the admin user on the Velostrata Backend. After installation, the password should be changed by connecting to the Velostrata Backend using SSH as admin and using the passwd command.

  11. Expand the Networking Properties section. Enter the Hostname for the Virtual Appliance. Enter a static IP Address, Netmask, Default Gateway, and DNS server for the Velostrata Backend. You can change these properties at any time later, but you must reboot the Virtual Appliance afterward in order for the changes to take effect.

  12. If you want to use an HTTP proxy for metrics and log uploads to Google Cloud Observability, fill in the HTTP Proxy parameter.

  13. If your VPN to Google Cloud is not configured with dynamic routing, you can enter the Static network route to reach subnets on Google Cloud. The address is in the form x.x.x.x/x y.y.y.y, where x.x.x.x/x is the Google Cloud VPC network address in CIDR format and y.y.y.y is the on-premises VPN Gateway IP address.

  14. Click Next and review the Ready to complete page.

  15. Click Finish. The Deploy OVF template task appears.

Configuring the Migrate for Compute Engine Service Role and Permissions in vCenter

This procedure describes how to manually add a service role to the vCenter Server for Migrate for Compute Engine. A PowerShell script is also available for creating this Role. Download the vSphere Service Role configuration from the Downloads page.

Configuring the Migrate for Compute Engine service role and permissions in vCenter

  1. Log in to the vCenter Web Client.
  2. Select Home > Administration > Roles.
    Screenshot of the Role dialog box(click to enlarge)
    Role dialog box (click to enlarge)
  3. Click + to create a new role.
  4. Check the boxes for the following privileges:
    • Alarms
      • Create alarm
      • Modify alarm
      • Remove alarm
      • Set alarm status
    • Datastore
      • Low level file operations
    • Extension
      • Register extension
      • Unregister extension
      • Update extension
    • Global
      • Cancel task
      • Enable methods
      • Disable methods
      • Licenses
      • Log event
    • Task
      • Create task
      • Update task
    • Virtual Machine
      • Provisioning > Allow disk access
      • Provisioning > Allow disk read-only access
      • Provisioning > Allow virtual machine download
      • Snapshot management > Create snapshot
      • Snapshot management > Remove snapshot
      • Snapshot management > Revert to Snapshot
      • Snapshot management > Rename Snapshot
      • Configuration > Configure managedBy
      • Interaction > Power On
      • Interaction > Power Off
    • Cryptographic Operations
      • Direct Access

To configure permissions for the Migrate for Compute Engine Service user in vCenter:

  1. Select Home > Global Inventory Lists > vCenter Servers.
  2. Right-click on the required vCenter server, and select Add Permission.
    Screenshot of the Add Permission dialog box(click to enlarge)
    Add Permission dialog box (click to enlarge)
  3. Select a user in the left pane, and assign the Velostrata Service Role (in the right pane) to the user.
  4. Select Propagate to children, and click OK.

Deploying the Migrate for Compute Engine VMware vCenter Plugin

Once the Velostrata Backend has successfully connected and registered with the Velostrata Manager on Google Cloud, you need to register and deploy the Migrate for Compute Engine VMware vCenter Web Client Plugin. This enables Migrate for Compute Engine management operations and monitoring in the vCenter UI.

  1. Make sure that a Migrate for Compute Engine vCenter Service Account (user) and Role have been created before proceeding.
  2. Sign in to your Velostrata Manager.
  3. Click the System Settings icon.
  4. If the Velostrata Backend is able to connect to the Velostrata Manager, the IP for the backend appears with a status of Registered and Connected.
    Screenshot of a registered and connected appliance(click to enlarge)
    Screenshot of a registered and connected appliance (click to enlarge)
  5. On the top bar of the page, click vCenter Plugin and then click Register vCenter Plugin.
    Screenshot of registering a plugin (click to enlarge)
    Registering a plugin (click to enlarge)
  6. Enter the vCenter address or DNS name, user, password
  7. Click Register to register the plugin.

    Screenshot showing a registered plugin (click to enlarge)
    A registered plugin (click to enlarge)
  8. To confirm that Velostrata Operations is present in the context menu, log out of the vSphere Web Client, log in, then right-click Datacenter.

Finding your vCenter server's fingerprint.

The manager registration process displays the SHA-1 SSL fingerprint of the vCenter server used for HTTPS connections. You can find the fingerprint from your browser. The following instructions explain the process using Google Chrome.

  1. Open the vCenter vSphere URL in Chrome
  2. Click on either the Lock icon or Not Secure to the left of the URL bar. Your HTTPS connection status is displayed.
  3. Click Certificate
  4. Expand the Details section.
  5. Scroll down to the SHA-1 fingerprint.