Creating a VMware Engine private cloud

A private cloud is an isolated VMware stack that consists of ESXi hosts, vCenter, vSAN, NSX-T, and HCX. You manage private clouds through the Google Cloud VMware Engine portal. When you create a private cloud, you get a single vSphere cluster and all the management VMs that are created in that cluster.

VMware Engine deploys management components in the network that you select for vSphere/vSAN subnets. The network IP address range is divided into different subnets during the deployment.

Before you begin

Before performing the tasks on this page, perform the following prerequisite steps.

The vSphere/vSAN subnet address space must not overlap with any network that will communicate with the private cloud, such as on-premises networks and Google Cloud Virtual Private Cloud (VPC) networks. For more information about vSphere or vSAN subnets, see VLANs and subnets on VMware Engine.

gcloud and API requirements

To use the gcloud command line tool or the API to manage your VMware Engine resources, we recommend configuring the tools as described below.

gcloud

  1. Set your default project ID:

    gcloud config set project PROJECT_ID

  2. Set a default region and/or zone:

    gcloud config set compute/region REGION
    gcloud config set compute/zone ZONE

For more information on the gcloud vmware tool, reviewing the Cloud SDK reference docs.

API

API examples in this documentation set use the cURL command-line tool to query the API. A valid access token is required as part of the cURL request. There are many ways to get a valid access token; the following steps use the gcloud tool to generate a access token:

  1. Login to Google Cloud

    gcloud auth login

  2. Generate access token and export to TOKEN

    export TOKEN=`gcloud auth print-access-token`

  3. Verify that TOKEN is set properly

    echo $TOKEN

Output:
TOKEN

Now, use the authorization token in your requests to the API. For example:

curl -X GET -H "Authorization: Bearer \"$TOKEN\""  -H "Content-Type: application/json; charset=utf-8" https://vmwareengine.googleapis.com/v1/projects/PROJECT_ID/locations

Python

Python code samples in this documentation use the VMware Engine library to communicate with the API. To be able to use this approach, the library needs to be installed and the Application Default Credentials should be configured.

  1. Download and install the Python library

     pip install google-cloud-vmwareengine

  2. Configure the ADC information by executing those command in your shell

      gcloud auth application-default login

    or use a Service Account key file

      export GOOGLE_APPLICATION_CREDENTIALS="FILE_PATH"

For more information about the library, visit the reference page or view code samples on GitHub.

Create a private cloud

Console

  1. Access the Google Cloud VMware Engine portal.
  2. On the Resources page, click Create private cloud.
  3. Select a location for your private cloud.
  4. Select the number of nodes for the private cloud. For production workloads, create your private cloud with at least 3 nodes. VMware Engine deletes private clouds that contain only 1 node after 60 days.
  5. Optional: Click the Customize Cores toggle if you want to reduce the number of available cores for each node in the management cluster. For details, see Custom core counts.
  6. Enter a CIDR range for the VMware management network. For information about restrictions on this range, see the Before you begin section.
  7. Enter a CIDR range for the HCX deployment network, which is used for deploying HCX components. Make sure that the CIDR range doesn't overlap with any of your on-premises or cloud subnets. The CIDR range must be /27 or higher.
  8. Select Review and Create.
  9. Review the settings. To change any settings, click Back.
  10. Click Create to begin provisioning the private cloud.

As VMware Engine creates your new private cloud, it deploys a number of VMware components and divides the provided IP address range into subnets. Private cloud creation can take 30 minutes to 2 hours. After the provisioning is complete, you receive an email.

gcloud

  1. [Optional] List the available regions and zones for your project.

    gcloud vmware locations list --project=PROJECT_ID

  2. Create a network for your private cloud. The network name must be in the format REGION-default.

    gcloud vmware networks create REGION-default --type=LEGACY --location=REGION --description="Legacy network created using gcloud vmware"

    The request returns an operation ID.

  3. Check the status of the operation. When the operation returns as DONE, check the response to see if the operation was successful.

    gcloud vmware operations describe OPERATION_ID \
    --location REGION

    Replace OPERATION_ID with the ID from the previous step.

  4. Next, create a three-node private cloud.

    gcloud vmware private-clouds create PC_NAME \
   --location=ZONE --cluster=CLUSTER_NAME\
   --node-type-config=standard-72,count=3 \
   --management-range=192.168.0.0/24 \
   --vmware-engine-network=NETWORK_NAME

    Replace the following:

    • PC_NAME: the name for the private cloud
    • ZONE: the zone for the private cloud
    • CLUSTER_NAME: the name for the new cluster in this private cloud
    • NETWORK_NAME: the network name for this cloud

    The request returns an operations ID you can use to check the progress of the operation.

  5. Check the status of the operation. When the operation returns as DONE, check the response to see if the operation was successful.

    gcloud vmware operations describe OPERATION_ID \
    --location REGION

    Replace OPERATION_ID with the ID from the previous step.

  6. Connect the VMware Engine Network to your VPC by setting up private services access.

  7. Retrieve the vCenter and NSX-T credentials.

    gcloud vmware private-clouds vcenter credentials describe \
--private-cloud=PC_NAME  --location=ZONE

    gcloud vmware private-clouds nsx credentials describe \
--private-cloud=PC_NAME --location=ZONE

API

  1. Create a legacy network. The network name must be in the format REGION-default.

    curl -X POST -H "Authorization: Bearer TOKEN"  -H "Content-Type: application/json; charset=utf-8" https://vmwareengine.googleapis.com/v1/projects/PROJECT_ID/locations/REGION/vmwareEngineNetworks?vmwareEngineNetworkId=REGION-default -d "{"type": "legacy"}"

    Replace the following:

    • TOKEN: the authorization token for this request.
    • PROJECT_ID: the project for this request.
    • REGION: the region to create this network in.

    The request returns an operations ID you can use to check the progress of the operation.

  2. Check the status of the operation. When the operation returns as DONE, check the response to see if the operation was successful.

    curl -X GET -H "Authorization: Bearer TOKEN"  -H "Content-Type: application/json; charset=utf-8" https://vmwareengine.googleapis.com/v1/projects/PROJECT_ID/locations/REGION/operations/OPERATION_ID

    Replace OPERATION_ID with the ID from the previous step.

  3. Create a three-node private cloud.

    curl -X POST -H "Authorization: Bearer TOKEN"  -H "Content-Type: application/json; charset=utf-8" https://vmwareengine.googleapis.com/v1/projects/PROJECT_ID/locations/ZONE/privateClouds?privateCloudId=PC_NAME -d "{
"networkConfig":{
  "vmwareEngineNetwork":"projects/PROJECT_ID/locations/REGION/vmwareEngineNetworks/REGION-default",
  "managementCidr":"10.241.0.0/22"
   },
"managementCluster":{
  "clusterId": "CLUSTER_NAME",
  "nodeTypeConfigs": {
  "standard-72": {
    "nodeCount": 3
   }
  }
 }
}"

    Replace the following:

    • TOKEN: the authorization token for this request.
    • PROJECT_ID: the project for this request
    • ZONE: the zone for the private cloud
    • PC_NAME: the name for the private cloud
    • REGION: the region of the network for this private cloud
    • CLUSTER_NAME: the name for the new cluster in this private cloud

    The request returns an operations ID you can use to check the progress of the operation.

  4. Check the status of the operation. When the operation returns as DONE, check the response to see if the operation was successful.

    curl -X GET -H "Authorization: Bearer TOKEN"  -H "Content-Type: application/json; charset=utf-8" https://vmwareengine.googleapis.com/v1/projects/PROJECT_ID/locations/REGION/operations/OPERATION_ID

    Replace OPERATION_ID with the ID from the previous step.

  5. Connect the VMware Engine Network to your VPC by setting up private services access.

  6. Retrieve the vCenter and NSX-T credentials.

    curl -X GET -H "Authorization: Bearer \"TOKEN"\"  -H "Content-Type: application/json; charset=utf-8" "https://vmwareengine.googleapis.com/v1/projects/PROJECT_ID/locations/ZONE/privateClouds/my-private-cloud:showVcenterCredentials"

    curl -X GET -H "Authorization: Bearer \"TOKEN"\"  -H "Content-Type: application/json; charset=utf-8" "https://vmwareengine.googleapis.com/v1/projects/PROJECT_ID/locations/ZONE/privateClouds/my-private-cloud:showNsxCredentials"

Python

  1. Create a legacy network.

    from google.cloud import vmwareengine_v1

TIMEOUT = 1200  # 20 minutes


def create_legacy_network(
    project_id: str, region: str
) -> vmwareengine_v1.VmwareEngineNetwork:
    """
    Creates a new legacy network.

    Args:
        project_id: name of the project you want to use.
        region: name of the region you want to use. I.e. "us-central1"

    Returns:
        The newly created VmwareEngineNetwork object.
    """
    network = vmwareengine_v1.VmwareEngineNetwork()
    network.description = (
        "Legacy network created using vmwareengine_v1.VmwareEngineNetwork"
    )
    network.type_ = vmwareengine_v1.VmwareEngineNetwork.Type.LEGACY

    request = vmwareengine_v1.CreateVmwareEngineNetworkRequest()
    request.parent = f"projects/{project_id}/locations/{region}"
    request.vmware_engine_network_id = f"{region}-default"
    request.vmware_engine_network = network

    client = vmwareengine_v1.VmwareEngineClient()
    result = client.create_vmware_engine_network(request, timeout=TIMEOUT).result()

    return result

  2. Create a three-node private cloud.

    from google.api_core import operation
from google.cloud import vmwareengine_v1

DEFAULT_MANAGEMENT_CIDR = "192.168.0.0/24"
DEFAULT_NODE_COUNT = 3


def create_private_cloud(
    project_id: str, zone: str, network_name: str, cloud_name: str, cluster_name: str
) -> operation.Operation:
    """
    Creates a new Private Cloud using VMWare Engine.

    Creating a new Private Cloud is a long-running operation and it may take over an hour.

    Args:
        project_id: name of the project you want to use.
        zone: the zone you want to use, i.e. "us-central1-a"
        network_name: name of the VMWareNetwork to use for the new Private Cloud
        cloud_name: name of the new Private Cloud
        cluster_name: name for the new cluster in this Private Cloud

    Returns:
        An operation object representing the started operation. You can call its .result() method to wait for it to finish.
    """
    request = vmwareengine_v1.CreatePrivateCloudRequest()
    request.parent = f"projects/{project_id}/locations/{zone}"
    request.private_cloud_id = cloud_name

    request.private_cloud = vmwareengine_v1.PrivateCloud()
    request.private_cloud.management_cluster = (
        vmwareengine_v1.PrivateCloud.ManagementCluster()
    )
    request.private_cloud.management_cluster.cluster_id = cluster_name

    node_config = vmwareengine_v1.NodeTypeConfig()
    node_config.node_count = DEFAULT_NODE_COUNT

    # Currently standard-72 is the only supported node type.
    request.private_cloud.management_cluster.node_type_configs = {
        "standard-72": node_config
    }

    request.private_cloud.network_config = vmwareengine_v1.NetworkConfig()
    request.private_cloud.network_config.vmware_engine_network = network_name
    request.private_cloud.network_config.management_cidr = DEFAULT_MANAGEMENT_CIDR

    client = vmwareengine_v1.VmwareEngineClient()
    return client.create_private_cloud(request)

    The create_private_cloud function returns an operations object you can use to check the progress of the operation.

  3. Check the status of the operation. Fetch current information about an Operation.

    from google.cloud import vmwareengine_v1
from google.longrunning.operations_pb2 import GetOperationRequest


def get_operation_by_name(operation_name: str) -> Operation:
    """
    Retrieve detailed information about an operation.

    Args:
        operation_name: name identifying an operation you want to check.
            Expected format: projects/{project_id}/locations/{region}/operations/{operation_id}

    Returns:
        Operation object with details.
    """
    client = vmwareengine_v1.VmwareEngineClient()
    request = GetOperationRequest()
    request.name = operation_name
    return client.get_operation(request)


def get_operation(project_id: str, region: str, operation_id: str) -> Operation:
    """
    Retrieve detailed information about an operation.

    Args:
        project_id: name of the project running the operation.
        region: name of the region in which the operation is running.
        operation_id: identifier of the operation.

    Returns:
        Operation object with details.
    """
    return get_operation_by_name(
        f"projects/{project_id}/locations/{region}/operations/{operation_id}"
    )

    You can use .result() member method of the operation object to wait for it to complete.

  4. Connect the VMware Engine Network to your VPC by setting up private services access.

  5. Retrieve the vCenter and NSX-T credentials.

    from google.cloud import vmwareengine_v1


def get_vcenter_credentials(
    project_id: str, zone: str, private_cloud_name: str
) -> vmwareengine_v1.Credentials:
    """
    Retrieves VCenter credentials for a Private Cloud.

    Args:
        project_id: name of the project hosting the private cloud.
        zone: name of the zone hosting the private cloud.
        private_cloud_name: name of the private cloud.

    Returns:
        A Credentials object.
    """
    client = vmwareengine_v1.VmwareEngineClient()
    credentials = client.show_vcenter_credentials(
        private_cloud=f"projects/{project_id}/locations/{zone}/privateClouds/{private_cloud_name}"
    )
    return credentials


    from google.cloud import vmwareengine_v1


def get_nsx_credentials(
    project_id: str, zone: str, private_cloud_name: str
) -> vmwareengine_v1.Credentials:
    """
    Retrieves NSX credentials for a Private Cloud.

    Args:
        project_id: name of the project hosting the private cloud.
        zone: name of the zone hosting the private cloud.
        private_cloud_name: name of the private cloud.

    Returns:
        A Credentials object.
    """
    client = vmwareengine_v1.VmwareEngineClient()
    credentials = client.show_nsx_credentials(
        private_cloud=f"projects/{project_id}/locations/{zone}/privateClouds/{private_cloud_name}"
    )
    return credentials

What's next