Creating a VMware VM in a private cloud

This page explains how to create and manage virtual machines (VMs) and policies on your private cloud by using the vSphere client.

Before you begin

This quickstart requires you to have an existing Google Cloud VMware Engine private cloud. You can create one by completing the following quickstart: Set up VMware Engine and create a private cloud.

To create and manage VMs on your private cloud using the vSphere client, you must first establish a secure connection from your network to the private cloud. You can establish this connection using the following options:

Access the vCenter client from the VMware Engine portal

  1. Access the Google Cloud VMware Engine portal.
  2. On the Home page under Common tasks, click Launch vSphere client.
  3. Select a private cloud and then click Launch vSphere client for the selected private cloud.
  4. To open the vSphere client, click the Launch button for the vSphere client type. For ISO upload, use the vSphere HTML5 client.

Enter default credentials

If you are logging into vCenter for the first time, enter the following default credentials:

vCenter

  • User name: CloudOwner@gve.local
  • Password: VMwareEngine123!

NSX-T manager

  • User name: admin
  • Password: VMwareEngine123!

Change the default vCenter password

Change your vCenter default password the first time you log in to vCenter.

The password must meet the following requirements:

  • Maximum lifetime: Password must be changed every 365 days
  • Restrict reuse: Users can't reuse any of the previous five passwords
  • Length: 8‑20 characters
  • Special character: At least one special character
  • Alphabetic characters: At least one uppercase character, A‑Z, and at least one lowercase character, a‑z
  • Numbers: At least one numeric character, 0‑9
  • Maximum identical adjacent characters: Three

Example: aa or aaa is acceptable as a part of the password, but aaaa isn't.

If you set a password that doesn't meet the requirements and use the vSphere Flash Client, it reports an error. If you set a password that doesn't meet the requirements and you use the HTML5 client, it doesn't report an error; instead, the client doesn't accept the change and the unchanged password continues to work.

Upload an ISO or vSphere template

Provide installation media for your VM by uploading an ISO file or a vSphere template:

  1. Obtain the ISO or vSphere template that you want to upload to vCenter to create a VM and have it available on your local system.
  2. In vCenter, click the Disk icon and select vsanDatastore. Click Files and then click New Folder.
  3. Create a folder called ISOs and templates.
  4. In the ISOs and templates folder, click Upload files.
  5. Follow the on-screen instructions to upload the ISO.

Create a VM in the vCenter client

  1. In vCenter, click the Hosts and clusters icon.
  2. Right-click Workload and select New virtual machine.
  3. Select Create new virtual machine and click Next.
  4. Name the machine, select the Workload VM's location, and click Next.
  5. Select the Workload compute resource and click Next.
  6. Select vsanDatastore and click Next.
  7. Keep the default ESXi 6.5 compatibility selection and click Next.
  8. Select the guest OS of the ISO for the VM that you are creating and click Next.
  9. Select hard disk and network options.
  10. Under New CD/DVD Drive, select Datastore ISO file.
  11. If you want to allow traffic from the public IP address to this VM, select the network as vm-1.
  12. A selection window opens. Select the file you previously uploaded to the ISOs and templates folder and click OK.
  13. Review the settings and click OK to create the VM.

The VM is added to the workload compute resources and is ready for use. The basic setup is now complete. You can start using your private cloud similar to how you would use your on-premises VM infrastructure.

The following sections contain optional information about setting up DNS and DHCP servers for private cloud workloads and modifying the default networking configuration.

Create a DNS and DHCP server (optional)

Applications and workloads running in a private cloud environment require name resolution and DHCP services for lookup and IP address assignment. A proper DHCP and DNS infrastructure is required to provide these services. You can configure a VM in vCenter to provide these services in your private cloud environment.

Prerequisites

  • A distributed port group with VLAN configured.
  • A route set up to on-premises or internet-based DNS servers.
  • A VM template or ISO to create a VM.

The following links lead to pages outside of Google Cloud that provide guidance on setting up DHCP and DNS servers on Linux and Windows Server.

Linux-based DNS server setup

Linux offers various packages for setting up DNS servers. The following instructions step through setting up an open-source BIND DNS server:

Windows-based DNS server setup

The following Microsoft topics describe how to set up Windows Server as a DNS server and as a DHCP server:

Customize networking configuration (optional)

The network pages in the VMware Engine portal let you specify the configuration for firewall tables and public IP addresses for VMs.

Allocate a public IP address

  1. In the VMware Engine portal, go to Network > Public IPs.
  2. Click Allocate Public IP.
  3. Enter a name to identify the IP address entry.
  4. Keep the default location.
  5. Enter the local IP address for which you want to assign a public IP address. The local address must be accessible through your firewall.
  6. Click Done.

The task of allocating the public IP address begins. Check the status of the task on the Activity > Tasks page. When allocation is complete, the new entry is shown on the Public IPs page.

The local address that you specified must be added to the VM that uses the public IP address. The procedure to configure an IP address is specific to the VM operating system. For information about how to configure an IP address on your VM, see the documentation for your VM operating system.

Example for Ubuntu 16.04

You want to add the static method to the inet address family configuration in the file /etc/network/interfaces and change the address, netmask, and gateway values.

This example uses the eth0 interface, internal IP address 192.168.24.10, gateway address 192.168.24.1, and netmask 255.255.255.0.

  1. Edit the interfaces file:

    posix-terminal
    sudo vi /etc/network/interfaces
  2. Update the following section in the interfaces file:

    auto eth0
    iface eth0 inet static
    address 192.168.24.10
    netmask 255.255.255.0
    gateway 192.168.24.1
    dns-nameservers 8.8.8.8
    dns-domain acme.com
    dns-search acme.com
  3. Disable the interface:

    posix-terminal
    sudo ifdown eth0
  4. Enable the interface again:

    posix-terminal
    sudo ifup eth0

    By default, all incoming traffic from the internet is denied. If you would like to open any other port, create a firewall table.

  5. After configuring an internal IP address as the static IP address, verify that you can reach the internet from within the VM:

    posix-terminal
    ping 8.8.8.8
  6. Verify that you can reach the VM from the internet by using the public IP address. Ensure that any firewall (iptable) rules on the VM are not blocking port 80 inbound.

    posix-terminal
    netstat -an | grep 80
  7. Start an HTTP server that listens on port 80 by using one of the following commands:

    posix-terminal
    python2.7 -m SimpleHTTPServer 80

    or

    posix-terminal
    python3 -m http.server 80
  8. To browse the files on your VM, start a browser on your desktop and point it to port 80 for the public IP address.

Default firewall rules for public IP address allocation

The following default rules apply to public IP address allocation:

  • VPN traffic: all traffic is allowed between (from/to) the VPN and all the workload networks and management network.
  • Private cloud internal traffic: all east-west traffic is allowed between (from/to) workload networks and the management network (shown above).
  • Internet traffic:

    • All incoming traffic from the internet is denied to workload networks and the management network.
    • All outgoing traffic to the internet is allowed from workload networks or the management network.

To modify any of these rules, see Set up firewall tables and rules for private clouds.

Install solutions (optional)

Solutions, such as VMware Site Recovery Manager (SRM), provide backup, disaster recovery, replication, and other functions to protect your VM. Installing solutions on your private cloud is an optional way to improve the capabilities of your private cloud vCenter environment.

To install a solution, you must request additional privileges. These additional privileges apply for a limited time. For more information, see Elevate VMware Engine privileges.

What's next