Configuring VMware Cloud Director

VMware Cloud Director helps create virtual data centers from common or distributed infrastructure across sites and geographies, like those provided by Google Cloud VMware Engine. Using VMware Cloud Director, you can manage infrastructure across servers hosted on Google Cloud to host and serve multiple customers from a single interface.

The VMware Cloud Director integration with Google Cloud VMware Engine uses a single interface to provide you with the following functionality:

  • Elastic virtual data centers: Create virtual data centers that allow users to provision network, storage, and compute resources through a catalog of vApp templates and media files.
  • Hybrid cloud management: Manage and monitor data center resources across both on-premises and VMware Engine environments.
  • Multi-tenancy: Manage all tenants from a unified interface that provides multi-tenancy with complete isolation.
  • Infrastructure allocation: Divide VMware Engine infrastructure into smaller resource pools, which can be provided to users and expanded as needed.
  • Workload migration across virtual data centers: Back up, evacuate, and replicate workloads ranging from the level of a VM to an entire data center.

After you deploy VMware Cloud Director on Google Cloud, you can provide your VMware Engine private cloud resources to VMware Cloud Director. For that process, follow the VMware guidance on managing organization virtual data centers.

Before you begin

VMware Cloud Director configuration for VMware Engine requires you to prepare a VPC network, create Google Cloud resources, and set up VMware Engine. This process involves the following steps:

  1. Create a VPC network
  2. Add VPC network firewall rules
  3. Create a Filestore instance
  4. Deploy a managed PostgreSQL instance
  5. Prepare VMware Cloud Director cells
  6. Set up VMware Engine
  7. Create two fully-qualified domain names (FQDNs)

Create a VPC network

Prepare a VPC network in Google Cloud to use later when you install VMware Cloud Director cells.

To do so, create a VPC network that spans over multiple zones. If you already use a VPC network with VMware Engine, you can use that one instead of creating a new VPC network.

Add VPC network firewall rules

Create the following VPC network firewall rules for your VPC network:

  • allow-inter-vcd-cell-communication: Set this rule to allow VMware Cloud Director cells to communicate between each other on all ports:
    1. Set Targets to All instances in the network.
    2. Set Source filter to Source tags.
    3. Create a new source tag vcd to use with VMware Cloud Director cells.
    4. Set Protocols and ports to Allow all.
  • allow-443-8443: Set this rule to allow inbound access to tcp ports 443 and 8443:
    1. Set Targets to All instances in the network.
    2. Set Source filter to IP ranges.
    3. In the Source IP ranges field, provide the range 0.0.0.0/0 or add ranges to restrict access to VMware Cloud Director cells.
    4. Set Protocols and ports to Specified protocols and ports.
    5. Select the tcp checkbox and enter 443,8443 in the corresponding field.
  • allow-ssh: Set this rule to allow SSH access to VMware Cloud Director cells:
    1. Set Targets to All instances in the network.
    2. Set Source filter to IP ranges.
    3. In the Source IP ranges field, provide the range 0.0.0.0/0 or add ranges to restrict SSH access to VMware Cloud Director cells.
    4. Set Protocols and ports to Specified protocols and ports.
    5. Select the tcp checkbox and enter 22 in the corresponding field.

For more granular network access, you can reference the VMware Cloud Director network security requirements.

Create a Filestore instance

Prepare a Filestore instance in Google Cloud for the VMware Cloud Director transfer store. To do so, create a Filestore instance and select your VPC network as the authorized network when creating the instance.

Deploy a managed PostgreSQL instance

VMware Cloud Director requires an external PostgreSQL database, which you can set up using Cloud SQL. To deploy a managed PostgreSQL instance for VMware Cloud Director, do the following:

  1. Begin the steps to create a PostgreSQL instance.
  2. For Database version, select PostgreSQL 10.
  3. For Connectivity, select Private IP.
  4. For the machine type and storage fields, we recommend a machine with 4 vCPUs and 15 to 16 GB of memory. Depending on your use case and VMware Cloud Director utilization, you might need a larger database instance.
  5. Authorize the database instance with your VPC network.
  6. Create a database for VMware Cloud Director.
  7. Create Google Cloud users to access the database.
  8. Perform the required additional database configuration for VMware Cloud Director.

Prepare VMware Cloud Director cells

VMware Cloud Director cells run on Compute Engine instances. VMware recommends that a VMware Cloud Director cell be available at all times. To align with this recommendation, you can deploy a minimum of two VMware Cloud Director cells for each site.

As a best practice, deploy a number of VMware Cloud Director cells equal to one plus the number of private clouds that you plan to connect to VMware Cloud Director.

Create a virtual machine (VM) for each VMware Cloud Director cell:

  • Use the steps in Quickstart using a Linux VM to create your VM. All commands used in this document assume that your VM uses Red Hat Enterprise Linux (RHEL).

  • Attach each VM to your VPC network using the source tag vcd that you created in the Add VPC network firewall rules section.

  • When selecting a machine type, you can select a machine with 2 vCPUs and 8 GB of RAM. If you expect high loads, use 4 vCPUs and 16 GB of memory instead.

Set up VMware Engine

You must also do the following for VMware Engine, if you haven't already done so:

  1. Set up private service access to establish a VPC network peering connection between the Google Cloud project in which the VMware Cloud Director cells are deployed and VMware Engine.
  2. Create a private cloud in VMware Engine.
  3. Connect your on-premises network to your VMware Engine private cloud. This step is required to manage your on-premises resources using VMware Cloud Director deployed on Google Cloud.

Create two fully-qualified domain names (FQDNs)

In preparation for creating SSL certificates, you need two FQDNs. One FQDN is used for the user interface, and the other is used for the console proxy. Use these FQDNs when you create your certificates and configure public addresses.

Installation and configuration

The process of installing and configuring VMware Cloud Director requires you to do the following:

  1. Install packages on each VM
  2. Install VMware Cloud Director on one VM
  3. Install VMware Cloud Director on other VMs
  4. Create Compute Engine instance groups
  5. Deploy load balancers

Install packages on each VM

Each of your Compute Engine VMs corresponds to a VMware Cloud Director cell. Prepare your VMware Cloud Director cells by installing prerequisite packages on each VM:

  1. Download the VMware Cloud Director binary you want to deploy.
  2. Upload the VMware Cloud Director binary to a Cloud Storage bucket, so it can be downloaded to your Compute Engine VMs.
  3. Create an SSL certificate and prepare the VMware Cloud Director keystore for installation.
    • If you already have a Java KeyStore file, place it in your Cloud Storage bucket, so it can be downloaded to your Compute Engine VMs.
    • If you need to create a keystore, see the VMware guidance on SSL certificate creation. You can create the keystore after you perform the binary installation on the first VMware Cloud Director cell.
  4. Install prerequisite packages on each Compute Engine VM:

    yum install bind-utils libcurl-devel libxml2-devel make openssl-devel git \
        alsa-lib libICE libSM libX11 libXau libXdmcp libXext libXi libXt libXtst \
        pciutils redhat-lsb wget -y
    
  5. Add the name servers to the /etc/resolv.conf file on all VMs, so that they can resolve the ESXI host FQDNs.

  6. Install the NFS utils package so you can mount the transfer store on all VMs:

    yum install nfs-utils -y
    
    systemctl enable rpcbind nfs-server nfs-lock nfs-idmap
    
    systemctl start rpcbind nfs-server nfs-lock nfs-idmap
    

Install VMware Cloud Director on one VM

After you've installed the above packages to all your VMs, install and configure VMware Cloud Director on one VM:

  1. Use ssh to connect to one of your Compute Engine VMs.
  2. Download the VMware Cloud Director binary on the VM:

    gsutil cp gs://STORAGE_BUCKET/ \
       vmware-vcloud-director-distribution-10.1.0-15967253.bin /tmp/
    

    Replace STORAGE_BUCKET with the path to your Cloud Storage bucket.

  3. Мake the binary executable:

    chmod +x vmware-vcloud-director-distribution-10.1.0-15967253.bin
    
  4. Install the binary on the VM:

    /tmp/vmware-vcloud-director-distribution-10.1.0-15967253.bin
    
  5. Download the Java KeyStore file on the VM:

    gsutil cp gs://STORAGE_BUCKET/certificates.ks /tmp/certificates.ks
    

    Replace STORAGE_BUCKET with the path to your Cloud Storage bucket.

  6. Mount the transfer store to the VM:

    echo "FILESTORE_INSTANCE_IP:/volume_name \
       /opt/vmware/vcloud-director/data/transfer nfs defaults,_netdev 0 0" >> \
       /etc/fstab
    
    mount /opt/vmware/vcloud-director/data/transfer
    
    chown -R vcloud:vcloud /opt/vmware/vcloud-director/data/transfer
    

    Replace FILESTORE_INSTANCE_IP with the IP of your Filestore instance.

  7. Perform the initial VMware Cloud Director cell configuration using an unattended configuration:

    /opt/vmware/vcloud-director/bin/configure -ip INSTANCE_IP \
       --primary-port-http 80 --primary-port-https 443 -cons INSTANCE_IP \
       --console-proxy-port-https 8443 -dbhost DB_ENDPOINT -dbport 5432 \
       -dbtype postgres -dbname DB_NAME -dbuser DB_MASTER_USER \
       -dbpassword DB_MASTER_USER_PASSWORD --keystore /tmp/KEYSTORE_FILE \
       -w KEYSTORE_PASSWORD --enable-ceip true -unattended
    

    Replace the following:

    • INSTANCE_IP: IPv4 address, with optional port number
    • DB_ENDPOINT: IP address or fully qualified domain name of the vCloud Director database host
    • DB_NAME: the database service name
    • DB_MASTER_USER: the user name of the database user
    • DB_MASTER_USER_PASSWORD: the password for the database user, which can be null
    • KEYSTORE_FILE: Java keystore containing your SSL certificates and private keys
    • KEYSTORE_PASSWORD: SSL certificate keystore password
  8. Adjust the Java heap size to help with performance:

    1. Set the Java XMS value to at least 2 GB:

      sed -i "s/Xms1024M/Xms2048M/g" \
          /opt/vmware/vcloud-director/bin/vmware-vcd-cell-common
      
    2. Set the maximum value to the VM memory value minus 2 GB:

      sed -i "s/Xmx4096M/Xmx6144M/g" \
          /opt/vmware/vcloud-director/bin/vmware-vcd-cell-common
      
  9. Enable and start the VMware Cloud Director service:

    chkconfig vmware-vcd on
    
    service vmware-vcd start
    
  10. Check if the service has started successfully:

    tail -f /opt/vmware/vcloud-director/logs/cell.log
    
  11. Copy the responses.properties and Java KeyStore files to the transfer store to use for installation on your other VMware Cloud Director cells:

    cp /opt/vmware/vcloud-director/etc/responses.properties \
        /opt/vmware/vcloud-director/data/transfer/responses.properties
    
    chmod 644 /opt/vmware/vcloud-director/data/transfer/responses.properties
    
    cp /tmp/certificates.ks \
        /opt/vmware/vcloud-director/data/transfer/certificates.ks
    
    chmod 644 /opt/vmware/vcloud-director/data/transfer/certificates.ks
    
  12. Use the cell-management-tool system-setup command to configure the VMware Cloud Director installation:

    /opt/vmware/vcloud-director/bin/cell-management-tool system-setup \
       --email EMAIL --full-name FULL_NAME \
       --installation-id INSTALLATION_ID --password PASSWORD \
       --system-name SYSTEM_NAME --serial-number SERIAL_NUMBER \
       --user USER --unattended
    

    Replace the following:

    • EMAIL: the email address for the system administrator you are creating
    • FULL_NAME: the full name of the system administrator you are creating
    • INSTALLATION_ID: an integer in the range from 1 through 63
    • PASSWORD: the password for the system administrator you are creating
    • SYSTEM_NAME: the name to use for the VMware Cloud Director vCenter Server folder
    • SERIAL_NUMBER: the serial number (license key) for this installation
    • USER: the user name of the system administrator you are creating

Install VMware Cloud Director on other VMs

To install and configure VMware Cloud Director on the remaining cells, repeat the following steps for each cell:

  1. Use ssh to connect to the Compute Engine VM.
  2. Download the binary on the VM:

    gsutil cp gs://STORAGE_BUCKET/ \
       vmware-vcloud-director-distribution-10.1.0-15967253.bin /tmp/
    

    Replace STORAGE_BUCKET with the path to your Cloud Storage bucket.

  3. Make the binary executable:

    chmod +x vmware-vcloud-director-distribution-10.1.0-15967253.bin
    
  4. Install the binary on the VM:

    /tmp/vmware-vcloud-director-distribution-10.1.0-15967253.bin
    
  5. Download the Java KeyStore file on the VM:

    gsutil cp gs://vcd-builds/certificates.ks /tmp/certificates.ks
    
  6. Mount the transfer store to this VM:

    echo "FILESTORE_INSTANCE_IP:/volume_name \
       /opt/vmware/vcloud-director/data/transfer nfs defaults,_netdev 0 0" >> \
       /etc/fstab
    
    mount /opt/vmware/vcloud-director/data/transfer
    
    chown -R vcloud:vcloud /opt/vmware/vcloud-director/data/transfer
    

    Replace FILESTORE_INSTANCE_IP with the IP of your Filestore instance.

  7. Perform the initial VMware Cloud Director cell configuration using an unattended configuration:

    /opt/vmware/vcloud-director/bin/configure \
       -r /opt/vmware/vcloud-director/data/transfer/responses.properties \
       -ip INSTANCE_IP --primary-port-http 80 --primary-port-https 443 \
       -cons INSTANCE_IP --console-proxy-port-https 8443 \
       --keystore /opt/vmware/vcloud-director/data/transfer/KEYSTORE_FILE \
       -w KEYSTORE_PASSWORD --enable-ceip true -unattended
    

    Replace the following:

    • INSTANCE_IP: IPv4 address, with optional port number
    • KEYSTORE_FILE: Java keystore file containing your SSL certificates and private keys
    • KEYSTORE_PASSWORD: SSL certificate keystore password
  8. Adjust the Java heap size to help with performance:

    1. Set the Java XMS value to at least 2 GB:

      sed -i "s/Xms1024M/Xms2048M/g" \
          /opt/vmware/vcloud-director/bin/vmware-vcd-cell-common
      
    2. Set the maximum value to the VM memory value minus 2 GB:

      sed -i "s/Xmx4096M/Xmx6144M/g" \
          /opt/vmware/vcloud-director/bin/vmware-vcd-cell-common
      
  9. Enable and start the VMware Cloud Director service:

    chkconfig vmware-vcd on
    
    service vmware-vcd start
    
  10. Check if the service has started successfully:

    tail -f /opt/vmware/vcloud-director/logs/cell.log
    

Create Compute Engine instance groups

Compute Engine instance groups forward traffic from the internet-facing load balancers to VMware Cloud Director cells. To set up your instance groups, follow these steps:

  1. Create an unmanaged instance group for each zone in which you have VMware Cloud Director cells deployed.
  2. For each instance group, add the following port mapping:
    • For interface or API calls
      • Port name: https
      • Port numbers: 443
    • For console proxy access
      • Port name: tcp
      • Port numbers: 8443

Here's an example of an instance group setup:

The instance group setup uses the HTTPS protocol on port 443 and the
            TCP protocol on port 8443.

Deploy load balancers

You need to deploy two load balancers in Google Cloud to allow access from the internet to the VMware Cloud Director interface or console proxy. This process involves the following steps:

  1. Configure a health check for your load balancers to use
  2. Create an L7 load balancer for interface or API access
  3. Create an L4 load balancer for console proxy access
  4. Configure public addresses for VMware Cloud Director

Configure a health check for your load balancers

To configure a health check for your load balancers, do the following:

  1. Follow the process in Creating health checks to start creating a health check.
  2. Set Protocol to HTTPS.
  3. In the Port field, enter 443.
  4. In the Request path field, enter /api/server_status.

Here's an example of a health check setup:

The health check configuration uses the HTTPS protocol on port 443.

Create an L7 load balancer for interface or API access

To create an L7 load balancer for interface or API access, do the following:

  1. Follow the process in Setting up internal HTTP(S) load balancing to start setting up internal HTTPS load balancing.
  2. Set Protocol to HTTPS.
  3. In the Named port field, enter https. This value matches the value configured in your instance groups.
  4. In the Backends section, add all instance groups you created in Create Compute Engine instance groups. Use port 443 for each entry to match the port created for HTTPS.
  5. Set Health check to the one you configured in Configure a health check for your load balancers.
  6. For Host and path rules, use the default values.
  7. Configure the frontend for your load balancer:
    1. Set Protocol to HTTPS.
    2. Reserve a public IP address.
    3. Add a certificate for the load balancer.

Create an L4 load balancer for console proxy access

To create an L4 load balancer for console proxy access, do the following:

  1. Follow the process in Setting up TCP proxy load balancing to start configuring your load balancer.
  2. Set Multiple regions or single region to Multiple regions.
  3. Set Backend type to Instance groups.
  4. Set Protocol to TCP.
  5. In the Named port field, enter tcp. This value matches the value configured in your instance groups.
  6. In the Backends section, add all instance groups you created in Create Compute Engine instance groups. Use port 8443 for each entry to match the port created for TCP.
  7. Configure the frontend for your load balancer:
    1. Set Protocol to TCP.
    2. Set Port to 443.
    3. Reserve a public IP address.

Configure public addresses for VMware Cloud Director

After you create the load balancers, configure public addresses for VMware Cloud Director:

  1. Access VMware Cloud Director using the following URL:

    https://L7_FQDN/provider

    Replace L7_FQDN with the FQDN that corresponds to the certificate you added for the L7 load balancer.

  2. Use the administrator credentials created when configuring your first VMware Cloud Director cell on a VM.

  3. Follow the steps provided by VMware to configure public addresses.

What's next

After you deploy VMware Cloud Director on Google Cloud, you can provide your VMware Engine private cloud resources to VMware Cloud Director. For that process, follow the VMware guidance on managing organization virtual data centers.