| subcollection | copyright | lastupdated | lasttested | content-type | services | account-plan | completion-time | use-case | ||
|---|---|---|---|---|---|---|---|---|---|---|
solution-tutorials |
|
2024-01-05 |
tutorial |
vmwaresolutions, vpc |
paid |
2h |
ApplicationModernization, Vmware |
{{site.data.keyword.attribute-definition-list}}
{: #vpc-bm-vmware-vpc} {: toc-content-type="tutorial"} {: toc-services="vmwaresolutions, vpc"} {: toc-completion-time="2h"}
This tutorial may incur costs. Use the Cost Estimator to generate a cost estimate based on your projected usage. {: tip}
This tutorial is part of series, and requires that you have completed the related tutorials in the presented order. {: important}
In this tutorial, you will deploy a {{site.data.keyword.vpc_short}} for a VMware Deployment and a jump machine for configuration tasks. {: shortdesc}
{: #vpc-bm-vmware-vpc-objectives}
In this tutorial, you will create a {{site.data.keyword.vpc_short}} for your VMware Deployment. The following diagram shows the {{site.data.keyword.vpc_short}} layout and subnets to be provisioned. NSX-T subnets are optional for NSX-T based deployments.
In this tutorial, a dedicated {{site.data.keyword.vpc_short}} for VMware is used, but you can alter and modify the deployment based on your needs.
{: caption="Figure 1. {{site.data.keyword.vpc_short}} Subnets for VMware Deployment" caption-side="bottom"}
{: #vpc-bm-vmware-vpc-prereqs}
This tutorial requires:
- Common prereqs for VMware Deployment tutorials in {{site.data.keyword.vpc_short}}
This tutorial is part of series, and it is required that you follow the order.
Login with IBM Cloud CLI with username and password, or use the API key. Select your target region and your preferred resource group.
{: #vpc-bm-vmware-vpc-create} {: step}
-
Create a {{site.data.keyword.vpc_short}}, and record its ID and CRN.
VMWARE_VPC=$(ibmcloud is vpcc vmw --output json | jq -r .id){: codeblock}
VMWARE_VPC_CRN=$(ibmcloud is vpc $VMWARE_VPC --output json | jq -r .crn){: codeblock}
You can use the commands directly e.g.
ibmcloud is vpcc ic4vwithout using the json output format and store the required values into variables manually, if you prefer this way. {: tip}All local variables used in this tutorial start with
VMWARE_and they are present within the current instance of the shell. If you want to collect them after for future use, you can use the following command. {: tip}( set -o posix; set; set +o posix ) | grep VMWARE_
{: codeblock}
{: #vpc-bm-vmware-vpc-prefix} {: step}
-
Provision a prefix for the {{site.data.keyword.vpc_short}}. In this example
10.97.0.0/22is used in Zoneeu-de-1.VMWARE_VPC_ZONE=eu-de-1
{: codeblock}
VMWARE_PREFIX=$(ibmcloud is vpc-address-prefix-create <UNIQUE_PREFIX_NAME> $VMWARE_VPC $VMWARE_VPC_ZONE 10.97.0.0/22){: codeblock}
{: #vpc-bm-vmware-vpc-subnets} {: step}
Multiple subnets will be needed for various use cases in the VMware deployment, such as:
- hosts
- management
- vMotion
- vSAN
- [OPTIONAL] Virtual machines (attached directly to a VPC subnet)
-
Provision the following {{site.data.keyword.vpc_short}} subnets, and record their IDs for future use. The subnets have been provisioned inside the CIDR block defined in the {{site.data.keyword.vpc_short}} zone's prefix.
VMWARE_SUBNET_HOST=$(ibmcloud is subnetc vmw-host-mgmt-subnet $VMWARE_VPC --ipv4-cidr-block 10.97.0.0/25 --zone $VMWARE_VPC_ZONE --output json | jq -r .id){: codeblock}
VMWARE_SUBNET_MGMT=$(ibmcloud is subnetc vmw-inst-mgmt-subnet $VMWARE_VPC --ipv4-cidr-block 10.97.0.128/25 --zone $VMWARE_VPC_ZONE --output json | jq -r .id){: codeblock}
VMWARE_SUBNET_VMOT=$(ibmcloud is subnetc vmw-vmot-subnet $VMWARE_VPC --ipv4-cidr-block 10.97.1.0/25 --zone $VMWARE_VPC_ZONE --output json | jq -r .id){: codeblock}
VMWARE_SUBNET_VSAN=$(ibmcloud is subnetc vmw-vsan-subnet $VMWARE_VPC --ipv4-cidr-block 10.97.2.0/25 --zone $VMWARE_VPC_ZONE --output json | jq -r .id){: codeblock}
-
List the subnets and take a note of the CIDRs. Check that this maps your network addressing design.
ibmcloud is subnets
{: codeblock}
{: #vpc-bm-vmware-vpc-pgw} {: step}
Subnets are private by default. As the management subnet needs outbound internet access (e.g. for getting software updates from VMware), a Public Gateway is needed. A Public Gateway enables a subnet and all its attached virtual or {{site.data.keyword.bm_is_short}} instances to connect to the internet. After a subnet is attached to the public gateway, all instances in that subnet can connect to the internet. Public gateways use Many-to-1 SNAT.
-
Provision a Public Gateway and attach that to the management subnet.
VMWARE_PUBLIC_GW=$(ibmcloud is public-gateway-create vmware-mgmt-internet-outbound $VMWARE_VPC $VMWARE_VPC_ZONE --output json | jq -r .id){: codeblock}
ibmcloud is subnetu $VMWARE_SUBNET_MGMT --public-gateway-id $VMWARE_PUBLIC_GW
{: codeblock}
{: #vpc-bm-vmware-vpc-sshkey} {: step}
If you have not already done so, create a SSH key for the {{site.data.keyword.vpc_short}}. The SSH key is used e.g. for accessing linux based {{site.data.keyword.vsi_is_short}} or decrypting the passwords.
-
Create a new key on your local workstation or use on existing key based on your preferences. For more information, refer to IBM Cloud Docs.
-
Record and note the SSH key ID.
SSH_KEY=$(ibmcloud is keys --output json | jq -r '.[] | select(.name == "put-your-key-name-here")'.id){: codeblock}
{: #vpc-bm-vmware-vpc-jump} {: step}
To ease up VMware configuration tasks, provision a Windows server on the management subnet in your {{site.data.keyword.vpc_short}}. In this tutorial, the Jump server will be used to access ESXi hosts and vCenter after they have been provisioned over the {{site.data.keyword.vpc_short}} network. The Jump server will be provisioned in to the Instance management subnet ($VMWARE_SUBNET_MGMT) and it will have network access to the {{site.data.keyword.bm_is_short}} and the vCenter after. In addition, inbound and outbound Internet access is provided for easy remote access as well as downloading required VMware or other software.
For more information on creating {{site.data.keyword.vsi_is_short}}, refer to creating Virtual Servers using UI or creating Virtual Servers using CLI. In this example the CLI method is used.
-
List available images and select your preferred image. You can use the following CLI command to list all available images:
ibmcloud is images
{: codeblock}
-
Record the image ID. In this example, Windows Server 2019 is used as the Jump.
IMAGE_WIN=$(ibmcloud is images --output json | jq -r '.[] | select(.name == "ibm-windows-server-2019-full-standard-amd64-6")'.id){: codeblock}
-
Create a Windows {{site.data.keyword.vsi_is_short}} with CLI or UI. Once the {{site.data.keyword.vsi_is_short}} Instance is created, record the Jump server's ID and its NIC ID.
VMWARE_JUMP=$(ibmcloud is instance-create jump-001 $VMWARE_VPC $VMWARE_VPC_ZONE bx2-2x8 $VMWARE_SUBNET_MGMT --image-id $IMAGE_WIN --key-ids $SSH_KEY --output json | jq -r .id){: codeblock}
VMWARE_JUMP_NIC=$(ibmcloud is in $VMWARE_JUMP --output json | jq -r '.network_interfaces[0].id'){: codeblock}
In this example, the Jump server is accessed directly from the Internet and a Floating IP to the server for this purpose. Floating IP addresses are IP addresses that are provided by IBM Cloud platform and are reachable from the public internet. You can reserve a floating IP address from the pool of available addresses that are provided by IBM, and you can associate it with a network interface of your server. That interface also will have a private IP address.
-
Create a floating IP for the {{site.data.keyword.vsi_is_short}} and record the IP.
VMWARE_JUMP_FIP=$(ibmcloud is ipc jump-001-ip --nic-id $VMWARE_JUMP_NIC --output json | jq -r .address){: codeblock}
echo "Public IP for the Jump : "$VMWARE_JUMP_FIP
{: codeblock}
-
To get the server Administrator’s password, use the SSH key to decrypt it. In this example, the private key is located in the folder
~/.ssh/in the workstation whereibmcloudCLI command in run from.ibmcloud is in-init $VMWARE_JUMP --private-key @~/.ssh/id_rsa{: codeblock}
If running inside of Git sh on Windows, prefix the above command with
MSYS_NO_PATHCONV=1, for exampleMSYS_NO_PATHCONV=1 ibmcloud is in-init .... {: tip} -
Modify security group rule to allow inbound access.
Inbound access to Microsoft Remote Desktop (RDP) port (TCP/3389) is blocked by default. Add a SG rule for inbound TCP/3389 from your IP to access the jump. {: tip}
VMWARE_JUMP_NIC_SG=$(ibmcloud is in $VMWARE_JUMP --output json | jq -r '.network_interfaces[0].security_groups[0].id'){: codeblock}
ibmcloud is sg-rulec $VMWARE_JUMP_NIC_SG inbound tcp --port-min 3389 --port-max 3389 --remote <add_your_IP_here>
{: codeblock}
-
Login into the Windows Jump server with Microsoft Remote Desktop client using the credentials provided earlier.
-
Install Mozilla Firefox{: external}, Google Chrome{: external} or Microsoft Edge{: external} into your Jump server. One of these browsers is required e.g. to access hosts or vCenter later in this tutorial.
You may need to use SSH later when configuring, managing or configuring various VMware assets. SSH is not required in this tutorial, but it is useful. You may use your favorite SSH client in the Jump server, such as PuTTY{: external} or mRemoteNG{: external}. {: tip}
{: #vpc-bm-vmware-vpc-next-steps}
The next step in the tutorial series is: