In my previous post Step-by-step VMware Cloud Foundation 4.2.1 install I scrapped the lab we started for VCF 4.2.1 and now is the time we continue it with Lab constructor. It would be an injustice if I do not mention Tom Stephens(VMware)'s name who introduced VLC to me, and made my life easier.
In order to start with it we need to review the pre-requirements. You need a single physical host running ESXi 6.7+ with 12 cores, 128 GB RAM and 800 GB SSD.
Configure vSphere standard switch, create a trunk port group and set the switch MTU to 9000 , in our case we already have the Nested-SDDC switch and nested-Trunk port group configured. Our trunk port group is inheriting security settings from the switch, where its configured to accept forged transmits, promiscuous mode and mac address change. Disable these settings on the switch level and configure on the port group nested-trunk, we are doing this for only VCF lab, once we are done with this we will revert it. I am also powering off the CSR1000v virtual router, until this lab is complete.
Now we need a jump host from where we will trigger the vLC to create our lab, we already have our ADDC.lab.local machine, but we need to install powercli version 12.1+, Powershell version 5.1 +, OVFtools 4.3+, .netframework and VMXNET3 nic cards.
Machine should be connecting to your internet facing network as well as nested port group.
Lets start with installation of PowerCLI.
Login to ADDC, open powershell and run this command, Install-Module -Name VMware.PowerCLI
This command will download and install powercli on the server.
Once installation is over, add a new network card on ADDC and assign nested-trunk port to it
Save and now login to server, right click on start icon, select run.
In the run prompt type ncpa.cpl and hit enter.
Now right click on the added adaptor, select properties.
In the properties prompt select configure button.
Now in ethernet adaptor property page will open, select advanced tab, search for VLAN ID option and assign vlan id 10 and click ok.
Now, you must be thinking why are we assigning vlanid 10 which we didn't create in our post
Home Lab Step-by-Step Part-4-virtual router, well vLC has a complete automated workflow and requires vLAN id 10 to be assigned with IP address 10.0.0.220 on the jumpbox. Cloud builder appliance will provide routing, DNS and DHCP services. Hence its IP will be 10.0.0.221.
We just need to populate the license information in the .json file and we are good to go.
So assign below mentioned IP on the second NIC added on the server which is connected to nested trunk port group.
Say yes to this warning of dual gateway address.
Now we need to make sure windows defender and firewall is turned off. Open powershell prompt with admin privileges, and run command "netsh advf set allp state off". Now run next command to disable windows defender. Just remember that these will get enabled with each reboot, so you have to disable them after each reboot you perform for the jumpbox.
Now we will download and install
ovfTool.
Accept the EULA, and login with your my.vmware.com ID
Select the installer file according to the OS, in our case we are using windows 64 bit OS.
Run the MSI file, and complete the setup wizard.
Now accept EULA for software install.
Select installation directory.
Press Install and let it complete the setup.
Now lets make sure .Net Framework is enabled on the server for that we will open server manager.
Click on manage server and select add roles and features.
Now press next on each page until we reach features page.
On features page make sure .Net Framework is enabled.
If its enabled, cancel the wizard, if not then enable and press next and install. After that create a directory with the name VLC and paste cloud builder appliance ISO as well as ESXi ISO which we extracted from the cloud builder VM.
If you have not downloaded the
VLC, then please do so now. Complete the form and download the zip file.
Extract the Zip file and place the extracted folder in VLC folder.
When we open VLC folder there are certain files, out of which there are two with .json extension. One is with AVN and second one is without AVN. As in NSX-T we create overlay segments, where our production/test/dev workloads are hosted. Those networks are called Application Virtual Networks in vCF.
There are two ways we can configure north-south communication between vCF and underlay network.
Dynamic or Static, with latest release of NSX-T we can use either
BGP or
OSPF to achieve dynamic routing or we can create static routes. In vCF we can use BGP or Static. I am sure soon OSPF support will be added with VCF as well. We will assign licenses to with AVN .json file as we want to create overlay segments.
Open the file with text editor of your choice, I prefer notepad++.
Search for license and update the license of each component and save the file.
Once file is saved, open powershell and navigate to the directory where these files are stored.
Now you need to execute powershell script VLCGui.ps1, which will open a GUI prompt in front of us.
It will perform checks for required versions and then you will be presented with lab constructor screen. Select Automated.
Once you select automated, it will select the json file automatically, but I would suggest you to validate if the selected file is the one with updated licenses, and fill rest of the details.
Once all the details are filled such as Cloud builder and ESXi ISO location, esxi name prefix and physical host details. We click Validate. Hit Construct button to start the deployment.
Now we will wait for Lab constructor to finish deployment. You will be able to monitor progress with the powershell screen.
After more than eight hours from start of the deployment process, when I checked I found this error.
When I checked, vCenter server crashed due to which we ended up with this error, hence I restarted vCenter and validated login to SDDC manager and vCenter. SDDC manager can also be authenticated using SSO administrator credentials.
Credentials for SDDC-M
Username : admin
Password : VMware123!
Credentials for vCenter
Username : administrator@vsphere.local
Password : VMware123!
Username for appliance access : root
vCenter page after reboot.
As all components are up and running now, I will retry to finish the bring up process.
To be honest, it took 4 more retries, but finally it is successfully deployed.
The best part is in this deployment we learned about how to troubleshoot certain scenarios, and same steps can be applied in real deployment based on issue we get/face. Once we hit finish, it will give the option to login to SDDC manager.
Click the launch button and open SDDC manager, use vCenter SSO credentials to login.
Congratulations, you ow have your SDDC manager in place, in vCF you would be managing your infrastructure using this console, hence I present you the first look of your SDDC manager.
On the left hand menu, you have workload domain, which will list all your workload domains under that VCF deployment. If you want to create a new VI workload domain, hit +workload domain button.
When you select any workload domain, you get complete information about it, such as what services are enabled, current update/patch level, if there was any update was performed under update history tab.
Hosts tab will show current hosts in the domain. Now if you wish to generate CSR file for custom certificate enrollment, then move to the security tab.
Most importantly do not change any credentials using traditional methods which we have used in a normal VMware environment, always use SDDC manager to rotate passwords as if we do not adhere to this it can break VCF deployment and we can run into issue which we have not anticipated. Use password management in SDDC manager.
By design cloud builder only builds the management domain, and with minimum/maximum four hosts. If you want your management domain to be made up of more than four hosts, you need to add additional hosts after bring-up of vCF environment.
Now host addition is also done using SDDC manager, however before adding new hosts you need to make sure your network pools are ready. if not you need to create them. Navigate to Network settings under administration and select +create network pool.
Fill in the details and create the pool, be aware that once a pool is created, you can not edit or remove IPs from the pool.
Once pools are created, we can move onto adding hosts, for that you need to navigate to host tab under inventory, and select commission host.
Once you select commission hosts, you will be presented with a list of pre-req checks which should be complete before adding host into vCF inventory. Once checks are complete select all and proceed.
Now here you can either add hosts, one-by-one or you can do bulk addition using a .json file. Choosing correct IP pool is very important.
Once you add hosts, they will reflect in hosts added tab. Validate the hosts, it will verify if all the check are complete or not. Once verification is complete, you just hit next to review and finish.
I have just showed you steps, but didn't add a host because physical resources of the server is running at its peak capacity, and creating another nested host will be not be possible. If you have some more physical resources available, I would recommend you to deploy addition hosts and test commissioning process.
Once host commission is complete, you would see those hosts available in unassigned hosts.
Now you can use these hosts for either adding into existing workload domain, or you can deploy a new workload domain. This decision is based on the solution design.
One last bit, in order to login to vCenter of NSX-T manager, you can go to services tab in workload domain and click on the icon highlighted, it will open the login page for the solution.
In order to install vRealize suite, you need to first download the packages in SDDC manager, for that you need to have an id with access to VMware repository.
As we never want to expose our SDDC manager to internet openly, we need to allow communication between SDDC manager and https://depot.vmware.com on port 80 and 443.
I would personally recommend using URL to allow as IP address might change and we do not want to lose our capability to connect.
Once access to depot.vmware.com is in place, we will authorize the deployment using the depot credentials which has access.
Once this is configured, download the repository and move to vRealize tab and follow deployment sequence.
With that, I would conclude this post here, and in my next post I will go back to our previous discussion of designing and installing NSX-T 3.1 datacenter.
I hope I was able to add value, if your answer is yes, then don't forget to share and subscribe. 😊
If you want me to write on specific content or you have any feedback on this post, kindly comment below.
If you want, you can connect with me on
Linkedin, and please like and subscribe my youtube channel
VMwareNSXCloud for step by step technical videos.
Great 👍 very useful information, “Thanks so much for sharing your experience with us. We hope to see you again soon.”
ReplyDeleteHi Amit, I am glad to know it is useful.
ReplyDelete