Edit

Share via

Configure VMware Cloud Director Service in Azure VMware Solution

  • Article

In this article, learn how to configure VMware Cloud Director service in Azure VMware Solution.

Prerequisites

Plan and prepare Azure VMware Solution private cloud for VMware Reverse proxy

Prepare your Azure VMware Solution private cloud for deploying VMware Reverse proxy VM OVA

  1. Obtain NSX cloud admin credentials from Azure portal under VMware credentials. Then, sign in to NSX Manager.

  2. Create a dedicated Tier-1 router (optional) for VMware Reverse proxy VM.

    1. Sign in to Azure VMware Solution NSX Manager and select ADD Tier-1 Gateway

    2. Provide name, Linked Tier-0 gateway and then select save.

    3. Configure appropriate settings under Route Advertisements.

      Screenshot showing how to create a Tier-1 Gateway.

  3. Create a segment for VMware Reverse proxy VM.

    1. Sign in to Azure VMware Solution NSX Manager and under segments, select ADD SEGMENT
    2. Provide name, Connected Gateway, Transport Zone and Subnet information and then select save.

    Screenshot showing how to create an NSX segment for reverse proxy VM.

  4. Optionally enable segment for DHCP by creating a DHCP profile and setting DHCP config. You can skip this step if you use static IPs.

  5. Add two NAT rules to provide an outbound access to VMware Reverse proxy VM to reach VMware cloud director service. You can also reach the management components of Azure VMware Solution private cloud such as vCenter Server and NSX that are deployed in the management plane.

    1. Create NOSNAT rule,
      • Provide name of the rule and select source IP. You can use CIDR format or specific IP address.
      • Under destination port, use private cloud network CIDR.
    2. Create SNAT rule
      • Provide name and select source IP.
      • Under translated IP, provide a public IP address.
      • Set priority of this rule higher as compared to the NOSNAT rule.
    3. Select Save.

    Screenshot showing how to verify the NAT rules were created.

  6. Ensure on Tier-1 gateway, NAT is enabled under router advertisement.

  7. Configure gateway firewall rules to enhance security.

Generate and Download VMware Reverse proxy OVA

  • What follows is a step-by-step procedure and how to obtain the required information on Azure portal and how to use it to generate VMware Reverse proxy VM.

Prerequisites on VMware cloud service

  • Verify you're assigned the network administrator service role. See Managing Roles and Permissions and make changes using VMware Cloud Services Console.
  • If you're accessing VMware Cloud Director service through VMware Cloud Partner Navigator, verify that you're a Provider Service Manager user and that you're assigned the provider:admin and provider:network service roles.
  • See How do I change the roles of users in my organization in the VMware Cloud Partner Navigator documentation.

Procedure

  1. Sign in to VMware Cloud Director service.

  2. Select Cloud Director Instances.

  3. In the card of the VMware Cloud Director instance for which you want to configure a reverse proxy service, select Actions > Generate VMware Reverse Proxy OVА.

  4. The Generate VMware Reverse proxy OVA wizard opens. Fill in the required information.

  5. Enter Network Name

    • Network name is the name of the NSX segment you created in previous section for reverse proxy VM.

  6. Enter the required information such as vCenter FQDN, Management IP for vCenter, NSX FQDN or IP and more hosts within the private cloud to proxy.

  7. vCenter and NSX IP address of your Azure VMware Solution private cloud can be found under Azure portal -> manage-> VMware credentials

    Screenshot showing how to obtain VMware credentials using Azure portal.

  8. To find FQDN of vCenter of your Azure VMware Solution private cloud, sign in to the vCenter using VMware credential provided on Azure portal.

  9. In vSphere Client, select vCenter, which displays FQDN of the vCenter Server.

  10. To obtain FQDN of NSX, replace vc with nsx. NSX FQDN in this example would be, “nsx.f31ca07da35f4b42abe08e.uksouth.avs.azure.com”

    Screenshot showing how to obtain vCenter and NSX FQDN in Azure VMware solution private cloud.

  11. Obtain ESXi management IP addresses and CIDR for adding IP addresses in allowlist when generating reverse proxy VM OVA.

    Screenshot showing how to obtain management IP address and CIDR for ESXi hosts in Azure VMware solution private cloud.

  12. Enter a list of any other IP addresses that VMware Cloud Director must be able to access through the proxy, such as ESXi hosts to use for console proxy connection. Use new lines to separate list entries.

    Tip

    To ensure that future additions of ESXi hosts don't require updates to the allowed targets, use a CIDR notation to enter the ESXi hosts in the allow list. This way, you can provide any new host with an IP address that is already allocated as part of the CIDR block.

  13. Once you gathered all the required information, add the information in the VMware Reverse proxy OVA generation wizard in the following diagram.

  14. Select Generate VMware Reverse Proxy OVА.

    Screenshot showing how to generate a reverse proxy VM OVA.

  15. On the Activity log tab, locate the task for generating an OVА and check its status. If the status of the task is Success, select the vertical ellipsis icon and select View files.

  16. Download the reverse proxy OVA.

Deploy VMware Reverse proxy VM

  1. Transfer reverse proxy VM OVA you generated in the previous section to a location from where you can access your private cloud.
  2. Deploy reverse proxy VM using OVA.
  3. Select appropriate parameters for OVA deployment for folder, computer resources, and storage.
    • For network, select appropriate segment for reverse proxy.
    • Under customize template, use DHCP or provide static IP if you aren't planning to use DHCP.
    • Enable SSH to sign in to reverse proxy VM.
    • Provide root password.
  4. Once VM is deployed, power it on and then sign in using the root credentials provided during OVA deployment.
  5. Sign in to the VMware Reverse proxy VM and use the command transporter-status.sh to verify that the connection between CDs instance and Transporter VM is established.
    • The status should indicate "UP." The command channel should display "Connected," and the allowed targets should be listed as "reachable."
  6. Next step is to associate Azure VMware Solution private cloud with the VMware Cloud Director Instance.

Associate Azure VMware Solution private cloud with VMware Cloud Director Instance via VMware Reverse proxy

This process pools all the resources from Azure private Solution private cloud and creates a provider virtual datacenter (PVDC) in CDs.

  1. Sign in to VMware Cloud Director service.

  2. Select Cloud Director Instances.

  3. In the card of the VMware Cloud Director instance for which you want to associate your Azure VMware Solution private cloud, select Actions and then select Associate datacenter via VMware reverse proxy.

  4. Review datacenter information.

  5. Select a proxy network for the reverse proxy appliance to use. Ensure correct NSX segment is selected where reverse proxy VM is deployed.

    Screenshot showing how to review a proxy network information.

  6. In the Data center name text box, enter a name for the private cloud that you want to associate with datacenter. The name entered is only used to identify the data center in the VMware Cloud Director inventory, so it doesn't need to match the private cloud name entered when you generated the reverse proxy appliance OVA.

  7. Enter the FQDN for your vCenter Server instance.

  8. Enter the URL for the NSX Manager instance and wait for a connection to establish.

  9. Select Next.

  10. Under Credentials, enter your user name and password for the vCenter Server endpoint.

  11. Enter your user name and password for NSX Manager.

  12. To create infrastructure resources for your VMware Cloud Director instance, such as a network pool, an external network and a provider VDC, select Create Infrastructure.

  13. Select Validate Credentials. Ensure that validation is successful.

  14. Confirm that you acknowledge the costs associated with your instance, and select Submit.

  15. Check activity log to note the progress.

  16. Once this process is completed, you should see that your VMware Azure Solution private cloud is securely associated with your VMware Cloud Director instance.

  17. When you open the VMware Cloud Director instance, the vCenter Server and the NSX Manager instances that you associated are visible in Infrastructure Resources.

    Screenshot showing how the vCenter Server is connected and enabled.

  18. A newly created Provider VDC is visible in Cloud Resources.

  19. In your Azure VMware solution private cloud, when logged into vCenter Server you see that a Resource Pool is created as a result of this association.

    Screenshot showing how resource pools are created for CDs.

You can use your VMware cloud director instance provider portal to configure tenants such as organizations and virtual data center.

What’s next