Automation

Can a VM in the VMC Compute Network access the SDDC Management Network?

11/19/2018 by William Lam Leave a Comment

Similiar to an on-premises vSphere deployment, VMware Cloud on AWS follows good security practices by isolating and preventing access to the SDDC Management Network including Virtual Machines running in the Compute Network. With that said, the SDDC can be configured to enable access to the SDDC Management Network for either all or subset of workloads running in the Compute Network.

I have seen this request come up a few times, usually around proof of concepts, lack of on-premises infrastructure or wanting to run completely isolated within VMC for Dev/Test purposes. Below are the step by step instruction on setting this up for both an NSX-V and NSX-T based SDDC. Once enabled, customers can access the vCenter vSphere UI from within the specified Virtual Machine(s) including using tools like OVFTool or PowerCLI for importing new or existing workloads.

Note: Please refer to this blog post here to determine if you are running an NSX-V or NSX-T based SDDC.

Automating Hybrid Cloud Extension (HCX) Manager initial configuration for VMC

10/29/2018 by William Lam 1 Comment

Following up from my previous Hybrid Cloud Extension (HCX) Automation article which looked at deploying the HCX Manager OVA, this article will now focus on automating the initial configuration of HCX Manager including the registration to HCX Cloud which will enable the on-prem HCX Manager to be used with VMware Cloud on AWS (VMC). Once HCX Manager is up and running, customers can configure the system using the HCX VAMI interface which is available on port 9443 via the UI or in our case with the HCX VAMI APIs.

I have updated my HCX PowerShell Module to include 8 additional functions that can be used for initial configuration of HCX Manager:

Set-HcxVCConfig
Set-HcxLicense
Get-HcxNSXConfig
Set-HcxNSXConfig
Get-HcxLocation
Set-HcxLocation
Get-HcxRoleMapping
Set-HcxRoleMapping
Get-HcxProxy
Set-HcxProxy
Remove-HcxProxy

Is vCenter Server & ESXi hosts using VMware Certificate Authority (VMCA) or custom CA certificates?

10/23/2018 by William Lam Leave a Comment

Customers have two primary methods of managing TLS certificates for their ESXi hosts, they can either use the built-in VMware Certificate Authority (VMCA) which is part of vCenter Server or Custom CA Certificates. I will not go into the gory details, but you can read more about the options here in our documentation.

A question that I had received recently was whether you can determine the type of certificate an ESXi host was provisioned with and whether this could be programmatically retrieved using the vSphere API? The answer is yes. In vSphere 6.0, we introduced a CertificateInfo property which contains a number of fields including status, issuer, expiry and subject details and by inspecting either the issuer or subject property, you can determine the type of certificate on the ESXi host.

Here is a screenshot of the data using the vSphere MOB for an ESXi host that has VMCA-based certificate:

Here is a screenshot of the data using the vSphere MOB for an ESXi host that has custom CA certificate:

As you can see, for VMCA-based certificate the issuer's OU will have value of "VMware Engineering" and subject's emailAddress will have value of "vmca@vmware.com".

Automating downloads from MyVMware

10/15/2018 by William Lam 4 Comments

I recently came across a really cool project called vmw-cli which was built by Andrew Obersnel, an Engineer who works over in our Network and Security Business Unit (NSBU) at VMware. This CLI tool enables you to login to MyVMware and based on your entitlements, download any VMware binary or application just like you would using a web browser but now you can completely automate it from the command-line! The CLI is written as a Node.js application and you can consume as a CLI which requires Node.js to be installed or you can just run it as a Docker Container.

In the example below, I will take you through on how to use vmw-cli using the Node.js CLI method. If you prefer to use the Docker Container, you can simply refer to the Github project page for more details.

Automating new Cloud Motion with vSphere Replication using Hybrid Cloud Extension (HCX) API

09/25/2018 by William Lam Leave a Comment

Cloud Motion with vSphere Replication is the newest migration type that has been added to the Hybrid Cloud Extension (HCX) solution, which was also demonstrated during the VMworld US 2018 keynote (watch here). Unlike the traditional Bulk Migration, which also uses vSphere Replication to perform the initial replication, Cloud Motion with VR does not incur any downtime during the VM switch over. This is possible with our most beloved vSphere feature, vMotion!

With Bulk Migration, the VM on the source vCenter Server must be shutdown before the newly replicated VM on the destination vCenter Server can be powered on or else a network conflict will occur. Using Cloud Motion with VR, the VM is simply vMotion'ed from the source vCenter Server to the destination vCenter Server and because the VM's storage has already been replicated, the only thing that needs to transfer is the memory state of the VM.

All three HCX Migration Types can be scheduled from the HCX UI using the vSphere Client or automated using the HCX API. The latter option is definitely ideal for customers with large number of migrations but it can also help with smaller migrations as it reduces the amount of user input required when using the UI and ultimately, this reduces user errors.

To help demonstrate the HCX Migration APIs, I have updated my VMware HCX PowerShell Module to include the following two new functions:

New-HcxMigration
Get-HcxMigration

Automating Hybrid Cloud Extension (HCX) Manager OVA deployment

09/24/2018 by William Lam Leave a Comment

Feedback on my recent Hybrid Cloud Extension (HCX) Automation articles has been very positive, thanks to those who have reached out. One area that I have not had a chance to spend much time on which a few of you have pinged me about is the automating the actual deployment of the HCX Manager, which is provided to customers as an OVA image. In this article, I have created a basic PowerCLI script called deploy_hcx_manager_ova.ps1 that demonstrates using the Import-VApp and Get-OVFConfiguration cmdlets to import the OVA along with specifying the required OVF properties. The script will also wait for the HCX Manager to be ready by checking the VAMI URL located at https://[HCX-MANAGER]:9443

Lastly, for those of you who are new to HCX or would like a step by step walk through of setting up HCX, Emad Younis just kicked off a new blog series on learning about HCX, which I highly recommend folks check out here.

Here are the instructions on using the PowerCLI script to automate the HCX OVA deployment:

Step 1 - Download the latest HCX Manager OVA from HCX Cloud (you will need to login with your cloudadmin credentials)

Step 2- Download the PowerCLI HCX deployment script here.

Step 3 - Edit the script with your HCX configuration and deployment details

Step 4 - You will need to connect to your vCenter Server by using the Connect-VIServer cmdlet and then run the deployment script using the following command:

.\deploy_hcx_manager.ova.ps1

Once the deployment is successful, you can now open a browser to https://[HCX-MANAGER]:9443 and login using the admin credentials that you had specified in the script. I also plan to do a follow-up to this blog post on automating the initial configuration using the HCX VAMI APIs, so stay tuned.