VMware Cloud on AWS

Configuring Standalone vRealize Orchestrator with VMware Cloud on AWS

07/11/2019 by William Lam Leave a Comment

vRealize Orchestrator (vRO) is powerful workflow engine that many of our customers have been using to automate across a number of different VMware and 3rd party solutions. It is also a foundational component to vRealize Automation (vRA) and it enables our customers to build end-to-end IT and Developer workflows across different Clouds: Private, Public and Hybrid.

It should come as no surprise that existing vRO/vRA customers would like to take advantage of VMware Cloud on AWS and be able to add its vCenter Server instance to vRO for Automation purposes. A few weeks back, I had heard mixed results from our field and customers when attempting to add VMware Cloud on AWS vCenter Server endpoint to vRO. I was actually working with another customer on a related topic and I decided I give this a try in my lab, which was running the standalone vRO 7.5 Appliance.

I did indeed run into a problem when attempting to add vCenter Server as an endpoint in vRO. It turns out this was due to a bug with the vSphere vRO Plugin which has since been resolved with the latest vRO 7.6 release. In any case, there is a simple workaround for customers that are currently not running the latest vRO appliance and you can find the instructions below.

Automating HCX Multi-Site Service Mesh configuration using the new HCX PowerCLI cmdlets

07/01/2019 by William Lam Leave a Comment

With the latest Hybrid Cloud Extension (HCX) R121 release, the new HCX Multi-Site Service Mesh configuration option is now the default and preferred method for setting up HCX. In fact, the legacy "HCX Components" method, which is focused on deploying individual HCX Appliances has been deprecated in the latest release and will be removed in the future, in favor of the new simplified deployment option.

As many of you know, I have been doing quite a bit of HCX Automation with VMware Cloud on AWS (VMC) and with the recent PowerCLI 11.3 release which now includes new HCX Multi-Site Service Mesh (MSSM) cmdlets, I figured this would be a good time to update my automation to take advantage of the new HCX MSSM feature.

While trying out the new MSSM cmdlets, I ran into a couple of issues which took me awhile to figure out. The issue stems from the fact that you can not simply create some of the MSSM objects such as a Network or Compute Profile and then save the output to a variable for use with other CSSM cmdlets, which I found to be quite strange as that is one of the biggest benefit of PowerShell and being able to pipe objects between cmdlets. You have to perform a "GET" operation on the object that you had just created because the types returned are different between the New and Get cmdlets. In any case, here is a sample end-to-end workflow using the new MSSM cmdlets as I figured others may run into this problem scratching their head and the PowerCLI documentation was not very clear about this behavior, at least it was not apparent to me.

Automating HCX Add On for VMware Cloud on AWS

06/19/2019 by William Lam 1 Comment

Enabling Hybrid Cloud Extension (HCX) for a VMware Cloud on AWS SDDC is just a click of a button and is completely self-service which makes consuming the HCX Service extremely easy! All the hard work of deploying and configuring the required HCX infrastructure for your SDDC is completely automated for you by VMware when you click on "Deploy HCX" button.

Once the HCX infrastructure has been deployed in your SDDC, you can then deploy the respective HCX components for your on-premises vSphere environment which you can fully automate end-to-end which I have blogged about here.

Although the deployment of the HCX components for the SDDC is just click of a button, I recently had a need to automate this and I figure this would be a nice addition to my HCX PowerShell Community Module and complete the end-to-end story quite nicely from enabling the HCX Cloud Service to automating the deployment and configuration of the on-premises HCX components.

Forwarding VMC Events to AWS Lambda/CloudWatch using Log Intelligence Webhook

06/11/2019 by William Lam Leave a Comment

In my previous post, I provided an example on how customers can take advantage of Log Intelligence's Webhook capability to consume VMware Cloud on AWS (VMC) based events and extend that to other Public Cloud Services like Slack as an example to build new and interesting integrations. We took advantage of the fact that some of these Public Cloud Services either have native webhook support or have a built-in Webhook listener like IFTTT which in turn can support other services which may not have native Webhook support.

However, customers can also build their own Webhook listener, which is nothing more than being able to POST to an API endpoint with a pre-defined JSON payload. In fact, this would be needed for any on-premises integration if the solution does not support webhooks.

For VMC customers who currently consume AWS Services such as Lambda and CloudWatch, it is actually very easy to integrate these and other AWS Services directly using LINT's Webhook feature. In fact, I chose Lambda and CloudWatch as these are two of the mostly frequently asked integration points. At our recent VMC Customer Summit, which took place last month, I had built a demo based on an actual customer use case for sending specific VMC Events from LINT to Cloud Watch as that was their tool of choice for auditing purpose.

I decided to make use of Lambda as it allowed me to quickly integrate with CloudWatch and I could also show how lambda integration would work given the number of customers asking. Ultimately, Lambda also enabled me to easily build a Webhook listener to process the LINT Webhook by simply front-ending the Lambda function with an AWS API Gateway, which was super easy to setup and use.

Forwarding VMC Events to Slack using Log Intelligence Webhook

06/04/2019 by William Lam Leave a Comment

VMware Log Intelligence (LINT) is a public VMware Cloud Service that is available to all VMware Cloud on AWS (VMC) customers. LINT provides customers with a unified view of their SDDC infrastructure including vSphere, NSX and vSAN from a logging standpoint and LINT can also be used with an on-premises deployment. The LINT team recently published a nice overview here, which I highly recommend a read.

One really interesting capability of LINT is the alert and notification feature, which includes UI and email, but what really stood out to me with this feature is that you can also trigger a Webhook! This means you can literally integrate with any external system including public cloud services that can receive or process a Webhook. Some examples can include publishing to a specific Slack channel, sending an SMS to your SRE team, an alert in PagerDuty or even calling an AWS Lambda function. The possibilities are truly endless on what you can do with a Webhook integration!

For our recent VMC Customer Summit, I thought it would be really cool to show off some demos on what you could do with LINT Webhooks. In this blog post, I will show you how to use the If Then This That (IFTTT) service which natively supports Webhooks and publish a specific VMC event into a Slack channel. Slack also supports native webhooks, but using IFTTT, you can apply this example to other Cloud Services that you may want to integrate with.

Connecting to NSX-T Policy API using NSX-T Private IP in VMC

05/30/2019 by William Lam 1 Comment

As explained in my Getting started with NSX-T Policy API in VMware Cloud on AWS (VMC) article, there are two ways in which you can interact with the NSX-T Policy API in VMC. The initial method is with the NSX-T Reverse Proxy which designed for initial setup including Edge Firewall and connectivity configuration (VPN/Direct Connect). Once you have enabled remote access from your network to the SDDC, you can continue using the reverse proxy method or you can connect directly to the NSX-T Manager via its private IP Address.

So how do you actually connect to the NSX-T Manager using its private IP? To be honest, this was not something I had to do before as I really like the simplicity of the reverse proxy but since this came up today in one of our VMC Slack channels, I figured I take a closer look.