Contents

Using vRA with VMC on AWS: Getting Started

vRealize Automation can be used to automate the deployment of workloads to a VMware Cloud on AWS Software-Defined Data Center (SDDC). Let’s learn how you can get started with using vRealize Automation with VMware Cloud on AWS.

Demo Product Versions

  • vRA Cloud
  • VMware Cloud on AWS (SDDC version 1.14v4)

Prerequisites

VMC on AWS:

  • SDDC deployed
  • Access to the SDDC

Process Overview

  1. Deploy a vRA Cloud Proxy in the VMC on AWS SDDC.
  2. Add firewall rules for vRA Cloud Proxy.
  3. Configure vRA resources to consume VMC on AWS SDDC.

Demo / Example

Deploy a vRA Cloud Proxy

  1. In vRA Cloud Assembly, go to Infrastructure > Cloud Proxies. Click “NEW”.
    /2021-07-23-vrac-proxy-in-vmc/step1.png
  2. Click “DOWNLOAD OVA”. You can use the OVA file link as well, but from my experiences, downloading it locally has been more successful instead of using the link. Remember to rename the OVF template to vCenter1_vmc_va.ova after it’s done downloading.
    /2021-07-23-vrac-proxy-in-vmc/step2.png
  3. Go to the VMC on AWS SDDC vSphere Client and deploy OVF template.
    /2021-07-23-vrac-proxy-in-vmc/step3-1.png
    /2021-07-23-vrac-proxy-in-vmc/step3-2.png
    /2021-07-23-vrac-proxy-in-vmc/step3-3.png
    /2021-07-23-vrac-proxy-in-vmc/step3-4.png
    /2021-07-23-vrac-proxy-in-vmc/step3-5.png Note that since this is a VMC on AWS SDDC, you can only select the WorkloadDatastore.
    /2021-07-23-vrac-proxy-in-vmc/step3-6.png
    /2021-07-23-vrac-proxy-in-vmc/step3-7.png Go back to vRA Cloud Assembly to copy the One-Time Key (OTK).
    /2021-07-23-vrac-proxy-in-vmc/step3-8.png
    /2021-07-23-vrac-proxy-in-vmc/step3-9.png
    /2021-07-23-vrac-proxy-in-vmc/step3-10.png I’m going to leave all the networking properties blank and let DHCP assign an IP address to this VM.
    /2021-07-23-vrac-proxy-in-vmc/step3-11.png
    /2021-07-23-vrac-proxy-in-vmc/step3-12.png
  4. Once the vRA Cloud Proxy is deployed, power it on. The Cloud Proxy will receive an IP address on the network that you’ve chosen during the deployment. Note the IP address.
    /2021-07-23-vrac-proxy-in-vmc/step4.png

Create Firewall Rules for vRA Cloud Proxy

  1. Go to VMC on AWS UI > Networking & Security > Groups > Management Groups. Click “ADD GROUP” to create a new group for the vRA Cloud Proxy VM. Click “Set Members”.
    /2021-07-23-vrac-proxy-in-vmc/step5.png
  2. Type in the vRA Cloud Proxy VM IP address that you noted down from earlier.
    /2021-07-23-vrac-proxy-in-vmc/step6.png
  3. Go to Networking & Security > Gateway Firewall > Management Gateway. Add three rules like shown in the screenshot below. These rules allow communications between the vRA Cloud Proxy and vCenter, ESXi, and NSX respectively. Remember to publish the rules.
    /2021-07-23-vrac-proxy-in-vmc/step7.png
  4. Go to VMC on AWS UI > Networking & Security > Groups > Compute Groups. Create a new group for the vRA Cloud Proxy VM like you did in the Management Groups section.
  5. Go to Networking & Security > Gateway Firewall > Compute Gateway. Add a rule that allows vRA Cloud Proxy to send outbound traffic to the Internet, as shown in the screenshot below. Remember to publish the rule.
    /2021-07-23-vrac-proxy-in-vmc/step9.png
  6. Go to vRA Cloud Assembly > Infrastructure > Cloud Proxies. After some time, you will see the Cloud Proxy VM here. This can take several hours.
    /2021-07-23-vrac-proxy-in-vmc/step10.png

Configure vRA Cloud Assembly Resources

  1. Create a VMC on AWS cloud account.
    /2021-07-23-vrac-proxy-in-vmc/step11.png
  2. For the VMC API token, you can generate by clicking on your name > My Account > API Tokens > GENERATE TOKEN. Give access to VMware Cloud on AWS. Remember to save the token in a safe place if you’d like to use it again in the future. You will not be able to see the token again after you see it generated the first time.
    /2021-07-23-vrac-proxy-in-vmc/step12-1.png
    /2021-07-23-vrac-proxy-in-vmc/step12-2.png
  3. Go to “Compute” and click “Cluster-1 / Compute-ResourcePool”. Give it a capability tag. This is the only place vRA is allowed to deploy workloads in a VMC on AWS SDDC.
    /2021-07-23-vrac-proxy-in-vmc/step13.png
  4. Create a cloud zone. Give it a capability tag; use the same one you’ve used for the Compute-ResourcePool.
    /2021-07-23-vrac-proxy-in-vmc/step14.png
  5. Click “Compute” and manually select “Cluster-1 / Compute-ResourcePool”.
    /2021-07-23-vrac-proxy-in-vmc/step15.png
  6. Create a network profile and give it a capability tag; use the same on you’ve been using. Configure the network profile appropriately depending on the use case.
    /2021-07-23-vrac-proxy-in-vmc/step16.png
  7. Create a storage profile and select “WorkloadDatastore”. Give a same capability tag here as well.
    /2021-07-23-vrac-proxy-in-vmc/step17.png
  8. Remember to create an image mapping and a flavor mapping.

vRA can now deploy to the VMC on AWS SDDC. Remember to use the capability tag that you’ve created when creating the template that deploys to the VMC on AWS SDDC!

Demo / Example Template YAML

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
formatVersion: 1
inputs: {}
resources:
  Cloud_Machine_1:
    type: Cloud.Machine
    properties:
      image: 'Ubuntu-20.04'
      flavor: 'size-small'
      networks:
        - network: '${resource.Cloud_Network_1.id}'
  Cloud_Network_1:
    type: Cloud.Network
    properties:
      networkType: existing
      constraints: 
        - tag: vmconaws-sddc-02

Credit: Thanks to my colleague, Michael Patton, for working with me on this.