Posts

VMware Cloud on AWS: SDDC Design Considerations

Image
Gilles Chekroun
Lead VMware Cloud on AWS Specialist
---
With the recent August 2019 release of VMware Cloud on AWS 1.8, a few interesting improvements are now available concerning the vSAN and Elastic vSAN storage capabilities.
The goal of this blog article is to recap the different options around SDDC design and specifically about stretched and non-stretched clusters.
AWS EC2 Bare metal InstancesAs of now, the VMware Cloud on AWS Service is available with two types of EC2 bare metal instances from AWS:
i3.metalR5.metalThe AWS i3.metal specs are:               The AWS R5.metal specs are: - Intel Xeon E5-2686 v4 processors- Intel® Xeon® Platinum 8000 Series (Skylake-SP)- 36 cores- 48 cores- 2.3 GHz- 2.5 GHz- 512 GiB RAM- 768 GiB RAM- 15TB NVMe flash- EBS Storage only (15-35 TB)- 25 Gbps Networking- 14 Gbps EBS Bandwidth- 25 Gbps Networking
Other instances in specific areas like GPU or high memory will come later.
Elastic vSANElastic vSAN, with R5.metal hosts, is a VMware Cloud on AWS cl…

VMware Cloud on AWS: NSX networking and Security eBook

Image
Gilles Chekroun
Lead VMware Cloud on AWS Specialist
---
It's off the press and ready to download.
It was a great pleasure to write this book together with my colleagues Humair Ahmed and Nico Vibert

Download the e-book

Use PowerCLI to set your SDDC Policy Based VPN

Image
Gilles Chekroun
Lead VMware Cloud on AWS Specialist
---
In the previous post, we talked about using PowerCLI to setup a route-based VPN. This post will show how to setup a policy based VPN.
For that I will use a new AWS VPC and a Customer Gateway with a Virtual Gateway in AWS natively.
This sets up 2 VPN tunnels with static routes compared to the BGP routes with the route-based VPN.


PowerCLI FunctionsNew-NSXTPolicyBasedVPNGet-NSXTPolicyBasedVPNRemove-NSXTPolicyBasedVPNJSON and PSObjectsIn this post I want to go a bit deeper on the relation between JSON and the PowerShell Objects. To set the VPN Tunnels, we use API calls and with that we need to pass a payload that will carry our multiple parameters like IP addresses, passwords, IKE and Tunnel encryption digest / algorithms.

The Java Script Object Notation (JSON) is mostly used with APIs and our NSX-T Policy APIs are not any exception. When we write a PowerCLI function we need to map the JSON notation to PowerShell.
For example, [...] in JSON …

Use PowerCLI to set your SDDC Route Based VPN

Image
Gilles Chekroun
Lead VMware Cloud on AWS Specialist
---
To Create a Site-to-Site VPN, there are basically 2 methods:
- a route based VPN
- a policy based VPN
This article will describe the route based VPN between VMware Cloud on AWS as local site and AWS Transit Gateway as remote site.
Following up on my previous article on building SDDC Firewall rules using PowerCLI, William and I did more work to build new functions related to VMware Cloud on AWS Route based VPN.
We examined the 5 API calls needed to build a route based VPN tunnel here. This was using Python code.
PowerCLI functionsUsing Power Shell and PowerCLI is more simple.
We built 3 functions:

    - Create Route Based VPN
    - Get Route Based VPN info
    - Delete Route Based VPN

Create Route Base VPNStep 1 - Get the NSX-T and VMC PowerShell modules. Download and import VMware.VMC.NSXT and VMware.VMC.
    Import-Module ./VMware.VMC.NSXT.psd1     Import-Module ./VMware.VMC.psd1     Step 2 - Get the Refresh-Token, Org name and SDDC name and a…

Use PowerCLI to set your SDDC Firewall rules

Image
Gilles Chekroun
Lead VMware Cloud on AWS Specialist
---
One thing I really like about VMware is the team spirit of that company. People are always here to help you, sharing their experiences and knowledge. We have our EPIC2 values and one guy in particular stands out for Passion and Community.
It's William Lam
He is well known in our community for his "virtuallyGhetto" blog and the 1000+ posts he wrote over many subjects and technologies. Recently, I asked him what API should i use to retrieve the VMC SDDC Public IP address and he replied to me with a blog post !! Amazing.
William wrote many PowerShell modules and in particular the ones for NSX-T and VMC.
Download and import VMware.VMC.NSXT and VMware.VMC PowerShell modules. We will need them later.
This article will describe how to automate tasks after SDDC deployment like creating logical segments, setting up Firewall rules on MGW (the Management Gateway) and most importantly on CGW (the Compute Gateway).

PowerShell Install o…

Deploy VMware Cloud on AWS Route Based VPN with API

Image
Gilles Chekroun
Lead VMware Cloud on AWS Specialist
---
Following my articles on AWS Transit Gateway here and here, I found it quite complex to setup the VPN connection and the 2 tunnels from TGW VPN attachment to VMC route based VPN using the GUI.

AWS VPN Naming and VMC VPN relationshipWhen creating the AWS TGW VPN attachment, AWS gives the possibility to "download configuration file"
AWS - VMC relationship: Once this is clear, it's time to map these parameters to our API Calls.
Five API calls For properly setting a Route Based VPN to AWS TGW we need 5 API calls:
Get the NSX-T Proxy URLGet the SDDC Public IPSet Local AS NumberSet BGP Neighbour IDSet VPN TunnelsBefore we can do any API calls into VMC we need a few parameter like "Refresh-Token", "Org-ID", "SDDC-ID". Refer to my earlier post here on how to get them.
Get NSX-T Proxy URLThis API call will get "Org-ID, SDDC-ID and Session-Token" and will return the NSX-T Proxy URL you need in t…