Posts

Using Terraform to provision vSphere Templates with GOVC and AWS S3

Image
Gilles Chekroun
Lead VMware Cloud on AWS Solutions Architect
---
With my recent post about using Terraform for VMware Cloud on AWS provisioning, I had to provision OVA templates in my VMC vCenter so I would be able to use the Terraform vSphere provider to clone and deploy VMs.
Since this requires access to ESXi inside VMware Cloud on AWS, it's not possible to do it from an external machine like my Mac over the internet.
Only coming from a VPN connection or a Direct Connect will allow this but . . . 
. . . it is possible to use an AWS EC2 instance on the attached VPC to provision and this is the goal of this post.
AWS EC2 DeploymentUsing AWS terraform provider, I am deploying a very simple EC2 without any initialisation. I could do the provisioning at this time but my code needs output parameters stored in the tfstate file. What I need now is the Public IP and the Public DNS name of my EC2 instance. This will be part of the terraform output. Connect to the EC2 with SSHBefore we can connect to…

Using Terraform with multiple providers in multiple phases to deploy and configure VMware Cloud on AWS

Image
Gilles Chekroun
Lead VMware Cloud on AWS Solutions Architect
---
With the recent development of new VMware Terraform providers for NSX-T and VMware Cloud on AWS, we have now the possibility to create code for a full automation and deployment of Infrastructure including AWS, VMC, NSX-T and vSphere.

ArchitectureThis code architecture will be done in 3 phases and the output of one phase will be used as input for another.
The code is done using Terraform modules. The first phase will use AWS provider combined with VMC provider. Terraform AWS provider and the VPC moduleWe will start with terraform.tfvars file to hold our secret parameters. // VMC Credentials vmc_token = "Your VMC API Token" // AWS Credentials access_key = "Your AWS Access Key" secret_key = "Your AWS Secret Key" AWS_account = "Your AWS Account Number" // ORG ID my_org_id = "Your VMC ORG ID" The variables.tffile will hold different parameters like VPC subnets range and AWS …

AWS Transitive routing with Transit Gateways in the same region

Image
Gilles Chekroun
Lead VMware Cloud on AWS Specialist
---
At the AWS Re:invent 2019 conference, the long waited TGW peering functionality was announced and available in a few AWS regions. This is an INTER-REGION peering only meaning that the Transit Gateways need to be in different regions.
Hoping that AWS will soon release an INTRA-REGION capability I discussed with a few AWS Solutions Architects in Las Vegas, among them Tom Adamski, about using a VPC as a bridge between two TGWs in the same region. Tom assured me that it is possible opening for the first time the transitive routing capability in AWS networking.

Well . . . I needed to test that and see by myself.
Test bed
For a simple test, I will use 2 TGWs in the same regions with 2 VPCs attached each and another VPC as "bridge" connected to both TGWs. Yes you can connect a VPC up to 5 TGWs.
The whole idea is to use this "bridging VPC" and point the default route of the TGWs to it. To do that I create 2 subnets on the bri…

VMware Cloud on AWS: SDDC Design Considerations

Image
Gilles Chekroun
Lead VMware Cloud on AWS Specialist
---
With the recent August 2019 release of VMware Cloud on AWS 1.8, a few interesting improvements are now available concerning the vSAN and Elastic vSAN storage capabilities.
The goal of this blog article is to recap the different options around SDDC design and specifically about stretched and non-stretched clusters.
AWS EC2 Bare metal InstancesAs of now, the VMware Cloud on AWS Service is available with two types of EC2 bare metal instances from AWS:
i3.metalR5.metalThe AWS i3.metal specs are:               The AWS R5.metal specs are: - Intel Xeon E5-2686 v4 processors- Intel® Xeon® Platinum 8000 Series (Skylake-SP)- 36 cores- 48 cores- 2.3 GHz- 2.5 GHz- 512 GiB RAM- 768 GiB RAM- 15TB NVMe flash- EBS Storage only (15-35 TB)- 25 Gbps Networking- 14 Gbps EBS Bandwidth- 25 Gbps Networking
Other instances in specific areas like GPU or high memory will come later.
Elastic vSANElastic vSAN, with R5.metal hosts, is a VMware Cloud on AWS cl…

VMware Cloud on AWS: NSX networking and Security eBook

Image
Gilles Chekroun
Lead VMware Cloud on AWS Specialist
---
It's off the press and ready to download.
It was a great pleasure to write this book together with my colleagues Humair Ahmed and Nico Vibert

Download the e-book

Use PowerCLI to set your SDDC Policy Based VPN

Image
Gilles Chekroun
Lead VMware Cloud on AWS Specialist
---
In the previous post, we talked about using PowerCLI to setup a route-based VPN. This post will show how to setup a policy based VPN.
For that I will use a new AWS VPC and a Customer Gateway with a Virtual Gateway in AWS natively.
This sets up 2 VPN tunnels with static routes compared to the BGP routes with the route-based VPN.


PowerCLI FunctionsNew-NSXTPolicyBasedVPNGet-NSXTPolicyBasedVPNRemove-NSXTPolicyBasedVPNJSON and PSObjectsIn this post I want to go a bit deeper on the relation between JSON and the PowerShell Objects. To set the VPN Tunnels, we use API calls and with that we need to pass a payload that will carry our multiple parameters like IP addresses, passwords, IKE and Tunnel encryption digest / algorithms.

The Java Script Object Notation (JSON) is mostly used with APIs and our NSX-T Policy APIs are not any exception. When we write a PowerCLI function we need to map the JSON notation to PowerShell.
For example, [...] in JSON …