Deploy a Virtual Machine in VMware Cloud on AWS vCenter from an S3 bucket

-
Gilles Chekroun
Lead NSX Systems Engineer - VMware Europe
---

The magic of Elastic Network Interfaces

         During a recent discussion with a customer, the need for deploying a bunch of tests Virtual Machines over a VMware Cloud on AWS vCenter has risen and the customer asked if it would be possible to use AWS S3 as the repository for that.
Absolutely YES ! 
And this is where having native AWS resources access using ENI in VMware Cloud on AWS is coming into play.
In that case we are going to setup an end point in our VPC to S3 so the traffic stays in the same region and on the internal AWS network.
NO Egress Charges !!

Create S3 endpoint

  • Log in AWS console and select VPC / Endpoints
  • Choose S3 Service
  • Select your VPC and route table
  • Create the S3 End Point
To make sure NO traffic will go across the Internet, and for this test, detach any Internet Gateways (IGW) from your VPC.

Setup Firewall rules 

Open your VMware Cloud on AWS dashboard and create 2 Firewall rules for ENI inbound and ENI outbound
The ENI Outbound rule will allow all traffic from our VM source network (192.168.1.0/24) to our AWS VPC
The ENI Inbound rule is for the return way.

Copy your OVA to S3

  • Select the OVA you want to deploy and copy it to an S3 bucket preferably in the same region where your SDDC is deployed.
  • Make it public
  • Make a note of the S3 URL
A nice way to bulk transfer data to S3 is to use AWS Snowball

Open VMware Cloud on AWS vCenter 


 In VMware Cloud on AWS vCenter, right click on "Compute-ResourcePool" and select "Deploy OVF Template".
Select the URL option and paste the S3 Link saved previously.
Skip the SSL certificate verification and proceed to the next screen.
Select a Name and a Folder for the deployment.
Select the compute resource pool
NOTE: At this stage you may hit an issue that will trigger the following error: "OVF parameter chunkSize with value XXXXXXXXXX is currently not supported"
Please refer to this article to have a workaround.

 Review the details.
Accept License agreement.

Select storage.
Select Network.
And finally, click FINNISH to deploy.
Check Recent Tasks status on the vCenter and wait for completion.
Choose the deployed Virtual Machine and power it on.
Launch the web console and access your Virtual Machine.
Et voila, our Virtual Machine is up and running.



Comments

Post a Comment

Populars

Egress VPC and AWS Transit Gateway (Part1)

-
Image
Gilles Chekroun
 Lead VMware Cloud on AWS Solutions Architect --- Usually my blog posts are customer driven and recently I have been working on a design that would include an Egress VPC and AWS Transit Gateway. This customer is going to use both VMware Managed Transit Gateway and also AWS Transit Gateway. I will split this post in 3 parts: The Egress VPC - this article Adding a VMC SDDC to the Egress VPC here Adding VMware Managed Transit Gateway here Why do we need an Egress VPC? Numerous posts on AWS site  will describe how to build an Egress VPC and the subtleties of the various route tables of the TGW and the Egress VPC itself. The main goal is to have ONE Internet gateway only  that will allow workloads to go out to internet on the Egress VPC. One of the most important point is redundancy and multi-availability zones. Applications usually reside in private subnets, while NAT Gateways reside in a public subnet. NAT Gateways To focus the Internet access to a single point, we can cre
Read more

AWS Transitive routing with Transit Gateways in the same region

-
Image
Gilles Chekroun Lead VMware Cloud on AWS Specialist --- At the AWS Re:invent 2019 conference, the long waited TGW peering functionality was announced and available in a few AWS regions. This is an INTER-REGION peering only meaning that the Transit Gateways need to be in different regions. Hoping that AWS will soon release an INTRA-REGION capability I discussed with a few AWS Solutions Architects in Las Vegas, among them Tom Adamski , about using a VPC as a bridge between two TGWs in the same region. Tom assured me that it is possible opening for the first time the transitive routing capability in AWS networking. Well . . . I needed to test that and see by myself. Test bed For a simple test, I will use 2 TGWs in the same regions with 2 VPCs attached each and another VPC as "bridge" connected to both TGWs. Yes you can connect a VPC up to 5 TGWs . The whole idea is to use this "bridging VPC" and point the default route of the TGWs to it. To do that I c
Read more

Considerations on vTGW to TGW Peering Link

-
Image
   Gilles Chekroun
 Lead VMware Cloud on AWS Solutions Architect --- Recently I was talking with a Customer on designing their VMware Cloud on AWS environment and linking it to their existing AWS infrastructure. The idea was to have 2 SDDCs, Test and Prod, and link them with a VMware Managed TGW and peer it to their existing TGW. The customer requirements were: VMs in each SDDC should have internet access from the SDDC out VMs from Test should be able to talk to VMs in Prod VMs in any SDDC should be able to access their own vCenter but also the other one Some VMs any SDDC should have a Public IP and NAT rule to be accessible from outside VMware traffic should stay within VMware SDDCs Other traffic, like on-prem, should go via the Customer TGW Test Setup Step1 - Create SDDC Group Create an SDDC Group and attach the 2 SDDCs Prod and Test Make sure the proper FireWall rules are open in each SDDC Compute GW. Step 2 - Attach the Customer TGW In the SDDC Groups, under External TGW TAB, add t
Read more