Create a Software Defined Data Center using VMware Cloud on AWS APIs

-
Gilles Chekroun
Lead NSX Systems Engineer - VMware Europe
---

 I like APIs very much. I was using Amazon Alexa and Lambda functions to demonstrate the power of VMware Cloud on AWS APIs
In this article, let's see how we can use the APIs to create an SDDC from scratch.
Since I am using Python, it will be easy to ask Alexa to do it as well !!

Login to VMware Cloud Services

Follow the URL https://console.cloud.vmware.com and login using your VMware ID.

Open the VMware Cloud on AWS tile
Check existing Organization

Pre-requisites

Before we can do anything with VMware Cloud APIs we need a number of parameters.
  • Org ID
  • Refresh-Token
We will also need to link our AWS account to the VMware Cloud environment to benefit from the ENI interconnection to the native AWS services.
  • Connected Account ID

Org ID

On the top right side we can see the Organization ID
There are 2 descriptors for Org ID: a shot one with 8 characters and a long one with 32
We will need the long one. Just click on the short ID to see the long one and vice-versa.

Refresh Token

On the right side, click on "OAuth Refresh Token"
Generate a new one if not present or make a note of the existing one

AWS account Linking

One of the very first step in deploying an SDDC is to link your AWS account to VMware Cloud. There is a Cloud formation template that will do that for you and allows VMware to create ENI and routing in the VPC you intend to use.

Connected Account ID

We have now our Refresh Token and Org ID. We have linked our AWS account. We need our Connected Account ID now.
To get that we will use yet another API.
In each VMware Cloud on AWS dashboard, there is a Developer Center section and API Explorer tab.
Open the first one "AWS Account Connection Operations" and go down to "Get a list of Connected Accounts"
Insert your Org ID and after execution the API response will give you the Connected Account ID

Examine the Create SDDC API

Back on the Developer Center API Explorer, let's get down to SDDC and "Provision SDDC"
This is a POST operation.

 Below the Request Body parameters:
  • "region": "EU_WEST_2"
        • This is the AWS region - here London
  • "num_hosts": "4"
        • This is the number of hosts in your SDDC cluster - min 4
  • "name": "Gilles-API"
        • This is the name of Your SDDC
  • "provider": "AWS"
        • This is the cloud provider.
  • "connected_account_id": "e15f5f10-xxxx-xxxx-9410-f418c64299de"
        • This is the Connected Account ID we got earlier
  • "customer_subnet_ids": ["subnet-85xxxxff"]
        • This is the AWS subnet(s) name in the AZ(s) your will use in your VPC
    • "vxlan_subnet": "10.25.0.0/23"
          • This is the Management Network of your SDDC
    • "deployment_type": "SingleAZ"
          • This is SingleAZ or MultiAZ deployment. MultiAZ will need 2 subnet_ids in 2 AZs
    The Request Body will look like:
    {
   "num_hosts": "4",
   "name": "Gilles-API",
   "provider": "AWS",
    "region": "EU_WEST_2",
    "account_link_sddc_config":
        [
            {
                "customer_subnet_ids": ["subnet-85xxxxff"],
                "connected_account_id": "e15f5f10-xxxx-xxxx-9410-f418c64299de"
            }
        ],
    "sddc_type": "",
    "deployment_type": "SingleAZ",
    "vxlan_subnet": "10.25.0.0/23"
}

    Use API to provision the SDDC

    Paste the request body above in the POST 
    SDDC Deployed after 2 hours or so.
    SDDC is attached to AWS VPC

    Simple Python code

    createSDDC function
    
def createSDDC(org_id, sessiontoken):

    myHeader = {'csp-auth-token': sessiontoken}
    myURL = strProdURL + "/vmc/api/orgs/" + org_id + "/sddcs"
    strRequest = {
        "num_hosts": "4",
        "name": "Gilles-API",
        "provider": "AWS",
        "region": "EU_WEST_2",
        "account_link_sddc_config":
            [
                {
                    "customer_subnet_ids": ["subnet-85xxxxff"],
                    "connected_account_id": "2e381262-xxxx-xxxx-97f4-783437d3a6b4"
                }
            ],
        "sddc_type": "",
        "deployment_type": "SingleAZ",
        "vxlan_subnet": "10.25.0.0/23"
    }

    response = requests.post(myURL, json=strRequest, headers=myHeader)
    jsonResponse = response.json()

    if str(response.status_code) != "202":
        print("\nERROR: " + str(jsonResponse['error_messages'][0]))

    return


    Complete code here.

    Comments

    Post a Comment

    Populars

    Egress VPC and AWS Transit Gateway (Part1)

    -
    Image
    Gilles Chekroun
 Lead VMware Cloud on AWS Solutions Architect --- Usually my blog posts are customer driven and recently I have been working on a design that would include an Egress VPC and AWS Transit Gateway. This customer is going to use both VMware Managed Transit Gateway and also AWS Transit Gateway. I will split this post in 3 parts: The Egress VPC - this article Adding a VMC SDDC to the Egress VPC here Adding VMware Managed Transit Gateway here Why do we need an Egress VPC? Numerous posts on AWS site  will describe how to build an Egress VPC and the subtleties of the various route tables of the TGW and the Egress VPC itself. The main goal is to have ONE Internet gateway only  that will allow workloads to go out to internet on the Egress VPC. One of the most important point is redundancy and multi-availability zones. Applications usually reside in private subnets, while NAT Gateways reside in a public subnet. NAT Gateways To focus the Internet access to a single point, we can cre
    Read more

    AWS Transitive routing with Transit Gateways in the same region

    -
    Image
    Gilles Chekroun Lead VMware Cloud on AWS Specialist --- At the AWS Re:invent 2019 conference, the long waited TGW peering functionality was announced and available in a few AWS regions. This is an INTER-REGION peering only meaning that the Transit Gateways need to be in different regions. Hoping that AWS will soon release an INTRA-REGION capability I discussed with a few AWS Solutions Architects in Las Vegas, among them Tom Adamski , about using a VPC as a bridge between two TGWs in the same region. Tom assured me that it is possible opening for the first time the transitive routing capability in AWS networking. Well . . . I needed to test that and see by myself. Test bed For a simple test, I will use 2 TGWs in the same regions with 2 VPCs attached each and another VPC as "bridge" connected to both TGWs. Yes you can connect a VPC up to 5 TGWs . The whole idea is to use this "bridging VPC" and point the default route of the TGWs to it. To do that I c
    Read more

    Considerations on vTGW to TGW Peering Link

    -
    Image
       Gilles Chekroun
 Lead VMware Cloud on AWS Solutions Architect --- Recently I was talking with a Customer on designing their VMware Cloud on AWS environment and linking it to their existing AWS infrastructure. The idea was to have 2 SDDCs, Test and Prod, and link them with a VMware Managed TGW and peer it to their existing TGW. The customer requirements were: VMs in each SDDC should have internet access from the SDDC out VMs from Test should be able to talk to VMs in Prod VMs in any SDDC should be able to access their own vCenter but also the other one Some VMs any SDDC should have a Public IP and NAT rule to be accessible from outside VMware traffic should stay within VMware SDDCs Other traffic, like on-prem, should go via the Customer TGW Test Setup Step1 - Create SDDC Group Create an SDDC Group and attach the 2 SDDCs Prod and Test Make sure the proper FireWall rules are open in each SDDC Compute GW. Step 2 - Attach the Customer TGW In the SDDC Groups, under External TGW TAB, add t
    Read more