In this post, we will be reviewing the steps on setting up and operationalizing vCloud Availability 3.0 (vCAv) for a provider site.
There is a presumption that you will be deploying for production, so that is what I’ll be reviewing. The consolidated (combined) appliance would be an easier deployment, but still requires the below configurations post-deployment.
Recap of the Provider steps:
- Deployment of Cloud Replication Management (CRM) Instance
- Initial Replication Management Setup
- Initial Setup Wizard
- Deploy vCAv Replicator(s)
- Deploy vCAv Tunnel
- Configuration of CRM instance and start of site wizard
- Configuration of Replicator
- Pairing Replicator with Replication Manager
- Configuration of Tunnel
- Available DNS and NTP server
- SSO Lookup Service Address
- Routing and Firewall Ports in place – see below for further insight
- vCenter and vCD on interoperability matrix
- Certificate Management – all certificates can be managed via the UI utilizing PKCS#12 certificates. Services must be restarted post-import.
Provider Port Mapping
Below is a diagram my esteemed peer, Chris Johnson, worked up for our upcoming EMPOWER presentation.
- Establishing a DNAT rule from 443 to 8048 is crucial for tunnel connectivity. This also has to be set as the API endpoint and will be pushed from the CRM instance.
- Ensure we can route and have direct port access between payload/resource vCenters, replicators, and Cloud Management.
Deployment of Cloud Replication Management (CRM) Instance
All of the roles we deploy for the provider will be coming from a single OVF – this is very similar to other VMware based virtual appliances. However, during the OVF deployment process, you will be prompted for the below role selection. For deployment of CRM, select Cloud Replication Management.
Initial Replication Manager Setup
Wait a few moments post-power on for initial configuration to take place, then open a browser to https://crm-fqdn:8441 so we can set the initial lookup service configuration.
We will be prompted for changing the default password. Note this is the same process for any newly deployed vCAv appliance and must be done on initial login –
From our initial screen, we can see that we have two issues: 1) missing Lookup Service settings and 2) Configured Replicators – there is none. The latter is fine for now, we will pair the replicator once we are done with the site wizard.
Let’s go over to Configuration and set the lookup service –
Accept the certificate…
As discussed prior, we will not see any replicators right now and will come back at a later time.
Initial Setup Wizard
Open a new tab to https://crm-fqdn/ui/admin and log in with your root account.
From here, we can see a link to run the initial setup wizard –
This is a very simple wizard that brings us through the site setup. From the beginning, we need to set a sitename. Note that you cannot utilize spaces and it is case-sensitive.
Second, set your public API endpoint address. Note this is where the traffic will ingress in from your tunnel node. In my lab environment, I will be directly connecting over 8048 (compared to traditional perimeter environment that would utilize 443 and DNAT rule to forward that traffic).
Here’s what I would if that was the case.
Next, lookup service address. You’ll be setting this quite a bit. ?
vCD configuration – note that you must include /api after the vCD FQDN. Also, during this initial setup, vCAv will take care of publishing the Availability plugin to your vCD instance. On boot of the CRM vCAv appliance (or during any upgrade), the plugin will refresh or push an update if required – very nice.
Apply your vCAv license key –
Consent or remove the check for the VMware Customer Experience Improvement Program (CEIP) –
Finally, we review our desired state. Verify everything looks to your specification, and hit complete.
This will take a few moments for the configuration. You will be prompted to log back in and you will be brought to the vApp Replication Manager Admin UI page. You can now utilize vCD administrative credentials too!
Let’s click on the Configuration link on the left side. As we can see, we still have some work to do for the Replicator and Tunnel configuration.
Deploy vCAv Replicator(s)
Next up, let’s configure the Replicator instance. Repeat this process for every required Replicator needed for your environment.
Open a tab to https://replicator-fqdn/ui/admin –
After setting your password, you will be prompted to set the lookup service address –
That’s it for the replicator! Now, we are ready to pair this replicator with the Replication Manager.
Pairing Replicator with Replication Manager
Open your tab to https://crm-fqdn:8441 and browse to Replicators on the left side –
Let’s click the New button and open up the wizard –
We need to provide the fully qualified domain name along with port 8043 (this is what’s utilized for the Replication Manager to Replicator API connectivity) along with the appliance password and SSO administrator credentials.
Once paired, we will see it in the list. Repeat this process for any additional replicators.
Now, from the CRM Provider UI, we can see a newly added Replicator instance. Next up, Tunnel configuration.
Configuration of Tunnel
Final configuration – let’s configure the tunnel for inbound and outbound connectivity. Browse to https://tunnel-fqdn/ui/admin and login –
Once you set your password, you will be prompted to set two things: 1) lookup service address and 2) Public API endpoint
As discussed before, the public API endpoint will be based off of your network topology. For my lab, I am using direct 8048 access. However, if I was going to DNAT from a public IP/FQDN utilizing 443, I would have the following –
Once completed, we will see the two fields completed.
Let’s hop over to the CRM Provider UI configuration and configure the tunnel –
From here, we need to establish CRM to Tunnel API communication, which happens on port 8047 –
Type in the appliance password. Once applied, we will see a tunnel configuration (again, I was using 443 for a period of time, but you will see 8048 for future configurations).
After any port changes, we recommend doing a service restart. This can be achieved by going to System Monitoring and clicking Restart Service –
After a site deployment and configuration, I always walk through to see service health.
From the main provider UI page, I can see overall system health –
From my System Monitoring page, we can see everything is green and I see my Tunnel and associated Replicators –
From vCloud Director, my plugin is also available too for self-service management.
- As depicted above, deployment is rather straight forward and pretty seamless.
- Site Deployment must be done on a per-vCD instance basis. So if you have four sites, expect to do this four times.
Next up, Tenant/On-Premises setup.