Embed Size (px)
Citation preview
Table of ContentsLab Overview - HOL-HBD-1681 - vCloud Air - Jump Start for vSphere Admins ..................2
Table of Contents .................................................................................................... 3Lab Guidance and Introduction ............................................................................... 4
Module 1 - vCloud Air: Architecture and Consumption Principles (15 Min)........................6vCloud Air Concepts................................................................................................ 7vCloud Air Student Check-in ................................................................................. 16Access Virtual Data Center.................................................................................... 19
Module 2 - Identifying and Deploying Workloads in vCloud Air (30 Min) .........................26Creating a Virtual Machine in Virtual Private Cloud OnDemand ............................27Reviewing Virtual Machine Details in Virtual Private Cloud OnDemand ................35
Module 3 - Hybrid Cloud Manager (5 Min)....................................................................... 41Hybrid Cloud Manager Introduction ...................................................................... 42
Module 4 - vCloud Air: Networking and Security Basics (30 Min) ....................................45vCloud Air: Networking and Security Basics.......................................................... 46Introduction to vCloud Air NAT and Firewalls......................................................... 53
Module 5 - Object Storage (5 Min) .................................................................................. 58Object Storage Overview ...................................................................................... 59
HOL-HBD-1681
Page 1HOL-HBD-1681
Lab Overview - HOL-HBD-1681 - vCloud Air -Jump Start for vSphere
Admins
HOL-HBD-1681
Page 2HOL-HBD-1681
Table of ContentsTable of Contents
Lab Guidance and Introduction
Module 1 - Architecture and Consumption Principles (15 Min)
• vCloud Air Concepts• vCloud Air Student Check-in• vCloud Air User Interface• Role based access controls
Module 2 - Identifying and Deploying Workloads in vCloud Air (30 Min)
• Creating a Virtual Machine in Virtual Private Cloud OnDemand• Reviewing Virtual Machine Details in Virtual Private Cloud OnDemand
Module 3 - Hybrid Cloud Manager (5 Min)
• Hybrid Cloud Manager overview
Module 4 - Networking and Security Basics (30 Min)
• vCloud Air Networking and Security Basics• Introduction to vCloud Air NAT and Firewalls
Module 5 - Object Storage Manager (5 Min)
• Object Storage Manager overview
HOL-HBD-1681
Page 3HOL-HBD-1681
Lab Guidance and IntroductionHOL-HBD-1681 - vCloud Air Jump Start for vSphere Admins
This lab will provide you with the basic skills necessary to successfully navigate thevCloud Air User Interface (UI). After completing this lab, you will be able to:
• Understand the different service tiers that the vCloud Air offers• Navigate your way around the vCloud Air user interface• Deploy your first virtual machine inside the vCloud Air portal• Understand the basic network and security principles required to connect a
virtual machine to an external network
The tasks above are split up into 5 Lightning Lab modules, each is designed to takebetween 5-30 minutes to complete. You will have a total of 90 minutes to complete thislab sitting. Depending on how much time you have available, you can go through thislab all at once, or choose to break them up over several lab sittings.
The tasks are broken up into the following modules:
Module 1: Architecture and Consumption PrinciplesDuration: 15-30 minutesPurpose: Understand the different service offerings and navigate your way around the vCloud Air user interfaceLab Captain: Jodi Shely
Module 2: Identifying and Deploying Workloads in vCloud AirDuration: 15-30 minutesPurpose: Deploy your first virtual machine in the vCloud Air portalLab Captain: Cleavon Roberts
Module 3: Hybrid Cloud ManagerDuration: 5 minutesPurpose: Overview of Hybrid Cloud ManagerLab Captain: Patrick Mahoney
Module 4: vCloud Air: Networking and Security BasicsDuration: 15-30 minutesPurpose: Understand the basic network and security principles required to connect a virtual machine to an external networkLab Captain: Cleavon Roberts
Module 5: Object Storage OverviewDuration: 5 minutesPurpose: Understand what Object Storage is how you can store data as objects.Lab Captain: Patrick Mahoney
Next Steps: Upon completion of this lab, you may consider taking one of the followinglabs for additional guidance on vCloud Air:
HOL-HBD-1681
Page 4HOL-HBD-1681
• HOL-HBD-1682 – vCloud Air Hybridity & Networking• HOL-HBD-1683 – vCloud Air Manage Your Hybrid Cloud• HOL-HBD-1684 - vCloud Air Disaster Recovery
IMPORTANT! Please note that in this lab you are working in a "LIVE" vCloud Airinstance. External access from the lab environment to the internet will be providedthrough the browser.
HOL-HBD-1681
Page 5HOL-HBD-1681
Module 1 - vCloud Air:Architecture and
Consumption Principles(15 Min)
HOL-HBD-1681
Page 6HOL-HBD-1681
vCloud Air ConceptsvCloud Air Concepts
VMware vCloud® Air™ is a public cloud service that enables you to quickly and securelytake advantage of the benefits of the cloud while extending and maximizing the value ofyour existing on-premises IT investments. vCloud Air leverages the same tools,technologies and skills that you already have while delivering new cloud capabilitiesthat allow your organization to drive business innovation.
Service Offerings
There are currently three classes of compute service. Dedicated Cloud, Virtual PrivateCloud, and Virtual Private Cloud OnDemand.
HOL-HBD-1681
Page 7HOL-HBD-1681
Dedicated Cloud Details
Dedicated Cloud provides a single-tenant private cloud with dedicated computingservers (air-gapped), layer-2 network isolation for workload traffic, dedicated storagevolumes, and a dedicated cloud management instance. Infrastructure capacity may besubdivided into multiple logically-isolated virtual data centers, each with their ownnetworking edge gateway and resource reservation models.
The Dedicated Cloud baseline offering starts with 35GHz of Compute (vCPU) capacity,240GB of vRAM, and 6TB of Storage. 3 public IP adresses are also provided, as well as a50 Mbps internet bandwidth that is burstable to 1 Gbps. Direct Connect options areavailable that can provide 1Gbps and 10Gbps of point-to-point connectivity. Customerscan increase the capacity of their dedicated clouds by purchasing additional blocks ofstorage and compute in the increments you see above.
Dedicated Cloud is offered on a monthly subscription basis today.
Virtual Private Cloud Details
Virtual Private Cloud
Virtual Private Cloud provides a multi-tenant environment with logically isolatedresources on a shared physical infrastructure, configured as a single virtual data center(“VDC”) with networking resources.
HOL-HBD-1681
Page 8HOL-HBD-1681
The Virtual Private Cloud offering starts at 10GHz of Compute (vCPU), 20GB of vRAM,and 2TB of Storage. In addition, 2 public IP addresses are provided, as well as a 10 Mbpsnetwork link, burstable to 50 Mbps. Direct Connect options are available that canprovide 1Gbps of point-to-point connectivity.
As with the Dedicated Cloud, customers can increase capacity of their Virtual PrivateClouds by purchasing additional resources in the block sizes reflected above.
Virtual Private Cloud is offered on a monthly subscription basis today.
HOL-HBD-1681
Page 9HOL-HBD-1681
Virtual Private Cloud OnDemand
Virtual Private Cloud OnDemand is the newest addition to the vCloud Air computeportfolio. It provides a multi-tenant environment with logically isolated resources on ashared physical infrastructure, but instead of a subscription it allows customers toconsume specific CPU, RAM and Storage as incremental pay-as-you-go services. Chargesare incurred as the resources are consumed (metered by minute) and billed in arrearson a monthly basis.
Virtual Private Cloud OnDemand can be purchased via credit card, standard contract orusing credits through the Subscription Purchasing Program (SPP).
This lab features the VPC OnDemand service
Virtual Data Center (vDC)
After you select your physical location you then create a Virtual Datacenter (VDC) thatacts as a secure container for VMs, networks and storage.
You can create many VDCs and name them based on a type of workload they will hold,project name or line of business for example. Each VDC is completely isolated from eachother. Self-serve VPN IPSec tunnels can be created to link VDCs together or you can useother Advanced Networking Services such as OSPF (see HOL-HBD-1682 Hybridity andNetworking lab).
HOL-HBD-1681
Page 10HOL-HBD-1681
Resource utilization and billing can be tracked based on VDC usage which is useful forchargeback/showback. VDCs can have size limits so you control the policy on how manyVMs can be created, amount of vRAM and vCPU Ghz allocated, number of public IPaddresses assigned and type/amount of storage to use.
HOL-HBD-1681
Page 11HOL-HBD-1681
vCloud Air Services
Once logged in to the vCloud Air interface, you are presented with great service options.
• Object Storage powered by EMC: Highly scalable and durable storage. Createbuckets, upload and manage objects.
• vCloud Air Disaster Recovery to the Cloud - Protect and Recover virtual machinesfrom a disaster.
• Virtual Private Cloud OnDemand - Create virtual machines, and easily scale up ordown as your needs change.
• My Subscriptions - View subscriptions including dedicated clouds, virtual privateclouds and disaster recovery clouds
• Identity and Access - Manage Users, Roles and Permissions for Services.
Stay tuned for more options becoming available soon.
vCloud Air Disaster Recovery Service (Recovery-as-a-Service)
VMware vCloud Air® Disaster Recovery is a simple disaster-recovery-as-a-service(DRaaS) solution for organizations with limited or no disaster recovery solution in place.It provides operational consistency, stability and support for a primary data center inthe event of a failure, outage, disaster or any other cause of downtime. Built onvSphere®, and delivered by vCloud Air, Disaster Recovery provides the same reliability,security and support that customers recognize and trust today from VMware. Thisservice helps customers fulfill their need to implement or supplement theirorganization’s continuity plans, while recognizing their constraints around budget, timeand resources. Disaster Recovery enables organizations to leverage the same tools, skillset and platform investment in vSphere, to provide resiliency for business criticalinformation and assurance against operational disruption. With a cloud-based disasterrecovery solution, customers benefit from lower price points, flexible contract terms andthe same trusted support across their VMware cloud services.
HOL-HBD-1681
Page 12HOL-HBD-1681
vCloud Air Disaster Recovery is a simple and secure asynchronous replication basedsolution for failover and failback recovery of vSphere environments. It is a subscriptionbased offering with term lengths that vary from 1, 3, 12, 24 and 36 months. The serviceincludes features such as recovery point objective settings as low as 15 minutes, up to24 hours, on a per VM basis, and multiple point in time recovery snapshots. Customerscan perform an unlimited quantity of test failovers during their subscription term length,and for an actual failover, customers have a run time lease of 30 days. If needed, theservice provides an offline data transfer option for customers with large on premisesenvironment to use to initially seed their DR instance on vCloud Air.
Customers purchase an initial DR instance with vCloud Air that consists of:
• 10GHz vCPU and 20GB vRAM, warm reservation of compute• 1TB of Standard Storage• 2 Public IP addresses• 10 Mbps bandwidth• Unlimited quantity of test failovers• 30 days failover run time• Production support
If the customer needs to grow their vCloud Air Disaster Recovery environment, add-onoptions are available across all resources, to add on as needed to support the protectionof their on premises data center. The vCloud Air platform security and compliancecertifications are applicable across all offerings within the portfolio, which includes DR.
vCloud Air Disaster Recovery is available today from all vCloud Air data center locationswhich include:
• US-Virginia• US-New Jersey• US-Texas• US-Nevada• US-California• Europe-UK• Europe-Germany• Japan West• Australia
For more detailed information on vCloud Air Disaster Recovery see lab HOL-HBD-1684.
HOL-HBD-1681
Page 13HOL-HBD-1681
Virtual Private Cloud OnDemand
Virtual Private Cloud OnDemand (hereafter, known as Virtual Private Cloud OnDemand)is a secure, pay-as-you-go, cloud compute service offered by VMware that gives ITorganizations a VMware compatible platform to create virtual machines, dynamicallyscale virtual machines and resources up or down, and pay only for resources allocated.
• Virtual Private Cloud OnDemand provides on-demand resources with granularmetering and usage-based billing.
• Resources are pool-based allowing deployment of virtual machines withcustomized configurations. Costs are billed monthly only for the aggregateamount of resources consumed across all your virtual machines.
• The on-demand resources complement the subscription services for vCloud Air.
In this lab you will perform all lessons in the OnDemand service.
HOL-HBD-1681
Page 14HOL-HBD-1681
Object Storage powered by EMC
Highly scalable and durable storage. Create buckets, upload and manage objects.
This offering is explored more in Module 5.
The True Hybrid Cloud with Dedicated Resources
vCloud Air Dedicated Cloud is a single-tenant, physically isolated IaaS platform that isoperated by VMware and compatible with your on premises vSphere environments fortrue Hybrid functionality. Dedicated Cloud is your own private cloud instance in thepublic cloud as it provides customers with their own compute nodes for utmost security.This solution offers users the additional flexibility to assign resources to separate virtualdata centers, each with individual user access controls. Dedicated Cloud includescompute resource reservation control—the entire compute and memory allocation isreserved and can be allocated or over-committed as you desire. Overcommit resourcesas you see fit, to best meet your performance needs.
Dedicated Cloud eases licensing, as many commercial software options are licensed percore. With Dedicated Cloud, you know the amount of cores and can accurately budgetfor licensing costs.
As with all services in the vCloud Air portfolio, Dedicated Cloud is an extension of yourdata center, allowing you to choose where your applications and workloads are hosted.Dedicated Cloud is configurable and can grow as your needs increase, includingadditional increments of compute, storage, bandwidth, data protection, and more. TheDedicated Cloud IaaS product is truly your own private cloud in the public cloud.
HOL-HBD-1681
Page 15HOL-HBD-1681
vCloud Air Student Check-inAs you will be using a live vCloud Air account for this lab you first need a username andpassword for login. This will be an account specific to this lab. You cannot use an exitingvCloud Air login. The password for this account will be reset after you complete the labor the time expires.
1. Locate your vCloud Air account
1. Open up the Chrome web browser from the desktop.2. The home page will be http://checkin.vcahol.com Note: http, not https.3. Enter your email address and click Search.4. The username is your login account and StudentID for this lab. Highlight and
Ctrl+C or Command+C to copy. You will need this later.5. Click the link to set a new password. You can only use this password reset link
once. The token will expire after first use.
Only email addresses with an Active vCloud Air Hands-on-lab will be shown.
IMPORTANT: Take note of the Student ID and Datacenter assigned to your lab. Allwork such as building VMs, looking at the Edge Gateway and making firewall rules mustbe done in your assigned datacenter.
HOL-HBD-1681
Page 16HOL-HBD-1681
2. Set new password
Set a new password for the student account following guidelines
Click Continue
HOL-HBD-1681
Page 17HOL-HBD-1681
3. Login to vCloud Air
Click Sign In
Enter your assigned username and password you set.
Click Login
Please note: This password will be reset after exiting this lab.
4. Let the learning begin
You now have access to vCloud Air until this lab has been completed or expires.
HOL-HBD-1681
Page 18HOL-HBD-1681
Access Virtual Data CenterWhen the lab started a Virtual Data Center (VDC) was created automatically and namedafter your Student ID.
In this module you will locate the VDC and change permissions.
IMPORTANT
*Before you launch Chrome and attempt to login, make absolutely sure the Desktop Infowatermark on the desktop says Ready (see graphic).
Virtual Private Cloud OnDemand
1. Hover your mouse over the Virtual Private Cloud OnDemand tile2. Click on the top Service ID (SID) in list: M838706298.
HOL-HBD-1681
Page 19HOL-HBD-1681
Select Your Assigned Datacenter
During Student Check-In you were assigned a Datacenter. In this example we are usingUK Slough 1 6.
1. Click the datacenter dropdown2. Select the datacenter you were assigned
Once selected you will be directed to that datacenter. vCloud Air saves the lastDatacenter selected in your clients browser. You will be returned to the Datacenter aftereach login.
Select Your New VDC
Look for a VDC that matches your Student ID. The VDC was created for you in advanceand automatically deleted when exiting the lab.
A virtual data center provides you with clear and simple access to the processor,network, and storage resources of your vCloud Air cloud environment. Virtual datacenters allow you to isolate particular applications or groups of applications. An examplewould be isolating your production applications from development and testing. You canmanage top level aspects of your virtual data center.
• Set the maximum number of virtual machines.• Change the virtual data center's name.• Delete a virtual data center.• Allocate or adjust a storage tier for the virtual data center.
HOL-HBD-1681
Page 20HOL-HBD-1681
1. Click on your VDC2. Click Resource Usage tab
HOL-HBD-1681
Page 21HOL-HBD-1681
Resource Usage
Resource Usage for this new VDC will be 0.
Over time this tab will show CPU, Memory, Storage, Windows OS Licenses and Public IPAddress costs. You can see the Past Hour, Past 24 Hours, Month-to-date and a DetailedReport with any month and VDC selected.
HOL-HBD-1681
Page 22HOL-HBD-1681
Change VDC Permissions
You can assign which users have permissions to a VDC by editing the VDC after it'screated.
1. Right-click your VDC to see options for Edit, Delete or Manage Catalogs in vCloudDirector
2. Click on Edit
HOL-HBD-1681
Page 23HOL-HBD-1681
Only Me Access
1. Click the "All users" drop down.2. Select Only me3. Select Save
By default all users in this account can see your VDC. Selecting Only me assigns yourusername and permissions to this VDC. You can add multiple users by selecting the"Custom" option. In this account all users have Virtual Infrastructure Administrator andNetwork Administrator roles.
HOL-HBD-1681
Page 24HOL-HBD-1681
Conclusion
Congratulations! You have accessed your VDC and updated permissions. You are nowready to build a VM.
HOL-HBD-1681
Page 25HOL-HBD-1681
Module 2 - Identifyingand Deploying Workloads
in vCloud Air (30 Min)
HOL-HBD-1681
Page 26HOL-HBD-1681
Creating a Virtual Machine in VirtualPrivate Cloud OnDemandIntroduction
This lab module is going to walk you through the steps of deploying your very firstvirtual machine in vCloud Air.
vCloud Air HOL Student Check-In
PLEASE NOTE - If you have not created a student login account, please follow thesteps located here. If you have already created a student login account, you mayproceed to the next step.
Access the Virtual Private Cloud OnDemand Service
1. Click on the Virtual Private Cloud OnDemand tile from the service dashboard2. Select M838706298 from the drop down list
Select Virtual Data Center
1. Select your assigned datacenter from dropdown. Wait for redirection to complete.2. Select your new Virtual Datacenter3. Select "Virtual Machines" tab4. Click "Create your first virtual machine"
HOL-HBD-1681
Page 27HOL-HBD-1681
Notice you can now download Bitnami templates directly into vCloud Air with only a fewclicks. In this environment access to the outside internet is blocked. You can also use theBitnami Launchpad - https://vmware.bitnami.com/
The link "Want to Migrate Virtual Machines?" will show a help page on how to usevCloud Connector to transfer VMs into vCloud Air. This link is also blocked in thisenvironment.
HOL-HBD-1681
Page 28HOL-HBD-1681
Select VM Template
Prebuilt OS templates are included with vCloud Air. You can always import your own butthese will help you get started. The Windows OS templates do have a licensing feeassociated for use.
1. Click CentOS 6.3 64 Bit2. Click Continue
Notice "Create My Virtual Machine from Scratch" link. That link will take you intovCloud Director to build the VM and provide access to many other features. In thismodule will not use vCloud Director.
New Virtual Machine Properties
From this screen you can assign your VM a name and assign it resources. Unlike otherpublic clouds that force you to use a VM of a particular size, vCloud Air allows you toallocate resources to a VM as you see fit. Moreover, if you decide later that you need toincrease or decrease the amount of resources assigned to a VM, you can do so withouthaving to destroy it. You also have the option of attaching the VM to different network
HOL-HBD-1681
Page 29HOL-HBD-1681
segments during this phase which is useful when specific network and applicationarchitectures are required.
1. Use your studentID as name for the VM2. Click Create Virtual Machine
Notice you can see the Cost per hour or month on this screen. The sliders for CPU,Memory and Storage allow you to customize the VM. The VM created will be added intoa vApp which provides additional customproperties.
Keep the default values for this exercise.
HOL-HBD-1681
Page 30HOL-HBD-1681
Creating Virtual Machine
1. Notice the VM build has started.2. When the VM is created and powered-on the Status changes to green3. Also notice the VM has been placed within a vApp. You can add many more VMs
to a single vApp if needed.
HOL-HBD-1681
Page 31HOL-HBD-1681
Virtual Machine Actions
There are a two ways you can interact with the Virtual Machine you just created. Youcan right-click on the virtual machine name or you can click on the Actions list.
1. Check the box to select your VM2. With the virtual machine selected, click on Actions in the toolbar to get a full list
of available actions. The benefit of this method is that you can apply actions tomultiple virtual machines at once. Review the list of actions that are available foryour virtual machine.
3. Select Open in Console
HOL-HBD-1681
Page 32HOL-HBD-1681
Open Console
1. You will be able to see the virtual machine boot. If not, you can click on thekeyboard icon on the upper-right corner of the console which sends CTRL-ALT-DELto the virtual machine.
2. When you're finished looking at the console, click the red close button in theupper left hand corner of the window.
HOL-HBD-1681
Page 33HOL-HBD-1681
API Access
After closing the console window notice the two icons, top right side, above search box.
1. This will access the Bitnami Launchpad (external internet is blocked in this lab.Do not click.)
2. This will provide the API URL and Organization Name
Open the API Endpoint information box (2). This information is important for vCloudConnector, vRealize Automation, vRealize Operations and other VMware productssupporting vCloud Air. vCloud Air can be accessed via an API or command line tools suchas PowerCLI and vca-cli.
Conclusion
Congratulations! You have deployed your first virtual machine from a catalog in vCloudAir. You may now continue to the next section of this module.
HOL-HBD-1681
Page 34HOL-HBD-1681
Reviewing Virtual Machine Details inVirtual Private Cloud OnDemandIn this module you will now learn how to view, monitor and adjust virtual machineresources from within vCloud Air.
Select Virtual Machine
1. Select your new virtual machine2. Click on Actions3. Select Edit Resources
HOL-HBD-1681
Page 35HOL-HBD-1681
Adjust Virtual Machine Resources
If the Guest OS supports a hot change or hot add of CPU or Memory then you adjustthese values while the VM is powered-on. In most case you would shutdown the VM firstbefore adding more CPU and Memory.
1. Notice the Blue Links between CPU and Memory. This is the CPU-to-Memory ratio“recommendation” lock. To only adjust your CPU assignment, click the blueunlock icon to the left.
2. Moving a running VM to a different storage tier can be done here. In this lab onlyStandard storage is available but SSD-Accelerated is also an option. This willperform a storage vmotion and adjust price as needed.
3. Close this window by selecting X in top right corner
HOL-HBD-1681
Page 36HOL-HBD-1681
View VM Networks Tab
1. Select your new Virtual Data Center2. Click on the Networks tab
When we created this virtual machine, it was automatically assigned an available IPaddress on DEFAULT-ROUTED-NETWORK. This network is created for you with thecreation of a virtual data center. It is of the type ROUTED which means that it cancommunicate with the external Internet (the other type of network is ISOLATED).
You can add additional L2 networks like these with your own private IP addresses.
HOL-HBD-1681
Page 37HOL-HBD-1681
View VM Monitoring
To access monitoring data for this VM we select the VM name
1. Select virtual data center2. Select Virtual Machines tab3. Click on name of virtual machine
HOL-HBD-1681
Page 38HOL-HBD-1681
Monitoring Tab
This settings view also shows the initial root or administrator password of a VM selectedfrom the VMware public catalog.
1. Select Monitoring tab
Historic Usage
From here you can see real time CPU Usage, Memory Usage, Disk Reads and Writes(Kbps). As this is a new VM monitoring data is still being collected.
View the past 24 hours, 7 days, or 14 days' usage. The left-hand Y axis for percentagedata is fixed between 0-100%, while the right-hand Y axis for raw usage scales with thehistorical usage data of the individual virtual machine .
Additionally, you can obtain virtual machine monitoring data programmatically by usingthe vCloud API. See About Virtual Machine Metrics in the vCloud API Programming Guidefor vCloud Air Tenants Guide.
HOL-HBD-1681
Page 39HOL-HBD-1681
vRealize Operations offers a vCloud Air management pack that can leverage the API andcollect many more metrics in a custom dashboard.
Conclusion
Congratulations! You now understand how to view and edit your virtual machines. Youmay now continue to the next module.
HOL-HBD-1681
Page 40HOL-HBD-1681
Module 3 - Hybrid CloudManager (5 Min)
HOL-HBD-1681
Page 41HOL-HBD-1681
Hybrid Cloud Manager IntroductionThis is an overview of Hybrid Cloud Manager (HCM). To learn more see the HOL-HBD-1682 Hybridity & Networking lab.
Enable a true hybrid cloud experience with vCloud Air Hybrid Cloud Manager. vSphereusers can set up and manage workloads in vCloud Air from within vSphere. Enablingthis single pane of glass management capability gives the IT admins greater capabilitiesfor managing all of their environments, whether On-premise or in vCloud Air.
Capabilities include visibility and control to vCloud Air environments, advancednetworking connections that enable high-speed connections for true workloadportability, and extends hybrid identity for improved user management. The vSphereHybrid Cloud Manager brings your data center and vCloud Air into a single view.
Overview
Hybrid Cloud Manager (HCM) virtual appliance installs all the necessary componentsand is managed via the vSphere Web Client
HOL-HBD-1681
Page 42HOL-HBD-1681
Enhanced Migration
HOL-HBD-1681
Page 43HOL-HBD-1681
Network Extension
Hybrid Cloud Manager is a single install that delivers on a number of hybrid use cases:
• A seamless hybrid experience to administer, consume, and manage yourresources across private and public clouds.
• Manage migration of workloads between clouds with minimal downtime usingreplication-based technology and WAN acceleration
• Extend your security & networking policies from your data center to vCloud Air,including the ability to stretch multiple Layer 2 network segments from on-premises to the cloud
To learn more see the HOL-HBD-1682 Hybridity & Networking lab.
HOL-HBD-1681
Page 44HOL-HBD-1681
Module 4 - vCloud Air:Networking and Security
Basics (30 Min)
HOL-HBD-1681
Page 45HOL-HBD-1681
vCloud Air: Networking and SecurityBasicsvCloud Air provides user-friendly management tools for networking and security.
vCloud Air HOL Student Check-In
PLEASE NOTE - If you have not created a student login account, please follow thesteps located here. If you have already created a student login account, you mayproceed to the next step.
Access the Virtual Private Cloud OnDemand Service
1. Click on the Virtual Private Cloud OnDemand tile from the service dashboard2. Select M838706298 from the drop down list
HOL-HBD-1681
Page 46HOL-HBD-1681
vCloud Air Location
1. Select the datacenter you were assigned2. Select your virtual datacenter created in the previous module3. Select Gateways tab4. Click the Gateway box to access settings
Virtual Private Cloud OnDemand networking replicates traditional network technologiesand design. Networking in Virtual Private Cloud OnDemand is based on the software-defined networking (SDN) technologies used by VMware products, including VMwarevSphere, VXLAN, vCloud Networking and Security, and vCloud Director.
NAT Rules
1. Select NAT Rules
The edge gateway provides a network address translation (NAT) service to assign apublic address to a virtual machine or group of virtual machines in a private network.Using this technology limits the number of public IP addresses that an organization orcompany must use, for economy and security purposes. You must configure NAT rules toprovide access to services running on privately addressed virtual machines.
HOL-HBD-1681
Page 47HOL-HBD-1681
The NAT service configuration is separated into source NAT (SNAT) and destination NAT(DNAT) rules.
When you configure an SNAT or a DNAT rule, you always configure the rule from theperspective of vCloud Air. Specifically, that means you configure the rules in thefollowing ways:
• SNAT: the traffic is traveling from a virtual machine on an internal network invCloud Air (the source) through the Internet to the external network (thedestination).
• DNAT: the traffic is traveling from the Internet (the source) to a virtual machineinside vCloud Air (the destination).
You can configure NAT rules to create a private IP address space inside vCloud Air toport your private IP address space from your enterprise into the cloud. Configuring NATrules in vCloud Air allows you to use the same private IP addresses for your virtualmachines in vCloud Air that were used on premises in your local data center.
NAT rules in vCloud Air include the following support:
• Creating subnets within the private IP address space• Creating multiple private IP address spaces for an edge gateway• Configuring multiple NAT rules on multiple edge gateway interfaces
Firewall Rules
1. Select Firewall Rules
You configure all networking security policies on the gateway by creating firewall rules.(vCloud Air does not require configuring security groups like some of the other cloudproviders.) You configure firewall rules to manage the traffic flowing in and out of your
HOL-HBD-1681
Page 48HOL-HBD-1681
vCloud Air cloud. Additionally, you can configure firewall rules to secure network trafficbetween any and all interfaces on a gateway.
Firewall rules in vCloud Air have the following characteristics:
• Consist of 5 tuple policies (protocol, source/destination IP address, source/destination port)
• Can have multiple policies across multiple networks• Are ideal for enterprise-grade application deployment
By default, gateways are deployed with firewall rules configured to deny all networktraffic to and from the virtual machines on the gateway networks. Attempting to ping avirtual machine on a network after configuring a NAT rule will fail without adding afirewall rule to allow the corresponding traffic.
HOL-HBD-1681
Page 49HOL-HBD-1681
Networks Tab
1. Select Networks
You can view a list of the networks added to a gateway. For each network, you can viewthe default gateway IP address, IP range, and the number of virtual machines attachedto it and the number of public IP addresses allocated to the gateway.
HOL-HBD-1681
Page 50HOL-HBD-1681
Public IPs
1. Select Public IPs2. Click Add IP Address
Virtual Private Cloud OnDemand offers resource pool-based pay-as-you-go service,which includes charges for publicIP addresses allocated for your gateways. VirtualPrivate Cloud OnDemand monitors your gateways to determine when you allocate or de-allocate publicIP addresses to them. You are charged for those publicIP addresses onlywhile they are in use.
Add IP Address to Gateway
1. Select Add.
Wait for the Public IP to added to the gateway
HOL-HBD-1681
Page 51HOL-HBD-1681
View IP Address
The public IP address you will be provided will be different
Navigate back to Virtual Machines
Return to your virtual machine list by select your Virtual Data Center in thebreadcrumbs.
HOL-HBD-1681
Page 52HOL-HBD-1681
Introduction to vCloud Air NAT andFirewallsWelcome! In this sub-module, you will be introduced to vCloud Air NAT and Firewalls.
Connect a Virtual Machine to the Internet
Once a free public IP address is available you can quickly connect any VM to that publicIP for outbound internet access. This process will create a firewall and SNAT rule foraccess.
1. Select Virtual Datacenter2. Select virtual machine created3. Select Actions4. Select Connect to Internet
HOL-HBD-1681
Page 53HOL-HBD-1681
Warning Message
A warning will appear. Click Yes.
Status Bar
The status bar will indicate that the service is updating the network.
Give this 1 minute to process and then proceed to next step.
HOL-HBD-1681
Page 54HOL-HBD-1681
Select Gateway
1. Click Gateways tab2. Click the Gateway box named after your Student ID
HOL-HBD-1681
Page 55HOL-HBD-1681
SNAT Rule Added
A new NAT rule has been created for you. The rule is considered an SNAT or Source NATrule. This means it is a rule to route the traffic originating from your StudentID VMthrough the exterior translated port which is the Gateway IP address (IP addresses willdiffer in your lab environment). This rule is defined for all ports.
You can add your own additional rules, including a Destination NAT or DNAT rule fortraffic from the Internet that you would want to route to the StudentID VM.
1. Select Firewall Rules Tab
HOL-HBD-1681
Page 56HOL-HBD-1681
Firewall Rules
The service automatically created 3 different firewall rules for you:
• The first rule allows StudentID VM to communicate to DNS servers (port 53).• The second rule allows HTTP traffic from StudentID VM (port 80).• The third rule allows HTTPS traffic from StudentID VM (port 443).
Additional rules can be created to open other ports. The reverse firewall rules wouldneed to be created to allow incoming traffic from the Internet to reach StudentID VM.
Conclusion
Congratulations! You have completed the lab and you've just set up a NAT rule and aFirewall rule that would allow a virtual machine communicate out to the Internet.
HOL-HBD-1681
Page 57HOL-HBD-1681
Module 5 - Object Storage(5 Min)
HOL-HBD-1681
Page 58HOL-HBD-1681
Object Storage OverviewVMware's vCloud Air Object Storage is a scalable, efficient, and cost-effective solutionfor unstructured data. As part of our commitment to deliver new services to the vCloudAir platform with best-in-class performance and choice, VMware is proud to deliverobject storage solutions powered by EMC and Google Cloud Platform through vCloud Air.
vCloud Air Object Storage provides an inexpensive destination for storing your files withhigh durability and resiliency. This type of storage is ideal for the following use cases:
• Backup and archiving: Store data and files including snapshots of your VMDKsin inexpensive, offsite cloud-based storage. With better RTO than tape and pricesas low as $0.01 per GB, Object Storage is a reliable destination for your backups.
• Imaging, media and Web 2.0: Store your photos, audio/video files and otherstatic data in object storage. vCloud Air Object Storage automatically replicatesyour files across multiple arrays and can scale up to petabytes, supporting largefiles up 5TB (Google) or 20TB (EMC). These files can support a website or be apersonal repository, all while being a true elastic pay-as-you-go storage solution.
• Shared and log files: Companies are seeing an explosion in the growth of dataand the cost of local file storage. File shares on-premises can be expensive tomaintain, take up precious real estate and difficult to retire. By shifting filesharing to cloud-based object storage, you create a data repository that isaccessible across multiple users and regions.
VMware vCloud Air Object Storage: Introduction
Interactive Demo on vCloud Air Object Storage
<div class="player-unavailable"><h1 class="message">An error occurred.</h1><div class="submessage"><ahref="http://www.youtube.com/watch?v=x_T32ZK2JEA" target="_blank">Try watching this video on www.youtube.com</a>, or enableJavaScript if it is disabled in your browser.</div></div>
HOL-HBD-1681
Page 59HOL-HBD-1681
Interactive Demo on vCloud Air Object Storage
This is a interactive Demo on vCloud Air Object Storage.
Click here to view an interactive demo. The demo will open in a new browser tab orwindow.
HOL-HBD-1681
Page 60HOL-HBD-1681
ConclusionThank you for participating in the VMware Hands-on Labs. Be sure to visithttp://hol.vmware.com/ to continue your lab experience online.
Lab SKU: HOL-HBD-1681
Version: 20160419-033756
HOL-HBD-1681
Page 61HOL-HBD-1681
