#vSphere #vSAN #Cloud #Service

vSphere+ and vSAN+ was just announced this week and if you have not heard the news, I recommend checking out this blog post (includes a nice video with testimonials from early customers and partners) that goes into greater details for the new vSphere+ and vSAN+ offering (hint, it is more than just a subscription). If you prefer audio, the Unexplored Territory crew also covered the vSphere+ and vSAN+ news in their latest podcast Episode #20.

I was also curious about how this new VMware Cloud service would work and rather than reading about it, I had the opportunity to kick the tires and I figure I might as well try it out on my own personal vSphere homelab!

Although I was using our Staging/Development environment for my setup as the new VMware Cloud service has not officially GA’ed, it should give folks an idea of what to expect. I also wanted to share some additional insights and considerations that I had came across for this upcoming new service.

Here is your 1st look at the new VMware Cloud vSphere+ and vSAN+ Service!

Step 1 – Login to the VMware Cloud Console using your VMware Customer Connect account and begin the self-service onboarding to the vSphere+ and vSAN+ service. As part of the onboarding process, a VMware Cloud Organization will be required and if you do not have one, one will be created for you by simply providing a name (it can be renamed at later point).


Navigate to the Getting Started section and then download the vCenter Cloud Gateway Appliance (VCGW) which will be used to connect your on-premises vCenter Server(s) to the VMware Cloud Console.

Note: If you are already familiar with the VCGW for configuring Hybrid Linked Mode (HLM) with a VMware Cloud on AWS (VMC-A) SDDC, it is important to understand that this VCGW is actually different and is specific to the vSphere+/vSAN+ cloud service.

Step 2 – One the VCGW has been deployed, open a browser to https://FQDN_OR_IP:5480 and login using the root credentials that you had configured as part of the appliance deployment. Once logged in, click on the enable hybrid management tab which will take you to the initial configuration wizard as shown in screenshot below.


This first step in setting up the VCGW is to connect it to the VMware Cloud Console and you will only need outbound connectivity (443) from the VCGW to these following endpoints:

  • https://vmc.vmware.com
  • https://console.cloud.vmware.com
  • https://vcgw-updates.vmware.com

Before you can proceed, there are also a number of connectivity pre-checks to ensure that you meet all the requirements including network latency (bi-directional to and from VMware Cloud Console) that is less than 100ms.


Next you will be prompted to login to the VMware Cloud Console and select the desired VMware Cloud Organization.


After that, the VCGW will begin the setup and connect to the VMware Cloud service which may include downloading additional packages and updates. For me, this process took ~10-15 minutes and once completed, you will be taken back to the initial wizard to begin the last and final step.


Step 3 – The final step is to register your vCenter Server(s) with the VCGW, which is the only way for the VMware Cloud Console to communicate and perform operations within your vCenter Server(s) as direct internet access or outbound connectivity is NOT required from the individual vCenter Server(s) themselves. You of course will also need to ensure that the VCGW has network connectivity to all your vCenter Server(s) which securely communicates over port 443.


Unlike the VMC-A VCGW which has a 1:1 relationship to a single vCenter Server SSO Domain, this VCGW can actually register multiple independent vCenter Server(s). Customers also have the option of deploying multiple VCGW’s and then registering specific vCenter Server(s) to a specific VCGW, the only requirement is that only a single vCenter Server can be associated with a single VCGW.

Before registering your vCenter Server(s), there are a few considerations to be aware of:

  • vCenter Server(s) must be running vCenter Server 7.0 Update 3a or greater and managing ESXi hosts 6.5 or greater
  • vCenter Server(s) must NOT be configured with vCenter HA as this is currently not supported today
    • You will need to disable VCHA before you can register your vCenter Server
  • vCenter Server(s) must NOT be configured with either Enhanced Linked Mode (ELM) or Hybrid Linked Mode (HLM) as that is not supported
  • vCenter Server(s) must NOT be configured with an external Platform Services Controller (PSC)
  • vCenter Server(s) must be self-managed and can not be managed by another vCenter Server (e.g. Management vCenter Cluster)
    • This is a requirement for the vCenter Lifecycle Management capability of the cloud service

Built-in pre-checks are also performed prior to completing the vCenter Server registration workflow. Once all vCenter Servers(s) have successfully registered and show a connected status, you can now navigate to the VMware Cloud Console to get a centralized view of all your vSphere deployments!

Once logged into the VMware Cloud Console, you will see an Inventory tab which will lists all registered vCenter Server(s) as shown in the screenshot below.


You will also see a notification banner at the top that allows you to convert your perpetual vSphere and vSAN licenses into a subscription.

Note: The conversion to a vSphere+/vSAN+ subscription is a one way operation, make sure that is what you intend before proceeding with the operation which also has additional confirmation dialog. See the section below titled Configuration changes to on-premises vCenter Server for additional implications when converting to a subscription.

Upon completing the subscription conversion, you can navigate to the Subscriptions tab to see both your existing perpetual licenses as well as your current subscription usage for both vSphere+ and vSAN+.


As exciting as it is to be able to finally consume vSphere and vSAN as a subscription service, what really stands out and excites me are all the new possibilities with a centralized management interface for all your vCenter Server environments.

The Infrastructure Operations tab provides an aggregation of all critical vSphere Events and Security Alerts, right at your finger tip. Auditing, compliance and troubleshooting are just some of the basic use cases you might use this information for but I can also imagine a future where these global vSphere Events can be consumed by a solution like the VMware Event Broker Appliance (VEBA) and enable customers to easily build vSphere Event Driven Automation globally across all their vCenter Server


The Desired State Configuration tab is another interesting capability of the cloud service which enables customers to centrally manage all configurations for their vCenter Server(s). Customers will have the ability to apply these configurations to both existing and new vCenter Server deployments along with compliance tracking and remediate configuration drift.


The Virtual Machines tab as you might expect is where you will have a global view of all your VM workloads deployed across your various vCenter Server(s).


Customers will also have the ability to provision new VMs using a simplified VM wizard that currently supports either creating a new VM from scratch or leveraging an existing vSphere Template from your vCenter Server. I should also mention that operations performed locally on my vCenter Server using the vSphere UI is sync’ed almost near real time, the example I ran through was simply renaming a VM and after a refresh of he inventory, it immediately showed up in the VMC Cloud Console, which was pretty cool.


Although the VM interface and provisioning workflow is pretty basic today, as a cloud service, new capabilities can easily be added and will immediately show up for customers to take advantage of in the future. Another capability of the VMware Cloud platform is that you can setup Enterprise Federation and connect to your identity provider of choice and enable access to provision new VM workloads without requiring direct access to your vCenter Server(s).

I am certainly looking forward to seeing what other new workflows and improved user experiences we will now be able to build with this new this new cloud service. If there are specific workflows or features that you would love to see with this centralized vSphere management service, feel free to leave a comment and I will be sure to share this with Product Manager.

After the setup had finished, I decided to also take a look at my vCenter Server to see if what configuration changes were made and share the changes for those that might be interested.

License Management

The first thing that immediately stood out to me is that the Licensing tab under Administration in the vSphere UI has been replaced with a new Subscription tab that points users to the VMC Cloud Console for both billing and usage. This makes sense given the usage and metering is now provided within the VMC Cloud Console as shown earlier.


Note: Although the Licensing tab has been removed from the vSphere UI, the actual licenses have not been touched and customers can still access that information by using the vSphere API or PowerCLI. This might be needed if you need to perform license management for other non-vSphere and non-vSAN licenses.

vSphere Users, Roles & Permissions

The following vSphere SSO Domain users will be created in your vCenter Server for the various service functions.

  • CloudServicesGateway_administrator_<UUID>
  • CloudServicesGateway_lcm-admin_<UUID>
  • CloudServicesGateway_license-service-admin_<UUID>
  • CloudServicesGateway_observability-admin_<UUID>
  • CloudServicesGateway_readonly_<UUID>
  • CloudServicesGateway_rts-vc-api-admin_<UUID>
  • CloudServicesGateway_system-config-admin_<UUID>
  • CloudServicesGateway_trusted-admin_<UUID>
  • CloudServicesGateway_vcsa-state-push-admin_<UUID>
  • CloudServicesGateway_vm-service-admin_<UUID>
  • CloudServicesGateway_vstats-admin_<UUID>
  • CloudServicesGateway_vstats-vsan-admin_<UUID>


The following vSphere Roles will be created in your vCenter Server for the various service functions.

  • CloudServicesGateway_observability-admin_<UUID>
  • CloudServicesGateway_vcsa-state-push-admin_<UUID>
  • CloudServicesGateway_vstats-vsan-admin_<UUID>


The following vSphere Permissions will be granted in your vCenter Server for the various service functions.

Share:

administrator

ahmedaljanahy Creative Designer @al.janahy Founder of @inkhost I hope to stay passionate in what I doing

Leave a Reply

Your email address will not be published. Required fields are marked *