VMware Hands-on Labs - HOL-SDC-1424


Lab Overview - HOL-SDC-1424 - VMware NSX in the SDDC

Lab Guidance


Many of the modules will have you enter Command Line Interface (CLI) commands.  A text file has been placed on the desktop of the environment allowing you to easily copy and paste complex commands or passwords in the associated utility (CMD, Putty, console, etc). Certain characters are often not present on keyboards throughout the world.  This text file is also included for keyboard layouts which do not provide those characters.

The text file is README.txt and is found on the desktop.  The file is divided into Module Sections and numbered.  The manual will have a number associated with every CLI command.  That command will be numbered in the file for you to copy and paste.

Thank you and enjoy the labs! 

In this lab you will see the power of several of the VMware SDDC solutions integrated together. These solutions include NSX for vSphere, vCloud Automation Center, and vCenter Operations Manager with the NSX Management Pack.  There is a total of five hours of content on this lab. DO NOT EXPECT TO FINISH THIS LAB IN ONE SESSION. Each module in this lab is developed to be taken individually from each other. Other than the lab overview, each module will take approximately 60 minutes to complete.

Lab Modules:

Lab Captains:


Architecture - Lab Diagram of Compute and Network


In the next step we will go over the Lab Topology


 

Lab Topology

 

This lab consists of two clusters. Compute Cluster A is used for deploying the on-demand workloads through vCloud Automation Center (vCAC) and NSX. The Management and Edge Cluster is used for the NSX components such as the NSX Controllers and the NSX Provider Logical Router (PLR). Please note that each cluster is in a different Layer 3 segment.

 

NSX and vCAC Prerequisites


Deployment prerequisites and Logical Topology


 

NSX Preparation for vCAC

 

These 4 steps will attach NSX to vCenter and prepare the infrastructure for the ability to create NSX Networking and Security components such as Logical Routers, Logical Switches, Load Balancer's, and Firewalls. Since this is an advanced lab these steps have been completed for you.

 

 

NSX Logical Topology

 

Once the infrastructure has been prepped, the vCAC and NSX administrators will complete the remaining prerequisites. These steps have been completed for you. If you would like to configure different NSX components manually please check SDC-HOL-1403.

 

 

NSX Prerequisites Walk-through

 

Now that you have seen the steps, let's walk-through these components with the vSphere Web Client.

1. Open Firefox

 

 

Login to the Web Client

 

  1. Username root
  2. Password VMware1!
  3. Click Login

 

 

Networking and Security

 

  1. Click on Networking & Security

 

 

Logical Switches

 

  1. Click on Logical Switches

This is the Transit-Network-01 Logical Switch that is the Internal interface of the Provider Logical Router (PLR). When you submit a request through vCAC it will automatically deploy an Edge Gateway and connect the Uplink interface to the Sales Transit Logical Switch. Please refer to the diagram in step 2 to see how the Sales-Transit-01 is connected to the topology.

 

 

 

NSX Edges

 

1.Click on NSX Edges

This is the Perimeter-Gateway NSX Edge or Provider Logical Router (PLR). The Uplink of the PLR will connect to your physical network via a dynamic routing protocol such as OSPF. This will automatically advertise newly created routeable networks to the physical datacenter. The Internal interface of the PLR will connect to the Transit-Network-01 Logical Switch. Please refer to the diagram in step 2 to see how the Perimter-Gateway NSX Edge is connected to the topology.

2. Double-click on edge-1

 

 

NSX Edge Configuration

 

  1. Click Manage
  2. Click Settings
  3. Click Interfaces

Here you can see the Uplink and Internal interfaces that connect to the physical network (Uplink) and the Transit-Network-01 Internal (Internal).

 

 

NSX Firewall

 

  1. Click on Networking & Security to go back to the previous screen.

 

 

NSX Firewall - Security Policy

 

  1. Click on Firewall.
  2. Click on the twistie to expand the "Default Section Layer3" section.
  3. Examine the rules for each of the Tiers. When an App is deployed inside vCAC it will deploy each VM of the App (Web, App, and DB) into the appropriate security group.

This completes the NSX and vCAC Prerequisites.

 

 

Close the web browser

 

Close the web browser by clicking the X in the upper right corner of the window.

 

NSX and vCAC Integration


By integrating NSX for vSphere with vCloud Automation Center you can truly unlock the power of automation and provision full application stacks from the network up to the software layer. In this portion of the module you will walk through the steps necessary to integrate NSX for vSphere with vCloud Automation Center.


 

Logging into vCloud Automation Center

Log into vCloud Automation Center

 

 

Open Firefox

 

  1. Open Firefox from the Desktop.

 

 

Login to vCAC

 

  1. Click on vCAC Login on the bookmarks toolbar
  2. Enter User name:   administrator@corp.local
  3. Enter Password:    VMware1!
  4. Click Login Button

 

 

Welcome to the vCloud Automation Center Console

 

You are now logged into the vCloud Automation Center console. As you can see there are several tabs at the top of the console which define different areas of administration within vCloud Automation Center. For this portion of the module we will be focusing on the Infrastructure tab.

  1. Click on the Infrastructure tab.

 

 

Navigate to the vCloud Automation Center Endpoints

 

Now you will see a list of areas within the Infrastructure section of vCloud Automation Center.

  1. Select Endpoints

 

 

Continue to Endpoints

 

You will now see a new subset of areas to administer Endpoints.

  1. Select Endpoints from this list.

 

 

Select the vCenter Endpoint

 

Once in the Endpoint administration area you will see a list of current endpoints that are currently configured for vCloud Automation Center. We now need to Edit the vCenter endpoint.

  1. Roll the mouse over the vCenter link.
  2. Select Edit from the menu that appears.

 

 

NSX Integration into vCloud Automation Center

 

This is the Endpoint configuration screen. This is the area in which you will confirm the integration between NSX for vSphere and vCloud Automation Center. In this course the integration with NSX for vSphere has already been configured but we will walk through the steps of integration.

 

 

Enter the NSX for vSphere Manager

 

The first step to connecting NSX with vCloud Automation Center is to enter the NSX Manager FQDN in the address location. In this lab the NSX Manager FQDN is https://nsxmgr-l-01a.corp.local.

 

 

Enter the NSX for vSphere Credentials

 

Next you will create credentials for vCloud Automation Center to use when access NSX for vSphere. Again, the credentials have already been entered but we will walk through the process.

  1. Click on the small box with three dots to open up the credentials administration page.

 

 

Create NSX Manager Credentials in vCloud Automation Center

 

This is the Select Credentials administration page. On this page you will select, or create, credentials for endpoints that you connect to vCloud Automation Center. You will create a new set of credentials but will NOT use them for the lab. To create new credentials do the following:

  1. Select New Credentials link.
  2. Enter a friendly name for the new credentials: New Creds
  3. Optionally, enter a description for the credentials: Do Not Use These Credentials
  4. Enter the user name for the endpoint being configured: Admin
  5. Enter and Confirm the password for the endpoint being configured: VMware1!
  6. Click the green check mark to complete the credential creation.

 

 

Finalize Credential Creation \ Selection

 

Now you will see the newly created credentials in the list of credentials available for vCloud Automation Center. Notice the new credentials you created in the previous step is now available in the list. Now you will select the correct credentials to use for NSX Manager integration.

NOTE: YOU WILL NOT USE THE CREDENTIALS YOU JUST CREATED

  1. Click on the credentials named nsx manager. (The line will highlight)
  2. Click the OK button to complete the credential selection process.

 

 

Complete NSX for vSphere Integration

 

You are now ready to complete the configuration of the vCenter Endpoint to include the NSX for vSphere integration.

  1. Ensure the NSX Manager FQDN is correct and that the correct credentials have been selected.
  2. Click the OK button to complete the configuration.

 

 

Test the integration by running a data collection

 

Now we will test the integration by running a data collection and check for success.

  1. First select the Back to Infrastructure link.

 

 

Select Compute Resource

 

Now select Compute Resource from the Infrastructure administration areas on the left.

  1. Select Compute Resources.

 

 

Continue to Compute Resources

 

Now you will see the administration areas for Compute Resources.

  1. Select Compute Resources

 

 

Navigate to Data Collection of Compute Resource

 

You will now see the Compute Resources available in vCloud Automation Center. There is one Compute Resource available in this lab: Compute Cluster A

  1. Roll the mouse over Compute Cluster A to reveal the options drops down menu.
  2. Select Data Collection from the drop down menu options.

 

 

Start Data Collection for NSX

 

You are now in the Data Collection area of the selected Compute Resource. To test the NSX integration do the following:

  1. Scroll down to the bottom of the page until you see the "Network and Security Inventory" section.
  2. Select the "Request now" button to start the data collection.
  3. Click the "Refresh" button while the Status changes from In Queue, to In Progress, to Succeeded. (This may take a few minutes.)
  4. Ensure the Status displays Succeeded. (If the Status shows failed then you will need to go back to the vCenter Endpoint and check your configuration as well as the credentials used.)
  5. Once the data collection has finished successfully click the "OK" button.

 

 

NSX for vSphere Integration Complete

 

You have successfully completed the integration of NSX for vSphere with vCloud Automation Center. If you are continuing on to the next section Click on the Home Tab at the top of the vCloud Automation Center console.

 

Module 1 - Create Network Profiles (45 minutes)

Introduction


In Module 1 you will review the different Network Profiles that are available with vCAC and how they integrate with NSX. Network Profiles are used to provide on-demand Logical Switches, Logical Routers, and Load Balancers within NSX. They also provide different network services through NSX such as 1:1 or 1:N NAT (Network Address Translation), DHCP, IPAM, and Load Balancing configuration.

Lastly, you will login to vCAC and walk-through the creation of the different Network Profiles.


Routed/NAT/Private Network Profiles


vCloud Automation Center Network Profiles


 

Network Profiles

 

vCAC supports 4 different types of Network Profiles with NSX. These profiles can be mixed an matched depending on the application. For example, the Web-Tier can be on a NAT Network Profile and the App and DB Tiers can be on Private Network Profiles.

  1. Routed: A Routed network profile gives you the ability to provision each Tier of an N-Tier application with routable IP addresses.
  2. NAT: A NAT network profile gives you the ability to provision each Tier of an N-Tier application with either 1:1 NAT or 1:N NAT. Using a NAT network profile is a great use case for deploying applications with overlapping IP address space.
  3. Private: A Private network profile gives you the ability to provision each Tier of an N-Tier application with an isolated network. A Private network profile will only be able to talk to other Tiers of the application and will have no external connectivity.
  4. External: An External network profile gives you the ability to attach VM's to Physical VLANs and more importantly provide a "transit network" for a Tenant Logical Router's uplink that can be used for 1:1/1:N NAT addresses, LB VIP's, and Routing logic.

In the next section you will walk-through creating different network profiles in vCAC.

 

Create a Routed and NAT Network Profile


vCloud Automation Center Network Profiles


 

Open up Firefox

 

1. Click on the Firefox icon located on the Desktop.

 

 

Open Tab to vCloud Automation Center

 

  1. Open a new Tab in the browser by selecting the "+"
  2. Select the "vCAC - Login"  bookmark

 

 

Login to vCAC

 

NOTE: If you receive and error when trying to log in that states "Login Failed. Please contact your System Administrator"; click the Go back to login page button and retry your login attempt.

  1. Login with user name administrator@corp.local
  2. Password is VMware1!
  3. Click Login

 

 

If continuing from last module Click Back to Infrastructure

 

Click Back to Infrastructure to go back one level.

 

 

Navigate to Network Profiles

 

  1. Click on the Infrastructure tab and then you will see Reservations
  2. Click on Reservations

 

 

Network Profiles

 

  1. Click on Network Profiles

Here you will see a list of the pre-created Network Profiles that will be used in later modules. Let's walk-through creating a Routed and a NAT Network Profile in the next steps.

 

 

Create a new Routed Network Profile

 

  1. On the right side of the Network Profile screen click on New Network Profile
  2. Click Routed

 

 

 

Routed Network Profile Configuration

 

  1. Enter HOL-Routed in the name field
  2. For the Description enter Module 1 Only
  3. Click the External network profile drop-down and Select External-DLR
  4. Subnet Mask: 255.255.255.128, Range Subnet Mask: 255.255.255.248, Base IP: 192.168.64.1

 

 

Generate IP ranges

 

  1. Click on IP Ranges
  2. Click Generate Ranges.  This should populate the network ranges from the super-net you defined in the previous screen into smaller subnets defined in the range subnet.
  3. Scroll down to the bottom and Click OK.

 

 

Create NAT Network Profile

 

  1. On the right side of the Network Profile screen click on New Network Profile
  2. Click NAT

 

 

Configure NAT Network Profile

 

  1. Enter HOL-NAT in the name field
  2. For the Description enter Module 1 Only
  3. Click the External network profile drop-down and Select External-ESG-vCAC
  4. NAT Type: One-to-One, Subnet Mask: 255.255.255.0, Gateway: 192.168.65.1

 

 

Create New Network Range

 

  1. Click on IP Ranges
  2. Click New Network Range

 

 

Specify the NAT IP Range

 

  1. Enter HOL-NAT-IP in the Name field
  2. For the Description enter Module 1 Only
  3. Starting IP address: 192.168.65.10, Ending IP address: 192.168.65.20
  4. Click OK

 

 

Finish creating the NAT Network Profile

 

  1. Click OK to create the NAT Network Profile

 

 

Module 1 Completed

 

You have completed Module 1.  If you wish to continue on to Module 2 move to the next page.  If you are finished you can close the web browser by clicking the X in the upper right corner of the window and end the lab.

 

Module 2 - Create a Multi-Machine Blueprint (60 minutes)

Introduction


In Module 2 you will create a Multi-Machine Blueprint which consists of 1 or more Single-Machine Blueprints. For example, instead of making 3 individual requests for Web, App, and DB, you can request a Multi-Machine Blueprint that includes Web, App, and DB. Coupling vCAC with NSX make this possible not only from a VM provisioning perspective but also adds on-demand creation of Logical Switching, Logical Routing, DHCP, and Load Balancing through the constructs of Network Profiles that you created in Module 1. You will also assign each Tier of this particular application to the appropriate NSX Security Groups that are tied to a pre-defined Security Policy.

Summary of steps:

  1. Create a Multi-Machine Blueprint
  2. Attach Network Profiles to the Multi-Machine Blueprint
  3. Attach Web, App, and DB to the Multi-Machine Blueprint
  4. Assign the appropriate Network Profile and Security Group to each Tier and configure the Load Balancer for the Web Tier
  5. Submit the request to create the Multi-Machine Blueprint with Networking and Security integrated with each Tier

Create a Multi-Machine Blueprint


Multi-Machine Blueprints


 

Open up Firefox

 

1. Click on the Firefox icon located on the desktop.

 

 

Open Tab to vCloud Automation Center

 

  1. Open a new Tab in the browser by selecting the "+"
  2. Select the vCAC bookmark.

 

 

Login to vCAC

 

NOTE: If you receive and error when trying to log in that states "Login Failed. Please contact your System Administrator"; click the Go back to login page button and retry your login attempt.

 

 

Navigate to Blueprints

 

  1. Click on the Infrastructure tab
  2. Click on Blueprints

 

 

Create a New Blueprint

 

  1. Click on Blueprints
  2. Click on New Blueprint in the upper right
  3. Click on Multi-Machine

 

 

Configure Blueprint information

 

  1. Enter HOL-Multi-Machine in the Name field
  2. For the Description enter Module 2 Only
  3. Click Network

 

 

Add the Network Profiles

 

  1. Select the Transport zone drop-down and Click on Global-Transport-Zone (vCenter)
  2. Click on New Network Profile
  3. Click on Routed

 

 

Add the Routed Network Profile

 

  1. Select the Parent network profile: drop-down
  2. Click on HOL-Single-Tier-Routed
  3. Click OK

 

 

Configure Build Information

 

  1. Click on Build Information
  2. Click Add Blueprints

 

 

Add Single Machine Blueprints to the Multi-Machine Blueprint

 

  1. Place a check mark in app-sv-01a, db-sv-01a and web-sv-01a
  2. Click OK

 

 

Add the Network Profile and Security Groups to the App Tier

 

  1. Click Edit on the app-sv-01 Blueprint

 

 

Add Network adapter and attach the Network Profile to the App Tier

 

  1. Select New Network Adapter
  2. Click the drop-down for Network Profile
  3. Select HOL-Single-Tier-Routed
  4. Click the Green Check Mark

 

 

Add the Security Group to the App VMs Blueprint

 

  1. Click on the Security Tab
  2. Select SG_App_01
  3. Click Ok

 

 

Add the Network Profile and Security Groups to the DB Tier

 

  1. Click Edit on the DB VMs Blueprint

 

 

Add Network adapter and attach the Network Profile to the DB Tier

 

  1. Select New Network Adapter
  2. Click the drop-down for Network Profile
  3. Select HOL-Single-Tier-Routed
  4. Click the Green Check Mark

 

 

Add the Security Group to the DB VMs Blueprint

 

  1. Click on the Security Tab
  2. Select SG_DB_01
  3. Click Ok

 

 

Add the Network Profile and Security Groups to the Web Tier

 

  1. Click Edit

 

 

Add Network adapter and attach the Network Profile to the Web Tier

 

  1. Select New Network Adapter
  2. Click the drop-down for Network Profile
  3. Select HOL-Single-Tier-Routed
  4. Click the Green Check Mark

 

 

Add the Security Group to the Web VMs Blueprint

 

  1. Click on the Security Tab
  2. Select SG_Web_01
  3. Click on the Load Balancer Tab

 

 

Configure the Web Tier for Load Balancing

 

  1. Place a check mark in HTTPS 443

 

 

Save Configuration

 

  1. Click the Green check mark to save the port/protocol

 

 

Configure the Load balancer's External network

 

  1. Click the drop-down next to Network profile
  2. Select HOL-Single-Tier-Routed
  3. Click OK

 

 

Configure the Web Tier to have multiple machines deployed behind the Load Balancer

 

  1. Click the Pencil next to the Web VMs

 

 

Configure the Maximum number of VMs

 

  1. Change the Max to 3 by hitting the Up Arrow
  2. Click on the Green check mark
  3. Click OK

 

 

Verify the Blueprint was created

 

Now you can see the Blueprint you just created listed with the others.

 

 

Close the web browser

 

This completes Module 2.

If you are finished with the lab close the web browser by clicking the X in the upper right corner of the window.

Otherwise continue on with Module 3

 

Module 3 - Configure a Catalog Item and Deploy (45 minutes)

Introduction


In this module you will walk through the process of publishing a 2 tier multi-machine blueprint to the vCloud Automation Center catalog. You will also deploy this newly created catalog item and walk through the completed deployment.


Add Multi-Machine Blueprint to the Catalog


In this chapter you will use the robust catalog feature within vCloud Automation Center to add a multi-machine blueprint to the catalog.


 

Logging into vCloud Automation Center

Log In.

 

 

Open Firefox

 

  1. Click on the Firefox icon located on the desktop.

 

 

Select vCloud Automation Center Shortcut

 

1. Select the vCAC Login shortcut.

 

 

Log into vCloud Automation Center

 

NOTE: If you receive and error when trying to log in that states "Login Failed. Please contact your System Administrator"; click the Go back to login page button and retry your login attempt.

  1. Enter User name:   administrator@corp.local
  2. Enter Password:    VMware1!
  3. Click Login Button

 

 

Welcome to the vCloud Automation Center Console

 

You are now logged into the vCloud Automation Center console. As you can see there are several tabs at the top of the console which define different areas of administration within vCloud Automation Center. For this portion of the module we will be focusing on the Infrastructure tab.

  1. Click on the Infrastructure tab.

 

 

Navigate to the vCloud Automation Center Blueprints

 

On the left side of the console you will see the administrative sections of the Infrastructure Tab.

  1. Select the Blueprint administration option.

 

 

Continue to the vCloud Automation Center Blueprints

 

Once in the Blueprints administration section you will see a sub-menu of Blueprint administration options.

  1. Select Blueprints from this menu.

 

 

Select the Blueprint that will be published to the vCloud Automation Center catalog.

 

Now you will see the list of blueprints available in this instance of vCloud Automation Center. You will now publish the Sales 2-Tier-App blueprint to make it available for consumption from the catalog.

  1. Roll the mouse over the Sales 2 Tier Application Multi-Machine blueprint. A sub-menu of options will appear.
  2. Select Publish from the sub-menu options.

 

 

Finalize the publication of the blueprint

 

Finalize publishing the blueprint

  1. Click OK to finish publishing the blueprint.

 

 

Adding a published blueprint to a catalog service.

 

You will now notice that the Sales 2 Tier Application states that it is published. Now that it is published you will make it available to the correct catalog service and activate it for use from the catalog.

  1. From the top of the console select the Administration link.

 

 

Navigate to Catalog Management

 

On the left side of the console you will see the sections that can be administered from the Administration section of vCloud Automation Center.

  1. Select Catalog Management menu option.

 

 

Continue to Catalog Management

 

Now you will see the sub-menu of available sections of catalog administration.

  1. Select Catalog Items from the sub-menu.

 

 

Configure a catalog item.

 

You will now see all the available catalog items in this instance of vCloud Automation Center. Notice the Sales 2 Tier Application is not assigned to a Service. You will now configure the Sales 2 Tier Application.

  1. Click the Sales 2 Tier Application menu item.

 

 

Continue to configure the catalog item.

 

Now you will see the Configure Catalog Item area. Here you can add a custom icon for this catalog item, select whether the item is active, and select what catalog service the item will be a member. For this lab there is only a single catalog service named Corp Catalog.

  1. Scroll to the bottom of the Configure Catalog Item Screen
  2. Click on the black arrow to the right of the Service drop down menu.
  3. Highlight and select the HOL-1424-Service from the drop down menu.
  4. Click the Update button at the bottom of the screen.

 

 

Confirm catalog item is assigned to the correct Catalog Service

 

You will now notice the Sales 2 Tier Application is assigned to the HOL-1424-Service service.

 

 

Navigate to the catalog to see new catalog item.

 

Now you can go to the catalog section of vCloud Automation Center to see the newly published item.

  1. Click on the Catalog tab at the top of the vCloud Automation Center console.

 

 

Confirm the new item is available in the catalog.

 

Once in the catalog you will now see that the newly created catalog item is now available in the HOL-1424-Service and ready for consumption from vCloud Automation Center.

Continue to the next section where you walk through the process of deploying the Sales 2 Tier Application from the catalog.

 

Deploy a Multi-Machine Blueprint From the Catalog


In this section you walk through deploying the multi-machine blueprint you published in the Corp Catalog Service in the last section.


 

Navigate to the vCloud Automation Center Catalog

 

Now you can go to the catalog section of vCloud Automation Center to see the available catalog items.

  1. Click on the Catalog tab at the top of the vCloud Automation Center console.

 

 

Requesting the Sales 2 Tier Application catalog item.

 

Again, you will notice the Sales 2 Tier Application item is available to be requested from the Corp Catalog Service.

  1. Click on the Request button.

 

 

Understanding the New Request screen.

 

You will now see the New Request screen for the Sales 2 Tier Application. You will notice that when requesting a multi-machine item it will display all the machines that make up the catalog item. In this multi-machine item you will see there are two servers that make up the workloads within this item.

 

 

Continuing through the request process.

 

In the lower section of the request screen you will see the main section of the request form.

  1. Scroll to the bottom of the request form.
  2. Notice the different areas that can be modified for the request

 

 

Submit the Request

 

1. Click the Submit button.

 

 

Click OK to complete.

 

Finally click the OK button to complete the request.

 

 

Open vSphere Client

 

Launch the vSphere Client.

  1. Click on the Start Button
  2. Select All Programs
  3. Click on the VMware Folder
  4. Select the VMware vSphere Client

 

 

Log in to vSphere Client

 

Log in to the vSphere Client.

  1. Type the User Name: root
  2. Type the Password: VMware1!
  3. Select Login

 

 

Expand Task Pane

 

Once the client is open expand the Task Pane

  1. Expand the Recent Task Pane by pulling it up once the mouse pointer changes to the expand symbol.

 

 

Watch as Sales 2-Tier blueprint deploys

 

As vCloud Automation Center begins to deploy the Sales 2 Tier Application blueprint you will see several tasks happening in the Recent Tasks of the vSphere Client. Below are some of the tasks happening as the blueprint deploys:

  1. A new NSX Edge appliance is deployed
  2. Two virtual machines are cloned from the appropriate template

 

 

Watch until virtual machines are built

 

Continue to watch the tasks complete until the edge, db-sv-003, and web-sv-005 virtual machines are powered on.

 

 

Navigate  Back to vCloud Automation Center Console

 

Navigate back to the vCloud Automation Center Console.

  1. Click on the vCloud Automation Console tab in your browser.

 

 

Confirm the request is initialized.

 

You can confirm that the request is in progress by checking the current and finished requests in the Request Tab.

  1. Click on the Request Tab at the top of the vCloud Automation Center console.

 

 

Refresh screen until the deployment is complete

 

Continue to hit the Refresh Data button at the bottom of the page until the Sales 2-Tier-App Status changes to Successful.

NOTE: This process can take up to 10 minutes to complete and show Successful!!

 

 

Interact with the deployed multi-machine deployment

 

Now select the Items Tab from the top of the vCloud Automation Center console.

 

 

Look at the completed deployment

 

On the Items screen you can see all the completed requests.

  1. Select the plus (+) sign beside HOL-1424-004 Machine Name.
  2. Notice the two machines that make up the multi-machine deployment.

 

 

Deployment Complete

You have now completed the deployment of a multi-machine blueprint within vCloud Automation Center. The next chapter will walkthrough the deployed blueprint.

 

Walkthrough the Deployment


In this chapter we will walk through the 2 Tier machine deployment that was just request via the vCloud Automation Center catalog.


 

Navigate to the Sales 2 Tier Application Blueprint

 

You will now navigate to the 2 Tier Blueprint.

  1. Select Infrastructure Tab at the top of the vCloud Automation Center console
  2. Select Blueprints from the menu options on the left.

 

 

Continue Navigating to 2 Tier Blueprint

 

Continue to the Sales 2 Tier Application in the Blueprint list.

  1. Select Blueprints from the left menu
  2. Roll over the Sales 2 Tier Application blueprint and select Edit.

 

 

Understanding the Sales 2 Tier Application Blueprint

 

From the Edit Blueprint - Multi-Machine page you will navigate to the Network Tab so you can see what networking configuration was setup for this blueprint so, in turn, we can map that back to NSX in the vSphere Web Console.

  1. Select the Network Tab

 

 

Sales 2 Tier Application Networking

 

On the Network Tab of the Sales 2 Tier Application you will see what networking will be created with each deployment of this blueprint.

  1. Click the Cancel Button at the bottom of the Edit Blueprint - Multi-Machine screen.

 

 

Log into vCenter Web Client

 

You will go to the vCenter web client to look at the newly created switch.

  1. Open a new tab in the Firefox browser.

 

 

Select the vCenter Login page from the favorites menu.

 

  1. Once the new tab is opened select the vSphere Web Client link.

 

 

Log into the vSphere Web Client

 

Now log into the vSphere Web Client

  1. Enter the User name: root
  2. Enter the Password: VMWare1!
  3. Click the Login button.

 

 

Select Networking & Security

 

You will now enter the Networking and Security administration page of the vSphere Web Client.

  1. Select Networking & Security

 

 

Look at NSX Edges

 

Let's look at the NSX Edges within this environment.

  1. Select NSX Edges from the Networking & Security Menu.

 

 

NSX Edges

 

You will see that when the Sales 2 Tier Application catalog item was deployed a new NSX Edge was deployed to handle the networking of the two network tiers.

  1. Double click on the edge-7 in the list of edge appliances.

 

 

Edge Configuration

 

Let's look at the edge to ensure that the private network segments have been created and attached to the new edge appliance.

  1. Select Manage from the top menu.

 

 

Manage the Deployed Edge

 

  1. Click on the Interfaces menu option on the left side of the edge configuration page.

Now you will see the interfaces that have been attached to the newly created edge appliance. You will notice that the 2 Tier DB and 2 Tier Web logical networks have been created and attached.

Now let's check connectivity between the different machines to ensure that the blueprint, and the associated networking, is configured correctly.

 

 

Navigate to Sales 2 Tier Application VMs

 

 

 

Navigate to VMs and Templates Screen

 

 

 

Look at Sales 2 Tier Application VMs (web-sv-005)

 

  1. Expand the Hands on Labs Datacenter and also expand the VRM folder to show the VMs that have deployed through vCloud Automation Center.
  2. Click on web-sv-005.

You will notice that the web-sv-005 VM is attached to the 2 Tier Web network.

 

 

Log out of vSphere Web Client

 

  1. Click on the root@localos.
  2. Log out of the vSphere Web Client and close the browser.

 

 

Close the web browser

 

Close the web browser by clicking the X in the upper right corner of the window.

 

Summary


In this lab you did the following:

  1. Walked through publishing the Sales 2 Tier Application blueprint and adding it to the vCloud Automation Center catalog.
  2. Deployed the Sales 2 Tier Application from the catalog
  3. Walked through the deployment and tested the different networking components that were created during the catalog deployment.

Thank you for completing this chapter in the SDC-HOL-1424 lab.  Please continue to the next chapter where you will learn how to interact with NSX through the NSX API.


Module 4 - Using vRealize Operations with the NSX Management Pack (60 minutes)

Introduction


The vRealize Operations Management Pack for NSX-vSphere extends the operational management capabilities of vRealize Operations into the areas of virtual and physical data center networking. It provides the following operations capabilities for virtual administrators and network operations administrators, in highly virtualized network environments which use both vSphere and NSX technologies:

In this module you will familiarize yourself with the Management Pack for NSX-vSphere.


Understanding the NSX Main Dashboard


.


 

Log into vRealize Operations Manager

 

  1. Open Firefox from the Desktop.

 

 

Select vRealize Operations Manager Favorite Link

 

Once the browser opens select to open vRealize Operations Manager (vR Ops)

  1. Select vRealize Operations Manager from the browser favorites.

 

 

Log into vRealize Operations Manager

 

You will now see the login page for vCenter Operations Manager.

  1. User name: admin
  2. Password: VMware1!
  3. Select Login

 

 

Understanding the NSX Main Dashboard

 

You now will see the NSX Main Dashboard. There is a tremendous amount of information from this dashboard of the overall health of the NSX-vSphere environment.

Note: The NSX Main Dashboard may show items like the NSX Manager, Edge, and Controllers as red versus green as in the above picture. You can ignore these warning for this module portion of the lab.

  1. NSX vSphere Environments: This widget lists the individual NSX-vSphere instances that are registered with vRealize Operations Manager
  2. Open Alerts: This widget lists all alerts that have been detected within the environment. We will use this widget in a later chapter in this module.
  3. Transport Layer: This widget displays the health of the vSphere hosts that are participating in the transport zone of the NSX-vSphere infrastructure.
  4. Key NSX-vSphere Components: This widget shows the different infrastructure components that make up NSX-vSphere and the health of each component.

 

 

Understanding the NSX Main Dashboard cont.

 

Scroll down to the bottom of the NSX Main Dashboard.

  1. Objects: This widget lists all resources and the resource kind currently in the NSX-vSphere environment.
  2. Top Logical Networks by Traffic: This widget will list all the logical networks currently in the NSX-vSphere environment in the order of most utilized logical network on top working down to the least utilized logical network.
  3. Top VMs by Traffic (KBps): This widget lists the VMs with the most traffic in KiloBytes per second (KBps). The VM with the most traffic will be at the top of the list working down to the VM with the least amount of traffic utilization.

 

 

Navigate to the NSX Topology Dashboard

 

You will work more within the NSX Main Dashboard in a later chapter in this module. Now you will navigate to the NSX Topology Dashboard.

  1. Click on the NSX Topology Dashboard Tab at the top of the vRealize Operations Manager console.

 

 

Showing Topology

 

  1. Once the NSX-vSphere dashboard has been displayed, select the "app-sv-002" VM.  The other widgets will be updated to reflect the details of that virtual machine.
  2. In the Logical Topology widget select the "Zoom In" icon.
  3. Then select the "Pan" icon and move the mouse until the app-sv-002 VM is shown in the screen.
  4. Mouse over to the app-sv-002 VM and a info block will appear with additional information regarding that object.  Click the app-sv-002 VM.  
  5. Now select the "App-Tier-d12" object.  
  6. Notice the Physical Topology is updated to reflect the App tier.
  7. The Top Issues are updated with any current issues which may be affecting the selected object - you made need to scroll down to see the widget.  
  8. The Metrics widget displays the metrics appropriate for the object selected.   

 

 

Recommendations

 

There are several Alerts which exist in the environment.  Three of the errors pertain to the 3 NSX controllers being in a powered down state.  The following steps walk through the process of verifying the current status and clearing the alerts if required.

  1. Click on the Right Arrow until you see the Recommendations Tab.
  2. Select the "Recommendations" Tab to see the Top Health Alerts.
  3. Select the link "The Controller is Down" to display more detail about the alerts.

 

 

Health Issues

 

The virtual machines which are affected are the NSX controllers.  

  1. Select the link "View Details" to get more information about the recommendations for this virtual machine.

 

 

Controller is Down

 

  1. Click on the link for the controller.

 

 

Verify Power On

 

  1. Select the "Analysis" tab to check the workload, CPU, Memory, etc that the VM is using.

 

 

Analysis of Controller

 

The Analysis page verifies that the VM is running showing a normal Workload with normal CPU, Memory usage.  The next step is to clear the fault.

 

 

Clear Fault

 

  1. Select the "Faults" tab
  2. Select  anywhere on the fault details to highlight the fault.
  3. Select the "Cancel" icon to clear the alert.

 

 

Back to Alerts

 

  1. Select the "Home" icon to return to the NSX Main page.
  2. Select the "Recommendations" tab.
  3. Select the alert "The Controller is Down".
  4. Once the Alerts page is being displayed, repeat the previous steps to verify the 2 remaining controllers are running and clear the alerts.

 

 

 

Conclusion

Feel free to explore other dashboards within the vRealize Operations Manager.

 

Working Within the NSX Topology Dashboard


In this chapter you will work in the NSX Topology dashboard.


 

NSX Topology Dashboard Explained

 

You will now see the NSX Topology dashboard. Like the NSX Main dashboard there are several widgets that make up the areas of this dashboard. Below is an explanation of these areas:

  1. NSX Environments - This is a list of all the NSX environments connected to this instance of vCenter Operations Manager
  2. Resources - This lists all the resources currently available in the currently select NSX Environment
  3. Logical Topology - This is a visual diagram of the logical connection to infrastructure within the NSX environment. We will dig deeper into this section later in this chapter.
  4. Physical Topology - This is a visual diagram of the physical connection to infrastructure within the NSX environment.
  5. Now move to the lower sections of the NSX Topology Dashboard by scrolling to the bottom of the dashboard using the scrollbar to the right.

 

 

NSX Topology Dash board Explained Continued....

 

You will see two more available widgets included with the NSX Topology dashboard.

  1. Metrics - This shows performance metrics of NSX components. We will go deeper into this widget later in this chapter.
  2. Top Issues - This area will display the top issues within the environments as NSX components are highlighted within the topology.
  3. Let's go back to the top of the NSX Topology dashboard and look at some NSX components within this environment.  Scroll back to the top of the NSX Topology Dashboard.

 

 

Selecting an NSX Edge

 

Once back at the top of the dashboard you will focus on the Objects widget to select the NSX Service Edge called "Edge-d1234baf-45fe-40c1-9d63-45eb34fc5f"

  1. Click on the "Object Type" column to sort the list by the type of component.
  2. Scroll through the list until you find the item called Edge-d1234baf-45fe-40c1-9d63-45eb34fc5f with resource kind of NSX-vSphere Edge,
  3. Click on the Edge-d1234baf-45fe-40c1-9d63-45eb34fc5f item in the list.

 

 

 

NSX Logical Topology Widget.

 

Once you click on the Edge-d1234baf-45fe-40c1-9d63-45eb34fc5f item in Objects.  The Logical Topology widget will dynamically show all the NSX components that are associated with this NSX Services Edge.

 

 

NSX Logical Topology Widget Continued...

 

As you will see in the Logical Topology widget the NSX Edge is in the middle surrounded by all the services and virtual machines associated with that edge. Rolling the mouse over the different associated components will bring up a pop-up window showing the Health, Risk, and Efficiency of that component.

  1. In the above image you will see the Load Balancer Service of the Edge-d1234baf-45fe-40c1-9d63-45eb34fc5f edge is good health.

Roll the mouse over other associated components to see the health scores for each.

 

 

Clicking on the  Edge Firewall Service Object

 

Now let's dive a little deeper into one of the associated components.

  1. Click on the NSX Edge Firewall Service component.

Once you click on the NSX Firewall Service component you will see that the Metrics widget has populated. In this widget you will see all the relevant information on the NSX Firewall Service such as Connection Status, Number of Connection Rules, Total traffic in KBps, and total number of packets transfered per second.

Feel free to click on other components within the Logical Topology widget to see the components specific performance in the Metrics widget.

 

 

Selecting a Host from Objects.

 

  1. Now let's go back to the Objects widget and select the host named esx-01a.corp.local with a Object Type of Host System.

 

 

Explain Physical Topology Widget

 

Once you have clicked on the host system in the Resources widget you will notice that the physical topology widget also dynamically populates showing the physical connectivity between NSX components. In this widget you will notice that esx-01a.corp.local has a physical connection to a NSX Controller, a Virtual Machine, and is connect to the Mgmt_Edge_VDS virtual distributed switch.

Just as you did in the Logical Topology widget, you can click on an NSX component in the Physical Topology widget and see performance metrics in the Metrics widget.

  1. Click on the esx-01a.corp.local host in the Physical Topology widget.

 

 

Viewing the Host Performance Metrics.

 

You will see that that the Metrics widget populates with performance information about the esx-01a.corp.local host.

Feel free to click on other NSX components in the Physical Topology widget to see it's performance statistics in the Metrics widget.

 

 

Finished NSX Topology Dashboard

You have successfully completed a walk through of the NSX Topology Dashboard. Feel free to move around this dashboard and explore the different components of this NSX environment. When you are finished exploring this dashboard move on to the next chapter where you will walk through the NSX Object Path Dashboard.

 

Working Within the NSX Object Path Dashboard


In the chapter you will walk through the NSX Object Path Dashboard within the NSX Management Pack of vCenter Operations Manager.


 

Navigate to the NSX Object Path Dashboard

 

  1. To navigate to the NSX Object Path Dashboard scroll to the top of the vRealize Operations Manager console and select the NSX-vSphere Object Path tab in the list of available dashboards at the top of the screen.

 

 

Understanding the widgets of the NSX Object Path Dashboard

 

Just like the NSX Topology Dashboard, the NSX Object Path Dashboard consists of several widgets which provide information about the NSX environment:

  1. NSX Environments - This is a list of all the NSX environments connected to this instance of vCenter Operations Manager
  2. Objects - This lists all the resources currently available in the select NSX Environment
  3. Scroll to the bottom of the dashboard.

 

 

Continue to Understand the Dashboard

 

Once at the bottom of the dashboard you will see the final two widgets that make up the NSX Object Path Dashboard.

  1. Logical Path - This is a topology view of the logical path a packet will travel when communicating between two NSX components.
  2. Physical Path - This is a topology view of the physical path a packet will travel when communicating between two NSX components.

You will notice that both widget state to select two different NSX components within the Resources widget in order to be able to order to diagram out the logical and physical paths. Let's do that now:

  1. Scroll to the top of the dashboard using the scroll bar on the right.

 

 

Selecting NSX Components in Resources Widget.

 

In the Resources widget we will need to select two different NSX components to map out their logical and physical paths.

  1. Click on the Name column of the Object widget to sort the NSX components by their names.
  2. Scroll through the list until you find "db-sv-01a" virtual machine object.

Second, select the "web-sv-01a" virtual machine object.  Once the 2 objects have been selected the Logical Path and Physical path widgets will be updated.

 

 

Understanding the Logical Path Widget

 

First let's look at the logical path:

Note: you can roll the mouse over each object to gather specific information.

  1. db-srv-01a virtual machine - the starting point of our path collection
  2. The packet must navigate a firewall rule associated to the logical switch.
  3. The db-srv-01a virtual machine is connected to the DB-Tier-01 Logical Switch
  4. The DB-Tier-01 logical switch is connected to the Perimeter-Gateway NSX Edge.
  5. The Perimeter-GA NSX Edge has another logical switch attached called the Web-Tier-01Sales logical switch
  6. The packet will communicate on the Web-Tier-01 logical switch and pass through an additional firewall rule associated to that logical switch
  7. Finally reaching the destination virtual machine called web-srv-01a.

The Logical Path widget is a great way to visually see the logical path of a packet between NSX components and quickly determine if there are any health issues of the components in the path.

 

 

Understanding the Physical Path Widget

 

The Physical Path widget displays the physical connections between different object within the NSX environment. As you can see both virtual machines reside on the same physical host called esxcomp-02a.corp.local. Much like the logical path widget the physical path widget gives you a quick diagram of the physical devices connecting different NSX objects and allows you to determine if any physical devices are having performance issues.

Feel free to select different NSX objects within the Resources widget and see the path information between the varying objects.

 

 

Completed Chapter

You have successfully completed the walk through of the NSX Object Path Dashboard. Continue to the next chapter where you will use the NSX Management Pack to troubleshoot issues present within the NSX-vSphere environment.

 

Troubleshooting an Issue Using the NSX Management Pack


In this chapter you will troubleshoot an issue within the NSX-vSphere environment using the NSX Management Pack for vCenter Operations.


 

Navigate to the vSphere Web Client Login Page.

 

  1. Navigate to the vSphere Web Console by clicking the vSphere Web Client favorite in the favorites bar of the browser.

 

 

Log into the vSphere Web Client

 

Now log into the vSphere Web Client

  1. Enter the User name: root
  2. Enter the Password: VMWare1!
  3. Click the Login button.

 

 

Navigate to Host and Clusters

 

  1. From the vSphere Web Client Home screen select Hosts and Clusters.

 

 

Shutdown NSX Controller

 

Once on the Hosts and Cluster page of the vSphere Web Client you will shutdown one of the NSX controllers:

  1. Right click on the NSX controller named NSX_Controller_479e8f25-9cfc-4dbe-....
  2. Select Shut Down Guest OS

 

 

Access to Shut Down NSX Controller

 

Confirm the Shut Down

  1. Select Yes

 

 

Navigate to vRealize Operations Manager

 

Once the NSX Controller has shutdown completely you will navigate to the vCenter Operations Manager console.

Ensure the NSX Controller is shut down completely.

  1. Select the vRealize Operations Manager Favorite from the favorites menu bar.

 

 

Navigate to NSX Main Dashboard

 

You should already be logged into vCenter Operations Manager. Navigate to the NSX Main Dashboard

1. Select the NSX Main Dashboard from the list of dashboards at the top of the console.

 

 

NSX Controller Down

 

Once on the NSX Main Dashboard look at the Control Pane widget. You should see that one of the NSX controllers is now red.  Verify it is the controller which was shutdown by selecting the health badge.  The controller shutdown has a IP address of 192.168.110.203

Note: If the controller is not red wait approximately 2 minutes for vCenter Operations manager to refresh before proceeding.

  1. Double click on the red NSX controller health icon.

 

 

Acknowledging the Alert

 

Now you will automatically see the Summary page for the NSX Controller. Here you will see the Health, Risk, and Efficiency posture of this NSX Controller. Direct your attention to the Top Alert For Selected Resource widget. Notice it has an alert stating the controller is down and provides a recommendation to verify the controller VM is powered on. When you double click on objects on any of the NSX Dashboards you will be directed to the summary page of that object where you can see valuable information.

 

 

Navigate to vSphere Web Client

 

Once vCenter Operations Manager has suggested the best recommendation for the issue you can quickly navigate back to the vSphere Web Client from within the vCenter Operations Console.

  1. Click on the Actions option at the top of the console.
  2. Select Open Controller in vSphere client....

 

 

NSX Controller Page in vSphere Client

 

An additional tab will open in the browser and navigate you to the NSX Controller page of the NSX-vSphere plugin. You will also see here that one of the NSX controllers is listed as Disconnected.

 

 

Return to Host and Clusters Page

 

Now you will need to power back on the NSX Controller as vCenter Operations has suggested as the best resolution to your issue.

  1. Select the Home icon at the top of the vSphere Web Client.
  2. Select Hosts and Clusters icon from the Home Page.

 

 

Power on NSX Controller

 

In the Hosts and Clusters power on the NSX Controller.

  1. Right click on the NSX Controller named NSX_Controller_c6afd8e7-1eda-4460-a9a4-3023a7646.
  2. Select Power On in the menu that appears.

 

 

Completed Chapter

 

You were successfully able to troubleshoot a down NSX controller issue within vCenter Operations Manager using the NSX Management Pack Main Dashboard. Feel free to explore the three dashboards within the NSX Management Pack. Once you are done exploring close the browser.

  1. Close the bowser by clicking the X in the top right corner.

 

Summary


In this module you familiarized yourself with the NSX Management Pack for vCenter Operations Manager by:

Thank you for completing this module. Move to the next module where you will learn how Log Insight can also assist in understanding and managing your NSX-vSphere environment.


Module 5 - Using vRealize Log Insight with NSX (45 minutes)

Introduction


The NSX for vSphere Log Insight Content Pack provides powerful operational reporting and alerting visibility for all sources of log data within NSX. Each major NSX function (logical switching, routing, distributed firewalls, VXLAN gateways, and edge services) is represented within this content pack via custom dashboards, filters, and alerts.  NSX log data is quickly sorted based upon user defined time intervals.  Within seconds the data is presented graphically via bar graphs, pie charts, and raw data collection widgets.

This module will walk through examples of how to use Log Insight and the NSX content pack to:

 

 


vRealize Log Insight Overview



 

Start the Log Generator

 

  1. Click Start
  2. Select PuTTy

 

 

SSH into loggen-l-01a

 

  1. Select loggen-l-01a
  2. Click Open

 

 

Login to loggen-l-01a

 

  1. Username is root
  2. Password is VMware1!

 

 

Start the Log Generator

 

  1. Double-clickthe README file on the Desktop
  2. Highlight and copy the Log Insight Log Generator Command from the bottom of the README.

 

 

Start the Log Generator

 

  1. Click on the PuTTy Window and Right-clickinside the window to paste the command you copied from the README file and press Enter.
  2. You should see logs starting to scroll in the window. Do NOT close the putty windows for the remainder of this module.

 

 

Open Firefox

 

  1. Click on the Firefox icon from the Desktop.

 

 

Login to vRealize Log Insight

 

  1. Click on the Log Insight bookmark
  2. Username is admin
  3. Password is VMware1!

 

 

NSX Overview Dashboard

 

This first dashboard in this content pack shows you the overall view of NSX system and Audit events. You can also scroll down to see the different events and errors and where they are occurring; i.e. Management Plane, Data Plane, or Control Plane.  

Note:  The dashboard in your lab may appear different than the picture shown.

 

 

Distributed Firewall Overview Dashboard

 

  1. Click Distributed Firewall - Overview
  2. Click on pass in the Firewall Actions Graph, this will hide all the passes and only show you the drops. You can do this with any Graph to narrow down your search results to key in on a certain area or entity.

 

 

Display the dropped logs

 

  1. Select the last bar in the Firewall Actions graph.  A menu will appear.
  2. Select "Interactive Analytics"

 

 

Examine the dropped Firewall logs

 

The Interactive Analytics screen will appear as shown above.  The list contains events which matched the "DROP" filter.

 

 

Identifying Properties

 

Key pieces of information can be obtained by placing the mouse of the various fields.  

  1. Place the cursor over the "appname" field.  The application "dfwpktlogs" will highlight for the application field.
  2. Place the cursor over the "vmw_nsx_firewall_action" and "DROP" will highlight.
  3. To find out which firewall rule is evoked for the drop action, highlight the field "vmw_nsx_firewall_ruleid".  The rule id is "1079"
  4. Finally to understand which direction the traffic is flowing, highlight the field "vmw_nsx_firewall_traffic_direction".  The direction "IN" should highlight.

Using this information an administrator can review the firewall rules in NSX and determine if the rule is working as expected or if a change needs to be made.

 

 

Go back to the NSX Dashboards

 

  1. Click on Dashboards

 

 

Logical Switch - Overview

 

  1. Click on the Logical Switch - Overview dashboard on the left
  2. Click on the username "ramin" in the audit events widget. A menu will appear click on "Interactive Analytics" to see events pertaining to the user ramin.                                                                                                       Note: If you don't see the username ramin, try changing the time range to Latest hour or 24 hours of data.

 

 

Events for Time period.

 

  1. Click on the time range drop down menu,  Click "Latest hour of data" to see events which have occurred for that user.
  2. ON the right hand side of the screen are additional filters.  Expand the "vmw_nsx_operation" field.  
  3. We want to view operation events for the user ramin.  Move the mouse to the first column.  When you hover over a graph, a bubble window will appear with an event description such as create or delete. Click the bar to view these logs within the Events tab on the left.  Notice a filter constraint is added matching the event value from the graph.  

 

 

Review the Distributed Firewall Data

 

  1. Click on the "Distributed Firewall - Rule Data" dashboard
  2. Select the magnifying glass icon to go the Interactive Analytics

 

 

Review events for different Firewall Rules

 

  1. Click rule id "1443" and "1080" to filter out that data.

 

 

Events for Rule 1017

 

  1. Click on a segment for rule "1017".  The list of events will change for that rule selected within that time range.  Notice that we now constrain the displayed logs specifically to relevant rule 1017 events.  

 

 

Explore other dashboards

 

Feel free to explore other dashboards within the NSX content pack for vRealize Log Insight.  If you wish to learn more about Log Insight, please enroll in the Log Insight focused Hands-on-Lab, SDC-1426

This concludes Module 5.

 

Summary


In this module of HOL-SDC-1424 you walked through different logging scenarios with the Distributed Firewall and NSX Edge.

You have successfully completed this chapter of the HOL-SDC-1424 lab.


Module 6 - vCenter Orchestrator and the NSX API through vCloud Automation Center Advanced Designer (45 minutes)

Introduction


  In this module you will see the power of using the NSX API through vCenter Orchestrator workflows. You will walkthrough the request process of two separate workflows that create networking components within NSX. These workflows are published within the vCloud Automation Center catalog using the Advanced Designer. By using vCloud Automation Center, vCenter Orchestrator, and the NSX API you can create standard catalog services for creating infrastructure within the software defined datacenter.


Walkthrough Advanced Designer Workflow to Create Logical Switch


In this chapter you will unlock the great potential that can be achieved when combining vCloud Automation Center, NSX for vSphere, and vCenter Orchestrator to create advanced workflows. In this walkthrough you will use a workflow that has been published in vCloud Automation Center, through the Advanced Designer, to automatically create an NSX logical switch and attach it to the NSX Service Gateway.


 

Logging into vCloud Automation Center

Log In.

 

 

Open Firefox

 

  1. Click on the Firefox icon located on the desktop.

 

 

Click on vCloud Automation Center Shortcut

 

Click on the vCloud Automation Center Shortcut.

 

 

Log into vCloud Automation Center

 

NOTE: If you receive and error when trying to log in that states "Login Failed. Please contact your System Administrator"; click the Go back to login page button and retry your login attempt.

  1. Enter User name:   administrator@corp.local
  2. Enter Password:    VMware1!
  3. Click Login Button

 

 

Welcome to the vCloud Automation Center Console

 

You are now logged into the vCloud Automation Center console. As you can see there are several tabs at the top of the console which define different areas of administration within vCloud Automation Center.

  1. Click on the Catalog tab.

 

 

Requesting the Create Networking Item

 

Once in the catalog porton of the vCloud Automation Center Console you will notice several catalog items. In this walkthrough we will be focusing on the Create Networking catalog item.

  1. Select the Request button on the Create Networking Catalog item.

 

 

Create Networking Request Form #1

 

You will now see the initial request form for the Create Networking catalog item. With vCloud Automation Center Advanced Designer you can create very robust request forms to collect necessary information. Notice that required fields are noted with a red astrick beside the field description.

  1. Enter the Description for the request: Create New Logical Switch
  2. Optionally - Enter the reason for this request: For Hands on Lab Testing
  3. Click the Next button.

 

 

Create Networking Request Form #2

 

On the second Create Networking request form you will enter the necessary information to complete the creation of the new NSX logical switch.

  1. Enter the Logical Switch name: New Switch
  2. Enter the Gateway IP Address: 172.16.80.1
  3. Click the Submit button.

 

 

Complete the Create Networking request.

 

Complete the Create Networking request process.

  1. Click the OK button to complete the request.

 

 

Log into vCenter Web Client

 

You will go to the vCenter web client to look at the newly created switch.

  1. Open a new tab in the Firefox browser.

 

 

Select the vCenter Login page from the favorites menu.

 

  1. Once the new tab is opened select the vSphere Web Client link.

 

 

Log into the vSphere Web Client

 

Now log into the vSphere Web Client

  1. Enter the User name: root
  2. Enter the Password: VMWare1!
  3. Click the Login button.

 

 

Select Networking & Security

 

You will now enter the Networking and Security administration page of the vSphere Web Client.

  1. Select Networking & Security

 

 

Navigate to Logical Switches

 

You are now at the NSX Home page. Here we will navigate through several areas of NSX management to check that our Create Networking catalog item finished successfully.

 

 

Check for our new logical switch.

 

Once in the Logical Switches section of the NSX console you will notice that a new switch has been created using the name that you entered during the Create Networking request process.

 

 

Check connection to NSX Edge

 

Now that you have ensured that the logical switch has been created you will check that it was automatically connected to the NSX Service Gateway.

  1. Select NSX Edges from the Networking & Security Menu.

 

 

Select the Perimeter-Gateway Service Gateway

 

Now select the correct services gateway from the list.

  1. Select the Perimeter-Gateway Services Gateway by double clicking on the edge-1 item.

 

 

Select Manage of the Perimeter-Gateway Edge

 

Select to Manage the Perimeter-Gateway NSX Edge

 

 

Check Interfaces

 

Select Interfaces from the Manage sub-menu.

 

 

Ensure the new logical switch is connected

 

On the interfaces section of the Perimeter-Gateway Edge you will notice:

  1. Interface 8 of the Perimeter-Gateway Edge is named New Switch-int
  2. The interface has an IP address of 172.16.80.1 which corresponds to the IP address you entered during the Create Networking request process.
  3. The interface is connected to the New Switch-sw logical switch that was also created during the request process.

 

 

Summary

As you can see by using the NSX API, vCloud Automation Center, and vCenter Orchestrator you can automatically create networking within your virtualization environment by simply requesting them through an easy to navigate catalog. In this chapter you:

  1. Requested new networking through the vCloud Automation Center catalog
  2. Automatically created a logical switch within NSX for vSphere
  3. Automatically connected the newly created logical switch to an NSX Edge Service Gateway
  4. Checked for the completion of the workflow within the vSphere Web Client.

You have successfully completed this chapter of the HOL-SDC-1424 lab.

 

Conclusion

Thank you for participating in the VMware Hands-on Labs. Be sure to visit http://hol.vmware.com/ to continue your lab experience online.

Lab SKU: HOL-SDC-1424

Version: 20150227-061542