Table of Contentsdocs.hol.vmware.com/HOL-2020/hol-2084-01-hbd_pdf_en.pdfIn 2006, Amazon Web Services (AWS) began offering IT infrastructure services to businesses in the form of web

Table of ContentsLab Overview - HOL-2084-01-HBD - VMware Cloud on AWS - Expert Led Workshop.........2

Lab Guidance .......................................................................................................... 3Introduction to Amazon Web Services (AWS) .......................................................... 8Introduction to VMware Cloud on AWS.................................................................... 9VMware Cloud on AWS Architecture and Service Overview...................................12Conclusion............................................................................................................. 15

Module 1 - Working with your SDDC (15 Minutes) .......................................................... 16Student Check-In................................................................................................... 17Introduction to the VMware Cloud on AWS User Interface.....................................21Create a Logical Network and Initial Firewall Configuration ..................................24Log In to the VMware Cloud on AWS vCenter........................................................ 31Create Content Library.......................................................................................... 34Create Linux Customization Specification ............................................................. 46Deploy a Virtual Machine ..................................................................................... 55Conclusion............................................................................................................. 63

Module 2 - Securing Applications in VMware Cloud on AWS Using Distributed Firewall (30Minutes) ......................................................................................................................... 65

What is Distributed Firewall................................................................................... 66Clone a Virtual Machine ........................................................................................ 67Testing connectivity between the Virtual Machines............................................... 75Configuring VMware Cloud on AWS Advanced Networking and Security Services 78Conclusion............................................................................................................. 98

Module 3 - Configuring Hybrid Linked Mode (HLM) for VMware Cloud on AWS (15Minutes) ........................................................................................................................ 100

Introduction......................................................................................................... 101Hands-on Labs Interactive Simulation: Configuring Hybrid Linkded Mode (HLM) forVMware Cloud on AWS ........................................................................................ 102Conclusion........................................................................................................... 103

Module 4 - VMware Cloud on AWS Developer Center and APIs (30 Minutes) ................105What is Developer Center ................................................................................... 106Code Samples ..................................................................................................... 109SDKs and Downloads .......................................................................................... 113API Explorer......................................................................................................... 115PowerCLI ............................................................................................................. 120Datacenter CLI .................................................................................................... 128Conclusion........................................................................................................... 134

HOL-2084-01-HBD

Page 1HOL-2084-01-HBD

Lab Overview -HOL-2084-01-HBD -

VMware Cloud on AWS -Expert Led Workshop

HOL-2084-01-HBD


Lab GuidanceNote: It will take approximately 90 minutes to complete this lab. You can usethe Table of Contents to access any module of your choosing.

The Table of Contents can be accessed in the upper right-hand corner of theLab Manual.

You will interact with the VMware Cloud on AWS interface to perform basic tasks andmanage your public cloud capacity. You will be using real infrastructure and experiencethe service with some of the most common use cases.

Note: A My VMware user account will be provided to access this lab.

Module 1 will cover how to access VMware Cloud Services via Student Check-In.

Lab Module List:.

• Module 1 - Working with your SDDC (15 minutes) (Beginner) With the HTML5 userinterface, you will perform many common tasks in your SDDC on VMware Cloudon AWS, as well as interact with vCenter Server running on VMware Cloud onAWS.

• Module 2 - Securing Applications in VMware Cloud on AWS Using DistributedFirewall (30 Minutes) (Beginner) In this module, you will deploy a second webserver and create a distributed firewall rule to prevent communication betweenthe two web servers.

• Module 3 - Configuring Hybrid Linked Mode (HLM) for VMware Cloud on AWS (15Minutes) (Beginner) In this module, you will walk through an interactivesimulation to set up Hybrid Linked Mode between an on-premises vCenter andthe VMware Cloud on AWS vCenter.

• Module 4 - VMware Cloud on AWS Developer Center and APIs (30 Minutes)(Beginner) In this module we will introduce you to the VMware Cloud on AWSDeveloper Center, and you will also have an opportunity to interact with APIs inorder to be able to automate certain functions within your VMware Cloud on AWSenvironment.

Lab Captains:

• Kerry Holton, Staff VMware Cloud Solution Engineer, USA• Jorge Torres, Senior Technical Account Manager, USA

This lab manual can be downloaded from the Hands-on Labs Document site found here:

http://docs.hol.vmware.com

HOL-2084-01-HBD


http://docs.hol.vmware.com

This lab may be available in other languages. To set your language preference and havea localized manual deployed with your lab, you may utilize this document to help guideyou through the process:

http://docs.hol.vmware.com/announcements/nee-default-language.pdf

Location of the Main Console

1. The area in the RED box contains the Main Console. The Lab Manual is on the tabto the Right of the Main Console.

2. A particular lab may have additional consoles found on separate tabs in the upperleft. You will be directed to open another specific console if needed.

3. Your lab starts with 90 minutes on the timer. The lab can not be saved. All yourwork must be done during the lab session. But you can click the EXTEND toincrease your time. If you are at a VMware event, you can extend your lab timetwice, for up to 30 minutes. Each click gives you an additional 15 minutes.Outside of VMware events, you can extend your lab time up to 9 hours and 30

minutes. Each click gives you an additional hour.

Alternate Methods of Keyboard Data Entry

During this module, you will input text into the Main Console. Besides directly typing itin, there are two very helpful methods of entering data which make it easier to entercomplex data.

HOL-2084-01-HBD


http://docs.hol.vmware.com/announcements/nee-default-language.pdf

Click and Drag Lab Manual Content Into Console ActiveWindow

You can also click and drag text and Command Line Interface (CLI) commands directlyfrom the Lab Manual into the active window in the Main Console.

Accessing the Online International Keyboard

You can also use the Online International Keyboard found in the Main Console.

1. Click on the Keyboard Icon found on the Windows Quick Launch Task Bar.

Click once in active console window

<div class="player-unavailable"><h1 class="message">An error occurred.</h1><div class="submessage"><ahref="http://www.youtube.com/watch?v=xS07n6GzGuo" target="_blank">Try watching this video on www.youtube.com</a>, or enableJavaScript if it is disabled in your browser.</div></div>

HOL-2084-01-HBD


In this example, you will use the Online Keyboard to enter the "@" sign used in emailaddresses. The "@" sign is Shift-2 on US keyboard layouts.

1. Click once in the active console window.2. Click on the Shift key.

Click on the @ key

1. Click on the "@ key".

Notice the @ sign entered in the active console window.

Activation Prompt or Watermark

When you first start your lab, you may notice a watermark on the desktop indicatingthat Windows is not activated.

One of the major benefits of virtualization is that virtual machines can be moved andrun on any platform. The Hands-on Labs utilizes this benefit and we are able to run thelabs out of multiple datacenters. However, these datacenters may not have identicalprocessors, which triggers a Microsoft activation check through the Internet.

Rest assured, VMware and the Hands-on Labs are in full compliance with Microsoftlicensing requirements. The lab that you are using is a self-contained pod and does nothave full access to the Internet, which is required for Windows to verify the activation.

HOL-2084-01-HBD


Without full access to the Internet, this automated process fails and you see thiswatermark.

This cosmetic issue has no effect on your lab.

Look at the lower right portion of the screen

Please check to see that your lab is finished all the startup routines and is ready for youto start. If you see anything other than "Ready", please wait a few minutes. If after 5minutes your lab has not changed to "Ready", please ask for assistance.

HOL-2084-01-HBD


Introduction to Amazon Web Services(AWS)In 2006, Amazon Web Services (AWS) began offering IT infrastructure services tobusinesses in the form of web services now commonly known as cloud computing. Oneof the key benefits of cloud computing is the opportunity to replace up-front capitalinfrastructure expenses with low variable costs that scale with your business. With thecloud, businesses no longer need to plan for and procure servers and other ITinfrastructure weeks or months in advance. Instead, they can instantly spin up hundredsor thousands of servers in minutes and deliver results faster. Today, AWS provides ahighly reliable, scalable, low-cost infrastructure platform in the cloud that powershundreds of thousands of businesses in 190 countries around the world.

What is Cloud Computing?

Cloud computing is the on-demand delivery of compute power, database storage,applications, and other IT resources through a cloud services platform via the Internetwith pay-as-you-go pricing. Whether you are running applications that share photos tomillions of mobile users or you’re supporting the critical operations of your business, acloud services platform provides rapid access to flexible and low-cost IT resources. Withcloud computing, you don’t need to make large upfront investments in hardware andspend a lot of time on the heavy lifting of managing that hardware. Instead, you canprovision exactly the right type and size of computing resources you need to power yournewest bright idea or operate your IT department. You can access as many resources asyou need, almost instantly, and only pay for what you use.

Cloud computing provides a simple way to access servers, storage, databases and abroad set of application services over the Internet. A cloud services platform such asAmazon Web Services owns and maintains the network-connected hardware required forthese application services, while you provision and use what you need via a webapplication

HOL-2084-01-HBD


Introduction to VMware Cloud on AWS

We are bringing together the best technologies from the leader in private cloud and theleader in the public cloud to deliver a jointly engineered solution that will bringsignificant value to customers.

VMware:

• The leader in enterprise compute, storage, and network virtualization• Support a broad range of workloads• The de-facto standard for the enterprise datacenter

Amazon Web Services (AWS):

• Flexible consumption economics• Broadest set of native cloud services• Global scale and reach

HOL-2084-01-HBD


Powerful Use Cases

VMware customers use VMware Cloud on AWS for several use cases as shown above:

• Cloud Migrations - Rapidly and easily migrate vSphere-based workloads to thecloud with VMware Cloud on AWS. Reduce the risk and cost of cloud migrationscompared to alternatives that require conversions or re-architecture. Leveragefamiliar VMware tools and skillsets to accelerate cloud migrations. Once in thecloud, leverage VMware and AWS services to modernize your applications at yourpace.

• Application Migration - Extend on-premises data centers and easily migratetargeted application workloads to VMware Cloud on AWS without conversions.Obtain bi-directional workload portability between on-premises and VMwareCloud on AWS. Modernize your applications through optimized access to nativeAWS services.

• Footprint Expansion - Got new projects? Want to expand into a new geography?Easily extend your footprint into the cloud and get VMware-consistent, enterprise-grade environments in the AWS cloud in a fast and cost-effective way withVMware Cloud on AWS.

• On-demand Capacity - Get VMware SDDC capacity in the AWS Cloud wheneveryour business needs to meet temporary, seasonal, or unplanned demand. Takeadvantage of elastic capacity and usage-based economics of VMware Cloud onAWS by seamlessly moving your live applications into an environment that isoperationally consistent with your VMware-based data center.

• New Application Development and Test - Deliver VMware SDDC-consistent dev/test environments that can integrate with modern CI/CD automation tools. Accessnative AWS services seamlessly for new app development.

• Disaster Recovery as a Service with VMware Site Recovery - Easily deliverbusiness continuity with VMware Site Recovery: on-demand disaster recovery asa service, optimized for VMware Cloud on AWS. Accelerate time-to-protection,simplify disaster recovery operations, and reduce secondary site costs with cloud

HOL-2084-01-HBD


economics, while providing a secondary site that is operationally consistent withyour VMware data center.

• Virtual Desktops & Published Apps - Use VMware cloud on AWS to host desktopsand published applications or enhance your disaster recovery capabilities byusing VMware Cloud on AWS as a DR target for your virtual desktops.

Provide and Maintain Operational Consistency

VMware Cloud on AWS™ enables operational consistency for customers of all sizeswhether their workloads operate on-premises or in the public cloud.

This jointly engineered solution between VMware and Amazon Web Services providesglobal scale and allows customers to leverage their existing skills and tools whilemaintaining compatibility with their existing applications with no re-platformingrequired. Through the power of NSX, customers can architect networking and securityto suit the needs of their applications. VMware Cloud on AWS™ is a software definedenterprise solution that enables customers to maintain consistent SLAs across private,public and hybrid cloud infrastructures.

HOL-2084-01-HBD


VMware Cloud on AWS Architectureand Service OverviewVMware Cloud on AWS is powered by VMware Cloud Foundation, a unified SoftwareDefined Datacenter (SDDC) platform that integrates VMware vSphere, VMware VirtualSAN and VMware NSX virtualization technologies. VMware Cloud on AWS will provideaccess to the broad range of native AWS services, together with the functionality,elasticity, and security customers have come to expect from the AWS Cloud.

VMware Cloud on AWS integrates VMware's flagship compute, storage and networkvirtualization products (vSphere, vSAN and NSX) along with vCenter management, andoptimizes it to run on next-generation, elastic, bare-metal AWS infrastructure. vSphereallows customers to operate their virtual machines and containers in a similar fashion totheir on-premises architecture.

• All-Flash vSAN acts as the storage platform and consumes host-local NVMe flashdevices.

• NSX is used for all network functionality and connects the ESXi hosts to the AWSnetwork and exposes logical networks for virtual machine networking.

An in-cloud SDDC can be used on its own, but most customers have a hybrid cloudstrategy. With vCenter Hybrid Linked Mode (a new feature for VMware Cloud on AWS),

HOL-2084-01-HBD


customers can connect the two vCenters to create a single pane of glass for hybridcloud management.

Most customers run a vRealize product on-premises such as vRealize Operations, orvRealize Automation. The in-cloud vCenter is just another end-point so customers cancontinue using their existing on-premises vRealize products. This way, customers canmanage both their on-premises SDDC and the VMware Cloud on AWS SDDC in a singlepane of glass for operations and provisioning.

VMware Cloud on AWS provides access to a broad range of native AWS services. Thishelps with data gravity because customers are now able to place the application closerto the AWS services acting as a data source. Instead of network traffic flow from the on-premises data center to AWS and vice-versa, they are now connected to the samenetwork as the underlying AWS services. This enables you to build and operate newapplication architectures with minimal latency, network overhead and reduced AWSnetwork outbound costs.

VMware Cloud on AWS is a Cloud Service

VMware Cloud on AWS is delivered, operated and directly supported by VMware.

All software components of the cloud service are fully certified and supported byVMware.

• Jointly engineered, VMware Cloud on AWS provides customers a one-stop shop fornative AWS services from within their SDDC

• All components of the solution are delivered, operated and supported by VMware.• VMware fully certifies and supports all software components of the service

HOL-2084-01-HBD


• VMware removes the burden of managing software patches, updates or upgradesfor users. When operating as a cloud service VMware takes the responsibility ofensuring the service is always up to date

HOL-2084-01-HBD


ConclusionIn this introduction, we covered a high level overview of the VMware Cloud on AWSservice and the architecture.

Single Host SDDC

If you like the Lab and want to continue experiment and test the VMware Cloud on AWScapabilities, please scan the QR Code below to start your 1-Host experience.

HOL-2084-01-HBD


Module 1 - Working withyour SDDC (15 Minutes)

HOL-2084-01-HBD


Student Check-InThis article will provide guidance on how to gain access to VMware Cloud Services. Youwill locate the Student Check-In page, search for your email address and then use aprovided My VMware account for the VMware Cloud Services login.

Open Student Check-In Web Page

1. Open Chrome Browser

1. Click the Student Check-In browser bookmark to navigate tohttps://checkin.hol.vmware.com

Search and Validate

1. Enter your email address used to login and start the lab

HOL-2084-01-HBD


2. Click Search3. Click the My VMware account provided e.g [email protected]

You will now be redirected to a login page.

VMware Cloud Services Sign-In

The VMware Cloud Services portal can translate between English and other languages.

HOL-2084-01-HBD


1. Look for the dropdown and select your preferred language. In most cases, thisshould already be ENGLISH

2. Click the username field and hit TAB or ENTER to enable the NEXT button3. Then click NEXT

1. Enter password: VMware1!2. Click SIGN IN

After logging in:

1. Review the drop down in the right hand corner where your account name is andmake sure HOL-VMC-xx is showing, where xx can be a number between 01 and50.

Note: If this is not showing, ending and starting the lab again should fix the issue. If not,please work with your workshop instructor.

HOL-2084-01-HBD


Select VMware Cloud on AWS

This is the Console landing page which provides navigation to any cloud services youhave subscribed to.

In this lab, only VMware Cloud on AWS will be available to open.

1. Click on VMware Cloud on AWS to open

You now have access to VMware Cloud on AWS until this lab expires or ends. Enjoy!

HOL-2084-01-HBD


Introduction to the VMware Cloud onAWS User InterfaceIn this module, we will access a pre-built VMware Cloud on AWS Software DefinedDatacenter (SDDC). We will also provide an overview of the VMware Cloud on AWS userinterface and become familiar with the options available with the solution.

Note that you may need to lower the zoom percentage on your browser to seeeverything in some windows.

Viewing Your SDDCs

After you login, you should see a single SDDC in the user interface following the namingformat HOL-SDDC. An SDDC is a fully deployed environment including vSphere, NSX,vSAN and vCenter Server. Deployment of a fully configured SDDC takes about two hours

HOL-2084-01-HBD


so for the purposes of this lab, we have already deployed it for you. This SDDC is in thesame state it would be if you have deployed it. Let's take a look at the SDDC properties.

1. Click VIEW DETAILS to open the SDDC properties.

Note that we are using single-node SDDCs for this workshop. Single-node environmentsare not production supported environments, and they are automatically deleted whenthe workshop ends. The single-node environments are primarily used for customers whowant to do a pilot of VMware Cloud on AWS, and therefore linking to an AWS account isnot required immediately.

Viewing SDDC Properties

In addition to the Summary of the SDDC, there are a number of other tabs available asfollows:

• Networking & Security: Provides a full diagram of the Management andCompute Gateways. This is where you can configure logical networks, VPNs,DNS, Public IPs, Direct Connect, firewall rules and more.

• Add Ons: Here you will find Add On services for your VMware Cloud on AWSenvironment like Hybrid Cloud Extension and VMware Site Recovery

• Maintenance: Allows you to see upcoming maintenance and to choose amaintenance window.

• Troubleshooting: Allows you to run network connectivity tests to ensure allnecessary access is available to perform select use cases.

• Settings: Gives you access to your vSphere Client (HTML5), vCenter Server API,PowerCLI Connect, vCenter Server and reviews your Authentication information.

• Support - Provides information for Support including your SDDC ID, Org ID,vCenter Private and Public IPs and the date of your SDDC Deployment.

HOL-2084-01-HBD


1. Click on Networking & Security to proceed to the next lesson to learn moreabout VMware Cloud on AWS Network and Security Configuration.

Note that two informational messages are shown above the SDDC Summary(these messages may not appear in the lab environment):

• CONNECT TO AWS ACCOUNT: In a single-node deployment, you are notrequired to link to an AWS account for 14 days.

• SCALE UP: Single-node deployments are not production supported environmentsand will be automatically deleted after 30 days unless the environment is scaledup to a minimum of three hosts.

HOL-2084-01-HBD


Create a Logical Network and InitialFirewall Configuration

From the previous lesson, you should see the Network & Security information for theSDDC. VMware Cloud on AWS allows you to quickly and easily create new logicalnetwork segments on demand. Let's create a new network segment in the SDDC.

1. Click the Networking & Security tab2. Click on Segments to show all of the existing network segments3. Click on ADD SEGMENTS to create a new network segment4. Enter Demo-Net for the Name of the new network segment5. Leave Routed selected for the Type6. For the Gateway/Prefix Length enter 192.168.200.1/24. This represents the

default gateway of the network and the prefix length of the network. For moredetails on IP addressing see below.

7. For DHCP, click the down arrow and select Enabled to enable DHCP on thenetwork.

8. Enter 192.168.200.10-192.168.200.200 for the DHCP IP Range. This is therange of IP addresses the DHCP server will grant to workloads attached to thenetwork.

9. Click SAVE to save the logical network.

Note: Make sure to leave the default of Routed for Type and do not enteranything for the DNS suffix.

HOL-2084-01-HBD


Note: CIDR notation is a compact representation of an IP address and its associatedrouting prefix. The notation is constructed from an IP address, a slash('/') character, anda decimal number. The number is the count of leading bits in the routing mask,traditionally called the network mask. The IP address is expressed according to thestandards of IPv4 or IPv6.

The address may denote a single, distinct interface address or the beginning address ofan entire network. The maximum size of the network is given by the number ofaddresses that are possible with the remaining, least-significant bits below the prefix.The aggregation of these bits is often called the host identifier.

For example:

• 192.168.100.14/24 represents the IPV4 address 192.168.100.14 and itsassociated routing prefix 192.168.100.0, or equivalently, its subnet mask255.255.255.0, which has 24 leading 1-bits.

• the IPV4 block 192.168.100.0/22 represents the 1024 IPV4 addresses from192.168.100.0 to 192.168.103.255.

Verify Network Segment Configuration

1. Verify the network segment was added correctly. Your information should matchthe circled area above.

HOL-2084-01-HBD


Configure Firewall Rule for vCenter Access

By default, all inbound traffic to VMware Cloud on AWS is set to drop. In order to accessvCenter server, we will need to configure a firewall rule allowing inbound access.

Note: In most enterprise environments, you would configure a VPN or DirectConnect and firewall rules to allow access to vCenter. In this environment, wewill open it to any IP address on the internet which is not recommended.

1. Click on Gateway Firewall on the left-hand side of the screen2. If it is not already selected, click on Management Gateway to create firewall

rules that allow access to management components in the SDDC3. Click ADD NEW RULE to add a new rule to the edge gateway4. For the Name enter vCenter Inbound Rule5. Click Set Source to define the source for the firewall rule.

HOL-2084-01-HBD


Select the Firewall Rule Source

1. Click the Radio Button next to Any.2. Click SAVE to save the source information in the rule

HOL-2084-01-HBD


Configure Firewall Rule for vCenter Access (Continued)

Continue configuring the vCenter Inbound Rule:

1. Click Set Destination to set the destination for the rule

HOL-2084-01-HBD


Select the Firewall Rule Destination

We will select the vCenter group under the System Defined Groups for our destination.

1. Click the Radio Button next to System Defined Groups2. Select the Radio Button next to vCenter3. Click SAVE to save the destination information in the rule

HOL-2084-01-HBD


Configure Firewall Rule for vCenter Access (Continued)

Continue configuring the vCenter Inbound Rule:

1. Click box below Services and select HTTPS (TCP 443) to allow SSL access tothe vCenter server

2. Publish the rules by clicking PUBLISH to activate the firewall rule

vCenter should now be accessible from anywhere on the internet. In the next section,we will access the vCenter HTML client to begin configuring virtual machines.

HOL-2084-01-HBD


Log In to the VMware Cloud on AWSvCenter

The settings to connect to the vCenter server associated with the SDDC are available onthe Settings tab for the SDDC. Let's connect to the vCenter server and log in.

1. Click on the Settings tab for the SDDC we configured in the last lesson2. Click the arrow next to Default vCenter User Account to expose the login

details. In this lab we will use the default [email protected] user3. Copy the password by clicking the two squares next to the password. This will

copy it to the consoles clipboard4. Click the arrow next to vSphere Client (HTML5) to expose the URL for vCenter5. Click the URL link to open the vSphere Client in another tab.

NOTE: If you experience any login issues below, you can click the two boxesnext to the URL below to paste the URL into an incognito window. This shouldnormally not be needed.

HOL-2084-01-HBD


Log In to the Web Client

Log in to the vSphere Web Client on the new tab that has opened

1. In the User name field type [email protected]. Right-click in the Password field and Paste the password copied in the previous

step3. Click LOGIN

If you get the Open vmware-cip-launcher.exe? message, click Cancel.

HOL-2084-01-HBD


vSphere Web Client

You are now logged in to your VMware Cloud on AWS vCenter Server as [email protected] user.

Note: If you see a Certificate Status warning, you can click Acknowledge to eliminatethat warning.

HOL-2084-01-HBD


Create Content LibraryContent libraries are container objects for VM templates, vApp templates, and othertypes of files like ISO images.

You can create a content library in the vSphere Web Client and populate it withtemplates which you can use to deploy virtual machines or vApps in your VMware Cloudon AWS environment. If you already have a Content Library in your on-premises datacenter, you can use the Content Library to import content into your SDDC.

You can create two types of libraries: local or subscribed.

Local Libraries

You use a local library to store items in a single vCenter Server instance. You can publishthe local library so that users from other vCenter Server systems can subscribe to it.When you publish a content library externally, you can configure a password forauthentication.

VM templates and vApps templates are stored as OVF file formats in the content library.You can also upload other file types, such as ISO images, text files, and so on, in acontent library.

Subscribed Libraries

You subscribe to a published library by creating a subscribed library. You can create thesubscribed library in the same vCenter Server instance where the published library is, orin a different vCenter Server system. In the Create Library wizard you have the option todownload all the content of the published library immediately after the subscribedlibrary is created or to download only metadata for the items from the published libraryand to download the full content of only the items you intend to use later.

To ensure the contents of a subscribed library are up-to-date, the subscribed libraryautomatically synchronizes to the source published library on regular intervals. You canalso manually synchronize subscribed libraries.

You can use the option to download content from the source published libraryimmediately or only when needed to manage your storage space.

Synchronization of a subscribed library that is set with the option to download all thecontents of the published library immediately synchronizes both the item metadata andthe item contents. During the synchronization, the library items that are new for thesubscribed library are fully downloaded to the storage location of the subscribed library.

Synchronization of a subscribed library that is set with the option to download contentsonly when needed synchronizes only the metadata for the library items from thepublished library,and does not download the contents of the items. This saves storage

HOL-2084-01-HBD


space. If you need to use a library item, you need to synchronize that item. After youare done using the item, you can delete the item content to free space on the storage.For subscribed libraries that are set with the option to download content only whenneeded, synchronizing the subscribed library downloads only the metadata of all theitems in the source published library, while synchronizing a library item downloads thefull content of that item to your storage.

If you use a subscribed library, you can only utilize the content but cannot contributewith content. Only the administrator of the published library can manage the templatesand files.

Access Content Libraries in the vSphere Client

1. Click on Menu2. Click on Content Libraries

HOL-2084-01-HBD


Subscribe to an existing Content Library

You may already have a Content Library in your on-premises data center, and you canadd a Content Library to import content into your SDDC.

1. In your Content Libraries window, click the + (plus) sign to add a new ContentLibrary.

HOL-2084-01-HBD


Subscribe to an existing Content Library (Continued)

1. Enter ELW Content Library for the Name of the content library2. Click the NEXT button

HOL-2084-01-HBD


Select Content Library Type

1. Select the radio button next to Subscribed content library2. Under Subscription URL enter the following: http://vmc-elw-

vms.s3-accelerate.amazonaws.com/lib.json (To copy and paste URL: Highlight theURL and drag and drop to the Subscription URL field)

3. Leave the checkbox unchecked next to Enable authentication4. Make sure Download content is set to immediately5. Click NEXT to continue

HOL-2084-01-HBD


http://vmc-elw-vms.s3-accelerate.amazonaws.com/lib.json

http://vmc-elw-vms.s3-accelerate.amazonaws.com/lib.json

The content library we will use for this exercise is located in AWS S3 storage.

1. If the above message appears, click YES to accept the certificate and move tothe next screen. Otherwise move on to the next screen.

HOL-2084-01-HBD


Select Content Library Storage

1. Click on WorkloadDatastore for to store the content library contents2. Click the NEXT button

HOL-2084-01-HBD


Complete the Configuration

1. Click the FINISH button. Your content library should take a couple of minutes tofinish syncing.

Create a Local Content Library

We'll now create a local content library that will just be used for our VMware Cloud onAWS environment and not synchronized.

HOL-2084-01-HBD


1. In your Content Libraries window, click the + (plus) sign to add a new ContentLibrary.

Name the Local Content Library

1. Enter Local Content Library for the Name of the content library2. Click the NEXT button

HOL-2084-01-HBD


Select the Content Library Type

1. Select the radio button next to Local content library2. Click the NEXT button

HOL-2084-01-HBD


Select Local Content Library Storage

1. Click on WorkloadDatastore for content library storage2. Click the NEXT button

HOL-2084-01-HBD


Complete Local Content Library Configuration

1. Review your information and click FINISH to create the content library

Congratulations, you have created your Local Content Library.

HOL-2084-01-HBD


Create Linux CustomizationSpecificationWhen you clone a virtual machine or deploy a virtual machine from a template, you cancustomize the guest operating system of the virtual machine to change properties suchas the computer name, network settings, and license settings.

Customizing guest operating systems can help prevent conflicts that can result if virtualmachines with identical settings are deployed, such as conflicts due to duplicatecomputer names.

You can specify the customization settings by launching the Guest Customization wizardduring the cloning or deployment process. Alternatively, you can create customizationspecifications, which are customization settings stored in the vCenter Server database.During the cloning or deployment process, you can select a customization specificationto apply to the new virtual machine.

Use the Customization Specification Manager to manage customization specificationsyou create with the Guest Customization wizard.

HOL-2084-01-HBD


Navigate to Customization Specifications

1. Click Menu2. Click on Policies and Profiles

HOL-2084-01-HBD


Add A New VM Customization Specification

1. Click on + New to add a new Customization Specification

HOL-2084-01-HBD


Define Customization Specification Details

1. Enter LinuxSpec for the Name of the customization specification2. Optionally enter a Description3. Select the radio button for Linux next to Target guest OS4. Click the NEXT button to continue

HOL-2084-01-HBD


Define Specification Naming Standard

1. Click the radio button next to Use the virtual machine name2. For Domain name enter corp.local3. Click the NEXT button to continue

HOL-2084-01-HBD


Select Time Zone

1. Select US in the Area dropdown listbox2. Select Pacific in the Location dropdown listbox3. Click the NEXT button to continue

HOL-2084-01-HBD


Select Network Settings

1. Ensure the radio button next to Use standard network settings for the guestoperating system, including enabling DHCP on all network interfaces isselected

2. Click NEXT to continue

HOL-2084-01-HBD


Enter DNS Settings

1. Enter 8.8.8.8 for the Primary DNS server2. Enter 8.8.4.4 for the Secondary DNS server3. For the DNS Search Paths enter corp.local4. Click the ADD button to add the corp.local domain to the DNS search path5. Click NEXT to continue

HOL-2084-01-HBD


Finish Creating the Customization Spec

1. Review your entries and click on the FINISH button

Customization Spec Created

Congratulations! You have successfully created your VM Customization Spec for yourLinux VM's. You can also Import, Edit, Duplicate, and Export a VM Customization Spec.

HOL-2084-01-HBD


Deploy a Virtual MachineNow that we have synchronized a template from the content library and created acustomization specification for Linux, let's deploy a virtual machine.

Access the Content Library

In the already open vSphere Client window, complete the following:

1. Click on Menu2. Click on Content Libraries

Select Content Library

HOL-2084-01-HBD


1. Click on the ELW Content Library that we previously synchronized.

Deploy a New Virtual Machine from Template

1. Click the Templates tab to access the template synchronized in the contentlibrary

2. Click the OVF & OVA Templates button3. Right-click on the photoapp-u template to expose the Actions menu4. Click on New VM from This Template to deploy a virtual machine from the

template

HOL-2084-01-HBD


Choose Virtual Machine Name and Location

1. Enter Webserver01 for the Virtual machine name2. Click the arrow next to SDDC-Datacenter to expose the available folders3. Click the Workloads folder (In VMware Cloud on AWS, customer workloads are

placed in the Workloads folder or a Workloads subfolder)4. DO NOT select the Checkbox next to Customize the operating system5. Click NEXT to continue

HOL-2084-01-HBD


Select Resource Pool

1. Click the arrow next to Cluster-1 to expose the resource pools available2. Click the Compute-ResourcePool to select it (In VMware Cloud on AWS,

customer all workloads are placed in the Compute-ResourcePool)3. Click NEXT to continue

HOL-2084-01-HBD


Review the Template Details

Review the details of the template to be deployed. There may be a security warningdisplayed but you can safely ignore that for the purpose of this lab.


HOL-2084-01-HBD


Select Virtual Machine Storage

Each VMware Cloud on AWS SDDC will include two datastores in order to separatemanagement and customer workloads. All customer workloads are placed on thedatastore named WorkloadDatastore.

1. Click WorkloadDatastore to select the datastore where the virtual machine willbe provisioned


HOL-2084-01-HBD


Select the Network for the Virtual Machine

We will use the logical network created in a previous exercise for these virtual machines.

1. Click the arrow below Destination Network to select the network for the virtualmachine.

2. Click Demo-Net to select the network created in a previous lesson3. Click NEXT to continue

HOL-2084-01-HBD


Complete the Virtual Machine Deployment

1. Review the information for accuracy and click FINISH to deploy the virtualmachine

It should take a couple of minutes for the virtual machine to deploy.

HOL-2084-01-HBD


ConclusionIn this module, we explored the setup of configuration of a VMware Cloud on AWS SDDCincluding utilizing the content library and deploying virtual machines.

Single Host SDDC


You have completed this Module!

Congratulations on completing Module 1 for VMware Cloud on AWS Hands on Lab. Youcan continue now to Module 2.

HOL-2084-01-HBD


How to end the lab

If you would like to skip future modules and end your lab, click on the END button.

You may now proceed to Module 2 to get hands on with Distributed Firewall in VMwareCloud on AWS.

Lab Module List:





Lab Captains:


HOL-2084-01-HBD


Module 2 - SecuringApplications in VMware

Cloud on AWS UsingDistributed Firewall (30

Minutes)

HOL-2084-01-HBD


What is Distributed FirewallThe NSX Distributed Firewall enables micro-segmentation (granular control over East-West traffic) for application workloads running in the VMware Cloud on AWS SDDC. Thedefault security policy is allow all, and with Distributed FIrewall, users can create denypolices to block east-west traffic in VMware Cloud on AWS.

In this module, we will clone our web server VM that we created in the previous moduleand then create a distributed firewall rule to prevent the web servers fromcommunicating with each other.


HOL-2084-01-HBD


Clone a Virtual MachineIn this lesson, you will clone the virtual machine created in the previous lesson in orderto create a second web server.

Navigate to VMs and Templates

Before proceeding, validate the virtual machine deployment completed in the previouslesson by looking for the Deploy OVF template task under Recent Tasks andverifying it is Complete

1. Click on Menu2. Click VMs and Templates to navigate to the VMs and Templates view

HOL-2084-01-HBD


Select and Power On Webserver01

Before we can clone the web server, we will first need to power it on.

1. Click the arrow next to SDDC-Datacenter to expose the sub-folders2. Click the arrow next to Workloads3. Click on the virtual machine Webserver01

4. Click the green arrow in the top center of the screen to execute the power onoperation

NOTE: Please wait until the virtual machine is fully powered on and the IPAddress has been assigned before proceeding to the next step.

Note: Ensure the NIC is connected by right-clicking Webserver01 and then EditSettings and turn on the check box next to Connected (not shown). You may need torepeat this step for Webserver02

HOL-2084-01-HBD


Initiate Cloning of the Virtual Machine

We will now begin the process of cloning this virtual machine.

1. Right-click on Webserver01 to expose the Actions menu2. Click on Clone to expose a secondary menu of options3. Click Clone to Virtual Machine to initiate the cloning wizard

Note: If the IP Address is not populating, as shown in the highlighted area, ensure theNIC is connected by right-clicking Webserver01 and then Edit Settings and turn onthe check box next to Connected (not shown). You may need to repeat this step forWebserver02

HOL-2084-01-HBD


Select Virtual Machine Name and Folder

1. Next to Virtual machine name enter Webserver022. Click the Workloads folder for the virtual machine location3. Click NEXT to continue

HOL-2084-01-HBD


Select Virtual Machine Compute Resource

1. Click on Compute-ResourcePool to ensure it is selected for the target virtualmachine


HOL-2084-01-HBD


Select Virtual Machine Datastore

1. Click on WorkloadDatastore to ensure it is select as the destination for thevirtual machine


HOL-2084-01-HBD


Select Cloning Options

We will now set the options for this cloning options.

1. Click the checkbox next to Power on virtual machine after creation2. Click NEXT to continue

HOL-2084-01-HBD


Complete the Virtual Machine Deployment

1. Review the information for accuracy and click FINISH to deploy the virtualmachine

It should take a couple of minutes for the virtual machine to deploy. Continue to thenext lesson to learn about securing workloads in a VMware Cloud on AWS SDDC withDistributed Firewall.

Note: As with Webserver01, you may need to check the settings of your Webserver02and ensure that the network adapter is connected. Right-click on Webserver02 VM andEdit Settings and ensure Network Adapter has the Connected checkbox checked.

HOL-2084-01-HBD


Testing connectivity between theVirtual MachinesIn this lesson we will test the connectivity between Webserver01 (created in Module 1)and Webserver02 (created in Module 2).

Open Console to Webserver01

We need to open a console session to Webserver01 to validate it can communicate withWebserver02

1. In the vSphere Web Client click on Webserver01 to bring it into focus2. Click the black box below Summary in the middle of the screen. This will

attempt to launch a console session but it may fail because the pop-up wasblocked. If this occurs follow steps 3-6, otherwise proceed to the next page.

3. Click the icon with the small red x in the Chrome address bar to launch to pop-up blocker dialog

4. Click the radio button next to Always allow pop-ipsfrom https://vcenter.sddc-xx-xx-xx-xx.vmwarevmc.com

5. Click the Done button6. Return to the black box below the Summary and click it again. The console

session should launch

HOL-2084-01-HBD


https://vcenter.sddc-xx-xx-xx-xx.vmwarevmc.com

Launch Web Console

1. Click the radio button next to Web Console2. Click OK

Find the IP Address for Webserver02

Before we can test connectivity between the two servers, we need to find the IP addressof Webserver02

1. Click the vSphere - Webserver02 browser tab

HOL-2084-01-HBD


2. Click on the virtual machine Webserver023. Take note of the IP Address for Webserver02 in the middle of the screen. This

will be needed in the next step4. Click the browser tab for the console session for Webserver01

Login and Ping Webserver02

Now that we have to IP address for Webserver02 let's setup a continuous ping to theserver to verify communication.

1. Before beginning, click anywhere inside the console window to bring it into focus2. At the login prompt enter root and press Enter3. At the password prompt enter VMware1! and press Enter4. At the console prompt, enter ping 192.168.200.xxx where xxx is the last octet

of the IP address for Webserver02 and press Enter. In most cases the last octetwill be 11, but verify this in your configuration

5. Verify the pings are successful

NOTE: Please leave this ping and console Window open for the next lesson. We willrevisit it to verify the web servers can no longer communicate.

Congratulations! You have now deployed two web servers in the VMware Cloud on AWSSDDC and verified they can communicate with each other. In the next lesson we willcreate firewall rules to block the servers from communicating with each other and alsomake Webserver02 accessible from the internet.

HOL-2084-01-HBD


Configuring VMware Cloud on AWSAdvanced Networking and SecurityServices

Using VMware Cloud on AWS Advanced Network Services, users have the capability toimplement micro-segmentation with Distributed Firewall. Granular security policies canbe applied at the VM-level allowing for segmentation within the same L2 network oracross separate L3 networks. This is shown in the diagram above.

All networking and security configuration is now done through the VMware Cloud onAWS console via the Networking & Security tab, including creating network segments.This provides ease of operations and management by having all networking andsecurity access through the console.

HOL-2084-01-HBD


Navigate to the VMware Cloud on AWS Console

We will now switch back to the VMware Cloud on AWS console.

1. Click on the VMware Cloud on AWS Chrome tab and log in with theinformation you were provided if your session has expired

2. Click on VIEW DETAILS to access the details for the SDDC

HOL-2084-01-HBD


Navigate to Networking & Security for the SDDC

1. Click on Networking & Security to see the overview for the SDDC

HOL-2084-01-HBD


View Distributed Firewall

1. Click on Distributed Firewall

In addition to the ability to create multiple sections, users can organize DistributedFirewall rules into groups (Emergency Rules, Infrastructure Rules, Environment Rules,and Application Rules. The rules are executed from the top-down.

Note: You may see the following text when selecting Distributed Firewall:

Warning :: LIMITED Free Trial of Distributed Firewall Feature You are currentlyentitled to free usage of advanced networking & security capabilities as part of VMwareCloud on AWS for a limited time only. This will be a paid capability in the future. Pleaseconsult with VMware sales rep or customer success team for more information.

HOL-2084-01-HBD


Security Groups

1. Click on Groups under the Inventory menu

In addition to the Distributed Firewall capabilities, grouping objects can be leveragedwithin security policies. Security groups support the following grouping criteria/constructs:

• IP Address• VM Instance• Matching criteria of VM Name• Matching Criteria of Security Tag

Security Groups can be created under Workload Groups or Management Groups.Workload Groups can be used in Distributed Firewall and Compute Gateway firewallpolicies and Management Groups can be used under Management Gateway firewallpolicies. Management Groups only support IP addresses as these groups areinfrastructure based. Predefined Management Groups groups already exist for vCenter,ESXi hosts, and NSX Manager. Users can also create groups here based on IP address foron-prem ESXi hosts, vCenter, and other management appliances.

HOL-2084-01-HBD


View VM's In a Security Group

1. Click on Management Groups to see the 3 groups that have automatically beencreated for ESXi, NSX Manager, and vCenter, and note that they are IP-based.

HOL-2084-01-HBD


Edit Tags for Webserver01

We will now begin tagging the virtual machines with security tags. Tagging allows userto assign tags to virtual machines. These tagged virtual machines can be automaticallymade part of a group that is used for firewall policies

1. Click on the Virtual Machines group to see the two web server VMs we'veprovisioned

2. Locate Webserver01 and click the three vertical dots3. Click Edit

HOL-2084-01-HBD


Add Security Tag

1. Under Tags, enter Web for Webserver012. Click SAVE to commit the changes

Edit Tags for Webserver02

HOL-2084-01-HBD


We will now tag Webserver02 with the same Web tag. We will use this to create a groupfor both web servers

1. Locate Webserver02 and click the three vertical dots2. Click Edit

Add Security Tag

1. Under Tags, enter Web for Webserver022. Click SAVE to commit the changes

HOL-2084-01-HBD


Creating a Dynamic Group

Groups can be used in VMware Cloud on AWS Advanced Network Services to groupvirtual machines and simplify rule-based configuration. In this exercise, we will groupthe two webservers into a group and then create a firewall rule to block communicationbetween them. In a properly architected traditional application, there is usually no needfor servers in the web tier to communicate.

We will now create a group of web servers based on the dynamic security tag weapplied earlier.

1. Click on Workload Groups2. Click on ADD GROUP3. Under Name enter Web for the name of the group4. Under Member Type, click the drop down and select Membership Criteria5. Under Members click Set Membership Criteria

HOL-2084-01-HBD


Add Membership Criteria

We will now add the criteria to group machines based on security tag we added to ourtwo web servers

1. Click on + ADD CRITERIA2. Under Property, click the dropdown listbox and select Tag3. Under Value, enter Web4. Click Save to continue

HOL-2084-01-HBD


Save Changes

1. Click SAVE to commit the changes

View Members

We can now validate the group membership is working as expected.

1. Click the three vertical dots next to the Web group we just created

HOL-2084-01-HBD


2. Click on View Members to show the current members of the dynamic group

Validate Group Members

1. Validate that both Webserver01 and Webserver02 appear in the groupmembership. If they do not, go back and verify there are no typos.

2. Click CLOSE

Now that this group is created, you can easily add new members by simply applying asecurity tag, and distributed firewall rules for that group will automatically be applied.

HOL-2084-01-HBD


Create a Firewall Rule Section

Now that we have created our dynamic group, let's create a firewall rule to block accessbetween the web servers.

1. Click Distributed Firewall on the left-hand menu2. Click Application Rules3. Click ADD NEW SECTION to create a new section for the rule. This functionality

allows you to group rules logically to make operating the environment simpler4. Under Name, enter Web Tier5. Click PUBLISH to commit the changes

Note: You may see the following text when selecting Distributed Firewall:

Warning :: LIMITED Free Trial of Distributed Firewall Feature You are currentlyentitled to free usage of advanced networking & security capabilities as part of VMwareCloud on AWS for a limited time only. This will be a paid capability in the future. Pleaseconsult with VMware sales rep or customer success team for more information.

HOL-2084-01-HBD


Add Firewall Rule

Now that we have the section created, we can add a firewall rule

1. Click the Arrow next to the Web Tier section2. Click ADD NEW RULE button3. Under Name, enter Block Web To Web4. Under Action, click the dropdown listbox and select Drop5. Under Sources click Any

HOL-2084-01-HBD


Select Source

1. Click the Checkbox next to Web2. Click SAVE to commit the changes to the rule

HOL-2084-01-HBD


Add Destination

1. Under Destinations click Any

HOL-2084-01-HBD


Select Destination

1. Click the Checkbox next to Web2. Click SAVE to commit the changes to the rule

HOL-2084-01-HBD


Publish Firewall Rule

1. Click PUBLISH to commit the rule and begin blocking traffic between the webservers.

Testing the Distributed Firewall Rule

You should still have the console session opened from the previous exercise toWebserver01 and it should be running a ping command.

1. Click the Chrome Tab for Webserver01

HOL-2084-01-HBD


The pings should have stopped responding meaning that the distributed firewall ruleshave been correctly applied. This simple demonstration should give you an idea of thepower of the distributed firewall.

HOL-2084-01-HBD


ConclusionIn this module, we cloned a web server virtual machine and used distributed firewall tocreate a rule to block traffic between web servers.

Single Host SDDC




HOL-2084-01-HBD


How to end the lab


You may now proceed to Module 3 to get hands on with Developer Center and APIs inVMware Cloud on AWS.

Lab Module List:





Lab Captains:


HOL-2084-01-HBD


Module 3 - ConfiguringHybrid Linked Mode

(HLM) for VMware Cloudon AWS (15 Minutes)

HOL-2084-01-HBD


IntroductionIn this module, we will walk through an interactive simulation of deploying the vCenterCloud Gateway appliance and configuring Hybrid Linked Mode.

HOL-2084-01-HBD


Hands-on Labs Interactive Simulation:Configuring Hybrid Linkded Mode(HLM) for VMware Cloud on AWSThis part of the lab is presented as a Hands-on Labs Interactive Simulation. This willallow you to experience steps which are too time-consuming or resource intensive to dolive in the lab environment. In this simulation, you can use the software interface as ifyou are interacting with a live environment.

1. Click here to open the interactive simulation. It will open in a new browserwindow or tab.

2. When finished, click the “Return to the lab” link to continue with this lab.

The lab continues to run in the background. If the lab goes into standby mode, you canresume it after completing the module.

HOL-2084-01-HBD


http://docs.hol.vmware.com/hol-isim/hol-2020/hol-isim-player.htm?isim=hol-2084-01-hbd-hybridlinkedmode.htm

ConclusionIn this module, we explored setting up Hybrid Linked Mode between the on-premisesvCenter and the VMware Cloud on AWS vCenter.

Single Host SDDC



Congratulations on completing Module 4 for VMware Cloud on AWS Hands on Lab. Youhave now completed the VMware Cloud on AWS - Expert Led Workshop!

HOL-2084-01-HBD


How to end the lab


Lab Module List:





Lab Captains:


HOL-2084-01-HBD


Module 4 - VMware Cloudon AWS Developer Center

and APIs (30 Minutes)

HOL-2084-01-HBD


What is Developer CenterThe Developer Center is a great resource area allowing developers and those looking toautomate their Infrastructure to get up and running quickly with VMware Cloud on AWS.Those looking to programmatically interact with their VMware Cloud on AWS platformcan gain access to this information using the "Developer Center" tab in the VMwareCloud on AWS console.


HOL-2084-01-HBD


Developer Center

To get started, let's go to the VMware Cloud on AWS Environment. If you have notalready logged into VMC, launch Google Chrome and log into your VMware Cloud onAWS org with your credentials provided in the Student Check-in section. If you havebeen logged out of your previous VMC session, log back in using the credentials fromthe Student Check-in.

1. Click on Developer Center

Note: If the browser locks up, close browser and reopen

HOL-2084-01-HBD


HOL-2084-01-HBD


Code Samples

Let's check out a code sample that was uploaded by one of our API developers.

1. Click on Code Samples in the menu2. You can use the "Filter Samples" input to look for PowerCLI - VMC Example

Script3. Click on Download

If you scroll through this screen you will see there are code samples for Postman (aREST API Development Environment), Python, PowerCLI, and many others. Anyone cancontribute code samples to the community, if that interests you go tohttp://code.vmware.com or click on the link "VMware{code} Sample Exchange".

HOL-2084-01-HBD


http://code.vmware.com

Open Downloaded Script

After the script downloads

1. Click on the arrow in the bottom left corner2. Click on Show in Folder

Extract the Zip File

1. Right-click the zip file and extract it to the default directory

HOL-2084-01-HBD


Open the PowerShell Script

1. Open File Explorer (not shown), and navigate to: C:\Users\Administrator\Downloads\PowerCLI-Example-Scripts-master\PowerCLI-Example-Scripts-master\Scripts\VMware_Cloud_on_AWS

2. Right click on VMC Example Script.ps1 and click Edit with Notepad++

HOL-2084-01-HBD


View Downloaded Script

This will open a text document where you can see the PowerShell commands you canrun against your SDDC. As you can see, there are a number of useful CmdLets availablehere which you can use to easily script against your VMware Cloud on AWS SDDCenvironment. Later on in this module, we will use a CmdLet to query information fromVMC.

1. Close the Notepad++ document and file explorer windows

HOL-2084-01-HBD


SDKs and DownloadsThere is a wide variety of software development kits (SDKs) available to interact withthe VMware Cloud on AWS APIs and the deployed SDDC products. The SDK sectionprovides easy access to each of these open-sourced SDKs that are available on GitHub.There are also links to the documentation, samples, and the ‘Getting Started’ blog postfor each SDK.

View SDK's

1. Click on the SDKs tab

Explore the SDKs available today, you may already find the one you are interested in!

HOL-2084-01-HBD


View Downloads

This section will provide links and information on how to install the DatacenterCommand Line (DCLI) tool as well as the command required to install the VMwarePowerCLI module which you can utilize to control and automate actions on the VMwareCloud on AWS vCenter instance in much the same way as you would with your currenton-premises vCenter instance.

1. Click on the Downloads tab

There are command line resources such as Datacenter CLI (DCLI) and PowerCLI. whichyou can use for scripted interaction with your VMware Cloud on AWS environment.

HOL-2084-01-HBD


https://code.vmware.com/tool/vmware-datacenter-cli/

https://code.vmware.com/tool/vmware-powercli

API ExplorerThe API Explorer section gives you easy access to interact directly with the RESTful APIsavailable from the Cloud Services API and the VMware Cloud on AWS API.

These APIs are presented as an interactive API browser with some very nice integrationsmaking it easy to work with.

The API Explorer, being internal to the Cloud console, allows us to use the existingrefresh token to authenticate. We can also automatically populate certain fields, such asthe Organization ID, to help improve the experience of learning and using these APIs.

Learning the API and seeing the responses from within the API Explorer could not beeasier with the ability to “Execute” these API commands and see the live responses.

Navigate to API Explorer

Let's now run some simple REST API commands built into Developer Center.

HOL-2084-01-HBD


1. Click on the API Explorer tab2. Select your SDDC from drop down listbox3. Click on the arrow next to Organizations in the right-hand list of API Calls4. Click on the arrow next to the first "GET" API Operation5. Click on EXECUTE

View API Response

Let's look through the response.

1. Click on the Organization's alphanumeric name to expand the responsedetails. As you can see you can return a JSON file with some useful informationregarding the VMware Cloud on AWS environment such as the organization id,name and version.

HOL-2084-01-HBD


Execute API Call

In this step, we will GET some information about the Organization we selected in theprevious step.

1. Scroll down to find SDDCs and click on the arrow next to SDDCs2. Click on the arrow next to the first GET to expand3. The Org ID should already be filled in for you, another great feature the

developers built in based on customer feedback.4. Click on EXECUTE

HOL-2084-01-HBD


View API Response

Now let's look at the response body...

To expand the response body, click on Sddc (HOl-SDDC)

As you can see, there is useful information in here such as the date the SDDC wascreated, the SDDC ID and the SDDC State. There is also data related to how the SDDCis configured to connect to the native AWS VPC environment. Please take some time toexplore the information returned.

NOTE: You are exploring this API as an admin user so you have full access to seeconfiguration information in the context of your admin level access.

As demonstrated, it is very simple to gain valuable details from your VMware Cloud onAWS SDDC environment and related components. With these tools you are able toprogrammatically create an SDDC environment from code in approximately two hours

HOL-2084-01-HBD


compared to the weeks and potentially months it would take to request and build atraditional on-premises vSphere SDDC environment. This level of velocity in being ableto create a standard, secured and familiar SDDC deployment can be extremelybeneficial to businesses looking to leverage the capabilities of the AWS cloud, whilstbeing able to still run their existing applications easily and safely.

HOL-2084-01-HBD


PowerCLIIn this part of the lab we will bring together the information we have gathered in theprevious sections to create a PowerShell command which we can use to extract someuseful information from the VMware Cloud on AWS environment. We are able to easilyconnect and perform tasks in PowerShell due to VMware's set of PowerShell modules,which are called PowerCLI. VMware Cloud on AWS has its module containing more than10 cmdlets allowing you an easy path to automate your environment. In this exercisewe will generate an API Token, which is used in lieu of a username and password, thenwe will gather some basic information about our SDDC and query some informationfrom the activity log.

HOL-2084-01-HBD


Create a Token

First thing we will need is an API Token in order to access the environment viaPowerShell

In the VMware Cloud Portal

1. Click the Organization name in the top right hand corner of the interface (This willbe something like HOL-VMC-xxx,where x are numbers)

2. In the User Settings section, Click My Account

HOL-2084-01-HBD


Generate a new API Token

HOL-2084-01-HBD


1. Click the API Tokens2. Click GENERATE A NEW API TOKEN

1. Enter HOL-ELW for the Token Name2. Check the box for Organization Owner. These options here allow you to define

different scopes for the Token access and services.3. From the Service Roles, select Administrator4. Click GENERATE

HOL-2084-01-HBD


Copy Token to Clipboard

A pop-up box will appear with the unique API Token and the options to Copy,Download and Print. (Download gives you an image of the token, Print displays theentire pop box to print. Copy is your best option if you don't want to type the entirecode).

Note - You must select at least one before the CONTINUE button is available, and youcould do all three to capture/save the token. Once the pop up box displaying the tokengoes away, you won't be able to retrieve that specific token ever again.

1. Click COPY2. Click CONTINUE3. Open Notepad and paste the API Token, save the file on your desktop to keep it

handy and avoid overwriting it on clipboard.

A description of the generated token will be displayed with its name, last 4 characters,scopes, date created and when the token expires. You have the options to Regenerate orRevoke the token.

HOL-2084-01-HBD


Launch PowerShell

Launch PowerShell from the taskbar shortcut.

Update the VMware PowerShell module

To update the VMware PowerShell module which includes the VMC cmdlets, run thefollowing command:

Update-Module -Name VMware.PowerCLI

Connecting to the VMware Cloud on AWS Service

HOL-2084-01-HBD


Input the following command where the Refresh Token parameter is the token youcopied in the previous step. Please be aware that your refreshtoken will be differentfrom the one shown in the screenshot

Connect-Vmc -Refreshtoken xxxxxxxxxxxxxxxxxxxxxxxxxxxxxx

Retrieve SDDC Information

Now that we are connected to the VMC environment, we can programmatically retrieveinformation about our SDDC.

The PowerCLI module for VMware Cloud on AWS provides a few cmdlets which allow usto manage the lifecycle of an SDDC in an easy manner. These cmdlets are Get-VmcSddc, New-VmcSddc, and Remove-VmcSddc. For this example, we will be using theGet-VmcSddc cmdlet.

To obtain high-level information about our SDDC, we can use the following command:

Get-VmcSddc

Retrieve Task History

VMware Cloud on AWS provides us with an extensive history of tasks and events. Thesetasks and events can be referenced with PowerCLI so we can create reports and auditwho might be accessing and performing actions in our environment.

To obtain high-level information about the tasks and events in our environment, we willuse the following command:

Get-Task

We can then obtain additional, more in-depth, information about the last task performedwith the following command:

Get-Task | Select-Object -Last 1 | Format-List

Or use filtering with one of the following commands:

Get-Task | Sort-Object StartTime -Descending | Select-Object -First 1

Get-Task | Sort-Object StartTime -Descending | Select-Object -First 1 | Format-List

HOL-2084-01-HBD


We can gather up information from this function and see exactly what has happenedfrom and Activity perspective in the VMware Cloud on AWS environment, providing a fullaudit trail of who has changed what from a control plane perspective. vCenter auditingof activities within the SDDC environment are controlled and monitored as if they wererunning on-premises.

If you wanted to gain this information straight from the API you would be able to do thisthrough the API Explorer, or through a tool such as Postman or through a programminglanguage of your choice utilizing REST API tools in the language.

HOL-2084-01-HBD


Datacenter CLIDatacenter CLI (DCLI) can also be used to automate tasks in your environment. DCLIcan be used to interact directly with the vSphere Automation APIs (vSphere’s RESTfulAPIs) and VMware Cloud on AWS' APIs to perform all kinds of SDDC and VMmanagement tasks. We can use DCLI in two main ways, as an interactive shell orthrough a scripting mode. The interactive shell offers features such as tab complete, theability to easily recall prior commands, and a wide variety of output options.

In this section we will show you how to use DCLI's interactive mode to retrieveinformation about your Organization and its SDDC. We will then walk through the stepsrequired to create and delete a VM on your vCenter from the command line.

Connect to Linux Machine Running DCLI

DCLI is Python based and can be run anywhere Python can run. For the purposes of thislab, we have created a dedicated Ubuntu system with DCLI already installed. Thefollowing instructions will allow us to connect to that system.

HOL-2084-01-HBD


Launch Putty from the main computer's taskbar:

1. Click the elw-dcli2 session2. Click Open

Connecting to the VMware Cloud on AWS Service

Now that we have established a connection to our system with DCLI already installed,we will initiate an interactive DCLI session with the following command:

dcli +interactive +vmc-server

HOL-2084-01-HBD


When prompted for the Refresh Token, paste the API Token generated earlier and hitenter and save the refresh token to the credential store by hitting "enter" to accept thedefault value of "y"

Note: If you cannot connect, you may need to enable the proxy connection with thefollowing command:

export https_proxy="http://192.168.110.1:3128"

If there are errors authenticating, you may need to remove the token, if perhaps it wasentered wrong; use the following command to remove the cached token:

dcli +vmc +i +credstore-remove

Retrieve SDDC Information

We will use a few commands to query our VMC organization and obtain importantinformation about it.

Do not copy/paste the below one-liners, instead type it all in, so that you can experienceand learn the drop-down and auto-completion features of DCLI. Also, make sure youreplace Org Name with your organization's ID after you query it.

To display the Organization name and its ID in a table format, type:

orgs list +filter '[0].{"Org Name": display_name, "Org Id": id}' +formatter table

To display the SDDC name and its ID in a table format, use the following commandreplacing <Org ID> with the Org Id retrieved from the previous command:

sddcs list --org +filter '[].{"SDDC Name": name,"SDDC ID": id}' +formatter table

To get the date of creation of the SDDC, its type and state, use the following commandreplacing <Org ID> with the retrieved Org Id:

sddcs list --org +filter '[].{"SDDC Created on": created,"SDDC Type": sddc_type,"SDDCState": sddc_state}' +formatter simple

To obtain the vCenter URL, use the following command replacing <Org ID> with theretrieved Org Id:

sddcs list --org +filter '[].{"vCenter URL": resource_config.vc_url}'

HOL-2084-01-HBD


To display account link state, use the following command replacing <Org ID> with theretrieved Org Id:

sddcs list --org +filter '[].{"Account Link State": account_link_state}'

Type exit to disconnect.

Let's now use DCLI to deploy and then delete a VM on ourvCenter in VMC

DCLI is not exclusive for VMware Cloud, you could use it for your on premises vCenter aswell; here we will show you how to use this tool to create and then remove a virtualmachine all from the command line.

For a single VM, we all know it is quicker and simpler to create it from the graphicalinterface, but these exercises here will give you a sense of the multiple possibilities toautomate vCenter tasks.

Use the following command to connect to your VMC vCenter Server, replacing<vCenterURL> and <PASSWORD> with the correspondent values for your lab. Seeexample on screenshot above. The password could be entered on command or whenprompted after pressing enter.

dcli +server +i +username [email protected] +password

Now that we are authenticated and have an active session with vCenter on our SDDC,we will utilize the below DCLI commands to create and delete a VM.

1. Get a list of current vCenter Folders, Datastores and Resource Pools with the 3commands listed below. We need to obtain the right resource ID for each, to useduring VM creation.

vcenter folder list

vcenter datastore list

HOL-2084-01-HBD


vcenter resourcepool list

Take note of the proper resource ID for the Folder, Datastore and Resource Poolwhere we want to deploy our VM.

HOL-2084-01-HBD


Your output will be much different than the one above, but here we can see the IDs forthe Workloads folder, WorkloadDatastore and Compute-ResourcePool. The DCLIrequires us to use the resource ID and not names.

With that information, we can now create a VM with the following command:

vcenter vm create --name MYTESTVM --guest-os UBUNTU --placement-folder group-v39--placement-datastore datastore-45 --placement-resource-pool resgroup-44

Check your vCenter recent tasks and list of VMs to see the VM created.

To delete the VM, we have to know its VM ID, in order to get it, run the followingcommand:

vcenter vm list

Take note of the VM ID and replace it on command below to remove the virtual machine:

vcenter vm delete --vm vm-##

HOL-2084-01-HBD


ConclusionIn this module, we explored the Developer Center and APIs in VMware Cloud on AWSSDDC.

Single Host SDDC




HOL-2084-01-HBD


How to end the lab


You may now proceed to Module 4 to walk through an interactive simulation of settingup Hybrid Linked Mode.

Lab Module List:





Lab Captains:


HOL-2084-01-HBD


ConclusionThank you for participating in the VMware Hands-on Labs. Be sure to visithttp://hol.vmware.com/ to continue your lab experience online.

Lab SKU: HOL-2084-01-HBD

Version: 20191031-110549

HOL-2084-01-HBD


http://hol.vmware.com/

Documents

Table of Contentsdocs.hol.vmware.com/HOL-2020/hol-2084-01-hbd_pdf_en.pdfIn 2006, Amazon Web Services (AWS) began offering IT infrastructure services to businesses in the form of web