Table of ContentsLab Overview .................................................................................................................... 2
HOL-HBD-1301 - vCloud Hybrid Service Jump Start for vSphere Admins ................3Module 1 - vCloud Hybrid Service: Architecture and Consumption Principles ...................5
vCloud Hybrid Service............................................................................................. 6vCloud Hybrid Services User Interface .................................................................... 9Working Within the vDC ........................................................................................ 12
Module 2 - Identifying and Deploying Workloads in vCloud Hybrid Service ....................17Deploy a Virtual Machine from a Catalog .............................................................. 18Migrate an Existing Virtual Machine to the vCloud Hybrid Service........................32
Module 3 - vCloud Hybrid Service: Networking and Security Basics ...............................63Introduction to vCloud Hybrid Service Gateways and Networks ...........................64Introduction to vCloud Hybrid Service NAT and Firewalls ......................................77
HOL-HBD-1301
Page 1HOL-HBD-1301
Lab Overview
HOL-HBD-1301
Page 2HOL-HBD-1301
HOL-HBD-1301 - vCloud Hybrid ServiceJump Start for vSphere AdminsThis lab will provide you the basic skills necessary to successfully navigate the vCloudHybrid Service. After completing this lab, you will be able to:
• Understand the different service offerings of the vCloud Hybrid Service• Navigate your way around the vCloud Hybrid Service user interface• Deploy your first virtual machine in the vCloud Hybrid Service portal• Migrate a virtual machine over from your existing vSphere environment• Understand the basic network and security principles required to connect a
virtual machine to an external network
The tasks above are split up into 3 Lightning Lab modules, each designed to takebetween 15-30 minutes to complete. You will have 90 minutes to complete your labsitting. Depending on how much time you have available to you, you may decide to gothrough this lab all at once, or you may choose to break them up over several labsittings.
The tasks are broken up into the following modules:
Module 1: vCloud Hybrid Service: Architecture and Consumption Principles
Duration: 15-30 minutes
Purpose: Understand the different service offerings, and navigate your way around thevCloud Hybrid Service user interface
Lab Captain: Brian Foley
Module 2: Identifying and Deploying Workloads in vCloud Hybrid Service
Duration: 30 minutes
Purpose: Deploy your first virtual machine in the vCloud Hybrid Service portal
Migrate a virtual machine over from your existing vSphere environment
Lab Captains: Matt Gildenhorn, Nic O'Donovan
HOL-HBD-1301
Page 3HOL-HBD-1301
Module 3: vCloud Hybrid Service: Networking and Security Basics
Duration: 15-30 minutes
Purpose: Understand the basic network and security principles required to connect avirtual machine to an external network
Lab Captain: Josh Gwyther
Next Steps: Upon completion of this lab, you may consider taking one of the followinglabs for additional guidance on vCloud Hybrid Service:
HOL-HBD-1302 – Advanced Networking and Security
HOL-HBD-1303 – Hybrid Cloud Management
** COPY/PASTE NOTE - Please note that you will not be able to copy/paste from the usermanual into the lab console. If you need to copy a username/password to enter into a labexercise, please open and use the 'vPod Password Cheat Sheet.txt' file that is on thedesktop. If that doesn't work, you can also try the "Send Text" button found under theconsole window in the NEE interface.
HOL-HBD-1301
Page 4HOL-HBD-1301
Module 1 - vCloud HybridService: Architecture andConsumption Principles
HOL-HBD-1301
Page 5HOL-HBD-1301
vCloud Hybrid ServicevCloud Hybrid Service is a secure infrastructure-as-a-service cloud owned and operatedby VMware, built on the trusted foundation of vSphere. The service supports existingworkloads and new application development, giving IT administrators and architects acommon platform for seamlessly extending existing data centers to the cloud byleveraging the same tools and processes they use today.
vCloud Hybrid Service has two service offerings.
vCloud Hybrid Service has two service offerings. Dedicated Cloud and Virtual PrivateCloud.
Dedicated Cloud
Dedicated Cloud customers are provided physically isolated pools of vCPU and vRAM.Compute nodes within our Data Centers for Dedicated Cloud are air-gapped. Networkand Storage are logically isolated on modern, high-end multi-tenant infrastructure, withappropriate resource guarantees in place. Dedicated Cloud customers are also provideda segregated cloud management stack, unique to their service and not shared withother customers.
HOL-HBD-1301
Page 6HOL-HBD-1301
Dedicated Cloud Details
The Dedicated Cloud offering includes 30 GHz of Compute (vCPU) capacity, 120 GB ofvRAM, and 6TB of Storage to start. Also, 3 public IPs are provided, as well as a 50 Mbpsnetwork link, burstable to 1 Gbps.
Virtual Private Cloud
Virtual Private Cloud customers are provided pools of vCPU, vRAM Network and Storageusing the same design architecture as Dedicated Cloud, but are logically isolated.Thanks to the power of VMware vSphere, while physical resources are operating in amulti-tenant design, tenants are provided strict guarantees to those resources, and loadis evenly balanced across the infrastructure, ensuring robust and scalable availability toeveryone in the cloud.
HOL-HBD-1301
Page 7HOL-HBD-1301
Virtual Private Cloud Details
The Virtual Private Cloud offering includes 5 GHz of Compute (vCPU) capacity, 20 GB ofvRAM, and 2TB of Storage to start. Also, 2 public IPs are provided, as well as a 10 Mbpsnetwork link, burstable to 50 Mbps.
Virtual Datacenter (vDC)
In both cases vCloud Hybrid Service delivers the concept of a Virtual Datacenter (vDC).In the case of the Dedicated Cloud offering a vCloud Hybrid Service customer couldhave multiple Virtual Datacenters. In the case of a Virtual Private Cloud customer theywould have only 1 Virtual Datacenter. It is via this Virtual Datacenter construct thatresources are deployed and managed.
HOL-HBD-1301
Page 8HOL-HBD-1301
vCloud Hybrid Services User InterfaceThis section will cover how to log in, and the top level vCloud Hybrid Services UI.
Login to vCloud Hybrid Services
IMPORTANT: BEFORE opening Firefox and attempting to login make SURE to check theDesktopInfo tattoo on the desktop… it will say "Not Ready" until the pod is ready to go.
#1 Enter the URL: https://vchs.vmware.com
#2 Username: [email protected]
#3 Password: VMware1#
#4 Select "Sign In" to login to vCloud Hybrid Services
HOL-HBD-1301
Page 9HOL-HBD-1301
Top Level Dashboard View
This is the main Dashboard view and is what is initially displayed at login time. TheDashboard is divided into several sections.
#1 This is the total resources owned by the vCloud Hybrid Service customer. Note thatdisplays how much of the total resources have been allocated to various VirtualDatacenters (vDC) ( the green indicates allocated amounts).
#2 This is a list of the currently created / available Virtual Datacenters for the Customer.( Note the "Add a Virtual Datacenter" selection to create additional ones).
#3 This shows what "Dedicated Cloud Resources" that this customer has and in whichphysical vCloud Hybrid Service Datacenter those resources reside in.
#4 This is the "global view tab". If you wanted to see all Virtual Machines across allvDCs, or all Gateways you would select one of these tabs.
#5 Should the customer want to add resources to their account this selection takesthem to My VMware to order them.
#6 Users in this customers vCloud Hybrid Service service.
#7 Number of VMs currently in the Customers service
#8 Number of public IPs used and available
Please select the "VDC-DC-RAINPOLE-001-860" Virtual Datacenter to move to the nextsection
HOL-HBD-1301
Page 10HOL-HBD-1301
HOL-HBD-1301
Page 11HOL-HBD-1301
Working Within the vDCThis will cover features of the Virtual Datacenter UI
Usage & Allocation View
We are now looking at a specific Virtual Datacenter. This section is divided into severalsections.
#1 This displays the resources available as well as consumed in this vDC.
#2 The is the link to go bring up the vCloud Director Interface if the user so desires that.
#3 Tabbed area to access other features of this virtual datacenter.
#4 To change the Name or Description of this virtual datacenter
Please select Virtual Machines from the #3 area.
Virtual Machine View
This view shows us existing Virtual Machines in this vDC.
HOL-HBD-1301
Page 12HOL-HBD-1301
#1 List of current VM's, who owns it, resources etc...
#2 Select here to deploy your first VM. DO NOT SELECT THIS AT THIS TIME. This will becovered
in detail in module #2.
Please select the Gateways tab.
HOL-HBD-1301
Page 13HOL-HBD-1301
Gateways View
This is where you view and manage any of the vCloud Networking & Security Edgegateways that are deployed. These gateways provide all the firewall, NATing, LoadBalancing, DHCP and VPN tunneling services. By default a single Edge gateway will bedeployed, however this can grow as your needs grow. To actually adjust settings in thisgateway you need to use the vCloud Director interface which can be started at #1.
Please select Networks to continue.
HOL-HBD-1301
Page 14HOL-HBD-1301
Networks View
This is the Networks view. Initially all new virtual datacenters in vCloud Hybrid Serviceget by default one (1) network that is isolated and one (1) network that is connected tothe Edge Gateway. Here you can see the details of each networks configuration. If youneed to change settings that is done using the vCloud Director interface which can bestarted at #1.
HOL-HBD-1301
Page 15HOL-HBD-1301
Users View
This is the list of allowed users to this virtual datacenter. New users are first created"globally" at #1 and then granted access to the virtual datacenter at #2
This completes your introduction to the vCloud Hybrid Services User Interface.
In Module #2 and #3 you will use this to deploy new VM's, migrate workload as well asNetworking and Security basics.
HOL-HBD-1301
Page 16HOL-HBD-1301
Module 2 - Identifyingand Deploying Workloadsin vCloud Hybrid Service
HOL-HBD-1301
Page 17HOL-HBD-1301
Deploy a Virtual Machine from aCatalogIntroduction
This lab is going to walk you through the steps of deploying your very first virtualmachine in the vCloud Hybrid Service.
Launch the vCloud Hybrid Service Portal
1. Double Click on the Mozilla Firefox icon on the desktop.
Log in to the vCloud Hybrid Service Portal
Once Mozilla Firefox has launched, check that the following information has alreadybeen pre-populated:
HOL-HBD-1301
Page 18HOL-HBD-1301
1. URL: https://vchs.vmware.com2. Userid: [email protected]. Password: VMware1#4. Once the information has been verified, click Sign In to login
HOL-HBD-1301
Page 19HOL-HBD-1301
Select the "Virtual Machines" Tab
1. At the top of the screen click on the Virtual Machines tab.
HOL-HBD-1301
Page 20HOL-HBD-1301
Deploy a Virtual Machine
1. Click the Deploy a Virtual Machine button.
HOL-HBD-1301
Page 21HOL-HBD-1301
Select the Destination Virtual Data Center
1. At the New Virtual Machine Pop-Up Window under Available Resources, select theVDC-DC-RAINPOLE-001-860 Radio Button.
2. Click the Green Continue button.
HOL-HBD-1301
Page 22HOL-HBD-1301
Select the Virtual Machine From the Catalog
1. Select the My Catalog tab.2. Select the Small Linux Radio button.3. When you select the Radio Button the Green Continue button will display. Click
the Green Continue button.
Note: In the vCloud Hybrid Service you have the option to choose a virtual machinetemplate that is available in your catalog or use one of the templates provided byVMware. Certain templates supplied by VMware may incur a monthly usage charge.
HOL-HBD-1301
Page 23HOL-HBD-1301
Configure your Virtual Machine
1. In the Name field type in the name for your virtual machine: MyFirstVM.2. Leave the Allocated Resources as default.3. Click the Green Deploy This Virtual Machine button.
HOL-HBD-1301
Page 24HOL-HBD-1301
Wait for the Virtual Machine to Deploy
1. You will notice the status box on the top of the screen indicating the VirtualMachine is being created.
2. You will also notice the status circle to the left of the name of the Virtual Machine.
Note: After a virtual machine has been deployed, you can always adjust the size of thevirtual machine by simply clicking on the "View & Edit Details" option within the VirtualMachine settings
HOL-HBD-1301
Page 25HOL-HBD-1301
Wait for the Virtual Machine Created Message
1. Wait for the Virtual Machine to finish creating. The status will show a check markwith the message: "Virtual Machine MyFirstVM created successfully".
2. When the minus sign and the banner indicating the virtual machine has beencreated successfully appear, proceed to the next step.
HOL-HBD-1301
Page 26HOL-HBD-1301
Power On the Virtual Machine
There are two ways you can power on the Virtual Machine you just created.
1. Look to the left of the VM name and click the Power Button once to power onthe VM -- OR --
2. To the right of the VDC-DC-RAINPOLE-001-860, you can also use the drop downmenu indicated by the small black triangle, to select the Power On for themachine.
3. Use one of these methods to power on the Virtual Machine.
HOL-HBD-1301
Page 27HOL-HBD-1301
Validate Virtual Machine Status
1. Once the Virtual Machine is powered on, the icon to the left of the VM wil turnGreen.
2. Note that under the MY VMS AT A GLANCE section, you can see the totalnumber of VMs that are powered on.
HOL-HBD-1301
Page 28HOL-HBD-1301
Navigate to the Virtual Machine Menu to Launch theConsole
1. Click on the small black triangle to the right of the VDC-DC-RAINPOLE-001-860 toexpand the virtual machine menu.
HOL-HBD-1301
Page 29HOL-HBD-1301
Launch the Virtual Machine Console
1. From the previous step, expand the Virtual Machine menu and select the LaunchConsole.
HOL-HBD-1301
Page 30HOL-HBD-1301
Verify the Console Has Launched
1. Note how the Console for the MyFirstVM has launched.2. If you happen to click inside the VM console to explore, the way to escape out of
the console is to press CTRL+ALT together.
Congratulations!! You have deployed your first virtual machine from a catalogin the vCloud Hybrid Service.
HOL-HBD-1301
Page 31HOL-HBD-1301
Migrate an Existing Virtual Machine tothe vCloud Hybrid ServiceIntroduction
This lab is going to walk you through the steps of migrating a virtual machine that existsin your private vSphere environment over to the vCloud Hybrid Service.
Launch the VMware vSphere Client and Log On to the "vc-l-01a" vCenter
1. From the desktop double click on the VMware vSphere Client icon to launchthe client.
2. Ensure the vc-l-01a.corp.local is selected from the drop down box.3. Ensure the UseWindows Session Credentials check box is selected.4. Click the Login button.
HOL-HBD-1301
Page 32HOL-HBD-1301
Launch VMware vCloud Connector
1. At the top left of the screen click the Home button.2. On the home page, click the vCloud Connector icon in the Solutions and
Applications area.3. If you receive a warning. Ignore it and accept the link.4. The vCloud Connector Client will launch
HOL-HBD-1301
Page 33HOL-HBD-1301
Prepare to Add the Local vSphere to vCloud Connector
1. In the Browser panel on the left, click on Clouds to select it.
2. In the Objects panel, click the Add (green plus) icon.
HOL-HBD-1301
Page 34HOL-HBD-1301
Add the Local vSphere to vCloud Connector
The Add Cloud dialog box appears.
1. In the Name field use the drop down box to select Local vSphere.2. In the Username field type: corp\administrator3. In the Password field type: VMware1!4. Click the Add button.
The Local vSphere will display in the Clouds tree in the Browser panel.
HOL-HBD-1301
Page 35HOL-HBD-1301
Verify the Local vSphere has been added to vCloudConnector
Verify that the Local vSphere has been successfully added.
HOL-HBD-1301
Page 36HOL-HBD-1301
Prepare to Add the Rainpole vDC Organization to vCloudConnector
1. In the Browser panel on the left, click on Clouds to select it.
2. In the Objects panel, click the Add (green plus) icon.
HOL-HBD-1301
Page 37HOL-HBD-1301
Add the Rainpole vDC Organization to vCloud Connector
The Add Cloud dialog box appears.
1. In the Name field use the drop down box to select Rainpole vDC on vCHS2. In the Username field type: [email protected]. In the Password field type: VMware1#4. Click the Add button
HOL-HBD-1301
Page 38HOL-HBD-1301
Verify that the Rainpole vDC Organization has been addedto vCloud Connector
Verify that the Rainpole vDC on vCHS has been successfully added.
HOL-HBD-1301
Page 39HOL-HBD-1301
Verify That Both Clouds Display in vCloud Connector
1. In the Browser panel both the Local vSphere and the Rainpole vDC on vCHSclouds should display.
HOL-HBD-1301
Page 40HOL-HBD-1301
Update and Browse the Clouds Inventory
1. It is very important to update the inventory for both the newly added clouds. Todo so, click the Black Triangle to the left of the Local vSphere Cloud, and tothe left of the Rainpole vDC on vCHS Cloud to expand the clouds.
2. You will have to click these twice each, once to connect and once to drop downthe inventory.
3. Collapse these trees by clicking on the Black Triangle again.
HOL-HBD-1301
Page 41HOL-HBD-1301
Prepare to Migrate a Virtual Machine From "Local vSphere"to the vCloud Hybrid Service
1. Click on the Local vSphere Cloud in the left panel.2. In the inventory panel click the Virtual Machines tab.3. Select by clicking once on the Small Linux VM. This is a powered down virtual
machine in the local vSphere environment.
HOL-HBD-1301
Page 42HOL-HBD-1301
Migrate a Virtual Machine From "Local vSphere" to thevCloud Hybrid Service
1. Ensure the Small Linux VM is selected. You will know this when the Small LinuxVM is highlighted in blue.
2. Hover the mouse over the Actions menu (the one with the gear icon). This willcause a drop down list to appear with appropriate Virtual Machine actions. Clickon the Copy action.
HOL-HBD-1301
Page 43HOL-HBD-1301
Configure the Virtual Machine Properties
1. From the Cloud drop down ensure the the Rainpole vDC on vCHS Cloud isselected.
2. In the Name field, enter MySecondVM for the virtual machine name.3. In the "Select a Catalog" area, highlight by clicking once on the the Rainpole
catalog.4. Click the Next button.
HOL-HBD-1301
Page 44HOL-HBD-1301
Select the Virtual Datacenter where the Virtual Machinewill be Deployed
1. Next to the Select VDC drop down box select the VDC-DC-RAINPOLE-001-860vDC.
2. Click the Next button.
Select Deployment Options
1. Select the Deploy vApp after copy (in fenced mode) checkbox. Make sure the"VDC-DC-RAINPOLE-001-860-default-isolated" network configuration eventuallygets selected by you. This can happen only when the list of values gets populatedautomatically, and "Select a network" is shown in the drop down.
2. Select Power on vApp after deployment checkbox.
3. Select Remove temporary vApp template in destination vCloud catalogcheckbox.
HOL-HBD-1301
Page 45HOL-HBD-1301
Click Next to continue
HOL-HBD-1301
Page 46HOL-HBD-1301
In the Ready to Complete Page, Review the Selections toContinue
1. Review the selections.2. Click Finish to continue.
HOL-HBD-1301
Page 47HOL-HBD-1301
Monitor the Copy Task within vCloud Connector
1. Once the copy task has started it is important to monitor the progress of the task.Note of the status of the copy will move quickly up to 60% and appear to pause.
2. Take note of the recent tasks. Even though the export shows completed, themigration is still working in the background. To view the current status of thetask, proceed to the next step.
HOL-HBD-1301
Page 48HOL-HBD-1301
Launch the vCloud Hybrid Service Portal
1. Double Click on the Mozilla Firefox icon on the desktop.
HOL-HBD-1301
Page 49HOL-HBD-1301
Log into the vCloud Hybrid Service portal
Once Mozilla Firefox has launched, check that the following information has alreadybeen pre-populated:
1. URL: https://vchs.vmware.com2. Userid: [email protected]. Password: VMware1#4. Once the information has been verified, click Sign In to login
HOL-HBD-1301
Page 50HOL-HBD-1301
Select the 'VDC-DC-RAINPOLE-001-860' Virtual Datacenter
Press the 'VDC-DC-RAINPOLE-001-860' button.
HOL-HBD-1301
Page 51HOL-HBD-1301
Open the vCloud Director Associated with this VirtualDatacenter
To open a new Firefox tab, and go into the Rainpole organization in vCloud Director, clickon the 'Manage Catalogs in vCloud Director' link.
HOL-HBD-1301
Page 52HOL-HBD-1301
Check the Status in 'Recent Tasks'
Click on the '1 Running' to bring up the Recent Tasks for the Rainpole organization andsee what the status of the migration is.
HOL-HBD-1301
Page 53HOL-HBD-1301
Refresh the 'Recent Tasks' Until Completed
1. Continue to click on the refresh button to update the status of the migrationactivities.
2. When you see the activityDeleted Virtual Application Templatein the 'RecentTasks', the migration has finished. To verify this further, continue to the next step.
HOL-HBD-1301
Page 54HOL-HBD-1301
Go Back to the "vc-l-01a" vCenter and Look for the GreenCheckmark
1. Note the completed Green checkmark next to the Copy Virtual Machine task. Thisconfirms the migration is complete.
HOL-HBD-1301
Page 55HOL-HBD-1301
Launch the vCloud Hybrid Service Portal (If Not AlreadyLogged Into It)
If you are already logged into vCloud Hybrid Service, you can skip this step.
1. Double Click on the Mozilla Firefox icon on the desktop.
HOL-HBD-1301
Page 56HOL-HBD-1301
Log into the vCloud Hybrid Service portal (If Not AlreadyLogged Into It)
If you are already logged into vCloud Hybrid Service, you can skip this step.
Once Mozilla Firefox has launched, check that the following information has alreadybeen pre-populated:
1. URL: https://vchs.vmware.com2. Userid: [email protected]. Password: VMware1#4. Once the information has been verified, click Sign In to login
HOL-HBD-1301
Page 57HOL-HBD-1301
Select the "Virtual Machines" Tab
1. Select the Virtual Machines tab to open the Virtual Machines page.
HOL-HBD-1301
Page 58HOL-HBD-1301
Validate that the "MySecondVM" has Migrated andPowered On Successfully
1. Verify the Virtual Machine is powered by confirming the green icon to the left ofthe VM is green.
2. Note that under the MY VMS AT A GLANCE section, you can see the totalnumber of VMs that are powered on.
HOL-HBD-1301
Page 59HOL-HBD-1301
Navigate to the Virtual Machine Menu to Launch theConsole
1. Next to the MySecondVM. Click on the small black triangle to the right of theVDC-DC-RAINPOLE-001-860 to expand the virtual machine menu.
HOL-HBD-1301
Page 60HOL-HBD-1301
Launch the Virtual Machine Console
1. Continuing from the previous step, expand the Virtual Machine menu for theMySecondVM and select the Launch Console.
HOL-HBD-1301
Page 61HOL-HBD-1301
Verify the Console Has Launched
1. Note how the Console for the MySecondVM has launched.2. If you happen to click inside the VM console to explore, the way to escape out of
the console is to press CTRL+ALT together.
Congratulations!! You Have Successfully Migrated an Existing Virtual Machineto the vCloud Hybrid Service.
HOL-HBD-1301
Page 62HOL-HBD-1301
Module 3 - vCloud HybridService: Networking and
Security Basics
HOL-HBD-1301
Page 63HOL-HBD-1301
Introduction to vCloud Hybrid ServiceGateways and NetworksWelcome! In this lab you'll be introduced to Gateways and Networks of vCloud HybridService.
Access vCloud Hybrid Service
To access vCloud Hybrid Service you'll first need to launch a web browser. Click on theFirefox icon located on the desktop.
Login to vCloud Hybrid Service
Enter the URL:https://vchs.vmware.com
Username: [email protected]
Password: VMware1#
HOL-HBD-1301
Page 64HOL-HBD-1301
Then click on the "Sign in" button.
Select Virtual Datacenter
From the main Dashboard click on the Virtual Datacenter labeled "VDC-DC-RAINPOLE-001-860".
HOL-HBD-1301
Page 65HOL-HBD-1301
Select Gateway
From the Virtual Datacenter Details Dashboard click on the Gateway tab.
HOL-HBD-1301
Page 66HOL-HBD-1301
Select Networks
By default, whenever you create a Virtual Datacenter a Gateway is automaticallycreated. Here you can see the details of the Gateway.
Notice a few of the details.
For starters you can see the Gateway's IP address. Normally this would be a publiclyroutable IP address, but here in the lab at VMworld it's going to be a private IP address.
You'll also notice that High Availability is enabled by default.
Next click on the Network tab and let's take a look at your Virtual Datacenter'sNetworks.
HOL-HBD-1301
Page 67HOL-HBD-1301
Manage in vCloud Director
Along with the Gateway, when a new Virtual Datacenter is created two default networksare also created. One network is Internally isolated, while the other is routed. In order toperform any additional configuration on the Networks or Gateways you'll need tomanage it within vCloud Director.
Click on the "Manage in vCloud Director" button.
HOL-HBD-1301
Page 68HOL-HBD-1301
View Org VDC Networks
You are now in the vCloud Director portal where you're presented with our two networksonce again. From here we'll take a look at the available services to an Isolated andRouted network.
View Isolated Network Services
Select the first Isolated network by clicking on it. Then right-click and select "ConfigureServices".
HOL-HBD-1301
Page 69HOL-HBD-1301
View DHCP
Here you'll notice the only feature available is DHCP and that it's enabled by default.DHCP is the only feature because this is an Isolated network. Click on the "Cancel"button below.
View Routed Network Services
Select the Routed network by clicking on it. Then right-click and select "ConfigureServices".
HOL-HBD-1301
Page 70HOL-HBD-1301
View DHCP
With a Routed network you'll have additional features available for configuration.
Due to the nature of a network that is routed DHCP is disabled by default. You couldenable it, but for most environments you'll want IP addresses to be manually assignedand stay constant so that NAT, Firewall, and Load Balancing rules stay functional.
Go ahead and click on the "NAT" tab to view the default settings.
HOL-HBD-1301
Page 71HOL-HBD-1301
View NAT
By default no NAT rules exist.
Click on the "Firewall" tab to see the default Firewall settings.
View Firewall
By default the Firewall on a Routed network is enabled. The default action of the Firewallis to Deny all traffic.
Next click on the "Static Routing" tab to view the default settings.
HOL-HBD-1301
Page 72HOL-HBD-1301
View Static Routing
By default no static rules exist. This is where you would configure routes betweennetworks within vCloud Hybrid Service.
Click on the "VPN" tab to take a look at the VPN default settings.
View VPN
By default VPN is disabled. This is where you would configure Site-to-Site edge gatewayVPN tunnels.
Click on the "Load Balancer" to see the default settings.
HOL-HBD-1301
Page 73HOL-HBD-1301
View Load Balancer
By default no Load Balancing rules are configured. Within the Load Balancing tab youcan setup virtual Pool Servers that distribute load to a collection of Virtual Machines.
Click on the "Cancel" button below to exit Configure Services.
View Edge Gateway
Now let's take a look at the Edge Gateway configuration. Click on the "Edge Gateway"tab.
HOL-HBD-1301
Page 74HOL-HBD-1301
View Edge Properties
Select the Edge Gateway by clicking on it. Then right-click and select "Properties".
NOTE: Dont mind the warning, that's due to the lab configuration.
View IP Settings
You are now presented with the Edge Gateway Properties page. From here we canConfigure IP settings, IP Pools, Rate Limits and Syslog. Click on "Configure IP Settings".
HOL-HBD-1301
Page 75HOL-HBD-1301
View External IP
Here you can see the Subnets and IP addresses assigned to the Gateway.Congratulations you've just completed the Introduction to vCloud Hybrid ServiceGateways and Networks.
HOL-HBD-1301
Page 76HOL-HBD-1301
Introduction to vCloud Hybrid ServiceNAT and FirewallsWelcome! In this Lab you'll be introduced to vCloud Hybrid Service NAT and Firewalls.
Introduction
You will be creating a NAT and Firewall rule that would enable a virtual web server tocommunicate over an external network.
You won't be creating an actual web server in this lab, we'll only be creating the NAT andFirewall rules that would allow a fictitious web server with an IP address of 10.0.0.1 tocommunicate.
HOL-HBD-1301
Page 77HOL-HBD-1301
Access vCloud Hybrid Service
To access vCloud Hybrid Service you'll first need to launch a web browser. Click on theFirefox icon located on the desktop.
HOL-HBD-1301
Page 78HOL-HBD-1301
Login to vCloud Hybrid Service
Enter the URL:https://vchs.vmware.com
Username: [email protected]
Password: VMware1#
Then click on the "Sign in" button.
HOL-HBD-1301
Page 79HOL-HBD-1301
Select Virtual Datacenter
From the main Dashboard click on the Virtual Datacenter labeled "VDC-DC-RAINPOLE-001-860".
Select Gateways
From the VDC-DC-RAINPOLE-001-860 Dashboard click on the "Gateways" tab.
HOL-HBD-1301
Page 80HOL-HBD-1301
Manage in vCloud Director
You'll need to configure NAT and Firewalls within vCloud Director. Click on the "Managein vCloud Director" button to access the vCloud Director Portal.
Identify External IP Address
In order to setup NAT and Firewall rules for our web server you'll first need to verify theExternal IP address of the Edge Gateway. Select the Edge Gateway by clicking on it.Then right-click and select "External IP Allocations".
HOL-HBD-1301
Page 81HOL-HBD-1301
Note External IP Address
You can see here that the Gateway is using 192.168.210.100. Normally this would be apublic IP address, but here in the lab we are using a private address.
Click the "Cancel" button below.
HOL-HBD-1301
Page 82HOL-HBD-1301
Configure Edge Gateway
To configure NAT and Firewall rules you'll first need to click on the "Org VDC Networks".
Select the Routed network by clicking on it. Then right-click and select "ConfigureServices".
Select NAT
Select the "NAT" tab by clicking on it.
HOL-HBD-1301
Page 83HOL-HBD-1301
Add DNAT
On the NAT pane you have two choices, "Add SNAT" and "Add DNAT". SNAT is for sourcebased rules, and DNAT is for destination based rules.
Destination and Source are from the prospective of vCloud Hybrid Service. For example,a source NAT rule means from a source within vCloud Hybrid Service to an externaldestination, while a destination NAT rule means from an outside source to a destinationwithin vCloud Hybrid Service.
In order to create a NAT rule that would allow external traffic to talk to an internal webserver we need to create a DNAT rule.
Click on the "Add DNAT" button.
HOL-HBD-1301
Page 84HOL-HBD-1301
Select Network
First we want to select a network to apply this rule. Click the down arrow in the "Appliedon" field and select the "VDC-DC-RAINPOLE-001-860-default-routed".
HOL-HBD-1301
Page 85HOL-HBD-1301
Edit DNAT Rule
From here we are going to configure the DNAT rule.
In the "Original (External) IP/range" field we are going to enter the external IP address ofthe gateway we discovered earlier. Enter "192.168.210.100". Remember normally thiswould be a public IP address, but due to limitations of the lab this is a private IP address.
In the "Protocol" field click on the dropdown arrow and select "TCP".
In the "Original port" field click the dropdown arrow and select "80".
In the "Translated (Internal) IP/range" field type the IP address "10.0.0.1". This is the IPaddress of our fictitious web server.
In the "Translated Port" field click on the dropdown arrow and select "80".
Click the "OK" button to apply the DNAT rule.
HOL-HBD-1301
Page 86HOL-HBD-1301
Select Firewall
Your NAT rule has now been created and enabled. Next we'll need to create a firewallrule to allow port 80 traffic to pass through the firewall.
Click on the "Firewall" tab.
Add Firewall Rule
To add a Firewall rule click the "Add" button.
HOL-HBD-1301
Page 87HOL-HBD-1301
Edit Firewall Rule
Here you will edit the firewall rule to allow traffic from the gateway IP address to thefictitious web server.
In the "Name" field enter "WWW".
In the "Source" field enter "192.168.210.100". This is the IP address of the gateway thatwould be accessed externally.
In the "Source port" click on the down arrow and select "80".
In the "Destination" enter "10.0.0.1". This is the IP address of the web server.
In the "Destination port" field click on the down arrow and select "80".
In the "Protocol" field click on the down arrow and select "TCP".
Leave everything else as is.
Click on the "OK" button.
Congratulations you've completed the lab and you've just setup a NAT and Firewall rulethat would allow external communication to a virtual web server.
HOL-HBD-1301
Page 88HOL-HBD-1301
ConclusionThank you for participating in the VMware Hands-on Labs. Be sure to visithttp://hol.vmware.com/ to continue your lab experience online.
Lab SKU: HOL-HBD-1301
Version: 20141126-104707
HOL-HBD-1301
Page 89HOL-HBD-1301