Tag Archives: VMware cloud deploy on AWS

Your News
Aug 19,2019 14:39:30PM
How to Deploy DD VE Version 4.0 in VMWare Cloud on AWS?
image

Deploying DD VE Version 4.0 in VMWare Cloud on AWS

VMC System Configuration requirements
These are the system configuration requirements for VMC (VMware Cloud on AWS) configuration.
System Configuration Requirements for Meta data disk type: Standard/VSAN

DD VE Deployment in VMware Cloud on AWS
Before you begin

For deploying DD VE in VMware Cloud on AWS (VMC) on S3 object store:

You need an AWS account linked to your VMWare cloud account (Customer Responsible for this activity)
The SDDC in VMC will be connected to an AWS account during creation. (Customer Responsible for this activity)
subnet selected within the AWS account should be in the same region as the
SDDC. (Customer responsible for this activity)
Create the AWS S3 bucket, used by the DD VE, in the same region as the SDDC
and within the same AWS account. (Customer or PS can be done)
The S3 traffic from VMC must be routed internally toward the AWS infrastructure.
(During the SDDC in VMC setup, you should have already linked your AWS/VPC
subnet account to the VMC account.) Secondly, within AWS VPC make sure to create the S3 endpoint so that the object store traffic routed within AWS infrastructure. (Customer or PS Can be done)

The following activity should be done by customer but just for our understanding here is the procedure to create SDDC account.

First You must have a valid myvmware.com account

When you are trying to link existing AWS account it is going to create cloud formation stack in the backend as shown below.

Once the link is established with AWS you should be able to see the following green check.

You can select AWS Region/SDDC name/No of Hosts.

Select VPC and corresponding Subnets.

Configure Management Network and this can’t be changed once it is deployed.

Deploying SDDC will take 1 to 2 hours to complete.
After deployment of SDDC you should be able to launch the vSphere Client Console as shown below.

Creating an S3 bucket:
Sign into the AWS Management Console
https://aws.amazon.com/console/

Go to AWS Services > Storage > S3 > Create Bucket
Bucket should be created in the same region as the DD VE instance. The length of the
bucket name should be no more than 48 characters.

Note: Don’t enable versioning while creating S3 Bucket

Click Next and rest all go with default values if customer don’t have special requirements.

AWS role-based access for S3 object store access:
If you have root privileges in AWS account, then you can directly proceed with creating policy for S3 Bucket access procedure.

If you don’t have root privileges in AWS Console then you need create the IAM role and the policy associated with the role, the AWS user should have the necessary IAM privileges. The following are some of the IAM privileges/actions that are required to create and attach the IAM role.

“iam:AddRoleToInstanceProfile”,
“iam:AttachRolePolicy”,
“iam:CreateRole”,
“iam:DeleteRole”,
“iam:DeleteRolePolicy”,
“iam:DetachRolePolicy”,
“iam:GetRole”,
“iam:GetRolePolicy”,
“iam:ListRolePolicies”,
“iam:ListRoles”,
“iam:PassRole”,
“iam:RemoveRoleFromInstanceProfile”,
“iam:UpdateRolePolicy”,
“iam:CreateInstanceProfile”,
“iam:PutRolePolicy”,
“iam:DeleteInstanceProfile”

Once you have the necessary privileges as an AWS, continue creating the role-based
for S3 object store access as follows.

Create the policy for S3 bucket access:

Sign in to the AWS Management Console and open the IAM Service Console

https://aws.amazon.com/console/

Go to AWS Services > Security, Identity & Compliance > IAM

In the navigation pane of the IAM console, choose “Policies” and then click
“Create policy” button.

In the “Create policy” web page, select the tab “JSON” and Replace the text under the JSON tab with the following content.

Substitute “my-bucket-name” with the name of the bucket that you have created for the DD VE.

{
“Version”: “2012-10-17”,
“Statement”: [
{
“Effect”: “Allow”,
“Action”: [
“s3:ListBucket”,
“s3:GetObject”,
“s3:PutObject”,
“s3:DeleteObject”
],
“Resource”: [
“arn:aws:s3:::my-bucket-name”,
“arn:aws:s3:::my-bucket-name/*”
]
}
]
}

Example:

Verify this information on your screen then click the “Review policy” button.

Provide the name and description of your choice.

Follow the steps in the next section to create the role and attach the policy you have just created to the Role.
Create the role for S3 bucket access:
In the navigation pane of the IAM console, choose “Roles” and then click the “Create role” button

On the “Create role” page,

 For the “Select type of trusted entity” option, select “AWS service”
 For the “Choose the service that will use this role” option, select “EC2”
 Then click “Next Permissions” to advance to the next section.

On the “Attach permissions policies” page, search for the policy that you created in the previous section, such as “ddve-s3-access-policy”. Then select the check box for that policy. Click the “Next review” button to advance to the next section.

Creating VPC end Points: This Step requires only when your DDVE on Private subnet which don’t have access to internet.

If DDVE can talk to S3 via public subnet which has internet access, then skip this step.

Go to AWS Services > Networking & Content Delivery > VPC > Endpoints

Click on Create Endpoint

Select Service Category as AWS Service and Service name should be “com.amazonaws.us-east-1.s3”

Select VPC/Subnet/Route Table details form Customer and then click on Create End Point.

Make sure once you created Endpoint it should be appear in corresponding Private Subnet route table.

Download the DDVE OVA for VMC:

https://download.emc.com/downloads/DL93745

Login to vSphere Console on VMC as cloudadmin and select compute resource pool >Right click > Deploy OVF option.

Select the configuration based on requirement.

Select the VM storage policy

Make sure to verify the deployment completed and right click DDVE > Edit Settings:

We need to add the hard disk to use it for meta data disk and this disk should be 10 % of your actual DDVE size.

Example: if you are deploying 96 TB DDVE then your meta data disk size should be 10 TB.

The recommendation is to deploy multiple 1TB disks to take advantage of the multiple virtual scsi controllers to give more IO bandwidth within the VM regardless of what type of disks are on the other end.

Open the VMware Console for DDVE > Select right click >Edit Settings > add hard disk for Meta Data desk

By default, DDVE comes with default Two vNIC’s and you can add if you need more.

Note: When you are adding new vNICs by default adapter type is E1000 and you need to change to
VMXNET3

Power ON the DDVE.

You can take VMware console to open the DDVE or SSH to DDVE IP address.

Default username and passwords are “sysadmin” & “changeme”

Take SSH session to DDVE

You can generate the permanent license based on DDVE locking code.

Email the license file to target audience.

Accept and proceed with Network configuration as per your requirement.

By default, DDVE comes with 500 GB evaluation license and you need to generate permanent license using DDVE serial number & locking ID.Once you got the permanent license you can replace license here.

You can see the DDVE Capacity license.

Configure the DNS /Hostname/Network interfaces/routes as shown below.

Create the file system:

Add the meta data disk

This concludes the deployment of DDVE in VMware cloud on AWS