Deployment for Region B. 17 JUL 2018 VMware Validated Design 4.3 VMware Validated Design for Software-Defined Data Center 4.3

Transcription

1 17 JUL 2018 VMwre Vlite Design 4.3 VMwre Vlite Design for Softwre-Define Dt Center 4.3

2 You n fin the most up-to-te tehnil oumenttion on the VMwre wesite t: If you hve omments out this oumenttion, sumit your feek to ofeek@vmwre.om VMwre, In Hillview Ave. Plo Alto, CA Copyright VMwre, In. All rights reserve. Copyright n tremrk informtion. VMwre, In. 2

3 Contents 1 Aout VMwre Vlite Design Deployment in Region B 4 2 Region B Virtul Infrstruture Implementtion 5 Instll n Configure ESXi Hosts in Region B 5 Deploy n Configure the Pltform Servies Controller n vcenter Server Components in Region B 11 Deploy n Configure the Mngement Cluster NSX Instne in Region B 47 Deploy n Configure the Shre Ege n Compute Cluster Components Region B 85 Deploy n Configure the Shre Ege n Compute Cluster NSX Instne in Region B Region B Opertions Mngement Implementtion 147 vsphere Upte Mnger Downlo Servie Implementtion in Region B 147 vrelize Suite Lifeyle Mnger Implementtion in Region B 157 vrelize Opertions Mnger Implementtion in Region B 159 vrelize Log Insight Implementtion in Region B Region B Clou Mngement Implementtion 217 Prerequisites for Clou Mngement Pltform Implementtion in Region B 218 Configure Servie Aount Privileges in Region B 219 Deploy the Clou Mngement Pltform in Region B 220 Emee vrelize Orhestrtor Configurtion in Region B 239 vrelize Business Configurtion in Region B 241 Content Lirry Configurtion in Region B 244 Tennt Content Cretion in Region B 245 Opertions Mngement Configurtion for Clou Mngement in Region B Post-Deployment Opertions Implementtion in Region A n Region B 286 Delete the Environments in vrelize Suite Lifeyle Mnger 286 Chnge The Psswors for the vrelize Suite Prouts in vrelize Suite Lifeyle Mnger 289 Import the Environments in vrelize Suite Lifeyle Mnger Region B Business Continuity Implementtion 308 Deploy n Configure Site Reovery Mnger 308 Deploy n Configure vsphere Replition 320 Configure Opertions Mngement for the Business Continuity Components 337 VMwre, In. 3

4 Aout VMwre Vlite Design 1 Deployment in Region B VMwre Vlite Design Deployment for Region B provies step-y-step instrutions for instlling, onfiguring, n operting softwre-efine t enter (SDDC) se on the VMwre Vlite Design for Softwre-Define Dt Center. VMwre Vlite Design Deployment for Region B oes not ontin step-y-step instrutions for performing ll of the require post-onfigurtion tsks euse they often epen on ustomer requirements. Intene Auiene The VMwre Vlite Design Deployment for Region B oument is intene for lou rhitets, infrstruture ministrtors n lou ministrtors who re fmilir with n wnt to use VMwre softwre to eploy in short time n mnge n SDDC tht meets the requirements for pity, slility, kup n restore, n extensiility for isster reovery support. Require VMwre Softwre VMwre Vlite Design Deployment for Region B is omplint n vlite with ertin prout versions. See VMwre Vlite Design Relese Notes for more informtion out supporte prout versions. VMwre, In. 4

5 Region B Virtul Infrstruture 2 Implementtion The virtul infrstruture is the fountion of n opertionl SDDC, n onsists primrily of the physil host's hypervisor n the ontrol of these hypervisors. The mngement worklos onsist of elements in the virtul mngement lyer itself, long with elements in the Clou Mngement Lyer, Servie Mngement, Business Continuity, n Seurity res. The following proeures esrie the vlite flow of instlltion n onfigurtion for the Virtul Infrstruture in Region B. 1 Instll n Configure ESXi Hosts in Region B Strt the eployment of your virtul infrstruture in Region B y instlling n onfiguring ll the ESXi hosts. 2 Deploy n Configure the Pltform Servies Controller n vcenter Server Components in Region B Deploy n onfigure the luster omponents for oth the mngement luster n the shre ege n ompute luster. 3 Deploy n Configure the Mngement Cluster NSX Instne in Region B This esign uses two seprte NSX instnes per region. One instne is tie to the Mngement vcenter Server, n the other instne is tie to the Compute vcenter Server. Deploy n onfigure the NSX instne for the mngement luster in Region B. 4 Deploy n Configure the Shre Ege n Compute Cluster Components Region B Deploy n onfigure the shre ege n ompute luster omponents. 5 Deploy n Configure the Shre Ege n Compute Cluster NSX Instne in Region B Deploy n onfigure the NSX instne for the shre ege n ompute luster in Region B. Instll n Configure ESXi Hosts in Region B Strt the eployment of your virtul infrstruture in Region B y instlling n onfiguring ll the ESXi hosts. VMwre, In. 5

6 1 Prerequisites for Instlltion of ESXi Hosts in Region B Instll n onfigure the ESXi hosts for the mngement luster n the shre ege n ompute luster y using the sme proess. 2 Instll ESXi Intertively on All Hosts in Region B Instll ll ESXi hosts for ll lusters intertively. 3 Configure the Network on All Hosts in Region B After the initil oot, use the ESXi Diret Console User Interfe (DCUI) for initil host network onfigurtion n ministrtive ess. 4 Configure vsphere Stnr Swith On Host in the Mngement Cluster in Region B You must perform network onfigurtion from the VMwre Host Client for single host. You perform network onfigurtion for the other hosts fter the eployment of the vcenter Server. 5 Configure SSH n NTP on the First Host in Region B Time synhroniztion issues n result in serious prolems with your environment. Configure NTP n SSH on the first host. NTP n SSH onfigurtion for the remining hosts will tke ple fter the instlltion of vcenter Server. Prerequisites for Instlltion of ESXi Hosts in Region B Instll n onfigure the ESXi hosts for the mngement luster n the shre ege n ompute luster y using the sme proess. Before you egin: Mke sure tht you hve Winows host tht hs ess to your t enter. You use this host to onnet to your hosts n perform onfigurtion steps. Ensure tht routing is in ple etween the two regionl mngement networks /24 n /24 s it is neessry to join the ommon SSO omin. You must lso prepre the instlltion files. Downlo the ESXi ISO instller. Crete ootle USB rive tht ontins the ESXi Instlltion. See "Formt USB Flsh Drive to Boot the ESXi Instlltion or Upgre" in vsphere Instlltion n Setup. IP Aresses, Hostnmes, n Network Configurtion The following vlues re require to onfigure your hosts. VMwre, In. 6

7 Tle 2 1. Mngement Cluster Hosts FQDN IP VLAN ID Defult Gtewy NTP Server lx01m01esx01.lx01.rinpole.lol ntp.lx01.rinpole.lol ntp.sfo01.rinpole.lol lx01m01esx02.lx01.rinpole.lol ntp.lx01.rinpole.lol ntp.sfo01.rinpole.lol lx01m01esx03.lx01.rinpole.lol ntp.lx01.rinpole.lol ntp.sfo01.rinpole.lol lx01m01esx04.lx01.rinpole.lol ntp.lx01.rinpole.lol ntp.sfo01.rinpole.lol Tle 2 2. Shre Ege n Compute Cluster Hosts FQDN IP VLAN ID Defult Gtewy NTP Server lx01w01esx01.lx01.rinpole.lol ntp.lx01.rinpole.lol ntp.sfo01.rinpole.lol lx01w01esx02.lx01.rinpole.lol ntp.lx01.rinpole.lol ntp.sfo01.rinpole.lol lx01w01esx03.lx01.rinpole.lol ntp.lx01.rinpole.lol ntp.sfo01.rinpole.lol lx01w01esx04.lx01.rinpole.lol ntp.lx01.rinpole.lol ntp.sfo01.rinpole.lol Instll ESXi Intertively on All Hosts in Region B Instll ll ESXi hosts for ll lusters intertively. 1 Power on the lx01m01esx01 host. 2 Mount the USB rive ontining the ESXi ISO file n oot from tht USB rive. 3 On the Welome to the VMwre Instlltion sreen, press Enter to strt the instlltion. 4 On the En User Liense Agreement (EULA) sreen, press F11 to ept the EULA. 5 On the Selet Disk to Instll or Upgre sreen, selet the USB rive or SD r uner lol storge to instll ESXi n press Enter to ontinue. VMwre, In. 7

8 6 Selet the keyor lyout n press Enter. 7 Enter the esxi_root_user_psswor, enter the psswor seon time to onfirm the spelling, n press Enter. 8 On the Confirm Instll sreen, press F11 to strt the instlltion. 9 After the instlltion ompletes suessfully, unmount the USB rive n press Enter to reoot the host. 10 Repet this proeure for ll hosts, using the respetive vlues for eh host you onfigure. Configure the Network on All Hosts in Region B After the initil oot, use the ESXi Diret Console User Interfe (DCUI) for initil host network onfigurtion n ministrtive ess. Perform the following tsks to onfigure the host network settings: Configure the network pter (vmk0) n VLAN ID for the Mngement Network. Configure the IP ress, sunet msk, gtewy, DNS server, n FQDN for the ESXi host. Repet this proeure for ll hosts in the mngement n shre ege n ompute lusters. Enter the respetive vlues from the prerequisites setion for eh host tht you onfigure. See Prerequisites for Instlltion of ESXi Hosts in Region B. VMwre, In. 8

9 1 Open the DCUI on the physil ESXi host lx01m01esx01.lx01.rinpole.lol. Open onsole winow to the host. Press F2 to enter the DCUI. Log in using the following reentils. User nme Psswor root esxi_root_user_psswor 2 Configure the network. e Selet Configure Mngement Network n press Enter. Selet VLAN (Optionl) n press Enter. Enter 1711 s the VLAN ID for the Mngement Network n press Enter. Selet IPv4 Configurtion n press Enter. Configure the IPv4 network using the following settings n press Enter. Set stti IPv4 ress n network onfigurtion Selete IPv4 Aress Sunet Msk Defult Gtewy f g Selet DNS Configurtion n press Enter. Configure DNS using the following settings n press Enter. Use the following DNS Server ress n hostnme Selete Primry DNS Server Alternte DNS Server Hostnme lx01m01esx01.lx01.rinpole.lol h i Selet Custom DNS Suffixes n press Enter. Ensure tht there re no suffixes liste n press Enter. 3 After you onfigure ll host network settings, press Espe to exit n press Y to onfirm the hnges. 4 Repet this proeure for ll hosts. VMwre, In. 9

10 Configure vsphere Stnr Swith On Host in the Mngement Cluster in Region B You must perform network onfigurtion from the VMwre Host Client for single host. You perform network onfigurtion for the other hosts fter the eployment of the vcenter Server. You onfigure vsphere Stnr Swith with two port groups: The existing virtul mhine port group. VMkernel port group. This onfigurtion provies onnetivity n ommon network onfigurtion for virtul mhines tht resie on eh host. 1 Log in to the vsphere host using the VMwre Host Client. Open We rowser n go to Log in using the following reentils. Options User nme Psswor Desription root esxi_root_user_psswor 2 Clik OK to Join the Customer Experiene Improvement Progrm. 3 Configure VLAN for the VM Network port group. In the Nvigtor, lik Networking, lik the Port Groups t, selet the VM Network port group, n lik Eit s. On the Eit port group - VM Network winow, enter 1711 for VLAN ID, n lik Sve. Configure SSH n NTP on the First Host in Region B Time synhroniztion issues n result in serious prolems with your environment. Configure NTP n SSH on the first host. NTP n SSH onfigurtion for the remining hosts will tke ple fter the instlltion of vcenter Server. VMwre, In. 10

11 1 Log in to the vsphere host using the VMwre Host Client. Open We rowser n go to Log in using the following reentils. Options User nme Psswor Desription root esxi_root_user_psswor 2 Configure SSH. In the Nvigtor, lik Mnge, lik the Servies t, selet the TSM-SSH servie, n lik the Ations menu. Selet Poliy n lik Strt n stop with host. Clik Strt to strt the servie. 3 Configure the NTP Demon (ntp). In the Nvigtor, lik Mnge, lik the System t, lik Time & te, n lik Eit s. In the Eit Time onfigurtion ilog ox, selet the Use Network Time Protool (enle NTP lient) rio utton, hnge the NTP servie strtup poliy to Strt n stop with host, n enter ntp.lx01.rinpole.lol,ntp.sfo01.rinpole.lol s NTP servers. Clik Sve. Strt the servie y liking Ations, point to NTP servie, n selet Strt. Deploy n Configure the Pltform Servies Controller n vcenter Server Components in Region B Deploy n onfigure the luster omponents for oth the mngement luster n the shre ege n ompute luster. 1 Prerequisites for Implementtion of Pltform Servies Controllers n vcenter Server Components in Region B Before you eploy the Pltform Servies Controllers n vcenter Server omponents in Region B, verify tht your environment stisfies the requirements. 2 Deploy the Externl Pltform Servies Controllers for the vcenter Server Instnes in Region B Two externl Pltform Servies Controller instnes must e eploye in Region B. The first instne is ssoite with the mngement luster n the seon with the shre ege n ompute luster. Both instnes elong to the sme SSO omin for Ientity Mngement. Work through this proeure twie, using the vcenter Server Appline ISO file n the ustomize t for eh instne. VMwre, In. 11

12 3 Join the Pltform Servies Controller Instnes to Ative Diretory in Region B After you hve suessfully instlle the Pltform Servies Controller instnes, you must the pplines to your Ative Diretory omin. The ientity soures onfigure for the vsphere Domin utomtilly propgte to Region B. Users n then e ssigne permissions to view or mnge SDDC omponents for this region. 4 Reple the Pltform Servies Controller Certifites in Region B To estlish truste onnetion with the other SDDC mngement omponents, you reple the mhine SSL ertifite on eh Pltform Servies Controller instne in Region B with ustom ertifite signe y the ertifite uthority (CA) ville on the prent Ative Diretory (AD) server or on the intermeite Ative Diretory (AD) server. 5 Upte the Pltform Servies Controller SSO Configurtion n Enpoints in Region B Before instlling vcenter Server, the Pltform Servies Controller enpoints must e upte to reflet the nme of the lo lner's virtul IP. 6 Deploy the Mngement vcenter Server Instne in Region B You n now instll the vcenter Server ppline for the mngement pplitions n onfigure liensing n seurity. 7 Reple the Certifite of the Mngement vcenter Server in Region B Тo estlish truste onnetion with the other SDDC mngement omponents, you reple the mhine SSL ertifite on eh vcenter Server instne in the region with ustom ertifite signe y the ertifite uthority (CA) ville on the prent Ative Diretory (AD) server or on the intermeite Ative Diretory (AD) server. 8 Set SDDC Deployment Detils on the Mngement vcenter Server in Region B Set n ientity of your SDDC eployment on the Mngement vcenter Server. You n lso use this ientity s lel in tools for n utomte SDDC eployment. 9 Configure the Mngement Cluster in Region B You must now rete n onfigure the mngement luster. 10 Crete vsphere Distriute Swith for the Mngement Cluster in Region B After ing ll ESXi hosts to the luster, you rete vsphere Distriute Swith. You must lso rete port groups to prepre your environment to hnle the ifferent types of network trffi. After the proper port groups re rete, migrte the Pltform Servies Controller n vcenter Server instnes to the istriute swith. 11 Crete vsan Disk Groups for the Mngement Cluster in Region B vsan isk groups must e rete on eh host tht is ontriuting storge to the vsan tstore. 12 Enle vsphere HA on the Mngement Cluster in Region B Before reting the host profile for the mngement luster enle vsphere HA. 13 Chnge Avne Options on the ESXi Hosts in the Mngement Cluster in Region B Chnge the efult ESX Amins group to hieve greter levels of seurity n enle vsan to provision the Virtul Mhine swp files s thin to onserve spe in the vsan tstore. VMwre, In. 12

13 14 Mount NFS Storge for the Mngement Cluster in Region B Mount n NFS tstore s storge lotion for future kups. 15 Crete n Apply the Host Profile for the Mngement Cluster in Region B Host Profiles ensure tht ll hosts in the luster hve the sme onfigurtion. 16 Set Virtul SAN Poliy on Mngement Virtul Mhines in Region B After you pply the host profile to ll hosts, set the storge poliy of the mngement virtul mhines to the efult Virtul SAN storge poliy. 17 Crete the VM n Templte Folers in Region B Crete folers to group ojets of the sme type for esier mngement. 18 Crete Anti-Affinity Rules for the Pltform Servies Controllers in Region B Anti-Affinity rules prevent virtul mhines from running on the sme host. This helps to mintin reunny in the event of host filures. 19 Crete VM Groups to Define Strtup Orer in the Mngement Cluster in Region B VM Groups llow you to efine the strtup orer of virtul mhines. Strtup orers re use uring vsphere HA events suh tht vsphere HA powers on virtul mhines in the orret orer. Prerequisites for Implementtion of Pltform Servies Controllers n vcenter Server Components in Region B Before you eploy the Pltform Servies Controllers n vcenter Server omponents in Region B, verify tht your environment stisfies the requirements. IP Aresses n Host Nmes Verify tht stti IP resses n FQDNs for the mngement networks re ville for the SDDC eployment. Allote the require IP resses n FQDNs: Two stti IP resses n FQDNs for the Pltform Servies Controllers. One stti IP ress n FQDN for the Pltform Servies Controller lo lner. One stti IP ress n FQDN for the Mngement vcenter Server. Tle 2 3. Network Nmes for SDDC Components vcenter Server n Pltform Servies Controllers vcenter Server Pltform Servies Controllers Network VM Network VM Network VMwre, In. 13

14 Tle 2 4. IP Aresses n Host Nmes for the vcenter Server n Pltform Servies Controllers in Region B Role IP Aress FQDN Mngement Pltform Servies Controller Ege/Compute Pltform Servies Controller lx01m01ps01.lx01.rinpole.lol lx01w01ps01.lx01.rinpole.lol Mngement vcenter Server lx01m01v01.lx01.rinpole.lol PSC lo lner VIP ress (temporry) lx01ps01.lx01.rinpole.lol Defult gtewy DNS server Sunet msk NTP servers ntp.lx01.rinpole.lol Deployment Prerequisites Verify tht your environment stisfies the following prerequisites for the eployment of Pltform Servies Controller n vcenter Server. Prerequisite Storge Virtul isk provisioning. Thin Require storge per vcenter Server: Initil storge for the vcenter Server: 270 GB Require storge per Pltform Servies Controller noe. Initil storge for Pltform Servies Controller: 60 GB Softwre Fetures Verify tht SSH is enle on ESXi Hosts. Instlltion Pkge Downlo the.iso file for the vcenter Server n Pltform Servies Controller. Liense Verify tht you hve otine vclou Suite liense with quntity tht stisfies the requirements of this esign. Ative Diretory Verify tht you hve prent tive iretory with the SDDC user roles onfigure for the rinpole.lol omin. sv-omin-join(enterprise Amins) Certifite Authority Configure the root Ative Diretory omin ontroller s ertifite uthority for the environment. Downlo the CertGenVVD tool n generte the signe ertifite for the vcenter Server n Pltform Servies Controller noes. See the VMwre Vlite Design Plnning n Preprtion oumenttion. VMwre, In. 14

15 Deploy the Externl Pltform Servies Controllers for the vcenter Server Instnes in Region B Two externl Pltform Servies Controller instnes must e eploye in Region B. The first instne is ssoite with the mngement luster n the seon with the shre ege n ompute luster. Both instnes elong to the sme SSO omin for Ientity Mngement. Work through this proeure twie, using the vcenter Server Appline ISO file n the ustomize t for eh instne. 1 Log in to the Winows host tht hs ess to your t enter s n ministrtor. 2 Strt the vcenter Server Appline Instller wizr. Browse the vcenter Server Appline ISO file. Open the <v-rive>:\vs-ui-instller\win32\instller.exe pplition file. 3 Complete Stge 1 of the vcenter Server Appline Instller wizr. e Clik Instll to strt the instlltion. Clik Next on the Introution pge. On the En user liense greement pge, selet the I ept the terms of the liense greement hek ox n lik Next. On the Selet eployment type pge, lik Pltform Servies Controller n lik Next. On the Appline eployment trget pge, enter the following settings n lik Next. ESXi host or vcenter Server nme lx01m01esx01.lx01.rinpole.lol HTTPS port 443 User nme Psswor root esxi_root_user_psswor f g In the Certifite Wrning ilog ox, lik Yes to ept the host ertifite. On the Set up ppline VM pge, enter the following settings n lik Next. Mngement Ege/Compute VM nme lx01m01ps01 lx01w01ps01 Root psswor mgmtps_root_psswor ompps_root_psswor Confirm root psswor mgmtps_root_psswor ompps_root_psswor VMwre, In. 15

16 h On the Selet tstore pge, perform the following steps, n lik Next. Mngement Ege/Compute Selet tstore Selet Instll on new Virtul SAN tstore on the trget host n lik Next Confirm t lest one Che tier n two Cpity tier isks hve een lime Selet Enle Thin Disk Moe Selet the existing vsan tstore Selet Enle Thin Disk Moe i On the Configure network settings pge, enter the following settings n lik Next. Mngement Ege/Compute Network VM Network VM Network IP version IPv4 IPv4 IP ssignment stti stti System nme lx01m01ps01.lx01.rinpole.lol lx01w01ps01.lx01.rinpole.lol IP ress Sunet msk or prefix length Defult gtewy DNS servers , , j k On the Rey to omplete stge 1 pge, review the onfigurtion n lik Finish to strt the eployment. When the eployment ompletes, lik Continue to proee to the seon stge of the instlltion, setting up the Pltform Servies Controller Appline. 4 Complete Stge 2 of the Set Up Pltform Servies Controller Appline wizr. Clik Next on the Introution pge. On the Appline onfigurtion pge, enter the following settings n lik Next. Time synhroniztion moe NTP servers (omm-seprte list) SSH ess Synhronize time with NTP servers ntp.lx01.rinpole.lol,ntp.sfo01.rinpole.lol Enle VMwre, In. 16

17 On the SSO onfigurtion pge, enter the following settings n lik Next. Mngement Ege/Compute SSO onfigurtion Join n existing SSO omin Join n existing SSO omin Emee or Externl Pltform Servies Controller sfo01m01ps01.sfo01.rinpole.lol lx01m01ps01.lx01.rinpole.lol HTTPS port Single Sign-On omin nme vsphere.lol vsphere.lol Single Sign-On psswor sso_psswor sso_psswor On the SSO Site Nme pge, enter the following settings n lik Next. lx01m01ps01 lx01w01ps01 SSO Site Cretion Crete new site Join n existing site SSO site nme LAX01 LAX01 e f g h On the Configure CEIP pge, verify tht the Join the VMwre's Customer Experiene Improvement Progrm (CEIP) hek ox is selete n lik Next. On the Rey to omplete pge, review the onfigurtion n lik Finish to omplete the setup. Clik OK on the Wrning. When the instlltion ompletes, lik Close. 5 Repet this proeure for eh Pltform Servies Controller, using the respetive vlues for eh. 6 Crete replition greement etween the Pltform Servies Controllers for the ompute lusters in the regions. Open n SSH lient n onnet to lx01w01ps01.lx01.rinpole.lol. Log in using the following reentils. User nme Psswor root ompps_root_psswor VMwre, In. 17

18 Run the following ommns to enle BASH ess, n strt BASH. shell.set --enle True shell Crete new replition greement etween the Pltform Servies Controllers for the ompute lusters. Note You run this ommn in Region B only. The ommn uses the reentils of the ministrtor@vsphere.lol ount. /usr/li/vmwre-vmir/in/vrepmin -f retegreement -2 -h sfo01w01ps01.sfo01.rinpole.lol -u Aministrtor -w venter_min_psswor -H lx01w01ps01.lx01.rinpole.lol Join the Pltform Servies Controller Instnes to Ative Diretory in Region B After you hve suessfully instlle the Pltform Servies Controller instnes, you must the pplines to your Ative Diretory omin. The ientity soures onfigure for the vsphere Domin utomtilly propgte to Region B. Users n then e ssigne permissions to view or mnge SDDC omponents for this region. Repet this proeure twie, one for the mngement luster n gin for the shre ege n ompute luster. Pltform Servies Controller Pltform Servies Controller for the mngement luster Pltform Servies Controller for the shre ege n ompute luster URL Log in to the ministrtion interfe of the Pltform Servies Controller. Open We rowser n go to Clik the link for Pltform Servies Controller we interfe. Log in using the following reentils. Options User nme Psswor Desription Aministrtor@vsphere.lol vsphere_min_psswor VMwre, In. 18

19 2 A the mngement Pltform Servies Controller instne to the Ative Diretory omin. In the Nvigtor, lik the Appline s t. Clik the Mnge t n lik Join. In the Join Ative Diretory Domin ilog ox, enter the following settings n lik OK. Domin User nme Psswor lx01.rinpole.lol sv-omin-join@rinpole.lol sv-omin-join_psswor 3 Reoot the Pltform Servies Controller instne to pply the hnges. Clik the Appline settings t, n lik the VMwre Pltform Servies Appline link. Log in to the VMwre vsphere Appline Mngement interfe with the following reentils. User nme Psswor root ps_root_psswor On the Summry pge, lik Reoot. In the System Reoot ilog ox, lik Yes. 4 After the reoot proess ompletes log k in to using the following reentils. User nme Psswor ministrtor@vsphere.lol vsphere_min_psswor 5 Verify tht the Pltform Servies Controller hs suessfully joine the omin, lik Appline s, n lik the Mnge t. 6 In the Nvigtor, lik Configurtion, n lik the Ientity Soures t. Verify tht the rinpole.lol omin is ville s n Ientity Soure. 7 Repet this proeure for the Pltform Servies Controller of the shre ege n ompute luster. Reple the Pltform Servies Controller Certifites in Region B To estlish truste onnetion with the other SDDC mngement omponents, you reple the mhine SSL ertifite on eh Pltform Servies Controller instne in Region B with ustom ertifite signe y the ertifite uthority (CA) ville on the prent Ative Diretory (AD) server or on the intermeite Ative Diretory (AD) server. VMwre, In. 19

20 The mhine ertifite on oth Pltform Servies Controller instnes in the region must e the sme euse they re lo-lne oring to this Vlite Design. The ertifite must hve ommon nme tht is equl to the lo-lne Fully Qulifie Domin Nme (FQDN). Eh Pltform Servies Controller FQDN n short nme, n the lo-lne FQDN n short nme must e in the Sujet Alterntive Nme (SAN) of the generte ertifite. Tle 2 5. Certifite-Relte Files on Pltform Servies Controllers Pltform Servies Controller Certifite Filenme lx01m01ps01.lx01.rinpole.lol lx01ps01.1.er lx01ps01.key Root64.er lx01w01ps01.lx01.rinpole.lol lx01ps01.1.er lx01ps01.key Root64.er Prerequisites CA-signe ertifite files generte y using VMwre Vlite Design Certifite Genertion Utility (CertGenVVD). See the VMwre Vlite Design Plnning n Preprtion oumenttion. A Winows host with n SSH terminl ess softwre suh s PuTTY n n sp softwre suh s WinSCP instlle. 1 Open Seure Shell (SSH) onnetion to the Pltform Servies Controller virtul mhine. Open n SSH onnetion to lx01m01ps01.lx01.rinpole.lol n log in with the following reentils. User nme Psswor root mgmtps_root_psswor 2 Chnge the Pltform Servies Controller ommn shell to the Bsh shell to llow seure opy (sp) onnetions for the root user. shell hsh -s "/in/sh" root VMwre, In. 20

21 3 Copy the generte ertifites to the Pltform Servies Controllers. Run the following ommn to rete new temporry foler mkir -p /root/erts Copy the ertifite files lx01ps01.1.er, lx01ps01.key, n Root64.er to the /root/erts foler. You n use n sp softwre suh s WinSCP. 4 Reple the ertifite on the Pltform Servies Controller instne. Strt the vsphere Certifite Mnger utility on Pltform Servies Controller. /usr/li/vmwre-vm/in/ertifite-mnger e f g Selet Option 1 (Reple Mhine SSL ertifite with Custom Certifite) Enter efult vcenter Single Sign-On user nme ministrtor@vsphere.lol n the vsphere_min psswor. Selet Option 2 (Import ustom ertifite(s) n key(s) to reple existing Mhine SSL ertifite). When prompte for the ustom ertifite, enter /root/erts/lx01ps01.1.er When prompte for the ustom key, enter /root/erts/lx01ps01.key When prompte for the signing ertifite, enter /root/erts/root64.er h When prompte to Continue opertion, enter Y. The Pltform Servies Controller servies utomtilly restrt. 5 After Certifite Mnger reples the ertifite, restrt the vmi-lighttp servie to upte the ertifite in the virtul pplition mngement interfe (VAMI) of n to remove ertifite files from Pltform Servies Controller. servie vmi-lighttp restrt /root/erts rm lx01ps01.1.er lx01ps01.key Root64.er 6 Repet the proeure to reple the ertifite on lx01w01ps01.lx01.rinpole.lol. Upte the Pltform Servies Controller SSO Configurtion n Enpoints in Region B Before instlling vcenter Server, the Pltform Servies Controller enpoints must e upte to reflet the nme of the lo lner's virtul IP. VMwre, In. 21

22 Prerequisites Before ompleting this proeure, DNS A reor must e rete. This A reor is the FQDN of the lo lner with the IP ress of lx01m01ps01.lx01.rinpole.lol. After the lo lner is set up, this DNS reor is hnge to the virtul IP of the lo lner. 1 Crete DNS reor for the lo lner FQDN. Open remote esktop onnetion to your DNS server. Crete DNS A reor with the following vlues: FQDN IP lx01ps01.lx01.rinpole.lol Note After the lo lner is onfigure, the IP ress is upte to reflet the lo lner's VIP inste of the IP ress of lx01m01ps01.lx01.rinpole.lol 2 Upte the Pltform Servies Controller SSO onfigurtion on lx01m01ps01.lx01.rinpole.lol. Open n SSH onnetion to lx01m01ps01.lx01.rinpole.lol. Log in using the following reentils. User nme Psswor root mgmtps_root_psswor Enter /usr/li/vmwre-sso/in/ n press Enter. Run python uptessoconfig.py --l-fqn=lx01ps01.lx01.rinpole.lol. 3 Upte the Pltform Servies Controller SSO onfigurtion on lx01w01ps01.lx01.rinpole.lol. Open n SSH onnetion to lx01w01ps01.lx01.rinpole.lol. Log in using the following reentils. User nme Psswor root ompps_root_psswor Enter /usr/li/vmwre-sso/in/ n press Enter. Run python uptessoconfig.py --l-fqn=lx01ps01.lx01.rinpole.lol. VMwre, In. 22

23 4 Upte the Pltform Servies Controller enpoints. Note Only perform this proeure on one of the Pltform Servies Controllers. Open n SSH onnetion to lx01m01ps01.lx01.rinpole.lol. Log in using the following reentils. User nme Psswor root mgmtps_root_psswor Enter /usr/li/vmwre-sso/in/ n press Enter. Run python UpteLsEnpoint.py --l-fqn=lx01ps01.lx01.rinpole.lol -- user=aministrtor@vsphere.lol. e Enter the vsphere_min_psswor when prompte. Deploy the Mngement vcenter Server Instne in Region B You n now instll the vcenter Server ppline for the mngement pplitions n onfigure liensing n seurity. 1 Strt the vcenter Server Appline Deployment wizr. Browse the vcenter Server Appline ISO file. Open the <v-rive>:\vs-ui-instller\win32\instller pplition file. 2 Complete the vcenter Server Appline Deployment wizr. e Clik Instll to strt the instlltion. Clik Next on the Introution pge. On the En user liense greement pge, selet the I ept the terms of the liense greement hek ox n lik Next. On the Selet eployment Type pge, uner Externl Pltform Servies Controller, selet the vcenter Server (Requires Externl Pltform Servies Controller) rio utton n lik Next. On the Appline eployment trget pge, enter the following settings n lik Next. ESXi host or vcenter Server nme lx01m01esx01.lx01.rinpole.lol HTTPS port 443 User nme Psswor root esxi_root_user_psswor VMwre, In. 23

24 f g In the Certifite Wrning ilog ox, lik Yes to ept the host ertifite. On the Set up ppline VM pge, enter the following settings, n lik Next. Appline nme OS psswor Confirm OS psswor lx01m01v01 mgmtv_root_psswor mgmtv_root_psswor h i j On the Selet eployment size pge, selet Smll vcenter Server n lik Next. On the Selet tstore pge, selet the vsndtstore tstore, selet the Enle Thin Disk Moe hek ox, enter lx01-m01 for the Dtenter Nme, lx01-m01-mgmt01 for the Cluster Nme n lik Next. On the Configure network settings pge, enter the following settings n lik Next. Network IP version IP ssignment System nme VM Network IPv4 stti lx01m01v01.lx01.rinpole.lol IP ress Sunet msk or prefix length Defult gtewy DNS servers , k l On the Rey to omplete stge 1 pge, review the onfigurtion n lik Finish to strt the eployment. When the eployment ompletes, lik Continue to proee to stge 2 of the instlltion. 3 Instll - Stge 2: Complete the Set Up vcenter Server Appline wizr. Clik Next on the Introution pge. On the Appline onfigurtion pge, enter the following settings n lik Next. Time Synhroniztion moe NTP servers (omm-seprte list) SSH ess Synhronize time with NTP servers ntp.lx01.rinpole.lol,ntp.sfo01.rinpole.lol Enle VMwre, In. 24

25 On the SSO onfigurtion pge, enter the following settings n lik Next. Emee or Externl Pltform Servies Controller lx01ps01.lx01.rinpole.lol HTTPS port 443 Single Sign-On omin nme Single Sign-On psswor vsphere.lol sso_psswor e f On the Rey to omplete pge, review the onfigurtion n lik Finish. Clik OK on the Wrning ilog ox. One the setup ompletes, lik Close to shut own the wizr. 4 Assign liense for this vcenter Server instne. Open We rowser n go to Log in using the following reentils. User nme Psswor ministrtor@vsphere.lol vsphere_min_psswor e f Clik the Home ion ove the Nvigtor n selet the Aministrtion menu item. On the Aministrtion pge, lik Lienses n lik the Assets t. Selet the vcenter Server instne lx01m01v01.lx01.rinpole.lol n lik the Assign Liense ion. Selet the vcenter Server liense tht you entere erlier n lik OK. Reple the Certifite of the Mngement vcenter Server in Region B Тo estlish truste onnetion with the other SDDC mngement omponents, you reple the mhine SSL ertifite on eh vcenter Server instne in the region with ustom ertifite signe y the ertifite uthority (CA) ville on the prent Ative Diretory (AD) server or on the intermeite Ative Diretory (AD) server. Tle 2 6. Certifite-Relte Files on the vcenter Server Instnes vcenter Server FQDN Files for Certifite Replement lx01m01v01.lx01.rinpole.lol lx01m01v01.key lx01m01v01.1.er Root64.er VMwre, In. 25

26 Prerequisites CA-signe ertifite files generte y using VMwre Vlite Design Certifite Genertion Utility (CertGenVVD). See the VMwre Vlite Design Plnning n Preprtion oumenttion. A Winows host with n SSH terminl ess softwre suh s PuTTY n n sp softwre suh s WinSCP instlle. 1 Log in to vcenter Server y using Seure Shell (SSH) lient. Open n SSH onnetion to the virtul mhine lx01m01v01.lx01.rinpole.lol. Log in using the following reentils. User nme Psswor root venter_server_root_psswor 2 Chnge the vcenter Server ppline ommn shell to the Bsh shell to llow seure opy (SCP) onnetions for the root user. shell hsh -s "/in/sh" root 3 Copy the generte ertifites from the Winows host where you run the CertGenVVD utility to the vcenter Server Appline. Run the following ommn to rete new temporry foler. mkir -p /root/erts Copy the ertifite files lx01m01v01.1.er, lx01m01v01.key, Root64.er from the Winows host where you run the CertGenVVD utility to the /root/erts foler on the vcenter Server Appline. You n use n SCP softwre suh s WinSCP. 4 Reple the CA-signe ertifite on the vcenter Server instne. Strt the vsphere Certifite Mnger utility on the vcenter Server instne. /usr/li/vmwre-vm/in/ertifite-mnger Selet Option 1 (Reple Mhine SSL ertifite with Custom Certifite), enter the efult vcenter Single Sign-On user nme ministrtor@vsphere.lol n the vsphere_min-psswor psswor. VMwre, In. 26

27 When prompte for the Infrstruture Server IP, enter the IP ress of the Pltform Servies Controller tht mnges this vcenter Server instne. vcenter Server instne IP Aress of mnging Pltform Servies Controller lx01m01v01.lx01.rinpole.lol e Selet Option 2 (Import ustom ertifite(s) n key(s) to reple existing Mhine SSL ertifite). When prompte, provie the full pth to the ustom ertifite, the root ertifite file, n the key file tht you generte erlier, n onfirm the import with Yes (Y). vcenter Server lx01m01v01.lx01.rinpole.lol Input to the vsphere Certifite Mnger Utility Plese provie vli ustom ertifite for Mhine SSL. File: /root/erts/lx01m01v01.1.er Plese provie vli ustom key for Mhine SSL. File: /root/erts/lx01m01v01.key Plese provie the signing ertifite of the Mhine SSL ertifite File: /root/erts/root64.er 5 After Sttus shows 100% Complete, wit severl minutes until ll vcenter Server servies re restrte. 6 Run the following ommn to restrt the vmi-lighttp servie n to remove ertifite files. servie vmi-lighttp restrt /root/erts rm lx01m01v01.1.er lx01m01v01.key Root64.er Set SDDC Deployment Detils on the Mngement vcenter Server in Region B Set n ientity of your SDDC eployment on the Mngement vcenter Server. You n lso use this ientity s lel in tools for n utomte SDDC eployment. 1 Log in to vcenter Server y using the vsphere We Client. Open We rowser n go to Log in using the following reentils. User nme Psswor ministrtor@vsphere.lol vsphere_min_psswor 2 From the Home menu of the vsphere We Client, selet Glol Inventory Lists. VMwre, In. 27

28 3 In the Nvigtor, lik vcenter Servers uner Resoures. 4 Clik the lx01m01v01.lx01.rinpole.lol vcenter Server ojet n lik the Configure t in the entrl pne. 5 Uner the s pne, lik Avne s n lik the Eit utton. 6 In the Eit Avne vcenter Server s ilog ox, set the following vlue pirs one y one, liking A fter eh entry. Nme onfig.sddc.deploye.type onfig.sddc.deploye.flvor VVD Stnr onfig.sddc.deploye.version onfig.sddc.deploye.worklodomin onfig.sddc.deploye.metho onfig.sddc.deploye.instnei Mngement DIY unique_ientifier* Note * Use the unique_ientifier you generte for the Mngement vcenter Server. See Set SDDC Deployment Detils on the Mngement vcenter Server in Region A. 7 Clik OK to lose the winow. Configure the Mngement Cluster in Region B You must now rete n onfigure the mngement luster. This proess onsists of the following tions: Enle vsphere DRS. Enle Enhne vmotion Comptiility. A the hosts to the luster. A host to the tive iretory omin. Renme the vsan tstore. 1 Log in to vcenter Server y using the vsphere We Client. Open We rowser n go to Log in using the following reentils. User nme Psswor ministrtor@vsphere.lol vsphere_min_psswor VMwre, In. 28

29 2 Enle vsphere DRS. Expn the lx01-m01 t enter ojet. Clik the lx01-m01-mgmt01 luster ojet n lik the Configure t. Selet the vsphere DRS uner Servies pge n lik Eit. Selet the Turn On vsphere DRS hek ox n lik OK. 3 Enle VMwre EVC. Uner the Configurtion pge, selet the VMwre EVC n lik Eit. Set EVC moe to the highest ville seline tht is supporte for the lowest CPU rhiteture on the hosts in the luster n lik OK. 4 A itionl hosts to the mngement luster. Right-lik the lx01-m01-mgmt01 luster n lik A Host. On the Nme n lotion pge, enter lx01m01esx02.lx01.rinpole.lol in the Host nme or IP ress text ox n lik Next. On the Connetion settings pge, enter the following reentils n lik Next. User nme Psswor root esxi_root_user_psswor e f g h i In the Seurity Alert ilog ox, lik Yes. On the Host summry pge, review the host informtion n lik Next. On the Assign liense pge, selet the ESXi liense key tht you entere uring the vcenter Server eployment n lik Next. On the Lokown Moe pge, lik Next. On the Resoure pool pge, lik Next. On the Rey to omplete pge, review your entries n lik Finish. 5 Repet the previous step for the two remining hosts to them to the mngement luster. Host 3 Host 4 lx01m01esx03.lx01.rinpole.lol lx01m01esx04.lx01.rinpole.lol 6 A n ESXi host to the Ative Diretory omin. In the Nvigtor pne, lik Hosts n Clusters n expn the entire lx01m01v01.lx01.rinpole.lol tree. Selet the lx01m01esx01.lx01.rinpole.lol host. VMwre, In. 29

30 e f Clik the Configure t. Uner System, selet Authentition Servies. In the Authentition Servies pnel, lik the Join Domin utton. In the Join Domin ilog ox, enter the following settings n lik OK. Domin Using reentils User nme Psswor lx01.rinpole.lol Selete sv-omin-join@rinpole.lol sv-omin-join_psswor 7 Set the Ative Diretory Servie to Strt n stop with host. e f In the Nvigtor pne, lik Hosts n Clusters n expn the entire lx01m01v01.lx01.rinpole.lol tree. Selet the lx01m01esx01.lx01.rinpole.lol host. Clik the Configure t. Uner System, selet Seurity Profile. Clik the Eit utton next to Servies. Selet the Ative Diretory Servie, hnge the Strtup Poliy to Strt n stop with host, n lik OK. 8 Renme the vsan tstore. In the Nvigtor pne, lik Storge n expn the entire lx01m01v01.lx01.rinpole.lol tree. Selet vsndtstore n selet Ations > Renme.. In the Dtstore - Renme ilog ox, enter lx01-m01-vsn01 s the tstore nme n lik OK. Crete vsphere Distriute Swith for the Mngement Cluster in Region B After ing ll ESXi hosts to the luster, you rete vsphere Distriute Swith. You must lso rete port groups to prepre your environment to hnle the ifferent types of network trffi. After the proper port groups re rete, migrte the Pltform Servies Controller n vcenter Server instnes to the istriute swith. VMwre, In. 30

31 1 Log in to the Mngement vcenter Server y using the vsphere We Client. Open We rowser n go to Log in using the following reentils. User nme Psswor ministrtor@vsphere.lol vsphere_min_psswor 2 Crete vsphere Distriute Virtul Swith. e In the Nvigtor, lik Networking n expn the lx01m01v01.lx01.rinpole.lol tree. Right-lik the lx01-m01 t enter n selet Distriute Swith > New Distriute Swith to strt the New Distriute Swith wizr. On the Nme n lotion pge, enter lx01-m01-vs01 s the nme n lik Next. On the Selet version pge, ensure the Distriute swith: rio utton is selete n lik Next. On the Eit settings pge, enter the following vlues n lik Next. Numer of uplinks 2 Network I/O Control Crete efult port group Enle Deselete f On the Rey to omplete pge, review your entries n lik Finish. 3 Eit the settings for the lx01-m01-vs01 istriute swith. Right-lik the lx01-m01-vs01 istriute swith n selet s > Eit s. Clik the Avne t. Enter 9000 s MTU (Bytes) vlue n lik OK. VMwre, In. 31

32 4 Crete port groups in the lx01-m01-vs01 istriute swith for the mngement trffi types. Right-lik the lx01-m01-vs01 istriute swith n selet Distriute Port Group > New Distriute Port Group. Crete port groups with the following settings n lik Next. Port Group Nme Port Bining VLAN Type VLAN ID lx01-m01-vs01-mngement Ephemerl - no ining VLAN 1711 lx01-m01-vs01-vmotion Stti ining VLAN 1712 lx01-m01-vs01-vsn Stti ining VLAN 1713 lx01-m01-vs01-nfs Stti ining VLAN 1715 lx01-m01-vs01-replition Stti ining VLAN 1716 lx01-m01-vs01-ext-mngement Stti ining VLAN 150 lx01-m01-vs01-uplink01 Stti ining VLAN 2714 lx01-m01-vs01-uplink02 Stti ining VLAN 2715 Note The port group for VXLAN trffi is utomtilly rete lter uring the onfigurtion of the NSX Mnger for the mngement luster. On the Rey to omplete pge, review your entries n lik Finish. Repet this step for eh port group. 5 Chnge the port groups to use the Route Bse on Physil NIC Lo teming lgorithm. Right-lik the lx01-m01-vs01 istriute swith n selet Distriute Port Group > Mnge Distriute Port Groups. e On the Selet port group poliies pge, selet Teming n filover n lik Next. Clik the Selet istriute port groups utton, ll port groups exept lx01-m01-vs01- uplink01 n lx01-m01-vs01-uplink02, lik OK, n lik Next. On the Teming n filover pge, selet Route se on physil NIC lo from the Lo lning rop-own menu n lik Next. Clik Finish. 6 Configure the uplinks for the lx01-m01-vs01-uplink01 n lx01-m01-vs01-uplink02 port groups. e f Right-lik the lx01-m01-vs01-uplink01 port group n lik Eit s. Selet Teming n Filover. Move Uplink2 to Unuse uplinks n lik OK. Right-lik the lx01-m01-vs01-uplink02 port group n lik Eit s. Selet Teming n Filover. Move Uplink1 to Unuse uplinks n lik OK. VMwre, In. 32

33 7 Connet the ESXi host lx01m01esx01.lx01.rinpole.lol to the lx01-m01-vs01 istriute swith y migrting its VMkernel n virtul mhine network pters. e f g h i Right-lik the lx01-m01-vs01 istriute swith n lik A n Mnge Hosts. On the Selet tsk pge, selet A hosts n lik Next. On the Selet hosts pge, lik New hosts. In the Selet new hosts ilog ox, selet lx01m01esx01.lx01.rinpole.lol n lik OK. On the Selet hosts pge, lik Next. On the Selet network pter tsks pge, ensure tht Mnge physil pters n Mnge VMkernel pters hek oxes re selete n lik Next. On the Mnge physil network pters pge, lik vmni1 n lik Assign uplink. In the Selet n Uplink for vmni1 ilog ox, selet Uplink2 n lik OK. On the Mnge physil network pters pge, lik Next. 8 Configure the VMkernel network pters. e f g h On the Mnge VMkernel network pters pge, lik vmk0 n lik Assign port group. Selet lx01-m01-vs01-mngement n lik OK. On the Mnge VMkernel network pters pge, lik On this swith n lik New pter. On the A Networking pge, lik Selet n existing network, selet the lx01-m01-vs01- vsn port group, lik OK, n lik Next. On the Port properties pge, selet the vsan hek ox n lik Next. On the IPv4 settings pge, selet Use stti IPv4 settings, enter the IP ress , enter the sunet , n lik Next. Clik Finish. Repet steps 8 to 8f to rete the remining VMkernel network pters. Port Group Port Properties IPv4 Aress Netmsk lx01-m01-vs01-replition vsphere Replition trffi vsphere Replition NFC trffi lx01-m01-vs01-nfs N/A i j On the Anlyze impt pge, lik Next. On the Rey to omplete pge, review your entries n lik Finish. 9 Crete the vmotion VMkernel pter. In the Nvigtor, lik Host n Clusters n expn the lx01m01v01.lx01.rinpole.lol tree. Clik lx01m01esx01.lx01.rinpole.lol. VMwre, In. 33

34 e f g h Clik the Configure t n selet VMkernel pters. Clik the A host networking ion, selet VMkernel Network Apter, n lik Next. On the A Networking pge, lik Selet n existing network, selet the lx01-m01-vs01- vmotion port group, lik OK, n lik Next. On the Port properties pge, selet vmotion from the TCP/IP Stk rop-own menu n lik Next. On the IPv4 settings pge, selet Use stti IPv4 settings, enter the IP ress , enter the sunet , n lik Next. Clik Finish. 10 Configure the MTU on the vmotion VMkernel pter. Selet the vmotion VMkernel pter rete in the previous step n lik Eit s. Clik the NIC s pge. Enter 9000 for the MTU vlue n lik OK. 11 Configure the vmotion TCP/IP stk. Uner Networking, lik TCP/IP onfigurtion. Selet vmotion n lik the Eit ion. Clik Routing, enter for the efult gtewy, n lik OK. 12 Migrte the Mngement Pltform Servies Controller n vcenter Server instnes from the stnr swith to the istriute swith. In the Nvigtor, lik Networking n expn the lx01m01v01.lx01.rinpole.lol tree. Right-lik the lx01-m01-vs01 istriute swith n lik Migrte VMs to Another Network. On the Selet soure n estintion networks pge, rowse the following networks n lik Next. Soure network Destintion network VM Network lx01-m01-vs01-mngement e On the Selet VMs to migrte pge, selet lx01m01ps01.lx01.rinpole.lol, lx01w01ps01.lx01.rinpole.lol, n lx01m01v01.lx01.rinpole.lol, n lik Next. On the Rey to omplete pge, review your entries n lik Finish. VMwre, In. 34

35 13 Define Network I/O Control shres for the ifferent trffi types on the lx01-m01-vs01 istriute swith. Clik the lx01-m01-vs01 istriute swith, lik the Configure t, n lik Resoure Allotion > System trffi. Uner System Trffi, onfigure eh of the following trffi types with the following vlues. Trffi Type Fult Tolerne (FT) Trffi Mngement Trffi NFS Trffi Virtul Mhine Trffi iscsi Trffi vmotion Trffi vsan Trffi vsphere Dt Protetion Bkup Trffi vsphere Replition (VR) Trffi Physil Apter Shres Low Norml High Low Low Low High Low Low 14 Migrte the lst physil pter from the stnr swith to the lx01-m01-vs01 istriute swith. e f g h i j k In the Nvigtor, lik Networking n expn the lx01m01v01.lx01.rinpole.lol tree. Right-lik the lx01-m01-vs01 istriute swith n selet A n Mnge Hosts. On the Selet tsk pge, selet Mnge host networking n lik Next. On the Selet hosts pge, lik Atthe hosts. In the Selet memer hosts ilog ox, selet lx01m01esx01.lx01.rinpole.lol n lik OK. On the Selet hosts pge, lik Next. On the Selet network pter tsks pge, selet Mnge physil pters only n lik Next. On the Mnge physil network pters pge, selet vmni0 n lik Assign uplink. In the Selet n Uplink for vmni0 ilog ox, selet Uplink1, lik OK, n lik Next. On the Anlyze Impt pge, lik Next. On the Rey to omplete pge, lik Finish. 15 Enle vsphere Distriute Swith Helth Chek. In the Nvigtor, lik Networking n expn the lx01m01v01.lx01.rinpole.lol tree. Selet the lx01-m01-vs01 istriute swith n lik the Configure t. In the Nvigtor, selet Helth hek n lik the Eit utton. Selet Enle for VLAN n MTU n Teming n filover n lik OK. VMwre, In. 35

36 16 Delete the vsphere Stnr Swith. In the Nvigtor, lik Hosts n Clusters n expn the lx01m01v01.lx01.rinpole.lol tree. Clik lx01m01esx01.lx01.rinpole.lol n lik the Configure t. On the Configure pge, selet Virtul swithes, selet vswith0, n lik on the Remove selete stnr swith ion. In the Remove Stnr Swith ilog ox, lik Yes to onfirm the removl. Crete vsan Disk Groups for the Mngement Cluster in Region B vsan isk groups must e rete on eh host tht is ontriuting storge to the vsan tstore. 1 Log in to vcenter Server y using the vsphere We Client. Open We rowser n go to Log in using the following reentils. User nme Psswor ministrtor@vsphere.lol vsphere_min_psswor 2 In the Nvigtor, selet Hosts n Clusters n expn the lx01m01v01.lx01.rinpole.lol tree. 3 Clik the lx01-m01-mgmt01 luster n lik the Configure t. 4 Uner VSAN, lik Disk Mngement. 5 Clik lx01m01esx02.lx01.rinpole.lol n lik the Crete New Disk Group ion. 6 In the Crete Disk Group winow, selet flsh isk for the he tier, two hr isk rives for the pity tier n lik OK. 7 Repet Step 5 n Step 6 for lx01m01esx03.lx01.rinpole.lol n lx01m01esx04.lx01.rinpole.lol. 8 Assign liense to vsan. Right lik the lx01-m01-mgmt01 luster n selet Assign Liense. In the lx01-m01-mgmt01 - Assign Liense winow selet the previously e VSAN Liense n lik OK. Enle vsphere HA on the Mngement Cluster in Region B Before reting the host profile for the mngement luster enle vsphere HA. VMwre, In. 36

37 1 Log in to vcenter Server y using the vsphere We Client. Open We rowser n go to Log in using the following reentils. User nme Psswor ministrtor@vsphere.lol vsphere_min_psswor 2 In the Nvigtor pne, lik Hosts n Clusters n expn the lx01m01v01.lx01.rinpole.lol tree. 3 Selet the lx01-m01-mgmt01 luster. 4 Clik the Configure t, lik vsphere Avilility, n lik Eit. 5 In the Eit Cluster s ilog ox, selet the Turn on vsphere HA hek ox. 6 Selet Filures n Responses n selet the following vlues from the rop-own menus. Enle Host Monitoring Host Filure Response Response for Host Isoltion Dtstore with PDL Dtstore with APD VM Monitoring Selete Restrt VMs Power off n restrt VMs Disle Disle VM Monitoring Only 7 Clik Amission Control n enter following settings. Host filures luster tolertes 1 Define host filover pity y Overrie lulte filover pity Cluster resoure perentge Deselete Performne egrtion VMs tolerte 100% 8 Clik OK. Note When you enle vsphere HA, the opertion fils on hosts 2, 3, n 4. The filure is expete s networking is onfigure uring the host profile steps setup. VMwre, In. 37

38 Chnge Avne Options on the ESXi Hosts in the Mngement Cluster in Region B Chnge the efult ESX Amins group to hieve greter levels of seurity n enle vsan to provision the Virtul Mhine swp files s thin to onserve spe in the vsan tstore. 1 Log in to vcenter Server y using the vsphere We Client. Open We rowser n go to Log in using the following reentils. User nme Psswor ministrtor@vsphere.lol vsphere_min_psswor 2 Chnge the efult ESX Amins group. e f In the Nvigtor pne, lik Hosts n Clusters. Expn the entire lx01m01v01.lx01.rinpole.lol vcenter inventory tree, n selet the lx01m01esx01.lx01.rinpole.lol host. Clik the Configure t, lik System > Avne System s. Clik the Eit utton. In the filter ox, enter esxamins n wit for the serh results. Chnge the vlue of Config.HostAgent.plugins.hostsv.esxAminsGroup to SDDC-Amins n lik OK. 3 Provision Virtul Mhine swp files on vsan s thin. e f In the Nvigtor pne, lik Hosts n Clusters. Expn the entire lx01m01v01.lx01.rinpole.lol vcenter inventory tree, n selet the lx01m01esx01.lx01.rinpole.lol host. Clik the Configure t, lik System > Avne System s. Clik the Eit utton. In the filter ox, enter vsn.swp n wit for the serh results. Chnge the vlue of VSAN.SwpThikProvisionDisle to 1 n lik OK. VMwre, In. 38

39 4 Disle the SSH wrning nner. e f In the Nvigtor pne, lik Hosts n Clusters. Expn the entire lx01m01v01.lx01.rinpole.lol vcenter inventory tree, n selet the lx01m01esx01.lx01.rinpole.lol host. Clik the Configure t, lik System > Avne System s. Clik the Eit utton. In the filter ox, enter ssh n wit for the serh results. Chnge the vlue of UserVrs.SuppressShellWrning to 1 n lik OK. Mount NFS Storge for the Mngement Cluster in Region B Mount n NFS tstore s storge lotion for future kups. Crete а new tstore for the lx01-m01-mgmt01 luster. 1 Log in to vcenter Server y using the vsphere We Client. Open We rowser n go to Log in using the following reentils. User nme Psswor ministrtor@vsphere.lol vsphere_min_psswor 2 In the Nvigtor pne, lik Host n Clusters, expn the lx01m01v01.lx01.rinpole.lol tree, n lik lx01m01esx01.lx01.rinpole.lol. 3 Clik Dtstores n lik the Crete New Dtstore ion. The New Dtstore wizr opens. 4 On the Type pge, selet NFS n lik Next. 5 On the Selet NFS version pge, selet NFS 3 n lik Next. 6 On the Nme n onfigurtion pge, enter the following tstore informtion n lik Next. Dtstore Nme Foler lx01-m01-kp01 /VVD_kup01_nfs01_MgmtB_6TB Server On the Rey to omplete pge, review the onfigurtion n lik Finish. VMwre, In. 39

40 Crete n Apply the Host Profile for the Mngement Cluster in Region B Host Profiles ensure tht ll hosts in the luster hve the sme onfigurtion. 1 Log in to vcenter Server y using the vsphere We Client. Open We rowser n go to Log in using the following reentils. User nme Psswor ministrtor@vsphere.lol vsphere_min_psswor 2 Crete Host Profile from lx01m01esx01.lx01.rinpole.lol. In the Nvigtor, selet Hosts n Clusters n expn the lx01m01v01.lx01.rinpole.lol tree. Right-lik the ESXi host lx01m01esx01.lx01.rinpole.lol n selet Host Profiles > Extrt Host Profile. In the Extrt Host Profile winow, enter lx01-m01hp-mgmt01 for the Nme n lik Next. In the Rey to omplete pge, lik Finish. 3 Atth the Host Profile to the mngement luster. In the Nvigtor, selet Hosts n Clusters n expn the lx01m01v01.lx01.rinpole.lol tree. Right-lik on the lx01-m01-mgmt01 luster n selet Host Profiles > Atth Host Profile. In the Atth Host Profile winow, lik the lx01-m01hp-mgmt01 Host Profile, selet the Skip Host Customiztion hek ox, n lik Finish. 4 Crete Host Customiztions profile for the hosts in the mngement luster. e In the Nvigtor, selet Poliies n Profiles. Clik Host Profiles, right-lik lx01-m01hp-mgmt01 n selet Export Host Customiztions. Clik Sve. Selet file lotion to sve the lx01-m01hp-mgmt01_host_ustomiztions.sv file. Open the lx01-m01hp-mgmt01_host_ustomiztions.sv in Exel. VMwre, In. 40

41 f Eit the Exel file to inlue the following vlues. NetStk Instne ESXi Host Ative Diretory Configurtion Psswor Ative Diretory Configurtion Usernme efulttpipstk- >DNS onfigurtion Nme for this host NetStk Instne vmotion->dns onfigurtion lx01m01esx01.lx01.rinpole.lol sv-ominjoin_psswor lx01m01esx01 lx01m01esx01 lx01m01esx02.lx01.rinpole.lol sv-ominjoin_psswor lx01m01esx02 lx01m01esx02 lx01m01esx03.lx01.rinpole.lol sv-ominjoin_psswor lx01m01esx03 lx01m01esx03 lx01m01esx04.lx01.rinpole.lol sv-ominjoin_psswor lx01m01esx04 lx01m01esx04 ESXi Host Host virtul NIC lx01-m01- mgmt01:lx01-m01-mgmt01- mngement:mngement->ip ress settings Host IPv4 ress Host virtul NIC lx01-m01- mgmt01:lx01-m01-mgmt01- mngement:mngement->ip ress settings SunetMsk lx01m01esx01.lx01.rinpole.lol lx01m01esx02.lx01.rinpole.lol lx01m01esx03.lx01.rinpole.lol lx01m01esx04.lx01.rinpole.lol ESXi Host Host virtul NIC lx01-m01- mgmt01:lx01-m01-mgmt01- nfs:<unresolved>->ip ress settings Host IPv4 ress Host virtul NIC lx01-m01- mgmt01:lx01-m01-mgmt01- nfs:<unresolved>->ip ress settings SunetMsk lx01m01esx01.lx01.rinpole.lol lx01m01esx02.lx01.rinpole.lol lx01m01esx03.lx01.rinpole.lol lx01m01esx04.lx01.rinpole.lol ESXi Host Host virtul NIC lx01-m01-mgmt01:lx01-m01-mgmt01- replition:vspherereplition,vspherereplitionnfc- >IP ress settings Host IPv4 ress Host virtul NIC lx01-m01-mgmt0 replition:vspherereplition,vs >IP ress settings SunetMsk lx01m01esx01.lx01.rinpole.lol lx01m01esx02.lx01.rinpole.lol lx01m01esx03.lx01.rinpole.lol lx01m01esx04.lx01.rinpole.lol VMwre, In. 41

42 ESXi Host Host virtul NIC lx01-m01- mgmt01:lx01-m01-mgmt01- vsn:vsn->ip ress settings Host IPv4 ress Host virtul NIC lx01-m01- mgmt01:lx01-m01-mgmt01- vsn:vsn->ip ress settings SunetMsk lx01m01esx01.lx01.rinpole.lol lx01m01esx02.lx01.rinpole.lol lx01m01esx03.lx01.rinpole.lol lx01m01esx04.lx01.rinpole.lol ESXi Host Host virtul NIC lx01-m01- mgmt01:lx01-m01-mgmt01- vmotion:vmotion->ip ress settings Host IPv4 ress Host virtul NIC lx01-m01- mgmt01:lx01-m01-mgmt01- vmtotion:vmotion->ip ress settings SunetMsk lx01m01esx01.lx01.rinpole.lol lx01m01esx02.lx01.rinpole.lol lx01m01esx03.lx01.rinpole.lol lx01m01esx04.lx01.rinpole.lol g h i j k When you hve upte the Exel file, sve it in the CSV file formt n lose Exel. Selet the lx01-m01hp-mgmt01 host profile n Clik the Configure t. Clik the Eit Host Customiztions utton. In the Eit Host Customiztions winow, selet ll hosts n lik Next. On the Customize hosts pge, lik the Browse utton, selet the ustomiztion CSV file you rete previously, n lik Finish. 5 Remeite the hosts in the mngement luster. Clik the Monitor t n lik Compline. Selet lx01-m01-mgmt01 n lik the Chek Host Profile Compline utton. Note This ompline test shows tht the first host is Complint, ut the other hosts re Not Complint. Clik eh of the non-omplint hosts, lik Remeite host se on its host profile ion, n then lik Finish on the wizr tht ppers. All hosts shoul show Complint sttus in the Host Compline olumn. 6 Sheule nightly ompline heks. On the Poliies n Profiles pge, lik lx01-m01hp-mgmt01, lik the Monitor t, n lik the Sheule Tsks sut. Clik Sheule New Tsk n lik Chek Host Profile Compline. In the Chek Host Profile Compline (sheule) winow, lik Sheuling Options. VMwre, In. 42

43 e f g Enter lx01-m01hp-mgmt01 Compline Chek in the Tsk Nme text ox. Clik the Chnge utton on the Configure Sheuler line. In the Configure Sheuler winow, selet Setup reurring sheule for this tion n hnge the Strt time to 10:00 PM n lik OK. Clik OK in the Chek Host Profile Compline (sheule) winow. Set Virtul SAN Poliy on Mngement Virtul Mhines in Region B After you pply the host profile to ll hosts, set the storge poliy of the mngement virtul mhines to the efult Virtul SAN storge poliy. Set the Pltform Servies Controller n vcenter Server pplines to the efult vsan storge poliy. 1 Log in to vcenter Server y using the vsphere We Client. Open We rowser n go to Log in using the following reentils. User nme Psswor ministrtor@vsphere.lol vsphere_min_psswor 2 In the Nvigtor pne, lik Hosts n Clusters. 3 Expn the lx01m01v01.lx01.rinpole.lol tree n selet the lx01m01ps01 virtul mhine. 4 Clik the Configure t, lik Poliies, n lik Eit VM Storge Poliies. 5 In the Eit VM Storge Poliies ilog ox, from the VM storge poliy rop-own menu, selet vsan Defult Storge Poliy, n lik Apply to ll. 6 Clik OK to pply the hnges. 7 Verify tht the Compline Sttus olumn shows Complint sttus for ll items in the tle. 8 Repet this step to pply the vsan efult storge poliy on lx01w01ps01 n lx01m01v01 virtul mhines. Crete the VM n Templte Folers in Region B Crete folers to group ojets of the sme type for esier mngement. VMwre, In. 43

44 1 Log in to vcenter Server y using the vsphere We Client. Open We rowser n go to Log in using the following reentils. User nme Psswor ministrtor@vsphere.lol vsphere_min_psswor 2 Crete foler for eh of the mngement pplitions. In the Nvigtor pne, lik VMs n Templtes n expn the lx01m01v01.lx01.rinpole.lol tree. Right-lik the lx01-m01 t enter n selet New Foler > New VM n Templte Foler. In the New Foler ilog ox, enter lx01-m01f-mgmt s nme for the foler, n lik OK. Repet this step to rete the remining folers. Mngement Applitions vcenter Server, Pltform Servies Controllers, n Upte Mnger Downlo Servie vrelize Automtion, vrelize Orhestrtor, n vrelize Business vrelize Automtion (Proxy Agent) n vrelize Business (Dt Colletor) vrelize Opertions Mnger vrelize Opertions Mnger (Remote Colletors) vrelize Log Insight NSX Mnger, Controllers, n Eges VMwre Site Reovery Mnger n vsphere Dt Protetion Foler lx01-m01f-mgmt lx01-m01f-vr lx01-m01f-vris lx01-m01f-vrops lx01-m01f-vropsr lx01-m01f-vrli lx01-m01f-nsx lx01-m01f-r 3 Move the vcenter Server n Pltform Servies Controller virtul mhines to the lx01-m01f-mgmt foler. In the Nvigtor pne, lik VMs n Templtes. Expn the lx01m01v01.lx01.rinpole.lol tree. Expn the Disovere Virtul Mhines foler. Drg lx01m01v01,, n lx01m01ps01 to the lx01-m01f-mgmt foler. VMwre, In. 44

45 4 Delete the Disovere Virtul Mhines foler. In the Nvigtor pne, lik VMs n Templtes. Expn the lx01m01v01.lx01.rinpole.lol tree. Right lik the Disovere Virtul Mhines foler n selet Remove from Inventory. Crete Anti-Affinity Rules for the Pltform Servies Controllers in Region B Anti-Affinity rules prevent virtul mhines from running on the sme host. This helps to mintin reunny in the event of host filures. 1 Log in to vcenter Server y using the vsphere We Client. Open We rowser n go to Log in using the following reentils. User nme Psswor ministrtor@vsphere.lol vsphere_min_psswor 2 In the Nvigtor pne, selet Hosts n Clusters n expn the lx01m01v01.lx01.rinpole.lol tree. 3 Selet the lx01-m01-mgmt01 luster n lik the Configure t. 4 On the Configure pge, lik VM/Host Rules. 5 On the VM/Host Rules pge, lik the A utton to rete new VM/Hosts Rule. 6 In the Crete VM/Host Rule ilog ox, enter the following etils n lik A. Nme Enle rule Type nti-ffinity-rule-ps Selete Seprte Virtul Mhines 7 In the A Rule Memer ilog ox, selet lx01m01ps01 n lx01w01ps01 n lik OK. 8 Clik OK to rete the rule. Crete VM Groups to Define Strtup Orer in the Mngement Cluster in Region B VM Groups llow you to efine the strtup orer of virtul mhines. Strtup orers re use uring vsphere HA events suh tht vsphere HA powers on virtul mhines in the orret orer. VMwre, In. 45

46 1 Log in to vcenter Server y using the vsphere We Client. Open We rowser n go to Log in using the following reentils. User nme Psswor ministrtor@vsphere.lol vsphere_min_psswor 2 In the Nvigtor selet Hosts n Clusters n expn the lx01m01v01.lx01.rinpole.lol tree. 3 Crete VM Group for the Pltform Servies Controllers. e f Selet the lx01-m01-mgmt01 luster n lik Configure. On the Configure pge, lik VM/Host Groups. On the VM/Host Groups pge, lik the A utton. In the Crete VM/Host Group ilog ox, enter Pltform Servies Controllers in the Nme text ox, selet VM Group from the Type rop-own menu, n lik the A utton. In the A VM/Host Group Memer ilog ox, selet lx01m01ps01 n lx01w01ps01 n lik OK. On the Crete VM/Host Group ilog ox, lik OK. 4 Crete VM Group for the vcenter Server virtul mhine. e f Selet the lx01-m01-mgmt01 luster n lik Configure. On the Configure pge, lik VM/Host Groups. On the VM/Host Groups pge, lik the A utton. In the Crete VM/Host Group ilog ox, enter vcenter Servers in the Nme text ox, selet VM Group from the Type rop-own, n lik the A utton. In the A VM/Host Group Memer ilog ox, selet lx01m01v01 n lik OK. On the Crete VM/Host Group ilog ox, lik OK. 5 Crete Rule to power on the Pltform Servies Controllers followe y vcenter Servers. Selet the lx01-m01-mgmt01 luster n lik Configure. On the Configure pge, lik VM/Host Rules. On the VM/Host Rules pge, lik the A utton. VMwre, In. 46

47 e f In the Crete VM/Host Rule ilog ox, enter SDDC Mngement Virtul Mhines in the Nme text ox, ensure tht the Enle rule hek ox is selete, n selet Virtul Mhines to Virtul Mhines from the Type rop-own. Selet Pltform Servies Controllers from the First restrt VMs in VM group rop-own. Selet vcenter Servers from the Then restrt VMs in VM group n lik OK. Deploy n Configure the Mngement Cluster NSX Instne in Region B This esign uses two seprte NSX instnes per region. One instne is tie to the Mngement vcenter Server, n the other instne is tie to the Compute vcenter Server. Deploy n onfigure the NSX instne for the mngement luster in Region B. 1 Prerequisites for Implementtion of the Mngement NSX Instne in Region B Before you eploy the NSX Components of the Mngement Cluster in Region B, verify tht your environment stisfies the requirements for this eployment. 2 Deploy the NSX Mnger for the Mngement Cluster NSX Instne in Region B For every NSX Mnger instne there is one onnete vcenter Server. Deploy the NSX Mnger virtul ppline n onnet it to the vcenter Server. 3 Join the Mngement NSX Mnger to the Primry NSX Instne in Region B Join the seonry NSX instne to the respetive primry instne. 4 Prepre the ESXi Hosts in the Mngement Cluster for NSX in Region B NSX kernel moules pkge in VIB files run within the hypervisor kernel n provie servies suh s istriute routing, istriute firewll, n VXLAN riging pilities. To use NSX, you must instll the NSX kernel moules on the ESXi hosts. 5 Configure the NSX Logil Network for the Mngement Cluster in Region B After ll the eployment tsks re omplete, you onfigure the NSX logil network. 6 Upte the Host Profile for the Mngement Cluster in Region B After you onfigure NSX logil networking on the hosts, upte the host profile of the mngement luster n remeite the hosts to lign their onfigurtion. 7 Deploy the Pltform Servies Controllers Lo Blner in Region B Configure lo lning for ll servies n omponents relte to Pltform Servies Controllers (PSC) using n NSX Ege lo lner. 8 Configure NSX Dynmi Routing in the Mngement Cluster in Region B NSX for vsphere retes network virtuliztion lyer on top of whih ll virtul networks re rete. This lyer is n strtion etween the physil n virtul networks. You onfigure NSX ynmi routing within the mngement luster, eploying two NSX Ege evies n onfigure Universl Distriute Logil Router (UDLR). VMwre, In. 47

48 9 Upte Distriute Firewll for Region B After eploying the vcenter Server you must it to the istriute firewll exlusion list. 10 Test the Mngement Cluster NSX Configurtion in Region B Test the onfigurtion of the NSX logil network using ping test. A ping test heks if two hosts in network n reh eh other. 11 Test the Mngement Clusters Routing Filover After the lusters re fully onfigure in Region A n Region B, you verify tht the network onnetivity etween the regions works s expete. 12 Deploy Applition Virtul Networks in Region B Deploy the pplition virtul networks for the region. 13 Deploy the NSX Lo Blner in Region B Deploy lo lner for use y mngement pplitions onnete to the pplition virtul network Mgmt-xRegion01-VXLAN. Prerequisites for Implementtion of the Mngement NSX Instne in Region B Before you eploy the NSX Components of the Mngement Cluster in Region B, verify tht your environment stisfies the requirements for this eployment. IP Aresses n Host Nmes Verify tht stti IP resses n FQDNs for the mngement networks re ville for the SDDC eployment. Allote stti IP resses n FQDNs for the NSX Mnger, NSX Controller noes, n omponents. Tle 2 7. Network Nmes for SDDC Components NSX Mnger Region B NSX Mnger NSX Controllers Network lx01-m01-vs01-mngement lx01-m01-vs01-mngement Tle 2 8. IP Aresses n Host Nmes for the NSX Components in Region B Role IP Aress FQDN NSX Mnger lx01m01nsx01.lx01.rinpole.lol Ege Servies Gtewy lx01m01esg01.lx01.rinpole.lol Ege Servies Gtewy lx01m01esg02.lx01.rinpole.lol VMwre, In. 48

49 Tle 2 8. IP Aresses n Host Nmes for the NSX Components in Region B (Continue) Role IP Aress FQDN Universl Distriute Logil Router sfo01m01ulr01.sfo01.rinpole.lol Applition Lo Blner lx01m01l01.lx01.rinpole.lol PSC Lo Blner lx01ps01.lx01.rinpole.lol Sunet msk DNS Gtewy NTP servers ntp.lx01.rinpole.lol Deployment Prerequisites Verify tht your environment stisfies the following prerequisites for the eployment of NSX Mnger n Components. Prerequisite Storge Virtul isk provisioning. Thin Require storge per NSX Mnger: Initil storge for the NSX Mnger: 60 GB Require storge per NSX Controller noes n Components. Storge requirement: 240 GB Softwre Fetures Verify tht mngement vcenter Server is opertionl. Instlltion Pkge Downlo the.iso file for the NSX Mnger. Liense Verify tht you hve otine NSX liense with quntity tht stisfies the requirements of this esign. Ative Diretory Verify tht you hve prent tive iretory with the SDDC user roles onfigure for the rinpole.lol omin. sv-nsxmnger(user Role) Certifite Authority Configure the root Ative Diretory omin ontroller s ertifite uthority for the environment. Downlo the CertGenVVD tool n generte the signe ertifite for the NSX Mnger. See the VMwre Vlite Design Plnning n Preprtion oumenttion. Deploy the NSX Mnger for the Mngement Cluster NSX Instne in Region B For every NSX Mnger instne there is one onnete vcenter Server. Deploy the NSX Mnger virtul ppline n onnet it to the vcenter Server. VMwre, In. 49

50 Deploy the NSX Mnger Appline in Region B Deploy the NSX Mnger ppline from the OVA file. 1 Log in to the Mngement vcenter Server y using the vsphere We Client. Open We rowser n go to Log in using the following reentils. User nme Psswor ministrtor@vsphere.lol vsphere_min_psswor 2 In the Nvigtor, expn the entire lx01m01v01.lx01.rinpole.lol tree. 3 Right-lik the lx01-m01-mgmt01 luster n lik Deploy OVF Templte. 4 On the Selet templte pge, lik the Browse utton, selet the VMwre NSX Mnger.ov file, n lik Next. 5 On the Selet nme n lotion pge, enter the following settings n lik Next. Nme Selet t enter or foler lx01m01nsx01 lx01-m01f-nsx 6 On the Selet resoure pge, selet the following vlues n lik Next. Cluster lx01-m01-mgmt01 7 On the Review etils pge, lik Next. 8 On the Aept liense greements pge, lik Aept n lik Next. 9 On the Selet storge pge, enter the following settings n lik Next. Selet virtul isk formt VM storge poliy Dtstore Thin provision vsan Defult Storge Poliy lx01-m01-vsn01 10 On the Setup networks pge, uner Destintion Network, selet lx01-m01-vs01- mngement n lik Next. VMwre, In. 50

51 11 On the Customize templte pge, expn ll options, enter the following settings, n lik Next. DNS Server List , Domin Serh List lx01.rinpole.lol Defult IPv4 Gtewy Hostnme lx01m01nsx01.lx01.rinpole.lol Network 1 IPv4 Aress Network 1 Netmsk Enle SSH NTP Server List CLI "min" User Psswor / enter CLI "min" User Psswor / onfirm CLI uiontrol Moe Psswor / enter CLI uiontrol Moe Psswor / onfirm VMwre Customer Experiene Improvement Progrm Selete ntp.lx01.rinpole.lol,ntp.sfo01.rinpole.lol mgmtnsx_min_psswor mgmtnsx_min_psswor mgmtnsx_privilege_psswor mgmtnsx_privilege_psswor Selete 12 On the Rey to Complete pge, lik Finish. 13 After the eployment ompletes, expn the entire lx01m01v01.lx01.rinpole.lol tree, selet the virtul mhine lx01m01nsx01, n lik Power on. Reple the Certifite of NSX Mnger for the Mngement Cluster in Region B After eployment of the NSX Mnger for the mngement luster, reple the efult ertifite. NSX Mnger n ommunite with the other mngement solutions over truste onnetion. Tle 2 9. Certifite-Relte Files on the NSX Mnger Instne for the Mngement Cluster in Region B NSX Mnger FQDN lx01m01nsx01.lx01.rinpole.lol Certifite filenme lx01m01nsx01.4.p12 Prerequisites CA-signe ertifite files generte y using VMwre Vlite Design Certifite Genertion Utility (CertGenVVD). See the VMwre Vlite Design Plnning n Preprtion oumenttion. VMwre, In. 51

52 1 Log in to the ppline interfe of NSX Mnger for the mngement luster. Open We rowser n go to Log in using the following reentils. User nme Psswor min nsx_mnger_min_psswor 2 On the Home pge, selet Mnge Appline s. 3 On the Mnge t, lik SSL Certifites n lik Uplo PKSCS#12 Keystore. 4 Browse to the ertifite hin file lx01m01nsx01.4.p12, provie the keystore psswor or pssphrse, n lik Import. 5 Restrt the NSX Mnger to propgte the CA-signe ertifite. In the top right orner of the NSX Mnger pge, lik the s ion. From the rop-own menu, selet Reoot Appline. On the Reoot Confirmtion ilog ox, lik Yes. Connet NSX Mnger to the Mngement vcenter Server in Region B After you eploy the NSX Mnger virtul ppline, onnet the NSX Mnger to the vcenter Server. 1 Log in to the ppline interfe of NSX Mnger for the mngement luster. Open We rowser n go to Log in using the following reentils. User nme Psswor min nsx_mnger_min_psswor 2 Clik Mnge vcenter Registrtion. 3 Uner Lookup Servie, lik Eit. 4 In the Lookup Servie ilog ox, enter the following settings n lik OK. Lookup Servie Host lx01ps01.lx01.rinpole.lol Lookup Servie Port 443 SSO Aministrtor User Nme Psswor ministrtor@vsphere.lol vsphere_min_psswor VMwre, In. 52

53 5 In the Trust Certifite? ilog ox, lik Yes. 6 Uner vcenter Server, lik Eit. 7 In the vcenter Server ilog ox, enter the following settings n lik OK. vcenter Server vcenter User Nme Psswor lx01m01v01.lx01.rinpole.lol sv-nsxmnger@rinpole.lol sv-nsxmnger_psswor 8 In the Trust Certifite? ilog ox, lik Yes. 9 Wit for the Sttus initors for the Lookup Servie n vcenter Server to hnge to Connete sttus. Assign Aministrtive Aess to NSX in Region B Assign the NSX Enterprise Aministrtor Role. 1 Log in to the vcenter Server y using the vsphere We Client. Open We rowser n go to Log in using the following reentils. User nme Psswor sv-nsxmnger@rinpole.lol sv-nsxmnger_psswor 2 In the Nvigtor, lik Networking & Seurity n lik Users n Domins. 3 Uner NSX Mngers, lik the instne. 4 Clik the A ion. 5 On the Ientify User pge, selet the Speify vcenter user rio utton, enter ministrtor@vsphere.lol in the text ox, n lik Next. 6 On the Selet Roles pge, selet the Enterprise Aministrtor rio utton n lik Finish. Join the Mngement NSX Mnger to the Primry NSX Instne in Region B Join the seonry NSX instne to the respetive primry instne. VMwre, In. 53

54 1 Log in to vcenter Server y using the vsphere We Client. Open We rowser n go to Log in using the following reentils. User nme Psswor ministrtor@vsphere.lol vsphere_min_psswor 2 Assign the seonry role to the mngement NSX Mnger in Region B. e Uner Inventories, lik Networking & Seurity. In the Nvigtor, lik Instlltion n Upgre. On the Mngement t, selet the primry instne. Selet Ations > A Seonry Mnger. In the A Seonry Mnger ilog ox, enter the following settings n lik OK. NSX Mnger User nme Psswor Confirm Psswor min mgmtnsx_min_psswor mgmtnsx_min_psswor f When the Thumprint onfirmtion ppers, lik Aept. Prepre the ESXi Hosts in the Mngement Cluster for NSX in Region B NSX kernel moules pkge in VIB files run within the hypervisor kernel n provie servies suh s istriute routing, istriute firewll, n VXLAN riging pilities. To use NSX, you must instll the NSX kernel moules on the ESXi hosts. VMwre, In. 54

55 1 Log in to vcenter Server y using the vsphere We Client. Open We rowser n go to Log in using the following reentils. User nme Psswor ministrtor@vsphere.lol vsphere_min_psswor 2 In the Nvigtor, lik Networking & Seurity. 3 Clik Instlltion n Upgre n lik the Host Preprtion t. 4 Selet from the NSX Mnger rop-own menu. 5 Uner NSX Component Instlltion on Hosts, lik Ations, then lik Instll for the lx01-m01- mgmt01 luster, n lik Yes in the onfirmtion ilog ox. 6 Verify tht the Instlltion Sttus olumn isplys the NSX version for ll hosts in the luster, onfirming tht the NSX kernel moules re suessfully instlle. Configure the NSX Logil Network for the Mngement Cluster in Region B After ll the eployment tsks re omplete, you onfigure the NSX logil network. To onfigure the NSX logil network, perform the following tsks: Configure the Segment ID llotion. Configure the VXLAN networking. Configure the trnsport zone. 1 Log in to vcenter Server y using the vsphere We Client. Open We rowser n go to Log in using the following reentils. User nme Psswor ministrtor@vsphere.lol vsphere_min_psswor VMwre, In. 55

56 2 Configure the Segment ID llotion. In the Nvigtor, lik Networking & Seurity. Clik Instlltion n Upgre n selet from the NSX Mnger rop-own menu. Clik the Logil Network s t n nvigte to VXLAN s > Segment IDs. Clik Eit, enter the following settings, n lik OK. Note Universl Segment ID pool popultes utomtilly from the primry NSX Mnger Segment ID pool Enle Multist ressing Selete Multist resses Configure the VXLAN networking. Clik the Host Preprtion t. Uner VXLAN, lik Not Configure on the lx01-m01-mgmt01 row, enter the following vlues, n lik OK. Swith lx01-m01-vs01 VLAN 3019 MTU 9000 VMKNi IP Aressing VMKNi Teming Poliy Use DHCP Lo Blne - SRCID VTEP 2 4 Configure the trnsport zone. On the Instlltion n Upgre pge, lik the Logil Network s t n lik Trnsport Zones. Selet from the NSX Mnger rop-own menu. Selet the Mgmt Universl Trnsport Zone n lik the Connet Clusters ion. In the Connet Clusters ilog ox, selet lx01-m01-mgmt01 n lik OK. Upte the Host Profile for the Mngement Cluster in Region B After you onfigure NSX logil networking on the hosts, upte the host profile of the mngement luster n remeite the hosts to lign their onfigurtion. VMwre, In. 56

57 1 Log in to the Mngement vcenter Server y using the vsphere We Client. Open We rowser n go to Log in using the following reentils. User nme Psswor ministrtor@vsphere.lol vsphere_min_psswor 2 Upte the host profile. In the Nvigtor, selet Poliies n Profiles. Clik Host Profiles, right-lik lx01-m01hp-mgmt01, n selet Copy settings from Host. Selet lx01m01esx01.lx01.rinpole.lol n lik OK. 3 Verify ompline n remeite the hosts. On the Poliies n Profiles pge, selet the lx01-m01-mgmt01 host profile. On the Monitor t, lik the Compline t. Selet lx01-m01-mgmt01 in the Host/Cluster olumn n lik Chek Host Profile Compline. This ompline test shows tht the first host is Complint, ut the other hosts re Not Complint. e f Clik eh of the non-omplint hosts n lik Remeite Hosts Bse on its Host Profile. In the Remeite Hosts Bse on its Host Profile wizr, enter Host Nme if prompte for NetStk Instne vxln->dns onfigurtion n lik Next. On the Rey to omplete pge, lik Finish. All hosts show Complint sttus in the Host Compline olumn. Deploy the Pltform Servies Controllers Lo Blner in Region B Configure lo lning for ll servies n omponents relte to Pltform Servies Controllers (PSC) using n NSX Ege lo lner. 1 Deploy the Pltform Servies Controllers NSX Lo Blner in Region B The first step in eploying lo lning for the Pltform Servies Controllers is to eploy the ege servies gtewy. VMwre, In. 57

58 2 Crete Pltform Servies Controller Applition Profiles in Region B Crete n pplition profile to efine the ehvior of prtiulr type of network trffi. After onfiguring profile, you ssoite the profile with virtul server. The virtul server then proesses trffi oring to the vlues speifie in the profile. Using profiles enhnes your ontrol over mnging network trffi, n mkes trffi-mngement tsks esier n more effiient. 3 Crete Pltform Servies Controller Server Pools in Region B On the Pltform Servies Controller lo lner, rete two server pools tht ontin the Pltform Servies Controller instnes for the mngement n for the shre ege n ompute lusters. The first server pool hnles SSL requests from the vsphere We Client on port 443 n the seon hnles requests to the VMwre Diretory servie on port Crete Pltform Servies Controller Virtul Servers in Region B After you set up lo lning, the NSX lo lner istriutes network trffi ross multiple servers. When virtul server reeives request, the NSX lo lner selets the pproprite pool to sen trffi to. You rete virtul servers for ll the onfigure server pools. 5 Upte DNS Reors for the Pltform Servies Controller Lo Blner in Region B You must moify the DNS Aress in Region B fter setting up lo lning. Deploy the Pltform Servies Controllers NSX Lo Blner in Region B The first step in eploying lo lning for the Pltform Servies Controllers is to eploy the ege servies gtewy. 1 Log in to the Mngement vcenter Server y using the vsphere We Client. Open We rowser n go to Log in using the following reentils. User nme Psswor ministrtor@vsphere.lol vsphere_min_psswor 2 Clik Networking & Seurity. 3 In the Nvigtor, lik NSX Eges. 4 Selet from the NSX Mnger rop-own menu. 5 Clik the A ion to rete n NSX Ege. The New NSX Ege wizr ppers. VMwre, In. 58

59 6 On the Nme n esription pge, enter the following settings n lik Next. Instll Type Nme Hostnme Deploy NSX EDGE Enle High Avilility Enle HA Logging Log Level Ege Servies Gtewy lx01ps01 lx01ps01.lx01.rinpole.lol Selete Selete Selete INFO 7 On the s pge, enter the following settings n lik Next. User Nme Psswor Enle SSH ess Enle FIPS moe Enle uto rule genertion Ege Control Level logging min ege_min_psswor Selete Deselete Selete INFO 8 On the Configure eployment pge, perform the following onfigurtion steps n lik Next. Selet lx01-m01 from the Dtenter rop-own menu. Clik Lrge to speify the Appline Size. Clik the A ion, enter the following settings, n lik OK. Resoure pool Dtstore Foler Resoure Reservtion lx01-m01-mgmt01 lx01-m01-vsn01 lx01-m01f-nsx System Mnge To rete seon ppline, lik the A ion gin, mke the sme seletions in the New NSX Appline ilog ox, lik OK, n then lik Next. 9 On the Configure Interfes pge, lik the A ion to onfigure the lx01ps01 interfe, enter the following settings, lik OK, n lik Next. Nme Type lx01ps01 Internl VMwre, In. 59

60 Connete To Connetivity Sttus lx01-m01-vs01-mngement Connete Primry IP Aress Sunet Prefix Length 24 MTU 9000 Sen ICMP Reiret Selete 10 On the Defult gtewy settings pge, lik Next. 11 On the Firewll n HA pge, selet the following settings n lik Next. Configure Firewll efult poliy Defult Trffi Poliy Logging vnic Selete Aept Disle ny Delre De Time On the Rey to omplete pge, review the onfigurtion settings you entere n lik Finish. 13 Enle HA logging. e f In the Nvigtor, lik NSX Eges. Selet from the NSX Mnger rop-own menu. Doule-lik the evie lele lx01ps01. Clik the Mnge t n lik the s t. Clik Chnge in the HA Configurtion winow. Selet the Enle Logging hek ox n lik OK. 14 Configure the Defult Gtewy. e f g In the Nvigtor, lik NSX Eges. Selet from the NSX Mnger rop-own menu. Doule-lik the evie lele lx01ps01. Clik the Mnge t n lik the Routing t. Clik Eit to onfigure the Defult Gtewy. In the Eit Defult Gtewy ilog ox, enter for the Gtewy IP n lik OK. Clik Pulish Chnges. VMwre, In. 60

61 15 Enle the Lo Blner servie. e f In the Nvigtor, lik NSX Eges. Selet from the NSX Mnger rop-own menu. Doule-lik the evie lele lx01ps01. Clik the Mnge t n lik the Lo Blner t. Clik Glol Configurtion n lik Eit. In the Eit lo lner glol onfigurtion ilog ox, selet Enle Lo Blner n lik OK. Crete Pltform Servies Controller Applition Profiles in Region B Crete n pplition profile to efine the ehvior of prtiulr type of network trffi. After onfiguring profile, you ssoite the profile with virtul server. The virtul server then proesses trffi oring to the vlues speifie in the profile. Using profiles enhnes your ontrol over mnging network trffi, n mkes trffi-mngement tsks esier n more effiient. 1 Log in to the Mngement vcenter Server y using the vsphere We Client. Open We rowser n go to Log in using the following reentils. User nme Psswor ministrtor@vsphere.lol vsphere_min_psswor 2 Clik Networking & Seurity. 3 In the Nvigtor, lik NSX Eges. 4 From the NSX Mnger rop-own menu, selet s the NSX Mnger n oule-lik the lx01ps01 NSX Ege to mnge its network settings. 5 Clik the Mnge t, lik Lo Blner n selet Applition Profiles. 6 Clik the A ion n in the New Profile ilog ox, enter the following vlues n lik OK. Nme ps-tp ps-https Type TCP HTTPS Enle SSL Pssthrough Deselete Selete Persistene Soure IP Soure IP Expires in (Seons) VMwre, In. 61

62 7 Clik OK to sve the onfigurtion. Crete Pltform Servies Controller Server Pools in Region B On the Pltform Servies Controller lo lner, rete two server pools tht ontin the Pltform Servies Controller instnes for the mngement n for the shre ege n ompute lusters. The first server pool hnles SSL requests from the vsphere We Client on port 443 n the seon hnles requests to the VMwre Diretory servie on port 389. Repet this proeure to rete two server pools. Use the vlues inite in the proeure to rete the first n seon server pools. 1 Log in to the Mngement vcenter Server y using the vsphere We Client. Open We rowser n go to Log in using the following reentils. User nme Psswor ministrtor@vsphere.lol vsphere_min_psswor 2 Clik Networking & Seurity. 3 In the Nvigtor, lik NSX Eges. 4 From the NSX Mnger rop-own menu, selet s the NSX Mnger n oule-lik the lx01ps01 NSX Ege to mnge its network settings. 5 Clik the Mnge t, lik Lo Blner, n selet Pools. 6 Clik the A ion, n in the New Pool ilog ox, enter the following vlues. Nme ps-https-443 ps-tp-389 Algorithm ROUND-ROBIN ROUND-ROBIN Monitors efult-tp-monitor efult-tp-monitor 7 New Memers ilog ox, lik the A ion to the first pool memer. 8 In the New Memer ilog ox, enter the following vlues n lik OK. s for First Server Pool s for Seon Server Pool Nme lx01m01ps01 lx01m01ps01 IP Aress/VC Continer lx01m01ps01.lx01.rinpole.lol lx01m01ps01.lx01.rinpole.lol Stte Enle Enle Port VMwre, In. 62

63 s for First Server Pool s for Seon Server Pool Monitor Port Weight Uner Memers, lik the A ion to the seon pool memer. 10 In the New Memer ilog ox, enter the following vlues, lik OK, n lik OK to sve the PSC server pools. s for First Server Pool s for Seon Server Pool Nme lx01w01ps01 lx01w01ps01 IP Aress/VC Continer lx01w01ps01.lx01.rinpole.lol lx01w01ps01.lx01.rinpole.lol Stte Enle Enle Port Monitor Port Weight Repet the proeure to rete the remining server pool. Crete Pltform Servies Controller Virtul Servers in Region B After you set up lo lning, the NSX lo lner istriutes network trffi ross multiple servers. When virtul server reeives request, the NSX lo lner selets the pproprite pool to sen trffi to. You rete virtul servers for ll the onfigure server pools. 1 Log in to the Mngement vcenter Server y using the vsphere We Client. Open We rowser n go to Log in using the following reentils. User nme Psswor ministrtor@vsphere.lol vsphere_min_psswor 2 Clik Networking & Seurity. 3 In the Nvigtor, lik NSX Eges. 4 From the NSX Mnger rop-own menu, selet s the NSX Mnger n oule-lik the lx01ps01 NSX Ege to mnge its network settings. 5 Clik the Mnge t, lik Lo Blner, n selet Virtul Servers. VMwre, In. 63

64 6 Clik the A ion, n in the New Virtul Server ilog ox, onfigure the vlues for the virtul server you re ing, n lik OK. Enle Virtul server Selete Selete Applition Profile ps-tp ps-https Nme ps-tp-389 ps-https-443 Desription 389-LDAP,2012-Control Interfe,2014-RPC Port,2020- Authentition,636-SSL LDAP Dt from the vsphere We Client IP Aress Protool TCP HTTPS Port 389,636,2012,2014, Defult Pool ps-tp-389 ps-https Repet Step 6 to rete virtul server for eh omponent. Upon ompletion, verify tht you hve suessfully entere the virtul server nmes n their respetive onfigurtion vlues. Upte DNS Reors for the Pltform Servies Controller Lo Blner in Region B You must moify the DNS Aress in Region B fter setting up lo lning. For the Pltform Servies Controller Lo Blner, you eit the DNS entry of lx01ps01.lx01.rinpole.lol to point to the virtul IP ress (VIP) of the Lo Blner ( ) inste of pointing to the IP ress of lx01m01ps01. 1 Log in to DNS server tht resies in the lx01.rinpole.lol omin. 2 Open the Winows Strt menu, enter ns in the Serh text ox, n press Enter. The DNS Mnger ilog ox ppers. 3 In the DNS Mnger ilog ox, uner Forwr Lookup Zones, selet the lx01.rinpole.lol omin n lote the lx01ps01 reor on the right. 4 Doule-lik the lx01ps01 reor, hnge the IP ress of the reor from to , n lik OK. Fully Qulifie omin nme (FQDN) lx01ps01.lx01.rinpole.lol IP Aress Upte Assoite Pointer (PTR) reor Selete VMwre, In. 64

65 Configure NSX Dynmi Routing in the Mngement Cluster in Region B NSX for vsphere retes network virtuliztion lyer on top of whih ll virtul networks re rete. This lyer is n strtion etween the physil n virtul networks. You onfigure NSX ynmi routing within the mngement luster, eploying two NSX Ege evies n onfigure Universl Distriute Logil Router (UDLR). 1 Deploy NSX Ege Devies for North-South Routing in Region B You eploy two NSX Ege evies for North-South Routing. 2 Disle the Firewll Servie in Region B Disle the firewll of the NSX Ege evies. This is require for equl-ost multi-pth (ECMP) to operte orretly. Perform this proeure for eh NSX Ege evie. 3 Enle n Configure Routing in Region B Enle the Borer Gtewy Protool (BGP) to exhnge routing informtion etween the NSX Ege servies gtewys in network of utonomous systems (AS). 4 Verify Peering of Upstrem Swithes n Estlishment of BGP in Region B The NSX Ege evies must estlish onnetion to eh of its upstrem BGP swithes efore BGP uptes n e exhnge. Verify tht the NSX Ege evies re suessfully peering n tht BGP routing hs een estlishe. 5 Configure Universl Distriute Logil Router for Dynmi Routing in Region B Configure the universl istriute logil router (UDLR) to use ynmi routing in Region B. 6 Verify Estlishment of BGP for the Universl Distriute Logil Router in Region B Verify tht the UDLR is suessfully peering n BGP routing hs een estlishe. 7 Configure Stti Routes on the Universl Distriute Logil Router in Region B Configure the universl istriute logil router (UDLR) to use stti routes for routing to the mngement servers in Region B. Deploy NSX Ege Devies for North-South Routing in Region B You eploy two NSX Ege evies for North-South Routing. Perform this proeure twie to eploy two NSX Ege evies. Enter nme n IP resses for the respetive evie with the following vlues. Tle NSX Ege s NSX Ege Devie NSX Ege Devie 1 NSX Ege Devie 2 Devie Nme lx01m01esg01 lx01m01esg02 VMwre, In. 65

66 Tle NSX Ege Interfes s Interfe Primry IP Aress lx01m01esg01 Primry IP Aress lx01m01esg02 Uplink Uplink sfo01m01ulr Log in to vcenter Server y using the vsphere We Client. Open We rowser n go to Log in using the following reentils. User nme Psswor ministrtor@vsphere.lol vsphere_min_psswor 2 Clik Networking & Seurity. 3 In the Nvigtor, lik NSX Eges. 4 Selet from the NSX Mnger rop-own menu. 5 Clik the A ion to eploy new NSX Ege. The New NSX Ege wizr ppers. On the Nme n esription pge, enter the following settings n lik Next. s lx01m01esg01 lx01m01esg02 Instll Type Ege Servie Gtewy Ege Servie Gtewy Nme lx01m01esg01 lx01m01esg02 Deploy NSX Ege Selete Selete Enle High Avilility Deselete Deselete On the s pge, enter the following settings n lik Next. s User Nme Psswor Enle SSH ess Enle FIPS moe Enle uto rule genertion Ege Control Level logging min ege_min_psswor Selete Deselete Selete INFO VMwre, In. 66

67 On the Configure eployment pge, lik Lrge to speify the Appline Size n lik the A ion. The A NSX Ege Appline ilog ox ppers. In the A NSX Ege Appline ilog ox, enter the following settings, lik OK, n lik Next. Cluster/Resoure Pool Dtstore Foler Resoure Reservtion lx01-m01-mgmt01 lx01-m01-vsn01 lx01-m01f-nsx System Mnge e On the Configure Interfes pge, lik the A ion to onfigure the Uplink01 interfe, enter the following settings, n lik OK. lx01m01esg01 lx01m01esg02 Nme Uplink01 Uplink01 Type Uplink Uplink Connete To lx01-m01-vs01-uplink01 lx01-m01-vs01-uplink01 Connetivity Sttus Connete Connete Primry IP Aress Sunet Prefix Length MTU Sen ICMP Reiret Selete Selete f Clik the A ion gin to onfigure the Uplink02 interfe, enter the following settings, n lik OK. lx01m01esg01 lx01m01esg02 Nme Uplink02 Uplink02 Type Uplink Uplink Connete To lx01-m01-vs01-uplink02 lx01-m01-vs01-uplink02 Connetivity Sttus Connete Connete Primry IP Aress Sunet Prefix Length MTU Sen ICMP Reiret Selete Selete VMwre, In. 67

68 g Clik the A ion thir time to onfigure the UDLR interfe, enter the following settings, lik OK, n lik Next. lx01m01esg01 lx01m01esg02 Nme sfo01m01ulr01 sfo01m01ulr01 Type Internl Internl Connete To Universl Trnsit Network Universl Trnsit Network Connetivity Sttus Connete Connete Primry IP Aress Sunet Prefix Length MTU Sen ICMP Reiret Selete Selete h i j On the Defult Gtewy s pge, eselet the Configure Defult Gtewy hek ox n lik Next. On the Firewll n HA pge, lik Next. On the Rey to Complete pge, review the onfigurtion settings you entere n lik Finish. 6 Repet this proeure to onfigure nother NSX ege using the settings for the seon NSX Ege evie. 7 Configure DRS ffinity rules for the Ege Servies Gtewys. e f Go k to the Home pge. In the Nvigtor, lik Hosts n Clusters n expn the lx01m01v01.lx01.rinpole.lol tree ontrol. Selet the lx01-m01-mgmt01 luster n lik the Configure t. Uner Configurtion, lik VM/Host Rules. Clik A. In the lx01-m01-mgmt01 - Crete VM/Host Rule ilog ox, enter the following settings n lik A. Nme Enle rule Type nti-ffinity-rule-empeges Selete Seprte Virtul Mhine g h In the A Rule Memer ilog ox, selet the hek ox next to eh of the two, newly eploye NSX ESGs n lik OK. In the lx01-m01-mgmt01 - Crete VM/Host Rule ilog ox, lik OK. VMwre, In. 68

69 Disle the Firewll Servie in Region B Disle the firewll of the NSX Ege evies. This is require for equl-ost multi-pth (ECMP) to operte orretly. Perform this proeure for eh NSX Ege evie. 1 Log in to vcenter Server y using the vsphere We Client. Open We rowser n go to Log in using the following reentils. User nme Psswor ministrtor@vsphere.lol vsphere_min_psswor 2 Uner Inventories, lik Networking & Seurity. 3 In the Nvigtor, lik NSX Eges. 4 Selet from the NSX Mnger rop-own menu. 5 Doule-lik the lx01m01esg01 NSX Ege evie. 6 Clik the Mnge t n lik Firewll. 7 On the Firewll pge, lik the Stop utton. 8 Clik the Pulish Chnges utton. 9 Repet this proeure for the NSX Ege evie lx01m01esg02. Enle n Configure Routing in Region B Enle the Borer Gtewy Protool (BGP) to exhnge routing informtion etween the NSX Ege servies gtewys in network of utonomous systems (AS). 1 Log in to vcenter Server y using the vsphere We Client. Open We rowser n go to Log in using the following reentils. User nme Psswor ministrtor@vsphere.lol vsphere_min_psswor 2 Uner Inventories, lik Networking & Seurity. VMwre, In. 69

70 3 In the Nvigtor, lik NSX Eges. 4 Selet from the NSX Mnger rop-own menu. 5 Doule-lik the lx01m01esg01 NSX Ege evie. 6 Clik the Mnge t n lik Routing. 7 On the Glol Configurtion pge, enter the following settings. Clik the Strt utton for ECMP. To onfigure ynmi routing, lik the Eit utton next to Dynmi Routing Configurtion. Selet Uplink01 s the Router ID n lik OK. Clik Pulish Chnges. 8 On the Routing t, selet Stti Routes. Clik the A ion, enter the following settings, n lik OK. Network /24 Next Hop Interfe sfo01m01ulr01 MTU 9000 Amin Distne 210 Clik the A ion, enter the following settings, n lik OK. Network /24 Next Hop Interfe sfo01m01ulr01 MTU 9000 Amin Distne 210 Clik the A ion, enter the following settings, n lik OK. Network /24 Next Hop Interfe sfo01m01ulr01 MTU 9000 Amin Distne 210 Clik Pulish Chnges. VMwre, In. 70

71 9 On the Routing t, selet BGP. Clik Eit, enter the following settings, n lik OK. Enle BGP Enle Greful Restrt Enle Defult Originte Selete Deselete Deselete Lol AS On the BGP pge, lik the A ion to neighor. The New Neighor ilog ox ppers. You two neighors: the first Top of Rk Swith n the seon Top of Rk Swith. In the New Neighor ilog ox, enter the following vlues for the first Top of Rk Swith n lik OK. IP Aress Remote AS Weight 60 Keep Alive Time 4 Hol Down Time 12 Psswor BGP_psswor e Clik the A ion to nother neighor. In the New Neighor ilog ox, enter the following vlues for the seon Top of Rk Swith n lik OK. IP Aress Remote AS Weight 60 Keep Alive Time 4 Hol Down Time 12 Psswor BGP_psswor f Clik the A ion to nother Neighor. VMwre, In. 71

72 g In the New Neighor ilog ox, enter the following vlues for the universl istriute logil router n lik OK. IP Aress Remote AS Weight 10 Keep Alive Time 1 Hol Down Time 3 Psswor BGP_psswor h Clik Pulish Chnges. The three neighors you e re now visile in the Neighors tle. 10 On the Routing t, selet Route Reistriution. On the Route Reistriution pge, lik the Eit utton. In the Chnge Reistriution s ilog ox, selet the BGP hek ox n lik OK. Clik the A ion for Route Reistriution tle. In the New Reistriution Criteri ilog ox, enter the following settings n lik OK. Prefix Lerner Protool OSPF Stti routes Connete Ation Any BGP Deselete Selete Selete Permit e Clik Pulish Chnges. The route reistriution onfigurtion is now visile in the Route Reistriution tle. 11 Repet this proeure for the NSX Ege evie lx01m01esg02. Verify Peering of Upstrem Swithes n Estlishment of BGP in Region B The NSX Ege evies must estlish onnetion to eh of its upstrem BGP swithes efore BGP uptes n e exhnge. Verify tht the NSX Ege evies re suessfully peering n tht BGP routing hs een estlishe. VMwre, In. 72

73 1 Log in to the NSX Ege evie using Seure Shell (SSH) lient. Open n SSH onnetion to the lx01m01esg01 NSX Ege evie. Log in using the following reentils. User nme Psswor min ege_min_psswor 2 Run the show ip gp neighors ommn to isply informtion out the BGP onnetions to neighors. The BGP Stte shows Estlishe, UP if you hve peere with the upstrem swithes. Note You hve not yet onfigure the universl istriute logil router (UDLR), it is not liste s BGP neighor. 3 Run the show ip route ommn to verify tht you re reeiving routes using BGP, n tht there re multiple routes to BGP lerne networks. You verify multiple routes to BGP lerne networks y loting the sme route using ifferent IP ress. The IP resses re liste fter the wor vi in the right-sie olumn of the routing tle output. In the following imge there re two ifferent routes to the following BGP networks: /0 n /24. You n ientify BGP networks y the letter B in the leftsie olumn. Lines eginning with C (onnete) hve only single route. VMwre, In. 73

74 4 Repet this proeure for the NSX Ege evie lx01m01esg02. Configure Universl Distriute Logil Router for Dynmi Routing in Region B Configure the universl istriute logil router (UDLR) to use ynmi routing in Region B. 1 Log in to vcenter Server y using the vsphere We Client. Open We rowser n go to Log in using the following reentils. User nme Psswor ministrtor@vsphere.lol vsphere_min_psswor 2 Uner Inventories, lik Networking & Seurity. 3 In the Nvigtor, lik NSX Eges. 4 Selet from the NSX Mnger rop-own menu. VMwre, In. 74

75 5 Configure the Universl Distriute Logil Router. Doule-lik sfo01m01ulr01. Clik the Mnge t, lik Routing, n selet BGP. On the BGP pge, lik the A Neighor ion. In the New Neighor ilog ox, enter the following vlues for oth NSX Ege evies, n lik OK. Repet two times to onfigure the UDLR for oth NSX Ege evies: lx01m01esg01 n lx01m01esg02. lx01m01esg01 lx01m01esg02 IP Aress Forwring Aress Protool Aress Remote AS Weight Keep Alive Time 1 1 Hol Down Time 3 3 Psswor BGP_psswor BGP_psswor e Clik Pulish Chnges. Verify Estlishment of BGP for the Universl Distriute Logil Router in Region B Verify tht the UDLR is suessfully peering n BGP routing hs een estlishe. 1 Log in to the UDLR y using Seure Shell (SSH) lient. Open n SSH onnetion to sfo01m01ulr01. Log in using the following reentils. User nme Psswor min ulr_min_psswor 2 Run the show ip gp neighors ommn to isply informtion out the BGP n TCP onnetions to neighors. The BGP Stte shows Estlishe, UP if you hve suessfully peere with the Ege Servie Gtewy. VMwre, In. 75

76 3 Run the show ip route ommn to verify tht you re reeiving routes using BGP, n tht there re multiple routes to BGP lerne networks. The letter B efore the route inites tht BGP is use. VMwre, In. 76

77 Configure Stti Routes on the Universl Distriute Logil Router in Region B Configure the universl istriute logil router (UDLR) to use stti routes for routing to the mngement servers in Region B. 1 Log in to vcenter Server y using the vsphere We Client. Open We rowser n go to Log in using the following reentils. User nme Psswor ministrtor@vsphere.lol vsphere_min_psswor 2 Configure the Universl Distriute Logil Router stti routes. e f g Uner Inventories, lik Networking n Seurity. In the Nvigtor, lik NSX Eges. Selet from the NSX Mnger rop-own menu. Doule-lik sfo01m01ulr01. Clik the Mnge t, lik Routing, n selet Stti Routes. On the Stti Routes pge, lik the A utton. In the A Stti Route ilog ox, enter the following vlues n lik OK. Network /24 Next Hop , Interfe Uplink Amin Distne 1 h Clik Pulish Chnges. Upte Distriute Firewll for Region B After eploying the vcenter Server you must it to the istriute firewll exlusion list. VMwre, In. 77

78 1 Log in to vcenter Server y using the vsphere We Client. Open We rowser n go to Log in using the following reentils. User nme Psswor ministrtor@vsphere.lol vsphere_min_psswor 2 Exlue vcenter Server in Region B from firewll protetion. e In the Nvigtor, lik Networking & Seurity. Clik Firewll s n selet the Exlustion List t. Selet from the NSX Mnger rop-own menu. Clik A. A lx01m01v01 to the Selete Ojets list n lik OK. 3 Chnge the efult rule tion from Allow to Blok for Region B. In the Nvigtor, lik Networking & Seurity n lik Firewll. From the NSX Mnger rop-own menu, selet Uner Defult Setion Lyer3, in the Ation olumn for the Defult Rule, hnge the tion to Blok. Clik Pulish Chnges. Test the Mngement Cluster NSX Configurtion in Region B Test the onfigurtion of the NSX logil network using ping test. A ping test heks if two hosts in network n reh eh other. 1 Log in to vcenter Server y using the vsphere We Client. Open We rowser n go to Log in using the following reentils. User nme Psswor ministrtor@vsphere.lol vsphere_min_psswor VMwre, In. 78

79 2 Use the Ping Monitor to test onnetivity. e f g In the Nvigtor, lik Networking & Seurity. Uner Logil Swithes, selet NSX Mnger from the rop-own menu Doule-lik Universl Trnsit Network. Clik the Monitor t. From the Soure host rop-own menu, selet lx01m01esx01.lx01.rinpole.lol. From the Destintion host rop-own menu, selet lx01m01esx03.lx01.rinpole.lol. Clik Strt Test. The host-to-host ping test results re isplye in the Results text ox. Verify tht there re no error messges. Test the Mngement Clusters Routing Filover After the lusters re fully onfigure in Region A n Region B, you verify tht the network onnetivity etween the regions works s expete. 1 Log in to vcenter Server y using the vsphere We Client. Open We rowser n go to Log in using the following reentils. User nme Psswor ministrtor@vsphere.lol vsphere_min_psswor 2 Shut own the NSX Ege servie gtewys in Region A. In the Nvigtor, lik Hosts n Clusters. Expn the entire sfo01m01v01.sfo01.rinpole.lol tree. Right-lik sfo01m01esg01-0 n selet Power > Shut Down Guest OS. Right-lik sfo01m01esg02-0 n selet Power > Shut Down Guest OS. VMwre, In. 79

80 3 Log in to the universl istriute logil router y using Seure Shell (SSH) lient n verify the BGP routing stte. Open n SSH onnetion to sfo01m01ulr01. Log in using the following reentils. User nme Psswor min ulr_min_psswor Run the show ip route ommn to verify tht you re reeiving routes using BGP. The letter B efore the route inites tht BGP is use. e Verify tht multiple routes to BGP lerne networks exist. Verify tht routes ome from Region B ESGs. 4 Power on the NSX Ege servies gtewys in Region A. In the Nvigtor, lik Hosts n Clusters. Expn the entire sfo01m01v01.sfo01.rinpole.lol tree. Right-lik sfo01m01esg01-0 n selet Power > Power On. Right-lik sfo01m01esg02-0 n selet Power > Power On. 5 Verify the new stte of the BGP routing. Go k to the SSH onnetion to sfo01m01ulr01. Run the show ip route ommn. VMwre, In. 80

81 Verify tht you reeive routes using BGP. The letter B efore the route inites tht BGP is use. Verify tht you hve multiple routes to BGP lerne networks n tht routes lso ome from the NSX Ege servies gtewys in Region A. Deploy Applition Virtul Networks in Region B Deploy the pplition virtul networks for the region. 1 Log in to vcenter Server y using the vsphere We Client. Open We rowser n go to Log in using the following reentils. User nme Psswor ministrtor@vsphere.lol vsphere_min_psswor 2 Crete Universl Logil Swith for worklos speifi to Region B. Uner Inventories, lik Networking & Seurity. In the Nvigtor, lik Logil Swithes. Selet from the NSX Mnger rop-own menu. VMwre, In. 81

82 e Clik the A ion to rete new Logil Swith. In the New Logil Swith ilog ox, enter the following settings, n lik OK. Nme Trnsport Zone Replition Moe Mgmt-RegionB01-VXLAN Mgmt Universl Trnsport Zone Hyri 3 Connet the Mgmt-RegionB01-VXLAN to the sfo01m01ulr01 Universl Distriute Logil Router. On the Logil Swithes pge, selet the Mgmt-RegionB01-VXLAN logil swith. Clik the Connet Ege ion. On the Connet n Ege pge, selet sfo01m01ulr01 n lik Next. On the Eit NSX Ege Interfe pge, enter the following settings n lik Next. Nme Type Connetivity Sttus Mgmt-RegionB01-VXLAN Internl Connete Primry IP Aress Sunet Prefix Length 24 e On the Rey to Complete pge lik Finish. 4 Configure the MTU for the Logil Swithes. e f In the Nvigtor, selet NSX Eges. Doule-lik sfo01m01ulr01. Clik the Mnge t n lik s. On the s pge, lik on Interfes. Uner Interfes, selet Mgmt-RegionB01-VXLAN, n lik Eit. On the Eit Logil Router Interfe, enter 9000 for the MTU, n lik OK. Deploy the NSX Lo Blner in Region B Deploy lo lner for use y mngement pplitions onnete to the pplition virtul network Mgmt-xRegion01-VXLAN. VMwre, In. 82

83 1 Log in to vcenter Server y using the vsphere We Client. Open We rowser n go to Log in using the following reentils. User nme Psswor ministrtor@vsphere.lol vsphere_min_psswor 2 Uner Inventories, lik Networking Seurity. 3 In the Nvigtor, lik NSX Eges. 4 Selet from the NSX Mnger rop-own menu. 5 Clik the A ion to rete new NSX Ege. 6 On the Nme n Desription pge, enter the following settings, n lik Next. Instll Type Nme Hostnme Deploy NSX Ege Enle High Avilility Ege Servies Gtewy lx01m01l01 lx01m01l01.lx01.rinpole.lol Selete Selete 7 On the s pge, enter the following settings, n lik Next. User Nme Psswor Enle SSH ess Enle FIPS moe Enle uto rule genertion Ege Control Level logging min ege_min_psswor Selete Deselete Selete INFO VMwre, In. 83

84 8 On the Configure Deployment pge, perform the following onfigurtion steps, n lik Next. Selet lx01-w01 from the Dtenter rop-own menu. Selet the Lrge rio utton to speify the Appline Size. Clik the A ion, enter the following settings, n lik OK. Perform twie to two NSX Ege pplines with the sme settings. Resoure pool Dtstore Foler Resoure Reservtion lx01-m01-mgmt01 lx01-m01-vsn01 lx01-m01f-nsx System Mnge 9 On the Configure Interfes pge, lik the A ion to onfigure the OneArmLB interfe, enter the following settings, lik OK, n lik Next. Nme Type Connete To Connetivity Sttus OneArmLB Internl Mgmt-xRegion01-VXLAN Connete Primry IP Aress Sunet Prefix Length 24 MTU 9000 Sen ICMP Reiret Selete 10 On the Defult Gtewy s pge, lik Next. 11 On the Firewll n HA pge, selet the following settings n lik Next. Configure Firewll efult poliy Defult Trffi Poliy Logging vnic Selete Aept Disle ny Delre De Time On the Rey to Complete pge, review the onfigurtion settings you entere n likfinish. 13 Enle HA logging. In the Nvigtor, lik NSX Eges. Selet from the NSX Mnger rop-own menu. Doule-lik the lx01m01l01 evie. VMwre, In. 84

85 e f Clik the Mnge t n lik the s t. Clik Chnge in the HA Configurtion pge. Selet the Enle Logging hek ox n lik OK. 14 Configure the Defult Gtewy. In the Nvigtor, lik NSX Eges. Selet from the NSX Mnger rop-own menu. Doule-lik the lx01m01l01 evie. Clik the Mnge t n lik the Routing t. e Clik the Eit utton to onfigure the Defult Gtewy n enter f Clik Pulish Chnges. 15 Disonnet the Lo Blner fter the eployment. e f In the Nvigtor, lik NSX Eges. Selet from the NSX Mnger rop-own menu. Doule-lik the lx01m01l01 evie. Clik Mnge t n lik the s t. Clik Interfes, selet the OneArmLB virtulize Network Interfe Cr (vnic), n lik Eit. In the Eit NSX Ege Interfe ilog ox, selet Disonnete s Connetivity Sttus. 16 Enle the Lo Blner servie. e f In the Nvigtor, lik NSX Eges. Selet from the NSX Mnger rop-own menu. Doule-lik the lx01m01l01 evie. Clik the Mnge t n lik the Lo Blner t. Selet Glol Configurtion n lik Eit. In the Eit Lo Blner Glol Configurtion ilog ox, selet Enle Lo Blner n lik OK. Deploy n Configure the Shre Ege n Compute Cluster Components Region B Deploy n onfigure the shre ege n ompute luster omponents. 1 Prerequisites for Implementtion of the Shre Ege n Compute Cluster in Region B Before you eploy the Shre Ege n Compute vcenter Server in Region B, verify tht your environment stisfies the requirements for this eployment. VMwre, In. 85

86 2 Deploy the Compute vcenter Server Instne in Region B You n now instll the vcenter Server ppline n the liense. 3 Reple the Certifite of the Compute vcenter Server in Region B To estlish truste onnetion with the other SDDC mngement omponents, you reple the mhine SSL ertifite on eh vcenter Server instne in Region B with ustom ertifite signe y the ertifite uthority (CA) ville on the prent Ative Diretory (AD) server or on the intermeite AD server. 4 Set SDDC Deployment Detils on the Compute vcenter Server in Region B Set n ientity of your SDDC eployment on the Compute vcenter Server in Region B. You n lso use this ientity s lel in tools for utomte SDDC eployment. 5 A New vcenter Server Lienses in Region B (Optionl) If liense is not ssigne uring eployment of the Mngement vcenter Server n ESXi hosts, you n new lienses for the ompute vcenter Server instne. 6 A the Shre Ege n Compute vcenter to the vcenter Servers VM Group in Region B After the vcenter Server for the Shre Ege n Computer luster is eploye, you it to the vcenter Server VM Group. 7 Exlue the Compute vcenter Server from the Distriute Firewll in Region B Ensure tht network ess etween vcenter Server n NSX is not loke y exluing vcenter Server from ll your istriute firewll rules. 8 Configure the Shre Ege n Compute Cluster in Region B After you eploy the Compute vcenter Server, you must rete n onfigure the shre ege n ompute luster. 9 Crete vsphere Distriute Swith for the Shre Ege n Compute Cluster in Region B After ll ESXi hosts re e to the luster, you rete vsphere Distriute Swith. 10 Enle vsphere HA on the Shre Ege n Compute Cluster in Region B Before reting the host profile for the shre ege n ompute luster, enle vsphere HA. 11 Configure SSH, NTP, n Avne Options on the First ESXi Host in the Shre Ege n Compute Cluster in Region B Time synhroniztion issues n result in serious prolems with your environment. Configure NTP for eh of your hosts in the shre ege n ompute lusters. Chnge the efult ESX Amins group to hieve greter levels of seurity y removing known ministrtive ess point. 12 Mount NFS Storge for the Shre Ege n Compute Cluster in Region B You must mount n NFS tstore for the ontent lirry onsume y vrelize Automtion for virtul mhine provisioning. 13 Crete n Apply the Host Profile for the Shre Ege n Compute Cluster in Region B Host Profiles ensure tht ll hosts in the luster hve the sme onfigurtion. VMwre, In. 86

87 14 Configure Lokown Moe on All ESXi Hosts in Region B To inrese the seurity of your ESXi hosts, you enle Lokown moe to llow ministrtive opertions to e performe only from vcenter Server. 15 Crete the VM n Templte Folers in Region B Crete folers to group ojets of the sme type for esier mngement. Prerequisites for Implementtion of the Shre Ege n Compute Cluster in Region B Before you eploy the Shre Ege n Compute vcenter Server in Region B, verify tht your environment stisfies the requirements for this eployment. IP Aresses n Host Nmes Verify tht stti IP resses n FQDNs for the shre ege n ompute networks re ville for the SDDC eployment. Verify tht you hve onfigure the Pltform Servies Controller lo lner n the mngement vcenter Server. Allote one stti IP ress n n FQDN for the Shre Ege n Compute vcenter Server. Tle Network Nmes for SDDC Components vcenter Server vcenter Server Network lx01-m01-vs01-mngement Tle IP Aresses n Host Nmes for the vcenter Server n Pltform Servies Controllers in Region B Role IP Aress FQDN Pltform Servies Controller lo lner VIP ress lx01ps01.lx01.rinpole.lol Compute vcenter Server lx01w01v01.lx01.rinpole.lol Defult gtewy DNS server Sunet msk NTP servers ntp.lx01.rinpole.lol Deployment Prerequisites Verify tht your environment stisfies the following prerequisites for the eployment of the vcenter Server. VMwre, In. 87

88 Prerequisite Storge Virtul isk provisioning. Thin Require storge per vcenter Server Initil storge for the vcenter Server: 600 GB Softwre Fetures Verify tht mngement vcenter Server is opertionl. Verify tht the PSC Lo Blner is onfigure. Instlltion Pkge Downlo the.iso file for the vcenter Server. Liense Verify tht you hve otine vclou Suite liense with quntity tht stisfies the requirements of this esign. Ative Diretory Verify tht you hve prent tive iretory with the SDDC user roles onfigure for the rinpole.lol omin. sv-omin-join(enterprise Amins) Certifite Authority Configure the root Ative Diretory omin ontroller s ertifite uthority for the environment. Downlo the CertGenVVD tool n generte the signe ertifite for the Shre Ege n Compute vcenter Server. See the VMwre Vlite Design Plnning n Preprtion oumenttion Deploy the Compute vcenter Server Instne in Region B You n now instll the vcenter Server ppline n the liense. 1 Strt the vcenter Server Appline Deployment wizr. Browse the vcenter Server Appline ISO file. Open the <v-rive>:\vs-ui-instller\win32\instller pplition file. 2 Complete the vcenter Server Appline Deployment wizr to perform the first stge of the instlltion. Clik Instll to strt the instlltion. Clik Next on the Introution pge. On the En User Liense Agreement pge, selet the I ept the terms of the liense greement hek ox n lik Next. On the Selet eployment Type pge, selet the vcenter Server (Requires Externl Pltform Servies Controller) rio utton n lik Next. VMwre, In. 88

89 e On the Appline eployment trget pge, enter the following settings n lik Next. ESXi host or vcenter Server nme lx01m01v01.lx01.rinpole.lol HTTPS port 443 User nme Psswor ministrtor@vsphere.lol vsphere_min_psswor f g h i In the Certifite Wrning ilog ox, lik Yes to ept the host ertifite. On the Selet foler pge, selet lx01-m01f-mgmt. On the Selet ompute resoure pge, selet the lx01-m01-mgmt01 luster. On the Set up ppline VM pge, enter the following settings, n lik Next. Appline nme OS psswor Confirm OS psswor lx01w01v01 ompv_root_psswor ompv_root_psswor j k l On the Selet eployment size pge, selet Lrge vcenter Server n lik Next. On the Selet tstore pge, selet the lx01-m01-vsn01 tstore, selet the Enle Thin Disk Moe hek ox, n lik Next. On the Configure network settings pge, enter the following settings, n lik Next. Network IP version IP ssignment System nme lx01-m01-vs01-mngement IPv4 Stti lx01w01v01.lx01.rinpole.lol IP ress Sunet msk or prefix length Defult gtewy DNS servers , m n On the Rey to omplete stge 1 pge, review the onfigurtion n lik Finish. When the eployment ompletes, lik Continue to proee to stge 2 of the instlltion. VMwre, In. 89

90 3 Complete the Set Up vcenter Server Appline wizr to omplete the seon stge of the instlltion. Clik Next on the Introution pge. On the Appline onfigurtion pge, enter the following settings n lik Next. Time Synhroniztion moe NTP servers (omm-seprte list) SSH ess Synhronize time with NTP servers ntp.lx01.rinpole.lol Enle On the SSO onfigurtion pge, enter the following settings n lik Next. Pltform Servies Controller lx01ps01.lx01.rinpole.lol HTTPS port 443 SSO omin nme SSO psswor vsphere.lol sso_psswor e On the Rey to omplete pge, review the onfigurtion, lik Finish n lik OK on the wrning. On the Complete pge, lik Close. Reple the Certifite of the Compute vcenter Server in Region B To estlish truste onnetion with the other SDDC mngement omponents, you reple the mhine SSL ertifite on eh vcenter Server instne in Region B with ustom ertifite signe y the ertifite uthority (CA) ville on the prent Ative Diretory (AD) server or on the intermeite AD server. Tle Certifite-Relte Files on the vcenter Server Instne vcenter Server FQDN Files for Certifite Replement lx01w01v01.lx01.rinpole.lol lx01w01v01.key lx01w01v01.1.er Root64.er Prerequisites CA-signe ertifite files generte y using VMwre Vlite Design Certifite Genertion Utility (CertGenVVD). See the VMwre Vlite Design Plnning n Preprtion oumenttion. A Winows host with n SSH terminl ess softwre suh s PuTTY n n sp softwre suh s WinSCP instlle. VMwre, In. 90

91 1 Log in to Compute vcenter Server y using Seure Shell (SSH) lient. Open n SSH onnetion to the virtul mhine lx01w01v01.lx01.rinpole.lol. Log in using the following reentils. User nme Psswor root venter_server_root_psswor 2 Chnge the vcenter Server ppline ommn shell to the Bsh shell to llow seure opy (SCP) onnetions for the root user. shell hsh -s "/in/sh" root 3 Copy the generte ertifites to the vcenter Server Appline. Run the following ommn to rete new temporry foler. mkir -p /root/erts Copy the ertifite files lx01w01v01.1.er, lx01w01v01.key, n Root64.er to the /root/erts foler. You n use n SCP softwre suh s WinSCP. 4 Reple the CA-signe ertifite on the vcenter Server instne. Strt the vsphere Certifite Mnger utility on the vcenter Server instne. /usr/li/vmwre-vm/in/ertifite-mnger Selet Option 1 (Reple Mhine SSL ertifite with Custom Certifite), enter the efult vcenter Single Sign-On user nme ministrtor@vsphere.lol n the vsphere_min_psswor psswor. When prompte for the infrstruture server IP, enter the IP ress of the Pltform Servies Controller tht mnges this vcenter Server instne. Option IP Aress of Connete Pltform Servies Controller lx01w01v01.lx01.rinpole.lol VMwre, In. 91

92 e Selet Option 2 (Import ustom ertifite(s) n key(s) to reple existing Mhine SSL ertifite). When prompte, provie the full pth to the ustom ertifite, the root ertifite file, n the key file tht you opie over erlier, n onfirm the import with Yes (Y). vcenter Server lx01w01v01.lx01.rinpole.lol Input to the vsphere Certifite Mnger Utility Plese provie vli ustom ertifite for Mhine SSL. File : /root/erts/lx01w01v01.1.er Plese provie vli ustom key for Mhine SSL. File : /root/erts/lx01w01v01.key Plese provie the signing ertifite of the Mhine SSL ertifite. File : /root/erts/root64.er 5 After Sttus shows 100% Complete, wit severl minutes until ll vcenter Server servies re restrte. 6 Restrt the vmi-lighttp servie to upte the ertifite on the virtul ppline mngement interfe (VAMI) n to remove ertifite files. servie vmi-lighttp restrt /root/erts/ rm lx01w01v01.1.er lx01w01v01.key Root64.er Set SDDC Deployment Detils on the Compute vcenter Server in Region B Set n ientity of your SDDC eployment on the Compute vcenter Server in Region B. You n lso use this ientity s lel in tools for utomte SDDC eployment. 1 Log in to the Compute vcenter Server y using the vsphere We Client. Open We rowser n go to Log in using the following reentils. User nme Psswor ministrtor@vsphere.lol vsphere_min_psswor 2 From the Home menu of the vsphere We Client, selet Glol Inventory Lists. 3 In the Nvigtor, lik vcenter Servers uner Resoures. 4 Clik the lx01w01v01.lx01.rinpole.lol vcenter Server ojet n lik the Configure t in the entrl pne. VMwre, In. 92

93 5 Uner the s pne, lik Avne s n lik the Eit utton. 6 In the Eit Avne vcenter Server s ilog ox, set the following vlue pirs one y one, liking A fter eh entry. Nme onfig.sddc.deploye.type onfig.sddc.deploye.flvor VVD Stnr onfig.sddc.deploye.version onfig.sddc.deploye.worklodomin onfig.sddc.deploye.metho onfig.sddc.deploye.instnei ShreEgeAnCompute DIY unique_ientifier* Note * Use the unique_ientifier you generte for the Mngement vcenter Server. See Set SDDC Deployment Detils on the Mngement vcenter Server in in Region A. 7 Clik OK to lose the winow. A New vcenter Server Lienses in Region B (Optionl) If liense is not ssigne uring eployment of the Mngement vcenter Server n ESXi hosts, you n new lienses for the ompute vcenter Server instne. 1 Log in to the Compute vcenter Server y using the vsphere We Client. Open We rowser n go to Log in using the following reentils. User nme Psswor ministrtor@vsphere.lol vsphere_min_psswor 2 Clik the Home ion ove the Nvigtor n selet Aministrtion. 3 On the Aministrtion pge, lik Lienses n lik the Lienses t. 4 Clik the Crete New Lienses ion to liense keys. 5 On the Enter liense keys pge, enter liense keys for vcenter Server n ESXi, one per line, n lik Next. 6 On the Eit liense nme pge, enter esriptive nme for eh liense key, n lik Next. 7 On the Rey to omplete pge, review your entries, n lik Finish. VMwre, In. 93

94 8 Assign the newly e lienses to the respetive ssets. Clik the Assets t n selet vcenter Server systems. Selet the lx01w01v01.lx01.rinpole.lol vcenter Server instne, n lik the Assign Liense ion. Selet the vcenter Server liense tht you entere in the previous step n lik OK. A the Shre Ege n Compute vcenter to the vcenter Servers VM Group in Region B After the vcenter Server for the Shre Ege n Computer luster is eploye, you it to the vcenter Server VM Group. 1 Log in to the Mngement vcenter Server y using the vsphere We Client. Open We rowser n go to Log in using the following reentils. User nme Psswor ministrtor@vsphere.lol vsphere_min_psswor 2 In the Nvigtor pne, selet Hosts n Clusters n expn the lx01m01v01.lx01.rinpole.lol tree. 3 Selet the lx01-m01-mgmt01 luster n lik Configure. 4 On the Configure pge, lik VM/Host Groups. 5 On the VM/Host Groups pge, selet the vcenter Servers VM Group. 6 Uner VM/Host Group Memers, lik the A utton. 7 In the A Group Memer ilog ox, selet lx01w01v01 n lik OK. Exlue the Compute vcenter Server from the Distriute Firewll in Region B Ensure tht network ess etween vcenter Server n NSX is not loke y exluing vcenter Server from ll your istriute firewll rules. VMwre, In. 94

95 1 Log in to vcenter Server y using the vsphere We Client. Open We rowser n go to Log in using the following reentils. User nme Psswor ministrtor@vsphere.lol vsphere_min_psswor 2 In the Nvigtor pne, lik Networking & Seurity. 3 Clik Firewll s n selet the Exlustion List t. 4 Selet from the NSX Mnger rop-own menu. 5 Clik the A utton. 6 A lx01w01v01 to the Selete Ojets list, n lik OK. Configure the Shre Ege n Compute Cluster in Region B After you eploy the Compute vcenter Server, you must rete n onfigure the shre ege n ompute luster. To rete n onfigure the shre ege n ompute luster, you perform the following proeures: Crete the luster. Configure DRS. A the hosts to the luster. A the hosts to the tive iretory omin. Crete Resoure Pools. 1 Log in to the Compute vcenter Server y using the vsphere We Client. Open We rowser n go to Log in using the following reentils. User nme Psswor ministrtor@vsphere.lol vsphere_min_psswor VMwre, In. 95

96 2 Crete t enter ojet. In the Nvigtor pne, lik Hosts n Clusters. Right-lik lx01w01v01.lx01.rinpole.lol n selet New Dtenter. In the New Dtenter ilog ox, enter lx01-w01 s nme n lik OK. 3 Crete the shre ege n ompute luster. Right-lik the lx01-w01 t enter n lik New Cluster. In the New Cluster wizr, enter the following vlues n lik OK. Nme lx01-w01-omp01 DRS Turn on Selete Other DRS options Defult vlues vsphere HA Turn on Deselete EVC Set EVC moe to the highest ville seline tht is supporte for the lowest CPU rhiteture on the hosts in the luster vsan Turn on Deselete 4 A host to the shre ege n ompute luster. Right-lik the lx01-w01-omp01 luster n lik A Host. On the Nme n lotion pge, enter lx01w01esx01.lx01.rinpole.lol in the Host nme or IP ress text ox n lik Next. On the Connetion settings pge, enter the following reentils n lik Next. User nme Psswor root esxi_root_user_psswor e f g h i In the Seurity Alert ilog ox, lik Yes. On the Host summry pge, review the host informtion n lik Next. On the Assign liense pge, selet the ESXi liense key, tht you entere uring the vcenter Server eployment, n lik Next. On the Lokown moe pge, lik Next. On the Resoure pool pge, lik Next. On the Rey to omplete pge, review your entries n lik Finish. VMwre, In. 96

97 5 Repet the previous step to the remining hosts to the luster. Host 2 Host 3 Host 4 lx01w01esx02.lx01.rinpole.lol lx01w01esx03.lx01.rinpole.lol lx01w01esx04.lx01.rinpole.lol 6 A n ESXi host to the tive iretory omin. e f In the Nvigtor, lik Hosts n Clusters n expn the entire lx01w01v01.lx01.rinpole.lol tree. Selet the lx01w01esx01.lx01.rinpole.lol host. Clik the Configure t. Uner System, selet Authentition Servies. In the Authentition Servies pnel, lik the Join Domin utton. In the Join Domin ilog ox, enter the following settings n lik OK. Domin User nme Psswor lx01.rinpole.lol sv-omin-join@rinpole.lol sv-omin-join_psswor 7 Set the Ative Diretory Servie to Strt n stop with host. e f In the Nvigtor, lik Hosts n Clusters n expn the entire lx01w01v01.lx01.rinpole.lol tree. Selet the lx01w01esx01.lx01.rinpole.lol host. Clik the Configure t. Uner System, selet Seurity Profile. Clik the Eit utton next to Servies. Selet the Ative Diretory servie, hnge the Strtup Poliy to Strt n stop with host n lik OK. VMwre, In. 97

98 8 Configure resoure pool for the shre ege n ompute luster. Right-lik the lx01-w01-omp01 luster n selet New Resoure Pool. In the New Resoure Pool ilog ox, enter the following vlues n lik OK. Nme CPU-Shres lx01-w01rp-s-ege High CPU-Reservtion 0 CPU-Reservtion Type CPU-Limit Memory-Shres Memory-Reservtion Memory-Reservtion type Memory-Limit Expnle selete Unlimite Norml 16 GB Expnle selete Unlimite 9 Repet step Step 8 to two more itionl resoure pools. Resoure Pool 2 Resoure Pool 3 Nme lx01-w01rp-user-ege lx01-w01rp-user-vm CPU-Shres Norml Norml CPU-Reservtion 0 0 CPU-Reservtion Type Expnle selete Expnle selete CPU-Limit Unlimite Unlimite Memory-Shres Norml Norml Memory-Reservtion 0 0 Memory-Reservtion type Expnle selete Expnle selete Memory-Limit Unlimite Unlimite Crete vsphere Distriute Swith for the Shre Ege n Compute Cluster in Region B After ll ESXi hosts re e to the luster, you rete vsphere Distriute Swith. VMwre, In. 98

99 1 Log in to the Compute vcenter Server y using the vsphere We Client. Open We rowser n go to Log in using the following reentils. User nme Psswor ministrtor@vsphere.lol vsphere_min_psswor 2 Crete vsphere Distriute Swith for the shre ege n ompute luster. e In the Nvigtor, lik Networking n expn the lx01w01v01.lx01.rinpole.lol tree. Right-lik the lx01-w01 t enter n selet Distriute Swith > New Distriute Swith to strt the New Distriute Swith wizr. On the Nme n lotion pge, enter lx01-w01-vs01 s the nme, n lik Next. On the Selet version pge, ensure the Distriute swith version rio utton is selete, n lik Next. On the Eit settings pge, enter the following vlues n lik Next. Numer of uplinks 2 Network I/O Control Crete efult port group Enle Deselete f On the Rey to omplete pge, review your entries n lik Finish. 3 Eit the settings of the lx01-w01-vs01 istriute swith. Right-lik the lx01-w01-vs01 istriute swith n selet s > Eit s. Clik the Avne t. Enter 9000 s MTU (Bytes) vlue n lik OK. VMwre, In. 99

100 4 Crete new port groups in the lx01-w01-vs01 istriute swith. Right-lik the lx01-w01-vs01 istriute swith, n selet Distriute Port Group > New Distriute Port Group. Crete port groups with the following settings, n lik Next. Port Group Nme Port Bining Port Allotion Numer of Ports VLAN Type VLAN ID lx01-w01-vs01-mngement Stti ining Elsti 8 VLAN 1731 lx01-w01-vs01-vmotion Stti ining Elsti 8 VLAN 1732 lx01-w01-vs01-vsn Stti ining Elsti 8 VLAN 1733 lx01-w01-vs01-nfs Stti ining Elsti 8 VLAN 1725 lx01-w01-vs01-uplink01 Stti ining Elsti 8 VLAN 1735 lx01-w01-vs01-uplink02 Stti ining Elsti 8 VLAN 2721 Note You rete the VXLAN port group uring the onfigurtion of NSX Mnger. On the Rey to omplete pge, review your entries n lik Finish. Repet this step for eh port group. 5 Chnge Port Groups to use the Route Bse on Physil NIC lo teming lgorithm. Right-lik the lx01-w01-vs01 istriute swith n selet Distriute Port Groups > Mnge Distriute Port Groups. e Selet Teming n filover n lik Next. Clik the Selet Distriute Port Groups utton, ll port groups, exept lx01-w01-vs01- uplink01 n lx01-w01-vs01-uplink02, lik OK, n lik Next. On the Teming n filover pge, selet Route se on physil NIC lo from the Lo lning rop-own menu n lik Next. Clik Finish. 6 Configure the uplinks for the lx01-w01-vs01-uplink01 n lx01-w01-vs01-uplink02 port groups. e f Right-lik the lx01-w01-vs01-uplink01 port group, n lik Eit s. Selet Teming n Filover. Move Uplink2 to Unuse uplinks n lik OK. Right-lik the lx01-w01-vs01-uplink02 port group, n lik Eit s. Selet Teming n Filover. Move Uplink1 to Unuse uplinks n lik OK. VMwre, In. 100

101 7 Connet the ESXi host lx01w01esx01.lx01.rinpole.lol to the lx01-w01-vs01 istriute swith y migrting its VMkernel n virtul mhine network pters. e f g h i Right-lik the lx01-w01-vs01 istriute swith n lik A n Mnge Hosts. On the Selet tsk pge, selet A hosts n lik Next. On the Selet hosts pge, lik New hosts. In the Selet new hosts ilog ox, selet lx01w01esx01.lx01.rinpole.lol n lik OK. On the Selet hosts pge, lik Next. On the Selet network pter tsks pge, ensure oth Mnge physil pters n Mnge VMkernel pters hek oxes re selete n lik Next. On the Mnge physil network pters pge, lik vmni1 n lik Assign uplink. In the Selet n Uplink for vmni1 ilog ox, selet Uplink 2 n lik OK. On the Mnge physil network pters pge, lik Next. 8 Configure the VMkernel network pters. e On the Mnge VMkernel network pters pge, lik vmk0 n lik Assign port group. Selet lx01-w01-vs01-mngement n lik OK. On the Mnge VMkernel network pters pge, lik On this swith n lik New pter. On the A Networking pge, lik Selet n existing network, selet the lx01-w01-vs01- nfs port group, lik OK, n lik Next. On the Port properties pge, lik Next. f Uner IPv4 settings, selet Use stti IPv4 settings, enter the IP ress , enter the sunet , n lik Next. g h i Clik Finish. On the Anlyze impt pge, lik Next. On the Rey to omplete pge, review your entries n lik Finish. 9 Crete the vmotion VMkernel pter. e In the Nvigtor, lik Host n Clusters n expn the lx01w01v01.lx01.rinpole.lol tree. Clik lx01w01esx01.lx01.rinpole.lol. Clik the Configure t, then selet VMkernel pters. Clik the A host networking ion, selet VMkernel Network Apter, n lik Next. On the A Networking pge, lik Selet n existing network, selet the lx01-w01-vs01- vmotion port group, lik OK, n lik Next. VMwre, In. 101

102 f On the Port properties pge, selet vmotion from the TCP/IP Stk rop-own menu n lik Next. g Uner IPv4 settings, selet Use stti IPv4 settings, enter the IP ress , enter the sunet , n lik Next. h Clik Finish. 10 Configure the MTU on the vmotion VMkernel pter. Selet the vmotion VMkernel pter rete in the previous step, n lik Eit s. Clik the NIC s pge. Enter 9000 for the MTU vlue n lik OK. 11 Configure the vmotion TCP/IP stk. Uner Networking, lik TCP/IP onfigurtion. Selet vmotion n lik the Eit TCP/IP stk onfigurtion ion. Clik Routing, enter for the VMKernel gtewy ress, n lik OK. 12 Define Network I/O Control shres for the ifferent trffi types on the lx01-w01-vs01 istriute swith. In the Nvigtor, lik Networking n lik the lx01-w01 t enter. Clik the lx01-w01-vs01 istriute swith. Clik the Configure t n lik Resoure Allotion > System trffi. Uner System Trffi, eit eh of the following trffi types with the vlues from the tle. Trffi Types vsan Trffi NFS Trffi vmotion Trffi vsphere Replition (VR) Trffi Mngement Trffi vsphere Dt Protetion Bkup Trffi Virtul Mhine Trffi Fult Tolerne (FT) Trffi iscsi Trffi Shres Low Low Low Low Norml Low High Low Low 13 Migrte the lst physil pter from the stnr swith to the lx01-w01-vs01 istriute swith. In the Nvigtor, lik Networking n expn the lx01-w01 t enter. Right-lik the lx01-w01-vs01 istriute swith n selet A n Mnge hosts. On the Selet tsk pge, selet Mnge host networking n lik Next. VMwre, In. 102

103 e f g h i j k On the Selet hosts pge, lik Atthe hosts. In the Selet memer hosts ilog ox, selet lx01w01esx01.lx01.rinpole.lol n lik OK. On the Selet hosts pge, lik Next. On the Selet network pter tsks pge, selet Mnge Physil pters n lik Next. On the Mnge physil network pters pge, uner lx01w01esx01.lx01.rinpole.lol, selet vmni0 n lik Assign uplink. In the Selet n Uplink ilog ox, selet Uplink 1, lik OK, n lik Next. On the Anlyze Impt pge, lik Next. On the Rey to omplete pge, lik Finish. 14 Enle vsphere Distriute Swith Helth Chek. In the Nvigtor, lik Networking n expn the lx01-w01 t enter. Selet the lx01-w01-vs01 istriute swith n lik the Configure t. In the Nvigtor, selet Helth hek n lik the Eit utton. For VLAN n MTU n Teming n filover, selet Enle n lik OK. 15 Delete the vsphere Stnr Swith. e In the Nvigtor, lik Hosts n Clusters n expn the lx01w01v01.lx01.rinpole.lol tree. Selet lx01w01esx01.lx01.rinpole.lol n lik Configure. On the Configure pge, selet Virtul Swithes. On the Virtul Swithes pge, selet vswith0 n lik the Remove selete stnr swith utton. In the Remove Stnr Swith ilog ox, lik Yes. Enle vsphere HA on the Shre Ege n Compute Cluster in Region B Before reting the host profile for the shre ege n ompute luster, enle vsphere HA. VMwre, In. 103

104 1 Log in to the Compute vcenter Server y using the vsphere We Client. Open We rowser n go to Log in using the following reentils. User nme Psswor ministrtor@vsphere.lol vsphere_min_psswor 2 In the Nvigtor pne, lik Hosts n Clusters n expn the lx01w01v01.lx01.rinpole.lol tree. 3 Selet the lx01-w01-omp01 luster. 4 Clik the Configure t n lik vsphere Avilility. 5 Clik Eit. 6 In the Eit Cluster s ilog ox, selet the Turn on vsphere HA hek ox. 7 Clik Filures n Responses n selet the following vlues. Enle Host Monitoring Host Filure Response Response for Host Isoltion Dtstore with PDL Dtstore with APD VM Monitoring Selete Restrt VMs Power off n restrt VMs Disle Disle VM Monitoring Only 8 Clik Amission Control. 9 Uner the Amission Control settings, enter the following settings. Host filures luster tolertes 1 Define host filover pity y Overrie lulte filover pity Cluster resoure perentge Deselete Performne egrtion VMs tolerte 100% 10 Clik OK. VMwre, In. 104

105 Configure SSH, NTP, n Avne Options on the First ESXi Host in the Shre Ege n Compute Cluster in Region B Time synhroniztion issues n result in serious prolems with your environment. Configure NTP for eh of your hosts in the shre ege n ompute lusters. Chnge the efult ESX Amins group to hieve greter levels of seurity y removing known ministrtive ess point. 1 Log in to the Compute vcenter Server y using the vsphere We Client. Open We rowser n go to Log in using the following reentils. User nme Psswor ministrtor@vsphere.lol vsphere_min_psswor 2 Enle SSH n NTP. e f g In the Nvigtor, lik Hosts n Clusters n expn the lx01w01v01.lx01.rinpole.lol tree. Selet the lx01w01esx01.lx01.rinpole.lol host. Uner System, lik the Configure t n lik Seurity Profile. Uner the Servies setion, lik the Eit utton. In the Eit Seurity Profile ilog ox, selet SSH, selet Strt n stop with host from the Strtup Poliy rop-own menu, n lik the Strt utton. In the Eit Seurity Profile ilog ox, selet NTP Demon, hnge the Strtup poliy to Strt n stop with host, n lik the Strt utton. Clik OK to sve the hnges. 3 Configure the NTP Demon (ntp) options. In the Nvigtor, lik Hosts n Clusters n expn the lx01w01v01.lx01.rinpole.lol tree. Selet the lx01w01esx01.lx01.rinpole.lol host. Uner System, lik the Configure t n lik Time Configurtion. Clik Eit. VMwre, In. 105

106 e f In the Eit Time Configurtion ilog ox, selet the Use Network Time Protool (Enle NTP lient) rio utton, hnge the NTP servie strtup poliy to Strt n stop with host, enter ntp.lx01.rinpole.lol,ntp.sfo01.rinpole.lol s NTP servers, n lik the Strt utton. Clik OK to sve the hnges. 4 Chnge the efult ESX Amins group. e f In the Nvigtor, lik Hosts n Clusters. Expn the lx01w01v01.lx01.rinpole.lol vcenter inventory tree, n selet the lx01w01esx01.lx01.rinpole.lol host. Clik the Configure t n uner System, lik Avne System s. Clik the Eit utton. In the filter ox, enter esxamins n wit for the serh results. Chnge the vlue of Config.HostAgent.plugins.hostsv.esxAminsGroup to SDDC-Amins n lik OK. 5 Disle the SSH wrning nner. e f In the Nvigtor, lik Hosts n Clusters. Expn the lx01w01v01.lx01.rinpole.lol vcenter inventory tree, n selet the lx01w01esx01.lx01.rinpole.lol host. Clik the Configure t n uner System, lik Avne System s. Clik the Eit utton. In the filter ox, enter ssh n wit for the serh results. Chnge the vlue of UserVrs.SuppressShellWrning to 1 n lik OK. Mount NFS Storge for the Shre Ege n Compute Cluster in Region B You must mount n NFS tstore for the ontent lirry onsume y vrelize Automtion for virtul mhine provisioning. VMwre, In. 106

107 1 Log in to the Compute vcenter Server y using the vsphere We Client. Open We rowser n go to Log in using the following reentils. User nme Psswor ministrtor@vsphere.lol vsphere_min_psswor 2 In the Nvigtor pne, lik Hosts n Clusters n expn the lx01w01v01.lx01.rinpole.lol. 3 Clik lx01w01esx01.lx01.rinpole.lol. 4 Clik Dtstore uner Storge. 5 Clik the Crete New Dtstore ion. The New Dtstore wizr opens. 6 On the Type pge, selet NFS n lik Next. 7 On the NFS version pge, selet NFS 3 n lik Next. 8 On the Nme n onfigurtion pge, enter the following tstore informtion n lik Next. Dtstore Nme Foler lx01-w01-li01 /VVD_vRA_ComputeB_1TB server On the Rey to omplete pge, review the onfigurtion n lik Finish. Crete n Apply the Host Profile for the Shre Ege n Compute Cluster in Region B Host Profiles ensure tht ll hosts in the luster hve the sme onfigurtion. VMwre, In. 107

108 1 Log in to the Compute vcenter Server y using the vsphere We Client. Open We rowser n go to Log in using the following reentils. User nme Psswor ministrtor@vsphere.lol vsphere_min_psswor 2 Crete Host Profile from lx01w01esx01.lx01.rinpole.lol. In the Nvigtor, selet Hosts n Clusters n expn the lx01w01v01.lx01.rinpole.lol tree. Right-lik lx01w01esx01.lx01.rinpole.lol n selet Host Profiles > Extrt Host Profile. In the Extrt Host Profile pge, enter lx01-w01hp-omp01 for the Nme n lik Next. In the Rey to omplete pge, lik Finish. 3 Atth the Host Profile to the shre ege n ompute luster. In the Nvigtor, selet Hosts n Clusters n expn the lx01w01v01.lx01.rinpole.lol tree. Right lik the lx01-w01-omp01 luster n selet Host Profiles > Atth Host Profile. In the Atth Host Profile winow, selet the lx01-w01hp-omp01 Host Profile, selet the Skip Host Customiztion hek ox, n lik Finish. 4 Crete Host Customiztions for the hosts in the shre ege n ompute luster. e In the Nvigtor, selet Poliies n Profiles. Clik Host Profiles, then right-lik on lx01-w01hp-omp01, n selet Export Host Customiztions. In the ilog ox, lik Sve. Selet file lotion to sve the lx01-w01hp-omp01_host_ustomiztions.sv file. Open the lx01-w01hp-omp01_host_ustomiztions.sv in Exel. VMwre, In. 108

109 f Eit the file using the following onfigurtion vlues. NetStk Instne ESXi Host Ative Diretory Configurtion Psswor Ative Diretory Configurtion user nme efulttpipstk- >DNS onfigurtion Nme for this host NetStk Instne vmotion->dns onfigurtion lx01w01esx01.lx01.rinpole.lol sv-ominjoin_psswor lx01w01esx01 lx01w01esx01 lx01w01esx02.lx01.rinpole.lol sv-ominjoin_psswor lx01w01esx02 lx01w01esx02 lx01w01esx03.lx01.rinpole.lol sv-ominjoin_psswor lx01w01esx03 lx01w01esx03 lx01w01esx04.lx01.rinpole.lol sv-ominjoin_psswor lx01w01esx04 lx01w01esx04 ESXi Host Host virtul NIC lx01-w01- vs01:lx01-w01-vs01- mngement:mngement->ip ress settings IPv4 ress Host virtul NIC lx01-w01- vs01:lx01-w01-vs01- mngement:mngement->ip ress settings SunetMsk lx01w01esx01.lx01.rinpole.lol lx01w01esx02.lx01.rinpole.lol lx01w01esx03.lx01.rinpole.lol lx01w01esx04.lx01.rinpole.lol ESXi Host Host virtul NIC lx01-w01- vs01:lx01-w01-vs01- nfs:<unresolved>->ip ress settings IPv4 ress Host virtul NIC lx01-w01- vs01:lx01-w01-vs01- nfs:<unresolved>->ip ress settings SunetMsk lx01w01esx01.lx01.rinpole.lol lx01w01esx02.lx01.rinpole.lol lx01w01esx03.lx01.rinpole.lol lx01w01esx04.lx01.rinpole.lol ESXi Host Host virtul NIC lx01-w01- vs01:lx01-w01-vs01- vmotion:vmotion->ip ress settings IPv4 ress Host virtul NIC lx01-w01- vs01:lx01-w01-vs01- vmotion:vmotion->ip ress settings SunetMsk lx01w01esx01.lx01.rinpole.lol lx01w01esx02.lx01.rinpole.lol lx01w01esx03.lx01.rinpole.lol lx01w01esx04.lx01.rinpole.lol VMwre, In. 109

110 g h i j k When the file is upte, sve it n lose Exel. Clik the Configure t. Clik the Eit Host Customiztions utton. In the Eit Host Customiztions winow, selet ll hosts n lik Next. To use the ustomiztion file, lik the Browse utton, lote the lx01-w01hpomp01_host_ustomiztions.sv file, selet it, lik Open, n lik Finish. 5 Remeite the hosts in the shre ege n ompute luster On the Poliies n Profiles pge, lik lx01-w01hp-omp01, lik the Monitor t, n then lik the Compline t. Clik lx01-w01-omp01 in the Host/Cluster olumn n lik Chek Host Profile Compline ion. Note This ompline test shows tht the first host is Complint, ut the other hosts re Not Complint. Clik eh of the non-omplint hosts, lik Remeite host se on its host profile ion, n then lik Finish on the wizr tht ppers. Note All hosts now hve Complint sttus in the Host Compline olumn. 6 Sheule nightly ompline heks. e f g On the Poliies n Profiles pge, lik lx01-w01hp-omp01, lik the Monitor t, n lik the Sheule Tsks t. Clik Sheule New Tsk n lik Chek Host Profile Compline. In the Chek Host Profile Compline (sheule) winow, lik Sheuling Options. Enter lx01-w01hp-omp01 Compline Chek in the Tsk Nme text ox. Clik the Chnge utton on the Configure Sheuler line. In the Configure Sheuler pge, selet Setup reurring sheule for this tion, hnge the Strt time to 10:00 PM, n lik OK. In the Chek Host Profile Compline (sheule) pge, lik Ok. Configure Lokown Moe on All ESXi Hosts in Region B To inrese the seurity of your ESXi hosts, you enle Lokown moe to llow ministrtive opertions to e performe only from vcenter Server. vsphere supports n Exeption User list for servie ounts tht hve to log in to the host iretly. Aounts with ministrtive privileges tht re on the Exeption Users list n log in to the ESXi Shell. In ition, these users n log in to host's DCUI in norml lokown moe n n exit lokown moe. VMwre, In. 110

111 You repet this proeure to enle norml lokown moe for ll hosts in the t enter in the following tle. Tle Hosts in the Dt Center Host Mngement host 1 Mngement host 2 Mngement host 3 Mngement host 4 Shre Ege n Compute host 1 Shre Ege n Compute host 2 Shre Ege n Compute host 3 Shre Ege n Compute host 4 FQDN lx01m01esx01.lx01.rinpole.lol lx01m01esx02.lx01.rinpole.lol lx01m01esx03.lx01.rinpole.lol lx01m01esx04.lx01.rinpole.lol lx01w01esx01.lx01.rinpole.lol lx01w01esx02.lx01.rinpole.lol lx01w01esx03.lx01.rinpole.lol lx01w01esx04.lx01.rinpole.lol 1 Log in to the Compute vcenter Server y using the vsphere We Client. Open We rowser n go to Log in using the following reentils. User nme Psswor ministrtor@vsphere.lol vsphere_min_psswor 2 In the Nvigtor, lik Hosts n Clusters n expn the entire lx01w01v01.lx01.rinpole.lol tree. 3 Selet the lx01w01esx01.lx01.rinpole.lol host. 4 Clik Configure. 5 Uner System, selet Seurity Profile. 6 In the Lokown Moe pnel, lik Eit. 7 In the Lokown Moe ilog ox, selet the Norml rio utton, n lik OK. 8 Repet the proeure to enle norml lokown moe for ll remining hosts in the t enter. Note Lokown Moe settings re not prt of Host Profiles n must e mnully enle on ll hosts. Crete the VM n Templte Folers in Region B Crete folers to group ojets of the sme type for esier mngement. VMwre, In. 111

112 Tle Folers for the Mngement Applitions in Region B Mngement Applitions NSX Mnger + Controllers + Eges Foler lx01-w01f-nsx 1 Log in to the Compute vcenter Server y using the vsphere We Client. Open We rowser n go to Log in using the following reentils. User nme Psswor ministrtor@vsphere.lol vsphere_min_psswor 2 Crete foler for the vrelize Log Insight mngement pplition. e In the Nvigtor, lik VMs n Templtes. Expn the lx01w01v01.lx01.rinpole.lol tree. Right-lik the lx01-w01 t enter n selet New Foler > New VM n Templte Foler. In the New Foler ilog ox, enter lx01-w01f-nsx s the nme to lel the foler, n lik OK. Repet this step to rete the remining folers. 3 Delete the Disovere Virtul Mhines foler. In the Nvigtor, lik VMs n Templtes. Expn the lx01w01v01.lx01.rinpole.lol tree. Right-lik the Disovere Virtul Mhines foler n selet Remove from Inventory. Deploy n Configure the Shre Ege n Compute Cluster NSX Instne in Region B Deploy n onfigure the NSX instne for the shre ege n ompute luster in Region B. 1 Prerequisites for Implementtion of the Shre Ege n Compute NSX Instne in Region B Before you eploy the NSX Components of the Shre Ege n Compute Cluster in Region B, verify tht your environment stisfies the requirements for this eployment. 2 Deploy the NSX Mnger for the Shre Ege n Compute Cluster NSX Instne in Region B For every instne of NSX Mnger, there is one onnete vcenter Server. VMwre, In. 112

113 3 Join the Shre Ege n Compute Cluster NSX Mnger to the Primry NSX Instne in Region B Join the seonry NSX instne to the respetive primry instne. 4 Prepre the ESXi Hosts in the Shre Ege n Compute Cluster for NSX in Region B NSX kernel moules pkge in VIB files run within the hypervisor kernel n provie servies suh s istriute routing, istriute firewll, n VXLAN riging pilities. To use NSX, you must instll the NSX kernel moules on the ESXi hosts. 5 Configure the NSX Logil Network for the Shre Ege n Compute Cluster in Region B After ll eployment tsks re omplete, you onfigure the NSX logil network. 6 Upte the Host Profile for the Compute Cluster in Region B After n uthorize hnge is me to host, the Host Profile must e upte to reflet the hnges. 7 Configure NSX Dynmi Routing in the Shre Ege n Compute Cluster in Region B NSX for vsphere retes network virtuliztion lyer on top of whih ll virtul networks re rete. This lyer is n strtion etween the physil n virtul networks. 8 Test the Shre Ege n Compute Cluster NSX Configurtion in Region B Test the onfigurtion of the NSX logil network y using ping test. A ping test heks if two hosts in network n reh eh other. 9 Test the Shre Ege n Compute Clusters Routing Filover After the lusters re fully onfigure in Region A n Region B, verify tht the network onnetivity etween them works s expete. Prerequisites for Implementtion of the Shre Ege n Compute NSX Instne in Region B Before you eploy the NSX Components of the Shre Ege n Compute Cluster in Region B, verify tht your environment stisfies the requirements for this eployment. IP Aresses n Host Nmes Verify tht stti IP resses n FQDNs for the mngement networks re ville for the SDDC eployment. Allote stti IP resses n FQDNs for the NSX Mnger, NSX Controller noes, n omponents. Tle Network Nmes for SDDC Components NSX Mnger Region A NSX Mnger NSX Controllers Network lx01-m01-vs01-mngement lx01-w01-vs01-mngement VMwre, In. 113

114 Tle IP Aresses n Host Nmes for the NSX Components in Region B Role IP Aress FQDN NSX Mnger lx01w01nsx01.lx01.rinpole.lol Ege Servies Gtewy lx01w01esg01.lx01.rinpole.lol Ege Servies Gtewy lx01w01esg02.lx01.rinpole.lol Universl Distriute Logil Router sfo01w01ulr01.sfo01.rinpole.lol UDLR_Compute_Worklo_Sunet_RegionB Distriute Logil Router lx01w01lr01.lx01.rinpole.lol DLR_Compute_Worklo_Sunet Sunet msk DNS Gtewy NTP servers ntp.lx01.rinpole.lol Deployment Prerequisites Verify tht your environment stisfies the following prerequisites for the eployment of Pltform Servies Controller n vcenter Server. Prerequisite Storge Virtul isk provisioning. Thin Require storge per NSX Mnger: Initil storge for the NSX Mnger: 60 GB Require storge per NSX Controller noes n Components. Storge requirement: 240 GB Softwre Fetures Verify tht vcenter is Opertionl. Instlltion Pkge Downlo the.iso file for the NSX Mnger. Liense Verify tht you hve otine NSX liense with quntity tht stisfies the requirements of this esign. Ative Diretory Verify tht you hve prent tive iretory with the SDDC user roles onfigure for the rinpole.lol omin. VMwre, In. 114

115 Prerequisite sv-nsxmnger(user Role) Certifite Authority Configure the root Ative Diretory omin ontroller s ertifite uthority for the environment. Downlo the CertGenVVD tool n generte the signe ertifite for the NSX Mnger. See the VMwre Vlite Design Plnning n Preprtion oumenttion. Deploy the NSX Mnger for the Shre Ege n Compute Cluster NSX Instne in Region B For every instne of NSX Mnger, there is one onnete vcenter Server. Deploy the NSX Mnger Appline for the Shre Ege n Compute Cluster NSX Instne in Region B You strt implementing network virtuliztion for tennt worklos in Region B y eploying the NSX Mnger virtul ppline. 1 Log in to the Mngement vcenter Server y using the vsphere We Client. Open We rowser n go to Log in using the following reentils. User nme Psswor ministrtor@vsphere.lol vsphere_min_psswor 2 Open the Deploy OVF Templte wizr. In the Nvigtor, expn the entire lx01m01v01.lx01.rinpole.lol tree. Right-lik the lx01-m01-mgmt01 luster n lik Deploy OVF Templte. 3 On the Selet templte pge, lik the Browse utton, selet the VMwre NSX Mnger.ov file, n lik Next. 4 On the Selet Nme n lotion pge, enter the following settings n lik Next. Nme Foler or t enter lx01w01nsx01 lx01-m01f-nsx 5 On the Selet Resoure pge, selet the following vlues n lik Next. Cluster lx01-m01-mgmt01 VMwre, In. 115

116 6 On the Review Detils pge, selet the Aept extr onfigurtion option hek ox n lik Next. 7 On the Aept Liense Agreements pge, lik Aept n lik Next. 8 On the Selet Storge pge, enter the following settings n lik Next. Selet virtul isk formt VM Storge Poliy Dtstore Thin Provision vsan Defult Storge Poliy lx01-m01-vsn01 9 On the Setup Networks pge, uner Destintion, selet lx01-m01-vs01-mngement n lik Next. 10 On the Customize Templte pge, expn the ifferent options, enter the following settings, n lik Next. DNS Server List , Domin Serh List lx01.rinpole.lol Defult IPv4 Gtewy Hostnme lx01w01nsx01.lx01.rinpole.lol Network 1 IPv4 Aress Network 1 Netmsk Enle SSH NTP Server List CLI "min" User Psswor / enter CLI "min" User Psswor / onfirm CLI Privilege Moe Psswor / enter CLI Privilege Moe Psswor / onfirm Selete ntp.lx01.rinpole.lol,ntp.sfo01.rinpole.lol ompnsx_min_psswor ompnsx_min_psswor ompnsx_privilege_psswor ompnsx_privilege_psswor 11 On the Rey to Complete pge, lik Finish. 12 In the Nvigtor, expn the lx01w01v01.lx01.rinpole.lol ontrol tree, selet the lx01w01nsx01 virtul mhine, n lik Power on. 13 Log out from the vcenter Server session in the vsphere We Client. Reple the NSX Mnger Certifite for Shre Ege n Compute Cluster in Region B After you eploy the ppline of NSX Mnger, reple the efult ertifite with ustomer ertifite to estlish truste onnetion with the mngement omponents in the SDDC. The ertifite generte y the CertGenVVD utility is signe y ertifite uthority (CA) on the prent Ative Diretory server. VMwre, In. 116

117 Tle Certifite-Relte Files on the NSX Mnger Instne NSX Mnger FQDN lx01w01nsx01.lx01.rinpole.lol Certifite Filenme lx01w01nsx01.4.p12 Prerequisites CA-signe ertifite files generte y using VMwre Vlite Design Certifite Genertion Utility (CertGenVVD). See the VMwre Vlite Design Plnning n Preprtion oumenttion. 1 Log in to the ppline interfe of NSX Mnger for the shre ege n ompute luster. Open We rowser n go to Log in using the following reentils. User nme Psswor min nsx_mnger_min_psswor 2 On the Home pge, selet Mnge Appline s. 3 On the Mnge t, lik SSL Certifites n lik Uplo PKSCS#12 Keystore. 4 Browse to the ertifite hin file lx01w01nsx01.4.p12, provie the keystore psswor or pssphrse, n lik Import. 5 Restrt the NSX Mnger to propgte the CA-signe ertifite. In the top right orner of the NSX Mnger pge, lik the s ion. From the rop-own menu, selet Reoot Appline. Connet NSX Mnger to the Compute vcenter Server in Region B After you eploy the NSX Mnger virtul ppline for the shre ege n ompute luster, ssign the servie ount with LienseServie Aministrtor SSO role n onnet the NSX Mnger to the Compute vcenter Server. 1 Log in to the ppline interfe of NSX Mnger for the shre ege n ompute luster. Open We rowser n go to Log in using the following reentils. User nme Psswor min nsx_mnger_min_psswor 2 Clik Mnge vcenter Registrtion. VMwre, In. 117

118 3 Uner Lookup Servie, lik Eit. 4 In the Lookup Servie ilog ox, enter the following settings n lik OK. Lookup Servie IP lx01ps01.lx01.rinpole.lol Lookup Servie Port 443 SSO Aministrtor User Nme Psswor ministrtor@vsphere.lol vsphere_min_psswor 5 In the Trust Certifite? ilog ox, lik Yes. 6 Uner vcenter Server, lik Eit. 7 In the vcenter Server ilog ox, enter the following settings n lik OK. vcenter Server vcenter User Nme Psswor lx01w01v01.lx01.rinpole.lol sv-nsxmnger@rinpole.lol sv-nsxmnger_psswor 8 In the Trust Certifite? ilog ox, lik Yes. 9 Wit for the Sttus initors for the Lookup Servie n vcenter Server to hnge to Connete sttus. Assign Aministrtive Aess to NSX Mnger for the Shre Ege n Compute Cluster in Region B Assign the NSX Enterprise Aministrtor Role. 1 Log in to the vcenter Server y using the vsphere We Client. Open We rowser n go to Log in using the following reentils. User nme Psswor sv-nsxmnger@rinpole.lol sv-nsxmnger_psswor 2 In the Nvigtor, lik Networking & Seurity n lik Users n Domins. 3 Uner NSX Mngers, lik the instne n lik the A ion. 4 On the Ientify User pge, selet the Speify vcenter user rio utton, enter ministrtor@vsphere.lol in the User text ox, n lik Next. VMwre, In. 118

119 5 On the Selet Roles pge, selet the Enterprise Aministrtor rio utton n lik Finish. Join the Shre Ege n Compute Cluster NSX Mnger to the Primry NSX Instne in Region B Join the seonry NSX instne to the respetive primry instne. 1 Log in to the Compute vcenter Server y using the vsphere We Client. Open We rowser n go to Log in using the following reentils. User nme Psswor ministrtor@vsphere.lol vsphere_min_psswor 2 Assign the seonry role to the shre ege n ompute NSX Mnger in Region B. e Uner Inventories, lik Networking & Seurity. In the Nvigtor, lik Instlltion n Upgre. On the Mngement t, selet the instne. Selet Ations > A Seonry NSX Mnger. In the A Seonry NSX Mnger ilog ox, enter the following settings n lik OK. NSX Mnger User nme Psswor Confirm Psswor min mgmtnsx_min_psswor mgmtnsx_min_psswor f In the Trust Certifite onfirmtion ilog ox, lik Yes. Prepre the ESXi Hosts in the Shre Ege n Compute Cluster for NSX in Region B NSX kernel moules pkge in VIB files run within the hypervisor kernel n provie servies suh s istriute routing, istriute firewll, n VXLAN riging pilities. To use NSX, you must instll the NSX kernel moules on the ESXi hosts. VMwre, In. 119

120 1 Log in to the Compute vcenter Server y using the vsphere We Client. Open We rowser n go to Log in using the following reentils. User nme Psswor ministrtor@vsphere.lol vsphere_min_psswor 2 In the Nvigtor, lik Networking & Seurity. 3 Clik Instlltion n Upgrge n lik the Host Preprtion t. 4 Selet from the NSX Mnger rop-own menu. 5 Uner NSX Component Instlltion on Hosts, lik Ations, lik Instll for the lx01-w01- omp01 luster, n in the onfirmtion ilog ox, lik Yes. 6 Verify tht the Instlltion Sttus olumn shows the NSX version for ll hosts in the luster to onfirm tht NSX kernel moules re suessfully instlle. Configure the NSX Logil Network for the Shre Ege n Compute Cluster in Region B After ll eployment tsks re omplete, you onfigure the NSX logil network. Complete this proess in three min steps: Configure the Segment ID llotion. Configure the VXLAN networking. A luster to the universl trnsport zone. 1 Log in to the Compute vcenter Server y using the vsphere We Client. Open We rowser n go to Log in using the following reentils. User nme Psswor ministrtor@vsphere.lol vsphere_min_psswor VMwre, In. 120

121 2 Configure the Segment ID llotion. In the Nvigtor, lik Networking & Seurity. Clik Instlltion, lik Logil Network Preprtion, n lik Segment ID. Selet from the NSX Mnger rop-own menu. Clik Eit, enter the following settings n lik OK. Segment ID pool Enle Multist ressing Selete Multist resses Configure the VXLAN networking. Clik the Host Preprtion t. Uner VXLAN, lik Not Configure on the lx01-w01-omp01 row, enter the following settings, n lik OK. Swith lx01-w01-vs01 VLAN 1734 MTU 9000 VMKNi IP Aressing VMKNi Teming Poliy Use DHCP Lo Blne - SRCID VTEP 2 4 Configure the Universl trnsport zone. In the Nvigtor, lik the Logil Network s t n lik Trnsport Zones. From the Ations menu, selet the Comp Universl Trnsport Zone n selet Connet Clusters. In the Connet Clusters ilog ox, selet the lx01-w01-omp01 luster n lik OK. 5 Configure the Glol trnsport zone. On the Instlltion n Upgre pge, lik the Logil Network s t n lik Trnsport Zones. Selet from the NSX Mnger rop-own menu. VMwre, In. 121

122 Clik the New Trnsport zone ion. In the New Trnsport Zone ilog ox, enter the following settings n lik OK. Nme Replition moe Selet lusters prt of the Trnsport Zone Comp Glol Trnsport Zone Hyri lx01-w01-omp01 Upte the Host Profile for the Compute Cluster in Region B After n uthorize hnge is me to host, the Host Profile must e upte to reflet the hnges. 1 Log in to the Compute vcenter Server y using the vsphere We Client. Open We rowser n go to Log in using the following reentils. User nme Psswor ministrtor@vsphere.lol vsphere_min_psswor 2 Upte the Host Profile for the ompute luster. In the Nvigtor, selet Poliies n Profiles. Clik Host Profiles, right-lik on lx01-w01-omp01, n selet Copy settings from Host. Selet lx01w01esx01.lx01.rinpole.lol n lik OK. 3 Verify ompline for the hosts in the luster. On the Poliies n Profiles pge, lik the lx01-w01hp-omp01 host profile. Clik the Monitor t n lik Compline. Selet lx01-w01-omp01 n lik the Chek Host Profile Compline utton. This ompline test shows tht the first host is Complint, ut the other hosts re Not Complint. e f Clik eh of the non-omplint hosts n lik Remeite Hosts Bse on its Host Profile. In the Remeite Hosts Bse on its Host Profile wizr, enter Host Nme if prompte for NetStk Instne vxln->dns onfigurtion n lik Next. On the Rey to omplete pge, lik Finish. All hosts hve Complint sttus in the Host Compline olumn. VMwre, In. 122

123 Configure NSX Dynmi Routing in the Shre Ege n Compute Cluster in Region B NSX for vsphere retes network virtuliztion lyer on top of whih ll virtul networks re rete. This lyer is n strtion etween the physil n virtul networks. 1 Crete Logil Swith in the Shre Ege n Compute Cluster in Region B Crete glol trnsit logil swith for use s the trnsit network in the luster. 2 Deploy NSX Ege Devies for North-South Routing in the Shre Ege n Compute Cluster in Region B Deploy NSX Ege Devies for North-South routing in the shre ege n ompute luster. 3 Disle the Firewll Servie in the Shre Ege n Compute Cluster in Region B Disle the firewll of the two NSX Ege servies gtewys. 4 Enle n Configure Routing in the Shre Ege n Compute Cluster in Region B Enle the Borer Gtewy Protool (BGP) to exhnge routing informtion etween the NSX Ege servies gtewys. 5 Verify Peering of Upstrem Swithes n Estlishment of BGP in Shre Ege n Compute Cluster in Region B The NSX Ege evies must estlish onnetion to eh of their upstrem BGP swithes efore BGP uptes n e exhnge. Verify tht the NSX Eges evies re suessfully peering n tht BGP routing hs een estlishe. 6 Configure Universl Distriute Logil Router for Dynmi Routing in the Shre Ege n Compute Cluster in Region B Configure the universl istriute logil router (UDLR) in the shre ege n ompute luster to use ynmi routing. 7 Verify Estlishment of BGP for the Universl Distriute Logil Router in the Shre Ege n Compute Cluster in Region B The universl istriute logil router (UDLR) must estlish onnetion to Ege Servies Gtewy efore BGP uptes n e exhnge. Verify tht the UDLR is suessfully peering, n tht BGP routing hs een estlishe. 8 Deploy the Distriute Logil Router in the Shre Ege n Compute Cluster in Region B Deploy the istriute logil routers (DLR). 9 Configure Distriute Logil Router for Dynmi Routing in Shre Ege n Compute Cluster in Region B Configure the istriute logil router (DLR) in the shre ege n ompute luster to use ynmi routing. VMwre, In. 123

124 10 Verify Estlishment of BGP for the Distriute Logil Router in the Shre Ege n Compute Cluster in Region B The istriute logil router (DLR) must estlish onnetion to Ege Servies Gtewy efore BGP uptes n e exhnge. Verify tht the DLR is suessfully peering n tht BGP routing hs een estlishe. Crete Logil Swith in the Shre Ege n Compute Cluster in Region B Crete glol trnsit logil swith for use s the trnsit network in the luster. 1 Log in to the Mngement vcenter Server y using the vsphere We Client. Open We rowser n go to Log in using the following reentils. User nme Psswor ministrtor@vsphere.lol vsphere_min_psswor 2 Uner Inventories, lik Networking & Seurity. 3 In the Nvigtor, lik Logil Swithes. 4 Selet from the NSX Mnger rop-own menu n lik the A ion. 5 In the New Logil Swith ilog ox, enter the following settings n lik OK. Nme Trnsport Zone Replition Moe Enle IP Disovery Enle MAC Lerning Glol Trnsit Network Comp Glol Trnsport Zone Hyri Selete Deselete Deploy NSX Ege Devies for North-South Routing in the Shre Ege n Compute Cluster in Region B Deploy NSX Ege Devies for North-South routing in the shre ege n ompute luster. Perform this proeure two times to eploy two NSX Ege evies lx01w01esg01 n lx01w01esg02. Tle NSX Ege Devies NSX Ege Devie NSX Ege Devie 1 NSX Ege Devie 2 Devie Nme lx01w01esg01 lx01w01esg02 VMwre, In. 124

125 Tle NSX Ege Interfe s Interfe Primry IP Aress - lx01w01esg01 Primry IP Aress - lx01w01esg02 Uplink Uplink sfo01w01ulr lx01w01lr Prerequisites To omplete this proeure, you must onfigure tstore for the shre ege n ompute luster in Region B. 1 Log in to the Compute vcenter Server y using the vsphere We Client. Open We rowser n go to Log in using the following reentils. User nme Psswor ministrtor@vsphere.lol vsphere_min_psswor 2 Uner Inventories, lik Networking & Seurity. 3 In the Nvigtor, lik NSX Eges. 4 Selet from the NSX Mnger rop-own menu. VMwre, In. 125

126 5 Clik the A ion to eploy new NSX Ege. The New NSX Ege wizr ppers. On the Nme n esription pge, enter the following settings n lik Next. lx01w01esg01 lx01w01esg02 Instll Type Ege Servie Gtewy Ege Servie Gtewy Nme lx01w01esg01 lx01w01esg02 Deploy NSX Ege Selete Selete Enle High Avilility Deselete Deselete On the s pge, enter the following settings n lik Next. User Nme Psswor Enle SSH ess Enle FIPS moe Enle uto rule genertion Ege Control Level logging min ege_min_psswor Selete Deselete Selete INFO On the Configure Deployment pge, selet the Lrge rio utton to speify the Appline Size n lik the A ion. In the A NSX Ege Appline ilog ox, enter the following settings, lik OK, n lik Next. Cluster/Resoure Pool Dtstore Foler Resoure Reservtion lx01-w01rp-s-ege lx01_shre_ege_n_ompute_tstore lx01-w01f-nsx System Mnge VMwre, In. 126

127 e On the Configure interfes pge, lik the A ion to onfigure the Uplink01 interfe, enter the following settings, n lik OK. lx01w01esg01 lx01w01esg02 Nme Uplink01 Uplink01 Type Uplink Uplink Connete To lx01-w01-vs01-uplink01 lx01-w01-vs01-uplink01 Connetivity Sttus Connete Connete Primry IP Aress Sunet Prefix Length MTU Sen ICMP Reiret Selete Selete f Clik the A ion to onfigure the Uplink02 interfe, enter the following settings, n lik OK. lx01w01esg01 lx01w01esg02 Nme Uplink02 Uplink02 Type Uplink Uplink Distriute Portgroup lx01-w01-vs01-uplink02 lx01-w01-vs01-uplink02 Connetivity Sttus Connete Connete Primry IP Aress Sunet Prefix Length MTU Sen ICMP Reiret Selete Selete g Clik the A ion to onfigure the sfo01w01ulr01 interfe, enter the following settings, lik OK, n lik Next. lx01w01esg01 lx01w01esg02 Nme sfo01w01ulr01 sfo01w01ulr01 Type Internl Internl Connete To Universl Trnsit Network Universl Trnsit Network Connetivity Sttus Connete Connete Primry IP Aress Sunet Prefix Length MTU Sen ICMP Reiret Selete Selete VMwre, In. 127

128 h Clik the A ion to onfigure the lx01w01lr01 interfe, enter the following settings, lik OK, n lik Next. lx01w01esg01 lx01w01esg02 Nme lx01w01lr01 lx01w01lr01 Type Internl Internl Connete To Glol Trnsit Network Glol Trnsit Network Connetivity Sttus Connete Connete Primry IP Aress Sunet Prefix Length MTU Sen ICMP Reiret Selete Selete i j k On the Defult Gtewy s pge, eselet the Configure Defult Gtewy hek ox n lik Next. On the Firewll n HA pge, lik Next. On the Rey to Complete pge, review the onfigurtion settings you entere n lik Finish. 6 Repet this proeure to onfigure nother NSX Ege y using the settings for the seon NSX Ege evie. 7 Configure DRS ffinity rules for the Ege Servies Gtewys. e f Go k to the Home pge. In the Nvigtor, lik Hosts n Clusters n expn the lx01w01v01.lx01.rinpole.lol tree. Selet the lx01-w01-omp01 luster n lik the Configure t. Uner Configurtion, lik VM/Host Rules. Clik A. In the lx01-w01-omp01 - Crete VM/Host Rule ilog ox, enter the following settings n lik A. Nme Enle rule Type nti-ffinity-rule-empeges Selete Seprte Virtul Mhine g h In the A Rule Memer ilog ox, selet the hek ox next to eh of the two newly eploye NSX ESGs n lik OK. In the lx01-w01-omp01 - Crete VM/Host Rule ilog ox, lik OK. VMwre, In. 128

129 Disle the Firewll Servie in the Shre Ege n Compute Cluster in Region B Disle the firewll of the two NSX Ege servies gtewys. 1 Log in to the Compute vcenter Server y using the vsphere We Client. Open We rowser n go to Log in using the following reentils. User nme Psswor ministrtor@vsphere.lol vsphere_min_psswor 2 Uner Inventories, lik Networking & Seurity. 3 In the Nvigtor, lik NSX Eges. 4 Selet from the NSX Mnger rop-own menu. 5 Doule-lik the lx01w01esg01 NSX Ege evie. 6 Clik the Mnge t n lik Firewll. 7 On the Firewll pge, lik the Stop utton. 8 Clik Pulish Chnges. 9 Repet this proeure for the NSX Ege servies gtewy lx01w01esg02. Enle n Configure Routing in the Shre Ege n Compute Cluster in Region B Enle the Borer Gtewy Protool (BGP) to exhnge routing informtion etween the NSX Ege servies gtewys. 1 Log in to the Compute vcenter Server y using the vsphere We Client. Open We rowser n go to Log in using the following reentils. User nme Psswor ministrtor@vsphere.lol vsphere_min_psswor 2 Uner Inventories, lik Networking Seurity. VMwre, In. 129

130 3 In the Nvigtor, lik NSX Eges. 4 Selet from the NSX Mnger rop-own menu. 5 Doule-lik the lx01w01esg01 NSX Ege evie. 6 Clik the Mnge t n lik Routing. 7 Configure settings on the Glol Configurtion pge. Clik the Strt utton for ECMP. To onfigure ynmi routing, lik the Eit utton next to Dynmi Routing Configurtion. Selet Uplink01 s the Router ID n lik OK. Clik Pulish Chnges. 8 On the Routing t, selet Stti Routes to onfigure it. Clik the A ion, enter the following settings, n lik OK. Network UDLR_Compute_Worklo_Sunet Next Hop Interfe sfo01w01ulr01 MTU 9000 Amin Distne 210 Note You must ll sunets tht re ehin the UDLR. Clik the A ion, enter the following settings, n lik OK. Network DLR_Compute_Worklo_Sunet Next Hop Interfe lx01w01lr01 MTU 9000 Amin Distne 210 Note You must ll sunets tht re ehin the DLR. Clik Pulish Chnges. VMwre, In. 130

131 9 On the Routing t, selet BGP to onfigure it. Clik the Eit utton, enter the following settings, n lik OK. Enle BGP Enle Greful Restrt Enle Defult Originte Selete Deselete Deselete Lol AS Clik the A ion to Neighor. The New Neighor ilog ox ppers. You two neighors: the first Top of Rk Swith n the seon Top of Rk Swith. In the New Neighor ilog ox, enter the following vlues for the first Top of Rk Swith, n lik OK. IP Aress Remote AS Weight 60 Keep Alive Time 4 Hol Down Time 12 Psswor BGP_psswor Clik the A ion to nother Neighor. The New Neighor ilog ox ppers. e In the New Neighor ilog ox, enter the following vlues for the seon Top of Rk Swith, n lik OK. IP Aress Remote AS Weight 60 Keep Alive Time 4 Hol Down Time 12 Psswor BGP_psswor f Clik the A ion to nother Neighor. The New Neighor ilog ox ppers. Configure the universl istriute logil router (UDLR) s neighor. VMwre, In. 131

132 g In the New Neighor ilog ox, enter the following vlues, n lik OK. IP Aress Remote AS Weight 60 Keep Alive Time 1 Hol Down Time 3 Psswor BGP_psswor h Clik the A ion to nother Neighor. The New Neighor ilog ox ppers. Configure the istriute logil router (DLR) s neighor. i In the New Neighor ilog ox, enter the following vlues, n lik OK. IP Aress Remote AS Weight 60 Keep Alive Time 1 Hol Down Time 3 Psswor BGP_psswor j Clik Pulish Chnges. The four neighors you e re now visile in the Neighors tle. 10 On the Routing t, selet Route Reistriution to onfigure it. On the Route Reistriution pge, lik the Eit utton. In the Chnge Reistriution s ilog ox, selet the BGP hek ox n lik OK. Uner Route Reistriution tle, lik the A ion. VMwre, In. 132

133 In the New Reistriution Criteri ilog ox, enter the following settings n lik OK. Prefix Lerner Protool OSPF Stti routes Connete Ation Any BGP Deselete Selete Selete Permit e Clik Pulish Chnges. The route reistriution onfigurtion is now visile in the Route Reistriution tle. Confirm tht the onfigurtion vlues you entere re orret. 11 Repet this proeure for the NSX Ege evie lx01w01esg02. Verify Peering of Upstrem Swithes n Estlishment of BGP in Shre Ege n Compute Cluster in Region B The NSX Ege evies must estlish onnetion to eh of their upstrem BGP swithes efore BGP uptes n e exhnge. Verify tht the NSX Eges evies re suessfully peering n tht BGP routing hs een estlishe. 1 Log in to the NSX Ege evie using Seure Shell (SSH) lient. Open n SSH onnetion to the lx01w01esg01 NSX Ege evie. Log in using the following reentils. User nme Psswor min ege_min_psswor 2 Run the show ip gp neighors ommn to isply informtion out the BGP onnetions to neighors. The BGP Stte shows Estlishe, UP if you hve peere with the upstrem swithes. Note You hve not yet onfigure the universl istriute logil router or istriute logil router, they re not liste s BGP neighors. VMwre, In. 133

134 3 Run the show ip route ommn to verify tht you re reeiving routes using BGP, n tht there re multiple routes to BGP lerne networks. You verify multiple routes to BGP lerne networks y loting the sme route using ifferent IP ress. The IP resses re liste fter the wor vi in the right-sie olumn of the routing tle output. In the following imge there re two ifferent routes to the following BGP networks: /0 n /24. You n ientify BGP networks y the letter B in the leftsie olumn. Lines eginning with C (onnete) hve only single route. 4 Repet this proeure for the NSX Ege evie lx01w01esg02. VMwre, In. 134

135 Configure Universl Distriute Logil Router for Dynmi Routing in the Shre Ege n Compute Cluster in Region B Configure the universl istriute logil router (UDLR) in the shre ege n ompute luster to use ynmi routing. 1 Log in to the Compute vcenter Server y using the vsphere We Client. Open We rowser n go to Log in using the following reentils. User nme Psswor ministrtor@vsphere.lol vsphere_min_psswor 2 Uner Inventories, lik Networking & Seurity. 3 In the Nvigtor, lik NSX Eges. 4 Selet from the NSX Mnger rop-own menu. 5 Configure the Universl Distriute Logil Router. Doule-lik sfo01w01ulr01. Clik the Mnge t, lik Routing, n selet BGP. On the BGP pge, lik the A Neighor ion. In the New Neighor ilog ox, enter the following vlues for oth NSX Ege evies, n lik OK. Repet two times to onfigure the UDLR for oth NSX Ege evies lx01w01esg01 n lx01w01esg02. lx01w01esg01 lx01w01esg02 IP Aress Forwring Aress Protool Aress Remote AS Weight Keep Alive Time 1 1 Hol Down Time 3 3 Psswor gp_psswor gp_psswor e Clik Pulish Chnges. VMwre, In. 135

136 Verify Estlishment of BGP for the Universl Distriute Logil Router in the Shre Ege n Compute Cluster in Region B The universl istriute logil router (UDLR) must estlish onnetion to Ege Servies Gtewy efore BGP uptes n e exhnge. Verify tht the UDLR is suessfully peering, n tht BGP routing hs een estlishe. 1 Log in to the UDLR y using Seure Shell (SSH) lient. Open n SSH onnetion to sfo01w01ulr01. Log in using the following reentils. User nme Psswor min ulr_min_psswor 2 Run the show ip gp neighors ommn to isply informtion out the BGP n TCP onnetions to neighors. The BGP Stte shows Estlishe, UP if you hve suessfully peere with the Ege Servie Gtewy. VMwre, In. 136

137 3 Run the show ip route ommn to verify tht you re reeiving routes using BGP, n tht there re multiple routes to BGP lerne networks. You verify multiple routes to BGP lerne networks y loting the sme route using ifferent IP ress. The IP resses re liste fter the wor vi in the right-sie olumn of the routing tle output. In the following imge there re two ifferent routes to the following BGP networks: /0, /24, /24, n /24. You n ientify BGP networks y the letter B in the left-sie olumn. Lines eginning with C (onnete) hve only single route. Deploy the Distriute Logil Router in the Shre Ege n Compute Cluster in Region B Deploy the istriute logil routers (DLR). 1 Log in to the Compute vcenter Server y using the vsphere We Client. Open We rowser n go to Log in using the following reentils. User nme Psswor ministrtor@vsphere.lol vsphere_min_psswor 2 Uner Inventories, lik Networking & Seurity. 3 In the Nvigtor, lik NSX Eges. 4 From the NSX Mnger rop-own menu, selet Clik the A ion to rete new DLR. VMwre, In. 137

138 6 On the Nme n esription pge, enter the following settings n lik Next. Logil (Distriute) Router Nme Deploy Ege Appline Enle High Avilility Selete lx01w01lr01 Selete Selete 7 On the s pge, enter the following settings n lik Next. User Nme Psswor Enle SSH ess Enle FIPS moe Ege Control Level logging min lr_min_psswor Selete Deselete INFO 8 On the Configure eployment pge, lik the A ion. 9 In the A NSX Ege Appline ilog ox, enter the following settings n lik Next. Cluster/Resoure Pool Dtstore Foler Resoure Reservtion lx01-w01rp-s-ege lx01_shre_ege_n_ompute_tstore lx01-w01f-nsx System Mnge 10 On the Configure eployment pge, lik the A ion seon time to seon NSX Ege evie. 11 In the A NSX Ege Appline ilog ox, enter the following settings n lik Next. Cluster/Resoure Pool Dtstore Foler lx01-w01rp-s-ege lx01_shre_ege_n_ompute_tstore lx01-w01f-nsx 12 On the Configure interfes pge, uner HA Interfe Configurtion, lik Selet n onnet to lx01-w01-vs01-mngement. VMwre, In. 138

139 13 On the Configure interfes pge, enter the following onfigurtion settings n lik Next. In the A Interfe ilog ox, enter the following settings, lik OK n lik Next. Nme Type Connete To Connetivity Sttus Uplink Uplink Glol Trnsit Network Connete Primry IP Aress Sunet Prefix Length 24 MTU In the Defult gtewy settings pge, eselet Configure Defult Gtewy n lik Next. 15 In the Rey to omplete pge, lik Finish. 16 Allow SSH ess in the Universl Distriute Logil Router firewll. Doule-lik the evie lele lx01w01lr01. Clik the Mnge t n lik the Firewll t. Clik A ion to rete new firewll rule with the following settings. Nme Soure Destintion Servie Ation enlessh ny ny SSH Aept Clik Pulish Chnges. Configure Distriute Logil Router for Dynmi Routing in Shre Ege n Compute Cluster in Region B Configure the istriute logil router (DLR) in the shre ege n ompute luster to use ynmi routing. VMwre, In. 139

140 1 Log in to the Compute vcenter Server y using the vsphere We Client. Open We rowser n go to Log in using the following reentils. User nme Psswor ministrtor@vsphere.lol vsphere_min_psswor 2 Uner Inventories, lik Networking & Seurity. 3 In the Nvigtor, lik NSX Eges. 4 Selet from the NSX Mnger rop-own menu. 5 Configure the routing for the Distriute Logil Router. e f Doule-lik lx01w01lr01. Clik the Mnge t n lik Routing. On the Glol Configurtion pge, perform the following onfigurtion steps. Clik the Strt utton for ECMP. Clik the Eit utton uner Dynmi Routing Configurtion, selet Uplink s the Router ID, n lik OK. Clik Pulish Chnges. 6 On the left, selet BGP to onfigure it. On the BGP pge, lik the Eit utton. The Eit BGP Configurtion ilog ox ppers. In the Eit BGP Configurtion ilog ox, enter the following settings n lik OK. Enle BGP Enle Greful Restrt Selete Deselete Lol AS Clik the A ion to Neighor. The New Neighor ilog ox ppers. VMwre, In. 140

141 In the New Neighor ilog ox, enter the following vlues for oth NSX Ege evies n lik OK. You repet this step two times to onfigure the DLR for oth NSX Ege evies: lx01w01esg01 n lx01w01esg02. lx01w01esg01 lx01w01esg02 IP Aress Forwring Aress Protool Aress Remote AS Weight Keep Alive Time 1 1 Hol Down Time 3 3 Psswor gp_psswor gp_psswor e Clik Pulish Chnges. 7 On the left, selet Route Reistriution. Clik the Eit utton. In the Chnge reistriution settings ilog ox, enter the following settings, n lik OK. OSPF BGP Deselete Selete e On the Route Reistriution pge, selet the efult OSPF entry n lik the Eit utton. Selet BGP from the Lerner Protool rop-own menu, n lik OK. Clik Pulish Chnges. Verify Estlishment of BGP for the Distriute Logil Router in the Shre Ege n Compute Cluster in Region B The istriute logil router (DLR) must estlish onnetion to Ege Servies Gtewy efore BGP uptes n e exhnge. Verify tht the DLR is suessfully peering n tht BGP routing hs een estlishe. VMwre, In. 141

142 1 Log in to the lx01w01lr01 y using Seure Shell (SSH) lient. Open n SSH onnetion to lx01w01lr01. Log in using the following reentils. Options User nme Psswor Desription min lr_min_psswor 2 Run the show ip gp neighors ommn to isply informtion out the BGP n TCP onnetions to neighors. The BGP Stte shows Estlishe,UP if you hve suessfully peere with the Ege Servie Gtewy. 3 Run the show ip route ommn to verify tht you re reeiving routes using BGP, n tht there re multiple routes to BGP lerne networks. You verify multiple routes to BGP lerne networks y loting the sme route using ifferent IP ress. The IP resses re liste fter the wor vi in the right-sie olumn of the routing tle output. In the following imge there re two ifferent routes to the following BGP networks: /0, /23, /24, /24, /24, /24 n /24. You n ientify BGP networks y the letter B in the left-sie olumn. Lines eginning with C (onnete) hve only single route. VMwre, In. 142

143 Test the Shre Ege n Compute Cluster NSX Configurtion in Region B Test the onfigurtion of the NSX logil network y using ping test. A ping test heks if two hosts in network n reh eh other. 1 Log in to the Compute vcenter Server y using the vsphere We Client. Open We rowser n go to Log in using the following reentils. User nme Psswor ministrtor@vsphere.lol vsphere_min_psswor 2 Use the Ping Monitor to test onnetivity. In the Nvigtor, lik Networking & Seurity. Uner Logil Swithes, oule-lik Universl Trnsit Network. e Doule-lik Universl Trnsit Network. Clik the Monitor t. From the Soure host rop-own menu, selet lx01w01esx01.lx01.rinpole.lol. VMwre, In. 143

144 f g From the Destintion host rop-own menu, selet lx01w01esx02.lx01.rinpole.lol. Clik Strt Test. Тhe host-to-host ping test results re isplye in the Results ilog ox. Verify tht there re no error messges. Test the Shre Ege n Compute Clusters Routing Filover After the lusters re fully onfigure in Region A n Region B, verify tht the network onnetivity etween them works s expete. 1 Log in to the Compute vcenter Server y using the vsphere We Client. Open We rowser n go to Log in using the following reentils. User nme Psswor ministrtor@vsphere.lol vsphere_min_psswor 2 Shut own the NSX Ege servie gtewys in Region A. In the Nvigtor, lik Hosts n Clusters. Expn the sfo01w01v01.sfo01.rinpole.lol tree. Right-lik sfo01w01esg01-0 n selet Power > Shut Down Guest OS. Right-lik sfo01w01esg02-0 n selet Power > Shut Down Guest OS. 3 Log in to the universl istriute logil router y using Seure Shell (SSH) lient n verify the BGP routing stte. Open n SSH onnetion to sfo01w01ulr01. Log in using the following reentils. User nme Psswor min ulr_min_psswor Run the show ip route ommn to verify you re reeiving routes y wy of BGP. The letter B efore the route inites tht BGP is use. VMwre, In. 144

145 e Verify tht multiple routes to BGP lerne networks exist. Verify tht routes ome from Region B's ESGs. 4 Power on the NSX Ege servies gtewys in Region A. In the Nvigtor, lik Hosts n Clusters. Expn the sfo01w01v01.sfo01.rinpole.lol tree. Right-lik sfo01w01esg01-0 n selet Power > Power On. Right-lik sfo01w01esg02-0 n selet Power > Power On. VMwre, In. 145

146 5 Verify the new stte of the BGP routing. Go k to the SSH onnetion to sfo01w01ulr01 n run the show ip route ommn. Verify tht you reeive routes y wy of BGP. The letter B efore the route inites tht BGP is use. Verify tht you hve multiple routes to BGP lerne networks n tht routes lso ome from the NSX Ege servies gtewys in Region A. VMwre, In. 146

147 Region B Opertions 3 Mngement Implementtion You eploy the prouts for monitoring the SDDC, suh s vrelize Opertions Mnger n vrelize Log Insight, on top of vsphere infrstruture n NSX networking setup, n onnet them to the SDDC mngement prouts from ll lyers. 1 vsphere Upte Mnger Downlo Servie Implementtion in Region B Instll the vsphere Upte Mnger Downlo Servie (UMDS) on Linux virtul mhine to ownlo n store inries n mett in shre repository. Connet the UMDS instne to the vsphere Upte Mnger for eh vcenter Server. 2 vrelize Suite Lifeyle Mnger Implementtion in Region B Before you eploy SDDC prouts in Region B, onfigure vrelize Suite Lifeyle Mnger y ing t enter, vcenter Server n provie user privileges for the servie ount. 3 vrelize Opertions Mnger Implementtion in Region B For ul-region monitoring implementtion, fter you eploy the nlytis luster n the remote olletors in Region A, omplete the instlltion n onfigurtion of vrelize Opertions Mnger for Region B. 4 vrelize Log Insight Implementtion in Region B Deploy vrelize Log Insight in luster onfigurtion of 3 noes in Region B. This onfigurtion is set up with n integrte lo lner n uses one mster n two worker noes. vsphere Upte Mnger Downlo Servie Implementtion in Region B Instll the vsphere Upte Mnger Downlo Servie (UMDS) on Linux virtul mhine to ownlo n store inries n mett in shre repository. Connet the UMDS instne to the vsphere Upte Mnger for eh vcenter Server. 1 Prerequisites for Deploying vsphere Upte Mnger Downlo Servie in Region B Before you eploy vsphere Upte Mnger Downlo Servie in Region B, verify tht your environment fulfills the requirements for this eployment. VMwre, In. 147

148 2 Configure PostgreSQL Dtse on Your Linux-Bse Host Operting System for UMDS in Region B In Region B, on virtul mhine with Uuntu Long Term Support (LTS) where you pln to instll vsphere Upte Mnger Downlo Servie, instll, n onfigure PostgreSQL tse instne. 3 Instll UMDS on Uuntu OS in Region B After you instll n onfigure the PostgreSQL tse on the UMDS virtul mhine, instll the UMDS softwre. 4 Set Up the Dt to Downlo Using UMDS in Region B By efult UMDS ownlos pth inries, pth mett, n notifitions for hosts. Disle the ownlo of pthes for ll ESXi versions ut the version tht is use in this vlite esign. 5 Instll n Configure the UMDS We Server in Region B The UMDS server ownlos upgres, pthes inries, pthes mett, n notifitions to iretory tht you must shre to vsphere Upte Mnger y using We server. 6 Use the UMDS Shre Repository s the Downlo Soure in Upte Mnger in Region B Configure vsphere Upte Mnger to use the UMDS shre repository s soure for ownloing ESXi pthes, extensions, n notifitions. Prerequisites for Deploying vsphere Upte Mnger Downlo Servie in Region B Before you eploy vsphere Upte Mnger Downlo Servie in Region B, verify tht your environment fulfills the requirements for this eployment. Virtul Mhine Speifitions Crete the virtul mhine for vsphere Upte Mnger Downlo Servie using the following prmeters. Guest OS VM nme Uuntu Server LTS lx01ums01 Numer of CPUs 2 Memory (GB) 2 Disk spe (GB) 120 SCSI Controller Virtul mhine network pter VM foler Cluster LSI Logi SAS VMXNET3 lx01-m01f-mgmt lx01-m01-mgmt01 VMwre, In. 148

149 Dtstore Applition virtul network lx01-m01-vsn01 Mgmt-RegionB01-VXLAN IP Aresses n Host Nmes Verify tht the stti IP resses n FQDNs for vsphere Upte Mnger Downlo Servie re ville in the region-speifi pplition virtul networks. Appline IP ress Host nme lx01ums01 Defult gtewy Sunet msk DNS servers DNS omin DNS serh lx01.rinpole.lol lx01.rinpole.lol Deployment Prerequisites Verify tht your environment fulfills the following prerequisites for eploying vsphere Upte Mnger Downlo Servie. Prerequisite Softwre Feture Verify tht the vcenter Server instnes re opertionl. Verify tht the pplition virtul network is ville. Ative Diretory User Verify tht sv-ums user is e into the prent Ative Diretory. Configure PostgreSQL Dtse on Your Linux-Bse Host Operting System for UMDS in Region B In Region B, on virtul mhine with Uuntu Long Term Support (LTS) where you pln to instll vsphere Upte Mnger Downlo Servie, instll, n onfigure PostgreSQL tse instne. Prerequisites Crete virtul mhine for vsphere Upte Mnger Downlo Servie (UMDS). See Virtul Mhine Speifitions from the Plnning n Preprtion oument. VMwre, In. 149

150 1 Log in to vcenter Server y using the vsphere We Client. Open We rowser n go to Log in using the following reentils. User nme Psswor ministrtor@vsphere.lol vsphere_min_psswor 2 Log in to the remote onsole of the UMDS virtul mhine. In the vsphere We Client, right-lik the lx01ums01 virtul mhine n selet Open Console to open the remote onsole to the virtul mhine. Log in using the following reentils. User nme Psswor sv-ums sv-ums_psswor 3 Instll Seure Shell (SSH) server, n en the session. suo pt-get upte suo pt-get -y instll SSH exit 4 Log in to the UMDS virtul mhine y using Seure Shell (SSH) lient. Open n SSH onnetion to lx01ums01.lx01.rinpole.lol. Log in using the following reentils. User nme Psswor sv-ums sv-ums_psswor 5 Instll n strt PostgreSQL n its epenenies: suo pt-get -y instll vim perl tr se psmis unixo postgresql postgresql-ontri opostgresql suo servie postgresql strt The instlltion opertion retes user ount lle postgres tht is ssoite with the efult Postgres role. The postgres ount is use to estlish servie ount for the Upte Mnger Downlo Servie. VMwre, In. 150

151 6 Log in s postgres user, n rete tse instne n tse user, y running the following ommns. When prompte, enter n onfirm the ums user_psswor psswor. suo su - postgres rete ums_ reteuser - -e -r ums min -P 7 Enle psswor uthentition for the tse user. Nvigte to the foler tht ontins the PostgreSQL onfigurtion file pg_h.onf. Linux system Uuntu Defult Lotion /et/postgresql/postgres_version/min /et/postgresql/postgres_version/min In the PostgreSQL onfigurtion file, enle psswor uthentition for the tse user y inserting the following line right ove lol ll ll peer. You n use the vi eitor to mke n sve the hnges. #TYPE DATABASE USER ADDRESS METHOD lol ums_ ums min m5 Log out s PostgreSQL user y running the following ommn. logout 8 Configure the PostgreSQL river n the t soure nme (DSN) for onnetion to the UMDS tse. Eit the ODBC onfigurtion file. suo vi /et/oinst.ini Reple the file with the following ontent n sve the hnge using :wq. [PostgreSQL] Desription=PostgreSQL ODBC river (Unioe version) Driver=/usr/li/x86_64-linux-gnu/o/psqlow.so Deug=0 CommLog=1 UsgeCount=1 VMwre, In. 151

152 Eit the system file /et/o.ini. suo vi /et/o.ini Reple the file with the following ontent n sve the hnge using :wq, [UMDS_DSN] ;DB_TYPE = PostgreSQL ;SERVER_NAME = lolhost ;SERVER_PORT = 5432 ;TNS_SERVICE = <tse_nme> ;USER_ID = <tse_usernme> Driver = PostgreSQL DSN = UMDS_DSN ServerNme = lolhost PortNumer = 5432 Server = lolhost Port = 5432 UserID = ums min User = ums min Dtse = ums_ 9 Crete symoli link etween UMDS n PostgreSQL y running the following ommn. ln -s /vr/run/postgresql/.s.pgsql.5432 /tmp/.s.pgsql Restrt PostgreSQL. suo servie postgresql restrt Instll UMDS on Uuntu OS in Region B After you instll n onfigure the PostgreSQL tse on the UMDS virtul mhine, instll the UMDS softwre. Prerequisites Verify tht you hve ministrtive privileges on the UMDS Uuntu virtul mhine. Mount the ISO file of the vcenter Server Appline to the Linux mhine. VMwre, In. 152

153 1 Log in to the UMDS virtul mhine y using Seure Shell (SSH) lient. Open n SSH onnetion to lx01ums01.lx01.rinpole.lol. Log in using the following reentils. User nme Psswor sv-ums sv-ums_psswor 2 Mount the vcenter Server Appline ISO to the UMDS virtul mhine. suo mkir -p /mnt/rom suo mount /ev/rom /mnt/rom 3 Extrt the VMwre-UMDS uil_numer.tr.gz file to the /tmp foler. tr -xzvf /mnt/rom/ums/vmwre-umds uil_numer.tr.gz -C /tmp 4 Run the UMDS instlltion sript. suo /tmp/vmwre-ums-istri/vmwre-instll.pl 5 Re n ept the EULA. 6 Press Enter to instll UMDS in the efult iretory /usr/lol/vmwre-ums n enter yes to onfirm iretory retion. 7 Enter the UMDS proxy settings if neee oring to the settings of your environment. 8 Press Enter to set the efult pth lotion to /vr/li/vmwre-ums n enter yes to onfirm iretory retion. 9 Provie the tse etils. Option Dtse DSN Dtse usernme Dtse psswor Desription UMDS_DSN ums min ums min_psswor 10 Type yes n press Enter to instll UMDS. Set Up the Dt to Downlo Using UMDS in Region B By efult UMDS ownlos pth inries, pth mett, n notifitions for hosts. Disle the ownlo of pthes for ll ESXi versions ut the version tht is use in this vlite esign. VMwre, In. 153

154 1 Log in to the UMDS virtul mhine y using Seure Shell (SSH) lient. Open n SSH onnetion to lx01ums01.lx01.rinpole.lol. Log in using the following reentils. User nme Psswor sv-ums sv-ums_psswor 2 Nvigte to the iretory where UMDS is instlle. /usr/lol/vmwre-ums/in 3 Disle the uptes for oler hosts n virtul pplines. suo./vmwre-ums -S -n suo./vmwre-ums -S - emeeesx suo./vmwre-ums -S - emeeesx Configure utomti ily ownlos y reting ron jo file. /et/ron.ily/ suo touh ums-ownlo suo hmo 755 ums-ownlo 5 Eit the ownlo ommn of the ron jo. suo vi ums-ownlo 6 A the following lines to the file. #!/in/sh /usr/lol/vmwre-ums/in/vmwre-ums -D suo hmo -R 755 /vr/li/vmwre-ums 7 Test the UMDS Downlo ron jo. suo./ums-ownlo Instll n Configure the UMDS We Server in Region B The UMDS server ownlos upgres, pthes inries, pthes mett, n notifitions to iretory tht you must shre to vsphere Upte Mnger y using We server. The efult foler to whih UMDS ownlos pth inries n pth mett on Linux mhine is /vr/li/vmwre-ums. You shre this foler out to the vsphere Upte Mnger instnes in the region using Nginx We server. VMwre, In. 154

155 1 Log in to the UMDS virtul mhine y using Seure Shell (SSH) lient. Open n SSH onnetion to lx01ums01.lx01.rinpole.lol. Log in using the following reentils. User nme Psswor sv-ums sv-ums_psswor 2 Instll the Nginx We server with the following ommn. suo pt-get -y instll nginx 3 Chnge the pth repository iretory permissions y running the following ommn. suo hmo -R 755 /vr/li/vmwre-ums 4 Copy the efult site onfigurtion for use with the UMDS onfigurtion. suo p /et/nginx/sites-ville/efult /et/nginx/sites-ville/ums 5 Eit the new /et/nginx/sites-ville/ums site onfigurtion file y running the suo vi /et/nginx/sites-ville/ums ommn n reple the server {} lok with the following ontent. server { listen 80 efult_server; listen [::]:80 efult_server ipv6only=on; root /vr/li/vmwre-ums; inex inex.html inex.htm; # Mke site essile from server_nme lolhost lx01ums01 lx01ums01.lx01.rinpole.lol; } lotion / { # First ttempt to serve request s file, then # s iretory, then fll k to isplying 404. try_files $uri $uri/ =404; # Unomment to enle nxsi on this lotion # inlue /et/nginx/nxsi.rules utoinex on; } 6 Disle the existing efult site. suo rm /et/nginx/sites-enle/efult VMwre, In. 155

156 7 Enle the new UMDS site. suo ln -s /et/nginx/sites-ville/ums /et/nginx/sites-enle/ 8 Restrt the Nginx We servie to pply the new onfigurtion. suo servie nginx restrt 9 Ensure you n rowse the files on the UMDS We server y opening We rowser to Use the UMDS Shre Repository s the Downlo Soure in Upte Mnger in Region B Configure vsphere Upte Mnger to use the UMDS shre repository s soure for ownloing ESXi pthes, extensions, n notifitions. 1 Log in to vcenter Server y using the vsphere We Client. Open We rowser n go to Log in using the following reentils. User nme Psswor ministrtor@vsphere.lol vsphere_min_psswor 2 From the Home menu, selet Upte Mnger. 3 On the Ojets t, lik the lx01m01v01.lx01.rinpole.lol vcenter Server ojet. The Ojets t lso isplys ll the vcenter Server systems to whih n Upte Mnger instne is onnete. 4 On the Mnge t, lik s n selet Downlo s. 5 On the Downlo soures pge, lik Eit. An Eit Downlo Soures ilog ox opens. 6 On the Eit Downlo Soures ilog ox, enter the following settings n lik OK. Use shre repository URL Selete The vsphere We Client performs vlition of the URL. VMwre, In. 156

157 7 On the Downlo soures pge, lik Downlo Now to run the ownlo pth efinitions. Verify tht new tsk Downlo pth efinitions ppers in the Reent Tsks pne n shows Sttus s Complete. 8 Repet the proeure to onfigure the repository for the lx01w01v01.lx01.rinpole.lol vcenter Server. vrelize Suite Lifeyle Mnger Implementtion in Region B Before you eploy SDDC prouts in Region B, onfigure vrelize Suite Lifeyle Mnger y ing t enter, vcenter Server n provie user privileges for the servie ount. Configure User Privileges in vsphere for Integrtion with vrelize Suite Lifeyle Mnger in Region B Provie ount permissions to the sv-vrslm-vsphere user to eploy n mnge SDDC omponents on the Mngement vcenter Server with vrelize Suite Lifeyle Mnger. 1 Log in to the Mngement vcenter Server y using the vsphere We Client. Open We rowser n go to Log in using the following reentils. User nme Psswor ministrtor@vsphere.lol vsphere_min_psswor 2 Assign permissions to the servie ount. e f g From the Home menu, selet Hosts n Clusters. In the Nvigtor pne, selet the lx01m01v01.lx01.rinpole.lol vcenter server. Nvigte to Permissions > A permission. In the A Permission ilog ox, lik A to ssoite user or group with role. In the Selet Users/Groups ilog ox, from the Domin rop-own menu, selet rinpole.lol, in the filter ox type sv, n press Enter. From the list of users n groups, selet sv-vrslm-vsphere, lik A, n lik OK. In the A Permission ilog ox, from the Assigne Role rop-own menu, selet vrelize Suite Lifeyle Mnger User, ensure tht Propgte to hilren is selete, n lik OK. VMwre, In. 157

158 A Dt Center n vcenter Server to vrelize Suite Lifeyle Mnger in Region B Before you n rete n environment for prout eployments, you must t enter n the ssoite Mngement vcenter Server instne to vrelize Suite Lifeyle Mnger. You t enter for the eployment in Region B for eh of the following groups of omponents: Cross-region omponents, suh s the remote olletors of vrelize Opertions Mnger, vsphere proxy gents of vrelize Automtion, n the t olletors of vrelize Business. Lol-region omponents, suh s vrelize Log Insight n vrelize Log Insight Content Pks. 1 Log in to vrelize Suite Lifeyle Mnger user interfe. Open We rowser n go to Log in using the following reentils. User nme Psswor min@lolhost vrslm_min_psswor 2 In the Nvigtor, lik the Dt Centers ion. 3 A the t enter. On the Dt Centers pge, lik the Mnge Dt Centers t n lik A Dt Center. In the A Dt Center ilog ox, the t enter y entering the following informtion n lik A. Nme Lotion for Region B lx01-m01 Los Angeles, Cliforni, US 4 A the vcenter Server instne. On the Dt Centers pge, lik the Mnge vcenter Servers t. From the Selet Dt Center rop-own menu, selet lx01-m01 t enter n lik A vcenter Server. VMwre, In. 158

159 In the A vcenter Server Detils ilog ox, enter the following informtion for eh t enter n lik Sumit. for the lx01-m01 Dt Center for the ross-region- Dt Center Host Nme lx01m01v01.lx01.rinpole.lol lx01m01v01.lx01.rinpole.lol User Nme sv-vrslm-vsphere@rinpole.lol sv-vrslm-vsphere@rinpole.lol Psswor sv-vrslm-vsphere_psswor sv-vrslm-vsphere_psswor vcenter Server Type Mngement Mngement Repet the steps to the vcenter Server to the other t enter. 5 In the Nvigtor, lik Requests n vlite tht VC_DATA_COLLECTION for eh vcenter Server shows COMPLETED. vrelize Opertions Mnger Implementtion in Region B For ul-region monitoring implementtion, fter you eploy the nlytis luster n the remote olletors in Region A, omplete the instlltion n onfigurtion of vrelize Opertions Mnger for Region B. 1 Deploy vrelize Opertions Mnger in Region B In Region B, eploy two remote olletor noes for vrelize Opertions Mnger to monitor the Mngement n Compute vcenter Server instnes, NSX for vsphere, n storge omponents in SDDC. 2 Move vrelize Opertions Mnger Remote Colletor Noes to Virtul Mhine Foler in Region B Use the vsphere We Client to move the vrelize Opertions Mnger remote olletors noes in Region B to virtul mhine folers for orgniztion n ese of mngement. 3 Configure vsphere DRS Anti-Affinity Rule for vrelize Opertions Mnger Remote Colletors in Region B To protet the vrelize Opertions Mnger virtul mhines from host-level filure, onfigure vsphere DRS to run the remote olletor virtul mhines on ifferent hosts in the mngement luster in Region B. 4 Configure the Lo Blner for vrelize Opertions Mnger in Region B Configure lo lning for the nlytis luster on the eite NSX Ege servies gtewy for Region B. Lo lning must e ville if filover of the nlytis luster from Region A ours. 5 Group Remote Colletor Noes in Region B After you eploy the remote olletor noes for vrelize Opertions Mnger in Region B, join the remote olletors in group for pter resilieny in the ses where the olletor experienes network interruption or eomes unville. VMwre, In. 159

160 6 A n Authentition Soure for the Chil Ative Diretory in Region B Connet vrelize Opertions Mnger to the hil Ative Diretory lx01.rinpole.lol for entrl user mngement n ess ontrol in Region B. 7 A vcenter Apter Instnes to vrelize Opertions Mnger for Region B After you eploy the remote olletor noes of vrelize Opertions Mnger in Region B, pir vcenter Apter instne with eh vcenter Server instne in the region. 8 Connet vrelize Opertions Mnger to the NSX Mngers in Region B Configure the vrelize Opertions Mngement Pk for NSX for vsphere to monitor the NSX networking servies eploye in eh vsphere luster in Region B n view the vsphere hosts in the NSX trnsport zones. You n lso ess en-to-en logil network topologies etween ny two virtul mhines or NSX ojets for etter visiility into logil onnetivity. Physil host n network evie reltionship in this view lso helps in isolting prolems in the logil or physil network. 9 A Storge Devies Apters in vrelize Opertions Mnger for Region B Configure Storge Devies pter for Region B to ollet monitoring t out the storge evies in the SDDC. Eh pter ommunites with vcenter Server instne to retrieve t out the storge evies from the vcenter Server inventory. 10 Enle vsan Monitoring in vrelize Opertions Mnger in Region B Configure the vrelize Opertions Mngement Pk for vsan to view the vsan topology in Region B, n to monitor the pity n prolems. 11 Configure NTP Server on vrelize Opertions Mnger Cluster in Region B To voi the misonfigurtion of vrelize Opertions Mnger nlytis luster in se of filover to Region B uring isster reovery, the NTP server in Region B to the time synhroniztion settings of vrelize Opertions Mnger. Deploy vrelize Opertions Mnger in Region B In Region B, eploy two remote olletor noes for vrelize Opertions Mnger to monitor the Mngement n Compute vcenter Server instnes, NSX for vsphere, n storge omponents in SDDC. Deploying seprte group of remote olletors in Region B mkes the t olletion in eh region inepenent from the lotion of the nlytis luster. If you fil over the nlytis luster, t olletion ontinues for those noes tht re essile in the tive region. 1 Prerequisites for Deploying the Remote Colletors in Region B Before you eploy the remote olletor noes of vrelize Opertions Mnger in Region B, verify tht your environment fulfills the requirements for this eployment. VMwre, In. 160

161 2 Deploy vrelize Opertions Mnger Noes Using vrelize Suite Lifeyle Mnger in Region B Exten the eployment of vrelize Opertions Mnger remote olletors in Region B using vrelize Suite Lifeyle Mnger. Deploy vrelize Opertions Mnger remote olletors in Region B y ing prout omponent in the ross-region environment. Prerequisites for Deploying the Remote Colletors in Region B Before you eploy the remote olletor noes of vrelize Opertions Mnger in Region B, verify tht your environment fulfills the requirements for this eployment. IP Aresses n Host Nmes Verify tht stti IP resses n FQDNs for the vrelize Opertions Mnger pplition virtul network re ville for Region B of the SDDC eployment. For the remote olletor group, llote two stti IP resses n FQDNs n mp host nmes to the IP resses. Tle 3 1. Applition Virtul Network Nmes for vrelize Opertions Mnger vrelize Opertions Mnger Component Anlytis Cluster Remote Colletor Group Applition Virtul Network Mgmt-xRegion01-VXLAN Mgmt-RegionB01-VXLAN Tle 3 2. IP Aresses n Host Nmes for the Remote Colletor Noes in Region B Role IP Aress FQDN Remote olletor noe lx01vrops01.lx01.rinpole.lol Remote olletor noe lx01vrops01.lx01.rinpole.lol Defult gtewy DNS server Sunet msk Deployment Prerequisites Verify tht your environment stisfies the following prerequisites for eployment of vrelize Opertions Mnger remote olletor noes. VMwre, In. 161

162 Prerequisite Storge Virtul isk provisioning. Thin Require storge per nlytis luster noe to support replition n filover: 1.3 TB Require storge per remote olletor group noes. Initil storge per noe: 274 GB Softwre Fetures Verify tht vcenter Server is opertionl. Verify tht the vsphere luster hs DRS n HA enle. Verify tht the NSX Mnger is opertionl. Verify tht the pplition virtul networks re ville. Verify tht the Lo Blner servie is isle on the NSX Ege servies gtewy. Verify tht the vrelize Suite Lifeyle Mnger is opertionl n t olletion from the mngement vcenter Server instne hs run suessfully. Verify tht Postmn App is instlle in your rowser. Deploy vrelize Opertions Mnger Noes Using vrelize Suite Lifeyle Mnger in Region B Exten the eployment of vrelize Opertions Mnger remote olletors in Region B using vrelize Suite Lifeyle Mnger. Deploy vrelize Opertions Mnger remote olletors in Region B y ing prout omponent in the ross-region environment. 1 Log in to vrelize Suite Lifeyle Mnger user interfe. Open We rowser n go to Log in using the following reentils. User nme Psswor min@lolhost vrslm_min_psswor 2 On the Home pge, lik Mnge Environments. 3 On the Environments pge, lote the existing Cross-Region-Env environment n lik View Detils. VMwre, In. 162

163 4 A remote olletors noes in Region B to the vrelize Opertions Mnger Cluster. On the vrelize Opertions prout r, lik the ellipsis on the top right orner n lik A Components. In the vrelize Opertions frme, lik REMOTECOLLECTOR, enter following informtion, n lik the Avne s. for remote olletor 1 for remote olletor 2 Vrops RemoteColletor VM Nme lx01vrops01 lx01vrops01 Vrops RemoteColletor Hostnme lx01vrops01.lx01.rinpole.lol lx01vrops01.lx01.rinpole.lol Vrops RemoteColletor IP Aress Noe Size Smll Smll On Avne Configurtion for the remote olletor instne pge, enter the following informtion n lik Done. for remote olletor 1 for remote olletor 2 vcenter Host lx01m01v01.lx01.rinpole.lol lx01m01v01.lx01.rinpole.lol vcenter Cluster Nme VM Network lx01-m01-mgmt01 (lx01-m01) istriute port group tht ens with Mgmt- RegionB01-VXLAN lx01-m01-mgmt01 (lx01-m01) istriute port group tht ens with Mgmt- RegionB01-VXLAN Storge lx01-m01-vsn01 lx01-m01-vsn01 Gtewy DNS , , Domin lx01.rinpole.lol lx01.rinpole.lol Serh Pth lx01.rinpole.lol,rinpole.lol lx01.rinpole.lol,rinpole.lol NetMsk In the vrelize Opertions frme, lik Sumit Request. 6 In the Nvigtor pne, lik Requests menu n verify tht the request ADD_NODE for Environment Nme: Cross-Region-Env in the Request Info olumn is in INPROGRESS stte. 7 Selet the INPROGRESS stte for Environment Nme: Cross-Region-Env in the Request Info olumn. 8 In the Requests pge, monitor the steps of the eployment grph until the request is mrke s COMPLETED. 9 Repet the steps to eploy the seon remote olletor noe in Region B. VMwre, In. 163

164 Move vrelize Opertions Mnger Remote Colletor Noes to Virtul Mhine Foler in Region B Use the vsphere We Client to move the vrelize Opertions Mnger remote olletors noes in Region B to virtul mhine folers for orgniztion n ese of mngement. 1 Log in to vcenter Server y using the vsphere We Client. Open We rowser n go to Log in using the following reentils. User nme Psswor ministrtor@vsphere.lol vsphere_min_psswor 2 From the Home menu, selet VMs n Templtes. 3 Nvigte to the lx01m01v01.lx01.rinpole.lol vcenter Server n lx01-m01 t enter. 4 Clik the VMs t. 5 Move the vrelize Opertions Mnger remote olletor virtul mhines. Selet the following virtul mhines: lx01vrops01 lx01vrops01 Right-lik n selet Move to... n selet lx01-m01f-vropsr uner VM Folers. Clik OK. Configure vsphere DRS Anti-Affinity Rule for vrelize Opertions Mnger Remote Colletors in Region B To protet the vrelize Opertions Mnger virtul mhines from host-level filure, onfigure vsphere DRS to run the remote olletor virtul mhines on ifferent hosts in the mngement luster in Region B. VMwre, In. 164

165 1 Log in to vcenter Server y using the vsphere We Client. Open We rowser n go to Log in using the following reentils. User nme Psswor ministrtor@vsphere.lol vsphere_min_psswor 2 Nvigte to the lx01m01v01.lx01.rinpole.lol vcenter Server ojet, n uner the lx01- m01 t enter ojet selet the lx01-m01-mgmt01 luster. 3 Clik the Configure t. 4 Uner the Configurtion group of settings, selet VM/Host Rules. 5 Crete the new nti-ffinity rule for the vrelize Opertions Mnger remote olletors using the following settings. In the VM/Host Rules pge, lik the A utton ove the rules list. In the Crete VM/Host Rule ilog ox, new nti-ffinity rule for the virtul mhines of the remote olletors using the following vlues, n lik OK. Nme Enle rule Type nti-ffinity-rule-vropsr Selete Seprte Virtul Mhines Memers lx01vrops01 lx01vrops01 Configure the Lo Blner for vrelize Opertions Mnger in Region B Configure lo lning for the nlytis luster on the eite NSX Ege servies gtewy for Region B. Lo lning must e ville if filover of the nlytis luster from Region A ours. The remote olletor luster for Region B oes not require lo lning. VMwre, In. 165

166 1 Log in to vcenter Server y using the vsphere We Client. Open We rowser n go to Log in using the following reentils. User nme Psswor ministrtor@vsphere.lol vsphere_min_psswor 2 From the Home menu, selet Networking & Seurity. The vsphere We Client isplys the NSX Home pge. 3 On the NSX Home pge, lik NSX Eges n selet from the NSX Mnger ropown menu t the top of the NSX Eges pge. 4 On the NSX Eges pge, oule-lik the lx01m01l01 NSX Ege. 5 Configure the lo lning VIP ress for the nlytis luster. On the Mnge t, lik the s t n lik Interfes. Selet the interfe OneArmLB n lik the Eit. In the Eit NSX Ege Interfe ilog ox, lik the Eit n in the Seonry IP Aresses text ox enter the VIP ress. Clik OK to sve the onfigurtion. 6 Crete n pplition profile. On the Mnge t of the lx01m01l01 evie, lik the Lo Blner t. Clik Applition Profiles, n lik A. In the New Profile ilog ox, onfigure the profile using the following onfigurtion settings, n lik OK. Nme Type Enle SSL Pssthrough Persistene vrops-https HTTPS Selete Soure IP Expires in (Seons) 1800 VMwre, In. 166

167 7 Crete servie monitoring entry. On the Lo Blner t of the lx01m01l01 evie, lik Servie Monitoring n lik A. In the New Servie Monitor ilog ox, onfigure the helth hek prmeters using the following onfigurtion settings, n lik OK. Nme vrops-443-monitor Intervl 3 Timeout 5 Mx Retries 2 Type Metho URL Reeive HTTPS GET /suite-pi/pi/eployment/noe/sttus ONLINE (must e upper se) 8 A server pool. On the Lo Blner t of the lx01m01l01 evie, selet Pools, n lik A. In the New Pool ilog ox, onfigure the lo lning profile using the following onfigurtion settings. Nme Algorithm Monitors vrops-svr-443 LEASTCONN vrops-443-monitor Uner Memers, lik A to the pool memers. VMwre, In. 167

168 In the New Memer ilog ox, one memer for eh noe of the nlytis luster n lik OK. Nme vrops01svr01 vrops01svr01 vrops01svr01 IP Aress Stte Enle Port 443 Monitor Port 443 Weight 1 Mx Connetions 8 Min Connetions 8 e In the New Pool ilog ox, lik OK. 9 A virtul server. On the Lo Blner t of the lx01m01l01 evie, selet Virtul Servers n lik A. In the New Virtul Server ilog ox, onfigure the settings of the virtul server for the nlytis luster n lik OK. Enle Virtul Server Applition Profile Nme Desription Selete vrops-https vrops-svr-443 vrelize Opertions Mnger Cluster IP Aress Protool HTTPS Port 443 Defult Pool vrops-svr-443 Connetion Limit 0 Connetion Rte Limit 0 VMwre, In. 168

169 10 Configure uto-reiret from HTTP to HTTPS requests. The NSX Ege n reiret users from HTTP to HTTPS without entering nother URL in the rowser. On the Lo Blner t of the lx01m01l01 evie, selet Applition Profiles n lik A. In the New Profile ilog ox, onfigure the pplition profile settings n lik OK. Nme Type HTTP Reiret URL Persistene vrops-http-reiret HTTP Soure IP Expires in (Seons) 1800 On the Lo Blner t of the lx01m01l01 evie, selet Virtul Servers n lik A. Configure the settings of the virtul server for HTTP reirets n lik OK. Enle Virtul Server Applition Profile Nme Desription Selete vrops-http-reiret vrops-svr-80-reiret HTTP Reiret for vrelize Opertions Mnger IP Aress Protool HTTP Port 80 Defult Pool None Connetion Limit 0 Connetion Rte Limit 0 Group Remote Colletor Noes in Region B After you eploy the remote olletor noes for vrelize Opertions Mnger in Region B, join the remote olletors in group for pter resilieny in the ses where the olletor experienes network interruption or eomes unville. VMwre, In. 169

170 1 Log in to vrelize Opertions Mnger y using the opertions interfe. Open We rowser n go to Log in using the following reentils. User nme Psswor min eployment_min_psswor 2 On the min nvigtion r, lik Aministrtion. 3 In the left pne of vrelize Opertions Mnger, lik Mngement n lik Colletor Groups. 4 Clik A. 5 In the A New Colletor Group ilog ox, onfigure the following settings, n lik Sve. Nme Desription lx01vrops01 lx01vrops01 lx01-remote-olletors Remote olletor group for lx01 Selete Selete The lx01-remote-olletors olletor group ppers on the Colletor Groups pge uner the Aministrtion view of the user interfe. A n Authentition Soure for the Chil Ative Diretory in Region B Connet vrelize Opertions Mnger to the hil Ative Diretory lx01.rinpole.lol for entrl user mngement n ess ontrol in Region B. 1 Log in to vrelize Opertions Mnger y using the opertions interfe. Open We rowser n go to Log in using the following reentils. User nme Psswor min eployment_min_psswor 2 On the min nvigtion r, lik Aministrtion. 3 In the left pne of vrelize Opertions Mnger, lik Aess n lik Authentition Soures. VMwre, In. 170

171 4 On the Authentition Soures pge, lik A. 5 In the A Soure for User n Group Import ilog ox, enter the settings for the lx01.rinpole.lol hil Ative Diretory in Region B, n lik OK. Ative Diretory Soure Disply Nme Soure Type Integrtion Moe Domin/Suomin Use SSL/TLS User Nme Psswor LAX01.RAINPOLE.LOCAL Ative Diretory Bsi LAX01.RAINPOLE.LOCAL Deselete sv-vrops@rinpole.lol sv-vrops_psswor s uner the Detils setion Automtilly synhronize user memership for onfigure groups Host Selete 51lx.lx01.rinpole.lol Port 389 Bse DN Common Nme =LAX01,=RAINPOLE,=LOCAL userpriniplnme 6 Clik the Test utton to test the onnetion to the omin ontroller, n in the Info suess messge lik OK. 7 In the A Soure for User n Group Import ilog ox, lik OK. The users n user groups in the Ative Diretory omin re e to vrelize Opertions Mnger. A vcenter Apter Instnes to vrelize Opertions Mnger for Region B After you eploy the remote olletor noes of vrelize Opertions Mnger in Region B, pir vcenter Apter instne with eh vcenter Server instne in the region. 1 Log in to vrelize Opertions Mnger y using the opertions interfe. Open We rowser n go to Log in using the following reentils. User nme Psswor min eployment_min_psswor 2 On the min nvigtion r, lik Aministrtion. VMwre, In. 171

172 3 In the left pne of vrelize Opertions Mnger, lik Solutions. 4 From the solution tle on the Solutions pge, selet the VMwre vsphere solution, n lik the Configure ion t the top. The Mnge Solution - VMwre vsphere ilog ox ppers. 5 Uner Instne s, enter the settings for onnetion to vcenter Server. If you lrey hve e nother vcenter Apter, lik the A ion on the left sie to n pter settings. Enter the isply nme, esription, n FQDN of vcenter Server instne. for Mngement vcenter Server for Compute vcenter Server Disply Nme vcenter Apter - lx01m01v01 vcenter Apter - lx01w01v01 Desription Mngement vcenter Server for lx01 Compute vcenter Server for lx01 vcenter Server lx01m01v01.lx01.rinpole.lol lx01w01v01.lx01.rinpole.lol Clik the A ion on the right sie, onfigure the olletion reentils for onnetion to the vcenter Server instnes, n lik OK. Mngement vcenter Server Creentils Attriute Creentil nme vcenter Apter Creentils - lx01m01v01 vcenter Apter Creentils - lx01m01v01 User Nme Psswor sv-vrops-vsphere@rinpole.lol sv-vrops-vsphere-psswor e Leve Enle Ations set to Enle so tht vcenter Apter n run tions on ojets in the vcenter Server from vrelize Opertions Mnger. Clik Test Connetion to vlite the onnetion to vcenter Server instne. The vcenter Server ertifite ppers. f g h i j In the Review n Aept Certifite ilog ox, verify the ertifite informtion n lik Aept. Clik OK in the Info ilog ox. Expn the Avne s setion of settings. From the Colletors/Groups rop-own menu, selet the lx01-remote-olletors group. Speify user ount with ministrtor privileges to register vrelize Opertions Mnger with the vcenter Server instne. Registrtion user Registrtion psswor ministrtor@vsphere.lol vsphere_min_psswor VMwre, In. 172

173 6 Clik Define Monitoring Gols. 7 In the Define Monitoring Gols ilog ox, uner Enle vsphere Hrening Guie Alerts?, selet Yes, leve the efult onfigurtion for the other options, n lik Sve. 8 Clik OK in the Suess ilog ox. 9 Clik Sve s. 10 In the Info ilog ox, lik OK. 11 Repet Step 5 to Step 10 for the Compute vcenter Server. 12 In the Mnge Solution - VMwre vsphere ilog ox, lik Close. 13 On the Solutions pge, selet VMwre vsphere from the solution tle to view the olletion stte n the olletion sttus of the pters. The Colletion Stte of the pters is Colleting n the Colletion Sttus is Dt reeiving. Connet vrelize Opertions Mnger to the NSX Mngers in Region B Configure the vrelize Opertions Mngement Pk for NSX for vsphere to monitor the NSX networking servies eploye in eh vsphere luster in Region B n view the vsphere hosts in the NSX trnsport zones. You n lso ess en-to-en logil network topologies etween ny two virtul mhines or NSX ojets for etter visiility into logil onnetivity. Physil host n network evie reltionship in this view lso helps in isolting prolems in the logil or physil network. You onfigure only NSX-vSphere Apters for olleting t from the NSX omponents in Region B. You n ess the informtion out the networking evie topology in your environment without reting Network Devies Apter instnes for Region B euse this informtion is ville from the Network Devies Apter in Region A. 1 Configure User Privileges in NSX Mnger for Integrtion with vrelize Opertions Mnger for Region B Assign the permissions to the servie ount sv-vrops-nsx tht re require to ess monitoring t from the NSX Mnger instnes in the region in vrelize Opertions Mnger. 2 A NSX-vSphere Apter Instnes to vrelize Opertions Mnger for Region B Configure the onnetion etween vrelize Opertions Mnger n the NSX Mnger instnes in the region. Configure User Privileges in NSX Mnger for Integrtion with vrelize Opertions Mnger for Region B Assign the permissions to the servie ount sv-vrops-nsx tht re require to ess monitoring t from the NSX Mnger instnes in the region in vrelize Opertions Mnger. VMwre, In. 173

174 1 Log in to the NSX Mnger y using Seure Shell (SSH) lient. Open n SSH onnetion to the NSX Mnger virtul mhine. NSX Mnger NSX Mnger for the mngement luster NSX Mnger for the shre ompute n ege luster Host nme lx01m01nsx01.lx01.rinpole.lol lx01w01nsx01.lx01.rinpole.lol Log in using the following reentils. User nme Psswor min nsx_min_psswor 2 Crete the lol servie ount sv-vrops-nsx on the NSX Mnger instne. Run the following ommn to swith to Privilege moe of NSX Mnger. enle Enter the min psswor when prompte n press Enter. Swith to Configurtion moe. onfigure terminl Crete the servie ount sv-vrops-nsx. user sv-vrops-nsx psswor plintext sv-vrops-nsx_psswor e Assign the sv-vrops-nsx user ess to NSX Mnger from the vsphere We Client. user sv-vrops-nsx privilege we-interfe f Commit these uptes to NSX Mnger. write memory g Exit the Configurtion moe. exit 3 Assign the seurity_min role to the sv-vrops-nsx servie ount. Log in to the Winows host tht hs ess to your t enter. Strt the Postmn pplition n log in. VMwre, In. 174

175 Selet POST from the rop-own menu tht ontins the HTTP request methos. In the URL text ox next to the selete metho, enter the following URL. NSX Mnger NSX Mnger for the mngement luster NSX Mnger for the shre ege n ompute luster POST URL e On the Authoriztion t, onfigure the following uthoriztion settings n lik Upte Request. Type User nme Psswor Bsi Auth min nsx_min_psswor f On the Heers t, enter the following heer etils. Key Content-Type text/xml g In the Boy t, selet rw n pste the following request oy in the Boy text ox n lik Sen. <esscontrolentry> <role>seurity_min</role> <resoure> <resourei>glolroot-0</resourei> </resoure> </esscontrolentry> The Sttus hnges to 204 No Content. h Repet the step for the other NSX Mnger instne. A NSX-vSphere Apter Instnes to vrelize Opertions Mnger for Region B Configure the onnetion etween vrelize Opertions Mnger n the NSX Mnger instnes in the region. VMwre, In. 175

176 1 Log in to vrelize Opertions Mnger y using the opertions interfe. Open We rowser n go to Log in using the following reentils. User nme Psswor min eployment_min_psswor 2 On the min nvigtion r, lik Aministrtion. 3 In the left pne of vrelize Opertions Mnger, lik Solutions. 4 On the Solutions pge, selet Mngement Pk for NSX-vSphere from the solution tle, n lik Configure. 5 In the Mnge Solution - Mngement Pk for NSX-vSphere ilog ox, from the Apter Type tle t the top, selet NSX-vSphere Apter. 6 Uner Instne s, enter the settings for onnetion to the NSX Mnger instne. If you lrey hve e nother NSX-vSphere Apter, lik the A ion to n pter settings. Enter the isply nme, the FQDN of the NSX Mnger instne n the FQDN of the vcenter Server instne tht is onnete to NSX Mnger. for the NSX Mnger for the Mngement Cluster for the NSX Mnger for the Shre Ege n Compute Cluster Disply Nme NSX Apter - lx01m01nsx01 NSX Apter - lx01w01nsx01 Desription Mngement NSX Mnger for lx01 Compute NSX Mnger for lx01 NSX Mnger Host lx01m01nsx01.lx01.rinpole.lol lx01w01nsx01.lx01.rinpole.lol VC Host lx01m01v01.lx01.rinpole.lol lx01w01v01.lx01.rinpole.lol Enle Log Insight integrtion if onfigure flse flse VMwre, In. 176

177 Clik the A ion next to the Creentil text ox, onfigure the reentils for the onnetion to NSX Mnger n vcenter Server, n lik OK. Creentil nme NSX Apter Creentils - lx01m01nsx01 NSX Apter Creentils - lx01w01nsx01 NSX Mnger User Nme NSX Mnger Psswor vcenter User Nme vcenter Psswor sv-vrops-nsx sv-vrops-nsx_psswor sv-vrops-nsx@rinpole.lol sv-vrops-nsx-psswor Clik Test Connetion to vlite the onnetion to the NSX Mnger instne. The NSX Mnger ertifite ppers. e f g h i j k In the Review n Aept Certifite ilog ox, verify the ertifite informtion n lik Aept. Clik OK in the Info ilog ox. Expn the Avne s setion of settings. From the Colletors/Groups rop-own menu, selet the lx01-remote-olletors remote olletor group Clik Sve s. Clik OK in the Info ilog ox. Repet the steps to rete n NSX-vSphere Apter for the other NSX Mnger instne. 7 In the Mnge Solution - Mngement Pk for NSX-vSphere ilog ox, lik Close. The NSX-vSphere Apters for Region B pper on the Solutions pge of the vrelize Opertions Mnger user interfe. The Colletion Stte of the pters is Colleting n the Colletion Sttus is Dt reeiving. A Storge Devies Apters in vrelize Opertions Mnger for Region B Configure Storge Devies pter for Region B to ollet monitoring t out the storge evies in the SDDC. Eh pter ommunites with vcenter Server instne to retrieve t out the storge evies from the vcenter Server inventory. VMwre, In. 177

178 1 Log in to vrelize Opertions Mnger y using the opertions interfe. Open We rowser n go to Log in using the following reentils. User nme Psswor min eployment_min_psswor 2 On the min nvigtion r, lik Aministrtion. 3 In the left pne of vrelize Opertions Mnger, lik Solutions. 4 On the Solutions pge, selet Mngement pk for Storge Devies from the solution tle n lik Configure. The Mnge Solution - Mngement Pk for Storge Devies ilog ox ppers. 5 Uner Instne s, enter the settings for onnetion to the vcenter Server instnes. If you lrey hve e nother Storge Devies pter, lik the A ion on the left sie to n pter settings. Enter the isply nme, esription, n FQDN of the vcenter Server instne. for the Mngement Cluster for the Shre Ege n Compute Cluster Disply Nme Storge Devies Apter - lx01m01v01 Storge Devies Apter - lx01w01v01 Desription Storge Devies in Mngement vcenter for lx01 Storge Devies in Compute vcenter for lx01 vcenter Server lx01m01v01.lx01.rinpole.lol lx01w01v01.lx01.rinpole.lol SNMP Community Strings - - Clik the A ion on the right sie, onfigure the olletion reentils for the onnetion to the vcenter Server instnes, n lik OK. vcenter Server Creentils Attriute Creentil nme Storge Devies Apter Creentils - lx01m01v01 Storge Devies Apter Creentils - lx01w01v01 User Nme Psswor sv-vrops-mps@rinpole.lol sv-vrops-mps-psswor Clik Test Connetion to vlite the onnetion to the vcenter Server. The vcenter Server ertifite ppers. VMwre, In. 178

179 e f g h i j k In the Review n Aept Certifite ilog ox, verify the vcenter Server ertifite informtion n lik Aept. Clik OK in the Info ilog ox. Expn the Avne s setion of settings From the Colletors/Groups rop-own menu, selet the lx01-remote-olletors remote olletor group. Clik Sve s. Clik OK in the Info ilog ox tht ppers. Repet the proeure for the other vcenter Server instne. 6 In the Mnge Solution - Mngement Pk for Storge Devies ilog ox, lik Close. The Storge Devies pters for Region B pper on the Solutions pge of the vrelize Opertions Mnger user interfe. The Colletion Stte of the pters is Colleting n the Colletion Sttus is Dt reeiving. Enle vsan Monitoring in vrelize Opertions Mnger in Region B Configure the vrelize Opertions Mngement Pk for vsan to view the vsan topology in Region B, n to monitor the pity n prolems. Turn On vsan Performne Servie in Region B When you rete vsan luster, the performne servie is isle. Turn on the vsan performne servie to monitor the performne of vsan lusters, hosts, isks, n VMs. When you turn on the performne servie, vsan ples Stts tse ojet in the tstore to ollet sttistil t. The Stts tse is nmespe ojet in the vsan tstore of the luster. 1 Log in to vcenter Server y using the vsphere We Client. Open We rowser n go to Log in using the following reentils. User nme Psswor ministrtor@vsphere.lol vsphere_min_psswor 2 In the Nvigtor pne, expn the lx01-m01 t enter ojet. 3 Clik the lx01-m01-mgmt01 luster ojet n lik the Configure t. VMwre, In. 179

180 4 Uner vsan, selet Helth n Performne. 5 Next to the Performne Servie settings, lik Eit, onfigure the following settings n lik OK. Turn ON vsan performne servie Storge poliy Selete vsan Defult Storge Poliy 6 If you hve vsan tstore onfigure in the lx01-w01-omp01 shre ege n ompute luster in Region B, repet this proeure. A vsan Apter in vrelize Opertions Mnger in Region B Configure vsan pter to ollet monitoring t in Region B out vsan use in the SDDC. 1 Log in to vrelize Opertions Mnger y using the opertions interfe. Open We rowser n go to Log in using the following reentils. User nme Psswor min eployment_min_psswor 2 On the min nvigtion r, lik Aministrtion. 3 In the left pne of vrelize Opertions Mnger, lik Solutions. 4 On the Solutions pge, selet VMwre vsan from the solution tle, n lik Configure. The Mnge Solution - VMwre vsan ilog ox ppers. 5 Uner Instne s, enter the settings for onnetion to the Mngement vcenter Server instne. If you lrey hve e nother vsan pter, lik the A ion on the left sie to n pter settings. Enter the settings for onnetion to the vcenter Server. Disply Nme Desription vcenter Server for the Mngement vcenter vsan Apter - lx01m01v01 Mngement vcenter Server vsan Apter for lx01 lx01m01v01.lx01.rinpole.lol VMwre, In. 180

181 Clik the A ion, n onfigure the reentils for the onnetion to vcenter Server, n lik OK. Creentil nme vcenter User Nme vcenter Psswor for the Mngement vcenter vsan Apter Creentils - lx01m01v01 sv-vrops-vsn@rinpole.lol sv-vrops-vsn-psswor Clik Test Connetion to vlite the onnetion to vcenter Server. The vcenter Server ertifite ppers. e f g h i j k In the Review n Aept Certifite ilog ox, verify the vcenter Server ertifite informtion n lik Aept. Clik OK in the Info ilog ox. Expn the Avne s setion of settings. From the Colletors/Groups rop-own menu, selet the lx01-remote-olletors olletor group. Mke sure Auto Disovery is set to true. Clik Sve s. Clik OK in the Info ilog ox tht ppers. 6 If you hve vsan tstore onfigure in the shre ege n ompute luster, repet Step 5. 7 In the Mnge Solution - VMwre vsan ilog ox, lik Close. The vsan Apter ppers on the Solutions pge of the vrelize Opertions Mnger user interfe. The Colletion Stte of the pter is Colleting n the Colletion Sttus is Dt reeiving. Configure NTP Server on vrelize Opertions Mnger Cluster in Region B To voi the misonfigurtion of vrelize Opertions Mnger nlytis luster in se of filover to Region B uring isster reovery, the NTP server in Region B to the time synhroniztion settings of vrelize Opertions Mnger. VMwre, In. 181

182 1 Log in to vrelize Opertions Mnger y using the opertions interfe. Open We rowser n go to Log in using the following reentils. User nme Psswor min eployment_min_psswor 2 On the min nvigtion r, lik Aministrtion. 3 In the left pne of vrelize Opertions Mnger, expn Mngement n lik Cluster Mngement. 4 Selet Network Time Protool s from Ations menu. 5 In Glol Network Time Protool s ilog ox, enter Region B NTP Server in to NTP Server Aress n lik A. 6 Clik OK. vrelize Log Insight Implementtion in Region B Deploy vrelize Log Insight in luster onfigurtion of 3 noes in Region B. This onfigurtion is set up with n integrte lo lner n uses one mster n two worker noes. 1 Deploy vrelize Log Insight in Region B Strt the eployment of vrelize Log Insight in Region B y eploying the mster n worker noes n forming the vrelize Log Insight luster. 2 Reple the Certifite to vrelize Log Insight in Region B Upte the ertifite hin of vrelize Log Insight to use truste non-efult ertifite fter eployment, to reple the self-signe ertifite use uring the eployment proess, n to support truste onnetion to the vrelize Log Insight user interfe. 3 Connet vrelize Log Insight to the vsphere Environment in Region B Strt olleting log informtion out the ESXi n vcenter Server instnes in the SDDC in Region B. 4 Connet vrelize Log Insight to vrelize Opertions Mnger in Region B Connet vrelize Log Insight in Region B to vrelize Opertions Mnger so tht you n use the Lunh in Context funtionlity etween the two pplitions, llowing for you to trouleshoot mngement noes n vrelize Opertions Mnger y using shors n lerts in the vrelize Log Insight user interfe. VMwre, In. 182

183 5 Connet vrelize Log Insight to the NSX Instnes in Region B Instll n onfigure the vrelize Log Insight Content Pk for NSX for vsphere for log visuliztion n lerting of the NSX for vsphere rel-time opertion in Region B. You n use the NSX-vSphere shors to monitor logs out instlltion n onfigurtion, n out virtul networking servies. 6 Collet Operting System Logs from the Mngement Virtul Applines in vrelize Log Insight in Region B Instll n onfigure the vrelize Log Insight Content Pk for Linux to visulize n nlyze operting system logs from the mngement virtul pplines. 7 Configure Log Retention n Arhiving for vrelize Log Insight in Region B In vrelize Log Insight in Region B, set log retention notifition threshol to one week n rhive logs for 90 ys oring to the VMwre Vlite Design Arhiteture n Design oumenttion. 8 Configure Event Forwring Between Region A n Region B Aoring to vrelize Log Insight Design, vrelize Log Insight is not file over to the reovery region. Use log event forwring in vrelize Log Insight to retin rel-time logs in the protete region if one region eomes unville. Deploy vrelize Log Insight in Region B Strt the eployment of vrelize Log Insight in Region B y eploying the mster n worker noes n forming the vrelize Log Insight luster. 1 Prerequisites for Deploying vrelize Log Insight in Region B Before you eploy vrelize Log Insight in Region B, verify tht your environment stisfies the requirements for this eployment. 2 Deploy vrelize Log Insight Using vrelize Suite Lifeyle Mnger in Region B First rete lol environment on vrelize Suite Lifeyle Mnger, n use it to eploy vrelize Log Insight. 3 Monitor the Deployment of vrelize Log Insight in vrelize Suite Lifeyle Mnger in Region B You n monitor the sttus of the vrelize Log Insight eployment in the vrelize Suite Lifeyle Mnger user interfe. 4 Move vrelize Log Insight Cluster Noes to Virtul Mhine Foler in Region B Use the vsphere We Client to move the vrelize Log Insight luster noes to virtul mhine foler for etter orgniztion n ese of mngement. 5 Configure DRS Anti-Affinity Rule for vrelize Log Insight in Region B To protet the vrelize Log Insight luster in Region B from host-level filure, onfigure vsphere DRS to run the worker virtul pplines on ifferent hosts in the mngement luster. VMwre, In. 183

184 6 Configure NTP for vrelize Log Insight in Region B After vrelize Log Insight luster is suessfully eploye, you will nee to onfigure NTP setting in the vrelize Log Insight UI. 7 Enle Ative Diretory for vrelize Log Insight in Region B To propgte user roles in vrelize Log Insight tht re mintine entrlly n re inline with the other solutions in the SDDC, onfigure vrelize Log Insight in Region B to use the Ative Diretory (AD) omin s n uthentition soure. Prerequisites for Deploying vrelize Log Insight in Region B Before you eploy vrelize Log Insight in Region B, verify tht your environment stisfies the requirements for this eployment. IP Aresses n Host Nmes Verify tht stti IP resses n FQDNs for the vrelize Log Insight virtul pplition network re ville for Region B of the SDDC eployment. For the pplition virtul network, llote 3 stti IP resses for the vrelize Log Insight noes n one IP ress for the integrte lo lner. Mp host nmes to the IP resses. Note Region B must e routle trough the vsphere mngement network. Tle 3 3. IP Aresses n Host Nme for the vrelize Log Insight Cluster in Region B Role IP Aress FQDN Integrte lo lner VIP ress lx01vrli01.lx01.rinpole.lol Mster noe lx01vrli01.lx01.rinpole.lol Worker noe lx01vrli01.lx01.rinpole.lol Worker noe lx01vrli01.lx01.rinpole.lol Defult gtewy DNS servers Sunet msk NTP servers ntp.lx01.rinpole.lol VMwre, In. 184

185 Deployment Prerequisites Prerequisite Storge Virtul isk provisioning: Thin Require storge per noe: Initil storge for the noe eployment: 510 GB Require storge for luster rhiving: Initil storge for rhiving: 400 GB Softwre Fetures Verify tht the vcenter Server instnes re opertionl. Verify tht the vsphere luster hs DRS n HA enle. Verify tht the NSX Mnger instnes re opertionl. Verify tht vrelize Opertions Mnger is opertionl. Verify tht the pplition virtul network is ville. Verify tht the Postmn pplition is instlle. Verify the following NFS tstore requirements: Crete n NFS shre of 400 GB in Region n export it s /VVD_vRLI_MgmtB_400GB. Verify tht the NFS server supports NFS v3. Verify tht the NFS prtition llows re n write opertions for guest ounts. Verify tht the mount oes not require uthentition. Verify tht the NFS shre is iretly essile to vrelize Log Insight. If using Winows NFS server, llow unmppe user UNIX ess (y UID/GID). Liense Ative Diretory Certifite Authority Emil ount Verify tht you hve otine vrelize Suite or vclou Suite liense with quntity tht fulfills the requirements of this esign. Verify tht you hve prent n hil Ative Diretory omin ontrollers onfigure with the role-speifi SDDC users n groups for the rinpole.lol omin. Configure the Ative Diretory omin ontroller s ertifite uthority for the environment. Provie n emil ount to sen vrelize Log Insight notifitions from. Deploy vrelize Log Insight Using vrelize Suite Lifeyle Mnger in Region B First rete lol environment on vrelize Suite Lifeyle Mnger, n use it to eploy vrelize Log Insight. 1 Log in to vrelize Suite Lifeyle Mnger user interfe. Open We rowser n go to Log in using the following reentils. User nme Psswor min@lolhost vrslm_min_psswor VMwre, In. 185

186 2 On the Home pge, lik Crete Environment, to strt new eployment. 3 On the Crete Environment pge, enter the following informtion, n lik Next. Dt Center Environment Type Environment Nme Aministrtor Emil Defult Psswor Confirm Defult Psswor Customer Experiene Improvement Progrm lx01-m01 Proution LAX-Region-Env eployment_min_emil eployment_min_psswor eployment_min_psswor Selete 4 On the Prout Detils pge, lik the vrelize Log Insight t. 5 Enter the following settings, n lik Next. New Instll Selete Version Deployment Type Smll 6 Re the EULA, selet the I gree to the terms n onitions hek ox, n lik Next. 7 On the Liense Detils pge, or selet the vrelize Suite liense. From the rop-own menu provie through the My VMwre prout entitlement, selet Selet vrelize Suite Liense, selet the liense, n lik Next. Or selet A vrelize Suite Liense, provie the vrelize Suite or vclou Suite Liense key, n lik Next. 8 Enter the following settings for Infrstruture, n lik Next. Selet vcenter Server Selet Cluster Selet Network Selet Dtstore Selet Disk Formt lx01m01v01.lx01.rinpole.lol lx01-m01-mgmt01 (lx01-m01) Distriute port group tht ens with Mgmt-RegionB01-VXLAN lx01-m01-vsn01 Thin 9 Enter the following settings for Network, n lik Next. Defult Gtewy Domin Nme lx01.rinpole.lol VMwre, In. 186

187 Domin Serh Pth lx01.rinpole.lol,rinpole.lol Domin Nme Servers , Netmsk Use Generte Certifite, n lik Next. 11 Enter the following settings for Prout Properties. Option Noe Size Configure Cluster Virtul IPs FQDN Meium Selete lx01vrli01.lx01.rinpole.lol Virtul IP Aress Clik A+ n two more vrelize Log Insight Worker Noes 13 Enter the following settings for vrli-mster. Option VM Nme Hostnme lx01vrli01 lx01vrli01.lx01.rinpole.lol IP Aress Enter the following settings for vrli-worker. Option VM Nme Hostnme lx01vrli01 lx01vrli01.lx01.rinpole.lol IP Aress Enter the following settings for vrli-worker-2. Option VM Nme Hostnme lx01vrli01 lx01vrli01.lx01.rinpole.lol IP Aress On the Prouts Detils pge, lik Next. 17 On the Pre Chek Detils pge, lik RUN PRE CHECK. Wit for ll pre-vlition suessful messges n lik Next. 18 On the Request Summry pge, review the onfigurtion etils. 19 (Optionl) To k up the eployment onfigurtion. Clik Downlo Configurtion. VMwre, In. 187

188 20 Clik Sumit to rete the environment. Monitor the Deployment of vrelize Log Insight in vrelize Suite Lifeyle Mnger in Region B You n monitor the sttus of the vrelize Log Insight eployment in the vrelize Suite Lifeyle Mnger user interfe. 1 Log in to vrelize Suite Lifeyle Mnger user interfe. Open We rowser n go to Log in using the following reentils. User nme Psswor min@lolhost vrslm_min_psswor 2 In the Nvigtor pne, lik Requests. 3 Vlite tht CREATE_ENVIRONMENT for Environment Nme:LAX-Region-Env in the Request Info olumn shows INPROGRESS stte. It n tke moment for the proess to progress from SUBMITTED to INPROGRESS stte. 4 Clik the INPROGRESS stte for Environment Nme:LAX-Region-Env in the Request Info olumn. 5 On the Requests pge, monitor the steps of the eployment grph, until the request moves to COMPLETED stte. Move vrelize Log Insight Cluster Noes to Virtul Mhine Foler in Region B Use the vsphere We Client to move the vrelize Log Insight luster noes to virtul mhine foler for etter orgniztion n ese of mngement. vrelize Suite Lifeyle Mnger eploys three vrelize Log Insight noes: one mster noe n two worker noes. Move them to single VM foler to simplify mngement. 1 Log in to vcenter Server y using the vsphere We Client. Open We rowser n go to Log in using the following reentils. User nme Psswor ministrtor@vsphere.lol vsphere_min_psswor VMwre, In. 188

189 2 From the Home menu, selet VMs n Templtes. 3 Nvigte to the lx01m01v01.lx01.rinpole.lol vcenter Server n the lx01-m01 t enter. 4 Clik the VMs t. 5 Selet the virtul mhines lx01vrli01, lx01vrli01, n lx01vrli01. 6 Right-lik n selet Move to... 7 Uner VM Folers, selet lx01-m01f-vrli, n lik OK. Configure DRS Anti-Affinity Rule for vrelize Log Insight in Region B To protet the vrelize Log Insight luster in Region B from host-level filure, onfigure vsphere DRS to run the worker virtul pplines on ifferent hosts in the mngement luster. 1 Log in to vcenter Server y using the vsphere We Client. Open We rowser n go to Log in using the following reentils. User nme Psswor ministrtor@vsphere.lol vsphere_min_psswor 2 Nvigte to the lx01m01v01.lx01.rinpole.lol vcenter Server ojet, n uner the lx01- m01 t enter ojet selet the lx01-m01-mgmt01 luster. 3 On the Configure t, selet VM/Host Rules. 4 In the VM/Host Rules list, lik the A utton ove the rules list, new nti-ffinity rule using the following etils n lik OK. Rule Attriute Nme Enle rule Type nti-ffinity-rule-vrli Yes Seprte Virtul Mhines Memers lx01vrli01 lx01vrli01 lx01vrli01 Configure NTP for vrelize Log Insight in Region B After vrelize Log Insight luster is suessfully eploye, you will nee to onfigure NTP setting in the vrelize Log Insight UI. VMwre, In. 189

190 1 Log in to the vrelize Log Insight user interfe. Open We rowser n go to Log in using the following reentils. User nme Psswor min vrli_min_psswor 2 In the vrelize Log Insight user interfe, lik the onfigurtion rop-own menu ion n selet Aministrtion. 3 Uner Configurtion, lik Time. 4 Input the following vlues s Syn Server Time With NTP Servers s NTP server (reommene) ntp.lx01.rinpole.lol 5 Clik Test n wit for the suessful messge. 6 Clik SAVE. Enle Ative Diretory for vrelize Log Insight in Region B To propgte user roles in vrelize Log Insight tht re mintine entrlly n re inline with the other solutions in the SDDC, onfigure vrelize Log Insight in Region B to use the Ative Diretory (AD) omin s n uthentition soure. 1 Log in to the vrelize Log Insight user interfe. Open We rowser n go to Log in using the following reentils. User nme Psswor min vrli_min_psswor 2 In the vrelize Log Insight user interfe, lik the onfigurtion rop-own menu ion n selet Aministrtion. 3 On the Aministrtion pge, uner Configurtion, lik Authentition. 4 On the Authentition Configurtion pge, lik the Ative Diretory t. VMwre, In. 190

191 5 Slie the toggle utton to enle the support for Ative Diretory n onfigure the Ative Diretory settings. Configure the Ative Diretory onnetion settings oring to the etils from your IT ministrtor. Enle Ative Diretory support Defult Domin Domin Controller(s) User Nme Psswor Connetion Type Require SSL Selete RAINPOLE.LOCAL 51rpl.rinpole.lol sv-vrli sv-vrli_psswor Stnr Yes or No oring to the instrutions from the IT ministrtor Clik Test Connetion to verify the onnetion, n lik Sve. Reple the Certifite to vrelize Log Insight in Region B Upte the ertifite hin of vrelize Log Insight to use truste non-efult ertifite fter eployment, to reple the self-signe ertifite use uring the eployment proess, n to support truste onnetion to the vrelize Log Insight user interfe. 1 Log in to the vrelize Log Insight user interfe. Open We rowser n go to Log in using the following reentils. User nme Psswor min vrli_min_psswor 2 In the vrelize Log Insight UI, lik the onfigurtion rop-own menu ion n selet Aministrtion. 3 Uner Configurtion, lik SSL. 4 On the SSL Configurtion pge, next to New Certifite File (PEM formt) lik Choose File, rowse to the lotion of the PEM file on your omputer, n lik Sve. Certifite Genertion Option Using the CertGenVVD tool Certifite File vrli.lx01.2.hin.pem The ertifite is uploe to vrelize Log Insight. VMwre, In. 191

192 Connet vrelize Log Insight to the vsphere Environment in Region B Strt olleting log informtion out the ESXi n vcenter Server instnes in the SDDC in Region B. 1 Connet vrelize Log Insight to vsphere in Region B After you onfigure the sv-vrli-vsphere Ative Diretory user with the vsphere privileges tht re require for retrieving log informtion from the vcenter Server instnes n ESXi hosts, onnet vrelize Log Insight to vsphere. 2 Configure vcenter Server to Forwr Log Events to vrelize Log Insight in Region B You n onfigure eh vcenter Server n Pltform Servies Controller ppline to forwr system logs n events to the vrelize Log Insight luster. You n then view n nlyze ll syslog informtion in the vrelize Log Insight we interfe. 3 Upte the Host Profiles with Syslog s in Region B To hve onsistent logging onfigurtion ross ll ESXi hosts in the lusters in Region B, upte the host profile in eh luster to ommote the syslog settings for the onnetion to vrelize Log Insight. Connet vrelize Log Insight to vsphere in Region B After you onfigure the sv-vrli-vsphere Ative Diretory user with the vsphere privileges tht re require for retrieving log informtion from the vcenter Server instnes n ESXi hosts, onnet vrelize Log Insight to vsphere. 1 Log in to the vrelize Log Insight user interfe. Open We rowser n go to Log in using the following reentils. User nme Psswor min vrli_min_psswor 2 Clik the onfigurtion rop-own menu ion n selet Aministrtion. 3 Uner Integrtion, lik vsphere. VMwre, In. 192

193 4 In the vcenter Servers pne, enter the onnetion settings for the Mngement vcenter Server n for the Compute vcenter Server. Enter the host nme, user reentils, n olletion options for the vcenter Server instnes, n lik Test Connetion. vcenter Server Option Hostnme lx01m01v01.lx01.rinpole.lol for Mngement vcenter Server lx01w01v01.lx01.rinpole.lol for Compute vcenter Server Usernme Psswor Collet vcenter Server events, tsks, n lrms Configure ESXi hosts to sen logs to Log Insight Trget sv-vrli-vsphere@rinpole.lol sv-vrli-vsphere_user_psswor Selete Selete lx01vrli01.lx01.rinpole.lol Clik Avne Options n exmine the list of ESXi hosts tht re onnete to the vcenter Server instne to verify tht you onnet to the orret vcenter Server. In the Avne Options onfigurtion winow, selet Configure ll ESXi hosts, selet UDP uner Syslog protool, n lik OK. 5 Clik A vcenter Server n repet the steps to the settings for the seon vcenter Server instne in Region B. 6 Clik Sve. A progress ilog ox ppers. 7 Clik OK in the onfirmtion ilog ox tht ppers fter vrelize Log Insight ontts the vcenter Server instnes. You see the vsphere shors uner the VMwre - vsphere ontent pk shor tegory. Configure vcenter Server to Forwr Log Events to vrelize Log Insight in Region B You n onfigure eh vcenter Server n Pltform Servies Controller ppline to forwr system logs n events to the vrelize Log Insight luster. You n then view n nlyze ll syslog informtion in the vrelize Log Insight we interfe. In Region B, onfigure the following vcenter Server n Pltform Servies Controller instnes. Appline Type Appline Mngement Interfe URL vcenter Server instnes Pltform Servies Controller instnes VMwre, In. 193

194 1 Reiret the log events from the ppline to vrelize Log Insight. Open We rowser n go to Log in using the following reentils. User nme Psswor root v_root_psswor In the Nvigtor, lik Syslog Configurtion. On the Syslog Configurtion pge, lik Eit, onfigure the following settings, n lik OK. Common Log Level * Remote Syslog Host lx01vrli01.lx01.rinpole.lol Remote Syslog Port 514 Remote Syslog Protool UDP e Repet the steps for the other pplines. 2 Verify tht the pplines re forwring their syslog trffi to vrelize Log Insight. Open We rowser n go to Log in using the following reentils. User nme Psswor min vrli_min_psswor In the vrelize Log Insight user interfe, lik Dshors n selet VMwre - vsphere uner Content Pk Dshors. Verify tht the vcenter Server noes re presente on the All vsphere events y hostnme wiget of the Generl Overview shor. Upte the Host Profiles with Syslog s in Region B To hve onsistent logging onfigurtion ross ll ESXi hosts in the lusters in Region B, upte the host profile in eh luster to ommote the syslog settings for the onnetion to vrelize Log Insight. VMwre, In. 194

195 for the Mngement Cluster for the Shre Ege n Computer Cluster vcenter Server URL Host Profiles First ESXi host lx01-m01hp-mgmt01 lx01m01esx01.lx01.rinpole.lol lx01-w01hp-mgmt01 lx01w01esx01.lx01.rinpole.lol 1 Log in to vcenter Server y using the vsphere We Client. Open We rowser n go to Log in using the following reentils. User nme Psswor ministrtor@vsphere.lol vsphere_min_psswor 2 Upte the host profile to the mngement luster. From the Home menu, selet Poliies n Profiles. In the Nvigtor pne, lik Host Profiles. Right-lik lx01-m01hp-mgmt01 n selet Copy s from Host. Selet lx01m01esx01.lx01.rinpole.lol n lik OK. 3 Verify tht the syslog host settings hve een upte. On the Host Profiles pge in the Nvigtor pne, lik lx01-m01hp-mgmt01 On the Configure t, lik s. In the Filter serh ox, enter Syslog.glol.logHost. Selet the Syslog.glol.logHost entry from the list n verify tht vlue of the option is up://lx01vrli01.lx01.rinpole.lol:514 4 Verify ompline for the hosts in the mngement luster. From the vsphere We Client Home menu, selet Hosts n Clusters. Clik the lx01-m01-mgmt01 luster, lik the Monitor t, n lik Profile Compline. Clik the Chek Compline Now utton. Verify tht ll hosts re omplint. 5 Repet the proeure with host in the shre ege n ompute luster. VMwre, In. 195

196 Connet vrelize Log Insight to vrelize Opertions Mnger in Region B Connet vrelize Log Insight in Region B to vrelize Opertions Mnger so tht you n use the Lunh in Context funtionlity etween the two pplitions, llowing for you to trouleshoot mngement noes n vrelize Opertions Mnger y using shors n lerts in the vrelize Log Insight user interfe. 1 Enle the vrelize Log Insight Integrtion with vrelize Opertions Mnger in Region B Connet vrelize Log Insight in Region B with vrelize Opertions Mnger to sen lerts to vrelize Opertions Mnger. 2 Configure the Log Insight Agent on vrelize Opertions Mnger to Forwr Log Events to vrelize Log Insight in Region B After you instll the ontent pk for vrelize Opertions Mnger, onfigure the Log Insight gent on the remote olletor noes of vrelize Opertions Mnger in Region B to sen uit logs n system events to vrelize Log Insight. Enle the vrelize Log Insight Integrtion with vrelize Opertions Mnger in Region B Connet vrelize Log Insight in Region B with vrelize Opertions Mnger to sen lerts to vrelize Opertions Mnger. 1 Log in to the vrelize Log Insight user interfe. Open We rowser n go to Log in using the following reentils. User nme Psswor min vrli_min_psswor 2 In the vrelize Log Insight user interfe, lik the onfigurtion rop-own menu ion n selet Aministrtion. 3 Uner Integrtion, lik vrelize Opertions. VMwre, In. 196

197 4 On the vrelize Opertions Mnger pne, onfigure the integrtion settings for vrelize Opertions Mnger. Hostnme Usernme Psswor Enle lerts integrtion Enle lunh in ontext Trget vrops01svr01 sv-vrli-vrops_psswor Selete Deselete lx01vrli01.lx01.rinpole.lol 5 Clik Test Connetion to vlite the onnetion n lik Sve. A progress ilog ox ppers. 6 Clik OK to lose the ilog. Configure the Log Insight Agent on vrelize Opertions Mnger to Forwr Log Events to vrelize Log Insight in Region B After you instll the ontent pk for vrelize Opertions Mnger, onfigure the Log Insight gent on the remote olletor noes of vrelize Opertions Mnger in Region B to sen uit logs n system events to vrelize Log Insight. u Configure the Log Insight gent in vrelize Opertion Mnger. Open n SSH onnetion to the vrelize Opertions Mnger pplines using the following settings. Hostnme lx01vrops01.lx01.rinpole.lol lx01vrops01.lx01.rinpole.lol User nme Psswor root vrops_root_psswor Eit the ligent.ini file on eh vrelize Opertions Mnger noe using text eitor suh s vi. vi /vr/li/loginsight-gent/ligent.ini VMwre, In. 197

198 Lote the [server] setion n unomment the following prmeters. [server] ; Log Insight server hostnme or ip ress ; If omitte the efult vlue is LOGINSIGHT hostnme=lx01vrli01.lx01.rinpole.lol ; Set protool to use: ; fpi - Log Insight REST API ; syslog - Syslog protool ; If omitte the efult vlue is fpi proto=fpi ; Log Insight server port to onnet to. If omitte the efult vlue is: ; for syslog: 512 ; for fpi without ssl: 9000 ; for fpi with ssl: 9543 port=9000 ;ssl - enle/isle SSL. Applies to fpi protool only. ; Possile vlues re yes or no. If omitte the efult vlue is no. ssl=no ; Time in minutes to fore reonnetion to the server ; If omitte the efult vlue is 30 ;reonnet=30 After the [server] setion, the following lok on eh vrelize Opertions Mnger Remote Colletor noe. [ommon glol] tgs={"vmw_vr_ops_ppnme":"vrops", "vmw_vr_ops_lusternme":"vrops01svr01rinpolelol", "vmw_vr_ops_lusterrole":"remote Colletor", "vmw_vr_ops_noenme":"<your vrops Noe Nme Here>", "vmw_vr_ops_hostnme":"<your vrops Hostnme Here>"} e Moify the following prmeters for eh noe. Prmeter Desription Lotion in ligent.ini vmw_vr_ops_noenme vmw_vr_ops_hostnme IP ress or FQDN of the vrelize Opertions Mnger noe Nme of the vrelize Opertions Mnger noe tht is set uring noe initil onfigurtion Reple eh <Your VROPS Noe Nme Here> with the following nmes: lx01vrops01 lx01vrops01 Reple eh <Your VROPS Hostnme Here> with the following nmes: lx01vrops01.lx01.rinpole.lol lx01vrops01.lx01.rinpole.lol For exmple, on the first remote olletor noe you hnge the [ommon glol] setion to ontext to the logs tht re sent to the vrelize Log Insight luster: [ommon glol] tgs={"vmw_vr_ops_ppnme":"vrops", "vmw_vr_ops_lusternme":"vrops01svr01rinpolelol", "vmw_vr_ops_lusterrole":"remote Colletor", "vmw_vr_ops_noenme":"lx01vrops01", "vmw_vr_ops_hostnme":"lx01vrops01.lx01.rinpole.lol"} VMwre, In. 198

199 f After the [ommon glol] setion, the following lok on eh vrelize Opertions Mnger Remote Colletor noe. [filelog COLLECTOR] event_mrker = ^\{4}-\{2}-\{2}[\s]\{2}:\{2}:\{2}\,\{3} iretory = /usr/li/vmwre-vops/user/log inlue = olletor*.log* tgs = {"vmw_vr_ops_logtype":"collector"} exlue = olletor-wrpper.log*;olletor-g*.log* [filelog COLLECTOR-GC] inlue = olletor-g-*.log* iretory = /usr/li/vmwre-vops/user/log event_mrker = ^\{4}-\{2}-\{2} tgs = {"vmw_vr_ops_logtype":"collector"} [filelog COLLECTOR_wrpper] tgs = {"vmw_vr_ops_logtype":"collector"} iretory = /usr/li/vmwre-vops/user/log inlue = olletor-wrpper.log* event_mrker = ^[DEBUG ERROR FATAL INFO TRACE WARN STATUS ] [filelog ADAPTERS] inlue = *.log* event_mrker = ^\{4}-\{2}-\{2}[\s]\{2}:\{2}:\{2}\,\{3} tgs = {"vmw_vr_ops_logtype":"adapter"} iretory = /t/vops/log/pters/* [filelog SUITEAPI] inlue = pi.log*;http_pi.log*;profiling_pi.log*;pi-g.log* event_mrker = ^\{4}-\{2}-\{2} tgs = {"vmw_vr_ops_logtype":"suiteapi"} iretory = /usr/li/vmwre-vops/user/log [filelog SUITEAPI-pi] iretory = /usr/li/vmwre-vops/user/log/suite-pi tgs = {"vmw_vr_ops_logtype":"suiteapi"} event_mrker = ^\{2}-\w{3}-\{4}[\s]\{2}:\{2}:\{2}\.\{3} inlue = tlin*.log*;lolhost*.log* [filelog ADMIN_UI-s-tlin] VMwre, In. 199

200 event_mrker = ^\w{3}[\s]\{1,} iretory = /usr/li/vmwre-vops/user/log/s tgs = {"vmw_vr_ops_logtype":"admin_ui"} inlue = tlin.out [filelog ADMIN_UI-s] iretory = /usr/li/vmwre-vops/user/log/s tgs = {"vmw_vr_ops_logtype":"admin_ui"} inlue = *.log* event_mrker = ^\{4}-\{2}-\{2} exlue = tlin*;lolhost* [filelog ADMIN_UI-s-tlin-log-lolhost-log] inlue = tlin.*.log;lolhost.*.log exlue = lolhost_ess_log.* tgs = {"vmw_vr_ops_logtype":"admin_ui"} event_mrker = ^\{2}-\w{3}-\{4}[\s] iretory = /usr/li/vmwre-vops/user/log/s [filelog ADMIN_UI-lolhost_ess] iretory = /usr/li/vmwre-vops/user/log/s inlue = lolhost_ess_log.* tgs = {"vmw_vr_ops_logtype":"admin_ui"} [filelog TOMCAT_WEBAPP] tgs = {"vmw_vr_ops_logtype":"tomcat_webapp"} inlue = lolhost_ess_log.*.txt iretory = /t/vops/log/prout-ui [filelog CALL_STACK] event_mrker = ^[^\s] tgs = {"vmw_vr_ops_logtype":"call_stack"} inlue = olletor*.txt iretory = /usr/li/vmwre-vops/user/log/llstk [filelog GEMFIRE] event_mrker = ^\{4}-\{2}-\{2} inlue = gemfire*.log* tgs = {"vmw_vr_ops_logtype":"gemfire"} iretory = /usr/li/vmwre-vops/user/log [filelog GEMFIRE-2] tgs = {"vmw_vr_ops_logtype":"gemfire"} iretory = /usr/li/vmwre-vops/user/log inlue = gemfire-lotor*.log;gemfire_vrelize*.log event_mrker = ^\[ exlue = *.mrker;*.gfs;*wrpper.log*;gemfire-wrpper.log* [filelog OTHER-wthog-log] iretory = /usr/li/vmwre-vops/user/log/vops-wthog tgs = {"vmw_vr_ops_logtype":"other"} event_mrker = ^\{4}-\{2}-\{2}[\s]\{2}:\{2}:\{2}\,\{3} inlue = vops-wthog*.log VMwre, In. 200

201 [filelog OTHER-mis] iretory = /usr/li/vmwre-vops/user/log event_mrker = ^\{4}-\{2}-\{2}[\s]\{2}:\{2}:\{2}\,\{3} inlue = system-exit-*.log;zerotimestmplogger- *.log;vopsconfigureroles.log*;ssnrupgre.log;entrlsqlupgre.log;upgre.log;res trthttp.log;tivte_we_ertifite.log;oomhnlerssnr.log;ip_version_onfigurtor_*.log;upgrevsutilitiesconfigs.py.log;hisupgr e.log;instller-tools.log;his-lok-tre-*.log;tions-t-*.log;lrucheprofiler- *.log*;tpurging-*.log.*;setvsutilitiespermissions.py.log;hfilover-*.log;eletemetrikeys- *.log;plement-*.log;m-ontroller.log;ssnrquery-*.log;ssnrriver- *.log;shringmnger-*.log;fsessor-*.log;tionsheuler-*.log;s.uit*.log*;funtion- invotion-ounter-*.log;onlinecpity-*.log;funtionlls- *.log;opspi.uit*.log*;istriute*.log* tgs = {"vmw_vr_ops_logtype":"other"} [filelog OTHER-mis-singlelines] inlue = evn-heker.log*;elete_tomt_logs.log;tomt-enterprise-wrpper.log;metgemfire*. log*;ui-g.log.* tgs = {"vmw_vr_ops_logtype":"other"} iretory = /usr/li/vmwre-vops/user/log [filelog OTHER-TELEMETRY] inlue = telemetry.log* iretory = /usr/li/vmwre-vops/user/log event_mrker = ^\{4}-\{2}-\{2}[\s]\{2}:\{2}:\{2} tgs = {"vmw_vr_ops_logtype":"telemetry"} Note Plese ensure there re no extr rrige returns fter long line. Eh [] setion shoul hve lines in vlue = vlue formt, exmple tgs = {"something"}. Py lose ttention to the [filelog OTHER-mis] setion's inlue. g h Press Espe n enter :wq! to sve the file. Restrt the Log Insight gent on noe y running the following onsole ommn. /et/init./ligent restrt i Verify tht the Log Insight gent is running. /et/init./ligent sttus j Repet the steps for the seon remote olletor noe. You see log informtion out the opertion of the remote olletors of vrelize Opertions Mnger in Region B on the VMwre - vrops 6.7 Log Insight shors. VMwre, In. 201

202 Connet vrelize Log Insight to the NSX Instnes in Region B Instll n onfigure the vrelize Log Insight Content Pk for NSX for vsphere for log visuliztion n lerting of the NSX for vsphere rel-time opertion in Region B. You n use the NSX-vSphere shors to monitor logs out instlltion n onfigurtion, n out virtul networking servies. 1 Instll the vrelize Log Insight Content Pk for NSX for vsphere in Region B Instll the ontent pk for NSX for vsphere to the shors for viewing log informtion in vrelize Log Insight in Region B. 2 Configure NSX Mnger to Forwr Log Events to vrelize Log Insight in Region B Configure the NSX Mnger for the mngement luster n the NSX Mnger for the shre ege n ompute luster to sen uit logs n system events to vrelize Log Insight in Region B. 3 Configure the NSX Controllers to Forwr Events to vrelize Log Insight in Region B Configure the NSX Controller instnes for the mngement luster n shre ompute n ege luster to forwr log informtion to vrelize Log Insight in Region B y using the NSX REST API. To enle log forwring, you n use REST lient, suh s the Postmn pplition. 4 Configure the NSX Ege Instnes to Forwr Log Events to vrelize Log Insight in Region B Configure the NSX Ege servies gtewys for vrelize Opertions Mnger, vrelize Log Insight, n vrelize Automtion to forwr log informtion to vrelize Log Insight in Region B. Instll the vrelize Log Insight Content Pk for NSX for vsphere in Region B Instll the ontent pk for NSX for vsphere to the shors for viewing log informtion in vrelize Log Insight in Region B. 1 Log in to vrelize Suite Lifeyle Mnger user interfe. Open We rowser n go to Log in using the following reentils. User nme Psswor min@lolhost vrslm_min_psswor 2 Clik Mrketple n lik Downlo t. 3 Clik the menu ion on the top right of the NSX-v for vsphere Content Pk n selet Instll. VMwre, In. 202

203 4 In the NSX-v for vsphere Content Pk winow, enter the following settings, n lik Instll. Selet Dtenter Selet Environment lx01-m01 LAX-Region-Env Configure NSX Mnger to Forwr Log Events to vrelize Log Insight in Region B Configure the NSX Mnger for the mngement luster n the NSX Mnger for the shre ege n ompute luster to sen uit logs n system events to vrelize Log Insight in Region B. 1 On the Winows host tht hs ess to the t enter, log in to the NSX Mnger We interfe. Open We rowser n go to following URL. NSX Mnger NSX Mnger for the mngement luster NSX Mnger for the shre ompute n ege luster URL Log in using the following reentils. User nme min Psswor nsx_mnger_min_psswor 2 On the min pge of the ppline user interfe, lik Mnge Appline s. 3 Uner s, lik Generl, n in the Syslog Server pne, lik Eit. 4 In the Syslog Server ilog ox, onfigure vrelize Log Insight s syslog server y entering the following settings n lik OK. Syslog Server Syslog Server lx01vrli01.lx01.rinpole.lol Port 514 Protool UDP 5 Repet the steps for the other NSX Mnger instne. Configure the NSX Controllers to Forwr Events to vrelize Log Insight in Region B Configure the NSX Controller instnes for the mngement luster n shre ompute n ege luster to forwr log informtion to vrelize Log Insight in Region B y using the NSX REST API. To enle log forwring, you n use REST lient, suh s the Postmn pplition. VMwre, In. 203

204 1 Log in to the Winows host tht hs ess to your t enter. 2 Strt the Postmn pplition n log in. 3 Speify the request heers for requests to NSX Mnger. On the Authentition t, onfigure the following uthoriztion settings n lik Upte Request. Type Usernme Psswor Bsi Auth min nsx_min_psswor The Authoriztion:Bsi XXX heer ppers in the Heers pne. On the Heers t, enter the following heer etils. Request Heer Attriute Content-Type pplition/xml The Content-Type:pplition/xml heer ppers in the Heers pne. 4 Contt the NSX Mnger to retrieve the IDs of the ssoite NSX Controllers. Selet GET from the rop-own menu tht ontins the HTTP request methos. In the URL text ox next to the selete metho, enter the following URL, n lik Sen. NSX Mnger NSX Mnger for the mngement luster NSX Mnger for the shre ompute n ege luster URL The Postmn pplition sens query to the NSX Mnger out the instlle NSX ontrollers. After the NSX Mnger sens response k, lik the Boy t in the response pne. The response oy ontins root <ontrollers> XML element tht groups the etils out the three ontrollers tht form the ontroller luster. Within the <ontrollers> element, lote the <ontroller> element for eh ontroller n write own the ontent of the <i> element. Controller IDs hve the ontroller-i formt where i represents the sequene numer of the ontroller in the luster, for exmple, ontroller-4. e Repet the steps for the other NSX Mnger. VMwre, In. 204

205 5 For eh NSX Controller, sen request to onfigure vrelize Log Insight s remote syslog server. In the request pne t the top, selet POST from the rop-own menu tht ontins the HTTP request methos, n in the URL text ox, enter the following URL. Reple ontroller-id with the ontroller IDs you hve written own. NSX Mnger NSX Mnger for the mngement luster NSX Mnger for the shre ege n ompute luster NSX Controller in the Controller Cluster NSX Controller 4 NSX Controller 5 NSX Controller 6 NSX Controller 4 NSX Controller 5 NSX Controller 6 POST URL oller/ontroller-4/syslog oller/ontroller-5/syslog oller/ontroller-6/syslog oller/ontroller-4/syslog oller/ontroller-5/syslog oller/ontroller-6/syslog In the Request pne, lik the Boy t, selet Rw, n using the rop-own menu, selet XML (Applition/XML). Pste the following request oy in the Boy text ox n lik Sen. <ontrollersyslogserver> <syslogserver> </syslogserver> <port>514</port> <protool>udp</protool> <level>info</level> </ontrollersyslogserver> Repet the steps for the other NSX Controllers in the mngement luster n in the shre ege n ompute luster. 6 Verify the syslog onfigurtion on eh NSX Controller. In the Request pne, from the Metho rop-own menu, selet GET, in the URL text ox, ontroller-speifi syslog URL from Step 5 n lik the SEND utton. After the NSX Mnger sens response k, lik the Boy t uner Response. The response oy ontins root <ontrollersyslogserver> element tht represents the settings for the remote syslog server on the NSX Controller. Verify tht the vlue of the <syslogserver> element is Repet the steps for the other NSX Controllers to verify the syslog onfigurtion. VMwre, In. 205

206 Configure the NSX Ege Instnes to Forwr Log Events to vrelize Log Insight in Region B Configure the NSX Ege servies gtewys for vrelize Opertions Mnger, vrelize Log Insight, n vrelize Automtion to forwr log informtion to vrelize Log Insight in Region B. 1 Log in to vcenter Server y using the vsphere We Client. Open We rowser n go to Log in using the following reentils. User nme Psswor ministrtor@vsphere.lol vsphere_min_psswor 2 From the Home menu, selet Networking & Seurity > NSX Eges. 3 On the NSX Eges pge, selet the NSX Mnger instne from the NSX Mnger rop-own menu. NSX Mnger Instne IP Aress NSX Mnger for the mngement luster NSX Mnger for the shre ege n ompute luster The ege evies in the sope of the NSX Mnger pper. 4 Configure the log forwring on eh ege servie gtewy. Doule-lik the ege evie to open its user interfe. Trffi Mngement NSX Ege Servie Gtewy Compute NSX Ege Servie Gtewy North-South Routing lx01m01esg01 lx01w01esg01 North-South Routing lx01m01esg02 lx01w01esg02 Est-West Routing - lx01w01lr01 Lo Blner lx01m01l01 - PSC Lo Blner lx01ps01 - On the NSX Ege evie pge, lik the Mnge t, lik s n lik Configurtion. In the Detils pnel, lik Chnge next to Syslog servers. VMwre, In. 206

207 In the Eit Syslog Servers Configurtion ilog ox, onfigure the following settings n lik OK. Syslog server Protool UDP e Repet the steps for the next NSX Ege evie. The vrelize Log Insight user interfe in Region B strts showing log t in the NSX-vSphere- Overview shor ville uner the VMwre - NSX-vSphere group of ontent pk shors. Collet Operting System Logs from the Mngement Virtul Applines in vrelize Log Insight in Region B Instll n onfigure the vrelize Log Insight Content Pk for Linux to visulize n nlyze operting system logs from the mngement virtul pplines. 1 Instll the vrelize Log Insight Content Pk for Linux in Region B Instll the ontent pk for VMwre Linux to the shors for viewing log informtion in vrelize Log Insight in Region B out the operting system of the mngement virtul pplines. 2 Configure Log Insight Agent Grouper for the Mngement Virtul Applines in Region B After you instll the ontent pk for Linux, to use shors for operting system logs from the mngement virtul pplines in the SDDC, onfigure n gent group to pply ommon settings to the gents on the pplines in the region. Instll the vrelize Log Insight Content Pk for Linux in Region B Instll the ontent pk for VMwre Linux to the shors for viewing log informtion in vrelize Log Insight in Region B out the operting system of the mngement virtul pplines. 1 Log in to vrelize Suite Lifeyle Mnger user interfe. Open We rowser n go to Log in using the following reentils. User nme Psswor min@lolhost vrslm_min_psswor 2 Clik Mrketple n lik the Downlo t. 3 Lote the Linux Content Pk. 4 Clik the menu ion on the top right of the Linux Content Pk n selet Instll. VMwre, In. 207

208 5 In the Linux Content Pk winow, enter the following settings, n lik Instll. Selet Dtenter Selet Environment lx01-m01 LAX-Region-Env Configure Log Insight Agent Grouper for the Mngement Virtul Applines in Region B After you instll the ontent pk for Linux, to use shors for operting system logs from the mngement virtul pplines in the SDDC, onfigure n gent group to pply ommon settings to the gents on the pplines in the region. 1 Log in to the vrelize Log Insight user interfe. Open We rowser n go to Log in using the following reentils. User nme Psswor min vrli_min_psswor 2 Clik the onfigurtion rop-own menu ion n selet Aministrtion. 3 Uner Mngement, lik Agents. 4 From the rop-own menu t the top, selet Linux from the Aville Templtes setion. 5 Clik Copy Templte. 6 In the Copy Agent Group ilog ox, enter VA - Linux Agent Group in the Nme text ox n lik Copy. 7 In the gent filter text oxes, use the following seletions. Filter Opertor s Hostnme mthes lx01vrops01.lx01.rinpole.lol lx01vrops01.lx01.rinpole.lol Press Enter to seprte the host nme vlues. 8 Clik Refresh n verify tht ll the gents liste in the filter pper in the Agents list. 9 Clik Sve New Group t the ottom of the pge. VMwre, In. 208

209 10 Verify tht log t is showing up on the Linux shors. On the min nvigtion r, lik Dshors. Expn Linux n lik Seurity - Overview. You see events tht hve ourre over the pst 48 hours. Configure Log Retention n Arhiving for vrelize Log Insight in Region B In vrelize Log Insight in Region B, set log retention notifition threshol to one week n rhive logs for 90 ys oring to the VMwre Vlite Design Arhiteture n Design oumenttion. 1 Log in to the vrelize Log Insight user interfe. Open We rowser n go to Log in using the following reentils. User nme Psswor min vrli_min_psswor 2 In the vrelize Log Insight user interfe, lik the onfigurtion rop-own menu ion n selet Aministrtion. 3 Configure notifition out rehing retention threshol of one week. Log Insight ontinully estimtes how long t n e retine with the urrently ville pool of storge. If the estimtion rops elow the retention threshol of one week, Log Insight immeitely notifies the ministrtor tht the mount of serhle log t is likely to rop. Uner Configurtion, lik Generl. On the Generl Configurtion pge, uner the Alerts setion, input the following vlues. Emil System Notifitions To Sen HTTP Post System Notifitions To support-tem@rinpole.lol Selet the Sen notifition when pity rops elow hek ox next to the Retention Notifition Threshol settings, n enter one week perio in the text ox unerneth. Clik Sve. 4 Configure t rhiving. Uner Configurtion, lik Arhiving. Selet the Enle Dt Arhiving hek ox. VMwre, In. 209

210 e In the Arhive Lotion text ox, enter the pth in the form of nfs://nfs-server-ress/vvd_vrli_mgmtb_400gb to n NFS prtition where logs re to e rhive. Clik Test next to the Arhive Lotion text ox to verify tht the shre is essile. Clik Sve. Configure Event Forwring Between Region A n Region B Aoring to vrelize Log Insight Design, vrelize Log Insight is not file over to the reovery region. Use log event forwring in vrelize Log Insight to retin rel-time logs in the protete region if one region eomes unville. See vrelize Log Insight Design n Logging Arhiteture in the VMwre Vlite Design Arhiteture n Design oumenttion. 1 Configure Event Forwring in Region A You enle log forwring from vrelize Log Insight in Region A to vrelize Log Insight in Region B to prevent lost of Region A relte logs in the event of isster. 2 Configure Event Forwring in Region B You enle log forwring from vrelize Log Insight in Region B to vrelize Log Insight in Region A to prevent lost of Region B relte logs in the event of isster. 3 A Log Filter in Region A A filter to voi forwring log events lrey forwre to Region A k to their soure Log Insight eployment in Region B. Using filter prevents looping when the Log Insight eployments in Region A n Region B forwr logs to eh other. Configure Event Forwring in Region A You enle log forwring from vrelize Log Insight in Region A to vrelize Log Insight in Region B to prevent lost of Region A relte logs in the event of isster. Provie the following settings for log forwring to vrelize Log Insight in Region B: Injet the vrelize Log Insight SSL ertifite for Region B into the Jv keystore of vrelize Log Insight noe in Region A. Trget URL, protool, n tgging Disk he Disk he represents the mount of lol isk spe you n onfigure to reserve for uffering events to e forwre. Buffering is use when the remote estintion is unville or unle to proess the events sent to it. If the lol uffer eomes full while the remote estintion is still unville, the olest lol events re roppe n not forwre to the remote estintion. VMwre, In. 210

211 1 Import the SSL ertifite of vrelize Log Insight for Region B into the Jv keystore of vrelize Log Insight noe in Region A. Open n SSH session to the vrelize Log Insight noe. Nme sfo01vrli01.sfo01.rinpole.lol Role Mster noe sfo01vrli01.sfo01.rinpole.lol Worker noe 1 sfo01vrli01.sfo01.rinpole.lol Worker noe 2 Log in using the following reentils. User nme Psswor root vrli_regiona_root_psswor Crete working iretory on the vrelize Log Insight noe. mkir /tmp/ssl /tmp/ssl Extrt the root ertifite from the estintion vrelize Log Insight in the Region B. eho "" openssl s_lient -showerts -servernme lx01vrli01.lx01.rinpole.lol -onnet lx01vrli01.lx01.rinpole.lol:443 -prexit 2>/ev/null se -n -e '/BEGIN\ CERTIFICATE/,/END\ CERTIFICATE/ p' > ert.pem split -f iniviul- ert.pem '/-----BEGIN CERTIFICATE-----/' '{*}' root_ert=$(ls iniviul-* sort -n -t- til -1) p -f -- "$root_ert" root.rt e Import the root.rt file in the Jv keystore of the vrelize Log Insight noe. /usr/jv/efult/li/seurity/../../in/keytool -import -lis loginsight -file /tmp/ssl/root.rt -keystore erts f g h When prompte for keystore psswor, type hngeit When prompte to ept the ertifite, type yes Reoot the vrelize Log Insight noe y running the following ommn. reoot i Wit until the vrelize Log Insight noe finishe reooting. j Repet this opertion on ll vrelize Log Insight noes in Region A. VMwre, In. 211

212 2 Log in to the vrelize Log Insight user interfe. Open We rowser n go to Log in using the following reentils. User nme Psswor min eployment_min_psswor 3 In the vrelize Log Insight user interfe, lik the onfigurtion rop-own menu ion n selet Aministrtion. 4 Uner Mngement, lik Event Forwring. 5 On the Event Forwring pge, lik New Destintion n enter the following forwring settings in the New Destintion ilog ox. Forwring Destintion Nme Host Protool Use SSL Tgs SFO01 to LAX01 lx01vrli01.lx01.rinpole.lol Ingestion API Selete site=sfo01 Avne s Port 9543 Disk Che 2000 MB Worker Count 8 6 In the New Destintion ilog ox, lik Test to verify tht the onnetion settings re orret. 7 Clik Sve to sve the forwring new estintion. The Event Forwring pge in the vrelize Log Insight user interfe strts showing summry of the forwre events. Configure Event Forwring in Region B You enle log forwring from vrelize Log Insight in Region B to vrelize Log Insight in Region A to prevent lost of Region B relte logs in the event of isster. Provie the following settings for log forwring to vrelize Log Insight in Region A: Injet the vrelize Log Insight SSL ertifite for Region A into the Jv keystore of vrelize Log Insight noe in Region B. Trget URL, protool, n tgging Filtering VMwre, In. 212

213 A filter to voi forwring log events k to the Log Insight eployment in Region A. Using filter prevents from looping when the Log Insight eployments in Region A n Region B forwr logs to eh other. Disk he Disk he represents the mount of lol isk spe you n onfigure to reserve for uffering events to e forwre. Buffering is use when the remote estintion is unville or unle to proess the events sent to it. If the lol uffer eomes full n the remote estintion is still unville, the olest lol events re roppe n not forwre to the remote estintion. 1 Import the root ertifite in the Jv keystore on eh vrelize Log Insight noe in Region B. Open n SSH session n go to the vrelize Log Insight noe. Nme lx01vrli01.lx01.rinpole.lol Role Mster noe lx01vrli01.lx01.rinpole.lol Worker noe 1 lx01vrli01.lx01.rinpole.lol Worker noe 2 Log in using the following reentils. Nme User nme Psswor Role root vrli_regionb_root_psswor Crete working iretory on the vrelize Log Insight noe. mkir /tmp/ssl /tmp/ssl Extrt the root ertifite from the estintion vrelize Log Insight in Region A. eho "" openssl s_lient -showerts -servernme sfo01vrli01.sfo01.rinpole.lol -onnet sfo01vrli01.sfo01.rinpole.lol:443 -prexit 2>/ev/null se -n -e '/BEGIN\ CERTIFICATE/,/END\ CERTIFICATE/ p' > ert.pem split -f iniviul- ert.pem '/-----BEGIN CERTIFICATE-----/' '{*}' root_ert=$(ls iniviul-* sort -n -t- til -1) p -f -- "$root_ert" root.rt VMwre, In. 213

214 e Import the root.rt in the Jv keystore of the vrelize Log Insight noe. /usr/jv/efult/li/seurity/../../in/keytool -import -lis loginsight -file /tmp/ssl/root.rt -keystore erts f g h When prompte for keystore psswor, type hngeit. When prompte to ept the ertifite, type yes. Reoot the vrelize Log Insight noe y performing the following ommn. reoot i Wit until the vrelize Log Insight noe finishe reooting. j Repet this opertion on ll vrelize Log Insight noes in Region B. 2 Log in to the vrelize Log Insight user interfe. Open We rowser n go to Log in using the following reentils. User nme Psswor min vrli_min_psswor 3 In the vrelize Log Insight user interfe, lik the onfigurtion rop-own menu ion n selet Aministrtion. 4 Uner Mngement, lik Event Forwring. 5 On the Event Forwring pge, lik New Destintion n enter the following forwring settings in the New Destintion ilog ox. Forwring Destintion Option Nme Host Protool Use SSL Tgs LAX01 to SFO01 sfo01vrli01.sfo01.rinpole.lol Ingestion API Selete site=lax01 Filter Filter Type Opertor site oes not mth SFO01 Avne s Port 9543 VMwre, In. 214

215 Forwring Destintion Option Disk Che 2000 MB Worker Count 8 6 In the New Destintion ilog ox, lik Test to verify tht the onnetion settings re orret. 7 Clik Sve to sve the forwring new estintion. The Event Forwring pge in the vrelize Log Insight user interfe strts showing summry of the forwre events. A Log Filter in Region A A filter to voi forwring log events lrey forwre to Region A k to their soure Log Insight eployment in Region B. Using filter prevents looping when the Log Insight eployments in Region A n Region B forwr logs to eh other. 1 Log in to the vrelize Log Insight user interfe. Open We rowser n go to Log in using the following reentils. User nme Psswor min eployment_min_psswor 2 In the vrelize Log Insight user interfe, lik the onfigurtion rop-own menu ion n selet Aministrtion. 3 Uner Mngement, lik Event Forwring. 4 A filter to prevent forwring loops. In the Event Forwring pge of the vrelize Log Insight user interfe, lik the Eit ion of the SFO01 to LAX01 estintion. In the Eit Destintion ilog ox, lik A Filter n enter the following filter ttriutes. Filter Attriute Filter Type Opertor site oes not mth LAX01 5 Clik Sve. Note If you re unle to set the Filter Type, plese wit 5-10 minutes for region B's logs to e forwr to region A VMwre, In. 215

216 The Event Forwring pge in the vrelize Log Insight user interfe shows summry of the forwre events. VMwre, In. 216

217 Region B Clou Mngement 4 Implementtion The Clou Mngement Pltform (CMP) onsists of integrte prouts tht provie for the mngement of puli, privte, n hyri lou environments. CMP onsists of vrelize Automtion, vrelize Orhestrtor, n vrelize Business. vrelize Automtion inorportes virtul mhine provisioning n self-servie portl. vrelize Business enles illing n hrgek funtions. vrelize Orhestrtor provies workflow optimiztion. The following proeures esrie the vlite flow of instlltion n onfigurtion for the seon site in the enterprise. 1 Prerequisites for Clou Mngement Pltform Implementtion in Region B Verify tht the following onfigurtions re estlishe efore you egin the Clou Mngement Pltform proeures in Region B. 2 Configure Servie Aount Privileges in Region B To llow provisioning virtul mhines n logil networks, onfigure privileges for vrelize Automtion for the servie ount sv-vr@rinpole.lol on oth the Compute vcenter Server n the Compute Cluster NSX Instne. 3 Deploy the Clou Mngement Pltform in Region B By using the vrelize Suite Lifeyle Mnger instlltion wizr, you eploy vrelize Automtion Proxy Agents n vrelize Business for Clou Dt Colletor. Strt y onfiguring lo lner for vrelize Automtion servies n perform itionl onfigurtion for vrelize Automtion Proxy Agents n vrelize Business for Clou Dt Colletor. 4 Emee vrelize Orhestrtor Configurtion in Region B VMwre Emee vrelize Orhestrtor provies lirry of extensile workflows to llow you to rete n run utomte, onfigurle proesses to mnge your VMwre vsphere infrstruture, s well s other VMwre n thir-prty pplitions. 5 vrelize Business Configurtion in Region B vrelize Business is n IT finnil mngement tool tht provies trnspreny n ontrol over the osts n qulity of IT servies, enling lignment with the usiness n elertion of IT trnsformtion. VMwre, In. 217

218 6 Content Lirry Configurtion in Region B Content lirries re ontiner ojets for VM templtes, vapp templtes, n other types of files. vsphere ministrtors n use the templtes in the lirry to eploy virtul mhines n vapps in the vsphere inventory. Shring templtes n files ross multiple vcenter Server instnes in sme or ifferent lotions rings out onsisteny, ompline, effiieny, n utomtion in eploying worklos t sle. 7 Tennt Content Cretion in Region B To provision virtul mhines in the Compute vcenter Server instne, you onfigure the tennt to use vcenter Server ompute resoures. 8 Opertions Mngement Configurtion for Clou Mngement in Region B After you instll the omponents of the Clou Mngement Pltform in Region B, enle their integrtion with the opertions mngement lyer. You n monitor n reeive lerts n logs out the pltform to entrl lotion y using vrelize Opertions Mnger n vrelize Log Insight. Prerequisites for Clou Mngement Pltform Implementtion in Region B Verify tht the following onfigurtions re estlishe efore you egin the Clou Mngement Pltform proeures in Region B. DNS Entries n IP Aress Mppings in Region B Verify tht the stti IP resses n fully qulifie omin nmes (FQDN) liste in the following tle, re ville for the vrelize Automtion pplition virtul network for the seon region of the SDDC eployment. Tle 4 1. IP Aresses n Host Nmes for the vrelize Automtion Proxy Agents n vrelize Business Dt Colletor in Region B Role IP Aress FQDN vrelize Automtion Proxy Agents lx01is01.lx01.rinpole.lol lx01is01.lx01.rinpole.lol vrelize Business Dt Colletor lx01vr01.lx01.rinpole.lol Defult gtewy DNS server Sunet msk NTP ntp.sfo01.rinpole.lol ntp.lx01.rinpole.lol VMwre, In. 218

219 Configure Servie Aount Privileges in Region B To llow provisioning virtul mhines n logil networks, onfigure privileges for vrelize Automtion for the servie ount sv-vr@rinpole.lol on oth the Compute vcenter Server n the Compute Cluster NSX Instne. 1 Configure Servie Aount Privileges on the Compute vcenter Server in Region B Configure Aministrtor privileges for the sv-vr n sv-vro users on the Compute vcenter Server in Region B. 2 Configure the Servie Aount Privilege on the Compute Cluster NSX Instne in Region B Configure Enterprise Aministrtor privileges for the sv-vr@rinpole.lol servie ount. Configure Servie Aount Privileges on the Compute vcenter Server in Region B Configure Aministrtor privileges for the sv-vr n sv-vro users on the Compute vcenter Server in Region B. If you more Compute vcenter Server instnes in the future, perform this proeure on those instnes s well. 1 Log in to the Compute vcenter Server y using the vsphere We Client. Open We rowser n go to Log in using the following reentils. User nme Psswor ministrtor@vsphere.lol vsphere_min_psswor 2 In the Nvigtor pne, selet Glol Inventory Lists > vcenter Servers. 3 Right-lik the lx01w01v01.lx01.rinpole.lol instne n selet A Permission. 4 In the A Permission ilog ox, lik the A utton. The Selet Users/Groups ilog ox ppers. 5 Selet rinpole.lol from the Domin rop-own menu, type sv in the Serh text ox n press Enter to filter user n group nmes. 6 Selet sv-vr n sv-vro from the User/Group list, lik the A utton n lik OK. VMwre, In. 219

220 7 In the A Permission ilog ox, selet Aministrtor from the Assigne Role rop-own menu n lik OK. The sv-vr n sv-vro users now hve n Aministrtor privilege on the Compute vcenter Server in Region A. Configure the Servie Aount Privilege on the Compute Cluster NSX Instne in Region B Configure Enterprise Aministrtor privileges for the sv-vr@rinpole.lol servie ount. 1 Log in to the Compute vcenter Server y using the vsphere We Client. Open We rowser n go to Log in using the following reentils. User nme Psswor ministrtor@vsphere.lol vsphere_min_psswor 2 From the Home menu, selet Networking & Seurity. 3 In the Nvigtor pne, selet Users n Domins. 4 Uner the Users t, selet the Compute NSX Mnger from the rop-own menu, lik the A ion. The Assign Role wizr ppers. 5 On the Ientify User pge, selet the Speify vcenter user rio utton, enter sv-vr@rinpole.lol in the User text ox, n lik Next. 6 On the Selet Roles pge, selet the Enterprise Aministrtor rio utton, n lik Finish. The sv-vr@rinpole.lol user is now onfigure s n Enterprise Aministrtor for the ompute luster NSX instne, n ppers in the list of users n roles. Deploy the Clou Mngement Pltform in Region B By using the vrelize Suite Lifeyle Mnger instlltion wizr, you eploy vrelize Automtion Proxy Agents n vrelize Business for Clou Dt Colletor. Strt y onfiguring lo lner for vrelize Automtion servies n perform itionl onfigurtion for vrelize Automtion Proxy Agents n vrelize Business for Clou Dt Colletor. VMwre, In. 220

221 Lo Blning the Clou Mngement Pltform in Region B You onfigure lo lning for ll servies n omponents relte to vrelize Automtion n vrelize Orhestrtor y using n NSX Ege lo lner. The lo lner is enle when CMP fils over to Region B if Region A eomes unville in the event of isster or plnne migrtion. Configure the lo lner efore you eploy the vrelize Automtion ppline, euse you nee the virtul IP (VIP) resses to eploy the vrelize Automtion ppline. 1 A Virtul IP Aresses to the NSX Lo Blner in Region B As the first step of onfiguring lo lning, you virtul IP Aresses to the ege interfes. 2 Crete Applition Profiles in Region B Crete n pplition profile to efine the ehvior of prtiulr type of network trffi. After onfiguring profile, you ssoite the profile with virtul server. The virtul server then proesses trffi oring to the vlues speifie in the profile. Using profiles enhnes your ontrol over mnging network trffi, n mkes trffi-mngement tsks esier n more effiient. 3 Crete Servie Monitoring in Region B The servie monitor efines helth hek prmeters for the lo lner. You rete servie monitor for eh omponent. 4 Crete Server Pools in Region B A server pool onsists of k-en server memers. After you rete server pool, you ssoite servie monitor with the pool to mnge n shre the k-en servers flexily n effiiently. 5 Crete Virtul Servers in Region B After lo lning is set up, the NSX lo lner istriutes network trffi ross multiple servers. When virtul server reeives request, it selets the pproprite pool to sen trffi to. Eh pool onsists of one or more memers. You rete virtul servers for ll of the onfigure server pools. A Virtul IP Aresses to the NSX Lo Blner in Region B As the first step of onfiguring lo lning, you virtul IP Aresses to the ege interfes. VMwre, In. 221

222 1 Log in to vcenter Server y using the vsphere We Client. Open We rowser n go to Log in using the following reentils. User nme Psswor ministrtor@vsphere.lol vsphere_min_psswor 2 Clik Networking & Seurity. 3 In the Nvigtor pne, lik NSX Eges. 4 From the NSX Mnger rop-own menu, selet s the NSX Mnger n oule-lik the lx01m01l01 NSX Ege to eit its network settings. 5 Clik the Mnge t, lik s, n selet Interfes. 6 Selet the OneArmLB interfe n lik the Eit ion. 7 In the Eit NSX Ege Interfe ilog ox, the VIP resses of the vrelize Automtion noes in the Seonry IP Aresses text ox. Note The Connetivity Sttus remins Disonnete. Seonry IP Aress , , , VMwre, In. 222

223 8 Clik OK to sve the onfigurtion. Crete Applition Profiles in Region B Crete n pplition profile to efine the ehvior of prtiulr type of network trffi. After onfiguring profile, you ssoite the profile with virtul server. The virtul server then proesses trffi oring to the vlues speifie in the profile. Using profiles enhnes your ontrol over mnging network trffi, n mkes trffi-mngement tsks esier n more effiient. VMwre, In. 223