Deployment for Region A. Modified on 21 DEC 2017 VMware Validated Design 4.1 VMware Validated Design for Software-Defined Data Center 4.

Transcription

1 Modified on 21 DEC 2017 VMwre Vlidted Design 4.1 VMwre Vlidted Design for Softwre-Defined Dt Center 4.1

2 You n find the most up-to-dte tehnil doumenttion on the VMwre wesite t: If you hve omments out this doumenttion, sumit your feedk to dofeedk@vmwre.om VMwre, In Hillview Ave. Plo Alto, CA Copyright 2016, 2017 VMwre, In. All rights reserved. Copyright nd trdemrk informtion. VMwre, In. 2

3 Contents 1 Aout VMwre Vlidted Design for Deployment Region A 4 Updted Informtion 5 2 Region A Virtul Infrstruture Implementtion 6 Instll nd Configure ESXi Hosts in Region A 6 Deploy nd Configure the Pltform Servies Controller nd vcenter Server Components in Region A 12 Deploy nd Configure the Mngement Cluster NSX Instne in Region A 45 Deploy nd Configure the Shred Edge nd Compute Cluster Components in Region A 101 Deploy nd Configure the Shred Edge nd Compute Cluster NSX Instne in Region A 122 Deploy vsphere Dt Protetion in Region A 158 Reple Certifites in Region A Region A Cloud Mngement Pltform Implementtion 176 Prerequisites for Cloud Mngement Pltform Implementtion in Region A 177 Configure Servie Aount Privileges in Region A 186 vrelize Automtion Instlltion in Region A 189 vrelize Automtion Defult Tennt Configurtion in Region A 224 vrelize Automtion Tennt Cretion in Region A 228 Emedded vrelize Orhestrtor Configurtion in Region A 240 vrelize Business Instlltion in Region A 249 Cloud Mngement Pltform Post-Instlltion Tsks in Region A 257 Content Lirry Configurtion in Region A 263 Tennt Content Cretion in Region A Region A Opertions Implementtion 296 Region A vrelize Opertions Mnger Implementtion 296 Region A vrelize Log Insight Implementtion 343 Region A vsphere Updte Mnger Downlod Servie Implementtion 392 VMwre, In. 3

4 Aout VMwre Vlidted Design 1 for Deployment Region A VMwre Vlidted Design Deployment for Region A provides step-y-step instrutions for instlling, onfiguring, nd operting softwre-defined dt enter (SDDC) sed on the VMwre Vlidted Design for Softwre-Defined Dt Center. VMwre Vlidted Design Deployment for Region A does not ontin step-y-step instrutions for performing ll of the required post-onfigurtion tsks euse they often depend on ustomer requirements. Intended Audiene The VMwre Vlidted Design Deployment for Region A doument is intended for loud rhitets, infrstruture dministrtors nd loud dministrtors who re fmilir with nd wnt to use VMwre softwre to deploy in short time nd mnge n SDDC tht meets the requirements for pity, slility, kup nd restore, nd extensiility for disster reovery support. Required VMwre Softwre VMwre Vlidted Design Deployment for Region A is omplint nd vlidted with ertin produt versions. See VMwre Vlidted Design Relese Notes for more informtion out supported produt versions. VMwre, In. 4

5 Updted Informtion This Deployment for Region A doument is updted with eh relese of the produt or when neessry. This tle provides the updte history of the Deployment for Region A doument. Revision Desription 26 SEP 2017 Step 4 ws missing dsh for the prmeter l-fqdn in the ommnd. See Step 4d Added domin field to vrelize Orhestrtor server login steps. See: Configure Emedded vrelize Orhestrtor Server in Region A Vlidte the Configurtion of vrelize Orhestrtor in Region A Configure Authentition Provider for vrelize Orhestrtor in Region A Added step to keep the vo-onfigurtor servie running fter you restrt the vrelize Automtion Applines. See Configure the Emedded vrelize Orhestrtor in Region A. Added step for onfiguring uplinks for the sfo01-m01-vds01-uplink01 nd sfo01-m01-vds01-uplink02 port groups. Eh uplink group is onneted only to single physil NIC. See Crete vsphere Distriuted Swith for the Mngement Cluster in Region A. Added step for onfiguring uplinks for the sfo01-w01-vds01-uplink01 nd sfo01-w01-vds01-uplink02 port groups. Eh uplink group is onneted only to single physil NIC. See Crete vsphere Distriuted Swith for the Shred Edge nd Compute Cluster in Region A. 22 AUG 2017 Initil Relese VMwre, In. 5

6 Region A Virtul Infrstruture 2 Implementtion The Virtul Infrstruture in Region A is implemented through the following high level proedures. 1 Instll nd Configure ESXi Hosts in Region A Strt the deployment of your virtul infrstruture y instlling nd onfiguring ll the ESXi hosts in Region A. 2 Deploy nd Configure the Pltform Servies Controller nd vcenter Server Components in Region A Deploy nd onfigure the luster omponents for oth the mngement luster nd the shred edge nd ompute luster. 3 Deploy nd Configure the Mngement Cluster NSX Instne in Region A This design uses two seprte NSX instnes per region. One instne is tied to the Mngement vcenter Server, nd the other instne is tied to the Compute vcenter Server. Deploy nd onfigure the NSX instne for the mngement luster in Region A. 4 Deploy nd Configure the Shred Edge nd Compute Cluster Components in Region A Deploy nd onfigure the shred edge nd ompute luster omponents. 5 Deploy nd Configure the Shred Edge nd Compute Cluster NSX Instne in Region A Deploy nd onfigure the NSX instne for the shred edge nd ompute luster in Region A. 6 Deploy vsphere Dt Protetion in Region A Deploy vsphere Dt Protetion to k up nd restore SDDC mngement omponents in Region A. 7 Reple Certifites in Region A By defult, virtul infrstruture mngement omponents use TLS/SSL ertifites tht re signed y the VMwre Certifite Authority (VMCA). In this design, you reple user-fing ertifites with ertifites tht re signed y Mirosoft Certifite Authority (CA). Instll nd Configure ESXi Hosts in Region A Strt the deployment of your virtul infrstruture y instlling nd onfiguring ll the ESXi hosts in Region A. VMwre, In. 6

7 1 Prerequisites for Instlltion of ESXi Hosts in Region A Instll nd onfigure the ESXi hosts for the mngement luster nd the shred edge nd ompute luster y using the sme proess. 2 Instll ESXi Intertively on All Hosts in Region A Instll ll ESXi hosts for ll lusters intertively. 3 Configure the Network on All Hosts in Region A After the initil oot, use the ESXi Diret Console User Interfe (DCUI) for initil host network onfigurtion nd dministrtive ess. 4 Configure vsphere Stndrd Swith on Host in the Mngement Cluster in Region A You must perform network onfigurtion from the VMwre Host Client only for the sfo01m01esx01 host. You perform ll other host networking onfigurtion fter the deployment of the vcenter Server system tht mnges the hosts. 5 Configure SSH nd NTP on the First Host in Region A Time synhroniztion issues n result in serious prolems with your environment. Configure NTP for eh of your hosts in the mngement nd the shred edge nd ompute lusters. Prerequisites for Instlltion of ESXi Hosts in Region A Instll nd onfigure the ESXi hosts for the mngement luster nd the shred edge nd ompute luster y using the sme proess. Before you strt: Mke sure tht you hve Windows host tht hs ess to your dt enter. You use this host to onnet to your hosts nd perform onfigurtion steps. Ensure tht routing is in ple etween the two regionl mngement networks /24 nd /24 s this will e needed to join the ommon SSO domin. You must lso prepre the instlltion files. Downlod the ESXi ISO instller. Crete ootle USB drive tht ontins the ESXi Instlltion. See "Formt USB Flsh Drive to Boot the ESXi Instlltion or Upgrde" in vsphere Instlltion nd Setup. IP Addresses, Hostnmes, nd Network Configurtion The following tles ontin ll the vlues needed to onfigure your hosts. VMwre, In. 7

8 Tle 2 1. Mngement Cluster Hosts in Region A FQDN IP Mngement VLAN Defult Gtewy NTP Server sfo01m01esx01.sfo01.rinpole.lol ntp.sfo01.rinpole.lol ntp.lx01.rinpole.lol sfo01m01esx02.sfo01.rinpole.lol ntp.sfo01.rinpole.lol ntp.lx01.rinpole.lol sfo01m01esx03.sfo01.rinpole.lol ntp.sfo01.rinpole.lol ntp.lx01.rinpole.lol sfo01m01esx04.sfo01.rinpole.lol ntp.sfo01.rinpole.lol ntp.lx01.rinpole.lol Tle 2 2. Shred Edge nd Compute Cluster Hosts in Region A FQDN IP Mngement VLAN Defult Gtewy NTP Server sfo01w01esx01.sfo01.rinpole.lol ntp.sfo01.rinpole.lol ntp.lx01.rinpole.lol sfo01w01esx02.sfo01.rinpole.lol ntp.sfo01.rinpole.lol ntp.lx01.rinpole.lol sfo01w01esx03.sfo01.rinpole.lol ntp.sfo01.rinpole.lol ntp.lx01.rinpole.lol sfo01w01esx04.sfo01.rinpole.lol ntp.sfo01.rinpole.lol ntp.lx01.rinpole.lol Instll ESXi Intertively on All Hosts in Region A Instll ll ESXi hosts for ll lusters intertively. 1 Power on the sfo01m01esx01 host in Region A. 2 Mount the USB drive ontining the ESXi ISO file, nd oot from tht USB drive. 3 On the Welome to the VMwre Instlltion sreen, press Enter to strt the instlltion. 4 On the End User Liense Agreement (EULA) sreen, press F11 to ept the EULA. 5 On the Selet Disk to Instll or Upgrde sreen, selet the USB drive or SD rd under lol storge to instll ESXi, nd press Enter to ontinue. VMwre, In. 8

9 6 Selet the keyord lyout, nd press Enter. 7 Enter the esxi_root_user_pssword, onfirm, nd press Enter. 8 On the Confirm Instll sreen, press F11 to strt the instlltion. 9 After the instlltion hs ompleted suessfully, unmount the USB drive, nd press Enter to reoot the host. 10 Repet this proedure for ll hosts in the dt enter, using the respetive vlues for eh host you onfigure. Configure the Network on All Hosts in Region A After the initil oot, use the ESXi Diret Console User Interfe (DCUI) for initil host network onfigurtion nd dministrtive ess. Perform the following tsks to onfigure the host network settings: Set network dpter (vmk0) nd VLAN ID for the Mngement Network. Set IP ddress, sunet msk, gtewy, DNS server, nd FQDN for the ESXi host. Repet this proedure for ll hosts in the mngement nd shred edge nd ompute pods. Enter the respetive vlues from the prerequisites setion for eh host tht you onfigure. See Prerequisites for Instlltion of ESXi Hosts in Region A. 1 Open the DCUI on the physil ESXi host sfo01m01esx01. Open onsole window to the host. Press F2 to enter the DCUI. Enter root s login nme, enter the esxi_root_user_pssword pssword, nd press Enter. VMwre, In. 9

10 2 Configure the network. Selet Configure Mngement Network nd press Enter. Selet VLAN (Optionl) nd press Enter. Enter 1611 s the VLAN ID for the Mngement Network nd press Enter. d e Selet IPv4 Configurtion nd press Enter. Configure IPv4 network using the following settings, nd press Enter. Set stti IPv4 ddress nd network onfigurtion Seleted IPv4 Address Sunet Msk Defult Gtewy f Selet DNS Configurtion nd press Enter. VMwre, In. 10

11 g Configure the DNS y using the following settings, nd press Enter. Use the following DNS Server ddress nd hostnme Seleted Primry DNS Server Alternte DNS Server Hostnme sfo01m01esx01.sfo01.rinpole.lol h i Selet Custom DNS Suffixes nd press Enter. Ensure there re no suffixes listed, nd press Enter. 3 After ompleting ll host network settings, press Espe to exit, nd press Y to onfirm the hnges. 4 Repet this proedure for ll hosts in the mngement nd shred edge nd ompute pods. Configure vsphere Stndrd Swith on Host in the Mngement Cluster in Region A You must perform network onfigurtion from the VMwre Host Client only for the sfo01m01esx01 host. You perform ll other host networking onfigurtion fter the deployment of the vcenter Server system tht mnges the hosts. You onfigure vsphere Stndrd Swith with two port groups: The existing virtul mhine port group. VMkernel port group. This onfigurtion provides onnetivity nd ommon network onfigurtion for virtul mhines tht reside on eh host. 1 Log in to the vsphere host using the VMwre Host Client. Open We rowser nd go to Log in using the following redentils. User nme Pssword root esxi_root_user_pssword 2 Clik OK to Join the Customer Experiene Improvement Progrm. 3 Configure VLAN for the VM Network Portgroup. In the Nvigtor, lik Networking, lik the Port Groups t, hoose the VM Network port group, nd lik Edit s. On the Edit port group - VM Network window, input 1611 for VLAN ID, nd lik OK. VMwre, In. 11

12 Configure SSH nd NTP on the First Host in Region A Time synhroniztion issues n result in serious prolems with your environment. Configure NTP for eh of your hosts in the mngement nd the shred edge nd ompute lusters. 1 Log in to the sfo01m01esx01.sfo01.rinpole.lol host using the VMwre Host Client. Open We rowser nd go to sfo01m01esx01.sfo01.rinpole.lol. User nme Pssword root esxi_root_user_pssword 2 Configure SSH options. In the Nvigtor, lik Mnge, lik the Servies t, selet the TSM-SSH servie, nd lik the Ations menu. Choose Poliy nd lik Strt nd stop with host. Clik Strt to strt the servie. 3 Configure the NTP Demon (ntpd) options. d In the Nvigtor, lik Mnge, lik the System t, lik Time & dte, nd lik Edit s. In the Edit Time onfigurtion dilog ox, selet the Use Network Time Protool (enle NTP lient) rdio utton, hnge the NTP servie strtup poliy to Strt nd stop with host, nd enter ntp.sfo01.rinpole.lol,ntp.lx01.rinpole.lol s NTP servers. Clik Sve to sve these hnges. Strt the servie y liking Ations, hover over NTP servie, nd hoose Strt. Deploy nd Configure the Pltform Servies Controller nd vcenter Server Components in Region A Deploy nd onfigure the luster omponents for oth the mngement luster nd the shred edge nd ompute luster. 1 Deploy the Externl Pltform Servies Controllers for the vcenter Server Instnes in Region A Two externl Pltform Servies Controller instnes must e deployed in Region A. One will e ssoited with the mngement luster, nd one will e ssoited with the shred edge nd ompute luster, ut they will oth elong to the sme SSO domin for Identity Mngement. Work through this proedure twie, using the vcenter Server ppline ISO file nd the ustomized dt for eh instne. VMwre, In. 12

13 2 Join the Pltform Servies Controller Instnes to Ative Diretory in Region A After you hve suessfully instlled the Pltform Servies Controller instnes, you must dd the pplines to your Ative Diretory domin. After tht, dd the Ative Diretory domin s n identity soure to vcenter Single Sign-On. When you do, users in the Ative Diretory domin re visile to vcenter Single Sign-On nd n e ssigned permissions to view or mnge SDDC omponents. This proedure will e done for the Pltform Servies Controllers for the mngement luster nd the shred edge nd ompute luster. 3 Reple the Pltform Servies Controller Certifites in Region A You reple the mhine SSL ertifite on eh Pltform Servies Controller instne in Region A with ustom ertifite tht is signed y the ertifite uthority (CA) ville on the prent Ative Diretory (AD) server. 4 Updte the Pltform Servies Controller SSO Configurtion nd Endpoints in Region A Before instlling vcenter Server, the Pltform Servies Controller endpoints must e updted to reflet the nme of the lod lners virtul IP. 5 Deploy the Mngement vcenter Server Instne in Region A You n now instll the vcenter Server ppline for the mngement pplitions nd ssign liense. 6 Set SDDC Deployment Detils on the Mngement vcenter Server in Region A Set n identity of your SDDC deployment on the Mngement vcenter Server in Region A. You n lso use this identity s lel in tools for utomted SDDC deployment. 7 Configure the Mngement Cluster in Region A You must now rete nd onfigure the mngement luster. 8 Crete vsphere Distriuted Swith for the Mngement Cluster in Region A After ll ESXi hosts hve een dded to the luster, rete vsphere Distriuted Swith to hndle the trffi of the mngement pplitions in the SDDC. You must lso rete port groups to prepre your environment to migrte the Pltform Servies Controller nd vcenter Server instnes to the distriuted swith. 9 Crete vsan Disk Groups for the Mngement Cluster in Region A vsan disk groups must e reted on eh host tht is ontriuting storge to the vsan dtstore. 10 Enle vsphere HA on the Mngement Cluster in Region A After vsphere vsphere Distriuted Swith hs een reted nd onneted with ll hosts, enle vsphere HA on the luster. 11 Chnge Advned Options on the ESXi Hosts in the Mngement Cluster in Region A Chnge the defult ESX Admins group to hieve greter levels of seurity nd enle vsan to provision the Virtul Mhine Swp files s thin to sve spe in the vsan dtstore. 12 Mount NFS Storge for the Mngement Cluster in Region A You must mount n NFS dtstore where vsphere Dt Protetion will lter e deployed. VMwre, In. 13

14 13 Crete nd Apply the Host Profile for the Mngement Cluster in Region A Host Profiles ensure ll hosts in the luster hve the sme onfigurtion. 14 Set Virtul SAN Poliy on Mngement Virtul Mhines in Region A After you pply the host profile to ll of the hosts, set the storge poliy of the mngement virtul mhines to the Virtul SAN Defult Storge Poliy. 15 Crete the VM nd Templte Folders in Region A Crete folders to group ojets of the sme type for esier mngement. 16 Crete Anti-Affinity Rules for the Pltform Servies Controller in Region A Anti-Affinity rules prevent virtul mhines from running on the sme host. This helps to mintin redundny in the event of host filures. 17 Crete VM Groups to Define Strtup Order in the Mngement Cluster in Region A VM Groups llow you to define the strtup order of virtul mhines. Strtup orders re used during vsphere HA events suh tht vsphere HA powers on virtul mhines in the orret order. Deploy the Externl Pltform Servies Controllers for the vcenter ServerInstnesin Region A Two externl Pltform Servies Controller instnes must e deployed in Region A. One will e ssoited with the mngement luster, nd one will e ssoited with the shred edge nd ompute luster, ut they will oth elong to the sme SSO domin for Identity Mngement. Work through this proedure twie, using the vcenter Server ppline ISO file nd the ustomized dt for eh instne. 1 Log in to the Windows host tht hs ess to your dt enter s n dministrtor. 2 Strt the vcenter Server Appline Instller wizrd. Browse to the vcenter Server Appline ISO file. Open the <dvd-drive>:\vs-ui-instller\win32\instller.exe pplition file. 3 Complete Stge 1 of the vcenter Server Appline Deployment wizrd. d Clik Instll to strt the instlltion. Clik Next on the Introdution pge. On the End User Liense Agreement pge, selet the I ept the terms of the liense greement hek ox, nd lik Next. On the Selet deployment type pge, lik Pltform Servies Controller nd lik Next. VMwre, In. 14

15 e On the Appline deployment trget pge, enter the following settings nd lik Next. FQDN or IP Address sfo01m01esx01.sfo01.rinpole.lol HTTPS port 443 User nme Pssword root esxi_root_user_pssword f g In the Certifite Wrning dilog ox, lik Yes to ept the host ertifite. On the Set up ppline VM pge, enter the following settings, nd lik Next. Mngement Edge/Compute VM nme sfo01m01ps01 sfo01w01ps01 Root pssword mgmtps_root_pssword ompps_root_pssword Confirm root pssword mgmtps_root_pssword ompps_root_pssword h On the Selet dtstore pge, perform the following steps, nd lik Next. Mngement Edge/Compute Selet dtstore Selet Instll on new Virtul SAN dtstore on the trget host nd lik Next Confirm t lest one Che tier nd two Cpity tier disks hve een limed Selet Enle Thin Disk Mode Selet the existing vsan dtstore Selet Enle Thin Disk Mode i On the Configure network settings pge, enter the following settings nd lik Next. Mngement Edge/Compute Network VM Network VM Network IP version IPv4 IPv4 IP ssignment stti stti System nme sfo01m01ps01.sfo01.rinpole.lol sfo01w01ps01.sfo01.rinpole.lol IP ddress Sunet msk or prefix length Defult gtewy DNS servers , , j k On the Redy to omplete stge 1 pge, review the onfigurtion nd lik Finish to strt the deployment. When the deployment ompletes, lik Continue to proeed to seond stge of the instlltion, setting up the Pltform Servies Controller Appline. VMwre, In. 15

16 4 Complete Stge 2 of the Set Up Pltform Servies Controller Appline wizrd. Clik Next on the Introdution pge. On the Appline onfigurtion pge, enter the following settings nd lik Next. Time synhroniztion mode NTP servers (omm-seprted list) SSH ess Synhronize time with NTP servers ntp.sfo01.rinpole.lol Enled On the SSO onfigurtion pge, enter the following settings, nd lik Next. Mngement Edge/Compute SSO onfigurtion Crete new SSO domin Join n existing SSO domin Pltform Servies Controller N/A sfo01m01ps01.sfo01.rinpole.lol HTTPS port N/A 443 SSO domin nme vsphere.lol vsphere.lol SSO pssword sso_pssword sso_pssword Confirm pssword sso_pssword N/A Site nme sfo01 N/A d e f g h On the SSO Site Nme pge, selet Join n existing site rdio utton, hoose sfo01 from the SSO site nme drop-down menu, nd lik Next. This pge will only pper during the deployment of the seond Pltform Servies Controller. It will not our during the initil deployment. On the Configure CEIP pge, verify tht the Join the VMwre's Customer Experiene Improvement Progrm (CEIP) hek ox is heked nd lik Next. On the Redy to omplete pge, review the onfigurtion nd lik Finish to omplete the setup. Clik OK on the Wrning. When the instlltion ompletes lik, Close. 5 Repet this proedure for eh pltform servies ontroller, using the respetive vlues for eh. VMwre, In. 16

17 Join the Pltform Servies ControllerInstnes to Ative Diretory in Region A After you hve suessfully instlled the Pltform Servies Controller instnes, you must dd the pplines to your Ative Diretory domin. After tht, dd the Ative Diretory domin s n identity soure to vcenter Single Sign-On. When you do, users in the Ative Diretory domin re visile to vcenter Single Sign-On nd n e ssigned permissions to view or mnge SDDC omponents. This proedure will e done for the Pltform Servies Controllers for the mngement luster nd the shred edge nd ompute luster. Repet this proedure twie, one for the of the mngement luster nd gin for the shred edge nd ompute luster. Pltform Servies Controller Pltform Servies Controller for the mngement luster Pltform Servies Controller for the shred edge nd ompute luster URL Log in to the dministrtion interfe of the Pltform Servies Controller for the mngement luster. Open We rowser nd go to Clik the link for Pltform Servies Controller we interfe. Log in using the following redentils. User nme Pssword dministrtor@vsphere.lol vsphere_dmin_pssword 2 Add the mngement Pltform Servies Controller instne to the Ative Diretory domin. In the Nvigtor, lik Appline s, lik the Mnge t, nd lik Join. In the Join Ative Diretory Domin dilog ox, enter the following settings nd lik OK. Domin User nme Pssword sfo01.rinpole.lol d_dmin_t@sfo01.rinpole.lol d_dmin_pssword VMwre, In. 17

18 3 Reoot the Pltform Servies Controller instne to pply the hnges. Clik the Appline settings t, nd lik the VMwre Pltform Servies Appline link. Log in to the VMwre vsphere Appline Mngement interfe with the following redentils. User nme Pssword root ps_root_pssword d e On the Summry pge, lik Reoot. In the System Reoot dilog ox, lik Yes. Wit for the reoot proess to finish. 4 After the reoot proess ompletes, log in to gin using the following redentils. User nme Pssword dministrtor@vsphere.lol vsphere_dmin_pssword 5 Verify tht the Pltform Servies Controller hs suessfully joined the domin, lik Appline s nd lik the Mnge t. 6 Repet steps 1 through 5 of this proedure for the Pltform Servies Controller for the shred edge nd ompute luster. 7 Add Ative Diretory s vcenter Single Sign-On identity soure for the mngement luster. Note This step should only e performed on the Pltform Servies Controller for the mngement luster. Do not repet this step when joining the shred edge nd ompute Pltform Servies Controller to Ative Diretory. In the Nvigtor, lik Configurtion nd lik the Identity Soures t. Clik the Add ion to dd new identity soure. In the Add Identity Soure dilog ox, selet the following settings nd lik OK. Identity soure type Domin nme Use mhine ount Ative Diretory (Integrted Windows Authentition) SFO01.RAINPOLE.LOCAL Seleted d e Under Identity Soures, selet the rinpole.lol identity soure nd lik Set s Defult Domin to mke rinpole.lol the defult domin. In the onfirmtion dilog ox, lik Yes. VMwre, In. 18

19 Reple the Pltform Servies Controller Certifites in Region A You reple the mhine SSL ertifite on eh Pltform Servies Controller instne in Region A with ustom ertifite tht is signed y the ertifite uthority (CA) ville on the prent Ative Diretory (AD) server. You must repet this proedure twie: first on the Pltform Servies Controller sfo01m01ps01.sfo01.rinpole.lol, nd then on the Pltform Servies Controller sfo01w01ps01.sfo01.rinpole.lol. Tle 2 3. Certifite-Relted Files on Pltform Servies Controller Instnes Pltform Servies Controller Certifite File Nme Replement Order sfo01m01ps01.sfo01.rinpole.lol sfo01ps01.1.er sfo01ps01.key First Root64.er sfo01w01ps01.sfo01.rinpole.lol sfo01ps01.1.er sfo01ps01.key Seond Root64.er Prerequisites CA-signed ertifite files generted y using VMwre Vlidted Design Certifite Genertion Utility (CertGenVVD). See the VMwre Vlidted Design Plnning nd Preprtion doumenttion. A Windows host with n SSH terminl ess softwre suh s PuTTY nd n sp softwre suh s WinSCP instlled. 1 Chnge the Pltform Servies Controller ommnd shell to the Bsh shell to llow seure opy (sp) onnetions. Open n SSH onnetion to sfo01m01ps01.sfo01.rinpole.lol nd log in using the following redentils. Usernme Pssword root mgmtps_root_pssword Run the following ommnd to enle Bsh shell ess for the root user. shell hsh -s "/in/sh" root VMwre, In. 19

20 2 Copy the generted ertifites to the Pltform Servies Controller. Run the following ommnd to rete new temporry folder. mkdir -p /root/erts Copy the ertifite files sfo01ps01.1.er, sfo01ps01.key nd Root64.er to the /root/erts folder. You n use n sp softwre like WinSCP. 3 Reple the ertifite on the Pltform Servies Controller. Strt the vsphere Certifite Mnger utility on the Pltform Servies Controller. /usr/li/vmwre-vm/in/ertifite-mnger d e f g Selet Option 1 (Reple Mhine SSL ertifite with Custom Certifite). Enter the defult vcenter Single Sign-On user nme dministrtor@vsphere.lol nd the vsphere_dmin pssword. Selet Option 2 (Import ustom ertifite(s) nd key(s) to reple existing Mhine SSL ertifite). When prompted for the ustom ertifite, enter /root/erts/sfo01ps01.1.er. When prompted for the ustom key, enter /root/erts/sfo01ps01.key. When prompted for the signing ertifite, enter /root/erts/root64.er. h When prompted to Continue opertion, enter Y. i The Pltform Servies Controller servies restrts utomtilly. 4 After Certifite Mnger reples the ertifites, run the following ommnds to restrt the vmilighttp servie nd to remove ertifite files. servie vmi-lighttp restrt d /root/erts rm sfo01ps01.1.er sfo01ps01.key Root64.er 5 Repet the proedure to reple the ertifite on sfo01w01ps01.sfo01.rinpole.lol. Updte the Pltform Servies Controller SSO Configurtion nd Endpoints in Region A Before instlling vcenter Server, the Pltform Servies Controller endpoints must e updted to reflet the nme of the lod lners virtul IP. VMwre, In. 20

21 Prerequisites Prior to ompleting this proedure, DNS reord must e reted for the lod lner's virtul IP ddress nd FQDN. This A reord will temporrily e set to the IP ddress of the Mngement PSC (sfo01m01ps01.sfo01.rinpole.lol) nd will e djusted to the proper ddress fter the lod lner is ompletely onfigured. 1 Crete DNS reord for the lod lner FQDN. Open remote desktop onnetion to your DNS server. Crete DNS A reord with the vlues shown in the following tle. FQDN IP sfo01ps01.sfo01.rinpole.lol Updte the Pltform Servies Controller SSO onfigurtion on sfo01m01ps01.sfo01.rinpole.lol. Open n SSH onnetion to sfo01m01ps01.sfo01.rinpole.lol. Log in using the following redentils. User nme Pssword root mgmtps_root_pssword d Enter d /usr/li/vmwre-sso/in/ nd press Enter. Enter python updtessoconfig.py --l-fqdn=sfo01ps01.sfo01.rinpole.lol nd press Enter. 3 Updte the Pltform Servies Controller SSO onfigurtion on sfo01w01ps01.sfo01.rinpole.lol. Open n SSH onnetion to sfo01w01ps01.sfo01.rinpole.lol. Log in using the following redentils. User nme Pssword root ompps_root_pssword VMwre, In. 21

22 d Enter d /usr/li/vmwre-sso/in/nd press Enter. Enter python updtessoconfig.py --l-fqdn=sfo01ps01.sfo01.rinpole.lol nd press Enter. 4 Updte the Pltform Servies Controller endpoints. Only perform this proedure on one of the Pltform Servies Controllers. Open n SSH onnetion to sfo01m01ps01.sfo01.rinpole.lol. Log in using the following redentils. User nme Pssword root mgmtps_root_pssword d e Enter d /usr/li/vmwre-sso/in/ nd press Enter. Enter python UpdteLsEndpoint.py l-fqdn=sfo01ps01.sfo01.rinpole.lol -- user=administrtor@vsphere.lol nd press Enter. Enter the vsphere_dmin_pssword when prompted. Deploy the Mngement vcenter Server Instne in Region A You n now instll the vcenter Server ppline for the mngement pplitions nd ssign liense. 1 Strt the vcenter Server Appline Deployment wizrd. Browse to the vcenter Server Appline ISO file. Open the <dvd-drive>:\vs-ui-instller\win32\instller pplition file. VMwre, In. 22

23 2 Complete the vcenter Server Appline Deployment wizrd. d e Clik Instll to strt the instlltion. Clik Next on the Introdution pge. On the End User Liense Agreement pge, selet the I ept the terms of the liense greement hek ox nd lik Next. On the Selet deployment type pge, under Externl Pltform Servies Controller, selet the vcenter Server (Requires Externl Pltform Servies Controller) rdio utton nd lik Next. On the Appline deployment trget pge, enter the following settings nd lik Next. ESXi host or vcenter Server nme sfo01m01esx01.sfo01.rinpole.lol HTTPS port 443 User nme Pssword root esxi_root_user_pssword f g In the Certifite Wrning dilog ox, lik Yes to ept the host ertifite. On the Set up ppline VM pge, enter the following settings nd lik Next. VM nme Root pssword Confirm root pssword sfo01m01v01 mgmtv_root_pssword mgmtv_root_pssword h i j On the Selet deployment size pge, selet Smll vcenter Server nd lik Next. On the Selet dtstore pge, selet the vsndtstore dtstore, selet the Enle Thin Disk Mode hek ox, enter sfo01-m01d for the Dtenter Nme, sfo01-m01-mgmt01 for the Cluster Nme, nd lik Next. On the Configure network settings pge, enter the following settings nd lik Next. Network IP version IP ssignment System nme VM Network IPv4 stti sfo01m01v01.sfo01.rinpole.lol IP ddress Sunet msk or prefix length Defult gtewy DNS servers , VMwre, In. 23

24 k l On the Redy to omplete stge 1 pge, review the onfigurtion nd lik Finish to strt the deployment. One the deployment ompletes, lik Continue to proeed to stge 2 of the instlltion. 3 Complete the Instll - Stge 2: Set Up vcenter Server Appline wizrd. Clik Next on the Introdution pge. On the Appline onfigurtion pge, enter the following settings nd lik Next. Time synhroniztion mode NTP servers (omm-seprted list) SSH ess Synhronize time with NTP servers ntp.sfo01.rinpole.lol Enled On the SSO onfigurtion pge, enter the following settings nd lik Next. Pltform Servies Controller sfo01ps01.sfo01.rinpole.lol HTTPS port 443 SSO domin nme SSO pssword vsphere.lol sso_pssword d e f On the Redy to Complete pge, review your entries nd lik Finish. Clik OK on the Wrning dilog. On the Complete pge, lik Close. 4 Add new lienses for this vcenter Server instne nd the mngement luster ESXi hosts. Open We rowser nd go to Log in using the following redentils. User nme Pssword dministrtor@vsphere.lol vsphere_dmin_pssword d e f g On the Home pge of the vsphere We Client, lik Liensing under Administrtion, nd lik the Liense t. Clik the Crete New Lienses ion to dd liense keys. On the Enter liense keys pge, enter liense keys for vcenter Server, ESXi nd vsan, one per line, nd lik Next. On the Edit liense nme pge, enter desriptive nme for eh liense key nd lik Next. On the Redy to omplete pge, review your entries nd lik Finish. VMwre, In. 24

25 5 Assign the newly dded lienses to the vcenter Server sset. Clik the Assets t. Selet the vcenter Server instne, nd lik the Assign Liense ion. Selet the vcenter Server liense tht you entered in the previous step, nd lik OK. 6 Assign the vcenteradmins domin group to the vcenter Server Administrtor role. d e f g h In the Nvigtor, lik Administrtion. In the Administrtion window, lik Glol Permissions, nd selet the Mnge t. In the Glol Permissions ox, lik the Add permission ion. In the Glol Permissions Root - Add Permissions window, lik the Add utton. Selet sfo01.rinpole.lol from the Domin drop down list. Enter vcenteradmins in the Serh field nd press Enter. Selet the vcenteradmins group, lik the Add utton, nd then lik OK. Ensure Administrtor is seleted nd the Propgte to hildren hek ox is seleted under Assigned Role nd lik OK. Set SDDC Deployment Detils on the Mngement vcenter Server in Region A Set n identity of your SDDC deployment on the Mngement vcenter Server in Region A. You n lso use this identity s lel in tools for utomted SDDC deployment. 1 Log in to vcenter Server y using the vsphere We Client. Open We rowser nd go to Log in using the following redentils. User nme Pssword dministrtor@vsphere.lol vsphere_dmin_pssword 2 From the Home menu of the vsphere We Client, selet Glol Inventory Lists. 3 In the Nvigtor, lik vcenter Servers under Resoures. 4 Clik the sfo01m01v01.sfo01.rinpole.lol vcenter Server ojet nd lik the Configure t in the entrl pne. 5 Under the s pne, lik Advned s nd lik the Edit utton. VMwre, In. 25

26 6 In the Edit Advned vcenter Server s dilog ox, set the following vlue pirs one y one, liking Add fter eh entry. Nme onfig.sddc.deployed.type onfig.sddc.deployed.flvor VVD Stndrd onfig.sddc.deployed.version onfig.sddc.deployed.method DIY 7 Clik OK to lose the window. Configure the Mngement Cluster in Region A You must now rete nd onfigure the mngement luster. This proess onsists of the following tions: Enling vsphere DRS. Evling Enhned vmotion Comptility. Adding the hosts to the luster. Adding host to the tive diretory domin. Renming the vsan dtstore. 1 Log in to the Mngement vcenter Server y using the vsphere We Client. Open We rowser nd go to Log in using the following redentils. User nme Pssword dministrtor@vsphere.lol vsphere_dmin_pssword 2 Enle vsphere DRS. d Expnd the sfo01-m01d Dtenter ojet. Clik the sfo01-m01-mgmt01 luster ojet then lik the Configure t. Selet the vsphere DRS pge, nd lik Edit. Selet the Turn On vsphere DRS hekox then lik OK. VMwre, In. 26

27 3 Enle VMwre EVC. Selet the VMwre EVC pge, nd lik Edit. Set EVC mode to the highest ville setting supported for the hosts in the luster, nd lik OK. 4 Add host to the mngement luster. Right-lik the sfo01-m01-mgmt01 luster, nd lik Add Host. On the Nme nd lotion pge, enter sfo01m01esx02.sfo01.rinpole.lol in the Host nme or IP ddress text ox nd lik Next. On the Connetion settings pge, enter the following redentils nd lik Next. User nme Pssword root esxi_root_user_pssword d e f g h i In the Seurity Alert dilog, lik Yes. On the Host summry pge, review the host informtion nd lik Next. On the Assign liense pge, selet the ESXi liense key tht you entered during the vcenter Server deployment nd lik Next. On the Lokdown mode pge, lik Next. On the Resoure pool pge, lik Next. On the Redy to omplete pge, review your entries nd lik Finish. 5 Repet the previous step for the two remining hosts to dd them to the mngement luster. Host 3 Host 4 sfo01m01esx03.sfo01.rinpole.lol sfo01m01esx04.sfo01.rinpole.lol 6 Add n ESXi host to the tive diretory domin d In the Nvigtor, lik Hosts nd Clusters nd expnd the entire sfo01m01v01.sfo01.rinpole.lol tree. Selet the sfo01m01esx01.sfo01.rinpole.lol host. Clik the Configure t. Under System, selet Authentition Servies. VMwre, In. 27

28 e f In the Authentition Servies pnel, lik the Join Domin utton. In the Join Domin dilog, enter the following settings nd lik OK. Domin Using redentils User nme Pssword sfo01.rinpole.lol Seleted d_dmin_t@sfo01.rinpole.lol d_dmin_pssword 7 Set the Ative Diretory Servie to Strt nd stop with host. d e f In the Nvigtor, lik Hosts nd Clusters nd expnd the entire sfo01m01v01.sfo01.rinpole.lol tree. Selet the sfo01m01esx01.sfo01.rinpole.lol host. Clik the Configure t. Under System, selet Seurity Profile. Clik the Edit utton next to Servies. Selet the Ative Diretory Servie nd hnge the Strtup Poliy to Strt nd stop with host nd lik OK. 8 Renme the vsan dtstore. In the Nvigtor, lik Storge nd expnd the entire sfo01m01v01.sfo01.rinpole.lol tree. Selet vsndtstore, nd selet Ations > Renme. In the Dtstore - Renme dilog, enter sfo01-m01-vsn01 s the dtstore nme, nd lik OK. Crete vsphere Distriuted Swith for the Mngement Cluster in Region A After ll ESXi hosts hve een dded to the luster, rete vsphere Distriuted Swith to hndle the trffi of the mngement pplitions in the SDDC. You must lso rete port groups to prepre your environment to migrte the Pltform Servies Controller nd vcenter Server instnes to the distriuted swith. VMwre, In. 28

29 1 Log in to the Mngement vcenter Server y using the vsphere We Client. Open We rowser nd go to Log in using the following redentils. User nme Pssword dministrtor@vsphere.lol vsphere_dmin_pssword 2 Crete vsphere Distriuted Virtul Swith. d e In the Nvigtor, lik Networking nd expnd the sfo01m01v01.sfo01.rinpole.lol tree. Right-lik the sfo01-m01d dtenter, nd selet Distriuted Swith > New Distriuted Swith to strt the New Distriuted Swith wizrd. On the Nme nd lotion pge, enter sfo01-m01-vds01 s the nme nd lik Next. On the Selet version pge, ensure the Distriuted swith: rdio utton is seleted nd lik Next. On the Edit settings pge, enter the following vlues nd lik Next. Numer of uplinks 2 Network I/O Control Crete defult port group Enled Deseleted f On the Redy to omplete pge, review your entries nd lik Finish. 3 Edit the settings of the sfo01-m01-vds01 distriuted swith. Right-lik the sfo01-m01-vds01 distriuted swith, nd selet s > Edit s. Clik the Advned t. Enter 9000 s MTU (Bytes) vlue, nd lik OK. VMwre, In. 29

30 4 Crete port groups in the sfo01-m01-vds01 distriuted swith for the mngement trffi types. Right-lik the sfo01-m01-vds01 distriuted swith, nd selet Distriuted Port Group > New Distriuted Port Group. Crete port groups with the following settings nd lik Next. Port Group Nme Port Binding VLAN Type VLAN ID sfo01-m01-vds01-mngement Ephemerl - no inding VLAN 1611 sfo01-m01-vds01-vmotion Stti inding VLAN 1612 sfo01-m01-vds01-vsn Stti inding VLAN 1613 sfo01-m01-vds01-nfs Stti inding VLAN 1615 sfo01-m01-vds01-replition Stti inding VLAN 1616 sfo01-m01-vds01-ext-mngement Stti inding VLAN 130 sfo01-m01-vds01-uplink01 Stti inding VLAN 2711 sfo01-m01-vds01-uplink02 Stti inding VLAN 2712 Note The port group for VXLAN trffi is utomtilly reted lter during the onfigurtion of the NSX Mnger for the mngement luster. d On the Redy to omplete pge, review your entries, nd lik Finish. Repet this step for eh port group. 5 Chnge the port groups to use the Route Bsed on Physil NIC Lod teming lgorithm. Right-lik the sfo01-m01-vds01 distriuted swith nd selet Distriuted Port Group > Mnge Distriuted Port Groups. d e On the Selet port group poliies pge, selet Teming nd filover nd lik Next. Clik the Selet distriuted port groups utton, dd ll port groups exept sfo01-m01-vds01- uplink01 nd sfo01-m01-vds01-uplink02, lik OK nd lik Next. On the Teming nd filover pge, selet Route sed on physil NIC lod from the Lod lning drop-down menu nd lik Next. Clik Finish. 6 Configure the uplinks for the sfo01-m01-vds01-uplink01 nd sfo01-m01-vds01-uplink02 port groups. d e f Right lik the sfo01-m01-vds01-uplink01 port group, nd lik Edit s. Selet Teming nd Filover. Move dvuplink2 to Unused uplinks nd lik OK. Right lik the sfo01-m01-vds01-uplink02 port group, nd lik Edit s. Selet Teming nd Filover. Move dvuplink1 to Unused uplinks nd lik OK. VMwre, In. 30

31 7 Connet the ESXi host, sfo01m01esx01.sfo01.rinpole.lol, to the sfo01-m01-vds01 distriuted swith y migrting their VMkernel nd virtul mhine network dpters. d e f g h i Right-lik the sfo01-m01-vds01 distriuted swith, nd lik Add nd Mnge Hosts. On the Selet tsk pge, selet Add hosts nd lik Next. On the Selet hosts pge, lik New hosts. In the Selet new hosts dilog ox, selet sfo01m01esx01.sfo01.rinpole.lol nd lik OK. On the Selet hosts pge, lik Next. On the Selet network dpter tsks pge, ensure tht Mnge physil dpters nd Mnge VMkernel dpters hek oxes re seleted, nd lik Next. On the Mnge physil network dpters pge, lik vmni1 nd lik Assign uplink. In the Selet n Uplink for vmni1 dilog, selet Uplink 1 nd lik OK. On the Mnge physil network dpters pge, lik Next. 8 Configure the VMkernel network dpters, edit the existing, nd dd new dpters s needed. d e f g h On the Mnge VMkernel network dpters pge, lik vmk0 nd lik Assign port group. Selet sfo01-m01-vds01-mngement nd lik OK. On the Mnge VMkernel network dpters pge, lik On this swith nd lik New dpter. On the Add Networking pge, selet Selet n existing network, rowse to selet the sfo01- m01-vds01-vsn port group, lik OK, nd lik Next. On the Port properties pge, selet the vsan hek ox nd lik Next. On the IPv4 settings pge, selet Use stti IPv4 settings, enter IP ddress , enter sunet , nd lik Next. Clik Finish. Repet steps f. to rete the remining VMkernel network dpters nd then lik Next. Port Group Port Properties IPv4 Address Netmsk sfo01-m01-vds01-replition vsphere Replition vsphere Replition NFC sfo01-m01-vds01-nfs N/A i j On the Anlyze impt pge, lik Next. On the Redy to omplete pge, review your entries nd lik Finish. 9 Crete the vmotion VMkernel dpter. In the Nvigtor, lik Host nd Clusters nd expnd the sfo01m01v01.sfo01.rinpole.lol tree. Clik on sfo01m01esx01.sfo01.rinpole.lol. VMwre, In. 31

32 d e f g h Clik the Configure t then selet VMkernel dpters. Clik the Add host networking ion nd selet VMkernel Network Adpter nd lik Next. On the Add Networking pge, lik Selet n existing network, rowse to selet the sfo01- m01-vds01-vmotion port group, lik OK, nd lik Next. On the Port properties pge, selet vmotion from the TCP/IP Stk drop-down nd lik Next. On the IPv4 settings selet Use stti IPv4 settings enter IP ddress , enter sunet , nd lik Next. On the Redy to omplete pge, review the onfigurtion nd lik Finish. 10 Configure the MTU on the vmotion VMkernel dpter. Selet the vmotion VMkernel dpter reted in the previous step, nd lik Edit s. Clik the NIC s pge. Enter 9000 for the MTU vlue nd lik OK. 11 Configure the vmotion TCP/IP stk. Clik TCP/IP onfigurtion. Selet vmotion nd lik the Edit TCP/IP stk onfigurtion ion. Clik on Routing nd enter for the VMkernel gtewy nd lik OK. 12 Migrte the Pltform Servies Controllers nd vcenter Server instnes from the stndrd swith to the distriuted swith. In the Nvigtor, lik Networking nd expnd the sfo01m01v01.sfo01.rinpole.lol tree. Right-lik the sfo01-m01-vds01 distriuted swith nd lik Migrte VM to Another Network. On the Selet soure nd destintion networks pge, rowse the following networks nd lik Next. Soure network Destintion network VM Network sfo01-m01-vds01-mngement d e On the Selet VMs to migrte pge, selet sfo01m01ps01.sfo01.rinpole.lol, sfo01w01ps01.sfo01.rinpole.lol nd sfo01m01v01.sfo01.rinpole.lol, nd lik Next. On the Redy to omplete pge, review your entries nd lik Finish. VMwre, In. 32

33 13 Define Network I/O Control shres for the different trffi types on the sfo01-m01-vds01 distriuted swith. Clik the sfo01-m01-vds01 distriuted swith, lik the Configure t, nd lik Resoure Allotion > System trffi. Under System Trffi, onfigure eh of the following trffi types with the following vlues. Trffi Type Virtul SAN Trffi NFS Trffi vmotion Trffi vsphere Replition (VR) Trffi Mngement Trffi vsphere Dt Protetion Bkup Trffi Virtul Mhine Trffi Fult Tolerne Trffi iscsi Trffi Physil dpter Shres High Low Low Low Norml Low High Low Low 14 Migrte the lst physil dpter from the stndrd swith to the sfo01-m01-vds01 distriuted swith. d e f g h i j In the Nvigtor, lik Networking nd expnd the sfo01m01v01.sfo01.rinpole.lol tree. Right-lik the sfo01-m01-vds01 distriuted swith nd selet Add nd Mnge Hosts. On the Selet tsk pge, selet Mnge host networking, nd lik Next. On the Selet hosts pge, lik Atthed hosts. In the Selet memer hosts dilog, selet sfo01m01esx01.sfo01.rinpole.lol, lik OK nd lik Next. On the Selet network dpter tsks pge, selet Mnge physil dpters only, nd lik Next. On the Mnge physil network dpters pge, selet vmni0, nd lik Assign uplink. In the Selet n Uplink for vmni1 dilog ox, selet Uplink 2, nd lik OK, nd lik Next. On the Anlyze Impt pge, lik Next. On the Redy to omplete pge, lik Finish. 15 Enle vsphere Distriuted Swith Helth Chek. d In the Nvigtor, lik Networking nd expnd the sfo01m01v01.sfo01.rinpole.lol tree. Selet the sfo01-m01-vds01 distriuted swith nd lik the Configure t. In the Nvigtor selet Helth hek nd lik the Edit utton. Selet Enled for VLAN nd MTU nd Teming nd filover nd lik OK. VMwre, In. 33

34 16 Delete the vsphere Stndrd Swith. d In the Nvigtor, lik on Hosts nd Clusters nd expnd the sfo01m01v01.sfo01.rinpole.lol tree. Clik on sfo01m01esx01.sfo01.rinpole.lol nd then lik the Configure t. On the Configure pge, selet Virtul swithes, hoose vswith0, nd then lik on the Remove seleted stndrd swith ion. In the Remove Stndrd Swith dilog, lik Yes to onfirm the removl. Crete vsan Disk Groups for the Mngement Cluster in Region A vsan disk groups must e reted on eh host tht is ontriuting storge to the vsan dtstore. 1 Log in to the Mngement vcenter Server y using the vsphere We Client. Open We rowser nd go to Log in using the following redentils. User nme Pssword dministrtor@vsphere.lol vsphere_dmin_pssword 2 In the Nvigtor, selet Hosts nd Clusters nd expnd the sfo01m01v01.sfo01.rinpole.lol tree. 3 Clik on the sfo01-m01-mgmt01 luster nd lik the Configure t. 4 Under vsan, lik Disk Mngement. 5 Clik on sfo01m01esx02.sfo01.rinpole.lol nd lik on the Crete New Disk Group utton. 6 In the Crete Disk Group window, selet flsh disk for the he tier, two hrd disk drives for the pity tier nd lik OK. 7 Repet steps 5 nd 6 for sfo01m01esx03.sfo01.rinpole.lol nd sfo01m01esx04.sfo01.rinpole.lol. 8 Assign liense to vsan. Right Clik the sfo01-m01-mgmt01 luster nd selet Assign Liense. In the sfo01-m01-mgmt01 - Assign Liense window selet the previously dded Virtul SAN Liense nd lik OK. VMwre, In. 34

35 Enle vsphere HA on the Mngement Cluster in Region A After vsphere vsphere Distriuted Swith hs een reted nd onneted with ll hosts, enle vsphere HA on the luster. 1 Log in to the Mngement vcenter Server y using the vsphere We Client. Open We rowser nd go to Log in using the following redentils. User nme Pssword dministrtor@vsphere.lol vsphere_dmin_pssword 2 In the Nvigtor, lik Host nd Clusters nd expnd the sfo01m01v01.sfo01.rinpole.lol tree. 3 Selet the sfo01-m01-mgmt01 luster. 4 Clik the Configure t nd lik vsphere Avilility. 5 Clik Edit. 6 In the sfo01-m01-mgmt01 - Edit Cluster s dilog, selet the Turn on vsphere HA hek ox. 7 Clik Filures nd Responses, selet the following vlues: Enle Host Monitoring Host Filure Response Response for Host Isoltion Dtstore with PDL Dtstore with APD VM Monitoring Seleted Restrt VMs Power off nd restrt VMs Disled Disled VM Monitoring Only 8 Clik Admission Control, nd enter the following settings. Host filures luster tolertes 1 Define host filover pity y Override lulted filover pity Cluster resoure perentge Deseleted Performne degrdtion VMs tolerte 100% VMwre, In. 35

36 9 Clik OK. Note When you enle vsphere HA, the opertion fils on hosts 2,3, nd 4. This is expeted ehvior, networking is onfigured during host profile steps setup. Chnge Advned Options on the ESXi Hosts in the Mngement Cluster in Region A Chnge the defult ESX Admins group to hieve greter levels of seurity nd enle vsan to provision the Virtul Mhine Swp files s thin to sve spe in the vsan dtstore. 1 Log in to the Mngement vcenter Server y using the vsphere We Client. Open We rowser nd go to Log in using the following redentils. User nme Pssword dministrtor@vsphere.lol vsphere_dmin_pssword 2 Chnge the defult ESX Admins group. d e f In the Nvigtor, lik Hosts nd Clusters nd expnd the entire sfo01m01v01.sfo01.rinpole.lol tree. Selet the sfo01m01esx01.sfo01.rinpole.lol host. Clik the Configure t, lik System > Advned System s. Clik the Edit utton. In the filter ox, enter esxadmins nd wit for the serh results. Chnge the vlue of Config.HostAgent.plugins.hostsv.esxAdminsGroup to SDDC-Admins nd lik OK. 3 Provision Virtul Mhine swp files on vsan s thin. d e f In the Nvigtor, lik Hosts nd Clusters nd expnd the entire sfo01m01v01.sfo01.rinpole.lol tree Selet the sfo01m01esx01.sfo01.rinpole.lol host. Clik the Configure t, lik System > Advned System s. Clik the Edit utton. In the filter ox, enter vsn.swp nd wit for the serh results. Chnge the vlue of VSAN.SwpThikProvisionDisled to 1 nd lik OK. VMwre, In. 36

37 4 Disle the SSH wrning nner. d e f In the Nvigtor, lik Hosts nd Clusters nd expnd the entire sfo01m01v01.sfo01.rinpole.lol tree Selet the sfo01m01esx01.sfo01.rinpole.lol host. Clik the Configure t, lik System > Advned System s. Clik the Edit utton. In the filter ox, enter ssh nd wit for the serh results. Chnge the vlue of UserVrs.SuppressShellWrning to 1 nd lik OK. Mount NFS Storge for the Mngement Cluster in Region A You must mount n NFS dtstore where vsphere Dt Protetion will lter e deployed. 1 Log in to the Mngement vcenter Server y using the vsphere We Client. Open We rowser nd go to Log in using the following redentils. User nme Pssword dministrtor@vsphere.lol vsphere_dmin_pssword 2 In the Nvigtor, lik Host nd Clusters nd expnd the sfo01m01v01.sfo01.rinpole.lol tree. 3 Clik on sfo01m01esx01.sfo01.rinpole.lol. 4 Clik on Dtstores. 5 Clik the Crete New Dtstore ion. 6 On the Type pge, selet NFS nd lik Next. 7 On the Selet NFS version pge, selet NFS 3 nd lik Next. 8 On the Nme nd onfigurtion pge, enter the following dtstore informtion nd lik Next. Dtstore Nme Folder sfo01-m01-vdp01 /V2D_vDP_MgmtA_6TB Server On the Redy to omplete pge, review the onfigurtion nd lik Finish. VMwre, In. 37

38 Crete nd Apply the Host Profile for the Mngement Cluster in Region A Host Profiles ensure ll hosts in the luster hve the sme onfigurtion. 1 Log in to the Mngement vcenter Server y using the vsphere We Client. Open We rowser nd go to Log in using the following redentils. User nme Pssword dministrtor@vsphere.lol vsphere_dmin_pssword 2 Crete Host Profile from sfo01m01esx01.sfo01.rinpole.lol. d In the Nvigtor, selet Hosts nd Clusters nd expnd the sfo01m01v01.sfo01.rinpole.lol tree. Right-lik sfo01m01esx01.sfo01.rinpole.lol nd hoose Host Profiles > Extrt Host Profile. In the Extrt Host Profile window, enter sfo01-m01hp-mgmt01 s the nme of the host profile nd lik Next. On the Redy to omplete pge, lik Finish. 3 Atth the Host Profile to the mngement luster. In the Nvigtor, selet Hosts nd Clusters nd expnd the sfo01m01v01.sfo01.rinpole.lol tree. Right-lik the sfo01-m01-mgmt01 luster, nd hoose Host Profiles > Atth Host Profile. In the Atth Host Profile window, lik sfo01-m01hp-mgmt01, selet the Skip Host Customiztion ox, nd lik Finish. 4 Crete Host Customiztions for the hosts in the mngement luster. d e Clik on the Home ion nd hoose Poliies nd Profiles from the drop down menu. In the Nvigtor, lik Host Profiles. Right-lik sfo01-m01hp-mgmt01 nd hoose Export Host Customiztions. Clik Sve. Choose sfe ple to store the sfo01-m01hp-mgmt01_host_ustomiztions.sv tht is generted. Open the file with Exel. VMwre, In. 38

39 f Edit the Exel file to inlude the following vlues. NetStk Instne ESXi Host Ative Diretory Configurtion Pssword Ative Diretory Configurtion Usernme defulttpipstk- >DNS onfigurtion Nme for this host NetStk Instne vmotion->dns onfigurtion sfo01m01esx01.sfo01.rinpole.lol d_dmin_pssword sfo01m01esx01 sfo01m01esx0 sfo01m01esx02.sfo01.rinpole.lol d_dmin_pssword sfo01m01esx02 sfo01m01esx0 sfo01m01esx03.sfo01.rinpole.lol d_dmin_pssword sfo01m01esx03 sfo01m01esx0 sfo01m01esx04.sfo01.rinpole.lol d_dmin_pssword sfo01m01esx04 sfo01m01esx0 ESXi Host Host virtul NIC sfo01-m01- vds01:sfo01-m01-vds01- mngement:mngement->ip ddress settings Host IPv4 ddress Host virtul NIC sfo01-m01- vds01:sfo01-m01-vds01- mngement:mngement->ip ddress settings SunetMsk sfo01m01esx01.sfo01.rinpole.lol sfo01m01esx02.sfo01.rinpole.lol sfo01m01esx03.sfo01.rinpole.lol sfo01m01esx04.sfo01.rinpole.lol ESXi Host Host virtul NIC sfo01-m01- vds01:sfo01-m01-vds01- nfs:<unresolved>->ip ddress settings Host IPv4 ddress Host virtul NIC sfo01-m01- vds01:sfo01-m01-vds01- nfs:<unresolved>->ip ddress settings SunetMsk sfo01m01esx01.sfo01.rinpole.lol sfo01m01esx02.sfo01.rinpole.lol sfo01m01esx03.sfo01.rinpole.lol sfo01m01esx04.sfo01.rinpole.lol ESXi Host Host virtul NIC sfo01-m01-vds01:sfo01-m01-vds01- replition:vspherereplition,vspherereplitionnfc- >IP ddress settings Host IPv4 ddress Host virtul NIC sfo01-m01-vds01:s replition:vspherereplition,vsp >IP ddress settings SunetMsk sfo01m01esx01.sfo01.rinpole.lol sfo01m01esx02.sfo01.rinpole.lol sfo01m01esx03.sfo01.rinpole.lol sfo01m01esx04.sfo01.rinpole.lol ESXi Host Host virtul NIC sfo01-m01- vds01:sfo01-m01-vds01-vsn:vsn- >IP ddress settings Host IPv4 ddress Host virtul NIC sfo01-m01- vds01:sfo01-m01-vds01-vsn:vsn- >IP ddress settings SunetMsk sfo01m01esx01.sfo01.rinpole.lol sfo01m01esx02.sfo01.rinpole.lol VMwre, In. 39

40 ESXi Host Host virtul NIC sfo01-m01- vds01:sfo01-m01-vds01-vsn:vsn- >IP ddress settings Host IPv4 ddress Host virtul NIC sfo01-m01- vds01:sfo01-m01-vds01-vsn:vsn- >IP ddress settings SunetMsk sfo01m01esx03.sfo01.rinpole.lol sfo01m01esx04.sfo01.rinpole.lol ESXi Host Host virtul NIC sfo01-m01- vds01:sfo01-m01-vds01- vmotion:vmotion->ip ddress settings Host IPv4 ddress Host virtul NIC sfo01-m01- vds01:sfo01-m01-vds01- vmotion:vmotion->ip ddress settings SunetMsk sfo01m01esx01.sfo01.rinpole.lol sfo01m01esx02.sfo01.rinpole.lol sfo01m01esx03.sfo01.rinpole.lol sfo01m01esx04.sfo01.rinpole.lol g h i j k When you hve updted the Exel file, sve it in the CSV file formt nd lose Exel. Clik the Configure t. Clik the Edit Host Customiztions utton. On the Selet hosts pge, lik Next. On the Customize hosts pge, lik the Browse utton to find the ustomiztion CSV file where it ws stored, nd then lik Finish. 5 Remedite the hosts in the mngement luster. On the Poliies nd Profiles pge, lik sfo01-m01hp-mgmt01, lik the Monitor t, nd then lik the Compline t. Clik sfo01-m01-mgmt01 in the Host/Cluster olumn nd lik Chek Host Profile Compline. This ompline test will show tht the first host is Complint, ut the other hosts re Not Complint. Clik on eh of the non-omplint hosts, lik Remedite Hosts Bsed on its Host Profile, nd then lik Finish on the wizrd tht ppers. All hosts should show Complint sttus in the Host Compline olumn. 6 Shedule nightly ompline heks. d On the Poliies nd Profiles pge, lik sfo01-m01hp-mgmt01, lik the Monitor t, nd then lik the Sheduled Tsks sut. Clik Shedule New Tsk then lik Chek Host Profile Compline. In the sfo01-m01hp-mgmt01: Chek Host Profile Compline (sheduled) window lik Sheduling Options. Enter sfo01-m01hp-mgmt01 Compline Chek in the Tsk Nme field. VMwre, In. 40

41 e f g Clik the Chnge utton on the Configured Sheduler line. In the Configure Sheduler window selet Setup reurring shedule for this tion, hnge the Strt time to 10:00 PM, nd lik OK. Clik OK in the sfo01-m01hp-mgmt01: Chek Host Profile Compline (sheduled) window. Set Virtul SAN Poliy on Mngement Virtul Mhines in Region A After you pply the host profile to ll of the hosts, set the storge poliy of the mngement virtul mhines to the Virtul SAN Defult Storge Poliy. Set the Pltform Servies Controller nd vcenter Server pplines to the defult Virtul SAN storge poliy. 1 Log in to the Mngement vcenter Server y using the vsphere We Client. Open We rowser nd go to Log in using the following redentils. User nme Pssword dministrtor@vsphere.lol vsphere_dmin_pssword 2 In the Nvigtor, lik Hosts nd Clusters expnd the sfo01m01v01.sfo01.rinpole.lol tree. 3 Selet the sfo01m01ps01 virtul mhine. 4 Clik the Configure t, lik Poliies, nd lik Edit VM Storge Poliies. 5 In the sfo01m01ps01: Mnge VM Storge Poliies dilog, from the VM storge poliy drop down menu, selet vsan Defult Storge Poliy, nd lik Apply to ll. 6 Clik OK to pply the hnges. 7 Verify tht the Compline Sttus olumn shows Complint sttus for ll items in the tle. 8 Repet this step to pply the vsan Defult Storge Poliy on sfo01m01v01 nd sfo01w01ps01 virtul mhines. Crete the VM nd Templte Folders in Region A Crete folders to group ojets of the sme type for esier mngement. You repet this proedure eight times to rete ll of the mngement pplition folders listed in the following tle. VMwre, In. 41

42 Tle 2 4. Folders for the Mngement Applitions in Region A Mngement Applitions vcenter Server nd Pltform Servies Controllers vrelize Automtion, vrelize Orhestrtor, nd vrelize Business vrelize Automtion (Proxy Agent) nd vrelize Business (Dt Colletor) vrelize Opertions Mnger vrelize Opertions Mnger (Remote Colletors) vrelize Log Insight NSX Mnger, Controllers, nd Edges VMwre Site Reovery Mnger nd vsphere Dt Protetion Folder sfo01-m01fd-mgmt sfo01-m01fd-vr sfo01-m01fd-vris sfo01-m01fd-vrops sfo01-m01fd-vropsr sfo01-m01fd-vrli sfo01-m01fd-nsx sfo01-m01fd-dr 1 Log in to the Mngement vcenter Server y using the vsphere We Client. Open We rowser nd go to Log in using the following redentils. User nme Pssword dministrtor@vsphere.lol vsphere_dmin_pssword 2 Crete folders for eh of the mngement pplitions. d In the Nvigtor, lik VMs nd Templtes nd expnd the sfo01m01v01.sfo01.rinpole.lol tree. Right-lik the sfo01-m01d dt enter, nd selet New Folder > New VM nd Templte Folder. In the New Folder dilog ox enter sfo01-m01fd-mgmt s the nme to lel the folder nd lik OK. Repet this step to rete the remining folders. 3 Move the vcenter Server nd Pltform Servies Controller virtul mhines to the sfo01-m01fdmgmt folder. In the Nvigtor, lik VMs nd Templtes nd expnd the sfo01m01v01.sfo01.rinpole.lol tree. Expnd the Disovered Virtul Mhines folder. Drg sfo01m01v01, sfo01m01ps01, nd sfo01w01ps01 to the sfo01-m01fd-mgmt folder. VMwre, In. 42

43 4 Delete the Disovered Virtul Mhines folder. In the Nvigtor, lik VMs nd Templtes nd expnd the sfo01m01v01.sfo01.rinpole.lol tree. Right-lik the Disovered Virtul Mhines folder nd hoose Remove from Inventory. On the Confirm Remove dilog, lik Yes. Crete Anti-Affinity Rules for the Pltform Servies Controller in Region A Anti-Affinity rules prevent virtul mhines from running on the sme host. This helps to mintin redundny in the event of host filures. 1 Log in to the Mngement vcenter Server y using the vsphere We Client. Open We rowser nd go to Log in using the following redentils. User nme Pssword dministrtor@vsphere.lol vsphere_dmin_pssword 2 In the Nvigtor, selet Hosts nd Clusters nd expnd the sfo01m01v01.sfo01.rinpole.lol tree. 3 Selet the sfo01-m01-mgmt01 luster nd lik the Configure t. 4 Under the Configurtion group of settings, selet VM/Host Rules. 5 On the VM/Host Rules pge, lik the Add utton to rete new VM/Hosts Rule. 6 In the Crete VM/Host Rule dilog, enter nti-ffinity-rule-ps in the Nme field, ensure the Enle rule hekox is seleted, selet Seprte Virtul Mhines from the Type drop down menu, nd lik the Add utton. 7 In the Add Rule Memer dilog, selet sfo01m01ps01 nd sfo01w01ps01 nd lik OK. 8 Clik OK to rete the rule. Crete VM Groups to Define Strtup Order in the Mngement Cluster in Region A VM Groups llow you to define the strtup order of virtul mhines. Strtup orders re used during vsphere HA events suh tht vsphere HA powers on virtul mhines in the orret order. VMwre, In. 43

44 1 Log in to the Mngement vcenter Server y using the vsphere We Client. Open We rowser nd go to Log in using the following redentils. User nme Pssword dministrtor@vsphere.lol vsphere_dmin_pssword 2 In the Nvigtor, selet Host nd Clusters nd expnd the sfo01m01v01.sfo01.rinpole.lol tree. 3 Crete VM Group for the Pltform Servies Controllers. d e f Selet the sfo01-m01-mgmt01 luster nd lik the Configure t. On the Configure pge, lik VM/Host Groups. On the VM/Host Groups pge, lik the Add utton. In the Crete VM/Host Group dilog, enter Pltform Servies Controllers in the Nme field, selet VM Group from the Type drop down, nd lik the Add utton. In the Add VM/Host Group Memer dilog, selet sfo01m01ps01 nd sfo01w01ps01 nd lik OK. On the Crete VM/Host Group dilog, lik OK to rete. 4 Crete VM Group for the vcenter Server virtul mhine. d e f Selet the sfo01-m01-mgmt01 luster nd lik the Configure t. On the Configure pge, lik VM/Host Groups. On the VM/Host Groups pge, lik the Add utton. In the Crete VM/Host Group dilog, enter vcenter Servers in the Nme field, selet VM Group from the Type drop down, nd lik the Add utton. In the Add VM/Host Group Memer dilog, selet sfo01m01v01 nd lik OK. On the Crete VM/Host Group dilog, lik OK to rete. 5 Crete Rule to power on the Pltform Servies Controllers followed y the vcenter Servers. Selet the sfo01-m01-mgmt01 luster nd lik the Configure t. On the Configure pge, lik VM/Host Rules. On the VM/Host Rules pge, lik the Add utton. VMwre, In. 44

45 d e f In the Crete VM/Host Rule dilog, enter SDDC Mngement Virtul Mhines in the Nme field, ensure the Enle rule hek ox is seleted, selet Virtul Mhines to Virtul Mhines from the Type drop down. Selet Pltform Servies Controllers from the First restrt VMs in VM group drop down. Selet vcenter Servers from the Then restrt VMs in VM group nd lik OK. Deploy nd Configure the Mngement Cluster NSX Instne in Region A This design uses two seprte NSX instnes per region. One instne is tied to the Mngement vcenter Server, nd the other instne is tied to the Compute vcenter Server. Deploy nd onfigure the NSX instne for the mngement luster in Region A. 1 Deploy the NSX Mnger for the Mngement Cluster NSX Instne in Region A For this implementtion NSX Mnger nd vcenter Server hve one-to-one reltionship. For every instne of NSX Mnger, there is one onneted vcenter Server. 2 Deploy the NSX Controllers for the Mngement Cluster NSX Instne in Region A After the NSX Mnger is suessfully onneted to the Mngement vcenter Server, you must promote it to the primry role nd deploy the three NSX Controller nodes tht form the NSX Controller luster. 3 Assign Liensing for NSX Instne for Region A Assign liensing for the NSX instne in Region A. 4 Prepre the ESXi Hosts in the Mngement Cluster for NSX in Region A You must instll the NSX kernel modules on the mngement luster ESXi hosts to e le to use NSX. 5 Configure the NSX Logil Network for the Mngement Cluster in Region A After ll the deployment tsks re redy, you must onfigure the NSX logil network. 6 Updte the Host Profile for the Mngement Cluster in Region A After you onfigure NSX logil networking on the mngement hosts in Region A, updte the host profile of the mngement luster nd remedite the hosts to lign their onfigurtion. 7 Deploy the Pltform Servies Controllers Lod Blner in Region A You onfigure lod lning for ll servies nd omponents relted to Pltform Servies Controllers (PSC) using n NSX Edge lod lner. 8 Configure NSX Dynmi Routing in the Mngement Cluster in Region A NSX for vsphere retes network virtuliztion lyer on top of whih ll virtul networks re reted. This lyer is n strtion etween the physil nd virtul networks. You onfigure NSX dynmi routing within the mngement luster, deploying two NSX Edge devies nd Universl Distriuted Logil Router (UDLR). VMwre, In. 45

46 9 Distriuted Firewll Configurtion for Mngement Applitions Configuring distriuted firewll for use with your SDDC inreses the seurity level of your environment y llowing only the network trffi tht is required for the SDDC to run. The firewll rules you define llow ess to mngement pplitions. 10 Test the Mngement Cluster NSX Configurtion in Region A Test the onfigurtion of the NSX logil network using ping test. A ping test heks if two hosts in network n reh eh other. 11 Deploy Applition Virtul Networks in Region A Deploy the pplition virtul networks. 12 Deploy the NSX Lod Blner in Region A Deploy lod lner for use y mngement pplitions onneted to the pplition virtul network, Mgmt-xRegion01-VXLAN. Deploy the NSX Mnger for the Mngement Cluster NSX Instne in Region A For this implementtion NSX Mnger nd vcenter Server hve one-to-one reltionship. For every instne of NSX Mnger, there is one onneted vcenter Server. First ssign domin servie ount tht NSX uses to the vcenter Server Administrtor role. After tht deploy the NSX Mnger virtul ppline for the mngement luster. After the NSX Mnger is deployed onnet it to the Mngement vcenter Server instne. 1 Assign n NSX Domin Servie Aount nd Deploy the NSX Mnger Appline in Region A Assign domin servie ount for use y NSX to ess the vcenter Server Administrtor role. 2 Connet NSX Mnger to the Mngement vcenter Server in Region A After you deploy the NSX Mnger virtul ppline for the mngement luster, you onnet the NSX Mnger to the Mngement vcenter Server. 3 Assign Administrtive Aess to NSX in Region A Assign the dministrtor@vsphere.lol ount ess to NSX. Assign n NSX Domin Servie Aount nd Deploy the NSX Mnger Appline in Region A Assign domin servie ount for use y NSX to ess the vcenter Server Administrtor role. VMwre, In. 46

47 1 Log in to the Mngement vcenter Server y using the vsphere We Client. Open We rowser nd go to Log in using the following redentils. User nme Pssword dministrtor@vsphere.lol vsphere_dmin_pssword 2 In the Nvigtor, lik Administrtion nd lik Glol Permissions. 3 Clik the Add permission ion. 4 In the Glol Permission Root - Add Permission dilog ox, lik Add. 5 In the Selet Users/Groups dilog ox, selet rinpole.lol from the Domin drop-down menu. 6 In the serh ox, enter sv-nsxmnger nd press Enter. 7 Selet sv-nsxmnger nd lik Add. 8 Clik OK. 9 In the Glol Permission Root - Add Permission dilog ox, selet Administrtor s the Assigned Role nd selet the Propgte to hildren hek ox. 10 Clik OK. 11 In the Nvigtor, expnd the entire sfo01m01v01.sfo01.rinpole.lol ontrol. 12 Right-lik the sfo01-m01-mgmt01 luster nd lik Deploy OVF Templte. 13 On the Selet templte pge, lik the Browse utton, selet the VMwre NSX Mnger.ov file nd lik Next. 14 On the Selet nme nd lotion pge, enter the following settings, nd lik Next. Nme Dtenter or folder sfo01m01nsx01 sfo01-m01fd-nsx 15 On the Selet resoure pge, selet the following vlues, nd lik Next. Cluster sfo01-m01-mgmt01 16 On the Review detils pge, review the extr onfigurtion option messge, nd lik Next. 17 On the Aept liense greements pge, lik Aept, nd lik Next. VMwre, In. 47

48 18 On the Selet storge pge, enter the following settings nd lik Next. Selet virtul disk formt VM storge poliy Dtstore Thin provision vsan Defult Storge Poliy sfo01-m01-vsn01 19 On the Selet networks pge, under Destintion Network, selet sfo01-m01-vds01-mngement nd lik Next. 20 On the Customize templte pge, expnd the different options, enter the following settings, nd lik Next. DNS Server List , Domin Serh List sfo01.rinpole.lol Defult IPv4 Gtewy Hostnme sfo01m01nsx01.sfo01.rinpole.lol Network 1 IPv4 Address Network 1 Netmsk Enle SSH Seleted NTP Server List ntp.sfo01.rinpole.lol ntp.lx01.rinpole.lol CLI "dmin" User Pssword / enter CLI "dmin" User Pssword / onfirm CLI Privilege Mode Pssword / enter CLI Privilege Mode Pssword / onfirm VMwre Customer Experiene Improvement Progrm mgmtnsx_dmin_pssword mgmtnsx_dmin_pssword mgmtnsx_priviledge_pssword mgmtnsx_priviledge_pssword Seleted 21 On the Redy to omplete pge, review your onfigurtion nd lik Finish. 22 In the Nvigtor, expnd the entire sfo01m01v01.sfo01.rinpole.lol tree, selet the sfo01m01nsx01 virtul mhine, nd lik the Power on utton. Connet NSX Mnger to the Mngement vcenter Server in Region A After you deploy the NSX Mnger virtul ppline for the mngement luster, you onnet the NSX Mnger to the Mngement vcenter Server. VMwre, In. 48

49 1 Log in to the Mngement NSX Mnger ppline user interfe. Open We rowser nd go to Log in using the following redentils. User nme Pssword dmin nsx_mnger_dmin_pssword 2 Clik Mnge vcenter Registrtion. 3 Under Lookup Servie URL, lik Edit. 4 In the Lookup Servie URL dilog ox, enter the following settings nd lik OK. Lookup Servie Host sfo01ps01.sfo01.rinpole.lol Lookup Servie Port 443 SSO Administrtor User Nme Pssword dministrtor@vsphere.lol vsphere_dmin_pssword 5 In the Trust Certifite? dilog, lik Yes. 6 Under vcenter Server, lik Edit. 7 In the vcenter Server dilog, enter the following settings, nd lik OK. vcenter Server vcenter User Nme Pssword sfo01m01v01.sfo01.rinpole.lol sv-nsxmnger@rinpole.lol sv-nsxmnger_pssword 8 In the Trust Certifite? dilog, lik Yes. 9 Wit for the Sttus inditors for the Lookup Servie URL nd vcenter Server to hnge to the Conneted sttus. Assign Administrtive Aess to NSX in Region A Assign the dministrtor@vsphere.lol ount ess to NSX. VMwre, In. 49

50 1 Log in to the Mngement vcenter Server y using the vsphere We Client. Open We rowser nd go to Log in using the following redentils. User nme Pssword sv-nsxmnger@rinpole.lol sv-nsxmnger_pssword 2 In the Nvigtor, lik Networking & Seurity nd lik NSX Mngers. 3 Under NSX Mngers, lik the instne. 4 Clik the Mnge t nd lik Users. 5 Clik the Add ion. 6 On the Identify User pge, selet the Speify vcenter user rdio utton, enter dministrtor@vsphere.lol in the text ox, nd lik Next. 7 On the Selet Roles pge, selet the Enterprise Administrtor rdio utton nd lik Finish. Deploy the NSX Controllers for the Mngement Cluster NSX Instne in Region A After the NSX Mnger is suessfully onneted to the Mngement vcenter Server, you must promote it to the primry role nd deploy the three NSX Controller nodes tht form the NSX Controller luster. You must deploy every node only fter the previous one is suessfully deployed. 1 Log in to vcenter Server y using the vsphere We Client. Open We rowser nd go to Log in using the following redentils. User nme Pssword dministrtor@vsphere.lol vsphere_dmin_pssword 2 Promote the NSX Mnger to the primry role. Under Inventories, lik Networking & Seurity. In the Nvigtor, lik Instlltion. On the Mngement t, selet the instne. VMwre, In. 50

51 d e Clik the Ations menu nd lik Assign Primry Role. In the Assign Primry Role dilog, lik Yes. 3 Configure n IP pool for the NSX Controller luster. d In the Nvigtor, lik NSX Mngers. Under NSX Mngers, lik the instne. Clik the Mnge t, lik Grouping Ojets, lik IP Pools, nd lik the Add New IP Pool ion. In the Add Stti IP Pool dilog, enter the following settings nd lik OK. Nme sfo01-mgmt01-nsx01 Gtewy Prefix Length 24 Primry DNS Seondry DNS DNS Suffix sfo01.rinpole.lol Stti IP Pool Deploy the NSX Controller luster. In the Nvigtor, lik Networking & Seurity to go k, nd lik Instlltion. Under NSX Controller nodes, lik the Add ion to deploy three NSX Controller nodes with the sme onfigurtion. VMwre, In. 51

52 In the Add Controller pge, enter the following settings nd lik OK. You onfigure pssword only during the deployment of the first ontroller. The other ontrollers will use the sme pssword. Nme sfo01m01nsx01 for ontroller 1 sfo01m01nsx02 for ontroller 2 sfo01m01nsx03 for ontroller 3 NSX Mnger Dtenter Cluster/Resoure Pool Dtstore Folder Conneted To IP Pool Pssword Confirm Pssword sfo01-m01d sfo01-m01-mgmt01 sfo01-m01-vsn01 sfo01-m01fd-nsx sfo01-m01-vds01-mngement sfo01-mgmt01-nsx01 mgmtnsx_ontrollers_pssword mgmtnsx_ontrollers_pssword d After the Sttus of the ontroller node hnges to Conneted, repet the step nd deploy the two remining NSX Controller nodes in the ontroller luster with the sme onfigurtion. 5 Configure DRS ffinity rules for the NSX Controller nodes. d e f Go k to the Home pge. In the Nvigtor, lik Hosts nd Clusters, nd expnd the sfo01m01v01.sfo01.rinpole.lol tree. Selet the sfo01-m01-mgmt01 luster, nd lik the Configure t. Under Configurtion, lik VM/Host Rules. Clik Add. In the sfo01-m01-mgmt01 - Crete VM/Host Rule dilog, enter the following settings nd lik OK. Nme Enle rule Type nti-ffinity-rule-nsx Seleted Seprte Virtul Mhine g h In the Add Rule Memer dilog, selet the hek ox next to eh of the three NSX Controller virtul mhines nd lik OK. In the sfo01-m01-mgmt01 - Crete VM/Host Rule dilog, lik OK. VMwre, In. 52

53 Assign Liensing for NSX Instne for Region A Assign liensing for the NSX instne in Region A. 1 Log in to vcenter Server y using the vsphere We Client. Open We rowser nd go to Log in using the following redentils. User nme Pssword dministrtor@vsphere.lol vsphere_dmin_pssword 2 Clik the Home ion ove the Nvigtor nd selet Administrtion. 3 On the Administrtion pge, lik Lienses nd lik the Lienses t. 4 Clik the Crete New Lienses ion to dd liense keys. On theenter liense keys pge, enter liense keys for NSX, nd lik Next. On the Edit liense nme pge, enter Liense nme nd lik Next. On the Redy to omplete pge, review your entries nd lik Finish. 5 Assign the newly dded lienses to NSX. d Clik the Home ion ove the Nvigtor nd hoose the Administrtion menu item. On the Administrtion pge, under Liensing nd selet Lienses. Under Lienses, lik on the Assets t, then lik the Solutions t. Selet NSX for vsphere, nd lik the Assign Liense ion. e On the NSX for vsphere - Assign Assign Liense pge selet the liense you reted in step 2 nd lik OK. Prepre the ESXi Hosts in the Mngement Cluster for NSX in Region A You must instll the NSX kernel modules on the mngement luster ESXi hosts to e le to use NSX. NSX kernel modules pkged in VIB files run within the hypervisor kernel nd provide servies suh s distriuted routing, distriuted firewll, nd VXLAN ridging pilities. VMwre, In. 53

54 1 Log in to vcenter Server y using the vsphere We Client. Open We rowser nd go to Log in using the following redentils. User nme Pssword dministrtor@vsphere.lol vsphere_dmin_pssword 2 Instll the NSX kernel modules on the mngement luster ESXi hosts. d In the Nvigtor, lik Networking & Seurity. Clik Instlltion, nd lik the Host Preprtion t. Selet from the NSX Mnger drop-down menu. Under Instlltion Sttus, lik Instll for the sfo01-m01-mgmt01 luster nd lik Yes in the onfirmtion dilog ox. 3 Verify tht the Instlltion Sttus olumn displys the NSX version for ll hosts in the luster, onfirming tht the NSX kernel modules re suessfully instlled. Configure the NSX Logil Network for the Mngement Cluster in Region A After ll the deployment tsks re redy, you must onfigure the NSX logil network. To onfigure the NSX logil network, you perform the following tsks: Configure the Segment ID llotion. Configure the VXLAN networking. Configure the trnsport zone. 1 Log in to vcenter Server y using the vsphere We Client. Open We rowser nd go to Log in using the following redentils. User nme Pssword dministrtor@vsphere.lol vsphere_dmin_pssword VMwre, In. 54

55 2 Configure the Segment ID llotion. d In the Nvigtor, lik Networking & Seurity. Clik Instlltion, lik Logil Network Preprtion, nd lik Segment ID. Selet from the NSX Mnger drop-down menu. Clik Edit, enter the following settings, nd lik OK. Segment ID pool Enle Multist ddressing Seleted Multist ddresses Universl Segment ID Pool Enle Universl Multist ddressing Seleted Universl Multist ddresses Configure the VXLAN networking. Clik the Host Preprtion t. Under VXLAN, lik Not Configured on the sfo01-m01-mgmt01 row, enter the following settings, nd lik OK. Swith sfo01-m01-vds01 VLAN 1614 MTU 9000 VMKNi IP Addressing VMKNi Teming Poliy Use DHCP Lod Blne - SRCID VTEP 2 4 Configure the trnsport zone. On the Instlltion pge, lik the Logil Network Preprtion t nd lik Trnsport Zones. Selet from the NSX Mnger drop-down menu. Clik the New Trnsport zone ion. VMwre, In. 55

56 d In the New Trnsport Zone dilog, enter the following settings nd lik OK. Mrk this ojet for Universl Synhroniztion Nme Replition mode Selet lusters tht will e prt of the Trnsport Zone Seleted Mgmt Universl Trnsport Zone Hyrid sfo01-m01-mgmt01 e Right lik Mgmt Universl Trnsport Zone, hoose Enle CDO mode, nd lik Yes in the dilogto enle CDO mode. Updte the Host Profile for the Mngement Cluster in Region A After you onfigure NSX logil networking on the mngement hosts in Region A, updte the host profile of the mngement luster nd remedite the hosts to lign their onfigurtion. 1 Log in to vcenter Server y using the vsphere We Client. Open We rowser nd go to Log in using the following redentils. User nme Pssword dministrtor@vsphere.lol vsphere_dmin_pssword 2 Updte the host profile to the mngement luster. In the Nvigtor, selet Poliies nd Profiles. Clik Host Profiles, right-lik sfo01-m01hp-mgmt01, nd selet Copy s from Host. Selet sfo01m01esx01.sfo01.rinpole.lol, lik OK. 3 Verify ompline nd remedite the mngement hosts in Region A. On the Poliies nd Profiles pge, lik the sfo01-m01hp-mgmt01 host profile. On the Monitor t, lik the Compline t. Selet sfo01-m01-mgmt01 in the Host/Cluster olumn nd lik Chek Host Profile Compline. This ompline test shows tht the first host is Complint, ut the other hosts re Not Complint. d Clik eh of the non-omplint hosts, lik Remedite Hosts Bsed on its Host Profile. VMwre, In. 56

57 e f In the Remedite Hosts Bsed on its Host Profile wizrd, enter Host Nme if prompted for NetStk Instne vxln->dns onfigurtion, nd lik Next. On the Redy to omplete pge, lik Finish. All hosts hve Complint sttus in the Host Compline olumn. Deploy the Pltform Servies Controllers Lod Blner in Region A You onfigure lod lning for ll servies nd omponents relted to Pltform Servies Controllers (PSC) using n NSX Edge lod lner. 1 Deploy the Pltform Servies Controller NSX Lod Blner in Region A The first step in deploying lod lning for the Pltform Servies Controller is to deploy the edge servies gtewy. 2 Crete Pltform Servies Controller Applition Profiles in Region A Crete n pplition profile to define the ehvior of prtiulr type of network trffi. After onfiguring profile, you ssoite the profile with virtul server. The virtul server then proesses trffi ording to the vlues speified in the profile. Using profiles enhnes your ontrol over mnging network trffi, nd mkes trffi-mngement tsks esier nd more effiient. 3 Crete Pltform Servies Controller Server Pools in Region A A server pool onsists of kend server memers. After you rete server pool, you ssoite servie monitor with the pool to mnge nd shre the kend servers flexily nd effiiently. 4 Crete Pltform Servies Controller Virtul Servers in Region A After lod lning is set up, the NSX lod lner distriutes network trffi ross multiple servers. When virtul server reeives request, it hooses the pproprite pool to send trffi to. Eh pool onsists of one or more memers. You rete virtul servers for ll of the onfigured server pools. 5 Updte DNS Reords for the Pltform Servies Controller Lod Blner in Region A You must modify the DNS Address in Region A fter setting up lod lning. Deploy the Pltform Servies Controller NSX Lod Blner in Region A The first step in deploying lod lning for the Pltform Servies Controller is to deploy the edge servies gtewy. VMwre, In. 57

58 1 Log in to vcenter Server y using the vsphere We Client. Open We rowser nd go to Log in using the following redentils. User nme Pssword dministrtor@vsphere.lol vsphere_dmin_pssword 2 Clik Networking & Seurity. 3 In the Nvigtor, lik NSX Edges. 4 Selet from the NSX Mnger drop-down menu. 5 Clik the Add ion t to rete n NSX Edge. The New NSX Edge wizrd ppers. 6 On the Nme nd desription pge, enter the following settings nd lik Next. Instll Type Nme Hostnme Deploy NSX Edge Enle High Avilility Edge Servies Gtewy sfo01ps01 sfo01ps01.sfo01.rinpole.lol Seleted Seleted 7 On the s pge, enter the following settings nd lik Next. User Nme Pssword Enle SSH ess Enle FIPS mode Enle uto rule genertion Edge Control Level logging dmin edge_dmin_pssword Seleted Deseleted Seleted INFO 8 On the Configure deployment pge, perform the following onfigurtion steps nd lik Next. Selet sfo01-m01d, from the Dtenter drop-down menu. Clik Lrge to speify the Appline Size. VMwre, In. 58

59 Clik the Add ion, enter the following settings, nd lik OK. Resoure pool Dtstore Folder sfo01-m01-mgmt01 sfo01-m01-vsn01 sfo01-m01fd-nsx d To rete seond ppline, lik the Add ion gin, mke the sme seletions in the Add NSX Edge Appline dilog, lik OK nd then lik Next.. 9 On the Configure interfes pge, lik the Add ion to onfigure the sfo01ps01 interfe, enter the following settings, lik OK, nd lik Next. Nme Type Conneted To Connetivity Sttus sfo01ps01 Internl sfo01-m01-vds01-mngement Conneted Primry IP Address Sunet Prefix Length 24 MTU 9000 Send ICMP Rediret Seleted 10 On the Defult gtewy settings pge, enter the following settings nd lik Next. Gtewy IP MTU On the Firewll nd HA pge, selet the following settings nd lik Next. Configure Firewll defult poliy Defult Trffi Poliy Logging vnic Seleted Aept Disle ny Delre Ded Time On the Redy to omplete pge, review the onfigurtion settings you entered nd lik Finish. 13 Enle HA logging. In the Nvigtor, lik NSX Edges. Selet from the NSX Mnger drop-down menu. VMwre, In. 59

60 d e f Doule-lik the devie leled sfo01ps01. Clik the Mnge t nd lik the s t. Clik Chnge in the HA Configurtion window. Selet the Enle Logging hekox nd lik OK. 14 Enle the Lod Blner servie. d In the Nvigtor, lik NSX Edges. Selet from the NSX Mnger drop-down menu. Doule-lik the devie leled sfo01ps01. Clik the Mnge t, lik the Lod Blner t, lik Glol Configurtion, nd lik Edit. 15 In the Edit lod lner glol onfigurtion dilog, selet Enle Lod Blner nd lik OK. Crete Pltform Servies Controller Applition Profiles in Region A Crete n pplition profile to define the ehvior of prtiulr type of network trffi. After onfiguring profile, you ssoite the profile with virtul server. The virtul server then proesses trffi ording to the vlues speified in the profile. Using profiles enhnes your ontrol over mnging network trffi, nd mkes trffi-mngement tsks esier nd more effiient. 1 Log in to the Mngement vcenter Server y using the vsphere We Client. Open We rowser nd go to Log in using the following redentils. User nme Pssword dministrtor@vsphere.lol vsphere_dmin_pssword 2 Clik Networking & Seurity. 3 In the Nvigtor, lik NSX Edges. 4 From the NSX Mnger drop-down menu, selet s the NSX Mnger nd doule-lik the sfo01ps01 NSX Edge to mnge its network settings. 5 Clik the Mnge t, lik Lod Blner, nd selet Applition Profiles. 6 Clik the Add ion nd in the New Profile dilog, enter the following vlues nd lik OK. Nme ps-tp ps-https Type TCP HTTPS VMwre, In. 60

61 Enle SSL Pssthrough Deseleted Seleted Persistene Soure IP Soure IP Expires in (Seonds) Clik OK to sve the onfigurtion. Crete Pltform Servies Controller Server Pools in Region A A server pool onsists of kend server memers. After you rete server pool, you ssoite servie monitor with the pool to mnge nd shre the kend servers flexily nd effiiently. Repet this proedure to rete two server pools. Use the vlues indited in the proedure to rete the first nd seond server pools. 1 Log in to the Mngement vcenter Server y using the vsphere We Client. Open We rowser nd go to Log in using the following redentils. User nme Pssword dministrtor@vsphere.lol vsphere_dmin_pssword 2 Clik Networking & Seurity. 3 In the Nvigtor, lik NSX Edges. 4 From the NSX Mnger drop-down menu, selet s the NSX Mnger nd doule-lik the sfo01ps01 NSX Edge to mnge its network settings. 5 Clik the Mnge t, lik Lod Blner, nd selet Pools. 6 Clik the Add ion nd in the New Pool dilog ox, enter the following vlues nd lik OK. Nme ps-https-443 ps-tp-389 Algorithm ROUND-ROBIN ROUND-ROBIN Monitors defult_tp_monitor defult_tp_monitor 7 New Memers dilog ox, lik the Add ion to dd the first pool memer. VMwre, In. 61

62 8 In the New Memer dilog ox, enter the following vlues, nd lik OK. s for First Server Pool s for Seond Server Pool Enle Memer Seleted Seleted Nme sfo01m01ps01 sfo01m01ps01 IP Address/VC Continer sfo01m01ps01 sfo01m01ps01 Port Monitor Port Weight Under Memers, lik the Add ion to dd the seond pool memer. 10 In the New Memer dilog ox, enter the following vlues, lik OK nd lik OK to sve the Pltform Servies Controller Pool. s for First Server Pool s for Seond Server Pool Enle Memer Seleted Seleted Nme sfo01w01ps01 sfo01w01ps01 IP Address/VC Continer sfo01w01ps01 sfo01w01ps01 Port Monitor Port Weight Repet the proedure to rete the remining server pool. CretePltform Servies ControllerVirtul Servers in Region A After lod lning is set up, the NSX lod lner distriutes network trffi ross multiple servers. When virtul server reeives request, it hooses the pproprite pool to send trffi to. Eh pool onsists of one or more memers. You rete virtul servers for ll of the onfigured server pools. 1 Log in to the Mngement vcenter Server y using the vsphere We Client. Open We rowser nd go to Log in using the following redentils. User nme Pssword dministrtor@vsphere.lol vsphere_dmin_pssword 2 Clik Networking & Seurity. 3 In the Nvigtor, lik NSX Edges. VMwre, In. 62

63 4 From the NSX Mnger drop-down menu, selet s the NSX Mnger nd doule-lik the sfo01ps01 NSX Edge to mnge its network settings. 5 Clik the Mnge t, lik Lod Blner, nd selet Virtul Servers. 6 Clik the Add ion, nd in the New Virtul Server dilog ox onfigure the vlues for the virtul server you re dding, nd lik OK. Enle Virtul Server Seleted Seleted Applition Profile ps-tp ps-https Nme ps-tp-389 ps-https-443 Desription 389-LDAP,2012-Control Interfe,2014-RPC Port,2020- Authentition,636-SSL LDAP Dt from the vsphere We Client IP Address Protool TCP HTTPS Port 389,636,2012,2014, Defult Pool ps-tp-389 ps-https Repet Step 6 to rete virtul server for eh omponent. Upon ompletion, verify tht you hve suessfully entered the virtul server nmes nd their respetive onfigurtion vlues. Updte DNS Reords for the Pltform Servies Controller Lod Blner in Region A You must modify the DNS Address in Region A fter setting up lod lning. For the Pltform Servies Controller Lod Blner, you edit the DNS entry of sfo01ps01.sfo01.rinpole.lol to point to the virtul IP ddress (VIP) of the Lod Blner ( ) insted of pointing to the IP ddress of mgmt01sp01. 1 Log in to DNS server d01sfo.lsfo01.rinpole.lol tht resides in the sfo01.rinpole.lol domin. 2 Open the Windows Strt menu, enter dns in the Serh text ox nd press Enter. The DNS Mnger dilog ox ppers. 3 In the DNS Mnger dilog ox, under Forwrd Lookup Zones, selet the sfo01.rinpole.lol domin nd lote the sfo01ps01 reord on the right. VMwre, In. 63

64 4 Doule-lik the sfo01ps01 reord, hnge the IP ddress of the reord from to , nd lik OK. Fully Qulified domin nme (FQDN) sfo01ps01.sfo01.rinpole.lol IP Address Updte Assoited Pointer (PTR) reord Seleted Configure NSX Dynmi Routing in the Mngement Cluster in Region A NSX for vsphere retes network virtuliztion lyer on top of whih ll virtul networks re reted. This lyer is n strtion etween the physil nd virtul networks. You onfigure NSX dynmi routing within the mngement luster, deploying two NSX Edge devies nd Universl Distriuted Logil Router (UDLR). 1 Crete Universl Logil Swith for Use s the Trnsit Network in the Mngement Cluster in Region A Crete universl logil swith for use s the trnsit network. VMwre, In. 64

65 2 Deploy NSX Edge Devies for North-South Routing in Region A Deploy two NSX Edge devies for North-South Routing. 3 Disle the Firewll Servie in Region A Disle the firewll of the NSX Edge devies, this is required for equl-ost multi-pth (ECMP) to operte orretly. 4 Enle nd Configure Routing in Region A Enle Border Gtewy Protool (BGP) to exhnge routing informtion etween the NSX Edge servies gtewys. 5 Verify Peering of Upstrem Swithes nd Estlishment of BGP in Region A The NSX Edge devies need to estlish onnetion to eh of it's upstrem BGP swithes efore BGP updtes n e exhnged. Verify tht the NSX Edges devies re suessfully peering, nd tht BGP routing hs een estlished. 6 Deploy the Universl Distriuted Logil Router in Region A Deploy the universl distriuted logil router (UDLR). 7 Configure Universl Distriuted Logil Router for Dynmi Routing in Region A Configure the universl distriuted logil router (UDLR) to use dynmi routing. 8 Verify Estlishment of BGP for the Universl Distriuted Logil Router in Region A The universl distriuted logil routers (UDLR) needs to estlish onnetion to Edge Servies Gtewy efore BGP updtes n e exhnged. Verify tht the UDLR is suessfully peering, nd tht BGP routing hs een estlished. Crete Universl Logil Swith for Use s the Trnsit Network in the Mngement Cluster in Region A Crete universl logil swith for use s the trnsit network. 1 Log in to vcenter Server y using the vsphere We Client. Open We rowser nd go to Log in using the following redentils. User nme Pssword dministrtor@vsphere.lol vsphere_dmin_pssword 2 Under Inventories, lik Networking & Seurity. 3 In the Nvigtor, lik Logil Swithes. 4 Selet the instne leled VMwre, In. 65

66 5 Clik the New Logil Swith ion. 6 In the New Logil Swith dilog, enter the following settings nd lik OK. Nme Trnsport Zone Replition Mode Universl Trnsit Network Mgmt Universl Trnsport Zone Hyrid Deploy NSX Edge Devies for North-South Routing in Region A Deploy two NSX Edge devies for North-South Routing. Perform this proedure two times to deploy two NSX Edge devies. Tle 2 5. NSX Edge Devies NSX Edge Devie NSX Edge Devie 1 NSX Edge Devie 2 Devie Nme sfo01m01esg01 sfo01m01esg02 Tle 2 6. NSX Edge Interfes s Interfe Primry IP Address sfo01m01esg01 Primry IP Address sfo01m01esg02 Uplink Uplink sfo01m01udlr Log in to vcenter Server y using the vsphere We Client. Open We rowser nd go to Log in using the following redentils. User nme Pssword dministrtor@vsphere.lol vsphere_dmin_pssword 2 Under Inventories, lik Networking & Seurity. 3 In the Nvigtor, lik NSX Edges. 4 Selet from the NSX Mnger drop-down menu. VMwre, In. 66

67 5 Clik the Add ion to deploy new NSX Edge. The New NSX Edge wizrd ppers. On the Nme nd desription pge, enter the following settings nd lik Next. s sfo01m01esg01 sfo01m01esg02 Instll Type Edge Servie Gtewy Edge Servie Gtewy Nme sfo01m01esg01 sfo01m01esg02 Hostnme sfo01m01esg01.sfo01.rinpole.lol sfo01m01esg02.sfo01.rinpole.lol Deploy NSX Edge Seleted Seleted Enle High Avilility Deseleted Deseleted On the s pge, enter the following settings nd lik Next. s User Nme Pssword Enle SSH ess Enle FIPS mode Enle uto rule genertion Edge Control Level logging dmin edge_dmin_pssword Seleted Deseleted Seleted INFO d On the Configure deployment pge, lik Lrge to speify the Appline Size nd lik the Add ion. In the Add NSX Edge Appline dilog, enter the following settings, lik OK, nd lik Next. Cluster/Resoure Pool Dtstore Folder sfo01-m01-mgmt01 sfo01-m01-vsn01 sfo01-m01fd-nsx VMwre, In. 67

68 e On the Configure interfes pge, lik the Add ion to onfigure the Uplink01 interfe, enter the following settings, nd lik OK. sfo01m01esg01 sfo01m01esg02 Nme Uplink01 Uplink01 Type Uplink Uplink Conneted To sfo01-m01-vds01-uplink01 sfo01-m01-vds01-uplink01 Connetivity Sttus Conneted Conneted Primry IP Address Sunet Prefix Length MTU Send ICMP Rediret Seleted Seleted f Clik the Add ion to onfigure the Uplink02 interfe, enter the following settings, nd lik OK. sfo01m01esg01 sfo01m01esg02 Nme Uplink02 Uplink02 Type Uplink Uplink Conneted To sfo01-m01-vds01-uplink02 sfo01-m01-vds01-uplink02 Connetivity Sttus Conneted Conneted Primry IP Address Sunet Prefix Length MTU Send ICMP Rediret Seleted Seleted g Clik the Add to onfigure the UDLR interfe, enter the following settings lik OK, nd lik Next. sfo01m01esg01 sfo01m01esg02 Nme sfo01m01udlr01 sfo01m01udlr01 Type Internl Internl Conneted To Universl Trnsit Network Universl Trnsit Network Connetivity Sttus Conneted Conneted Primry IP Address Sunet Prefix Length MTU Send ICMP Rediret Seleted Seleted h On the Defult gtewy settings pge, deselet the Configure Defult Gtewy hek ox nd lik Next. VMwre, In. 68

69 i j On the Firewll nd HA pge, lik Next. On the Redy to omplete pge, review the onfigurtion settings tht you entered nd lik Finish. 6 Repet this proedure to onfigure nother NSX edge using the settings for the seond NSX Edge devie. 7 Configure DRS ffinity rules for the Edge Servies Gtewys. d e f Go k to the Home pge. In the Nvigtor, lik Hosts nd Clusters, nd expnd the sfo01m01v01.sfo01.rinpole.lol tree. Selet the sfo01-m01-mgmt01 luster, nd lik the Configure t. Under Configurtion, lik VM/Host Rules. Clik Add. In the sfo01-m01-mgmt01 - Crete VM/Host Rule dilog ox, enter the following settings nd lik Add. Nme Enle rule Type nti-ffinity-rule-empedges Seleted Seprte Virtul Mhine g h In the Add Rule Memer dilog ox, selet the hek ox next to eh of the two, newly deployed NSX ESGs nd lik OK. In the sfo01-m01-mgmt01 - Crete VM/Host Rule dilog, lik OK. Disle the Firewll Servie in Region A Disle the firewll of the NSX Edge devies, this is required for equl-ost multi-pth (ECMP) to operte orretly. You repet this proedure two times for eh of the NSX Edge devies: sfo01m01esg01 nd sfo01m01esg02. VMwre, In. 69

70 1 Log in to vcenter Server y using the vsphere We Client. Open We rowser nd go to Log in using the following redentils. User nme Pssword dministrtor@vsphere.lol vsphere_dmin_pssword 2 Under Inventories, lik Networking & Seurity. 3 In the Nvigtor, lik NSX Edges. 4 Selet from the NSX Mnger drop-down menu. 5 Doule-lik the sfo01m01esg01 NSX Edge devie. 6 Clik the Mnge t, then lik Firewll. 7 In the Firewll pge, lik the Disle utton. 8 Clik Pulish Chnges. 9 Repet this proedure for the NSX Edge devie sfo01m01esg02. Enle nd Configure Routing in Region A Enle Border Gtewy Protool (BGP) to exhnge routing informtion etween the NSX Edge servies gtewys. Repet this proedure two times to enle BGP for oth NSX Edge devies: sfo01m01esg01 nd sfo01m01esg02. 1 Log in to vcenter Server y using the vsphere We Client. Open We rowser nd go to Log in using the following redentils. User nme Pssword dministrtor@vsphere.lol vsphere_dmin_pssword 2 Under Inventories, lik Networking & Seurity. 3 In the Nvigtor, lik NSX Edges. 4 Selet from the NSX Mnger drop-down menu. VMwre, In. 70

71 5 Doule-lik the sfo01m01esg01 NSX Edge devie. 6 Clik the Mnge t, nd lik Routing. 7 On the Glol Configurtion pge, enter the following settings. d Clik Enle for ECMP. Clik Edit for Dynmi Routing Configurtion. Selet Uplink01 s the Router ID nd lik OK. Clik Pulish Chnges. 8 On the Routing t, selet Stti Routes to onfigure it. Clik the Add ion, enter the following settings, nd lik OK. Network /24 Next Hop Interfe sfo01m01udlr01 MTU 9000 Admin Distne 210 Clik the Add ion, enter the following settings, nd lik OK. Network /24 Next Hop Interfe sfo01m01udlr01 MTU 9000 Admin Distne 210 Clik the Add ion, enter the following settings, nd lik OK. Network /24 Next Hop Interfe sfo01m01udlr01 MTU 9000 Admin Distne 210 d Clik Pulish Chnges. VMwre, In. 71

72 9 On the Routing t, selet BGP to onfigure it. Clik Edit, enter the following settings, nd lik OK. Enle BGP Enle Greful Restrt Enle Defult Originte Seleted Seleted Deseleted Lol AS On the BGP pge, lik the Add ion to dd neighor. The New Neighor dilog ox ppers. You dd two neighors: the first Top of Rk Swith nd the seond Top of Rk Swith. VMwre, In. 72

73 In the New Neighor dilog ox, enter the following vlues nd lik OK. IP Address Remote AS Weight 60 Keep Alive Time 4 Hold Down Time 12 Pssword BGP_pssword d Clik the Add ion to dd nother neighor. The New Neighor dilog ox ppers. Add the seond Top of Rk swith, whose IP ddress is VMwre, In. 73

74 e In the New Neighor dilog ox, enter the following vlues nd lik OK. IP Address Remote AS Weight 60 Keep Alive Time 4 Hold Down Time 12 Pssword BGP_pssword f Clik the Add ion to dd nother Neighor. The New Neighor dilog ox ppers. Configure the universl distriuted logil router (UDLR) s neighor. VMwre, In. 74

75 g In the New Neighor dilog ox, enter the following vlues, nd lik OK. IP Address Remote AS Weight 60 Keep Alive Time 1 Hold Down Time 3 Pssword BGP_pssword h Clik Pulish Chnges. The three neighors you dded pper in the Neighors tle. 10 On the Routing t, selet Route Redistriution to onfigure it. On the Route Redistriution pge, lik the Edit utton. In the Chnge redistriution settings dilog, selet the BGP hek ox nd lik OK. Clik the Add ion for Route Redistriution tle. VMwre, In. 75

76 d In the New Redistriution riteri dilog ox, enter the following settings nd lik OK. Prefix Lerner Protool OSPF Stti routes Conneted Ation Any BGP Deseleted Seleted Seleted Permit e Clik Pulish Chnges. The route redistriution onfigurtion ppers in the Route Redistriution tle. 11 Repet this proedure for the NSX Edge devie sfo01m01esg02. Verify Peering of Upstrem Swithes nd Estlishment of BGP in Region A The NSX Edge devies need to estlish onnetion to eh of it's upstrem BGP swithes efore BGP updtes n e exhnged. Verify tht the NSX Edges devies re suessfully peering, nd tht BGP routing hs een estlished. You repet this proedure two times for eh of the NSX Edge devies: sfo01m01esg01 nd sfo01m01esg02. VMwre, In. 76

77 1 Log in to the NSX Edge devie using Seure Shell (SSH) lient. Open n SSH onnetion to the NSX Edge devie sfo01m01esg01. Log in using the following redentils. User nme Pssword dmin edge_dmin_pssword 2 Run the show ip gp neighors ommnd to disply informtion out the BGP onnetions to neighors. The BGP Stte will disply Estlished, UP if you hve peered with the upstrem swithes. Note You hve not yet reted the universl distriuted logil router (UDLR), so it will not disply the Estlished, UP sttus messge. VMwre, In. 77

78 3 Run the show ip route ommnd to verify tht you re reeiving routes using BGP, nd tht there re multiple routes to BGP lerned networks. You verify multiple routes to BGP lerned networks y loting the sme route using different IP ddress. The IP ddresses re listed fter the word vi in the right-side olumn of the routing tle output. In the imge elow there re two different routes to the following BGP networks: /0 nd /24. You n identify BGP networks y the letter B in the left-side olumn. Lines eginning with C (onneted) hve only single route. 4 Repet this proedure for the NSX Edge devie sfo01m01esg02. Deploy the Universl Distriuted Logil Router in Region A Deploy the universl distriuted logil router (UDLR). VMwre, In. 78

79 1 Log in to vcenter Server y using the vsphere We Client. Open We rowser nd go to Log in using the following redentils. User nme Pssword dministrtor@vsphere.lol vsphere_dmin_pssword 2 Under Inventories, lik Networking & Seurity. 3 In the Nvigtor, lik NSX Edges. 4 Selet from the NSX Mnger drop-down menu. 5 Clik the Add ion to rete new UDLR. 6 Complete the New NSX Edge wizrd to deploy nd onfigure the UDLR. On the Nme nd desription pge, enter the following settings nd lik Next. Universl Logil (Distriuted) Router Nme Hostnme Deploy Edge Appline Enle High Avilility Seleted sfo01m01udlr01 sfo01m01udlr01.sfo01.rinpole.lol Seleted Seleted On the s pge, enter the following settings nd lik Next. User Nme Pssword Enle SSH ess Edge Control Level logging dmin udlr_dmin_pssword Seleted INFO d On the Configure deployment pge, lik the Add ion. In the Add NSX Edge Appline dilog ox, enter the following settings nd lik OK. Cluster/Resoure Pool Dtstore Folder sfo01-m01-mgmt01 sfo01-m01-vsn01 sfo01-m01fd-nsx VMwre, In. 79

80 e f On the Configure deployment pge, lik the Add ion seond time to dd seond NSX Edge devie. In the Add NSX Edge Appline dilog ox, enter the following settings nd lik OK. Cluster/Resoure Pool Dtstore Folder sfo01-m01-mgmt01 sfo01-m01-vsn01 sfo01-m01fd-nsx g h On the Configure interfes pge, under HA Interfe Configurtion, lik Chnge nd onnet to sfo01-m01-vds01-mngement. On the Configure interfes pge, lik the Add ion to onfigure Primry IP Address. Options Desription Primry IP Address Sunet Prefix Length 24 i j On the Configure interfes pge, under Configure interfes of this NSX Edge, lik the Add ion to onfigure interfe. In the Add Interfe dilog ox, enter the following settings, lik OK, nd lik Next. Nme Type Conneted To Connetivity Sttus Uplink Uplink Universl Trnsit Network Conneted Primry IP Address Sunet Prefix Length 24 MTU 9000 k l On the Defult gtewy settings pge, deselet Configure Defult Gtewy nd lik Next. On the Redy to omplete pge, lik Finish. Configure Universl Distriuted Logil Router for Dynmi Routing in Region A Configure the universl distriuted logil router (UDLR) to use dynmi routing. VMwre, In. 80

81 1 Log in to vcenter Server y using the vsphere We Client. Open We rowser nd go to Log in using the following redentils. User nme Pssword dministrtor@vsphere.lol vsphere_dmin_pssword 2 Under Inventories, lik Networking & Seurity. 3 In the Nvigtor, lik NSX Edges. 4 Selet from the NSX Mnger drop-down menu. 5 Enle HA logging. d Doule-lik the devie leled sfo01m01udlr01. Clik the Mnge t nd lik the s t Clik Chnge in the HA Configurtion window. Selet the Enle Logging hekox nd lik OK. 6 Configure the routing for the Universl Distriuted Logil Router. d e f g Doule-lik sfo01m01udlr01. Clik the Mnge t nd lik Routing. On the Glol Configurtion pge, perform the following onfigurtion steps. Clik Edit under Routing Configurtion, lik Edit. Selet the Enle ECMP hek ox, nd lik OK Clik Edit under Dynmi Routing Configurtion, selet Uplink s the Router ID, nd lik OK. Clik Pulish Chnges. VMwre, In. 81

82 7 On the left, selet BGP to onfigure it. On the BGP pge, lik the Edit utton. In the Edit BGP Configurtion dilog ox, enter the following settings nd lik OK. Enle BGP Enle Greful Restrt Seleted Seleted Lol AS d Clik the Add ion to dd Neighor. In the New Neighor dilog ox, enter the following vlues for oth NSX Edge devies nd lik OK. You repet this step two times to onfigure the UDLR for oth NSX Edge devies: sfo01m01esg02 nd sfo01m01esg02. sfo01m01esg01 sfo01m01esg02 IP Address Forwrding Address Protool Address Remote AS Weight Keep Alive Time 1 1 Hold Down Time 3 3 Pssword BGP_pssword BGP_pssword e Clik Pulish Chnges. VMwre, In. 82

83 8 On the left, selet Route Redistriution to onfigure it. Clik Edit. In the Chnge redistriution settings dilog ox, enter the following settings nd lik OK. OSPF BGP Deseleted Seleted d On the Route Redistriution pge, selet the defult OSPF entry on the Route Redistriution tle nd lik Edit utton. Selet BGP from the Lerner Protool drop-down menu, nd lik OK. e Clik Pulish Chnges. Verify Estlishment of BGP for the Universl Distriuted Logil Router in Region A The universl distriuted logil routers (UDLR) needs to estlish onnetion to Edge Servies Gtewy efore BGP updtes n e exhnged. Verify tht the UDLR is suessfully peering, nd tht BGP routing hs een estlished. VMwre, In. 83

84 1 Log in to the UDLR y using Seure Shell (SSH) lient. Open n SSH onnetion to sfo01m01udlr01, he UDLR whose peering nd BGP onfigurtion you wnt to verify. Log in using the following redentils. User nme Pssword dmin udlr_dmin_pssword 2 Run the show ip gp neighors ommnd to disply informtion out the BGP nd TCP onnetions to neighors. The BGP Stte will disply Estlished, UP if you hve suessfully peered with the Edge Servie Gtewy. 3 Run the show ip route ommnd to verify tht you re reeiving routes using BGP, nd tht there re multiple routes to BGP lerned networks. You verify multiple routes to BGP lerned networks y loting the sme route using different IP ddress. The IP ddresses re listed fter the word vi in the right-side olumn of the routing tle output. In the imge elow there re two different routes to the following BGP networks: /0, /24, /24, nd /24. You n identify BGP networks y the letter B in the left-side olumn. Lines eginning with C (onneted) hve only single route. VMwre, In. 84

85 Distriuted Firewll Configurtion for Mngement Applitions Configuring distriuted firewll for use with your SDDC inreses the seurity level of your environment y llowing only the network trffi tht is required for the SDDC to run. The firewll rules you define llow ess to mngement pplitions. You define expliit rules for the distriuted firewll whih llow ess to mngement pplitions. 1 Add vcenter Server Instnes to the NSX Distriuted Firewll Exlusion List Exlude vcenter Server from ll of your distriuted firewll rules. This ensures tht network ess etween vcenter Server nd NSX is not loked. 2 Crete IP Sets for All Components of the Mngement Clusters in the SDDC Crete IP sets for ll mngement pplitions in the mngement lusters. You use the IP sets lter to rete seurity groups for use with the distriuted firewll rules. 3 Crete Seurity Groups Crete seurity groups for use in onfiguring firewll rules for the groups of pplitions in the SDDC. 4 Crete Distriuted Firewll Rules A firewll rule onsists of setion to segregte the firewll rules nd the rule itself, whih defines wht network trffi is, or is not, loked. Add vcenter Server Instnes to the NSX Distriuted Firewll Exlusion List Exlude vcenter Server from ll of your distriuted firewll rules. This ensures tht network ess etween vcenter Server nd NSX is not loked. You onfigure NSX Distriuted Firewll using vcenter Server. If rule prevents ess etween NSX Mnger nd vcenter Server, you will not e le to mnge the distriuted firewll. For this reson, you must exlude vcenter Server from ll of your distriuted firewll rules, ensuring tht ess etween the two produts is not loked. VMwre, In. 85

86 1 Log in to vcenter Server y using the vsphere We Client. Open We rowser nd go to Log in using the following redentils. User nme Pssword dministrtor@vsphere.lol vsphere_dmin_pssword 2 Exlude vcenter Server instnes in Region A from firewll protetion. d e In the Nvigtor, lik Networking & Seurity. Clik NSX Mngers nd selet the instne. Clik Mnge nd then lik Exlusion List. Clik the Add utton. Add sfo01m01v01 to the Seleted Ojets list, nd lik OK. Crete IP Sets for All Components of the Mngement Clusters in the SDDC Crete IP sets for ll mngement pplitions in the mngement lusters. You use the IP sets lter to rete seurity groups for use with the distriuted firewll rules. You perform this proedure multiple times to onfigure ll of the neessry IP sets. You llote one IP set per group of pplitions. For pplitions tht re lod lned inlude their VIP in the IP Set. Tle 2 7. IP Sets for the Mngement Clusters Components in the SDDC Nme Site Reovery Mnger Pltform Servies Controller Instnes vcenter Server Instnes vsphere Replition vrelize Automtion Applines vrelize Automtion Windows vrelize Automtion Proxy Agents vrelize Business Server vrelize Business Dt Colletor vsphere Dt Protetion vrelize Opertions Mnger vrelize Opertions Mnger Remote Colletors IP Addresses Site-Reovery-Mnger_IP's Pltform-Servie-Controller_IP's vcenter-server_ip's vsphere-replition_ip's vrelize-automtion-applines_ip's vrelize-automtion-windows _IP's vrelize-automtion-proxy-agents-ip's vrelize-business_ip vrelize-business-dt-colletor_ip's vsphere-dt-protetion_ip's vrelize-opertions-mnger_ip's vrelize-opertions-mnger-remote-colletors_ip's VMwre, In. 86

87 Tle 2 7. IP Sets for the Mngement Clusters Components in the SDDC (Continued) Nme vrelize Log Insight Updte Mnger Downlod Servie SDDC Administrtors IP Addresses vrelize-log-insight_ip's UMDS_IP's Mngement-VLAN_Sunets, Mngement-VXLAN_Sunets sfo01-m01-vds01-ext-mnhement_sunet 1 Log in to vcenter Server y using the vsphere We Client. Open We rowser nd go to Log in using the following redentils. User nme Pssword dministrtor@vsphere.lol vsphere_dmin_pssword 2 Crete n IP set for Site Reovery Mnger. d e In the Nvigtor, lik Networking & Seurity. Clik NSX Mngers nd selet the instne. Clik Mnge, lik Grouping Ojets, nd lik IP Sets. Clik the Add ion. In the New IP Set dilog ox, onfigure the vlues for the IP set tht you re dding, nd lik OK. For ll IP sets tht you onfigure, selet the Mrk this ojet for Universl Synhroniztion hek ox. Nme Site Reovery Mnger IP Addresses , Mrk this ojet for Universl Synhroniztion Seleted 3 Repet this proedure to rete IP sets for ll of the remining omponents. Crete Seurity Groups Crete seurity groups for use in onfiguring firewll rules for the groups of pplitions in the SDDC. A seurity group is olletion of ssets (or ojets) from your vsphere inventory tht you group together. VMwre, In. 87

88 You perform this proedure multiple times to onfigure ll of the neessry seurity groups. In ddition, you rete the VMwre Applines nd Windows Servers groups from the seurity groups you dd in the previous repetitions of this proedure. Tle 2 8. Seurity Groups for the Mngement Clusters Components in the SDDC Nme Ojet Type Seleted Ojet Site Reovery Mnger IP Sets Site Reovery Mnger Pltform Servies Controller Instnes IP Sets Pltform Servies Controller Instnes vcenter Server Instnes IP Sets vcenter Server Instnes vsphere Replition IP Sets vsphere Replition vrelize Automtion Applines IP Sets vrelize Automtion Applines vrelize Automtion Windows IP Sets vrelize Automtion Windows vrelize Business Server IP Sets vrelize Business Server vrelize Automtion Proxy Agents IP Sets vrelize Automtion Proxy Agents vrelize Business Dt Colletor IP Sets vrelize Business Dt Colletor vsphere Dt Protetion IP Sets vsphere Dt Protetion vrelize Opertions Mnger IP Sets vrelize Opertions Mnger vrelize Opertions Mnger Remote Colletors IP Sets vrelize Opertions Mnger Remote Colletors vrelize Log Insight IP Sets vrelize Log Insight Updte Mnger Downlod Servie IP Sets Updte Mnger Downlod Servie SDDC IP Sets SDDC Administrtors IP Sets Administrtors Windows Servers Seurity Groups Site Reovery Mnger vrelize Automtion Windows vrelize Automtion Proxy Agents VMwre Applines Seurity Groups Pltform Servies Controller Instnes vcenter Server Instnes vsphere Replition vrelize Automtion Applines vrelize Business Server vrelize Business Dt Colletor vsphere Dt Protetion vrelize Opertions Mnger vrelize Opertions Mnger Remote Colletors vrelize Log Insight VMwre, In. 88

89 1 Log in to vcenter Server y using the vsphere We Client. Open We rowser nd go to Log in using the following redentils. User nme Pssword dministrtor@vsphere.lol vsphere_dmin_pssword 2 In the Nvigtor, lik Networking & Seurity nd lik NSX Mngers. 3 Selet the NSX Mnger instne, nd lik the Mnge t. 4 Clik Grouping Ojets, selet Seurity Group, nd lik the Add new Seurity Group ion. The Add Seurity Group wizrd ppers. 5 On the Nme nd desription pge, enter Site Reovery Mnger in the Nme text ox, selet the Mrk this ojet for Universl Synhroniztion hek ox, nd lik Next. For ll seurity groups tht you onfigure, selet the Mrk this ojet for Universl Synhroniztion hek ox. 6 On the Selet ojets to inlude pge, selet IP Sets from the Ojet Type drop-down menu, selet Site Reovery Mnger from the list of ville ojets, lik the Add utton, nd lik Next. 7 On the Redy to Complete pge, verify the onfigurtion vlues tht you entered nd lik Finish. 8 Repet this proedure to rete ll of the neessry seurity groups. Crete Distriuted Firewll Rules A firewll rule onsists of setion to segregte the firewll rules nd the rule itself, whih defines wht network trffi is, or is not, loked. You rete firewll rules tht llow dministrtors to onnet to the different VMwre solutions, rules to llow user ess to the vrelize Automtion portl, nd to provide externl onnetivity to the SDDC. 1 Log in to vcenter Server y using the vsphere We Client. Open We rowser nd go to Log in using the following redentils. User nme Pssword dministrtor@vsphere.lol vsphere_dmin_pssword VMwre, In. 89

90 2 Add setion for the rules for the mngement pplitions. In the Nvigtor, lik Networking & Seurity nd lik Firewll. From the NSX Mnger drop-down menu, selet d Clik the Add Setion ion. In the Add New Setion dilog ox, enter VMwre Mngement Servies in the Setion Nme text ox, selet the Mrk this setion for Universl Synhroniztion hek ox, nd lik Sve. 3 Crete distriuted firewll rule to llow SSH ess to dministrtors for the different VMwre pplines. d e f Clik Add rule in the VMwre Mngement Servies setion. In the Nme ell of the new rule, lik the Edit ion to hnge the rule nme to Allow SSH to dmins. Clik the Edit ion in the Soure olumn, hnge the Ojet Type to Seurity Groups, dd Administrtors to the Seleted Ojets list, nd lik OK. Clik the Edit ion in the Destintion olumn, hnge the Ojet Type to Seurity Groups, dd VMwre Applines nd Updte Mnger Downlod Servie to the Seleted Ojets list, nd lik OK. Clik the Edit ion in the Servie olumn, enter SSH in the filter, dd SSH to the Seleted Ojets list, nd lik OK. Clik Pulish Chnges. 4 Repet the previous step to rete the following distriuted firewll rules. Nme Soure Destintion Servie / Port Allow vra Portl to end users * ny vrelize Automtion Applines HTTP, HTTPS Allow vra Console Proxy to end users * ny vrelize Automtion Applines TCP:8444 Allow SDDC to ny SDDC * ny * ny Allow PSC to dmins Administrtors Pltform Servies Controller Instnes HTTPS Allow SSH to dmins Administrtors VMwre Applines SSH Allow RDP to dmins Administrtors Windows Servers RDP Allow Orhestrtor to dmins Administrtors vrelize Automtion TCP:8281,8283 Allow vrops to dmins Administrtors vrelize Opertions Mnger HTTP, HTTPS Allow vrli to dmins Administrtors vrelize Log Insight HTTP, HTTPS Allow VAMI to dmins Administrtors VMwre Applines TCP:5480 Allow VDP to dmins Administrtors VMwre Applines TCP: Clik Pulish Chnges. VMwre, In. 90

91 6 Chnge the defult rule tion from llow to lok for Region A. Under Defult Setion Lyer3, in the Ation olumn for the Defult Rule, hnge the tion to Blok nd lik Sve. Clik Pulish Chnges. 7 Chnge the defult rule tion from llow to lok for Region B. From the NSX Mnger drop-down menu, selet Under Defult Setion Lyer3, in the Ation olumn for the Defult Rule, hnge the tion to Blok nd lik Sve. Clik Pulish Chnges. By llowing only the network trffi tht is required y the SDDC to pss, network seurity is improved. Test the Mngement Cluster NSX Configurtion in Region A Test the onfigurtion of the NSX logil network using ping test. A ping test heks if two hosts in network n reh eh other. 1 Log in to vcenter Server y using the vsphere We Client. Open We rowser nd go to Log in using the following redentils. User nme Pssword dministrtor@vsphere.lol vsphere_dmin_pssword 2 Use the Ping Monitor to test onnetivity. d e f g Selet Home, then selet Networking & Seurity. Under Logil Swithes, doule-lik Universl Trnsit Network. Clik the Monitor t nd selet Ping. From the Soure host drop-down menu selet sfo01m01esx01.sfo01.rinpole.lol. Leve the Size of test pket with the defult of VXLAN stndrd. From the Destintion host drop-down menu selet sfo01m01esx03.sfo01.rinpole.lol. Clik Strt Test. The host-to-host ping test results re displyed in the Results text ox. Verify tht there re no error messges. VMwre, In. 91

92 Deploy Applition Virtul Networks in Region A Deploy the pplition virtul networks. 1 Log in to vcenter Server y using the vsphere We Client. Open We rowser nd go to Log in using the following redentils. User nme Pssword dministrtor@vsphere.lol vsphere_dmin_pssword 2 Crete Universl Logil Swith for worklods tht move etween sites. Under Inventories, lik Networking & Seurity. In the Nvigtor, lik Logil Swithes. Selet from the NSX Mnger drop-down menu. VMwre, In. 92

93 d e Clik the New Logil Swith ion to rete new Logil Swith. In the New Logil Swith dilog ox, enter the following settings nd lik OK. Nme Trnsport Zone Replition Mode Mgmt-xRegion01-VXLAN Mgmt Universl Trnsport Zone Hyrid VMwre, In. 93

94 3 Crete Universl Logil Swith for worklods speifi to Region A. On the Logil Swithes pge, lik the Add ion to rete new Logil Swith. In the New Logil Swith dilog ox, enter the following settings, nd lik OK. Nme Trnsport Zone Replition Mode Mgmt-RegionA01-VXLAN Mgmt Universl Trnsport Zone Hyrid 4 Connet Mgmt-xRegion01-VXLAN to the Universl Distriuted Logil Router. d On the Logil Swithes pge, selet the Mgmt-xRegion01-VXLAN Logil Swith. Clik the Connet Edge ion. On the Connet n Edge pge, selet sfo01m01udlr01 nd lik Next. On the Edit NSX Edge Interfe pge, enter the following settings nd lik Next. Nme Type Conneted To Connetivity Sttus Mgmt-xRegion01-VXLAN Internl Mgmt-xRegion01-VXLAN Conneted Primry IP Address Sunet Prefix Length 24 e On the Redy to omplete pge, lik Finish. VMwre, In. 94

95 5 Connet Mgmt-RegionA01-VXLAN to the Universl Distriuted Logil Router. d On the Logil Swithes pge, selet the Mgmt-RegionA01-VXLAN Logil Swith. Clik the Connet Edge ion. On the Connet n Edge pge, selet sfo01m01udlr01 nd lik Next. On the Edit NSX Edge Interfe pge, enter the following settings nd lik Next. Nme Type Conneted To Connetivity Sttus Mgmt-RegionA01-VXLAN Internl Mgmt-RegionA01-VXLAN Conneted Primry IP Address Sunet Prefix Length 24 e On the Redy to omplete pge, lik Finish. 6 Configure the MTU for the Logil Swithes. d In the Nvigtor, selet NSX Edges. Doule-lik sfo01m01udlr01. Clik the Mnge t nd lik s. On the s pge, lik on Interfes. VMwre, In. 95

96 e f Under Interfes, selet Mgmt-RegionA01-VXLAN, nd lik Edit. On the Edit Logil Router Interfe, onfigure MTU, nd lik OK. Mgmt-RegionA01-VXLAN 9000 Mgmt-xRegion01-VXLAN 9000 Deploy the NSX Lod Blner in Region A Deploy lod lner for use y mngement pplitions onneted to the pplition virtul network, Mgmt-xRegion01-VXLAN. 1 Log in to vcenter Server y using the vsphere We Client. Open We rowser nd go to Log in using the following redentils. User nme Pssword dministrtor@vsphere.lol vsphere_dmin_pssword 2 Under Inventories, lik Networking & Seurity. 3 In the Nvigtor, lik NSX Edges. 4 Selet from the NSX Mnger drop-down menu. VMwre, In. 96

97 5 Clik the Add ion to rete n NSX Edge. 6 On the Nme nd desription pge, enter the following settings nd lik Next. Instll Type Nme Hostnme Deploy NSX Edge Enle High Avilility Edge Servies Gtewy sfo01m01l01 sfo01m01l01.sfo01.rinpole.lol Seleted Seleted 7 On the s pge, enter the following settings nd lik Next. User Nme Pssword Enle SSH ess Enle FIPS mode Enle uto rule genertion Edge Control Level logging dmin edge_dmin_pssword Seleted Deseleted Seleted INFO 8 On the Configure deployment pge, perform the following onfigurtion steps nd lik Next. Selet sfo01-m01d, from the Dtenter drop-down menu. Clik Lrge to speify the Appline Size. Clik the Add ion, enter the following settings, nd lik OK. Resoure pool Dtstore Folder sfo01-m01-mgmt01 sfo01-m01-vsn01 sfo01-m01fd-nsx d To rete seond ppline, lik the Add ion gin, mke the sme seletions in the New NSX Appline dilog ox, nd lik OK. 9 On the Configure interfes pge, lik the Add ion to onfigure the OneArmLB interfe, enter the following settings, lik OK, nd lik Next. Nme Type Conneted To Connetivity Sttus OneArmLB Internl Mgmt-xRegion01-VXLAN Conneted VMwre, In. 97

98 Primry IP Address Sunet Prefix Length 24 MTU 9000 Send ICMP Rediret Seleted 10 On the Defult gtewy settings pge, enter the following settings nd lik Next. Gtewy IP MTU 9000 VMwre, In. 98

99 11 On the Firewll nd HA pge, selet the following settings nd lik Next. Configure Firewll defult poliy Defult Trffi Poliy Logging vnic Seleted Aept Disle ny Delre Ded Time 15 VMwre, In. 99

100 12 On the Redy to omplete pge, review the onfigurtion settings you entered nd lik Finish. 13 Enle HA logging. d e f In the Nvigtor, lik NSX Edges. Selet from the NSX Mnger drop-down menu. Doule-lik the devie leled sfo01m01l01. Clik the Mnge t nd lik the s t. Clik Chnge in the HA Configurtion window. Selet the Enle Logging hekox nd lik OK. 14 Enle the Lod Blner servie. In the Nvigtor, lik NSX Edges. Selet from the NSX Mnger drop-down menu. Doule-lik the devie leled sfo01m01l01. VMwre, In. 100

101 d e Clik the Mnge t, lik the Lod Blner t, lik Glol Configurtion, nd lik Edit. In the Edit Lod lner glol onfigurtion dilog, selet Enle Lod Blner nd lik OK. Deploy nd Configure the Shred Edge nd Compute Cluster Components in Region A Deploy nd onfigure the shred edge nd ompute luster omponents. 1 Deploy the Compute vcenter Server Instne in Region A After you instll nd onfigure the externl Pltform Servies Controller instne for the shred edge nd ompute luster, you n now instll the vcenter Server ppline nd ssign liense. 2 Set SDDC Deployment Detils on the Compute vcenter Server in Region A Set n identity of your SDDC deployment on the Compute vcenter Server in Region A. You n lso use this identity s lel in tools for utomted SDDC deployment. 3 Add New vcenter Server Lienses in Region A (Optionl) If liense ws not ssigned during deployment of the Mngement vcenter Server nd ESXi hosts, you my dd new lienses for this vcenter Server instne if needed. 4 Add the Shred Edge nd Compute vcenter to the vcenter Servers VM Group in Region A After the vcenter Server for the Shred Edge nd Computer luster is deployed it must e dded to the vcenter VM Group. 5 Exlude the Compute vcenter Server from the Distriuted Firewll in Region A Exlude vcenter Server from ll of your distriuted firewll rules. This ensures tht network ess etween vcenter Server nd NSX is not loked. 6 Configure the Shred Edge nd Compute Cluster in Region A After you deploy the Compute vcenter Server, you must rete nd onfigure the shred edge nd ompute luster. 7 Crete vsphere Distriuted Swith for the Shred Edge nd Compute Cluster in Region A After ll ESXi hosts hve een dded to the luster, rete vsphere Distriuted Swith. 8 Enle vsphere HA on the Shred Edge nd Compute Cluster in Region A After vsphere vsphere Distriuted Swith hs een reted nd onneted with ll hosts, enle vsphere HA on the luster. 9 Chnge Advned Options on the ESXi Hosts on the ESXi Hosts in the Shred Edge nd Compute Cluster in Region A Chnge the defult ESX Admins group to hieve greter levels of seurity y removing known dministrtive ess point. VMwre, In. 101

102 10 Mount NFS Storge for the Shred Edge nd Compute Cluster in Region A You must mount n NFS dtstore for the ontent lirry onsumed y vrelize Automtion for virtul mhine provisioning. 11 Crete nd Apply the Host Profile for the Shred Edge nd Compute Cluster in Region A Host Profiles ensure ll hosts in the luster hve the sme onfigurtion. 12 Configure Lokdown Mode on All ESXi Hosts in Region A To inrese seurity of your ESXi hosts, you put them in Lokdown mode, so tht dministrtive opertions n e performed only from vcenter Server. Deploy the Compute vcenter Server Instne in Region A After you instll nd onfigure the externl Pltform Servies Controller instne for the shred edge nd ompute luster, you n now instll the vcenter Server ppline nd ssign liense. 1 Strt the vcenter Server Appline Deployment wizrd. Browse the vcenter Server Appline ISO file. Open the <dvd-drive>:\vs-ui-instller\win32\instller pplition file. 2 Complete the vcenter Server Appline Deployment wizrd to perform the first stge of the instlltion. d e Clik Instll to strt the instlltion. Clik Next on the Introdution pge. On the End user liense greement pge, selet the I ept the terms of the liense greement hek ox nd lik Next. On the Selet deployment type pge, under Externl Pltform Servies Controller, selet the vcenter Server (Requires Externl Pltform Servies Controller) rdio utton nd lik Next. On the Appline deployment trget pge, enter the following settings nd lik Next. ESXi host or vcenter Server nme sfo01m01v01.sfo01.rinpole.lol HTTPS port 443 User nme Pssword dministrtor@vsphere.lol vsphere_dmin_pssword f g h In the Certifite Wrning dilog, lik Yes to ept the host ertifite. On the Selet folder pge, hoose sfo01-m01fd-mgmt nd lik Next. On the Selet ompute resoure pge, hoose the sfo01-m01-mgmt01 luster nd lik Next. VMwre, In. 102

103 i On the Set up ppline VM pge, enter the following settings nd lik Next. VM nme Root pssword Confirm root pssword sfo01w01v01 ompv_root_pssword ompv_root_pssword j k l On the Selet deployment size pge, selet Lrge vcenter Server, nd lik Next. On the Selet dtstore pge, selet the sfo01-m01-vsn01 dtstore, selet the Enle Thin Disk Mode hek ox, nd lik Next. On the Configure network settings pge, enter the following settings nd lik Next. Network IP version IP ssignment System nme sfo01-m01-vds01-mngement IPv4 stti sfo01w01v01.sfo01.rinpole.lol IP ddress Sunet msk or prefix length Defult gtewy DNS servers , m n On the Redy to omplete stge 1 pge, review the onfigurtion nd lik Finish to strt the deployment. One the deployment ompletes, lik Continue to proeed to stge two of the instlltion. 3 Complete the Instll - Stge 2: Set Up vcenter Server Appline wizrd to omplete the seond stge of the instlltion. Clik Next on the Introdution pge. On the Appline onfigurtion pge, enter the following settings nd lik Next. Time synhroniztion mode NTP servers (omm-seprted list) SSH ess Synhronize time with NTP servers ntp.sfo01.rinpole.lol Enled VMwre, In. 103

104 On the SSO onfigurtion pge, enter the following settings nd lik Next. Pltform Servies Controller sfo01ps01.sfo01.rinpole.lol HTTPS port 443 SSO domin nme SSO pssword vsphere.lol sso_pssword d e f On the Redy to omplete pge, review the onfigurtion nd lik Finish. Clik OK on the Wrning. On the Complete pge, lik Close. Set SDDC Deployment Detils on the Compute vcenter Server in Region A Set n identity of your SDDC deployment on the Compute vcenter Server in Region A. You n lso use this identity s lel in tools for utomted SDDC deployment. 1 Log in to the Compute vcenter Server y using the vsphere We Client. Open We rowser nd go to Log in using the following redentils. User nme Pssword dministrtor@vsphere.lol vsphere_dmin_pssword 2 From the Home menu of the vsphere We Client, selet Glol Inventory Lists. 3 In the Nvigtor, lik vcenter Servers under Resoures. 4 Clik the sfo01w01v01.sfo01.rinpole.lol vcenter Server ojet nd lik the Configure t in the entrl pne. 5 Under the s pne, lik Advned s nd lik the Edit utton. 6 In the Edit Advned vcenter Server s dilog ox, set the following vlue pirs one y one, liking Add fter eh entry. Nme onfig.sddc.deployed.type onfig.sddc.deployed.flvor VVD Stndrd VMwre, In. 104

105 Nme onfig.sddc.deployed.version onfig.sddc.deployed.method DIY 7 Clik OK to lose the window. Add New vcenter Server Lienses in Region A (Optionl) If liense ws not ssigned during deployment of the Mngement vcenter Server nd ESXi hosts, you my dd new lienses for this vcenter Server instne if needed. 1 Log in to the Compute vcenter Server y using the vsphere We Client. Open We rowser nd go to Log in using the following redentils. User nme Pssword dministrtor@vsphere.lol vsphere_dmin_pssword 2 Clik the Home ion ove the Nvigtor nd selet Administrtion. 3 On the Administrtion pge, lik Lienses nd lik the Lienses t. 4 Clik the Crete New Lienses ion to dd liense keys. 5 On the Enter liense keys pge, enter liense keys for vcenter Server nd ESXi, one per line, nd lik Next. 6 On the Edit liense nme pge, enter desriptive nme for the liense key, nd lik Next. 7 On the Redy to omplete pge, review your entries, nd lik Finish. 8 Assign the newly dded lienses to the respetive ssets. Clik the Assets t nd selet vcenter Server systems. Selet the sfo01w01v01.sfo01.rinpole.lol vcenter Server instne, nd lik the Assign Liense ion. Selet the vcenter Server liense tht you entered in the previous step nd lik OK. Add the Shred Edge nd Compute vcenter to the vcenter Servers VM Group in Region A After the vcenter Server for the Shred Edge nd Computer luster is deployed it must e dded to the vcenter VM Group. VMwre, In. 105

106 1 Log in to the Mngement vcenter Server y using the vsphere We Client. Open We rowser nd go to Log in using the following redentils. User nme Pssword dministrtor@vsphere.lol vsphere_dmin_pssword 2 In the Nvigtor, selet Hosts nd Clusters nd expnd the sfo01m01v01.sfo01.rinpole.lol tree. 3 Selet the sfo01-m01-mgmt01 luster nd lik Configure. 4 On the Configure pge, lik VM/Host Groups. 5 On the VM/Host Groups pge, selet the vcenter Servers VM Group. 6 Under VM/Host Group Memers, lik the Add utton. 7 In the Add Group Memer dilog, selet sfo01w01v01 nd lik OK. Exlude the Compute vcenter Server from the Distriuted Firewll in Region A Exlude vcenter Server from ll of your distriuted firewll rules. This ensures tht network ess etween vcenter Server nd NSX is not loked. 1 Log in to vcenter Server y using the vsphere We Client. Open We rowser nd go to Log in using the following redentils. User nme Pssword dministrtor@vsphere.lol vsphere_dmin_pssword 2 In the Nvigtor, lik Networking & Seurity. 3 Clik NSX Mngers nd selet the instne. 4 Clik Mnge nd then lik Exlusion List. 5 Clik the Add utton. 6 Add sfo01w01v01 to the Seleted Ojets list, nd lik OK. VMwre, In. 106

107 Configure the Shred Edge nd Compute Cluster in Region A After you deploy the Compute vcenter Server, you must rete nd onfigure the shred edge nd ompute luster. To rete nd onfigure the shred edge nd ompute luster you perform the following proedures: Crete the luster. Configure DRS. Add the hosts to the luster. Add the hosts to the tive diretory domin. Crete resoure pools. 1 Log in to the Compute vcenter Server y using the vsphere We Client. Open We rowser nd go to Log in using the following redentils. User nme Pssword dministrtor@vsphere.lol vsphere_dmin_pssword 2 Crete dt enter ojet. In the Nvigtor, lik Hosts nd Clusters. Right-lik the sfo01w01v01.sfo01.rinpole.lol instne, nd selet New Dtenter. In the New Dtenter dilog, enter sfo01-w01d, nd lik OK. 3 Crete the shred edge nd ompute luster. Right-lik the sfo01-w01d dtenter nd lik New Cluster. In the New Cluster wizrd, enter the following vlues nd lik OK. Nme sfo01-w01-omp01 DRS Turn ON Seleted Other DRS options Defult vlues vsphere HA Turn ON Deseleted EVC Set EVC mode to the lowest ville setting supported for the hosts in the luster vsan Turn ON Deseleted VMwre, In. 107

108 4 Add host to the shred edge nd ompute luster. Right-lik the sfo01-w01-omp01 luster, nd lik Add Host. On the Nme nd lotion pge, enter sfo01w01esx01.sfo01.rinpole.lol in the Host nme or IP ddress text ox nd lik Next. On the Connetion settings pge, enter the following redentils, nd lik Next. User nme Pssword root esxi_root_user_pssword d e f g h i In the Seurity Alert dilog, lik Yes. On the Host summry pge, review the host informtion nd lik Next. On the Assign liense pge, selet the ESXi liense key tht you entered during the vcenter Server deployment nd lik Next. On the Lokdown mode pge, lik Next. On the Resoure pool pge, lik Next. On the Redy to omplete pge, review your entries nd lik Finish. 5 Repet the previous step to dd the remining hosts to the luster. Host 2 Host 3 Host 4 sfo01w01esx02.sfo01.rinpole.lol sfo01w01esx03.sfo01.rinpole.lol sfo01w01esx04.sfo01.rinpole.lol 6 Add n ESXi host to the tive diretory domin d e f In the Nvigtor, lik Hosts nd Clusters nd expnd the entire sfo01w01v01.sfo01.rinpole.lol tree. Selet the sfo01w01esx01.sfo01.rinpole.lol host. Clik the Configure t. Under System, selet Authentition Servies. In the Authentition Servies pnel, lik the Join Domin utton. In the Join Domin dilog, enter the following settings nd lik OK. Domin User nme Pssword sfo01.rinpole.lol d_dmin_t@sfo01.rinpole.lol d_dmin_pssword VMwre, In. 108

109 7 Set the Ative Diretory Servie to Strt nd stop with host. d e f In the Nvigtor, lik Hosts nd Clusters nd expnd the entire sfo01w01v01.sfo01.rinpole.lol tree. Selet the sfo01w01esx01.sfo01.rinpole.lol host. Clik the Configure t. Under System, selet Seurity Profile. Clik the Edit utton next to Servies. Selet the Ative Diretory servie nd hnge the Strtup Poliy to Strt nd stop with host nd lik OK. 8 Configure resoure pools for the shred edge nd ompute luster. Right-lik the sfo01-w01-omp01 luster nd selet New Resoure Pool. In the New Resoure Pool dilog ox, enter the following vlues nd lik OK. Resoure Pool 1 Resoure Pool 2 Resoure Pool 3 Nme sfo01-w01rp-sdd-edge sfo01-w01rp-user-edge sfo01-w01rp-user-vm CPU-Shres High Norml Norml CPU-Reservtion CPU-Reservtion Type Expndle seleted Expndle seleted Expndle seleted CPU-Limit Unlimited Unlimited Unlimited Memory-Shres Norml Norml Norml Memory-Reservtion 16 GB 0 0 Memory-Reservtion type Expndle seleted Expndle seleted Expndle seleted Memory-Limit Unlimited Unlimited Unlimited 9 Repet the previous step to dd two more dditionl resoure pools. Crete vsphere Distriuted Swith for the Shred Edge nd Compute Cluster in Region A After ll ESXi hosts hve een dded to the luster, rete vsphere Distriuted Swith. VMwre, In. 109

110 1 Log in to the Compute vcenter Server y using the vsphere We Client. Open We rowser nd go to Log in using the following redentils. User nme Pssword dministrtor@vsphere.lol vsphere_dmin_pssword 2 Crete vsphere Distriuted Swith for the shred edge nd ompute luster. d e In the Nvigtor, lik Networking nd expnd the sfo01w01v01.sfo01.rinpole.lol tree. Right-lik the sfo01-w01d dtenter nd selet Distriuted Swith > New Distriuted Swith to strt the New Distriuted Swith wizrd. On the Nme nd lotion pge, enter sfo01-w01-vds01 s the nme nd lik Next. On the Selet version pge, ensure the Distriuted swith version: rdio utton is seleted nd lik Next. On the Edit settings pge, enter the following vlues nd lik Next. Numer of uplinks 2 Network I/O Control Crete defult port group Enled Deseleted f On the Redy to omplete pge, review your entries nd lik Finish. 3 Edit the settings of the sfo01-w01-vds01 distriuted swith. Right-lik the sfo01-w01-vds01 distriuted swith nd selet s > Edit s. Clik the Advned t. Enter 9000 s MTU (Bytes) vlue nd lik OK. VMwre, In. 110

111 4 Crete port groups in the sfo01-w01-vds01 distriuted swith. Right-lik the sfo01-w01-vds01 distriuted swith, nd selet Distriuted Port Group > New Distriuted Port Group. Crete port groups with the following settings nd lik Next. Port Group Nme Port Binding VLAN Type VLAN ID sfo01-w01-vds01-mngement Stti inding VLAN 1631 sfo01-w01-vds01-vmotion Stti inding VLAN 1632 sfo01-w01-vds01-vsn Stti inding VLAN 1633 sfo01-w01-vds01-nfs Stti inding VLAN 1625 sfo01-w01-vds01-uplink01 Stti inding VLAN 1635 sfo01-w01-vds01-uplink02 Stti inding VLAN 2713 Note You rete the VXLAN port group t lter time during the onfigurtion of NSX Mnger. d On the Redy to omplete pge, review your entries nd lik Finish. Repet this step for eh port group. 5 Chnge the Port Groups to use the Route Bsed on Physil NIC lod teming lgorithm. Right-lik the sfo01-w01-vds01 distriuted swith nd selet Distriuted Port Groups > Mnge Distriuted Port Groups. On the Selet port group poliies pge, selet the Teming nd filover hek ox nd lik Next. VMwre, In. 111

112 d e On the Selet port groups pge, lik the Selet distriuted port groups utton, dd ll port groups exept sfo01-w01-vds01-uplink01 nd sfo01-w01-vds01-uplink02, lik OK nd lik Next. On the Teming nd filover pge, selet Route sed on physil NIC lod under Lod Blning nd lik Next. Clik Finish. 6 Configure the uplinks for the sfo01-w01-vds01-uplink01 nd sfo01-w01-vds01-uplink02 port groups. d e f Right lik the sfo01-w01-vds01-uplink01 port group, nd lik Edit s. Selet Teming nd Filover. Move dvuplink2 to Unused uplinks nd lik OK. Right lik the sfo01-w01-vds01-uplink02 port group, nd lik Edit s. Selet Teming nd Filover. Move dvuplink1 to Unused uplinks nd lik OK. 7 Connet the ESXi host, sfo01w01esx01.sfo01.rinpole.lol, to the sfo01-w01-vds01 distriuted swith y migrting its VMkernel nd virtul mhine network dpters. d e f g h Right-lik the sfo01-w01-vds01 distriuted swith, nd lik Add nd Mnge Hosts. On the Selet tsk pge, selet Add hosts nd lik Next. On the Selet hosts pge, lik New hosts. In the Selet new hosts dilog, selet sfo01w01esx01.sfo01.rinpole.lol, lik OK nd lik Next. On the Selet network dpter tsks pge, ensure oth Mnge physil dpters nd Mnge VMkernel dpters hek oxes re heked nd lik Next. On the Mnge physil network dpters pge, lik vmni1, nd lik Assign uplink. In the Selet n Uplink for vmni1 dilog, selet Uplink 1 nd lik OK. On the Mnge physil network dpters pge, lik Next. 8 Configure the VMkernel network dpters, edit the existing, nd dd new dpters s needed. d e f On the Mnge VMkernel network dpters pge, lik vmk0, nd lik Assign port group. Selet sfo01-w01-vds01-mngement nd lik OK. On the Mnge VMkernel network dpters pge, lik On this swith nd lik New dpter. On the Add Networking pge, selet Selet nd existing network, rowse to selet the sfo01- w01-vds01-nfs port group, lik OK, nd lik Next. Under Port properties lik Next. Under IPv4 settings selet Use stti IPv4 settings, enter the IP ddress nd the sunet , nd lik Finish. VMwre, In. 112

113 g h i On the Mnge VMkernel network dpters pge, lik Next. On the Anlyze impt pge, lik Next. On the Redy to omplete pge, review your entries nd lik Finish. 9 Crete the vmotion VMkernel dpter. d e f g h In the Nvigtor, lik Host nd Clusters nd expnd the sfo01w01v01.sfo01.rinpole.lol tree. Clik on sfo01w01esx01.sfo01.rinpole.lol. Clik the Configure t then selet VMkernel dpters. Clik the Add host networking ion nd selet VMkernel Network Adpter nd lik Next. On the Selet trget devie pge, selet Selet n existing network, rowse to selet the sfo01-w01-vds01-vmotion port group, lik OK, nd lik Next. On the Port properties pge, selet vmotion from the TCP/IP stk dropdown nd lik Next. On the IPv4 settings pge, selet Use stti IPv4 settings, enter the IP ddress , enter the sunet , nd lik Next. Clik Finish. 10 Configure the MTU on the vmotion VMkernel dpter. Selet the vmotion VMkernel dpter reted in the previous step, nd lik Edit s. Clik the NIC settings pge. Enter 9000 for the MTU vlue nd lik OK. 11 Configure the vmotion TCP/IP stk. Clik TCP/IP onfigurtion. Selet vmotion nd lik the Edit TCP/IP stk onfigurtion ion. Clik on Routing nd enter for the defult gtewy ddress nd lik OK. 12 Define Network I/O Control shres for the different trffi types on the sfo01-w01-vds01 distriuted swith. In the Nvigtor, lik Networking, nd lik the sfo01-w01d dtenter. Clik the sfo01-w01-vds01 distriuted swith. VMwre, In. 113

114 d Clik the Configure t, under Resoure Allotion lik System trffi. Under System Trffi, edit eh of the following trffi types with the vlues from the tle. Trffi Type vsan Trffi NFS Trffi vmotion Trffi vsphere Replition Trffi Mngement Trffi vsphere Dt Protetion Bkup Trffi Virtul Mhine Trffi Fult Tolerne Trffi iscsi Trffi High Low Low Low Norml Low High Low Low 13 Migrte the lst physil dpter from the stndrd swith to the sfo01-w01-vds01 distriuted swith. d e f g h i j k In the Nvigtor, lik Networking nd expnd the sfo01-w01d dtenter. Right-lik the sfo01-w01-vds01 distriuted swith nd selet Add nd Mnge hosts. On the Selet tsk pge, selet Mnge host networking nd lik Next. On the Selet hosts pge, lik Atthed hosts. On the Selet memer hosts dilog, selet sfo01w01esx01.sfo01.rinpole.lol nd lik OK. On the Selet hosts pge, lik Next. On the Selet network dpter tsks pge, selet Mnge Physil dpters only nd lik Next. On the Mnge physil network dpters pge, under sfo01w01esx01.sfo01.rinpole.lol, selet vmni0, nd lik Assign uplink. In the Selet n Uplink for vmni0 dilog, selet Uplink 2, lik OK nd lik Next. On the Anlyze Impt pge, lik Next. On the Redy to omplete pge, lik Finish. 14 Enle vsphere Distriuted Swith Helth Chek. d In the Nvigtor, lik Networking nd expnd the sfo01-w01d dtenter. Selet the sfo01-w01-vds01 distriuted swith nd lik the Configure t. In the Nvigtor under s, selet Helth hek nd lik the Edit utton. Selet Enled for VLAN nd MTU nd Teming nd filover nd lik OK. VMwre, In. 114

115 15 Remove the vsphere Stndrd Swith. d e In the Nvigtor, lik on Hosts nd Clusters nd expnd the sfo01w01v01.sfo01.rinpole.lol tree. Clik on sfo01w01esx01.sfo01.rinpole.lol nd then lik on Configure. On the Configure pge selet Virtul swithes. On the Virtul swithes pge, selet vswith0, nd then lik the Remove seleted stndrd swith utton. On the Remove Stndrd Swith dilog, lik Yes. Enle vsphere HA on the Shred Edge nd Compute Cluster in Region A After vsphere vsphere Distriuted Swith hs een reted nd onneted with ll hosts, enle vsphere HA on the luster. 1 Log in to the Compute vcenter Server y using the vsphere We Client. Open We rowser nd go to Log in using the following redentils. User nme Pssword dministrtor@vsphere.lol vsphere_dmin_pssword 2 In the Nvigtor, lik Hosts nd Clusters nd expnd the sfo01w01v01.sfo01.rinpole.lol tree. 3 Selet the sfo01-w01-omp01 luster. 4 Clik the Configure t nd lik vsphere Avilility. 5 Clik Edit. 6 In the sfo01-w01-omp01 - Edit Cluster s dilog, selet the Turn on vsphere HA hek ox. 7 Clik Filures nd Responses, selet the following vlues. Enle Host Monitoring Host Filure Response Response for Host Isoltion Dtstore with PDL Seleted Restrt VM's Power off nd restrt VM's Disled VMwre, In. 115

116 Dtstore with APD VM Monitoring Disled VM Monitoring Only 8 Clik Admission Control, selet the following vlues. Host filures luster tolertes 1 Define host filover pity y Override lulted filover pity Cluster resoure perentge Deseleted Performne degrdtion VMs tolerte 100% 9 Clik OK. Chnge Advned Options on the ESXi Hosts on the ESXi Hosts in the Shred Edge nd Compute Cluster in Region A Chnge the defult ESX Admins group to hieve greter levels of seurity y removing known dministrtive ess point. 1 Log in to the Compute vcenter Server y using the vsphere We Client. Open We rowser nd go to Log in using the following redentils. User nme Pssword dministrtor@vsphere.lol vsphere_dmin_pssword 2 Chnge the defult ESX Admins group. d e f In the Nvigtor, lik Hosts nd Clusters nd expnd the sfo01w01v01.sfo01.rinpole.lol tree. Selet the sfo01w01esx01.sfo01.rinpole.lol host. Clik the Configure t nd under System, lik Advned System s. Clik the Edit utton. In the filter ox, enter esxadmins nd wit for the serh results. Chnge the vlue of Config.HostAgent.plugins.hostsv.esxAdminsGroup to SDDC-Admins nd lik OK. VMwre, In. 116

117 3 Disle the SSH wrning nner. d e f In the Nvigtor, lik Hosts nd Clusters expnd the sfo01w01v01.sfo01.rinpole.lol tree. Selet the sfo01w01esx01.sfo01.rinpole.lol host. Clik the Configure t nd under System, lik Advned System s. Clik the Edit utton. In the filter ox, enter ssh nd wit for the serh results. Chnge the vlue of UserVrs.SuppressShellWrning to 1 nd lik OK. Mount NFS Storge for the Shred Edge nd Compute Cluster in Region A You must mount n NFS dtstore for the ontent lirry onsumed y vrelize Automtion for virtul mhine provisioning. Crete dtstore for the sfo01-w01-omp01 luster. 1 Log in to the Compute vcenter Server y using the vsphere We Client. Open We rowser nd go to Log in using the following redentils. User nme Pssword dministrtor@vsphere.lol vsphere_dmin_pssword 2 In the Nvigtor, lik Hosts nd Clusters nd expnd the sfo01w01esx01.sfo01.rinpole.lol tree. 3 Clik on sfo01w01esx01.sfo01.rinpole.lol. 4 Clik on the Dtstores t. 5 Clik the Crete New Dtstore ion. 6 On the Type pge, selet NFS nd lik Next. 7 On the Selet NFS version pge, selet NFS 3 nd lik Next. VMwre, In. 117

118 8 On the Nme nd onfigurtion pge, enter the following dtstore informtion nd lik Next. Dtstore Nme Folder sfo01-w01-li01 /V2D_vRA_ComputeA_1TB server On the Redy to omplete pge, review the onfigurtion nd lik Finish. Crete nd Apply the Host Profile for the Shred Edge nd Compute Cluster in Region A Host Profiles ensure ll hosts in the luster hve the sme onfigurtion. 1 Log in to the Compute vcenter Server y using the vsphere We Client. Open We rowser nd go to Log in using the following redentils. User nme Pssword dministrtor@vsphere.lol vsphere_dmin_pssword 2 Crete Host Profile from sfo01w01esx01.sfo01.rinpole.lol. In the Nvigtor, selet Hosts nd Clusters nd expnd the sfo01w01v01.sfo01.rinpole.lol tree. Right-lik the ESXi host sfo01w01esx01.sfo01.rinpole.lol nd hoose Host Profiles > Extrt Host Profile. d In the Extrt Host Profile pge, enter sfo01-w01hp-omp01 for the Nme nd lik Next. In the Redy to omplete pge, lik Finish. 3 Atth the Host Profile to the shred edge nd ompute luster. In the Nvigtor, selet Hosts nd Clusters nd expnd the sfo01w01v01.sfo01.rinpole.lol tree. Right-lik on the sfo01-w01-omp01 luster, nd hoose Host Profiles > Atth Host Profile. In the Atth Host Profile dilog, selet the sfo01-w01hp-omp01 Host Profile, selet the Skip Host Customiztion hek ox, nd lik Finish. VMwre, In. 118

119 4 Crete Host Customiztions for the hosts in the shred edge nd ompute luster. d e In the Nvigtor, selet Poliies nd Profiles. Clik on Host Profiles, then right-lik on sfo01-w01hp-omp01, nd hoose Export Host Customiztions. In the dilog, lik Sve. Choose file lotion to sve the sfo01-w01hp-omp01_host_ustomiztions.sv file. Open the sfo01-w01hp-omp01_host_ustomiztions.sv in Exel. VMwre, In. 119

120 f Edit the file using the following onfigurtion vlue. NetStk Instne defulttpipstk- ESXi Host Ative Diretory Configurtion Pssword Ative Diretory Configurtion Usernme >DNS onfigurtion Nme for this host sfo01w01esx01.sfo01.rinpole.lol d_dmin_pssword sfo01w01esx01 sfo01w01esx02.sfo01.rinpole.lol d_dmin_pssword sfo01w01esx02 sfo01w01esx03.sfo01.rinpole.lol d_dmin_pssword sfo01w01esx03 sfo01w01esx04.sfo01.rinpole.lol d_dmin_pssword sfo01w01esx04 ESXi Host Host virtul NIC sfo01-w01- vds01:sfo01-w01-vds01- mngement:mngement->ip ddress settings IPv4 ddress Host virtul NIC sfo01-w01- vds01:sfo01-w01-vds01- mngement:mngement->ip ddress settings SunetMsk sfo01w01esx01.sfo01.rinpole.lol sfo01w01esx02.sfo01.rinpole.lol sfo01w01esx03.sfo01.rinpole.lol sfo01w01esx04.sfo01.rinpole.lol ESXi Host Host virtul NIC sfo01-w01- vds01:sfo01-w01-vds01- nfs:<unresolved>->ip ddress settings IPv4 ddress Host virtul NIC sfo01-w01- vds01:sfo01-w01-vds01- nfs:<unresolved>->ip ddress settings SunetMsk sfo01w01esx01.sfo01.rinpole.lol sfo01w01esx02.sfo01.rinpole.lol sfo01w01esx03.sfo01.rinpole.lol sfo01w01esx04.sfo01.rinpole.lol ESXi Host Host virtul NIC sfo01-w01- vds01:sfo01-w01-vds01- vmotion:vmotion->ip ddress settings IPv4 ddress Host virtul NIC sfo01-w01- vds01:sfo01-w01-vds01- vmotion:vmotion->ip ddress settings SunetMsk sfo01w01esx01.sfo01.rinpole.lol sfo01w01esx02.sfo01.rinpole.lol sfo01w01esx03.sfo01.rinpole.lol sfo01w01esx04.sfo01.rinpole.lol g h i One the file hs een updted, sve it nd lose Exel. Clik the sfo01-w01hp-omp01 host profile nd then lik the Configure t. Clik the Edit Host Customiztions utton. VMwre, In. 120

121 j k In the Edit Host Customiztions window, selet ll hosts nd lik Next. Clik the Browse utton to use ustomiztion file, lote the sfo01-w01hpomp01_host_ustomiztions.sv file sved erlier nd selet it nd lik Open, then lik Finish. 5 Remedite the hosts in the shred edge nd ompute luster. d e Clik the Monitor t nd lik Compline. Selet sfo01-w01-omp01 nd lik the Chek Host Profile Compline utton. Selet sfo01w01esx02.lx01.rinpole.lol nd lik the Remedite host sed on its host profile utton. Selet sfo01w01esx03.lx01.rinpole.lol nd lik the Remedite host sed on its host profile utton. Selet sfo01w01esx04.lx01.rinpole.lol nd lik the Remedite host sed on its host profile utton. Note All hosts should now show sttus of Complint. 6 Shedule nightly ompline heks. d e f g On the Poliies nd Profiles pge, lik sfo01-w01hp-omp01, lik the Monitor t, nd then lik the Sheduled Tsks sut. Clik Shedule New Tsk then lik Chek Host Profile Compline. In the Chek Host Profile Compline (sheduled) window lik Sheduling options. Enter sfo01-w01hp-omp01 Compline Chek in the Tsk Nme field. Clik the Chnge utton on the Configured Sheduler line. In the Configure Sheduler window selet Setup reurring shedule for this tion nd hnge the Strt time to 10:00 PM nd lik OK. Clik OK in the Chek Host Profile Compline (sheduled) window. Configure Lokdown Mode on All ESXi Hosts in Region A To inrese seurity of your ESXi hosts, you put them in Lokdown mode, so tht dministrtive opertions n e performed only from vcenter Server. vsphere supports n Exeption User list, whih is for servie ounts tht hve to log in to the host diretly. Aounts with dministrtor privileges tht re on the Exeption Users list n log in to the ESXi Shell. In ddition, these users n log in to host's DCUI in norml lokdown mode nd n exit lokdown mode. You repet this proedure to enle norml lokdown mode for ll hosts in the dt enter. The tle elow lists ll of the hosts. VMwre, In. 121

122 Tle 2 9. Hosts in the dt enter Host Mngement host 1 Mngement host 2 Mngement host 3 Mngement host 4 Shred Edge nd Compute host 1 Shred Edge nd Compute host 2 Shred Edge nd Compute host 3 Shred Edge nd Compute host 4 FQDN sfo01m01esx01.sfo01.rinpole.lol sfo01m01esx02.sfo01.rinpole.lol sfo01m01esx03.sfo01.rinpole.lol sfo01m01esx04.sfo01.rinpole.lol sfo01w01esx01.sfo01.rinpole.lol sfo01w01esx02.sfo01.rinpole.lol sfo01w01esx03.sfo01.rinpole.lol sfo01w01esx04.sfo01.rinpole.lol 1 Log in to the Compute vcenter Server y using the vsphere We Client. Open We rowser nd go to Log in using the following redentils. User nme Pssword dministrtor@vsphere.lol vsphere_dmin_pssword 2 In the Nvigtor, lik Hosts nd Clusters nd expnd the sfo01m01v01.sfo01.rinpole.lol tree. 3 Selet the sfo01m01esx01.sfo01.rinpole.lol host. 4 Clik Configure. 5 Under System, selet Seurity Profile. 6 In the Lokdown Mode pnel, lik Edit. 7 In the Lokdown Mode dilog, selet the Norml rdio utton, nd lik OK. 8 Repet this proedure nd enle norml lokdown mode for ll remining hosts in the dt enter. Note Lokdown Mode settings re not prt of Host Profiles nd must e mnully enled on ll hosts. Deploy nd Configure the Shred Edge nd Compute Cluster NSX Instne in Region A Deploy nd onfigure the NSX instne for the shred edge nd ompute luster in Region A. VMwre, In. 122

123 1 Deploy the NSX Mnger for the Shred Edge nd Compute Cluster NSX Instne in Region A You must first deploy the NSX Mnger virtul ppline. After the NSX Mnger is suessfully deployed you must onnet it to the Compute vcenter Server instne. 2 Deploy the NSX Controllers for the Shred Edge nd Compute Cluster NSX Instne in Region A After the NSX Mnger is suessfully onneted to the Compute vcenter Server, you must promote it to the primry role nd deploy the three NSX Controller nodes tht form the NSX Controller luster. 3 Prepre the ESXi Hosts in the Shred Edge nd Compute Cluster for NSX in Region A You must instll the NSX kernel modules on the ompute nd edge lusters ESXi hosts so tht you re le to use NSX. 4 Configure the NSX Logil Network for the Shred Edge nd Compute Clusters in Region A After ll deployment tsks re redy, onfigure the NSX logil network. 5 Updte the Host Profile for the Compute Cluster in Region A After n uthorized hnge is mde to host the Host Profile must e updted to reflet the hnges.. 6 Configure NSX Dynmi Routing in the Shred Edge nd Compute Cluster in Region A NSX for vsphere retes network virtuliztion lyer on top of whih ll virtul networks re reted. This lyer is n strtion etween the physil nd virtul networks. You onfigure NSX dynmi routing within the ompute nd edge lusters, deploying two NSX Edge devies nd Universl Distriuted Logil Router (UDLR). 7 Test the Shred Edge nd Compute Cluster NSX Configurtion in Region A Test the onfigurtion of the NSX logil network using ping test. A ping test heks if two hosts in network n reh eh other. Deploy the NSX Mnger for the Shred Edge nd Compute Cluster NSX Instne in Region A You must first deploy the NSX Mnger virtul ppline. After the NSX Mnger is suessfully deployed you must onnet it to the Compute vcenter Server instne. VMwre, In. 123

124 1 Log in to vcenter Server y using the vsphere We Client. Open We rowser nd go to Log in using the following redentils. User nme Pssword dministrtor@vsphere.lol vsphere_dmin_pssword 2 Open the Deploy OVF Templte wizrd. In the Nvigtor, expnd the entire sfo01m01v01.sfo01.rinpole.lol tree. Right-lik the sfo01-m01-mgmt01 luster, nd lik Deploy OVF Templte. 3 Use the Deploy OVF Templte wizrd to deploy the NSX Mnger virtul ppline. On the Selet templte pge, lik the Browse utton, selet the VMwre NSX Mnger.ov file, nd lik Next. On the Selet nme nd lotion pge, enter the following settings, nd lik Next. Nme Folder or Dtenter sfo01w01nsx01 sfo01-m01fd-nsx On the Selet resoure pge, selet the following vlues, nd lik Next. Dtenter Cluster sfo01-m01d sfo01-m01-mgmt01 d e f On the Review detils pge, review the extr onfigurtion option messge, nd lik Next. On the Aept liense greements pge, lik Aept, nd lik Next. On the Selet storge pge, enter the following settings, nd lik Next Selet virtul disk formt VM Storge Poliy Dtstore Thin Provision vsan Defult Storge Poliy sfo01-m01-vsn01 g On the Selet networks pge, Under Destintion Network,selet sfo01-m01-vds01- mngement, nd lik Next. VMwre, In. 124

125 h On the Customize templte pge, expnd the different options, enter the following settings, nd lik Next. DNS Server List , Domin Serh List sfo01.rinpole.lol Defult IPv4 Gtewy Hostnme sfo01w01nsx01.sfo01.rinpole.lol Network 1 IPv4 Address Network 1 Netmsk Enle SSH Seleted NTP Server List ntp.sfo01.rinpole.lol ntp.lx01.rinpole.lol CLI "dmin" User Pssword / enter CLI "dmin" User Pssword / onfirm CLI Privilege Mode Pssword / enter CLI Privilege Mode Pssword / onfirm VMwre Customer Experiene Improvement Progrm ompnsx_dmin_pssword ompnsx_dmin_pssword ompnsx_priviledge_pssword ompnsx_priviledge_pssword Seleted i j On the Redy to omplete pge, lik Finish. In the Nvigtor, expnd the sfo01m01v01.sfo01.rinpole.lol tree,selet the sfo01w01nsx01 virtul mhine, nd lik the Power on utton. 4 Connet the NSX Mnger to the Compute vcenter Server. Open We rowser nd go to Log in using the following redentils. User nme Pssword dmin ompnsx_dmin_pssword d e Clik Mnge vcenter Registrtion. Under Lookup Servie URL, lik the Edit utton. In the Lookup Servie URL dilog, enter the following settings, nd lik OK. Lookup Servie Host sfo01ps01.sfo01.rinpole.lol Lookup Servie Port 443 SSO Administrtor User Nme Pssword dministrtor@vsphere.lol vsphere_dmin_pssword VMwre, In. 125

126 f g h In the Trust Certifite? dilog ox, lik Yes. Under vcenter Server, lik the Edit utton. In the vcenter Server dilog ox, enter the following settings, nd lik OK. vcenter Server vcenter User Nme Pssword sfo01w01v01.sfo01.rinpole.lol sv-nsxmnger@rinpole.lol sv-nsxmnger_pssword i j In the Trust Certifite? dilog ox, lik Yes. Wit until the Sttus inditors for the Lookup Servie URL nd vcenter Server hnge to Conneted. 5 Log out from the vcenter Server session in the vsphere We Client. 6 Log in to the Mngement vcenter Server y using the vsphere We Client. Open We rowser nd go to Log in using the following redentils. User nme Pssword sv-nsxmnger@rinpole.lol sv-nsxmnger_pssword 7 Assign the dministrtor@vsphere.lol ount ess to NSX. d e f g In the Nvigtor, lik Network & Seurity. Selet NSX Mngers. Selet from the tree ontrol. Clik the Mnge t, then lik Users. Clik the Add ion. On the Identify User pge enter dministrtor@vsphere.lol in the User text ox nd lik Next. On the Selet Roles pge, selet the Enterprise Administrtor rdio utton nd lik Finish. 8 Log out from the vcenter Server session in the vsphere We Client. Deploy the NSX Controllers for the Shred Edge nd Compute Cluster NSX Instne in Region A After the NSX Mnger is suessfully onneted to the Compute vcenter Server, you must promote it to the primry role nd deploy the three NSX Controller nodes tht form the NSX Controller luster. VMwre, In. 126

127 It is importnt to deploy every node only fter the previous one is suessfully deployed. To omplete this proedure you must onfigure the dtstore for the shred edge nd ompute luster in Region A. 1 Log in to vcenter Server y using the vsphere We Client. Open We rowser nd go to Log in with the following redentils. User nme Pssword dministrtor@vsphere.lol vsphere_dmin_pssword 2 Promote the NSX Mnger to the primry role. d e Under Inventories, lik Networking & Seurity. In the Nvigtor, lik Instlltion. On the Mngement t, lik the instne. Clik the Ations menu nd lik Assign Primry Role. In the Assign Primry Role onfirmtion dilog ox, lik Yes. 3 Configure n IP pool for the NSX Controller Cluster. d In the Nvigtor, lik NSX Mngers. Under NSX Mngers, lik the instne. Clik the Mnge t, lik Grouping Ojets, lik IP Pools, nd lik the Add New IP Pool ion. In the Add Stti IP Pool dilog ox, enter the following settings nd lik OK. Nme sfo01-omp01-nsx01 Gtewy Prefix Length 24 Primry DNS Seondry DNS DNS Suffix sfo01.rinpole.lol Stti IP Pool VMwre, In. 127

128 4 Deploy the NSX Controller luster. In the Nvigtor, lik Networking & Seurity to go k, nd lik Instlltion. Under NSX Controller nodes, lik the Add ion to deploy three NSX Controller nodes with the sme onfigurtion. In the Add Controller pge, enter the following settings nd lik OK. Note You my only onfigure the pssword during the deployment of the first ontroller. The other ontrollers will use the sme pssword. Nme sfo01w01nsx01 for ontroller 1 sfo01w01nsx02 for ontroller 2 sfo01w01nsx03 for ontroller 3 NSX Mnger Dtenter Cluster/Resoure Pool Dtstore Conneted To IP Pool Pssword Confirm Pssword sfo01-w01d sfo01-w01rp-sdd-edge sfo01_shred_edge_nd_ompute_dtstore sfo01-w01-vds01-mngement sfo01-omp01-nsx01 ompnsx_ontrollers_pssword ompnsx_ontrollers_pssword d After the Sttus of the ontroller node hnges to Conneted, repet the step nd deploy the remining two NSX Controller nodes, with the sme onfigurtion to form the ontroller luster. 5 Configure DRS ffinity rules for the NSX Controllers. d e f Go k to the Home pge. In the Nvigtor, lik Hosts nd Clusters, nd expnd the sfo01w01v01.sfo01.rinpole.lol tree. Selet the sfo01-w01-omp01 luster, nd lik the Mnge t. Under Configurtion, lik VM/Host Rules. Under VM/Host Rules, lik Add. In the sfo01-w01-omp01 - Crete VM/Host Rule dilog ox, enter the following settings nd lik Add. Nme Enle rule Type nti-ffinity-rule-nsx Seleted Seprte Virtul Mhine VMwre, In. 128

129 g h In the Add Rule Memer dilog, selet the three NSX Controller VMs nd lik OK. In the sfo01-w01-omp01 - Crete VM/Host Rule dilog lik OK nd lik OK. Prepre the ESXi Hosts in the Shred Edge nd Compute Cluster for NSX in Region A You must instll the NSX kernel modules on the ompute nd edge lusters ESXi hosts so tht you re le to use NSX. 1 Log in to vcenter Server y using the vsphere We Client. Open We rowser nd go to Log in using the following redentils. User nme Pssword dministrtor@vsphere.lol vsphere_dmin_pssword 2 Instll the NSX kernel modules on the shred edge nd ompute luster ESXi hosts. In the Nvigtor, lik Networking & Seurity, lik Instlltion, nd lik the Host Preprtion t. Selet from the NSX Mnger drop-down menu. Under Instlltion Sttus, lik Instll for the sfo01-w01-omp01 luster nd lik Yes in the onfirmtion dilog. 3 Verify tht the Instlltion Sttus olumn displys the NSX version for ll hosts in the luster to onfirm the suessful instlltion of the NSX kernel modules. Configure the NSX Logil Network for the Shred Edge nd Compute Clusters in Region A After ll deployment tsks re redy, onfigure the NSX logil network. Complete this proess in three min steps: Configure the Segment ID llotion. Configure the VXLAN networking. Configure the trnsport zone. VMwre, In. 129

130 1 Log in to vcenter Server y using the vsphere We Client. Open We rowser nd go to Log in using the following redentils. User nme Pssword dministrtor@vsphere.lol vsphere_dmin_pssword 2 Configure the Segment ID llotion. d In the Nvigtor, lik Networking & Seurity. Clik Instlltion, lik Logil Network Preprtion, nd lik Segment ID. Selet from the NSX Mnger drop-down menu. Clik Edit, enter the following settings, nd lik OK. Segment ID pool Enle Multist ddressing Seleted Multist ddresses Universl Segment ID Pool Enle Universl Multist ddressing Seleted Universl Multist ddresses Configure the VXLAN networking. Clik the Host Preprtion t. Under VXLAN, lik Not Configured on the row leled sfo01-w01-omp01, enter the following settings, nd lik OK. Swith sfo01-w01-vds01 VLAN 1634 MTU 9000 VMKNi IP Addressing VMKNi Teming Poliy Use DHCP Lod Blne - SRCID VTEP 2 VMwre, In. 130

131 4 Configure the Universl trnsport zone. In the Nvigtor, lik the Logil Network Preprtion t nd lik Trnsport Zones. Clik the New Trnsport zone ion, enter the following settings, nd lik OK. Mrk this ojet for Universl Synhroniztion Nme Replition mode Selet lusters prt of the Trnsport Zone Seleted Comp Universl Trnsport Zone Hyrid sfo01-w01-omp01 5 Configure the Glol trnsport zone. In the Nvigtor, lik the Logil Network Preprtion t nd lik Trnsport Zones. Clik the New Trnsport zone ion, enter the following settings, nd lik OK. Nme Replition mode Selet lusters prt of the Trnsport Zone Comp Glol Trnsport Zone Hyrid sfo01-w01-omp01 Right lik on Comp Universl Trnsport Zone nd hoose Enle CDO mode lik Yes in the dilog to enle CDO mode. Updte the Host Profile for the Compute Cluster in Region A After n uthorized hnge is mde to host the Host Profile must e updted to reflet the hnges.. VMwre, In. 131

132 1 Log in to the Mngement vcenter Server y using the vsphere We Client. Open We rowser nd go to Log in using the following redentils. User nme Pssword dministrtor@vsphere.lol vsphere_dmin_pssword 2 Updte the Host Profile to the ompute luster. In the Nvigtor, selet Poliies nd Profiles Clik on Host Profiles then right lik on sfo01-w01hp-omp01 nd selet Copy s from Host. Selet sfo01w01esx01.sfo01.rinpole.lol, lik OK. 3 Verify ompline for the hosts in the ompute luster. Clik the Monitor t nd lik Compline. Selet sfo01-w01hp-omp01 nd lik the Chek Host Profile Compline utton. All hosts should show the sttus Complint Configure NSX Dynmi Routing in the Shred Edge nd Compute Cluster in Region A NSX for vsphere retes network virtuliztion lyer on top of whih ll virtul networks re reted. This lyer is n strtion etween the physil nd virtul networks. You onfigure NSX dynmi routing within the ompute nd edge lusters, deploying two NSX Edge devies nd Universl Distriuted Logil Router (UDLR). 1 Crete Universl Logil Swith for Use s the Trnsit Network in the Shred Edge nd Compute Cluster in Region A Crete universl nd glol trnsit logil swithes for use s the trnsit networks in the luster. 2 Deploy NSX Edge Devies for North-South Routing in the Shred Edge nd Compute Cluster in Region A Deploy NSX Edge Devies for North-South routing in the shred edge nd ompute luster. 3 Disle the Firewll Servie in the Shred Edge nd Compute Cluster in Region A Disle the firewll of the two NSX Edge servies gtewys. VMwre, In. 132

133 4 Enle nd Configure Routing in the Shred Edge nd Compute Cluster in Region A Enle the Border Gtewy Protool (BGP) to exhnge routing informtion etween the NSX Edge servies gtewys. 5 Verify Peering of Upstrem Swithes nd Estlishment of BGP in the Shred Edge nd Compute Cluster in Region A The NSX Edge devies need to estlish onnetion to eh of it's upstrem BGP swithes efore BGP updtes n e exhnged. Verify tht the NSX Edges devies re suessfully peering, nd tht BGP routing hs een estlished. 6 Deploy the Universl Distriuted Logil Router in the Shred Edge nd Compute Cluster in Region A Deploy the universl distriuted logil routers (UDLR). 7 Configure Universl Distriuted Logil Router for Dynmi Routing in Shred Edge nd Compute Cluster in Region A Configure the universl distriuted logil router (UDLR) in the shred edge nd ompute luster to use dynmi routing. 8 Verify Estlishment of BGP for the Universl Distriuted Logil Router in the Shred Edge nd Compute Cluster in Region A The universl distriuted logil router (UDLR) needs to estlish onnetion to Edge Servies Gtewy efore BGP updtes n e exhnged. Verify tht the UDLR is suessfully peering, nd tht BGP routing hs een estlished. 9 Deploy the Distriuted Logil Router in the Shred Edge nd Compute Cluster in Region A Deploy the distriuted logil routers (DLR). 10 Configure the Distriuted Logil Router for Dynmi Routing in Shred Edge nd Compute Cluster in Region A Configure the distriuted logil router (DLR) in the shred edge nd ompute luster to use dynmi routing. 11 Verify Estlishment of BGP for the Distriuted Logil Router in the Shred Edge nd Compute Cluster in Region A The distriuted logil router (DLR) needs to estlish onnetion to Edge Servies Gtewy efore BGP updtes n e exhnged. Verify tht the DLR is suessfully peering, nd tht BGP routing hs een estlished. Crete Universl Logil Swith for Use s the Trnsit Network in the Shred Edge nd Compute Cluster in Region A Crete universl nd glol trnsit logil swithes for use s the trnsit networks in the luster. VMwre, In. 133

134 1 Log in to the Mngement vcenter Server y using the vsphere We Client. Open We rowser nd go to Log in using the following redentils. User nme Pssword dministrtor@vsphere.lol vsphere_dmin_pssword 2 Under Inventories, lik Networking & Seurity. 3 In the Nvigtor, lik Logil Swithes. 4 Selet from the NSX Mnger drop-down menu nd lik the Add ion. 5 In the New Logil Swith dilog ox, enter the following settings nd lik OK. Nme Trnsport Zone Replition Mode Universl Trnsit Network Comp Universl Trnsport Zone Hyrid 6 In the New Logil Swith dilog ox, enter the following settings, nd lik OK. Nme Trnsport Zone Replition Mode Glol Trnsit Network Comp Glol Trnsport Zone Hyrid Deploy NSX Edge Devies for North-South Routing in the Shred Edge nd Compute Cluster in Region A Deploy NSX Edge Devies for North-South routing in the shred edge nd ompute luster. Perform this proedure two times to deploy two NSX Edge devies: sfo01w01esg01 nd sfo01w01esg02. Tle NSX Edge Devies NSX Edge Devie NSX Edge Devie 1 NSX Edge Devie 2 Devie Nme sfo01w01esg01 sfo01w01esg02 VMwre, In. 134

135 Tle NSX Edge Interfes s Interfe Primry IP Address - sfo01w01esg01 Primry IP Address - sfo01w01esg02 Uplink Uplink sfo01w01udlr sfo01w01dlr To omplete this proedure use the dtstore tht you onfigured for the shred edge nd ompute luster. 1 Log in to vcenter Server y using the vsphere We Client. Open We rowser nd go to Use the following redentils to log in. User nme Pssword dministrtor@vsphere.lol vsphere_dmin_pssword 2 Under Inventories, lik Networking & Seurity. 3 In the Nvigtor, lik NSX Edges. 4 Selet from the NSX Mnger drop-down menu. VMwre, In. 135

136 5 Clik the Add ion to deploy new NSX Edge. The New NSX Edge wizrd ppers. On the Nme nd desription pge, enter the following settings, nd lik Next. sfo01w01esg01 sfo01w01esg02 Instll Type Edge Servie Gtewy Edge Servie Gtewy Nme sfo01w01esg01 sfo01w01esg02 Hostnme sfo01w01esg01.sfo01.rinpole.lol sfo01w01esg02.sfo01.rinpole.lol Deploy NSX Edge Seleted Seleted Enle High Avilility Deseleted Deseleted On the s pge, enter the following settings, nd lik Next. User Nme Pssword Enle SSH ess Enle FIPS mode Enle uto rule genertion Edge Control Level logging dmin edge_dmin_pssword Seleted Deseleted Seleted INFO d On the Configure deployment pge, selet the Lrge rdio utton to speify the Appline Size nd lik the Add ion. In the Add NSX Edge Appline dilog ox, enter the following settings, lik OK, nd lik Next. Cluster/Resoure Pool Dtstore sfo01-w01rp-sdd-edge sfo01_shred_edge_nd_ompute_dtstore VMwre, In. 136

137 e On the Configure interfes pge, lik the Add ion to onfigure the Uplink01 interfe, enter the following settings, nd lik OK. sfo01w01esg01 sfo01w01esg02 Nme Uplink01 Uplink01 Type Uplink Uplink Conneted To sfo01-w01-vds01-uplink01 sfo01-w01-vds01-uplink01 Connetivity Sttus Conneted Conneted Primry IP Address Sunet Prefix Length MTU Send ICMP Rediret Seleted Seleted f Clik the Add ion to onfigure the Uplink02 interfe, enter the following settings, nd lik OK. sfo01w01esg01 sfo01w01esg02 Nme Uplink02 Uplink02 Type Uplink Uplink Conneted To sfo01-w01-vds01-uplink02 sfo01-w01-vds01-uplink02 Connetivity Sttus Conneted Conneted Primry IP Address Sunet Prefix Length MTU Send ICMP Rediret Seleted Seleted g Clik the Add ion to onfigure the UDLR interfe, enter the following settings, lik OK, nd lik Next. sfo01w01esg01 sfo01w01esg02 Nme sfo01w01udlr01 sfo01w01udlr01 Type Internl Internl Conneted To Universl Trnsit Network Universl Trnsit Network Connetivity Sttus Conneted Conneted Primry IP Address Sunet Prefix Length MTU Send ICMP Rediret Seleted Seleted VMwre, In. 137

138 h Clik the Add ion to onfigure the DLR interfe, enter the following settings, lik OK, nd lik Next. sfo01w01esg01 sfo01w01esg012 Nme sfo01w01dlr01 sfo01w01dlr01 Type Internl Internl Conneted To Glol Trnsit Network Glol Trnsit Network Connetivity Sttus Conneted Conneted Primry IP Address Sunet Prefix Length MTU Send ICMP Rediret Seleted Seleted i j k On the Defult gtewy settings pge, deselet the Configure Defult Gtewy hek ox nd lik Next. On the Firewll nd HA pge lik Next. On the Redy to omplete pge, review the onfigurtion settings tht you entered nd lik Finish. 6 Repet this proedure to onfigure nother NSX edge y using the settings for the seond NSX Edge devie. 7 Configure DRS ffinity rules for the Edge Servies Gtewys. d e f Go k to the Home pge. In the Nvigtor, lik Hosts nd Clusters, nd expnd the sfo01w01v01.sfo01.rinpole.lol tree. Selet the sfo01-w01-omp01 luster, nd lik the Configure t. Under Configurtion, lik VM/Host Rules. Clik Add. In the sfo01-w01-omp01 - Crete VM/Host Rule dilog, enter the following settings nd lik Add. Nme Enle rule Type nti-ffinity-rule-empedges Seleted Seprte Virtul Mhine g h In the Add Rule Memer dilog ox, selet the hek ox next to eh of the two NSX ESG's just deployed nd lik OK. In the sfo01-w01-omp01 - Crete VM/Host Rule dilog ox, lik OK. VMwre, In. 138

139 Disle the Firewll Servie in the Shred Edge nd Compute Cluster in Region A Disle the firewll of the two NSX Edge servies gtewys. You repet this proedure two times for eh of the NSX Edge devies: sfo01w01esg01 nd sfo01w01esg01. 1 Log in to vcenter Server y using the vsphere We Client. Open We rowser nd go to Log in using the following redentils. User nme Pssword dministrtor@vsphere.lol vsphere_dmin_pssword 2 Under Inventories, lik Networking & Seurity. 3 In the Nvigtor, lik NSX Edges. 4 Selet from the NSX Mnger drop-down menu. 5 Doule-lik the sfo01w01esg01 NSX Edge devie. 6 Clik the Mnge t nd lik Firewll. 7 On the Firewll pge, lik the Disle utton. 8 Clik Pulish hnges. 9 Repet this proedure for the NSX Edge servies gtewy sfo01w01esg02. Enle nd Configure Routing in the Shred Edge nd Compute Cluster in Region A Enle the Border Gtewy Protool (BGP) to exhnge routing informtion etween the NSX Edge servies gtewys. Repet this proedure two times to enle BGP for oth NSX Edge devies: sfo01w01esg01 nd sfo01w01esg02. VMwre, In. 139

140 1 Log in to vcenter Server y using the vsphere We Client. Open We rowser nd go to Log in using the following redentils. User nme Pssword dministrtor@vsphere.lol vsphere_dmin_pssword 2 Under Inventories, lik Networking & Seurity. 3 In the Nvigtor, lik NSX Edges. 4 Selet from the NSX Mnger drop-down menu. 5 Doule-lik the sfo01w01esg01 NSX Edge devie. 6 Clik the Mnge t nd lik Routing. 7 Configure settings on the Glol Configurtion pge. d Clik the Enle utton for ECMP. To onfigure dynmi routing, lik the Edit utton next to Dynmi Routing Configurtion. Selet Uplink01 s the Router ID nd lik OK. Clik Pulish Chnges. VMwre, In. 140

141 8 On the Routing t, selet Stti Routes to onfigure it. Clik the Add ion, enter the following settings, nd lik OK. Network UDLR_Compute_Worklod_Sunet Next Hop Interfe sfo01w01udlr01 MTU 9000 Admin Distne 210 Note You must dd ll sunets tht re ehind the UDLR. Clik the Add ion, enter the following settings, nd lik OK. Network DLR_Compute_Worklod_Sunet Next Hop Interfe sfo01w01dlr01 MTU 9000 Admin Distne 210 Note You must dd ll sunets tht re ehind the DLR. Clik Pulish Chnges. 9 On the Routing t, selet BGP to onfigure it. Clik the Edit utton, enter the following settings, nd lik OK. Enle BGP Enle Greful Restrt Enle Defult Originte Seleted Seleted Deseleted Lol AS On the BGP pge, lik the Add ion to dd Neighor. The New Neighor dilog ox ppers. You dd two neighors: the first Top of Rk Swith nd the seond Top of Rk Swith. VMwre, In. 141

142 In the New Neighor dilog1, enter the following vlues nd lik OK. IP Address Remote AS Weight 60 Keep Alive Time 4 Hold Down Time 12 Pssword BGP_pssword d Clik the Add ion to dd nother Neighor. The New Neighor dilog ox ppers. e Add the seond Top of Rk swith, whose IP ddress is f In the New Neighor dilog ox, enter the following vlues nd lik OK. IP Address Remote AS Weight 60 Keep Alive Time 4 Hold Down Time 12 Pssword BGP_pssword g h i Clik the Add ion to dd nother Neighor. Configure the universl distriuted logil router (UDLR) s neighor. In the New Neighor dilog ox, enter the following vlues, nd lik OK. IP Address Remote AS Weight 60 Keep Alive Time 1 Hold Down Time 3 Pssword BGP_pssword j k Clik the Add ion to dd nother Neighor. Configure the distriuted logil router (DLR) s neighor. VMwre, In. 142

143 l In the New Neighor dilog ox, enter the following vlues, nd lik OK. IP Address Remote AS Weight 60 Keep Alive Time 1 Hold Down Time 3 Pssword BGP_pssword m Clik Pulish Chnges. The four neighors you dded pper in the Neighors tle. 10 On the Routing t, selet Route Redistriution to onfigure it. d On the Route Redistriution pge, lik the Edit utton. In the Chnge redistriution settings dilog ox, selet the BGP hek ox nd lik OK. Clik the Add ion for Route Redistriution Tle. In the New Redistriution riteri dilog ox, enter the following settings, nd lik OK. Prefix Lerner Protool OSPF Stti Routes Conneted Ation Any BGP Deseleted Seleted Seleted Permit e Clik the Pulish Chnges utton. The route redistriution onfigurtion ppers in the Route Redistriution tle. Confirm tht the onfigurtion vlues you entered re orret. 11 Repet this proedure for the NSX Edge devie sfo01w01esg02. Verify Peering of Upstrem Swithes nd Estlishment of BGP in the Shred Edge nd Compute Cluster in Region A The NSX Edge devies need to estlish onnetion to eh of it's upstrem BGP swithes efore BGP updtes n e exhnged. Verify tht the NSX Edges devies re suessfully peering, nd tht BGP routing hs een estlished. You repet this proedure two times for eh of the NSX Edge devies: sfo01w01esg01 nd sfo01w01esg01. VMwre, In. 143

144 1 Log in to the NSX Edge devie using Seure Shell (SSH) lient. Open n SSH onnetion to the sfo01w01esg01 NSX Edge devie. Log in using the following redentils. User nme Pssword dmin edge_dmin_pssword 2 Run the show ip gp neighors ommnd to disply informtion out the BGP onnetions to neighors. The BGP Stte will disply Estlished, UP if you hve peered with the upstrem swithes. Note You hve not yet reted the universl distriuted logil router or the distriuted logil router, s suh they will not disply the Estlished, UP sttus messge. VMwre, In. 144

145 3 Run the show ip route ommnd to verify tht you re reeiving routes using BGP, nd tht there re multiple routes to BGP lerned networks. You verify multiple routes to BGP lerned networks y loting the sme route using different IP ddress. The IP ddresses re listed fter the word vi in the right-side olumn of the routing tle output. In the imge elow there re two different routes to the following BGP networks: /0 nd /24. You n identify BGP networks y the letter B in the left-side olumn. Lines eginning with C (onneted) hve only single route. 4 Repet this proedure for the NSX Edge devie sfo01w01esg02. Deploy the Universl Distriuted Logil Router in the Shred Edge nd Compute Cluster in Region A Deploy the universl distriuted logil routers (UDLR). VMwre, In. 145

146 1 Log in to vcenter Server y using the vsphere We Client. Open We rowser nd go to Log in using the following redentils. User nme Pssword dministrtor@vsphere.lol vsphere_dmin_pssword 2 Under Inventories, lik Networking & Seurity. 3 In the Nvigtor, lik NSX Edges. 4 Selet from the NSX Mnger drop-down menu. 5 Clik the Add ion to rete new UDLR. The New NSX Edge wizrd ppers. 6 On the Nme nd desription pge, enter the following settings, nd lik Next. Universl Logil (Distriuted) Router Nme Hostnme Deploy Edge Appline Enle High Avilility Seleted sfo01w01udlr01 sfo01w01udlr01.sfo01.rinpole.lol Seleted Seleted 7 On the s pge, enter the following settings, nd lik Next. User Nme Pssword Enle SSH ess Edge Control Level logging dmin udlr_dmin_pssword Seleted INFO 8 On the Configure deployment pge, nd lik the Add ion. 9 In the Add NSX Edge Appline dilog ox, enter the following settings nd lik Next. Cluster/Resoure Pool Dtstore sfo01-w01rp-sdd-edge sfo01_shred_edge_nd_ompute_dtstore VMwre, In. 146

147 10 On the Configure deployment pge, nd lik the Add ion seond time to dd seond NSX Edge devie. The Add NSX Edge Appline dilog ox ppers. 11 In the Add NSX Edge Appline dilog ox, enter the following settings nd lik Next. Cluster/Resoure Pool Dtstore sfo01-w01rp-sdd-edge sfo01_shred_edge_nd_ompute_dtstore 12 On the Configure interfes pge, under HA Interfe Configurtion, lik Selet nd onnet to sfo01-w01-vds01-mngement. 13 On the Configure interfes pge enter the following onfigurtion settings nd lik Next. Clik the Add ion. Primry IP Address Sunet Prefix Length 24 Enter the following settings in the Add Interfe dilog ox, nd lik OK. The Add Interfe dilog ox ppers. Nme Type Conneted To Connetivity Sttus Uplink Uplink Universl Trnsit Network Conneted Primry IP Address Sunet Prefix Length 24 MTU On the Defult gtewy settings pge, deselet Configure Defult Gtewy nd lik Next. 15 On the Redy to omplete pge, lik Finish. Configure Universl Distriuted Logil Router for Dynmi Routing in Shred Edge nd Compute Cluster in Region A Configure the universl distriuted logil router (UDLR) in the shred edge nd ompute luster to use dynmi routing. VMwre, In. 147

148 1 Log in to vcenter Server y using the vsphere We Client. Open We rowser nd go to Log in using the following redentils. User nme Pssword dministrtor@vsphere.lol vsphere_dmin_pssword 2 Under Inventories, lik Networking & Seurity. 3 In the Nvigtor, lik NSX Edges. 4 Selet from the NSX Mnger drop-down menu. 5 Enle HA logging. d Doule-lik the devie leled sfo01w01udlr01. Clik the Mnge t nd lik the s t. Clik Chnge in the HA Configurtion window. Selet the Enle Logging hekox nd lik OK. 6 Configure the routing for the Universl Distriuted Logil Router. d e f Doule-lik sfo01w01udlr01. Clik the Mnge t nd lik Routing. On the Glol Configurtion pge, perform the following onfigurtion steps. Clik the Edit utton under Routing Configurtion, selet Enle ECMP, nd lik OK. Clik the Edit utton under Dynmi Routing Configurtion, selet Uplink s the Router ID, nd lik OK. Clik Pulish Chnges. 7 On the left, selet BGP to onfigure it. On the BGP pge, lik the Edit utton. The Edit BGP Configurtion dilog ox ppers. In the Edit BGP Configurtion dilog ox, enter the following settings nd lik OK. Enle BGP Enle Greful Restrt Seleted Seleted Lol AS VMwre, In. 148

149 Clik the Add ion to dd Neighor. The New Neighor dilog ox ppers. d In the New Neighor dilog ox, enter the following vlues for oth NSX Edge devies, nd lik OK. You repet this step two times to onfigure the UDLR for oth NSX Edge devies: sfo01w01esg01 nd sfo01w01esg02. sfo01w01esg01 sfo01w01esg02 IP Address Forwrding Address Protool Address Remote AS Weight Keep Alive Time 1 1 Hold Down Time 3 3 Pssword gp_pssword gp_pssword e Clik Pulish Chnges. 8 On the left, selet Route Redistriution to onfigure it. Clik the Edit utton. In the Chnge redistriution settings dilog ox, enter the following settings, nd lik OK. OSPF BGP Deseleted Seleted On the Route Redistriution pge, selet the defult OSPF entry nd lik the Edit utton. VMwre, In. 149

150 d Selet BGP from the Lerner Protool drop-down menu, nd lik OK. e Clik Pulish Chnges. Verify Estlishment of BGP for the Universl Distriuted Logil Router in the Shred Edge nd Compute Cluster in Region A The universl distriuted logil router (UDLR) needs to estlish onnetion to Edge Servies Gtewy efore BGP updtes n e exhnged. Verify tht the UDLR is suessfully peering, nd tht BGP routing hs een estlished. 1 Log in to the sfo01w01udlr01 y using Seure Shell (SSH) lient. Open n SSH onnetion to sfo01w01udlr01, the UDLR whose peering nd BGP onfigurtion you wnt to verify. Log in using the following redentils. User nme Pssword dmin udlr_dmin_pssword 2 Run the show ip gp neighors ommnd to disply informtion out the BGP nd TCP onnetions to neighors. The BGP Stte will disply Estlished, UP if you hve suessfully peered with the Edge Servie Gtewy. VMwre, In. 150

151 3 Run the show ip route ommnd to verify tht you re reeiving routes using BGP, nd tht there re multiple routes to BGP lerned networks. You verify multiple routes to BGP lerned networks y loting the sme route using different IP ddress. The IP ddresses re listed fter the word vi in the right-side olumn of the routing tle output. In the imge elow there re two different routes to the following BGP networks: /0, /24, /24, nd /24. You n identify BGP networks y the letter B in the left-side olumn. Lines eginning with C (onneted) hve only single route. Deploy the Distriuted Logil Router in the Shred Edge nd Compute Cluster in Region A Deploy the distriuted logil routers (DLR). 1 Log in to the Compute vcenter Server y using the vsphere We Client. Open We rowser nd go to Log in using the following redentils. User nme Pssword dministrtor@vsphere.lol vsphere_dmin_pssword 2 Under Inventories, lik Networking & Seurity. VMwre, In. 151

152 3 In the Nvigtor, lik NSX Edges. 4 Selet from the NSX Mnger drop-down menu. 5 Clik the Add ion to rete new DLR, 6 On the Nme nd desription pge, enter the following settings, nd lik Next. Logil (Distriuted) Router Nme Hostnme Deploy Edge Appline Enle High Avilility Seleted sfo01w01dlr01 sfo01w01dlr01.sfo01.rinpole.lol Seleted Seleted 7 On the s pge, enter the following settings, nd lik Next. User Nme Pssword Enle SSH ess Enle FIPS mode Edge Control Level logging dmin dlr_dmin_pssword Seleted Deseleted INFO 8 On the Configure deployment pge, nd lik the Add ion. 9 In the Add NSX Edge Appline dilog ox, enter the following settings nd lik OK. Cluster/Resoure Pool Dtstore sfo01-w01rp-sdd-edge sfo01_shred_edge_nd_ompute_dtstore 10 On the Configure deployment pge, nd lik the Add ion seond time to dd seond NSX Edge devie. 11 In the Add NSX Edge Appline dilog ox, enter the following settings nd lik OK nd then lik Next. Resoure Pool Dtstore sfo01-w01rp-sdd-edge sfo01_shred_edge_nd_ompute_dtstore 12 On the Configure interfes pge, under HA Interfe Configurtion, lik Selet nd onnet to sfo01-w01-vds01-mngement. VMwre, In. 152

153 13 On the Configure interfes pge enter the following onfigurtion settings nd lik Next. Primry IP Address Sunet Prefix Length 24 Under the Configure interfes of this NSX Edge, lik the Add ion. Enter the following settings in the Add Interfe dilog ox, lik OK nd then lik Next. Nme Type Conneted To Connetivity Sttus Uplink Uplink Glol Trnsit Network Conneted Primry IP Address Sunet Prefix Length 24 MTU In the Defult gtewy settings pge, deselet Configure Defult Gtewy nd lik Next. 15 In the Redy to omplete pge, lik Finish. Configure the Distriuted Logil Router for Dynmi Routing in Shred Edge nd Compute Cluster in Region A Configure the distriuted logil router (DLR) in the shred edge nd ompute luster to use dynmi routing. 1 Log in to the Compute vcenter Server y using the vsphere We Client. Open We rowser nd go to Log in using the following redentils. User nme Pssword dministrtor@vsphere.lol vsphere_dmin_pssword 2 Under Inventories, lik Networking & Seurity. 3 In the Nvigtor, lik NSX Edges. 4 Selet from the NSX Mnger drop-down menu. VMwre, In. 153

154 5 Configure the routing for the Distriuted Logil Router. d e f Doule-lik sfo01w01dlr01. Clik the Mnge t nd lik Routing. On the Glol Configurtion pge, perform the following onfigurtion steps. Clik the Enle utton for ECMP. Clik the Edit utton under Dynmi Routing Configurtion, selet Uplink s the Router ID, nd lik OK. Clik Pulish Chnges. 6 On the left, selet BGP to onfigure it. On the BGP pge, lik the Edit utton. The Edit BGP Configurtion dilog ox ppers. In the Edit BGP Configurtion dilog ox, enter the following settings nd lik OK. Enle BGP Enle Greful Restrt Seleted Seleted Lol AS Clik the Add ion to dd Neighor. The New Neighor dilog ox ppers. VMwre, In. 154

155 d In the New Neighor dilog ox, enter the following vlues for oth NSX Edge devies, nd lik OK. Repet this step two times to onfigure the DLR for oth NSX Edge devies: sfo01w01esg01 nd sfo01w01esg02. sfo01w01esg01 sfo01w01esg02 IP Address Forwrding Address Protool Address Remote AS Weight Keep Alive Time 1 1 Hold Down Time 3 3 Pssword gp_pssword gp_pssword e Clik Pulish Chnges. 7 On the left, selet Route Redistriution to onfigure it. Clik the Edit utton. In the Chnge redistriution settings dilog ox, enter the following settings, nd lik OK. OSPF BGP Deseleted Seleted On the Route Redistriution pge, selet the defult OSPF entry nd lik the Edit utton. VMwre, In. 155

156 d Selet BGP from the Lerner Protool drop-down menu, nd lik OK. e Clik Pulish Chnges. Verify Estlishment of BGP for the Distriuted Logil Router in the Shred Edge nd Compute Cluster in Region A The distriuted logil router (DLR) needs to estlish onnetion to Edge Servies Gtewy efore BGP updtes n e exhnged. Verify tht the DLR is suessfully peering, nd tht BGP routing hs een estlished. 1 Log in to the sfo01w01dlr01 y using Seure Shell (SSH) lient. Open n SSH onnetion to sfo01w01dlr01, the DLR whose peering nd BGP onfigurtion you wnt to verify. Log in using the following redentils. User nme Pssword dmin dlr_dmin_pssword 2 Run the show ip gp neighors ommnd to disply informtion out the BGP nd TCP onnetions to neighors. The BGP Stte will disply Estlished,UP if you hve suessfully peered with the Edge Servie Gtewy. VMwre, In. 156

157 3 Run the show ip route ommnd to verify tht you re reeiving routes using BGP, nd tht there re multiple routes to BGP lerned networks. You verify multiple routes to BGP lerned networks y loting the sme route using different IP ddress. The IP ddresses re listed fter the word vi in the right-side olumn of the routing tle output. In the imge elow there re two different routes to the following BGP networks: /0, /24, /24, nd /24. You n identify BGP networks y the letter B in the left-side olumn. Lines eginning with C (onneted) hve only single route. VMwre, In. 157

158 Test the Shred Edge nd Compute Cluster NSX Configurtion in Region A Test the onfigurtion of the NSX logil network using ping test. A ping test heks if two hosts in network n reh eh other. 1 Log in to the Compute vcenter Server y using the vsphere We Client. Open We rowser nd go to Log in using the following redentils. User nme Pssword dministrtor@vsphere.lol vsphere_dmin_pssword 2 Use the Ping Monitor to test onnetivity. In the Nvigtor, lik Networking & Seurity. Under Logil Swithes, doule-lik Universl Trnsit Network. d e f Clik the Monitor t. Under Test Prmeters, selet sfo01w01esx01.sfo01.rinpole.lol s the Soure host. Under the Test Prmeters, selet sfo01w01esx02.sfo01.rinpole.lol s the Destintion Host, nd lik Strt Test. There must e no error messges listed under Results. Deploy vsphere Dt Protetion in Region A Deploy vsphere Dt Protetion to k up nd restore SDDC mngement omponents in Region A. vsphere Dt Protetion enles the kup nd restore of virtul mhines ssoited with the following omponents. vcenter Server Mngement vcenter Server nd onneted externl Pltform Servies Controller Compute vcenter Server nd onneted externl Pltform Servies Controller vrelize Automtion vrelize Log Insight vrelize Opertions Mnger vrelize Business for Cloud VMwre, In. 158

159 vsphere Updte Mnger Downlod Servie (UMDS) 1 Prerequisites for Deploying vsphere Dt Protetion in Region A Before you deploy vsphere Dt Protetion in Region A, verify tht your environment stisfies the requirements for this deployment. 2 Deploy the vsphere Dt Protetion Virtul Appline in Region A Deploy vsphere Dt Protetion s virtul ppline on the mngement luster in Region A. 3 Enle SSH Root User Aess on the vsphere Dt Protetion Appline in Region A Enle the login to the vsphere Dt Protetion ppline in Region A over Seure SHell (SSH) s the root user. You onnet to the ppline over SSH to instll ustom ertifites nd to perform trouleshooting opertions. 4 Reple vsphere Dt Protetion Certifites in Region A After you use the VMwre Vlidted Design Certifite Genertion Utility (CertGenVVD) to generte ertifites for the SDDC mngement omponents, reple the defult VMwre-signed ertifite on vsphere Dt Protetion in Region A. 5 Configure Servie Aount Aess in vsphere for Integrtion with vsphere Dt Protetion in Region A Configure servie ount with permissions tht re required to enle vsphere Dt Protetion ess to provide kup opertions on the Mngement vcenter Server in Region A. 6 Register vsphere Dt Protetion with Mngement vcenter Server in Region A After you deploy the virtul ppline for vsphere Dt Protetion on the mngement luster in Region A, omplete the initil onfigurtion of vsphere Dt Protetion. Prerequisites for Deploying vsphere Dt Protetion in Region A Before you deploy vsphere Dt Protetion in Region A, verify tht your environment stisfies the requirements for this deployment. IP Addresses nd Host Nmes Verify tht stti IP ddress nd FQDN for vsphere Dt Protetion re ville for Region A of the SDDC deployment. Tle IP Addresses nd Host Nmes for vsphere Dt Protetion in Region A Network IP ddress FQDN sfo01m01vdp01.sfo01.rinpole.lol DNS servers , Defult gtewy Sunet msk VMwre, In. 159

160 Deployment Prerequisites Verify tht you hve fulfilled the following prerequisites in ddition to the networking settings: Prerequisite Initil Storge Virtul disk provisioning. Thin Required storge 6 TB NFS Softwre Fetures vsphere Mngement vcenter Server Mngement luster with enled DRS nd HA. vsphere Distriuted Swith onfigured for the vsphere mngement network Instlltion Pkge User Privileges nd Ative Diretory Downlod the vsphere Dt Protetion virtul ppline.ov file to the mhine where you use the vsphere We Client. Verify tht the Mngement vcenter Server for Region A is onneted to the Ative Diretory domin. Verify tht the users nd groups from the rinpole.lol domin re ville on the Mngement vcenter Server in Region A. Deploy the vsphere Dt Protetion Virtul Appline in Region A Deploy vsphere Dt Protetion s virtul ppline on the mngement luster in Region A. 1 Log in to vcenter Server y using the vsphere We Client. Open We rowser nd go to Log in using the following redentils. User nme Pssword dministrtor@vsphere.lol vsphere_dmin_pssword 2 Nvigte to the sfo01m01v01.sfo01.rinpole.lol vcenter Server ojet. 3 Right-lik the sfo01m01v01.sfo01.rinpole.lol ojet nd selet Deploy OVF Templte. 4 On the Selet templte pge, selet Lol file, rowse to the lotion of the vsphere Dt Protetion OVA file on your file system, nd lik Next. VMwre, In. 160

161 5 On the Selet nme nd lotion pge, enter node nme, selet the inventory folder for the virtul ppline, nd lik Next. Nme vcenter Server Dt enter Folder sfo01m01vdp01 sfo01m01v01.sfo01.rinpole.lol sfo01-m01d sfo01-m01fd-dr 6 On the Selet resoure pge, lik the Browse t, selet the following vlues, nd lik Next. Dtenter Cluster sfo01-m01d sfo01-m01-mgmt01 7 On the Review detils pge, exmine the virtul ppline detils, suh s produt nme, produt version, downlod size, nd size on disk, nd lik Next. 8 On the Aept liense greements pge, ept the end user liense greement nd lik Next. 9 On the Selet storge pge, selet the NFS dtstore tht is provisioned for vsphere Dt Protetion, onfigure storge settings, nd lik Next. Dtstore Selet virtul disk formt VM storge poliy sfo01-m01-vdp01 Thin provision None 10 On the Selet networks pge, selet the sfo01-m01-vds01-mngement distriuted port group from the Isolted Network drop-down menu, selet IPv4 from the IP protool drop-down menu, nd lik Next. 11 On the Customize templte pge, enter the networking settings for the virtul ppline, nd lik Next. Networking DNS , Defult Gtewy Network 1 IP Address Network 1 Netmsk On the Redy to omplete pge, verify tht the settings re orret nd lik Finish. 13 After the virtul ppline is deployed, right-lik the virtul ppline ojet in the vsphere We Client nd selet Power > Power On. VMwre, In. 161

162 Enle SSH Root User Aess on the vsphere Dt Protetion Appline in Region A Enle the login to the vsphere Dt Protetion ppline in Region A over Seure SHell (SSH) s the root user. You onnet to the ppline over SSH to instll ustom ertifites nd to perform trouleshooting opertions. 1 Log in to the Mngement vcenter Server y using the vsphere We Client. Open We rowser nd go to Log in using the following redentils. User nme Pssword dministrtor@vsphere.lol vsphere_dmin_pssword 2 Nvigte to the vsphere Dt Protetion virtul ppline sfo01m01vdp01. 3 Right-lik sfo01m01vdp01 nd selet Open Console to open the remote onsole to the ppline. 4 Log in using the following redentils. User nme Pssword root vdp_defult_root_pssword 5 Run the following onsole ommnd to open the sshd_onfig file for editing. vi /et/ssh/sshd_onfig 6 Remove the # omment from the eginning of the line #PermitRootLogin yes. VMwre, In. 162

163 7 Run the following ommnd in the vi editor to sve the file nd exit the editor. :wq! 8 In the onsole, restrt the SSH servie to updte the running onfigurtion. /et/init.d/sshd restrt 9 Log out nd lose the onsole of the ppline. Reple vsphere Dt Protetion Certifites in Region A After you use the VMwre Vlidted Design Certifite Genertion Utility (CertGenVVD) to generte ertifites for the SDDC mngement omponents, reple the defult VMwre-signed ertifite on vsphere Dt Protetion in Region A. 1 Log in to the vsphere Dt Protetion ppline. Open n SSH onnetion to the virtul mhine sfo01m01vdp01.sfo01.rinpole.lol. Log in using the following redentils. User nme Pssword root vdp_root_pssword 2 Stop the vsphere Dt Protetion We servies y running the following ommnd. emwepp.sh --stop Note If you see errors relted to dtse server, ignore them. 3 Delete the tomt lis from the Jv keystore y running the following ommnd. /usr/jv/ltest/in/keytool -delete -lis tomt -storepss hngeit 4 Copy the.keystore file generted y CertGenVVD tool to the /tmp folder on the vsphere Dt Protetion virtul ppline. You n use FileZill or WinSCP. 5 Run the following ommnd to insert the new ertifition hin in to the keystore. /usr/jv/ltest/in/keytool -importkeystore -srkeystore /tmp/.keystore -- destkeystore /root/.keystore -srstorepss hngeit -deststorepss hngeit VMwre, In. 163

164 6 Run the following ommnd nd in the ommnd output verify tht the ertifite entry with the tomt lis exists in the keystore. /usr/jv/ltest/in/keytool -list -v -keystore /root/.keystore -storepss hngeit -keypss hngeit 7 If the ertifite entry exists in the keystore, run the ddfingerprint.sh sript to updte the vsphere Dt Protetion server thumprint. /usr/lol/vmr/in/ddfingerprint.sh 8 Strt the vsphere Dt Protetion We servies y running the following ommnd. emwepp.sh --strt 9 Run the following ommnd to remove the /tmp/.keystore file. rm /tmp/.keystore Configure Servie Aount Aess in vsphere for Integrtion with vsphere Dt Protetion in Region A Configure servie ount with permissions tht re required to enle vsphere Dt Protetion ess to provide kup opertions on the Mngement vcenter Server in Region A. You ssoite the sv-vdp servie ount in the Ative Diretory with user role tht hs ertin privileges. You ssign the user to the Mngement vcenter Server. Define User Role in vsphere for Integrtion with vsphere Dt Protetion in Region A In vsphere, rete user role with privileges tht re required for performing kup opertions for the mngement virtul mhines in vsphere Dt Protetion in Region A. 1 Log in to vcenter Server y using the vsphere We Client. Open We rowser nd go to Log in using the following redentils. User nme Pssword dministrtor@vsphere.lol vsphere_dmin_pssword 2 On the Home pge of the vsphere We Client, selet Roles under Administrtion. VMwre, In. 164

165 3 Crete new role for mnging kups. On the Roles pge, lik the Crete role tion ion. In the Crete Role dilog ox, onfigure the role using the following onfigurtion settings, nd lik OK. Role nme vsphere Dt Protetion User Privilege Alrms.Crete lrm Alrms.Modify lrm Dtstore.Allote spe Dtstore.Browse dtstore Dtstore.Configure dtstore Dtstore.Low level file opertions Dtstore.Move dtstore Dtstore.Remove dtstore Dtstore.Remove file Dtstore.Renme dtstore Extension.Register extension Extension.Updte extension Folder.Crete folder Glol.Cnel tsk Glol.Disle methods Glol.Enle methods Glol.Lienses Glol.Log event Glol.Mnge ustom ttriutes Glol.s Network.Assign network Network.Configure Resoure.Assign virtul mhine to resoure pool Sessions.Vlidte session Tsks.Crete tsk Tsks.Updte tsk Virtul Mhine.Configurtion.Add existing disk Virtul Mhine.Configurtion.Add new disk Virtul Mhine.Configurtion.Add or remove devie Virtul Mhine.Configurtion.Advned Virtul Mhine.Configurtion.Chnge CPU ount Virtul Mhine.Configurtion.Chnge resoure Virtul Mhine.Configurtion.Disk hnge trking Virtul Mhine.Configurtion.Disk lese Virtul Mhine.Configurtion.Extend virtul disk Virtul Mhine.Configurtion.Host USB devie Virtul Mhine.Configurtion.Memory Virtul Mhine.Configurtion.Modify devie settings Virtul Mhine.Configurtion.Rw devie VMwre, In. 165

166 Virtul Mhine.Configurtion.Relod from pth Virtul Mhine.Configurtion.Remove disk Virtul Mhine.Configurtion.Renme Virtul Mhine.Configurtion.Reset guest informtion Virtul Mhine.Configurtion.Set nnottion Virtul Mhine.Configurtion.s Virtul Mhine.Configurtion.Swpfile plement Virtul Mhine.Configurtion.Upgrde virtul mhine omptiility Virtul Mhine.Guest Opertions.Guest opertion lis modifition Virtul Mhine.Guest Opertions.Guest opertion progrm exeution Virtul Mhine.Guest Opertions.Guest opertion queries Virtul Mhine.Intertion.Console intertion Virtul Mhine.Intertion.Devie onnetion Virtul Mhine.Intertion.Guest operting system mngement y VIX API Virtul Mhine.Intertion.Power off Virtul Mhine.Intertion.Power on Virtul Mhine.Intertion.Reset Virtul Mhine.Intertion.VMwre Tools instll Virtul Mhine.Inventory.Crete new Virtul Mhine.Inventory.Register Virtul Mhine.Inventory.Remove Virtul Mhine.Inventory.Unregister Virtul Mhine.Provisioning.Allow disk ess Virtul Mhine.Provisioning.Allow red-only disk ess Virtul Mhine.Provisioning.Allow virtul mhine downlod Virtul Mhine.Provisioning.Mrk s templte Virtul Mhine.Snpshot mngement.crete snpshot Virtul Mhine.Snpshot mngement.remove snpshot Virtul Mhine.Snpshot mngement.revert to snpshot vapp.export vapp.import vapp.vapp pplition onfigurtion This role inherits the System.Anonymous System.View, nd System.Red permissions. 4 The Mngement vcenter Server for Region A propgtes the role to the other linked vcenter Server instnes. Configure User Privileges in vsphere for Integrtion with vsphere Dt Protetion for Region A Assign glol permissions in Region A to the opertions servie ount sv-vdp so tht you n mnge nd perform kups y using vsphere Dt Protetion. The sv-vdp user hs ess rights tht re speifilly required for performing kups in the vcenter Server inventory. VMwre, In. 166

167 1 Log in to vcenter Server y using the vsphere We Client. Open We rowser nd go to Log in using the following redentils. User nme Pssword dministrtor@vsphere.lol vsphere_dmin_pssword 2 Assign glol permissions to the sv-vdp@rinpole.lol servie ount. d e f g In the vsphere We Client, selet Administrtion from the Home menu. In the nvigtor pge, lik Glol Permissions under Aess Control. On the Mnge t, lik the Add permission ion. In the Glol Permissions Root - Add Permission dilog ox, lik Add to ssoite user or group with role. In the Selet Users/Groups dilog, from the Domin drop-down menu, selet rinpole.lol, in the filter ox type sv-vdp, nd press Enter. From the list of users nd groups, selet the sv-vdp user, lik Add, nd lik OK. In the Glol Permissions Root - Add Permission dilog, from the Assigned Role drop-down menu, selet vsphere Dt Protetion User, selet Propgte to hildren hekox, nd lik OK. The glol permissions of the sv-vdp servie ount propgte to ll linked vcenter Server instnes. Register vsphere Dt Protetion with Mngement vcenter Server in Region A After you deploy the virtul ppline for vsphere Dt Protetion on the mngement luster in Region A, omplete the initil onfigurtion of vsphere Dt Protetion. VMwre, In. 167

168 1 Log in to the vsphere Dt Protetion Configurtion Utility. Open We rowser nd go to Log in using the following redentils. User nme Pssword root vdp_defult_root_pssword The vsphere Dt Protetion onfigurtion wizrd ppers. 2 On the Welome pge, lik Next. 3 On the Network s pge, verify tht the network settings re populted orretly nd lik Next. 4 On the Time Zone pge, selet the UTC time zone nd lik Next. 5 On the VDP Credentils pge, enter nd onfirm new pssword for the root Linux ppline user, nd lik Next. The pssword must stisfy the following requirements: If ll four hrter lsses re used, the pssword must e t lest 6 hrters. If three hrter lsses re used, the pssword must e t lest 7 hrters. If one or two hrter lsses re used, the pssword must e t lest 8 hrters. The four-hrter lsses re s follows: Upper se letters A-Z Lower se letters -z Numers 0-9 Speil hrters (for exmple: ~!@#,.) VMwre, In. 168

169 6 On the vcenter Registrtion pge, onfigure the settings for registrtion with the Mngement vcenter Server. Enter the settings for onnetion to the Mngement vcenter Server. vcenter Server vcenter usernme vcenter pssword vcenter FQDN or IP rinpole.lol\sv-vdp sv-vdp_pssword sfo01m01v01.sfo01.rinpole.lol vcenter HTTP port 80 vcenter HTTPS port 443 Verify vcenter ertifite Use vcenter for SSO uthentition SSO FQDN or IP Deseleted Deseleted sfo01ps01.sfo01.rinpole.lol SSO port 443 Clik Test Connetion, nd in the suess messge ox, lik OK. On the vcenter Registrtion pge, lik Next. 7 On the Crete Storge pge, selet Crete new storge, in the Cpity text ox, enter 4 TiB nd lik Next. 8 On the Devie Allotion pge, from the Provision drop-down menu, selet Thin nd lik Next. 9 On the CPU nd Memory pge, leve the defult settings nd lik Next. 10 On the Produt Improvement pge, selet Enle Customer Experiene Improvement Progrm nd lik Next. 11 On the Redy to Complete pge, selet the Run performne nlysis on storge onfigurtion nd Restrt the ppline if suessful hek oxes, nd lik Next. 12 In the Wrning messge ox out storge onfigurtion, lik Yes. vsphere Dt Protetion setup strts onfiguring dt disks. 13 After disk onfigurtion is omplete, lik OK in the Note dilog ox. The ppline will utomtilly restrt. VMwre, In. 169

170 14 Verify tht the vsphere Dt Protetion is essile in the vsphere We Client fter you omplete the initil onfigurtion of vsphere Dt Protetion. Open We rowser nd go to Log in using the following redentils. User nme Pssword vsphere_dmin_pssword On the vsphere We Client Home pge, verify tht the VDP ion is ville nd tht you n onnet to the ppline. Reple Certifites in Region A By defult, virtul infrstruture mngement omponents use TLS/SSL ertifites tht re signed y the VMwre Certifite Authority (VMCA). In this design, you reple user-fing ertifites with ertifites tht re signed y Mirosoft Certifite Authority (CA). Infrstruture dministrtors onnet to different SDDC omponents, suh s vcenter Server systems or Pltform Servies Controller from We rowser to perform onfigurtion, mngement nd trouleshooting. The uthentiity of the network node to whih the dministrtor onnets must e onfirmed with vlid TLS/SSL ertifite. You n use other Certifite Authorities ording to the requirements of your orgniztion. You do not reple ertifites for mhine-to-mhine ommunition. If neessry, you n mnully mrk these ertifites s trusted. You will e repling the ertifites in the following order 1 Mngement vcenter Server 2 Compute vcenter Server 3 Mngement NSX Mnger 4 Compute NSX Mnger 1 Reple the vcenter Server Certifites in Region A After you reple the Pltform Servies Controller ertifite, you reple the vcenter Server mhine SSL ertifite. 2 Reple the NSX Mnger Certifites in Region A After you reple the ertifites of ll Pltform Servies Controller nd vcenter Server instnes, reple the ertifites for the NSX Mnger instnes. VMwre, In. 170

171 Reple the vcenter Server Certifites in Region A After you reple the Pltform Servies Controller ertifite, you reple the vcenter Server mhine SSL ertifite. You reple the ertifites of the Pltform Servies Controller nodes during their deployment. You reple vcenter Server ertifites fter you deploy ll virtul infrstruture omponents. You reple ertifites twie, one for eh vcenter Server instne. You n strt repling ertifites on Mngement vcenter Server sfo01m01v01.sfo01.rinpole.lol first. Tle Certifite-Relted Files on the vcenter Server Instnes vcenter Server FQDN Files for Certifite Replement Replement Order sfo01m01v01.sfo01.rinpole.lo l sfo01w01v01.sfo01.rinpole.lo l sfo01m01v01.key sfo01m01v01.1.er Root64.er sfo01w01v01.key sfo01w01v01.1.er Root64.er First Seond Prerequisites CA-signed ertifite files generted y using VMwre Vlidted Design Certifite Genertion Utility (CertGenVVD). See the VMwre Vlidted Design Plnning nd Preprtion doumenttion. A Windows host with n SSH terminl ess softwre suh s PuTTY nd n sp softwre suh s WinSCP instlled. 1 Chnge the vcenter Server ppline ommnd shell to the Bsh shell to llow seure opy (sp) onnetions. Open n SSH onnetion to sfo01m01v01.sfo01.rinpole.lol. Log in using the following redentils. User nme Pssword root venter_server_root_pssword Run the following ommnds to enle Bsh shell ess for the root user. shell hsh -s "/in/sh" root VMwre, In. 171

172 2 Copy the generted ertifites to the vcenter Server Appline. Run the following ommnd to rete new temporry folder. mkdir -p /root/erts Copy the ertifite files sfo01m01v01.1.er, sfo01m01v01.key nd Root64.er to the /root/erts folder. You n use n sp softwre suh s WinSCP. 3 Reple the CA-signed ertifite on the vcenter Server instne. Strt the vsphere Certifite Mnger utility on the vcenter Server instne. /usr/li/vmwre-vm/in/ertifite-mnger Selet Option 1 (Reple Mhine SSL ertifite with Custom Certifite), enter the defult vcenter Single Sign-On user nme dministrtor@vsphere.lol nd the vsphere_dmin_pssword pssword. When prompted for the Infrstruture Server IP, enter the IP ddress of the Pltform Servies Controller tht mnges this vcenter Server instne. Option IP Address of Conneted Pltform Servies Controller sfo01m01v01.sfo01.rinpole.lol sfo01w01v01.sfo01.rinpole.lol d e Selet Option 2 (Import ustom ertifite(s) nd key(s) to reple existing Mhine SSL ertifite). When prompted, provide the full pth to the ustom ertifite, the root ertifite file, nd the key file tht you opied over erlier, nd onfirm the import with Yes (Y). vcenter Server sfo01m01v01.sfo01.rinpole.lol sfo01w01v01.sfo01.rinpole.lol Input to the vsphere Certifite Mnger Utility Plese provide vlid ustom ertifite for Mhine SSL. File : /root/erts/sfo01m01v01.1.er Plese provide vlid ustom key for Mhine SSL. File : /root/erts/sfo01m01v01.key Plese provide the signing ertifite of the Mhine SSL ertifite. File : /root/erts/hinroot64.er Plese provide vlid ustom ertifite for Mhine SSL. File : /root/erts/sfo01w01v01.1.er Plese provide vlid ustom key for Mhine SSL. File : /root/erts/sfo01w01v01.key Plese provide the signing ertifite of the Mhine SSL ertifite. File : /root/erts/hinroot64.er VMwre, In. 172

173 4 After Sttus shows 100% Completed, wit severl minutes until ll vcenter Server servies re restrted. 5 Run the following ommnds to restrt the vmi-lighttp servie nd to remove ertifite files. servie vmi-lighttp restrt d /root/erts/ rm sfo01m01v01.1.er sfo01m01v01.key Root64.er 6 After you reple the ertifite on the Mngement vcenter Server sfo01m01v01.sfo01.rinpole.lol, repet the proedure to reple the ertifite on the Compute vcenter Server sfo01w01v01.sfo01.rinpole.lol. Reple the NSX Mnger Certifites in Region A After you reple the ertifites of ll Pltform Servies Controller nd vcenter Server instnes, reple the ertifites for the NSX Mnger instnes. You reple ertifites twie, one for eh NSX Mnger. You first strt repling ertifites on the NSX Mnger sfo01m01nsx01.sfo01.rinpole.lol for the mngement luster. Tle Certifite-Relted Files on the NSX Mnger Instnes in Region A NSX Mnger FQDN Certifite File Nme sfo01m01nsx01.sfo01.rinpole.lol sfo01m01nsx01.4.p12 sfo01w01nsx01.sfo01.rinpole.lol sfo01w01nsx01.4.p12 Prerequisites CA-signed ertifite files generted y using VMwre Vlidted Design Certifite Genertion Utility (CertGenVVD). See the VMwre Vlidted Design Plnning nd Preprtion doumenttion. 1 On the Windows host tht hs ess to the dt enter, log in to the NSX Mnger We interfe. Open We rowser nd go to following URL. NSX Mnger NSX Mnger for the mngement luster NSX Mnger for the shred ompute nd edge luster URL Log in using the following redentils. User nme dmin Pssword nsx_mnger_dmin_pssword 2 On the Home pge, selet Mnge Appline s. VMwre, In. 173

174 3 On the Mnge t, lik SSL Certifites, lik Uplod PKCS#12 Keystore. 4 Browse to the ertifite hin file sfo01m01nsx01.4.p12, provide the keystore pssword or pssphrse, nd lik Import. 5 Restrt the NSX Mnger to propgte the CA-signed ertifite. In the right orner of the NSX Mnger pge, lik the s ion. From the drop-down menu, selet Reoot Appline. 6 Re-register the NSX Mnger to the Mngement vcenter Server. Open We rowser nd go to the NSX Mnger We interfe. NSX Mnger for the mngement luster NSX Mnger for the shred ompute nd edge luster Log in using the following redentils. User nme dmin Pssword nsx_mngr_dmin_pssword d e Clik Mnge vcenter Registrtion. Under Lookup Servie URL, lik the Edit utton. In the Lookup Servie URL dilog ox, enter the following settings, nd lik OK. Lookup Servie IP sfo01ps01.sfo01.rinpole.lol Lookup Servie Port 443 SSO Administrtor User Nme Pssword dministrtor@vsphere.lol vsphere_dmin_pssword f g h In the Trust Certifite? dilog ox, lik Yes. Under vcenter Server, lik the Edit utton. In the vcenter Server dilog ox, enter the following settings, nd lik OK. for the NSX Mnger for the Mngement Cluster for the NSX Mnger for the Shred Edge nd Compute Cluster vcenter Server sfo01m01v01.sfo01.rinpole.lol sfo01w01v01.sfo01.rinpole.lol vcenter User Nme Pssword sv-nsxmnger@rinpole.lol sv-nsxmnger_pssword VMwre, In. 174

175 i j In the Trust Certifite? dilog ox, lik Yes. Wit until the Sttus inditors for the Lookup Servie URL nd vcenter Server hnge to Conneted. 7 Repet the steps for the NSX Mnger for the shred ompute nd edge luster. VMwre, In. 175

176 Region A Cloud Mngement 3 Pltform Implementtion The Cloud Mngement Pltform (CMP) onsists of integrted produts tht support the mngement of puli, privte nd hyrid loud environments. The VMwre CMP onsists of vrelize Automtion, n emedded vrelize Orhestrtor, nd vrelize Business for Cloud. vrelize Automtion inorportes virtul mhine provisioning nd self-servie portl. vrelize Business enles illing nd hrgek funtions. vrelize Orhestrtor provides workflow optimiztion. The following proedures desrie the vlidted flow of instlltion nd onfigurtion for the first site in the enterprise. 1 Prerequisites for Cloud Mngement Pltform Implementtion in Region A Verify tht the following onfigurtions re estlished prior to eginning the Cloud Mngement Pltform proedures. 2 Configure Servie Aount Privileges in Region A For you to provision virtul mhines nd logil networks, onfigure privileges for vrelize Automtion for the servie ount sv-vr@rinpole.lol on oth the Compute vcenter Server nd the Compute Cluster NSX instne. 3 vrelize Automtion Instlltion in Region A A vrelize Automtion instlltion inludes instlling nd onfiguring single sign-on (SSO) pilities, the user interfe portl, nd Infrstruture s Servie (IS) omponents. 4 vrelize Automtion Defult Tennt Configurtion in Region A In shred loud environments, where multiple ompnies, divisions or independent groups re using ommon infrstruture fri, it is neessry to set up virtul privte louds where uthentition, resoures, poliy re ustomized to the needs of eh group. Tennts re useful for isolting the users, resoures nd servies of one tennt from those of other tennts. 5 vrelize Automtion Tennt Cretion in Region A You rete dditionl vrelize Automtion tennts so tht users n ess the pplitions nd resoures tht they need to omplete their work ssignments. VMwre, In. 176

177 6 Emedded vrelize Orhestrtor Configurtion in Region A VMwre Emedded vrelize Orhestrtor is pltform tht provides lirry of extensile workflows to llow you to rete nd run utomted, onfigurle proesses to mnge the VMwre vsphere infrstruture s well s other VMwre nd third-prty tehnologies. 7 vrelize Business Instlltion in Region A vrelize Business is n IT finnil mngement tool tht provides trnspreny nd ontrol over the osts nd qulity of IT servies, enling lignment with the usiness nd elertion of IT trnsformtion. 8 Cloud Mngement Pltform Post-Instlltion Tsks in Region A After you deploy vrelize Automtion nd vrelize Orhestrtor, you rete nti-ffinity rules to enle HA protetion for oth servies, enle helth monitors to hek the helth sttus of individul servers, nd remove the snpshots reted during the vrelize Automtion instlltion. 9 Content Lirry Configurtion in Region A Content lirries re ontiner ojets for VM templtes, vapp templtes, nd other types of files. vsphere dministrtors n use the templtes in the lirry to deploy virtul mhines nd vapps in the vsphere inventory. Shring templtes nd files ross multiple vcenter Server instnes in sme or different lotions rings out onsisteny, ompline, effiieny, nd utomtion in deploying worklods t sle. 10 Tennt Content Cretion in Region A In order to provision virtul mhines in the Compute vcenter, the tennt must e onfigured to utilize ompute resoures within vcenter Server. Prerequisites for Cloud Mngement Pltform Implementtion in Region A Verify tht the following onfigurtions re estlished prior to eginning the Cloud Mngement Pltform proedures. DNS Entries nd IP Address Mppings in Region A Before you deploy vrelize Automtion, verify tht your environment stisfies the requirements for this deployment. IP Addresses nd Host Nmes Verify tht the stti IP ddress nd FQDNs tht re listed in the tle elow re ville for the vrelize Automtion pplition virtul network for the first region of the SDDC deployment. Tle 3 1. IP Addresses nd FQDNs for the vrelize Automtion Instne in Region A Role IP Address FQDN vrelize Automtion Server Applines vr01svr01.rinpole.lol vr01svr01.rinpole.lol VMwre, In. 177

178 Tle 3 1. IP Addresses nd FQDNs for the vrelize Automtion Instne in Region A (Continued) Role IP Address FQDN vrelize Automtion Server VIP vr01svr01.rinpole.lol vrelize Automtion IWS vr01iws01.rinpole.lol vr01iws01.rinpole.lol vrelize Automtion IWS VIP vr01iws01.rinpole.lol vrelize Automtion IMS vr01ims01.rinpole.lol vr01ims01.rinpole.lol vrelize Automtion IMS VIP vr01ims01.rinpole.lol vrelize DEM Workers vr01dem01.rinpole.lol vr01dem01.rinpole.lol MS SQL Server for vrelize Automtion vr01mssql01.rinpole.lol vrelize Business for Cloud Server Appline vr01svr01.rinpole.lol Tle 3 2. IP Addresses nd Host Nme for the Supporting Infrstruture in Region A Role IP Address FQDN vrelize Automtion Proxy Agent sfo01is01.sfo01.rinpole.lol sfo01is01.sfo01.rinpole.lol vrelize Business for Cloud Dt Colletor sfo01vr01.sfo01.rinpole.lol Defult gtewy DNS server Sunet msk ntp ntp.sfo01.rinpole.lol ntp.lx01.rinpole.lol vrelize Automtion Deployment Prerequisites Before you instll nd use vrelize Automtion, your environment must meet the following prerequisites. Prerequisite Storge Virtul disk provisioning. Required storge per node. Operting system Dtse Instlltion pkge Windows 2012 R2 Stndrd Mirosoft SQL Server 2012 Stndrd Edition Downlod the vrelize Automtion virtul ppline.ov file. Downlod the vrelize Business for Cloud virtul ppline.ov file. VMwre, In. 178

179 Prerequisite Liense Ative diretory Certifition uthority Jv Verify tht you hve otined liense tht overs the use of vrelize Automtion. Verify tht you hve otined liense tht overs the use of vrelize Business for vrelize Automtion. Verify tht you hve prent Ative Diretory instne with the SDDC user roles onfigured for the rinpole.lol domin. Verify the existene of the sv-vr user in the rinpole.lol domin. Verify the existene of the sv-vro user in the rinpole.lol domin. The Mirosoft SQL Server virtul mhine should join the rinpole.lol domin. Configure the root Ative Diretory domin ontroller s ertifite uthority for the environment. Instll Jv SE Development Kit (JDK), whih is required to run the vrelize Orhestrtor Client. SQL Server Configurtion for the Cloud Mngement Pltform in Region A The Cloud Mngement Pltform uses Mirosoft SQL Server dtse to store dt for use y vrelize Automtion. Mirosoft SQL Server Reommendtions in Region A vrelize Automtion nd other VMwre omponents use Mirosoft SQL Server s dtse to store informtion. While the speifi onfigurtion of SQL Server for use in your environment is not ddressed in this implementtion guide, high-level guidne is provided to ensure more relile opertion of your VMwre omponents. Mirosoft SQL Server should e onfigured with seprte Operting System Level volumes (drive letters) for eh of the following items. The seprtion of these items into seprte logil volumes (drive letters) will help prevent dtse orruption should single volume reh pity. Operting System Dtse Applition SQL User Dtse Dt Files SQL User Dtse Log Files SQL TempDB SQL Bkup Files To provide optiml performne for VMwre vrelize dtses, onfigure the SQL Server virtul mhine (vr01mssql01.rinpole.lol) with 8 vcpu nd 16GB vram. Configure the SQL Server virtul mhine's (vr01mssql01.rinpole.lol) primry DNS to point to (region A's primry DNS) nd its seondry DNS to point to (region B's primry DNS). For further guidne on the deployment nd opertion of prodution instlltion of Mirosoft SQL Server, see the Mirosoft SQL Server doumenttion, or onsult with qulified Mirosoft SQL Server dtse dministrtor. VMwre, In. 179

180 Assign the SQL Server System Role to vrelize Automtion in Region A Assign the SQL Server system role sysdmin to the vrelize Automtion servie ount. vrelize Automtion uses the SQL Server system role privilege to rete nd exeute sripts on the SQL Server dtse. By defult, only users who re memers of the sysdmin system role, or the d_owner nd d_ddldmin dtse roles, n rete ojets in the dtse. 1 Log in to the VRA01MSSQL01.rinpole.lol y using Remote Desktop Protool (RDP) lient. Open n RDP onnetion to the virtul mhine VRA01MSSQL01.rinpole.lol. Log in using the following redentils. User nme Pssword Windows dministrtor user windows_dministrtor_pssword 2 From the Strt menu, lik All Progrms, lik Mirosoft SQL Server, nd lik SQL Server Mngement Studio. Note If SQL Server Mngement Studio doesn't pper in your All Progrms menu, you my not hve suessfully instlled SQL Server Mngement Studio. Verify tht you hve suessfully instlled SQL Server Mngement Studio, nd then ontinue with this proedure. 3 In the Connet to Server dilog ox, leve the defult vlue of the Server Nme text ox, selet Windows Authentition from the Authentition drop-down menu, nd lik Connet. Note During the SQL Server instlltion, the Dtse Engine onfigurtion wizrd prompts you to provide the user nme nd pssword for the SQL Server dministrtor. If this user ws not dded during the SQL Server instlltion, selet SQL Authentition from the Authentition drop-down menu, nd enter the user nme s in the User nme text ox, nd the pssword s_pssword in the Pssword text ox. 4 In Ojet Explorer, expnd the server instne VRA01MSSQL01. 5 Right-lik the Seurity folder, lik New, nd lik Login. VMwre, In. 180

181 The Login Properties dilog ox opens. 6 Selet the Generl pge of the Login Properties dilog ox. 7 From the Ojet Explorer Detils pne selet the Generl pge, nd enter Rinpole\Sv-vRA in the Login nme text ox. VMwre, In. 181

182 8 In the Ojet Explorer Detils pne, selet the Server Role pge. 9 In the Server roles list item field selet the sysdmin hek ox, nd lik OK. VMwre, In. 182

183 Configure Network Aess for Distriuted Trnstion Coordintor in Region A You onfigure network ess nd seurity etween vrelize Automtion nd your Mirosoft SQL Server dtse using Mirosoft Distriuted Trnstion Coordintor (MSDTC). MSDTC oordintes trnstions tht updte two or more trnstion-proteted resoures, suh s dtses, messge queues, files systems, nd so on. These trnstion-proteted resoures my e on single omputer, or distriuted ross mny networked omputers. VMwre, In. 183

184 1 Log in to the VRA01MSSQL01.rinpole.lol y using Remote Desktop Protool (RDP) lient. Open n RDP onnetion to the virtul mhine VRA01MSSQL01.rinpole.lol. Log in using the following redentils. User nme Pssword Windows dministrtor user windows_dministrtor_pssword 2 From the Strt menu, lik Run, type omexp.ms in the Open text ox, nd lik OK. The Component Servies mnger displys. Component Servies lets you mnge Component Ojet Model (COM+) pplitions. 3 Using the nvigtion tree in the left-side pne, expnd Component Servies > Computers > My Computer > Distriuted Trnstion List > Lol DTC. 4 Right-lik Lol DTC nd lik Properties. The Lol DTC Properties dilog ox displys. 5 Clik the Seurity t in the Lol DTC Properties dilog ox. 6 On the Seurity t, onfigure the following vlues, nd lik OK. Network DTC Aess Allow Remote Clients Allow Remote Administrtion Allow Inound Allow Outound Mutul Authentition Required Enle XA Trnstions Enle SNA LU 6.2 Trnstions Aount Pssword Seleted Seleted Deseleted Seleted Seleted Seleted Deseleted Seleted Leve the defult setting (NT AUTHORITY\NetworkServie) Leve lnk VMwre, In. 184

185 7 Clik Yes to restrt the MSDTC Servie. 8 Clik OK to onfirm tht the MSDTC Servie hs suessfully restrted. 9 Close the Component Servies mnger. Allow MS SQL Server nd MSDTC ess through Windows Firewll for vrelize Automtion in Region A You n onfigure Windows Firewll to llow or lok speifi trffi. For vrelize Automtion to funtion orretly, ensure tht network ess to Mirosoft Distriuted Trnstion Coordintor (MSDTC) nd SQL Server is onfigured to llow ess. 1 Log in to the VRA01MSSQL01.rinpole.lol y using Remote Desktop Protool (RDP) lient. Open n RDP onnetion to the virtul mhine VRA01MSSQL01.rinpole.lol. Log in using the following redentils. User nme Pssword Windows dministrtor user windows_dministrtor_pssword 2 From the Strt menu, lik Run, type WF.ms in the Open text ox, nd lik OK. The Windows Firewll with Advned Seurity dilog ox ppers. You use Windows Firewll with Advned Seurity to onfigure firewll properties for eh network profile. VMwre, In. 185

186 3 Allow Aess for Mirosoft SQL Server on TCP Port In the nvigtion pne, under Windows Firewll with Advned Seurity, selet nd right-lik Inound Rules, nd lik New Rule in the tion pne. The New Inound Rule Wizrd ppers. d e f On the Rule Type pge of the New Inound Rule Wizrd, selet the Port rdio utton, nd lik Next. On the Protool nd Ports pge, selet TCP nd enter the port numer 1433 in the Speifi lol ports text ox, nd lik Next. On the Ation pge, selet Allow the onnetion, nd lik Next. On the Profile pge, selet the Domin,Privte, nd Puli profiles, nd lik Next. On the Nme pge, enter Nme nd Desription for this rule, nd lik Finish. 4 Allow ess for Mirosoft Distriuted Trnstion Coordintor. d In the nvigtion pne, under Windows Firewll with Advned Seurity, selet nd rightlik Inound Rules, nd lik New Rule in the tion pne. On the Rule Type pge lik Predefined, lik Distriuted Trnstion Coordintor, nd lik Next. On the Predefined Rules pge, selet ll rules for Distriuted Trnstion Coordintor (RPC- EPMAP), Distriuted Trnstion Coordintor (RPC), Distriuted Trnstion Coordintor (TCP-In), nd lik Next. On the Ation pge, selet Allow the onnetion, nd lik Finish. 5 Exit the Windows Firewll with Advned Seurity wizrd. Configure Servie Aount Privileges in Region A For you to provision virtul mhines nd logil networks, onfigure privileges for vrelize Automtion for the servie ount sv-vr@rinpole.lol on oth the Compute vcenter Server nd the Compute Cluster NSX instne. Configure Servie Aount Privileges on the Compute vcenter Server in Region A Configure Administrtor privileges for the sv-vr nd sv-vro users on the Compute vcenter Server in Region A. If you dd more Compute vcenter Server instnes in the future, perform this proedure on those instnes s well. VMwre, In. 186

187 1 Log in to the Compute vcenter Server y using the vsphere We Client. Open We rowser nd go to Log in using the following redentils. User nme Pssword dministrtor@vsphere.lol vsphere_dmin_pssword 2 In the Nvigtor pne, selet Glol Inventory Lists > vcenter Servers. 3 Right-lik the sfo01w01v01.sfo01.rinpole.lol instne nd selet Add Permission. 4 In the Add Permission dilog ox, lik the Add utton. The Selet Users/Groups dilog ox ppers. 5 Selet RAINPOLE from the Domin drop-down menu, nd in the Show Users First text ox enter sv to filter user nd group nmes. 6 Selet sv-vr nd sv-vro from the User/Group list, lik the Add utton nd lik OK. 7 In the Add Permission dilog ox, selet Administrtor from the Assigned Role drop-down menu nd lik OK. The sv-vr nd sv-vro users users now hve Administrtor privilege on the Compute vcenter Server in Region A. Configure the Servie Aount Privilege on the Compute Cluster NSX Instne in Region A Configure Enterprise Administrtor privileges for the sv-vr@rinpole.lol servie ount. 1 Log in to the Compute vcenter Server y using the vsphere We Client. Open We rowser nd go to Log in using the following redentils. User nme Pssword dministrtor@vsphere.lol vsphere_dmin_pssword 2 In the Nvigtor pne, selet Networking & Seurity > NSX Mngers. 3 Doule-lik the Compute NSX Mnger VMwre, In. 187

188 4 Clik Mnge, lik Users,nd lik the Add ion. The Assign Role wizrd ppers. 5 On the Identify User pge, selet the Speify vcenter User rdio utton, enter sv-vr@rinpole.lol in the User text ox, nd lik Next. 6 On the Selet Roles pge, selet the Enterprise Administrtor rdio utton, nd lik Finish. VMwre, In. 188

189 The rinpole\sv-vr user is now onfigured s n Enterprise Administrtor for the ompute luster NSX instne, nd ppers in the lists of users nd roles. vrelize Automtion Instlltion in Region A A vrelize Automtion instlltion inludes instlling nd onfiguring single sign-on (SSO) pilities, the user interfe portl, nd Infrstruture s Servie (IS) omponents. After instlltion you n ustomize the instlltion environment nd onfigure one or more tennts, whih sets up ess to self-servie provisioning nd life-yle mngement of loud servies. By using the seure portl We interfe, dministrtors, developers, or usiness users n request IT servies nd mnge speifi loud nd IT resoures sed on their roles nd privileges. Users n request infrstruture, pplitions, desktops, nd IT servie through ommon servie tlog. Lod Blning the Cloud Mngement Pltform in Region A You onfigure lod lning for ll servies nd omponents relted to vrelize Automtion nd vrelize Orhestrtor y using n NSX Edge lod lner. You must onfigure the lod lner efore you deploy the vrelize Automtion ppline. This is euse you need the virtul IP (VIP) ddresses to deploy the vrelize Automtion ppline. Add Virtul IP Addresses to the NSX Lod Blner in Region A As the first step of onfiguring lod lning, you dd virtul IP Addresses to the edge interfes. VMwre, In. 189

190 1 Log in to vcenter Server y using the vsphere We Client. Open We rowser nd go to Log in using the following redentils. User nme Pssword dministrtor@vsphere.lol vsphere_dmin_pssword 2 Clik Networking & Seurity. 3 In the Nvigtor, lik NSX Edges. 4 From the NSX Mnger drop-down menu, selet s the NSX Mnger nd doule-lik the sfo01m01l01 NSX Edge to edit its network settings. 5 Clik the Mnge t, lik s, nd selet Interfes. 6 Selet the OneArmLB interfe nd lik the Edit ion. 7 In the Edit NSX Edge Interfe dilog ox, dd the VIP ddresses of the vrelize Automtion nodes in the Seondry IP Addresses text ox. Seondry IP Address , , VMwre, In. 190

191 8 Clik OK to sve the onfigurtion. Crete Applition Profiles in Region A Crete n pplition profile to define the ehvior of prtiulr type of network trffi. After onfiguring profile, you ssoite the profile with virtul server. The virtul server then proesses trffi ording to the vlues speified in the profile. Using profiles enhnes your ontrol over mnging network trffi, nd mkes trffi-mngement tsks esier nd more effiient. You repet this proedure twie to rete two pplition profiles. VMwre, In. 191

192 1 Log in to the Mngement vcenter Server y using the vsphere We Client. Open We rowser nd go to Log in using the following redentils. User nme Pssword dministrtor@vsphere.lol vsphere_dmin_pssword 2 Clik Networking & Seurity. 3 In the Nvigtor, lik NSX Edges. 4 From the NSX Mnger drop-down menu, selet s the NSX Mnger nd doule-lik the sfo01m01l01 NSX Edge to mnge its network settings. 5 Clik the Mnge t, lik Lod Blner, nd selet Applition Profiles. 6 Clik the Add ion nd in the New Profile dilog ox, enter the following vlues. Nme Type Enle SSL Pssthrough Persistene vrelize-https-persist HTTPS Seleted Soure IP Expires in (Seonds) 1800 VMwre, In. 192

193 7 Clik OK to sve the onfigurtion. 8 Repet the sme steps to rete the following pplition profile. Nme Type Enle SSL Pssthrough Persistene vrelize-https HTTPS Seleted None Crete Servie Monitoring in Region A The servie monitor defines helth hek prmeters for the lod lner. You rete servie monitor for eh omponent. VMwre, In. 193

194 1 Log in to the Mngement vcenter Server y using the vsphere We Client. Open We rowser nd go to Log in using the following redentils. User nme Pssword dministrtor@vsphere.lol vsphere_dmin_pssword 2 Clik Networking & Seurity. 3 In the Nvigtor, lik NSX Edges. 4 From the NSX Mnger drop-down menu, selet s the NSX Mnger nd doule-lik the sfo01m01l01 NSX Edge to mnge its network settings. 5 Clik the Mnge t, lik Lod Blner, nd selet Servie Monitoring. 6 Clik the Add ion nd in the New Servie Monitor dilog ox, onfigure the vlues for the servie monitor you re dding, nd lik OK. vr-svr-443-monitor vr-iws-443-monitor vr-ims-443-monitor vr-vro-8283-monitor Nme vr-svr-443-monitor vr-iws-443-monitor vr-ims-443-monitor vr-vro-8283-monitor Intervl Timeout Mx Retries Type HTTPS HTTPS HTTPS HTTPS Expeted 204 Method GET GET GET GET URL /v/servies/pi/helth /wpi/pi/sttus/we /VMPSProvision /vo-ontrolenter/dos Reeive REGISTERED ProvisionServie VMwre, In. 194

195 7 Repet Step 6 to rete servie monitor for eh omponent. Upon ompletion, verify tht you hve suessfully entered the monitor nmes nd their respetive onfigurtion vlues. Crete Server Pools in Region A A server pool onsists of k-end server memers. After you rete server pool, you ssoite servie monitor with the pool to mnge nd shre the k-end servers flexily nd effiiently. The following onsidertions explin the design of the server pools onfigurtion. The onfigurtion uses NONE s helth monitor for ll server pools. Until vrelize Automtion is fully instlled nd strted, the helth monitor mrks pool memers s offline. Helth monitors indite the sttus of pool memers orretly, only fter vrelize Automton is fully instlled nd initilized. VMwre, In. 195

196 The onfigurtion disles the seond pool memer of three vrelize Automtion VIPs (vr-svr-443, vr-is-we-443, vr-is-mgr-443). During the instlltion or power yle of vrelize Automtion, the servie inside the seond node might not e instlled or initilized yet. In this period of time, if the lod lner psses request to the seond node, the request fils. If the seond pool memer is not disled, you n experiene rndom filures during vrelize Automtion instlltion, nd servie initiliztion or registrtion filure during vrelize Automtion power yle. Perform the proedure multiple times to onfigure five different server pools. Tle 3 3. Server Pools for the Cloud Mngement Pltform in Region A Pool Nme Monitors Enle Memer Memer Nme IP Address Port Monitor Port vr-svr-443 NONE Yes vr01svr No vr01svr vr-iws-443 NONE Yes vr01iws No vr01iws vr-ims-443 NONE Yes vr01ims No vr01ims vr-svr-8444 NONE Yes vr01svr Yes vr01svr vr-vro-8283 NONE Yes vr01svr No vr01svr Log in to the Mngement vcenter Server y using the vsphere We Client. Open We rowser nd go to Log in using the following redentils. User nme Pssword dministrtor@vsphere.lol vsphere_dmin_pssword 2 Clik Networking & Seurity. 3 In the Nvigtor, lik NSX Edges. 4 From the NSX Mnger drop-down menu, selet s the NSX Mnger nd doule-lik the sfo01m01l01 NSX Edge to mnge its network settings. 5 Clik the Mnge t, lik Lod Blner, nd selet Pools. VMwre, In. 196

197 6 Clik the Add ion nd in the New Pool dilog ox, enter the following vlues. Nme Algorithm Monitors vr-svr-443 ROUND-ROBIN NONE 7 New Memers dilog ox, lik the Add ion to dd the first pool memer. 8 In the New Memer dilog ox, enter the following vlues, nd lik OK. Nme vr01svr01 IP Address/VC Continer Stte Enle Port 443 Monitor Port 443 Weight 1 9 Under Memers, lik the Add ion to dd the seond pool memer. VMwre, In. 197

198 10 In the New Memer dilog ox, enter the following vlues, lik OK nd lik OK to sve the vrelize Automtion server pool. Nme Desription vr01svr01 IP Address/VC Continer Stte Disle Port 443 Monitor Port 443 Weight 1 11 Repet the proedure to rete the remining server pools. Crete Virtul Servers in Region A After lod lning is set up, the NSX lod lner distriutes network trffi ross multiple servers. When virtul server reeives request, it hooses the pproprite pool to send trffi to. Eh pool onsists of one or more memers. You rete virtul servers for ll of the onfigured server pools. VMwre, In. 198

199 1 Log in to the Mngement vcenter Server y using the vsphere We Client. Open We rowser nd go to Log in using the following redentils. User nme Pssword dministrtor@vsphere.lol vsphere_dmin_pssword 2 Clik Networking & Seurity. 3 In the Nvigtor, lik NSX Edges. 4 From the NSX Mnger drop-down menu, selet s the NSX Mnger nd doule-lik the sfo01m01l01 NSX Edge to mnge its network settings. 5 Clik the Mnge t, lik Lod Blner, nd selet Virtul Servers. 6 Clik the Add ion, nd in the New Virtul Server dilog ox onfigure the vlues for the virtul server you re dding, nd lik OK. vr-svr-443 vr-iws-443 vr-ims-443 vr-svr-8444 vr-vro-8283 Enle Virtul server Seleted Seleted Seleted Seleted Seleted Applition Profile vrelize-https vrelize-httpspersist vrelize-httpspersist vrelize-httpspersist vrelize-httpspersist Nme vr-svr-443 vr-iws-443 vr-ims-443 vr-svr-8444 vr-vro-8283 Desription vrelize Automtion Appline UI vrelize Automtion IS We UI vrelize Automtion IS Mnger vrelize Automtion Remote Console Proxy vrelize Orhestrtor Control Center IP Address Protool HTTPS HTTPS HTTPS HTTPS HTTPS Port Defult Pool vr-svr-443 vr-iws-443 vr-ims-443 vr-svr-8444 vr-vro-8283 VMwre, In. 199

200 7 Repet Step 6 to rete virtul server for eh omponent. Upon ompletion, verify tht you hve suessfully entered the virtul server nmes nd their respetive onfigurtion vlues. Deploy the vrelize Automtion Appline in Region A The vrelize Automtion ppline is pre-onfigured virtul ppline tht ontins the vrelize Automtion server. The server inludes the vrelize Automtion ppline produt onsole, whih provides single portl for self-servie provisioning nd mngement of loud servies, uthoring, dministrtion, nd governne. During deployment of the virtul pplines, PostgreSQL ppline dtse is reted utomtilly on the first vrelize Automtion ppline. A repli dtse n e instlled on seond vrelize Automtion ppline to rete high-vilility environment. Perform this proedure twie to deploy two pplines y using the onfigurtion vlues for host A for the first ppline, nd the onfigurtion vlues for host B for the seond ppline. VMwre, In. 200

201 s for Host A s for Host B Nme vr01svr01.rinpole.lol vr01svr01.rinpole.lol Selet folder or dtenter sfo01-m01fd-vr sfo01-m01fd-vr Network Mgmt-xRegion01-VXLAN ( x) Mgmt-xRegion01-VXLAN ( x) Cluster sfo01-m01-mgmt01 sfo01-m01-mgmt01 Virtul Disk Formt Thin provision Thin provision VM Storge Poliy vsan Defult Storge Poliy vsan Defult Storge Poliy Dtstore sfo01-m01-vsn01 sfo01-m01-vsn01 Enle SSH servie in the ppline Seleted Seleted Hostnme vr01svr01.rinpole.lol vr01svr01.rinpole.lol Initil Root Pssword vr_ppa_root_pssword vr_ppb_root_pssword Defult gtewy Domin Nme rinpole.lol rinpole.lol Domin Nme Servers , , Domin Serh Pth rinpole.lol,sfo01.rinpole.lol,lx01.rinpole.lol rinpole.lol,sfo01.rinpole.lol,lx01.rinpole.lol Network 1 IP Address Network 1 Netmsk Log in to vcenter Server y using the vsphere We Client. Open We rowser nd go to Log in using the following redentils. User nme Pssword dministrtor@vsphere.lol vsphere_dmin_pssword 2 In the Nvigtor pne, selet Glol Inventory Lists > vcenter Servers. 3 Right-lik the sfo01m01v01.sfo01.rinpole.lol ojet nd selet Deploy OVF Templte. 4 On the Selet templte pge, selet Lol file, rowse to the lotion of the vrelize Automtion Virtul Mhine Templte file on your file system, nd lik Next. VMwre, In. 201

202 5 On the Selet nme nd folder pge, enter the following informtion, nd lik Next. Nme Selet folder or dtenter vr01svr01.rinpole.lol sfo01-m01fd-vr 6 On the Selet Resoure pge, selet luster sfo01-m01-mgmt01 nd lik Next. 7 On the Review detils pge, exmine the virtul ppline detils, suh s produt, version, downlod nd disk size, nd lik Next. 8 On the Aept liense greements pge, ept the end user liense greements nd lik Next. 9 On the Selet storge pge, selet the dtstore. Selet Thin Provision from the Selet virtul disk formt drop-down menu. Selet vsan Defult Storge Poliy from the VM storge poliy drop-down menu. From the dtstore tle, selet the sfo01-m01-vsn01 vsan dtstore nd lik Next. 10 On the Setup Networks pge, selet the distriuted port group tht ends with Mgmt-xRegion01- VXLAN from the Destintion Network drop-down menu nd lik Next. 11 On the Customize templte pge, onfigure the following vlues nd lik Next. Option Enle SSH servie in the ppline Hostnme Initil Root Pssword Desription Seleted vr01svr01.rinpole.lol vr_ppa_root_pssword Defult gtewy Domin Nme rinpole.lol Domin Nme Servers , Domin Serh Pth rinpole.lol,sfo01.rinpole.lol,lx01.rinpole.lol Network 1 IP Address Network 1 Netmsk On the Redy to omplete pge, review the onfigurtion settings you speified nd lik Finish. 13 Clik vcenter server sfo01m01v01.sfo01.rinpole.lol. Selet VMs t. Type vr01svr01 in the serh text ox. 14 Selet virtul mhine vr01svr01.rinpole.lol nd lik Power On ion. Wit until the vrelize Automtion ppline virtul mhine is ompletely powered on. This my tke severl minutes. 15 From the Virtul Mhine Console, verify tht vr01svr01.rinpole.lol uses the onfigurtion settings you speified. 16 Repet the proedure to deploy the seond vrelize Automtion virtul mhine vr01svr01.rinpole.lol. VMwre, In. 202

203 Deploy Windows Virtul Mhines for vrelize Automtion in Region A vrelize Automtion requires severl Windows virtul mhines to t s IS omponents in distriuted onfigurtion. These redundnt omponents provide high vilility for the vrelize Automtion infrstruture fetures. Crete vsphere Imge Customiztion Speifitions in Region A Crete vsphere imge ustomiztion speifitions to use with your vrelize Automtion IS Servers nd Proxy Agent deployments. The ustomiztion speifition you rete ustomizes the guest operting systems of the virtul mhines tht host the vrelize Automtion IS We Server nd IS Mnger Servies. Customiztion speifitions re XML files tht ontin guest operting system settings for virtul mhines. You rete ustomiztion speifitions with the Guest Customiztion wizrd, nd mnge speifitions using the Customiztion Speifition Mnger. vcenter Server sves the ustomized onfigurtion prmeters in the vcenter Server dtse. When you lone virtul mhine or deploy virtul mhine from templte, you n ustomize the guest operting system of the virtul mhine to hnge properties suh s the omputer nme, network settings, nd liense settings. When you pply n imge ustomiztion speifition to the guest operting system during virtul mhine loning or deployment, you prevent onflits tht might result if you deploy virtul mhines with identil settings, suh s duplite omputer nmes. Crete Customiztion Speifition File for IS Servers in Region A Crete vsphere Imge Customiztion templte to use with your vrelize Automtion IS Servers deployment. You n supply ustom sysprep nswer file s n lterntive to speifying mny of the settings in the Guest Customiztion wizrd. The vsphere Imge Customiztion templte sysprep nswer file stores numer of ustomiztion settings suh s omputer nme, liensing informtion, nd workgroup or domin settings. 1 Log in to the Mngement vcenter Server y using the vsphere We Client. Open We rowser nd go to Log in using the following redentils. User nme Pssword dministrtor@vsphere.lol vsphere_dmin_pssword 2 From Home pge, under Opertions nd Poliies, lik Customiztion Speifition Mnger. VMwre, In. 203

204 3 Selet sfo01m01v01.sfo01.rinpole.lol from the vcenter Server drop-down menu. 4 Clik the Crete new speifition ion. The Guest Customiztion wizrd opens. 5 On the Speify Properties pge, onfigure the following vlues, nd lik Next. Trget VM Operting System Use ustom SysPrep nswer file Customiztion Spe Nme Windows Deseleted vr7-templte 6 On the Set Registrtion Informtion pge, onfigure the following vlues, nd lik Next. Nme Orgniztion Rinpole Rinpole IT 7 On the Set Computer Nme pge, selet the Enter nme in the Clone/Deploy wizrd rdio utton, nd lik Next. 8 On the Enter Windows Liense pge, onfigure the following vlues, nd lik Next. If you re using Mirosoft Liense Server, or hve multiple single liense keys, leve the Produt Key text ox lnk. Produt Key Inlude Server Liense Informtion Server Liense Mode volume_liense_key Seleted Per set 9 On the Set Administrtor Pssword pge, onfigure the following vlues, nd lik Next. Pssword Automtilly logon s Administrtor lol_dministrtor_pwd Seleted Numer of times to logon utomtilly 1 10 On the Time Zone pge, selet (GMT) Coordinted Universl Time from the Time Zone drop-down menu, nd lik Next. 11 On the Run One pge, type net lolgroup dministrtors rinpole\sv-vr /dd in the text ox nd lik Add. This ommnd will dd servie ount rinpole\sv-vr into virtul mhine's lol dministrtors group. Clik Next. 12 On the Configure Network pge, selet the Mnully selet ustom settings rdio utton, selet NIC1 from the list of network interfes in the virtul mhine, nd lik Edit. The Edit Network dilog ox opens. VMwre, In. 204

205 13 In the Edit Network dilog ox, on the IPv4 pge, onfigure the following vlues nd lik DNS. Prompt the user for n ddress when the speifition is used Seleted Sunet Msk Defult Gtewy On the DNS pge, provide DNS servers nd serh suffixes. Speify the following DNS server settings. Use the following DNS server ddress Seleted Preferred DNS Server Alternte DNS Server d e Enter rinpole.lol in the For ll onnetions with TCP/IP enled text ox nd lik the Add utton. Enter sfo01.rinpole.lol in the For ll onnetions with TCP/IP enled text ox nd lik the Add utton. Enter lx01.rinpole.lol in the For ll onnetions with TCP/IP enled text ox nd lik the Add utton. Clik OK to sve settings nd lose the Edit Network dilog ox, nd lik Next. 15 On the Set Workgroup or Domin pge, enter redentils tht hve dministrtive privileges in the domin, nd lik Next. Windows Server Domin Usernme Pssword rinpole.lol d_dmin_t@rinpole.lol d_dmin_pssword 16 On the Set Operting System Options pge, selet the Generte New Seurity ID (SID) hek ox, nd lik Next. 17 On the Redy to omplete pge, review the onfigurtion settings tht you entered, nd lik Finish. The ustomiztion speifition you reted is listed in the Customiztion Speifition Mnger, nd n e used to ustomize virtul mhine guest operting systems. Crete Customiztion Speifition File for IS Proxy Agent Servers in Region A Crete vsphere Imge Customiztion templte to use with your vrelize Automtion IS Proxy Agent deployment. VMwre, In. 205

206 1 Log in to the Mngement vcenter Server y using the vsphere We Client. Open We rowser nd go to Log in using the following redentils. User nme Pssword dministrtor@vsphere.lol vsphere_dmin_pssword 2 From the Home pge, lik Customiztion Speifition Mnger. 3 Selet sfo01m01v01.sfo01.rinpole.lol from the vcenter Server drop-down menu. 4 Clik the Crete new speifition ion. The New VMGuest CustomiztionSpe wizrd opens. 5 On the Speify Properties pge, enter the following settings, nd lik Next. Trget VM Operting System Use ustom SysPrep nswer file Customiztion Spe Nme Windows Deseleted vr7-proxy-gent-templte 6 On the Set Registrtion Informtion pge, enter the following settings, nd lik Next. Nme Orgniztion Rinpole Rinpole IT 7 On the Set Computer Nme pge, selet the Enter nme in the Clone/Deploy wizrd rdio utton, nd lik Next. VMwre, In. 206

207 8 On the Enter Windows Liense pge, enter the following settings, nd lik Next. If you re using Mirosoft Liense Server, or hve multiple single liense keys, leve the Produt Key text ox lnk. Produt Key Inlude Server Liense Informtion Server Liense Mode volume_liense_key Seleted Per set 9 On the Set Administrtor Pssword pge, enter the following settings, nd lik Next. Pssword Automtilly logon s Administrtor lol_dministrtor_pwd Seleted Numer of times to logon utomtilly 1 10 On the Time Zone pge,selet (GMT) Coordinted Universl Time from the Time Zone drop-down menu, nd lik Next. 11 On the Run One pge, type net lolgroup dministrtors rinpole\sv-vr /dd in the text ox nd lik Add. This ommnd will dd servie ount rinpole\sv-vr into the virtul mhine's lol dministrtors group. Clik Next. 12 On the Configure Network pge, selet the Mnully selet ustom settings rdio utton, selet NIC1 from the list of network interfes in the virtul mhine, nd lik Edit. VMwre, In. 207

208 The Network Properties dilog ox displys. 13 In the Edit Network dilog ox, on the IPv4 pge, speify the following settings nd lik DNS. Prompt the user for n ddress when the speifition is used Seleted Sunet Msk Defult Gtewy VMwre, In. 208

209 14 On the DNS pge, provide DNS servers nd serh suffixes. Speify the following DNS server settings. Use the following DNS server ddress Seleted Preferred DNS Server Alternte DNS Server d e Enter sfo01.rinpole.lol in the For ll onnetions with TCP/IP enled text ox nd lik the Add utton. Enter rinpole.lol in the For ll onnetions with TCP/IP enled text ox nd lik the Add utton. Enter lx01.rinpole.lol in the For ll onnetions with TCP/IP enled text ox nd lik the Add utton. Clik OK to sve settings nd lose the Edit Network dilog ox, nd lik Next. 15 On the Set Workgroup or Domin pge, enter redentils tht hve dministrtive privileges in the domin, nd lik Next. Windows Server Domin Usernme Pssword sfo01.rinpole.lol d_dmin_t@sfo01.rinpole.lol d_dmin_pssword VMwre, In. 209

210 16 On the Set Operting System options pge, selet the Generte New Seurity ID (SID) hek ox, nd lik Next. 17 On the Redy to Complete pge, review the settings tht you entered, nd lik Finish. The ustomiztion speifition you reted is listed in the Customiztion Speifition Mnger, nd n e used to ustomize virtul mhine guest operting systems. Crete Windows Virtul Mhines for vrelize Automtion in Region A vrelize Automtion requires severl Windows virtul mhines to t s IS omponents in distriuted onfigurtion. These redundnt omponents provide high vilility for the vrelize Automtion infrstruture fetures. To filitte loning, this design uses the vr7-templte nd the vr7-proxy-gent-templte imge ustomiztion speifition templtes nd the windows-2012r2-64 VM templte. A fully redundnt vrelize Automtion deployment requires eight virtul mhines tht run on Windows. Repet this proedure eight times y using the informtion in the following tle to rete eight VMs. Imge Customiztion Nme for Virtul Mhines NetBIOS nme vcenter Folder IP vcpu numer Memory Size Speifition Templte Network vr01iws01.rinpole.lol vr01iws01 sfo01- m01fdvr vr01iws01.rinpole.lol vr01iws01 sfo01- m01fdvr vr01ims01.rinpole.lol vr01ims01 sfo01- m01fdvr vr01ims01.rinpole.lol vr01ims01 sfo01- m01fdvr vr01dem01.rinpole.lol vr01dem01 sfo01- m01fdvr vr01dem01.rinpole.lol vr01dem01 sfo01- m01fdvr GB vr7-templte vxw-dvsxxxx-mgmtxregion01- VXLAN GB vr7-templte vxw-dvsxxxx-mgmtxregion01- VXLAN GB vr7-templte vxw-dvsxxxx-mgmtxregion01- VXLAN GB vr7-templte vxw-dvsxxxx-mgmtxregion01- VXLAN GB vr7-templte vxw-dvsxxxx-mgmtxregion01- VXLAN GB vr7-templte vxw-dvsxxxx-mgmtxregion01- VXLAN VMwre, In. 210

211 Imge Customiztion Nme for Virtul Mhines NetBIOS nme vcenter Folder IP vcpu numer Memory Size Speifition Templte Network sfo01is01.sfo01.rinpole.lol sfo01is01 sfo01- m01fdvris sfo01is01.sfo01.rinpole.lol sfo01is01 sfo01- m01fdvris GB vr7-proxygent-templte GB vr7-proxygent-templte vxw-dvs- xxxx-mgmt- RegionA01- VXLAN vxw-dvs- xxxx-mgmt- RegionA01- VXLAN Prerequisites Verify tht you hve reted the Windows 2012 R2 VM templte, windows2012r2-templte. SHA512 is disled in Windows for TLS 1.2 y defult. If SHA512 ertifites will e used for vrelize Automtion, you need to instll the windows updte in Mirosoft KB Log in to the Mngement vcenter Server y using the vsphere We Client. Open We rowser nd go to Log in using the following redentils. User nme Pssword dministrtor@vsphere.lol vsphere_dmin_pssword 2 In the Nvigtor pne, selet Glol Inventory Lists > vcenter Servers. Clik the sfo01m01v01.sfo01.rinpole.lol instne. 3 Clik VM Templtes in Folders, nd from the VM Templtes in Folders pne, right-lik the IS windows templte windows2012r2-templte nd selet New VM from this Templte. 4 On the Selet nme nd folder pge of the Deploy From Templte wizrd, speify nme nd lotion for the virtul mhine. Enter vr01iws01.rinpole.lol in the Enter nme for the virtul mhine text ox. In the Selet lotion for the virtul mhine pne, selet the sfo01-m01fd-vr folder in the sfo01-m01d dtenter under sfo01m01v01.sfo01.rinpole.lol, nd lik Next. 5 On the Selet ompute resoure pge, selet sfo01-m01-mgmt01 nd lik Next. VMwre, In. 211

212 6 On the Selet storge pge, selet the dtstore on whih to rete the virtul mhine's disks. Selet vsan Defult Storge Poliy from thevm Storge Poliy drop-down menu. Selet the sfo01-m01-vsn01 vsan dtstore from the dtstore tle nd lik Next. 7 On the Selet Clone options pge, selet the Customize the operting system hek ox, nd lik Next. 8 On the Customize guest OS pge, selet the vr7-templte from the tle, nd lik Next. 9 On the User s pge, enter the following vlues, nd lik Next. NetBIOS nme vr01iws01 IPv4 ddress IPv4 sunet msk On the Redy to Complete pge, review your settings nd lik Finish. When the deployment of the virtul mhine ompletes, you n ustomize the virtul mhine. 11 In the Nvigtor, selet VMs nd Templtes. 12 Right-lik the vr01iws01.rinpole.lol virtul mhine nd selet Edit s. VMwre, In. 212

213 13 Clik Virtul Hrdwre nd onfigure the settings for CPU, Memory, nd the Network dpter 1. Selet 2 from the CPU drop-down menu. Set the Memory settings to 4096 MB. Expnd Network dpter 1 nd selet vxw-dvs-xxxx-mgmt-xregion01-vxlan from the dropdown menu nd lik OK. 14 Right-lik the virtul mhine vr01iws01.rinpole.lol, nd selet Power > Power on. 15 From the Virtul Mhine Console, verify tht vr01iws01.rinpole.lol re-oots, nd uses the onfigurtion settings tht you speified. After the Windows ustomiztion proess ompletes, len desktop ppers. 16 Log in to the Windows operting system nd perform finl verifition nd ustomiztion. Verify tht the IP ddress, omputer nme, nd domin re orret. Verify vrelize Automtion servie ount sv-vr@rinpole.lol hs een dded to the Lol Administrtors Group. Note You my notie tht the virtul mhine filed to exeute ll the steps in the ustomiztion speifition. When this ours: Delete the virtul mhine nd its ustomiztion speifition. Retry reting the Windows virtul mhines for the IS omponents y reting new ustomiztion speifition nd provisioning virtul mhine using the newly rereted ustomiztion speifition. For informtion on reting new ustomiztion speifition, see Crete Customiztion Speifition File for IS Servers in Region A. For informtion on reting Windows virtul mhines for the IS omponents, see the urrent topi, Crete Windows Virtul Mhines for vrelize Automtion in Region A. 17 Repet this proedure to deploy nd onfigure the remining virtul mhines. Instll vrelize Automtion Mngement Agent on Windows IS VMs in Region A For eh Windows virtul mhine deployed s prt of the vrelize Automtion instlltion, mngement gent must e deployed to filitte the instlltion of the Windows dependenies nd vrelize Automtion omponents. Perform this proedure multiple times to instll the Mngement Agent on ll Windows IS virtul mhines listed elow. vr01iws01.rinpole.lol vr01iws01.rinpole.lol vr01dem01.rinpole.lol VMwre, In. 213

214 vr01dem01.rinpole.lol vr01ims01.rinpole.lol vr01ims01.rinpole.lol sfo01is01.sfo01.rinpole.lol sfo01is01.sfo01.rinpole.lol 1 Log in to the vr01iws01.rinpole.lol virtul mhine onsole using the vrelize Automtion servie ount. Usernme Pssword Rinpole\sv-vr sv-vr_pssword 2 Downlod the vrelize Mngement Agent. Open We rowser nd go to Downlod the Mngement Agent Instller.msi pkge. 3 Instll the vrelize Mngement Agent. d e Strt the vcac-ismngementagent-setup.msi instller. On the Welome pge, lik Next to strt the instll proess. On the EULA pge, selet the I ept the terms of this greement hek ox nd lik Next. On the Destintion Folder pge, lik Next to instll in the defult pth. On the Mngement Site Servie pge, enter the following settings nd lik Lod. vra Appline Address Root usernme Pssword root vr_ppa_root_pssword f Selet the I onfirm the fingerprint mthes the Mngement Site Servie SSL ertifite hek ox, nd lik Next. 4 On the Mngement Agent Aount Configurtion pge, enter the following redentils nd lik Next. Usernme Pssword rinpole\sv-vr sv-vr_pssword 5 On the Redy to Instll pge, lik Instll. VMwre, In. 214

215 6 Repet the proedure to instll the Mngement Agent on the remining Windows IS virtul mhines. Instll the vrelize Automtion Environment in Region A You use the Instlltion wizrd to deploy distriuted instlltion with lod lners for high vilility nd filover. One you strt the wizrd you must omplete it. If you nel the wizrd, you must redeploy the ppline to run the wizrd gin. 1 Log in to the first vrelize Automtion ppline. Open We rowser nd go to Log in using the following redentils. User nme Pssword root vr_ppa_root_pssword The vrelize Automtion Instlltion wizrd ppers. 2 On the Welome to the vrelize Automtion Instlltion Wizrd pge, lik Next. 3 On the End User Liense Agreement pge, ept the terms of the greement nd lik Next. 4 On the Deployment Type pge, speify the following settings nd lik Next. Enterprise deployment Instll Infrstruture s Servie Seleted Seleted VMwre, In. 215

216 5 On the Instlltion Prerequisites pge, speify the following time server settings, lik Chnge Time s, nd lik Next. Option Virtul Appline Time Syn. Mode Time Server Time Server Use Time Server ntp.sfo01.rinpole.lol ntp.lx01.rinpole.lol 6 On the Disovered Hosts pge, verify tht ll Windows IS virtul mhines re listed nd tht the time offset is within the -1 / 0 / 1 vlues nd lik Next. Note The Time Offset olumn shows the time delt etween the vrelize Automtion ppline nd the Windows IS VMs. Time synhroniztion is ritil. If there re vlues outside of the eptle vlues, remedite those efore you proeed. 7 On the vrelize Applines pge, enter the following settings to dd the seond vrelize Appline sed on the tle elow, lik Next. Host Admin User Pssword vr01svr01.rinpole.lol root vr_ppb_root_pssword 8 In the pop up ertifite wrning messge ox, lik OK to proeed. VMwre, In. 216

217 9 On the Server Roles pge, selet the respetive hek oxes for eh server sed on their role nd lik Next. Hosts vr01iws01.rinpole.lol vr01iws01.rinpole.lol vr01ims01.rinpole.lol vr01ims01.rinpole.lol vr01dem01.rinpole.lol vr01dem01.rinpole.lol sfo01is01.sfo01.rinpole.lol sfo01is01.sfo01.rinpole.lol Role Initil We Server nd Model Mnger Other Wes Mnger Servie Mnger Servie DEM DEM Agent Agent 10 On the Prerequisite Cheker pge, verify tht the Windows servers for IS omponents re orretly onfigured. Clik Run nd wit for the prerequisite heker to omplete. If wrnings pper, lik Fix. Verify tht the sttus of ll IS omponents hnges to OK nd lik Next. 11 On the vrelize Automtion Host pge, enter vr01svr01.rinpole.lol in the vrelize Address text ox nd lik Next. 12 On the Single Sign-On pge, enter nd onfirm vr_dministrtor_pssword for the defult tennt ount nd lik Next. 13 On the IS Host pge, onfigure the following vlues nd lik Next. Option IS We Address Mnger Servie Address Seurity Pssphrse Confirm Pssphrse vr01iws01.rinpole.lol vr01ims01.rinpole.lol sql_d_pss sql_d_pss 14 On the Mirosoft SQL Server pge, onfigure the following vlues, lik Vlidte, wit for suessful vlidtion, nd lik Next. Option Server Nme Dtse Nme Crete new dtse Defult s vr01mssql01.rinpole.lol VRADB-01 Seleted Seleted VMwre, In. 217

218 Option Use SSL for dtse onnetion Windows Authentition Deseleted Seleted 15 On the We Role pge, onfigure the following vlues for the IS servers, lik Vlidte, wit for suessful vlidtion, nd lik Next. Wesite Nme Defult We Site Port 443 vr01iws01.rinpole.lol Usernme vr01iws01.rinpole.lol Pssword vr01iws01.rinpole.lol Usernme vr01iws01.rinpole.lol Pssword rinpole.lol\sv-vr sv-vr_pssword rinpole.lol\sv-vr sv-vr_pssword 16 On the Mnger Servie Role pge, onfigure the following vlues for the IS We servers, lik Vlidte, wit for suessful vlidtion, nd lik Next. Ative IS Host Nme Usernme Pssword Seleted vr01ims01.rinpole.lol rinpole.lol\sv-vr sv-vr_pssword Deseleted vr01ims01.rinpole.lol rinpole.lol\sv-vr sv-vr_pssword VMwre, In. 218

219 17 On the Distriuted Exeution Mngers pge, lik the Add ion s needed, speify the following settings, lik Vlidte, wit for suessful vlidtion, nd lik Next. IS Host Nme Instne Nme Usernme Pssword vr01dem01 DEM-WORKER-01 rinpole.lol\sv-vr sv-vr_pssword vr01dem01 DEM-WORKER-02 rinpole.lol\sv-vr sv-vr_pssword vr01dem01 DEM-WORKER-03 rinpole.lol\sv-vr sv-vr_pssword vr01dem01 DEM-WORKER-04 rinpole.lol\sv-vr sv-vr_pssword vr01dem01 DEM-WORKER-05 rinpole.lol\sv-vr sv-vr_pssword vr01dem01 DEM-WORKER-06 rinpole.lol\sv-vr sv-vr_pssword 18 On the Agents pge, onfigure the following vlues, lik Vlidte, wit for suessful vlidtion, nd lik Next. IS Host Nme Agent Nme Endpoint Agent Type Usernme Pssword sfo01is01.sfo01.rinpole.lol VSPHERE- AGENT-01 sfo01w01v01.sfo01.rinpole.lol vsphere rinpole.lol\svvr svvr_pssword sfo01is01.sfo01.rinpole.lol VSPHERE- AGENT-01 sfo01w01v01.sfo01.rinpole.lol vsphere rinpole.lol\svvr svvr_pssword VMwre, In. 219

220 19 On the next three ertifites onfigurtion pges, onfigure the ertifites for ll vrelize Automtion. You omplete three different ertifite onfigurtion pges for the different nodes using the sme proess nd vlues from the vr.key file for the Privte Key nd the vr.3.pem file for ll ertifites stored in the vr folder. For more informtion on ertifite onfigurtion, see "Use the Certifite Genertion Utility to Generte CA-Signed Certifites for the SDDC Mngement Components" in the VMwre Vlidted Design Plnning nd Preprtion doument. On the vrelize Appline Certifite pge, speify the following settings, lik Sve Imported Certifite, nd lik Next. Certifite Ation RSA Privte Key Certifite Chin Pssphrse Import -----END RSA PRIVATE KEY BEGIN RSA PRIVATE KEY-----privte_key_vlue -----BEGIN CERTIFICATE-----Server_ertifite_vlue-----END CERTIFICATE BEGIN CERTIFICATE-----Intermedite_CA_ertifite_vlue-----END CERTIFICATE BEGIN CERTIFICATE-----Root_CA_ertifite_vlue-----END CERTIFICATE----- vr_ert_pssphrse Repet this step on the We Certifite nd the Mnger Servie Certifite pges of the vrelize Automtion Instlltion Wizrd. VMwre, In. 220

221 20 On the Lod Blners pge, lik Next. Note You onfigured lod lning in Lod Blning the Cloud Mngement Pltform in Region A 21 On the Vlidtion pge, lik Vlidte, wit for suessful vlidtion, nd lik Next. 22 On the Crete Snpshots pge, do not lose the wizrd. Snpshot eh of the vrelize Automtion virtul mhines using the following instrutions. In rowser, go to to log in to vcenter Server. Log in using the following redentils. User nme Pssword dministrtor@vsphere.lol vsphere_dmin_pssword d e From the Home pge, lik VMs nd Templtes. In the Nvigtor, expnd the sfo01m01v01.sfo01.rinpole.lol > sfo01-m01d > sfo01- m01fd-vr folder. Right-lik the vr01dem01.rinpole.lol VM nd selet Snpshots > Tke Snpshot. VMwre, In. 221

222 f In the Tke VM Snpshot dilog ox, speify the following settings nd lik OK. Nme Snpshot the virtul mhine's memory Quiese guest file system Prior to vra IS omponent instlltion Deseleted Deseleted g Repet the step to rete snpshots of the remining vrelize Automtion VMs. Virtul Mhine vr01svr01.rinpole.lol vr01svr01.rinpole.lol vr01mssql01.rinpole.lol vr01iws01.rinpole.lol vr01iws01.rinpole.lol vr01ims01.rinpole.lol vr01ims01.rinpole.lol vr01dem01.rinpole.lol vr01dem01.rinpole.lol sfo01is01.sfo01.rinpole.lol sfo01is01.sfo01.rinpole.lol vcenter Folder sfo01-m01fd-vr sfo01-m01fd-vr sfo01-m01fd-vr sfo01-m01fd-vr sfo01-m01fd-vr sfo01-m01fd-vr sfo01-m01fd-vr sfo01-m01fd-vr sfo01-m01fd-vr sfo01-m01fd-vris sfo01-m01fd-vris After you rete snpshots of ll virtul mhines, return to the vrelize Automtion Instlltion wizrd. 23 On the Crete Snpshots pge, lik Next. 24 On the Instlltion Detils pge, lik Instll. 25 On the Instlltion Detils pge, verify tht ll items omplete suessfully nd lik Next. 26 On the Liensing pge, enter your vrelize_automtion_liense_key, lik Sumit Key, nd lik Next. 27 On the Telemetry pge, selet Join the VMwre Customer Experiene Improvement Progrm nd lik Next. 28 On the Post-Instlltion Options pge, selet Continue to proeed without reting initil ontent nd lik Next. 29 Clik Finish to exit the wizrd. VMwre, In. 222

223 Configure vrelize Automtion for Lrge Sle Deployment in Region A Inrese the vlue of the ProxyAgentBinding nd mxstringcontentlength ttriutes to onfigure vrelize Automtion Mngement Servie to ontin lrge mount of dt ojets. For exmple, 3000 or more virtul mhines from vsphere Center Server. 1 Log into the vr01ims01.rinpole.lol virtul mhine onsole s the user rinpole\svr-vr. 2 Clik the Strt utton on the tskr to disply the menu, enter Notepd in the serh ox, nd lik Notepd in the serh results. Note Alterntively you n use ny text editor instlled on the Windows operting system in your environment tht you prefer. 3 Right-lik the Notepd pplition ion, or your preferred text editor, nd selet Run As Administrtor. 4 Open the file C:\Progrm Files (x86)\vmwre\vcac\server\mngerservie.exe.onfig for editing in Notepd or your preferred text editor. 5 Lote the following line in the MngerServie.exe.onfig file. <inding nme= ProxyAgentServieBinding mxreeivedmessgesize= > <rederquots mxstringcontentlength= /> Note Do not onfuse these two lines with the lines tht re very similr, ut with the ttriute inding nme = "ProvisionServieBinding". 6 Reple the vlues of the following ttriutes y inresing them y ftor of 10 s shown in the tle elow. Prmeter s mxreeivedmessgesize mxstringcontentlength Sve your hnges to the MngerServie.exe.onfig file, lose it, nd exit the text editor. 8 Clik Strt, nd then lik Restrt to restrt the virtul mhine. 9 Repet this proedure for the vr01ims01.rinpole.lol virtul mhine. VMwre, In. 223

224 vrelize Automtion Defult Tennt Configurtion in Region A In shred loud environments, where multiple ompnies, divisions or independent groups re using ommon infrstruture fri, it is neessry to set up virtul privte louds where uthentition, resoures, poliy re ustomized to the needs of eh group. Tennts re useful for isolting the users, resoures nd servies of one tennt from those of other tennts. Crete Lol Tennt Administrtor in Region A Join the VMwre Identity Mnger onnetors to the Ative Diretory domin to support Integrted Windows Authentition. Perform this opertion in the defult tennt vsphere.lol. Crete lol user for the defult tennt in vrelize Automtion nd ssign the Tennt Administrtor role to the defult tennt. 1 Log in to the vrelize Automtion portl. Open We rowser nd go to Log in using the following redentils. User nme Pssword dministrtor vr_dministrtor_pssword 2 On the Tennts pge, lik the defult tennt vsphere.lol to edit its settings. 3 Clik the Lol users t nd lik New to dd lol user to the defult tennt. VMwre, In. 224

225 4 In the User Detils dilog ox, speify the following settings, lik OK, nd lik Next. First nme Lst nme Emil User nme Pssword Confirm pssword ITAC LolDefultAdmin ITAC-LolDefultAdmin it-loldefultdmin_pssword it-loldefultdmin_pssword VMwre, In. 225

226 5 On the Administrtors t, speify tennt nd infrstruture dministrtors. In the Tennt dministrtors serh text ox, enter ITAC-LolDefultAdmin nd press Enter. In the IS dministrtors serh text ox, enter ITAC-LolDefultAdmin nd press Enter. Clik Finish. 6 Log out from the vrelize Automtion portl. VMwre, In. 226

227 Join Connetors to n Ative Diretory Domin in Region A To use n Ative Diretory domin for tennt uthentition, you must join VMwre Identity Mnger onnetor to vrelize Automtion. Eh vrelize Automtion ppline inludes onnetor tht supports user uthentition. By defult, one onnetor is typilly onfigured to perform diretory synhroniztion. Perform the proedure y using the ITAC-LolDefultAdmin tht you onfigured in the previous proedure. 1 Log in to the vrelize Automtion portl. Open We rowser nd go to Log in using the following redentils. User nme Pssword ITAC-LolDefultAdmin it-loldefultdmin_pssword 2 Nvigte to Administrtion > Diretories Mngement > Connetors. VMwre, In. 227

228 3 For the first.onnetor, lik Join Domin, speify the following settings nd lik Join Domin. Domin Custom Domin rinpole.lol Domin User Domin Pssword dministrtor domin_dmin_pssword 4 For the first-onnetor-clone, lik Join Domin, speify the following settings nd lik Join Domin. Domin Custom Domin rinpole.lol Domin User Domin Pssword dministrtor domin_dmin_pssword 5 Log out from the vrelize Automtion portl. vrelize Automtion Tennt Cretion in Region A You rete dditionl vrelize Automtion tennts so tht users n ess the pplitions nd resoures tht they need to omplete their work ssignments. A tennt is group of users with speifi privileges who work within softwre instne. Administrtors n rete dditionl tennts so tht users n log in nd omplete their work ssignments. Administrtors n rete s mny tennts s needed for system opertion. Administrtors must speify si onfigurtion suh s nme, login URL, lol users, nd dministrtors. The tennt dministrtor must lso log in nd set up n pproprite Ative Diretory onnetion nd pply ustom rnding to tennts. Crete the Rinpole Tennt in Region A The vrelize Automtion Identity Mnger provides Single-Sign On (SSO) pility for vrelize Automtion users. vrelize Automtion Identity Mnger is n uthentition roker nd seurity token exhnge tht interts with the Ative Diretory to uthentite users. As the system dministrtor, you onfigure Identity Mnger to provide ess to vrelize Automtion y the Rinpole tennt. The Rinpole tennt is the tennt through whih you mnge system-wide onfigurtion, tht inludes glol system defults for rnding, notifitions, nd monitor system logs. VMwre, In. 228

229 1 Log in to the vrelize Automtion portl. Open We rowser nd go to Log in using the following redentils. User nme Pssword dministrtor vr_dministrtor_pssword 2 On the Tennts pge, lik New to onfigure new tennt. 3 On the Generl t, enter the following settings for the Rinpole tennt, nd lik Sumit nd Next. Nme URL Nme Contt emil Rinpole rinpole dministrtor@rinpole.lol 4 On the Lol Users t, lik New to dd lol user for the tennt. 5 In the User Detils dilog ox, speify the following settings, lik OK, nd lik Next. First nme Lst nme Emil ITAC LolRinpoleAdmin ITAC-LolRinpoleAdmin@rinpole.lol VMwre, In. 229

230 User nme Pssword Confirm pssword ITAC-LolRinpoleAdmin it-lolrinpoledmin_pssword it-lolrinpoledmin_pssword VMwre, In. 230

231 6 On the Administrtors t, speify tennt nd infrstruture dministrtors. Enter ITAC-LolRinpoleAdmin in the Tennt dministrtors serh text ox nd press Enter. Enter ITAC-LolRinpoleAdmin in the IS dministrtors serh text ox nd press Enter. Clik Finish. 7 Log out of vrelize Automtion portl. Configure Identity Mngement for the vrelize Automtion Tennt in Region A vrelize Automtion uses VMwre Identity Mnger to uthentite users. Eh tennt hs to e ssoited with t lest one diretory s prt of the tennt retion. You n dd more diretories if neessry. Perform the proedure y using the ITAC-LolRinpoleAdmin tht you onfigured. 1 Log in to the vrelize Automtion Rinpole portl. Open We rowser nd go to Log in using the following redentils. User nme Pssword ITAC-LolRinpoleAdmin it-lolrinpoledmin_pssword VMwre, In. 231

232 2 Nvigte to Administrtion > Diretories Mngement > Diretories. 3 Clik Add Diretory nd selet Add Ative Diretory over LDAP/IWA, speify the following settings nd lik Sve & Next. Diretory Nme Diretory Type Syn Connetor Authentition Diretory Serh Attriute Certifites Domin Nme Domin Admin Usernme Domin Admin Pssword Bind User UPN Bind DN Pssword rinpole.lol Ative Diretory (Integrted Windows Authentition) vr01svr01.rinpole.lol Yes samaountnme Deseleted rinpole.lol domin dministrtor domin_dmin_pssword sv-vr@rinpole.lol sv-vr_pssword 4 On the Selet the Domins pge, selet rinpole.lol (RAINPOLE) nd lik Next. 5 On the Mp User Attriutes pge, lik Next. VMwre, In. 232

233 6 On the Selet the groups (users) you wnt to syn pge, enter the group DNs to syn. Clik the Add ion to dd the distinguished nme to the serh riteri. In the Speify the group DNs text ox, enter d=rinpole,d=lol nd lik Find Groups. After the Groups to syn vlue updtes, lik Selet. VMwre, In. 233

234 d Selet the following groups nd lik Sve. ug-itac-tenntadmins ug-itac-tenntarhitets ug-sddc-admins ug-sddc-ops ug-vroadmins e Clik Next. VMwre, In. 234

235 7 On the Selet the Users you would like to syn pge, enter the user DNs to syn. Clik the Add ion to dd the distinguished nme to the serh riteri. In the Speify the user DNs text ox, enter n=users,d=rinpole,d=lol, lik the Add ion on the sme row, nd lik Sve. 8 On the Review pge, lik Syn Diretory. Configure Diretories Mngement for High Avilility in Region A Eh vrelize Automtion ppline inludes onnetor tht supports user uthentition, lthough only one onnetor is typilly onfigured to perform diretory synhroniztion. To support Diretories Mngement high vilility, you must onfigure seond onnetor tht orresponds to your seond vrelize Automtion ppline. Tht seond onnetor onnets to the sme Identity Provider nd, through VMwre Identity Mnger, points to the sme Ative Diretory instne. With this onfigurtion, if one ppline fils, the other n tke over mngement of user uthentition. In high vilility environment, ll nodes must serve the sme set of users, uthentition methods, nd other Ative Diretory onstruts. The most diret method to omplish this is to promote the Identity Provider to the luster y setting the lod lner host s the Identity Provider host. With this onfigurtion, ll uthentition requests re direted to the lod lner, whih forwrds the request to either onnetor s pproprite. 1 Log in to the vrelize Automtion Rinpole portl. Open We rowser nd go to Log in using the following redentils. User nme Pssword ITAC-LolRinpoleAdmin it-lolrinpoledmin_pssword 2 Nvigte to Administrtion > Diretories Mngement > Identity Providers. 3 Clik WorkspeIDP_1 to edit its settings. VMwre, In. 235

236 4 Under Connetor(s), speify the following settings nd lik Add Connetor. Add Connetor Bind DN Pssword Domin Admin Pssword vr01svr01.rinpole.lol sv-vr_pssword domin_dmin_pssword 5 In the Idp Hostnme text ox, enter vr01svr01.rinpole.lol, the host nme of the lod lner, nd lik Sve. Assign Tennt Administrtive Roles to Ative Diretory Users in Region A After vrelize Automtion Diretories Mngement is ssoited with your Ative Diretory domin, domin users n dminister the tennt. Assign domin user groups for tennt nd infrstruture dministrtors. 1 Log in to the vrelize Automtion portl. Open We rowser nd go to Log in using the following redentils. User nme Pssword dministrtor vr_dministrtor_pssword VMwre, In. 236

237 2 On the Tennts pge, lik the Rinpole tennt to edit its settings. 3 Clik the Administrtors t to ssign domin user groups for tennt nd infrstruture dministrtors. Enter ug-itac-tenntadmins in the Tennt dministrtors serh text ox nd press Enter. Enter ug-itac-tenntadmins in the IS dministrtors serh text ox nd press Enter. Clik Finish. Brnd the Tennt Login Pges in Region A You n pply ustom rnding on per-ustomer sis to the vrelize Automtion tennt login pges. System dministrtors ontrol the defult rnding for ll tennts. As tennt dministrtor, you hnge the rnding of the portl. Tht inludes the logo, the kground olor, nd the informtion in the heder nd footer. If the rnding for tennt is hnged, tennt dministrtor n revert k to the system defults. 1 Log in to the vrelize Automtion portl. Open We rowser nd go to Log in using the following redentils. User nme Pssword dministrtor vr_dministrtor_pssword 2 Nvigte to Administrtion > Brnding nd deselet the Use defult hek ox. 3 On the Heder t speify the following settings for the heder rnding. Compny Nme Produt Nme Bkground hex olor Text hex olor Rinpole Infrstruture Servie Portl 3989C7 FFFFFF VMwre, In. 237

238 4 Clik the Footer t, speify the following settings for the footer rnding nd lik Finish. Copyright notie Privy poliy link Contt link Copyright Rinpole. All Rights Reserved. Configure the Defult Emil Servers in Region A System dministrtors onfigure inound nd outound emil servers to hndle emil notifitions out events involving tennts' mhines. System dministrtors n rete only one inound emil server nd one outound emil server. These servers re the defults for ll tennts. If tennt dministrtors do not override the defult emil server settings efore they enle notifitions, vrelize Automtion uses the glolly onfigured emil server. 1 Log in to the vrelize Automtion portl. Open We rowser nd go to Log in using the following redentils. User nme Pssword dministrtor vr_dministrtor_pssword 2 Nvigte to Administrtion > Emil Servers nd lik New. 3 In the New Emil Server dilog ox, selet Emil - Inound nd lik OK. VMwre, In. 238

239 4 On the New Inound Emil pge, speify the following vlues, lik Test Connetion to verify tht the settings re orret, nd lik OK. Nme Seurity Protool Server Nme Rinpole-Inound Deseleted IMAP emil.rinpole.lol Server Port 143 Folder Nme Proessed Emil User Nme Pssword Emil Address INBOX Deseleted vr_dministrtor_pssword 5 On the Emil Servers pge, lik New to onfigure the outound server settings. 6 In the New Emil Server dilog ox, selet Emil - Outound nd lik OK. 7 On the New Outound Emil pge, speify the following vlues, lik Test Connetion to verify tht the settings re orret, nd lik OK. Nme Server Nme Enryption Method Rinpole-Outound emil.rinpole.lol None Server Port 25 Authentition User Nme Seleted dministrtor@rinpole.lol VMwre, In. 239

240 Pssword Sender Address vr_dministrtor_pssword 8 Log out of vrelize Automtion portl. Emedded vrelize Orhestrtor Configurtion in Region A VMwre Emedded vrelize Orhestrtor is pltform tht provides lirry of extensile workflows to llow you to rete nd run utomted, onfigurle proesses to mnge the VMwre vsphere infrstruture s well s other VMwre nd third-prty tehnologies. vrelize Orhestrtor is omposed of three distint lyers: n orhestrtion pltform tht provides the ommon fetures required for n orhestrtion tool, plug-in rhiteture to integrte ontrol of susystems, nd lirry of workflows. vrelize Orhestrtor is n open pltform tht n e extended with new plug-ins nd lirries, nd n e integrted into lrger rhitetures through REST API. Configure the Emedded vrelize Orhestrtor in Region A Configure the vrelize Orhestrtor servies to provide the SDDC foundtion orhestrtion engine. Configure the Emedded vrelize Orhestrtor in Region A You need to onfigure two vrelize Automtion virtul pplines to rete highly ville Emedded vrelize Orhestrtor luster. Perform this proedure twie to onfigure two pplines using the respetive vlues in the following tle for the different hosts. vrelize Orhestrtor Appline IP Address FQDN Host A vr01svr01.rinpole.lol Host B vr01svr01.rinpole.lol VMwre, In. 240

241 1 Log in to the vrelize Automtion Appline vr01svr01.rinpole.lol to onfigure the emedded vrelize Orhestrtor. SSH to vrelize Automtion Appline vr01svr01.rinpole.lol using the following redentils. User nme Pssword root hosta_root_pssword Strt vo-onfigurtor servie using the ommnd servie vo-onfigurtor strt. Verify the sttus of vo-onfigurtor using the ommnd servie vo-onfigurtor sttus. d Run the ommnd hkonfig vo-onfigurtor on to enle utomti restrt of voonfigurtor servie upon susequent reoots of the vrelize Automtion ppline. 2 Repet the proedure to onfigure the vrelize Orhestrtor for Host B vr01svr01.rinpole.lol. Configure Authentition Provider for vrelize Orhestrtor in Region A Configure vrelize Orhestrtor to use the Rinpole lol tennt in vrelize Automtion for uthentition. By ssoiting vrelize Orhestrtor uthentition to non-defult tennt, vrelize Orhestrtor exeutes workflows with end-user permissions. If vrelize Orhestrtor uthentites using the defult tennt, Orhestrtor users will lwys hve dministrtive rights. 1 Log in to the vrelize Orhestrtor Control Center. Open We rowser nd go to Log in using the following redentils. User nme Pssword root vr_ppa_root_pssword VMwre, In. 241

242 2 Configure vrelize Automtion s vrelize Orhestrtor uthentition provider. d On the Home pge, under Mnge, lik Configure Authentition Provider. In the Defult Tennt text ox, lik the Chnge utton, enter rinpole, nd lik Apply. In the Admin group text ox, enter ug-vro nd lik Serh. From the drop-down menu, selet rinpole.lol\ug-vroadmins nd lik Sve Chnges. The ontrol enter logs you out. 3 Verify tht you n suessfully log in s sv-vr. Open We rowser nd go to Log in using the following redentils. Domin User nme Pssword rinpole.lol sv-vr sv-vr_pssword 4 Log out of ontrol enter. 5 Open n SSH onnetion to oth vrelize Automtion pplines vr01svr01.rinpole.lol nd vr01svr01.rinpole.lol, nd run the following ommnds to restrt the vrelize Orhestrtor servies. servie vo-server restrt servie vo-onfigurtor restrt VMwre, In. 242

243 6 Log k in to ontrol enter s the sv-vr user. Note The log in proess might e delyed due to the vrelize Orhestrtor servies restrting. Open We rowser nd go to Log in using the following redentils. Domin User nme Pssword rinpole.lol sv-vr sv-vr_pssword Vlidte the Configurtion of vrelize Orhestrtor in Region A You n verify tht Emedded vrelize Orhestrtor is onfigured properly y opening the Vlidte Configurtion pge in the Control Center. 1 Log in to the Emedded vrelize Orhestrtor Control Center. Open We rowser nd go to Log in using the following redentils. Domin User nme Pssword rinpole.lol sv-vr sv-vr_pssword VMwre, In. 243

244 2 On the Home pge, under Mnge, lik Vlidte Configurtion nd verify tht ll hek mrks re green. Add Compute vcenter Server Instne to Emedded vrelize Orhestrtor in Region A Add eh vcenter Server instne tht ontriutes resoures to vrelize Automtion nd uses vrelize Orhestrtor workflows to llow ommunition. 1 Downlod nd Instll the vrelize Orhestrtor Client. Open We rowser nd go to Clik vrelize Orhestrtor Client. On the VMwre vrelize Orhestrtor Login pge, log in to the Emedded vrelize Orhestrtor y using the following hostnme nd redentils. Host nme User nme Pssword vr01svr01.rinpole.lol:443 sv-vr sv-vr_pssword 2 In the left pne, lik Workflows, nd nvigte to Lirry > vcenter > Configurtion. VMwre, In. 244

245 3 Right-lik the Add vcenter Server instne workflow nd lik Strt Workflow. On the Set the vcenter Server Instne pge, onfigure the following settings nd lik Next. IP or hostnme of the vcenter Server instne to dd sfo01w01v01.sfo01.rinpole.lol HTTPS port of the vcenter Server instne 443 Lotion of SDK tht you use to onnet Will you orhestrte this instne Do you wnt to ignore ertifite wrnings /sdk Yes Yes On the Set the onnetion properties pge, onfigure the following settings, nd lik Sumit. Use session per user vcenter Server user nme vcenter Server user pssword No rinpole.lol\sv-vro sv-vro_pssword 4 To verify tht the workflow ompleted suessfully, lik the Inventory t nd expnd the vsphere vcenter Plugin tree ontrol. The vcenter Server instne you dded will e visile in the inventory. Integrte vrelize Orhestrtor with vrelize Automtion in Region A Configure vrelize Automtion to work with the externl vrelize Orhestrtor instne. Configure Emedded vrelize Orhestrtor Server in Region A To use vrelize Automtion workflows to ll vrelize Orhestrtor workflows, you must onfigure vrelize Orhestrtor to t s n endpoint. 1 Log in to the vrelize Automtion portl. Open We rowser nd go to Log in using the following redentils. Domin User nme Pssword vsphere.lol dministrtor vr_dministrtor_pssword 2 Clik Administrtion > vro Configurtion > Server Configurtion. 3 Selet the Use the defult Orhestrtor server rdio utton nd lik Test Connetion. VMwre, In. 245

246 4 One the Suessfully onneted to the Orhestrtor server messge ppers, lik OK to omplete the onfigurtion. Crete vrelize Orhestrtor Endpoint in Region A IS dministrtors re responsile for reting the endpoints tht llow vrelize Automtion to ommunite with your infrstruture. You rete vrelize Orhestrtor endpoint for use y Relize Automtion to ommunite workflows. 1 Log in to the Rinpole Infrstruture Servie Portl. Open We rowser nd go to From the Selet your domin drop-down menu selet Rinpole.lol nd lik Next Log in using the following redentils. User nme Pssword Domin it-tenntdmin it-tenntdmin_pssword rinpole.lol 2 Crete new endpoint for vrelize Orhestrtor. Selet Infrstruture > Endpoints > Endpoints. Clik New > Orhestrtion > vrelize Orhestrtor, enter the following vlues, nd lik OK to omplete the proess. Nme Address User nme Pssword vr01svr01.rinpole.lol sv-vr@rinpole.lol sv-vr_pssword Priority 1 3 Strt the dt olletion for the newly reted endpoint. Selet the vrelize Orhestrtor endpoint in the Endpoints list nd lik Ations > Dt Colletion. Clik Strt to egin the vrelize Orhestrtor dt olletion proess. Wit severl minutes for the dt olletion proess to omplete. Clik Refresh to verify tht the dt olletion suessfully omplete. When dt olletion sueeded sttus messge ppers, the onfigurtion proess is omplete. VMwre, In. 246

247 Add vrelize Automtion Host in vrelize Orhestrtor in Region A To ll vrelize Automtion Plugin workflows, you onfigure the vrelize Automtion host in vrelize Orhestrtor. 1 Log in to the vrelize Orhestrtor Client. Open We rowser nd go to Clik Strt Orhestrtor Client. On the VMwre vrelize Orhestrtor login pge, log in to vrelize Orhestrtor using the following hostnme nd redentils. Host nme User nme Pssword vr01svr01.rinpole.lol:443 sv-vr sv-vr_pssword 2 In the left pne, lik Workflows, nd nvigte to Lirry > vrelize Automtion > Configurtion. 3 Right-lik the Add vra host using omponent registry workflow nd lik Strt Workflow. On the Common prmeters pge, onfigure the following settings, nd lik Sumit. Nme of the vcac host vr01svr01.rinpole.lol Connetion timeout 30.0 Opertion timeout 60.0 Mximum pge size for ojets retrieved from this host To verify tht the workflow ompleted suessfully, lik the Inventory t nd expnd the vrelize Automtion tree ontrol. The vrelize Automtion Server instne tht you just dded is visile in the inventory. 5 In the left pne, lik Workflows, nd nvigte to Lirry > vrelize Automtion > Configurtion. VMwre, In. 247

248 6 Right-lik the Add the IS host of vra host workflow nd lik Strt Workflow. On the Common prmeters pge, lik the serh ion lelled Not set. Selet vr01svr01.rinpole.lol [ [rinpole] for vcac host nd lik Next. On the Add n IS host pge, keep the defult settings for Host Properties nd lik Next. d On the Add n IS host pge, keep the defult settings for the Proxy s nd lik Next. On the Host Authentition pge, selet SSO for Host's uthentition type, nd lik Sumit. 7 To verify tht the workflow ompleted suessfully, lik the Inventory t nd expnd the vrelize Automtion Infrstruture tree ontrol. The vrelize Automtion IS Server instne you dded is visile in the inventory. VMwre, In. 248

249 vrelize Business Instlltion in Region A vrelize Business is n IT finnil mngement tool tht provides trnspreny nd ontrol over the osts nd qulity of IT servies, enling lignment with the usiness nd elertion of IT trnsformtion. Instll vrelize Business nd integrte it with vrelize Automtion to ontinuously monitor the ost of eh individul Virtul Mhine nd the ost of their dt enter. Deploy the vrelize Business for Cloud Virtul Applines in Region A VMwre vrelize Business provides pilities tht llow users to gin greter visiility into finnil spets of their loud infrstruture nd let them optimize nd improve these opertions. You deploy two instnes of vrelize Business, Server nd Dt Colletor. Repet this proedure twie to deploy the two pplines. VMwre, In. 249

250 1 Log in to vcenter Server y using the vsphere We Client. Open We rowser nd go to Log in using the following redentils. User nme Pssword dministrtor@vsphere.lol vsphere_dmin_pssword 2 Clik Hosts nd Clusters nd nvigte to the sfo01m01v01.sfo01.rinpole.lol vcenter Server ojet. 3 Right-lik the sfo01m01v01.sfo01.rinpole.lol ojet nd selet Deploy OVF Templte. 4 On the Selet templte pge, selet Lol file, rowse to the lotion of the vrelize Business virtul ppline.ov file on your file system, nd lik Next. 5 On the Selet nme nd lotion pge, enter the following informtion for the respetive ppline tht you deploy nd lik Next. for Server for Dt Colletor Nme vr01svr01.rinpole.lol sfo01vr01.sfo01.rinpole.lol Selet dtenter or folder sfo01-m01fd-vr sfo01-m01fd-vris 6 On the Selet resoure pge, selet the sfo01-m01-mgmt01 luster nd lik Next. 7 On the Review detils pge, exmine the virtul ppline detils, suh s produt, version, downlod nd disk size, nd lik Next. 8 On the Aept liense greements pge, ept the end user liense greements nd lik Next. 9 On the Selet storge pge, selet the dtstore. Selet Thin provision from the Selet virtul disk formt drop-down menu. Selet vsan Defult Storge Poliy from the VM storge poliy drop-down menu. From the dtstore tle, selet the sfo01-m01-vsn01 dtstore nd lik Next. 10 On the Selet networks pge, selet the pproprite network from the Destintion drop-down menu, nd lik Next. for Server for Dt Colletor Network 1 Ends with Mgmt-xRegion01-VXLAN Ends with Mgmt-RegionA01-VXLAN VMwre, In. 250

251 11 On the Customize templte pge, onfigure the following vlues nd lik Next. s for Server s for Dt Colletor Curreny USD USD Enle SSH servie Seleted Seleted Enle Server Seleted Deseleted Join the VMwre Customer Experiene Improvement Progrm Seleted Seleted Root user pssword vr_server_root_pssword vr_olletor_root_pssword Defult Gtewy Domin Nme vr01svr01.rinpole.lol sfo01vr01.sfo01.rinpole.lol Domin Nme Servers , , Domin Serh Pth rinpole.lol,sfo01.rinpole.lol,lx01.rinpole.lol sfo01.rinpole.lol Network 1 IP Address Network 1 Netmsk On the Redy to omplete pge, review the onfigurtion settings you speified nd lik Finish. 13 Adjust the vrelize Business virtul ppline memory size. Right-lik the virtul mhine nd selet Edit s. Clik Virtul Hrdwre, enter the following vlue for Memory, nd lik OK. for Server for Dt Colletor vrelize Business virtul ppline vr01svr01.rinpole.lol sf001vr01.sfo01.rinpole.lol Memory 8GB (Defult) 2GB 14 Nvigte to the new ppline nd power on the VM. 15 Repet this proedure to deploy the vrelize Business Dt Colletor sfo01vr01.sfo01.rinpole.lol. Configure SSL Certifite for vrelize Business Server in Region A Import the previously generted ertifites for vrelize Business from the vrelize Business ppline mngement onsole. Prerequisites CA-signed ertifite files generted y using VMwre Vlidted Design Certifite Genertion Utility (CertGenVVD). See the VMwre Vlidted Design Plnning nd Preprtion doumenttion. VMwre, In. 251

252 1 Log in to the vrelize Business Server ppline mngement onsole. Open We rowser nd go to Log in using the following redentils. User nme Pssword root vr_server_root_pssword 2 Clik the Administrtion t nd lik SSL. 3 On the Reple SSL Certifite pge, uplod the ertifite files tht you previously generted for vrelize Business nd lik Reple Certifite. Use the vr.key file s the RSA Privte Key (.key) nd the vr.3.pem file for the Certifite(s) (.pem) entry. These files re in the vr folder tht you reted during ertifite genertion. Choose mode RSA Privte Key (.key) Import PEM enoded Certifite BEGIN RSA PRIVATE KEY----- privte_key_vlue -----END RSA PRIVATE KEY----- Certifite(s) (.pem) -----BEGIN CERTIFICATE----- Server_ertifite_vlue -----END CERTIFICATE BEGIN CERTIFICATE----- Intermedite_CA -----END CERTIFICATE BEGIN CERTIFICATE----- Root_CA_ertifite_vlue -----END CERTIFICATE----- Privte Key Pssphrse vr_ert_pssphrse 4 Verify tht the ertifite hs hnged suessfully. A messge ppers tht informs you tht the SSL ertifite ws suessfully onfigured. 5 Clik the System t nd lik Reoot for the hnges to tke effet. Configure NTP for vrelize Business in Region A Configure the network time protool (NTP) on oth vrelize usiness pplines from the virtul ppline mngement interfe (VAMI). Perform the proedure on oth vrelize Business Server nd vrelize Business Dt Colletor virtul pplines. VMwre, In. 252

253 Host Server Dt Colletor VAMI URL Log in to the vrelize Business Server ppline mngement onsole. Open We rowser nd go to Log in using the following redentils. User nme Pssword root vr_server_root_pssword 2 Configure the ppline to use time server. Clik the Administrtion t nd lik Time s. On the Time s pge, enter the following settings nd lik Sve s. Time Syn. Mode Time Server #1 Time Server #2 Use Time Server ntp.sfo01.rinpole.lol ntp.lx01.rinpole.lol 3 Repet the proedure on the vrelize Business Dt Colletor virtul ppline sfo01vr01.sfo01.rinpole.lol. Integrte vrelize Business with vrelize Automtion in Region A To prepre vrelize Business for use, you must register the vrelize Business Server to vrelize Automtion y using the mngement interfe. 1 Log in to the vrelize Business Server ppline mngement onsole. Open We rowser nd go to Log in using the following redentils. User nme Pssword root vr_server_root_pssword VMwre, In. 253

254 2 On the Registrtion > vra sut, enter the following redentils to register with the vrelize Automtion server. Hostnme SSO Defult Tennt SSO Admin User SSO Admin Pssword Aept "vrelize Automtion" ertifite vr01svr01.rinpole.lol vsphere.lol dministrtor vr_dministrtor_pssword Seleted 3 Clik Register to onnet to vrelize Automtion nd get its ertifite. A filure messge my pper t the top of the pge. Wit until the SSO Sttus hnges to The ertifite of "vrelize Automtion" is not trusted. Plese view nd ept to register. 4 Clik the View "vrelize Automtion" ertifite link to downlod the vrelize Automtion ertifite. 5 Selet the Aept "vrelize Automtion" ertifite hek ox nd lik Register. SSO Sttus hnges to Conneted to vrelize Automtion. Register the vrelize Business Dt Colletor with the Server in Region A After you integrte vrelize Business with vrelize Automtion, you onnet the two vrelize Business pplines. Beuse the tennt is onfigured in vrelize Automtion, you register the vrelize Business Dt Colletor ppline with the vrelize Business Server using the following proedure. Grnt n dded role to the tennt dmin, enter produt liense key, nd generte one-time key from vrelize Automtion. Register the Dt Colletor to the vrelize Business Server. 1 Log in to the vrelize Automtion Rinpole portl. Open We rowser nd go to Log in using the following redentils. User nme Pssword Domin it-tenntdmin it-tenntdmin_pssword Rinpole.lol VMwre, In. 254

255 2 Nvigte to Administrtion > Users & Groups > Diretory Users nd Groups. 3 In the serh text ox, enter ug-itac-tenntadmins. 4 Clik the ug-itac-tenntadmins group to edit its settings. 5 On the Edit Group pge, in the Add Roles to this Group list, selet the Business Mngement Administrtor role to dd the role nd lik Finish. 6 Close your rowser, nd log in gin y using the sme redentils. 7 Assign liense to the vrelize Business solution. Clik the Business Mngement t. Under Liense, enter your seril numer for vrelize Business nd lik Sve. 8 Generte one-time use key for onneting the two vrelize Business pplines. Nvigte to Administrtion > Business Mngement. Expnd the Mnge Dt Colletor > Remote Dt Colletion setion. VMwre, In. 255

256 d Clik Generte new one time use key. Sve the one time use key s you need it t lter stge in the implementtion sequene. 9 Log in to the vrelize Business Dt Colletor onsole. Open We rowser nd go to Log in using the following redentils. User nme Pssword root vr_olletor_root_pssword 10 Register the Dt Colletor with the vrelize Business Server. Expnd the Registrtion with the vrelize Business Server setion. Enter the following vlues nd lik Register. Enter the vrb Server Url Enter the One Time Key one_time_use_key After you lik Register, wrning messge informs you tht the ertifite is not trusted. Clik Instll nd lik OK. The vrelize Business pplines re now onneted. VMwre, In. 256

257 Connet vrelize Business with the Compute vcenter Server in Region A vrelize Business requires ommunition with the Compute vcenter Server to ollet dt from the entire luster. You perform this opertion y using the vrelize Business Dt Colletor onsole. 1 Log in to the vrelize Business Dt Colletor onsole. Open We rowser nd go to Log in using the following redentils. User nme Pssword root vr_olletor_root_pssword 2 Clik Mnge Privte Cloud Connetions, selet vcenter Server, nd lik the Add ion. 3 In the Add vcenter Server Connetion dilog ox, enter the following settings nd lik Sve. Nme vcenter Server Usernme Pssword sfo01w01v01.sfo01.rinpole.lol sfo01w01v01.sfo01.rinpole.lol sv-vr@rinpole.lol sv_vr_pssword 4 In the SSL Certifite wrning dilog ox, lik Instll. 5 In the Suess dilog ox, lik OK. Cloud Mngement Pltform Post-Instlltion Tsks in Region A After you deploy vrelize Automtion nd vrelize Orhestrtor, you rete nti-ffinity rules to enle HA protetion for oth servies, enle helth monitors to hek the helth sttus of individul servers, nd remove the snpshots reted during the vrelize Automtion instlltion. Crete Anti-Affinity Rules for vrelize Automtion nd vrelize Orhestrtor Virtul Mhines in Region A A VM-Host nti-ffinity (or ffinity) rule speifies reltionship etween group of virtul mhines nd group of hosts. Anti-ffinity rules fore speified virtul mhines to remin prt during filover tions, nd re requirement for high vilility. VMwre, In. 257

258 Tle 3 4. Anti-ffinity Rules for the Cloud Mngement Pltform Nme Type Memers nti-ffinity-rule-vr-svr Seprte Virtul Mhines vr01svr01.rinpole.lol, vr01svr01.rinpole.lol nti-ffinity-rule-vr-iws Seprte Virtul Mhines vr01iws01.rinpole.lol, vr01iws01.rinpole.lol nti-ffinity-rule-vr-ims Seprte Virtul Mhines vr01ims01.rinpole.lol, vr01ims01.rinpole.lol nti-ffinity-rule-vr-dem Seprte Virtul Mhines vr01dem01.rinpole.lol, vr01dem01.rinpole.lol nti-ffinity-rule-vr-is Seprte Virtul Mhines sfo01is01.sfo01.rinpole.lol, sfo01is01.sfo01.rinpole.lol 1 Log in to vcenter Server y using the vsphere We Client. Open We rowser nd go to Log in using the following redentils. User nme Pssword dministrtor@vsphere.lol vsphere_dmin_pssword 2 From the Home pge, lik Hosts nd Clusters. 3 Under sfo01m01v01.sfo01.rinpole.lol, lik sfo01-m01d, nd lik sfo01-m01-mgmt01. 4 Clik the Configure t, nd under Configurtion, selet VM/Host Rules. 5 Under VM/Host Rules, lik Add to rete virtul mhine nti-ffinity rule. 6 In the Crete VM/Host Rule dilog ox, speify the first rule for the vrelize Automtion virtul pplines. d In the Nme text ox, enter nti-ffinity-rule-vr-svr. Selet the Enle rule hek ox. Selet Seprte Virtul Mhines from the Type drop-down menu. Clik Add, selet the vr01svr01.rinpole.lol nd vr01svr01.rinpole.lol virtul mhines, lik OK, nd lik OK. 7 Repet the proedure to onfigure the remining nti-ffinity rules. Crete VM Groups to Define the Strtup Order of the Cloud Mngement Pltform in Region A VM Groups llow you to define the strtup order of virtul mhines. The strtup order you define ensures tht vsphere HA powers on virtul mhines in the orret order. VMwre, In. 258

259 1 Log in to the Mngement vcenter Server y using the vsphere We Client. Open We rowser nd go to Log in using the following redentils. User nme Pssword dministrtor@vsphere.lol vsphere_dmin_pssword 2 In the Nvigtor, selet Host nd Clusters nd expnd the sfo01m01v01.sfo01.rinpole.lol tree. 3 Crete VM Group for the vrelize Automtion IS Dtse. d e f Selet the sfo01-m01-mgmt01 luster nd lik the Configure t. On the Configure pge, lik VM/Host Groups. On the VM/Host Groups pge, lik the Add utton. In the Crete VM/Host Group dilog, enter vrelize Automtion IS Dtse in the Nme field, selet VM Group from the Type drop down, nd lik the Add utton. In the Add VM/Host Group Memer dilog, selet vr01mssql01.rinpole.lol nd lik OK. Clik OK to sve the VM/Host Group. 4 Repet step 3 to rete the following VM/Host Groups. VM/Host Group Nme vrelize Automtion Virtul Applines vrelize Automtion IS We Servers vrelize Automtion IS Mngers vrelize Automtion IS DEM Workers vrelize Automtion IS Proxy Agents vrelize Business Servers vrelize Business Remote Colletors VM/Host Group Memer vr01svr01.rinpole.lol vr01svr01.rinpole.lol vr01iws01.rinpole.lol vr01iws01.rinpole.lol vr01ims01.rinpole.lol vr01ims01.rinpole.lol vr01dem01.rinpole.lol vr01dem01.rinpole.lol sfo01is01.sfo01.rinpole.lol sfo01is01.sfo01.rinpole.lol vr01svr01.rinpole.lol sfo01vr01.sfo01.rinpole.lol VMwre, In. 259

260 5 Crete rule to power on the vrelize Automtion Dtse efore the vrelize Automtion Virtul Applines. d e f g Selet the sfo01-m01-mgmt01 luster nd lik the Configure t. On the Configure pge, lik VM/Host Rules. On the VM/Host Rules pge, lik the Add utton. In the Crete VM/Host Rule dilog, enter SDDC Cloud Mngement Pltform 01 in the Nme field, ensure tht the Enle Rule hek ox is seleted, selet Virtul Mhines to Virtul Mhines from the Type drop down. Selet vrelize Automtion IS Dtse for the First restrt VMs in VM group drop down list. Selet vrelize Automtion Virtul Applines for the Then restrt VMs in VM group drop down list Clik OK to sve the rule. 6 Repet step 5 to rete the following VM/Host Rules to ensure the orret restrt order for your Cloud Mngement Pltform. VM/Host Rule Nme First restrt VMs in VM group Then restrt VMs in VM group SDDC Cloud Mngement Pltform 02 vrelize Automtion Virtul Applines vrelize Automtion IS We Servers SDDC Cloud Mngement Pltform 03 vrelize Automtion IS We Servers vrelize Automtion IS Mngers SDDC Cloud Mngement Pltform 04 vrelize Automtion IS Mngers vrelize Automtion IS DEM Workers SDDC Cloud Mngement Pltform 05 vrelize Automtion IS Mngers vrelize Automtion IS Proxy Agents SDDC Cloud Mngement Pltform 06 vrelize Automtion IS Mngers vrelize Business Servers SDDC Cloud Mngement Pltform 07 vrelize Business Servers vrelize Business Remote Colletors Enle Lod Blner Helth Monitoring in Region A Previously you disled helth monitoring for the sfo01m01l01 lod lner to omplete onfigurtion of vrelize Automtion. You my now re-enle helth monitoring for the sfo01m01l01 lod lner. Perform this proedure multiple times to onfigure the helth monitor nd to enle the seond memer for the server pools s desried in the following tle. Pool Nme Monitor Enle Pool Memer vr-svr-443 vr-svr-443-monitor vr01svr01 vr-iws-443 vr-iws-443-monitor vr01iws01 vr-ims-443 vr-ims-443-monitor vr01ims01 vr-svr-8444 vr-svr-443-monitor - vr-vro-8283 vr-vro-8283-monitor vr01svr01 VMwre, In. 260

261 1 Log in to vcenter Server y using the vsphere We Client. Open We rowser nd go to Log in using the following redentils. User nme Pssword dministrtor@vsphere.lol vsphere_dmin_pssword 2 In the Nvigtor, lik Networking & Seurity, nd selet NSX Edges. 3 Selet from the NSX Mnger drop-down menu, nd doule-lik sfo01m01l01 to edit its settings. 4 Clik the Mnge t, lik Lod Blner, nd selet Pools. 5 From the pools tle, selet the vr-svr-443 server pool, nd lik Edit ion. 6 In the Edit Pool dilog ox, onfigure the monitor, nd enle the memer tht is not enled. d From the Monitors drop-down menu, selet vr-svr-443-monitor. From the Memers tle, selet vr01svr01 nd lik Edit ion. In the Edit Memer dilog ox, from the Stte: drop-down menu, selet Enle nd lik OK. Clik OK to lose the Edit Pool dilog ox. VMwre, In. 261

262 7 Repet the proedure to onfigure the helth monitor nd enle the seond memer for the remining server pools. 8 Clik Show Pool Sttistis nd mke sure ll the server pools Sttus show s UP. Clen Up the vrelize Automtion VM Snpshots in Region A You mde snpshots of eh vrelize virtul mhine during the vrelize Automtion instlltion proess. After you suessfully omplete the instlltion, you n delete these snpshots. Repet this proedure to remove ll of the vrelize Automtion virtul mhine snpshots you reted during the implementtion. The virtul mhine nmes nd their respetive folders re listed in the following tle. Virtul Mhines vr01svr01.rinpole.lol vr01svr01.rinpole.lol vr01mssql01.rinpole.lol vr01iws01.rinpole.lol vr01iws01.rinpole.lol vr01ims01.rinpole.lol vr01ims01.rinpole.lol vr01dem01.rinpole.lol vr01dem01.rinpole.lol sfo01is01.sfo01.rinpole.lol sfo01is01.sfo01.rinpole.lol vcenter Folder sfo01-m01fd-vr sfo01-m01fd-vr sfo01-m01fd-vr sfo01-m01fd-vr sfo01-m01fd-vr sfo01-m01fd-vr sfo01-m01fd-vr sfo01-m01fd-vr sfo01-m01fd-vr sfo01-m01fd-vris sfo01-m01fd-vris 1 Log in to vcenter Server y using the vsphere We Client. Open We rowser nd go to Log in using the following redentils. User nme Pssword dministrtor@vsphere.lol vsphere_dmin_pssword 2 From the Home pge, lik VMs nd Templtes. 3 In the Nvigtor, expnd the sfo01m01v01.sfo01.rinpole.lol > sfo01-m01d > sfo01-m01fdvr folder. 4 Right-lik the vr01dem01.rinpole.lol VM nd selet Snpshots > Mnge Snpshots. 5 Selet the Prior to vra IS Component Instlltion snpshot nd lik Delete ion. VMwre, In. 262

263 6 Repet this proedure to remove ll of the remining vrelize Automtion virtul mhine snpshots. Content Lirry Configurtion in Region A Content lirries re ontiner ojets for VM templtes, vapp templtes, nd other types of files. vsphere dministrtors n use the templtes in the lirry to deploy virtul mhines nd vapps in the vsphere inventory. Shring templtes nd files ross multiple vcenter Server instnes in sme or different lotions rings out onsisteny, ompline, effiieny, nd utomtion in deploying worklods t sle. You rete nd mnge ontent lirry from single vcenter Server instne, ut you n shre the lirry items with other vcenter Server instnes if HTTP(S) trffi is llowed etween them. Configure Content Lirry in the First Compute vcenter Server Instne in Region A Crete ontent lirry nd populte it with templtes tht you n use to deploy virtul mhines in your environment. Content lirries let you synhronize templtes mong different vcenter Server instnes so tht ll of the templtes in your environment re onsistent. There is only one Compute vcenter Server in this VMwre Vlidted Design, ut if you deploy more instnes for use y the ompute luster they n lso use this ontent lirry. 1 Log in to vcenter Server y using the vsphere We Client. Open We rowser nd go to Log in using the following redentils. User nme Pssword dministrtor@vsphere.lol vsphere_dmin_pssword 2 From the Home pge, lik Content Lirries nd lik the Crete new ontent lirry ion. The New Content Lirry wizrd opens. 3 On the Nme pge, speify the following settings nd lik Next. Nme vcenter Server SFO01-ContentLi01 sfo01w01v01.sfo01.rinpole.lol VMwre, In. 263

264 4 On the Configure ontent lirry pge, speify the following settings, nd lik Next. Lol ontent lirry Pulish externlly Enle uthentition Pssword Confirm pssword Seleted Seleted Seleted SFO01-ContentLi01_pssword SFO01-ContentLi01_pssword 5 On the Add storge pge, lik the Selet dtstore rdio utton, selet the sfo01-w01-li01 dtstore to store the ontent lirry, nd lik Next. 6 On the Redy to omplete pge, lik Finish. Import the Virtul Mhine Templte OVF Files in Region A You n import OVF pkges tht you previously prepred to use s templte for deploying virtul mhines. The virtul mhine templtes tht you dd to the ontent lirry re used s vrelize Automtion lueprints. You repet this proedure three times to import the virtul mhine templtes listed in Tle 3 5. Tle 3 5. VM Templtes to Import VM Templte Nme redht6-enterprise-64 windows-2012r2-64 windows-2012r2-64-sql2012 Desription Red Ht Enterprise Server 6 (64-it) Windows Server 2012 R2 (64-it) Windows Server 2012 R2 (64-it) Prerequisites Verify tht you hve prepred the OVF templtes, s speified in the Virtul Mhine Templte Speifitions setion. 1 Log in to vcenter Server y using the vsphere We Client. Open We rowser nd go to Log in using the following redentils. User nme Pssword dministrtor@vsphere.lol vsphere_dmin_pssword 2 From the Home pge, lik Content Lirries nd lik the Ojets t. VMwre, In. 264

265 3 Right-lik the ontent lirry SFO01-ContentLi01 nd selet Import Item. 4 In the Import Lirry Item dilog ox, speify the settings for the first templte nd lik OK. Soure file Item nme Notes redht6-enterprise-64.ovf redht6-enterprise-64 Red Ht Enterprise Server 6 (64-it) 5 Repet the proedure to import the remining virtul mhine templtes. Tennt Content Cretion in Region A In order to provision virtul mhines in the Compute vcenter, the tennt must e onfigured to utilize ompute resoures within vcenter Server. Prerequisites Verify tht vcenter Server ompute luster hs een deployed nd onfigured. See Deploy nd Configure the Shred Edge nd Compute Cluster Components in Region A. Verify tht n NSX instne hs een onfigured for use y the vcenter Server ompute luster. See Deploy nd Configure the Shred Edge nd Compute Cluster NSX Instne in Region A. Proxy gents hve een deployed. Crete Logil Swithes for Business Groups in Region A For eh vcenter Server ompute instne, you rete three logil swithes for eh usiness group whih simulte networks for the we, dtse, nd pplition tiers. You repet this proedure six times to rete six logil swithes. The "Logil Swith Nmes nd Desriptions" tle lists the logil swith nmes, nd the usiness group nd tier to whih you ssign eh swith. Tle 3 6. Logil Swith Nmes nd Desriptions Logil Swith Nme Prodution-We-VXLAN Prodution-DB-VXLAN Prodution-App-VXLAN Desription Logil swith for We tier of Prodution Business Group Logil swith for Dtse tier of Prodution Business Group Logil swith for Applition tier of Prodution Business Group VMwre, In. 265

266 Tle 3 6. Logil Swith Nmes nd Desriptions (Continued) Logil Swith Nme Development-We-VXLAN Development-DB-VXLAN Development-App-VXLAN Desription Logil swith for We tier of Development Business Group Logil swith for Dtse tier of Development Business Group Logil swith for Applition tier of Development Business Group 1 Log in to the Compute vcenter Server y using the vsphere We Client. Open We rowser nd go to Log in using the following redentils. User nme Pssword dministrtor@vsphere.lol vsphere_dmin_pssword 2 Crete logil swith. Clik Networking & Seurity. In the Nvigtor, selet Logil Swithes. From the NSX Mnger drop-down menu, selet s the NSX Mnger. VMwre, In. 266

267 d Clik the New Logil Swith ion. The New Logil Swith dilog ox ppers. e In the New Logil Swith dilog ox, enter the following settings, nd lik OK. Nme Desription Trnsport Zone Replition Mode Enle IP Disovery Enle MAC Lerning Prodution-We-VXLAN Logil swith for We tier of Prodution Business Group Comp Universl Trnsport Zone Hyrid Seleted Deseleted 3 Repet this proedure to rete the remining logil swithes. Configure User Roles in vrelize Automtion in Region A Roles re sets of privileges tht you ssoite with users to determine wht tsks they n perform. Bsed on their responsiilities, individuls might hve one or more roles ssoited with their user ount. All user roles re ssigned within the ontext of speifi tennt. However, some roles in the defult tennt n mnge system-wide onfigurtion settings tht pply to multiple tennts. This proedure steps you through ssigning roles to the ug-itac-tenntadmins nd ug-itac- TenntArhitets users nd groups. VMwre, In. 267

268 1 Log in to the vrelize Automtion Rinpole portl. Open We rowser nd go to Log in using the following redentils. User nme Pssword Domin ITAC-LolRinpoleAdmin it-lolrinpoledmin_pssword vsphere.lol 2 Clik the Administrtion t. 3 Nvigte to Users & Groups > Diretory Users nd Groups. 4 Enter ug-itac-tenntadmins in the serh ox nd press Enter. The ug-itac-tenntadmins (ug-itac-tenntadmins@rinpole.lol) group nme displys in thenme text ox. 5 Clik the user group nme ug-itac-tenntadmins (ug-itac-tenntadmins@rinpole.lol). 6 In the Add Roles to this Group list, selet the Applition Arhitet, Approvl Administrtor, Continer Administrtor, Continer Arhitet, Infrstruture Arhitet, Softwre Arhitet, Tennt Administrtor, nd XS Arhitet hek oxes, nd lik Finish. 7 Enter ug-itac-tenntarhitets in the Tennt Administrtors serh ox nd press Enter. The ug-itac-tenntarhitets (ug-itac-tenntarhitets@rinpole.lol) group nme displys in the Nme text ox. 8 Clik the user group nme ug-itac-tenntarhitets (ug-itac- TenntArhitets@rinpole.lol). 9 In the Add Roles to this Group list, selet the Applition Arhitet, Continer Arhitet, Infrstruture Arhitet, Softwre Arhitet, XS Arhitet hek ox, nd lik Finish. Crete Fri Groups in Region A IS dministrtors n orgnize virtuliztion ompute resoures nd loud endpoints into fri groups y type nd intent. One or more fri dministrtors mnge the resoures in eh fri group. Fri dministrtors re responsile for reting reservtions on the ompute resoures in their groups to llote fri resoures to speifi usiness groups. Fri groups re reted in speifi tennt, ut their resoures n e mde ville to users who elong to usiness groups in ll tennts. VMwre, In. 268

269 1 Log in to the vrelize Automtion Rinpole portl. Open We rowser nd go to Log in using the following redentils. User nme Pssword Domin it-tenntdmin it-tenntdmin_pssword rinpole.lol 2 Selet Infrstruture > Endpoints > Fri Groups. 3 Clik New Fri Group, enter the following settings nd lik OK. Nme Fri dministrtors SFO Fri Group ug-itac-tenntadmins@rinpole.lol Note You hve not yet onfigured vcenter Endpoint, so no ompute resoure is urrently ville for you to selet. You will onfigure the vcenter Endpoint lter. 4 Log out of the vrelize Automtion portl nd lose your rowser. Crete Mhine Prefixes in Region A As fri dministrtor, you rete mhine prefixes tht re used to rete nmes for mhines provisioned through vrelize Automtion. Tennt dministrtors nd usiness group mngers selet these mhine prefixes nd ssign them to provisioned mhines through lueprints nd usiness group defults. Mhine prefixes re shred ross ll tennts. Every usiness group hs defult mhine prefix. Every lueprint must hve mhine prefix or use the group defult prefix. Fri dministrtors re responsile for mnging mhine prefixes. A prefix onsists of se nme to e followed y ounter of speified numer of digits. When the digits re ll used, vrelize Automtion rolls k to the first numer. VMwre, In. 269

270 1 Log in to the vrelize Automtion Rinpole portl. Open We rowser nd go to Log in using the following redentils. User nme Pssword Domin it-tenntdmin it-tenntdmin_pssword rinpole.lol 2 Selet Infrstruture > Administrtion > Mhine Prefixes. 3 Clik the New ion to rete defult mhine prefix for the Prodution group using the following settings, nd lik the Sve ion. Nme Numer of Digits 5 Next Numer 1 4 Clik the New ion to rete defult mhine prefix for the Development group using the following settings, nd lik the Sve ion. Nme Prod- Dev- Numer of Digits 5 Next Numer 1 Crete Business Groups in Region A Tennt dministrtors rete usiness groups to ssoite set of servies nd resoures to set of users tht often orrespond to line of usiness, deprtment, or other orgniztionl unit. Users must elong to usiness group to request mhines. For this implementtion rete two usiness groups, the Prodution usiness group nd the Development usiness group. VMwre, In. 270

271 1 Log in to the vrelize Automtion Rinpole portl. Open We rowser nd go to Log in using the following redentils. User nme Pssword Domin it-tenntdmin it-tenntdmin_pssword rinpole.lol 2 Nvigte to Administrtion > Users nd Groups > Business Groups. 3 Clik the New ion. 4 On the Generl t, enter the following vlues nd lik Next. Nme Send Mnger emils to Prodution ITAC-TenntAdmin@rinpole.lol 5 On the Memers t, enter ug-itac-tenntadmins@rinpole.lol in the Group mnger role text ox, nd lik Next. 6 On the Infrstruture t, selet Prod- from the Defult mhine prefix drop-down menu nd lik Finish. 7 Clik the New ion. 8 On the Generl t, onfigure the following vlues, nd lik Next. Nme Send Mnger emils to Development ITAC-TenntAdmin@rinpole.lol 9 On the Memers t, enter ug-itac-tenntadmins@rinpole.lol in the Group mnger role text ox nd lik Next. 10 On the Infrstruture t, selet Dev- from the Defult mhine prefix drop-down menu, nd lik Finish. Crete Reservtion Poliies in Region A You use reservtion poliies to group similr reservtions together. Crete the reservtion poliy tg first, then dd the poliy to reservtions to llow tennt dministrtor or usiness group mnger to use the reservtion poliy in lueprint. VMwre, In. 271

272 When you request mhine, it n e provisioned on ny reservtion of the pproprite type tht hs suffiient pity for the mhine. You n pply reservtion poliy to lueprint to restrit the mhines provisioned from tht lueprint to suset of ville reservtions. A reservtion poliy is often used to ollet resoures into groups for different servie levels, or to mke speifi type of resoure esily ville for prtiulr purpose. You n dd multiple reservtions to reservtion poliy, ut reservtion n elong to only one poliy. You n ssign single reservtion poliy to more thn one lueprint. A lueprint n hve only one reservtion poliy. A reservtion poliy n inlude reservtions of different types, ut only reservtions tht mth the lueprint type re onsidered when seleting reservtion for prtiulr request. 1 Log in to the vrelize Automtion Rinpole portl. Open We rowser nd go to Log in using the following redentils. User nme Pssword Domin it-tenntdmin it-tenntdmin_pssword rinpole.lol 2 Nvigte to Infrstruture > Reservtion > Reservtion Polies. 3 Clik the New ion, onfigure the following settings, nd lik OK. Nme Type Desription SFO-Prodution-Poliy Reservtion Poliy Reservtion poliy for Prodution Business Group in SFO 4 Clik the New ion, onfigure the following settings, nd lik OK. Nme Type Desription SFO-Development-Poliy Reservtion Poliy Reservtion poliy for Development Business Group in SFO 5 Clik the New ion, onfigure the following settings, nd lik OK. Nme Type Desription SFO-Edge-Poliy Reservtion Poliy Reservtion poliy for Tennt Edge resoures in SFO VMwre, In. 272

273 Crete vsphere Endpoint in vrelize Automtion in Region A To llow vrelize Automtion to mnge the infrstruture, IS dministrtors rete endpoints nd onfigure user redentils for those endpoints. When you rete vsphere Endpoint, vrelize Automtion n ommunite with the vsphere environment nd disover ompute resoures tht re mnged y vcenter Server, ollet dt, nd provision mhines. 1 Log in to the vrelize Automtion Rinpole portl. Open We rowser nd go to Log in using the following redentils. User nme Pssword Domin it-tenntdmin it-tenntdmin_pssword rinpole.lol 2 Nvigte to Infrstruture > Endpoints > Endpoints, nd lik New > Virtul > vsphere (vcenter). 3 On the New Endpoint - vsphere (vcenter) pge, rete vsphere Endpoint with the following settings, nd lik Test Connetion. Nme Address User Nme Pssword sfo01w01v01.sfo01.rinpole.lol rinpole\sv-vr sv-vr_pssword Note The vsphere Endpoint nme in the tle ove must e identil to the Endpoint nme from Step 18 in Instll the vrelize Automtion Environment in Region A. 4 If Seurity Alert window ppers, lik OK. 5 Clik OK to rete the Endpoint. Crete n NSX Endpoint in vrelize Automtion in Region A When you rete n endpoint for NSX, vrelize Automtion n ommunite with NSX Mnger to disover networking resoures. VMwre, In. 273

274 1 Log in to the vrelize Automtion Rinpole portl. Open We rowser nd go to Log in using the following redentils. User nme Pssword Domin it-tenntdmin it-tenntdmin_pssword rinpole.lol 2 Nvigte to Infrstruture > Endpoints > Endpoints nd lik New > Network nd Seurity > NSX. 3 On the Generl pge, onfigure the vrelize Automtion Endpoint with the following settings. Nme Address User Nme Pssword SFO-NSXEndpoint rinpole\sv-vr sv_vr_pssword 4 Clik Test Connetion. 5 Clik on the Assoitions t, lik New, hoose sfo01w01v01.sfo01.rinpole.lol from the Nme drop-down menu, nd lik OK. 6 If Seurity Alert window ppers, lik OK. 7 Clik OK to rete the Endpoint. Add Compute Resoures to Fri Group in Region A You llote ompute resoures to fri groups so tht vrelize Automtion n use the resoures in tht ompute resoure for tht fri group when provisioning virtul mhines. 1 Log in to the vrelize Automtion Rinpole portl. Open We rowser nd go to Log in using the following redentils. User nme Pssword Domin it-tenntdmin it-tenntdmin_pssword rinpole.lol VMwre, In. 274

275 2 Nvigte to Infrstruture > Endpoints > Fri Groups. 3 In the Nme olumn, hover the mouse pointer over the fri group nme SFO Fri Group, nd lik Edit. 4 On the Edit Fri Group pge, selet sfo01-w01-omp01 from the Compute resoures tle, nd lik OK. Note It might tke severl minutes for vrelize Automtion to onnet to the Compute vcenter Server system nd ssoited lusters. If you re still not le to see the ompute luster fter suffiient time hs pssed, try to restrt oth proxy gent servies in the virtul mhines sfo01is01.sfo01.rinpole.lol nd sfo01is01.sfo01.rinpole.lol. 5 Nvigte to Infrstruture > Compute Resoures > Compute Resoures. 6 In the Compute Resoure olumn, hover the mouse pointer over the ompute luster sfo01-w01- omp01, nd lik Dt Colletion. 7 Clik on the Request now uttons in eh field on the pge. Wit few seonds for the dt olletion proess to omplete. 8 Clik Refresh, nd verify tht Sttus for oth Inventory nd Network nd Seurity Inventory shows Sueeded. Crete Externl Network Profiles in Region A Before memers of usiness group n request virtul mhines, fri dministrtors must rete network profiles to define the sunet nd routing onfigurtion for those virtul mhines. Eh network profile is onfigured for speifi network port group or virtul network to speify IP ddress nd routing onfigurtion for virtul mhines provisioned to tht network. VMwre, In. 275

276 Repet this proedure six times to rete the following externl network profiles. Ext-Net-Profile-Prodution-App Ext-Net-Profile-Prodution-DB Ext-Net-Profile-Prodution-We Ext-Net-Profile-Development-App Ext-Net-Profile-Development-DB Ext-Net-Profile-Development-We 1 Log in to the vrelize Automtion Rinpole portl. Open We rowser nd go to Log in using the following redentils. User nme Pssword Domin it-tenntdmin it-tenntdmin_pssword rinpole.lol 2 Nvigte to Infrstruture > Reservtions > Network Profiles, nd lik New > Externl. 3 On the New Network Profile - Externl pge, speify the network profiles on the Generl t. Add the vlues for the Prodution Group Externl Network Profile. Prodution We Prodution DB Prodution App Nme Ext-Net-Profile-Prodution-We Ext-Net-Profile-Prodution-DB Ext-Net-Profile-Prodution-App Desription Externl Network profile for We Tier of Prodution Business Group Externl Network profile for DB Tier of Prodution Business Group Externl Network profile for App Tier of Prodution Business Group Sunet msk Gtewy Add the vlues for the Development Group Externl Network Profile. Development We Development DB Development App Nme Ext-Net-Profile-Development-DB Ext-Net-Profile-Development- We Ext-Net-Profile-Development- App Desription Externl Network profile for We Tier of Development Business Group Externl Network profile for DB Tier of Development Business Group Externl Network profile for App Tier of Development Business Group Sunet msk Gtewy VMwre, In. 276

277 4 Clik the DNS t. Enter the following vlues for the profile you re reting. Primry DNS Seondry DNS DNS suffix DNS serh suffix sfo01.rinpole.lol sfo01.rinpole.lol 5 Clik the Network Rnges t. 6 On the Network Rnges t, lik the New utton nd enter the following vlues for the profile you re reting. Enter the following vlues for Prodution Business Network Rnge. Prodution We Prodution DB Prodution App Nme Prodution-We Prodution-DB Prodution-App Desription Stti IP rnge for We Tier of Prodution Group Stti IP rnge for DB Tier of Prodution Group Stti IP rnge for App Tier of Prodution Group Strt IP End IP Enter the following vlues for Development Business IP Rnge. Development We Development DB Development App Nme Development-We Development-DB Development-App Desription Stti IP rnge for We Tier of Development Group Stti IP rnge for DB Tier of Development Group Stti IP rnge for App Tier of Development Group Strt IP End IP Clik OK to sve the network rnge. 7 Clik OK to sve the network profile. 8 Repet this proedure to rete dditionl externl network profiles. When ll of the network profiles hve een dded, the Network Profiles pge displys six profiles. Crete Reservtions for the Compute Cluster in Region A Before memers of usiness group n request mhines, fri dministrtors must llote resoures to them y reting reservtion. Eh reservtion is onfigured for speifi usiness group to grnt them ess to request mhines on speified ompute resoure. For the senrios, you perform this proedure twie to rete reservtions for oth the Prodution nd Development usiness groups. VMwre, In. 277

278 Group Prodution Development Nme SFO01-Comp01-Prod-Res01 SFO01-Comp01-Dev-Res01 1 Log in to the vrelize Automtion Rinpole portl. Open We rowser nd go to Log in using the following redentils. User nme Pssword Domin it-tenntdmin it-tenntdmin_pssword rinpole.lol 2 Nvigte to Infrstruture > Reservtions > Reservtions, nd lik New > vsphere (vcenter). 3 On the New Reservtion - vsphere (vcenter) pge, lik the Generl t nd onfigure the following vlues. Prodution Group Development Group Nme SFO01-Comp01-Prod-Res01 SFO01-Comp01-Dev-Res01 Tennt rinpole rinpole Business Group Prodution Development Reservtion Poliy SFO-Prodution-Poliy SFO-Development-Poliy Priority Enle This Reservtion Seleted Seleted 4 On the New Reservtion - vsphere (vcenter) pge, lik the Resoures t. Selet sfo01-w01-omp01(sfo01w01v01.sfo01.rinpole.lol) from the Compute resoure drop-down menu. In the This Reservtion olumn of the Memory (GB) tle, enter 200. d In the Storge (GB) tle, selet the hek ox for your primry dtstore, for exmple, sfo01- w01-vsn01, enter 2000 in the This Reservtion Reserved text ox, enter 1 in the Priority text ox, nd lik OK. Selet sfo01-w01rp-user-vm from the Resoure pool drop-down menu. 5 On the New Reservtion - vsphere (vcenter) pge, lik the Network t. VMwre, In. 278

279 6 On the Network t, selet the network pth hek oxes listed in the tle elow from the Network Pths list, nd selet the orresponding network profile from the Network Profile drop-down menu for the usiness group whose reservtion you re onfiguring. Configure the Prodution Business Group with the following vlues. Prodution Network Pth vxw-dvs-xxxxx-prodution-we-vxlan vxw-dvs-xxxxx-prodution-db-vxlan vxw-dvs-xxxxx-prodution-app-vxlan Prodution Group Network Profile Ext-Net-Profile-Prodution-We Ext-Net-Profile-Prodution-DB Ext-Net-Profile-Prodution-App Configure the Development Business Group with the following vlues. Development Network Pth vxw-dvs-xxxxx-development-we-vxlan vxw-dvs-xxxxx-development-db-vxlan vxw-dvs-xxxxx-development-app-vxlan Development Group Network Profile Ext-Net-Profile-Development-We Ext-Net-Profile-Development-DB Ext-Net-Profile-Development-App 7 Clik OK to sve the reservtion. 8 Repet this proedure to rete reservtion for the Development Business Group. Crete Reservtions for the User Edge Resoures in Region A Before memers of usiness group n request virtul mhines, fri dministrtors must llote resoures to tht usiness group y reting reservtion. Eh reservtion is onfigured for speifi usiness group to grnt them ess to request virtul mhines on speified ompute resoure. Perform this proedure twie to rete Edge reservtions for oth the Prodution nd Development usiness groups. Group Prodution Development Nme SFO01-Edge01-Prod-Res01 SFO01-Edge01-Dev-Res01 1 Log in to the vrelize Automtion Rinpole portl. Open We rowser nd go to Log in using the following redentils. User nme Pssword Domin it-tenntdmin it-tenntdmin_pssword rinpole.lol VMwre, In. 279

280 2 Nvigte to Infrstruture > Reservtions > Reservtions, nd lik New > vsphere (vcenter). 3 On the New Reservtion - vsphere (vcenter) pge, lik the Generl t, nd onfigure the following vlues for your usiness group. Prodution Group Development Group Nme SFO01-Edge01-Prod-Res01 SFO01-Edge01-Dev-Res01 Tennt rinpole rinpole Business Group Prodution Development Reservtion Poliy SFO-Edge-Poliy SFO-Edge-Poliy Priority Enle This Reservtion Seleted Seleted 4 On the New Reservtion - vsphere (vcenter) pge, lik the Resoures t. d Selet sfo01-w01-omp01(sfo01w01v01.sfo01.rinpole.lol) from the Compute resoure drop-down menu. Enter 200 in the This Reservtion olumn of the Memory (GB) tle. In the Storge (GB) tle, selet the hek ox for your primry dtstore, for exmple, sfo01- w01-li01, enter 2000 in the This Reservtion Reserved text ox, enter 1 in the Priority text ox, nd lik OK. Selet sfo01-w01rp-user-edge from the Resoure pool drop-down menu. 5 On the New Reservtion - vsphere (vcenter) pge, lik the Network t. 6 On the Network t, selet the network pth hek oxes listed in the tle elow from the Network Pths list, nd selet the orresponding network profile from the Network Profile drop-down menu for the usiness group whose reservtion you re onfiguring. Prodution Business Group Prodution Port Group vxw-dvs-xxxxx-prodution-we-vxlan vxw-dvs-xxxxx-prodution-db-vxlan vxw-dvs-xxxxx-prodution-app-vxlan Prodution Network Profile Ext-Net-Profile-Prodution-We Ext-Net-Profile-Prodution-DB Ext-Net-Profile-Prodution-App Development Business Group Development Port Group vxw-dvs-xxxxx-development-we-vxlan vxw-dvs-xxxxx-development-db-vxlan vxw-dvs-xxxxx-development-app-vxlan Development Network Profile Ext-Net-Profile-Development-We Ext-Net-Profile-Development-DB Ext-Net-Profile-Development-App 7 Clik OK to sve the reservtion. VMwre, In. 280

281 8 Repet the proedure to rete Edge reservtion for the Development Business Group. Crete Blueprint Customiztion Speifitions in Compute vcenter Server in Region A Crete two ustomiztion speifitions, one for Linux nd one for Windows, for use y the virtul mhines you deploy. Customiztion speifitions re XML files tht ontin system onfigurtion settings for the guest operting systems used y virtul mhines. When you pply speifition to guest operting system during virtul mhine loning or deployment, you prevent onflits tht might result if you deploy virtul mhines with identil settings, suh s duplite omputer nmes. You will lter use the ustomiztion speifitions you rete when you rete lueprints for use with vrelize Automtion. Crete Customiztion Speifition for Linux Blueprints in Region A Crete Linux guest operting system speifition tht you n pply when you rete lueprints for use with vrelize Automtion. This ustomiztion speifition n e used to ustomize virtul mhine guest operting systems when provisioning new virtul mhines from vrelize Automtion. 1 Log in to vcenter Server y using the vsphere We Client. Open We rowser nd go to Log in using the following redentils. User nme Pssword dministrtor@vsphere.lol vsphere_dmin_pssword 2 Nvigte to Home > Opertions nd Poliies > Customiztion Speifition Mnger. 3 Selet the vcenter Server sfo01w01v01.sfo01.rinpole.lol from the drop-down menu. 4 Clik the Crete new speifition ion. The New VM Guest Customiztion Spe wizrd ppers. 5 On the Speify Properties pge, selet Linux from the Trget VM Operting System drop-down menu, enter it-linux-ustom-spe for the Customiztion Spe Nme, nd lik Next. 6 On the Set Computer Nme pge, selet Use the virtul mhine nme, enter sfo01.rinpole.lol in the Domin Nme text ox nd lik Next. VMwre, In. 281

282 7 On the Time Zone pge, speify the time zone s shown in the tle elow for the virtul mhine, nd lik Next. Are Lotion Hrdwre Clok Set To Ameri Los Angeles Lol Time 8 On the Configure Network pge, lik Next. 9 On the Enter DNS nd domin settings pge, leve the defult settings, nd lik Next. 10 Clik Finish to sve your hnges. The ustomiztion speifition tht you reted is listed in the Customiztion Speifition Mnger. Crete Customiztion Speifition for Windows Blueprints in Region A Crete Windows guest operting system speifition tht you n pply when you rete lueprints for use with vrelize Automtion. This ustomiztion speifition n e used to ustomize virtul mhine guest operting systems when provisioning new virtul mhines from vrelize Automtion. 1 Log in to vcenter Server y using the vsphere We Client. Open We rowser nd go to Log in using the following redentils. User nme Pssword dministrtor@vsphere.lol vsphere_dmin_pssword 2 Nvigte to Home > Opertions nd Poliies > Customiztion Speifition Mnger. 3 Selet the vcenter Server sfo01w01v01.sfo01.rinpole.lol from the drop-down menu. 4 Clik the Crete new speifition ion. The New VM Guest Customiztion wizrd ppers. 5 On the Speify Properties pge, selet Windows from the Trget VM Operting System dropdown menu, enter it-windows-joindomin-ustom-spe for the Customiztion Spe Nme, nd lik Next. 6 On the Set Registrtion Informtion pge, enter Rinpole for the virtul mhine owner s Nme nd Orgniztion, nd lik Next. VMwre, In. 282

283 7 On the Set Computer Nme pge, selet Use the virtul mhine nme, nd lik Next. The operting system uses this nme to identify itself on the network. 8 On the Enter Windows Liense pge, provide liensing informtion for the Windows operting system, enter the volume_liense_key, nd lik Next. 9 Speify the dministrtor pssword for use with the virtul mhine, nd lik Next. 10 On the Time Zone pge, selet (GMT-08:00) Pifi Time(US & Cnd), nd lik Next. 11 On the Run One pge, lik Next. 12 On the Configure Network pge, lik Next. 13 On the Set Workgroup or Domin pge, selet Windows Server Domin, onfigure the following settings, nd lik Next. Windows Server Domin Usernme Pssword sfo01.rinpole.lol d_dmin_t@sfo01.rinpole.lol d_dmin_pwd 14 On the Set Operting System Options pge, selet Generte New Seurity ID (SID), nd lik Next. 15 Clik Finish to sve your hnges. The ustomiztion speifition tht you reted is listed in the Customiztion Speifition Mnger. Crete Virtul Mhines Using VM Templtes in the Content Lirry in Region A vrelize Automtion nnot diretly ess virtul mhine templtes in the ontent lirry. You must rete virtul mhine using the virtul mhine templtes in the ontent lirry, then onvert the templte in vcenter Server. Perform this proedure on ll vcenter Server ompute lusters tht you dd to vrelize Automtion, inluding the first vcenter Server ompute instne. Repet this proedure three times for eh of the VM Templtes in the ontent lirry. The tle elow lists the VM Templtes nd the guest OS eh templte uses to rete virtul mhine. VM Templte Nme redht6-enterprise-64 windows-2012r2-64 windows-2012r2-64-sql2012 Guest OS Red Ht Enterprise Server 6 (64-it) Windows Server 2012 R2 (64-it) Windows Server 2012 R2 (64-it) VMwre, In. 283

284 1 Log in to the vcenter Server y using the vsphere We Client. Open We rowser nd go to Log in using the following redentils. User nme Pssword dministrtor@vsphere.lol vsphere_dmin_pssword 2 Nvigte to Home > VMs nd Templtes. 3 Expnd the sfo01w01v01.sfo01.rinpole.lol vcenter Server. 4 Right-lik the sfo01-w01d dt enter nd selet New Folder > New VM nd Templte Folder. 5 Crete new folder nd lel it VM Templtes. 6 Nvigte to Home > Content Lirries. 7 Clik SFO01-ContentLi01 > Templtes. 8 Right-lik the VM Templte redht6-enterprie-64 nd lik New VM from This Templte. The New Virtul Mhine from Content Lirry wizrd opens. 9 On the Selet nme nd lotion pge, use the sme templte nme. Note Use the sme templte nme to rete ommon servie tlog tht works ross different vcenter Server instnes within your dtenter environment. 10 Selet VM Templtes s the folder for this virtul mhine, nd lik Next. VMwre, In. 284

285 11 On the Selet resoure pge, expnd luster sfo01-w01-omp01 nd selet resoue pool sfo01- w01rp-user-vm. 12 On the Review detils pge, verify the templte detils nd lik Next. 13 On the Selet storge pge, selet the sfo01-w01-li01 dtstore nd selet Thin Provision from the Selet virtul disk formt drop-down menu. 14 On the Selet networks pge, selet sfo01-w01-vds01-mngement for the Destintion Network, nd lik Next. Note vrelize Automtion will hnge the network ording to the lueprint onfigurtion. 15 On the Redy to omplete pge, review the onfigurtions tht you mde for the virtul mhine, nd lik Finish. A new tsk for reting the virtul mhine ppers in the Reent Tsks pne. After the tsk is omplete, the new virtul mhine is reted. 16 Repet this proedure for ll of the VM Templtes in the ontent lirry. Convert Virtul Mhines to VM Templtes in Region A You need to onvert the virtul mhines diretly to templtes insted of mking opy y loning. Repet this proedure for eh of the VM Templtes in the ontent lirry. The tle elow lists the VM Templtes nd the guest OS tht eh templte uses to rete virtul mhine. VM Templte Nme redht6-enterprise-64 windows-2012r2-64 windows-2012r2-64-sql2012 Guest OS Red Ht Enterprise Server 6 (64-it) Windows Server 2012 R2 (64-it) Windows Server 2012 R2 (64-it) 1 Log in to the Compute vcenter Server y using the vsphere We Client. Open We rowser nd go to Log in using the following redentils. User nme Pssword dministrtor@vsphere.lol vsphere_dmin_pssword 2 Nvigte to Home > VMs nd Templtes. 3 In the Nvigtor pne, expnd sfo01w01v01.sfo01.rinpole.lol > sfo01-w01d > VM Templtes. VMwre, In. 285

286 4 Right-lik the redht6-enterprise-64 virtul mhine loted in the VM Templtes folder, nd lik Templte > Convert to Templte. 5 Clik Yes to onfirm the templte onversion. 6 Repet this proedure for ll of the VM Templtes in the ontent lirry, verifying tht eh VM Templte ppers in the VM Templtes folder. Configure Single Mhine Blueprints in Region A Virtul mhine lueprints determine mhine s ttriutes, the mnner in whih it is provisioned, nd its poliy nd mngement settings. Crete Servie Ctlog in Region A A servie tlog provides ommon interfe for onsumers of IT servies to request servies, trk their requests, nd mnge their provisioned servie items. 1 Log in to the vrelize Automtion Rinpole portl. Open We rowser nd go to Log in using the following redentils. User nme Pssword Domin it-tenntdmin it-tenntdmin_pssword rinpole.lol 2 Nvigte to the Administrtion t, lik Ctlog Mngement > Servies, nd lik New. The New Servie pge ppers. 3 In the New Servie pge, onfigure the following settings nd lik OK. Nme Desription Sttus Ion Sttus Hours Owner Support Tem Chnge Window SFO Servie Ctlog Defult setting (lnk) Ative Defult setting (lnk) Defult setting (lnk) Defult setting (lnk) Defult setting (lnk) Defult setting (lnk) Defult setting (lnk) VMwre, In. 286

287 Crete Single Mhine Blueprint in Region A Crete lueprint for loning the windows-2012r2-64 virtul mhine using the speified resoures on the Compute vcenter Server. Tennts n lter use this lueprint for utomti provisioning. A lueprint is the omplete speifition for virtul, loud, or physil mhine. Blueprints determine mhine's ttriutes, the mnner in whih it is provisioned, nd its poliy nd mngement settings. Repet this proedure to rete the following six lueprints. Customiztion Blueprint Nme VM Templte Speifition Reservtion Poliy Windows Server 2012 R2 - SFO Prod windows-2012r2-64 (sfo01w01v01.sfo01.rinpole.lol) it-windowsjoindomin-ustom-spe SFO-Prodution- Poliy Windows Server 2012 R2 - SFO Dev windows-2012r2-64 (sfo01w01v01.sfo01.rinpole.lol) it-windowsjoindomin-ustom-spe SFO-Development- Poliy Windows Server 2012 R2 With SQL SFO Prod windows-2012r2-64- sql2012(sfo01w01v01.sfo01.rinpole.lol) it-windowsjoindomin-ustom-spe SFO-Prodution- Poliy Windows Server 2012 R2 With SQL SFO Dev windows-2012r2-64- sql2012(sfo01w01v01.sfo01.rinpole.lol) it-windowsjoindomin-ustom-spe SFO-Development- Poliy Redht Enterprise Linux 6 - SFO Prod it-linux-ustom-spe redht6- enterprise-64(sfo01w01v01.sfo01.rinpole.lol) SFO-Prodution- Poliy Redht Enterprise Linux 6 - SFO Dev it-linux-ustom-spe redht6- enterprise-64(sfo01w01v01.sfo01.rinpole.lol) SFO-Development- Poliy 1 Log in to the vrelize Automtion Rinpole portl. Open We rowser nd go to Log in using the following redentils. User nme Pssword Domin it-tenntdmin it-tenntdmin_pssword rinpole.lol 2 Nvigte to Design > Blueprints. 3 Clik New. 4 In the New Blueprint dilog ox, onfigure the following settings on the Generl t. Clik OK. Nme Deployment limit Windows Server 2012 R2 - SFO Prod Defult setting (lnk) VMwre, In. 287

288 Lese (dys): Minimum 30 Lese (dys): Mximum 270 Arhive (dys) 15 5 Selet nd drg the vsphere (vcenter) Mhine ion to Design Cnvs. 6 Clik the Generl t, onfigure the following settings, nd lik Sve. ID Desription Disply lotion on request Reservtion poliy Mhine prefix Instnes: Minimum Instnes: Mximum Defult Defult setting (vsphere_vcenter_mhine_1) Defult setting (lnk) Deseleted SFO-Prodution-Poliy Use group defult Defult setting Defult setting 7 Clik the Build Informtion t, onfigure the following settings, nd lik Sve. Blueprint type Ation Provisioning workflow Server Clone CloneWorkflow VMwre, In. 288

289 Clone from Customiztion spe windows-2012r2-64 templte it-windows-joindomin-ustom-spe Note If the vlue of the Clone from setting does not list windows-2012r2-64 templte, you must perform dt olletion on the sfo01-w01-omp01 Compute Resoure. 8 Clik the Mhine Resoures t, onfigure the following settings, nd lik Sve. Minimum Mximum CPU 2 4 Memory (MB): Storge Defult setting Defult setting 9 Clik the Network t. Selet Network & Seurity in the Ctegories setion to disply the list of ville network nd seurity omponents. Selet the Existing Network omponent nd drg it onto the design nvs. Clik in the Existing network text ox nd selet the Ext-Net-Profile-Prodution-We network profile. Blueprint Nme Windows Server 2012 R2 - SFO Prod Windows Server 2012 R2 - SFO Dev Windows Server 2012 R2 With SQL SFO Prod Windows Server 2012 R2 With SQL SFO Dev Redht Enterprise Linux 6 - SFO Prod Redht Enterprise Linux 6 - SFO Dev Existing network Ext-Net-Profile-Prodution-We Ext-Net-Profile-Development-We Ext-Net-Profile-Prodution-DB Ext-Net-Profile-Development-DB Ext-Net-Profile-Prodution-App Ext-Net-Profile-Development-App d e Clik Sve. Selet the vsphere_vcenter_mhine ojet from the design nvs. VMwre, In. 289

290 f Selet the Network t, lik New, nd onfigure the following settings. Clik OK. Network Assignment Type Address ExtNetProfileProdutionWe Stti IP Defult setting (lnk) ExtNetProfileDevelopmentWe Stti IP Defult setting (lnk) ExtNetProfileProdutionDB Stti IP Defult setting (lnk) ExtNetProfileDevelopmentDB Stti IP Defult setting (lnk) ExtNetProfileProdutionApp Stti IP Defult setting (lnk) ExtNetProfileDevelopmentApp Stti IP Defult setting (lnk) g Clik Finish to sve the lueprint. 10 Selet the lueprint Windows Server 2012 R2 - SFO Prod nd lik Pulish. 11 Repet this proedure to rete dditionl lueprints. Crete Entitlements for Business Groups in Region A You dd servie, tlog item, or tion to n entitlement, llowing the users nd groups identified in the entitlement to request provisionle items in the servie tlog. The entitlement llows memers of prtiulr usiness group (for exmple, the Prodution usiness group) to use the lueprint. Without the entitlement, users nnot use the lueprint. Perform this proedure twie to rete entitlements for oth the Prodution nd Development usiness groups. VMwre, In. 290

291 Entitlement Nme Sttus Business Group User & Groups Prod-SingleVM-Entitlement Ative Prodution ug-itac-tenntadmins Dev-SingleVM-Entitlement Ative Development ug-itac-tenntadmins 1 Log in to the vrelize Automtion Rinpole portl. Open We rowser nd go to Log in using the following redentils. User nme Pssword Domin it-tenntdmin it-tenntdmin_pssword rinpole.lol 2 Clik the Administrtion t, nd lik Ctlog Mngement > Entitlements. 3 Clik New. The New Entitlement pge ppers. 4 On the New Entitlement pge, selet the Detils t, onfigure the following vlues, nd lik Next. Prodution Development Nme Prod-SingleVM-Entitlement Dev-SingleVM-Entitlement Desription Defult setting (lnk) Defult setting (lnk) Expirtion Dte Defult setting (lnk) Defult setting (lnk) Sttus Ative Ative Business Group Prodution Development All Users nd Groups Unseleted Unseleted Users & Groups ug-itac-tenntadmins ug-itac-tenntadmins VMwre, In. 291

292 5 Clik the Items & Approvls t. On the Entitlement Ations pge, lik the Add Ation ion, dd the following tions, nd lik OK. Connet using RDP (Mhine) Power Cyle (Mhine) Power Off (Mhine) Power On (Mhine) Reoot (Mhine) Shutdown (Mhine) Clik Finish. 6 Repet this proedure to rete n entitlement for the Development usiness group. Use the sme Entitled Ations s for the Prodution usiness group. Configure Entitlements for Blueprints in Region A You entitle users to the tions nd items tht elong to the servie tlog y ssoiting eh lueprint with n entitlement. Repet this proedure to ssoite the lueprints with their entitlement. Blueprint Nme Servie Ctlog Add to Entitlement Windows Server 2012 R2 - SFO Prod SFO Servie Ctlog Prod-SingleVM-Entitlement Windows Server 2012 R2 - SFO Dev SFO Servie Ctlog Dev-SingleVM-Entitlement Windows Server 2012 R2 With SQL SFO Prod SFO Servie Ctlog Prod-SingleVM-Entitlement Windows Server 2012 R2 With SQL SFO Dev SFO Servie Ctlog Dev-SingleVM-Entitlement Redht Enterprise Linux 6 - SFO Prod SFO Servie Ctlog Prod-SingleVM-Entitlement Redht Enterprise Linux 6 - SFO Dev SFO Servie Ctlog Dev-SingleVM-Entitlement VMwre, In. 292

293 1 Log in to the vrelize Automtion Rinpole portl. Open We rowser nd go to Log in using the following redentils. User nme Pssword Domin it-tenntdmin it-tenntdmin_pssword rinpole.lol 2 Selet the Administrtion t nd nvigte to Ctlog Mngement > Ctlog Items. 3 On the Ctlog Items pne, selet the Windows Server 2012 R2 - SFO Prod lueprint in the Ctlog Items list nd lik Configure. 4 On the Generl t of the Configure Ctlog Item dilog ox, selet SFO Servie Ctlog from the Servie drop-down menu, nd lik OK. VMwre, In. 293

294 5 Assoite the lueprint with the Prod-SingleVM-Entitlement entitlement. Clik Entitlements nd selet Prod-SingleVM-Entitlement. The Edit Entitlement pne ppers. Selet the Items & Approvls t nd dd the Windows Server 2012 R2 - SFO Prod lueprint to the Entitled Items list. Clik OK. Clik Finish. 6 Selet the Ctlog t nd verify tht the lueprints re listed in the Servie Ctlog. 7 Repet this proedure to ssoite ll of the lueprints with their entitlements. Test the Deployment of Single Mhine Blueprint in Region A Test your environment nd onfirm the suessful provisioning of virtul mhines using the lueprints tht hve een reted. VMwre, In. 294

295 1 Log in to the vrelize Automtion Rinpole portl. Open We rowser nd go to Log in using the following redentils. User nme Pssword Domin it-tenntdmin it-tenntdmin_pssword Rinpole.lol 2 Selet the Ctlog t, nd lik SFO Servie Ctlog from the tlog of ville servies. 3 Clik the Request utton for the Windows Server 2012 R2 - SFO Prod lueprint. 4 Clik Sumit. 5 Verify the request finishes suessfully. Selet the Requests t. Selet the request you sumitted nd wit severl minutes for the request to omplete. Clik the Refresh ion every few minutes until Suessful messge ppers under Sttus. d Clik View Detils. Under Sttus Detils, verify tht the virtul mhine suessfully provisioned. 6 Verify the virtul mhine provisions in the onsolidted luster. Open We rowser nd go to Log in s the vcenter Server dministrtor using the following redentils. User nme Pssword dministrtor@vsphere.lol venter_dmin_pssword Selet Home > VMs nd Templtes. d In the Nvigtor pnel, expnd the vcenter Server luster sfo01w01v01.sfo01.rinpole.lol > sfo01-w01-omp01 > sfo01-w01rp-user-vm, nd verify the existene of the virtul mhine. VMwre, In. 295

296 Region A Opertions 4 Implementtion Deploy vrelize Opertions Mnger nd vrelize Log Insight in Region A to dd monitoring pilities to your SDDC. 1 Region A vrelize Opertions Mnger Implementtion Deploy the vrelize Opertions Mnger nlytis luster to monitor the resoures in your SDDC. Deploy lso remote olletors to ollet dt from the vcenter Server instnes in Region A. 2 Region A vrelize Log Insight Implementtion Deploy vrelize Log Insight in luster onfigurtion of three nodes with n integrted lod lner: one mster nd two worker nodes. 3 Region A vsphere Updte Mnger Downlod Servie Implementtion Instll the vsphere Updte Mnger Downlod Servie (UMDS) on Linux virtul mhine to downlod nd store inries nd metdt in shred repository in Region A. Connet UMDS to the vsphere Updte Mnger instne on the Mngement vcenter Server nd on Compute vcenter Server. Region A vrelize Opertions Mnger Implementtion Deploy the vrelize Opertions Mnger nlytis luster to monitor the resoures in your SDDC. Deploy lso remote olletors to ollet dt from the vcenter Server instnes in Region A. 1 Deploy vrelize Opertions Mnger in Region A Strt the deployment of vrelize Opertions Mnger in Region A y deploying the nodes of the nlytis luster nd the remote olletor nodes. 2 Configure the Lod Blner for vrelize Opertions Mnger in Region A Configure lod lning for the nlytis luster on the dedited sfo01m01l01 NSX Edge servies gtewy for Region A. The remote olletor group for Region A does not require lod lning. 3 Add n Authentition Soure for the Ative Diretory in Region A Connet vrelize Opertions Mnger to the Ative Diretory of the SDDC for entrl user mngement nd ess ontrol. VMwre, In. 296

297 4 Configure User Aess in vsphere for Integrtion with vrelize Opertions Mnger in Region A Configure opertions servie ounts with permissions tht re required to enle vrelize Opertions Mnger ess to monitoring dt on the Mngement vcenter Server nd Compute vcenter Server in Region A. 5 Add vcenter Adpter Instnes to vrelize Opertions Mnger for Region A After you deploy the nlytis luster nd the remote olletor nodes of vrelize Opertions Mnger in Region A nd strt vrelize Opertions Mnger, pir vcenter Adpter instne with the Mngement vcenter Server nd nother dpter instne with the Compute vcenter Server in Region A. 6 Connet vrelize Opertions Mnger to the NSX Mngers in Region A Instll nd onfigure the vrelize Opertions Mngement Pk for NSX for vsphere to monitor the NSX networking servies deployed in eh vsphere luster nd view the vsphere hosts in the NSX trnsport zones. You n lso ess end to end logil network topologies etween ny two virtul mhines or NSX ojets for etter visiility into logil onnetivity. Physil host nd network devie reltionship in this view lso helps in isolting prolems in the logil or physil network. 7 Connet vrelize Opertions Mnger to vrelize Automtion in Region A Instll nd onfigure the vrelize Opertions Mnger Mngement Pk for vrelize Automtion to monitor the helth nd pity risk of your loud infrstruture in the ontext of the tennt's usiness groups. 8 Connet vrelize Opertions Mnger with vrelize Business in Region A Configure the vrelize Opertions Mnger Mngement Pk for vrelize Business to view your infrstruture performne, ost informtion, nd lso trouleshooting tips. You n onnet vrelize Opertions Mnger to single instne of vrelize Business for Cloud. 9 Enle Storge Devie Monitoring in vrelize Opertions Mnger in Region A Instll nd onfigure the vrelize Opertions Mngement Pk for Storge Devies to view the storge topology, nd to monitor the pity nd prolems on storge omponents. 10 Enle vsan Monitoring in vrelize Opertions Mnger in Region A Configure the vrelize Opertions Mngement Pk for vsan to view the vsan topology, nd to monitor the pity nd prolems. 11 Configure E-Mil Alerts for vrelize Opertions Mnger in Region A You onfigure e-mil notifitions in vrelize Opertions Mnger so tht users nd pplitions reeive the dministrtive lerts from vrelize Opertions Mnger out ertin situtions in the dt enter. Deploy vrelize Opertions Mnger in Region A Strt the deployment of vrelize Opertions Mnger in Region A y deploying the nodes of the nlytis luster nd the remote olletor nodes. VMwre, In. 297

298 1 Prerequisites for Deploying vrelize Opertions Mnger in Region A Before you deploy vrelize Opertions Mnger, verify tht your environment stisfies the requirements for this deployment. 2 Deploy the Anlytis Cluster Virtul Applines in Region A Use the vsphere We Client to deploy eh vrelize Opertions Mnger nlytis node s virtul ppline on the mngement luster in Region A. 3 Configure the Mster Node in the Anlytis Cluster in Region A After you deploy the virtul ppline for the mster node of the vrelize Opertions Mnger nlytis luster, enle its dministrtion role in the luster. 4 Configure the Mster Repli Node in the Anlytis Cluster in Region A After you deploy virtul ppline instne for the mster repli node nd onfigure mster node in the luster, enle the luster node funtionlity of the mster repli node nd join it to the nlytis luster. 5 Configure the Dt Node in the Anlytis Cluster in Region A After you deploy the virtul ppline for dt node of the vrelize Opertions Mnger nlytis luster, enle its role in the luster. 6 Deploy the Remote Colletor Virtul Applines in Region A After you deploy nd enle the roles of the nlytis luster nodes, use the vsphere We Client to deploy eh of the two virtul pplines for the remote olletor group in Region A. In multiregion environment, you deploy remote olletors to forwrd dt from the vcenter Server instnes in Region A to the nlytis luster lso to support filover of the nlytis luster. 7 Connet the Remote Colletor Nodes to the Anlytis Cluster in Region A After you deploy the virtul pplines for the remote olletor nodes on the Mngement vcenter Server, onfigure the settings of the remote olletors nd onnet them to the nlytis luster. 8 Configure DRS Anti-Affinity Rules for vrelize Opertions Mnger in Region A To protet the vrelize Opertions Mnger virtul mhines from host-level filure, onfigure vsphere DRS to run oth the virtul mhines of the nlytis luster nd of the remote olletors on different hosts in the mngement luster. 9 Enle High Avilility nd Strt vrelize Opertions Mnger in Region A After you deploy the virtul pplines for the nlytis luster nodes nd remote olletor nodes, enle high vilility in the nlytis luster y ssigning the repli role to the vrops01svr01 node, nd strt the nlytis luster. 10 Assign Liense to vrelize Opertions Mnger in Region A After you deploy nd strt vrelize Opertions Mnger in Region A, you ssign vlid liense. VMwre, In. 298

299 11 Group Remote Colletor Nodes in Region A After you strt vrelize Opertions Mnger nd ssign it liense, join the remote olletors in group for dpter resilieny in the ses where the olletor experienes network interruption or eomes unville. Prerequisites for Deploying vrelize Opertions Mnger in Region A Before you deploy vrelize Opertions Mnger, verify tht your environment stisfies the requirements for this deployment. IP Addresses nd Host Nmes Verify tht stti IP ddresses nd FQDNs for the pplition virtul network re ville for the first region of the SDDC deployment. For the nlytis luster pplition virtul network, llote 3 stti IP ddresses nd FQDNs for the nodes nd one for the lod lner, nd mp host nmes to the IP ddresses. For the remote olletor group, llote 2 stti IP ddresses nd FQDNs. Tle 4 1. Applition Virtul Network Nmes for vrelize Opertions Mnger vrelize Opertions Mnger Component Anlytis Cluster Remote Colletor Group Applition Virtul Network Mgmt-xRegion01-VXLAN Mgmt-RegionA01-VXLAN Tle 4 2. IP Addresses nd Host Nmes for the Anlytis Cluster in Region A Role IP Address FQDN Externl lod lner VIP ddress vrops01svr01.rinpole.lol Mster node vrops01svr01.rinpole.lol Mster repli node vrops01svr01.rinpole.lol Dt node vrops01svr01.rinpole.lol Defult gtewy DNS server Sunet msk NTP servers ntp.sfo01.rinpole.lol ntp.lx01.rinpole.lol Tle 4 3. IP Addresses nd Host Nmes for the Remote Colletors in Region A Role IP Address FQDN Remote olletor node sfo01vrops01.sfo01.rinpole.lol Remote olletor node sfo01vrops01.sfo01.rinpole.lol Defult gtewy VMwre, In. 299

300 Tle 4 3. IP Addresses nd Host Nmes for the Remote Colletors in Region A (Continued) Role IP Address FQDN DNS server Sunet msk Deployment Prerequisites Verify tht your environment stisfies the following prerequisites for deployment of vrelize Opertions Mnger. Prerequisite Storge Virtul disk provisioning. Thin Required storge per nlytis luster node. Initil storge for the nlytis luster node: 274 GB Additionl storge for monitoring dt per nlytis luster node: 750 GB Required storge per remote olletor group node. Initil storge per node: 274 GB Softwre Fetures Verify tht vcenter Server is opertionl. Verify tht the vsphere luster hs vsphere DRS nd HA enled. Verify tht the NSX Mnger is opertionl. Verify tht the pplition virtul networks re ville. Verify tht the Lod Blner servie is enled on the NSX Edge servies gtewy. Verify tht vrelize Log Insight is opertionl. Verify tht vrelize Automtion is opertionl. Verify tht vrelize Business for Cloud is opertionl. Verify tht Postmn REST API App is instlled in your Chrome rowser. Instlltion Pkge Downlod the.ov file of the vrelize Opertions Mnger virtul ppline on the mhine where you use the vsphere We Client. Downlod the.pk file for the vrelize Opertions Mnger Mngement Pk for NSX for vsphere from VMwre Solutions Exhnge. Downlod the.pk file for the vrelize Opertions Mnger Mngement Pk for Storge Devies from VMwre Solutions Exhnge. Liense Verify tht you hve otined liense tht overs the use of vrelize Opertions Mnger. Ative Diretory Verify tht you hve prent tive diretory with the SDDC user roles onfigured for the rinpole.lol domin. Certifition Authority Configure the root Ative Diretory domin ontroller s ertifite uthority for the environment. Downlod the CertGenVVD tool nd generte the signed ertifite for the nlytis luster. See the VMwre Vlidted Design Plnning nd Preprtion doumenttion. Externl Servies Verify tht you hve ess to SMTP server. Verify tht SNMP is enled in your network environment, to monitor network devies. Verify tht Link Lyer Disovery Protool (LLDP) or Ciso Disovery Protool (CDP) is enled on eh network devie, for omplete monitoring of your environment. VMwre, In. 300

301 Deploy the Anlytis Cluster Virtul Applines in Region A Use the vsphere We Client to deploy eh vrelize Opertions Mnger nlytis node s virtul ppline on the mngement luster in Region A. You repet the deployment for eh of the three nlytis nodes: mster, mster repli, nd dt. 1 Log in to vcenter Server y using the vsphere We Client. Open We rowser nd go to Log in using the following redentils. User nme Pssword dministrtor@vsphere.lol vsphere_dmin_pssword 2 Nvigte to the sfo01m01v01.sfo01.rinpole.lol vcenter Server ojet. 3 Right-lik the sfo01m01v01.sfo01.rinpole.lol ojet nd selet Deploy OVF Templte. 4 On the Selet templte pge, selet Lol file, rowse to the lotion of the vrelize Opertions Mnger OVA file on your file system, nd lik Next. 5 On the Selet nme nd lotion pge, enter node nme, selet the inventory folder for the virtul ppline, nd lik Next. Enter nme for the node ording to its role. Nme vrops01svr01 vrops01svr01 Role Mster node Mster repli node vrops01svr01 Dt node 1 Selet the inventory folder for the virtul ppline. vcenter Server Dtenter Folder sfo01m01v01.sfo01.rinpole.lol sfo01-m01d sfo01-m01fd-vrops 6 On the Selet resoure pge, selet the following vlues, nd lik Next. Dtenter Cluster sfo01-m01d sfo01-m01-mgmt01 VMwre, In. 301

302 7 On the Review detils pge, exmine the virtul ppline detils, suh s produt, version, downlod nd disk size, nd lik Next. 8 On the Aept liense greements pge, ept the end user liense greements nd lik Next. 9 On the Selet onfigurtion pge, from the Configurtion drop-down menu, selet the Medium deployment onfigurtion of the virtul ppline, nd lik Next. 10 On the Selet storge pge, selet the following dtstore nd onfigure its settings, nd lik Next. Selet virtul disk formt VM Storge Poliy Dtstore Thin provision vsan Defult Storge Poliy sfo01-m01-vsn01 11 On the Selet networks pge, selet the distriuted port group on the sfo01-m01-vds01 distriuted swith tht ends with Mgmt-xRegion01-VXLAN, nd lik Next. 12 On the Customize templte pge, set IPv4 settings nd selet the time zone for the virtul ppline, nd lik Next. In the Networking Properties setion, onfigure the following IPv4 settings. DNS server , Defult gtewy Stti IPv4 ddress for vrops01svr for vrops01svr for vrops01svr01 Sunet msk Timezone setting Et/UTC 13 On the Redy to omplete pge, verify tht the settings for deployment re orret, nd lik Finish. 14 After the virtul ppline is deployed, expnd the dt disk of the virtul ppline to ollet nd store dt from lrge numer of virtul mhines. In the vsphere We Client, nvigte to the virtul ppline ojet. Right-lik the virtul ppline nd selet Edit s. In the Edit s dilog ox, lote Hrd disk 2, inrese the size of the virtul ppline disk from 250 GB to 1 TB, nd lik OK. 15 After the virtul ppline onfigurtion is updted, right-lik the virtul ppline ojet nd selet Power > Power On. During the power-on proess, the virtul ppline expnds the vrelize Opertions Mnger dt prtition s well. VMwre, In. 302

303 16 Chnge the defult empty pssword for the root user. In the vsphere We Client, right-lik the nlytis virtul ppline nd selet Open Console to open the remote onsole to the ppline. Nme vrops01svr01 vrops01svr01 Role Mster node Mster repli node vrops01svr01 Dt node 1 d e Press ALT+F1 to swith to the ommnd prompt. At the ommnd prompt, log in s the root user using empty pssword. At the ommnd prompt, hnge the defult empty pssword for the root user ount with new vrops_root_pssword pssword. Close the virtul ppline onsole. 17 Repet this proedure to deploy the vrelize Opertions Mnger virtul ppline for the next node in the nlytis luster. Configure the Mster Node in the Anlytis Cluster in Region A After you deploy the virtul ppline for the mster node of the vrelize Opertions Mnger nlytis luster, enle its dministrtion role in the luster. 1 Open We rowser nd go to 2 On the Get Strted pge, lik New Instlltion. 3 On the Getting Strted pge, review the steps for reting luster, nd lik Next. 4 On the Set Administrtor Pssword pge, type nd onfirm the pssword for the dmin user ount. 5 On the Choose Certifite pge, lik the Instll ertifite utton, lik Browse, selet the ertifite hin.pem file tht ontins the own privte key nd the issuer nd own ertifite files, nd lik Next. You generte PEM file vrops.2.hin.pem y using the CertGenVVD tool. After the setup imports nd vlidtes the ertifite, notie tht the ertifite hs ommon nme, vrops01svr01.rinpole.lol, nd sujet lterntive nme tht ontins vrops01svr01.rinpole.lol for the mster node. 6 On the Deployment s pge, onfigure the following settings, nd lik Next. Cluster Mster Node Nme NTP Server Address vrops01svr01 ntp.sfo01.rinpole.lol VMwre, In. 303

304 7 On the Redy To Complete pge, lik Finish When the onfigurtion proess ompletes, the vrelize Opertions Mnger Administrtion onsole opens. 8 Clik System Sttus in the Administrtion pnel to verify tht you hve vrelize Opertions Mnger instne reted. The virtul ppline instne ting s the mster node ppers in the Nodes in the vrelize Opertions Mnger Cluster list. Configure the Mster Repli Node in the Anlytis Cluster in Region A After you deploy virtul ppline instne for the mster repli node nd onfigure mster node in the luster, enle the luster node funtionlity of the mster repli node nd join it to the nlytis luster. 1 Open We rowser nd go to 2 On the Get Strted pge, lik Expnd n Existing Instlltion. 3 On the Getting Strted pge, review the steps for reting luster, nd lik Next. 4 On the Node s nd Cluster Info pge, onfigure the settings of the node in the nlytis luster. Enter node nme, selet node type, nd enter the mster node ddress. Node nme Node type Mster node IP ddress or FQDN vrops01svr01 Dt vrops01svr01.rinpole.lol Clik Vlidte next to the Mster node IP ddress or FQDN. The ertifite of the mster node ppers in the text ox. d Verify tht the mster ertifite is orret, nd lik Aept this ertifite. Clik Next. 5 On the Usernme And Pssword pge, selet Use luster dministrtor user nme nd pssword, enter the vrops_dmin_pssword pssword for the dmin user, nd lik Next. 6 On the Redy To Complete pge, lik Finish. When the onfigurtion proess ompletes, the vrelize Opertions Mnger Administrtion onsole opens. VMwre, In. 304

305 7 Clik System Sttus in the Administrtion pnel to verify tht the node is dded to the vrelize Opertions Mnger luster. The virtul ppline instne ting s the dt node ppers in the Nodes in the vrelize Opertions Mnger Cluster list. Configure the Dt Node in the Anlytis Cluster in Region A After you deploy the virtul ppline for dt node of the vrelize Opertions Mnger nlytis luster, enle its role in the luster. 1 Open We rowser nd go to 2 On the Get Strted pge, lik Expnd n Existing Instlltion. 3 On the Getting Strted pge, review the steps for reting luster, nd lik Next. 4 On the Node s nd Cluster Info pge, onfigure the settings of the node in the nlytis luster. Enter node nme, selet node type, nd enter the mster node ddress. Node nme Node type Mster node IP ddress or FQDN vrops01svr01 Dt vrops01svr01.rinpole.lol Clik Vlidte next to the Mster node IP ddress or FQDN. The ertifite of the mster node ppers in the text ox. d Verify tht the mster ertifite is orret, nd lik Aept this ertifite. Clik Next. 5 On the Usernme And Pssword pge, selet Use luster dministrtor user nme nd pssword, enter the vrops_dmin_pssword pssword for the dmin user, nd lik Next. 6 On the Redy To Complete pge, lik Finish. After the onfigurtion proess ompletes, the vrelize Opertions Mnger Administrtion onsole opens. 7 Clik System Sttus in the Administrtion pnel to verify tht the node is dded to the vrelize Opertions Mnger luster. The virtul ppline instne tht is ting s the dt node ppers in the Nodes in the vrelize Opertions Mnger Cluster list. VMwre, In. 305

306 Deploy the Remote Colletor Virtul Applines in Region A After you deploy nd enle the roles of the nlytis luster nodes, use the vsphere We Client to deploy eh of the two virtul pplines for the remote olletor group in Region A. In multi-region environment, you deploy remote olletors to forwrd dt from the vcenter Server instnes in Region A to the nlytis luster lso to support filover of the nlytis luster. Repet this proedure two times to deploy two remote olletor pplines. 1 Log in to vcenter Server y using the vsphere We Client. Open We rowser nd go to Log in using the following redentils. User nme Pssword dministrtor@vsphere.lol vsphere_dmin_pssword 2 Nvigte to the sfo01m01v01.sfo01.rinpole.lol vcenter Server ojet. 3 Right-lik the sfo01m01v01.sfo01.rinpole.lol ojet nd selet Deploy OVF Templte. 4 On the Selet templte pge, selet Lol file, rowse to the lotion of the vrelize Opertions Mnger OVA file on your file system, nd lik Next. 5 On the Selet nme nd lotion pge, enter node nme, selet the inventory folder for the virtul ppline, nd lik Next. Nme of remote olletor 1 Nme of remote olletor 2 vcenter Server Dt enter Folder sfo01vrops01 sfo01vrops01 sfo01m01v01.sfo01.rinpole.lol sfo01-m01d sfo01-m01fd-vropsr 6 On the Selet resoure pge, selet the following vlues, nd lik Next. Dt enter Cluster sfo01-m01d sfo01-m01-mgmt01 7 On the Review detils pge, exmine the virtul ppline detils, suh s produt, version, downlod nd disk size, nd lik Next. 8 On the Aept liense greements pge, ept the end user liense greements nd lik Next. VMwre, In. 306

307 9 On the Selet onfigurtion pge, from the Configurtion drop-down menu, selet the Remote Colletor (Stndrd) deployment onfigurtion of the virtul ppline, nd lik Next. 10 On the Selet storge pge, selet the dtstore indited in the tle elow, nd lik Next. Selet virtul disk formt VM Storge Poliy Dtstore tle Thin provision vsan Defult Storge Poliy sfo01-m01-vsn01 11 On the Selet networks pge, selet the distriuted port group on the sfo01-m01-vds01 distriuted swith tht ends with Mgmt-RegionA01-VXLAN nd lik Next. 12 On the Customize templte pge, set the IPv4 settings nd selet the time zone for the virtul ppline nd lik Next. In the Networking Properties setion, onfigure the following IPv4 settings. Option Desription DNS server Defult gtewy Stti IPv4 ddress for remote olletor for remote olletor 2 Sunet msk Timezone setting Et/UTC 13 On the Redy to omplete pge, verify tht the settings for deployment re orret, nd lik Finish. 14 After the virtul ppline is deployed, right-lik the virtul ppline ojet nd selet Power > Power On. 15 Chnge the defult empty pssword for the root user. In the vsphere We Client, right-lik the remote olletor virtul ppline nd selet Open Console to open the remote onsole to the ppline. Nme Role sfo01vrops01 Remote olletor 1 sfo01vrops01 Remote olletor 2 d e Press ALT+F1 to swith to the ommnd prompt. At the ommnd prompt, log in s the root user using empty pssword. At the ommnd prompt, hnge the defult empty pssword for the root user ount with new vrops_root_pssword pssword. Close the virtul ppline onsole. 16 Repet the proedure to deploy the seond remote olletor ppline. VMwre, In. 307

308 Connet the Remote Colletor Nodes to the Anlytis Cluster in Region A After you deploy the virtul pplines for the remote olletor nodes on the Mngement vcenter Server, onfigure the settings of the remote olletors nd onnet them to the nlytis luster. 1 Open We rowser, nd go to the initil setup user interfe of eh remote olletor virtul ppline. Remote Colletor Node Remote olletor 1 Remote olletor 2 URL for Setup Interfe On the Get Strted pge, lik Expnd n Existing Instlltion. 3 On the Getting Strted pge, review the steps for reting luster, nd lik Next. 4 On the Node s And Cluster Info pge, onfigure the settings of the remote olletor node. Enter node nme, selet node type, nd enter the mster node ddress. Node nme sfo01vrops01 for remote olletor 1 sfo01vrops01 for remote olletor 2 Node type Mster node IP ddress or FQDN Remote Colletor vrops01svr01.rinpole.lol Clik Vlidte next to the Mster node IP ddress or FQDN text ox. The ertifite of the mster node ppers in the text ox. Vlidte tht the mster ertifite is orret, lik Aept this ertifite, nd lik Next. 5 On the Usernme And Pssword pge, selet Use luster dministrtor user nme nd pssword, enter the vrops_dmin_pssword pssword for the dmin user, nd lik Next. 6 On the Redy to Complete pge, lik Finish. After the onfigurtion proess ompletes, the vrelize Opertions Mnger Administrtion onsole opens. 7 Clik System Sttus in the Administrtion pnel to verify tht the node is dded to the vrelize Opertions Mnger luster. The virtul ppline instne ting s the remote olletor node ppers in the Nodes in the vrelize Opertions Mnger Cluster list. 8 Repet the proedure to onfigure the seond remote olletor node. VMwre, In. 308

309 After the onfigurtion of the seond remote olletor is omplete, the luster on the System Sttus pge of the dministrtion user interfe onsists of the following nodes:vrops01svr01, vrops01svr01, vrops01svr01, nd the remote olletors sfo01vrops01 nd sfo01vrops01. Configure DRS Anti-Affinity Rules for vrelize Opertions Mnger in Region A To protet the vrelize Opertions Mnger virtul mhines from host-level filure, onfigure vsphere DRS to run oth the virtul mhines of the nlytis luster nd of the remote olletors on different hosts in the mngement luster. You use two nti-ffinity rules for the nlytis virtul mhines: one for the nlytis nodes nd one for the remote olletor nodes. This rule onfigurtion lso ommodtes the se when you ple host from the mngement luster in mintenne mode. 1 Log in to vcenter Server y using the vsphere We Client. Open We rowser nd go to Log in using the following redentils. User nme Pssword dministrtor@vsphere.lol vsphere_dmin_pssword 2 Nvigte to the sfo01m01v01.sfo01.rinpole.lol vcenter Server ojet, nd under the sfo01- m01d dt enter ojet selet the sfo01-m01-mgmt01 luster. 3 Clik the Configure t. 4 Under the Configurtion group of settings, selet VM/Host Rules. 5 Crete the new nti-ffinity rules for the vrelize Opertions Mnger nlytis luster nd remote olletors using the following settings. for the Anlytis Nodes for the Remote Colletors Nme nti-ffinity-rule-vropsm nti-ffinity-rule-vropsr Enle rule Seleted Seleted VMwre, In. 309

310 for the Anlytis Nodes for the Remote Colletors Type Seprte Virtul Mhines Seprte Virtul Mhines Memers vrops01svr01 vrops01svr01 vrops01svr01 sfo01vrops01 sfo01vrops01 In the VM/Host Rules list, lik Add ove the rules list. In the Crete VM/Host Rule dilog ox, dd the new nti-ffinity rule for the virtul mhines of the vrelize Opertions Mnger nlytis luster, nd lik OK. Repet the step to dd the nti-ffinity rule for the remote olletor virtul mhines of the vrelize Opertions Mnger. Enle High Avilility nd Strt vrelize Opertions Mnger in Region A After you deploy the virtul pplines for the nlytis luster nodes nd remote olletor nodes, enle high vilility in the nlytis luster y ssigning the repli role to the vrops01svr01 node, nd strt the nlytis luster. 1 Log in to vrelize Opertions Mnger y using the dministrtion interfe. Open We rowser nd go to Log in using the following redentils. User nme Pssword dmin vrops_dmin_pssword On the System Sttus pge, the luster sttus is Not Strted, nd the high vilility of the luster is Disled. 2 On the System Sttus pge, lik Enle under High Avilility. A list of ll nodes tht hve the dt node role ppers. 3 In the Enle High Avilility dilog ox, onfigure the following vlues, nd lik OK. vrops01svr01 Enle High Avilility for this luster Seleted Seleted High vilility eomes enled fter severl minutes. The vrops01svr01 is the mster node, vrops01svr01 is the mster repli node, nd the remining nodes re dt nd remote olletors nodes. 4 Clik Strt vrelize Opertions Mnger. VMwre, In. 310

311 5 On the Confirm First Applition Strtup dilog, lik Yes to onfirm the strtup of vrelize Opertions Mnger. After severl minutes, the nodes of the vrelize Opertions Mnger luster strt. The nlytis luster nd remote olletors for Region A re online. You re logged out from the dministrtor interfe of the mster node. Assign Liense to vrelize Opertions Mnger in Region A After you deploy nd strt vrelize Opertions Mnger in Region A, you ssign vlid liense. 1 Log in to vrelize Opertions Mnger y using the dministrtion interfe. Open We rowser nd go to Log in using the following redentils. User nme Pssword dmin vrops_dmin_pssword 2 On the Welome pge of the vrelize Opertions Mnger Configurtion wizrd, exmine the proess overview, nd lik Next. 3 On the Aept EULA pge, ept the end user liense greement, nd lik Next. 4 On the Enter Produt Liense Key pge, enter the vrelize Opertions Mnger produt liense key. Selet Produt Key nd enter the liense key. Clik Vlidte Liense Key, nd lik Next. 5 (Optionl) On the Customer Experiene Improvement Progrm pge, to send tehnil informtion for produt improvement, selet Join the VMwre Customer Experiene Impovement Progrm nd lik Next. 6 On the Redy to Complete pge, lik Finish. The vrelize Opertions Mnger user interfe opens. Group Remote Colletor Nodes in Region A After you strt vrelize Opertions Mnger nd ssign it liense, join the remote olletors in group for dpter resilieny in the ses where the olletor experienes network interruption or eomes unville. VMwre, In. 311

312 1 Log in to vrelize Opertions Mnger y using the dministrtion interfe. Open We rowser nd go to Log in using the following redentils. User nme Pssword dmin vrops_dmin_pssword 2 On the min nvigtion r, lik Administrtion. 3 In the left pne of vrelize Opertions Mnger, lik Mngement nd lik Colletor Groups. 4 Clik Add. 5 In the Add New Colletor Group dilog ox, onfigure the following settings, nd lik Sve. Nme Desription sfo01vrops01 sfo01vrops01 sfo01-remote-olletors Remote olletor group for sfo01 Seleted Seleted The sfo01-remote-olletors group ppers on the Colletor Groups pge under the Administrtion view of the user interfe. Configure the Lod Blner for vrelize Opertions Mnger in Region A Configure lod lning for the nlytis luster on the dedited sfo01m01l01 NSX Edge servies gtewy for Region A. The remote olletor group for Region A does not require lod lning. 1 Log in to vcenter Server y using the vsphere We Client. Open We rowser nd go to Log in using the following redentils. User nme Pssword dministrtor@vsphere.lol vsphere_dmin_pssword 2 From the Home menu, selet Networking & Seurity. The vsphere We Client displys the NSX Home pge. VMwre, In. 312

313 3 On the NSX Home pge, lik NSX Edges nd selet from the NSX Mnger dropdown menu t the top of the NSX Edges pge. 4 On the NSX Edges pge, doule-lik the sfo01m01l01 NSX edge. 5 Configure the lod lning VIP ddress for nlytis luster. d On the Mnge t, lik the s t nd lik Interfes. Selet the OneArmLB interfe nd lik the Edit. In the Edit NSX Edge Interfe dilog ox, lik the Edit nd in the Seondry IP Addresses text ox enter the VIP ddress. Clik OK to sve the onfigurtion. 6 Crete n pplition profile. On the Mnge t for the sfo01m01l01 devie, lik the Lod Blner t. Clik Applition Profiles, nd lik Add. In the New Profile dilog ox, onfigure the profile using the following onfigurtion settings, nd lik OK. Nme Type Enle SSL Pssthrough Persistene vrops-https HTTPS Seleted Soure IP Expires in (Seonds) 1800 Client Authentition Ignore 7 Crete servie monitoring entry. On the Lod Blner t for the of the sfo01m01l01 devie, lik Servie Monitoring nd lik Add. In the New Servie Monitor dilog ox, onfigure the helth hek prmeters using the following onfigurtion settings, nd lik OK. Nme vrops-443-monitor Intervl 3 Timeout 5 Mx Retries 2 Type Method URL Reeive HTTPS GET /suite-pi/pi/deployment/node/sttus ONLINE (must e upper se) VMwre, In. 313

314 8 Add server pool. On the Lod Blner t of the sfo01m01l01 devie, selet Pools, nd lik Add In the New Pool dilog ox, onfigure the lod lning profile using the following onfigurtion settings. Nme Algorithm Monitors vrops-svr-443 LEASTCONN vrops-443-monitor d Under Memers, lik Add to dd the pool memers. In the New Memer dilog ox, dd one memer for eh node of the nlytis luster nd lik OK. Nme vrops01svr01 vrops01svr01 vrops01svr01 IP Address Stte Enle Port 443 Monitor Port 443 Weight 1 Mx Connetions 8 Min Connetions 8 e In the New Pool dilog ox, lik OK. VMwre, In. 314

315 9 Add virtul server. On the Lod Blner t of the sfo01m01l01 devie, selet Virtul Servers nd lik Add. In the New Virtul Server dilog ox, onfigure the settings of the virtul server for the nlytis luster nd lik OK. Enle Virtul Server Applition Profile Nme Desription Seleted vrops-https vrops-svr-443 vrelize Opertions Mnger Cluster IP Address Clik Selet IP Address, selet OneArmLB from the drop-down menu nd selet IP for the virtul NIC. Protool HTTPS Port 443 Defult Pool vrops-svr-443 Connetion Limit 0 Connetion Rte Limit 0 You n now onnet to the nlytis luster using the puli Virtul Server IP ddress over HTTPS t the ddress. 10 Configure uto-rediret from HTTP to HTTPS requests. The NSX Edge n rediret users from HTTP to HTTPS without entering nother URL in the rowser. On the Lod Blner t of the sfo01m01l01 devie, selet Applition Profiles nd lik Add. In the New Profile dilog ox, onfigure the pplition profile settings nd lik OK. Nme Type HTTP Rediret URL Persistene vrops-http-rediret HTTP Soure IP Expires in (Seonds) 1800 VMwre, In. 315

316 d On the Lod Blner t of the sfo01m01l01 devie, selet Virtul Servers nd lik Add. Configure the settings of the virtul server for HTTP redirets nd lik OK. Enle Virtul Server Applition Profile Nme Desription Seleted vrops-http-rediret vrops-svr-80-rediret HTTP Rediret for vrelize Opertions Mnger IP Address Protool HTTP Port 80 Defult Pool NONE Connetion Limit 0 Connetion Rte Limit 0 You n onnet to the nlytis luster t the puli Virtul Server IP ddress over HTTP t the ddress. 11 Verify the pool onfigurtion y exmining the pool sttistis tht reflet the sttus of the omponents ehind the lod lner. d e f g h Log out nd log in gin to the vsphere We Client. From the Home menu, selet Networking & Seurity. On the NSX Home pge, lik NSX Edges nd selet from the NSX Mnger drop-down menu t the top of the NSX Edges pge. On the NSX Edges pge, doule-lik the sfo01m01l01 NSX edge. On the Mnge t, lik the Lod Blner t. Selet Pools nd lik Show Pool Sttistis. In the Pool nd Memer Sttus dilog ox, selet the vrops-svr-443 pool. Verify tht the lod lner pool is up. Add n Authentition Soure for the Ative Diretory in Region A Connet vrelize Opertions Mnger to the Ative Diretory of the SDDC for entrl user mngement nd ess ontrol. VMwre, In. 316

317 1 Log in to vrelize Opertions Mnger y using the opertions interfe. Open We rowser nd go to Log in using the following redentils. User nme Pssword dmin vrops_dmin_pssword 2 On the min nvigtion r, lik Administrtion. 3 In the left pne of vrelize Opertions Mnger, lik Aess nd lik Authentition Soures. 4 On the Authentition Soures pge, lik the Add. 5 In the Add Soure for User nd Group Import dilog ox, enter the settings for the rinpole.lol nd sfo01.rinpole.lol Ative Diretories, nd lik OK. Ative Diretory s rinpole.lol sfo01.rinpole.lol Soure Disply Nme RAINPOLE.LOCAL SFO01.RAINPOLE.LOCAL Soure Type Ative Diretory Ative Diretory Integrtion Mode Bsi Bsi Domin/Sudomin RAINPOLE.LOCAL SFO01.RAINPOLE.LOCAL Use SSL/TLS Deseleted Deseleted User Nme sv-vrops@rinpole.lol sv-vrops@rinpole.lol Pssword sv-vrops_pssword sv-vrops_pssword s under the Detils setion Automtilly synhronize user memership for onfigured groups Seleted Seleted Host d01rpl.rinpole.lol d01sfo.sfo01.rinpole.lol Port Bse DN d=rainpole,d=local d=sfo01,d=rainpole,d=local Common Nme userpriniplnme userpriniplnme 6 Clik the Test utton to test the onnetion to the domin ontroller nd in the Info dilog lik OK. 7 In the Add Soure for User nd Group Import dilog ox, lik OK. The users nd user groups in the two Ative Diretories re dded to vrelize Opertions Mnger. VMwre, In. 317

318 Configure User Aess in vsphere for Integrtion with vrelize Opertions Mnger in Region A Configure opertions servie ounts with permissions tht re required to enle vrelize Opertions Mnger ess to monitoring dt on the Mngement vcenter Server nd Compute vcenter Server in Region A. You ssoite the sv-vrops-xxx servie ounts in the Ative Diretory with user roles tht hve ertin privileges nd you ssign the users to the vcenter Server instned in the inventory. 1 Define User Role in vsphere for Storge Devies Adpters in vrelize Opertions Mnger for Region A In vsphere, rete user role with privileges tht re required for olleting dt out storge devies nd vsan helth in vrelize Opertions Mnger. 2 Configure User Privileges in vsphere for Integrtion with vrelize Opertions Mnger for Region A Assign glol permissions in Region A to the opertions servie ounts in order to ess monitoring dt from the Mngement vcenter Server nd Compute vcenter Server in Region A with vrelize Opertions Mnger. Define User Role in vsphere for Storge Devies Adpters in vrelize Opertions Mnger for Region A In vsphere, rete user role with privileges tht re required for olleting dt out storge devies nd vsan helth in vrelize Opertions Mnger. 1 Log in to vcenter Server y using the vsphere We Client. Open We rowser nd go to Log in using the following redentils. User nme Pssword dministrtor@vsphere.lol vsphere_dmin_pssword 2 On the Home pge of the vsphere We Client, lik Roles under Administrtion. VMwre, In. 318

319 3 Crete new role for olleting storge devie dt. On the Roles pge, lik the Crete role tion ion. In the Crete Role dilog ox, onfigure the role using the following onfigurtion settings, nd lik OK. Role nme MPSD Metris User Privilege Host.CIM.CIM intertion Host.Configurtion.Storge prtition onfigurtion Profile-driven storge.profile-driven storge view Storge views.view This role inherits the System.Anonymous, System.View, nd System.Red privileges. 4 The Mngement vcenter Server for Region A propgtes the role to the other linked vcenter Server instnes. Configure User Privileges in vsphere for Integrtion with vrelize Opertions Mnger for Region A Assign glol permissions in Region A to the opertions servie ounts in order to ess monitoring dt from the Mngement vcenter Server nd Compute vcenter Server in Region A with vrelize Opertions Mnger. The sv-vrops-vsphere nd sv-vrops-nsx users hve red-only ess on ll ojets in vcenter Server. The sv-vrops-mpsd nd sv-vrops-vsn users hve rights tht re speifilly required for ess to storge devie nd VSAN informtion, respetively, in vrelize Opertions Mnger on ll ojets in vcenter Server. 1 Log in to vcenter Server y using the vsphere We Client. Open We rowser nd go to Log in using the following redentils. User nme Pssword dministrtor@vsphere.lol vsphere_dmin_pssword 2 From the Home menu, selet Administrtion. VMwre, In. 319

320 3 Assign glol permissions to the following servie ounts ording to their roles. User Role Red-only Red-only MPSD Metris User MPSD Metris User d e f g Clik Glol Permissions under Aess Control. Clik Add permission on the Mnge t. In the Glol Permissions Root - Add Permission dilog ox, lik Add to ssoite user or group with role. In the Selet Users/Groups dilog ox, from the Domin drop-down menu, selet rinpole.lol, in the filter ox type sv-vrops, nd press Enter. From the list of users nd groups, selet sv-vrops-vsphere, lik Add, nd lik OK. In the Glol Permissions Root - Add Permission dilog ox, from the Assigned Role dropdown menu, selet Red-only, ensure tht Propogte to hildren is seleted, nd lik OK. Repet the steps to ssign glol permissions to the other servie ounts. Add vcenter Adpter Instnes to vrelize Opertions Mnger for Region A After you deploy the nlytis luster nd the remote olletor nodes of vrelize Opertions Mnger in Region A nd strt vrelize Opertions Mnger, pir vcenter Adpter instne with the Mngement vcenter Server nd nother dpter instne with the Compute vcenter Server in Region A. 1 Log in to vrelize Opertions Mnger y using the opertions interfe. Open We rowser nd go to Log in using the following redentils. User nme Pssword dmin vrops_dmin_pssword 2 On the min nvigtion r, lik Administrtion. 3 In the left pne of vrelize Opertions Mnger, lik Solutions. 4 From the solution tle on the Solutions pge, selet the VMwre vsphere solution, nd lik the Configure ion t the top. The Mnge Solution - VMwre vsphere dilog ox ppers. VMwre, In. 320

321 5 Under Instne s, enter the settings for onnetion to vcenter Server. If you lredy hve dded nother vcenter Adpter, lik the Add ion on the left side to dd n dpter settings. Enter the disply nme, desription nd FQDN of the vcenter Server instne. for Mngement vcenter Server for Compute vcenter Server Disply Nme vcenter Adpter - sfo01m01v01 vcenter Adpter - sfo01w01v01 Desription Mngement vcenter Server for sfo01 Compute vcenter Server for sfo01 vcenter Server sfo01m01v01.sfo01.rinpole.lol sfo01w01v01.sfo01.rinpole.lol Clik the Add ion on the right side, onfigure the olletion redentils for onnetion to the vcenter Server instnes, nd lik OK. vcenter Server Credentils Attriute Credentil nme vcenter Adpter Credentils - sfo01m01v01 vcenter Adpter Credentils - sfo01w01v01 User Nme Pssword sv-vrops-vsphere@rinpole.lol sv-vrops-vsphere-pssword d e Leve Enle Ations set to Enle so tht vcenter Adpter n run tions on ojets in the vcenter Server from vrelize Opertions Mnger. Clik Test Connetion to vlidte the onnetion to the vcenter Server instne. The vcenter Server ertifite ppers. f g h i j In the Review nd Aept Certifite dilog ox, verify the ertifite informtion nd lik Aept. Clik OK in the Info dilog ox. Expnd the Advned s setion of settings. From the Colletors/Groups drop-down menu, selet the sfo01-remote-olletors group. Speify user ount with dministrtor privileges to register vrelize Opertions Mnger with the vcenter Server instne. Registrtion user Registrtion pssword dministrtor@vsphere.lol vsphere_dmin_pssword 6 Define the gols for vsphere monitoring. Clik Define Monitoring Gols. In the Define Monitoring Gols dilog ox, under Enle vsphere Hrdening Guide Alerts?, selet Yes, leve the defult onfigurtion for the other options, nd lik Sve. Clik OK in the Suess dilog ox. VMwre, In. 321

322 7 Clik Sve s. 8 In the Info dilog ox, lik OK. 9 Repet Step 5 to Step 8 for the Compute vcenter Server. 10 In the Mnge Solution - VMwre vsphere dilog ox, lik Close. 11 On the Solutions pge, selet VMwre vsphere from the solution tle to view the olletion stte nd olletion sttus of the dpters. The olletion stte indites whether the dpter should e olleting dt. The olletion sttus vlue indites whether vrelize Opertions Mnger is reeiving dt out ertin ojet type. An dpter instne hs sttus vlue only if its olletion stte is Colleting. The Colletion Stte olumn for the vcenter Adpters displys Colleting, nd the Colletion Sttus olumn displys Dt reeiving. Connet vrelize Opertions Mnger to the NSX Mngers in Region A Instll nd onfigure the vrelize Opertions Mngement Pk for NSX for vsphere to monitor the NSX networking servies deployed in eh vsphere luster nd view the vsphere hosts in the NSX trnsport zones. You n lso ess end to end logil network topologies etween ny two virtul mhines or NSX ojets for etter visiility into logil onnetivity. Physil host nd network devie reltionship in this view lso helps in isolting prolems in the logil or physil network. 1 Instll the vrelize Opertions Mnger Mngement Pk for NSX for vsphere in Region A Instll the.pk file for the mngement pk for NSX for vsphere to dd the solution entry nd dpters to vrelize Opertions Mnger. 2 Configure User Privileges in NSX Mnger for Integrtion with vrelize Opertions Mnger in Region A Assign the permissions to the servie ount sv-vrops-nsx tht re required to ess monitoring dt from the Mngement NSX Mnger nd Compute NSX Mnger in Region A in vrelize Opertions Mnger. 3 Add NSX-vSphere Adpter Instnes to vrelize Opertions Mnger for Region A After you instll the mngement pk, onfigure NSX-vSphere Adpters: one for the NSX Mnger for the mngement luster nd one for the NSX Mnger for the shred edge nd ompute luster. 4 Add Network Devies Adpter to vrelize Opertions Mnger for Region A Configure Network Devies Adpter to monitor the swithes nd routers in your environment, nd view relted lerts, metris nd ojet pity. VMwre, In. 322

323 Instll the vrelize Opertions Mnger Mngement Pk for NSX for vsphere in Region A Instll the.pk file for the mngement pk for NSX for vsphere to dd the solution entry nd dpters to vrelize Opertions Mnger. 1 Log in to vrelize Opertions Mnger y using the opertions interfe. Open We rowser nd go to Log in using the following redentils. User nme Pssword dmin vrops_dmin_pssword 2 On the min nvigtion r, lik Administrtion. 3 In the left pne of vrelize Opertions Mnger, lik Solutions. 4 On the Solutions pge, lik the Add ion. 5 On the Selet Solution pge from the Add Solution wizrd, rowse to the.pk file of the vrelize Opertions Mnger Mngement Pk for NSX for vsphere nd lik Uplod. After the NSX mngement pk file hs een uploded, you see detils out the mngement pk. 6 After the uplod is omplete, lik Next. 7 On the End User Liense Agreement pge, ept the liense greement nd lik Next. The instlltion of the mngement pk strts. You see its progress on the Instll pge. 8 After the instlltion is omplete, lik Finish on the Instll pge. The Mngement Pk for NSX-vSphere solution ppers on the Solutions pge of the vrelize Opertions Mnger user interfe. Configure User Privileges in NSX Mnger for Integrtion with vrelize Opertions Mnger in Region A Assign the permissions to the servie ount sv-vrops-nsx tht re required to ess monitoring dt from the Mngement NSX Mnger nd Compute NSX Mnger in Region A in vrelize Opertions Mnger. VMwre, In. 323

324 1 Log in to the NSX Mnger y using Seure Shell (SSH) lient. Open n SSH onnetion to the NSX Mnger virtul mhine. NSX Mnger NSX Mnger for the mngement luster NSX Mnger for the shred ompute nd edge luster Host nme sfo01m01nsx01.sfo01.rinpole.lol sfo01w01nsx01.sfo01.rinpole.lol Log in using the following redentils. User nme dmin Pssword mgmtnsx_dmin_pssword ompnsx_dmin_pssword 2 Crete the lol servie ount sv-vrops-nsx on the NSX Mnger instnes. Run the following ommnd to swith to Privileged mode of the NSX Mnger. enle Enter the dmin pssword when prompted nd press Enter. Swith to Configurtion mode. onfigure terminl d Crete the servie ount sv-vrops-nsx. user sv-vrops-nsx pssword plintext sv-vrops-nsx_pssword e Assign the sv-vrops-nsx user ess to NSX Mnger from the vsphere We Client. user sv-vrops-nsx privilege we-interfe f Exit Configurtion mode. exit g Commit these updtes to the NSX Mnger. opy running-onfig strtup-onfig 3 Assign the seurity_dmin role to the sv-vrops-nsx servie ount. Log in to the Windows host tht hs ess to your dt enter. In Chrome We rowser, strt the Postmn pplition nd log in. VMwre, In. 324

325 d Selet POST from the drop-down menu tht ontins the HTTP request methods. In the URL text ox next to the seleted method, enter the following URL. NSX Mnger NSX Mnger for the mngement luster NSX Mnger for the shred edge nd ompute luster POST URL -vrops-nsx?iscli=true -vrops-nsx?iscli=true e On the Authoriztion t, onfigure the following uthoriztion settings nd lik Updte Request. Type User nme Bsi Auth dmin Pssword mgmtnsx_dmin_pssword ompnsx_dmin_pssword f On the Heders t, enter the following heder detils. Key Content-Type Applition/xml g In the Body t, selet rw nd pste the following request ody in the Body text ox nd lik Send. <esscontrolentry> <role>seurity_dmin</role> <resoure> <resoureid>glolroot-0</resoureid> </resoure> </esscontrolentry> The Sttus hnges to 204 No Content. 4 Repet the proedure for the other NSX Mnger. Add NSX-vSphere Adpter Instnes to vrelize Opertions Mnger for Region A After you instll the mngement pk, onfigure NSX-vSphere Adpters: one for the NSX Mnger for the mngement luster nd one for the NSX Mnger for the shred edge nd ompute luster. VMwre, In. 325

326 1 Log in to vrelize Opertions Mnger y using the opertions interfe. Open We rowser nd go to Log in using the following redentils. User nme Pssword dmin vrops_dmin_pssword 2 On the min nvigtion r, lik Administrtion. 3 In the left pne of vrelize Opertions Mnger, lik Solutions. 4 On the Solutions pge, selet Mngement Pk for NSX-vSphere from the solution tle, nd lik Configure. 5 In the Mnge Solution - Mngement Pk for NSX-vSphere dilog ox, from the Adpter Type tle t the top, selet NSX-vSphere Adpter. 6 Under Instne s, enter the settings for onnetion to the NSX Mnger for the mngement luster or to the NSX Mnger for the shred edge nd ompute luster. If you lredy hve dded nother NSX-vSphere Adpter, lik the Add ion to dd n dpter settings. Enter the disply nme, the FQDN of the NSX Mnger, nd the FQDN of the vcenter Server instne tht is onneted to the NSX Mnger. for the NSX Mnger for the Mngement Cluster for the NSX Mnger for the Shred Edge nd Compute Cluster Disply Nme NSX Adpter - sfo01m01nsx01 NSX Adpter - sfo01w01nsx01 Desription Mngement NSX Mnger for sfo01 Compute NSX Mnger for sfo01 NSX Mnger Host sfo01m01nsx01.sfo01.rinpole.lol sfo01w01nsx01.sfo01.rinpole.lol VC Host sfo01m01v01.sfo01.rinpole.lol sfo01w01v01.sfo01.rinpole.lol Enle Log Insight integrtion if onfigured flse flse VMwre, In. 326

327 Clik the Add ion next to the Credentil text ox, onfigure the redentils for the onnetion to NSX Mnger nd vcenter Server, nd lik OK. for the NSX Mnger for the Mngement Cluster for the NSX Mnger for the Shred Edge nd Compute Cluster Credentil nme NSX Adpter Credentils - sfo01m01nsx01 NSX Adpter Credentils - sfo01w01nsx01 NSX Mnger User Nme sv-vrops-nsx sv-vrops-nsx NSX Mnger Pssword sv-vrops-nsx_pssword sv-vrops-nsx_pssword vcenter User Nme sv-vrops-nsx@rinpole.lol sv-vrops-nsx@rinpole.lol vcenter Pssword sv-vrops-nsx-pssword sv-vrops-nsx-pssword d Clik Test Connetion to vlidte the onnetion to the NSX Mnger instne. The NSX Mnger ertifite ppers. e f g h i j k In the Review nd Aept Certifite dilog ox, verify the ertifite informtion nd lik Aept. Clik OK in the Info dilog. Expnd the Advned s setion of settings. From the Colletors/Groups drop-down menu, selet the sfo01-remote-olletors remote olletor group. Clik Sve s. Clik OK in the Info dilog ox tht ppers. Repet the steps to rete n NSX-vSphere Adpter for the other NSX Mnger. 7 In the Mnge Solution - Mngement Pk for NSX-vSphere dilog ox, lik Close. The NSX-vSphere Adpters pper on the Solutions pge of the vrelize Opertions Mnger user interfe. The Colletion Stte of the dpters is Colleting nd the Colletion Sttus is Dt reeiving. Add Network Devies Adpter to vrelize Opertions Mnger for Region A Configure Network Devies Adpter to monitor the swithes nd routers in your environment, nd view relted lerts, metris nd ojet pity. The Network Devies Adpter ollets dt ross ll vcenter Server instnes tht you monitor y using vrelize Opertions Mnger. In multi-region environment, you use single dpter instne to ess dt for ll regions. VMwre, In. 327

328 1 Log in to vrelize Opertions Mnger y using the opertions interfe. Open We rowser nd go to Log in using the following redentils. User nme Pssword dmin vrops_dmin_pssword 2 On the min nvigtion r, lik Administrtion. 3 In the left pne of vrelize Opertions Mnger, lik Solutions. 4 On the Solutions pge, selet the Mngement Pk for NSX-vSphere from the solution tle, nd lik Configure. 5 In Mnge Solution - Mngement Pk for NSX-vSphere dilog ox, from the Adpter Type tle t the top, selet Network Devies Adpter. 6 Under Instne s, enter the settings for SNMP onnetion to the network devies for the mngement luster. Enter the disply nme, SNMP version nd redentils. Disply Nme Desription Network Devies Adpter Glol Network Devies Adpter SNMP Ports 161 SNMP Version SNMPv3 Privy Protool SNMPv3 Authentition Protool SNMPv2 AES MD5 Clik the Add ion, nd onfigure the redentils for onneting the Network Devies Adpter to the network devies, nd lik OK. Credentil Credentil Kind Credentil Nme SNMP Red Community Strings SNMPv1, SNMPv2 Credentil Network Devies Credentils puli For SNMPv1 nd SNMPv2 devies, enter omm-seprted list of ommunity nmes (defult is puli). For SNMPv3 devies, provide SNMPv3 redentils in ddition to the settings for SNMPv1 nd SNMPv2. Clik Test Connetion to verify the settings, nd if the test is suessful lik the OK utton. VMwre, In. 328

329 d e f Expnd the Advned s setion of settings, nd verify tht the Colletors/Groups option is set to Defult olletor group. Clik Sve s. Clik OK in the Info dilog ox tht ppers. 7 In the Mnge Solution - Mngement Pk for NSX-vSphere dilog ox, lik Close. The Network Devies Adpter ppers on the Solutions pge of the vrelize Opertions Mnger user interfe. The dpter is olleting dt out the network devies in ll regions of the SDDC. The Colletion Stte of the dpter is Colleting nd the Colletion Sttus is Dt reeiving. Connet vrelize Opertions Mnger to vrelize Automtion in Region A Instll nd onfigure the vrelize Opertions Mnger Mngement Pk for vrelize Automtion to monitor the helth nd pity risk of your loud infrstruture in the ontext of the tennt's usiness groups. 1 Configure Colletion of Metris from vrelize Automtion in vrelize Opertions Mnger in Region A Connet vrelize Automtion to vrelize Opertions Mnger for olleting sttistis out the tennt worklods tht re provisioned y using vrelize Automtion. 2 Configure Integrtion of vrelize Opertions Mnger with vrelize Automtion for Worklod Relmtion in Region A Connet vrelize Automtion with vrelize Opertions Mnger to ollet metris tht vrelize Automtion n use to identify tennt worklods for relmtion in Region A. Suh worklods hve low use of CPU, memory use, or disk spe. Configure Colletion of Metris from vrelize Automtion in vrelize Opertions Mnger in Region A Connet vrelize Automtion to vrelize Opertions Mnger for olleting sttistis out the tennt worklods tht re provisioned y using vrelize Automtion. 1 Configure User Privileges on vrelize Automtion for Integrtion with vrelize Opertions Mnger in Region A Assign the permissions tht re required to ess monitoring dt from the vrelize Automtion in vrelize Opertions Mnger to the sv-vrops-vr opertions servie ount. The sv-vrops-vr user hs rights tht re speifilly required for ess to vrelize Automtion in vrelize Opertions Mnger. 2 Add vrelize Automtion Adpter to vrelize Opertions Mnger for Region A Configure vrelize Automtion dpter to ollet monitoring dt from vrelize Automtion. VMwre, In. 329

330 Configure User Privileges on vrelize Automtion for Integrtion with vrelize Opertions Mnger in Region A Assign the permissions tht re required to ess monitoring dt from the vrelize Automtion in vrelize Opertions Mnger to the sv-vrops-vr opertions servie ount. The sv-vrops-vr user hs rights tht re speifilly required for ess to vrelize Automtion in vrelize Opertions Mnger. 1 Log in to the vrelize Automtion portl. Open We rowser nd go to Log in using the following redentils. User nme Pssword Domin dministrtor vr_dministrtor_pssword vsphere.lol 2 On the Tennts t, lik the Rinpole tennt. 3 Clik the Administrtors t to ssign tennt dministrtor nd IS dministrtor roles to the svvrops-vr servie ount. Enter sv-vrops-vr in the Tennt dministrtors serh text ox, lik the Serh ion, nd lik sv-vrops-vr (sv-vrops-vr@rinpole.lol) tht shows in the serh result list to ssign the role to the ount. Enter sv-vrops-vr in the IS dministrtors serh text ox, lik Serh ion, nd lik sv-vrops-vr (sv-vrops-vr@rinpole.lol) tht shows in the serh result list to ssign the role to the ount. Clik Finish. 4 Log out of the vrelize Automtion Defult tennt portl. 5 Log in to the vrelize Automtion Rinpole portl. Open We rowser nd go to Log in using the following redentils. User nme Pssword Domin it-tenntdmin it-tenntdmin_pssword Rinpole.lol VMwre, In. 330

331 6 Nvigte to Administrtion > Users & Groups > Diretory Users nd Groups to ssign the softwre rhitet role to the sv-vrops-vr servie ount. Enter sv-vrops-vr in the serh ox, lik the Serh ion nd lik sv-vrops-vr user. The setting of the sv-vrops-vr ount pper. On the Generl t, selet Infrstruture Arhitet nd Softwre Arhitet under Add roles to this User, nd lik Finish. 7 Nvigte to Infrstruture > Endpoints > Fri Groups to ssign the fri dministrtor role to the sv-vrops-vr servie ount. On the Fri Groups pge, lik SFO Fri Group. On Edit Fri Group pge, enter sv-vrops-vr in Fri dministrtors serh text ox nd lik the Serh ion. Clik sv-vrops-vr@rinpole.lol in the serh result list to ssign the fri dministrtor role to the ount, nd lik OK. Add vrelize Automtion Adpter to vrelize Opertions Mnger for Region A Configure vrelize Automtion dpter to ollet monitoring dt from vrelize Automtion. 1 Log in to vrelize Opertions Mnger y using the opertions interfe. Open We rowser nd go to Log in using the following redentils. User nme Pssword dmin vrops_dmin_pssword 2 On the min nvigtion r, lik Administrtion. 3 In the left pne of vrelize Opertions Mnger, lik Solutions. 4 From the solution tle on the Solutions pge, selet VMwre vrelize Automtion nd lik Configure. The Mnge Solution - VMwre vrelize Automtion dilog ox ppers. VMwre, In. 331

332 5 In the Mnge Solution - VMwre vrelize Automtion dilog ox, under Instne s, enter the settings for onnetion to vrelize Automtion. Enter the disply nme, desription nd FQDN of the vrelize Automtion front-end portl, nd turn dt olletion on for the Rinpole tennt. Disply Nme Desription vrelize Automtion Appline URL vrelize Automtion Adpter - vr01svr01 (Rinpole) vrelize Automtion - Rinpole Tennt Clik the Add ion next to the Credentil text ox, onfigure the redentils for onnetion to vrelize Automtion, nd lik OK. Credentil Credentil nme SysAdmin Usernme SysAdmin Pssword SuperUser Usernme SuperUser Pssword vra Adpter Credentils - vr01svr01 dministrtor@vsphere.lol vr_dministrtor_pssword sv-vrops-vr@rinpole.lol sv_vrops_vr_pssword d e f Clik Test Connetion to vlidte the onnetion to vrelize Automtion. In the Review nd Aept Certifite dilog ox, verify the vrelize Automtion ertifite informtion nd lik Aept. Clik OK in the Info dilog ox. Expnd the Advned s setion, nd verify the following onfigurtion. Advned Colletors/Groups Tennts vra Endpoint Monitoring Auto Disovery Defult olletor group rinpole Enled true g Clik Sve s nd lik OK in the Info ox tht ppers. 6 In the Mnge Solution - VMwre vrelize Automtion dilog ox, lik Close. The vrelize Automtion Adpter ppers on the Solutions pge of the vrelize Opertions Mnger user interfe. The Colletion Stte of the dpter is Colleting nd the Colletion Sttus is Dt reeiving. VMwre, In. 332

333 Configure Integrtion of vrelize Opertions Mnger with vrelize Automtion for Worklod Relmtion in Region A Connet vrelize Automtion with vrelize Opertions Mnger to ollet metris tht vrelize Automtion n use to identify tennt worklods for relmtion in Region A. Suh worklods hve low use of CPU, memory use, or disk spe. 1 Configure User Privileges on vrelize Opertions Mnger for Tennt Worklod Relmtion in Region A Configure red-only privileges for the sv-vr-vrops@rinpole.lol servie ount on vrelize Opertions Mnger. You onfigure these privileges so tht vrelize Automtion n pull metris from vrelize Opertions Mnger for relmtion of tennt worklods in Region A. 2 Add vrelize Opertions Mnger s Metris Provider in vrelize Automtion Integrte vrelize Automtion with vrelize Opertions Mnger to pull metris for relmtion of tennt worklods. Configure User Privileges on vrelize Opertions Mnger for Tennt Worklod Relmtion in Region A Configure red-only privileges for the sv-vr-vrops@rinpole.lol servie ount on vrelize Opertions Mnger. You onfigure these privileges so tht vrelize Automtion n pull metris from vrelize Opertions Mnger for relmtion of tennt worklods in Region A. 1 Log in to vrelize Opertions Mnger y using the opertions interfe. Open We rowser nd go to Log in using the following redentils. User nme Pssword dmin vrops_dmin_pssword 2 On the min nvigtion r, lik Administrtion. 3 In the left pne of vrelize Opertions Mnger, expnd Aess, nd lik Aess Control. 4 On the Aess Control pge, lik the User Aounts t nd lik the Import Users ion. 5 On the Import Users pge, import the sv-vr-vrops@rinpole.lol servie ount. From the Import From drop-down menu, selet RAINPOLE.LOCAL. Selet the Bsi option for the seh query. VMwre, In. 333

334 In the Serh String text ox, enter sv-vr-vrops nd lik Serh. The serh results ontin the sv-vr-vrops user ount. d Selet sv-vr-vrops@rinpole.lol nd lik Next. 6 On the Assign Groups nd Permissions pge, to ssign the RedOnly role to the sv-vrvrops@rinpole.lol servie ount, lik the Ojets t, onfigure the following settings nd lik Finish. Selet Role Assign this role to the user Selet Ojet RedOnly Seleted vcenter Adpter > vcenter Adpter - sfo01w01v01 Add vrelize Opertions Mnger s Metris Provider in vrelize Automtion Integrte vrelize Automtion with vrelize Opertions Mnger to pull metris for relmtion of tennt worklods. 1 Log in to the vrelize Automtion Rinpole portl. Open We rowser nd go to Log in using the following redentils. User nme Pssword Domin it-tenntdmin it-tenntdmin_pssword Rinpole.lol 2 Nvigte to Administrtion > Relmtion > Metris Provider. 3 On the Metris Provider pge, onfigure the vrelize Opertions Mnger settings. Selet vrelize Opertions Mnger endpoint. Configure the following settings for vrelize Opertions Mnger. URL Usernme Pssword sv-vr-vrops@rinpole.lol sv-vr-vrops_pssword d Clik Test Connetion, verify tht the test onnetion is suessful, nd lik Sve. In the ertifite wrning messge ox, lik OK. The vsphere metris provider updted suessfully messge ppers. VMwre, In. 334

335 Connet vrelize Opertions Mnger with vrelize Business in Region A Configure the vrelize Opertions Mnger Mngement Pk for vrelize Business to view your infrstruture performne, ost informtion, nd lso trouleshooting tips. You n onnet vrelize Opertions Mnger to single instne of vrelize Business for Cloud. Configure vrelize Business Adpter in vrelize Opertions in Region A Configure vrelize Business for Cloud dpter to ollet monitoring dt from vrelize Business for Cloud. 1 Log in to vrelize Opertions Mnger y using the opertions interfe. Open We rowser nd go to Log in using the following redentils. User nme Pssword dmin vrops_dmin_pssword 2 On the min nvigtion r, lik Administrtion. 3 In the left pne of vrelize Opertions Mnger, lik Solutions. 4 From the solution tle on the Solutions pge, selet VMwre vrelize Business for Cloud solution, nd lik Configure. The Mnge Solution - VMwre vrelize Business for Cloud dilog ox ppers. 5 In the Mnge Solution - VMwre vrelize Business for Cloud dilog ox, under Instne s, enter the settings for onnetion to vrelize Business for Cloud. Enter the disply nme, desription nd FQDN of the vrelize Business for Cloud server. Disply Nme Desription vrelize Business for Cloud server for vrelize Business for Cloud Server vrelize Business Adpter - vr01svr01 vrelize Business for Cloud Server vr01svr01.rinpole.lol d e Clik Test Connetion to vlidte the onnetion to vrelize Business server instne. Clik OK in the Info dilog ox. Expnd the Advned s setion of settings From the Colletors/Groups drop-down menu, mke sure tht the Defult olletor group is seleted. VMwre, In. 335

336 6 Clik Sve s. 7 Clik OK in the Info dilog ox. 8 In the Mnge Solution - VMwre vrelize Business for Cloud dilog ox, lik Close. The vrbc Adpter ppers on the Solutions pge of the vrelize Opertions Mnger user interfe. The Colletion Stte of the dpter is Colleting nd the Colletion Sttus is Dt reeiving. Verify Connetivity to vrelize Business for Cloud in Region A To verify integrtion of VMwre vrelize Business for Cloud with vrelize Opertions Mnger, run Privte Cloud Relmtion report from the vrelize Opertions Mnger opertions interfe. If the integrtion is interrupted, re-register the Compute vcenter Server in Region A with vrelize Business. 1 Log in to vrelize Opertions Mnger y using the opertions interfe. Open We rowser nd go to Log in using the following redentils. User nme Pssword dmin vrops_dmin_pssword 2 On the min nvigtion r, lik Home. 3 In the left pne of vrelize Opertions Mnger, lik Business Mngement. 4 Log in to vrelize Business using the following redentils. User nme Tennt Pssword it-tenntdmin rinpole it-tenntdmin_pssword The dshord of vrelize Business opens on the Business Mngement pge of the vrelize Opertions Mnger opertions interfe. 5 On the Business Mngement pge, lik Overview nd lote the Privte Cloud Relmtion widget on the right. VMwre, In. 336

337 6 If on running the report, the integrtion messge Cost Svings from Privte Cloud relmtion requires integrtion with vrelize Opertions Mnger ppers, reregister vrelize Business with the Compute vcenter Server in Region A. Open We rowser nd go to Log in using the following redentils. User nme Pssword root vr_olletor_root_pssword d Clik Mnge Privte Cloud Connetions nd selet vcenter Server. Selet the Compute vcenter Server sfo01w01v01.sfo01.rinpole.lol nd lik the Delete ion. The onnetion to Compute vcenter Server is removed. e f Clik Add. In the Add vcenter Server Connetions dilog ox, enter the following settings nd lik Sve. Nme vcenter Server Usernme Pssword sfo01w01v01.sfo01.rinpole.lol sfo01w01v01.sfo01.rinpole.lol sv-vr@rinpole.lol sv_vr_pssword g h In the SSL Certifite dilog ox, lik Instll. In the Suess dilog ox, lik OK. 7 Wit few minutes for vrelize Business for Cloud to initite synhroniztion, run the report gin nd verify tht it is generted suessfully. Enle Storge Devie Monitoring in vrelize Opertions Mnger in Region A Instll nd onfigure the vrelize Opertions Mngement Pk for Storge Devies to view the storge topology, nd to monitor the pity nd prolems on storge omponents. 1 Instll the vrelize Opertions Mnger Mngement Pk for Storge Devies in Region A Instll the.pk file of the mngement pk for storge devies to dd the mngement pk s solution to vrelize Opertions Mnger. 2 Add Storge Devies Adpters in vrelize Opertions Mnger for Region A After you instll the mngement pk, onfigure Storge Devies dpter to ollet monitoring dt out the storge devies in the SDDC. VMwre, In. 337

338 Instll the vrelize Opertions Mnger Mngement Pk for Storge Devies in Region A Instll the.pk file of the mngement pk for storge devies to dd the mngement pk s solution to vrelize Opertions Mnger. 1 Log in to vrelize Opertions Mnger y using the opertions interfe. Open We rowser nd go to Log in using the following redentils. User nme Pssword dmin vrops_dmin_pssword 2 On the min nvigtion r, lik Administrtion. 3 In the left pne of vrelize Opertions Mnger, lik Solutions. 4 On the Solutions pge, lik the Add ion. 5 On the Selet Solution pge from the Add Solution wizrd, rowse to the.pk file of the vrelize Opertions Mnger Mngement Pk for Storge Devies nd lik Uplod. 6 After the uplod is omplete, lik Next. 7 On the End User Liense Agreement pge, ept the liense greement nd lik Next. The instlltion of the mngement pk strts. You see its progress on the Instll pge. 8 After the instlltion is omplete, lik Finish on the Instll pge. The Mngement Pk for Storge Devies solution ppers on the Solutions pge of the vrelize Opertions Mnger user interfe. Add Storge Devies Adpters in vrelize Opertions Mnger for Region A After you instll the mngement pk, onfigure Storge Devies dpter to ollet monitoring dt out the storge devies in the SDDC. VMwre, In. 338

339 1 Log in to vrelize Opertions Mnger y using the opertions interfe. Open We rowser nd go to Log in using the following redentils. User nme Pssword dmin vrops_dmin_pssword 2 On the min nvigtion r, lik Administrtion. 3 In the left pne of vrelize Opertions Mnger, lik Solutions. 4 On the Solutions pge, selet Mngement Pk for Storge Devies from the solution tle nd lik Configure. The Mnge Solution - Mngement Pk for Storge Devies dilog ox ppers. 5 Under Instne s, enter the settings for onnetion to the vcenter Server instnes. If you lredy hve dded nother Storge Devies dpter, lik the Add ion on the left side to dd n dpter settings. Enter the disply nme, desription, nd FQDN of the vcenter Server instne. for the Mngement vcenter Server for the Compute vcenter Server Disply Nme Storge Devies Adpter - sfo01m01v01 Storge Devies Adpter - sfo01w01v01 Desription Storge Devies in Mngement vcenter for sfo01 Storge Devies in Compute vcenter for sfo01 vcenter Server sfo01m01v01.sfo01.rinpole.lol sfo01w01v01.sfo01.rinpole.lol SNMP Community Strings - - Clik the Add ion on the right side, onfigure the olletion redentils for onnetion to the vcenter Server instnes, nd lik OK. vcenter Server Credentils Attriute Credentil nme Storge Devies Adpter Credentils - sfo01m01v01 Storge Devies Adpter Credentils - sfo01w01v01 User Nme Pssword sv-vrops-mpsd@rinpole.lol sv-vrops-mpsd-pssword d Clik Test Connetion to vlidte the onnetion to the vcenter Server. The vcenter Server ertifite ppers. e In the Review nd Aept Certifite dilog ox, verify the vcenter Server ertifite informtion nd lik Aept. VMwre, In. 339

340 f g h i j k Clik OK in the Info dilog ox. Expnd the Advned s setion of settings. From the Colletors/Groups drop-down menu, selet the sfo01-remote-olletors remote olletor group. Clik Sve s. Clik OK in the Info dilog ox tht ppers. Repet the proedure for the other vcenter Server instne. 6 In the Mnge Solution - Mngement Pk for Storge Devies dilog ox, lik Close. The Storge Devies dpters pper on the Solutions pge of the vrelize Opertions Mnger user interfe. The Colletion Stte of the dpters is Colleting nd the Colletion Sttus is Dt reeiving. Enle vsan Monitoring in vrelize Opertions Mnger in Region A Configure the vrelize Opertions Mngement Pk for vsan to view the vsan topology, nd to monitor the pity nd prolems. 1 Turn On vsan Performne Servie in Region A When you rete vsan luster, the performne servie is disled. Turn on vsan performne servie to monitor the performne of vsan lusters, hosts, disks, nd VMs. 2 Add vsan Adpter in vrelize Opertions Mnger in Region A Configure the vsan dpter to ollet monitoring dt out vsan usge in the SDDC. Turn On vsan Performne Servie in Region A When you rete vsan luster, the performne servie is disled. Turn on vsan performne servie to monitor the performne of vsan lusters, hosts, disks, nd VMs. When you turn on the performne servie, vsan ples Stts dtse ojet in the dtstore to ollet sttistil dt. The Stts dtse is nmespe ojet in the luster's vsan dtstore. VMwre, In. 340

341 1 Log in to vcenter Server y using the vsphere We Client. Open We rowser nd go to Log in using the following redentils. User nme Pssword dministrtor@vsphere.lol vsphere_dmin_pssword 2 Enle the vsan Performne Servie. d In the nvigtor, expnd the sfo01-m01d dt enter ojet. Clik the sfo01-m01-mgmt01 luster ojet nd lik the Configure t. Under vsan, selet Helth nd Performne. Next to the Performne Servie settings, lik Edit, onfigure the following settings nd lik OK. Turn ON vsan performne servie Storge poliy Seleted vsan Defult Storge Poliy 3 If you hve vsan dtstore onfigured in the shred edge nd ompute luster sfo01-w01-omp01, repet the proedure. Add vsan Adpter in vrelize Opertions Mnger in Region A Configure the vsan dpter to ollet monitoring dt out vsan usge in the SDDC. 1 Log in to vrelize Opertions Mnger y using the opertions interfe. Open We rowser nd go to Log in using the following redentils. User nme Pssword dmin vrops_dmin_pssword 2 On the min nvigtion r, lik Administrtion. 3 In the left pne of vrelize Opertions Mnger, lik Solutions. 4 On the Solutions pge, selet VMwre vsan from the solution tle, nd lik Configure. The Mnge Solution - VMwre vsan dilog ox ppers. VMwre, In. 341

342 5 Under Instne s, enter the settings for the onnetion to the Mngement vcenter Server. If you lredy hve dded nother vsan dpter, lik the Add ion on the left side to dd n dpter settings. Enter the settings for onnetion to the vcenter Server. Disply Nme Desription vcenter Server for the Mngement vcenter vsan Adpter - sfo01m01v01 Mngement vcenter Server vsan Adpter for sfo01 sfo01m01v01.sfo01.rinpole.lol Clik the Add ion next to the Credentil text ox, nd onfigure the redentils for onnetion to vcenter Server, nd lik OK. Credentil nme vcenter User Nme vcenter Pssword for the Mngement vcenter vsan Adpter Credentils - sfo01m01v01 sv-vrops-vsn@rinpole.lol sv-vrops-vsn-pssword d Clik Test Connetion to vlidte the onnetion to vcenter Server. The vcenter Server ertifite ppers. e f g h i j k In the Review nd Aept Certifite dilog ox, verify the vcenter Server ertifite informtion nd lik Aept. Clik OK in the Info dilog ox. Expnd the Advned s setion of settings. From the Colletors/Groups drop-down menu, selet the sfo01-remote-olletors olletor group. Mke sure Auto Disovery is set to true. Clik Sve s. Clik OK in the Info dilog ox tht ppers. 6 If you hve vsan dtstore onfigured in the shred edge nd ompute luster, repet Step 5 for the Compute vcenter Server. 7 In the Mnge Solution - VMwre vsan dilog ox, lik Close. The vsan Adpter ppers on the Solutions pge of the vrelize Opertions Mnger user interfe. The Colletion Stte of the dpter is Colleting nd the Colletion Sttus is Dt reeiving. VMwre, In. 342

343 Configure E-Mil Alerts for vrelize Opertions Mnger in Region A You onfigure e-mil notifitions in vrelize Opertions Mnger so tht users nd pplitions reeive the dministrtive lerts from vrelize Opertions Mnger out ertin situtions in the dt enter. 1 Log in to vrelize Opertions Mnger y using the opertions interfe. Open We rowser nd go to Log in using the following redentils. User nme Pssword dmin vrops_dmin_pssword 2 On the min nvigtion r, lik Administrtion. 3 In the left pne of vrelize Opertions Mnger, lik Mngement nd lik Outound s. 4 On the Outound s pge, lik the Add ion to rete n outound lert instne. 5 In the Add/Edit Outound Instne dilog ox, onfigure the settings for the Stndrd Emil Plugin, nd lik OK. Alert Instne Plugin Type Instne Nme Use Seure Connetion SMTP Host Stndrd Emil Plugin SMTP Alert Mil Rely Seleted milserver.rinpole.lol SMTP Port 25 Seure Connetion Type Sender Emil Address Sender Nme TLS vrops@rinpole.om vrelize Opertions Admin 6 Clik Test to verify the onnetion with the SMTP server nd lik OK. 7 Clik Sve. Region A vrelize Log Insight Implementtion Deploy vrelize Log Insight in luster onfigurtion of three nodes with n integrted lod lner: one mster nd two worker nodes. VMwre, In. 343

344 1 Deploy vrelize Log Insight in Region A Strt the deployment of vrelize Log Insight in Region A y deploying the mster nd worker nodes nd forming the vrelize Log Insight luster. 2 Reple the Certifite of vrelize Log Insight in Region A You n otin the CA-signed vrelize Log Insight PEM ertifite hin file tht ontins the own ertifite, the signer ertifite nd the privte key file y using the CertGenVVD tool. 3 Connet vrelize Log Insight to the vsphere Environment in Region A Strt olleting log informtion out the ESXi nd vcenter Server instnes in the SDDC. 4 Connet vrelize Log Insight to vrelize Opertions Mnger in Region A Connet vrelize Log Insight to vrelize Opertions Mnger so tht you n use the Lunh in Context funtionlity etween the two pplition to trouleshoot vrelize Opertions Mnger y using dshords nd lerts in the vrelize Log Insight user interfe. 5 Connet vrelize Log Insight to the NSX Instnes in Region A Instll nd onfigure the vrelize Log Insight Content Pk for NSX for vsphere for log visuliztion nd lerting of the NSX for vsphere rel-time opertion. You n use the NSX-vSphere dshords to monitor logs out instlltion nd onfigurtion, nd out virtul networking servies. 6 Connet vrelize Log Insight to vrelize Automtion in Region A Connet the vrelize Log to vrelize Automtion to reeive log informtion from ll omponents of vrelize Automtion in the vrelize Log Insight UI. 7 Instll the Linux Content Pk nd Configure the Virtul Appline Agent Group for vrelize Log Insight for Region A. Instll the ontent pk for VMwre Linux to dd the dshords for viewing log informtion out the mngement virtul pplines in vrelize Log Insight. 8 Configure Log Retention nd Arhiving in Region A Set log retention to one week nd rhive logs for 90 dys ording to the VMwre Vlidted Design Arhiteture nd Design doumenttion. Deploy vrelize Log Insight in Region A Strt the deployment of vrelize Log Insight in Region A y deploying the mster nd worker nodes nd forming the vrelize Log Insight luster. 1 Prerequisites for Deploying vrelize Log Insight in Region A Before you deploy vrelize Log Insight, verify tht your environment stisfies the requirements for this deployment. VMwre, In. 344

345 2 Deploy the Virtul Appline for Eh Node in the vrelize Log Insight Cluster in Region A Use the vsphere We Client to deploy eh vrelize Log Insight node s virtul ppline on the mngement luster in Region A. 3 Configure DRS Anti-Affinity Rule for vrelize Log Insight in Region A To protet the vrelize Log Insight luster from host-level filure, onfigure vsphere DRS to run the worker virtul pplines on different hosts in the mngement luster. 4 Strt the vrelize Log Insight Mster Node in Region A Configure nd strt the vrelize Log Insight mster node. Before you form luster y dding the worker nodes, vrelize Log Insight must e running. 5 Join the Worker Nodes to vrelize Log Insight in Region A After you deploy the virtul pplines for vrelize Log Insight nd strt the vrelize Log Insight instne on the mster node, join the two worker nodes to form luster. 6 Enle the Integrted Lod Blner of vrelize Log Insight in Region A After you join the mster nd the worker nodes to rete vrelize Log Insight luster, enle the Integrted Lod Blner (ILB) for lning inoming ingestion trffi of syslog dt mong the Log Insight nodes nd for high vilility. 7 Join vrelize Log Insight to the Ative Diretory in Region A To use user roles in vrelize Log Insight tht re mintined entrlly nd re inline with the other solutions in the SDDC, enle Ative Diretory support. Prerequisites for Deploying vrelize Log Insight in Region A Before you deploy vrelize Log Insight, verify tht your environment stisfies the requirements for this deployment. IP Addresses nd Host Nmes Verify tht stti IP ddresses nd FQDNs for the vrelize Log Insight re ville in the pplition virtul network for Region A. For the pplition virtul network, llote 3 stti IP ddresses for the vrelize Log Insight nodes nd one IP ddress for the integrted lod lner. Mp host nmes to the IP ddresses. Note Region A must e routle vi the vsphere mngement network. Tle 4 4. IP Addresses nd Host Nmes for the vrelize Log Insight Instne in Region A Role IP Address FQDN Integrted lod lner VIP ddress sfo01vrli01.sfo01.rinpole.lol Mster node sfo01vrli01.sfo01.rinpole.lol Worker node sfo01vrli01.sfo01.rinpole.lol Worker node sfo01vrli01.sfo01.rinpole.lol Defult gtewy VMwre, In. 345

346 Tle 4 4. IP Addresses nd Host Nmes for the vrelize Log Insight Instne in Region A (Continued) Role IP Address FQDN DNS server Sunet msk NTP servers ntp.sfo01.rinpole.lol ntp.lx01.rinpole.lol Deployment Prerequisites Verify tht your environment stisfies the following prerequisites to deploying vrelize Log Insight. Prerequisite Storge Virtul disk provisioning. Thin Required storge per node Initil storge for node deployment: 510 GB Required storge for luster rhiving Initil storge for rhiving: 400 GB Softwre Fetures Verify tht vcenter Server is opertionl. Verify tht the vsphere luster hs DRS nd HA enled. Verify tht the Mngement NSX Mnger is opertionl. Verify tht vrelize Opertions Mnger is opertionl. Verify tht the pplition virtul network for the 3-node vrelize Log Insight luster is ville. Verify tht vrelize Automtion is opertionl. Verify tht vrelize Business for Cloud is opertionl. Verify tht Postmn REST API pplition is instlled in your Chrome rowser. Verify the following NFS dtstore requirements: Crete n NFS shre of 400 GB in Region nd export it s /V2D_vRLI_MgmtA_400GB. Verify tht the NFS server supports NFS v3. Verify tht the NFS prtition llows red nd write opertions for guest ounts. Verify tht the mount does not require uthentition. Verify tht the NFS shre is diretly essile to vrelize Log Insight If using Windows NFS server, llow unmpped user Unix ess (y UID/GID). Instlltion Pkge Liense Ative Diretory Downlod the.ov file of the vrelize Log Insight virtul ppline on the mhine where you use the vsphere We Client. Otin liense tht overs the use of vrelize Log Insight. Verify tht you hve prent nd hild Ative Diretory domin ontrollers onfigured with the role-speifi SDDC users nd groups for the rinpole.lol domin. VMwre, In. 346

347 Prerequisite Certifition Authority E-mil ount Configure the Ative Diretory domin ontroller s ertifite uthority for the environment. Provide n emil ount to send vrelize Log Insight notifitions from. Deploy the Virtul Appline for Eh Node in the vrelize Log Insight Cluster in Region A Use the vsphere We Client to deploy eh vrelize Log Insight node s virtul ppline on the mngement luster in Region A. You deploy three vrelize Log Insight nodes - one mster node nd two worker nodes. 1 Log in to vcenter Server y using the vsphere We Client. Open We rowser nd go to Log in using the following redentils. User nme Pssword dministrtor@vsphere.lol vsphere_dmin_pssword 2 Nvigte to the sfo01m01v01.sfo01.rinpole.lol vcenter Server ojet. 3 Right-lik sfo01m01v01.sfo01.rinpole.lol nd selet Deploy OVF Templte. 4 On the Selet soure pge, selet Lol file, lik Browse, rowse to the lotion of the vrelize Log Insight.ov file on your lol file system, nd lik Next. 5 On the Selet nme nd folder pge, mke the following seletions, nd lik Next. Enter nme for the node ording to its role. Nme sfo01vrli01 Mster node sfo01vrli01 Worker node 1 sfo01vrli01 Worker node 2 Selet the inventory folder for the virtul ppline. vcenter Server Dt enter Folder sfo01m01v01.sfo01.rinpole.lol sfo01-m01d sfo01-m01fd-vrli VMwre, In. 347

348 6 On the Selet resoure pge, selet the sfo01-m01-mgmt01 mngement luster s the resoure to run the virtul ppline on, nd lik Next. Dt enter Cluster sfo01-m01d sfo01-m01-mgmt01 7 On the Review detils pge, exmine the virtul ppline detils, suh s produt, version, downlod size, nd disk size, nd lik Next. 8 On the Aept Liense Agreements pge, lik Aept to ept the end user liense greements nd lik Next. 9 On the Selet onfigurtion pge, from the Configurtion drop-down menu, selet the Medium deployment onfigurtion, nd lik Next. 10 On the Selet storge pge, selet the following dtstore, onfigure its settings, nd lik Next. Selet virtul disk formt VM Storge Poliy Dtstore Thin provision vsan Defult Storge Poliy sfo01-m01-vsn01 11 On the Setup networks pge, selet the distriuted port group on the sfo01-m01-vds01 distriuted swith tht ends with Mgmt-RegionA01-VXLAN, nd lik Next. VMwre, In. 348

349 12 On the Customize templte pge, set networking settings nd the root user redentils for the virtul ppline. In the Networking Properties setion, onfigure the following networking settings: DNS , DNS domin DNS serhpth sfo01.rinpole.lol sfo01.rinpole.lol,rinpole.lol Defult gtewy Host nme sfo01vrli01.sfo01.rinpole.lol for the mster node sfo01vrli01.sfo01.rinpole.lol for the worker node 1 sfo01vrli01.sfo01.rinpole.lol for the worker node 2 Network 1 IP Address for the mster node for the worker node for the worker node 2 Network 1 Netmsk In the Other Properties setion, enter nd onfirm pssword for the root user. The pssword must ontin t lest 8 hrters, nd must inlude: One upperse hrter One lowerse hrter One digit One speil hrter Use this pssword when you log in to the onsole of the vrelize Log Insight virtul ppline. Clik Next. 13 On the Redy to omplete pge, lik Finish. The deployment of the virtul ppline strts. 14 Right-lik the virtul ppline ojet nd selet Power > Power On. 15 Repet the proedure to deploy the vrelize Log Insight virtul ppline for the next node in the luster. Configure DRS Anti-Affinity Rule for vrelize Log Insight in Region A To protet the vrelize Log Insight luster from host-level filure, onfigure vsphere DRS to run the worker virtul pplines on different hosts in the mngement luster. VMwre, In. 349

350 1 Log in to vcenter Server y using the vsphere We Client. Open We rowser nd go to Log in using the following redentils. User nme Pssword dministrtor@vsphere.lol vsphere_dmin_pssword 2 Nvigte to the sfo01m01v01.sfo01.rinpole.lol vcenter Server ojet, nd under the sfo01- m01d dt enter ojet selet the sfo01-m01-mgmt01 luster. 3 On the Configure t, selet VM/Host Rules. 4 In the VM/Host Rules list, lik Add ove the rules list, dd new nti-ffinity rule using the following detils, nd lik OK. Rule Attriute Nme Enle rule Type nti-ffinity-rule-vrli Yes Seprte Virtul Mhines Memers sfo01vrli01 sfo01vrli01 sfo01vrli01 Strt the vrelize Log Insight Mster Node in Region A Configure nd strt the vrelize Log Insight mster node. Before you form luster y dding the worker nodes, vrelize Log Insight must e running. 1 Open We rowser nd go to The initil onfigurtion wizrd opens. 2 On the Setup pge, lik Next. 3 On the Choose Deployment Type pge, lik Strt New Deployment. 4 After the deployment is lunhed, on the Admin Credentils pge, set the emil ddress nd the pssword of the dmin user, nd lik Sve nd Continue. The pssword must e t lest 8 hrters long, nd must ontin one upperse hrter, one lowerse hrter, one numer, nd one speil hrter. 5 On the Liense pge, enter the liense key, lik Add New Liense Key, nd lik Continue. VMwre, In. 350

351 6 On the Generl Configurtion pge, enter the following settings nd lik Sve nd Continue. Emil System Notifitions to Send HTTP Post System Notifitions To emil_ddress_to_reeive_system_notifitions 7 On the Time Configurtion pge, enter the following settings, lik Test nd lik Sve nd Continue. Syn Server Time With NTP Servers NTP Server (reommended) ntp.sfo01.rinpole.lol, ntp.lx01.rinpole.lol 8 On the SMTP Configurtion pge, speify the properties of n SMTP server to enle outgoing lerts nd system notifition emils, nd to test the emil notifition. Set the onnetion setting for the SMTP server tht will send the emil messges from vrelize Log Insight. Contt your system dministrtor for detils out the emil server. SMTP Option SMTP Server Port SSL (SMTPS) STARTTLS Enryption Sender Usernme Pssword Desription FQDN of the SMTP server Server port for SMTP requests Sets whether enryption should e enled for the SMTP trnsport option onnetion. Enle or disle the STARTTLS enryption. Address tht ppers s the sender of the emil. User nme on the SMTP server Pssword for the SMTP server you speified in Usernme To verify tht the SMTP onfigurtion is orret, type vlid emil ddress nd lik Send Test Emil. vrelize Log Insight sends test emil to the ddress tht you provided. 9 On the Setup Complete pge, lik Finish. vrelize Log Insight strts operting in stndlone mode. Join the Worker Nodes to vrelize Log Insight in Region A After you deploy the virtul pplines for vrelize Log Insight nd strt the vrelize Log Insight instne on the mster node, join the two worker nodes to form luster. VMwre, In. 351

352 1 For eh worker node ppline, go to the initil setup UI in your We rowser. Worker Node Worker node 1 Worker node 2 HTTP URL The initil onfigurtion wizrd opens. 2 Clik Next on the Welome pge. 3 On the Choose Deployment Type pge, lik Join Existing Deployment. 4 On the Join Existing Deployment pge, enter the mster node FQDN sfo01vrli01.sfo01.rinpole.lol nd lik Go. The worker node sends request to the vrelize Log Insight mster node to join the existing deployment. 5 After the worker node ontts the mster node, lik the Clik here to ess the Cluster Mngement pge link. The login pge of the vrelize Log Insight user interfe opens. 6 Log in to the vrelize Log Insight UI y using the following redentils. User nme Pssword dmin vrli_dmin_pssword The Cluster pge opens in the Log Insight user interfe. 7 On the right of the notifition messge out dding the worker node, lik Allow After you join the first worker node to the luster, the user interfe displys wrning messge tht nother worker node must e dded. 8 Repet the steps to join the seond worker node to the luster. After you dd the seond worker node, the Cluster pge of the vrelize Log Insight UI ontins the mster nd worker nodes s omponents of the luster. Enle the Integrted Lod Blner of vrelize Log Insight in Region A After you join the mster nd the worker nodes to rete vrelize Log Insight luster, enle the Integrted Lod Blner (ILB) for lning inoming ingestion trffi of syslog dt mong the Log Insight nodes nd for high vilility. VMwre, In. 352

353 1 Log in to the vrelize Log Insight user interfe. Open We rowser nd go to Log in using the following redentils. User nme Pssword dmin vrli_dmin_pssword 2 Clik the onfigurtion drop-down menu ion nd selet Administrtion. 3 Under Mngement, lik Cluster. 4 Under Integrted Lod Blner, lik New Virtul IP Address. 5 In the New Virtul IP dilog ox, enter the following settings nd lik Sve. IP FQDN sfo01vrli01.sfo01.rinpole.lol Join vrelize Log Insight to the Ative Diretory in Region A To use user roles in vrelize Log Insight tht re mintined entrlly nd re inline with the other solutions in the SDDC, enle Ative Diretory support. 1 Log in to the vrelize Log Insight user interfe. Open We rowser nd go to Log in using the following redentils. User nme Pssword dmin vrli_dmin_pssword VMwre, In. 353

354 2 On the Authentition pge, selet the hekox to enle the support for Ative Diretory nd onfigure the Ative Diretory settings. Configure the Ative Diretory onnetion settings ording to the detils from your IT dministrtor. Enle Ative Diretory support Defult Domin Domin Controller(s) User Nme Pssword Connetion Type Require SSL Seleted rinpole.lol d01rpl.rinpole.lol sv-vrli sv_vrli_pssword Stndrd Yes or No ording to the instrutions from the IT dministrtor Clik Test Connetion to verify the onnetion, nd lik Sve. Reple the Certifite of vrelize Log Insight in Region A You n otin the CA-signed vrelize Log Insight PEM ertifite hin file tht ontins the own ertifite, the signer ertifite nd the privte key file y using the CertGenVVD tool. 1 Log in to the vrelize Log Insight user interfe. Open We rowser nd go to Log in using the following redentils. User nme Pssword dmin vrli_dmin_pssword 2 In the vrelize Log Insight user interfe, lik the onfigurtion drop-down menu ion nd selet Administrtion. 3 Under Configurtion, lik SSL. 4 On the SSL Configurtion pge, next to New Certifite File (PEM formt) lik Choose File, rowse to the lotion of the PEM file on your omputer, nd lik Sve. Certifite Genertion Option Using the CertGenVVD tool Certifite File vrli.sfo01.2.hin.pem The ertifite is uploded to vrelize Log Insight. 5 Open We rowser nd go to A wrning messge tht the onnetion is not trusted ppers. VMwre, In. 354

355 6 To review the ertifite, lik the pdlok in the ddress r of the rowser, nd verify tht Sujet Alterntive Nme ontins the nmes of the vrelize Log Insight luster nodes. 7 Import the ertifite in your We rowser. For exmple, in Google Chrome under the HTTPS/TLS settings lik Mnge ertifites, nd in the Certifites dilog ox import vrli-hin.pem. You n lso use Certifite Mnger on Windows or Keyhin Aess on MAC OS X. Connet vrelize Log Insight to the vsphere Environment in Region A Strt olleting log informtion out the ESXi nd vcenter Server instnes in the SDDC. 1 Configure User Privileges in vsphere for Integrtion with vrelize Log Insight for Region A Assign glol permissions in Region A to the servie ount sv-vrli to ollet log informtion from the vcenter Server instnes nd ESXi hosts with vrelize Log Insight. The sv-vrli user ount is speifilly dedited to olleting log informtion from vcenter Server nd ESXi. 2 Connet vrelize Log Insight to vsphere in Region A After you onfigure the sv-vrli Ative Diretory user with the vsphere privileges tht re required for retrieving log informtion from the vcenter Server instnes nd ESXi hosts, onnet vrelize Log Insight to vsphere. 3 Configure vcenter Server to Forwrd Log Events to vrelize Log Insight in Region A You n onfigure eh vcenter Server nd Pltform Servies Controller ppline to forwrd system logs nd events to the vrelize Log Insight luster. You n then view nd nlyze ll syslog informtion in the vrelize Log Insight we interfe. 4 Updte the Host Profiles for the Mngement nd Shred Edge nd Compute Clusters with Syslog s in Region A To hve onsistent logging onfigurtion ross ll ESXi hosts in the lusters in Region A, updte the host profile in eh luster to ommodte the syslog settings for onnetion to vrelize Log Insight. Configure User Privileges in vsphere for Integrtion with vrelize Log Insight for Region A Assign glol permissions in Region A to the servie ount sv-vrli to ollet log informtion from the vcenter Server instnes nd ESXi hosts with vrelize Log Insight. The sv-vrli user ount is speifilly dedited to olleting log informtion from vcenter Server nd ESXi. VMwre, In. 355

356 1 Log in to vcenter Server y using the vsphere We Client. Open We rowser nd go to Log in using the following redentils. User nme Pssword dministrtor@vsphere.lol vsphere_dmin_pssword 2 From the Home menu, selet Administrtion. 3 Under Aess Control, lik Roles. VMwre, In. 356

357 4 Crete role for vrelize Log Insight. Selet Red-only nd lik the Clone ion. You lone the Red-only role euse it inludes the System.Anonymous, System.View, nd System.Red privileges. vrelize Log Insight requires those privileges for essing log informtion relted to the vcenter Server instnes. In the Clone Role Red-only dilog ox, omplete the onfigurtion of the role nd lik OK. Role nme Desription Log Insight User Privilege Host.Configurtion.Advned settings Host.Configurtion.Chnge settings Host.Configurtion.Network onfigurtion Host.Configurtion.Seurity profile nd firewll These host privileges llow vrelize Log Insight to onfigure the syslog servie on the ESXi hosts. VMwre, In. 357

358 The Log Insight User role is propgted to other linked vcenter Server instnes. 5 Assign glol permissions to the sv-vrli@rinpole.lol servie ount. d e f In the vsphere We Client, selet Administrtion from the Home menu nd lik Glol Permissions under Aess Control. On the Mnge t, lik Add Permission. In the Glol Permissions Root - Add Permission dilog ox, lik Add to ssoite user or group with role. In the Selet Users/Groups dilog ox, from the Domin drop-down menu, selet rinpole.lol, in the filter ox type sv, nd press Enter. From the list of users nd groups, selet the sv-vrli user, lik Add, nd lik OK. In the Add Permission dilog ox, from the Assigned Role drop-down menu, selet Log Insight User, selet Propgte to hildren, nd lik OK. The glol permissions of the sv-vrli@rinpole.lol user propgte to ll vcenter Server instnes. Connet vrelize Log Insight to vsphere in Region A After you onfigure the sv-vrli Ative Diretory user with the vsphere privileges tht re required for retrieving log informtion from the vcenter Server instnes nd ESXi hosts, onnet vrelize Log Insight to vsphere. 1 Log in to the vrelize Log Insight user interfe. Open We rowser nd go to Log in using the following redentils. User nme Pssword dmin vrli_dmin_pssword 2 Clik the onfigurtion drop-down menu ion nd selet Administrtion. 3 Under Integrtion, lik vsphere. VMwre, In. 358

359 4 In the vcenter Servers pne, enter the onnetion settings for the Mngement vcenter Server nd for the Compute vcenter Server. Enter the host nme, user redentils, nd olletion options for the vcenter Server instnes, nd lik Test Connetion. vcenter Server Option Hostnme sfo01m01v01.sfo01.rinpole.lol for Mngement vcenter Server sfo01w01v01.sfo01.rinpole.lol for Compute vcenter Server Usernme Pssword Collet vcenter Server events, tsks nd lrms Configure ESXi hosts to send logs to Log Insight sv-vrli_user_pssword Seleted Seleted Clik Advned Options nd exmine the list of ESXi hosts tht re onneted to the vcenter Server instne to verify tht you onnet to the orret vcenter Server. In the Advned Options onfigurtion window, selet Configure ll ESXi hosts, selet UDP under Syslog protool, nd lik OK. 5 Clik Add vcenter Server to dd new settings form nd repet the steps to dd the settings for the seond vcenter Server instne in Region A. 6 Clik Sve. A progress dilog ox ppers. 7 Clik OK in the onfirmtion dilog ox tht ppers fter vrelize Log Insight ontts the vcenter Server instnes. You see the vsphere dshords under the VMwre - vsphere ontent pk dshord tegory. Configure vcenter Server to Forwrd Log Events to vrelize Log Insight in Region A You n onfigure eh vcenter Server nd Pltform Servies Controller ppline to forwrd system logs nd events to the vrelize Log Insight luster. You n then view nd nlyze ll syslog informtion in the vrelize Log Insight we interfe. In Region A, you onfigure the following vcenter Server nd Pltform Servies Controller instnes: Appline Type Appline Mngement Interfe URL vcenter Server instnes Pltform Servies Controller instnes VMwre, In. 359

360 1 Rediret the log events from the vcenter Server ppline to vrelize Log Insight. Open We rowser nd go to Log in using the following redentils. User nme Pssword root mgmtv_root_pssword d In the Nvigtor, lik Syslog Configurtion. On the Syslog Configurtion pge, lik Edit, onfigure the following settings, nd lik OK. Common Log Level * Remote Syslog Host sfo01vrli01.sfo01.rinpole.lol Remote Syslog Port 514 Remote Syslog Protool UDP e Repet the steps for the other vcenter Server Appline nd Pltform Servies Controller Applines. 2 Verify tht the pplines re forwrding their syslog trffi to vrelize Log Insight. Open We rowser nd go to Log in using the following redentils. User nme Pssword dmin vrli_dmin_pssword d In the vrelize Log Insight user interfe, lik Dshords nd selet VMwre - vsphere under Content Pk Dshords. Verify tht the vcenter Server nodes re presented on the All vsphere events y hostnme widget of the Generl Overview dshord. Updte the Host Profiles for the Mngement nd Shred Edge nd Compute Clusters with Syslog s in Region A To hve onsistent logging onfigurtion ross ll ESXi hosts in the lusters in Region A, updte the host profile in eh luster to ommodte the syslog settings for onnetion to vrelize Log Insight. VMwre, In. 360

361 for the Mngement Cluster for the Shred Edge nd Computer Cluster vcenter Server URL Host Profiles sfo01-m01hp-mgmt01 sfo01-w01hp-omp01 First ESXi host sfo01m01esx01.sfo01.rinpole.lol sfo01w01esx01.sfo01.rinpole.lol 1 Log in to vcenter Server y using the vsphere We Client. Open We rowser nd go to Log in using the following redentils. User nme Pssword dministrtor@vsphere.lol vsphere_dmin_pssword 2 Updte the host profile to the mngement luster. d From the vsphere We Client Home menu, selet Home. In the Nvigtor, lik Poliies nd Profiles nd lik Host Profiles. Right-lik sfo01-m01hp-mgmt01 nd selet Copy s from Host. Selet sfo01m01esx01.sfo01.rinpole.lol nd lik OK. 3 Verify tht the syslog host settings hve een updted. On the Host Profiles pge in the Nvigtor, lik sfo01-m01hp-mgmt01. d On the Configure t, lik s. In Filter serh ox, type in Syslog.glol.logHost. Selet the Syslog.glol.logHost entry from the list nd verify tht vlue of the option is udp://sfo01vrli01.sfo01.rinpole.lol:514 4 Verify ompline for the hosts in the onsolidted luster. d From the vsphere We Client Home menu, selet Hosts nd Clusters. Clik the sfo01-m01-mgmt01 luster, lik the Monitor t, nd lik Profile Compline. Clik the Chek Compline Now utton. Verify ll hosts re omplint with the tthed profile. 5 Repet the proedure with host in the Shred Edge nd Compute luster. VMwre, In. 361

362 Connet vrelize Log Insight to vrelize Opertions Mnger in Region A Connet vrelize Log Insight to vrelize Opertions Mnger so tht you n use the Lunh in Context funtionlity etween the two pplition to trouleshoot vrelize Opertions Mnger y using dshords nd lerts in the vrelize Log Insight user interfe. 1 Configure User Privileges on vrelize Opertions Mnger for Integrtion with vrelize Log Insight in Region A Configure dministrtor privileges for the sv-vrli-vrops@rinpole.lol servie ount on vrelize Opertions Mnger. 2 Enle the vrelize Log Insight Integrtion with vrelize Opertions Mnger for Region A Connet vrelize Log Insight in Region A with vrelize Opertions Mnger to lunh vrelize Log Insight from within vrelize Opertions Mnger nd to send lerts to vrelize Opertions Mnger. 3 Connet vrelize Opertions Mnger to vrelize Log Insight in Region A 4 Configure the Log Insight Agent on vrelize Opertions Mnger to Forwrd Log Events to vrelize Log Insight in Region A You onnet vrelize Opertions Mnger to vrelize Log Insight for Lunh in Context, onfigure the Log Insight gent on vrelize Opertions Mnger to send udit logs nd system events to vrelize Log Insight in Region A. Configure User Privileges on vrelize Opertions Mnger for Integrtion with vrelize Log Insight in Region A Configure dministrtor privileges for the sv-vrli-vrops@rinpole.lol servie ount on vrelize Opertions Mnger. 1 Log in to vrelize Opertions Mnger y using the opertions interfe. Open We rowser nd go to Log in using the following redentils. User nme Pssword dmin vrops_dmin_pssword 2 On the min nvigtor r, lik Administrtion. 3 In the left of vrelize Opertions Mnger, expnd Aess nd lik Aess Control. 4 On the Aess Control pge, lik the User Aounts t nd lik the Import Users ion. VMwre, In. 362

363 5 On the Import Users pge, import the servie ount. From the Import From drop-down menu, selet RAINPOLE.LOCAL. Selet the Bsi option for the serh query. In the Serh String text ox, enter sv-vrli-vrops nd lik Serh. The serh results ontin the sv-vrli-vrops user ount. d Selet sv-vrli-vrops@rinpole.lol nd lik Next. 6 On the Assign Groups nd Permissions pge, to ssign the Administrtor role to the sv-vrlivrops@rinpole.lol servie ount, lik the Ojets t, onfigure the following settings nd lik Finish. Selet Role Assign this role to the user Allow ess to ll ojets in the system Administrtor Seleted Seleted 7 When prompted with the wrning out llowing ess to ll ojets on the system, lik Yes. Enle the vrelize Log Insight Integrtion with vrelize Opertions Mnger for Region A Connet vrelize Log Insight in Region A with vrelize Opertions Mnger to lunh vrelize Log Insight from within vrelize Opertions Mnger nd to send lerts to vrelize Opertions Mnger. 1 Log in to the vrelize Log Insight user interfe. Open We rowser nd go to Log in using the following redentils. User nme Pssword dmin vrli_dmin_pssword 2 In the vrelize Log Insight user interfe, lik the onfigurtion drop-down menu ion nd selet Administrtion. 3 Under Integrtion, lik vrelize Opertions. 4 On the vrelize Opertions Mnger pge, onfigure the integrtion settings for vrelize Opertions Mnger. Hostnme Usernme vrops01svr01.rinpole.lol sv-vrli-vrops@rinpole.lol VMwre, In. 363

364 Pssword Enle lerts integrtion Enle lunh in ontext sv-vrli-vrops_pssword Seleted Seleted 5 Clik Test Connetion to vlidtion the onnetion nd lik Sve. A progress dilog ox ppers. 6 Clik OK to lose the dilog. Connet vrelize Opertions Mnger to vrelize Log Insight in Region A Configure vrelize Log Insight Adpter to integrte vrelize Log Insight with vrelize Opertions Mnger in your environment. You n ess unstrutured log dt out ny ojet in your environment y using Lunh in Context in vrelize Opertions Mnger. 1 Log in to vrelize Opertions Mnger y using the opertions interfe. Open We rowser nd go to Log in using the following redentils. User nme Pssword dmin vrops_dmin_pssword 2 On the min nvigtion r, lik Administrtion. 3 In the left pne of vrelize Opertions Mnger, lik Solutions. 4 On the Solutions pge, selet VMwre vrelize Log Insight from the solution tle, nd lik Configure. The Mnge Solution - VMwre vrellize Log Insight dilog ox ppers. 5 Under Instne s, enter the settings for onnetion to vrellize Log Insight. Enter the disply nme, desription nd the FQDN of the vrelize Log Insight instne. Disply Nme Desription Log Insight server for vrelize Log Insight Log Insight Adpter - sfo01vrli01 vrelize Log Insight for sfo01 sfo01vrli01.sfo01.rinpole.lol Clik Test Connetion to vlidte the onnetion to vrelize Log Insight. Clik OK in the Info ox. VMwre, In. 364

365 d e f Expnd the Advned s pne nd selet sfo01-remote-olletors from the Colletors/Groups drop-down menu. Clik Sve s. Clik OK in the Info ox. 6 In the Mnge Solution - VMwre vrelize Log Insight dilog ox, lik Close. The vrelize Log Insight Adpter is ville on the Solutions pge of the vrelize Opertions Mnger user interfe. The Colletion Stte of the dpter is Colleting nd the Colletion Sttus is Dt reeiving. Configure the Log Insight Agent on vrelize Opertions Mnger to Forwrd Log Events to vrelize Log Insight in Region A You onnet vrelize Opertions Mnger to vrelize Log Insight for Lunh in Context, onfigure the Log Insight gent on vrelize Opertions Mnger to send udit logs nd system events to vrelize Log Insight in Region A. 1 Enle Seure Shell (SSH) on eh node of vrelize Opertions Mnger. Open We rowser nd go to Log in using the following redentils. User nme Pssword dministrtor@vsphere.lol vsphere_dmin_pssword Under the sfo01m01v01.sfo01.rinpole.lol vcenter Server, nvigte to the virtul ppline for the node. Virtul Appline Nme vrops01svr01 vrops01svr01 Role Mster node Mster repli node vrops01svr01 Dt node 1 sfo01vrops01 Remote olletor 1 sfo01vrops01 Remote olletor 2 d e Right-lik the ppline node nd selet Open Console to open the remote onsole to the ppline. Press ALT+F1 to swith to the ommnd prompt. VMwre, In. 365

366 f Log in using the following redentils. User nme Pssword root vrops_root_pssword g Strt the SSH servie y running the following ommnd. servie sshd strt h i Close the virtul ppline onsole. Repet the step for other ppline nodes. 2 Configure the Log Insight gent in vrelize Opertion Mnger. Open n SSH onnetion to the vrelize Opertions Mnger pplines using the following settings. Host nme vrops01svr01.rinpole.lol vrops01svr01.rinpole.lol vrops01svr01.rinpole.lol sfo01vrops01.sfo01.rinpole.lol sfo01vrops01.sfo01.rinpole.lol User nme Pssword root vrops_root_pssword Edit the ligent.ini file on eh vrelize Opertions Mnger node using text editor suh s vi. vi /vr/li/loginsight-gent/ligent.ini VMwre, In. 366

367 Lote the [server] setion nd unomment the following prmeters. [server] ; Log Insight server hostnme or ip ddress ; If omitted the defult vlue is LOGINSIGHT hostnme=sfo01vrli01.sfo01.rinpole.lol ; Set protool to use: ; fpi - Log Insight REST API ; syslog - Syslog protool ; If omitted the defult vlue is fpi ; proto=fpi ; Log Insight server port to onnet to. If omitted the defult vlue is: ; for syslog: 512 ; for fpi without ssl: 9000 ; for fpi with ssl: 9543 port=9000 ;ssl - enle/disle SSL. Applies to fpi protool only. ; Possile vlues re yes or no. If omitted the defult vlue is no. ssl=no ; Time in minutes to fore reonnetion to the server ; If omitted the defult vlue is 30 ;reonnet=30 d After the [server] setion, dd the following lok on eh vrelize Opertions Mnger node: [ommon filelog] tgs={"vmw_vr_ops_ppnme":"vrops", "vmw_vr_ops_lusternme":"vrops01svr01", "vmw_vr_ops_lusterrole":"<vrops Node Role Here>", "vmw_vr_ops_nodenme":"<your vrops Node Nme Here>", "vmw_vr_ops_hostnme":"<your vrops Hostnme Here>"} VMwre, In. 367

368 e Modify the following prmeters speifilly for eh node. Prmeter Desription Lotion in ligent.ini vmw_vr_ops_lusterrole vmw_vr_ops_nodenme vmw_vr_ops_hostnme Role of the vrelize Opertions Mnger node IP ddress or FQDN of the vrelize Opertions Mnger node Nme of the vrelize Opertions Mnger node tht is set during node initil onfigurtion Set to Mster, Repli, Dt or Remote Colletor ording to the role of the node. Reple eh <Your VROPS Node Nme Here> with the following nmes: vrops01svr01 vrops01svr01 vrops01svr01 sfo01vrops01 sfo01vrops01 Reple eh <Your VROPS Hostnme Here> with the following nmes: vrops01svr01.rinpole.lol vrops01svr01.rinpole.lol vrops01svr01.rinpole.lol sfo01vrops01.sfo01.rinpole.lol sfo01vrops01.sfo01.rinpole.lol For exmple, on the mster repli node you hnge the [ommon filelog] setion to dd ontext to the logs tht re sent to the vrelize Log Insight luster: [ommon filelog] tgs={"vmw_vr_ops_ppnme":"vrops", "vmw_vr_ops_lusternme":"vrops01svr01", "vmw_vr_ops_lusterrole":"repli", "vmw_vr_ops_nodenme":"vrops01svr01", "vmw_vr_ops_hostnme":"vrops01svr01.rinpole.lol"} f g Press Es nd enter :wq! to sve the file. Restrt the Log Insight gent on node y running the following onsole ommnd. /et/init.d/ligentd restrt h Verify tht the Log Insight gent is running. /et/init.d/ligentd sttus i Stop the SSH servie on the virtul ppline y running the following ommnd. servie sshd stop 3 Repet the steps for eh of the remining vrelize Opertions Mnger nodes. VMwre, In. 368

369 4 Configure the Agent Group for the vrelize Opertions Mnger omponents from the vrelize Log Insight We user interfe. Open We rowser nd go to Log in using the following redentils. User nme Pssword dmin vrli_dmin_pssword Clik the onfigurtion drop-down menu ion nd selet Administrtion. d e f g Under Mngement, lik Agents. From the drop-down menu t the top, selet vrops 6.4 or higher - Smple from the Aville Templtes setion nd lik the Copy Templte utton t the ottom. In the Copy Agent Group dilog ox, enter vrops6 - Agent Group in the Nme text ox nd lik Copy. In the gent filter fields, enter the following vlues pressing Enter fter eh host nme. Filter Opertor s Hostnme mthes vrops01svr01.rinpole.lol vrops01svr01.rinpole.lol vrops01svr01.rinpole.lol sfo01vrops01.sfo01.rinpole.lol sfo01vrops01.sfo01.rinpole.lol h i j Clik Refresh nd verify tht ll the gents in the filter pper in the Agents list. Clik Sve New Group t the ottom of the pge. Clik the Dshord t nd selet the VMwre - vrops 6.x dshord under the Content Pk Dshords on the left. All VMwre - vrops 6 dshords eome ville on the home pge of vrelize Log Insight. You see Totl numer of vrops Clusters showing 1 nd Totl numer of vrops nodes over time showing the host nmes of the vrelize Opertions Mnger nodes. Connet vrelize Log Insight to the NSX Instnes in Region A Instll nd onfigure the vrelize Log Insight Content Pk for NSX for vsphere for log visuliztion nd lerting of the NSX for vsphere rel-time opertion. You n use the NSX-vSphere dshords to monitor logs out instlltion nd onfigurtion, nd out virtul networking servies. VMwre, In. 369

370 1 Instll the vrelize Log Insight Content Pk for NSX for vsphere in Region A Instll the ontent pk for NSX for vsphere to dd the dshords for viewing log informtion in vrelize Log Insight. 2 Configure NSX Mngers to Forwrd Log Events to vrelize Log Insight in Region A Configure the NSX Mnger for the mngement luster nd the NSX Mnger for the ompute nd edge lusters to send udit logs nd system events to vrelize Log Insight in Region A. 3 Configure the NSX Controllers to Forwrd Events to vrelize Log Insight in Region A Configure the NSX Controller instnes for the mngement luster nd shred ompute nd edge luster to forwrd log informtion to vrelize Log Insight in Region A y using the NSX REST API. To enle log forwrding, you n use REST lient, suh s the Postmn pplition for Google Chrome. 4 Configure the NSX Edge Instnes to Forwrd Log Events to vrelize Log Insight in Region A Rediret log informtion from the edge servies gtewys, universl distriuted logil router nd lod lner in Region A to vrelize Log Insight in Region A. Instll the vrelize Log Insight Content Pk for NSX for vsphere in Region A Instll the ontent pk for NSX for vsphere to dd the dshords for viewing log informtion in vrelize Log Insight. 1 Log in to the vrelize Log Insight user interfe. Open We rowser nd go to Log in using the following redentils. User nme Pssword dmin vrli_dmin_pssword 2 In the vrelize Log Insight user interfe, lik the onfigurtion drop-down menu ion nd selet Content Pks. 3 Under Content Pk Mrketple, selet Mrketple. 4 In the list of ontent pks, lote the VMwre - NSX-vSphere ontent pk nd lik its ion. 5 In the Instll Content Pk dilog ox, ept the Liense Agreement nd lik Instll. 6 In the VMwre - NSX-vSphere Setup Instrutions dilog ox, lik OK. After the instlltion is omplete, the VMwre - NSX-vSphere ontent pk ppers in the Instlled Content Pks list on the left. VMwre, In. 370

371 Configure NSX Mngers to Forwrd Log Events to vrelize Log Insight in Region A Configure the NSX Mnger for the mngement luster nd the NSX Mnger for the ompute nd edge lusters to send udit logs nd system events to vrelize Log Insight in Region A. 1 On the Windows host tht hs ess to the dt enter, log in to the NSX Mnger We interfe. Open We rowser nd go to following URL. NSX Mnger NSX Mnger for the mngement luster NSX Mnger for the shred ompute nd edge luster URL Log in using the following redentils. User nme dmin Pssword nsx_mnger_dmin_pssword 2 On the min pge of the ppline user interfe, lik Mnge Appline s. 3 Under s, lik Generl, nd in the Syslog Server pne, lik Edit. 4 In the Syslog Server dilog ox, onfigure vrelize Log Insight s syslog server y speifying the following settings nd lik OK. Syslog Server Syslog Server sfo01vrli01.sfo01.rinpole.lol Port 514 Protool UDP 5 Repet the steps for the other NSX Mnger. Configure the NSX Controllers to Forwrd Events to vrelize Log Insight in Region A Configure the NSX Controller instnes for the mngement luster nd shred ompute nd edge luster to forwrd log informtion to vrelize Log Insight in Region A y using the NSX REST API. To enle log forwrding, you n use REST lient, suh s the Postmn pplition for Google Chrome. 1 Log in to the Windows host tht hs ess to your dt enter. 2 In Chrome rowser, strt the Postmn pplition nd log in. VMwre, In. 371

372 3 Speify the request heders for requests to the NSX Mnger. On the Authentition t, onfigure the following uthoriztion settings nd lik Updte Request. Type User nme Pssword Bsi Auth dmin sfo01m01nsx01_dmin_pssword sfo01w01nsx01_dmin_pssword The Authoriztion:Bsi XXX heder ppers in the Heders pne. On the Heders t, enter the following heder detils. Request Heder Attriute Content-Type pplition/xml The Content-Type:pplition/xml heder ppers in the Heders pne. 4 Contt the NSX Mnger to retrieve the IDs of the ssoited NSX Controllers. Selet GET from the drop-down menu tht ontins the HTTP request methods. In the URL text ox next to the seleted method, enter the following URL, nd lik Send. NSX Mnger NSX Mnger for the mngement luster NSX Mnger for the shred edge nd ompute luster URL The Postmn pplition sends query to the NSX Mnger out the instlled NSX ontrollers. After the NSX Mnger sends response k, lik the Body t in the response pne. The response ody ontins root <ontrollers> XML element tht groups the detils out the three ontrollers tht form the ontroller luster. VMwre, In. 372

373 d Within the <ontrollers> element, lote the <ontroller> element for eh ontroller nd write down the ontent of the <id> element. Controller IDs hve the ontroller-id formt where id represents the sequene numer of the ontroller in the luster, for exmple, ontroller-1 in the imge elow. e Repet the steps for the other NSX Mnger. VMwre, In. 373

374 5 For eh NSX Controller, send request to onfigure vrelize Log Insight s remote syslog server. In the request pne t the top, selet POST from the drop-down menu tht ontins the HTTP request methods, nd in the URL text ox, enter the following URL. Reple ontroller-id with the ontroller IDs you hve written down. NSX Mnger NSX Mnger for the mngement luster NSX Mnger for the shred edge nd ompute luster NSX Controller in the Controller Cluster NSX Controller 1 NSX Controller 2 NSX Controller 3 NSX Controller 1 NSX Controller 2 NSX Controller 3 POST URL ol/pi/2.0/vdn/ontroller/ontroller -1/syslog ol/pi/2.0/vdn/ontroller/ontroller -2/syslog ol/pi/2.0/vdn/ontroller/ontroller -3/syslog ol/pi/2.0/vdn/ontroller/ontroller -1/syslog ol/pi/2.0/vdn/ontroller/ontroller -2/syslog ol/pi/2.0/vdn/ontroller/ontroller -3/syslog In the Request pne, lik the Body t, selet Rw, nd using the drop-down menu, selet XML (Applition/XML). VMwre, In. 374

375 Pste the following request ody in the Body text ox nd lik Send. <ontrollersyslogserver> <syslogserver> </syslogserver> <port>514</port> <protool>udp</protool> <level>info</level> </ontrollersyslogserver> d Repet the steps for the other NSX Controllers in the mngement luster nd in the shred edge nd ompute luster. 6 Verify the syslog onfigurtion on eh NSX Controller. In the Request pne, from the Method drop-down menu, selet GET, in the URL text ox, enter the ontroller-speifi syslog URL from Step 5, nd lik thesend utton. After the NSX Mnger sends response k, lik the Body t under Response. The response ody ontins root <ontrollersyslogserver> element, whih represents the settings for the remote syslog server on the NSX Controller. VMwre, In. 375

376 Verify tht the vlue of the <syslogserver> element is d Repet the steps for the other NSX Controllers to verify the syslog onfigurtion. Configure the NSX Edge Instnes to Forwrd Log Events to vrelize Log Insight in Region A Rediret log informtion from the edge servies gtewys, universl distriuted logil router nd lod lner in Region A to vrelize Log Insight in Region A. 1 Log in to vcenter Server y using the vsphere We Client. Open We rowser nd go to Log in using the following redentils. User nme Pssword dministrtor@vsphere.lol vsphere_dmin_pssword 2 From the Home menu, selet Networking & Seurity. 3 From the Networking & Seurity menu on the left, lik NSX Edges. VMwre, In. 376

377 4 On the NSX Edges pge, selet the NSX Mnger instne from the NSX Mnger drop-down menu. NSX Mnger Instne IP Address Mngement NSX Mnger Compute NSX Mnger The edge devies in the sope of the NSX Mnger pper. 5 Configure the log forwrding on eh edge servie gtewy of Mngement nd Compute NSX Mngers instnes. Doule-lik the edge devie to open its user interfe. Trffi Mngement NSX Edge Servies Gtewy Compute NSX Edge Servies Gtewy North-South Routing sfo01m01esg01 sfo01w01esg01 North-South Routing sfo01m01esg02 sfo01w01esg02 Est-West Routing sfo01m01udlr01 sfo01w01udlr01 Est-West Routing - sfo01w01dlr01 Lod Blner sfo01m01l01 - PSC Lod Blner sfo01ps01 - d On the NSX Edge devie pge, lik the Mnge t, lik s, nd lik Configurtion. In the Detils pne, lik Chnge next to Syslog servers. In the Edit Syslog Servers Configurtion dilog ox, onfigure the following settings nd lik OK. Syslog Server Protool udp e f Clik OK. Repet the steps for the remining NSX Edge devies of Mngement nd Compute NSX Mnger instnes. The vrelize Log Insight user interfe strts showing log dt in the NSX-vSphere-Overview dshord ville under the VMwre - NSX-vSphere group of ontent pk dshords. Connet vrelize Log Insight to vrelize Automtion in Region A Connet the vrelize Log to vrelize Automtion to reeive log informtion from ll omponents of vrelize Automtion in the vrelize Log Insight UI. VMwre, In. 377

378 1 Instll the vrelize Log Insight Content Pks for the Cloud Mngement Pltform in Region A Instll the ontent pks for vrelize Automtion, vrelize Orhestrtor nd Mirosoft SQL Server to dd the dshords for viewing log informtion out the Cloud Mngement Pltform in vrelize Log Insight. 2 Instll nd Configure vrelize Log Insight Windows Agents in Region A Instll the vrelize Log Insight gent on the Windows virtul mhines for the Distriuted Exeution Mnger, IS Mnger Servie, IS We Server, IS SQL Server nd the vsphere proxy gents. Configure Log Insight Windows Agents entrlly from the vrelize Log Insight We interfe. 3 Configure vrelize Log Insight Linux Agents in the vrelize Automtion Virtul Applines in Region A vrelize Log Insight Agent omes pre-instlled on the vrelize Automtion virtul ppline. Configure the ligent.ini onfigurtion file on eh virtul ppline. 4 Configure the vrelize Log Insight Linux Agents on vrelize Business in Region A vrelize Log Insight Agent omes pre-instlled on the vrelize Business virtul pplines. Configure the ligent.ini onfigurtion file on eh virtul ppline. 5 Configure Emedded vrelize Orhestrtor to Forwrd Log Events to vrelize Log Insight in Region A You enle the vrelize Log Insight gent nd onfigure the gent group for the emedded vrelize Orhestrtor to strt olleting log dt in the vrelize Orhestrtor dshords. Instll the vrelize Log Insight Content Pks for the Cloud Mngement Pltform in Region A Instll the ontent pks for vrelize Automtion, vrelize Orhestrtor nd Mirosoft SQL Server to dd the dshords for viewing log informtion out the Cloud Mngement Pltform in vrelize Log Insight. You instll the following ontent pks: VMwre - vra 7 VMwre - Orhestrtor Mirosoft - SQL Server VMwre, In. 378

379 1 Log in to the vrelize Log Insight user interfe. Open We rowser nd go to Log in using the following redentils. User nme Pssword dmin vrli_dmin_pssword 2 In the vrelize Log Insight user interfe, lik the onfigurtion drop-down menu ion nd selet Content Pks. 3 Under Content Pk Mrketple, selet Mrketple. 4 In the list of ontent pks, lote the VMwre - vra 7 ontent pk nd lik its ion. 5 In the Instll Content Pk dilog ox, lik Instll. 6 Repet the proedure to instll the VMwre - Orhestrtor nd Mirosoft - SQL Server ontent pks. After the instlltion is omplete, the VMwre - vra, VMwre - Orhestrtor nd Mirosoft - SQL Server ontent pks pper in the Instlled Content Pks list on the left. Instll nd Configure vrelize Log Insight Windows Agents in Region A Instll the vrelize Log Insight gent on the Windows virtul mhines for the Distriuted Exeution Mnger, IS Mnger Servie, IS We Server, IS SQL Server nd the vsphere proxy gents. Configure Log Insight Windows Agents entrlly from the vrelize Log Insight We interfe. VMwre, In. 379

380 1 Instll the Log Insight Windows Agents on ll the vrelize Automtion Windows VMs. Open Remote Desktop Protool (RDP) onnetion to eh of the following vrelize Automtion virtul mhines. vrelize Automtion Component IS We Server IS We Server IS Mnger Servie nd DEM Orhestrtor IS Mnger Servie nd DEM Orhestrtor IS DEM Worker IS DEM Worker vsphere Proxy Agent vsphere Proxy Agent Mirosoft SQL Server Host Nme or VM Nme vr01iws01.rinpole.lol vr01iws01.rinpole.lol vr01ims01.rinpole.lol vr01ims01.rinpole.lol vr01dem01.rinpole.lol vr01dem01.rinpole.lol sfo01is01.sfo01.rinpole.lol sfo01is01.sfo01.rinpole.lol vr01mssql01.rinpole.lol Log in using the following redentils. User nme Pssword Rinpole\sv-vr sv-vr-user-pssword Open We rowser nd go to d Log in using the following redentils. User nme Pssword dmin vrli_dmin_pssword e Clik the onfigurtion drop-down menu ion nd selet Administrtion. f g h i j Under Mngement, lik Agents. On the Agents pge, lik the Downlod Log Insight Agent Version link. In the Downlod Log Insight Agent Version dilog ox, lik Windows MSI (32-it/64-it) nd sve the.msi file on the vrelize Automtion virtul mhine. Open n dministrtive ommnd prompt window, nd nvigte to the diretory to where you sved the.msi file. Run the the following ommnd to instll the vrelize Log Insight gent with ustom vlues. VMwre-Log-Insight-Agent _ msi SERVERPORT=9000 AUTOUPDATE=yes LIAGENT_SSL=no VMwre, In. 380

381 k l m n In the VMwre vrelize Log Insight Agent Setup wizrd, ept the liense greement nd lik Next. With the Log Insight host nme sfo01vrli01.sfo01.rinpole.lol seleted in the Host text ox, lik Instll. After the instlltion is omplete, lik Finish. Repet the steps for the other vrelize Automtion virtul mhines. 2 Configure the Log Insight Windows Agent Group for the vrelize Automtion IS omponents from the vrelize Log Insight We user interfe. Open We rowser nd go to Log in using the following redentils. User nme Pssword dmin vrli_dmin_pssword Clik the onfigurtion drop-down menu ion nd selet Administrtion. d e f g h Under Mngement, lik Agents. From the drop-down t the top, selet vrelize Automtion 7 - Windows from the Aville Templtes setion. Clik Copy Templte. In the Copy Agent Group dilog ox, enter vra7 - Windows Agent Group in the nme text ox nd lik Copy. In the gent filter fields, use the following seletions. Use ENTER to seprte the host nme vlues. Filter Opertor s Hostnme mthes vr01iws01.rinpole.lol vr01iws01.rinpole.lol vr01ims01.rinpole.lol vr01ims01.rinpole.lol vr01dem01.rinpole.lol vr01dem01.rinpole.lol sfo01is01.sfo01.rinpole.lol sfo01is01.sfo01.rinpole.lol i j Clik Refresh nd verify tht ll the gents tht re listed in the filter pper in the Agents list. Clik Sve New Group t the ottom of the pge. VMwre, In. 381

382 3 In the vrelize Log Insight We user interfe, onfigure the Log Insight Windows Agent Group for the Mirosoft SQL Server omponent tht is used y vrelize Automtion. Open We rowser nd go to Log in using the following redentils. User nme Pssword dmin vrli_dmin_pssword Clik the onfigurtion drop-down menu ion nd selet Administrtion. d e f g h Under Mngement, lik Agents. From the drop-down t the top, selet Mirosoft - SQL Server from the Aville Templtes setion. Clik Copy Templte. In the Copy Agent Group dilog ox, enter vra7 - Mirosoft SQL Server Agent Group in the nme text ox nd lik Copy. In the gent filter fields, use the following seletions. Use ENTER to seprte the host nme vlues. Filter Opertor s Hostnme mthes vr01mssql01.rinpole.lol i j Under Agent Configurtion, lik Edit Lote diretory=c:\progrm Files\Mirosoft SQL Server\MSSQL10.MSSQLSERVER\MSSQL\Log nd hnge it to diretory=c:\progrm Files\Mirosoft SQL Server\MSSQL11.MSSQLSERVER\MSSQL\Log Note In this VMwre Vlidted Design, Mirosoft SQL Server 2012 R2 hs een instlled in the defult lotion on the Windows Server virtul mhine. k l Clik Refresh nd verify tht ll the gents listed in the filter pper in the Agents list. Clik Sve New Group t the ottom of the pge. All VMwre vra 7 dshords eome ville on the home pge of vrelize Log Insight. Configure vrelize Log Insight Linux Agents in the vrelize Automtion Virtul Applines in Region A vrelize Log Insight Agent omes pre-instlled on the vrelize Automtion virtul ppline. Configure the ligent.ini onfigurtion file on eh virtul ppline. VMwre, In. 382

383 1 Configure logging in the mngement interfe of the vrelize Automtion virtul ppline. Open We rowser nd log in to the following URL. for vrelize Appline A for vrelize Appline B URL User nme root root Pssword vr_pplinea_root_pssword vr_pplineb_root_pssword d On the VRA s t, lik the Logs t. Sroll down to the Log Insight Agent Configurtion setion. Enter the following vlues nd lik Sve s Host sfo01vrli01.sfo01.rinpole.lol Port 9000 Protool SSL Enled CFAPI Unheked Reonnet 30 Mx Buffer Size 2000 e Verify these settings hve een replited to vrelize Automtion ppline vr01svr01.rinpole.lol. 2 Configure the Linux Agent Group on the Log Insight server. Open We rowser nd go to Log in using the following redentils. User nme Pssword dmin vrli_dmin_pssword Clik the onfigurtion drop-down menu ion nd selet Administrtion. d e f g Under Mngement, lik Agents. From the drop-down menu on the top, selet vrelize Automtion 7 - Linux from the Aville Templtes setion. Clik Copy Templte t the ottom of the pge. In the Copy Agent Group dilog ox, enter vra7 - Linux Agent Group in the nme field nd lik Copy. VMwre, In. 383

384 h In the gent filter fields, enter the following vlues pressing Enter fter eh host nme. Filter Opertor s Hostnme mthes vr01svr01.rinpole.lol vr01svr01.rinpole.lol i j k Clik Refresh nd verify tht ll the gents in the filter pper in the Agents list. Clik Sve New Group t the ottom of the pge. Clik the Dshord t nd selet the VMwre - vra 7 dshord from the nvigtor menu on the left. All VMwre vra 7 dshords eome ville on the vrelize Log Insight Home pge. Configure the vrelize Log Insight Linux Agents on vrelize Business in Region A vrelize Log Insight Agent omes pre-instlled on the vrelize Business virtul pplines. Configure the ligent.ini onfigurtion file on eh virtul ppline. VMwre, In. 384

385 1 Enle Seure Shell (SSH) on the vrelize Business pplines. Open We rowser nd go to the following URL. vrelize Business Node vrelize Business Server Appline vrelzie Business Dt Colletor Virtul Appline Mngement Interfe URL Log in using the following redentils. User nme Pssword root vr_server_root_pssword The ppline mngement interfe of the ppline opens. d e f Clik the Administrtion t nd lik Administrtion. Under the Ations setion, lik Toggle SSH setting. Verify tht the SSH servie sttus is Enled. Repet the step for the seond vrelize Business ppline. 2 Configure the vrelize Log Insight gent in on the vrelize Business pplines. Open n SSH onnetion to the vrelize Business ppline using the following settings. Hostnme vr01svr01.rinpole.lol sfo01vr01.sfo01.rinpole.lol User nme Pssword root vr_server_ppline_root_pssword Edit the ligent.ini file using text editor suh s vi. vi /vr/li/loginsight-gent/ligent.ini Add the following informtion under the [server] setion. [server] hostnme=sfo01vrli01.sfo01.rinpole.lol proto = fpi port = 9000 ssl = no VMwre, In. 385

386 d Reple ll instnes of the FQDN_lolhost prmeter loted fter gent_nme with vr01svr01.rinpole.lol. e f Press Es nd type :wq! to sve the file. Strt the Log Insight gent. /et/init.d/ligentd strt g Verify tht the Log Insight gent is running. /et/init.d/ligentd sttus h Turn on uto-run y defult for the Log Insight gent. hkonfig ligentd on i Repet the steps to onfigure the vrelize Business Dt Colletor t sfo01vr01.sfo01.rinpole.lol. 3 Confirm tht the Log Insight gents re working in the vrelize Log Insight We interfe. Open We rowser nd go to Log in using the following redentils. User nme Pssword dmin vrli_dmin_pssword Clik the onfigurtion drop-down menu ion nd selet Administrtion. d e Under Mngement, lik Agents. Verify tht vr01svr01.rinpole.lol nd sfo01vr01.sfo01.rinpole.lol pper on the pge. VMwre, In. 386

387 Configure Emedded vrelize Orhestrtor to Forwrd Log Events to vrelize Log Insight in Region A You enle the vrelize Log Insight gent nd onfigure the gent group for the emedded vrelize Orhestrtor to strt olleting log dt in the vrelize Orhestrtor dshords. 1 Enle the vrelize Log Insight gents for vrelize Orhestrtor. Open We rowser nd go to Log in using the following redentils. User nme Pssword dmin vrli_dmin_pssword Clik the onfigurtion drop-down menu ion nd selet Administrtion. d e f g Under Mngement, lik Agents. From the drop-down menu t the top, selet vrelize Orhestrtor from the All Agents setion nd lik Copy Templte. In the Copy Agent Group dilog ox, enter vro7 - Agent Group in the nme text ox nd lik Copy. In the gent filter fields, enter the following vlues pressing Enter fter eh host nme to determine whih gents reeive the onfigurtion. Filter Opertor s Hostnme mthes vr01svr01.rinpole.lol vr01svr01.rinpole.lol h i Clik Refresh nd verify tht in the Agents list vrelize Log Insight reeives dt from the two gents in the filter. Clik Sve New Group t the ottom of the pge. 2 Verify tht the vrelize Log Insight server is reeiving log events from the vrelize Orhestrtor pplines. Clik on Dshords, selet VMwre - Orhestrtor from the Nvigtor menu on the left side. Verify tht the Server nodes grouped y hostnme widget on the Server overview dshord shows the two vrelize Orhestrtor hosts. VMwre, In. 387

388 Instll the Linux Content Pk nd Configure the Virtul Appline Agent Group for vrelize Log Insight for Region A. Instll the ontent pk for VMwre Linux to dd the dshords for viewing log informtion out the mngement virtul pplines in vrelize Log Insight. 1 Log in to the vrelize Log Insight user interfe. Open We rowser nd go to Log in using the following redentils. User nme Pssword dmin vrli_dmin_pssword 2 Instll the ontent pk for VMwre Linux. In the vrelize Log Insight user interfe, lik the onfigurtion drop-down menu ion nd selet Content Pks. d e Under Content Pk Mrketple, selet Mrketple. In the list of ontent pks, lote the Linux ontent pk nd lik its ion. In the Instll Content Pk dilog ox, ept the Liense Agreement nd lik Instll. After the instlltion is omplete, the Linux ontent pk ppers in the Instlled Content Pks list on the left. 3 Configure the Log Insight Linux gent group for the virtul pplines from the vrelize Log Insight user interfe. Clik the onfigurtion drop-down menu ion nd selet Administrtion. d e Under Mngement, lik Agents. From the drop-down t the top, selet Linux from the Aville Templtes setion. Clik Copy Templte. In the Copy Agent Group dilog ox, enter vapplines - Agent Group in the Nme text ox nd lik Copy. VMwre, In. 388

389 f In the gent filter fields, use the following seletions. Press ENTER to seprte the host nme vlues. Filter Opertor s Hostnme mthes vrops01svr01.rinpole.lol vrops01svr01.rinpole.lol vrops01svr01.rinpole.lol sfo01vrops01.sfo01.rinpole.lol sfo01vrops01.sfo01.rinpole.lol vr01svr01.rinpole.lol vr01svr01.rinpole.lol vr01svr01.rinpole.lol sfo01vr01.sfo01.rinpole.lol g h Clik Refresh nd verify tht ll the gents listed in the filter pper in the Agents list. Clik Sve New Group t the ottom of the pge. 4 Verify tht log dt is showing up on the Linux dshords. On the min nvigtion r, lik Dshords. Expnd Linux nd lik Seurity - Overview. VMwre, In. 389