Hol 2082 02 HBD PDF

HOL-2082-02-HBD
Table of Contents
Lab Overview - HOL-2082-02-HBD - VMware Cloud Provider Platform - vCloud Director
multisite with NSX............................................................................................................. 2
Lab Guidance .......................................................................................................... 3
Module 1 - vCloud Director and NSX Cross-VDC Networking (60 minutes) ....................... 9
Introduction........................................................................................................... 10
Overview of Cross-vCenter Networking and Security ........................................... 12
vCloud Director Cross-VDC Design with Cross VC NSX.......................................... 19
Conclusion........................................................................................................... 133
HOL-2082-02-HBD Page 1
HOL-2082-02-HBD
Lab Overview -
HOL-2082-02-HBD -
VMware Cloud Provider
Platform - vCloud Director
multisite with NSX
HOL-2082-02-HBD
Lab Guidance
Note: It will take around 45-60 minutes to complete this lab.
Lab Abstract: In this lab, we will be reviewing the necessary steps to support Cross-
VDC Networking in MultiSite NSX environment inside of VMware vCloud Director 9.5.
These are fairly straightforward since it aligns to the standard requirements set forth
from Cross-vCenter NSX.
Lab Module List:
• Module 1 - vCloud Director and multisite NSX Cross-VDC Networking (60

minutes) (Basic) This module covers step-by-step instructions to configure Cross-
VDC Networking in Multi-Site environment with VMware vCloud
Lab Captain - Eric Stine, Parul Garg
This lab manual can be downloaded from the Hands-on Labs Document site found here:
http://docs.hol.vmware.com
This lab may be available in other languages. To set your language preference and have
a localized manual deployed with your lab, you may utilize this document to help guide
you through the process:
http://docs.hol.vmware.com/announcements/nee-default-language.pdf
HOL-2082-02-HBD
Location of the Main Console
1. The area in the RED box contains the Main Console. The Lab Manual is on the tab
to the Right of the Main Console.
2. A particular lab may have additional consoles found on separate tabs in the upper
left. You will be directed to open another specific console if needed.
3. Your lab starts with 90 minutes on the timer. The lab can not be saved. All your
work must be done during the lab session. But you can click the EXTEND to
increase your time. If you are at a VMware event, you can extend your lab time
twice, for up to 30 minutes. Each click gives you an additional 15 minutes.
Outside of VMware events, you can extend your lab time up to 9 hours and 30
minutes. Each click gives you an additional hour.
Alternate Methods of Keyboard Data Entry
During this module, you will input text into the Main Console. Besides directly typing it
in, there are two very helpful methods of entering data which make it easier to enter
complex data.
HOL-2082-02-HBD
Click and Drag Lab Manual Content Into Console Active

Window
You can also click and drag text and Command Line Interface (CLI) commands directly
from the Lab Manual into the active window in the Main Console.
Accessing the Online International Keyboard
You can also use the Online International Keyboard found in the Main Console.
1. Click on the Keyboard Icon found on the Windows Quick Launch Task Bar.
HOL-2082-02-HBD
Click once in active console window
In this example, you will use the Online Keyboard to enter the "@" sign used in email
addresses. The "@" sign is Shift-2 on US keyboard layouts.
1. Click once in the active console window.

2. Click on the Shift key.
Click on the @ key
1. Click on the "@ key".
Notice the @ sign entered in the active console window.
HOL-2082-02-HBD
Activation Prompt or Watermark
When you first start your lab, you may notice a watermark on the desktop indicating
that Windows is not activated.
One of the major benefits of virtualization is that virtual machines can be moved and
run on any platform. The Hands-on Labs utilizes this benefit and we are able to run the
labs out of multiple datacenters. However, these datacenters may not have identical
processors, which triggers a Microsoft activation check through the Internet.
Rest assured, VMware and the Hands-on Labs are in full compliance with Microsoft
licensing requirements. The lab that you are using is a self-contained pod and does not
have full access to the Internet, which is required for Windows to verify the activation.
Without full access to the Internet, this automated process fails and you see this
watermark.
This cosmetic issue has no effect on your lab.
Look at the lower right portion of the screen
HOL-2082-02-HBD
Please check to see that your lab is finished all the startup routines and is ready for you
to start. If you see anything other than "Ready", please wait a few minutes. If after 5
minutes your lab has not changed to "Ready", please ask for assistance.
HOL-2082-02-HBD
Module 1 - vCloud
Director and NSX Cross-
VDC Networking (60
minutes)
HOL-2082-02-HBD
Introduction
This Module contains the following lessons:
• Learn to configure Cross vDC Networking with NSX Multisite inside of VMware
vCloud Director
Thank You!
Special thanks go to Daniel Paluszek, Wissam Mahmassani, and Abhinav Mishra for their
work on building/testing this solution as well as documenting it in a series of videos and
blog posts:
https://blogs.vmware.com/cloudprovider/2018/11/vmware-vcloud-director-9-5-cross-vdc-
networking-blog-series-high-level-provider-design.html
https://www.paluszek.com/wp/2019/01/11/cross-vdc-networking/
https://nsxy.blog/2018/11/01/vcloud-director-cross-vdc-design-with-cross-vc-nsx/
Introduction
HOL-2082-02-HBD
In this lab, we will be reviewing the necessary steps to support Cross-VDC Networking
inside of VMware vCloud Director 9.5. The goal of this high-level design is to provide
optimal availability of network services from the Provider and Tenant layer.
Here are the Pre-Requisites:
1. Cross-VC NSX must be setup. This requires setup of Primary/Secondary NSX

Managers, Universal Transport Zone, etc. We will cover some of the high-level
aspects below.
2. Although a single vCD instance can be used to manage Cross-VDC Networking, in
order to use Org VDCs that are from Multiple vCD instances/sites, Multi-Site
Integration must be configured. There is a one-time setup at the Provider Level
and then the for each Organization, an Org Association must be made between
the vCD instances.
3. Ensure you have a unique vCloud Director installation ID on each vCloud Director
instance/installation. If you have duplicate IDs, this can lead to MAC address
conflicts.
1. Typically, production vCD instances will have unique site ID’s, but this may
be pertinent for duplicated lab environments for ongoing testing and
evaluation.
HOL-2082-02-HBD
Overview of Cross-vCenter Networking

and Security
• In this Chapter, we will learn the concepts and terminology related to vCloud
Director Cross-VDC Design with Cross VC NSX
Benefits of Cross-vCenter NSX environments - Resource

Pooling
Let's first go over the benefits of Cross-vCenter NSX Environments.
Resource Pooling - Logical networking and security across multiple vCenters allow for
the ability to access and pool resources form multiple vCenter domains. Resources are
no longer isolated based on vCenter and/or vCD boundaries which hence allows the
ability to access and pool resources form multiple vCenter domains achieving better
utilization and less idle hosts.
HOL-2082-02-HBD
Benefits of Cross-vCenter NSX environments - Workload

Mobility
Increased mobility of workloads - VMs can be migrated using vMotion across

vCenter Servers without having to reconfigure the VM or change firewall rules.
HOL-2082-02-HBD
Benefits of Cross-vCenter NSX environments - Disaster

Recovery
Enhanced multi-site and disaster recovery capabilities.
Cross VDC will help tenants and providers to continue operations in case of a partial or
complete network failure. Workloads on Site-A can leverage the Tenant-X-Org-VDC edge
on Site-B in the case where the Tenant-X-Org-VDC Edge fails on Site-A.
HOL-2082-02-HBD
How Cross-vCenter NSX Works
NSX Data Center for vSphere allows you to manage multiple environments from a single
primary NSX Manager.
In a cross-vCenter NSX environment, you can have multiple vCenter Servers, each of
which must be paired with its own NSX Manager. One NSX Manager is assigned the role
of primary NSX Manager, and the others are assigned the role of secondary NSX
Manager.
The primary NSX Manager is used to deploy a universal controller cluster that provides
the control plane for the cross-vCenter NSX environment. The secondary NSX Managers
do not have their own controller clusters.
The primary NSX Manager can create universal objects, such as universal logical
switches. These objects are synchronized to the secondary NSX Managers by the NSX
Universal Synchronization Service. You can view these objects from the secondary NSX
Managers, but you cannot edit them there. You must use the primary NSX Manager to
manage universal objects.
HOL-2082-02-HBD
On both primary and secondary NSX Managers, you can create objects that are local to
that specific environment, such as logical switches, and logical (distributed) routers.
They exist only within the environment in which they were created. They are not visible
on the other NSX Managers in the cross-vCenter NSX environment.
NSX Managers can be assigned the standalone role. A standalone NSX Manager
manages an environment with a single NSX Manager and single vCenter. A standalone
NSX Manager cannot create universal objects.
Note: If you change the role of a primary NSX Manager to standalone and any
universal objects exist in the NSX environment, the NSX Manager is assigned the
transit role. The universal objects remain, but they cannot be changed, and no other
universal objects can be created. You can delete universal objects from the transit role.
Use the transit role temporarily, for example, when changing which NSX Manager is the
primary.
Overview of Cross-vCenter Networking and Security
Universal NSX Controller Cluster
Each cross-vCenter NSX environment has one universal controller cluster associated
with the primary NSX Manager. Secondary NSX Managers do not have a controller
cluster. As the universal controller cluster is the only controller cluster for the cross-
vCenter NSX environment, it maintains information about universal logical switches
and universal logical routers as well as logical switches and logical routers that are
local to each NSX Manager. In order to avoid any overlap in object IDs, separate ID pools
are maintained for universal objects and local objects.
HOL-2082-02-HBD
Universal Transport Zone
In a cross-vCenter NSX environment, there can be only one universal transport zone.
The universal transport zone is created on the primary NSX Manager, and is
synchronized to the secondary NSX Managers. Clusters that need to participate in
universal logical networks must be added to the universal transport zone from their
NSX Managers.
Universal Logical Switches
Universal logical switches allow layer 2 networks to span multiple sites. When you
create a logical switch in a universal transport zone, you create a universal logical
switch. This switch is available on all clusters in the universal transport zone. The
universal transport zone can include clusters in any vCenter in the cross-vCenter NSX
environment. The segment ID pool is used to assign VNIs to logical switches, and the
universal segment ID pool is used to assign VNIs to universal logical switches. These
pools must not overlap. You must use a universal logical router to route between
universal logical switches. If you need to route between a universal logical switch and a
logical switch, you must use an Edge Services Gateway.
Universal Logical (Distributed) Routers
Universal Logical (Distributed) Routers offer centralized administration and a routing

configuration that can be customized at the universal logical router, cluster, or host
level. When you create a universal logical router you must choose whether to enable
local egress, as this cannot be changed after creation. Local egress allows you to
control what routes are provided to ESXi hosts based on an identifier, the locale ID.
Each NSX Manager is assigned a locale ID, which is set to the NSX Manager UUID by
default. You can override the locale ID at the following levels:
• Universal logical router

• Cluster
• ESXi host
If you do not enable local egress the locale ID is ignored and all ESXi hosts connected
to the universal logical router will receive the same routes. Whether or not to enable
local egress in a cross-vCenter NSX environment is a design consideration, but it is not
required for all cross-vCenter NSX configurations.
Universal Firewall Rules
Distributed Firewall in a cross-vCenter NSX environment allows centralized

management of rules that apply to all vCenter Servers in your environment. It supports
cross-vCenter vMotion which enables you to move workloads or virtual machines from
one vCenter Server to another and seamlessly extends your software defined
datacenter security.
HOL-2082-02-HBD
HOL-2082-02-HBD
vCloud Director Cross-VDC Design with

Cross VC NSX
Below are configuration steps we will accomplish in this Module:
1. Cross-vCenter NSX Configuration - vCD 9.5 does require a standard Cross-

vCenter NSX configuration implemented between the resource/payload vCenters
before we can do any configuration at the vCloud Director level.
2. vCloud Director Initial Provider Setup - In this step, we need to assign the
correlated NSX Manager to each vCenter instance that’s participating in the
Cross-VDC networking solution.
3. Enabling an orgVDC for Cross-VDC Networking - A a very simple process –
really just enable it on a per orgVDC basis.
4. Permissions/Rights required for Cross-VDC Networking - There are specific
rights and roles required for Cross-VDC networking that are not enabled by
default for the organization administrator. We will review and run step by step
instructions to enable the Permissions and roles needed for Cross-VDC
Networking.
HOL-2082-02-HBD
Login to RegionA vCenter
1. Start the Chrome browser from the desktop

2. Click on RegionA in the bookmarks toolbar and select RegionA vSphere Client
(HTML)
3. Enter Username: administrator@regiona.local
4. Enter Password: VMware1!
5. Click on Login
HOL-2082-02-HBD
Login to RegionB vCenter
1. Open a new tab in the Chrome Browser.

2. Click on the RegionB folder in the bookmarks bar and select RegionB vSphere
Client (HTML)
3. Enter Username: administrator@regionb.local
5. Click on Login
HOL-2082-02-HBD
Login to vCD SiteA
1. Open a new tab

2. Click on the RegionA folder in the bookmarks bar and select vCD SiteA -
Provider (HTML)
3. Enter Username: administrator
5. Click on Login
HOL-2082-02-HBD
Login to vCD SiteB
1. Open a new tab

2. Click on the RegionB folder in the bookmarks bar and select vCD SiteB -
Provider (HTML)
3. Enter Username: administrator
5. Click on Login
HOL-2082-02-HBD
Go Back to RegionB vCenter
1. Click on tab vCenterB. Check the address: vcsa-01b.corp.local/ui

2. Click on Menu
3. Click on Networking and Security.
HOL-2082-02-HBD
Deleting the Controller Node at SiteB
1. Click on Installation and Upgrade

2. Click on NSX Controller Nodes.
Deleting the Controller Node at SiteB (contd..)
HOL-2082-02-HBD
1. Click on Controller-1B
2. Click on DELETE
Note: depending on the screen resolution being presented to you via HOL, you may not
be able to see Controller-1B to select it. You may need to go back to the desktop in the
lab and change your resolution to atleast 1280x720 (1280x800 is preferred).
Confirm Delete of Controller Nodes
1. Check the checkbox for Proceed to Force Delete

2. Click on DELETE
HOL-2082-02-HBD
Confirm the Controller Node is Deleted
1. Click on Refresh to confirm the Controller Node is deleted
Confirm the Controller Node is Deleted (contd..)
1. Confirm that the Controller Nodes section is empty.
HOL-2082-02-HBD
Go Back To RegionA vCenter
1. Click on tab vCenter SiteA

2. Click on Menu
3. Click on Networking and Security
HOL-2082-02-HBD
Installation and Upgrade
1. Click on Installation and Upgrade
Assign Primaty Role to NSX Manager
1. Select NSX Managers

2. Click on NSX Manager 192.168.110.42
HOL-2082-02-HBD
Assign Primary Role to NSX Manager (contd..)
1. Expand ACTIONS
2. Click on Assign Primary Role
Confirm assignment of Primary Role to NSX Manager
1. To confirm assigning the Primary Role to NSX Manager, click on YES
HOL-2082-02-HBD
Add Secondary Manager
1. Click on NSX Manager 192.168.110.42
Add Secondary Manager (contd..)
1. Expand ACTIONS
2. Click on Add Secondary Manager
HOL-2082-02-HBD
1. For NSX Manager enter 192.168.210.42

2. Click on Add 192.168.210.42
HOL-2082-02-HBD
1. Enter Username: admin

3. Confirm Password: VMware1!
4. Click Add
HOL-2082-02-HBD
1. To Accept the certificate, click on Accept
Note: In case you see error while adding Secondary NSX manager., please retry. Due
to the nested environment in Hands On Lab, sometimes this error is seen. In should
work seamlessly in production environments.
HOL-2082-02-HBD
Confirm Secondary Manager is seen at vCenter Site B
1. Switch to tab vCenter SiteB

2. Click on NSX Managers
3. Click on Refresh
4. Confirm that the NSX Manager 192.168.210.42 has Secondary Role
So far, we've assigned Site-A NSX Manager in Primary Role while linking Site-B NSX
Manager as the secondary instance.
From here, we need to establish Universal Segment ID pool and Transport Zone.
Add Transport Zone in SiteA
1. Switch back to vCenter Site A

2. Click on Logical Network Settings
HOL-2082-02-HBD
Add Transport Zone in SiteA (contd..)
1. Click on Transport Zones
1. Click on ADD
HOL-2082-02-HBD
1. Enter Name - Universal-TZ

2. Switch Universal Synchronization to On
3. Selection Replication Mode as Unicast
4. Check the checkbox for Cluster RegionaA01-COMP01
5. Click on ADD
HOL-2082-02-HBD
Update Segment ID
1. Click on VXLAN Settings
HOL-2082-02-HBD
Update Segment ID (contd..)
1. In the Segment IDs section click on EDIT
HOL-2082-02-HBD
Update Segment ID (contd..)
1. Add Universal Segment ID Pool - 7000-7999

2. Click on SAVE
HOL-2082-02-HBD
Confirm Universal Segment ID Pool is updated
1. Confirm Universal Segment ID Pool is updated to 7000-7999
Update NSX Manager Settings on VCD SiteA
HOL-2082-02-HBD
In the next few screens, we will go through the steps to assign the correlated NSX
Manager to each vCenter instance that’s participating in the Cross-VDC networking
solution.
1. Switch to tab VCD Site A. Confirm the address as https://vcd-01a.corp.local/

provider/cloud/organizations
2. Click on Menu
3. Click on vSphere Resources
Update NSX Manager Settings on VCD SiteA (contd..)
1. Click on vCenter vcsa-01a.corp.local (click the name, not the radio button next
to it)
HOL-2082-02-HBD
1. Scroll to the bottom where you see NSX-V Manager Info
HOL-2082-02-HBD
1. Click on EDIT
HOL-2082-02-HBD
1. Change Cross VCD Networking to ON

2. Enter Resource Pool Path: RegionA01-COMP01/vCD-RegionA01/System vDC
(e76b0c8d-bc66-4d68-a3b0-e2aa526147b8)
3. Enter Datastore Name: RegionA01-ISCSI01-COMP01
4. Enter Management Interface: VM-RegionA01-vDS-COMP
5. Enter Network Provider Scope: RegionA
6. Click on SAVE
Hint: you can highlight the bolded text above and drag and drop onto the
respective field in the lab window if you don't want to type it all out.
HOL-2082-02-HBD
Update NSX Manager Settings on VCD SiteB
1. Switch to tab VCD Site B. Confirm the address as https://vcd-01b.corp.local/

provider
2. Click on Menu
3. Click on vSphere Resources
Update NSX Manager Settings on VCD SiteB (contd..)
HOL-2082-02-HBD
1. Click on vCenter vcsa-01b.corp.local (click the name, not the radio button)
1. Scroll to the bottom where you see NSX-V Manager Info
HOL-2082-02-HBD
1. Click on EDIT
HOL-2082-02-HBD
1. Change Cross VCD Networking to ON

2. Enter Resource Pool Path: RegionB01-COMP01/vCD-RegionB01/System vDC
(ee5787e8-3427-4473-9b1a-e4f47dab1a8c)
3. Enter Datastore Name: RegionB01-ISCSI01-COMP01
4. Enter Management Interface: VM-RegionB01-vDS-COMP
5. Enter Network Provider Scope: RegionB
6. Click on SAVE
HOL-2082-02-HBD
Connect Transport Zone with Cluster at vCenter SiteB
1. Switch to tab vCenter SiteB

2. Navigate to Installation and Upgrade
3. Click on Logical Network Settings
4. Click on Transport Zones
5. Select Transport Zone: Universal-TZ
6. Click on CONNECT CLUSTERS
HOL-2082-02-HBD
Connect Transport Zone with Cluster at vCenter SiteB

(contd..)
1. Check the checkbox for SiteB Cluster: RegionB01-COMP01

2. Click on SAVE
Open vCD SiteA - Admin (Flash)
1. Open a new tab on the browser
HOL-2082-02-HBD
2. Click on RegionA from the bookmark

3. Click on vCD SiteA - Admin (Flash)
Login To vCD SiteA - Admin (Flash) to add Network Pool
1. Enter User name: administrator

3. Click on Login
HOL-2082-02-HBD
Add Network Pool at vCD Site A
1. Click on Manage & Monitor
Add Network Pool at vCD Site A (contd..)
1. Click on Network Pools
HOL-2082-02-HBD
1. Click on + to add Network Pool
1. Select Network Pool Type as VXLAN-backed

2. Click on Next
HOL-2082-02-HBD
Configure VXLAN Network Pool
1. Select vcsa-01a.corp.local
2. On the right panel, Scroll down to the bottom
HOL-2082-02-HBD
1. Select NSX Transport Zone: Universal-TZ

2. Click on Next
HOL-2082-02-HBD
1. Name this Network Pool: Universal

2. Click on Next
HOL-2082-02-HBD
1. Click on Finish
HOL-2082-02-HBD
Confirm Network Pool is added at vCD Site A
1. Confirm the new Network Pool Universal is added.
Enabling an orgVDC for Cross-VDC Networking
This is a very simple process – really just enable it on a per orgVDC basis.
1. Click on Organization VDCs
HOL-2082-02-HBD
Enabling an orgVDC for Cross-VDC Networking (contd..)
1. Select the orgVDC T1-OVDC-A

2. Right Click on this orgVDC and click on Properties
HOL-2082-02-HBD
1. Click on Network Pool & Services
HOL-2082-02-HBD
1. Check the checkbox Enable Cross VDC Networking (Using Network Pool
"Universal"
2. Click OK
Next we will create an Edge Services Gateway that we will later use as an egress point.
HOL-2082-02-HBD
Open T1-OVDC-A
1. Click on T1-OVDC-A
Create an Edge Service Gateway
1. Click the tab for Edge Gateways

2. Click the + to create a new Edge Services Gateway
HOL-2082-02-HBD
Configure Edge Gateway
1. Leave the default settings and click Next
HOL-2082-02-HBD
Configure External Networks
1. Click Site-A-ExtNet
2. Click Add
3. Click Next
HOL-2082-02-HBD
Configure Default Gateway
1. Click Site-A-ExtNet
2. Click 192.168.100.1
3. Check the box to use the default gateway for DNS relay (optional)
4. Click Next
HOL-2082-02-HBD
Name and Description
1. Give the Edge a name (T1-ESG, for example)

2. Click Finish
Now we will configure the vCloud Director instance in SiteB.
Open vCD SiteB - Admin (Flash) to add Network Pool
HOL-2082-02-HBD
1. Open a new tab on the browser

2. Click on RegionB from the bookmark
3. Click on vCD SiteB - Admin (Flash)
Login To vCD SiteB - Admin (Flash)
1. Enter User name: administrator

3. Click on Login
HOL-2082-02-HBD
Add Network Pool at vCD Site B
1. Click on Manage & Monitor
Add Network Pool at vCD Site B (contd..)
1. Click on Network Pools
HOL-2082-02-HBD
1. Click on + to add Network Pool
HOL-2082-02-HBD
1. Select Network Pool Type as VXLAN-backed

2. Click on Next
HOL-2082-02-HBD
Configure VXLAN Network Pool
1. Select vcsa-01b.corp.local
2. Select NSX Transport Zone: Universal-TZ
3. Click on Next
HOL-2082-02-HBD
1. Name this Network Pool: Universal

2. Click on Next
HOL-2082-02-HBD
1. Click on Finish
Confirm Network Pool is added at vCD Site B
HOL-2082-02-HBD
1. Confirm the new Network Pool Universal is added.
Enabling an orgVDC for Cross-VDC Networking
This is a very simple process – really just enable it on a per orgVDC basis.
1. Click on Organization VDCs
1. Select the orgVDC T1-OVDC-B

2. Right Click on this orgVDC and click on Properties
HOL-2082-02-HBD
1. Click on Network Pool & Services
HOL-2082-02-HBD
1. Check the checkbox Enable Cross VDC Networking (Using Network Pool
"Universal"
2. Click OK
HOL-2082-02-HBD
Switch to vCD SiteA (HTML) to configure Roles
There are specific rights and roles required for Cross-VDC networking that are not
enabled by default for the organization administrator. In the next few screens, we will go
over the roles and permissions that need to be enabled for Cross-VDC Networking.
1. Switch to tab vCD SiteA

2. Click on Menu
3. Click on Administration
Configure Access Control at vCD SiteA
1. Click on Rights Bundles
HOL-2082-02-HBD
Configure Access Control at vCD SiteA (contd..)
Click on Default Rights Bundle (you can either click the name or the radio button next
to it)
1. Click on EDIT
HOL-2082-02-HBD
1. Scroll down until you see Multisite

2. Expand Multisite
HOL-2082-02-HBD
For Multisite check the checkbox to add permissions
1. View
2. Manage Multisite System Operations
3. Manage Edit site
HOL-2082-02-HBD
Scroll down to the bottom to add permissions for VDC Group. Check the checkbox to add
permissions
1. View VDC Group

2. Manage Configure VDC Group
3. Click on SAVE
HOL-2082-02-HBD
1. Click the radio button next to Default Rights Bundle

2. Click on PUBLISH to confirm the roles assignment.
HOL-2082-02-HBD
1. Click on SAVE
Switch to vCD SiteB (HTML) to configure Roles
HOL-2082-02-HBD
1. Switch to tab vCD SiteB

2. Click on Menu
3. Click on Administration
Configure Access Control at vCD SiteB
1. Click on Rights Bundles
Configure Access Control at vCD SiteB (contd..)
1. Click on Default Rights Bundle
HOL-2082-02-HBD
1. Click on EDIT
HOL-2082-02-HBD
1. Scroll down until you see Multisite
HOL-2082-02-HBD
1. Expand Multisite
2. Check the checkbox to add permissions to View
3. Check the checkbox to add permissions to Manage Multisite System
Operations
4. Check the checkbox to add permissions to Manage Edit site
HOL-2082-02-HBD
1. Scroll down to the bottom to add permissions for VDC Group. Check the checkbox
to add permissions
2. View VDC Group
3. Manage Configure VDC Group
4. Click on SAVE
HOL-2082-02-HBD
Click on PUBLISH to confirm the roles assignment.
HOL-2082-02-HBD
1. Click on SAVE
HOL-2082-02-HBD
Update Global Roles for Org Administrator at VCD SiteB

for Cross VDC Networking
1. Click on Global Roles from the left panel.
HOL-2082-02-HBD

for Cross VDC Networking (contd..)
1. Click on Organization Administrator (you can click the name or the radio
button next to it)

HOL-2082-02-HBD
1. Click on EDIT

1. Scroll down to the place where you notice Multisite
HOL-2082-02-HBD

1. Expand Multisite
Operations
HOL-2082-02-HBD

1. Scroll down to add permissions for VDC Group.

2. Expand VDC Group
3. Check the checkbox to add permissions View VDC Group
4. Check the checkbox to Manage Configure VDC Group
5. Click on SAVE
HOL-2082-02-HBD

1. Click on PUBLISH (you may need to click the radio button next to Organization
Administrator to see the Publish option)
HOL-2082-02-HBD

1. Click on SAVE
HOL-2082-02-HBD
Update Global Roles for Org Administrator at VCD SiteA

for Cross VDC Networking
1. Switch to tab vCD Site A

1. Click on Global Roles from the left panel.
HOL-2082-02-HBD

1. Click on Organization Administrator

HOL-2082-02-HBD

1. Click on EDIT

HOL-2082-02-HBD

1. Scroll down to the place where you notice Multisite

HOL-2082-02-HBD

1. Expand Multisite
Operations

HOL-2082-02-HBD

1. Scroll down to the bottom to add permissions for VDC Group.

2. Expand VDC Group
3. Check the checkbox to add permissions View VDC Group
4. Check the checkbox to Manage Configure VDC Group
5. Click on SAVE

HOL-2082-02-HBD

1. Click on PUBLISH (you may need to click the radio button next to Organization
Administrator to see the Publish option)

HOL-2082-02-HBD

1. Click on SAVE

HOL-2082-02-HBD
Open an Incognito Window
1. Click the Command & Control button in the upper right-hand corner of the
browser window
2. Select New incognito window

HOL-2082-02-HBD
Log in to vCD SiteA as t1admin
1. Click on the RegionA folder in the bookmarks bar and select vCD SiteA -
Tenant1
2. Username: t1admin
3. Password: VMware1!
4. Click Login

HOL-2082-02-HBD
Log in to vCD SiteB as t1admin
1. Open a new browser tab

2. Click the RegionB folder in the bookmarks bar and select vCD SiteB - Tenant 1
3. Username: t1admin
4. Password: VMware1!
5. Click Login

HOL-2082-02-HBD
Go to Multisite section
1. Click the menu

2. Select Administration
3. Click on Multisite

HOL-2082-02-HBD
Export SiteB Data
1. Click Export Local Association Data
Note: if you get a warning asking if you want to keep the file, click Keep

HOL-2082-02-HBD
Export SiteA Data
1. Click on the browser tab to go back to SiteA

2. Click the menu and select Administration
3. Click on Multisite
4. Click Export Local Association Data
Note: if you get a warning asking if you want to keep the file, click Keep

HOL-2082-02-HBD
Create New Organization Association at SiteA
1. Click Create New Organization Association
Input New Association XML at SiteA

HOL-2082-02-HBD
1. Click the upload button

2. Select assoc_data.xml
3. Click Open

HOL-2082-02-HBD

HOL-2082-02-HBD
4. Click Next
5. Click Submit
6. Click Finish

HOL-2082-02-HBD
Create New Organization Association at SiteB
1. Click on the browser tab for Site B

2. Click on Create New Organization Association

HOL-2082-02-HBD
Input New Association XML at SiteB

HOL-2082-02-HBD
1. Click the upload button

2. Select assoc_data(1).xml
3. Click Open

HOL-2082-02-HBD

HOL-2082-02-HBD
4. Click Next
5. Click Submit
6. Click Finish

HOL-2082-02-HBD
Verify The Multisite Connection is Active
Click the Refresh icon until it shows Active
Note: it may take a few minutes.

HOL-2082-02-HBD
View Multiple Datacenters
1. Click the menu and select Datacenters

2. Notice there are now two datacenters

HOL-2082-02-HBD
Create a New Datacenter Group
1. Click the menu and select Datacenter Groups

2. Click on New Datacenter Group

HOL-2082-02-HBD
Name & Egress Configuration
1. Give the Datacenter Group a name

2. Notice the two options for
3. Points. You can configure a Common Egress Point, where all members of the
datacenter group will go out a single site. Or you can configure Egress Points per
Fault Domain, where each site would have its own egress point. To keep things
simple for the lab, select Common Egress Points.
4. Click Next

HOL-2082-02-HBD
Datacenters
Note that you can group from 2-4 sites together to form a datacenter group. In this lab,
we only have two.
1. Check the boxes for each site

2. Click Next
3. Click Finish

HOL-2082-02-HBD
Look at the new Datacenter Group
You should now see a Datacenter Group.
1. Click Details
Network Topology

HOL-2082-02-HBD
Notice the simple network diagram between the two sites. Also notice the warning that
there is no external connectivity. We need to add an Egress Point for the Datacenter
Group to be able to communicate with external resources.
1. click Add Egress Point
Note: it may take a few minutes for the Add Egress Point option to show up (after the
Create VDC Group task completes)
Add Active Egress Point
You should see the Edge Services Gateway you configured earlier.
1. Click the radio button next to the Edge

2. Click ADD

HOL-2082-02-HBD
New Network Topology
It will take a few minutes to configure the new Egress Point. When it is complete, the
Network Topology will be visible. Notice the new network topology shows the Edge
Services Gateway as the Egress Point for the Datacenter Group. Next we will create a
Stretched Network so VMs in either site can communicate with Layer 2 adjacency.
1. Click Stretched Networks

HOL-2082-02-HBD
Create Stretched Network
1. Click ADD
2. Give the network a name, for eg: StretchNet
3. Add the gateway in CIDR format: 192.168.130.1/24
4. Click CREATE
Note: It may take a few minutes to create the Stretched Network.
Next we will view the Stretched Network in vCloud Director.

HOL-2082-02-HBD
Go to Datacenters
1. Click the menu and select Datacenters

2. Click on one of the datacenters

HOL-2082-02-HBD
View Networks
1. Click on Networks
Notice that the Stretched Network is now visible. You can now connect VM NICS to this
network from any site in the Datacenter Group and they will be on the same stretched
VXLAN.
Congratulations!! You've finished the module successfully.

HOL-2082-02-HBD
Conclusion
Congratulations!! You just finished going through the concepts and step-by-
step to configure Cross-VDC Networking with Multisite NSX inside of VMware
vCloud Director.
You've finished Module 1
Congratulations on completing Module 1.
How to End Lab
To end your lab click on the END button.

HOL-2082-02-HBD
Conclusion
Thank you for participating in the VMware Hands-on Labs. Be sure to visit
http://hol.vmware.com/ to continue your lab experience online.
Lab SKU: HOL-2082-02-HBD
Version: 20191021-190326

Hol 2082 02 HBD PDF

Caricato da

Informazioni sul documento

Titolo originale

Copyright

Formati disponibili

Condividi questo documento

Condividi o incorpora il documento

Opzioni di condivisione

Hai trovato utile questo documento?

Questo contenuto è inappropriato?

Copyright:

Formati disponibili

Hol 2082 02 HBD PDF

Caricato da

Copyright:

Formati disponibili

HOL-2082-02-HBD

Lab Module List:

• Module 1 - vCloud Director and multisite NSX Cross-VDC Networking (60

Lab Captain - Eric Stine, Parul Garg

Location of the Main Console

Alternate Methods of Keyboard Data Entry

Click and Drag Lab Manual Content Into Console Active

Accessing the Online International Keyboard

Click once in active console window

1. Click once in the active console window.

Click on the @ key

1. Click on the "@ key".

Notice the @ sign entered in the active console window.

Activation Prompt or Watermark

This cosmetic issue has no effect on your lab.

Look at the lower right portion of the screen

Here are the Pre-Requisites:

1. Cross-VC NSX must be setup. This requires setup of Primary/Secondary NSX

Overview of Cross-vCenter Networking

Benefits of Cross-vCenter NSX environments - Resource

Let's first go over the benefits of Cross-vCenter NSX Environments.

Benefits of Cross-vCenter NSX environments - Workload

Increased mobility of workloads - VMs can be migrated using vMotion across

Benefits of Cross-vCenter NSX environments - Disaster

Enhanced multi-site and disaster recovery capabilities.

How Cross-vCenter NSX Works

Overview of Cross-vCenter Networking and Security

Universal NSX Controller Cluster

Universal Transport Zone

Universal Logical Switches

Universal Logical (Distributed) Routers

Universal Logical (Distributed) Routers offer centralized administration and a routing

• Universal logical router

Universal Firewall Rules

Distributed Firewall in a cross-vCenter NSX environment allows centralized

vCloud Director Cross-VDC Design with

1. Cross-vCenter NSX Configuration - vCD 9.5 does require a standard Cross-

Login to RegionA vCenter

1. Start the Chrome browser from the desktop

Login to RegionB vCenter

1. Open a new tab in the Chrome Browser.

Login to vCD SiteA

1. Open a new tab

Login to vCD SiteB

1. Open a new tab

Go Back to RegionB vCenter

1. Click on tab vCenterB. Check the address: vcsa-01b.corp.local/ui

Deleting the Controller Node at SiteB

1. Click on Installation and Upgrade

Deleting the Controller Node at SiteB (contd..)

Confirm Delete of Controller Nodes

1. Check the checkbox for Proceed to Force Delete

Confirm the Controller Node is Deleted

1. Click on Refresh to confirm the Controller Node is deleted

Confirm the Controller Node is Deleted (contd..)

1. Confirm that the Controller Nodes section is empty.

Go Back To RegionA vCenter

1. Click on tab vCenter SiteA

Installation and Upgrade

1. Click on Installation and Upgrade

Assign Primaty Role to NSX Manager

1. Select NSX Managers

Assign Primary Role to NSX Manager (contd..)