Oracle Cloud VMware Solution (OCVS) is one of the fastest and most flexible ways to extend, migrate and run your VMware-based applications in Oracle Cloud, without changes to your apps, tools, or processes. Oracle Cloud VMware Solution is a fully customer-managed service that lets you run your own VMware platform in Oracle Cloud.
OCVS provides VMware operational consistency to benefit you from a cloud consumption model and lower your total cost of ownership. OCVS also offers on-demand provisioning, pay-as-you-grow, and capacity optimization. The service provides all the hardware and VMware licenses you need to run a dedicated VMware SDDC in Oracle Cloud.
Network Services in Oracle Cloud VMware Solution
The following diagram demonstrates high-level network architecture of Oracle Cloud VMware Solution inside Oracle Cloud Infrastructure’s network services- Private Cloud VMware Network services.
As depicted in the above diagram, Oracle Cloud VMware Solution is pre-provisioned with the following NSX-T network configurations:
Tier-0 gateway configured in Active/Standby mode
North-bound connectivity through a default route on tier-0 gateway
Pre-provisioned tier-1 gateway for workload segment connectivity
Route advertisement enabled on pre-provisioned tier-1 gateway
Route redistribution enabled on tier-0 gateway internal networks
Ability to enable routing to/from native OCI resources and services
Outbound internet access for SDDC workloads with an option to disable or convert to inbound/outbound
Customers have root access to fully manage their NSX-T network configuration such as:
Creating overlay segments and connecting workloads
Deploying additional Tier-0 or Tier-1 Gateways
Deploying distributed services such as DFW
Deploying stateful services such as Load Balancer, DNS and DHCP on Tier-1 Gateway
Control routing or NATing between the SDDC and local or remote Oracle Cloud or On-Prem networks
Avi Load Balancer for Oracle Cloud VMware Solution
The Avi Load Balancer provides Load Balancing for applications running in the Oracle Cloud VMware Solution SDDC. It integrates as a 2nd party load balancing solution, with communication between the Controller, NSX Manager and VMware vCenter within Oracle Cloud VMware Solution. This integration enables the Controller to deploy and manage Service Engines automatically, based on demand, providing for an elastic, automated approach to load balancing. The Avi Load Balancer also leverages the NSX-T Cloud Connector mode of operation in Oracle Cloud VMware Solution. This is facilitated by the similarity in the VMware infrastructure between an on-premises NSX-T deployment and the Oracle Cloud VMware Solution deployment, for objects of interest in the Avi Load Balancer. The following schematic provides an overview of the integration:
Key points in the above deployment:
Avi Load Balancer Controller is a cluster of 3 control plane VMs. The Controllers can run within the Oracle Cloud VMware Solution SDDC, or outside it in your on-premises datacenter / Oracle Cloud native VCN. The Controllers need IP reachability from the Service Engines.
The Controller connects with the NSX-Manager and VMware vSphere vCenter within the Oracle Cloud VMware Solution and discovers the VMware objects such as Port groups, clusters, NSX T1, Segments etc.
The Controller automatically deploys a Service Engine (SE), which is the data path instance. The SE is a virtual machine running within the Oracle Cloud VMware Solution SDDC.
The Controller ensures that the NSX-T DFW is programmed correctly to allow traffic.
The Avi Load Balancer allows for various deployment configurations of the underlying NSX system, such as shared segment for the Virtual Service front-end IP (VS IP) and pool members, and dedicated segments for each.
The Avi Load Balancer also supports the default Tier 1 gateway and additional Tier 1 gateways created within Oracle Cloud VMware Solution by the customer.
Though the Avi Load Balancer supports various VLAN backed segment topologies, these are generally not applicable in the context of Oracle Cloud VMware Solution because, even though the OCVS supports OCI VLAN backed PortGroups, it also supports NSX-T overlay segments created by customers.
Prerequisites for Installing Oracle Cloud Solutions
Licensing
Avi Load Balancer only supports Enterprise Edition license for OCVS integration. To know more about the Enterprise Edition license, see NSX Advanced Load Balancer-Enterprise Edition topic in the VMware Avi Load Balancer Installation Guide.
NSX ALB Licenses can be added to the Controller at any time as per the requirement. The licenses are available at my.vmware.com. Login to your account at my.vmware.com to access the VMware serial key(DLF).
The Controllers manage licenses and central capacity pool for Avi Load Balancer Service Engines.
Avi Load Balancer allows for a 10% overage of the total license capacity.
Role Requirements
The Controller requires the NSX Network Engineer role or higher if you are running NSX-T Data Center 3.0.x, or the NSX Network Admin role or higher if you are running NSX-T Data Center 3.1.x or later.
The Controller requires VMware vCenter permissions as defined at Creating Roles for vCenter Deployment. Customers can use the
[email protected]
credentials provided to them in the Oracle Cloud console, or any account they have created, whose role includes the required permissions sufficient for the integration.
Content Library
The Controller uploads the Service Engine image to the content library on the vCenter server and uses this to create new virtual machine (VM) every time a new Service Engine is required. The content library must be created on vCenter before configuring the NSX-T cloud.
In the vCenter vSphere client, navigate to Content Libraries.
Click Create. The New Content Library wizard opens.
In the Name and location page, enter the Name and select a vCenter Server instance for the content library as shown below:
Click Next.
In the Configure content Library page, select Local content library.
Click Next. In the Add storage page, select datastore as a storage location for the content library contents.
Click Next
In the Ready to complete page, review the details.
Click Finish.
Deploying the Controller OVA
The Controller cluster VMs are deployed using OVA, connected to the same management port group as the NSX-T Manager.
To deploy the Controller OVA,
Log in to the vCenter server through a vCenter client, using the fully-qualified domain name (FQDN). From the Cluster Actions menu, select Deploy OVF Template.
Select the controller.ova file from your local machine.
In the Deploy OVF Template wizard,
Select the VM name and the location to deploy.
Select the compute resource.
Review the details.
Select the vSAN Datastore for the deployment location.
Choose a management network for the Controller.
Enter the management IP address, subnet mask and Default Gateway. In the case of DHCP, leave this field empty.
Note:Using static IP address is recommended for production setup.
Review the settings and click Finish. Power on the virtual machine.
Setting up the Avi Load Balancer Controller
This section shows the steps to perform initial configuration of the Controller using its deployment wizard. You can change or customize settings following initial deployment using the Controller’s web interface.
To complete the setup,
Navigate to the Controller IP on your browser.
Note:While the system is booting up, a
503
status code or a page with following message will appear, “Controller is not yet ready. Please try again after a couple of minutes”. Wait for about 5 to 10 minutes and refresh the page. Follow the instructions below for the setup wizard.Enter the admin details as shown below:
Note:The Email Address is required for admin password reset in case of lockout.
Enter the backup passphrase, DNS server information.
Note:The DNS Server configured here must be able to resolve the vCenter FQDN. You can configure a stub zone in the local DNS to replicate the records from the Oracle Cloud VCN’s Private DNS zone or configure a DNS listener endpoint in your VCN and then use it.
Configure the Email/SMTP information.
Click Save.
Creating an NSX-T Cloud
To create an NSX-T cloud, log into the Avi Load Balancer Controller and follow the steps given below:
Create Credentials: Navigate to Create, provide a name for the Credential, select NSX-T as the Credentials Type and provide NSX username and password which you can find in the SDDC Information page of the OCI Console.
, clickClick Save. Repeat to create vCenter credentials.
Configuring Cloud
Navigate to Create and select NSX-T Cloud.
. Click
As shown in the image below:
Enter the Name of the NSX-T cloud.
Select the DHCP check box if SE management segment has DHCP enabled.
Enter a Prefix String. The prefix string must only have letters, numbers, and underscore. This field cannot be changed once the cloud is configured.
Enter the NSX-T manager hostname or IP address for the NSX-T Manager Address and select the NSX-T Manager Credentials.
Click Connect to authenticate with the NSX-T manager.
In the Management Network section.
Select the Transport Zone required from the drop-down menu.
Select the Tier1 Logical Router ID and Segment ID.
Select the Tier-1 gateway and logical switch for VIP placement.
Click Add to select one more Tier-1 router and a connected logical segment for VIP placement.
Under vCenter Servers, click Add. Enter the vCenter Server Name and configure the credentials. Click Connect.
Select the Content Library and click Done.
Select the IPAM/DNS Profile, as required. Click Save to create the NSX-T cloud. The Cloud Connector Status will turn green, and the system will be ready for creation of a virtual service.
Creating a Virtual Service
Navigate to the Controller UI and click
.Select the Cloud.
Enter the required name of virtual service, application type of virtual service, VS-VIP ( create a new VIP, if needed).
For creating a new VS VIP, Add the Tier-1 router name.
Add new VIP to above VIP object by assigning IP using Auto-Allocate or static.
In addition to the above fields, add Pool members, Tier 1 Logical Router, and other required fields and click Save to create the virtual service. On successful creation of a Service Engine, the virtual service will come up and be ready to process traffic.