To prepare your on-premises environment for deployment, you must manually configure your vSphere environment settings.

You must finish the following configuration steps to prepare each of your vSphere environments for an on-premises VMware Blockchain deployment.


Verify that your environment has vSphere 7.0 or 6.7 installed. See vSphere Installation and Setup Process.


  1. Log in to vCenter Server.
  2. Configure a cluster of hosts.
  3. Create a dedicated datastore for allocating datastore resources to VMware Blockchain.

    The minimum requirement for allocating datastore resources is a single host. See Create a Datastore Cluster.

  4. To dedicate cluster resources for VMware Blockchain, create a resource pool.
  5. To allow firewall access to the deployed VMs in your data center, configure the outbound connectivity.

    • *.

      If you plan to use Wavefront for collecting metrics, activate firewall access to

  6. Set up a content library to store VMware Blockchain templates in the vSphere inventory.

    If your vSphere inventory has a connection to Amazon S3, add the subscription URL as the content library distribution point.

    If your vSphere inventory cannot connect to Amazon S3, you can manually set up the connectivity.

    1. Configure the vSphere environment to the VMware Blockchain Orchestrator IP address to deploy VMware Blockchain VMS.

      The content library server is available within the VMware Blockchain Orchestrator appliance.


    2. (Optional) Get the latest Nginx images from JFrog.
      docker login -u <username> -p <password> 
      docker pull
    3. (Optional) Run the Docker command to set a local proxy.
      docker run --name proxy -p 8083:80 -d
    4. Add the subscription URL as the content library distribution point.
      docker run --name proxy -p 8083:80 -d

      Add the subscription URL as the content library distribution point. See Create a Library.

  7. To group the same type of objects for easier management, create a VM and Templates folder.

    You must assign a unique folder name and use this folder name across multiple vCenter Server clusters.

    See Create a Folder.

  8. (Optional) Create a vSphere Standard Switch or a vSphere Distribute Switch with a VM port group for the network connectivity with VMware Blockchain.

    The VM network name you assign here is used for VMware Blockchain.

    See Create a vSphere Standard Switch or Create a vSphere Distributed Switch.

  9. (Optional) Configure the DNS settings to denote the network gateway, subnet size, and the IP address range in the subnet allocated exclusively for VMware Blockchain.

    See Edit the DNS and IP Address Settings.


    The vSphere and VMware Cloud have different terminology that refers to the same feature option. For example, in vSphere, the port group name option equates to the compute network option in VMware Cloud.

  10. Create a VMware Blockchain service role with required privileges and assign roles to the newly created vCenter Server objects.

    Menu Item


    Content Library

    Select the Read storage menu item.

    Datastore section

    Select the Allocate Space menu item.


    Select all the menu items.


    Assign a vApp to the resource pool.


    Select all the menu items.

    Virtual Machine

    Select all the menu items.

  11. Create a service user account in the vCenter Server.
  12. Connect to the Docker repositories.
    1. Create a VM that supports Docker in your vSphere environment.
    2. Verify that vCenter Server has network connectivity to the newly created VM.
    3. Configure the VM Internet connectivity to access the public Docker repositories.
  13. Extract the vCenter Server public key for VMware Blockchain Orchestrator if vCenter Server does not have a CA certificate.

    The VMware Blockchain Orchestrator uses the vCenter Server public key to make API calls to the vCenter Server.

    1. Download the vCenter Server certificate ZIP file.

      wget --no-check-certificate https://<vCenter_URL>/certs/

      Substitute the <vCenter_URL> variable with your vCenter Server URL.

    2. Unzip the certificate file.


    3. Locate the Linux certificate file in the lin directory.


      The Linux certificate file has a .0 as the extension.

    4. (Optional) For multiple certificate files with .0 extension, collate the files into one file using the cat command.

      cat ca034145.0 ca036789.0 ca067854.0 > certs.0

      The collated certificate file certs.0 can be used as a single certificate. For example, certs/lin/ca034145.0.

    5. Verify the certificate using the curl --cacert command.

      curl --cacert <certificate_file> https://<vCenter_URL>

    6. Convert the Linux certificate into a single line.

      awk 'NF {sub(/\r/, ""); printf "%s\\n",$0;}' certs/lin/<certificate_file>

    7. In the infrastructure descriptor file, add this single-line certificate output value for the tlsCertificateData attribute under the vCenter section.

What to do next

You can optionally verify permissions and VM connectivity. See Verify vSphere Permissions and VM Connectivity.

If you plan to use your private Docker container registry, you must download trusted VMware images. See Download Trusted VMware Images for Your Private Docker Container Registry.