To deploy and use VMware Cloud Director Availability™ in VMware Cloud™ on AWS for migrations, first prepare the Software-Defined Data Center (SDDC). Create a network segment and allow accessing the management gateway vCenter Server for appliances deployment.

After meeting the SDDC prerequisites, prepare the SDDC for VMware Cloud Director Availability deployment outside the management resource pool. Before deploying the appliances, create a dedicated resource pool. The access to the management resource pool is limited and the public IP addresses of all the users must be explicitly allowed before accessing the management components in the management resource pool, like vCenter Server for appliance deployment. For an overview, see Migration to VMware Cloud Director service.

Prerequisites

  • Verify that the SDDC is successfully deployed at VMware Cloud on AWS, that the cloud administrator user can login to the SDDC, and has permissions to deploy OVF templates.
  • Verify that in the VMware Cloud Director service, the Cloud Director instance is deployed at VMware Cloud on AWS in the same AWS region as the SDDC, for example, US West (Oregon), and that the Cloud Director instance is associated with the VMC SDDC.
  • Verify that in the Cloud Director instance at least one organization, one organization network, one provider data center (Provider VDC), one organization virtual data center (Organization VDC), and a local administrator user with CDS Provider Admin Role exist and that the Cloud Director instance can host migrated virtual machines.

Procedure

  1. Log in to VMware Cloud on AWS at https://vmc.vmware.com.
  2. In the VMC console, in the left pane click SDDCs.
  3. Under the SDDC, click the View Details link.
  4. Under the SDDC name, click the Networking & Security tab.
  5. Add a network segment that connects the VMware Cloud Director Availability appliances so they can communicate between themselves and with other network services.
    1. On the Networking & Security tab, in the left pane under the Network section, click Segments.
    2. To add a dedicated routed network for the VMware Cloud Director Availability appliances, under Segment List, click Add Segment and enter the following settings.
      Option Description
      Name Enter a name for the network segment. For example, enter vcda-network-segment.
      Type Routed
      Subnets Enter an IPv4 CIDR subnet for the VMware Cloud Director Availability appliances.
    3. To save the network segment, click Save and to finish configuring the segment click No.
      Under the Subnets column, you see the routed network CIDR used in the OVF deployment wizard, on the Select Networks page.
  6. Before accessing the management gateway vCenter Server in VMware Cloud on AWS for deploying the VMware Cloud Director Availability appliances, create a trusted management group with the allowed IP addresses.
    1. On the Networking & Security tab, in the left pane under the Inventory section click Groups.
    2. To create a management group, click the Management Groups tab, click Add Group and enter a group name.
    3. To add trusted members to the new management group, under the Compute Members column, click the Set Members link.
    4. In the Select Members window, on the IP Addresses tab enter the IP addresses of the trusted users and click Apply.
      Management Group Name Management Group Trusted Members IP Addresses
      Trusted Management Sources Group Enter the externally-facing public-IP-addresses of the users granted with access to the vCenter Server management gateway service in VMware Cloud on AWS.
    5. To save the management group, click Save.
  7. To allow accessing the management gateway vCenter Server for the cloud appliances deployment, allow access from the trusted management sources group.
    1. On the Networking & Security tab, in the left pane under the Security section click Gateway Firewall.
    2. Click the Management Gateway tab, then click Add Rule and configure the following settings.
      Option Description
      Name Enter a name for the compute gateway firewall rule. For example, enter vCenter Inbound From Trusted Management Sources Rule.
      Sources Click Any in the Sources column. In the Set Source window select User Defined Groups, select the trusted IP addresses management group and click Apply. For example, select Trusted Management Sources Group.
      Destinations In the Destinations column click Any, then in the Set Destination window, select System Defined Groups and select vCenter.
      Services In the Services column, select HTTPS (TCP 443), SSO (TCP 7443), and ICMP (ALL ICMP).
      Action Allow
      By default, the new management gateway firewall rule is enabled.
    3. To publish the new management gateway firewall rule, click Publish.
      The new rule receives an integer ID value, used in the log entries that it generates.
  8. To obtain permissions for creating new virtual machines, create a separate resource pool dedicated for the multiple cloud VMware Cloud Director Availability appliances, outside the management resource pool.
    1. Click Open vCenter and log in with the cloud admin user credentials.
    2. Expand SDDC-Datacenter, right-click Cluster-1 and select New Resource Pool.
    3. In the New Resource Pool window, enter a name for the resource pool for the VMware Cloud Director Availability appliances. For example, enter VCDA-Resource-Pool.
    4. Configure the CPU and the Memory sections and click OK.
    The new resource pool shows under SDDC-Datacenter > Cluster-1.

Results

After performing all the steps in this procedure, the SDDC in VMware Cloud on AWS is fully prepared for VMware Cloud Director Availability deployment. For a summary of the configuration, see SDDC Network Configuration Summary.

What to do next

You can now deploy the VMware Cloud Director Availability appliances in VMware Cloud on AWS. For more information, see Deploy VMware Cloud Director Availability in the SDDC.