By using the management interface of VMware Cloud Director Availability in the cloud site backed by NSX Data Center for vSphere, the service provider registers the NSX Manager. Then the service provider or the organization administrator creates the server L2 VPN session enabling the L2 stretch of one or more networks across the on-premises site.

After preparing VMware Cloud Director with an external network and an edge gateway as per the two steps in the prerequisites, and the on-premises site as per the On-premises stretching layer 2 networks to the Cloud Director site procedure, follow the procedure below and register the NSX Manager as a service provider. Then as either a service provider or an organization administrator, create the server side of the L2 VPN session.

Prerequisites

  • Verify that in both the cloud site and in the on-premises site VMware Cloud Director Availability 4.2.1 or later is successfully deployed.
  • Verify that the on-premises site is prepared for an L2 VPN session with NSX Autonomous Edge 3.1.x or 3.2.x only. For more information, see Understanding Layer 2 VPN in the VMware NSX documentation. For information about the order of the steps of the procedure, see On-premises stretching layer 2 networks to the Cloud Director site.
  • Verify that in the cloud site NSX Data Center for vSphere (NSX-V) 6.4.10 or later is deployed to allow stretching of routed networks after registering the NSX Manager.
    Note:
    • NSX Data Center for vSphere stretches only Routed type networks only with interface type Subinterface, not Internal nor Distributed, and cannot stretch Isolated nor Direct type networks. NSX Data Center for vSphere can stretch only VXLAN and VLAN Organization VDC routed networks connected to the Trunk interface, and cannot stretch networks connected to the Uplink nor Internal interfaces. Guest VLAN Allowed must be deselected and if at some point it was selected, recreate the network for stretch from scratch.
    • For NSX, skip this procedure and see Create a server L2 VPN session with NSX in the Cloud Director site.
  • Verify that before stretching VLAN routed networks, in vSphere the service provider first created and associated the trunk interface with the edge gateway.
  • Verify that VMware Cloud Director 10.0.0.3 or later is deployed in the cloud site.
  • Verify that to register the NSX Manager with the Cloud Service for the first time, the service provider authenticates in VMware Cloud Director Availability as a System Administrator user.
  • Verify that VMware Cloud Director is prepared to use vSphere backed network resources, after adding an external network, then adding an NSX Data Center for vSphere edge gateway that allows establishing the server L2 VPN session while providing the organization VDC networks with connectivity to external networks:
    1. Verify that in VMware Cloud Director the vSphere backed external network is added. For more information, see Add an External Network That Is Backed by vSphere Resources to Your VMware Cloud Director in the VMware Cloud Director documentation.
    2. Verify that in VMware Cloud Director the NSX Data Center for vSphere edge gateway is added. For more information, see Add an NSX Data Center for vSphere Edge Gateway to VMware Cloud Director in the VMware Cloud Director documentation.

Procedure

  1. Log in to the management interface of the Cloud Director Replication Management Appliance.
    1. In a Web browser, go to https://Appliance-IP-Address/ui/admin.
    2. Select Appliance login or SSO login and enter the root or the single sign-on user credentials.
    3. Click Login.
  2. In the left pane, under the Configuration section click L2 Stretch.
  3. Click NSX-V Managers and select an NSX Manager with an Unconfigured status.
  4. Click Edit.
  5. In the Configure window, register the NSX Manager with the Cloud Service.
    1. In the Password text box, enter the admin user password for the NSX Manager.
    2. To register the NSX Manager for L2 stretch management by VMware Cloud Director Availability, click Configure.
      Verify the thumbprint and accept the SSL certificate of the NSX Manager.
    The NSX Manager is now registered, shows Up status, and is ready for creating the server L2 VPN session.
  6. Click L2 VPN Sessions.
  7. From the NSX Gateway menu, select the edge gateway and click New.
    The NSX Gateway menu lists both NSX-V and NSX edge gateways that are registered and added in VMware Cloud Director. For information about using NSX for server L2 sessions, see Create a server L2 VPN session with NSX in the Cloud Director site.
  8. In the New L2 VPN server session window, configure the server L2 VPN session and click Create.
    1. In the Name text box, enter a name for this server L2 VPN session.
    2. In the Local Address text box, enter an IP address residing in the IP pool of the edge gateway at the server side of the L2 VPN session.
      The local IP address is a static IP address within the allocated IP range of the NSX edge gateway hosting the server L2 VPN session.
    3. In the Remote Address text box, enter the on-premises IP address at the client side of the L2 VPN session.
      Usually the remote IP address is the static endpoint IP address of the NSX Autonomous Edge on-premises. For more information, see Configure the networks of the NSX Autonomous Edge on-premises.
      Note: Ensure that the network communication between the local IP address in the cloud and the remote IP address on-premises exists unobstructed.
    4. In the Pre-shared Key text box, enter the pre-shared key as provided by your network administrator.

      Enter only visible ASCII characters, including space, excluding non-printable characters like Null, BEL, and so on. The pre-shared key must meet the following complexity requirements:

      • At least 8 characters
      • At least one uppercase letter
      • At least one lowercase letter
      • At least one digit
      • At least one special character
    5. In the Tunnel Interface text box, enter a private, non-routable subnet address in a CIDR notation.
    6. Under Server Network(s), to establish an L2 stretch select the server side networks to stretch.
      • The available networks for selection are filtered to show only OrgVDC networks connected to the trunk interface of the NSX Data Center for vSphere.
      • The number of available server networks for selection, depends on the version of VMware Cloud Director. For information about the VMware Cloud Director versions, see the prerequisites above.
    Note:
    • Cannot change or edit the selected networks for stretching when using NSX Data Center for vSphere. To modify the stretched networks, click Delete and recreate the server L2 VPN session.
    • Attempting to delete the server L2 VPN session takes several minutes. Do not attempt to recreate the server L2 VPN session immediately after deleting as it fails due to the deletion progress in the background.

Results

You created the server L2 VPN session in the cloud site.

What to do next

You can now create the client L2 VPN session that completes the L2 stretch. For more information, see On-premises stretching layer 2 networks to the Cloud Director site.