Configure VMware Cloud Director Availability in VMware Cloud on AWS

After deploying all the cloud appliances in VMware Cloud on AWS, configure VMware Cloud Director Availability by configuring the Cloud Service instance in the Cloud Director Replication Management Appliance.

Prerequisites

Verify that the requested-VCDA-public-IP-address is added as trusted in both the management and in the compute groups. For information about requesting and adding this public IP address in the trusted inventory groups, see step Step 1.

Verify that the network settings of the SDDC are configured. For more information, see Configure the network of the SDDC in VMware Cloud on AWS.

Procedure

Log in to the management interface of the Cloud Director Replication Management Appliance.
1. In a Web browser, go to https://VCDA-management-public-IP-address:443/ui/admin.
  To ensure your browser redirects you, the NAT rule applies, and the browser trusts the appliance certificate, enter both the https:// prefix and the /ui/admin page suffix.
2. If this is the first time you are opening this page in this browser, cancel the certificate prompt for adding the certificate in your browser.
3. Select Appliance login and enter the root user password, set during the initial OVA deployment.
4. Click Login.
As this Cloud Director Replication Management Appliance is not yet configured, you are redirected to https://VCDA-management-public-IP-address/ui/portal/initial-config.
In the VCDA Appliance Password window, change the initial root user password set during the OVA deployment.
1. Enter the initial root user password as configured during the OVA deployment.
2. Enter and confirm a new password.
  The password that you enter must be a secured password with a minimum of eight characters and it must consist of:
  - At least one lowercase letter.
  - At least one uppercase letter.
  - At least one number.
  - At least one special character, such as: & # % .
3. After entering and confirming the new password, click Apply.
  The Getting Started page opens.
Under Steps for fresh installation, click the Run the initial setup wizard link.
Under Deploy the Cloud Replication Management Appliance, you can see the IP address of this newly deployed Cloud Director Replication Management Appliance.

To configure VMware Cloud Director Availability, complete the Initial Setup wizard.

On the Licensing page, enter a VMware Cloud Director Availability license key and click Next.
After accepting the license key, if you cancel the wizard, on the next run of the wizard on the Licensing page the license key is pre-filled and greyed-out.

On the Site Details page, configure the Cloud Service instance site and click Next.

Option	Description
Site Name	Enter a site name for this Cloud Service instance. Important: The site name is used as an identifier of this instance of VMware Cloud Director Availability and cannot be changed later without impacting the active replications.
Service Endpoint address	Enter https://`VCDA-tunnel-public-IP-address`:443 and ensure that you enter the `443` port.
Description	Optionally, enter a description for this VMware Cloud on AWS site.
Choose which data engines to be enabled.	To enable migrations to VMware Cloud on AWS, select VMC. To enable migrations to and from private cloud sites, select Classic.

On the VMware Cloud Director page, register the Cloud Service instance with the Cloud Director instance and click Next.

Option	Description
VMware Cloud Director endpoint URL	Enter the public address of the Cloud Director instance and to autocomplete it as https://`Cloud-Director-service-Public-IPv6-Address`/api, press Tab. For example, use the IPv6 IP address you use to browse the Cloud Director instance.
VMware Cloud Director user name	Enter a local user for the Cloud Director instance. Use a System administrator user or a user with the CDS provider admin role, for example enter `administrator@system`.
VMware Cloud Director password	Enter the password of the Cloud Director instance user.

Verify the thumbprint and accept the SSL certificate of the Cloud Director instance.

On the Replicator Service instances page, register the Cloud Service with the vCenter Server Lookup service and with the Replicator Service instances in the SDDC, then click Next.


Option		Description
Lookup Service Address		Enter the public URL address of the VMware Cloud on AWSvCenter Server Lookup service and to autocomplete the address as https://`vCenter-Public-URL`:443/lookupservice/sdk, press Tab. For example, use the public URL from the vCenter Server you use to browse vSphere in VMware Cloud on AWS and deploy the cloud appliances.
Use above Lookup Service address for Manager, Cloud and Tunnel		By default, the vCenter Server Lookup service address is used only for all the Replicator Service instances. By not using this address for the remaining services, their appliances show a yellow indicator which is expected for the vCenter Server Lookup service that is not configured. By not activating this toggle, single sign-on (SSO) user authentication is not available for the Manager Service, the Cloud Service, and the Tunnel Service. To later configure the vCenter Server Lookup service address for the services, see Configure VMware Cloud Director Availability to Accept the vCenter Server Lookup service Certificate in the Administration Guide. To also use this vCenter Server Lookup service address for the Manager Service, for the Cloud Service, and for the Tunnel Service, and enable SSO for all services, activate this toggle.
Replicator 1	Replicator Service address	Enter the private IP address of the Replicator Appliance and to autocomplete the address as https://`Replicator-Private-IP-Address`:8043, press Tab.
	Replicator Service root password	Enter the password of the root user of the Replicator Service.
	Test Connection	Click to verify the connectivity to the endpoint and the root user password, and save the Replicator Service instance. If the initial root user password of the Replicator Appliance is not changed since deploying the appliance, you must change this password. Enter the initial root user password set during the OVA deployment, then enter and confirm a new password. The password that you enter must be a secured password with a minimum of eight characters and it must consist of: At least one lowercase letter. At least one uppercase letter. At least one number. At least one special character, such as: & # % .
	SSO user name	Enter a cloud admin user with administrative privileges in the single sign-on domain, for example enter `[email protected]`. Note: Cannot use the [email protected] user for single-sign-on (SSO) user authentication to the Cloud Service or for VMware Cloud Director Availability authentication.
	SSO password	The password for the administrative user.
	Description	Optionally, enter a description for the Replicator Service instance.
Add a Replicator Service Instance		Optionally, add additional Replicator Service instances.

Verify the thumbprints and accept the SSL certificates of the vCenter Server Lookup service in VMware Cloud on AWS and of all the Replicator Service instances.

On the Tunnel Service page, register the Cloud Service with the Tunnel Service, test the connection, and click Next.

Option	Description
Tunnel Service address	Enter the private IP address of the Tunnel Appliance and to autocomplete the address as https://`Tunnel-Private-IP-Address`:8047, press Tab.
Root password	Enter the password of the root user of the Tunnel Service.
Test Connection	Click to verify the connectivity to the endpoint and the root user password, and save the Tunnel Service instance. If the initial root user password of the Tunnel Appliance is not changed since deploying the appliance, you must change this password. Enter the initial root user password set during the OVA deployment, then enter and confirm a new password. The password that you enter must be a secured password with a minimum of eight characters and it must consist of: At least one lowercase letter. At least one uppercase letter. At least one number. At least one special character, such as: & # % .

Option

Description

Tunnel Service address

Enter the private IP address of the Tunnel Appliance and to autocomplete the address as https://Tunnel-Private-IP-Address:8047, press Tab.

Root password

Enter the password of the root user of the Tunnel Service.

Test Connection

Click to verify the connectivity to the endpoint and the root user password, and save the Tunnel Service instance. If the initial root user password of the Tunnel Appliance is not changed since deploying the appliance, you must change this password.

Enter the initial root user password set during the OVA deployment, then enter and confirm a new password.

The password that you enter must be a secured password with a minimum of eight characters and it must consist of:

At least one lowercase letter.
At least one uppercase letter.
At least one number.
At least one special character, such as: & # % .

Verify the thumbprint and accept the SSL certificate of the Tunnel Service.

On the Ready To Complete page, review the Cloud Service configuration summary and click Finish.

To allow the tenants to perform migrations, assign them with a replication policy.
1. In the left pane, under Configuration click Policies.
2. (Optional) Create a replication policy or modify the Default policy to allow replications.
3. To assign a replication policy click Assign and select the organizations to assign the policy to.
  Alternatively, click Organizations and after selecting the organizations to assign a policy to, click Assign and select the policy to assign.

Results

VMware Cloud Director Availability configuration in VMware Cloud on AWS is complete.

What to do next

You can now configure the network of VMware Cloud on AWS for pairing with on-premises tenants and with remote cloud sites. For more information, see Configure the SDDC network for pairing VMware Cloud Director Availability in VMware Cloud on AWS.