To use the service, you must configure and deploy a reverse-proxy client VM that connects with VMware Cloud Director service. Then, you can associate a VMware Cloud Director instance to the SDDC through the proxy connection.

How Do I Configure and Download the VMware Reverse Proxy OVА

To use VMware Cloud Director service with VMware's proxy service, you must configure and download an OVА that, when deployed, acts as a reverse proxy client.

Prerequisites

  • Verify that you are assigned the network administrator service role. See Managing Roles and Permissions in Using VMware Cloud Services Console.
  • If you are accessing VMware Cloud Director service through VMware Cloud Partner Navigator, verify that you are a Provider Service Manager user and that you have been assigned the provider:admin and provider:network service roles. See How do I change the roles of users in my organization in the VMware Cloud Partner Navigator documentation.
  • Note the IP address and the FQDN or the vCenter Server instance of the SDDC that you want to associate with VMware Cloud Director.
  • Verify that the SDDC uses NSX for networking.

Procedure

  1. Log in to VMware Cloud Director service.
  2. Click Cloud Director Instances.
  3. In the card of the VMware Cloud Director instance for which you want to configure a reverse proxy service, click Actions > Generate VMware Reverse Proxy OVА.
  4. Enter a name for the SDDC that you are going to associate and make a note of it.
    The name does not need to match the vCenter Server name of the SDDC but it must be unique for the VMware Cloud organization in which your VMware Cloud Director is deployed.
  5. Enter the FQDN for the vCenter Server instance.
  6. Enter the IP address for the vCenter Server instance.
  7. Enter the URI for the NSX Manager instance endpoint.
  8. Enter a list of any additional IP addresses that VMware Cloud Director must be able to access through the proxy, such as ESXi hosts to use for console proxy connection.
    Use new lines to separate list entries.
    Tip: To ensure that future additions of ESXi hosts don't require updates to the allowed targets, use a CIDR notation to enter the ESXi hosts in the allow list. This way, you can provide any new host with an IP address that is already allocated as part of the CIDR block.
  9. Click Generate VMware Reverse Proxy OVА.
  10. On the Activity Log tab, locate the task for generating an OVА and check its status.
  11. If the status of the task is displayed as Success, click the vertical ellipsis icon (Vertical ellipsis icon) and select View files.
  12. Download the OVА file.

What to do next

Deploy the Reverse Proxy Appliance

Deploying the Reverse Proxy Appliance

You must use the vSphere Client to deploy the reverse proxy appliance.

Prerequisites for Deploying the Reverse Proxy Appliance

  • Verify that you configured and downloaded the proxy appliance OVA
  • Verify that the virtual data center in which you are deploying the OVA meets the following criteria.
    • The data center instance is functioning.
    • Its datastore is accessible to all ESXi hosts.
    • The data center is connected to a network that is accessible to all ESXi hosts, and it has DHCP activated.
    • The cluster in which you are deploying the OVA is a direct child of the data center.
    • The data center has outbound access to the VMware Cloud Services console at console.cloud.vmware.com for authentication.
    • The data center has outbound access to the JFrog docker repository at vmwaresaas.jfrog.io.
    • The data center has outbound access to the JFrog S3 host at jfrog-prod-usw2-shared-oregon-main.s3.amazonaws.com.
    • The data center has outbound access to the proxy-host which is listed in the vApp properties of the OVA.

Deploying the Reverse Proxy Appliance

Use the vSphere Client to deploy the reverse proxy appliance OVA. For more information, see the Deploying OVF and OVA Templates chapter in vSphere Virtual Machine Administration Guide.

  • Tip: To ensure high availability, deploy the reverse proxy appliance OVA on at least two distinct ESXi hosts. On deployment, make sure to maintain uniformity across all OVA properties. To ensure that the reverse proxy appliances remains on separate hosts, create anti-affinity rules for the individual VMs. See VM-VM Affinity Rules in the vSphere Resourse Management documentation.
  • Enter a meaningful name for the proxy appliance to facilitate locating it later.
  • During the deployment, set a root password for the reverse proxy appliance that meets the following criteria.
    • The password is 12 characters or longer.
    • The password includes letters, numbers, and punctuation. To avoid the command line interpreting parts of the password incorrectly, limit the use of punctuation to the at sign (@), hyphen (-), equal sign (=), comma (,), period (.) underscore (_), plus (+), or slash (/).
    • The password includes no more than two consecutive letters, numbers, or punctuation marks.
  • (Optional) If you want to use VMware Cloud Director service with a forward proxy, see Using VMware Cloud Director service with External Forward Proxy for the settings you need to configure during the appliance deployment.
  • (Optional) To ship the appliance client logs to a specific syslog server, enter the server IP address or hostname in the Syslog Host text box on the Customize template page.
    Note: To receive alerts for issues with the proxy appliance, such as an unexpected restart or an upgrade failure, from your syslog server, add an alert for logs containing the text CRITICAL_ALERT.
After the deployment completes and the VM powers on, note its IP address.
  • Verify that your firewall settings allow outbound internet access to the appliance VM.
  • Verify that your firewall settings allow the appliance VM to access the SDDC resources, such as vCenter Server, NSX Manager and ESXi hosts.
  • Use the console for the VMware Cloud Director service proxy client appliance to diagnose issues with the client appliance VM. See How Do I Troubleshoot the VMware Cloud Director service Proxy Client Appliance.

How Do I Associate a VMware Cloud Director Instance with an SDDC via VMware Proxy

After you deploy the reverse proxy appliance in the SDDC that you want to associate with VMware Cloud Director, you can associate your infrastructure resources.

Prerequisites

  • Verify that you configured the proxy appliance.
  • Verify that you deployed the proxy appliance in the SDDC that you want to associate with VMware Cloud Director.
  • If you are associating your VMware Cloud Director instance with an on-premises SDDC, choose one of the following options.
    • Verify that the default transport zone that you use in NSX Manager is visible to your on-premises vCenter Server instance.
    • In NSX Manager, create a network segment for the reverse proxy appliance to use. From the Connected Gateway drop-down menu for the segment, select Disconnected | Compute Gateway | Tier1, and provide a valid subnet CIDR. The network segment must be visible to your on-premises vCenter Server instance. For more details, see NSX Administration Guide.
  • If you are associating your VMware Cloud Director instance with an Oracle Cloud VMware Solution SDDC, create or import a certificate in NSX Manager that includes the FQDN of the NSX Manager instance as a CNAME and use the POST /api/v1/cluster/api-certificate?action=set_cluster_certificate API to replace the certificate of the manager cluster VIP. See Replace Certificates in NSX Administration Guide.

Procedure

  1. Log in to VMware Cloud Director service.
  2. Click Cloud Director Instances.
  3. In the card of the VMware Cloud Director instance which you want to associate, click Actions > Associate a Data Center via VMware Proxy.
  4. Select a proxy network for the reverse proxy appliance to use.
  5. In the Data center name text box, enter a name for the SDDC that you want to associate.
    This name is only used to identify the data center in the VMware Cloud Director inventory, so it doesn't need to match the SDDC name that you entered when you generated the reverse proxy appliance OVA.
  6. Enter the FQDN for your vCenter Server instance.
  7. Enter the URL for the NSX Manager instance and wait for a connection to establish.
  8. Click Next.
  9. Under Credentials, enter your user name and password for the vCenter Server endpoint.
  10. Enter your user name and password for NSX Manager.
  11. To create infrastructure resources for your VMware Cloud Director instance, such as a network pool, an external network and a provider VDC, select Create Infrastructure.
    Note: The network pool uses the default overlay transport zone in NSX.
  12. If you are associating an on-premises SDDC and your default transport zone is not visible to your vCenter Server instance, click Advanced Settings and enter the name for the disconnected network segment that you created.
  13. Click Validate Credentials.
  14. Confirm that you acknowledge the costs associated with your instance, and click Submit.

Results

The SDDC is securely associated with your VMware Cloud Director instance. When you open the VMware Cloud Director instance, the vCenter Server and the NSX Manager instances that you associated are visible in Infrastructure Resources.

A newly created Provider VDC is visible in Cloud Resources.