You can create a VMware Cloud on AWS cloud account in vRealize Automation Cloud based on a source VMware Cloud on AWS SDDC.
For general information about VMware Cloud on AWS, see VMware Cloud on AWS documentation.
Use this procedure only if your VMware Cloud on AWS SDDC resides outside a US region. If your VMware Cloud on AWS SDDC resides within a US region, instead see Create a VMware Cloud on AWS cloud account in vRealize Automation Cloud for an SDDC within a US region.
- Verify that you have the required administrator credentials, including VMware Cloud on AWS CloudAdmin credentials for the target SDDC in vCenter and that you have enabled HTTPS access on port 443. See Credentials required for working with cloud accounts in vRealize Automation Cloud.
- Verify that you have the cloud administrator user role. See What are the vRealize Automation Cloud user roles.
- To facilitate the needed connection between your existing VMware Cloud on AWS host SDDC in vCenter and a VMware Cloud on AWS cloud account in vRealize Automation Cloud, you must provide a network connection, and firewall rules, by using a VPN or similar networking means. See Prepare your VMware Cloud on AWS SDDC to connect with VMware Cloud on AWS cloud accounts in vRealize Automation Cloud.
- Create and deploy a cloud proxy. See Configure and use a cloud proxy for a VMware Cloud on AWS cloud account in vRealize Automation Cloud.
- To support the cloud proxy, define a management rule on the VMware Cloud on AWS console to allow inbound access of the cloud proxy URLs. See Prepare your VMware Cloud on AWS SDDC to connect with VMware Cloud on AWS cloud accounts in vRealize Automation Cloud.
- Verify that the cloud proxy VM is powered on and that the cloud proxy service is connected and running. See Verify that a cloud proxy is running on a target virtual machine.
- Select .
- Click Add Cloud Account and select the VMware Cloud on AWS tile.
- As prompted, enter a name and description for the cloud account.
- For the API token setting, create a new token or use an existing token for your organization by using the linked API Tokens page as described below:
Note: Copy, download, or print the token that is generated by this workflow. Once you leave the API token page you cannot retrieve the generated token information.
In the Define Scopes section, the minimum required roles for the API token are:
- Click the i help icon at the end of the VMC API token line and click API Tokens page in the help text box to open the API Tokens tab on your organization's My Account page.
- Click Generate Token to display the Generate a New API Token options.
- Enter a new token name, for example myinitials_mytoken.
- Set the Token TTL to never expire.
If you create a token that is set to expire, then the VMware Cloud on AWS operations from vRealize Automation Cloud will stop working when the token expires and continue to not work until you update the cloud account with a new token.
- In the Define Scopes section, select All Roles.
- Click Generate.
- In the generated token page, click Copy and click Continue.
- Return to the New Cloud Account page, paste the copied token into the VMC API token row, and click Apply API token.
- Organizational Roles
- Organization Member
- Organization Owner
- Service Roles - VMware Cloud on AWS
- NSX Cloud Administrator
- NSX Cloud Auditor
Apply the generated or supplied token to connect to the available SDDC environment in your organization's VMware Cloud on AWS subscription and populate the list of SDDC names. If the vRealize Automation Cloud and VMware Cloud on AWS services are in different organizations, you should switch to the VMware Cloud on AWS organization and then generate the token. For more information about API tokens, see Generate API Tokens.
- Click Apply API token to apply the API token and display the SDDC name option.
- In the SDDC name drop-down menu, select an SDDC from the list of available SDDCs. The list of available SDDCs is derived from your VMware Cloud on AWS subscription.
The selected SDDC name auto-populates the vCenter and NSX-T FQDN entries.
- In the vCenter Server IP address/FQDN drop-down menu, enter the IP address or FQDN of the vCenter Server in the specified SDDC.
The address auto-populates based on your SDDC selection. It defaults to the private IP address. Based on the type of network connectivity used to access your SDDC, the default address might be different than the IP address of the vCenter Server in the specified SDDC.
- In the NSX Manager IP address/ FQDN drop-down menu, enter the IP address or FQDN of the NSX Manager in the specified SDDC.
The address auto-populates based on your SDDC selection. It defaults to the private IP address. Based on the type of network connectivity used to access your SDDC, the default address might be different than the IP address of the NSX Manager Server in the specified SDDC. VMware Cloud on AWScloud accounts support NSX-T.
- As prompted, enter your vCenter user name and password for the specified SDDC if it's different than the default.
The specified user requires CloudAdmin credentials. The user does not require CloudGlobalAdmin credentials.
The data centers that are available for provisioning in your specified VMware Cloud on AWS SDDC environment are listed. The list is read-only.
- If prompted, enter the name of a new or existing cloud proxy. See Configure and use a cloud proxy for a VMware Cloud on AWS cloud account in vRealize Automation Cloud.
If a cloud proxy was already deployed to the SDDC, the cloud proxy value auto-populates.
- Click Validate.
The Validate option confirms your access rights to the vCenter server and NSX Manager and checks that the specified vCenter is running.
If you receive an
Error updating endpoint <Name>: Endpoint already exists, a cloud account has already been associated to that SDDC.
- In the Configuration section of the page, specify the SDDC data center that you wish to provision to and optionally create a new cloud zone for provisioning within that data center.
- In the Capabilities section of the page, optionally specify capability tags for the cloud account.
Use tags according to your organization's tag strategy. See How do I use tags to manage Cloud Assembly resources and deployments and Creating a tagging strategy.
- Lastly, click Add to create the cloud account.
Resources such as machines and volumes are data-collected from the VMware Cloud on AWS SDDC data center and listed in the Resources section of the vRealize Automation Cloud Infrastructure tab.