To manage your VMware Cloud on AWS instances in vRealize Operations, you must configure a cloud account. The adapter requires the CSP API token that is used to authorize and communicate with the target VMware Cloud on AWS.

Prerequisites

  • Navigate to API Tokens under My Account and generate a CSP API token based on your operational needs:
    • To discover and manage SDDCs, include Administrator (Delete Restricted) or Administrator from VMware Cloud on AWS service roles.
    • For NSX monitoring, include NSX Cloud Admin or NSX Cloud Auditor roles from VMware Cloud on AWS service roles.
  • To activate VMC on AWS government cloud monitoring, ensure the following prerequisites are met.
    Note: Skip this step if you are adding a Commercial Cloud Endpoint for VMware Cloud on AWS.
    • Activate FIPS mode in vRealize Operations. See Enabling FIPS 140-2 for more information.
    • Set the base.url and vmc.base.url property values in the VMC adapter configuration file:
      Note: It is recommended to use a dedicated Cloud Proxy in VMC on AWS government cloud to monitor the VMC on AWS government cloud endpoint, however, Primary, Data, and Remote Collector nodes can also be used.
      1. Log into the desired node or Cloud Proxy as root via SSH or Console, pressing ALT+F1 in a Console to log in.
      2. Open /usr/lib/vmware-vcops/user/plugins/inbound/VmcAdapter/conf/config.properties in a text editor.
      3. Add the following property values in the file:
        base.url=CSP_Endpoint_FQDN_For_GovCloud/
vmc.base.url=VMC_on_AWS_base_URL_without_https://_prefix/vmc/
        Note: Replace CSP_Endpoint_FQDN_For_GovCloud and VMC_on_AWS_base_URL_without_https://_prefix with your CSP Endpoint FQDN for VMC on AWS government cloud and your VMC on AWS base URL (not including https://) respectively.
        Example: 
        base.url=console.cloud-us-gov.vmware.com/
vmc.base.url=www.vmc-us-gov.vmware.com/vmc/
      4. Save and close the file.
    • Set the CSP_AUTH_API_HOST property value in the NSXT adapter configuration file:
      Note: It is recommended to use a dedicated Cloud Proxy in VMC on AWS government cloud to monitor the VMC on AWS government cloud endpoint, however, Primary, Data, and Remote Collector nodes can also be used.
      1. Log into the desired node or Cloud Proxy as root via SSH or Console, pressing ALT+F1 in a Console to log in.
      2. Open /usr/lib/vmware-vcops/user/plugins/inbound/NSXTAdapter3/conf/NSXT.properties in a text editor.
      3. Add the following property values in the file:
        CSP_AUTH_API_HOST=CSP_Endpoint_FQDN_For_GovCloud
        Note: Replace CSP_Endpoint_FQDN_For_GovCloud with your CSP Endpoint FQDN for VMC on AWS government cloud.
        Example: 
        CSP_AUTH_API_HOST=console.cloud-us-gov.vmware.com
      4. Save and close the file.
    • Select this configured node or cloud proxy when adding a government cloud endpoint for VMware Cloud on AWS adapter instance.
  • To activate the cost calculations based on VMware Cloud on AWS GovCloud Pricing, you must modify the VMware Cloud on AWS rate card on the Cloud Providers tab in the Cost Settings page. For details on updating the rate card, see the VMware KB article 88488.

Procedure

  1. From the left menu, click Data Sources > Integrations.
  2. On the Accounts tab, click Add Account.
  3. On the Account Types page, click VMware Cloud on AWS.
  4. Enter a display name and description for the cloud account.
    • Name. Enter the name for the VMware Cloud on AWS instance as you want it to appear in vRealize Operations.
    • Description. Enter any additional information that helps you manage your instances.
  5. To add credentials for the VMware Cloud on AWS instance, click the Add icon, and enter the required credentials.
    • Credential Name. The name by which you are identifying the configured credentials.
    • CSP Refresh Token. A CSP API token. For details on generating an API token, see Generating CSP API Token.
    Note: Enter the following details if you are using a proxy server to access the Internet or public services.
    • Proxy Host. A remote proxy server IP.
    • Proxy Port. The port that is activated on a remote proxy server.
    • Proxy username. Enter the username of the proxy server or if you want to add a domain configured remote proxy server, then enter the username as username@domain name.
    • Proxy Password. Password for the proxy server username.
    • Proxy Domain. The domain has to be empty while using the proxy with domain configuration.
    Note: The proxy credentials will be used by NSX-T adapters.
  6. Determine which vRealize Operations collector or collector group is used in managing the cloud account. If you have multiple collectors or collector groups in your environment, and you want to distribute the workload to optimize performance, select the collector or collector group to manage the adapter processes for this instance.
    Note:

    It is recommended to use a dedicated Cloud Proxy in VMC on AWS government cloud to monitor the VMC on AWS government cloud endpoint.

    Ensure that you have Internet connectivity for the collectors to work.

  7. Organization ID. Click Get Organization to auto-fill this field. If you are offline or if you are unable to get the Organization ID, you can enter it manually.

    The Organization ID refers to the Long Organization ID in the Cloud Service Portal. To obtain this ID in the Cloud Service Portal, click Organization Settings > View Organization.

  8. Under Advanced Settings, set Billing Enabled to False.
  9. Click Validate Connection to validate the connection.
  10. Click Save.
    The page to configure the SDDC in VMware Cloud on AWS appears.
  11. From the list of available SDDCs in VMware Cloud on AWS government cloud, click any one of the SDDCs that you want to monitor from vRealize Operations.
  12. Configure the vCenter adapter:
    1. Click the vCenter tab, and enter the required credentials.
      • Credential Name. The name by which you are identifying the configured credentials.
      • User Name. The vCenter user name. Use a user with the 'cloudadmin' role which has full visibility to vCenter. Users with less privileges have limited visibility, for example, the read-only users do not have visibility into management VMs.
      • Password. The vCenter password configured for that vCenter user name.
    2. Select the required collector group.
      Note:

      It is recommended to use a dedicated Cloud Proxy in VMC on AWS government cloud to monitor the VMC on AWS government cloud endpoint.

      If you are using a private IP for your vCenter Server or if you want to deploy telegraf agents for application monitoring, select Cloud Proxy. The best practice is to deploy the Cloud Proxy on each SDDC instance of VMware Cloud on AWS.

      Select the Cloud Proxy deployed on the given VC and ensure it has access to the Internet. If the outbound internet access for the Cloud proxy must be restricted, ensure that the minimum Cloud Proxy prerequisites are met. For details, see Configuring Cloud Proxies in vRealize Operations.

      It is advised not to use the default collector groups as the VMware Cloud on AWS management gateway firewall rule does not allow traffic originating from any address.

      If you have configured an HTTP proxy on your vRealize Operations cloud proxy, ensure that your HTTP proxy has an exception to access the NSX Management Policy endpoint.

    3. If you have installed cloud proxy in VMware Cloud on AWS government cloud SDDC, the cloud proxy might not have outbound internet access to reach the vRealize Operations service. To activate outbound internet access for the deployed cloud proxy and allow cloud proxy to connect to vCenter, perform the following steps:
      • Request a new public IP in the VMware Cloud on AWS government cloud SDDC where the cloud proxy was deployed. For details, see Request or Release a Public IP Address.
      • Add a new NAT rule for the internet that associates private IP of the cloud proxy with the public IP. For details, see Create or Modify NAT Rules.
      • Add a firewall rule that allows incoming traffic from the public IP that was associated with cloud proxy VM in earlier step to vCenter.
  13. Click the vSAN tab. By default, the vSAN adapter is activated.
    1. Select Use alternate credentials to add alternate credentials. Click the plus icon, and enter the credential name, vCenter username, and password, and click Ok.
    2. Select Enable SMART data collection, if required.
    3. Click Validate Connection to validate the connection.
  14. Click the NSX-T tab. By default, the NSX-T adapter is activated.
    1. Click Validate Connection to validate the connection. If you have hardened the SDDC environment, then you may get an error while validating the NSX-T connection. To resolve this issue, change the NSX-T adapter instance to use the private IP address of NSX-T manager by performing the following steps:
      1. Navigate to Environment > Inventory > Adapter Instances > NSX-T Adapter Instance and click your NSX-T adapter instance.
      2. From the list of objects displayed, edit the object of type NSX-T adapter instance and enter the private IP address of NSX-T manager for your environment in the Virtual IP/NSX-T Manager field.
      3. Click OK.
  15. Click Save This SDDC.
    Note: The Service Discovery adapter is optional. The steps to configure the VMware Cloud on AWS Service Discovery adapter are similar to configuring vCenter Service Discovery. For more information, see Configure Service and Application Discovery.
    The VMware Cloud on AWS government cloud account, with the configured SDDC, is added to the list.