VMware vCloud Air Hybrid Cloud Manager - 1.0 Installation Manual

vCloud® Air Hybrid Cloud Manager™

Version 1.0 Update 1

Installation and Administration Guide

Page 1

You can find the most up-to-date technical documentation on the VMware Web site:

http://www.vmware.com/support/

The VMware Web site also provides the latest product updates.

If you have comments about this documentation, email your feedback:

docfeedback@vmware.com

vCloud

VMware, Inc.

3401 Hillview Ave. Palo Alto, CA 94304

www.vmware.com

vCloud Air® Hybrid Cloud Manager™ Installation and Administration Guide

Page 2

Table of Contents

About this Guide ................................................................................................................................................................. 5

Introducing Hybrid Cloud Manager™ .................................................................................................................................. 5

Understanding the Hybrid Cloud Manager Installation Process ......................................................................................... 6

Installation Overview .................................................................................................................................................... 7

Hybrid Cloud Manager Virtual Appliances .................................................................................................................... 7

Choosing a Deployment Architecture ................................................................................................................................. 9

Migration Only ............................................................................................................................................................ 10

Layer 2 Extension ........................................................................................................................................................ 10

Other Architecture Considerations ............................................................................................................................. 11

Preparing Your Installation Environment .......................................................................................................................... 11

Configure Network Connectivity ................................................................................................................................. 11

Verify the Minimum Installation Environment ........................................................................................................... 13

Verify Layer 2 Installation Requirements .................................................................................................................... 13

Verify the vCloud Air Edge Gateway Upgrade ............................................................................................................ 14

Install the vSphere Web Client Integration Plug-in ..................................................................................................... 14

Installing and Configuring Hybrid Cloud Manager ............................................................................................................ 14

Install the Hybrid Cloud Manager Appliance .............................................................................................................. 14

Register the Hybrid Cloud Manager with the vCenter ................................................................................................ 17

Configuring the Hybrid Cloud Manager for vCenters with an External Lookup Service ............................................. 19

Register the Hybrid Cloud Manager with a vCloud Air Endpoint ................................................................................ 20

Installing and Configuring Hybrid Services .................................................................................................................. 22

Configuration Overview .............................................................................................................................................. 22

Start Appliance Installation and Configuration ........................................................................................................... 22

Configure the Hybrid Cloud Gateway ......................................................................................................................... 23

Configure the Network Extension Service................................................................................................................... 24

Stretching an L2 Network to vCloud Air ............................................................................................................................ 27

Migrating a Virtual Machine to vCloud Air ....................................................................................................................... 30

Understanding Replication-Based Migration .............................................................................................................. 30

Checking Your VM before Migration ........................................................................................................................... 31

Migrating a Sample VM from an On-premises vCenter to the Cloud ......................................................................... 31

Administration .................................................................................................................................................................. 36

Upgrading Hybrid Cloud Manager .............................................................................................................................. 36

vCloud Air® Hybrid Cloud Manager™ Installation and Administration Guide

Page 3

Uninstalling Hybrid Cloud Manager ............................................................................................................................ 36

Unstretching an L2 Network ....................................................................................................................................... 37

Removing Hybrid Service Appliances .......................................................................................................................... 37

Troubleshooting ................................................................................................................................................................ 37

Resetting the MAC Address......................................................................................................................................... 38

High Host Resource Consumption .............................................................................................................................. 38

vCloud Air® Hybrid Cloud Manager™ Installation and Administration Guide

Page 4

About this Guide

This guide describes how to install Hybrid Cloud Manager Version 1.0 Update 1. It also guides you through vSphere Web Client workflows to deploy and configure Software-Defined WAN components (including WAN Optimization), to migrate workloads to the cloud and back, and extend on-premises VLAN and VXLAN networks from your datacenter to vCloud Air.

Intended Audience

This document is intended for datacenter administrators familiar with vSphere virtualization.

Introducing Hybrid Cloud Manager™

vCloud® Air Hybrid Cloud Manager™ enables bidirectional VM mobility and migration to the cloud and back, and hybrid networking to extend on-premises vSphere vCenter networks into vCloud Air.

Data transport features: network extension, WAN optimization, Multi-tenant WAN with Intelligent Routing, and path fail-over.

Security features: Suite B-compliant AES-GCM with IKEv2, data deduplication and compression, AES-NI Offload, Flowbased Admission Control. Hybrid Cloud Manager owns the source and destination encryption and decryption, ensuring a consistent security policy and providing admission for hybrid workflows like virtual machine migration and network extension.

Hybrid Cloud Manager features can be deployed in several ways:

• Hybrid Networking (Layer 2 Extension). Securely extend your vSphere vCenter to integrate with a vCloud Air Virtual

Data Center (vDC). Configure networking connections to support high-speed connections.

• Can stretch multiple L2 segments

• Can route stretched networks via Cloud Gateway for encryption and through the WAN optimization appliance to

provide a secure and optimized path through the Internet to vCloud Air

vCloud Air® Hybrid Cloud Manager™ Installation and Administration Guide

Page 5

• Dedicated scale out L2 Concentrators can be deployed and used in conjunction with Direct Connect to increase

throughput

• Multiple Direct Connects and fail-back to Internet are supported

• Extended Networks are linked to vCloud Air Advanced Network Services Edge appliances in Org Gateway

position and can be announced back to the Enterprise once all virtual machines are migrated and the network is unstretched

• Egress path optimization (optional) to allow shortcut routing between virtual machines on different stretched

networks in the Cloud

• Low-downtime Migration. The Hybrid Cloud Manager migration process creates a replica of a live VM, which is then

moved to the target vDC, then performs a switchover to power off the source VM and power on the replica. You can migrate over the public internet, a dedicated line (such as Direct Connect connection), or a stretched network created with Hybrid Cloud Manager.

• Migration uses vSphere Replication, which is a distributed technology implemented in the ESX hypervisor.

• A virtual machine can be migrated multiple times in either direction.

• Migration can be set to occur at a specified time.

• A migrated VM can keep its host name and/or VM name.

• Speed up migration or stretched network performance with optional software-defined WAN optimization.

• Migration over Stretched Layer 2:

• VMs migrated over stretched L2 can retain their IP and MAC. With consistent IP and MAC addresses,

applications can continue to work after migration.

• Can separate the data path from the migration path and still take advantage of dynamic routing.

Understanding the Hybrid Cloud Manager Installation Process

Hybrid Cloud Manager supports a many to many relationship between on-premises vCenter(s) and vCloud Air virtual datacenters (vDCs). The vCenters in Linked Mode are also supported. Please reference recommended vCenter Linked Mode topologies for the version of vSphere in use.

During the installation, the Hybrid Cloud Manager virtual appliance is imported and configured as an extension in the on-premises vCenter. Then you can install and configure the Software-Defined WAN virtual appliances. During the configuration phase, the automated installation workflow provisions each virtual appliance in your on-premises vCenter, and creates a corresponding, symmetrically-deployed virtual appliance in your vCloud Air vDC.

After the installation, Hybrid Cloud Manager controls both local and remote installation components. In your vCloud Air vDC the provisioned Software-Defined WAN components are managed as a service, and as such they are not editable, or even visible, in your vCloud Air vDC.

vCloud Air® Hybrid Cloud Manager™ Installation and Administration Guide

Page 6

Figure 1: Installation Components

Installation Overview

This is a brief summary of the Hybrid Cloud Manager installation tasks.

1. Identify the architecture you want to use (see “Use Cases”).

2. Log into My VMware and download

https://my.vmware.com/en/group/vmware/details?downloadGroup=HCM100&productId=343

3. From vSphere, install the Hybrid Cloud Manager virtual appliance in the on-premises vCenter that will connect to

vCloud Air.

The management interface and the virtual appliances must be in the same vCenter. If you plan to use L2 network extension, a VMware virtual distributed switch (vDS) must also be available in the same vCenter. See “Preparing Your Installation Environment” for more configuration details.

4. Register a vCloud Air Endpoint with the vSphere web client.

This step establishes the one-to-one relationship between the on-premises vSphere vCenter and a vCloud Air cloud instance.

5. Install and configure the hybrid service appliances. For each appliance installed on premises, the installer provisions

a VM in the target vCloud Air vDC. The service appliance configuration determines the feature deployment architecture (see “Installing and Configuring Hybrid Services”).

the Hybrid Cloud Manager OVA file from the product download page:

Hybrid Cloud Manager Virtual Appliances

The installation package includes the Hybrid Cloud Manager and three hybrid service appliances, each of which is deployed as a VM. The VMs are automatically provisioned and sized, as shown in Table 1.

vCloud Air® Hybrid Cloud Manager™ Installation and Administration Guide

Page 7

Table 1: Virtual Machine Installation Resource Requirements

VM vCPUs RAM Installation

Hybrid Cloud Manager 4 12 GB Required.

Hybrid Cloud Gateway 2 2 GB Required.

Layer 2 Concentrator (L2C) 6 8GB Optional for migration, required for stretched Layer 2, or migration over stretched Layer 2.

WAN Optimizer 8 14 GB Optional.

During the installation process you can choose the Cluster/Host that will host the VMs for the Hybrid Cloud Manager, the Hybrid Cloud Gateway, and the Layer 2 Concentrator (L2C). The WAN Optimizer is automatically deployed to a host that best meets its requirements (as determined by vSphere at the time of the installation).

Hybrid Cloud Manager

The Hybrid Cloud Manager virtual appliance is Installed on-premises only and contains all other virtual appliance onboard, simplifying the download and the installation process.

Hybrid Cloud Gateway

The Cloud Gateway maintains a secure channel between vSphere and a vCloud Air. The channel secures access for vSphere protocols that are not tenant-aware, and provides intelligent routing capabilities to avoid networking "middle mile" security problems. Since the Cloud Gateway uses strong encryption, no corporate VPN changes are required for Hybrid Cloud Manager functionality.

The Cloud Gateway also incorporates vSphere replication technology to perform bidirectional migration. For more about vSphere Replication usage and virtual machine migration, please see “Understanding Replication-Based Migration,” on page 30.

Layer 2 Concentrator

The Network Extension Service extends a network from a vSphere Distributed Switch (vDS) to a vCloud Air.

The Layer 2 Concentrator (L2C) service appliance functions as a translation bridge to extend VLANs to VXLAN in vCloud Air or as a transparent bridge when VXLAN and NSX-vSphere Edition is used on-premises. It has two interfaces:

• Internal Trunk interface: handles virtual machine traffic on-premises for the extended networks.

• Uplink interface: encapsulated overlay traffic is sent via this interface to and from vCloud Air.

When the virtual appliance is configured, you can masquerade the L2C behind the Cloud Gateway and share its IP address. This allows ease of install in that the Cloud Gateway, L2C, and WAN Optimization appliance only require one IP address. This is possible when selecting the deployment option where Extended Network traffic is routed via Hybrid Transport (via Cloud Gateway). It is also possible to use a unique IP address for the L2C, thereby separating the migration path and the stretched network data path. The latter approach is used in conjunction with scale out deployment for multiple L2Cs and when using Direct Connect private lines where strong encryption may not be required for extended networks.

WAN Optimization

The WAN Optimization appliance is an optional, yet highly recommended, component that performs WAN conditioning to reduce effects of latency, Forward Error Correction to negate packet loss scenarios, deduplication of redundant traffic

vCloud Air® Hybrid Cloud Manager™ Installation and Administration Guide

Page 8

patterns to reduce bandwidth usage and insures best usage of available network capacity to expedite data transfer to and from vCloud Air.

• Virtual machine migration relies on the combination of Cloud Gateway and WAN Optimization appliance to achieve

unparalleled mobility between vSphere on-premises and vCloud Air

• L2 extension benefits from WAN optimization when the data path is routed through the Cloud Gateway (Hybrid

Transport option in the workflow)

Choosing a Deployment Architecture

The most common use case is to install the Hybrid Cloud Manager and all three types of Software-Defined WAN appliances, as shown in Figure 1 on page 7. Table 2 summarizes the possible use cases, and what the minimal installation entails.

A single path architecture uses the Cloud Gateway for all communication.

Table 2: Minimum Requirements for Supported Use Cases

# Use Case

❶ Migration only

❷ Migration only, 100+ Mbps4

❸ Stretched L2, 0-9 networks

Stretched L2, 10-20 networks, 1oo+

❹

❺

❻

❼

Mbps

Stretched L2, 0-9 networks, alternate data path

Stretched L2, 10-20 networks, 1oo+ Mbps

Stretched L2, 20+ networks, 1oo+ Mbps

, alternate data path3

, multiple data paths

Hybrid Networking

Standard

Premium

Cloud

Gateway

Single Path

WAN

Opt3

● ● ●

● ○ ● ● ●

● ● ● ●

Separate Migration Path and Data Path

● ● ● ●

● ● ●

● ● ● ●

L2C

Might need Direct Connect to approach 1 Gbps4.

vDS with VLAN/VxLAN.

vDS with VLAN/VxLAN. Advanced Networking Services required to support 10+ networks. Might need Direct Connect to approach 1 Gbps4.

vDS with VLAN/VxLAN. Might need Direct Connect to approach 100+ Mbps

vDS with VLAN/VxLAN. Advanced Networking Services required to support 10+ networks. Might need Direct Connect to approach 1 Gbps4.

Scale out solution. Same as ❺ or ❻ but with multiple L2 Concentrators. All L2C appliances still use a single Hybrid Cloud Gateway.

Other Requirements

Required: ● Preferred : ● Optional: ○

Hybrid Networking Standard: 1 Connection, up to 100 Mbps4.

Hybrid Networking’ Premium: 1-3 Connections, up to 1 Gbps4. The primary advantage of the Premium option is speed. Because there is a 1:1

relationship between a vCenter and a vCloud Air vDC, the number of connections only matters if you are using Linked Mode on premises.

WAN enhances security and speed for workloads passing through the Cloud Gateway.

Networking bandwidth is limited by your purchased hybrid networking option or your native bandwidth, whichever is smaller.

vCloud Air® Hybrid Cloud Manager™ Installation and Administration Guide

Page 9

Migration Only

In Table 2, cases ❶ and ❷ are for migrating without an L2 extension. Other than the Hybrid Cloud Manager, only the Hybrid Cloud Gateway appliance is required. The basic difference between cases possible with the Hybrid Networking Premium option.

WAN optimization, if installed, can improve security and speed in the situations described in “WAN Optimizer” on page

8. If you have a secure high-speed line (for example, Direct Connect), configuring the Hybrid Cloud Gateway to use that line is another way to improve speed.

One advantage of migrating virtual machines on extended networks into vCloud Air is that the downtime is reduced to a few minutes and no configuration changes happen on the virtual machine. The virtual machine can retain the MAC addresses, computer names and VM names – greatly simplifying the migration to vCloud Air and enabling easy round trips back on-premise, when needed. The Network Extension feature requires a vSphere Distributed Switch, which requires vSphere Enterprise Plus Edition.

It is possible to migrate virtual machines without network extension. In this case the virtual machine obtains a new IP address via the Guest Customization service once it is migrated.

IP Addresses for Installation: 2 on-premises, 1 for vCloud Air vDC

❶ and ❷ is that higher speed is

Layer 2 Extension

Before you configure L2 network extension, you must be certain that you have the prerequisites, as explained in, “Verify Layer 2 Installation Requirements.”

Use cases 3-7 rely upon Layer 2 Extension. You can view Layer 2 Extensions as a way to extend or stretch your onpremises network to vCloud Air, enabling seamless VM migration between the data center and the cloud. For example, suppose you have an application and a database on separate hosts in your vCenter, and you migrate the application into the Cloud.

• If you are using Hybrid Transport in the deployment wizard (single path approach), the migration and extended

network traffic is routed through the Cloud Gateway. WAN optimization (if installed) and intelligent routing will be applied to migration workloads and the extended network data path.

• If the migration path and the data path are separate (cases 5, 6, and 7), the Cloud Gateway still maintains the secure

channel and handles migration workloads, which get the benefits of WAN optimization (if installed). The extended network data traffic between virtual machines travels on the routes configured for the Layer 2 Concentrator(s).

The remainder of this section summarizes how L2C configuration affects the Layer 2 Extension use cases.

Single Path

This is the default service appliance deployment, where the L2C and WAN optimization appliances use the same IP address as the Cloud Gateway.

IP Addresses for Installation: 2 on-premises (HCM, Hybrid Cloud Gateway), 1 for vCloud Air vDC

vCloud Air® Hybrid Cloud Manager™ Installation and Administration Guide

Page 10

Separate Migration and Data Paths

The Cloud Gateway and the L2C service appliances use different outbound IP addresses. In this configuration, the L2C appliance data path does not benefit from WAN Optimization or intelligent routing, but workloads travelling through the Cloud Gateway do. This might not be an issue if the host-to-host traffic on the data path is already encrypted or compressed.

IP Addresses for Installation: 3 on-premises (HCM, Hybrid Cloud Gateway, L2C), 2 for vCloud Air vDC

Scale Out: Multiple Layer 2 Concentrators for the Data Path

Using multiple L2C appliances is most beneficial if you have secure, high-speed lines, such as a Direct Connect lines, and you want your architecture to support application performance scale out.

For example, if you have multiple vLANs you might choose to configure an L2C for each vLAN. In this architecture the L2Cs maintain the data path(s) for host-to-host communication but continues use the Hybrid Cloud Gateway for internal communication, management tasks, and migration workloads.

IP Addresses for Installation: On premises, 1 each for HCM and HYBRID CLOUD GATEWAY, and 1 for each L2C. In vCloud Air, 1 for the Hybrid Cloud Gateway, and 1 for each L2C.

Other Architecture Considerations

Egress Path Optimization

Egress Optimization is a feature that applies only to the remote vCloud Air vDC network.

You enable this feature when you configure the Hybrid Cloud Gateway, as shown in Step 5 on page 28.

Intelligent Routing.

This feature applies to any traffic routed over the public internet.

Preparing Your Installation Environment

Before installing Hybrid Cloud Manager, verify that your environment can support the tasks you want to accomplish.

Configure Network Connectivity

The Hybrid Cloud Manager, when installed, must be able to reach the public internet and/or your private line(s), and any necessary data center elements such as networks, switches, port groups, and VMs you might migrate.

Table 3 lists ports that must be opened so that Hybrid Cloud Manager virtual appliances can install successfully.

Also, both your vSphere environment and your vCloud Air environment must allow for Network Time Protocol (NTP) clock synchronization among vSphere on-premises devices and the vCloud Air Dedicated Cloud devices. UDP port 123 must be accessible to Hybrid Cloud Manager virtual appliances and networks. If you have installed NTP Servers you can specify them when you install the Hybrid Cloud Manager appliance (step 11.f on page 15).

vCloud Air® Hybrid Cloud Manager™ Installation and Administration Guide

Page 11

Table 3: Port Access Requirements

Source Target Port Protocol

HCM Customer DNS 53 TCP/UDP Name resolution. DNS

Hybrid Cloud Manager vCenter Server 443 TCP Hybrid Cloud Manager REST service. HTTPS

Web Browser Hybrid Cloud Manager 9443 TCP

Admin Network Hybrid Cloud Manager 22 SSH

Hybrid Cloud Manager ESXi Hosts 902 TCP

Hybrid Cloud Manager Cloud Gateway 8123 TCP

Hybrid Cloud Manager Cloud Gateway 9443 TCP

Cloud Gateway L2C 443 TCP

Cloud Gateway L2C 8443 TCP

L2C L2C (remote) 443 TCP

Hybrid Cloud Manager Virtual Appliance Management Interface for Hybrid Cloud Manager system configuration.

Administrator SSH access to Hybrid Cloud Manager. Only necessary if you configured SSH in Step 11 on page 15.

Send management and provisioning instructions from Hybrid Cloud Manager to ESXi Hosts in vCloud Air.

Send host-based replication service instructions to the Hybrid Cloud Gateway.

Send management instructions to the local Hybrid Cloud Gateway using the REST API.

Send management instructions from Cloud Gateway to L2C when L2C uses the same path as the Hybrid Cloud Gateway.

Bidirectional management instructions from Cloud Gateway to L2C, when L2C uses an alternate data path.

Bidirectional connection between local and remote L2C appliances when using an alternate data path.

Purpose Services

HTTPS

internal

HTTP

HTTPS

HTTP

Cloud Gateway ESXi Hosts 902 TCP Managing and OVF deployment. internal

ESXi Hosts Cloud Gateway

Cloud Gateway (local)

Cloud Gateway (remote)

31031 44046

50 IP

4500 UDP

500 UDP Internet key exchange (ISAKMP) for the bidirectional tunnel. IPSEC

TCP Internal host-based replication traffic. internal

IP protocol to encapsulate hybridnetwork traffic for the bidirectional tunnel.

Internet key exchange (IKEv2) to encapsulate workload for the bidirectional tunnel. Network Address Translation-Traversal (NAT-T) is also supported.

IPSEC

vCloud Air® Hybrid Cloud Manager™ Installation and Administration Guide

Page 12

+ 26 hidden pages