Cloud

Building a VCF SDDC on OVH Value Server

Very rarely do I actually post a Blog, but I actually got something working and felt documenting this for the greater vCommunity would be a good thing to do. I’ve been after trying to get a workable Demo Lab built for some time. I wanted all the SDDC Components, vSphere, NSX, SDDC Manager, vRNI, vSAN, NSX Intelligence, vROPS. I want it ALL! 

Enter the VLC https://blogs.vmware.com/cloud-foundation/2020/01/31/deep-dive-into-vmware-cloud-foundation-part-1-building-a-nested-lab/ 

So I started down the path of the VLC Cloud Foundation Lab Constructor. I don’t have the required Hardware on hand to make this work, so I thought I’d try building this on an OVH US based Host. Here’s the Step by Step Process to getting everything up and running. I’ll point out important things in between screen shots, so be sure to read between the lines, literally.

Step 1: Order up a OVH Dedicated Host. I’m using the Best Value series with some larger storage to meet the VLC minimum requirements.

Step 2: Once your server is in your account, Install ESXi from an OVH Template. You also get IPMI Console access and if you want to mount an ISO image and manually install, you can do that too.

 

 

 

 

 

 

 

 

Note: Software RAID isn’t recognized by ESXi, so you’ll end up with a bunch of individual Datastores to use.

 

Step 3: While your server is building, if you want to enable External Internet connectivity to the LAB VMs order up an OVH Failover IP. 

 

 

Step 4: Once you have the Failover IP, you can then add a Virutal MAC address to it. The Virtual MAC is assigned to the VNIC of the Guest VM you will install on the host. This VNIC must use a Port Group that is mapped to the Physical NIC on vSwitch0. You get TWO physical NICs on an OVH host. NIC 0 connects to the Internet if you map the MAC correctly. NIC 1 maps to the Internal OVH vRACK network for connecting multiple Physical Hosts together across OVH Network. You essentially create your own VLAN with their vRACK service.

Step 5: Add the Virtual MAC as a VMware MAC, and Label it. I’ll be mapping mine to a VeloCloud Virtual Edge, but you can also use your Virtual Firewall Edge Appliance of choice. pFsense works well too. 

 

Step 6: Login to the Host using the Public interface info OVH gives you. Start setting up your datastores. You’ll also want to configure the vSwitch Networks per the VLC Guide. You’ll also need to add another MGMT vmknic that has an IP that will be reachable from the VLC Jump host we will create later.

 

Step 7: Upload some ISO images to the host to build yourself a Jump Box from which you will install everything. I’m using Server 2019. Eventually I’ll migrate the DNS and other services the Cloud Builder appliance provides onto a proper Domain Controller. 

Step 8: Install Windows Guest, be sure to follow the VLC Guide for requirements, and add additional VMXnet3 Network Interfaces.

Step 9: Download the VLC Script package http://tiny.cc/getVLC 

Step 10: Download the CloudBuilder OVA of your choice from the VMware Portal, or vExpert Portal or wherever you have access. Here I’m using the OVA for VCF 4.0.

Step 11: I had to modify the default host json. The settings it had were too restricted to reliably get all the services running on this low budget OVH host. So I cranked up each host as follows for best results. Yes I’m oversubscribing the 256GB of Memory on the physical host, but it’ll be OK I promise.

Step 12: Once you have everything ready per the VLC Guide, right click the VLCGui Script and RUN WITH POWERSHELL!

 

Step 13: Select AUTOMATED then, Connect the VLC GUI to your host Internal MGMT IP you created in step 6. Select the VLC-Trunk you created and the Datastore. Uncheck the “Do Bringup?” check box. I could not reliably get this part to work. So doing a hybrid of Automated and Manual bring up worked multiple times for me on this Hardware. 

Step 14: Point the VLC to the location of the CloudBuilder OVA.

Step 15: Hit CONSTRUCT and go get some Coffee. Takes about 35 mins to spin up the Virtual Nested infrastructure in this step.

 

Step 16: If you skipped the Fully Automated Bring up, here’s the steps to complete the rest of the VLC build. Login to the Cloud Builder VM. 

Step 17: Agree to the EULA

Step 18: Select VMware Cloud Foundation

Step 19: Check the box, click Next

Step 20: Skip the download since we already have this with the JSON included with the VLC, NEXT

Step 21: Select the JSON

Step 22: Point it to the AUTOMATED NO AVN JSON file

Step 23: Validate the JSON

Step 24: It may find some Warnings due to the CloudBuilder running DNS, but there should be no show stoppers here. Acknowledge the warnings to proceed.

Step 25: DEPLOY SDDC!

 

Step 26: Wait, this one takes awhile, somewhere between 3 and 4 hours for me.

Step 27: SUCCESS!

Step 28: LAUNCH SDDC Manager!

Step 29: If the UI for SDDC Manager doesn’t load, you may need to Migrate it to another host, I moved mine to host 4 and it was working better. You may need to reboot SDDC Manager and NSX Manager to get their UI’s to load up after they’ve been deployed.

 

Step 30: If all went well, you should now have a fully operational VCF deployment, with SDDC Manager and NSX-T 3.0!

 

I hope you find this helpful. More to come as I attempt to add in vRNI and NSX Intelligence.

Britton Johnson

@VCIXNV

Cloud

Blogtober #3 – Bravery – Leadership lessons from our kids TV shows

If someone asked you to define Bravery what would you answer? Probably something like “Being brave means you take risks without being afraid.” Which might be a fine definition, but I think its missing something.

When I left a Full Time job with benefits, to start my own company lots of people thought I was being brave. I didn’t really see it that way, and still don’t. For me it was the next logical step in a career where I was constantly working for companies that had shrinking IT needs. Or they were showing signs of instability. I’ve been laid off once before, and I’m not willing to put my livelihood into the hands of someone else.

In the last few years as my kids discovered a love for Thomas and Friends. My daughter Molly’s favorite Engine on the Island of Sodor is a funny looking one called Gerald but he goes by the nickname “Gator”.

You need to know a few things about Gator.

  • He’s designed with the special slanted water tank so he can carry loads uphill high in the mountains
  • He enjoys his work and being helpful and useful
  • He’s afraid of heights

That’s right, the creators of this series designed and built this character with a flaw that directly opposes what he is supposed to be used for. Sound familiar to anyone? I meet IT admins all the time, who are good at what they do, they love it and would say it’s what they’re supposed to be doing. Yet they are often crippled with fear of the “what if”. What if even though I tested something, I deploy it in production and it takes down the whole company? What if my company gets hit with Ransomware and we can’t get important data back? What if we have a disaster and over recovery plan has a flaw because we didn’t test it properly? What if I’m not as smart as every one in the room thinks I am, and they figure me out? This last one known in IT circles as “Imposter Syndrome” is becoming a large issue for IT people. See my friend Cody De Arklands great blog post for more on this.

Here’s what happened to Gator. He was carrying a load up a mountain side for the first time. He got to a bridge high in the air and suddenly was terrified that he had to cross it. He then gives us the best description I’ve ever heard for what Bravery really is. I have to quote him directly. “One day I was faced with having to cross a high bridge, higher than any bridge I’d ever seen before. But I was pulling trucks loaded with important supplies, the villagers needed my help! I decided I must be Brave! It took everything in me to cross that bridge, but I did it even though I was scared. So you see being brave isn’t the same thing as not feeling scared, being brave is about what you do even when you do feel scared.”

Being brave is about what you do even when you do feel scared.

Maybe I’m just a simple thinker, but this definition of Bravery carries so much weight and truth. I hope it helps you the next time you find yourself about to cross that high bridge of whatever you’re afraid of. Remember Gators method of Bravery.

  • Face your fear
  • Decide to be Brave
  • Push through the fear using Bravery as your engine

Make the decision to be brave, it’s not something that happens by accident. I promise if you do, you’ll come out the other side, and everyone will notice you’re different and better for overcoming it.

 

Britton Johnson

Gigabrit , LLC

@vcixnv

 

https://youtu.be/hCmxDNSWVqs?t=1631

Blogtober, Leadership

Blogtober #2 – Show Up – Leadership lessons from our kids TV shows

Blogtober #2 – Show Up – Leadership lessons from our kids TV shows

I didn’t grow up watching a lot of Sesame Street. My kids have though and overall it has its moments of good and bad segments. One in particular has stood out to me though with another simple truth we Adults seem to miss or forget on a regular basis. Showing up.

Grover the lovable Blue Monster on Sesame St. Has an alter ego as Super Grover 2.0, an upgrade from his former days as just “Super Grover”. He can’t really fly, he has no real Super abilities, he often solves problems by accident, and he constantly makes mistakes. He does four things.

  • He observes
  • He questions
  • He investigates

There is one big last thing he does and  Sesame St. makes a big point of this,

  • He Shows Up

Super Grover 2.0 even with all his failings still arrives when he hears someone in trouble. He does his best and most of the time he doesn’t solve the problem. He does though bring about the circumstances by which the problem gets solved. Simply because he is present and willing to give it his all.

So even if you don’t have the talent or the resources or the connections. Don’t throw in the towel and phone it in. Show up! Do your best, and be there for others. Even if it’s not something you can fix sometimes just being in the room is enough to get the right person going in the direction towards a resolution.

 

Britton Johnson

Gigabrit , LLC

@vcixnv

Blogtober, Leadership

Blogtober – Leadership lessons from our Kids TV shows

It’s #Blogtober season. So here’s my first attempt at this. I want to highlight some simple leadership and life lessons learned from watching today’s Kids TV shows.

It seems to me that today we Adults over complicate everything we do. Especially our professional relationships. If you lead people here’s a few thoughts on leadership from some real experts.

Care Bear Cousins: Brave Heart Lion

My daughters started watching this Netflix series and I was completely blown away in the first 60 seconds of the first episode. Brave Heart Lion comes on screen and immediately lays out the mission, makes sure they’re properly equipped, encourages his team and reminds them WHO they are.

This is leadership 101. If you’re leading a team meeting this coming week, I challenge you to find 60 seconds at the beginning of your week to follow Brave Heart Lions formula.

1. Remind everyone what the mission is

2. Check that everyone has what they need

3. Encourage and build them up

4. Remind them who they are and how important their role is

Its really is that simple.

Now go Take Heart!

https://youtu.be/HUsA80_WJKk

Cloud

Build your own Cloud – Part 3

Build your own Cloud – Part 3

Now we come to the fun stuff. Building it out. It’s a little strange connecting directly to an ESXi host over the open Internet, but it works. Later we can harden the environment and turn off the direct host access to the Management IP. Because of the way OVH uses their IP distribution you cannot reallocate the Hosts Management IP, at least not that I have found yet.

So once you have your host installed and have received your login creds, get out to the Host and login.

1-ESXilogin2-ESXilogin

Simple enough. If this is your first host, you’ll want to start uploading files to it and or deploy any OVA appliances you want. Think of this as your launching platform for everything you might want to build or install.

  • Configure Networking

You will need to add another vSwitch and connect the second Physical Ethernet adapter to it. The second Ethernet adapter is the only one where your additional Public Static IP addresses will be used. Be sure to enable MAC Address Changes and Forged transmits as these are disabled by default.

3-ESXivSwitch

Then in the OVH Control Panel if you haven’t already, order an additional IP. Just follow the Wizard. Once the IP and Virtual MAC are assigned, you’ll assign them to the WAN Interface of your chosen Virtual Firewall.

4-ManageIPs

  • Deploy Virtual Firewall/Router

Before we can deploy vCenter and get NSX running we need a better way to connect and manage the host. Any Virtual Firewall/Router that you’re comfortable with that allows Custom MAC addresses should work fine. I initially used pFsense, but I’m also partial to Fortinet and have found their Virtual Fortigate to be very easy to setup. Since we only need it until NSX is running, choose whatever is easiest for you. When creating your local LAN network use something other than 192.168.0.0/24 that is the default vRack network and will be used later.Screenshot-2017-10-16 ns3082341 ip-147-135-255 eu - VMware ESXi

  • Build Windows Domain

If you’re building this as a Lab and you want to deploy vCenter and a bunch of other DNS dependent services you’ll want to start building your Windows Domain Controller. Create a Port Group on the Host for LAN traffic and assign an Interface of your Firewall to that same LAN port group.

If you intend to extend your existing infrastructure to this hardware. That makes things a little trickier but it can be done, essentially you’ll either want to get your Virtual Firewall configured for a IPSEC VPN tunnel to your network, or setup a L2 VPN tunnel. Either way you need an Additional IP assigned to your Firewall on the Host in order to use it with anything.

If you assigned your Additional IP properly and setup your Router correctly, you should be able to get to the Internet from your Windows VM on the ESXi host. Keep in mind, usually whatever your Additional IP is, the Gateway address ALWAYS ends in .254. Now you can go download all the stuff you think you’ll need to deploy. Other Windows files, vCenter, NSX Manager, etc.

Here’s what you should have so far:

  • Login to host and configure it locally or add it to a vcenter you have created elsewhere (temporarily while we build a vCenter here)
  • Create a vSwitch and add the 2nd NIC to it
  • Copy or Deploy an OVA appliance Virtual Firewall to the host. (and created and configured VM)
  • Copy ISO file for Windows VM of choice or copy up prebuilt Windows VM
  • Request a Failover IP address (and assigned Virtual MAC address to WAN Interface of your VM Firewall)
  • Configure temp Virtual Firewall (must support modification of Virt MAC address) assign LAN Interface to VM Portgroup ,assign WAN Interface to VM Portgroup on vSwitch connected to NIC1 (NIC0 is what your Public Management IP is connected to).
  • Create LAN Network on any RFC 1918 Subnet other than 192.168.0.0/24
  • Setup Routing to Internet on your vFirewall
  • Connect to VM running on host and download everything you think you might want to install.
  • Create additional vmknic for Management traffic on your new LAN network
  • Build Windows Domain with Local DNS (create local DNS entries to be used for vCenter and NSX Manager and your Hosts)

The fun is just getting warmed up. SOOO much more to come.

 

-Britton Johnson

@vcixnv

vExpert 2017, VCIX-NV, VCP6-DCV, VCP6-NV, MCSA, MCTS

 

Cloud

Build your own Cloud – Part 2b

Leave a comment

Assuming you have a Server with ESXi loaded from OVH. You should have received an email with an IP address and login info. Note that the IP you are assigned is only used for managing that host. Additional IPs will be added later for other purposes.

Here’s s the big picture view of the steps we’re going to go thru.

  • Login to host and configure it locally or add it to a vcenter you have created elsewhere (temporarily while we build a vCenter here)
  • Create a vSwitch and add the 2nd NIC to it
  • Copy or Deploy an OVA appliance Virtual Firewall to the host.
  • Copy ISO file for Windows VM of choice or copy up prebuilt Windows VM
  • Request a Failover IP address
  • Configure temp Virtual Firewall (must support modification of Virt MAC address) assign LAN Interface to VM Portgroup ,assign WAN Interface to VM Portgroup on vSwitch connected to NIC1.
  • Connect to VM running on host and download everything you think you might want to install.
  • Build Windows Domain with Local DNS
  • Deploy vCenter Appliance
  • Join Hosts to vCenter
  • Modify Host Networking so they get Internet through your Virtual Firewall.
  • Ensure VUM can read and deploy updates to the hosts.
  • Add additional hosts and configure vRack service
  • Deploy NSX Manager and License it
  • Manually Prep VIBs for NSX to hosts
  • Configure Distributed vSwitch
  • Deploy first NSX Controller
  • Deploy Edge Services Gateway
  • Configure ESG to take over edge roles from Temp Virtual Firewall
  • Configure DNAT and SNAT rules
  • Configure IPSEC Tunnel
  • Deploy Additional NSX Controllers
  • Configure VXLAN over vRack
  • Deploy Logical Dist Switch
  • Deploy Dist. Logical Router
  • Connect DLR to ESG
  • Setup Routing between DLR and ESG

There may be more than this, but this is a start. SOOO many more posts to come!

 

-Britton Johnson

@vcixnv

vExpert 2017, VCIX-NV, VCP6-DCV, VCP6-NV, MCSA, MCTS

Cloud

Build your own Cloud – Part 2

Step one , set up your OVH.com account. Login to the Web Control Panel and Order a Server.

Screen Shot 2017-10-10 at 10.29.43 PM

Once your server is provisioned and setup (times vary based on type and location) you can go into the Web Control Panel and install your ESXi image. Below are the screen shots for installing an ESXi image. After it is loaded you will receive an email with login information.

Screen Shot 2017-10-10 at 10.21.48 PM

Screen Shot 2017-10-10 at 10.22.53 PM

Screen Shot 2017-10-10 at 10.23.44 PM

Screen Shot 2017-10-10 at 10.24.10 PM

Screen Shot 2017-10-10 at 10.24.34 PM

-Britton Johnson

@vcixnv

vExpert 2017, VCIX-NV, VCP6-DCV, VCP6-NV, MCSA, MCTS

Cloud

Build your own Cloud – Part 1

Leave a comment

The big new announcement at VMworld 2017 was all about VMware on AWS. That was all fine and great and whatever, but for most small to medium enterprise customers, it is still out of reach. However I did find a good alternative, and I think it’s even priced within reach of small businesses.

I missed the announcement back in April about OVH buying vCloud Air, so I hadn’t heard of them prior to VMworld. I spent some time in the OVH booth at VMworld learning more about their hosted server offerings. I came away very hopeful that I could build something on their platform without spending a ton.

OVH primarily has a presence in Europe and is nearly as big over there as AWS is in the US. I’m sure with the acquisition of the vCloud Air business they will being opening Data Centers in the US. Currently the only North American facility is in Canada.

I wanted to see just what you can do, so I ordered up a HOST 64L Server. For $75 a month you get a fairly well setup Supermicro Server with an Intel Xeon D Quad Core CPU and 64GB of RAM and 2 Softraid Mirrored 2TB drives. There’s no meter running like with Azure or AWS native, and you get 250mbs of upload speed. You even get IP-KVM access.

Screen Shot 2017-10-08 at 10.19.26 PM

OVH, unlike most other hosting providers that I have found, will allow you to install just about any OS you like. Including VMware ESXi 6.0 or 6.5. So I installed the 6.5 image they have pre-built and soon received an email with an IP and login information. This was looking really promising, so stay tuned for part 2, building it out.

 

-Britton Johnson

@vcixnv

vExpert 2017, VCIX-NV, VCP6-DCV, VCP6-NV, MCSA, MCTS