Tag Archives: NSX

Build your own Cloud – Part 3

Build your own Cloud – Part 3

Now we come to the fun stuff. Building it out. It’s a little strange connecting directly to an ESXi host over the open Internet, but it works. Later we can harden the environment and turn off the direct host access to the Management IP. Because of the way OVH uses their IP distribution you cannot reallocate the Hosts Management IP, at least not that I have found yet.

So once you have your host installed and have received your login creds, get out to the Host and login.

1-ESXilogin2-ESXilogin

Simple enough. If this is your first host, you’ll want to start uploading files to it and or deploy any OVA appliances you want. Think of this as your launching platform for everything you might want to build or install.

  • Configure Networking

You will need to add another vSwitch and connect the second Physical Ethernet adapter to it. The second Ethernet adapter is the only one where your additional Public Static IP addresses will be used. Be sure to enable MAC Address Changes and Forged transmits as these are disabled by default.

3-ESXivSwitch

Then in the OVH Control Panel if you haven’t already, order an additional IP. Just follow the Wizard. Once the IP and Virtual MAC are assigned, you’ll assign them to the WAN Interface of your chosen Virtual Firewall.

4-ManageIPs

  • Deploy Virtual Firewall/Router

Before we can deploy vCenter and get NSX running we need a better way to connect and manage the host. Any Virtual Firewall/Router that you’re comfortable with that allows Custom MAC addresses should work fine. I initially used pFsense, but I’m also partial to Fortinet and have found their Virtual Fortigate to be very easy to setup. Since we only need it until NSX is running, choose whatever is easiest for you. When creating your local LAN network use something other than 192.168.0.0/24 that is the default vRack network and will be used later.Screenshot-2017-10-16 ns3082341 ip-147-135-255 eu - VMware ESXi

  • Build Windows Domain

If you’re building this as a Lab and you want to deploy vCenter and a bunch of other DNS dependent services you’ll want to start building your Windows Domain Controller. Create a Port Group on the Host for LAN traffic and assign an Interface of your Firewall to that same LAN port group.

If you intend to extend your existing infrastructure to this hardware. That makes things a little trickier but it can be done, essentially you’ll either want to get your Virtual Firewall configured for a IPSEC VPN tunnel to your network, or setup a L2 VPN tunnel. Either way you need an Additional IP assigned to your Firewall on the Host in order to use it with anything.

If you assigned your Additional IP properly and setup your Router correctly, you should be able to get to the Internet from your Windows VM on the ESXi host. Keep in mind, usually whatever your Additional IP is, the Gateway address ALWAYS ends in .254. Now you can go download all the stuff you think you’ll need to deploy. Other Windows files, vCenter, NSX Manager, etc.

Here’s what you should have so far:

  • Login to host and configure it locally or add it to a vcenter you have created elsewhere (temporarily while we build a vCenter here)
  • Create a vSwitch and add the 2nd NIC to it
  • Copy or Deploy an OVA appliance Virtual Firewall to the host. (and created and configured VM)
  • Copy ISO file for Windows VM of choice or copy up prebuilt Windows VM
  • Request a Failover IP address (and assigned Virtual MAC address to WAN Interface of your VM Firewall)
  • Configure temp Virtual Firewall (must support modification of Virt MAC address) assign LAN Interface to VM Portgroup ,assign WAN Interface to VM Portgroup on vSwitch connected to NIC1 (NIC0 is what your Public Management IP is connected to).
  • Create LAN Network on any RFC 1918 Subnet other than 192.168.0.0/24
  • Setup Routing to Internet on your vFirewall
  • Connect to VM running on host and download everything you think you might want to install.
  • Create additional vmknic for Management traffic on your new LAN network
  • Build Windows Domain with Local DNS (create local DNS entries to be used for vCenter and NSX Manager and your Hosts)

The fun is just getting warmed up. SOOO much more to come.

 

-Britton Johnson

@vcixnv

vExpert 2017, VCIX-NV, VCP6-DCV, VCP6-NV, MCSA, MCTS

 

Build your own Cloud – Part 2b

Assuming you have a Server with ESXi loaded from OVH. You should have received an email with an IP address and login info. Note that the IP you are assigned is only used for managing that host. Additional IPs will be added later for other purposes.

Here’s s the big picture view of the steps we’re going to go thru.

  • Login to host and configure it locally or add it to a vcenter you have created elsewhere (temporarily while we build a vCenter here)
  • Create a vSwitch and add the 2nd NIC to it
  • Copy or Deploy an OVA appliance Virtual Firewall to the host.
  • Copy ISO file for Windows VM of choice or copy up prebuilt Windows VM
  • Request a Failover IP address
  • Configure temp Virtual Firewall (must support modification of Virt MAC address) assign LAN Interface to VM Portgroup ,assign WAN Interface to VM Portgroup on vSwitch connected to NIC1.
  • Connect to VM running on host and download everything you think you might want to install.
  • Build Windows Domain with Local DNS
  • Deploy vCenter Appliance
  • Join Hosts to vCenter
  • Modify Host Networking so they get Internet through your Virtual Firewall.
  • Ensure VUM can read and deploy updates to the hosts.
  • Add additional hosts and configure vRack service
  • Deploy NSX Manager and License it
  • Manually Prep VIBs for NSX to hosts
  • Configure Distributed vSwitch
  • Deploy first NSX Controller
  • Deploy Edge Services Gateway
  • Configure ESG to take over edge roles from Temp Virtual Firewall
  • Configure DNAT and SNAT rules
  • Configure IPSEC Tunnel
  • Deploy Additional NSX Controllers
  • Configure VXLAN over vRack
  • Deploy Logical Dist Switch
  • Deploy Dist. Logical Router
  • Connect DLR to ESG
  • Setup Routing between DLR and ESG

There may be more than this, but this is a start. SOOO many more posts to come!

 

-Britton Johnson

@vcixnv

vExpert 2017, VCIX-NV, VCP6-DCV, VCP6-NV, MCSA, MCTS

Build your own Cloud – Part 1

The big new announcement at VMworld 2017 was all about VMware on AWS. That was all fine and great and whatever, but for most small to medium enterprise customers, it is still out of reach. However I did find a good alternative, and I think it’s even priced within reach of small businesses.

I missed the¬†announcement back in April¬†about OVH buying vCloud Air, so I hadn’t heard of them prior to VMworld. I spent some time in the OVH booth at VMworld learning more about their hosted server offerings. I came away very hopeful that I could build something on their platform without spending a ton.

OVH primarily has a presence in Europe and is nearly as big over there as AWS is in the US. I’m sure with the acquisition of the vCloud Air business they will being opening Data Centers in the US. Currently the only North American facility is in Canada.

I wanted to see just what you can do, so I ordered up a HOST 64L Server. For $75 a month you get a fairly well setup Supermicro Server with an Intel Xeon D Quad Core CPU and 64GB of RAM and 2 Softraid Mirrored 2TB drives. There’s no meter running like with Azure or AWS native, and you get 250mbs of upload speed. You even get IP-KVM access.

Screen Shot 2017-10-08 at 10.19.26 PM

OVH, unlike most other hosting providers that I have found, will allow you to install just about any OS you like. Including VMware ESXi 6.0 or 6.5. So I installed the 6.5 image they have pre-built and soon received an email with an IP and login information. This was looking really promising, so stay tuned for part 2, building it out.

 

-Britton Johnson

@vcixnv

vExpert 2017, VCIX-NV, VCP6-DCV, VCP6-NV, MCSA, MCTS