Build your own Cloud – Part 3
Now we come to the fun stuff. Building it out. It’s a little strange connecting directly to an ESXi host over the open Internet, but it works. Later we can harden the environment and turn off the direct host access to the Management IP. Because of the way OVH uses their IP distribution you cannot reallocate the Hosts Management IP, at least not that I have found yet.
So once you have your host installed and have received your login creds, get out to the Host and login.
Simple enough. If this is your first host, you’ll want to start uploading files to it and or deploy any OVA appliances you want. Think of this as your launching platform for everything you might want to build or install.
- Configure Networking
You will need to add another vSwitch and connect the second Physical Ethernet adapter to it. The second Ethernet adapter is the only one where your additional Public Static IP addresses will be used. Be sure to enable MAC Address Changes and Forged transmits as these are disabled by default.
Then in the OVH Control Panel if you haven’t already, order an additional IP. Just follow the Wizard. Once the IP and Virtual MAC are assigned, you’ll assign them to the WAN Interface of your chosen Virtual Firewall.
- Deploy Virtual Firewall/Router
Before we can deploy vCenter and get NSX running we need a better way to connect and manage the host. Any Virtual Firewall/Router that you’re comfortable with that allows Custom MAC addresses should work fine. I initially used pFsense, but I’m also partial to Fortinet and have found their Virtual Fortigate to be very easy to setup. Since we only need it until NSX is running, choose whatever is easiest for you. When creating your local LAN network use something other than 192.168.0.0/24 that is the default vRack network and will be used later.
- Build Windows Domain
If you’re building this as a Lab and you want to deploy vCenter and a bunch of other DNS dependent services you’ll want to start building your Windows Domain Controller. Create a Port Group on the Host for LAN traffic and assign an Interface of your Firewall to that same LAN port group.
If you intend to extend your existing infrastructure to this hardware. That makes things a little trickier but it can be done, essentially you’ll either want to get your Virtual Firewall configured for a IPSEC VPN tunnel to your network, or setup a L2 VPN tunnel. Either way you need an Additional IP assigned to your Firewall on the Host in order to use it with anything.
If you assigned your Additional IP properly and setup your Router correctly, you should be able to get to the Internet from your Windows VM on the ESXi host. Keep in mind, usually whatever your Additional IP is, the Gateway address ALWAYS ends in .254. Now you can go download all the stuff you think you’ll need to deploy. Other Windows files, vCenter, NSX Manager, etc.
Here’s what you should have so far:
- Login to host and configure it locally or add it to a vcenter you have created elsewhere (temporarily while we build a vCenter here)
- Create a vSwitch and add the 2nd NIC to it
- Copy or Deploy an OVA appliance Virtual Firewall to the host. (and created and configured VM)
- Copy ISO file for Windows VM of choice or copy up prebuilt Windows VM
- Request a Failover IP address (and assigned Virtual MAC address to WAN Interface of your VM Firewall)
- Configure temp Virtual Firewall (must support modification of Virt MAC address) assign LAN Interface to VM Portgroup ,assign WAN Interface to VM Portgroup on vSwitch connected to NIC1 (NIC0 is what your Public Management IP is connected to).
- Create LAN Network on any RFC 1918 Subnet other than 192.168.0.0/24
- Setup Routing to Internet on your vFirewall
- Connect to VM running on host and download everything you think you might want to install.
- Create additional vmknic for Management traffic on your new LAN network
- Build Windows Domain with Local DNS (create local DNS entries to be used for vCenter and NSX Manager and your Hosts)
The fun is just getting warmed up. SOOO much more to come.
vExpert 2017, VCIX-NV, VCP6-DCV, VCP6-NV, MCSA, MCTS