VMware Cloud Community
ManivelR
Hot Shot
Hot Shot
Jump to solution

vcloud director 9.5 setup question

Hi Team,

Setup:-

vcloud director 9.5 setup with 2  VCD cells.We are going to use NSX edge service for load balancing.Whenever customer access from internet,load should be balanced between the below 2 cells.

We are going to install VCD 9.5 on 2 cells(cluster setup).

VCD1--> 10.1.1.10

VCD2--> 10.1.1.13

My doubt is about VCD http & console proxy.Should i use separate IP address for http & console proxy ? or single IP address is fine to configure ? I mean only VCD ip address only(10.1.1.10 & 10.1.1.13)

VCD1--> 10.1.1.10

http-->10.1.1.11

Console proxy--> 10.1.1.12

VCD2--> 10.1.1.13

http-->10.1.1.14

Console proxy--> 10.1.1.15

Please clarify. We have 50 customers and all the customers will access through web.

https://docs.vmware.com/en/vCloud-Director/9.5/vcd_95_install.pdf

Getting confused because of below statement.

pastedImage_1.png

Thanks,

Manivel R

1 Solution

Accepted Solutions
sk84
Expert
Expert
Jump to solution

The physical switches don't need to know anything about VXLAN. You just need a normal VLAN for all the VXLAN traffic and it will be encapsulated. Or it is also possible to configure the VTEP with VLAN 0, then the VXLAN traffic is untagged.

Each ESXi host within a transport zone then has a VTEP configured and uses a vmkernel port for the NSX traffic. The vmkernel port requires a VLAN ID and IP address (or only an IP if the traffic is untagged).

See: Configure VXLAN from the Primary NSX Manager

--- Regards, Sebastian VCP6.5-DCV // VCP7-CMA // vSAN 2017 Specialist Please mark this answer as 'helpful' or 'correct' if you think your question has been answered correctly.

View solution in original post

15 Replies
SebastianGrugel
Hot Shot
Hot Shot
Jump to solution

Hi in our environment we have this example configuration:

Cell1

http 10.10.10.1

console 10.10.10.2

Cell2

http 10.10.10.3

console 10.10.10.4

We are using 2 network cards...but im not sure if this is proper way... because few days ago we performed some investigation and all trafic in our configuration is going only by one network card... ( we will investigate this later)

Sebastian

vSebastian.net

vExpert VSAN/NSX/CLOUD | VCAP5-DCA | VCP6-DCV/CMA/NV ==> akademiadatacenter.pl
Reply
0 Kudos
jonathanw
Enthusiast
Enthusiast
Jump to solution

In 9.5 VMware are starting a move to a single interface & IP address for vCD - you can quite happily run both the web and consoleproxy services on a single IP address (although these use different ports - 443 for web and 8443 for consoleproxy). If you use the 9.5 vCD appliance you don't get the choice  the appliance is configured during deployment with a single IP.

What you do still need to be careful about is the certificates.ks file which still needs 2 aliases (http and consoleproxy) with the 2 SSL certificates (one for each service - although you can use the same certificate for both if the DNS for both services is the same). You also need to be careful to set the correct public URIs in the vCD system configuration once deployed to avoid the 'white screen of nothingness'.

Reply
0 Kudos
ManivelR
Hot Shot
Hot Shot
Jump to solution

Thanks so much Sebastian & Jon for your valuable feedback.

I have some others doubts.Could you pls let me know if you have any idea.

I have 10 ESXi hosts under VSAN cluster.We have 50 clients and going to create multiple VDC's(one VDC per client)

Our target VCD version 9.5.0 with Centos 7 VM.

Which one i should use either NSX or vshield manager for VCD 9.5.0 ?  vShield is deprecated right ? we should use NSX manager right ?

After attaching vCenter server components in to NSX manager,VXLAN is must be configured ?

Thanks,

Manivel RR

Reply
0 Kudos
sk84
Expert
Expert
Jump to solution

Yes. vShield is deprecated. So you should go the NSX way.

You need at least the NSX Manager, NSX Controllers and a transport zone.

VXLANs are automatically created in the background in the form of logical switches as soon as a customer creates an Org or vApp network.

--- Regards, Sebastian VCP6.5-DCV // VCP7-CMA // vSAN 2017 Specialist Please mark this answer as 'helpful' or 'correct' if you think your question has been answered correctly.
Reply
0 Kudos
paluszekd
VMware Employee
VMware Employee
Jump to solution

Correct, but one can use External Networks also that bypasses the VXLAN overlay. However, you do lose the self-service network services capability built into vCD.

Reply
0 Kudos
ManivelR
Hot Shot
Hot Shot
Jump to solution

Thanks for your valuable time clarification Sebastian & Paul.Much appreciated.

We are one of the service provider.I like to start with my setup.This is going in to production in another 2 weeks.Please share me your valuable feedback if you have any idea.As im a begineer,i dont know about much on this and reading lot of articles still.

Setup name:- vCloud director along with VSAN environment

Cluster--> Only one VSAN cluster  i.e   "VSAN cloud-CL". This cluster has 10 ESXi hosts.Customer VMs and management VMs(VCD,vCenter server,VCD DB,NSX etc...) will be located in the same cluster.

ESXi hosts--> 10 ESXi hosts with 6.7.0 update 1

vCenter server--> only one vCenter server with 6.7.0 update 1

VSAN version:- 6.7.0  update 1 and VSAN datastore size is 50 TB(only one datastore.)

vCloud director--> Totally 2 with clustered setup(HA)-->2 VCD's

vCloud director--> only one postgresql server

AMQP Server-->Only one server

NSX manager-->only one appliance

As i told earlier,we have 50 active customers and all the customers are currently running with vSphere 5.0.0/6.0.0 along with Nimble storage.Our plan is move out all these cusromers to "vCloud director along with VSAN environment"

Currently all the customers are having seperate network(example VLAN 500-550).Each customer has one VLAN(for example customer A VLAN is 500 and their network is 172.16.2.0 and customer B VLAN is 501 and their network is 172.16.3.0 etc.....)The same existing customer network will be used for vCloud director.

1) We are one of the service provider,so i will create only one PVDC(in vcloud director console) and integrate all the 10 ESXi hosts. Please clarify if im wrong ?

2) 50 Organization VDC should be created(one VDC per customer)Please clarify if im wrong ?

3) Doubt about NSX manager.After installing NSX manager and integration with vCenter server,how many NSX controllers,transport zone should be created ?

4) Where i need to create customer network ?  in vAPPS under org. network right ?

Your inputs will be much appreciated.

Regards,

Manivel R

Reply
0 Kudos
sk84
Expert
Expert
Jump to solution

I'm honestly not sure if you can make it work in two weeks if you've never worked with it before. NSX and vCD networking can become very complex and there are many different ways to achieve a goal. Which way is right for you depends on many factors.

And there's nothing worse than setting up a vCD setup now and realizing in a few months that something doesn't fit or scales properly. Which requires changes in design and architecture and has an impact on the network design for all customers.

I would therefore strongly advise you to first familiarize yourself with the peculiarities and capabilities of vCloud Director and NSX in a lab environment to find out how you want to build your vCD infrastructure.

To answer some of your questions:

vCloud director--> Totally 2 with clustered setup(HA)-->2 VCD's

vCloud director--> only one postgresql server

AMQP Server-->Only one server

You want to run 2 vCD cells for HA reasons but RabbitMQ and Postgres only once? That doesn't make any sense. For example, if the Postgres server goes down, your vCD instance is unusable. And, in addition, you will also need a shared NFS server for temporary uploads of media files and templates.

1) We are one of the service provider,so i will create only one PVDC(in vcloud director console) and integrate all the 10 ESXi hosts. Please clarify if im wrong ?

2) 50 Organization VDC should be created(one VDC per customer)Please clarify if im wrong ?

3) Doubt about NSX manager.After installing NSX manager and integration with vCenter server,how many NSX controllers,transport zone should be created ?

4) Where i need to create customer network ?  in vAPPS under org. network right ?

1.) You can select the cluster while creating the provider VDC.

2.) That depends on what a customer is allowed to do. But I personally would separate it that way.

3.) I would setup 1 NSX Manager, 3 NSX controllers and 1 Transport Zone.

4.) That depends on your planned design and cannot be answered so easily. I wanted to point this out with the first part of my answer. There are different ways to create such a setup. You should think about the difference between External Network, Org Network and vApp Network. And if customers are allowed to create their own networks? Should there be an edge gateway per orgVDC so that customers have network self services (firewall, load balancer, VPNs, etc.)?  How scalable must the setup be? What does your physical infrastructure look like (i.e. which gateways, routing, reliability)? And so on.  The best design for you is then automatically derived from this.

--- Regards, Sebastian VCP6.5-DCV // VCP7-CMA // vSAN 2017 Specialist Please mark this answer as 'helpful' or 'correct' if you think your question has been answered correctly.
Reply
0 Kudos
ManivelR
Hot Shot
Hot Shot
Jump to solution

Thank you for great summary Sebastian.During installation time,i like to take VMware help and already raised a ticket for the same.

As communicated earlier,we are going to all the customers running with vSphere 5.5.0/6.0.0 to new vCloud director along with VSAN.

Yes.We go with DB clustering and AMQP clustering.

All the existing customer networks will be used in VCD.Customer has permissions to reach external network(outside internet)and the existing connectivity will be in place(example VM creation,internet access etc..)

NSX is very limited to all the customers.We are not going to use all the NSX components.Only little components will be used(whatever NSX components is must for vCloud director).

I can say that all of our customers will not be allowed to create their own networks and there will not be any edge gateway per orgVDC.So customers will not have network self services (firewall, load balancer, VPNs, etc.).This is the current requirement and there is only one site(VCD setup).

As already told,each customer has different network and we will use those network when migrating customer VMs to vCloud director.

In physical side,we have good redundany(from vsphere & physical switch side as well)

Thanks so much.

Manivel R

Reply
0 Kudos
sk84
Expert
Expert
Jump to solution

In this case I would create one external network per customer and VLAN and in the org VDC of the customer I would create one org network that is directly connected to the particular external network (direct connect mode). So you have a 1:1 mapping between each external network (VLAN 500-550) and the org network of each customer.

--- Regards, Sebastian VCP6.5-DCV // VCP7-CMA // vSAN 2017 Specialist Please mark this answer as 'helpful' or 'correct' if you think your question has been answered correctly.
Reply
0 Kudos
ManivelR
Hot Shot
Hot Shot
Jump to solution

Thank you Sebastian. I understood.

As communicated earlier, nsx is very limited.

Should I use vxlan and network pools?

Should I create nsx controllers and transport zone?

Is this must?

Thanks,

Manivel

Reply
0 Kudos
sk84
Expert
Expert
Jump to solution

If you want to use Org or vApp networks, you need the NSX infrastructure, because Org networks are provided as VXLANs in the form of logical switches.

In this case, you need at least one NSX manager and one transport zone. Because VXLANs only work within a transport zone. And for the transport zone, you select the replication mode. If you choose unicast or hybrid, you will also need NSX controllers (maximum 3).

See: Understanding Replication Modes

--- Regards, Sebastian VCP6.5-DCV // VCP7-CMA // vSAN 2017 Specialist Please mark this answer as 'helpful' or 'correct' if you think your question has been answered correctly.
Reply
0 Kudos
ManivelR
Hot Shot
Hot Shot
Jump to solution

Thank you Sebestain.Much appreciated.

As of now,we are going to provide direct external connectivity only to customer with the help of VCD.

Thanks,

Manivel R

Reply
0 Kudos
ManivelR
Hot Shot
Hot Shot
Jump to solution

Hi All,

I have two Cisco Nexus 5548 switches with redundancy.

Our question is for running NSX/VXLAN, do we require VXLAN support on the underlay network which consists of these physical switches(Cisco Nexus 5548 switches) ?

If we use Cisco 1000v switches (these switches will be integrated with VSS or VDS) which supports VXLAN, so in that case the physical Nexus 5548 switches still require VXLAN support ?

Our assumption is that 1000v can be configured as VTEPs and the underlay IP based network does not need to know VXLAN. Is this assumption correct?

Thanks,

Manivel R

Reply
0 Kudos
sk84
Expert
Expert
Jump to solution

The physical switches don't need to know anything about VXLAN. You just need a normal VLAN for all the VXLAN traffic and it will be encapsulated. Or it is also possible to configure the VTEP with VLAN 0, then the VXLAN traffic is untagged.

Each ESXi host within a transport zone then has a VTEP configured and uses a vmkernel port for the NSX traffic. The vmkernel port requires a VLAN ID and IP address (or only an IP if the traffic is untagged).

See: Configure VXLAN from the Primary NSX Manager

--- Regards, Sebastian VCP6.5-DCV // VCP7-CMA // vSAN 2017 Specialist Please mark this answer as 'helpful' or 'correct' if you think your question has been answered correctly.
ManivelR
Hot Shot
Hot Shot
Jump to solution

Thanks alot Sebastian.

Reply
0 Kudos