Building the Foundation of a vCloud Air Lab

Chris Colotti February 26, 2014 Hybrid Cloud, vCloud, VMware Leave a comment

The on premises physical kit is actually very basic and simple

  • 4 Dell R710 Servers boot from flash ESXi with 4 10GB ethernet ports
  • VNX2 5400 with 13TB usable Storage
  • 2 Arista Switches
  • 5 Public IP Addresses

That’s pretty much it on the physical side.  Initially the goal was to stand up 2 “Layers” of virtual machines so that we could manage the entire setup and we created two domains.  I will go more into why I did this and the details later but essentially this is the high level.

Management Domain – lab.VCHSTM.org

This domain is where all the management stack machines like vCenter, vCloud Connector, vCNS Manager, vCloud Automation Center, and all those goodies live.  We have all this on a routable internal network so we can get to all the management stack easily from anywhere via VPN, View Session or other means.  This has its own set of Active Directory Services specific to the logins to the management stack items.  This is where we can use things like vCloud Connector and other appliances to manage all the machines at the vSphere level like a customer would.

“Customer” Domain – corp.VMTM.org

The domain is all isolated and build on top of VXLAN 100%.  From a networking perspective this group is routed through a vCNS Edge Gateway that is connected directly to the internet.  For this reason all the subnets available to the domain are all on VXLAN and have no bridge or interconnect to the private network the management stack is on.  It’s 100% isolated so the only way to manage VM’s is via the Remote Console from vCenter.  The reason we did this is that THIS environment and domain is the one that is now connected to two vCloud Air clouds.  We needed to create a mock up of a customer on premises environment with true internet access for the VPN connections.

This has it’s own active directory services that is also tied into the clouds we connected to where the other domain is just for management.  The machines in this domain are all actual “workload” machines, like SQL Server, web servers, and other actual applications that need to also connect to their cloud based peers for various uses cases like a split web application.  That’s where the real magic starts to happen.

The Hybrid Cloud Connections

So with the two domains up and running the next thing was to interconnect everything.  The diagram below is where we ended up and when you think about it, the setup looks pretty simple and makes a lot of sense.

Lab_VPN

  • VPN Tunnel from On Premises to Las Vegas Cloud
  • VPN Tunnel from On Premises to Sterling, VA Cloud
  • VPN Tunnel from Las Vegas to Sterling

This allowed us to then setup each of these in Active Directory Sites and Services with their respective networks and subnets for standing up applications.  We also deployed pairs of active directory servers locally in each cloud to support local DNS and authentication.  DHCP is provided in almost all cases by the Edge Gateway itself for ease of use.

We also needed to start created lots of Firewall rules which I will share later to allow the traffic to pass between these sites and allow the various subnets to communicate.  It goes without saying that each site is using a unique IP range so there is no VPN conflicts.  If you have ever heard Dave Hill and I present how to build your hybrid cloud in less than a day….this is the setup we always referred to.  We used this lab for many of the live demonstrations I did at PEX including Disaster Recovery to Cloud.  It was also used for upcoming video recordings on many topics.

We manage all the external DNS for web application use cases through DYN.com as well so as a team we have a single point to manage all the domain records for external access.  We are also able to leverage their global load balancing to test running a web application in all three locations globally load balanced.  At this point we have a very extensive lab to test pretty much any use case we get thrown to test and write about it.  I also plan on turning the setup and firewall rules into an official document that people can use to set up something similar for proof of concept testing.  The first step in getting to Hybrid Cloud is getting the “Foundation” built which is what I have built here.  I think this is the third time I  have set this up, but the first time using a “proper” set of lab gear other than my home lab.

Pages: 1 2

Tags

About Chris Colotti

Chris is active on the VMUG and event speaking circuit and is available for many events if you want to reach out and ask. Previously to this he spent close to a decade working for VMware as a Principal Architect. Previous to his nine plus years at VMware, Chris was a System Administrator that evolved his career into a data center architect. Chris spends a lot of time mentoring co-workers and friends on the benefits of personal growth and professional development. Chris is also amongst the first VMware Certified Design Experts (VCDX#37), and author of multiple white papers. In his spare time he helps his wife Julie run her promotional products as the accountant, book keeper, and IT Support. Chris also believes in both a healthy body and healthy mind, and has become heavily involved with fitness as a Diamond Team Beachbody Coach using P90X and other Beachbody Programs. Although Technology is his day job, Chris is passionate about fitness after losing 60 pounds himself in the last few years.

Leave a Reply

Your email address will not be published. Required fields are marked *


© Copyright ChrisColotti.us 2024, All Rights Reserved.