This blogpost will be featured in a couple of blogs from the same Series called VMware Cloud Director Availabilty. With this series I want to teach everybody that is visiting these blogs how to install the full blown, and On-Premise environment(s). I hope everybody enjoys these as much as I did creating these environments and writing the blogposts. The series will consist out of:
- Introduction and installing the Manager Appliance (with the Cloud Service)
- Installing the Tunnel Appliance
- Installing the Replicator Appliance
- Installing the On-Premise Appliance
- Bonus:
- How to pair a On-Premises site to the Cloud.
- How to pair a Cloud site to the Cloud.
- How to change the certificates.
- How to upgrade the environment.
Introduction
VMware Cloud Director Availability or short VCDA was previously called vCAV (VMware vCloud Director Availability). This tool is the Disaster Recovery-as-a-Service (DRaaS) tool that providers or users that use VMware Cloud Director (VCD) use. This tool completely integrates within the VCD environment, it’s GUI and it’s API environment. It delivers multi-tenant DRaaS services with a few simple clicks right within VCD. With this tool you can do Cloud-to-Cloud (Even VMware-on-AWS) migrations or replications and On-Premise to Cloud migrations and replications. The tool uses asynchronous replications underneith the make sure that the data is copied over to the destination. Once this is done you can migrate, (test)fail over, reverse fail over or delete the replications as you wish without the need for the provider to assist you in this. This means this is a full self-service DRaaS service that you can enable for your customers.
Architecture
VCDA consists out of a couple of appliances, depending on the configuration you are using. These appliances are explained in the below table:
Appliance Type | Description and Services | Hardware Requirements |
---|---|---|
Cloud Replication Management Appliance | A dedicated appliance, that runs the following VMware Cloud Director Availability services: – Manager Service – Cloud Service with embedded VMware Cloud Director Availability Tenant Portal You deploy the Cloud Replication Management Appliance to configure replications from and to VMware Cloud Director. | 2 vCPUs 4 GB RAM 10 GB Storage |
Cloud Replicator Appliance | A dedicated appliance for the Replicator Service that handles the replication traffic for a site. For large-scale environments, you can deploy more than one Cloud Replicator Appliance per cloud site. | 4 vCPUs 6 GB RAM 10 GB Storage |
Cloud Tunnel Appliance | A dedicated appliance for the Tunnel Service. | 2 vCPUs 2 GB RAM 10 GB Storage |
Combined Appliance | An all-in-one appliance deployment type, only suitable for testing and evaluation environments. The Combined Appliance includes all VMware Cloud Director Availability services: – Manager Service – Replicator Service – Cloud Service with embedded VMware Cloud Director Availability Tenant Portal – Tunnel Service | 4 vCPUs 6 GB RAM 10 GB Storage |
Now there are some requirements that you will have to follow, which are also mentioned here, but I will write them down in short below:
- Use the correct CommenName and Subject Alternative Name if you are using custom SSL certificates on either VCDA or VCD. VCDA checks this strictly and it needs to match the FQDN or IP.
- VMware Cloud director vApps discovery and adoption must be disabled.
- You may use a dedicated vmkernel adapter on each ESXi host for replication traffic. But this is not required for it to work.
The overal architecture will look like something below. Please mind that this picture is directly taken from the VMware documentation here:
The architecture from a networking standpoint is pretty easy if you ask me. There are a bunch of ports required, all of these can be found here. A typical Cloud-to-Cloud environment will look like something below:
Just to make sure you don’t forget any essential port, I have summed them up in the table below:
Product | Releases | Port | Protocol | Source | Destination | Service Description |
---|---|---|---|---|---|---|
VMware Cloud Director Availability | 4.2, 4.3 | 3030 | TCP | Cloud Tunnel Appliance | Cloud Replicator Appliance(s) | Used for transfer replication data |
VMware Cloud Director Availability | 4.2, 4.3 | 8043 | TPC | On-Premises vCenter Server | VMware Cloud Director Availability On-Premises Appliance | Used for downloading the VMware Cloud Director Availability vSphere Client Plug-In from the VMware Cloud Director Availability On-Premises Appliance |
VMware Cloud Director Availability | 4.1, 4.3, 4.2 | 32032 | TCP | ESXi hosts | Cloud Replicator Appliance(s) | Used by the source ESXi hosts for encrypted virtual machines replication traffic to the Replicator Service. |
VMware Cloud Director Availability | 4.1, 4.3, 4.2 | 25 (*or user-selected) | TCP | Cloud Replication Management Appliance | SMTP server | Used by the Cloud Service to send events notifications emails to the SMTP server, as configured in VMware Cloud Director. |
VMware Cloud Director Availability | 4.0, 4.1, 4.3, 4.2 | 123 | UDP | Cloud Replication Management Appliance | NTP server | Used by the Cloud Replication Management Appliance for time synchronization with the NTP server by using Network Time Protocol (NTPv4) as per RFC 5905. |
VMware Cloud Director Availability | 4.0, 4.1, 4.3, 4.2 | 514 | UDP | Cloud Replication Management Appliance | Syslog server | Used by the Cloud Service for sending events to the syslog server. |
VMware Cloud Director Availability | 4.0, 4.1, 4.3, 4.2 | 8048 | TCP | Cloud Replicator Appliance(s) | Cloud Tunnel Appliance | Used by the Replicator Service for replication traffic to the Tunnel Service. |
VMware Cloud Director Availability | 4.0, 4.1, 4.3, 4.2 | 8044 | TCP | Cloud Replicator Appliance(s) | Cloud Replication Management Appliance | Used by the Replicator Service for management traffic to the Cloud Replication Management Appliance. |
VMware Cloud Director Availability | 4.0, 4.1, 4.3, 4.2 | 443 | TCP | Cloud Replicator Appliance(s) | vCenter Server | Used by the the Replicator Service for interaction with the vSphere API located on the vCenter Server. |
VMware Cloud Director Availability | 4.0, 4.1, 4.3, 4.2 | 443 | TCP | Cloud Replicator Appliance(s) | Platform Services Controller | Used by the Replicator Service to communicate with the vCenter Server Lookup service located on the Platform Services Controller. |
VMware Cloud Director Availability | 4.0, 4.1, 4.3, 4.2 | 80 | TCP | Cloud Replicator Appliance(s) | ESXi hosts | Used by the Replicator Service to initiate the flows of replication traffic to the destination ESXi hosts. This port carries no replication traffic. |
VMware Cloud Director Availability | 4.0, 4.1, 4.3, 4.2 | 902 | TCP | Cloud Replicator Appliance(s) | ESXi hosts | Used by the Replicator Service to send replication traffic to the destination ESXi hosts. |
VMware Cloud Director Availability | 4.0, 4.1, 4.3, 4.2 | 443 or 8442 | TCP | Administrative browser session | Cloud Tunnel Appliance | Used for administrative login to the Tunnel Service to perform administrative operations. |
VMware Cloud Director Availability | 4.0, 4.1, 4.3, 4.2 | 443 | TCP | Administrative browser session | Cloud Replication Management Appliance | Used for administrative login to the Cloud Service to perform administrative operations. |
VMware Cloud Director Availability | 4.0, 4.1, 4.3, 4.2 | 8441 | TCP | Administrative browser session | Cloud Replication Management Appliance | Used for administrative login to the Manager Service to perform administrative operations. |
VMware Cloud Director Availability | 4.0, 4.1, 4.3, 4.2 | 443 or 8440 | TCP | Administrative browser session | Cloud Replicator Appliance(s) | Used for administrative login to the Replicator Service to perform administrative operations. |
VMware Cloud Director Availability | 4.0, 4.1, 4.3, 4.2 | 123 | UDP | Cloud Tunnel Appliance | NTP server | Used by the Cloud Tunnel Appliance for time synchronization with the NTP server by using Network Time Protocol (NTPv4) as per RFC 5905. |
VMware Cloud Director Availability | 4.0, 4.1, 4.3, 4.2 | 123 | UDP | Cloud Replicator Appliance(s) | NTP server | Used by the Cloud Replicator Appliance for time synchronization with the NTP server by using Network Time Protocol (NTPv4) as per RFC 5905. |
VMware Cloud Director Availability | 4.0, 4.1, 4.3, 4.2 | 443 | TCP | Cloud Tunnel Appliance | Platform Services Controller | Optionally used for single sign-on login to the Tunnel Service. |
VMware Cloud Director Availability | 4.0, 4.1, 4.3, 4.2 | 8443 | TCP | Cloud Tunnel Appliance | Cloud Replication Management Appliance | Used by the Tunnel Service for management traffic to the Cloud Replication Management Appliance. |
VMware Cloud Director Availability | 4.0, 4.1, 4.3, 4.2 | 8046 | TCP | Cloud Tunnel Appliance | Cloud Replication Management Appliance | Used by the Tunnel Service for management traffic to the Cloud Replication Management Appliance. |
VMware Cloud Director Availability | 4.0, 4.1, 4.3, 4.2 | 8044 | TCP | Cloud Tunnel Appliance | Cloud Replication Management Appliance | Used by the Tunnel Service for management traffic to the Cloud Replication Management Appliance. |
VMware Cloud Director Availability | 4.0, 4.1, 4.3, 4.2 | 44045 | TCP | Cloud Tunnel Appliance | Cloud Replicator Appliance(s) | Used by the Tunnel Service for replication traffic to the Replicator Service. |
VMware Cloud Director Availability | 4.0, 4.1, 4.3, 4.2 | 8043 | TCP | Cloud Tunnel Appliance | Cloud Replicator Appliance(s) | Used by the Tunnel Service for management traffic to the Replicator Service. |
VMware Cloud Director Availability | 4.0, 4.1, 4.3, 4.2 | 8048 | TCP | Cloud Replication Management Appliance | Cloud Tunnel Appliance | Used by the Cloud Replication Management Appliance for replication and management traffic to the Tunnel Service. |
VMware Cloud Director Availability | 4.0, 4.1, 4.3, 4.2 | 8047 | TCP | Cloud Replication Management Appliance | Cloud Tunnel Appliance | Used by the Cloud Replication Management Appliance for management traffic to the Tunnel Service. |
VMware Cloud Director Availability | 4.0, 4.1, 4.3, 4.2 | 8043 | TCP | Cloud Replication Management Appliance | Cloud Replicator Appliance(s) | Used by the Cloud Replication Management Appliance for management traffic to the Replicator Service. |
VMware Cloud Director Availability | 4.0, 4.1, 4.3, 4.2 | 443 | TCP | Cloud Replication Management Appliance | VMware Cloud Director | Used by the Cloud Replication Management Appliance for interaction with the VMware Cloud Director API located on the VMware Cloud Director Cell instances. |
VMware Cloud Director Availability | 4.0, 4.1, 4.3, 4.2 | 443 | TCP | Cloud Replication Management Appliance | Platform Services Controller | Used by the Cloud Replication Management Appliance to communicate with the vCenter Server Lookup service located on the Platform Services Controller. |
VMware Cloud Director Availability | 4.0, 4.1, 4.3, 4.2 | 53 | TCP | VMware Cloud Director Availability On-Premises Appliance | DNS server | Used by the VMware Cloud Director Availability On-Premises Appliance for name resolution. |
VMware Cloud Director Availability | 4.0, 4.1 | 44046 | TCP | ESXi hosts | VMware Cloud Director Availability On-Premises Appliance | Used for transferring replication data traffic from the ESXi hosts to the VMware Cloud Director Availability On-Premises Appliance. |
VMware Cloud Director Availability | 4.0, 4.1 | 80 | TCP | VMware Cloud Director Availability On-Premises Appliance | ESXi hosts | Used by the VMware Cloud Director Availability On-Premises Appliance to initiate the flows of replication data traffic to the destination ESXi hosts. This port carries no replication data traffic. |
VMware Cloud Director Availability | 4.0, 4.1 | 902 | TCP | VMware Cloud Director Availability On-Premises Appliance | ESXi hosts | Used for transferring replication data traffic from the VMware Cloud Director Availability On-Premises Appliance to the ESXi hosts. |
VMware Cloud Director Availability | 4.0, 4.1 | 443 | TCP | VMware Cloud Director Availability On-Premises Appliance | Platform Services Controller | Used for single sign-on login to the VMware Cloud Director Availability On-Premises Appliance and for vCenter Server Lookup service communication. |
VMware Cloud Director Availability | 4.0, 4.1 | 443 | TCP | VMware Cloud Director Availability On-Premises Appliance | vCenter Server | Used for service communication to vCenter Server. |
VMware Cloud Director Availability | 4.0, 4.1 | 443 | TCP | VMware Cloud Director Availability On-Premises Appliance | Firewall | Used for replication data traffic and service management traffic to the cloud site. |
VMware Cloud Director Availability | 4.0, 4.1 | 443 | TCP | Browser login session | VMware Cloud Director Availability On-Premises Appliance | Used for browser logins to the VMware Cloud Director Availability On-Premises Appliance. |
VMware Cloud Director Availability | 4.0, 4.1 | 53 | UDP | VMware Cloud Director Availability On-Premises Appliance | DNS server | Used by the VMware Cloud Director Availability On-Premises Appliance for name resolution. |
VMware Cloud Director Availability | 4.0, 4.1 | 123 | UDP | VMware Cloud Director Availability On-Premises Appliance | NTP server | Used by the VMware Cloud Director Availability On-Premises Appliance for time synchronization with the NTP server by using Network Time Protocol (NTPv4) as per RFC 5905 |
VMware Cloud Director Availability | 4.0, 4.1 | 53 | TCP | Cloud Tunnel Appliance | DNS server | Used by the Cloud Tunnel Appliance for name resolution. |
VMware Cloud Director Availability | 4.0, 4.1 | 53 | UDP | Cloud Tunnel Appliance | DNS server | Used by the Cloud Tunnel Appliance for name resolution. |
VMware Cloud Director Availability | 4.0, 4.1 | 53 | TCP | Cloud Replication Management Appliance | DNS server | Used by the Cloud Replication Management Appliance for time synchronization. |
VMware Cloud Director Availability | 4.0, 4.1 | 53 | UDP | Cloud Replication Management Appliance | DNS server | Used by the Cloud Replication Management Appliance for time synchronization. |
VMware Cloud Director Availability | 4.0, 4.1 | 53 | TCP | Cloud Replicator Appliance(s) | DNS server | Used by the Cloud Replicator Appliance for time synchronization. |
VMware Cloud Director Availability | 4.0, 4.1 | 53 | UDP | Cloud Replicator Appliance(s) | DNS server | Used by the Cloud Replicator Appliance for time synchronization. |
VMware Cloud Director Availability | 4.0, 4.1 | 8048 | TCP | Firewall | Cloud Tunnel Appliance | Used for redirecting the external cloud sites traffic to the Tunnel Service. |
VMware Cloud Director Availability | 4.0, 4.1 | 44046 | TCP | ESXi Hosts | Cloud Replicator Appliance(s) | Used by the source ESXi Hosts for replication traffic to the Replicator Service. |
Installing the VMware Cloud Director Availabilty Manager Appliance
Now that we have explained the appliances that VMware Cloud Director Availability exists out of, how the design looks like and what the network requirements are, we can savely go ahead and deploy the first appliance. Follow the below steps to do this:
Step 1: Deploy the OVA for the Management Appliance
- Download the OVA from vmware.com if you haven’t yet.
- Import the OVA in the vCenter.
- Choose the VMfolder in which you want to deploy the appliance.
- Choose a Resourcepool in which you want to deploy the appliance.
- Accept the license agreement.
- Pick “Cloud Replication Management Appliance”.
- Select a datastore to deploy the appliance on to.
- Select the network that you want to use for the Management appliance.
- Also enter the following customizations:
- Root password
- Enable SSH: Yes/No
- NTP Servers (comma seperated)
- Hostname
- IP Address
- Gateway
- MTU Size
- DNS Servers (comma seperated)
- Search Domain
- Review the entered information and press on Finish to deploy the OVA on to the environment.
And that’s it! We have now deployed the Management Appliance. Continue to step 2 for the next part, configuring the Management appliance.
Step 2: Configuring the Management Appliance (Cloud and Management service)
At this point we cannot use the environment, for that to work we need to deploy all of the others appliances, but we will get into that in another blogpost. But for now we can still configure the currently deployed appliance. To do this, follow the next steps:
- Login to the Cloud Service admin page on https://vcda-mgmt.fqdn/ui/admin.
- Change the initial password.
- Run the Initial setup.
- Enter the Site Name. This will be the site name that will be visible within VMware Cloud Director to your tenants. So pick a good name that matches your service.
- Also enter the VCDA service endpoint. This is the endpoint on which VCDA Cloud Service will be externally available.
- (Optional) Enter a description for the site. The tenant within VCD will be able to see this.
- Enter the Lookup Service information. This is the vCenter Server the environment will be connected to. You can press the TAB key to auto fill the information once the vCenter Server is entered.
- Verify the SSL thumbprint and press on Finish.
- On the VCD page within the initial setup we can connect the environment to VCD. To do this enter the VCD Service endpoint and it’s administrator@system credentials.
- Verify the SSL thumbprint and press on Finish.
- Enter the VCDA license. You will be able to find the license in your vmware.com account if you are authorized to see it by your License Admin user.
- (Optional) Accept the VMware CEIP configuration.
- Click on Finish and now the Initial setup has completed.
- Go the Management Service admin page on https://vcda-mgmt.fqdn:8441/ui/admin and go to Configuration -> and configure the same Lookup Service Address.
- Verify the SSL thumbprint and press on Finish.
- Now the Management Service should be healthy. You can check this under System Monitoring.
At this point we have deployed the Management appliance that has the Management and the Cloud Service. We have run the initial setup for both and now we can login to the Cloud Service UI again on https://vcda-mgmt.fqdn/ui/admin and go to System Configuration/Monitoring to review the environment. Obviously at this point there will still be a lot of red or not connected, since we still haven’t deployed the Tunnel and Replication appliances.
In the next blogpost in this series we will implement the VCDA Tunnel Appliance, which is the proxy for the environment to the outside world.
2 Comments
Arjun · March 11, 2024 at 12:35 pm
what are the supported source OS for VCDA tool?
does VCDA support RHEL 5 ?
Bryan van Eeden · June 4, 2024 at 8:30 am
Hi Arjun,
What do you mean? VCDA support all VM’s as a VM object, there is no real requirement for a specific GuestOS. Or are you referring to another situation?