Table of Contents Lab Overview - - vcloud Air - Jump Start for vsphere Admins...2 Table of Contents... 3 Lab Guidance and Introduction... 4 Module 1 - vcloud Air: Architecture and Consumption Principles (15 Min)...6 vcloud Air Concepts... 7 vcloud Air Student Check-in... 16 Access Virtual Data Center... 19 Module 2 - Identifying and Deploying Workloads in vcloud Air (30 Min)... 26 Creating a Virtual Machine in Virtual Private Cloud OnDemand... 27 Reviewing Virtual Machine Details in Virtual Private Cloud OnDemand...35 Module 3 - Hybrid Cloud Manager (5 Min)... 41 Hybrid Cloud Manager Introduction... 42 Module 4 - vcloud Air: Networking and Security Basics (30 Min)... 45 vcloud Air: Networking and Security Basics... 46 Introduction to vcloud Air NAT and Firewalls... 53 Module 5 - Object Storage (5 Min)... 58 Object Storage Overview... 59 Page 1
Lab Overview - HOL- HBD-1681 - vcloud Air - Jump Start for vsphere Admins Page 2
Table of Contents Table of Contents Lab Guidance and Introduction Module 1 - Architecture and Consumption Principles (15 Min) vcloud Air Concepts vcloud Air Student Check-in vcloud Air User Interface Role based access controls Module 2 - Identifying and Deploying Workloads in vcloud Air (30 Min) Creating a Virtual Machine in Virtual Private Cloud OnDemand Reviewing Virtual Machine Details in Virtual Private Cloud OnDemand Module 3 - Hybrid Cloud Manager (5 Min) Hybrid Cloud Manager overview Module 4 - Networking and Security Basics (30 Min) vcloud Air Networking and Security Basics Introduction to vcloud Air NAT and Firewalls Module 5 - Object Storage Manager (5 Min) Object Storage Manager overview Page 3
Lab Guidance and Introduction - vcloud Air Jump Start for vsphere Admins This lab will provide you with the basic skills necessary to successfully navigate the vcloud Air User Interface (UI). After completing this lab, you will be able to: Understand the different service tiers that the vcloud Air offers Navigate your way around the vcloud Air user interface Deploy your first virtual machine inside the vcloud Air portal Understand the basic network and security principles required to connect a virtual machine to an external network The tasks above are split up into 5 Lightning Lab modules, each is designed to take between 5-30 minutes to complete. You will have a total of 90 minutes to complete this lab sitting. Depending on how much time you have available, you can go through this lab all at once, or choose to break them up over several lab sittings. The tasks are broken up into the following modules: Module 1: Architecture and Consumption Principles Duration: 15-30 minutes Purpose: Understand the different service offerings and navigate your way aroun Lab Captain: Jodi Shely Module 2: Identifying and Deploying Workloads in vcloud Air Duration: 15-30 minutes Purpose: Deploy your first virtual machine in the vcloud Air portal Lab Captain: Cleavon Roberts Module 3: Hybrid Cloud Manager Duration: 5 minutes Purpose: Overview of Hybrid Cloud Manager Lab Captain: Patrick Mahoney Module 4: vcloud Air: Networking and Security Basics Duration: 15-30 minutes Purpose: Understand the basic network and security principles required to conne Lab Captain: Cleavon Roberts Module 5: Object Storage Overview Duration: 5 minutes Purpose: Understand what Object Storage is how you can store data as objects. Lab Captain: Patrick Mahoney Next Steps: Upon completion of this lab, you may consider taking one of the following labs for additional guidance on vcloud Air: Page 4
HOL-HBD-1682 vcloud Air Hybridity & Networking HOL-HBD-1683 vcloud Air Manage Your Hybrid Cloud HOL-HBD-1684 - vcloud Air Disaster Recovery IMPORTANT! Please note that in this lab you are working in a "LIVE" vcloud Air instance. External access from the lab environment to the internet will be provided through the browser. Page 5
Module 1 - vcloud Air: Architecture and Consumption Principles (15 Min) Page 6
vcloud Air Concepts vcloud Air Concepts VMware vcloud Air is a public cloud service that enables you to quickly and securely take advantage of the benefits of the cloud while extending and maximizing the value of your existing on-premises IT investments. vcloud Air leverages the same tools, technologies and skills that you already have while delivering new cloud capabilities that allow your organization to drive business innovation. Service Offerings There are currently three classes of compute service. Dedicated Cloud, Virtual Private Cloud, and Virtual Private Cloud OnDemand. Page 7
Dedicated Cloud Details Dedicated Cloud provides a single-tenant private cloud with dedicated computing servers (air-gapped), layer-2 network isolation for workload traffic, dedicated storage volumes, and a dedicated cloud management instance. Infrastructure capacity may be subdivided into multiple logically-isolated virtual data centers, each with their own networking edge gateway and resource reservation models. The Dedicated Cloud baseline offering starts with 35GHz of Compute (vcpu) capacity, 240GB of vram, and 6TB of Storage. 3 public IP adresses are also provided, as well as a 50 Mbps internet bandwidth that is burstable to 1 Gbps. Direct Connect options are available that can provide 1Gbps and 10Gbps of point-to-point connectivity. Customers can increase the capacity of their dedicated clouds by purchasing additional blocks of storage and compute in the increments you see above. Dedicated Cloud is offered on a monthly subscription basis today. Virtual Private Cloud Details Virtual Private Cloud Virtual Private Cloud provides a multi-tenant environment with logically isolated resources on a shared physical infrastructure, configured as a single virtual data center ( VDC ) with networking resources. Page 8
The Virtual Private Cloud offering starts at 10GHz of Compute (vcpu), 20GB of vram, and 2TB of Storage. In addition, 2 public IP addresses are provided, as well as a 10 Mbps network link, burstable to 50 Mbps. Direct Connect options are available that can provide 1Gbps of point-to-point connectivity. As with the Dedicated Cloud, customers can increase capacity of their Virtual Private Clouds by purchasing additional resources in the block sizes reflected above. Virtual Private Cloud is offered on a monthly subscription basis today. Page 9
Virtual Private Cloud OnDemand Virtual Private Cloud OnDemand is the newest addition to the vcloud Air compute portfolio. It provides a multi-tenant environment with logically isolated resources on a shared physical infrastructure, but instead of a subscription it allows customers to consume specific CPU, RAM and Storage as incremental pay-as-you-go services. Charges are incurred as the resources are consumed (metered by minute) and billed in arrears on a monthly basis. Virtual Private Cloud OnDemand can be purchased via credit card, standard contract or using credits through the Subscription Purchasing Program (SPP). This lab features the VPC OnDemand service Virtual Data Center (vdc) After you select your physical location you then create a Virtual Datacenter (VDC) that acts as a secure container for VMs, networks and storage. You can create many VDCs and name them based on a type of workload they will hold, project name or line of business for example. Each VDC is completely isolated from each other. Self-serve VPN IPSec tunnels can be created to link VDCs together or you can use other Advanced Networking Services such as OSPF (see HOL-HBD-1682 Hybridity and Networking lab). Page 10
Resource utilization and billing can be tracked based on VDC usage which is useful for chargeback/showback. VDCs can have size limits so you control the policy on how many VMs can be created, amount of vram and vcpu Ghz allocated, number of public IP addresses assigned and type/amount of storage to use. Page 11
vcloud Air Services Once logged in to the vcloud Air interface, you are presented with great service options. Object Storage powered by EMC: Highly scalable and durable storage. Create buckets, upload and manage objects. vcloud Air Disaster Recovery to the Cloud - Protect and Recover virtual machines from a disaster. Virtual Private Cloud OnDemand - Create virtual machines, and easily scale up or down as your needs change. My Subscriptions - View subscriptions including dedicated clouds, virtual private clouds and disaster recovery clouds Identity and Access - Manage Users, Roles and Permissions for Services. Stay tuned for more options becoming available soon. vcloud Air Disaster Recovery Service (Recovery-as-a- Service) VMware vcloud Air Disaster Recovery is a simple disaster-recovery-as-a-service (DRaaS) solution for organizations with limited or no disaster recovery solution in place. It provides operational consistency, stability and support for a primary data center in the event of a failure, outage, disaster or any other cause of downtime. Built on vsphere, and delivered by vcloud Air, Disaster Recovery provides the same reliability, security and support that customers recognize and trust today from VMware. This service helps customers fulfill their need to implement or supplement their organization s continuity plans, while recognizing their constraints around budget, time and resources. Disaster Recovery enables organizations to leverage the same tools, skill set and platform investment in vsphere, to provide resiliency for business critical information and assurance against operational disruption. With a cloud-based disaster recovery solution, customers benefit from lower price points, flexible contract terms and the same trusted support across their VMware cloud services. Page 12
vcloud Air Disaster Recovery is a simple and secure asynchronous replication based solution for failover and failback recovery of vsphere environments. It is a subscription based offering with term lengths that vary from 1, 3, 12, 24 and 36 months. The service includes features such as recovery point objective settings as low as 15 minutes, up to 24 hours, on a per VM basis, and multiple point in time recovery snapshots. Customers can perform an unlimited quantity of test failovers during their subscription term length, and for an actual failover, customers have a run time lease of 30 days. If needed, the service provides an offline data transfer option for customers with large on premises environment to use to initially seed their DR instance on vcloud Air. Customers purchase an initial DR instance with vcloud Air that consists of: 10GHz vcpu and 20GB vram, warm reservation of compute 1TB of Standard Storage 2 Public IP addresses 10 Mbps bandwidth Unlimited quantity of test failovers 30 days failover run time Production support If the customer needs to grow their vcloud Air Disaster Recovery environment, add-on options are available across all resources, to add on as needed to support the protection of their on premises data center. The vcloud Air platform security and compliance certifications are applicable across all offerings within the portfolio, which includes DR. vcloud Air Disaster Recovery is available today from all vcloud Air data center locations which include: US-Virginia US-New Jersey US-Texas US-Nevada US-California Europe-UK Europe-Germany Japan West Australia For more detailed information on vcloud Air Disaster Recovery see lab HOL-HBD-1684. Page 13
Virtual Private Cloud OnDemand Virtual Private Cloud OnDemand (hereafter, known as Virtual Private Cloud OnDemand) is a secure, pay-as-you-go, cloud compute service offered by VMware that gives IT organizations a VMware compatible platform to create virtual machines, dynamically scale virtual machines and resources up or down, and pay only for resources allocated. Virtual Private Cloud OnDemand provides on-demand resources with granular metering and usage-based billing. Resources are pool-based allowing deployment of virtual machines with customized configurations. Costs are billed monthly only for the aggregate amount of resources consumed across all your virtual machines. The on-demand resources complement the subscription services for vcloud Air. In this lab you will perform all lessons in the OnDemand service. Page 14
Object Storage powered by EMC Highly scalable and durable storage. Create buckets, upload and manage objects. This offering is explored more in Module 5. The True Hybrid Cloud with Dedicated Resources vcloud Air Dedicated Cloud is a single-tenant, physically isolated IaaS platform that is operated by VMware and compatible with your on premises vsphere environments for true Hybrid functionality. Dedicated Cloud is your own private cloud instance in the public cloud as it provides customers with their own compute nodes for utmost security. This solution offers users the additional flexibility to assign resources to separate virtual data centers, each with individual user access controls. Dedicated Cloud includes compute resource reservation control the entire compute and memory allocation is reserved and can be allocated or over-committed as you desire. Overcommit resources as you see fit, to best meet your performance needs. Dedicated Cloud eases licensing, as many commercial software options are licensed per core. With Dedicated Cloud, you know the amount of cores and can accurately budget for licensing costs. As with all services in the vcloud Air portfolio, Dedicated Cloud is an extension of your data center, allowing you to choose where your applications and workloads are hosted. Dedicated Cloud is configurable and can grow as your needs increase, including additional increments of compute, storage, bandwidth, data protection, and more. The Dedicated Cloud IaaS product is truly your own private cloud in the public cloud. Page 15
vcloud Air Student Check-in As you will be using a live vcloud Air account for this lab you first need a username and password for login. This will be an account specific to this lab. You cannot use an exiting vcloud Air login. The password for this account will be reset after you complete the lab or the time expires. 1. Locate your vcloud Air account 1. Open up the Chrome web browser from the desktop. 2. The home page will be http://checkin.vcahol.com Note: http, not https. 3. Enter your email address and click Search. 4. The username is your login account and StudentID for this lab. Highlight and Ctrl+C or Command+C to copy. You will need this later. 5. Click the link to set a new password. You can only use this password reset link once. The token will expire after first use. Only email addresses with an Active vcloud Air Hands-on-lab will be shown. IMPORTANT: Take note of the Student ID and Datacenter assigned to your lab. All work such as building VMs, looking at the Edge Gateway and making firewall rules must be done in your assigned datacenter. Page 16
2. Set new password Set a new password for the student account following guidelines Click Continue Page 17
3. Login to vcloud Air Click Sign In Enter your assigned username and password you set. Click Login Please note: This password will be reset after exiting this lab. 4. Let the learning begin You now have access to vcloud Air until this lab has been completed or expires. Page 18
Access Virtual Data Center When the lab started a Virtual Data Center (VDC) was created automatically and named after your Student ID. In this module you will locate the VDC and change permissions. IMPORTANT *Before you launch Chrome and attempt to login, make absolutely sure the Desktop Info watermark on the desktop says Ready (see graphic). Virtual Private Cloud OnDemand 1. Hover your mouse over the Virtual Private Cloud OnDemand tile 2. Click on the top Service ID (SID) in list: M838706298. Page 19
Select Your Assigned Datacenter During Student Check-In you were assigned a Datacenter. In this example we are using UK Slough 1 6. 1. Click the datacenter dropdown 2. Select the datacenter you were assigned Once selected you will be directed to that datacenter. vcloud Air saves the last Datacenter selected in your clients browser. You will be returned to the Datacenter after each login. Select Your New VDC Look for a VDC that matches your Student ID. The VDC was created for you in advance and automatically deleted when exiting the lab. A virtual data center provides you with clear and simple access to the processor, network, and storage resources of your vcloud Air cloud environment. Virtual data centers allow you to isolate particular applications or groups of applications. An example would be isolating your production applications from development and testing. You can manage top level aspects of your virtual data center. Set the maximum number of virtual machines. Change the virtual data center's name. Delete a virtual data center. Allocate or adjust a storage tier for the virtual data center. Page 20
1. Click on your VDC 2. Click Resource Usage tab Page 21
Resource Usage Resource Usage for this new VDC will be 0. Over time this tab will show CPU, Memory, Storage, Windows OS Licenses and Public IP Address costs. You can see the Past Hour, Past 24 Hours, Month-to-date and a Detailed Report with any month and VDC selected. Page 22
Change VDC Permissions You can assign which users have permissions to a VDC by editing the VDC after it's created. 1. Right-click your VDC to see options for Edit, Delete or Manage Catalogs in vcloud Director 2. Click on Edit Page 23
Only Me Access 1. Click the "All users" drop down. 2. Select Only me 3. Select Save By default all users in this account can see your VDC. Selecting Only me assigns your username and permissions to this VDC. You can add multiple users by selecting the "Custom" option. In this account all users have Virtual Infrastructure Administrator and Network Administrator roles. Page 24
Conclusion Congratulations! You have accessed your VDC and updated permissions. You are now ready to build a VM. Page 25
Module 2 - Identifying and Deploying Workloads in vcloud Air (30 Min) Page 26
Creating a Virtual Machine in Virtual Private Cloud OnDemand Introduction This lab module is going to walk you through the steps of deploying your very first virtual machine in vcloud Air. vcloud Air HOL Student Check-In PLEASE NOTE - If you have not created a student login account, please follow the steps located here. If you have already created a student login account, you may proceed to the next step. Access the Virtual Private Cloud OnDemand Service 1. Click on the Virtual Private Cloud OnDemand tile from the service dashboard 2. Select M838706298 from the drop down list Select Virtual Data Center 1. Select your assigned datacenter from dropdown. Wait for redirection to complete. 2. Select your new Virtual Datacenter 3. Select "Virtual Machines" tab 4. Click "Create your first virtual machine" Page 27
Notice you can now download Bitnami templates directly into vcloud Air with only a few clicks. In this environment access to the outside internet is blocked. You can also use the Bitnami Launchpad - https://vmware.bitnami.com/ The link "Want to Migrate Virtual Machines?" will show a help page on how to use vcloud Connector to transfer VMs into vcloud Air. This link is also blocked in this environment. Page 28
Select VM Template Prebuilt OS templates are included with vcloud Air. You can always import your own but these will help you get started. The Windows OS templates do have a licensing fee associated for use. 1. Click CentOS 6.3 64 Bit 2. Click Continue Notice "Create My Virtual Machine from Scratch" link. That link will take you into vcloud Director to build the VM and provide access to many other features. In this module will not use vcloud Director. New Virtual Machine Properties From this screen you can assign your VM a name and assign it resources. Unlike other public clouds that force you to use a VM of a particular size, vcloud Air allows you to allocate resources to a VM as you see fit. Moreover, if you decide later that you need to increase or decrease the amount of resources assigned to a VM, you can do so without having to destroy it. You also have the option of attaching the VM to different network Page 29
segments during this phase which is useful when specific network and application architectures are required. 1. Use your studentid as name for the VM 2. Click Create Virtual Machine Notice you can see the Cost per hour or month on this screen. The sliders for CPU, Memory and Storage allow you to customize the VM. The VM created will be added into a vapp which provides additional customproperties. Keep the default values for this exercise. Page 30
Creating Virtual Machine 1. Notice the VM build has started. 2. When the VM is created and powered-on the Status changes to green 3. Also notice the VM has been placed within a vapp. You can add many more VMs to a single vapp if needed. Page 31
Virtual Machine Actions There are a two ways you can interact with the Virtual Machine you just created. You can right-click on the virtual machine name or you can click on the Actions list. 1. Check the box to select your VM 2. With the virtual machine selected, click on Actions in the toolbar to get a full list of available actions. The benefit of this method is that you can apply actions to multiple virtual machines at once. Review the list of actions that are available for your virtual machine. 3. Select Open in Console Page 32
Open Console 1. You will be able to see the virtual machine boot. If not, you can click on the keyboard icon on the upper-right corner of the console which sends CTRL-ALT-DEL to the virtual machine. 2. When you're finished looking at the console, click the red close button in the upper left hand corner of the window. Page 33
API Access After closing the console window notice the two icons, top right side, above search box. 1. This will access the Bitnami Launchpad (external internet is blocked in this lab. Do not click.) 2. This will provide the API URL and Organization Name Open the API Endpoint information box (2). This information is important for vcloud Connector, vrealize Automation, vrealize Operations and other VMware products supporting vcloud Air. vcloud Air can be accessed via an API or command line tools such as PowerCLI and vca-cli. Conclusion Congratulations! You have deployed your first virtual machine from a catalog in vcloud Air. You may now continue to the next section of this module. Page 34
Reviewing Virtual Machine Details in Virtual Private Cloud OnDemand In this module you will now learn how to view, monitor and adjust virtual machine resources from within vcloud Air. Select Virtual Machine 1. Select your new virtual machine 2. Click on Actions 3. Select Edit Resources Page 35
Adjust Virtual Machine Resources If the Guest OS supports a hot change or hot add of CPU or Memory then you adjust these values while the VM is powered-on. In most case you would shutdown the VM first before adding more CPU and Memory. 1. Notice the Blue Links between CPU and Memory. This is the CPU-to-Memory ratio recommendation lock. To only adjust your CPU assignment, click the blue unlock icon to the left. 2. Moving a running VM to a different storage tier can be done here. In this lab only Standard storage is available but SSD-Accelerated is also an option. This will perform a storage vmotion and adjust price as needed. 3. Close this window by selecting X in top right corner Page 36
View VM Networks Tab 1. Select your new Virtual Data Center 2. Click on the Networks tab When we created this virtual machine, it was automatically assigned an available IP address on DEFAULT-ROUTED-NETWORK. This network is created for you with the creation of a virtual data center. It is of the type ROUTED which means that it can communicate with the external Internet (the other type of network is ISOLATED). You can add additional L2 networks like these with your own private IP addresses. Page 37
View VM Monitoring To access monitoring data for this VM we select the VM name 1. Select virtual data center 2. Select Virtual Machines tab 3. Click on name of virtual machine Page 38
Monitoring Tab This settings view also shows the initial root or administrator password of a VM selected from the VMware public catalog. 1. Select Monitoring tab Historic Usage From here you can see real time CPU Usage, Memory Usage, Disk Reads and Writes (Kbps). As this is a new VM monitoring data is still being collected. View the past 24 hours, 7 days, or 14 days' usage. The left-hand Y axis for percentage data is fixed between 0-100%, while the right-hand Y axis for raw usage scales with the historical usage data of the individual virtual machine. Additionally, you can obtain virtual machine monitoring data programmatically by using the vcloud API. See About Virtual Machine Metrics in the vcloud API Programming Guide for vcloud Air Tenants Guide. Page 39
vrealize Operations offers a vcloud Air management pack that can leverage the API and collect many more metrics in a custom dashboard. Conclusion Congratulations! You now understand how to view and edit your virtual machines. You may now continue to the next module. Page 40
Module 3 - Hybrid Cloud Manager (5 Min) Page 41
Hybrid Cloud Manager Introduction This is an overview of Hybrid Cloud Manager (HCM). To learn more see the HOL- HBD-1682 Hybridity & Networking lab. Enable a true hybrid cloud experience with vcloud Air Hybrid Cloud Manager. vsphere users can set up and manage workloads in vcloud Air from within vsphere. Enabling this single pane of glass management capability gives the IT admins greater capabilities for managing all of their environments, whether On-premise or in vcloud Air. Capabilities include visibility and control to vcloud Air environments, advanced networking connections that enable high-speed connections for true workload portability, and extends hybrid identity for improved user management. The vsphere Hybrid Cloud Manager brings your data center and vcloud Air into a single view. Overview Hybrid Cloud Manager (HCM) virtual appliance installs all the necessary components and is managed via the vsphere Web Client Page 42
Enhanced Migration Page 43
Network Extension Hybrid Cloud Manager is a single install that delivers on a number of hybrid use cases: A seamless hybrid experience to administer, consume, and manage your resources across private and public clouds. Manage migration of workloads between clouds with minimal downtime using replication-based technology and WAN acceleration Extend your security & networking policies from your data center to vcloud Air, including the ability to stretch multiple Layer 2 network segments from onpremises to the cloud To learn more see the HOL-HBD-1682 Hybridity & Networking lab. Page 44
Module 4 - vcloud Air: Networking and Security Basics (30 Min) Page 45
vcloud Air: Networking and Security Basics vcloud Air provides user-friendly management tools for networking and security. vcloud Air HOL Student Check-In PLEASE NOTE - If you have not created a student login account, please follow the steps located here. If you have already created a student login account, you may proceed to the next step. Access the Virtual Private Cloud OnDemand Service 1. Click on the Virtual Private Cloud OnDemand tile from the service dashboard 2. Select M838706298 from the drop down list Page 46
vcloud Air Location 1. Select the datacenter you were assigned 2. Select your virtual datacenter created in the previous module 3. Select Gateways tab 4. Click the Gateway box to access settings Virtual Private Cloud OnDemand networking replicates traditional network technologies and design. Networking in Virtual Private Cloud OnDemand is based on the softwaredefined networking (SDN) technologies used by VMware products, including VMware vsphere, VXLAN, vcloud Networking and Security, and vcloud Director. NAT Rules 1. Select NAT Rules The edge gateway provides a network address translation (NAT) service to assign a public address to a virtual machine or group of virtual machines in a private network. Using this technology limits the number of public IP addresses that an organization or company must use, for economy and security purposes. You must configure NAT rules to provide access to services running on privately addressed virtual machines. Page 47
The NAT service configuration is separated into source NAT (SNAT) and destination NAT (DNAT) rules. When you configure an SNAT or a DNAT rule, you always configure the rule from the perspective of vcloud Air. Specifically, that means you configure the rules in the following ways: SNAT: the traffic is traveling from a virtual machine on an internal network in vcloud Air (the source) through the Internet to the external network (the destination). DNAT: the traffic is traveling from the Internet (the source) to a virtual machine inside vcloud Air (the destination). You can configure NAT rules to create a private IP address space inside vcloud Air to port your private IP address space from your enterprise into the cloud. Configuring NAT rules in vcloud Air allows you to use the same private IP addresses for your virtual machines in vcloud Air that were used on premises in your local data center. NAT rules in vcloud Air include the following support: Creating subnets within the private IP address space Creating multiple private IP address spaces for an edge gateway Configuring multiple NAT rules on multiple edge gateway interfaces Firewall Rules 1. Select Firewall Rules You configure all networking security policies on the gateway by creating firewall rules. (vcloud Air does not require configuring security groups like some of the other cloud providers.) You configure firewall rules to manage the traffic flowing in and out of your Page 48
vcloud Air cloud. Additionally, you can configure firewall rules to secure network traffic between any and all interfaces on a gateway. Firewall rules in vcloud Air have the following characteristics: Consist of 5 tuple policies (protocol, source/destination IP address, source/ destination port) Can have multiple policies across multiple networks Are ideal for enterprise-grade application deployment By default, gateways are deployed with firewall rules configured to deny all network traffic to and from the virtual machines on the gateway networks. Attempting to ping a virtual machine on a network after configuring a NAT rule will fail without adding a firewall rule to allow the corresponding traffic. Page 49
Networks Tab 1. Select Networks You can view a list of the networks added to a gateway. For each network, you can view the default gateway IP address, IP range, and the number of virtual machines attached to it and the number of public IP addresses allocated to the gateway. Page 50
Public IPs 1. Select Public IPs 2. Click Add IP Address Virtual Private Cloud OnDemand offers resource pool-based pay-as-you-go service, which includes charges for publicip addresses allocated for your gateways. Virtual Private Cloud OnDemand monitors your gateways to determine when you allocate or deallocate publicip addresses to them. You are charged for those publicip addresses only while they are in use. Add IP Address to Gateway 1. Select Add. Wait for the Public IP to added to the gateway Page 51
View IP Address The public IP address you will be provided will be different Navigate back to Virtual Machines Return to your virtual machine list by select your Virtual Data Center in the breadcrumbs. Page 52
Introduction to vcloud Air NAT and Firewalls Welcome! In this sub-module, you will be introduced to vcloud Air NAT and Firewalls. Connect a Virtual Machine to the Internet Once a free public IP address is available you can quickly connect any VM to that public IP for outbound internet access. This process will create a firewall and SNAT rule for access. 1. Select Virtual Datacenter 2. Select virtual machine created 3. Select Actions 4. Select Connect to Internet Page 53
Warning Message A warning will appear. Click Yes. Status Bar The status bar will indicate that the service is updating the network. Give this 1 minute to process and then proceed to next step. Page 54
Select Gateway 1. Click Gateways tab 2. Click the Gateway box named after your Student ID Page 55
SNAT Rule Added A new NAT rule has been created for you. The rule is considered an SNAT or Source NAT rule. This means it is a rule to route the traffic originating from your StudentID VM through the exterior translated port which is the Gateway IP address (IP addresses will differ in your lab environment). This rule is defined for all ports. You can add your own additional rules, including a Destination NAT or DNAT rule for traffic from the Internet that you would want to route to the StudentID VM. 1. Select Firewall Rules Tab Page 56
Firewall Rules The service automatically created 3 different firewall rules for you: The first rule allows StudentID VM to communicate to DNS servers (port 53). The second rule allows HTTP traffic from StudentID VM (port 80). The third rule allows HTTPS traffic from StudentID VM (port 443). Additional rules can be created to open other ports. The reverse firewall rules would need to be created to allow incoming traffic from the Internet to reach StudentID VM. Conclusion Congratulations! You have completed the lab and you've just set up a NAT rule and a Firewall rule that would allow a virtual machine communicate out to the Internet. Page 57
Module 5 - Object Storage (5 Min) Page 58
Object Storage Overview VMware's vcloud Air Object Storage is a scalable, efficient, and cost-effective solution for unstructured data. As part of our commitment to deliver new services to the vcloud Air platform with best-in-class performance and choice, VMware is proud to deliver object storage solutions powered by EMC and Google Cloud Platform through vcloud Air. vcloud Air Object Storage provides an inexpensive destination for storing your files with high durability and resiliency. This type of storage is ideal for the following use cases: Backup and archiving: Store data and files including snapshots of your VMDKs in inexpensive, offsite cloud-based storage. With better RTO than tape and prices as low as $0.01 per GB, Object Storage is a reliable destination for your backups. Imaging, media and Web 2.0: Store your photos, audio/video files and other static data in object storage. vcloud Air Object Storage automatically replicates your files across multiple arrays and can scale up to petabytes, supporting large files up 5TB (Google) or 20TB (EMC). These files can support a website or be a personal repository, all while being a true elastic pay-as-you-go storage solution. Shared and log files: Companies are seeing an explosion in the growth of data and the cost of local file storage. File shares on-premises can be expensive to maintain, take up precious real estate and difficult to retire. By shifting file sharing to cloud-based object storage, you create a data repository that is accessible across multiple users and regions. VMware vcloud Air Object Storage: Introduction Interactive Demo on vcloud Air Object Storage Page 59
Interactive Demo on vcloud Air Object Storage This is a interactive Demo on vcloud Air Object Storage. Click here to view an interactive demo. The demo will open in a new browser tab or window. Page 60
Conclusion Thank you for participating in the VMware Hands-on Labs. Be sure to visit http://hol.vmware.com/ to continue your lab experience online. Lab SKU: Version: 20160106-081644 Page 61