Table of Contents HOL SLN - PDF Free Download

Table of Contents Lab overview - - VMware Cloud Foundation 3.0 Getting Started... 2 Lab Overview and Guidance... 3 Module 1 - Workload Domain Exploration (30 mins)... 9 Workload Domain Overview... 10 Module 2 - User Interface Exploration (30 mins)... 34 Add User Account and UI Exploration... 35 Module 3 - Patching and Upgrading (30 mins)... 49 Patching and Upgrading... 50 Module 4 - Workload Domain Expansion (30 mins)... 66 Workload Domain Expansion... 67 Module 5 - Workload Domain Multi-cluster (30 mins)... 85 Workload Domain Multi-cluster... 86 Module 6 - Certificate Authority Configuration (30 mins)... 99 Certificate Management... 100 Page 1

Lab overview - - VMware Cloud Foundation 3.0 Getting Started Page 2

Lab Overview and Guidance Lab Summary ***Note: It may take more than 120 minutes to complete this lab. Most of the modules are not dependent on one another, the exception being Module 4 - Workload Domain Expansion and Module 5 - Workload Domain Multi-cluster. These modules have a dependancy that a Workload domain be deleted as listed in Module 1. Outside of this requirement the modules do flow from one to the next in logical order and the lab would best be consumed in that way. The Table of Contents can be accessed in the upper right-hand corner. Module 1 - Workload Domain Exploration (30 minutes) Module 2 - User Interface Exploration (30 minutes) Module 3 - Patching and Upgrading (30 minutes) Module 4 - Workload Domain Expansion (30 minutes) Module 5 - Workload Domain Multi-cluster (30 minutes) Module 6 - Certificate Authority Configuration (30 minutes) Lab Captains: Paul Irwin, Staff Partner Solutions Architect, USA Kevin Tebear, Senior Technical Marketing Architect - VMware Cloud Foundation, USA VMware Cloud Foundation is VMware s unified SDDC platform for the private and public clouds. This product brings together VMware s compute, storage, and network virtualization into a natively integrated stack, and allows you to deliver enterprise-ready cloud infrastructure with automation and management capabilities for simplified operations that are consistent across private and public clouds. A deployed VMware Cloud Foundation system includes the following VMware software as standard components: SDDC Manager - Virtual appliance that provides administrators with a centralized portal to provision, manage, and monitor the VMware Cloud Foundation solution. vsphere Enterprise Plus Edition - Enterprise-class hypervisor for compute virtualization Page 3

Platform Services Controller (PSC) A service in vsphere 6 that handles the infrastructure security functions such as vcenter Single Sign-On, licensing, certificate management and server reservation. vcenter Server Standard - Provides centralized management of vsphere virtual infrastructure vsan Delivers flash-optimized, high-performance storage for a hyper-converged infrastructure. NSX for vsphere - VMware NSX is the network virtualization platform for the Software-Defined Data Center. NSX embeds networking and security functionality that is typically handled in hardware directly into the hypervisor. The following VMware software components are integrated with SDDC Manager and may be optionally deployed as part of VMware Cloud Foundation: vrealize Operations - Correlates data from applications to storage in a unified, easy-to-use management tool that provides control over performance, capacity, and configuration, with predictive analytics driving proactive action, and policybased automation. vrealize Automation - Automates the delivery of the compute, storage and network resources on a per application basis, delivered through repeatable blueprints and accessed though a self service user portal. vrealize Log Insight Allows administrators to view, manage, and analyze log information from various points within the solution. This lab will demonstrate the ability to use SDDC Manager to configure, manage, maintain, and consume hyper-converged infrastructure. We make use of all the software listed above to show an example of a fully deployed VMware Cloud Foundation System. Credentials The following is a summary of the credentials used for this lab. For your convenience, links to the management interfaces are located in the bookmark bar of Google Chrome shown in the image. Additional credentials for components not listed below may be found in the README.txt file located on the desktop of the Main Console. SDDC Manager Username: administrator@vsphere.local Password: VMware1! Page 4

SDDC Manager as Sam Jones Username: sam@corp.local Password: VMware1! All vrealize Operations Instances Username: administrator@vsphere.local Password: VMware1! vcenter Server Admin Console Username: root Password: VMware1! vsphere Web Client Username: administrator@vsphere.local Password: VMware1! vrealize Log Insight Username: admin Password: VMware1! vrealize Suite Lifecycle Manager Username: admin@localhost Password: vmware Accessing the Online International Keyboard You can also use the Online International Keyboard found in the Main Console. 1. Click on the Keyboard Icon found on the Windows Quick Launch Task Bar. Page 5

Click once in active console window In this example, you will use the Online Keyboard to enter the "@" sign used in email addresses. The "@" sign is Shift-2 on US keyboard layouts. 1. Click once in the active console window. 2. Click on the Shift key. Click on the @ key 1. Click on the "@"key. Notice the @ sign entered in the active console window. Page 6

Activation Prompt or Watermark When you first start your lab, you may notice a watermark on the desktop indicating that Windows is not activated. One of the major benefits of virtualization is that virtual machines can be moved and run on any platform. The Hands-on Labs utilizes this benefit and we are able to run the labs out of multiple data centers. However, these data centers may not have identical processors, which triggers a Microsoft activation check through the Internet. Rest assured, VMware and the Hands-on Labs are in full compliance with Microsoft licensing requirements. The lab that you are using is a self-contained pod and does not have full access to the Internet, which is required for Windows to verify the activation. Without full access to the Internet, this automated process fails and you see this watermark. This cosmetic issue has no effect on your lab. Page 7

Look at the lower right portion of the screen Please check to see that your lab is finished all the startup routines and is ready for you to start. If you see anything other than "Ready", please wait a few minutes. If after 5 minutes your lab has not changed to "Ready", then please ask for assistance. Page 8

Module 1 - Workload Domain Exploration (30 mins) Page 9

Workload Domain Overview Workload Domains Your VMware Cloud Foundation system's management domain and deployed workload domains are pools of logical resources. Each pool is a cluster of ESXi hosts managed by an associated vcenter Server and NSX manager. Each cluster manages the resources of all the hosts that are assigned to it. Within each cluster Cloud Foundation enables the VMware vsphere High Availability (HA), VMware vsphere Distributed Resource Scheduler (DRS), and VMware Virtual SAN capabilities. By default, there is one management domain that is used to manage the SDDC infrastructure components within a Cloud Foundation deployment. The management domain is automatically provisioned using the first four hosts when the environment is initially configured for Cloud Foundation (a process referred to as "Bring Up"). When creating workload domains, Cloud Foundation takes the number of hosts specified by the cloud administrator and deploys the Workload Domain with VMware best practices. When the system provisions the management domain, it automatically provisions and configures the cluster with the unified SDDC platform components to include: vsphere, vcenter Server, Virtual SAN, NSX for vsphere, and vrealize Log Insight together with any desired optional components such as vrealize Operations and vrealize Automation. Page 10

You use the SDDC Manager Web interface in a browser for the single-point-of-control management of your VMware Cloud Foundation system. The SDDC Manager provides centralized access to, and an integrated view of the physical and virtual infrastructure of the system. SDDC Manager does not mask the individual component management products. Along with the SDDC Manager Web interface, for certain tasks, you might also use web interfaces for administration tasks involving their associated VMware software components that are part of a VMware SDDC. All of these interfaces run in a browser, and you can launch many of them from locations in the SDDC Manager Web interface. While every attempt has been made to implement the full SDDC Manager experience in the Hands-on Lab, some functionality may differ on genuine physical hardware. As such, some actions may vary slightly when running in the virtual Hands on Labs environment as compared to an actual Cloud Foundation deployment. Loading symbol ***Note: In the Hands on Labs environment, as you are navigating through the various screens, you may encounter long refresh operations for extended periods of time on the order of 1-3 minutes. Please resist the urge to click or refreshing the page during these times as it will most likely extend the wait. When building the lab we attempted to minimize these loading times, however, in some instances, operations such as timeouts when waiting for hardware to reply were unavoidable as this is a nested environment and not connected to physical hardware. Thank you for your patience! Page 11

Initial Log In 1. Please ensure that the Lab Status is green and says Ready. If it does not please let a proctor know. 2. After you have verified that the lab is ready please launch Google Chrome using the shortcut on the desktop. Log in to SDDC Manager Once the browser has launched you will see two tabs open by default. The first tab is the SDDC Manager Login, the second is the vcenter Login. Page 12

1. Select the SDDC Manager tab and verify the page URL to ensure you have the correct user interface. The SDDC Manager login URL should read https://psc-1.vcf.corp.local 2. In the User name box enter: administrator@vsphere.local 3. In the Password box enter: VMware1! 4. Click the Login button Log in to the vsphere Client 1. After the successful log in to the SDDC Manager, select the second tab in the Chrome browser for the vsphere Web Client. 2. Select the URL refresh button in the second browser tab. This action should allow you to be signed into the vsphere Client without having to enter any additoinal log in credentials. As we have already authenticated with the SDDC Manager and they are both in the same SSO domain, our credentials should carry through to the second browser tab. Page 13

The refresh process can take a couple minutes to complete, but you can continue on to the next step in the lab. SDDC Manager Dashboard The Dashboard page is the home page that provides the overall administrative view of your system. The Dashboard page provides a top-level view of the physical and logical resources across all of the physical racks in your system, including available CPU, memory, and storage capacity. From this page, you can start the process of creating a 'Workload Domain'. You use the links on the dashboard to drill-down and examine details about the physical resources and the virtual environments that are provisioned for the management and workload domains. On the left side of the interface is the Navigation bar. The Navigation bar provides icons for navigating to the corresponding pages. We will explore each of these in more detail later in the lab. Page 14

1. Select the SDDC Manager Tab at the top of the browser window. Here we can see the dashboard view and recent tasks that have been completed. 2. Due to the resolution of the Hands On Lab environment the Tasks tray will need to be resized, or you will need to scroll over while reviewing the tasks. You also have the option to minimize the Tasks tray by clicking the X. Page 15

Workload Domain Exploration Overview of Workload Domain Creation in VCF 3.0. Workload Domain Exploration Rainpole Inc has just deployed VMware Cloud Foundation 3.0. Let s begin by exploring the Workload Domains. Page 16

1. From the left hand navigation pane, select the Inventory menu item, then select Workload Domains. Workload Domains From the Workload Domains view we can see the available CPU, Memory, and Storage capacity. We are also able to see the Workload Domains and the type of workload domains that have been created within the environment. This environment has 2 workload domains provisioned. The MGMT Workload Domain and the VI-WLD Workload Domain. Each of these Workload Domains performs a different function. One, the Management Workload Domain, is responsible for the overall VMware Cloud Foundation environment. The other, the VI Workload Domain, is used to provide resources for virtual server workloads and applications. Page 17

1. Use the horizontal scroll bar at the bottom of the page to scroll to the right to view more information about the 2 existing Workload Domains. Management Workload Domain You will now explore the Management Workload Domain in greater detail. 1. Click on the Management Workload Domain link labeled MGMT at the bottom of the page. MGMT - Deep Dive From the landing page of the MGMT Workload Domain we get an immediate picture of the status of CPU, Memory and Storage consumption by this workload domain. We are Page 18

also able to determine the capacity of allocated resource as well as how much of that capacity has been consumed. Scrolling further down you will see a number of options along the bottom of the page that allow you to drill further into the status of the workload domain. Each of these options is detailed below. Explore these by clicking on each in turn. Page 19

1. Summary: Lists the various clusters available under the highlighted Workload Domain and lists the configured resiliency of the cluster. The FTT number defines the number of host failures that the cluster is able to tolerate. 2. Services: Displays the FQDN and IP address of all associated components that have been deployed to support the specific Workload Domain. This could include items such as vcenter Server, Platform Services Controllers, vrealize LogInsight, vrealize Operations and NSX Manager. Also displayed in this list is the SDDC Manager for the over all environment. 3. Update/Patches: Shows the pre-check workflow, as well as any updates that have been made available that apply to this specific Workload Domain. Also listed are the specific versions of software for the deployed components within the Workload Domain. Select a version number will take you to the Update history for that component. 4. Update History: Shows all updates that have already been applied to the system. You have the option to filter the time period over which you'd like results displayed. 5. Hosts: Displays all the hosts that are part of this specific Workload Domain including the Cluster that the host belongs to, the FQDN of the host, the Management IP address, Network Pool, Host Status, Resource Usage, and Storage Type (Hybrid or All Flash) 6. Clusters: Lists out all available clusters under a given Workload Domain 7. Security: Displays the certificate information for all components of the VMware Cloud Foundation environment. This interface can also automate the replacement of a certificate for all component inside of VMware Cloud Foundation. We will explore certificate management in a later module. Page 20

VMware Log Insight Integration Rainpole Inc. has standardized on vrealize Log Insight as their log aggregation and log analysis solution. You have been asked by the IT Manager to connect the newly created VI-WLD Workload Domain to the vrealize Log Insight deployment that is running in the Management Workload Domain. vrealize Suite You will now navigate back to the Workload Domains page. 1. Scroll to the top of the page and click the Back to Workload Domains link. Identify vrealize Suite Components 1. At the bottom of the Workload Domains page, use the horizontal scroll bar to navigate to the far right of the page. 2. Select the drop down arrow for the MGMT Workload Domain under the vrealize Connections column Page 21

The MGMT Workload Domain has a connection from 2 products in the vrealize Suite. By selecting the arrow we can view which products connections these are. vrealize Suite Administration 1. On the left side menu, click on the Administration section. 2. Highlight vrealize Suite from the drop down menu. 3. Select vrealize Log Insight from the menu options. Page 22

Enable vrealize Log Insight Before you are able to activate Log Insight, the appropriate license information will need to be added to the SDDC Manager. Fortunately, the addition of all required licenses have already been accomplished by the Software Licensing team at Rainpole Inc. The vrealize Log Insight screen provides you with some additional details about the deployment. 1. Select the Enable button to begin the automatic configuration of LogInsight for all Workload Domains in our environment. By enabling this function all existing and future workload domains will be configured with Log Insight at the time of their creation. Page 23

Monitor Progress Once you have select the Enable button, you should see a blue confirmation dialog box informing you that vrelaize Log Insight is being connected to all Workload Domains. Page 24

1. To view additional information or to monitor the progress in more detail, you may select the View Status in Task link in the dialog box. A second option would be to select the double up arrows on the lower right side of the collapsed Task Window at the bottom of the browser. Monitor Progress - Task View 1. Continue to monitor the progress. The status for the Connect Workload Domains to Realize Log Insight should show a Running state. 2. You may need to manually refresh the view to see that the task has completed successfully. Click the Refresh link on the Tasks Window. Validate Deployment 1. Expand the Tasks Window 2. Click the arrow next to the Connect Workload domains to vrealize Log Insigh task 3. Click the View Subtasks link Page 25

You should now see all the subtasks that have executed and completed as part of enabling Log Insight for all Workload Domains and components within the environment. Please wait for the Connect Workload domains to vrealize Log Insigh task to complete successfully before proceeding. This should take under 3 minutes. Launch Log Insight You are now going to validate that the previous task has completed and the changes are reflected in vrealize Log Insight. 1. Open a new tab in the Chrome Browser. 2. Click vrealize Log Insight in the bookmarks bar 3. Once the Log Insight page loads, enter the following username: admin 4. Enter the password: VMware1! 5. Click the LOGIN button to continue Page 26

Log Insight Administration 1. Once the main Log Insight page loads, select the link in the top right corner of the screen (3 horizontal lines) 2. Click on the Administration menu item from the drop down list. Page 27

Hosts 1. Once the Administration console opens, click the Hosts menu item from the left navigation menu bar. 2. In the main section of the Hosts Page, Identify the vcenter-wld.vcf.corp.local host item. vcenter-wld.vcf.corp.local is the vcenter server from the VI-WLD Workload Domain that we just configured. We are now able to collect, manage and visually trend logs from all devices in the Workload Domain. Workload Domain Deletion You just receievd a call from the IT Director of Rainpole Inc. An existing company project has had it's delivery deadline moved up a few months. In order to meet this new deadline, additional compute capacity will be required to support the application workloads and additional development staff. In order to provide the additional capacity for the project, you will need to decomission the VI-WLD Workload Domain Page 28

Let's walk through reclaiming this capacity for use in a future module. Before you proceed with the deletion of the workload domain lets confirm what we will be decomissioning in the vsphere Web Client. 1. Click on the second tab in the browser to view the vsphere Web Client. 2. You should already be authenticated and logged into the vsphere Web Client if you followed the directions at the beginning of this module. If however the session has timed out, simply refresh the browser page to re-authenticate to vcenter. 3. Expand the vcenter-wld.vcf.corp.local vcenter server listed in the Navigator pane. Expanding the view further shows the Datacenter VI-WLD-DC, the PROD Cluster, the 3 ESXi Hosts, and the 3 VM s that are actually the NSX Controller VM s. Select Workload Domain 1. Select the SDDC Manager Tab at the top of the browser window. 2. Under the Inventory menu item on the left side menu, highlight the Workload Domains option. Page 29

3. Scroll down to the bottom of the main section of the page. Select the 3 vertical dots icon next to the VI-WLD Workload Domain. 4. Click the Delete Domain option from the drop down menu. Workload Delete Confirmation The Delete confirmation dialog box ensures that a deletion of a Workload Domain is not done accidentally. Verify that you have the correct work load domain. 1. Click both the checkboxes. You will notice that the Delete Domain button is now active. Page 30

2. Click the Red Delete Domain button to proceed with the Workload Domain deletion. Performing this operation, in this fashion will correctly invoke all cleanup functions and ensure the proper removal of vcenter Server, NSX Manager, and the NSX controllers from Management Workload Domains vcenter inventory. Page 31

Monitor Removal Tasks 1. To monitor the progress of the Workload Domain removal, select the double up arrows on the lower right side of the Tasks window at the bottom of the browser screen. 2. Expland the Removing domain VI-WLD Task item 3. Click in the View Subtasks link to see additional information Deletion Confirmation 1. Click Refresh under Subtasks. This will allow you to view the most up to date infromation regarding the tasks currently running. 2. Continue to monitor the subtasks until the ReleaseLockContractAction subtask indicates a status of Successful. The completion of this over all action can take upto 5 minutes to complete depending upon the performance in Hands On Labs. You may continue to monitor this task or proceed with the next module. This completes Module 1 of this hands on lab. Page 32

End of Module 1 You have completed Module 1 and should now have a good understanding of how to navigate the SDDC Manager web interface. You should also at this point conceptualy understand what a workload domain is and what it it used for. Please continue to Module 2 - "User Interface Exploration" Page 33

Module 2 - User Interface Exploration (30 mins) Page 34

Add User Account and UI Exploration You can manage users and groups using the User Management page of the SDDC Manager Web Interface. Your VMware Cloud Foundation system provides role-based access control. Authentication to the SDDC Manager Web interface uses the VMware vcenter Single Sign-On authentication service that is installed with the Platform Services Controller feature during the deployment of your system. This authentication service constructs an internal security domain based on the values entered during the deployment process of your system, and the SDDC Manager is registered in that domain. The service can authenticate users from a set of users and groups that you enter directly into the system or it can connect to trusted external directory services such as Microsoft Active Directory. Using roles, authenticated users are given permissions to operate within SDDC Manager, according to the assignments you specify using the SDDC Manager Web interface. System administrators can assign roles to users and groups. Page 35

The refresh process can take a couple minutes to complete, but you can continue on to the next step in the lab. Manage User Accounts Once you have logged in and authenticated to both SDDC Manager and the vcenter Server... Page 38

1. Select the browser tab for the SDDC Manager 2. Select the Administration Menu item in the left window pane 3. Select Users from the available drop down options 4. Click the +USER OR GROUP button in the main window pane. Page 39

Add User or Group 1. Under the All Domains drop down, select the CORP.LOCAL domain. Press return when done. Select and Add User 1. Ensure that the CORP.LOCAL domain has been selected 2. Search for the user name Sam 3. Once the search results appear, place a check mark into the box next to Sam's account. 4. Click the ADD button to add Sam to the Cloud Admin group. Page 40

Verify Account Addition 1. Verify that the user account sam@corp.local has been added and has the Cloud Admin role. This permission change will allow Sam Jones to have Cloud Admin access to the SDDC manager, however vcenter driven Role Based Access Controls still exist and have not been modified. Sam Jones will not be able to sign into vcenter or manage any vcenter objects from within the vsphere Web Client. Log out of SDDC Manager To effectively test Sam's access, you first need to log out of the SDDC Manager as the user administrator@vsphere.local. 1. Select the drop down arrow next to the current logged in user account name and then click the Log out option. Page 41

Close and re-launch browser Window After logging out as administrator, close all Chrome Browser windows to ensure Sam can sign in appropriately. 1. Once all chrome browser windows have been successfully closed, proceed to relaunch the Chrome browser by clicking the icon on the Desktop. Log in to SDDC Manager Once the browser has launched you will see two tabs open by default. The first tab is the SDDC Manager Login, the second is the vcenter Login. Page 42

Note how the existing widgets are automatically moved to accomodate the widget you are relocating. Position the widgets based on your personal preference. Delete a Widget or Two 1. Select the X in the top right corner of the Ongoing and Scheduled Updates Widget and remove it from your dashboard. Page 44

Do this with a few other widgets of your own choice. Add some New Widgets Once you have finished removing any unwanted / unneeded widgets from your dashboard... Page 45

1. Select the icon with the 3 dots, just under the username on the top right corner of the browser window. 2. Select the Add New Widgets menu option Select the type of Widgets 1. Choose which type of widget to add from the available options. 2. Click in the ADD button once you have made your selection. Please take some time to familiarize yourself with the removal, re-arranging and readding of widgets on the dashboard. Page 46

No vcenter Access Confirmation You will now verify that although Sam has access to the SDDC Manager as a Cloud Admin, he does not infact have any access to the vcenter Server. Page 47

1. Select the vcenter Server tab at the top of the browser window. 2. Click the URL refresh button. 3. Verify that Sam does not have the required permissions ro access vcenter. End of Module 2 You have completed Module 2 and should now have a good understanding of how to interact with and customize an individual users interface. Please continue to Module 3 - "Patching and Upgrading" Page 48

Module 3 - Patching and Upgrading (30 mins) Page 49

Patching and Upgrading In Cloud Foundation, the Life Cycle Management (LCM) capabilities include automated patching and upgrades for both the SDDC Manager (SDDC Manager and LCM) and other VMware software components (vcenter Server, PSC, ESXi, NSX and vsan). SDDC Manager is pre-configured to communicate with the VMware software repository. The high level update workflow is described below. 1. Notification of update availability. 2. Download update bundle. 3. Select update targets and schedule update. 4. Update is applied to the selected targets at the scheduled time. Page 50

***Note: VMware recommends that you do not create, modify, or delete a workload domain during an update. Even though SDDC Manager may be available while the update is installed, it is recommended that you schedule the update at a time when it is not being heavily used. Initial Log In 1. Please ensure that the Lab Status is green and says Ready. If it does not please let a proctor know. Page 51

2. After you have verified that the lab is ready please launch Google Chrome using the shortcut on the desktop. Log in to SDDC Manager Once the browser has launched you will see two tabs open by default. The first tab is the SDDC Manager Login, the second is the vcenter Login. Page 52

1. Select the SDDC Manager tab and verify the page URL to ensure you have the correct user interface. The SDDC Manager login URL should read https://psc-1.vcf.corp.local 2. In the User name box enter: administrator@vsphere.local 3. In the Password box enter: VMware1! 4. Click the Login button Log in to the vsphere Client 1. After the successful log in to the SDDC Manager, select the second tab in the Chrome browser for the vsphere Web Client. 2. Select the URL refresh button in the second browser tab. This action should allow you to be signed into the vsphere Client without having to enter any additional log in credentials. As we have already authenticated with the SDDC Manager and they are both in the same SSO domain, our credentials should carry through to the second browser tab. Page 53

The refresh process can take a couple minutes to complete, but you can continue on to the next step in the lab. Update Repository Rainpole Inc. has an update available for their VMware Cloud Foundation deployment. Let s walk through our options for downloading and deploying this update. 1. Once logged into the SDDC Manager, select the Repository menu item on the left navigation menu. 2. Select the Bundles sub-menu item. Page 54

From this view we can see that there is one update available. This update applies to the MGMT Workload Domain. A brief description highlights the contents of the update. Page 55

Download the Patch 1. Click Download Now, 2. A green notification ribbon should appear at the top of the screen validating that the download has been scheduled 3. Select the View Details link under the Update description to allow you to see the bundle details and what software is included Bundle Details Information such as Severity of update, the number and types of software components, the minimum required software versions and the bundle release date are shown under the details. Page 56

1. When you are done examining the details of the update, click the Exit Details link on the top right corner of the window. Page 57

1. At this point the Download Status should reflect that the Bundle Download has completed. 2. Select the MGMT link under the Bundle Details section. 3. Select the Updates / Patches tab from the MGMT Workload Domain main page. Precheck Prior to running any updates, it is always a good idea to validate the overall health of the system. Page 58

1. Select the Precheck option to begin the system health validation 2. Click the View Status link directly above the PRECHECK button. Selecting the Precheck Status link will list all the checks performed against the environment and will highlight any areas that could potentially prevent the update or patch from being applied successfully. 1. We will see that the VSAN-CORP-MGMTWLD has been flagged as a warning but shows Succeeded 2. Click the drop down to the left of the entry to see more information 3. Additional information tells you that the controller is not on the vsan HCL. Considering that this particular environemnt is running as a nested instance within the Hands On Lab environment this behavior is expected. 4. Once you have completed reviewing the details, click the Exit Details link at the top right of the window. Page 59

Run the Update In the Available Updates section, you are presented with 2 options for executing the deployment of the relevant patches or updates. Page 60

1. Choose the Schedule Update option if you'd like to specify a future date and time to execute the update. You may specify a day /time of upto 365 days out from the present day. 2. Click the X to close the Schedule Update Window, 3. Due to time constraints within the lab environment, click to UPDATE NOW button to begin an immediate update. Page 61

1. After you click the Update Now button, you will see an Update Scheduled Message Displayed. After a 1-2 min wait, an update dialog window will appear. 2. You can follow the progress of the update by monitoring the number of resources that have been updated. 3. Scroll down to view more details. Select the drop down arrow to view more granular details around the status of specific Common Services 4. This update will take about 2-3 minutes to complete. Upon completion you will see green check marks next to all common services. A green ribbon will also display the date and time the updated completed. 5. Scroll up to the top of the page and click the Finish button to exit the update status screen Page 62

Page 63

Verify Update has been Applied 1. From the main SDDC Manager Dashboard interface. Select the Inventory Menu item on the left side of the page. 2. Select the Workload Domains sub-menu item. 3. Click Workload Domains MGMT link near the bottom of the main section of the page. and then Update History 1. Select the Update History link to validate that the update you just applied was successful. 2. Clicking on the ACTIONS drop down link will allow you to download the log files associated with the update or view the update status. Page 64

End of Module 3 You have completed Module 3 and should now have a good understanding of the upgrade and patching process within the VMware Cloud Foundation environment. Please continue to Module 4 - "Workload Domain Expansion" Page 65

Module 4 - Workload Domain Expansion (30 mins) Page 66

Workload Domain Expansion Module Introduction Your manager at Rainpole Inc. has just informed you that the Datacenter Operations team has completed the racking and powering on of a new server in your rack for consumption by VMware Cloud Foundation. You will walk through the commissioning and preparation of this new server for addition into an existing cluster. The module will conclude with you decommissioning a host for use later in the lab. In this image we will be adding a server as noted in the *Available Capacity. Page 67

SDDC Manager Log In 1. Please ensure that the Lab Status is green and says Ready. If it does not please let a proctor know. 2. After you have verified that the lab is ready please launch Google Chrome using the shortcut on the desktop. Log in to SDDC Manager Once the browser has launched you will see two tabs open by default. The first tab is the SDDC Manager Login, the second is the vcenter Login. Page 68

The refresh process can take a couple minutes to complete, but you can continue on to the next step in the lab. Host Pre-requisites 1. From the main Cloud Foundation Dashboard page, select the COMMISSION HOSTS button on the top right side of the main page. Validate Host Pre-requisites 1. After validating all requirements have been met on the list and double checking with the IT Operations team, select the Select All checkbox. 2. Scroll down to the bottom of the page Page 70

3. Click the Proceed buttun to continue. Page 71

Host Details 1. In the FQDN Field, enter esx7.vcf.corp.local 2. Place a check mark in the box marked Confirm Fingerprint. 3. Specify a username of root 4. Specify a password of VMware123! 5. Under the Network Pool Name option, select NETPOOL-1 6. Once completed, verify you have specificied the correct information, then click the VALIDATE button. Upon successful validation of the host, you will be taken to the validated hosts section of the page. 1. Click the COMMISSION button to continue. Page 72

Monitor Progress 1. Expand the Task window at the bottom of the main page and click the refresh link. 2. Click the drop down arrow to the left of the Commission Hosts entry. 3. Select the View Subtasks link to drill down into all associated tasks that have been performed. Page 73

1. Expand the Tasks window to fill the browser by clicking on the double arrow link on the top right side of the Tasks window. 2. Review the status of all subtasks and eensure that all complete successfully. This could take a few minutes. Please do not proceed to the next step in the manual until all tasks have completed successfully. 3. Minimize the tasks window by clicking the X in the top right cornet of the page. Page 74

Add Hosts to Cluster 1. From the main Dashboard page of the SDDC Manager interface on the left side menu, expand the Inventory item, then select the Workload Domain submenu link. 2. Select the MGMT Workload Domain link. Page 75

Select the Cluster 1. Select the Clusters View from the menu 2. Highlight the row with cluster CORP-MGMTWLD and click the link to the left. 3. Select Add Host from the drop down menu. Select the Host The Add Hosts dialog box will walk you through adding a host. 1. Scroll down until you are able to locate esx7.vcf.corp.local 2. Place a check mark next to esx7.vcf.corp.local. 3. Click the NEXT button to continue with the wizard. Page 76

1. On the Licenses window, click the drop down to the right and select the appropriate vsphere License. 2. Click NEXT to continue 1. Validate the selected information. When ready, click the FINISH button to proceed. Monitor Progress 1. Expand the Task window at the bottom of the main page and click the refresh link. 2. Click the drop down arrow to the left of the Add new Hosts entry. Page 77

3. Select the View Subtasks link to drill down into all associated tasks that have been performed. 1. Expand the Tasks window to fill the browser by clicking on the double arrow link on the top right side of the Tasks window. 2. Review the status of all subtasks and ensure that all complete successfully. 3. Click refresh to update the status informaiton 4. Minimize the tasks window by clicking the X in the top right cornet of the page. **Occassionally the task labled MigrateHostManagmentVmknicsToDvsAction may hang in the Hands On Lab environment for up to 12 minutes. This overall action of adding a host to a cluster generally completes within 5 minutes. Click refresh in this task window to monitor the progress. Alternatively this can also be monitored through the vsphere client. If the action errors or times out, you can click restart task and it should finish immediately. Page 78

vsphere Web Client You can now navigate to the vsphere Web Client to validate that the ESXi Host has been added to the cluster. 1. Select the second browser tab and the top of the page to open the vsphere Web Client 2. Expand the vcenter-1.vcf.corp.local vcenter Server > CORP-DC Data Center and the COPR-MGMTWLD vsphere cluster. 3. Verfify that the esx7.vcf.corp.local host is visible under the CORP-MGMTWLD cluster. Remove Host from Cluster You have just been informed that Rainpole Inc. has secured a major contract with the leading Enterprise Public Cloud provider. Work on this new project is to begin immediately. In order to support the various workloads needed for the project, additional compute capacity will be required for the new vsphere cluster you will be commisioning. You will now proceed to remove and decomission the ESXi host you recently added to the MGMT Workload domain. 1. Navigate back to the SDDC Manager interface by selecting the first browser tab at the top of the screen. Page 79

2. Select the Workload Domains sub-menu item below the Inventory menu in the left navigation menu 3. Click the MGMT Workload domain link near the bottom of the Workload Domains page Page 80

Select Cluster 1. Select the Clusters menu item in the lower half of the main MGMT page. 2. Click on the CORP-MGMTWLD link. Select Host for Removal 1. Select the Hosts Menu item 2. Place a checkmark in the box next to the esx7.vcf.corp.local host 3. Click the Remove Selected Hosts link to proceed You will see the Remove hosts dialog box informing you that once the host is removed it will need to be decommissioned prior to adding it to another domain. 1. Click the Remove button to execute the removal of the host. Page 81

*In the unlikely event that the removal of the host fails, you can select the Force Remove Host check box and then click Remove. Monitor Host removal Progress 1. Expand the Task window at the bottom of the main page and click the refresh link. 2. Click the drop down arrow to the left of the Add new Hosts entry. 3. Select the View Subtasks link to drill down into all associated tasks that have been performed. 1. Expand the Tasks window to fill the browser by clicking on the double arrow link on the top right side of the Tasks window. 2. Review the status of all subtasks and ensure that all complete successfully. 3. Click refresh to update the status informaiton. (This process could take up to 5 minutes.) 4. The final subtask is ReleaseLockContractAction which would indicate a successful removal of the host from the cluster. 5. Minimize the tasks window by clicking the X in the top right cornet of the page. Page 82

Module 4 Completed Congratulations. You have completed Module 4. You should now have a good understanding on how to expand the capacity of an existing Wrokload Domain. Please follow the steps below to prepare the lab environment for the next module. Lab Preparation for Module 5 1. If you are going to proceed beyond this point in the lab to take Module 5, minimize the browser to the task bar. 2. Click on the Module Switcher Icon on the desktop 3. Select Module 5 from the list of modules. You may proceed with Module 5 once the Powershell script has completed. This process should take about 5 minutes. Page 83

Page 84

Module 5 - Workload Domain Multi-cluster (30 mins) Page 85

Workload Domain Multi-cluster Workload Domain Multi-cluster In VMware Cloud Foundation we enable the administrator to quickly deploy additional clusters in a single workload domain. This will allow them to add clusters without deploying additional vcenter, NSX Manager, or NSX Controllers. As depicted below we will add an additional cluster to the MGMT workload domain for Rainpole Inc. Important - Module 5 Preparation If you are starting Module 5 without first having completed Module 4, Please follow the steps outlined below to prepare the environment for use. If you have completed Module 4 prior to starting Module 5, You may proceed to the next step in the lab. 1. Click on the Module Switcher Icon on the desktop 2. Select Module 5 from the list of modules. You may proceed with Module 5 once the Powershell script has completed. This process should take about 5 minutes. Page 86

Page 87

The refresh process can take a couple minutes to complete, but you can continue on to the next step in the lab. Workload Domain Cluster Creation Validate Host State 1. Select the SDDC Manager Browesr tab 2. Select the Hosts sub-menu item in the left navigation pane. 3. Verify that host esx7.vcf.corp.local has a host state of Need Cleanup. Page 90

If the hosts esx1, esx2 and esx3 show a state of In MGMT and esx4, esx5 and esx6 are Unassigned you are ready to create the cluster. Page 91

Create Cluster 1. To create a new cluster, from the left navigation window click the Workload Domains sub-menu item. 2. Highlight and click the first row and column next to the MGMT Workload Domain 3. Click Add Cluster Create Cluster Wizard The Add Cluster Wizard will walk you through creating a new cluster. Page 92

1. Specify a name for the Cluster. You can use RainpoleAppCluster. Click Nex to continue. The Object Names screen displays the details for all the objetcs that will be created as part of the new cluster including Object Names and the Generated Name. 1. Click NEXT to continue. Page 93

The Storage page is wehre you define the Failures to Tolerate within the vsan Cluster. As we only have 3 hosts available to use for this module we are limited to using a Failures to Tolerate of 1 1. Click NEXT to continue The host selection screen is where you can select the unallocated hosts for the new cluster. Page 94

1. Select the checkbox in front of esx4.vcf.corp.local, esx5.vcf.corp.local, and esx6.vcf.corp.local 2. Click Nex to continue 1. Select the vsan license from the drop down menu 2. Select the vsphere license from the drop drown menu. 3. Click Nex to continue Review the setting you select from the previous steps. Page 95

1. Click Finish to continue Monitor Progress 1. Expand the Task window at the bottom of the main page and click the refresh link. 2. Click the drop down arrow to the left of the Add new Hosts entry. 3. Select the View Subtasks link to drill down into all associated tasks that have been performed. 1. Expand the Tasks window to fill the browser by clicking on the double arrow link on the top right side of the Tasks window. 2. Review the status of all subtasks and ensure that all complete successfully. Page 96

3. Click refresh to update the status informaiton 4. When the ReleaseLockContractAction is displayed with a status of successful, the task is completed. 5. Minimize the tasks window by clicking the X in the top right cornet of the page. This process takes approximately 5-15 minutes to complete depending upon performance in the Hands on Lab environment. ** Occasionally the AttachVmnicsToDvsAction will delay for 10 minutes on its own. Page 97

Validate Cluster Creation 1. Select the vsphere Web Client browser tab. 2. Expand vcenter-1.vcf.corp.local 3. Expand the RainpoleAppCluster and verify the esx4, esx5 and esx6 hosts are all present. Module 5 Completed Congratulations. You have completed Module 5. You should now understand how to successfully deploy an additoinal cluster within an existing Workload Domain. Please proceed to Module 6. Page 98

Module 6 - Certificate Authority Configuration (30 mins) Page 99

Certificate Management Certificates and VMware Cloud Foundation You can manage certificates for all external-facing Cloud Foundation component resources, including configuring a certificate authority, generating and downloading CSRs, and installing them. This section provides instructions for using Microsoft certificate authority, however Cloud Foundation also supports the use of 3rd party certificate authorities. You can manage the certificates for the following components. Platform Services Controllers vcenter Server NSX Manager SDDC Manager vrealize Automation vrealize Log Insight vrealize Operations Page 100

The refresh process can take a couple minutes to complete, but you can continue on to the next step in the lab. Certificate Replacement Configure Certificate Authority Rainpole Inc. have standardized on a Microsoft Certificate Authority. Your Manager at Rainpole Inc. has requested that a new signed certificate be generated for the NSX Manager in your MGMT Workload Domain. 1. Select the SDDC Manager browser tab. 2. Click the Administration menu item in the left navigation window. 3. Click the Security sub-menu item. 4. Enter the password for the corp\administrator. The password is VMware1! 5. Click the Save button to continue. Page 103

This will create the connection from the SDDC Manager to the backend Certificate Authority and allow us to use it in the next step. Page 104

Certificate Authority Validation 1. Verify the CA Server Certificate information and click ACCEPT when done. 2. You should recieve a notification that the CA Configuration was successful. Generate CSR 1. Select the Workload Domain menu item in the navigation window. 2. Click the MGMT Domain link Page 105

1. Select the Security Tab 2. Place a check in the box next to the nsx_manager 3. Click on the Generate CSR button Generate CSR Wizard Populate the Fields in the CSR wizard with the following information. Algorithm: RSA Key Size: 2048 Email: sam@corp.local Organizational Unit: IT Organization: Rainpole Locality: Palo Alto State: CA Country: US Page 106

1. Click Generate CSR when completed Generate Signed Certificate 1. Now that the CSR has been generated, click the Generate Signed Certificates button. 2. Select Microsoft as the Certificate Authority 3. Click on the Generate Certificates button. Page 107

If you were using a 3 rd party CA, you would click download CSR after step 1. to submit to the 3 rd party Certificate Provider. Install Signed Certificates 1. Click the Install Certificates button. Page 108

Certificate Installation Validation Due to the formatting of the Hands On Lab environment, you may need to will need to scroll over to see the status of the NSX Manager Certificate replacement. This process takes 5-10minutes to replace the certificate in the Hands On Lab Environment. While this is running please proceed in the lab, you can come back to check this status later. 1. Verify that the Certificate Installation Status for the nsx_manager shows Successful. Module 6 Completed. Congratulations. You have completed Module 6 and the new VMware Cloud Foundation 3.0 Hands on Lab. Please take a few minutes to provide feedback on your experience as this will help with future updates to this lab. Page 109