AT&T CLOUD SERVICES AT&T Synaptic Compute as a Service SM Using VMware vcloud Connector 2014 AT&T Intellectual Property. All rights reserved. AT&T, the AT&T logo and all other AT&T marks contained herein are trademarks of AT&T Intellecual Property and/or AT&T affiliated companies. All other marks contained herein are the property of their respective owners. The information contained herein is not an offer, commitment, representation or warranty by AT&T and is subject to change.
Copyright AT&T Intellectual Property. All rights reserved. AT&T, the AT&T logo and all other AT&T marks contained herein are trademarks of AT&T Intellectual Property and/or AT&T affiliated companies. All other marks contained herein are the property of their respective owners. This document is not an offer, commitment, representation or warranty by AT&T and is subject to change. The information contained in this document should not be duplicated, transmitted, or disclosed, in whole or in part without the expressed written consent of AT&T. Information in this document is subject to change without notice. AT&T assumes no responsibility for any errors or omissions in this document. Use of this document and the information is pursuant to the terms and conditions of your service agreement with AT&T. Windows and Internet Explorer are registered trademarks of the Microsoft group of companies. Firefox is trademark of Mozilla Community Safari, iphone, and ipod Touch, are trademarks of the Apple Corporation. Chrome and Android are trademarks of Google, Inc. BlackBerry is a trademark of Research In Motion (RIM) VMware vcloud is a trademark of VMware. 2014 AT&T Intellectual Property. All rights reserved.
OVERVIEW... 1 GETTING STARTED... 2 CONNECTIVITY PREREQUISITES... 2 DNS configuration... 3 Firewall configurations... 3 Secure communication... 4 Connectivity and transferring workloads and templates... 5 INSTALLATION PREREQUISITES... 6 CONFIGURE YOUR AT&T CLOUD... 8 OBTAIN YOUR ORGANIZATION URL... 8 INSTALL VCLOUD CONNECTOR NODE (AT&T)... 9 Register vcloud Connector Node (AT&T)... 13 CONFIGURE YOUR PRIVATE CLOUD... 15 CONFIGURE INTERNAL DNS (AT&T VPN AND CROSS CONNECT ACCESSIBLE VDCS ONLY). 15 INSTALL VMWARE VCLOUD CONNECTOR... 15 Install VMWARE vcloud Connector Server... 16 Install vcloud Connector Node (Local)... 17 Register vcloud Connector Node (Local)... 18 Register vcloud Connector UI in vsphere Client... 20 ADD PRIVATE CLOUD TO VCLOUD CONNECTOR UI... 21 EXTEND YOUR PRIVATE CLOUD INTO AT&T CLOUD... 22 ADD AT&T CLOUD TO VCLOUD CONNECTOR UI... 22 USING VCLOUD CONNECTOR TO MANAGE YOUR AT&T CLOUD... 23 GENERAL VCC GUIDANCE... 23 SUPPORT AND TROUBLESHOOTING... 25 SUPPORT FOR YOUR PRIVATE CLOUD... 25 SUPPORT FOR YOUR AT&T CLOUD... 25 TROUBLESHOOTING CONNECTIVITY... 26 USING VCLOUD CONNECTOR... 27 2014 AT&T Intellectual Property. All rights reserved.
Overview AT&T Synaptic Compute as a Service SM offers on-demand virtual machines and associated networking resources in a self-service, pay-as-you-go model. With AT&T Synaptic Compute as a Service you can provision, run, manage, and remove virtual assets as needed. AT&T Synaptic Compute as a Service allows management of the service via the AT&T Cloud Portal, via the VMware vcloud API, via the VMWare vcloud Director Web Console, or via the VMware vcloud Connector. This document will focus on steps to configure VMware vcloud Connector to manage AT&T Synaptic Compute as a Service. VMware vcloud Connector makes hybrid cloud management easy. The vcloud Connector plug-in for vsphere is a free download product in the VMware vcloud family. Built upon VMware vsphere and vcloud APIs, the vcloud Connector allows customers to connect VMware vsphere- or VMware vcloud Director-based private and public clouds and manage them under a single interface. Through vcloud Connector s single pane of glass user interface, you can view, copy and operate workloads, including VMs, vapps and templates across internal datacenter and private or public clouds. For more information about AT&T Synaptic Compute as a Service, please refer to the following links: AT&T Cloud Portal AT&T Enterprise Services Website AT&T Enterprise Hosting Service Guide 2011 AT&T Intellectual Property. All rights reserved. 1 of 27
Getting Started After you have ordered and gained access to AT&T Synaptic Compute as a Service, you are ready to connect to your AT&T Cloud via vcloud Connector. All AT&T Synaptic Compute as a Service resources are configured to be vcloud Connector-ready. The sections that follow provide step-by-step instructions on how to install and configure VMware vcloud Connector to manage your AT&T Synaptic Compute as a Service environment. Please note that vcloud Connector software for your private cloud is not provided by AT&T. CONNECTIVITY PREREQUISITES The VMware vcloud Connector plug-in allows you to extend your private cloud to include your AT&T cloud environment. You install the vcloud Connector plug-in at your client premise, establish bi-directional network connectivity between your client premise and the AT&T cloud and use vcloud Connector, via the familiar VMware vsphere client interface, to manage your AT&T cloud environment. The figure below illustrates the network flow of data between your client premise and the AT&T cloud infrastructure. Figure 1 vcloud Connector network flow diagram 2012 AT&T Intellectual Property. All rights reserved. 2 of 27
Note that the traffic flows between private and public cloud occur over an SSL-encrypted internet connection (HTTPS). As such, objects in each cloud must be publicly routable. DNS CONFIGURATION Both the private and public cloud components must be DNSenabled. You must configure DNS for your vcloud Connector node(s) (AT&T). You will also need to configure DNS for your private cloud components of vcloud Connector (outlined below in the section entitled INSTALL vcloud CONNECTOR.). If you are accessing vcc over your AT&T VPN or cross connect, you have the option to configure DNS with your internal DNS servers. The DNS servers for AT&T cloud are specific by IDC, as outlined below: Location Primary DNS Secondary DNS West Coast 63.241.77.8 206.17.19.8 East Coast 206.17.19.8 199.106.143.8 Dallas, TX 199.106.143.8 206.17.19.8 Amsterdam 32.42.45.8 206.17.19.8 London 32.42.21.8 32.42.45.8 FIREWALL CONFIGURATIONS AT&T CLOUD FIREWALL CONFIGURATIONS You will need to manually add firewall rules to your vdc in the AT&T Synaptic Compute as a Service firewall. In addition, if you have a vshield Edge protected vdc where your vcc node is deployed, you may need to manually update the firewall rules for vshield Edge as well. Step-by-step instructions are detailed in the INSTALL VCLOUD CONNECTOR NODE (AT&T) section below. 2012 AT&T Intellectual Property. All rights reserved. 3 of 27
PRIVATE CLOUD FIREWALL CONFIGURATIONS You will likely also need to manually add firewall rules to your private cloud. Open TCP ports 8443 and 5480, bi-directionally, between your private cloud (vcenter server, local vcc server and local vcc node) and the AT&T Cloud fully qualified domain names (FQDN(s)) for the locations you want to connect. The table below lists the FQDN for each location of the AT&T cloud. AT&T FULLY QUALIFIED DOMAIN NAME (FQDN) If you plan to configure your private and public clouds with internal DNS, be sure to put an entry in your internal DNS servers for the fully qualified domain names (FQDN(s)) below. Location FQDN West Coast https://vcloudapi.j118857.synaptic.att.com East Coast https://vcloudapi.n118402.synaptic.att.com South West https://vcloudapi.g218406.synaptic.att.com Amsterdam https://vcloudapi.p118855.synaptic.att.com London https://vcloudapi.s218858.synaptic.att.com SECURE COMMUNICATION All communication occurs using HTTPS protocol over an encrypted SSL connection. AT&T and VMware have chosen this communication protocol to best serve a variety of customers. SSL encryption enhances the security of network traffic without requiring you to install or configure hardware or software to support secure communication. The security is built-in to the vcloud Connector application. SSL encryption supports both RSA and DSA digital signature authentication methods. Each request requires a new 2012 AT&T Intellectual Property. All rights reserved. 4 of 27
authentication, thus limiting the potential impact of a compromised session. SSL encryption communicates data with a limited packet overhead per session, thus reducing the overall bandwidth required to complete each request. CONNECTIVITY AND TRANSFERRING WORKLOADS AND TEMPLATES As mentioned above, all communication between your private cloud and your AT&T cloud occurs using the HTTPS protocol over an encrypted SSL connection. However, your connectivity options to AT&T Synaptic Compute as a Service and the specific connectivity to the virtual data center where the vcloud Connector node is deployed will determine how the data flows between the vcloud Connector Server, the vcloud Connector nodes (local) and vcloud Connector nodes (AT&T), and vcloud Director (AT&T) infrastructure. If you originally ordered your service to enable access to AT&T Synaptic Compute as a Service over your AT&T Virtual Private Network (your AT&T VPN MPLS service), then you can ensure that all communications for transferring workloads and templates happens over your secure AT&T VPN network by deploying your vcloud Connector Node in the AT&T cloud in an AT&T VPNconnected virtual data center (vdc) by identifying a VIP that will be used to support the communications at the creation of the vdc. Once templates and workloads are transferred into your private catalog within the AT&T cloud, you have the choice of deploying those templates into either AT&T VPN-accessible virtual data centers or into internet-connected data centers. If you originally ordered your service to enable access to AT&T Synaptic Compute as a Service over a private cross connect to your AT&T Enterprise Hosting environment, then you can ensure that all communications for transferring workloads and templates happens over the private cross connect by deploying your vcloud Connector Node in the AT&T cloud in an AT&T VPN-connected virtual data center (vdc) by identifying a VIP that will be used to support the communications at the creation of the vdc. Once templates and workloads are transferred into your private catalog within the AT&T cloud, you have the choice of deploying those 2012 AT&T Intellectual Property. All rights reserved. 5 of 27
templates into either cross connect-accessible virtual data centers or into internet-connected data centers. If you established an IPSec tunnel using vshield Edge, AT&T does not currently support the transfer of workloads and templates over the tunnel. However, all transfers, regardless of connectivity method, do occur securely over SSL encryption as mentioned above. INSTALLATION PREREQUISITES AT&T Synaptic Compute as a Service supports vcloud Connector 1.5 over vsphere or vcloud Director. Please view the instructions at VMware.com for additional installation prerequisites including software licensing details for VMware products. Customers must have sufficient VMware vsphere administration privileges in their private cloud, and have advanced VMware vsphere administration skills. AT&T may refer you to VMware Support for technical issues you encounter with your private cloud installation or use of VMware vcloud Connector, VMware vsphere, or VMware vcenter. The vsphere Client interface uses Internet Explorer security and privacy settings. VMware recommends that you set your settings at Medium High or below to allow cookies and Javascript, both of which are necessary for the VMware vcloud Connector plug-in to work. AT&T recommends the use of Internet Explorer 7 or higher as the optimum browser for activities outlined in this document. The below chart is provided as a reference for information that you will need to install, configure and manage vcloud Connector in conjunction with your AT&T Synaptic Compute as a Service. 2012 AT&T Intellectual Property. All rights reserved. 6 of 27
ITEM DATA SOURCE vsphere / vcenter administrative account Username / password Private cloud vcloud Connector Server IP address Username / password of web admin console Private cloud vcloud Connector Node (Local) IP address Username / password of web admin console Private cloud Primary and secondary DNS servers AT&T Cloud Portal account Username / password AT&T Cloud Organization URL https://<site specific AT&T FQDN>/cloud/org/<Org-ID> Example for Ashburn Site: https://vcloudapi.n118402.synaptic.att.c om/cloud/org/104701 AT&T Cloud vcloud Connector Node(s) (AT&T) IP address Username / password of web admin console AT&T Cloud 2012 AT&T Intellectual Property. All rights reserved. 7 of 27
Configure Your AT&T Cloud To begin configuring your AT&T cloud, you will need to have created a virtual data center ( vdc ) and a vapp in each location where you will want to be able to transfer workloads and templates using vcloud Connector. For additional details, please see the AT&T Synaptic Compute as a Service Getting Started Guide on the AT&T Cloud Portal under the Overview section of My Services. You will need to log into your account to access this document. If you need to transfer workloads and templates over your secure AT&T Virtual Private Network, be sure to add a vdc with the AT&T VPN radio button selected, Enable vcloud Connector selected, and the IP address from your subnet that you will want used to enable the vcloud Connector communications within the AT&T cloud in the vdc creation screen. After creating the vdc, deploy the vapp that will hold your vcloud Connector node (AT&T) into that vdc. If you need to transfer workloads and templates over your private cross connect, AT&T will have created vdcs on your behalf during the provisioning phase. You will need to add a vapp into the vdc where you will deploy the vcloud Connector node (AT&T). OBTAIN YOUR ORGANIZATION URL The Organization URL is needed to establish, via the vcloud Connector plug-in, connectivity between your private cloud and your AT&T cloud environment. The Organization URL is unique to each AT&T Synaptic Compute as a Service location (i.e. physical data center). To obtain your Organization URL: 1. Login to your AT&T cloud account, then choose Manage Service under the Cloud Compute menu on the left. 2. Next to My Location Manager, select the location into which you will be deploying your vcloud Connector node (AT&T). The screen will refresh and My Tool Manager will appear under My Location Manager. 2012 AT&T Intellectual Property. All rights reserved. 8 of 27
3. Click Learn More under vcloud Connector. 4. Click Show vcloud Connector and note your Organization URL for use later in the process. Repeat these steps in each location (selected from the Manage Service screen in the AT&T Cloud Portal) where you will want to be able to transfer workloads and templates using vcloud Connector. INSTALL VCLOUD CONNECTOR NODE (AT&T) vcloud Connector nodes are virtual appliances that handle transferring content from one cloud to another. Transfers between clouds that are interrupted, for example because of network problems, can be resumed at the point that they were interrupted. A vcloud Connector Node must be installed in every cloud that vcloud Connector oversees; to manage your AT&T Synaptic Compute as a Service, you will install a vcloud Connector node in your local environment and one in each location (physical IDC) of your AT&T Synaptic Compute as a Service environment. The steps below will guide you through installing vcloud Connector Nodes in your AT&T Synaptic Compute as a Service environment. You should repeat these steps for each location (i.e., physical IDC) that you want to manage with vcloud Connector. The standard AT&T vcloud Connector node template is built as a virtual machine with 2 CPUs, 2GB RAM, a 10GB system/boot virtual disk and a 40GB virtual disk used for temporary staging of workloads. If you would like, you can increase the disk size to 493GB. The maximum workload you can upload without using the steps below to expand the disk size is approximately 40GB (either as a single workload of 40GB or as multiple, smaller workloads whose combined size does not exceed 40GB). If you expand the size, you will be able to transfer workloads or combinations of workloads up to 493GB. Please note: Hourly usage charges apply for vcloud Connector nodes installed in your AT&T Synaptic Compute as a Service environment; once deployed, you are charged for the allocated storage of the node. When powered on, you are also charged for the vcpu and RAM. If your node is deployed in a committed virtual data center, the vcpu, RAM and storage are part of your allocation pool and not charged separately. To install a vcloud Connector node: 2012 AT&T Intellectual Property. All rights reserved. 9 of 27
1. Login to the AT&T Cloud Portal, then click Manage Service under the Cloud Compute menu and choose your location. 2. If you have not already done so, create a new vdc in which you will deploy the vcc Node. Click the VDC tab, then click the + Add VDC button. 3. AT&T recommends that you create a separate, dedicated vapp in which to create vcc Node(s). Note: Customers need one node per site (location). If you are connecting to your vdc via AT&T VPN or cross connects, you should deploy one vcc node per AT&T VPN or cross connect accessible vdc. 4. Click the VM tab, then choose the VDC and vapp in which to create the vcc Node. 5. Click +Add VM on the upper right side of the page. 6. Use the form to specify details for your VM. Be sure to select VMware vcloud Connector Node as the VM template and specify a complex, high-strength password. 7. Click Create in the bottom right-hand corner of the form. 8. Once the VM creation process completes, click the VM tab then choose the VDC and vapp in which the vcc Node resides. Click Details for the vcc Node VM, and note its IP address. a. To avoid usage charges, leave the vcc Node VM in a Powered Off state until you re ready to complete the next steps and the steps outlined in the section entitled, REGISTER VCLOUD CONNECTOR NODE. 9. Click the VDC tab, then select the Actions drop-down next to the vdc in which you want to create a vcc Node. 10. Click Create Firewall Rule. Note: Firewalls need to build for internet accessible vdcs, not for AT&T VPN or cross connect accessible vdcs). Create an incoming firewall rule with the following properties: a. Rule Name: vcc_5480 b. Protocol: TCP c. Source IP: any : 0 o Note: Your network administrator can identify your source public IP address to further restrict access, if desired. 2012 AT&T Intellectual Property. All rights reserved. 10 of 27
d. Destination: <IP address of vcc node in AT&T Cloud> : 5480 e. Description: vcc Node Web Management UI f. If your vdc is also protected by vshield Edge that is configured to block traffic, create the same firewall rules on the vshield Edge. 11. Select the Actions drop-down again next to the vdc in which you want to create a vcc Node. Click Create Firewall Rule. (Note: Firewalls are needed for internet accessible vdcs, not for AT&T VPN or cross connect accessible vdcs.) Create an incoming firewall rule with the following properties: a. Rule Name: vcc_8443 b. Protocol: TCP c. Source IP: any : 0 o Note: Your network administrator can identify your source public IP address to further restrict access, if desired. d. Destination: <IP address of vcc node in AT&T Cloud> : 8443 e. Description: vcc Node Communication Port f. If your vdc is also protected by vshield Edge that is configured to block traffic, create the same firewall rules on the vshield Edge. 2012 AT&T Intellectual Property. All rights reserved. 11 of 27
12. Power on the vcc Node VM. 13. Open the vcc Node (AT&T) admin web console by pointing your internet browser to https://<vccattnodeipaddress>:5480 and login. Refer to vcloud Connector documentation for the default username and password for the vcc Node admin web console. Change the password and as desired, configure vcc Node. AT&T recommends that you immediately change the password via the admin web console to meet complex, high-strength password rules. 14. Configure the vcc Node. The following tabs are available. a. System: provides general information, allows configuration of times zones and allows shutdown and reboot of the vcc Server o AT&T recommends that you configure the time zone of the vcc Node. b. Network: displays network-related information, allows switch between DHCP and static IP addresses and configuration of proxy information o Note: Your vcc Node VM (AT&T) will always have a static IP address, assigned by AT&T. Do not change this IP address. o You must verify and/or configure DNS for the vcc node. For internet accessible vdcs, the vcc node (AT&T) must be able to communicate to/from the appropriate AT&T Fully qualified domain name (FQDN listed on page 4 of this document and to/from the local vcc node. If you are deploying vcc over AT&T VPN or cross connect, you have the option to configure DNS with your own DNS servers. c. Update: allows you to check your update status of your virtual appliance and to set your update policy. d. Node: allows you to change the Node web console password, adjust log levels, and manage SSL certificates. 15. (Optional) To expand the vcc node and enable the transfer of larger workloads, complete the following steps. Note that if the script is not run, the usable disk space remains at 40GB. 2012 AT&T Intellectual Property. All rights reserved. 12 of 27
a. Log into the node. b. Run the following command: sudo /opt/vmware/hcagent/scripts/add_disk.sh sdc c. See example below. Note due to overhead, the available disk is 493 GB. REGISTER VCLOUD CONNECTOR NODE (AT&T) Once the vcloud Connector Node (AT&T) has been installed and configured, it must be registered with the vcloud Connector Server. To register your vcloud Connector Node (AT&T): 1. If necessary, power on the vcc Node VM using the AT&T Cloud Portal. a. From the Service Management page, click the VMs tab. Select the VDC and vapp in which the vcc node VM is located, and then choose Actions -> Power On. 2. Open the vcc Server admin web console by pointing your internet browser to https://<vccserveripaddress>:5480 and login 3. Select the Servers tab and select Nodes. Click Register Nodes, complete the required information and click Register. The next section, vcloud Connector Node Registration Form, documents the fields to complete. 2012 AT&T Intellectual Property. All rights reserved. 13 of 27
VCLOUD CONNECTOR NODE REGISTRATION FORM The vcloud Connector Node registration form has the following fields: Name: Enter a name for the cloud where the vcc Node is installed. This name is the display name in the vcc UI. Type: Select the type of cloud. For AT&T Cloud vcc nodes, select VMware vcloud Director. FQDN/IP Address: For AT&T cloud vcc nodes, use the Organization URL, such as: https://vcloudapi.n118402.synaptic.att.com/cloud/org/xxx xx Public: Select this field, since the AT&T cloud is a public cloud outside of the firewall where your vcc Server is installed. Use Proxy: Select if your local (private cloud) vcc Server needs to use a proxy to reach the AT&T Cloud vcc Node you are registering. Ignore SSL Certificate: Check if you installed an SSL certificates, but it is not valid / has expired. Do not check if you did not install an SSL certificate, or if you installed a valid, current SSL certificate. o Note: If you did not install a valid certificate, and you do not select this check box, copying fails. If you do select this check box, and later install a valid certificate, you must deselect this check box and restart the server. IP Address: Type the IP address of the vcc Node to register. Username: Type an administrative username for the Node admin Web console. Password: Enter the password for the username. 2012 AT&T Intellectual Property. All rights reserved. 14 of 27
Configure Your Private Cloud This guide provides the steps required to configure your private cloud with vcloud Connector. However, each implementation may be different, depending on an individual company s implementation. If additional detail is needed, please view the instructions at VMware.com for more detailed installation and configuration instructions and prerequisites including software licensing details for VMware products installed within your private cloud. Customers must have sufficient VMware vsphere administration privileges in their private cloud, and have advanced VMware vsphere administration skills. AT&T may refer you to VMware Support for technical issues you encounter with your private cloud installation or use of VMware vcloud Connector, VMware vsphere, or VMware vcenter. CONFIGURE INTERNAL DNS (AT&T VPN AND CROSS CONNECT ACCESSIBLE VDCS ONLY) 1. Get the VIP you designated when creating the vdc 2. Add a new zone for the sub domain of the AT&T FQDN. Example: g218406.synaptic.att.com 3. Add an A record to the zone of the domain of the AT&T FQDN: Example: vcloudapi A 192.169.3.100 INSTALL VMWARE VCLOUD CONNECTOR VMware vcloud Connector is packaged in two ZIP files: one for the vcloud Connector server virtual appliance and one for the vcloud Connector node virtual appliance. Both server and node virtual appliances can be downloaded, unzipped and deployed to VMware vcenter 4.0 or higher via VMware vsphere Client. vcloud Connector is currently available as a free download from VMware.com. 2012 AT&T Intellectual Property. All rights reserved. 15 of 27
INSTALL VMWARE VCLOUD CONNECTOR SERVER The VMWare vcloud Connector server is a virtual appliance that coordinates the activity of vcloud Connector, controls all of the registered vcloud Connector Nodes across clouds, and produces the vcloud Connector UI. Only one vcloud Connector Server is needed. To install the vcloud Connector Server to your local vsphere or vcloud Director environment: 1. Download VMware vcloud Connector Server and Node v1.5 virtual appliances from VMware.com and unzip the packages. 2. Log in to vsphere client. You must have an administrative account on the vsphere client in which you deploy the vcloud Connector Server. 3. Select File > Deploy OVF template. 4. Click Browse to navigate to the OVF directory of the vcc Server you downloaded and unzipped. Select the vcc Server ovf file, then click Open. 5. Click Next and proceed through the wizard. a. If you are going to use a static IP address, be sure to use the Networking Properties step in the wizard to set basic network properties. Otherwise you can wait and set those properties when you configure your server. 6. In the vsphere Client, select Inventory > VMs and Templates to see the created virtual machine in the tree. Power on the vcc Server. 7. Find the IP address of the vcc Server (not the Host) in the Summary tab for the Server in the vsphere Client interface. Make a note of the IP address; you will need it later in the process. 8. Open the vcc Server admin web console by pointing your internet browser to https://<vccserveripaddress>:5480 and login. a. Refer to vcloud Connector documentation from VMware for the default username and password for vcc Server admin web console. AT&T recommends that you immediately change the password to meet complex, high-strength password rules. 9. Change the password and as desired, configure vcc Server. The following tabs are available. 2012 AT&T Intellectual Property. All rights reserved. 16 of 27
a. System: provides general information, allows configuration of times zones and allows shutdown and reboot of the vcc Server o AT&T recommends that you configure the time zone of the vcc Server. b. Network: displays network-related information, allows switch between DHCP and static IP addresses and configuration of proxy information o AT&T recommends that you configure DNS for the vcc node. The vcc node must be able to communicate to and from the AT&T Fully qualified domain name (FQDN. c. Update: allows you to check your update status of your virtual appliance and to set your update policy. d. Server: has two parts. One part allows you to change the admin web console password, adjust log levels, and manage SSL certificates. The other part is used later, in the registration processes. INSTALL VCLOUD CONNECTOR NODE (LOCAL) To install the vcloud Connector Node to your local vsphere environment: 1. Download VMware vcloud Connector Server and Node v1.5 virtual appliances from VMware.com and unzip the packages. 2. Log in to vsphere Client. 3. Select File > Deploy OVF template. 4. Click Browse and navigate to the OVF directory of the vcc Node you downloaded and unzipped. Select the vcc Node ovf file, then click Open. 5. Click Next and proceed through the wizard. a. If you are going to use a static IP address, be sure to use the Networking Properties step in the wizard to set basic network properties. Otherwise you can wait and set those properties when you configure your server. b. AT&T recommends that you configure the local node with the same virtual disk space as the remote node(s). If one node is larger than the other and a workload or template can only be supported by the larger node, the transfer will fail. 2012 AT&T Intellectual Property. All rights reserved. 17 of 27
6. In the vsphere Client, select Inventory > VMs and Templates to see the created virtual machine in the hierarchy tree. Power on the vcc Node. 7. Find the IP address of the vcc Node (not the Host) in the Summary tab for the Server in the vsphere Client interface. Make a note of the IP address; you will need it later in the process. 8. Open the vcc Node (Local) admin web console by pointing your internet browser to https://<vcclocalnodeipaddress>5480 and login. a. Refer to vcloud Connector documentation from VMware for the default username and password for vcc Node admin web console. AT&T recommends that you immediately change the password to meet complex, high-strength password rules. 9. Change the password and as desired, configure vcc Node. The following tabs are available. a. System: provides general information, allows configuration of times zones and allows shutdown and reboot of the vcc Server i. AT&T recommends that you configure the time zone for the vcc Node. b. Network: displays network-related information, allows switch between DHCP and static IP addresses and configuration of proxy information i. You must configure the vcc node with DNS information. The vcc node must be able to communicate to and from the AT&T Cloud infrastructure, identified by the FQDN of your org vdc URL (See the section above, AT&T Fully qualified domain name (FQDN). c. Update: allows you to check your update status of your virtual appliance and to set your update policy. d. Node: allows you to change the Node web console password, adjust log levels, and manage SSL certificates. REGISTER VCLOUD CONNECTOR NODE (LOCAL) Once the local vcloud Connector Node has been installed and configured, it must be registered with the vcloud Connector Server. To register your local vcloud Connector Node: 2012 AT&T Intellectual Property. All rights reserved. 18 of 27
1. Open the vcc Server admin web console by pointing your internet browser to https://<vccserveripaddress>:5480 and login. 2. Select the Servers tab and select Nodes. Click Register Nodes, complete the required information and click Register. VCLOUD CONNECTOR NODE REGISTRATION FORM The vcloud Connector Node registration form has the following fields: Name: Enter a name for the cloud where the vcc Node is installed. This name is the display name in the vcc UI. Type: Select the type of cloud. For local vcc nodes, select the appropriate setting for your private cloud. FQDN/IP Address: For local vcc nodes, use the IP address or fully qualified domain name of the vcenter Server. If your vsphere cloud uses a port other than the default 443, indicate that in the address. Public: Do not select; applies only if the cloud is a public cloud outside of the firewall where your vcc Server is installed. Use Proxy: Select if the vcc Server needs to use a proxy to reach the vcc Node you are registering. Ignore SSL Certificate: Check if you did not install valid certificates. Note: If you did not install valid certificates, and you do not select this check box, copying fails. If you do select this check box, and later install a valid certificate, you must deselect this check box and restart the server. IP Address: Type the IP address of the vcc Node to register. Username: Type an administrative username for the Node admin Web console. Password: Enter the password for the username. 2012 AT&T Intellectual Property. All rights reserved. 19 of 27
REGISTER VCLOUD CONNECTOR UI IN VSPHERE CLIENT To register the vcloud Connector UI in your local vsphere Client: 1. Open the vcc Server admin web console by pointing your internet browser to https://<vccserveripaddress>:5480 and login. 2. Select the Server tab and select vsphere Client. Enter the fields, then click Register. a. vcc Server IP/FQDN i. If you are using DHCP, the vcc Server address text box is automatically populated. b. vcenter server IP/FQDN i. If your vcenter Server is running on a port other than the default 443, make sure you indicate the port along with the IP address. c. Administrator user credentials for the vcenter server d. Select Overwrite existing registration only if you have a previously registered version of the vcc Server that you are replacing with this current version. 2012 AT&T Intellectual Property. All rights reserved. 20 of 27
ADD PRIVATE CLOUD TO VCLOUD CONNECTOR UI If desired, you can configure the vcloud Connector UI to manage your private cloud (local vcloud/vsphere installation). This is an optional step that enables the single pane-of-glass management tool for managing hybrid cloud environments. To add your private cloud to the vcloud Connector UI, follow these steps: 1. Login to the vsphere client of your private cloud. Click Home and then click the vcloud Connector icon in the Solutions and Applications area. a. AT&T recommends that you begin with a fresh start of vsphere client. If vsphere client was running, stop and restart the vsphere client before proceeding with the next steps. 2. In the left panel, click +Add Cloud. 3. Select the Name of the cloud to add from the drop-down menu. a. Only clouds whose nodes are registered with the vcc Server are displayed. If you haven t already done so, follow the steps in Register vcloud Connector Node (Local). 4. Enter the authentication credentials. 5. Click Add. a. If the vcc Node type is VMware vcenter Server, type the username and password for the user account with administrative role on the vcenter. a. Note: If you are using IE 7 or better (or the vsphere Client plug-in) and the cloud you are adding has a large number of VMs, you may get a Stop running this script? dialog box one or more times as the VMs load. Click No each time the popup appears. Do not switch between clouds until at least one screen of the new cloud has loaded. The cloud by name appears in the left panel and the cloud's templates and workloads appear in the center panel. 2012 AT&T Intellectual Property. All rights reserved. 21 of 27
Extend Your Private Cloud into AT&T Cloud To use vcloud Connector to manage and oversee your AT&T Synaptic Compute as a Service, add the AT&T cloud to the vcloud Connector UI. ADD AT&T CLOUD TO VCLOUD CONNECTOR UI To add your AT&T Synaptic Compute as a Service to the vcloud Connector UI, follow these steps: 1. Login to the vsphere client of your private cloud. Click Home and then click the vcloud Connector icon in the Solutions and Applications area. 2. In the left panel, click +Add Cloud. 3. Select the Name of the cloud to add from the drop-down menu. a. Only clouds whose nodes are registered with the vcc Server are displayed. If you haven t already done so, follow the steps in the section entitled, REGISTER VCLOUD CONNECTOR NODE (AT&T) 4. Enter the authentication credentials for your AT&T Cloudbased Services account. 5. Click Add. a. Note: If you are using IE 7 or better (or the vsphere Client plug-in) and the cloud you are adding has a large number of VMs, you may get a Stop running this script? dialog box one or more times as the VMs load. Click No each time the popup appears. Do not switch between clouds until at least one screen of the new cloud has loaded. 6. The cloud by name appears in the left panel and the cloud's templates and workloads appear in the center panel. 2012 AT&T Intellectual Property. All rights reserved. 22 of 27
Using vcloud Connector to Manage Your AT&T Cloud Once you have configured vcloud Connector to include your AT&T Cloud environment, you can use this single pane-of-glass user interface to manage your AT&T Cloud environment as outlined in the VMware vcloud Connecto r U ser s Gui de AT&T currently supports communication with customer environments running vcloud Connector over vsphere plug-in. We do not currently support communications with customer environments running vcloud Connector over vcloud Director plug-in. GENERAL VCC GUIDANCE The following points are general concepts to keep in mind when using vcloud Connector to interface with the AT&T Cloud: When using the VMwar e vcl oud Connecto r Us er s Gui de, AT&T s Cloud environment is a vcloud Director Cloud and your cloud will be either a vsphere Cloud or a vcloud Director Cloud depending on what you have deployed in your private cloud. You must configure DNS and the correct time zone on each vcc node, both in your private cloud (local) and in your AT&T Cloud. This step is frequently overlooked. You must ensure that the registration parameters on your local vcc server correctly point to your vcc node (AT&T); otherwise, unexpected errors may occur. The VMware error messages do not clearly denote which registration parameter(s) are invalid. If these errors occur, within your local vcc server you must un-register and re-register your vcc node (AT&T). Once you have configured your local vcc server to point to your vcc node (AT&T), you can start using the vcloud Connector plug-in within vcenter to manage your AT&T cloud resources. The plug-in may be sluggish; please wait for your AT&T cloud resources to fully populate within the plug-in, otherwise you may get missing parameters/selections for subsequent tasks such as copying templates or workloads. 2012 AT&T Intellectual Property. All rights reserved. 23 of 27
vcloud Connector enables you to transfer (copy) only templates or powered down workloads between clouds which can then be deployed as vapps or virtual machines in the respective clouds. AT&T currently supports VMware hardware version 7; AT&T does not support VMware hardware version 8. If your private cloud uses VMware hardware version 8 (standard with vsphere5 or higher), you must downgrade your VMware hardware to version 7 before transferring workloads or templates to AT&T Cloud. AT&T does not currently support the Deploy feature within vcloud Connector. You must copy the workload to your AT&T Synaptic Compute as a Service environment, and use the AT&T Cloud Portal to deploy the workload. vcloud Connector does not provide the functionality to create a vdc, to update the firewall policy or to update the load balancer policy. You must use the AT&T Cloud Portal to complete these actions. VMware does not support the in-place update of a template. To patch or otherwise update the templates uploaded to your AT&T cloud, you must use either vsphere or another hypervisor to create a new template and upload the new file(s) to your AT&T cloud, or deploy the template as a vapp/vm, modify the vapp/vm, and then create a new template from the modified vapp/vm. Once you have deployed VMs from a template, there is no connection between a VM and its source template. If a patch or configuration change is required, the source template and all VMs must be changed. To patch or otherwise update VMs deployed from templates, you would patch those VMs directly or use the console access referenced in the VMware vcloud Connector User s Guide. A vcloud Connector node must be running in the same location (i.e., physical IDC) that has the VMs you want to manage through the vcc user interface at your location. A single vcc node in the AT&T cloud cannot manage VMs across locations. AT&T does not currently support the transfer of workloads and templates over IPSec tunnels created in vshield Edge. Transfers to vcc nodes in those vdcs will occur over the internet using SSL encryption. 2012 AT&T Intellectual Property. All rights reserved. 24 of 27
Support and Troubleshooting Should you encounter issues during the process to extend your private cloud to manage your AT&T cloud resources, please use the following resources. SUPPORT FOR YOUR PRIVATE CLOUD AT&T offers the steps to Configure Your Private Cloud as a convenience for our customers. AT&T may refer you to VMware Support for technical issues you encounter with your private cloud installation or use of VMware vcloud Connector, VMware vsphere, or VMware vcenter. Please view the instructions at VMware.com for installation prerequisites including software licensing details for VMware products. Customers must have sufficient VMware vsphere administration privileges in their private cloud, and have advanced VMware vsphere administration skills. In addition to this document, VMware provides additional vcloud Connector resources. SUPPORT FOR YOUR AT& T CLOUD AT&T Cloud Portal offers a variety of technical support and online resources to our cloud users. Please refer to our online Support Center for FAQs, Getting Started guides and basic information on any of our cloud services including Synaptic Compute as a Service. If you encounter issues when you Configure Your AT&T Cloud or, when you Extend Your Private Cloud into AT&T Cloud, please login to the AT&T Cloud Portal and submit a support request via Support under the My Service menu. If you encounter issues during the registration of the vcc Node VM, AT&T recommends that you review the log files on the vcc Node to view error messages and additional information. If you contact AT&T for support, we may ask you to provide us with all or a portion of these files. /opt/vmware/hcserver/logs/hcs.log (vcc server log) /opt/vmware/hcagent/logs/hca.log (vcc node log) 2012 AT&T Intellectual Property. All rights reserved. 25 of 27
TROUBLESHOOTING CONNECTIVITY As outlined in the VMware vcloud Connector installation instructions, a successful vcloud Connector configuration depends on careful configuration of networking between components of your private cloud (vcenter, vcloud Connector plug-in, vcloud Connector server, vcloud Connector local node) and your AT&T cloud environment (vcc node (AT&T) and vcloud (AT&T) infrastructure). You can use curl to pinpoint connectivity problems among the components of your vcloud Connector installation. Log into the appropriate instance as admin via SSH. The following procedure tests all the connections in order. Use whichever segments are useful to you. Use the -x, --proxy <[protocol://]proxyhost[:port]> option if necessary. If the port number is not specified, it is assumed to be 1080. vcc does not support proxies that require username/password. 1. Test the connection between the vcc Server and a vcd cloud: curl -k -v https://<at&t Fully qualified domain name (FQDN>/api/versions 2. Test the connection between the vcc Server and a vcenter Server: curl -k -v https://vc-host/mob 3. Test the connection between the vcc Server and a vcc Node: curl -k -v https://nodehost:8443/agent/status 4. Test the vcc Node connections used in the copy path by first logging into the vcc Node located in the vsphere private cloud. 5. Test the connection between the vcc Node and the vcenter Server: curl -k -v https://vc-host/mob 6. Test the connection between the vsphere vcc Node and a vcd vcc Node outside the firewall: curl -k -v https://node-host:8443/agent/status 7. Next log into the vcd vcc Node. 8. Test the connection between the vcd vcc Node and the vcd cloud: curl -k -v https://<at&t Fully qualified domain name (FQDN>/api/versions 2012 AT&T Intellectual Property. All rights reserved. 26 of 27
AT&T Synaptic Compute as a Service SM December, 2012 USING VCLOUD CONNECTOR Please refer to the VMware vcloud Connector User s Guide. 2012 AT&T Intellectual Property. All rights reserved. 27 of 27