Month: September 2023

VMware Cloud Foundation: SDDC Manager Day 1 Configurations: Connect to an Online Depot

CaptainvOPs

Blog Date: 9/29/2023

Another day 1 operation in a newly deployed VCF environment, would be to configure a service account to connect the SDDC manager to your organization’s VMware Customer Connect account.

This service account would need the following permissions: Access to view licenses, products, and be able to download products. This service account would need to be configured in the VMware Customer Connect portal. For the user email address, I typically have customers use a group distribution email. Configuring SDDC manager to use a service account, will allow it to access the VMware Depot without relying on a employee account, which will be more secure. Just be sure to set a strong 18-20 character password, and record the account details in a secure location. *PRO TIP: Log into the customer connect portal using the service account you created, and verify that you can view licenses, products, and download products. This will insure the account meets all access requirements that the SDDC manager will need when we configure the depot settings below.

Just like we did in the previous blog, we’ll click the question mark in the upper right, and select Guided Setup.

On the next screen, we’ll want to continue with Step 2 Configure SDDC Manager. Click VIEW DETAILS.

Select Connect to the Online Depot and click NEXT.

If there’s no proxy to configure for the SDDC manager to reach the internet, click SKIP CONFIGURE PROXY.

Add the details for the VMware depot service account mentioned above and click AUTHORIZE.

Assuming the service account has the correct permissions, you shouldn’t get any errors. A connectivity error may indicate a firewall access issue.

To validate that you can see and download bundles, under Lifecycle Management in the left hand menu, select Bundle Management. (No available bundles when screenshot was taken).

For more information on how to connect to the VMware Depot, see VMware’s Documentation Download and Install Bundle from SDDC Manager.

In the next blog, I will cover how to configure a certificate authority in the SDDC manager using Open SSL.

VMware Cloud Foundation: SDDC Manager Day 1 Configurations: Identity Provider

CaptainvOPs

Blog Date: 9/22/2023

Another day 1 operation in a newly deployed VCF environment, would be to configure an identity provider. Just like we did in the previous blog, we’ll click the question mark in the upper right, and select Guided Setup.

On the next screen, we’ll want to continue with Step 2 Configure SDDC Manager. Click VIEW DETAILS.

In the Configure SDDC Manager wizard, click Connect Identity Provider, then click Next.

Here, we will be configuring the identity provider that will be used in the vCenter. Click the Select Identity Provider from the drop-down menu, select Embedded. Click the Select Identity Source drop-down menu, select AD over LDAP. Click Next.

Fill in the LDAP Settings.

In this example, I don’t use a certificate for LDAP connectivity. Your mileage may vary. Click NEXT. Validate the information on the Review page matches the table above, then click SUBMIT. Wait for the save to complete, then validate that Connect an Identity provider has a green check mark.

Now that a identity provider has been established, you can now configure access to those who you trust to perform administrative tasks. The SDDC manager already comes preconfigured with a vsphere.local group called sddcadmins defined in the vSphere. Depending on your security needs, you can also add users and groups directly in the SDDC manager. In this example. I will configure access through the sddcadmins group in vSphere.

If we drop down into the vSphere, first we will want to set the identity provider as the default authentication source.

Next, you’ll want to locate the SDDCAdmins group and add the organization’s trusted admins who will be administering the SDDC. Typically, I have customers define an AD group with the SDDC admins, so that you only need to define the group in the vSphere. As the AD account membership to the group organically changes with users, you won’t have to worry about updating the vCenter group.

Likewise, you can also add the vSphere admins group defined in AD to the Administrators group in vSphere.

For more information on configuring access in the SDDC, see VMware’s documentation on Managing Users and Groups in VMware Cloud Foundation.

VMware Cloud Foundation: SDDC Manager Day 1 Configurations: Backups

CaptainvOPs

Blog Date: 9/15/2023

After VCF has been deployed, you can log into the SDDC manager and configure the backups for the SDDC manager and NSX. (This does not configure vCenter backups, so you will still need to log into the vcenter:5480 to configure that manually). You can opt to use the guided setup by clicking the question mark in the upper left.

When the wizard loads, On the left side, click Register a Backup Server and click NEXT.

Select the four prerequisite check boxes and click NEXT. Register the external SFTP server to enable automatic backups for SDDC Manager. Note: The SSH fingerprint text box is automatically filled once a successful connection to the backup server has been made.

Click Register. Wait for the registration to complete and the Setup Automatic Backup page displays. Setup Automatic Backups configure the wizard with the values that best suite your backup strategy.

Click Save.

After the backup settings have been saved, it is wise to manually kick-off the backup job by clicking Backup Now. You can monitor the backup task job status in the bottom tasks pane.

For more information, see the official VMware documentation -> Backup and Restore of VMware Cloud Foundation.

In the next blog, I’ll walk through connecting VCF to an identity provider.