TeraSky How To: VMC on AWS Cloud Account for vRealize Automation 8.6 over the internet

One of the nine available cloud accounts options for vRealize Automation from VMware is VMware Cloud on AWS (VMC). To deploy a software-defined data center (SDDC) in VMC, the most common and well document approach is to establish a secure VPN connection to the SDDC from an on-premises environment, and to utilize the private addresses of the vCenter and NSX-T deployments. This method works perfectly out of the box.

But how can an SDDC be deployed over the internet? Internet-enabled deployment can be useful in cases where a quick and easy connection between vRA and VMC is needed, or when there is no installed VPN solution and working over the internet is the only option. Unfortunately, the documentation for this method isn’t very clear, and what limited information provided by the SDDC console it isn’t very precise. Nevertheless, TeraSky’s experts uncovered the right configuration, and are sharing the configuration.

1. The first thing you’ll be asked for while trying to add the VMC cloud account is your API token. Once you apply the API token, some of the values will be auto-filled:

2. Both vCenter IP addresses and NSX Manager FQDN are populated with the private address values, which won’t work for this scenario. Instead, all of the relevant information for connecting to vCenter and NSX-T over the internet can be found in the SDDC console, under the settings tab:

3. The vCenter FQDN is currently resolvable for the public IP and causes no issues, but the URL to access the NSX via the internet (Public), “nsx-12-123-124-12.rp.vmwarevmc.com/vmc/reverse-proxy/api/orgs/6403bc20-abcd-1234-aba0-19eafaaaa3b/sddcs/e924321-2321-4cdd-baaa-d0fd38bvcd/vmc/index.html”, must be changed to remove “/vmc/index.html” from the end. The final URL is: “nsx-12-123-124-12.rp.vmwarevmc.com/vmc/reverse-proxy/api/orgs/6403bc20-abcd-1234-aba0-19eafaaaa3b/sddcs/e924321-2321-4cdd-baaa-d0fd38bvcd”.

Anyone implementing this approach should remember to take care of the firewall on both ends and allow communication. As a bonus, our team also tested whether the vRA would be able to create on-demand segments in VMC for each deployment and found that it worked exactly as with on-premises NSX-T deployment.

This blog was contributed by:

Yev Berman (Hybrid Cloud & Automation Team Leader), Tsachi Benassayag (Hybrid Cloud Solution Specialist) and Sagi Ilan (Hybrid Cloud & Automation Senior Consultant)