VMware Cloud Expert

Lab 05 - Lab – Hybrid Linked Mode

Updated

Introduction

Hybrid Linked Mode allows you to link your VMware Cloud on AWS vCenter Server instance with an on-premises vCenter Single Sign-On domain.

If you link your cloud vCenter Server to a domain that contains multiple vCenter Server instances linked using Enhanced Linked Mode, all of those instances are linked to your cloud SDDC.

Using Hybrid Linked Mode, you can:

  • View and manage the inventories of both your on-premises and VMware Cloud on AWS Datacenters from a single vSphere Client interface, accessed using your on-premises credentials.
  • Migrate workloads between your on-premises data center and cloud SDDC.
  • Share tags and tag categories from your vCenter Server instance to your cloud SDDC.

Hybrid Linked Mode supports on-premises vCenter Server systems running 6.0 Update 3 patch c and later with either embedded or external Platform Services Controller (both Windows and enter Server Appliance). vCenter Server systems with external platform Services Controller instances linked in Enhanced Linked Mode are also supported.

You have two options for configuring Hybrid Linked Mode. You can use only one of these options at a time.

  • You can install the Cloud Gateway Appliance and use it to link from your on-premises data center to your cloud SDDC. In this case, SSO users and groups are mapped from your on-premises environment to the SDDC.
  • You can link your VMware Cloud on AWS SDDC to your on-premises vCenter Server. In this case, you must add an identity source to the SDDC LDAP domain.

 

For this lab we ill use the Cloud Gateway Appliance (Option 1). This is the favored option as it doesn’t require you to expose your AD infrastructure to the cloud and open multiple firewall ports

Below are key prerequisites to configuring Hybrid Linked Mode:

  1. Configure a connection between your on-premises data center and the SDDC. Direct Connect, a VPN, or both can be used.
  2. Regardless of the type of connection chosen, the vCenter FQDN must resolve to a private IP address. This is not the default configuration.
  3. Ensure that your on-premises data center and your cloud SDDC are synchronized to an NTP service or other authoritative time source. When using Hybrid Linked Mode, VMware Cloud on AWS can tolerate a time skew of up to ten minutes between the on-premises data center and the cloud SDDC.
  4. The maximum latency between your cloud SDDC and on-premises data center cannot exceed 100ms round-trip.
  5. Decide which of your on-premises users will have Cloud Administrator permissions. Add these users to a group within your identity source. Ensure that this group has access to the on-premises environment. In this lab, we use a user called “SDDCAdmin
  6. On-Premises and Management Gateway firewall must allow the required ports

In our lab environment, the Cloud Gateway Appliance has already been deployed. We will begin by reviewing its settings and proceed with the HLM Configuration afterward.

 

TASK

Task 1 - Review Cloud Gateway Appliance Settings

 

  1. From the VDI Desktop open the Google Chrome Browser or Firefox
  2. Launch the VI Management > VCGW VAMI bookmark or browse to https://vcgw-l-01a.vcn.ninja.local:5480
  3. Login as
    • root
    • VMwareNinja1!  Note: You can also use ctrl+m to paste in the password

 

  1. In the left pane, click the Networking menu to view the Hostname and IP settings of the appliance
  2. Note: we already have a firewall rule on the MGW allowing vCenter and ESXi access form the 192.168.110.0/24 subnet
  3. In the left pane, click the Time menu to confirm NTP time servers have been set to ntp.org:
    • 0.us.pool.ntp.org
    • 1.us.pool.ntp.org

 

Task 2 - Create an HLM Admin Group

 

  1. From the VDI Desktop Click the Remote Desktop Shortcut on the desktop to connect to the Domain controller.
    Click the Ninja DC&DNS icon
  2. If Prompted enter the following details to connect to the domain controller:
    • Computer: 192.168.110.10
    • Username: Ninja\Administrator
    • Password: VMwareNinja1!  Note: You can also use ctrl+m to paste in the password
  3. From the start menu of the Domain Controller Click the blue icon on the right for Active Directory Users and Computers

 

  1. Right-Click the Users Container
  2. Select New, Click Group
    • Group Name: SDDC Admins
    • Leave group scope as Global and type as security (defaults)
    • Click OK
  3. Double-Click the Newly created “SDDC Admins” Group
  4. In the Popup click the Members Tab
  5. Click Add
  6. In the second pop up type SDDCAdmin and Click Check Names
  7. Click OK (To add SDDCAdmin to the SDDC Admins Group) and close the 2nd pop up
  8. Click Apply, then OK to close the pop up
  9. Close/Disconnect the Remote Desktop Session
Task 3 - Configure Hybrid Linked Mode

We will now configure Hybrid Linked mode by registering the On-Premises vCenter and SDDC vCenter to the Cloud gateway, we’ll also provide an Active Directory Group that will be assigned Cloud Admin Privileges

 

  1. From the Chrome Browser on the VDI desktop navigate to:

    https://vcgw-l-01a.vcn.ninja.local:5480/gw-platform

or on the Summary tab of https://vcgw-l-01a.vcn.ninja.local:5480/ click Enable Hybrid Management

NOTE: Ensure the URL is includes the "https//" or the page will not be displayed. You may have to manually type it. Alternatively go to the summary page of the VCGW VAMI (https://vcgw-l-01a.vcn.ninja.local:5480) and click Enable Hybrid Management

  1. Click Get Started
  2. If Prompted Login as
    • root
    • VMwareNinja1!   Note: You can also use ctrl+m to paste in the password
  1. On the Prerequisites Screen select the check boxes for
    • Your on-Premises environment is running vSphere 6.5 parch d or higher
    • Check that network connectivity is correctly established for Hybrid Linked Mode
  2. Click Configure
  3. When Prompted Login as
  4. root
  5. VMwareNinja1!  Note: You can also use ctrl+m to paste in the password
  1. In the On-Premises SSO section, enter the following values
    • Platform Services Controller:  vc-l-01a.vcn.ninja.local
    • HTTPS Port:                             443
    • Single Sign-on Password:       VMwareNinja1!   Note: You can also use ctrl+m to paste in the password
  2. Click Next
  3. On the certificate warning dialog, click Connect

NOTE: This step can take up to 20 minutes. The Interface says 5 minutes, but it takes longer.

  1. In the Active Directory section, enter the following values
  2. Domain:                                    Ninja.local
  3. User Name:                              Administrator
  4. Password:                                VMwareNinja1!     Note: You can also use ctrl+m to paste in the password
  5. Click Next

 In the Hybrid Linked Mode section, enter the following values

  1. Cloud vCenter:                          <Copy_from_settings_tab_of _your_SDDC>
  2. Username:                                cloudadmin@vmc.local
  3. Password:                                <Copy_from_settings_tab_of _your_SDDC>
  4. Identity Source:                       Ninja.local
  5. Groups:                                    SDDC Admins (ensure it appears in a blue bubble in the text box)
  6. Click Configure (This process can take up to 2 mins
  7. Click Restart
  1. Once the Appliance has completed restarting, open a new browser tab
  2. In the Browser bookmark bar click VI Managment --> VCGW UI
    or type in the following address:
    https://vcgw-l-01a.vcn.ninja.local/ui
  3. Login using the following credential
    • sddcadmin@ninja.local
    • VMwareNinja1!     Note: You can also use ctrl+m to paste in the password
  1. Upon login click Menu then click Hosts and Clusters
  2. Notice you can see inventory for both the green (on-premises) and blue (VMC) vCenters now

Conclusion

With Hybrid Linked Mode now configured, you can:

  • View and manage the inventories of both your on-premises and VMware Cloud on AWS data centers from a single vSphere Client interface, accessed using your on-premises credentials.
  • Migrate workloads between your on-premises data center and cloud SDDC.
  • Share tags and tag categories from your vCenter Server instance to your cloud SDDC.

0 Comments

Add your comment

E-Mail me when someone replies to this comment

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

Previous Article Lab 04 - On-Premises integration with VMC on AWS
Next Article Lab 06 - L7 Security - L7 FW, FQDN Filtering & IDPS