VMWare Hol 2046 01 Hci - PDF - en

HOL-2046-01-HCI
Table of Contents
Lab overview - HOL-2046-01-HCI- VMware Cloud Foundation – Getting Started ............... 2
Lab Overview and Guidance ................................................................................... 3
Module 1 - Workload Domain Exploration (30 mins) ......................................................... 9
Workload Domain Overview .................................................................................. 10
Module 2 - User Interface Exploration and vRealize (30 mins)........................................ 26
Add User Account and vRealize Exploration .......................................................... 27
Module 3 - Patching and Upgrading (30 mins) ................................................................ 56
Patching and Upgrading ........................................................................................ 57
Module 4 - Workload Domain Expansion (30 mins) ......................................................... 72
Workload Domain Expansion................................................................................. 73
Module 5 - Workload Domain Multi-cluster (30 mins) ..................................................... 88
Workload Domain Multi-cluster ............................................................................. 89
Module 6 - Certificate Authority Configuration (30 mins).............................................. 106
Certificate Management...................................................................................... 107
Module 7 - Password Rotation (30 mins) ....................................................................... 118
Password Rotation for Hosts................................................................................ 119
Module 8 - Multi-Instance Manager (30 Min) ................................................................. 137
Multi-Instance Management................................................................................ 138
Module 9 - How To Remove Hosts, Clusters, and Workload Domains (45 Min) .............. 152
Remove Hosts, Clusters, Workload Domains....................................................... 153
Module 10 - Working with Horizon Workload Domains (45 Min) .................................... 168
Hands-on Labs Interactive Simulation: Create Horizon Domain .......................... 169
Hands-on Labs Interactive Simulation: Create Horizon Desktop Pool.................. 170
Hands-on Labs Interactive Simulation: Expand Horizon Cluster.......................... 171
Hands-on Labs Interactive Simulation: Expand Horizon Domain......................... 172
Hands-on Labs Interactive Simulation: Secure Desktops .................................... 173
Interactive Simulation Script: Create Horizon Domain ........................................ 174
Interactive Simulation Script: Create Horizon Desktop Pool ................................ 177
Interactive Simulation Script: Expand Horizon Cluster ........................................ 178
Interactive Simulation Script: Expand Horizon Domain ....................................... 179
Interactive Simulation Script: Secure Desktops .................................................. 181
Module 11 - Working with PKS Workload Domains (45 Min) .......................................... 183
Hands-on Labs Interactive Simulation: Deploy Virtual Infrastructure Workload
Domain ............................................................................................................... 184
Interactive Simulation Script: Deploy Virtual Infrastructure Workload Domain ... 185
Hands-on Labs Interactive Simulation: Deploy PKS............................................. 188
Interactive Simulation Script: Deploy PKS ........................................................... 189
Hands-on Labs Interactive Simulation: Expand PKS Workload Domain ............... 192
Interactive Simulation Script: Expand PKS Workload Domain ............................. 193
HOL-2046-01-HCI Page 1
HOL-2046-01-HCI
Lab overview -
HOL-2046-01-HCI-
VMware Cloud Foundation
– Getting Started
HOL-2046-01-HCI
Lab Overview and Guidance

Lab Summary
***Note: It may take more than 120 minutes to complete this lab. Most of the modules
are not dependent on one another, the exception being Module 8 - How To Remove
Hosts, Clusters, and Workload Domains. This module may have a dependency that an
additional host be added to a workload domain (Module 4), or a cluster added to a
workload domain (Module 5). Outside of this requirement, the modules do flow from one
to the next in logical order and the lab would best be consumed in that way.
The Table of Contents can be accessed in the upper right-hand corner.
Module 1 - Workload Domain Exploration (30 minutes)
Module 2 - User Interface Exploration (30 minutes)
Module 3 - Patching and Upgrading (30 minutes)
Module 4 - Workload Domain Expansion (30 minutes)
Module 5 - Workload Domain Multi-Cluster (30 minutes)
Module 6 - Certificate Authority Configuration (30 minutes)
Module 7 - Password Rotation (30 minutes)
Module 8 - Multi-Instance Manager (30 minutes)
Module 9 - How To Remove Hosts, Clusters, and Workload Domains (45

minutes)
Module 10 - Working with Horizon Workload Domains (45 minutes)
Module 11 - Working with PKS Workload Domains (30 minutes)
Lab Captains:
Phil Balfanz, Senior Solutions Engineer - VMware Cloud Foundation, USA
Kevin Tebear, Staff Technical Marketing Architect - VMware Cloud Foundation,
USA
VMware Cloud Foundation™ is VMware’s unified SDDC platform for the private and
public clouds. This product brings together VMware’s compute, storage, and network
virtualization into a natively integrated stack, and allows you to deliver enterprise-ready
cloud infrastructure with automation and management capabilities for simplified
operations that are consistent across private and public clouds.
HOL-2046-01-HCI
A deployed VMware Cloud Foundation™ system includes the following VMware software
as standard components:
• SDDC Manager - Virtual appliance that provides administrators with a centralized

portal to provision, manage, and monitor the VMware Cloud Foundation™
solution.
• vSphere Enterprise Plus Edition - Enterprise-class hypervisor for compute
virtualization
• Platform Services Controller (PSC) – A service in vSphere 6 that handles the
infrastructure security functions such as vCenter Single Sign-On, licensing,
certificate management and server reservation.
• vCenter Server Standard - Provides centralized management of vSphere virtual
infrastructure
• vSAN – Delivers flash-optimized, high-performance storage for a hyper-converged
infrastructure.
• NSX - VMware NSX is the network virtualization platform for the Software-Defined
Data Center. NSX embeds networking and security functionality that is typically
handled in hardware directly into the hypervisor.
The following VMware software components are integrated with SDDC Manager and may
be optionally deployed as part of VMware Cloud Foundation:
• vRealize Operations - Correlates data from applications to storage in a unified,

easy-to-use management tool that provides control over performance, capacity,
and configuration, with predictive analytics driving proactive action, and policy-
based automation.
• vRealize Automation - Automates the delivery of the compute, storage and
network resources on a per application basis, delivered through repeatable
blueprints and accessed though a self service user portal.
• vRealize Log Insight – Allows administrators to view, manage, and analyze log
information from various points within the solution.
• Horizon - The ability to deploy an Enterprise class End User Compute
environment with easily consumable deployment wizard.
This lab will demonstrate the ability to use SDDC Manager to configure, manage,
maintain, and consume hyper-converged infrastructure. We make use of all the
software listed above to show an example of a fully deployed VMware Cloud
Foundation™ System.
Credentials
HOL-2046-01-HCI
The following is a summary of the credentials used for this lab. For your convenience,
links to the management interfaces are located in the bookmark bar of Google Chrome
shown in the image.
Additional credentials for components not listed below may be found in the
README.txt file located on the desktop of the Main Console.
• SDDC Manager
◦ Username: [email protected]
◦ Password: VMware1!
• SDDC Manager as Sam Jones

• All vRealize Operations Instances

• vCenter Server Admin Console

◦ Username: root
• vSphere Web Client

• VMware NSX Manager

◦ Username: admin
◦ Password NSX-T: VMware1!
• vRealize Log Insight

◦ Username: admin
• vRealize Suite Lifecycle Manager

◦ Username: admin@localhost
◦ Password: vmware
Accessing the Online International Keyboard
You can also use the Online International Keyboard found in the Main Console.
1. Click on the Keyboard Icon found on the Windows Quick Launch Task Bar.
HOL-2046-01-HCI
Click once in active console window
In this example, you will use the Online Keyboard to enter the "@" sign used in email
addresses. The "@" sign is Shift-2 on US keyboard layouts.
1. Click once in the active console window.

2. Click on the Shift key.
Click on the @ key
1. Click on the "@"key.
Notice the @ sign entered in the active console window.
HOL-2046-01-HCI
Activation Prompt or Watermark
When you first start your lab, you may notice a watermark on the desktop indicating
that Windows is not activated.
One of the major benefits of virtualization is that virtual machines can be moved and
run on any platform. The Hands-on Labs utilizes this benefit and we are able to run the
labs out of multiple data centers. However, these data centers may not have identical
processors, which triggers a Microsoft activation check through the Internet.
Rest assured, VMware and the Hands-on Labs are in full compliance with Microsoft
licensing requirements. The lab that you are using is a self-contained pod and does not
have full access to the Internet, which is required for Windows to verify the activation.
Without full access to the Internet, this automated process fails and you see this
watermark.
This cosmetic issue has no effect on your lab.
HOL-2046-01-HCI
Look at the lower right portion of the screen
Please check to see that your lab is finished all the startup routines and is ready for you
to start. If you see anything other than "Ready", please wait a few minutes. If after 5
minutes your lab has not changed to "Ready", then please ask for assistance.
HOL-2046-01-HCI
Module 1 - Workload
Domain Exploration (30
mins)
HOL-2046-01-HCI
Workload Domain Overview

Workload Domains
Your VMware Cloud Foundation system's management domain and deployed workload
domains are pools of logical resources. Each pool is a cluster or clusters of ESXi hosts
managed by an associated vCenter Server and NSX manager. Each cluster manages
the resources of all the hosts that are assigned to it. Within each cluster Cloud
Foundation enables the VMware vSphere® High Availability (HA), VMware vSphere®
Distributed Resource Scheduler™ (DRS), and VMware Virtual SAN™ capabilities.
There is one management domain that is used to manage the SDDC infrastructure
components within a Cloud Foundation deployment. The management domain is
automatically provisioned using the four hosts when the environment is initially
configured for Cloud Foundation (a process referred to as "Bring Up"). When creating
workload domains, Cloud Foundation takes the number of hosts specified by the cloud
administrator and deploys the Workload Domain with VMware best practices.
When the system provisions the management domain, it automatically provisions and
configures the cluster with the unified SDDC platform components to include: vSphere,
vCenter Server, Virtual SAN, NSX for vSphere, and vRealize Log Insight together with
any desired optional components such as vRealize Operations and vRealize Automation.
HOL-2046-01-HCI
You use the SDDC Manager Web interface in a browser for the single-point-of-control
management of your VMware Cloud Foundation system. The SDDC Manager provides
centralized access as well as an integrated view of both the physical and virtual
infrastructure of the system.
SDDC Manager does not mask the individual component management products. Along
with the SDDC Manager Web interface, for certain tasks, you might also use web
interfaces for administration tasks involving their associated VMware software
components that are part of a VMware SDDC. All of these interfaces run in a browser,
and you can launch many of them from locations in the SDDC Manager Web interface.
While every attempt has been made to implement the full SDDC Manager experience in
the Hands-on Lab, some functionality may differ on genuine physical hardware. As
such, some actions may vary slightly when running in the virtual Hands on Labs
environment as compared to an actual Cloud Foundation deployment.
Page Loading Symbol
***Note: In the Hands on Labs environment, as you are navigating through the various
screens, you may encounter long refresh operations for extended periods of time in the
order of 1-3 minutes. Please resist the urge to click refresh on the page during these
times as it will most likely extend the wait.
When building the lab we attempted to minimize these loading times, however, in some
instances, operations such as timeouts when waiting for hardware to reply were
unavoidable, as this is a nested environment and not connected to physical hardware.
Thank you for your patience!
HOL-2046-01-HCI
Initial Log In
1. Please ensure that the Lab Status is green and says “Ready”. If it does not please
let a proctor know by raising your virtual hand.
2. After you have verified that the lab is ready please launch Google Chrome using
the shortcut on the desktop.
Log in to SDDC Manager
Once the browser has launched you will see two tabs open by default. The first tab is
the SDDC Manager Login, the second is the vCenter Login.
HOL-2046-01-HCI
1. Select the SDDC Manager tab and verify the page URL to ensure you have the
correct user interface. The SDDC Manager login URL should read
https://psc-01a.corp.local (You may see a screen stating your connection is not
private, please click advanced and proceed)
2. In the User name box enter: [email protected]
3. In the Password box enter: VMware1!
4. Click the Login button
Login to the vSphere Client
1. After the successful log in to the SDDC Manager, select the second tab in the
Chrome browser for the vSphere Web Client.
2. Select the refresh button
HOL-2046-01-HCI
This action should allow you to be signed into the vSphere Client without having to enter
any additional log in credentials. As we have already authenticated with the SDDC
Manager and since they are both in the same SSO domain, our credentials should carry
through to the second browser tab.
Dashboard
The Dashboard page is the home page that provides the overall administrative view of
your system. The Dashboard page provides a top-level view of the physical and logical
resources across all of the physical racks in your system, including available CPU,
memory, and storage capacity. From this page, you can start the process of creating a
'Workload Domain'. You use the links on the dashboard to drill-down and examine
details about the physical resources and the virtual environments that are provisioned
for the management and workload domains.
On the left side of the interface is the Navigation bar. The Navigation bar provides icons
for navigating to the corresponding pages. We will explore each of these in more detail
later in the lab.
1. Select the SDDC Manager Tab at the top of the browser window. Here we can see
the dashboard view and recent tasks that have been completed.
2. Due to the resolution of the Hands On Lab environment, the Tasks tray will need
to be resized, or you will need to scroll over while reviewing the tasks. You also
have the option to minimize the Tasks tray by clicking the X.
HOL-2046-01-HCI
NOTE: You may close the yellow warning about NSX Manager backups. We will be fixing
that in future modules.
HOL-2046-01-HCI
Workload Domain Exploration Video
Overview of Workload Domain Creation in VMware Cloud Foundation.
Workload Domain Exploration
Rainpole Inc. has just deployed VMware Cloud Foundation 3.7. Let’s begin by exploring
the Workload Domains.
HOL-2046-01-HCI
1. From the left hand navigation pane, select the Inventory menu item, then select
Workload Domains, and finally View Details.
Workload Domains
From the Workload Domains view we can see the available CPU, Memory, and Storage
capacity. We are also able to see the Workload Domains and the type of workload
domains that have been created within the environment. This environment has 2
workload domains provisioned. The MGMT Workload Domain and the NFS-WLD
Workload Domain.
Each of these Workload Domains performs a different function. One, the Management
Workload Domain, is responsible for the overall VMware Cloud Foundation environment.
The other, the NFS Workload Domain, is used to provide resources for virtual server
workloads and applications. Cloud Foundation now supports the ability for Workload
Domains to use vSAN or NFS as their primary storage and automating the deployment
of both of the storage solutions.
HOL-2046-01-HCI
1. Use the horizontal scroll bar at the bottom of the page to scroll to the right to
view more information about the 2 existing Workload Domains.
Management Workload Domain
You will now explore the Management Workload Domain in greater detail.
1. Click on the Management Workload Domain link labeled MGMT at the bottom of
the page.
HOL-2046-01-HCI
MGMT - Deep Dive
From the landing page of the MGMT Workload Domain we get an immediate picture of
the status of CPU, Memory and Storage consumption by this workload domain. We are
also able to determine the capacity of allocated resource as well as how much of that
capacity has been consumed.
Scrolling further down you will see a number of options along the bottom of the page
that allow you to drill further into the status of the workload domain. Each of these
options is detailed below. Explore these by clicking on each in turn.
HOL-2046-01-HCI
1. Summary: Lists the various clusters available under the highlighted Workload
Domain and lists the configured resiliency of the cluster. The FTT number defines
the number of host failures that the cluster is able to tolerate.
2. Services: Displays the FQDN and IP address of all associated components that
have been deployed to support the specific Workload Domain. This could include
items such as vCenter Server, Platform Services Controllers, vRealize LogInsight,
vRealize Operations, and NSX Manager. Also displayed in this list is the SDDC
Manager for the over all environment.
3. Update/Patches: Shows the pre-check workflow, as well as any updates that
have been made available that apply to this specific Workload Domain. Also listed
are the specific versions of software for the deployed components within the
Workload Domain. Select a version number will take you to the Update history for
that component.
4. Update History: Shows all updates that have already been applied to the
system. You have the option to filter the time period over which you'd like results
displayed.
5. Hosts: Displays all the hosts that are part of this specific Workload Domain
including the Cluster that the host belongs to, the FQDN of the host, the
Management IP address, Network Pool, Host Status, Resource Usage, and Storage
Type (Hybrid or All Flash)
6. Clusters: Lists out all available clusters under a given Workload Domain
7. Security: Displays the certificate information for all components of the VMware
Cloud Foundation environment. This interface can also automate the replacement
of a certificate for all component inside of VMware Cloud Foundation. We will
explore certificate management in a later module.
HOL-2046-01-HCI
NFS/NSX-T Exploration
Selecting the NFS-WLD instead will show different services, to explore this scroll back to
the top of the window and click Back to Virtual Infrastructure Workload Domains:
Select the NFS-WLD
Now Select the NFS-WLD
HOL-2046-01-HCI
1. Click NFS-WLD
Example Workload Domain NFS
The NFS-WLD was built using NFS as the primary storage type instead of VSAN.
1. The Summary tab shows NFS as the storage type.
HOL-2046-01-HCI
You may notice the VMFS on FC. Cloud Foundation now supports the use of Fibre
Channel storage as a principle storage type along with vSAN and NFS.
Example Workload Domain NSX-T
NSX-T was use for this domain. Workload Domains have the option of leveraging either
NSX-T or NSX-V; while the management domain is always built with NSX-V.
HOL-2046-01-HCI
1. Select the Services tab.
Workload Domain Summary
VMware Cloud Foundation supports deployment of NSX-T and NFS backed storage for a
Workload Domain.
Below is a snippet from the user manual in regards to Workload Domains and support:
In the VI Configuration wizard, you specify the storage, name, compute, and NSX
platform details for the VI Workload Domain. Based on the selected storage, you provide
vSAN parameters or NFS share details. You then select the hosts and licenses for the
workload domain and start the creation workflow.
The workflow will automatically:
• Deploys an additional vCenter Server Appliance for the new Workload Domain
within the Management Domain.
HOL-2046-01-HCI
By leveraging a separate vCenter Server instance per Workload Domain, software

updates can be applied without impacting other Workload Domains. It also allows for
each Workload Domain to have additional isolation as needed.
• Connects the specified ESXi servers to this vCenter Server instance and groups
them into a cluster. Each host is configured with the port groups applicable for
the Workload Domain.
• Configures networking on each host.
• Configures vSAN or NFS storage on the ESXi hosts.
• For each NSX for vSphere Workload Domain, the workflow deploys an NSX
Manager in the Management Domain and three NSX controllers on the ESXi
datastore. The workflow also configures an anti-affinity rule between the
controller VMs to prevent them from being on the same host for High Availability.
• For the first NSX-T VI Workload Domain in your environment, the workflow
deploys an NSX Manager and three NSX controllers in the Management Domain.
The workflow also configures an anti-affinity rule between the controller VMs to
prevent them from being on the same host for High Availability. All subsequent
NSX-T Workload Domains share this NSX-T Manager and Controllers. For an NSX-
T Workload Domain, NSX Edges are needed to enable overlay VI networks and
public networks for north-south traffic. NSX Edges are not deployed automatically
for an NSX-T VI Workload Domain. You can deploy them manually after the VI
Workload Domain is created. Subsequent NSX-T VI Workload Domains share the
NSX-T Edges deployed for the first Workload Domain
• Licenses and integrates the deployed components with the appropriate pieces in
the Cloud Foundation software stack.
The result is a workload-ready SDDC environment.
End of Module 1
You have completed Module 1 and should now have a good understanding of how to
navigate the SDDC Manager web interface. You should also at this point conceptually
understand what a workload domain is and what it it used for. Please continue to
Module 2 - "User Interface Exploration"
HOL-2046-01-HCI
Module 2 - User Interface

Exploration and vRealize
(30 mins)
HOL-2046-01-HCI
Add User Account and vRealize

Exploration
You can manage users and groups using the User Management page of the SDDC
Manager Web Interface. Your VMware Cloud Foundation system provides role-based
access control.
Authentication to the SDDC Manager Web interface uses the VMware vCenter® Single
Sign-On authentication service that is installed with the Platform Services Controller
feature during the deployment of your system. This authentication service constructs an
internal security domain based on the values entered during the deployment process of
your system, and the SDDC Manager is registered in that domain. The service can
authenticate users from a set of users and groups that you enter directly into the
system or it can connect to trusted external directory services such as Microsoft Active
Directory. Using roles, authenticated users are given permissions to operate within
SDDC Manager, according to the assignments you specify using the SDDC Manager Web
interface. System administrators can assign roles to users and groups.
HOL-2046-01-HCI
Initial Log In
HOL-2046-01-HCI
https://psc-01a.corp.local
2. Select the URL refresh button in the second browser tab. This action should allow
you to be signed into the vSphere Client without having to enter any additional
log in credentials. As we have already authenticated with the SDDC Manager and
since they are both in the same SSO domain, our credentials should carry through
to the second browser tab.
HOL-2046-01-HCI
The refresh process can take a couple minutes to complete, but you can continue on to
the next step in the lab.
Manage User Accounts
Once you have logged in and authenticated to both SDDC Manager and the vCenter
Server...
HOL-2046-01-HCI
1. Select the browser tab for the SDDC Manager

2. Select the Administration Menu item in the left window pane
3. Select Users from the available drop down options
4. Click the +USER OR GROUP button in the main window pane.
Select and Add User
1. Ensure that the CORP.LOCAL domain has been selected

2. Search for the user name Sam
3. Once the search results appear, place a check mark into the box next to Sam's
account.
4. Click the ADD button to add Sam to the Cloud Admin group.
HOL-2046-01-HCI
Verify Account Addition
1. Verify that the user account [email protected] has been added and has the
Cloud Admin role.
This permission change will allow Sam Jones to have Cloud Admin access to the SDDC
manager, however vCenter driven Role Based Access Controls still exist and have not
been modified. Sam Jones will not be able to sign into vCenter or manage any vCenter
objects from within the vSphere Web Client.
HOL-2046-01-HCI
Log out of SDDC Manager
To effectively test Sam's access, you first need to log out of the SDDC Manager as the
user [email protected].
1. Select the drop down arrow next to the current logged in user account name and
then click the Log out option.
Close and re-launch the browser Window
After logging out as administrator, close all Chrome Browser windows to ensure Sam
can sign in appropriately.
1. Once all chrome browser windows have been successfully closed, proceed to re-
launch the Chrome browser by clicking the icon on the Desktop.
HOL-2046-01-HCI
Move things around
After logging into the SDDC Manager as Sam Jones, feel free to explore some of the
personalization capabilities of the interface.
1. Select the 2 Workload Domains Widget drag it across to the center of the page.
HOL-2046-01-HCI
Note how the existing widgets are automatically moved to accommodate the widget you
are relocating. Position the widgets based on your personal preference.
Delete a Widget or Two
1. Select the X in the top right corner of the Ongoing and Scheduled Updates
Widget and remove it from your dashboard.
Do this with a few other widgets of your own choice.
HOL-2046-01-HCI
Add some New Widgets
Once you have finished removing any unwanted / unneeded widgets from your
dashboard...
1. Select the icon with the 3 dots, just under the username on the top right corner
of the browser window.
2. Select the Add New Widgets menu option
Select the type of Widgets
1. Choose which type of widget to add from the available options. If none of the
widgets were closed in the previous steps, there will not be any additional
widgets to add.
2. Click in the ADD button once you have made your selection.
Please take some time to familiarize yourself with the removal, re-arranging and re-
adding of widgets on the dashboard.
HOL-2046-01-HCI
Configure Repository
If you are logged in to your My VMware account, LCM automatically polls the depot to
access the bundles. You receive a notification when a bundle is available and can then
download the bundle.
HOL-2046-01-HCI
1. Select Repository Settings under Administration in the left pane.

2. Click Authenticate
My VMware Account Authentication
1. Enter User Name: [email protected]

2. Enter Password: VMware1!
3. Click Authorize
HOL-2046-01-HCI
No vCenter Access Confirmation
You will now verify that although Sam has access to the SDDC Manager as a Cloud
Admin, he does not in fact have any access to the vCenter Server.
1. Select the vCenter Server tab at the top of the browser window.
2. Click the URL Refresh icon button.
3. Verify that Sam does not have the required permissions to access vCenter.
4. Close all web browsers
VMware Log Insight Integration
Rainpole Inc. has standardized on vRealize Log Insight as their log aggregation and log
analysis solution. You have been asked by the IT Manager to connect the newly created
NFS-WLD Workload Domain to the vRealize Log Insight deployment that is running in the
Management Workload Domain.
vRealize Suite
You will now navigate open chrome and then sign into SDDC Manager again.
1. Once the browser has launched you will see two tabs open by default. The first
tab is the SDDC Manager Login, the second is the vCenter Login.
HOL-2046-01-HCI
Now Open the MGMT by
HOL-2046-01-HCI
1. Select Inventory
2. Select Workload Domains
3. Select View Details
Identify vRealize Suite Components
1. At the bottom of the Workload Domains page, use the horizontal scroll bar to
navigate to the far right of the page.
2. Select the drop down arrow for the MGMT Workload Domain under the vRealize
Connections column
HOL-2046-01-HCI
The MGMT Workload Domain has a connection from 2 products in the vRealize Suite. By
selecting the arrow we can view which products connections these are.
vRealize Suite Administration
1. On the left side menu, click on the Administration section.

2. Highlight vRealize Suite from the drop down menu.
3. Select vRealize Log Insight from the menu options.
HOL-2046-01-HCI
Enable vRealize Log Insight
Before you are able to activate Log Insight, the appropriate license information will need
to be added to the SDDC Manager. Fortunately, the addition of all required licenses have
already been accomplished by the Software Licensing team at Rainpole Inc.
The vRealize Log Insight screen provides you with some additional details about the
deployment.
1. Select the Enable button to begin the automatic configuration of Log Insight for
all Workload Domains in our environment. By enabling this function, all existing
and future Workload Domains will be configured with Log Insight at the time of
their creation. This will take up to 5 minutes to run in the Hands on Lab
environment.
HOL-2046-01-HCI
Monitor Progress
Once you have select the Enable button, you should see a blue confirmation dialog box
informing you that vRelaize Log Insight is being connected to all Workload Domains.
HOL-2046-01-HCI
1. To view additional information or to monitor the progress in more detail, you may
select the Task View link at the bottom to monitor the progress in the dialog
box. A second option would be to select the double up arrows on the lower
right side of the collapsed Task Window at the bottom of the browser.
Monitor Progress - Task View
1. Continue to monitor the progress. The status for the Connect Workload
Domains to Realize Log Insight should show a Running state.
2. You may need to manually refresh the view to see that the task has completed
successfully. Click the Refresh link on the Tasks Window.
Validate Deployment
1. Expand the Tasks Window

2. Click the arrow next to the Connect Workload domains to vRealize Log
Insight task
3. Click the View Subtasks link
HOL-2046-01-HCI
You should now see all the subtasks that have executed and completed as part of
enabling Log Insight for all Workload Domains and components within the environment.
Please wait for the Connect Workload domains to vRealize Log Insight task to
complete successfully before proceeding. This should take under 3 minutes.
Launch Log Insight
You are now going to validate that the previous task has completed and the changes are
reflected in vRealize Log Insight.
1. Open a new tab in the Chrome Browser.

2. Click vRealize Log Insight in the bookmarks bar
3. Once the Log Insight page loads, enter the following username: admin
4. Enter the password: VMware1!
5. Click the LOGIN button to continue
HOL-2046-01-HCI
Log Insight Administration
1. Once the main Log Insight page loads, select the link in the top right corner of the
screen (3 horizontal lines)
2. Click on the Administration menu item from the drop down list.
Hosts
1. Once the Administration console opens, click the Hosts menu item from the left
navigation menu bar.
2. In the main section of the Hosts Page, Identify the vcsa-02a.corp.local host
item.
HOL-2046-01-HCI
vcsa-02a.corp.local is the vCenter server from the NFS-WLD Workload Domain that we
just configured. We are now able to collect, manage and visually trend logs from all
devices in the Workload Domain.
vRealize Operations Integration
Now let’s extend the vRealize Operations deployment to monitor the NFS-WLD.
1. Switch back to the SDDC Manager tab in the browser and then navigate to
Administration>vRealize Suite>vRealize Operations
2. Click Connect/Disconnect,
*Please note this may be a long running task in the Hands on Lab Environment.
Once the workflow has started it may take up to 5 minutes to complete.
HOL-2046-01-HCI
Validate vRealize Operations is connected.
HOL-2046-01-HCI
Connect/Disconnect Wizard
1. Click Enabled in the check box for NFS-WLD

2. Click NEXT and proceed to the review screen
3. Click Finish at the review screen
HOL-2046-01-HCI
Monitor the Task
You can monitor the status in the tasks.
Once it shows successfully completed we will login to vRealize Operations to validate.
Login to vRealize Operations
1. Click the vRealize Operations bookmark in the bookmark bar
Login with the following credentials:
HOL-2046-01-HCI
1. Local Users
2. User: admin
3. Password: VMware1!
HOL-2046-01-HCI
SDDC Management Health Overview
The first screen you see when logging in is the SDDC Management Health Overview.
This dashboard has been set as the default dashboard in vRealize Operations. It displays
the health of all the Software Defined Datacenter components. You can quickly see the
health of the overall system. If there are any health alerts for the various components
they will be displayed here and will allow you to drill down into the alert.
HOL-2046-01-HCI
vCenter integration with vRealize Operations
Navigate to Environment>vSphere Hosts and Clusters>vSphere World>VC adapter for

vcsa-02a.corp.local
HOL-2046-01-HCI
Data should be collecting now. If you would like more information about vRealize
Operations please look into taking a vRealize Operations Lab to explore further.
End of Module 2
You have completed Module 2 and should now have a good understanding of how to
interact with and customize an individual users interface. Please continue to Module 3 -
"Patching and Upgrading."
HOL-2046-01-HCI
Module 3 - Patching and

Upgrading (30 mins)
HOL-2046-01-HCI
Patching and Upgrading

In Cloud Foundation, the Life Cycle Management (LCM) capabilities include automated
patching and upgrades for both the SDDC Manager (SDDC Manager and LCM) and other
VMware software components (vCenter Server, PSC, ESXi, NSX and vSAN).
SDDC Manager has been pre-loaded with a patch bundle from the VMware software
repository. So you may see a note about signing in with your MyVMware credentials,
this can be disregarded. The high level update workflow is described below.
1. Notification of update availability.

2. Download update bundle.
3. Select update targets and schedule update.
4. Update is applied to the selected targets at the scheduled time.
HOL-2046-01-HCI
***Note: VMware recommends that you do not create, modify, or delete a workload
domain during an update.
Even though SDDC Manager may be available while the update is installed, it is
recommended that you schedule the update at a time when it is not being heavily used.
Initial Log In
HOL-2046-01-HCI
HOL-2046-01-HCI
Log in to the vSphere Client
HOL-2046-01-HCI
NSX Backup
1. Switch back to the SDDC Manager tab.

2. Select Backup Configuration
3. Click REGISTER EXTERNAL
Cloud Foundation will configure NSX to backup to the SDDC Manager by default. It is
recommended to change this to backup to your own external location. This ensures that
in the case of a failure a good backup of NSX is available for restore. By configuring this
HOL-2046-01-HCI
setting we will also clear the yellow warning about backup we have been seeing at the
top of the screen.
Backup Configuration
1. Enter the below information:
IP: 10.10.20.60
Port: 22
Transfer Protocol: SFTP
Username: root
Password: VMware1!
Backup Directory: /mnt/NFS
Click Confirm Fingerprint
Encryption Passphrase: VMware1!VMware1!
Privileged User Name: [email protected]
Privileged Password: VMware1!
2. Click Save
HOL-2046-01-HCI
HOL-2046-01-HCI
HOL-2046-01-HCI
Update Repository
Rainpole Inc. has an update available for their VMware Cloud Foundation deployment.
Let’s walk through our options for downloading and deploying this update.
1. Select the Repository menu item on the left navigation menu.

2. Select the Bundles sub-menu item.
3. Click Download Now - NOTE: This update may take a minute to start and then
another minute or two to download. You may proceed while the download
continues.
4. Then clicking View Details you can see more information
From this view we can see that there is one update available. This update applies to the
MGMT Workload Domain. A brief description highlights the contents of the update.
Bundle Details
Information such as severity of update, the number and types of software components,
the minimum required software versions and the bundle release date are shown under
the details.
HOL-2046-01-HCI
1. When you are done examining the details of the update, click the Exit Details
link on the top right corner of the window.
HOL-2046-01-HCI
1. At this point the Download Status should reflect that the Bundle Download has
completed.
2. Select the MGMT link under the Bundle Details section.
3. Select the Updates / Patches tab from the MGMT Workload Domain main page.
Precheck
Prior to running any updates, it is always a good idea to validate the overall health of
the system.
1. Select the Precheck option to begin the system health validation

2. Click the View Status link directly above the PRECHECK button.
HOL-2046-01-HCI
Selecting the Precheck Status link will list all the checks performed against the
environment and will highlight any areas that could potentially prevent the update or
patch from being applied successfully.
1. We will see that the nsxmgr-01a.corp.local has been flagged as a 'Failed’

2. Click the drop down arrow to the left of the entry to see more information
3. Additional information tells you that the Maintenance Mode cannot be achieved
as there isn't enough free space to migrate VM's. This is expected in the Hands
on Labs environment
4. Once you have completed reviewing the details, scroll up and click the Exit
Details link at the top right of the window.
Run the Update
In the Available Updates section, you are presented with 2 options for executing the
deployment of the relevant patches or updates.
1. Choose the Schedule Update option if you'd like to specify a future date and
time to execute the update. You may specify a day /time of up to 365 days out
from the present day.
2. Click the X to close the Schedule Update Window,
HOL-2046-01-HCI
3. Due to time constraints within the lab environment, click to UPDATE NOW
button to begin an immediate update.
HOL-2046-01-HCI
1. After you click the Update Now button, you will see an Update Scheduled
Message Displayed. After a 1-2 min wait, an update dialog window will appear.
2. You can follow the progress of the update by monitoring the number of resources
that have been updated.
3. Scroll down to view more details. Select the drop down arrow to view more
granular details around the status of specific Common Services. This update will
take about 2-3 minutes to complete. Upon completion a green ribbon will also
display the date and time the updated completed.
4. Scroll up to the top of the page and click the Finish button to exit the update
status screen
HOL-2046-01-HCI
Verify the Update has been Applied
1. From the main SDDC Manager Dashboard interface. Select the Inventory Menu
item on the left side of the page.
2. Select the Workload Domains sub-menu item, then click View Details.
3. Click Workload Domains MGMT link near the bottom of the main section of the
page and then Update History
1. Select the Update History link to validate that the update you just applied was
successful.
2. Clicking on the ACTIONS drop down link will allow you to download the log files
associated with the update or view the update status.
End of Module 3
You have completed Module 3 and should now have a good understanding of the
upgrade and patching process within the VMware Cloud Foundation environment.
Please continue to Module 4 - "Workload Domain Expansion"
HOL-2046-01-HCI
Module 4 - Workload
Domain Expansion (30
mins)
HOL-2046-01-HCI
Workload Domain Expansion

Module Introduction
Your manager at Rainpole Inc. has just informed you that the Datacenter Operations
team has completed the racking and powering on of a new server in your rack for
consumption by VMware Cloud Foundation. You will walk through the commissioning and
preparation of this new server for addition into an existing cluster. The module will
conclude with you decommissioning a host for use later in the lab.
In this image we will be adding a server as noted in the *Available Capacity.
HOL-2046-01-HCI
SDDC Manager Log In
HOL-2046-01-HCI
HOL-2046-01-HCI
HOL-2046-01-HCI
Host Pre-requisites
1. From the main Cloud Foundation Dashboard page, select the COMMISSION
HOSTS button on the top right side of the main page.
HOL-2046-01-HCI
Validate Host Pre-requisites
1. After validating all requirements have been met on the list and double checking
with the IT Operations team, select the Select All checkbox.
2. Scroll down to the bottom of the page using the right hand scroll bar.
3. Click the Proceed button to continue.
HOL-2046-01-HCI
Host Details
1. In the FQDN Field, enter esx-11a.corp.local

2. Select the VSAN radio button
3. Under the Network Pool Name, select bringup-networkpool
4. Specify a username of root
5. Specify a password of VMware1!
6. When completed, verify you have specified the correct information, then click the
ADD button
HOL-2046-01-HCI
Host Validation
1. Scroll down by using the right hand scroll bar.

2. Select the check mark in the box marked Confirm Fingerprint.
3. Once completed, verify you have specified the correct information, then click the
VALIDATE ALL button.
Validate Host Cont.
Upon successful validation of the host, you will be taken to the validated hosts section
of the page.
HOL-2046-01-HCI
1. Confirm the host has been validated successfully.

2. Click the NEXT button to continue.
Commission
Commission the new host
1. Click on the Commission button
HOL-2046-01-HCI
Monitor Progress
1. Expand the Task window at the bottom left of the main page and click the
Refresh link.
2. Click the Commission Hosts - [esx-11a.c..] link to view the subtasks.
1. Expand the Tasks window to fill the browser by clicking on the double arrow link
on the top right side of the Tasks window.
2. Review the status of all subtasks and ensure that all complete successfully. This
could take a few minutes. Please do not proceed to the next step in the manual
until all tasks have completed successfully.
3. Minimize the tasks window by clicking the X in the top right corner of the page.
HOL-2046-01-HCI
Add Hosts to Cluster
1. From the main Dashboard page of the SDDC Manager interface on the left side
menu, expand the Inventory item, then select the Workload Domains
submenu link.
2. Then click on the VIEW DETAILS link
3. On the resulting page, select the MGMT Workload Domain link.
Select the Cluster
1. Select the Clusters View from the menu

2. Click the column with the three vertical dots next to Production.
3. Click Add Host from the resulting pop up menu.
HOL-2046-01-HCI
Select the Host
The Add Hosts dialog box will walk you through adding a host.
1. Scroll down until you are able to locate esx-11a.corp.local.

2. Place a check mark on the checkbox next to esx-11a.corp.local.
3. Click the NEXT button to continue with the wizard.
1. On the Licenses window, click the drop down to the right and select the
appropriate vSphere License.
2. Click NEXT to continue
HOL-2046-01-HCI
1. Validate the selected information. When ready, click the FINISH button to
proceed.
Monitor Progress
Refresh link.
2. Click the Adding new host(s) to cluster link to view the subtasks.
HOL-2046-01-HCI
**Occassionally the task labled Migrate ESXi Most Managment vmknics To

Distributed Switch may hang in the Hands On Lab environment for up to 12 minutes.
This overall action of adding a host to a cluster generally completes within 5 minutes.
Click refresh in this task window to monitor the progress. Alternatively this can also be
monitored through the vSphere client. If the action errors or times out, you can click
restart task and it should finish immediately.
vSphere Web Client
You can now navigate to the vSphere Web Client to validate that the ESXi Host has been
added to the cluster.
HOL-2046-01-HCI
1. Select the second browser tab and the top of the page to open the vSphere Web
Client
2. Expand the vcsa-01a.corp.local vCenter Server > CORP-DC Data Center and
the COPR-MGMTWLD vSphere cluster.
3. Verify that the esx-11a.corp.local host is visible under the CORP-MGMTWLD
cluster.
Module 4 Completed
Congratulations. You have completed Module 4. You should now have a good
understanding on how to expand the capacity of an existing Workload Domain. Please
continue to module 5 - "Workload Domain Multi-cluster."
HOL-2046-01-HCI
Module 5 - Workload
Domain Multi-cluster (30
mins)
HOL-2046-01-HCI
Workload Domain Multi-cluster

Workload Domain Multi-cluster
In VMware Cloud Foundation we enable the administrator to quickly deploy additional

clusters in a single workload domain. This will allow them to add clusters without
deploying additional vCenter, NSX Manager, or NSX Controllers. As depicted below we
will add an additional cluster to the MGMT workload domain for Rainpole Inc.
HOL-2046-01-HCI
SDDC Manager Log In
HOL-2046-01-HCI
HOL-2046-01-HCI
Workload Domain Cluster Creation
HOL-2046-01-HCI
Commission Hosts
1. Select the SDDC Manager Browser tab.

2. Select the Hosts sub-menu item in the left navigation pane.
3. Now click the COMMISSION HOSTS button in the top right.
4. On the resulting popup screen, click the Select All checkbox
5. Verify that everything is checked, then click on the PROCEED button
From the Commission Hosts dialog screen:
HOL-2046-01-HCI
1. Select the Import radio button

2. To import a set of 3 hosts from a json file. Click the BROWSE button, point to the
Main Console/Documents folder on the left navigation.
3. Select the file 3_hosts.json and then click the Open button.
1. Click the UPLOAD button
HOL-2046-01-HCI
1. Click on the Confirm Fingerprint checkbox

2. Ensure all the hosts have green check marks, then click on the VALIDATE ALL
button
Scrolling through the list you should see 3 hosts that have been validated successfully.
1. Highlighting the Checkboxes for all 3 hosts is not necessary but shown in the
screenshot for context.
2. Click the NEXT button.
HOL-2046-01-HCI
To commission the hosts
1. Click the COMMISSION button, this process will take just a few minutes for the
hosts to be added to inventory.
Monitor Progress
Refresh link.
2. Click the Commission Hosts - [esx-08a...] link to view the subtasks.
HOL-2046-01-HCI
HOL-2046-01-HCI
Create Cluster
1. To create a new cluster, from the left navigation window click the Workload
Domains sub-menu item, then click View Details.
2. Click on the 3 vertical dot icon next to the NFS-WLD Workload Domain link
3. On pop-up, click Add Cluster
HOL-2046-01-HCI
1. Select your storage type as NFS.

2. Click the BEGIN button.
Create Cluster Wizard
The Add Cluster Wizard will walk you through creating a new cluster.
1. Specify a name for the Cluster. You can use RainpoleAppCluster.

2. Click the Next button to continue.
HOL-2046-01-HCI
1. Enter the VLAN ID: 1234

2. Click the NEXT button
Because we are using NSX-T we can select an overlay network, in this environment we
will use 1234.
The Object Names screen displays the details for all the objects that will be created as
part of the new cluster including Object Names and the Generated Name.
1. Click NEXT to continue.

HOL-2046-01-HCI
The host selection screen is where you can select the unallocated hosts for the new
cluster.
1. Select the checkbox in front of esx-08a.corp.local, esx-09a.corp.local, and

esx-10a.corp.local
2. Click Next to continue
Enter NFS Information
1. Datastore Name: NFS

2. Folder: /mnt/NFS
3. NFS Server: 10.10.20.60
4. Click on the NEXT button
1. Select the vSphere license from the drop drown menu.

HOL-2046-01-HCI
2. Click Next to continue
Review the setting you select from the previous steps.
1. Click Finish to continue
Monitor Progress
1. Expand the Task window at the bottom of the main page and click the Refresh
link.
2. Click the RainpoleAppCluster to dom... link
3. Click the arrows next to each Subtask to drill down into all the associated tasks
that have been performed.

HOL-2046-01-HCI
2. Review the status of all subtasks and ensure that all complete successfully.
3. Click Refresh to update the status information
4. When the ReleaseLockContractAction is displayed with a status of
successful, the task is completed.
5. Minimize the tasks window by clicking the X in the top right cornet of the page.
This process takes approximately 5-15 minutes to complete depending upon

performance in the Hands on Lab environment. ** Occasionally the
AttachVmnicsToDvsAction will delay for 10 minutes on its own.

HOL-2046-01-HCI

HOL-2046-01-HCI
Validate Cluster Creation
1. Select the vSphere Web Client browser tab.

2. Expand vcsa-02a.corp.local
3. Expand the RainpoleAppCluster and verify the esx-08a, esx-09a and
esx-10a hosts are all present.
Module 5 Completed
Congratulations! You have completed Module 5. You should now understand how to
successfully deploy an additional cluster within an existing Workload Domain. Please
proceed to Module 6 - "Certificate Authority Configuration."

HOL-2046-01-HCI
Module 6 - Certificate
Authority Configuration
(30 mins)

HOL-2046-01-HCI
Certificate Management
Certificates and VMware Cloud Foundation
If you completed the previous Module (although not required) you saw that the
certificates were untrusted for vCenter and NSX, we will be resolving that in this
module.
You can manage certificates for all external-facing Cloud Foundation component
resources, including configuring a certificate authority, generating and downloading
CSRs, and installing them. This section provides instructions for using Microsoft
certificate authority, however Cloud Foundation also supports the use of 3rd party
certificate authorities.
You can manage the certificates for the following components.
• Platform Services Controllers

• vCenter Server
• NSX Manager
• SDDC Manager
• vRealize Automation
• vRealize Operations

HOL-2046-01-HCI
SDDC Manager Log In

HOL-2046-01-HCI
https://psc-1.corp.local
Log in to the vSphere Client
1. After the successful login to the SDDC Manager, select the second tab in the

HOL-2046-01-HCI
Certificate Replacement

HOL-2046-01-HCI
Configure Certificate Authority
Rainpole Inc. have standardized on a Microsoft Certificate Authority. Your manager at

Rainpole Inc. has requested that a new signed certificate be generated for the
vcsa-02a.corp.local for your NFS-WLD, as users are complaining about the following:
1. Select the SDDC Manager browser tab.

2. Click the Administration menu item in the left navigation window.
3. Click the Security sub-menu item.
4. Click the EDIT button.
5. Enter the password for the corp\administrator. The password is VMware1!
6. Click the Save button to continue.

HOL-2046-01-HCI
This will create the connection from the SDDC Manager to the backend Certificate
Authority and allow us to use it in the next step.
Certificate Authority Validation
1. Verify the CA Server Certificate information and click ACCEPT when done.
2. You should receive a notification that the CA Configuration was successful.

HOL-2046-01-HCI
User Behavior Observed
Before replacing the certificate let’s ensure that the user behavior is observed.
1. In the browser open a new tab and click the vCenter-02a bookmark
2. Note the "Not Secure" The self signed certificate is still in use from the
deployment.
Now let’s get this fixed. Switch back to the SDDC Manager tab to continue.
Generate CSR
1. Select the Workload Domains menu item in the navigation window.

2. Click on the VIEW DETAILS link
3. On the resulting screen, Click the NFS-WLD Domain link

HOL-2046-01-HCI
1. Select the Security Tab

2. Place a check in the box next to the vcenter or vcsa-02a.corp.local
3. Click on the Generate CSR button
NOTE: The "CA" under issuer. This indicates that the self signed certificate is in use.
Generate CSR Wizard
Populate the Fields in the CSR wizard with the following information.
Algorithm: RSA
Key Size: 2048
Email: [email protected]
Organizational Unit: IT
Organization: Rainpole
Locality: Palo Alto
State: CA
Country: US

HOL-2046-01-HCI
1. Click Generate CSR when completed
Generate Signed Certificate
1. Now that the CSR has been generated, click the Generate Signed Certificates
button.
2. Select Microsoft as the Certificate Authority
3. Click on the Generate Certificates button.

HOL-2046-01-HCI
If you were using a 3rd party CA, you would click download CSR after step 1. to submit
to the 3rd party Certificate Provider.
Install Signed Certificates
1. Click the Install Certificates button.
Certificate Installation Validation
Due to the formatting of the Hands On Lab environment, you may need to scroll over to
the right to see the status of the vCenter vcsa-02a.corp.local certificate replacement.
This process takes 5-10minutes to replace the certificate in the Hands On Lab
Environment. While this is running please proceed in the lab, you can come back to

HOL-2046-01-HCI
check this status later if you wish to do so. To validate that the certificate has been
replaced successfully and is now trusted, simply close the browser and point to vCenter
vcsa-02a.corp.local
1. Verify that the Certificate Installation Status for the vcenter shows
SUCCESSFUL.
Verify Certificate Replacement
1. Select the vCenter-02a link

2. Verify the green Secure
Module 6 Completed.
Congratulations. You have completed Module 6 and the new VMware Cloud Foundation
3.9 Hands on Lab. Please continue on to Module 7 - "Password Rotation."

HOL-2046-01-HCI
Module 7 - Password
Rotation (30 mins)

Skip navigation
HOL-2046-01-HCI
Sign in
Password Rotation for Hosts

IN
Up next
Password Rotation Entities
This module will have you explore the password rotation functionality of the Cloud
Foundation platform. You will update a host password and then validate that the
password change has occurred. Due to the amount of time required for a full password
VMware Cloud Foundation 3.5 - Automated
rotation, we will stick to rotating just one password in the Hands on Lab environment.
Password Management
You can rotate passwords
VMware for the logical and physical entities on all racks in your
Cloud Foundation
system. The process
Subscribe
of password rotation generates randomized passwords for the
selected accounts.
Add to
You can changeShare More
passwords for the following entities: 157 views
1 0
• ESXi
• PSC
• vCenter
Published on JanServer
2, 2019
• NSX Manager (NSXand
Demo showing how to quickly foreasily
vSphere
rotate orand NSX-T)
change all the passwords for every component in a
Cloud Foundation system.
• NSX Controllers (NSX for vSphere and NSX-T)
SHOW MORE
As a security measure, dual authentication is required to ensure that the person making
the change has authorization. To do this we must first enable a privileged user. This user
must belong to the "Sddc_secured_access" group on the Platform Service Controller.
Loading...

HOL-2046-01-HCI
SDDC Manager Log In

HOL-2046-01-HCI
Log in to vCenter-01a
Once logged into the SDDC Manager Interface switch to the second tab.

HOL-2046-01-HCI
1. Select the second tab for the vCenter-01a appliance

2. Click Refresh
Navigate to Administration
In the vSphere Client navigate to administration

HOL-2046-01-HCI
1. Click Menu
2. Click Administration
Add User to Group
Find the Sddc_secured_access group. Users in this group are authorized as a dual
authentication account.

HOL-2046-01-HCI
1. Select the Groups tab

2. Navigate to page 2
3. Locate the Sddc_secured_access
4. Click the three dots and click Edit Group
5. Change the domain to CORP.LOCAL
6. Enter "Sam" into the search dialog and select "Sam"
7. Click SAVE

HOL-2046-01-HCI

HOL-2046-01-HCI
Password Update
Once logged into the SDDC Manager interface:
2. Click Security
3. Click Password Management

HOL-2046-01-HCI
1. Select the check box next to esx-01a

2. Click the UPDATE button
Once the Update Password dialog box is open, fill in the password you would like it
changed to.

HOL-2046-01-HCI
1. Use VMware123! as the password

2. Enter the Privileged User Name and Password, [email protected] and VMware1!
Monitor the Task
Monitor the progress of the task by opening the Tasks window in the lower left and
1. Tasks link
2. Clicking the REFRESH link.

HOL-2046-01-HCI
Validate the Password Change
Once the password update has completed successfully we will validate that the
password change has occurred.
1. In the browser open a new tab, from the bookmarks shortcut bar, select ESXi
Hosts and then select esx-01a
Once the page opens use the following credentials to validate the password change was
successful.
1. Fill in the values:

◦ Username: root
◦ Password: VMware123! (or the password you supplied in the previous step
when changing the root user password)
2. Click the Log In button

HOL-2046-01-HCI
Clicking Log In allows you to see that the password change was successful:
Password Rotation
The other option is to rotate instead of update. We can test this by navigating back to
the first tab for SDDC Manager

HOL-2046-01-HCI
2. Click Security
3. Click Password Management
1. Select the check box next to esx-01a.

2. Click the ROTATE button.
1. Enter the Privileged user credentials, [email protected] and VMware1!

2. Click the ROTATE button again in the confirmation pop-up dialog box.

HOL-2046-01-HCI
This will rotate the password to a randomly generated password that will be stored in
the SDDC Manager database.
Validate the Password Rotation
There are two ways to look up the password once it has been rotated. You may either (1)
SSH into the SDDC Manager and follow the admin guide to and use the
lookup_passwords command. This requires SSH access into the host or (2) use the the
API to lookup the credentials. We will do the latter int this exercise.
1. Navigate to Developer Center

2. Click the API Explorer tab
3. Expand the APIs for managing Credentials
4. Expand GET /v1/credentials

HOL-2046-01-HCI

HOL-2046-01-HCI
Get Credentials API

HOL-2046-01-HCI
1. Enter the resourceName esx-01a.corp.local

2. Prvileged-username [email protected]
3. privileged-password VMware1!
4. Click Execute
5. Expand PageOfCredential and Credential(GUID) View the password
information (see yellow box below) Your password will be different then what is
listed below.

HOL-2046-01-HCI
Login to ESX
End of Module 7
This concludes Module 7, changing and rotating passwords with SDDC Manager. Please
continue on to Module 8 - "How To Remove Hosts, Clusters, and Workload Domains."

HOL-2046-01-HCI
Module 8 - Multi-Instance
Manager (30 Min)

HOL-2046-01-HCI
Multi-Instance Management
Multi-Instance Management
Rainpole has seen great success in modernizing their data center with VMware Cloud
Foundation. Sam, Rainpole’s Cloud Administrator, has deployed a new data center to
keep up with Rainpole’s expanding business, and infrastructure. With the expansion
Rainpole is looking to keep operating expenses low and therefore Sam will be operating
both data centers, but will have some remote hands at the new data center. Cloud
Foundation was a great fit for Rainpole in this case by utilizing the Multi-Instance
Management features.
Let’s review what the Multi-Instance Management feature is, and what advantages it will
have for Rainpole.
From the VMware Cloud Foundation Operations and Administration Guide: Multiple Cloud
Foundation instances can be managed together by grouping them into a federation,
such that each member can view information about the entire federation and the
individual instances within it. Federation members can view inventory across the Cloud
Foundation instances in the federation as well as the available and used capacity (CPU,
memory, and storage). This allows you to maintain control over the different sites and
ensure that they are operating with the right degree of freedom and meeting
compliance regulations for your industry. It also simplifies patch management by
showing the number of patches available across sites in the global view.

HOL-2046-01-HCI
SDDC Manager Log In

HOL-2046-01-HCI
Create a Federation
Start the Create a Federation Wizard

HOL-2046-01-HCI
1. Select the Multi-Instance Manager icon at the top of the screen

2. Select Create under Create a Federation
Create a Federation Wizard
This will be the start of our federation. Once complete we can add additional members
and controllers to our federation.

HOL-2046-01-HCI
1. Federation Name: Rainpole

2. Member Name: Site-1-VCF
3. FQDN: sddc-manager.corp.local
4. Country: United States
5. City: San Francisco
6. Click Create
Invite Member
Invite the second site

HOL-2046-01-HCI
1. Click Invite Member to select the next site
Invite Member Wizard
Enter member FQDN
1. Enter the FQDN of the second SDDC Manager, sddc-manager-2.corp.local

2. Select CHECK CERTIFICATE
3. Click the Confirm fingerprint checkbox
4. Click Next

HOL-2046-01-HCI
High Availability
We will not be enabling high availability for this lab due to time constraints. You are able
to designate 2 additional servers as controllers. This will ensure accessibility if you lose
access to one of the controller sites.
1. Click Next
New Member Setup
There are two options for joining the federation. You can either use the URL to launch
the dialog box and enter the required information or copy the token and controller FQDN
to manually join the federation from the other SDDC manager.

HOL-2046-01-HCI
1. Click the URL - This will launch another tab in Chrome to sdcc-manager-2 and
start the setup of

HOL-2046-01-HCI
Join Federation
1. Enter the Member Name: Site-2-VCF

2. Select United States as the country
3. Select Atlanta for the city.
4. Click CHECK CERTIFICATE, you should see a green Certificate validated
successfully message.
5. Click JOIN
Explore Multi-Instance Management
Once joined you will see the world map where you can see and select the different VCF
instances that have been registered to the VCF Federation.

HOL-2046-01-HCI
1. Select the Atlanta location

2. View the capacity information
3. Close the

HOL-2046-01-HCI
Detail View
1. Select the Detailed view icon

2. Expand Site-1-VCF to see the Workload domain details
3. Click NFS-WLD

HOL-2046-01-HCI
SDDC Manager 1
1. Click the SDDC Manager tab

2. Click Done
Login to SDDC-Manager-2
1. Select the Atlanta site

2. Click LOGIN

HOL-2046-01-HCI
If you closed the sddc-manager-2 tab you will need to re-login using
[email protected] and VMware1!
Leave the Federation
On either SDDC Manager follow the steps
1. Select the detailed view

2. Select the three dots next to Site-2-VCF
3. Click Leave Federation

HOL-2046-01-HCI
Leave Federation
1. Enter the Federation Name: Rainpole

1. This name must match whatever you named the federation. You can find
the exact spelling in the window. This is a safety feature so you don't leave
the federation accidently.
2. Click LEAVE
End of Module 8
This concludes Module 8, easily manage multiple VMware Cloud Foundation instances
through a single management interface.

HOL-2046-01-HCI
Module 9 - How To
Remove Hosts, Clusters,
and Workload Domains
(45 Min)

HOL-2046-01-HCI
Remove Hosts, Clusters, Workload

Domains
Initial Log In
https://psc-1.corp.local

HOL-2046-01-HCI

HOL-2046-01-HCI
Remove Host from a Cluster
You have just been informed that Rainpole Inc. has secured a major contract with the
leading Enterprise Public Cloud provider. Work on this new project is to begin
immediately. In order to support the various workloads needed for the project, additional
compute capacity will be required for the new vSphere cluster you will be
commissioning.
You will now proceed to remove and decommission the ESXi host you recently added to
the MGMT Workload domain

HOL-2046-01-HCI
1. Navigate back to the SDDC Manager interface by selecting the first browser tab
at the top of the screen.
2. Select the Workload Domains sub-menu item below the Inventory menu in the
left navigation menu
3. Click the link VIEW DETAILS
1. Click the MGMT Workload domain link near the bottom of the Workload Domains
page
Select Cluster

HOL-2046-01-HCI
1. Select the Clusters menu item in the lower half of the main MGMT page.
2. Click on the link CORP-MGMTWLD.
Select Host for Removal
1. Select the Hosts Menu item

2. Place a checkmark in the box next to the esx-11a.corp.local host
3. Click the Remove Selected Hosts link to proceed
You will see the Remove hosts dialog box informing you that once the host is removed it
will need to be decommissioned prior to adding it to another domain.
1. Click the Remove button to execute the removal of the host.
*In the unlikely event that the removal of the host fails, you can select the Force
Remove Host checkbox

HOL-2046-01-HCI
- If needed, check the box and then click Remove.
Monitor Host Removal Progress
Refresh link.
2. Click the Removing host(s) from cluster link to see the subtasks. Drill down
into all associated tasks that have been performed.
Check the Status of the Sub Tasks

HOL-2046-01-HCI
2. Review the status of all subtasks and ensure that all complete successfully.
3. Click REFRESH to update the status information. (This process could take up to 5
minutes.)
4. The final subtask is ReleaseLockContractAction which would indicate a
Successful removal of the host from the cluster.
Remove a Cluster
To remove a cluster start by navigating to the cluster you would like to remove we will
do this by logging into SDDC Manager (left most tab in your browser) and then navigate
by clicking

HOL-2046-01-HCI
1. Select Workload Domains

2. Click on the link VIEW DETAILS
1. Click on the link NFS-WLD
1. Click on the link Clusters

HOL-2046-01-HCI
1. By selecting the three dots in front of RainpoleAppCluster then

2. Clicking Delete Cluster, we can begin this workflow:
1. For extra security we will need to type the name of the cluster
RainpoleAppCluster before a delete will occur
2. Fill out the name and then click Delete Cluster, progress can be monitored in
tasks
1. Progress can be monitored in Tasks. Once the task is successful (approximately

5-10 minutes) we can proceed to the next step
Bulk Host Decommission
You can decommission multiple hosts at one time. To begin, log in to SDDC Manager

HOL-2046-01-HCI
1. Click Inventory>Hosts on the left navigation bar.
1. Then click UNASSIGNED HOSTS

HOL-2046-01-HCI
1. Select the Checkbox to select all the hosts to be decommissioned

2. Then select DECOMMISSION SELECTED HOSTS
1. Select CONFIRM
Again, the progress can be tracked in the Tasks view.
Workload Domain Deletion
You just received a call from the IT Director of Rainpole Inc. An existing company project
has had it's delivery deadline moved up a few months. In order to meet this new
deadline, additional compute capacity will be required to support the application
workloads and additional development staff.
In order to provide the additional capacity for the project, you will need to decomission
the VI-WLD Workload Domain
Let's walk through reclaiming this capacity for Rainpole Inc. Keep in mind this may be a
long running task.

HOL-2046-01-HCI
Before you proceed with the deletion of the workload domain lets confirm what we will
be decomissioning in the vSphere Web Client.
1. Click on the second tab in the browser to view the vSphere Web Client.
2. You should already be authenticated and logged into the vSphere Web Client if
you followed the directions at the beginning of this module. If however the
session has timed out, simply Refresh the browser page to re-authenticate to
vCenter.
3. Expand the vcsa-02a.corp.local vCenter server listed in the Navigator pane.
Expanding the view further shows the Datacenter NFS-WLD-DC, the
Production and RainpoleAppCluster Cluster, and the 6 ESXi Hosts.

HOL-2046-01-HCI
Select Workload Domain
1. Select the SDDC Manager Tab at the top of the browser window.
2. Under the Inventory menu item on the left side menu, highlight the Workload
Domains option, then click View Details.
3. Scroll down to the bottom of the main section of the page. Click the 3 vertical
dots icon next to the NFS-WLD Workload Domain.
4. On the pop-up, Click the Delete Domain option from the drop down menu.
Workload Delete Confirmation
The Delete confirmation dialog box ensures that a deletion of a Workload Domain is not
done accidentally. Verify that you have the correct Work Load Domain by typing the
name in the field.
1. Type the workload domain: NFS-WLD. You will notice that the DELETE
WORKLOAD DOMAIN button is now active.

HOL-2046-01-HCI
2. Click the red DELETE WORKLOAD DOMAIN button to proceed with the
Workload Domain deletion.
Performing this operation, in this fashion will correctly invoke all cleanup functions and
ensure the proper removal of vCenter Server, NSX Manager, and the NSX controllers
from Management Workload Domains vCenter inventory.
Monitor Removal Tasks
1. To monitor the progress of the Workload Domain removal, select the Refresh or
Expand arrows button on the upper right side of the Tasks window.
2. Click on the Removing domain NFS-WLD Task item
3. Click on the arrows links to view additional information for each Subtask.
Deletion Confirmation
1. Click Refresh under Subtasks. This will allow you to view the most up to date
information regarding the tasks currently running.

HOL-2046-01-HCI
2. Continue to monitor the subtasks until the ReleaseLockContractAction subtask

indicates a status of Successful.
The completion of this over-all action can take up to 5 minutes to complete depending
upon the performance in Hands On Labs. You may continue to monitor this task or
proceed with the next module.
End of Module 9
You have completed Module 8. In order to proceed to another module end the lab and
start the lab again. Please take a few minutes to provide feedback on your experience
taking the lab as this will help with future updates to this lab.

HOL-2046-01-HCI
Module 10 - Working with

Horizon Workload
Domains (45 Min)

HOL-2046-01-HCI
Hands-on Labs Interactive Simulation:

Create Horizon Domain
This interactive simulation walks you through
1. How to build a Horizon Workload Domain using VMware Cloud Foundation
The interactive simulation will allow you to experience steps which are too time-
consuming or resource intensive to do live in the lab environment.
1. Click here to open the interactive simulation. It will open in a new browser
window or tab.
2. When finished, click the “Return to the lab” link to continue with this lab.

HOL-2046-01-HCI

Create Horizon Desktop Pool
1. How to build a Horizon Desktop Pool
window or tab.

HOL-2046-01-HCI

Expand Horizon Cluster
1. How to expand a Horizon Cluster by adding an additional host
window or tab.

HOL-2046-01-HCI

Expand Horizon Domain
1. How to expand a Horizon Workload Domain by adding and additional cluster.
window or tab.

HOL-2046-01-HCI

Secure Desktops
1. How to secure desktops leveraging the capabilities of NSX for Desktops.
window or tab.

HOL-2046-01-HCI
Interactive Simulation Script: Create

Horizon Domain
In this simulation, we will demonstrate how easy it is to create a Horizon 7 domain using
Cloud Foundation. A Virtual Infrastructure Workload Domain alled "VDI-1" has been pre-
created backed by VSAN storage.
Horizon Reference Architecture:https://techzone.vmware.com/resource/workspace-one-

and-horizon-reference-architecture
Based on the Reference Architecture the following VM's will be deployed through this
process.
• 1 vSphere Cluster comprised of three vSAN Ready Nodes

• 2 SQL Databases
• 3 NSX Load Balancers
• 2 Connection Servers
• 2 Unified Access Gateway Appliances
• 2 App Volume Servers and
• 1 User Environment Manager Server
Create Horizon Domain
This part of the lab is presented as a Hands-on Labs Interactive Simulation. This will
allow you to experience steps which are too time-consuming or resource intensive to do
live in the lab environment. In this simulation, you can use the software interface as if
you are interacting with a live environment.
The orange boxes show where to click, and the left and right arrow keys can also be
used to move through the simulation in either direction.
The simulation is starting out at the SDDC Manager web interface where the
administrator user is already logged in.
We begin in the SDDC Manager web interface:
1. Click Workload Domain

2. Click Horizon
3. Click Next after confirming you will deploy a new Horzion Domain
4. Click Select All confirming all of the pre-requesites have been completed
5. Click Start Configuration
6. Click Domain Name
7. Enter 'Rainpole Horizon' as the Domain Name
8. Click Domain VM Prefix
9. Enter 'HZN1-'

HOL-2046-01-HCI
10. Click the Scroll bar

11. Click Upload OVA Template (Template has been staged for you)
12. Click Use Existing OVA Template
13. Click Select Template VM Names
14. Click the first template in the list
15. Click Management Port Group
16. Click on the second port group in the list which is a VDI-MGMT port group virtual
wire
17. Click Next
18. On the Select Existing VI Domains to Convert to Horizon Domain ensure VDI-1 is
selected and Click Next
19. On the Active Directory page, we can review the settings we have populated,
Click the scroll bar to finish reviewing the options
20. Click Next
21. Click the radio in front of HorizonSQL
22. Click Edit to review the settings that have been entered. We can see an Alias is
required and FQDN of the Existing SQL server. In addition we need to point it to a
SQL instance.
23. Click Scroll bar, additionally a port, username, and password are required.
24. Click Update
25. Click Next
26. Click the radio button in front of the lb-av.rainpole.local Load Balancer
27. Click edit to review the settings. We can see an Alias, FQDN, VM Name prefix, IP,
Subnet mask, and Gateway are required.
28. Click the Scroll bar, a CLI password for the NSX Load Balancer appliance is also
required
29. Click Update
30. Click Next
31. Click the radio buttion in front of cs1.rainpole.local
32. Click edit to review the settings, at the top the Horizon license, SQL Alias and SQL
DB are required, a computer name is also required poplulating the FQDN listed
below, as well as a VM Name, and IP address required as well.
33. Click Scroll bar to continue reviewing required information such as the subnet
mask and gateway.
34. Click Update, we can see in the list both cs1.rainpole.local and cs2.rainpole.local
will be provisioned
35. Click Next
36. Click Next as the Composer Server will not be used as Sam has chosen Instant
Clones
37. Unified Access Gateways (UAG) require two or three port groups depending upon
your architecture. Sam has chosen to use the more secure three port option.
This requires a DMZ, Internal, and Management port. Other settings required are
the VM prefix, and Load Balancer Alias.
38. Click the Scroll bar to continue, we have two UAG appliances that will be created
uag-1 and uag-2
39. Click Next

HOL-2046-01-HCI
40. On the App Volumes screen, we can see that VM Name Prefix, Load Balancer
Alias, Active Directory Admin Group, SQL Alias created earlier and Database
name are required
41. Click the scroll bar to review the final settings required which are the Datastore
selection using the vSAN datastore
42. Click Next
43. On the User Environment Manager we can see that additional information is
required such as the VM Name prefix, the IP address, Subnet Mask, Gateway,
Computer Name, VM Name
44. Click the scroll bar to review the Profile folder, Profile Sharename, Configuration
Folder, Configuration Sharename, and Data drive size. This will provision a
Windows VM based upon the template that was uploaded at the beginning.
45. Click Next
46. Click Next on the Review screen, this will allow SDDC Manager to validate all of
our inputs
47. As SDDC Manager Validates the inputs it marks them Successful
48. Click the scroll bar to review the validation
49. Click the scroll bar to review the validation
50. Click Finish, this will begin building our Horizon components in the Management
Domain
51. We can see the Rainpole Horizon Domain populate
52. Click the Double arrows in the bottom right to take a look at the tasks
53. Click on Adding VDI domain Rainpole to view the subtasks
54. Click the double arrows again to Expand the Subtask View
55. Click Refresh after some time to check the status of the deployment, we can see
it is now Installing the software on the Connection Servers
56. Click Refresh again to show the task has completed after some time.
57. Click the back button on the subtask to see the status of the creation
58. Click the Double arrows after observing that Adding VDI domain Rainpole task
shows successful
59. Click Rainpole Horizon to view the summary showing all of the services that were
defined through the wizard deployed
To return to the lab, click the link in the top right corner or close this browser tab.

HOL-2046-01-HCI
Interactive Simulation Script: Create

Horizon Desktop Pool
In this simulation, we will demonstrate how easy it is to create desktop pools on a
Horizon Domain created with Cloud Foundation.
Create Horizon Desktop Pool

HOL-2046-01-HCI
Interactive Simulation Script: Expand

Horizon Cluster
In this demo we will show how to connect to the VMware SDDC Manager and explore the
different types of Workload Domains that are pre-configured to perform different
functions. The function will determine the configured attributes of each Workload
Domain like CPU, Memory, Storage and more.
Horizon Cluster Expansion

HOL-2046-01-HCI

Horizon Domain
1. In this simulation, we will demonstrate how Cloud Foundation makes it easy to
expand an existing Horizon 7 environmetn by adding a new vSphere cluster.
Adding a cluster to a Horizon Domain
We begin by accessing the SDDC Manager web interface:
1. Click the three Elipsis in front of the Rainpole Horizon Domain

2. Click Expand Domain
3. Click drop down for Windows File
4. Click Use Existing OVA Template
5. Click the OVA Template to use
6. Click the second one in the list that has been used on the initial Horizon
deployment
7. Click the scroll bar, confirming no other inputs are required
8. Click Next
9. Click VDI-2 confirming we would like to connect our Horizon 7 Infrastructure to a
second Virtual Infrastructure Domain
10. Click Next
11. Click Next on the Active Directory screen as no changes are required
12. Click Next on the SQL server info page as no changes are required
13. Click Next on the Load Balancers info page as no changes are required. The new
Connection, App Volume, and UAG servers will be added to the existing load
balancing policies
14. Click cs4.rainpole.local
15. Click cs3.rainpole.local, the details of these servers have been prepopulated and
will be added to the existing horizon infrastructure
16. Click Next
17. Click Next as this environment does not require Horizon Composer Servers

HOL-2046-01-HCI
18. Click uag-3 as the details have already been populated for this UAG appliance
and will be added to the load balancing policies like uag-1 and uag-2
19. Click Next
20. Click av-4.rainpole.local
21. Click av-3.rainpole.local, these App Volumes servers will be added to the load
balancing polices for the existing App Volumes servers.
22. Click Next
23. Click Next as no changes are required for our existing User Environment Manager
deployment
24. Click Next to begin the validation of our inputs
25. Click the scroll bar to review the validation as it progresses
26. Click the scroll bar to review the validation as it progresses
27. Click Finish to begin the deployment of the two additional Connection Servers, a
third Unified Access Gateway, and finally two additional App Volumes Servers
28. Click the double arrows to review the task
29. Click the task to review the sub tasks
30. Click the double arrows to expand the sub tasks
31. Click refresh to update the current status, we can see it has moved on to
uploading the Horizon Connection Server installation files onto the new servers
32. Click Refresh to see that it is now uploading Windows updates to the VM's
33. Click Refresh again to see that it has moved onto Installing the secondary App
Volumes Managers
34. Click Refresh a final time to see that it is completed
35. Click back to see the status of the Expanding VDI domain Rainpole Horizon is
successful
36. Click the x to close the task window
37. Click Rainpole Horizon to inspect the changes, we can see in the summary that
we now have 2 vCenters connected, 4 Connection servers, 3 Unified Access
Gateways, and 4 App Volumes Managers
38. Click Services VM's to see the list of servers
39. Click the scroll bar to review
40. Click the scroll bar to go back to the top
41. Click VI tab to review that the second VDI-2 workload domain has been connected
successfully
Here we see the workload domain expansion workflow has completed. Viewing the
domain details, we are able to see the links to the additional horizon service
components that were created as part of the expansion.
In this simulation we saw how to leverage Cloud Foundation, with the advanced
automation capabilities of the VMware SDDC Manager, to quickly and easily add a
second vSphere Cluster to expand an existing Horizon 7 environment.

HOL-2046-01-HCI
Interactive Simulation Script: Secure

Desktops
In this simulation, we will demonstrate how easy it is to use VMware NSX to quickly
secure desktops in a Horizon Domain.
Horizon 7 Secure Desktops using NSX for Desktops in

Cloud Foundation
We begin by accessing the SDDC Manager web interface:
1. Click on Workload Domains

2. Click on View Details
3. Click on VDI-1
4. Click on Services
5. Click vcenter-vdi1.vrack.vsphere.local
6. Click Add in NSX Groups and Tags
7. Enter CallCenterDesktops into the Name field
8. Click Next
9. Click Entity
10. Click VM Name
11. Click Contains
12. Click Starts With
13. Click to Enter Text
14. Enter CallCenter
15. Click Next
16. Click Finish
17. Click Menu
18. Click Hosts and Clusters
19. Click Launch Web Console on CallCenter-9 to see the security threat
20. We can see that the users have begun sharing files amongst themselves
21. Lets validate that their communication via ping.
22. Click in the Command Prompt Window

HOL-2046-01-HCI
23. Enter 'ping callcenter-8.rainpole.local'

24. Click Enter key to test the ping
25. We can see that the ping test between CallCenter Horizon 7 Desktops is
successful, let's provide security using the previously created group
26. Click the vSphere Client tab in the browser
27. Click Menu
28. Click Networking and Security
29. Click Firewall
30. Click the + to Expand the Firewall Rules
31. Click Add Rule
32. Click Under name and enter 'Desktop to Desktop'
33. Click the Pencil under source
34. Click CallCenterDesktops Dynamic Security Group
35. Click the Arrow
36. Click Save
37. Click the Pencil under Destination
38. Click CallCenterDesktops Dynamic Security Group
39. Click the Arrow
40. Click Save
41. Click Allow under action
42. Click Block
43. Click Publish
44. Now let's confirm that the firewall policy puts Sam back in compliance
45. Click the CallCenter-9 tab in the browser
46. Click in the Command Prompt window
47. Enter the up arrow on the keyboard to retrieve our last ping command
48. Select the Enter key on the keyboard to start the ping
49. Looks like the Ping is failing lets see if we can open the passwords file on the
right.
50. Double Click the passwords file
51. Looks like that file is no longer accessible
52. Click OK
53. Click This PC to verify the status of the network drive
54. Looks like that is disconnected as well.
With the changes made we were able to prevent unauthorized access to the file shares
for both existing desktops as well as any new desktops deployed in the future. This
simulation we saw how leveraging VMware NSX distributed firewall to quickly respond to
a critical compliance violation.

HOL-2046-01-HCI
Module 11 - Working with

PKS Workload Domains
(45 Min)

HOL-2046-01-HCI

Deploy Virtual Infrastructure Workload
Domain
1. How to create a virtual infrastructure workload domain for PKS
1. Click here to open the interactive simulation It will open in a new browser window
or tab.
When finished, click the “Return to the lab” link to continue with this lab.

HOL-2046-01-HCI
Interactive Simulation Script: Deploy

Virtual Infrastructure Workload
Domain
Enterprise PKS Domain Creation
Welcome to this VMware Enterprise PKS on VMware Cloud Foundation demonstration.
This demo shows how to create a Virtual Infrastructure Domain in preparation for
installing Enterprise PKS in your Cloud Foundation private cloud.
Rainpole’s developers have traditionally looked to the public cloud as their primary
development platform due to its convenience and ease of use.
However, as the number of developer instances has increased, so too have concerns
about Rainpole’s ability to maintain control of their expanding public cloud footprint and
ensure the ongoing security and privacy of these environments.
To address these concerns, the executive team has tasked Monique, the director of IT, to
provide an on-premises alternative that will enable Rainpole to:
• Provide an on-premises enterprise-class Kubernetes solution that is standardized,

repeatable, and highly scalable.
• Provide a predictable cost model and reduce overall public cloud spend
• Take advantage of existing Kubernetes knowledge, skills, and tools set.
• Provide the same level of flexibility, speed, and control that developers are
accustom to.
• Be compatible with existing management and monitoring tools used by the
infrastructure team.
Fortunately for Monique, Rainpole recently deployed Cloud Foundation. Which means
she can meet all of these requirements by implementing Enterprise PKS on top of Cloud
Foundation.
In preparation for deploying Enterprise PKS, Rainpole first needs to assign a portion of
their private cloud infrastructure to the development team for hosting Kubernetes
clusters. This can be done by creating a Virtual Infrastructure Domain.
Enterprise PKS requires NSX-T. Prior to deploying an NSX-T backed domain we must
download the NSX-T Install bundle and add an NSX-T license key. In addition we need to
download the PKS install bundle.
1. Click ">>" to expand the navigation pane

HOL-2046-01-HCI
2. Click "Download History"

3. Click "Licensing"
4. Click the Workload Domains tab
5. Click the +WORKLOAD DOMAIN" drop down
6. Click VI - Virtual Infrastructure
7. Click vSAN
8. Click BEGIN
9. Click the Virtual Infrastructure Name input field
10. Click NEXT
11. Click the vCenter IP Address input field
12. Click NEXT
13. Click to select NSX-T
14. Click the VLAN ID input field
15. Click NEXT
16. Click NEXT
17. Click esxi-5.vrack.vsphere.local
19. Click the scroll bar
22. Click NEXT
23. Click Select license for NSX-T for vSphere
24. Click Select license for VMware vSAN
25. Click Select license for VMware vSphere
26. Click NEXT
27. Click NEXT
29. Click FINISH
30. Click the up-arrows to expand the tasks pane
32. Click the expand icon
33. Click the Creating domain pks-infra workflow
34. Click the scroll bar? to scroll through the tasks
35. Click X to close the task pane
36. Click pks-infra
37. Click Clusters to view information about the vSphere Cluster.
38. Click Hosts to view information about the ESXi hosts in the Cluster.
39. Click Services
40. Click vc01.vrack.vsphere.local?
41. Click pks-infra-DC
42. Click clus01
43. Click the storage icon
45. Click pks-infra-vc01-clus01?
46. Click the Hosts tab
47. Click the network icon
49. Click the SDDC Manager browser tab

HOL-2046-01-HCI
50. Click the nsxtmgr.vrack.vsphere.local link

51. Click 3 NSX Nodes
53. Click Fabric
54. Click Nodes
55. Click the None: Standalone Hosts dropdown
56. Click vc01.vrack.vsphere.local
57. Click clus01 (4)
59. Click Back to Virtual Infrastructure Workload Domains
60. Click Dashboard

HOL-2046-01-HCI

Deploy PKS
1. How to deploy a PKS Workload Domain using VMware Cloud Foundation
window or tab.

HOL-2046-01-HCI
Interactive Simulation Script: Deploy

PKS
Deploying Enterprise PKS
In this demo series, we demonstrate how to install Enterprise PKS in your Cloud
Foundation private cloud in preparation for deploying and consuming container services
with production-grade Kubernetes orchestration.
In the previous demo, we saw how a lack of insight and control in the proliferation of
public cloud adoption by the development team is creating security and privacy
concerns for Rainpole’s executive team. To mitigate these risks, Monique, the director of
IT operations, has been tasked to reduce Rainpole’s dependency on the public cloud by
providing an on-premises alternative for running Kubernetes based workloads.
To support this directive, Monique instructed the infrastructure team to deploy

Enterprise PKS on Cloud Foundation. In preparation for this, a new virtual infrastructure
domain was created, and routing configured with NSX.
Let’s join Rainpole as they install Enterprise PKS on their Cloud Foundation Private Cloud
We begin at the SDDC Manager dashboard.
Before deploying Enterprise PKS, we first created a Virtual Infrastructure Domain and
downloaded the Enterprise PKS software bundle from the Cloud Foundation repository.
1. Click Download History

2. Click View Detail
3. Click Exit Details
4. Click Workload Domains
5. Click +Workload Domain
6. Click PKS
7. Click Select All
8. Click BEGIN
9. Click Enter a name for the solution
10. Click NEXT
11. Click Select T0 Router
12. Click NEXT
13. Click the scrollbar
14. Click NEXT
16. Click NEXT
17. Click Management Network CIDR

HOL-2046-01-HCI
18. Click NEXT

19. Click Kubernetes Network CIDR
20. Click NEXT
21. Click Availability Zone Name
22. Click ADD
23. Click NEXT
25. Click NEXT
27. Click FINISH
28. Click FINISH
29. Click to expand the task pane
30. Click Install and configure PKS
33. Click < Subtasks of Task Install and configure PKS
34. Click X to close the tasks pane
35. Click PKS
36. Click Service VMs
38. Click VI
39. Click Back to PKS Domains
40. Click PKS
41. Click Configuration Details
42. Click vsphere - slc-mgmt-clus01 browser tab
43. Click PKS-MGMT
44. Click PCF-manager
45. Click vm-91bbce92-98
46. Click vm-e2b8a86f-e4
47. Click PKS-COMPUTE
48. Click vm-f49586631-bc
50. Click Service VMs
51. Click Pivotal Ops Manager
52. Click SIGN IN
Here we see the PCF Operations Manager where we can view and configure the settings
for the components that make up Enterprise PKS .
VMware Enterprise PKS is deployed, and we’re ready to turn things over to our
development team so they can begin using their Kubernetes clusters.

HOL-2046-01-HCI
Follow Rainpole on their digital transformation journey with the next click-through
demonstration where will configure the NSX-T Fabric in preparation for deploying
Enterprise PKS on Cloud Foundation.
For more information on VMware Cloud Foundation, visit our website at vmware.com/go/
cloudfoundation.

HOL-2046-01-HCI

Expand PKS Workload Domain
1. How to expand a PKS Workload Domain using VMware Cloud Foundation
window or tab.

HOL-2046-01-HCI

PKS Workload Domain
VMware Cloud Foundation
Enterprise PKS Domain Expansion
Rainpole’s developers have traditionally looked to the public cloud as their primary
development platform due to its convenience and ease of use.
However, as the number of developer instances has increased, so too have concerns
about Rainpole’s ability to maintain control of their expanding public cloud footprint and
ensure the ongoing security and privacy of these environments.
To address these concerns, the executive team has tasked Monique, the director of IT, to
provide an on-premises alternative that will:
• Provide an on-premises enterprise-class Kubernetes solution that is standardized,

repeatable, and highly scalable.
• Provide a predictable cost model and reduce overall public cloud spend
• Take advantage of existing Kubernetes knowledge, skills, and tools set.
• Provide the same level of flexibility, speed, and control that developers are
accustom to.
• Be compatible with existing management and monitoring tools used by the
infrastructure team.
Fortunately for Monique, Rainpole recently deployed Cloud Foundation. This means she
can meet all of these requirements by implementing Enterprise PKS on top of Cloud
Foundation.
This demo shows how easy it is to add additional capacity to Enterprise PKS running on
Cloud Foundation by expanding a Virtual Infrastructure Domain.

HOL-2046-01-HCI
Rainpole's current Enterprise PKS solution is running on a single domain with four hosts.
1. Click VIEW DETAILS

2. Click the vSphere - clus01 - Summary tab
5. Click pks01
6. Click VI
7. Click pks-infra
8. Click Clusters
9. Click clus01
10. Click Hosts
11. Click ACTIONS
12. Click Add Host
18. Click NEXT
19. Click the license drop down
20. Click to select the vSphere License
21. Click NEXT
23. Click FINISH
24. Click the arrows to expand the tasks pane
25. Click the vSphere - clus01 - Summary tab
27. Click Reset to Green to clear the alarms
28. Click SDDC Manager tab
29. Click to expand the tasks pane
30. Click Adding new host(s) to cluster
33. Click X
36. Click Back to pks-infra
37. Click Back to Virtual Infrastructure Workload Domains
38. Click the VMware NSX Login tab
39. Click System
40. Click Fabric
41. Click Nodes
42. Click the None: Standalone Hosts dropdown
43. Click vc01.vrack.vsphere.local
44. Click clus01 (8)
46. Click Back to Workload Domains

HOL-2046-01-HCI
Conclusion
Thank you for participating in the VMware Hands-on Labs. Be sure to visit
http://hol.vmware.com/ to continue your lab experience online.
Lab SKU: HOL-2046-01-HCI
Version: 20191203-180944

VMWare Hol 2046 01 Hci - PDF - en

Uploaded by

Copyright:

Available Formats

VMWare Hol 2046 01 Hci - PDF - en

Uploaded by

Document Information

Original Title

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

VMWare Hol 2046 01 Hci - PDF - en

Uploaded by

Copyright:

Available Formats

HOL-2046-01-HCI

Lab Overview and Guidance

The Table of Contents can be accessed in the upper right-hand corner.

Module 1 - Workload Domain Exploration (30 minutes)

Module 2 - User Interface Exploration (30 minutes)

Module 3 - Patching and Upgrading (30 minutes)

Module 4 - Workload Domain Expansion (30 minutes)

Module 5 - Workload Domain Multi-Cluster (30 minutes)

Module 6 - Certificate Authority Configuration (30 minutes)

Module 7 - Password Rotation (30 minutes)

Module 8 - Multi-Instance Manager (30 minutes)

Module 9 - How To Remove Hosts, Clusters, and Workload Domains (45

Module 10 - Working with Horizon Workload Domains (45 minutes)

Module 11 - Working with PKS Workload Domains (30 minutes)

• SDDC Manager - Virtual appliance that provides administrators with a centralized

• vRealize Operations - Correlates data from applications to storage in a unified,

• SDDC Manager as Sam Jones

• All vRealize Operations Instances

• vCenter Server Admin Console

• vSphere Web Client

• VMware NSX Manager

• vRealize Log Insight

• vRealize Suite Lifecycle Manager

Accessing the Online International Keyboard

Click once in active console window

1. Click once in the active console window.

Click on the @ key

1. Click on the "@"key.

Notice the @ sign entered in the active console window.

Activation Prompt or Watermark

This cosmetic issue has no effect on your lab.

Look at the lower right portion of the screen

Workload Domain Overview

Page Loading Symbol

Log in to SDDC Manager

Login to the vSphere Client

Workload Domain Exploration Video

Overview of Workload Domain Creation in VMware Cloud Foundation.

Workload Domain Exploration

Management Workload Domain

MGMT - Deep Dive

Select the NFS-WLD

Now Select the NFS-WLD

Example Workload Domain NFS

1. The Summary tab shows NFS as the storage type.

Example Workload Domain NSX-T

1. Select the Services tab.

Workload Domain Summary

The workflow will automatically:

By leveraging a separate vCenter Server instance per Workload Domain, software

The result is a workload-ready SDDC environment.

Module 2 - User Interface

Add User Account and vRealize

Log in to SDDC Manager

Login to the vSphere Client

Manage User Accounts

1. Select the browser tab for the SDDC Manager

Select and Add User

1. Ensure that the CORP.LOCAL domain has been selected