Building a vCloud Lab Part 3: vSphere 5 and vShield

This is part 3 of the multipart series on how I am building a public vCloud lab, this post will explain vSphere 5.0 setup on each of the host machines as well as how to setup vShield Manager for the cluster.

Installing ESXi 5.0

I won’t go too deep into this part as there are already a lot of how-to guides for installing vSphere 5… and it hasn’t even been publicly released yet. For the most part, the ESXi install is identical to that of 4.x, the only major difference is how the installer looks, as well as having to specify a root password during setup instead of after. We will install three ESXi hosts right now, and all of them will need to be on the same subnet (this will be our management subnet).

After you have your ESXi hosts installed we will want to load vCenter 5.0 (Linux appliance version) on to our management host.

Installing vCenter Linux Appliance

As I said in the first part of the series, I wanted to eliminate as many Windows server from this project as possible… anything that can run on Linux will run on Linux for increased stability and a minimized attack surface. The first thing we need to do is download the OVF and VMDK files from VMware.com after we get all of those downloaded importing the virtual machine on to our ESXi management host is pretty simple:

  1.  Launch the vSphere client and connect to the host where you want vCenter
  2. Click File -> Deploy OVF Template
  3. Browse to the location where you saved the OVF and VMDK files and select the OVF file
  4. Accept the EULA and proceed through the wizard
  5. Name the VM and also select if you want thick or thin provisioning
  6. Let the template Import and then power it on

After the VM has imported and you have powered it on it will try to boot up and get a DHCP address. If you don’t have DHCP running then you need to log in and set an address. Once it gets a DHCP address you can use a web browser to continue the setup.

 

To sign in at the web interface use “root” as the username and “vmware” as the password. You can now change the IP address of vCenter if you would like, a static IP is highly recommended. Next, we need to select what type of database we will use.

vCenter Database Options

Out of the box, the vCenter Linux Appliance will use an embedded database, for a lab deployment or a small cluster this would work fine, but since we need an Oracle Database for vCloud Director, I figured we might as well setup vCenter to use the same Oracle Database as vCloud Director. To make this happen we just log in to the vCenter Web Interface and go to the database section and specify the proper Oracle information and click test. After it has passed those tests you can click save. Don’t forget to restart all of the vCenter services once you have done this. (Note you will also lose any saved information in the embedded database when you do this, so if you already have vcenter in use I would just keep using embedded)

(Note: Setup of an Oracle 10g XE database server was covered in Part 2 of the series)

vShield Manager Setup

The next part of our lab setup is vShield Manager, which is a required component of vCloud Director. It is vShield’s job to make sure that the different customers in our multi-tenant environment remain isolated and secure. It is also vShield’s job to do NAT, VPN termination, and port group isolation. To install vSheild we follow the same process as we did for vCenter, first download the ova template file from VMware.com. Then import it on to the management server just like you did with vCenter Server. Once importing has completed we need to power on vShield and wait for it to boot up, then login with “admin” as the username and “default” as the password. This will get us to a Cisco IOS-like prompt where we type “enable” then enter the admin password. Now that we are at the enable prompt type “setup” which allows us to set the ip address of the vShield Manager virtual appliance. Log out to make sure the changes take effect.

Now we can go to the IP address that we just entered into a web interface and log in with the default admin user credentials mentioned above.

After logging in we need to specify our vCenter server’s IP address and then click the “Register” button so that vShield “hooks” into vCenter. There is one last step which is to install the vShield Zones “worker” VM on each of the hosts in our vCloud cluster. To make this happen we need to expand out the list on the left and click on one of the hosts; then click “Install” to push the VM to the host. Make sure to install both vShield Zones and Edge Port Group Isolation.

Share This Post

2 Responses to "Building a vCloud Lab Part 3: vSphere 5 and vShield"

  1. In Part 2 of your VCD install series you install Oracle, then in Part 4 of the same series you say that you choose to use MSSQL and proceed to outline how to prepare MSSQL for VCD which is weird…but anyway, do the steps in 5 work for Oracle as well?

  2. Yes its pretty much the same, you just need to have the Oracle info instead of the MSSQL info …

    I probably was doing multiple vcd installs in the lab and forgot all about using oracle the first time.

Leave a Reply