Blog Series – Onboarding and Managing VMware Cloud on AWS – Part 2: Deploying an SDDC and Connecting your AWS account.

Learn how to deploy your SDDC and connect it to your AWS account. This article walks you through the steps involved in running the CloudFormation template in the VMware Cloud on AWS portal so that you can deploy your SDDC.

Part 2: Deploying Your SDDC and Connecting it to Your AWS Account

In Part 1 of this blog series, we reviewed all the information and prerequisites required to deploy an SDDC. With that information in hand, you’re ready to link your AWS account and deploy your SDDC. This article walks you through the steps to set up a fully operational SDDC. Stay tuned for the next article on SDDC configuration and connectivity.

Connect to the VMware Cloud Portal and AWS

In order to deploy your SDDC, you’ll need access to both the VMware Cloud Portal and the AWS account that will be linked to the SDDC. In many organizations, this will require people from different teams – don’t worry, though, as the tasks can also be done independently if all parties are not available at the same time. 

Once an AWS account is linked to a VMware Cloud Services Org, additional SDDCs can be deployed to it without relinking after the necessary VPC and subnet(s) are created. Direct access to the AWS account is also not required for ongoing management.

Prior to creating the SDDC or linking the account, ensure that the AWS VPC and subnets are created in the correct region(s) and availability zone(s) (AZs). Follow the guide in Part 1 to help determine the appropriate CIDR for your VPC and subnets. Keep in mind that the size of the subnet being used should be a /26, and the VPC should be large enough to support other subnets for current and future native AWS services and instances that will communicate with the SDDC.

Deploy the SDDC

To start, log in to the portal, select SDDCs in the left-hand navigation, and click on the Create SDDC button. Then, follow the steps below.

STEP 1: ENTER THE SDDC PROPERTIES

First, complete the information required in Step 1 (as per the previous article in this series). You will need to select the AWS region where the SDDC will be deployed; and specify whether it should be a Single- or Multi-Host SDDC, including whether it should be a stretched cluster. If using a stretched cluster, ensure that the region selected supports stretched clusters (see the documentation for the currently supported list of regions). Select the host type, and finally give the SDDC a meaningful name. 

Once all the correct options are selected, click on the Next button to proceed to the AWS account linking in Step 2.

STEP 2: CONNECT TO AWS

If you are deploying a single-host SDDC, you have the option to skip the account linking process – this means you can deploy the SDDC and run it for up to 14 days before having to link it to an AWS account. 

A multi-host (production) SDDC must be linked at the time of creation. 

If this is the first time you are deploying an SDDC in your Org, the only option available from the “Choose an AWS account” dropdown will be “Connect to a new AWS account”.  Otherwise, you can select the desired account without having to run the CloudFormation template.

Creating your CloudFormation stack

Option 1. Logging into the AWS console and VMware cloud portal in the same browser

Simply click on the “Open AWS console with CloudFormation template” button – which opens the AWS console in a new tab, and once logged in, will present the CloudFormation screen fully populated.

Check the box that acknowledges that AWS CloudFormation might create IAM resources, then click on the “Create stack” button. It takes a couple of minutes for the stack status to show CREATE_COMPLETE. 

Note: the region will be set to “Oregon”. Even if you are deploying an SDDC in a different region, you don’t need to change this – the configuration is available globally.

Option 2. Creating a manual link so someone else can run the template

If the template needs to be run by someone else with the appropriate AWS account access, then a manual link can be created. Follow these steps to get your link (just be aware that the link is only valid for 30 minutes, so it must be used right away):

  1. Log in to the VMware cloud services console and get the Org ID. In the console, click on your name in the top right, then select View Organization. Copy the value of the Long Organization ID. 
  2. Click the waffle menu in the top right and select Cloud Services Console, then click on VMware Cloud on AWS to return to the main page that provides the option to create an SDDC.  
  3. Leave that tab open, and in a new tab enter the URL https://vmc.vmware.com/vmc/api/orgs/ORG-ID/account-link, replacing the text ORG-ID with the Long Organization ID value you copied.  
  4. This should result in a page that returns a JSON object. The second item in the JSON is “template_execution_url”.  Copy the value of this field, which starts with https://console.aws.amazon.com, and ends at the first double quote.  
  5. Give the URL to the AWS account administrator to paste into their browser (remember, they only have 30 minutes). The link goes directly to the populated CloudFormation stack creation page. All they have to do is check the “I acknowledge that AWS CloudFormation might create IAM resources” box, then click on the “Create stack” link and watch for the stack creation to complete. 

The main function of the CloudFormation template is to create IAM roles and grant VMware-managed AWS accounts the required access to your AWS account. These roles grant access to read VPCs and subnets and to create/modify/delete route tables and network interfaces – this access must remain intact for SDDCs to operate correctly.  

An additional function of the CloudFormation is to create a Lambda function. This function is used only at the initial account linking phase, to provide the status of the CloudFormation template creation back to VMC so that the account linking can be registered and used for SDDC creation.

Once the CloudFormation stack has been created, return to the VMware Cloud on AWS portal. The account will appear in the dropdown for “Choose an AWS account” on Step 2 of the SDDC creation workflow. Validate that the correct AWS account number is showing, select it, and click next to proceed to step 3.

STEP 3: ENTER THE VPC AND SUBNET

The VPC dropdown should be populated with all the VPCs in the AWS account within the chosen region. Select the desired one. 

Once the VPC is selected, the list of subnets in the VPC will be shown. Select the one to link to the SDDC. Select 2 subnets in different AZs if creating a stretched cluster SDDC. If the subnet shows “Not Available” it could be that the selected host type is not available for VMC in that AZ, so select a different subnet/AZ.

If the expected VPC or subnet is not shown in the list, ensure that it was created in the correct region and that it was created prior to running the CloudFormation template to link the account. If it was created after the CloudFormation template and there was no other subnet in the same AZ, it may be necessary to delete the CloudFormation stack and run the template again. 

Note: Do not delete the CloudFormation stack if any SDDCs were already created using it. Instead, contact VMware support through chat on the “?” menu in the VMware cloud console for assistance, so your org can be re-mapped.

Once the VPC and subnet have been selected and there are no errors, proceed to step 4 by clicking the Next button. 

STEP 4: ENTER THE MANAGEMENT CIDR

In this step, enter the management CIDR to be used by the SDDC. If presented with a validation error, ensure that the CIDR entered meets all the requirements shown, and verify that it does not overlap with the VPC CIDR selected in step 3. If you leave this field blank, it will automatically use the default of 10.2.0.0/16 (note that this CIDR cannot be changed afterward).

STEP 5: CONFIRM CHARGES

In this step, you’re asked to confirm that you understand the billing model, as charges will be incurred once you click on “Deploy SDDC”. The process cannot be canceled once started. If you later realize you did make an error, you will need to wait until the SDDC deployment completes (it typically takes about 90 minutes, depending on the region and the load on systems) and then delete the SDDC – some charges will be billed if you do not have matching Reserved Instances available.

If you have purchased Reserved Instances that match the hosts selected for the SDDC (meaning the region and host type are the same, and the Reserved Instances were purchased in the same Org) then the SDDC will consume those Reserved Instances. If not, it will be billed at the on-demand pricing.

And that’s it! Your first SDDC deployment on VMware Cloud on AWS is complete. 

You can also check out this short video on how to deploy your first SDDC.

Learning Resources:

About the Authors

Michael Kolos

Customer Success Architect

Leave a Reply

Your email address will not be published. Required fields are marked *