Cisco Spaces: Connector Azure VMware

Cisco Spaces: Connector Azure VMware


Note

This Azure VMware solution is not supported and we recommend following the Cisco Spaces: Connector VM on Azure Environment guide.

The chapter shows you how to install a connector on Azure VMware. To do this, you must understand the various components of this solution.

  • The Azure VMware Solution (AVS) or Private Cloud is a service offered by Microsoft Azure in collaboration with VMware. It enables organizations to run and manage VMware workloads natively on Azure infrastructure. You can host services such as Cisco Spaces: Connector or wireless controllers.

  • Azure Virtual Network (VNet) is a building block in Microsoft Azure that enables you to securely connect and isolate Azure resources. It provides a way to create private, isolated, and highly available networks in the Azure cloud. You can deploy some of these services on this VNet:

    • Azure Bastion is a service provided by Microsoft Azure for secure and seamless Remote Desktop Protocol (RDP) and Secure Shell (SSH) access to virtual machines (VMs) in the Azure cloud. It acts as a secure gateway, eliminating the need to expose VMs on the Private Cloud to the public internet, and reducing the attack surface. With Azure Bastion, you can connect to your VMs directly from the Azure portal using a web browser, without the need for a public IP address or a VPN connection.

    • Jumpbox (or Jump Server): Jumpbox, or jump server, is a security measure used in networking environments. It's a system that sits between an internal network and external networks (such as the internet) and is a single point of entry for administrators. Instead of allowing administrators to connect directly to critical systems such as connector on the Private Cloud, they connect first to the jumpbox, which acts as a gateway to access other systems. This adds an additional layer of security and control over who can access sensitive systems.

  • Source Network Address Translation (SNAT): SNAT refers to a type of network address translation that translates the source IP address of outgoing traffic. SNAT is commonly used in scenarios where multiple private IP addresses from a local network need to access resources on the internet or another network.

Figure 1. Various Components to InstallConnector onAzure VMware

To deploy a connector on Azure VMware, you have to do the following:

  1. Creating an Azure VMware solution (or Private Cloud) and deploying the connector OVA on it.

  2. Creating an Azure Virtual Network. You can then allow administrators and users to access the connector through this VNet.

Creating an Azure VMware solution (or Private Cloud)

This chapter provides information about how to download and deploy the Cisco Spaces: Connector and obtain the URL for the connector GUI.

Before you begin

  • Identify the subscription you plan to use for the Azure VMware solution.

  • Identify the Size Hosts. This requires you to raise a case with Azure customer support.

  • Identify the address range and subnet for the private cloud. All your VMware resources including connector are hosted in this IP range.

SUMMARY STEPS

  1. Log in to portal.azure.com.
  2. Create a Resource.
  3. Choose the Azure VMware Solution service.
  4. In the Create a private cloud window that appears, fill the required details.
  5. Configure a segment for the private cloud.
  6. Specify the DHCP range to be used for this segment.
  7. Specify a DNS from the left-navigation pane or while installing the connector later.
    • You can use a public DNS while deploying the connector.
    • You can configure an internal DNS from the left-navigation pane.
  8. Provide internet connectivity using SNAT. From the left-navigation pane, click Internet Connectivity > Connect using SNAT. This enables outbound internet access for this private cloud.
  9. Find the credentials of this private cloud. From the private-cloud left pane, click VMware credentials. You can observe the credentials of various components of the private cloud. Make a note of these credentials for later use.

DETAILED STEPS

Step 1

Log in to portal.azure.com.

Step 2

Create a Resource.

From the left-navigation pane, click Create a Resource.

Figure 2. Create a Resource

Step 3

Choose the Azure VMware Solution service.

  1. In the Search services and marketplace field, search for an Azure VMware solution.

  2. From the displayed search results, click Create and choose the Azure VMware solution.

Step 4

In the Create a private cloud window that appears, fill the required details.

  1. Choose a subscription.

  2. Choose a resource group or create a new one.

  3. Choose the location of the service.

  4. Choose the size of the host.

  5. Choose the host location.

  6. Choose the number of hosts. The minimum number of hosts is three.

  7. Enter the address block. This IP address block is used to deploy various services such as connector, and these services are accessible via a browser from the Azure Virtual Network.

The Azure VMware solution (or private cloud) is created.
Figure 3. Create a private cloud
Figure 4. Create a private cloud

Step 5

Configure a segment for the private cloud.

  1. From the private-cloud left pane, click Segments. You can see that a default segment has already been created and allocated with addresses from the address range specified by you earlier. You can use this existing segment or create a new one.

Figure 5. Create a Segment

Step 6

Specify the DHCP range to be used for this segment.

  1. From the private-cloud left pane, click DHCP.

  2. Select the DHCP type as SERVER.

  3. Enter the Server Name as the segment chosen earlier for this private cloud.

  4. Enter the Server IP address as the segment address range selected earlier.

Step 7

Specify a DNS from the left-navigation pane or while installing the connector later.

  • You can use a public DNS while deploying the connector.
  • You can configure an internal DNS from the left-navigation pane.

Step 8

Provide internet connectivity using SNAT. From the left-navigation pane, click Internet Connectivity > Connect using SNAT. This enables outbound internet access for this private cloud.

Step 9

Find the credentials of this private cloud. From the private-cloud left pane, click VMware credentials. You can observe the credentials of various components of the private cloud. Make a note of these credentials for later use.

Figure 6. Various Components to InstallConnector onAzure VMware
Figure 7. VMware Credentials

Note

 

Note that ESXi also inherits the vSphere credentials.

Creating an Azure Virtual Network

Before you begin

Create a Azure VMware solution (or Private Cloud) and configure it with SNAT.

Procedure

Step 1

Create an ExpressRoute.

  1. From the Microsoft Azure Home Page, click ExpressRoute circuits.

  2. From the ExpressRoute circuits page that is displayed, click Create.

  3. From the Create ExpressRoute page that is displayed, enter the details of the Basic tab. Click Next.

    Figure 8. Basics Tab

  4. Click the Configuration tab. Fill in details such as Provider.

    Figure 9. Configuration Tab

  5. Click the Review + Create tab, and review the changes you have made. Click Create to create the ExpressRoute.

    Figure 10. Review + Create

Step 2

From the created Virtual Network, do the following.

  1. Create a Gateway subnet and provide an IP address.

  2. Create a Bastion and provide an IP address.

  3. Create an AzureBastion subnet and provide an IP address.

Step 3

Deploy a Windows Machine as a virtual machine. You can use this as a Jumpbox to access vSphere or NSXT-Manager.

  1. From the left-navigation pane, click Create a Resource

  2. Search for an operating system of choice. For example, Windows 11, click Create and choose the version of choice.

    Figure 11. Windows 11 virtual machine

  3. In the Create a virtual machine window, enter the relevant details

    Figure 12. Create a Virtual Machine
    A jumpbox of your preferred operating system is deployed. Use this to access your services.

Step 4

You can login to the vSphere service. Use the credentials retreived when creating the private cloud, from the VMware Credentials > vCenter Server credentials section.

  • Launch the Jumpbox, and use a browser to access the service.
  • Since Bastion is deployed on the virtual network, you can use SSH or remote desktop protocol (RDP) to access the service.
Figure 13. VMware Credentials
Figure 14. VMware Credentials

Note

 

ESXi inherits the vSphere credentials.

You can notice that there are at least three ESXi hosts available by default.

Step 5

Deploy the OVA on one of the hosted ESXi. See Deploying the Connector 3 OVA (Single Interface)