25 minute read
This document is intended to help you get started quickly with pluscloud v and the associated self-service functions. For the extensive self-services as well as network, storage and VM management, use the VMware vCloud Director documentation.
This article covers step by step how to create VMs and/or vApps after the initial network setup and how to finally connect them to external networks or the Internet.
Our support is of course also available for this and other topics.
This documentation assumes that you already have your login details (user name and password) and your tenant URL.
With this data you can go directly to the pluscloud vCloud Director portal.
It is also helpful to have your other public IP addresses handy. You can also view these in the configuration dialogs if they are relevant.
In the pluscloud VMware, a tenant is represented as a so-called organization
.
Such an organization
manages user access and authorizations and contains one or more virtual data centers (OrgVDCs), which provide the computing resources for the virtualized workloads.
OrgVDC networks are virtual network segments that are deployed within a OrgVDC.
They are used to connect different components of a OrgVDC.
To provide access to the Internet from within the OrgVDC,
you can use a OrgVDC network that is connected to an edge gateway.
Such a network is usually created when the OrgVDC is deployed
with the name default-network
, but can be deleted and/or modified.
Furthermore, appropriate NAT rules must be created on the Edge Gateway to enable data traffic between OrgVDC components and the Internet.
Forwarded
for the network type.
The first address of the subnet used is bound to the Edge Gateway.New
button.For the type of network to be created, the Forwarded
option offers the possibility of selecting your edge gateway and enabling external communication.
Isolated networks are only available to your virtual machines and are decoupled from external connections.
The following parameters are relevant in the wizard for forwarded networks:
Parameter | Description |
---|---|
Scope | Selection of whether the network provides connectivity only for VMs in the current OrgVDC or in the data center group participating OrgVDCs. |
Type | Distinguishes whether a network is routed or isolated. Only routed networks offer external connectivity and a connection to the edge gateway. |
Edge Connection | The connection to the existing edge gateway can be established under this point. Internal is normally selected as the interface type. |
Allow guest VLAN | Enables the creation of VLANs with their own sub-interfaces. This option is usually not required and is not recommended. |
Distributed Routing | Enables distributed routing |
Name | Freely definable name for the network to be created. Serves as a reference to connect VMs to the network. |
Description | Optional free text to store further information (e.g. purpose and use of the network). |
Dual stack mode | Allows the network to have both an IPv4 subnet and an IPv6 subnet. |
Gateway CIDR | Specifies the internal IP addresses of the gateway, followed by the subnet in CIDR notation (IP/Netmask). |
Shared use with other OrgVDCs in the organization | Option to share networks across multiple virtual pluscloud DCs. Usually disabled. |
Static IP pool | Pool of IP addresses for automatic allocation to network components (such as VMs or vApp gateways) connected to the network. |
Primary and secondary DNS | The IP addresses of the DNS servers to be used. Usually the edge gateway. |
DNS suffix | If a specific DNS suffix is ​​required, this can be entered here and will automatically be used for the connected VMs. This suffix is ​​used as the default search domain for name resolution. |
An Edge Gateway is automatically assigned to each OrgVDC. This provides access to the Internet for your environment. It also offers various services, e.g. B. Gateway Firewall, NAT, DNS, IPAM and IPsec VPN.
By default, virtual machines have no connection to the outside world.
This must first be enabled using appropriate NAT and firewall rules in the Edge Gateway.
The Edge Gateway connections are configured using the Edges menu item in the left menu.
Clicking on the name of the Edge Gateway from the list opens the Edge Gateway administration menu.
To enable communication between VMs and the Internet, a few firewall rules, application port profiles and NAT rules are necessary.
We recommend that you set the application port profiles first. The application port profiles are needed to group ports for applications in one entity.
Application port profiles
tab must be selected in the Edge Gateway configuration.Add Port Profile
button.You can configure the following parameters in an application profile:
Parameter | Description |
---|---|
Name | Freely definable name for the application port profile to be created. |
Description | Optional free text to store additional information (e.g. purpose and use of the application port profile). |
Add port profile | Adds another protocol profile. |
Protocol | Selection of the protocol: TCP or UDP |
Port | Selection of the port or ports as a comma-separated list of port numbers |
We recommend that you set the NAT rules next.
These NAT rules specify how to translate between internal, usually private IP addresses from the RFC1918 address range and public IP addresses.
MOVE UP
and MOVE DOWN
buttons to set the appropriate order. Alternatively, you can also move the rules to a defined location using MOVE TO
.New
buttonNew
buttonA SNAT rule represents a specification of how a source IP should be translated to a destination IP. The source IP is usually within the OrgVDC while the destination IP is usually outside the OrgVDC network.
You should usually use SNAT rules if you want to access Internet resources from within the OrgVDC.
You should configure the following parameters:
Parameter | Description |
---|---|
Name | Freely definable name for the NAT rule to be created. |
Description | Optional free text to store further information (e.g. purpose and use of the NAT rule). |
Interface type | To create a SNAT rule, SNAT must be selected here. |
External IP | Here you use one of the public IP addresses assigned to you. |
External | The “external port” defines the port from the defined external IP address that is used to access the SNAT service. |
Internal IP | This is the previously defined IP subnet that you use internally. |
Application | An application profile is selected here. |
You can optionally configure the following parameters:
Parameter | Description |
---|---|
State | If this switch is activated, the NAT is configured statefully. This makes it possible to receive the corresponding responses for outgoing TCP requests. |
Logging | This option can be used to activate the logging of all traffic for this rule that is integrated in the edge gateway. You cannot view this logging yourself. We recommend that you leave this option disabled unless we instruct you to change your setting. |
Priority | If an address has multiple NAT rules, the rule with the highest priority is applied. A lower value means a higher priority for that rule. |
Firewall Matching | Specifies how the firewall determines an address match during NAT if the firewall phase is not skipped. Valid values ​​are as follows: Internal Address Matching Specifies that the firewall is applied to the internal address of a NAT rule. For SNAT, the internal address is the original source address before NAT is performed; For DNAT, the internal address is the translated destination address after NAT is performed; External Address Matching Specifies that the firewall is applied to the external address of a NAT rule. For SNAT, the external address is the translated source address after NAT is performed. For DNAT, the external address is the original destination address before NAT is performed Bypass Firewall phase is skipped. |
Internal IP | Here you use the public IP addresses or subnets assigned to you. |
Application | here an application profile is selected which defines the ports. |
A DNAT rule represents a specification of how a source IP should be translated to a destination IP.
The source IP is usually outside the OrgVDC while the destination IP is usually within the OrgVDC network.
You should usually use DNAT rules if you want to access a resource within the OrgVDC from outside the OrgVDC.
You should configure the following parameters:
Parameters | Description |
---|---|
Name | Freely definable name for the NAT rule to be created. |
Description | Optional free text to store further information (e.g. purpose and use of the NAT rule). |
Interface type | To create a DNAT rule, DNAT must be selected here. |
External IP | Here you use one of the public IP addresses assigned to you. |
External port | The “external port” defines the port from the defined external IP address that is used to access the DNAT service. |
Internal IP | This is the previously defined IP subnet that you use internally. |
Application | An application profile is selected here. |
You can optionally configure the following parameters:
Parameter | Description |
---|---|
State | If this switch is activated, the NAT is configured statefully. This makes it possible to receive the corresponding responses for outgoing TCP requests. |
Logging | This option enables edge gateway logging of all traffic related to this rule. You cannot override this logging. We recommend that you leave this option disabled unless we instruct you to change your setting. |
Priority | If an address has multiple NAT rules, the rule with the highest priority is applied. A lower value means a higher priority for this rule. |
Firewall Matching | Specifies how the firewall determines an address match during NAT if the firewall phase is not skipped. Valid values ​​are as follows: Internal Address Matching Specifies that the firewall is applied to the internal address of a NAT rule. For SNAT, the internal address is the original source address before NAT is performed. For DNAT, the internal address is the translated destination address after NAT is performed; External Address Matching Specifies that the firewall is applied to the external address of a NAT rule. For SNAT, the external address is the translated source address after NAT is performed. For DNAT, the external address is the original destination address before NAT is performed Bypass Firewall phase is skipped. |
Internal IP | Here you use the public IP addresses or subnets assigned to you. |
Application | here an application profile is selected which specifies the ports. |
The Edge Gateway also offers a firewall service that can restrict traffic between outside and inside an OrgVDC. This firewall cannot be used between network segments within an OrgVDC because this internal traffic is not routed through the service router where the firewall rules are evaluated.
You can move the rules using the MOVE UP
and MOVE DOWN
buttons to determine the appropriate order.
Alternatively, you can also move the rules to a defined location using MOVE TO
.
The firewall rules are processed from top to bottom and the first applicable rule is applied.
The last rule is always included and ensures that network communication is discarded unless it has been explicitly permitted by a previous rule.
Edit Rules
button.Here you can create new rules with NEW ABOVE
, which creates a new rule at the top of the list,
or by selecting an existing rule and then selecting NEW ABOVE
, which creates a new rule above the selected one.
You should configure the following parameters:
Parameter | Description |
---|---|
Name | Freely selectable name for the rule |
Category | Type of rule (not editable) |
State | Defines whether the rule is active or inactive. Inactive rules are ignored. |
Application | Selection of which application profile should be applied (collection of ports for an application) |
Source | Origin of data communication (example: DNAT - any source / SNAT - internal network) |
Destination | Recipient of the data communication (example: DNAT - internal network / SNAT - any line) |
Action | Determines whether the data communication is permitted, rejected or rejected with the corresponding information |
Protocol | Selection of the communication protocol used for the rule |
Logging | This option can be used to activate the logging of all traffic for this rule integrated in the edge gateway. |
Click Save
to accept the configured rules.
PSMANAGED rules
Please make sure to leave the PSMANAGED rules (plusserver_default_out
) in place.
These have a direct influence on the booked services.
If these do not exist, the management/function on the part of plusserver will be restricted.
The load balancer is an additional option that is subject to a fee.
This guide therefore does not cover load balancing.
An Edge Gateway offers limited options for setting up a VPN with IPSec.
This is not required for all setups and is therefore not described further in this guide.
Virtual workloads are virtual machines (VMs) that you can optionally group using so-called virtual applications (vApps).
vApps are used to group logically related virtual machines. For example, if you have a web application that consists of a web server VM, an application server VM and a database VM, it is a good idea to combine these three VMs together in a vApp.
When creating a vApp, only the name is mandatory.
In the example, a vApp with the name test
is created.
Everything else can be done afterwards or at the VM level.
In virtualization, one or more virtual IT systems are run on physical IT systems using a hypervisor.
The hypervisor uses software to provide the VM with virtual hardware that is encapsulated for this system and isolated from other VMs, and which the VM can use like regular hardware from your perspective.
Virtual machines can be created in two ways.
Actions
in the vApp created in the previous step and then use Add VM
.
Optionally, an expiration date for the vApp can be set under Extend Lease
, at which point the vApp should be stopped.
By default, vApps do not expire.Virtual Machines
in the sidebar.
Here you can view the existing VMs and create more using the New VM button.In both cases, you will see the same dialog for creating a new VM.
When creating virtual machines, you can basically choose between two alternatives:
VMs that are created directly via the vApp are also logically assigned to it directly.
VMs that are created via the Virtual Machines menu item are not initially assigned to a vApp.
However, they can be assigned to a vApp later via Actions
and Move to...
.
If you want to adjust the VM’s resources before switching it on, please deactivate the Switch on checkbox.
You will not find the checkbox in the vApp dialog. The VM takes on the power status of the vApp here.
To get the checkbox, you must choose the path described above via Virtual Machines
→ New VM
.
The relevant parameters vary depending on the selection.
Scroll down if necessary to see all the options.
Templates for VMs, also called VM templates, are used to accelerate and repeat the provision of VMs.
A VM template bundles vCPU, vRAM and vDisk resources with a pre-installed operating system.
This saves you from having to carry out the entire installation yourself.
This is therefore the default setting for new VMs.
When instantiating a VM template, the configurations and the hard disk(s) of the template are copied and can be adjusted.
Changes made to the template after instantiation are not applied to the VM.
VM templates prepared by plusserver can be found in the selfservice
catalog.
You are responsible for updating, patching and configuring these VM templates.
You can configure the following parameters for VMs that are created from a template.
Parameters | Description |
---|---|
Name | Name of the VM |
Computer name | Host name of the computer |
Description | Free text field for a short description of the VM |
Type | New for a new VM or From template to build on a VM template. |
Power on | Status of the VM after creation. If enabled, the VM will start automatically after creation. |
Templates | List of templates from the catalog |
Use custom storage policy | Allows you to override the performance class that the VM’s virtual disk template uses |
Storage policy to use | Specifies the performance class of the VM storage. |
Network adapter | Set up connectivity to an existing network and decide whether the IP is assigned via DHCP or manually. You can add network adapters later using the hardware details |
You can also create a completely new VM from a start image. The start image is an installation medium, comparable to a virtual installation DVD. Here you can flexibly install any compatible operating system, but you are also completely responsible for checking compatibility, selecting and installing the right drivers and making the correct settings.
We recommend that you only choose this installation method if your usage scenario is not possible with the templates provided.
Here there are significantly more setting options even before creation. You can configure the following parameters for new VMs.
Parameter | Description |
---|---|
Name | Name of the VM |
Computer name | Host name of the computer |
Description | Free text field for a short description of the VM |
Type | New for a new VM or From template to build on a VM template. |
Power on | Status of the VM after creation. If activated, the VM is started automatically after creation. |
Operating system family | Basic distinction whether Linux, Microsoft Windows or others |
Operating system | Detailed selection of distribution and version, e.g. Debian 9 64bit |
Start image | Selection of the start image |
Size (memory) | Predefined or user-defined selection of the VM size (number of virtual CPUs, cores per CPU, RAM) |
Storage | Number and size of attached hard drives, selection of storage policy |
Network adapter | Screenshot of establishing connectivity to the existing network, specifying the network card type (preferably VMXNET3) and deciding whether the IP is assigned via DHCP or manually; adding additional network adapters |
The set sizes for RAM and CPU can be adjusted at any time afterwards using the Edit button. The size of a data storage device (memory) can only be increased afterwards, not reduced. Depending on the configuration and operating system, this usually requires temporarily switching off the VM.
To successfully log in to a VM, you need the correct access data. If you installed the VM from a boot image, you should have created the corresponding access data during the installation. For the templates in the selfservice
catalog, the standard of the respective operating system is used as the administration user. For Windows, this is Administrator
and for Linux, usually root
.
Details
button.Virtual Machines
→ Details
→ Guest operating system customization
→ Edit
.Switch on, force new adjustments
.
It is important that the VM is switched off beforehand. Shutting down the vApp is not enough.Details
button.Details
button.
The network connection can be established later in the virtual machine via Details
→ Hardware
→ Network adapter
.The hard disks of a VM are used for data persistence. Each VM should have at least one hard disk configured that contains the operating system. We recommend creating one disk for the operating system and another disk for application data. This will separate the data between the technical data and the application data. This reduces the risk that the correct functioning and maintainability of the operating system will be affected due to an unexpectedly high volume of application data. You can also use different storage policies for the respective disks, which generally allows you to achieve a better balance between costs and performance.
In the details of a VM in the hardware area, you can assign additional hard disks to it using Add
.
When creating/editing hard disks, make sure you use the correct desired unit: MB or GB.
Up to 15 virtual hard disks can be configured per VM. Each of the disks can be up to 8 TB in size.
The disks can be distributed across up to 4 virtual storage controllers, with each storage controller having its own bus.
Each unit number can only be assigned once per bus.
The combination of unit number and bus number must be unique for each hard disk in the VM.
The changes must be confirmed by clicking on Save
.
With affinity rules you can configure preferences or hard dependencies regarding the placement of VMs on the underlying hardware.
New
.Create affinity rule
With an affinity rule, you specify that a selection of VMs should or must be placed together on the same physical hardware.
This can, for example, help to minimize network latency between two VMs or increase data throughput between the VMs.Required
checkbox, the rule is strictly adhered to.
If the VM Scheduler cannot adhere to the rule, an error message is displayed.
It is possible that VMs cannot be started.
If the Required
checkbox is deactivated, the scheduler is authorized to start the VMs on different systems if it is not possible to start all VMs on the same hardware.
Create antiaffinity rule
With an affinity rule, you specify that a selection of VMs should or must be placed together on the different physical systems.
You should use these rules if you operate several similar VMs for redundancy reasons.
With an antiaffinity rule, you can ensure that the VMs do not run on the same hardware and thus the failure of a hypervisor only affects one of the VMs.Required
checkbox, the rule is strictly adhered to.
If the VM scheduler cannot adhere to the rule, an error message is displayed.
It is possible that VMs cannot be started.
If the Required
checkbox is deactivated, the scheduler is authorized to start the VMs together on one system if it is not possible to distribute all VMs across different hardware.
Storage policies define different storage classes, which differ in terms of performance parameters and price.
In principle, storage is available without limits, although the size of a single hard drive is limited.
Security limits are set that can be increased at any time.
The limits are intended to ensure that resource usage does not explode and cause costs, as could happen, for example, due to faulty automation scripts.
The limits are checked and adjusted at least once every 24 hours.
Optionally, you can use the integrated self-service backup portal based on Veeam in the vCloud Director for paid backups of your VMs.
You can manage the backups yourself with the role Organization Administrator
.
You log in via the vCloud Director.
You do not need to log in to the backup portal separately.
Data backup with Veeam
.Backup storage widget of the backup portal
The Backup Storage widget provides information on the allocated quota and the amount of data used.
Backup jobs control the creation, rotation and storage of data backup copies.
In the job tab you can create, edit, delete, activate and deactivate backup jobs.
You can also display detailed information about the individual jobs.
New
button.–
New
.You also define the order in which the objects should be backed up (up/down arrows). Individual VMs of a vApp can also be excluded from the backup.
Guest Processing
) you can optionally activate integration options for the guest operating system.
Please note that preparatory work must be carried out on the VM in order to be able to use these integrations.
We will not use these options for this quick start guide.Guest Processing
) you can optionally activate integration options for the guest operating system.
Please note that preparatory work must be carried out on the VM in order to be able to use these integrations.
We will not use these options for this quick start guide.The jobs are automatically scheduled in a backup time window from 10 p.m. to 8 a.m.
Job
dropdown menu.In the VMs tab, find the VM you want to restore.
You can also use the search field to do this. Then select Restore VM
.
Now you have two options: Keep
or Overwrite
.
While Overwrite overwrites the VM, Keep creates another VM with the suffix _restored
.