VCF 5.1 Environment Readiness & Deployment

Before you start the automated deployment of the management domain using VMware Cloud Builder, your environment must meet target prerequisites and be in a specific starting state.

There are several steps involved in your environment readiness for deploying VCF first domain. Prepare the platform by deploying and configuring the necessary infrastructure components, which we will cover in this blog.

Table of Contents:

1. Deploy VMware Cloud Builder appliance.

2. Prepare ESXi Hosts for VCF deployment.

3. Deploy the Management Domain using VMware Cloud Builder.

1. Deploy VMware Cloud Builder appliance: 

VMware Cloud Builder is a virtual appliance that is used to deploy and configure the first cluster of the management domain and transfer inventory and control to SDDC Manager. During the deployment process, the VMware Cloud Builder appliance validates network information you provide in the deployment parameter workbook such as DNS, network (VLANS, IPs, MTUs), and credentials.

You must deploy the VMware Cloud Builder appliance on a suitable platform. This can be on a laptop running VMware Workstation or VMware Fusion, or on an ESXi host. The VMware Cloud Builder appliance must have network access to all hosts on the management network. It must also be able to access all required external services, such as DNS and NTP.

Here, we've used VMware builder appliance directly to an ESXi host.

Prerequisites: Kindly refer to below link for additional prerequisites information: Deploy VMware Cloud Builder Appliance

Procedure:

1) In a web browser, log in to the ESXi host using the VMware Host Client.

2) In the navigation pane, select Host, and click Create/Register VM.

3) On the Select creation type dialog box, select Deploy a virtual machine from an OVF

or OVA file

and click Next.

4) On the Select OVF and VMDK files page, enter a name for the virtual machine, select the

VMware

Cloud Builder.ova file, and click Next.

5) On the Select Storage page, select a datastore and click Next.

6) On the License agreements dialog box, click I agree and then click Next.

7) On the Select networks dialog box, enter the following values and click Next.

8) On the Additional settings dialog box, expand Application, enter the following values,

and click Next.

9) On the Ready to complete page, review the virtual machine configuration and click

Finish.

10) After the VMware Cloud Builder appliance is deployed, SSH in to the VM with the admin

credentials provided in step 9.

11)  Ensure that you can ping the ESXi hosts.

12) Verify that the VMware Cloud Builder appliance has access to the required external

services, such as DNS and NTP by performing forward and reverse DNS lookups for

each host and the specified NTP servers. 

Below is the screenshot from my lab, performed above test to make sure deployed "Cloudbuilder" is reachable & ready as per above prerequisites:

2. Prepare ESXi Hosts for VCF deployment:

You must prepare the ESXi host, that will be used to form the management domain.

Preparing the ESXi hosts involves installing the correct version of ESXi as per BOM (Bill of materials) and performing some basic configuration tasks, kindly refer the details below. 

1) Creating a Custom ISO Image for ESXi or Install ESXi interactively, and configure

hosts for VCF

deployment.

2) Regenerate the Self-Signed certificate on all hosts or configure ESXi hosts with

External Signed certificates.

Prerequisites:

• The management domain requires a minimum of four ESXi hosts.

• vSAN ESA: To use vSAN express storage architecture your hosts must be ESA-compartible.

1) Creating a Custom ISO Image for ESXi or Install ESXi interactively, and configure

hosts for VCF deployment:

When your environment requires a custom ISO file for ESXi, you can create one using

VMware PowerCLI or vSphere Lifecycle Manager. Here, in my lab I've used vSphere

Lifecycle Manager to create the ESXi ISO image. 

If you would like to create Custom ESXi ISO Image Using VMware PowerCLI, please refer

to the below link. 

Prerequisites: VMware PowerCLI 12.0 or later.

Procedure: Kindly refer to the below link for creating a customer ESXi ISO using powerCLI: Create a Custom ESXi ISO Image Using VMware PowerCLI

Create a Custom ESXi ISO Image Using vSphere Lifecycle Manager: If you have an existing vCenter Server already, you can use vSphere Lifecycle Manager to create and export a custom ISO. Please refer to the below steps/procedures & screenshots captured from my lab.

Prerequisites: Import the ESXi patch and vendor add-on (if applicable) zip files to the vSphere Lifecycle Manager depot. See the below link. Import Updates to the vSphere Lifecycle Manager Depot (vmware.com)

Procedure:

1)  Log in to vCenter Server using the vSphere Client.

2)  Create a new temporary cluster, selecting the Manage all hosts in the cluster with a single image check box.

3) Select the ESXi version and vendor add-on (optional) and click OK.

4)  Export the vSphere Lifecycle Manager image as an ISO.

5)  You can delete the temporary cluster now.

Install ESXi Interactively and Configure Hosts for VMware Cloud Foundation: You can interactively install ESXi on all the hosts that will form the first cluster in the management domain, then you configure the management network, DNS, and NTP services.

Install ESXi on all hosts in the first cluster in the management domain interactively. You can use the same process to install ESXi on additional hosts for the management domain, or on hosts for a VI workload domain.

Repeat this procedure for all hosts in the first cluster in the management domain.

Procedure:

1) Mount the ESXi ISO on the host and restart the machine.

2)  Set the BIOS or UEFI to boot from the mounted ISO.

3)  If your system has supported DPUs, select the DPU on which you want to install

ESXi and press

Enter. In the DPU Details screen, you see all properties of the DPU device.

4)  On the Select a Disk to Install or Upgrade screen, select the drive on which to

install ESXi on and press Enter.

5)  Select the keyboard type for the host. You can change the keyboard type after

installation in the direct console.

6) Enter the root password for the host.

7) Press F11 to start the installation.

8)  On the Installation Complete screen, press Enter to reboot the host.

9) Set the first boot device to be the drive on which you installed ESXi.

10)  Repeat this procedure for all remaining hosts.

Here is the link for your further reference: 

Interactively install on ESXi: Install ESXi Interactively and Configure Hosts for VMware Cloud Foundation

Configure the Network on VCF Hosts: 

After the initial boot, use the ESXi Direct Console User Interface (DCUI) for host network

configuration and administrative access. Perform the below tasks.

• Configure the network adapter (vmk0) and VLAN ID for the Management Network.

• Configure the IP address, subnet mask, gateway, DNS server, and FQDN for the ESXi host.

  
  

Repeat this procedure for all hosts that you are adding to the first cluster of the management

domain.

Procedure:

1)  Open the DCUI of the ESXi host.

• Open a console window to the host.

• Press F2 to enter the DCUI.

• Log in by using the esxi_root_user_password.

2)  Configure the network.

• Select Configure Management Network and press Enter.

• Select VLAN (Optional) and press Enter.

• Enter the VLAN ID for the Management Network and press Enter.

• Select IPv4 Configuration and press Enter.

• Select Set static IPv4 address and network configuration and press the Space bar.

• Enter the IPv4 Address, Subnet Mask and Default Gateway and press Enter.

• Select DNS Configuration and press Enter.

• Select Use the following DNS Server address and hostname and press the Space bar.

• Enter the Primary DNS Server, Alternate DNS Server and Hostname (FQDN) and press Enter.

• Select Custom DNS Suffixes and press Enter.

• Ensure that there are no suffixes listed and press Enter.

3) Press Escape to exit and press Y to confirm the changes.

4)  Repeat this procedure for all remaining hosts.

Below are the screenshots from lab:

Configure the Virtual Machine Network Port Group on VMware Cloud Foundation Hosts: Perform configuration of the Virtual Machine Network port group for each ESXi host by using the VMware Host Client. 

This configuration provides connectivity to the Management network to allow communication to the vCenter Server Appliance during the automated deployment. Repeat this procedure for all hosts in the first cluster of the management domain.

Procedure:

1) In a web browser, log in to the ESXi host using the VMware Host Client.

2)  Click OK to join the Customer Experience Improvement Program.

3) Configure a VLAN for the VM Network port group.

• In the navigation pane, click Networking.

• Click the Port groups tab, select the VM network port group, and click Edit Settings.

• On the Edit port group - VM network page, enter the Management Network VLAN ID, and click Save.

4) Repeat this procedure for all remaining hosts.

Configure NTP on VMware Cloud Foundation Hosts: Complete the configuration of all ESXi hosts by configuring the NTP service to avoid time synchronization issues in the SDDC. Repeat this procedure for all hosts in the first cluster of the management domain.

Procedure:

1)  In a web browser, log in to the ESXi host using the VMware Host Client.

2)  Configure and start the NTP service.

• In the navigation pane, click Manage, and click the System tab.

• 
  

• Click Time & date and click Edit NTP Settings.

• On the Edit NTP Settings page, select the Use Network Time Protocol (enable NTP client) radio button, and change the NTP service startup policy to Start and stop with host.

• In the NTP servers text box, enter the NTP Server FQDN or IP Address, and click Save.

• To start the service, click Actions, select NTP service, and click Start.

3)  Repeat this procedure for all remaining hosts.

Regenerate the Self-Signed certificate on all hosts or configure ESXi hosts with External Signed certificates: You either use VMCA singed or External Signed certificate for VCF hosts, based on your organization's requirement.

Regenerate the Self-Signed Certificate on All Hosts: Once you have configured the ESXi hosts' identity by providing a hostname you must regenerate the self-signed certificate to ensure the correct common name is defined using FQDN.

It validates the identify when making a connection by comparing the common name of the certificate against the FQDN provided within the VMware Cloud Builder configuration file.

Procedure:

1)  In a web browser, log in to the ESXi host using the VMware Host Client.

2)  In the navigation pane, click Manage and click the Services tab.

3)  Select the TSM-SSH service and click Start if not started.

4)  Log in to the ESXi host using an SSH client such as Putty.

5)  Regenerate the self-signed certificate by executing the following command.

# /sbin/generate-certificates

6) Restart the hostd and vpxa services by executing the following command.

# /etc/init.d/hostd restart && /etc/init.d/vpxa restart

7) In the VMware Host Client, select the TSM-SSH service for the ESXi host and

click Start.

8) Repeat this procedure for all remaining hosts.

Example: screenshot attached below from my lab:

Configure ESXi Hosts with Signed Certificates: If corporate policy requires that you use external CA-signed certificates instead of VMCA-signed certificates for ESXi hosts, you can manually add external certificates to the hosts.

When you use external certificates during bring-up, they are not replaced by VMCA-signed certificates. Once you perform bring-up with external certificates for ESXi hosts, all future hosts added to VMware Cloud Foundation must also use external certificates.

Prerequisites: External CA-signed certificate and key are available

Procedure:

1)  In a web browser, log in to the ESXi host using the VMware Host Client.

2) In the navigation pane, click Manage and click the Services tab.

3)  Select the TSM-SSH service and click Start if not started.

4)  Log in to the ESXi Shell for the first host, either directly from the DCUI or from an SSH client, as a

user with administrator privileges.

# mv rui.crt orig.rui.crt

# mv rui.key orig.rui.key

5)  In the directory /etc/vmware/ssl, rename the existing certificates using the following commands.

6)  Copy the external certificate and key that you want to use to /etc/vmware/ssl.

7)  Rename the external certificate and key to rui.crt and rui.key.

8)  Restart the host management agents by running the following commands.

# /etc/init.d/hostd restart

# /etc/init.d/vpxa restart

9)  In the VMware Host Client, select the TSM-SSH service for the ESXi host and click Stop.

10)  Repeat for all the ESXi hosts that you are adding to VMware Cloud Foundation.

3. Deploy the Management Domain using VMware cloud builder: 

You specify deployment information specific to your environment such as networks, hosts, license keys, and other information in the deployment parameter workbook and upload the file to the VMware Cloud Builder appliance to initiate bring-up of the management domain.

During bring-up, the management domain is created on the ESXi hosts specified in the deployment parameter workbook. The VMware Cloud Foundation software components are automatically deployed, configured, and licensed using the information provided.

Procedure:

1)  In a web browser, log in to the VMware Cloud Builder appliance administration

interface: https://Cloud_Builder_VM_FQDN.

2) Enter the admin credentials you provided when you deployed the VMware Cloud

Builder appliance and then click Log In.

3) On the End-User License Agreement page, select the I Agree to the End User License

Agreement check box and click Next.

4)  Select VMware Cloud Foundation and click Next.

5)  Review and acknowledge the prerequisties and click Next.

If there are any gaps, ensure they are fixed before proceeding to avoid issues during the bring-up process. You can download or print the prerequisite list for reference.

6)  Download the deployment parameter workbook from VMware Customer

Connect/Cloud builder and fill it in with the required information.

7) Click Select File, browse to the completed workbook, and click Open to upload the

workbook.

8)  Click Next to begin validation of the uploaded file.

To access the bring-up log file, SSH to the VMware Cloud Builder appliance as

admin and open the /opt/vmware/bringup/logs/vcf-bringup-debug.log file.

If there is an error during the validation and the Next button is grayed out,

you can either make corrections to the environment or edit the deployment

parameter workbook and upload it again. Then click Retry to perform the

validation again.

If any warnings are displayed and you want to proceed, click Acknowledge

and then click Next.

9) Click Deploy SDDC.

During the bring-up process, the vCenter Server, NSX, and SDDC Manager appliances are deployed and the management domain is created. The status of the bring-up tasks is displayed in the UI.

After bring-up is completed, a green bar is displayed indicating that bring-up was successful. A link to the SDDC Manager UI is also displayed.

10)  Click Download to download a detailed deployment report. This report includes

information on assigned IP addresses and networks that were configured in your

environment.

11)  After bring-up is completed, click Finish.

12)  Click Launch SDDC Manager to login.

13) Power off the VMware Cloud Builder appliance.

Now, you have deployed the VCF management domain, can launch SDDC Manager to validate & use.

Refer to this for more information: Deploy the Management Domain Using VMware Cloud Builder

The VMware Cloud Builder appliance includes the VMware Imaging Appliance service, which you can use to install ESXi on additional servers after bring-up is complete. You can delete the VMware Cloud Builder appliance to reclaim its resources or keep it available for future server imaging.