In Part 1 of this blog series I explained how I used Ravello Systems to set up a nested vSphere 6.0 lab on top of Amazon AWS and how I connected it to the internet using a pfSense virtual firewall appliance. In this blog I will tell you how I set up the public cloud side of the demo. But first I have to explain why I also used a vCloud Air OnDemand Virtual Private Cloud instance.
vCloud Air VPC OnDemand
vCloud Air Disaster Recovery is a core service offering of vCloud Air. You can buy this service as a subscription, which means that you pay upfront for a certain amount of resources. There is no pay-as-you-go with vCloud Air DR. You are allowed to run your recovered VMs for 30 days, which should give you a fair amount of time to recover your failed datacenter. Of course these 30 days can be extended at a cost. And finally – and most importantly for my demo setup – vCloud Air DR only provides so-called warm standby resources. This means that it is not possible to spin up an active VM inside a DR cloud instance. The only way to get VMs to run in a DR instance is by replicating them into the cloud and performing a DR. I cannot replicate my primary domain controller using vSphere Replication because that seriously breaks AD. So I have to provide supporting infrastructure services such as AD, DNS and NTP myself … somewhere. A vCloud Air Virtual Private Cloud OnDemand is an ideal place to run these services. This OnDemand offering is billed on a pay-as-you-go basis and running one or two VMs for infrastructure services shouldn’t cost a lot. My 1 vCPU, 2GB vRAM domain controller costs about € 0,12 per hour.
Basically this cloud instance is just another datacenter, so I set up my basic networking, my DNS and my AD Sites and Services. I hooked up the Edge Gateway -that VMware provides in every cloud instance- to my Ravello site using IPSec VPN and finally, I opened all my firewall ports. My AD was replicating and I had successfully added a vCloud Air VPC OnDemand instance to my datacenter infrastructure:
vCloud Air Disaster Recovery
Setting up the DR instance itself was very easy. To be quite honest, the biggest struggle was buying the service. vCloud Air DR is a pretty new offering, especially here in The Netherlands, so not all VMware resellers and distributers were familiar with the delivery of a vCloud Air DR instance. Because vCloud Air DR is a subscription based service, you buy it through regular VMware reseller channels. You cannot buy vCloud Air DR directly from VMware! Check out VMware’s Purchasing Programs page for more information.
Back to the lab setup: remember we now have a local datacenter running in Ravello and an OnDemand cloud instance running as a second site for AD, DNS and NTP. The recovered workloads in vCloud Air DR must be able to access these services so we need a VPN between the OnDemand instance and the DR instance. Setting up this VPN was really easy because both VPN endpoints are VMware provided Edge Gateways:
The first VPN is the VPN between the pfense firewall in Ravello and the OnDemand instance’s Edge Gateway. The second VPN entry is the VPN between the vCloud Air DR and OnDemand instances. For some reason the Status icon of the VPN to Ravello occasionally shows a red sign which should indicated that the tunnel is down. I can verify however that the tunnel is up and passing traffic. This must be a glitch in the interface or maybe a non-critical anomaly between both VPN endpoints. I choose to leave it alone.
In my next blog I will delve into setting up vSphere Replication and how to actually replicate a workload into the cloud.