During the VMware Cloud on AWS (VMC-A) Customer Summit last week, I received an interesting question from one of our field folks on whether it was possible to deploy a vCenter Server Appliance (VCSA) to VMC-A for testing purposes? This was not a use case I had heard of before but it would enable the team to quickly prototype a solution to demonstrate to their customer.
I figured this should work and you should be able to just point the VCSA Installer to an existing VMC-A environment for deployment. It was mentioned that they had attempted to run the installer but ran into a permission issue where it required a full administrator role, which in VMC-A, customers do not have.
In taking a look for myself in one of my VMC-A environment using the VCSA UI Installer, I did indeed run into the same permission issue as shown in the screenshot below.
User has no administrative privileges
This surprised me as the VCSA Installer does not actually require administrative privileges to deploy a VCSA, just the privileges for deploying a regular VM. I captured the logs and screenshots and have shared this with the VCSA PM for further investigation.
UPDATE (01/01/2023) - The workaround shared here is also officially documented in this VMware KB 90922 and deploying VCSA within VMC-A vCenter Server to manage external ESXi hosts such as those residing in an external datacenter or edge location is fully supported by VMware. At the end of the day, VCSA is just another workload running in VMC-A
I was not ready to give up, I had one more idea which was to attempt the deploying using the VCSA CLI Installer. In the past, I have ran into issues where the logic between the UI and CLI differ slightly and I was wondering if this was true here? Well, it turns out the check indeed passes or perhaps it was not being checked at all. I was able to successfully deploy a VCSA into a VMC-A environment when using the CLI Installer and you can find the instructions below.
Step 1 - You will need to setup a jumphost VM (Linux or Windows) running within the Compute Network to perform the deployment, as it needs to be able to access the VM during the setup. In my example, I used a Windows 10 VM but you can use any supported GuestOS that the VCSA CLI Installer supports.
Step 2 - You will need to configure both the Management (MGW) and Compute (CGW) Firewall within VMC-A to allow connectivity for deployment, which is outlined in this blog post here.
Step 3 - Deploy the VCSA using the CLI Installer just like you normally would, here is an example JSON for installing an Embedded VCSA to VMC-A which you can adjust to your environment.
{ "new_vcsa": { "vc": { "hostname": "vcenter.sddc-a-b-c-d.vmwarevmc.com", "username": "*protected email*", "password": "FILLMEIN", "deployment_network": "sddc-cgw-network-1", "datacenter": [ "SDDC-Datacenter" ], "datastore": "WorkloadDatastore", "target": [ "Cluster-1", "Resources", "Compute-ResourcePool" ] }, "appliance": { "thin_disk_mode": true, "deployment_option": "tiny", "name": "VCSA-67u2" }, "network": { "ip_family": "ipv4", "mode": "dhcp" }, "os": { "password": "VMware1!", "time_tools_sync": true, "ssh_enable": true }, "sso": { "password": "VMware1!", "domain_name": "vsphere.local" } }, "ceip": { "settings": { "ceip_enabled": false } } }
As you can see from the screenshot below, I have a VCSA 6.7 Update 2 successfully deployed to VMC-A and accessible from within the jumphost VM, which is also running within VMC-A!
Nitin Rawat says
Nice blog. I understood the concept very well. This blog is very informative. And it's very interesting topic. Visit to get more knowledge. How To Upgrade Esxi Server To 6.7 On HP Proliant DL380 Gen9 Server https://www.hex64.net/how-to-upgrade-esxi-server-to-6-7-on-hp-proliant-dl380-gen9-server
Mark Litton says
Would the same issue exist in AVM and would the same steps resolve it as well?