This post is part of a short series that builds on our minimal VMware Cloud Foundation (VCF) 9.0 deployment (2x Minisforum MS-A2) and showcases how to fully leverage the exciting new capabilities in the VCF 9 platform, all while maintaining a minimal resource footprint, which is ideal for lab and learning purposes.
In this blog post, we will walk through the initial setup of VCF Automation (VCFA) using the Provider Admin Portal and creating your first VCFA Organization that will allow users to request and consume resources from the vSphere Supervisor and NSX VPC Networking that we had configured earlier.
Here are some additional VCF Automation Resources that might be of interests if you would like to learn more:
- VCF Automation Provider Documentation
- VCF Automation Organization Documentation
- VCF Automation Video Series
Requirements:
- VCF 9.0 environment deployed
- NSX VPC configured with Centralized Transit Gateway
- vSphere Supervisor configured with NSX VPC Networking
Step 1 - Open a browser to your VCFA deployment and enter system as the organization name to enter the provider management portal. The username will be admin and the password you had configured when deploying your VCF environment.
Once logged in, you will see two options to start configuring your VCFA instance, we will go with the advanced option on the right.
Step 2 - Click on the Start button for creating a Region and enter the required fields as shown in the screenshot below.
Step 3 - Click on the Start button for creating a Organization and specify the resource constraints you would like for that organization. When creating a new VCFA Organization, the first user that is created at the very end should be thought of as the organization administrator, while it does not have to be it helps to have an admin user for that organization as additional users must be setup as part of connecting to an external identity provider.
Step 4 - Click on the Start button for creating a IP Space where you will specify an External IP Block, simliar to when you had setup VPC Connectivity in Step 5 that will be used for VPC Subnets that require external connectivity. In my example, I am using 31.32.0.0/16 since I had already used 31.31.0.0/16 for my initial VPC Connectivity configuration.
Note: If you are not using BGP, make sure you create a static route on your router for the IP block that you have specified to the NSX Edge Interface/VIP, so you can reach the workloads that will consume those addresses.
Step 5 - Click on the Start button for creating Provider Gateway which will allow us to connect to VPC Transit Gateway (T0) for external connectivity using the IP Space configuration that was defined from the previous step.
Step 6 - Before we can start the final configuration step for setting up the Region Networking, we need to perform a synchronization so VCFA can see our NSX Edge Cluster. On the left hand menu, navigate to Networking->Edge Clusters->Sync
Once the sync operation has completed, you should now see that your NSX Edge Cluster is listed below, which means it will now be selectable in the Region Networking configuration, which threw me off the first time I went through this workflow
Step 7 - Select the specific VCFA Organization and then once you are in the specific organization, click on the Configure button for Region Networking Configurations to begin.
Enter the desired log name for this organization and then click on the New button.
This final step will bind the selected Region, Provider Gateway and NSX Edge Cluster resources to the VCFA Organization and you have now successfully completed the setup of your VCFA deployment along with setting up VCFA Organization.
As a VCFA Provider Admin, you can launch the VCFA Organization or you can open a new incognito window (e.g. https://auto01.vcf.lab/automation) and login with the VCFA Organization Admin user that you had setup from Step 3 and start exploring and configuring your organization.
In a future blog post, we will take a look at connecting to an external identity provider (IdP), so that you can onboard additional users with different roles within an organization.
Thanks for the comment!