WilliamLam.com

VMware Cloud (VMC) Console Inventory with various vSphere "Linked Modes"

by // 1 Comment

While I have covered a number of popular topics across our vSphere+, vSAN+ and VCF+ Cloud Service in my recent 7-part blog series, which I definitely recommend folks check out first, direct links below:

One reoccurring theme that has come up and for good reasons is what users would see in the VMware Cloud (VMC) Console as it pertains to the different types of vSphere-based deployments from vSphere+, VCF+ and VMware Cloud on AWS (VMC-A), especially when incorporating the different "Linked Mode" configurations that are supported today?

[Read more...]

Custom vCenter Server Role using vSphere Terraform Provider on VMware Cloud on AWS

by // Leave a Comment

In a VMware Cloud on AWS (VMC-A) environment, a default CloudAdmin vCenter Server Role is provided to customers to manage and deploy workloads in vCenter Server. Typically, this vCenter Server Role is only granted to limited number of Cloud Administrators within your organization, which you get to control as an end user.

VMware also supports customers in creating additional custom vCenter Server Roles that limits the privileges for other usage such as auditing or workload provisioning. If you create a custom vCenter Server Role for VM provisioning and you are using vSphere Automation Tools that VMware supports including PowerCLI or even the popular vSphere Terraform Provider, you may come across the following error message during the VM deployment:

System.Read privilege required for config.distributedVirtualSwitch


As you can see from the error message, the current user does not have the Read-only privilege assigned to the Virtual Distributed Switch (VDS) which is required by the automation client, in this case the vSphere Terraform Provider, to be able to properly provisioned a VM.

Note: When using the default CloudAdmin role, VMware automatically applies the correct privileges to all applicable vSphere Inventory objects and this is the reason you do not see this problem when using an account with the default CloudAdmin role. For custom vCenter Server Roles that are created by customers, we can not apply this automation as the intention of the custom role(s) are unknown to VMware.

We can quickly fix this issue by following the instructions below which will guide you in properly assigning the correct vSphere permissions to enable VM provisioning when using a non-CloudAdmin role.

[Read more...]

Finding vCenter Cloud Gateway Deployments in your environment

by // Leave a Comment

After publishing my recent article on how to audit vCenter Cloud Gateway and vCenter Server registrations for the vSphere+ Cloud Service, I thought it would also be useful to share some tips on how you can easily find your existing vCenter Cloud Gateway (VCGW) deployment(s) within your environment?

You might wonder, do I not already know about my VCGW deployment(s) or for that matter any other solution that is deployed within my own infrastructure? Yes, that would ideally be the case and you should also be able to look that up in your change management database (CMDB). However, over the years in speaking to many customers and hearing about some of the requests from our field teams, I have come to learn that this nirvana state does not exist for many of our customers.

In some organizations, it has been described as the wild wild west where teams of administrators with access to their vSphere environment can deploy any number of solution without ever communicating amongst each other to organizations that provide shared infrastructure access to other small teams and/or companies with a simliar set of challenges. Net net, it is certainly possible that solutions like the VCGW gateway may have been deployed or potentially even retired but have not been removed from your environment.

[Read more...]