VMware Cloud on AWS

VMware Cloud (VMC) Console Inventory with various vSphere "Linked Modes"

06.28.2023 by William Lam // 1 Comment

While I have covered a number of popular topics across our vSphere+, vSAN+ and VCF+ Cloud Service in my recent 7-part blog series, which I definitely recommend folks check out first, direct links below:

One reoccurring theme that has come up and for good reasons is what users would see in the VMware Cloud (VMC) Console as it pertains to the different types of vSphere-based deployments from vSphere+, VCF+ and VMware Cloud on AWS (VMC-A), especially when incorporating the different "Linked Mode" configurations that are supported today?

[Read more...]

Custom vCenter Server Role using vSphere Terraform Provider on VMware Cloud on AWS

06.05.2023 by William Lam // Leave a Comment

In a VMware Cloud on AWS (VMC-A) environment, a default CloudAdmin vCenter Server Role is provided to customers to manage and deploy workloads in vCenter Server. Typically, this vCenter Server Role is only granted to limited number of Cloud Administrators within your organization, which you get to control as an end user.

VMware also supports customers in creating additional custom vCenter Server Roles that limits the privileges for other usage such as auditing or workload provisioning. If you create a custom vCenter Server Role for VM provisioning and you are using vSphere Automation Tools that VMware supports including PowerCLI or even the popular vSphere Terraform Provider, you may come across the following error message during the VM deployment:

System.Read privilege required for config.distributedVirtualSwitch

As you can see from the error message, the current user does not have the Read-only privilege assigned to the Virtual Distributed Switch (VDS) which is required by the automation client, in this case the vSphere Terraform Provider, to be able to properly provisioned a VM.

Note: When using the default CloudAdmin role, VMware automatically applies the correct privileges to all applicable vSphere Inventory objects and this is the reason you do not see this problem when using an account with the default CloudAdmin role. For custom vCenter Server Roles that are created by customers, we can not apply this automation as the intention of the custom role(s) are unknown to VMware.

We can quickly fix this issue by following the instructions below which will guide you in properly assigning the correct vSphere permissions to enable VM provisioning when using a non-CloudAdmin role.

[Read more...]

Quick Tip - How to check if vSAN TRIM/UNMAP is enabled in VMware Cloud on AWS Cluster?

01.04.2023 by William Lam // 2 Comments

While the original question was for checking whether a specific VMware Cloud on AWS (VMC-A) cluster has the vSAN TRIIM/UNMAP feature enabled, the solutions below is applicable to any recent vSAN 7.x or 8.x deployment. There are two ways you check, either using the vSphere UI by selecting the cluster and navigating to Configure->vSAN->Services and expanding the Advanced Options tile or simply leveraging PowerCLI and the vSAN API to retrieve the exact same information.

vSphere UI

vSAN API using PowerCLI

$clusterName = "Cluster-1"
$vsanConfigSystem = Get-VsanView -Id VsanVcClusterConfigSystem-vsan-cluster-config-system
$clusterMoRef = (Get-Cluster $clusterName).ExtensionData.MoRef
$vsanConfigSystem.VsanClusterGetConfig($clusterMoRef).unmapConfig