In the previous blog posts, I’ve outlined how to setup the foundational infrastructure to enable the cloud consumption experience on our private VMware Cloud Foundation cloud platform by using VCF Automation (VCFA).

In this blog post, we’ll have a look at how to setup everything as the service provider side, and how to finally access the self-service cloud as a tenant.

In VCFA, entities are categorized under provider and organization.

As a service provider, we create organizations (also often called tenants) and resources, these organizations can consume. In the above diagram, we can see two different types of organizations — all-apps and vm-apps. Only all-apps organizations provide the “new” VCFA 9 experience using vSphere Supervisor, i.e. run traditional virtual machine workloads and containerized workloads side by side. The vm-apps organization delivers the classic experience, we know from Aria Automation 8.

VCFA 9 uses — among others — the following important constructs:

  • Organization – A top-level entity used to group and manage resources, users, policies, IaaS services, and catalog entities, while maintaining a secure boundary from other organizations
  • Project – Connect users with the resources they are entitled to and the limits to which they are subject
  • Supervisor Cluster – Built on VKS using VCF Networking with Virtual Private Clouds (VPCs)
  • VCF Networking with VPC – Provides an isolated domain of networking resources that can be associated with one or more isolated domains of compute resources (vSphere namespace)
  • vSphere Namespace – Define resource limits for CPU, memory, and storage for workloads such as VMs, Kubernetes clusters, and others
  • Workloads – Traditional VMs and container-based deployments within same infrastructure and managed with the same tools

The below diagram illustrates the dependencies between these objects.

For our lab blueprint, we’re going to use the following design:

The setup consists of one Region A with a single vCenter Server/NSX Manager pair. In this region, we have one zone called m01-z01.A zone represents  clusters that provide compute resources for Supervisors. A Supervisor can span across multiple zones. In VCF 9.0, a zone can consist of only a single  cluster. 

On top of these provider resources, we will create a tenant called ACME, which has the following properties:

  • 1 Project Labs
  • 2 vSphere Namespaces 
    • Department 1
    • Department 2
  • 1 region quota assigning resources to region A – vSphere Supervisor 1
  • 1 local content library

Note: A region quota is a subset, or allocation, of resources from a region. It defines the amount of capacity and the number of availability zones that can be made available from a region to an organization. An organization requires a region quota that maps the Supervisor in the region to the organization. Each region can only map one Supervisor per region.

Provider Management

First, we need to login to the provider portal, in our lab it is accessible via web browser at https://flt-auto01.vcf.sddc.lab/provider and login using the local admin account.

After a successful login, we can choose how we want to initially set up VCFA. We can either do a Quick Start to setup a single tenant, or do a Manual Setup. We click on Get Started under Manual Setup. This brings us to the provider management start page. We click on Start right to Create Region.

We enter a name for the region, i.e. region-a. Then we select the NSX Manager instance that integrates with the vCenter instance we want to use for the region. Next, we select the Supervisor. Finally we select the desired storage class (which is in fact the Storage Policy, we’ve created earlier in vCenter Server) and click Submit.

The region has been created.

Next, we head back to the Infrastructure Overview, and click on Start right to Create Organization.

We enter the name for our all-apps organization, i.e. acme and click on Create and continue.

Now we create the region quota. Under Zones, we click Add and provide the limits and reservations for the selected zone, i.e. m01-zn01. Then we click Save.

We select the zone and click Assign and continue.

Next, we assign VM Classes and Storage Classes. In our lab, we only want to expose best effort VM classes xsmall, small, and medium. Then we define a limit of 100 GB for the Storage Class nfs-dedicated. Finally, we click on Assign and continue.

The next step is to create a first user for the organization. We name the user acme-admin and assign the role of Organization Administrator, which gives him full power about the whole organization. We click Add user and finish.

The organization has been created.

Next, we head back to the Infrastructure Overview, and click on Start right to Create IP Space.

We give the IP space a meaningful name, i.e. region-a-default and select the region, i.e. region-a. Then we click Next.

We enter an IP block which we want to use, i.e. and click Next.

We set the default quota limits to Unlimited and click Next.

Then we click Create.

The IP space has been created.

Next, we head back to the Infrastructure Overview, and click on Start right to Create Provider Gateway.

We name the provider gateway region-a, select the region region-a and click Next.

We select the only available Tier-0 gateway that we have created in the previous blog post and click Next.

We select the IP space available for the region and click Next.

Finally, we click on Create.

The provider gateway has been created.

Next, we head back to the Infrastructure Overview, and click on Start right to Region Networking Settings.

To configure regional networking, we must setup a log name for our ACME organization. This can be used for queries in VCF Operations for Logs. We click on Edit.

We specify the log name, i.e. acme. Then we click Save.

Now, we can assign networking resources to the organization by clicking on New.

First, we select the region and click Next.

Then we select the previously created provider gateway and click Next.

Now we select the NSX Edge cluster and click Next.

We click Create.

The regional networking has been setup.

When we head back to the Infrastructure Overview, we can see that all steps have been completed.

Next, we’re going to login to our ACME tenant, and configure our organization.

Organization Management

As an administrator of a VCFA organization, we manage user access, network configurations, including VPCs and subnets, and policies for our organization. We also create namespaces and manage provider-assigned quotas for the resources associated with the namespaces in your organization.

We goto the tenant portal at https://flt-auto01.vcf.sddc.lab/tenant/acme/ and login as the local user acme-admin.

This brings us to the organization landing page.

We can see, that there are no services yet available, so let’s add a project and a namespace.

First we navigate to Manage & Govern > Projects and click on New.

We name the new project labs and click Next.

We skip the addition of other users or groups and click Next.

Then we click on Create project.

The project has been created.

We click on Namespaces and then we click on New namespace.

We name the namespace department-1 and specify the details, then we click Create.

We repeat the step for the second namespace called department-2.

On the organization landing page, we can now see that the services are available and we can select the project namespaces from a dropdown menu.

As a last step for this basic organization setup, we are going to create a content library from which users can consume OVF or ISO images. We navigate to Build & Deploy > Content Libraries and click on Create Content Library.

We enter a name for the content library and click Next.

We select the region and the storage class and click Next.

Finally we click on Confirm to create the content library.

The content library has been created. Now let’s upload a file to the content library by clicking on the default library and then clicking on VM images.

In the content library we click on VM Images and then on Upload.

Let’s upload for example an Ubuntu ISO image. After selecting the source file, we click on Submit.

After the upload of the file into the content library has been finished, we can see the item available.