HOL01 Building the Hybrid

Cloud

Version 3.3

Lab Scenario Introduction

Introduction
The Power of the Cloud
Who are Rainpole Inc and ABigTelco

Rainpole, Inc. has decided that cloud is the future and they are focusing their effort and energy into becoming a recognized provider
of of cloud services. In order to move this strategy forward, Rainpole has acquired Code Nebulous, a smaller and more agile
organization specializing in cloud-based commerce solutions. Code Nebulous has been very successful in helping top
brand-name clients implement eCommerce services that take advantage of a hybrid cloud model. This allows their eCommerce
application to run across private and public clouds seamlessly.

Code Nebulous is a small start up with a large footprint. They have successfully leveraged the power of the cloud to be more agile
than their competitors. Their time-to-market has been immediate and since they have no in-house resources, all development is
done in the public cloud. Code Nebulous currently leverages compute capacity provided by ABigTelco, Inc. who is a global
telecommunications provider providing a variety of offerings that encompass Infrastructure as a Service (IaaS) and Software as a
Service (SaaS). ABigTelco Inc has recently launched their first Cloud Service for IaaS based on VMware's vCloud Datacenter
certification for Public Cloud providers. This service provides enterprise customers including Code Nebulous with a cloud-based
extension to their secure, enterprise-class datacenters.
While Code Nebulous operates 100% in the public cloud, Rainpole has sensitive workloads that they are not yet ready to allow
beyond the confines of their datacenter and firewalls. As such it has been decided that Rainpole will build and operate an internal
cloud which will be securely connected to the external cloud. This will allow appropriate workloads to securely transfer between
environments. This lets Rainpole leverage the best of both worlds; securing sensitive resources within their datacenter and
allowing appropriate workloads to run in the public cloud.

Launch the Demo Video

Please launch the Demo Video which was given to Rainpole before the acquisition to show how Code Nebulous operates in the
Cloud.

The proposed combined organization

The Code Nebulous acquisition should go smoothly as both companies already use vSphere virtualization. Rainpole's CIO knows
how critical the cloud build out will be for the company's plans to become a recognized leader in the space. To ensure
consistency, the strategy is to manually build the cloud infrastructure first and then leverage automation to capture and automate

key work flows going forward. This will enhance the IT department's ability to rapidly deal with increasing demand and help limit
human error during new deployments.
The benefits of this approach will be:
1. Minimize the impact of the IT department which is already overstretched.
2. Keep the acquisition costs down by mitigating the need to purchase additional hardware.
3. Keep costs down by hiring contractors to help the IT Ops team absorb the extra workload during the implementation.
3. Give the Code Nebulous development group the infrastructure they need now with a self-service model ensuring they are agile
enough to meet the launch deadline.
4. Everyone learns what is involved in consuming, providing, managing and reporting on a hybrid cloud service.

Getting to know the Hybrid

Cloud Environment

Getting to know your vCloud Build Lab

This lesson is a key starting point for the rest of the Lab, don't skip it or lessons later on may not work. The vCloud Manage Lab
has just been zapped into existence and there are many moving parts that work seamlessly together. To ensure you have the best
experience we'll take this time to review the key components and fix any issues that may exist.
Lab 01 Configuration Overview

This diagram give you a logical view of the Build Your Hybrid Cloud environment.
You are connected from your client device via a VMware View desktop which in turn has a remote desktop session to the

ControlCenter VM. The Hybrid Cloud Lab environment is created within a vApp within a cloud itself, hosted on vSphere and vCloud
Director.
There are a set of logical subnets identified by the colored lines with the final octet of the IP address of each VM or service
identicated by the purple badge.
Where you see the same IP address indicated for a number of different services, it means that the services are hosted on the
same VM.

Getting started - launch Internet Explorer and vSphere Client

This is the main Control Center Desktop where you'll spend most of your time in the vCloud Build Lab.

Chapter 1: Building the

Rainpole Private Cloud

The Engine for the Cloud

You will now begin the creation of the Rainpole Private Cloud.
The first step in Rainpole's "journey" to the cloud is to build a secure private cloud which can continue to host the sensitive internal
workloads deemed too critical to allow outside of the company's datacenter. However, this internal cloud will be built to allow a
secure bridge to the public cloud provided by ABigTelco which is already hosting resources for the new Code Nebulous division of
Rainpole.
Another driving factor in Rainpole's push to the cloud is due to a decline in revenues as their business model comes under
pressure from faster moving competitors. An internal audit showed that a core problem leading to this delay is the complexity of
ordering resources for developers. The complex request system can take weeks to get needed compute capacity into the hands of
developers which in turn delays product releases and time-to-market. This new internal cloud will take that provisioning time from
weeks down to the minutes and significantly improve productivity through the entire release cycle.

Logon to vCenter

Click "Use Windows session credentials" to pre-populate the login credentials and then click "Login".

The business as usual environment

To prepare for the move to the cloud, the administrator must first take stock of what exists. Because the Rainpole environment is
already more than 80% virtualized they are perfectly positioned to extend their infrastructure into the cloud and build powerful layers
of abstraction on their existing virtual infrastructure.

The basic cloud infrastructure

Open Internet Explorer and "VMware vCloud Director rainpole.com" will open automatically. If not, you can use the favorites bar.

The initial Cloud Infrastructure

Because Rainpole is already heavily virtualized they are perfectly positioned to extend into the Cloud and leverage the self service
automation of vCloud Director. Cloud Director has already been installed by Rainpole IT but has not been configured in any way.
The initial login to the cloud

Login to vCloud Director with username "Administrator" and password "VMware1!"

A blank slate

The first step is to attach to the existing vCenter and start to build a new layer of abstraction that will create a powerful self-service
environment to get resources into the hands of users faster.

The engine behind the Rainpole Cloud

The workhorse behind the cloud is vCenter 5.0 and ESXi 5.0. Therefore, the first step is to give vCloud Director direct access to a
vCenter instance which provides access to the raw capacity for building a new type of consumption model called a "Provider Virtual
DataCenter".
vCenter Server is: vc-w8-01a
Again, the password is VMware1! but the User is rpadmin.

Security for the Cloud

vShield Manager Server is : 192.168.110.42

Provide the Credentials for vShield Manager as user "admin" and password "default".
Security is critical for the cloud. The biggest hurdle for Rainpole to overcome when considering cloud computing was the security
concern. Cloud is a different model of computing where users are given more freedom and with more capability comes an
increased security risk. With the vShield Edge firewalls that are automatically deployed by vShield Manager the power of cloud
computing can be realized while at the same time ensuring that all workloads are wrapped in multiple layers of security.

The Rainpole security team has put vShield through weeks of testing and they are comfortable that it provides as good if not better
security then the "old" way of securing the network.

The first building block

Review the steps and click the "Finish" button to complete the first building block of Rainpole's cloud which provides access to the
capacity for the first "Provider Virtual Datacenter".

Reviewing the initial step

The Rainpole administrators are new to cloud computing and as such they want to make sure the configuration was successful..
Press on "Manage & Monitor" (labeled "1" above) then on "vCenters" (labeled "2" above) to verify the new "Rain Cloud vCenter"
connection. After you're done click on "Home" (labeled "3" above) to get back to the next steps.

The new level of Cloud abstraction

Rainpole can now allocate capacity from the newly connected vCenter and allow different groups to seamlessly and securely share
the underlying infrastructure.
Click the link "2. Create a Provider vDC" to assign resources from vCenter that you want to vCloud Director to control. This step will
create a "Provider Virtual Datacenter" (pVDC). We will create one pVDC for development.

The first Provider Virtual Datacenter

The most important thing for Rainpole is to get resources into the hands of developers so they can build and release products to
market. Therefore, the first pVDC will be built for the development group.
With vsphere 5 a new Hardware Version 8 is introduced. You can choose Version 7 or 8.

Give the Developers what they need

A pVDC needs access to a vSphere Resource Pool or a vSphere cluster which is the best practice. A vSphere cluster actually is a
Resource Pool at the root level.
Select the Resource Pool named "Development" and click the "Next" button.

Storage for Developers

Developers also need storage so add a vSphere data store to the pVDC. Select the datastore named "vol1_60gb".

The pistons in the Cloud engine

vSphere hosts are the code components of the "cloud engine" which provide the "horsepower" to run virtual machines. Preparing
the vSphere hosts installs a small agent that enables vCloud Director to directly interact with the vSphere host for some required
low-level functions.
The "root" password is "VMware1!"

The new layer of abstraction

Review the steps and then click the "Finish" button to complete the first Rainpole "Provider Virtual Datacenter" built specifically to
provide developers with faster access to the resources they need to do their jobs.

Can you hear the Rainpole developers cheering?

Opening up the engine

View the hosts dedicated to the cloud by navigating to the "Manage & Monitor" tab. Right now, in its infancy, the Rainpole cloud
only has two hosts but this will change quickly as developers start to leverage the benefits of rapid, agile, self-service provisioning.

Networking the Cloud

Networking is the most complex and powerful aspect of the cloud. In order for developers to reach external resources, such as
databases they might need, networks that route appropriately while still being secure must be defined. In addition, users can
create NAT-routed, firewalled networks through the self-service portal without needing to open a ticket or request with IT. Provided
they have permission and network quota capacity to do so.
Networking the Cloud

The first step is creating external networks that can route organization resources to the resources they need. External networks in
vCloud Director are Layer 3 networks which provide access to resources outside of vCloud Director and potentially vSphere. Click
on the link "3. Create an external network".

Connecting the networks

External networks need to connect and route to a network portgroup defined in vSphere. This is one area where the vCloud
Director administrator has to interface with the vSphere and network administrators to get access to the right network resources.
The Rainpole architects spent time in the planning phase working with the network team to identify VLANs and networks which

would be dedicated to the cloud. Select the network labeled "VM Network" and click the "Next" button.
Configure the external network

Based on the information provided by the network team, the external network must be configured with the proper "Network mask",
"Default gateway", "Primary DNS" and a static pool of IP addresses that vCloud Director can supply to virtual machines as needed.
Enter the values provided in the screenshot. Click the "Next" button.

Mask: 255.255.255.0
GW: 192.168.110.2
DNS: 192.168.110.10
Suffix : rainpole.com
Range: 192.168.110.200-192.168.110.240
Naming the external network

vCloud Directors external network needs a unique name which will identify where it's going to connect. In this case name it
"Rainpole Intranet" as it will provide Internet access for VMs in the cloud (at least as long as the security team allows it).. Click the
"Next" button.

Complete the external network

Review and then click the "Finish" button to complete the external network setup.

Automating network creation

The power of the cloud is providing users a way to automatically create powerful and secure network constructs. This is
accomplished through network pools which can be a range of pre-allocated VLANs or Port Groups either pre-created or
dynamically provisioned if attached to distributed switches. Users within an organization can draw from their network segment
quota as needed. These network pools are used while a dynamic workload is in existence and then go back into the pool when
the workload is stopped. In this way, users can deploy complex networking without any administrative assistance.
Click "Create a network pool" to build the resources to automatically deploy networks

The complex work of Networking

There are three types of network pools:

1. VLAN-backed

2. network isolation-backed
3. vSphere port group-backed
In our case, we are using network isolation-backed which is the most automated and offers robust security through the use of
vShield MAC-in-MAC encapsulation. Port groups are dynamically created and distributed networking is required. After selecting
"Network isolation-backed", click the "Next" button.
Configure Network Isolation

We will allow up to 200 networks (labeled "1" above) based on VLAN 101 (labeled "2" above).
We choose our vCenter (labeled "3" above)and then an appropriate distributed virtual switch (labeled "4" above).
We can see on the bottom that this switch can be accessed from resources in Production and Development. Click the "Next"

button.
Name the pool

The network pool needs an intuitive name so cloud administrators know which pool to use for various organizations. Click the
"Next" button.

Final pool settings

Review and finalize the network pool. Click the "Finish" button.

Creating Organizations in the Cloud

Organizations within vCloud Director act as the context for end users to access infrastructure resources through the web browser.
This web interface translates requests into tasks in the vSphere environment based on the "Provider Virtual Data Center" in use.
After creating vCloud Organizations, the developers and users within Rainpole will have access to a unique web url that allows
them to quickly access the resources and capabilities of their cloud.
The first Organization in the Rainpole Cloud

Now that the core infrastructure components of the cloud are in place, it is time to create an organization for our tenant: our internal
developers. Click on "5. Create a new organization".

Name the Organization and access URL

eCOM-DEV is a core group of top-notch developers within Rainpole and as such they will get the first vCloud Director Organization.
The internal champions of the cloud within Rainpole have guaranteed faster development and time-to-market by providing these
developers almost instant access to the compute capacity they need.

Note*** The name becomes the unique URL which users will put into their web browser to access cloud resources for this vCD
Organization. In this case the URL will be: https://vcloud.rainpole.com/cloud/org/eCOM-DEV/
Click the "Next" button.
Integrating into the user directory

The first vCloud Organization within Rainpole needs to integrate into the company Active Directory. The Distinguished name is:
"cn=users, dc=corp, dc=local".
Note: The DN is cn=users not "dc= users or ou=users" The build in "users" in Active Directory is cn=users.

Click the "Next" button.

Local Cloud Users

We have to add a local admin for the Organization in the event that Active Directory is ever down or not accessible.
Click the "Add.." button. Then enter the user, Orgadmin, password, VMware1!.
Click the "Next" button.

Adding a local user

Populate the fields for "User Name" and "Password" to create the local "Orgadmin user.

Sharing within the Cloud

Certain privileged organizations can share their catalogs with all other groups in the Rainpole cloud. ****Note: Set the publishing
option to "Allow publishing catalogs to all organizations" as eCOM-DEV will be creating vApps that will be consumed by other
business units. Click the "Next" button.

Email in the Cloud

Use the default system settings which are pushed down from the vCloud Director instance. Click the "Next" button.

Self Cleanup

Runtime and storage leases are a very powerful feature of the cloud. An internal audit of Rainpole resources found that thousands
of dollars of storage was being wasted due to orphaned virtual machines that were never cleaned up properly. Now with
self-cleaning in the cloud, un-used resources will be expired and can then be deleted if not needed. Users can set preferences for

receiving email notifications prior to expiration. Set the leases as shown.

Setting Limits in the Cloud

To ensure that no single group consumes all the resources it is necessary to set quotas and limits. The alpha-dog developers of
eCOM-DEV don't like this but it's a fact of life in a world where resources are shared.

The "Running VM Quota" which is how many machines eCOM-DEV can have powered on at a given time is set to 20.
The "Stored VM Quota" which is how many machines can exist within the Organization powered down is set to 40.
This provides enough capacity for the initial eCOM-DEV roll out and will be expanded as needed when the capacity requirements
mandate it.
We change the "Limits" to the values shown to restrict the organization to create too much IO due to heavy operations, such as
cloning of vApps.
The number of simultaneous connections define the concurrent connections to a VMs console.
Click the "Next" button.

Completing the first Cloud Organization

Review and finalize the settings for the new vCD Organization. Click the "Finish" button.

The first Developers in the Cloud

Navigate to "Manage & Monitor" and then double click on eCOM-DEV.

This is the first of many Organizations to be created in the Private Rainpole Cloud and the users within will be able to easily and
quickly leverage automated resources from their slice of the Virtual Infrastructure. To accommodate future business units in the
Cloud more Organizations can be created that will be able to securely share the underlying resources.

Delegate Duties in the Cloud

Notice how a new tab labeled "eCOM DEV" is created. Click on the new tab (1). Click on Administration (2) Click on Users (3).
Then Click on the Import from LDAP icon (4) and search for user TeamLeader (5). Click the "Search" button and then add (5) him
as Organization Administrator.

This delegates the administration of the new organization "eCOM-DEV" to the TeamLeader.
If the search result is empty the b ase distinguished name entered during the organization setup might b e wrong. You can change
this in "System/Manage&Monitor/Organizations". Then select "Properties" of the organization and check the DN in "LDAP Options"
"cn=users,dc=corp,dc=local" and search again.
Allocating resources to Organizations within the Cloud

Now go back to your "System" tab and the "Home" section. Click the link "6. Allocate resources to an Organization".

The new Organization Datacenter

Select the Organization within the cloud that will be given some capacity. Click the "Next" button.

Providing resources

Select the Provider vDC which will provide resources for this Organization. In this case, it will be "Developers pVDC" which will be
used for the different development groups within Rainpole. Click the "Next" button.

Allocation Models

There are different models to allocate consumer resources within the cloud. Each model provides for slightly different user options
and resource commitment as well as affecting vCenter Chargeback billing policies. Because this is the first group to leverage the
cloud, Rainpole wants to use a "Pay-As-You-Go" model. This allows Rainpole finance to know exactly how much is being spent for

each virtual machine in the cloud. Click the "Next" button.

CPU Speed in the Cloud

The "Pay-As-You-Go" model offers the ability to throttle the speed of the virtual CPU regardless of the physical CPU speed.
eCOM-DEV is currently working on physical physical hardware with 2Ghz CPUs so to allow for comparison, the virtual CPU will be
set to 2 GHz as well. The benefit is that the speed can now be increased in the virtual data center without having to upgrade any

physical hardware though the developers are not aware of this.

Storage for the new Organization

The new Organization needs storage and capabilities. Because it is still unknown how much capacity the eCOM-DEV developers
will need, the capacity is temporarily set to unlimited. However, the total amount of disk space used will be reduced by using "thin
provisioning" behind the scenes which allocates storage blocks on-demand. This is invisible to the developers but allows

Rainpole to use considerably less storage. Enabling "fast provisioning" uses linked clones which means a new virtual machine
is quickly deployed by creating a disk snapshot of an existing VM. This makes the developers even more productive as they don't
have to wait for long virtual machine copies. Click the "Next" button.
Leveraging the power of pools.

We now assign a portion of the network pool that was created earlier. This will give the eCOM-DEV developers the ability to deploy
their own complex firewalls on private networks and quickly replicate complex testing environments that used to take weeks to
setup in the physical world. Give the eCOM Dev users 20 networks from the "RP-vCDNI-Pool". Click the "Next" button.

Naming the Organization

Finally give the "Organization Virtual Datacenter" an intuitive name so it is easy to understand which group is using these
resources. Click the "Next" button.

Completing the first Organization vDC

Review and complete the first Organization Virtual Datacenter. Click the "Finish" button.

Create Organization Networks

Select "Add a network to an Organization"

Select organization for new network

Select eCOM-DEV as the Organization which will contain the new new Organization network. Organization networks allow units
within the Cloud to connect to external resources such as Internet, DMZ or IP based storage. There are also internal networks that
are private to the Organization. In the next step we will be creating both types of network.

Organization network type

We are creating a directly connected Organization network which will have direct access to an external network. The other option is
to create a Routed network which will be contained behind a vShield firewall which will connect the two layer three networks
together. The Routed network would allow for NAT, Firewall and Port Forwarding in the event that external IP's were limited or

additional security was required.

Change the "Create an external network via" drop down to "Direct connection" !

Network Settings

A network pool is a group of undifferentiated networks that is available for use within an Org vDC. A network pool is backed by
vSphere network resources such as VLAN IDs, port groups, or Cloud isolated networks. vCloud Director uses network pools to
create NAT-routed and internal organization networks and all vApp networks. Network traffic on each network in a pool is isolated at

layer 2 from all other networks.

IP Settings

Choose the default setting for the Internal Network which will allow virtual machines in a vApp to communicate with each other. You
can connect an Internal network to an organization network to allow a vApp to communicate with other vApps in the organization.

vApp networks are backed by network pools. Users with access can manage and create their own networks through the power of
dynamically leveraging Network Pools.
Apply Network Name

Name the Organization Network something that makes it readily apparent to vApp authors what it's connectivity is and when it
should be included in a vApp configuration.

Enabling External Access to the Cloud

Organization need to be able to get outside to access resources and to do that their networks need to attach to the Provider
external networks created previously.

Name the External Network

Give this external network an intuitive name so it's obvious that it's assigned to eCOM-DEV for external access.

Reviewing

Review and confirm the steps.

Branding the Cloud

Branding is an important part of any service. We will now walk through applying a logo and basic theme to the newly built Rainpole
Private Cloud.
Branding tab

Chose the System Tab.

1) Navigate to the "Administration" tab on the upper right.
2) Select the "Branding" section on the left hand panel.

3) click the "Browse" button next to the "Logo:" field.

Select the Rainpole Logo

In the resulting file explorer box, navigate to the "Desktop" and then the "Branding" folder and select the file named
"RainpoleLogov1".

View Logo

Confirm that the logo is now displayed below the "Logo:" field. Note the size and type of image that can be used. Next click the
"Browse" button next to the "Theme:" field.

Select the Rainpole Theme

In the resulting file explorer window, select the file named "cloud-director-template-rp" in the "Branding" folder as before. Click
the "Open" button.
Click "Ok" on the warning popup and then allow the 10 second preview to complete.

Company name

In the "Company name" field, change the value to "Rainpole Inc.".

Apply the new theme

Click the "Apply" button on the bottom right to use the new theme, logo and company name.
The Rainpole Cloud has now been branded appropriately.

Creating Catalog Resources

In vCloud Director the catalog is a collection of vApps and media files. In comparison to what is in vSphere a vApp template is kind
of a vSphere VM template on steroids: not only you can group more VMs together and capture them into a catalog as a single entity,
but you can also set startup priorities, shutdown policies and additional configurations.
The Catalog will hold the building blocks that the Rainpole and eCOM-DEV developers will use to create their development
environments. When these building blocks are in the developers can check them out through the web interface and modify them
as they see fit.
Create a catalog

Click "8. Add a catalog to an organization".

Rememb er, you can find "Guided Tasks" in the "Systems / Home" Tab

The Cloud catalog

The power of the cloud is delivered through a catalog of pre-configured servers for users to easily add to their virtual data center. In
this case, Rainpole has worked with the developers of eCOM-DEV (their customer) and determined what they need in their catalog.

Name the catalog

Name the catalog something intuitive so its purpose is clear.

Click Next !

Sharing catalog's

The catalog can be published to other organizations if desired. In this case eCOM-DEV will be creating resources that can be
consumed but other Organizations within the Cloud as such the setting will be to allow "Publish to all Organizations".

Complete catalog

Review and complete and the catalog creation. Click the "Finish" button.

Importing VM's from vCenter

Select the "eCOM-DEV" tab (labeled 1)

Select tab "Catalogs" tab (labeled 2)
Select "vApp Templates " tab (labeled 3)
Click on the vCenter Icon (labeled 4)
Only a Provider Administrator can import from vCenter. The Organization resources including the Org Admin are abstracted from
the vSphere layer and cannot see any resources inside vCenter.

Importing VMs

There are different ways to bring VMs into a vCloud Director environment including importing (powered off) VMs directly from the VC
instance that is backing the Provider Virtual Datacenter. Another way is to upload an OVF template directly into vCloud Director
using the Java upload tool.

Select the "Ubuntu Server VM" and give it a name. The "Move VM" choice means the VM is deleted from vCenter and only exists in
vCloud Director. The "Copy VM" choice leaves the vCenter instance of the VM intact. However, this will use twice the amount of
storage. Because the current datacenter has limited storage, please choose "Move VM".
Make the VM a "Gold Master" as it will be used as the base image for all Ubuntu deployments going forward. A "Gold Master"
designation in the vCD Catalog simply serves as a visual cue to users that this vApp is of good quality.
Import status

The status of the VM import will be updated as the job progresses.

Second Import

Import an Ubuntu Webserver as the second VM. Move the VM as before and designate as a "Gold Master".

Import status

The status of both jobs will be shown concurrently.

Jobs Complete

Both Gold Masters should have completed successfully.

Access URL for the new Developer Organization

Navigate to "Manage & Monitor", select the "Organizations" section at the top left, then right-click the "eCOM-DEV" organization and
select "Properties".

Portal URL

Note the URL for the new eCOM-DEV organization: "https://vcloud.rainpole.com/cloud/org/eCOM-DEV/"

Press "Ctl" and "C" on the keyboard to copy the URL to the Windows clipboard.

Logout as the Admin

Deploying cloud to users is all about first impressions. If the first user's experience is bad, then the project will be at risk before it
even gets fully implemented. Therefore, it is imperative that the Rainpole architects test the system as a typical user in order to
gauge the ease-of-use and ensure a positive experience for those critical first users of the private cloud. This is especially true at
Rainpole because the eCOM-DEV developers are used to getting their way and will not accept a new system unless it meets their
expectations and prior experiences.
Next we'll log in and experience the Cloud from the perspective of a user.

The User Experience

Now we get to the most important aspect of deploying a cloud infrastructure which is the user experience. We want to walk
through what a typical Rainpole developer will experience when they login to the new self-service portal. If the experience is not as
good (or ideally better) than what they already have then adoption will be limited and ultimately the project will struggle and may fail
altogether.
There is a lot that goes on at the entry point to the Rainpole private Cloud. It is where developers locate, order and manage the
resources they need. It is the spot where the organization administrator manages users, offers capacity, monitors resources,
charges for them, enforces and applies automation, governance, security and other business rules that go into offering the service.

The most important element - The user

Make sure you have the right URL : "https://vcloud.rainpole.com/cloud/org/eCOM-DEV/" ****Note: For security purposes if you put
in the wrong URL, the vCloud Director portal will still come up. This is to make it harder for unwelcome guests to randomly guess
organization names and try to hack into the system. Even though a login/password portal will be available for a non-existant URL,

a login error will always result from any login attempt.

If you get a login error, then confirm that the URL is correct. Login as TeamLeader with password VMware1!
Building a vApp

The TeamLeader login has the role "Org Administrator" inside the Cloud and as such is able to " Build a new vApp". Other users
can be set to only consume previously built vApps. It is important to "know your customer" and provide the right amount of access
based on their capabilities. Too much or too little access will result in help desk calls, wasted time and resources which is exactly
what cloud is meant to avoid.

Name the vApp

Name the vApp something to indicate it will only be a temporary test to view the experience from a users perspective.
Because it is a test, we can set the Runtime and Storage Lease to the minimum.

Adding Virtual Machines

The user is able to select from the machines which were previously added to the catalog. Multiple VMs or multiple versions of the
same VM can be added to the vCD Catalog. Adding the same VM multiple times requires that it be customized upon deployment
which vCloud Director will do automatically. This is to change things like the MAC address, SID and IP/hostname and the root

password if needed.
Please add the two Ubuntu systems to your vAp.p
Configuring a vApp

Note the "Computer Name" as this is what the hostname of the machine will become. In this case, the user is able to set that
(remember that eCOM-DEV developers demand control). There is also a way to limit the user and only allow them to provision a
vApp exactly the way it was captured. In this case, the user would not be able to change the hostnames or the number of VMs in

the vApp. Again, it depends on the complexity and needs of the user.
vApp Networking

Leave the default options in place and click "Next" to continue.

Complete vApp Creation

Review and complete the vApp configuration

vApp Create Status

The status of the new vApp creation task will be shown. Behind the scenes vCloud Director is performing API calls to vCenter and
building the new VMs which are linked clones of the Gold Master template in the catalog. Because they are linked clones, the vApp
creation will be significantly faster than if full copies were being created.

Quick access to workloads

Click the "Home" tab to go back to the s creen that a typical user would see when logging in. From the "Home" screen, a user is
presented with a view of available vApps and can very easily start, stop or pause the workloads. Click into one of the Screen Boxes
to get access to the console. Note: you have to power on the vApp (1) before you can access the console (2).

Open Console

You can release with CTR-Alt and close the window.

My Cloud

The "My Cloud" tab is the workspace for active vApps. This is where the Code Nebulous developers will be spending most of their
time. Here they can see console thumbnails of their powered-on vApps, access properties and open the vApp. Right click any
vApp in "My Cloud" and select open to view the individual VM configuration.

Opening a vApp

Here you can see a logical diagram of the networking for the VMs in the vApp.

IP addresses in the cloud

As a user of the cloud system navigate to the "Virtual Machines" tab and note the IP address of the webserver.

The Final Product

Open a new browser and put in the noted webserver IP address (http://192.168.110.201) of the new cloud system to reach the
basic Apache homepage of this web server.
Due to the Guest Customization process the web server may take additional time to start (a few minutes!), if this is the case give it

some time and reload the browser to try again.

You may proceed with the following steps and come back later to check the web page.

Chapter 2: Plan and conduct

an acquisition

Leverage Orchestration to Build an Organization

Rainpole has very aggressive plans for their cloud deployment. Based on previous analysis, there is significant demand for a truly
self-service provisioning environment and eCOM-DEV will just be the first business organization to leverage the cloud. In order to
allow their administrators to scale without having to work 20 hours a day, it is important to leverage orchestration. vCenter
Orchestrator has pre-configured workflows for vCloud Director then can be extended if necessary.
This section shows how to create a vCD Organization through orchestrated workflows. These workflows quickly provision cloud
resources for business units (vCD Organizations) to get them on-line reliably and with minimal effort. vCO also allows workflows
to be scheduled or called from external systems through a web service API.

The vCenter Orchestrator Client

The main access point for creating and running workflows is the vCenter Orchestrator Client. There is also a web interface to
offload the execution of the workflows to other groups in an easy-to-access fashion. In this scenario, the Rainpole Administrator is
creating workflows for the first time and will need the power of the vCO Client to edit and create scheduled automation.

Start the vCenter Orchestrator Client from the Desktop or the Start Menu. Leave the "Host name" and "User name" fields values
since they were previously populated. Enter VMware1! in the "Password" field click "Login".
The Workflows

vCenter Orchestrator is a powerful tool with many capabilities. For Rainpole's needs, the most important area is the "Workflows"
section which contain integrations with vCloud Director to quickly perform a variety of automated tasks. The vCloud Director vCO
plugin has been previously installed to enable this additional integration.

Select the "Workflow" bar and expand the folder "vcoAdmin@vco.rainpole.com" and "RainPole Automation".
Code Nebulous is only the first of what will be many acquisitions by RainPole and it will be key to quickly enable each new
organization to become operational in the cloud as quickly as possible. The first added workflow focuses on creating a new vCD
Organization complete with OrgvDC, Networks, an Allocation Model and a Catalog.

Access the Workflow Options

Right-clicking the workflow exposes the available options for interacting with it. Here you can start a workflow and schedule it for
future execution. You will manually start the "Provision Production RainPole Organization" but a little later you will schedule the
"Instantiate vApp" at regular intervals to meet a development process requirement.

Select "Start Workflow...".

Filling in the blanks

Certain fields must be filled before the workflow can be executed or scheduled to execute. By filling in just the required values or
using good defaults, it will be quick and automated to setup a vCD Organization when a new acquisition or business unit needs
access to cloud resources.

The vCloud Director Host

vCloud Director workflows must run against a specific vCloud Director instance. As the environment grows, most likely multiple
copies of workflows will be needed which will run against different vCloud Director instances that may be geographically separate.
Click on "Host" and in the resulting popup navigate to the "vCloud Director Server" and Click "Select". Note****: The select option

will only become available when a vCloud Director instance is selected.

Target Provider vDC

The "Create Organization" workflow must be run against one Provider vDC. The first use case for the Rainpole Private Cloud is
for developers and this workflow will focus on automating the task of bringing future development groups online quickly inside the
Development pVDC.

Click on "Provider vDC" and in the resulting popup navigate to the "Admin" -> "Provider vDCs" folder. Then select the
"Development pVDC" element and click "Select".

Network Pool

It is important to add the Network Pool or vApps will not start in the new vDC Organization.
First click "Not Set" in the "Network Pool" text box. Then navigate to the "Admin" -> "Extension" -> "VMW Network Pools" folder and
select the "RP-VCDNI-Pool" element.

Then click "Select".

Organization name and description

Code Nebulous is the latest acquisition of RainPole and the first thing their developers need is a dedicated vCD Organization
inside the cloud.

Name the new vCD Organization CodeNeb ulous. Note**** The "Name" field cannot have any spaces or special characters.
Click "Not set" in the "Allocation Model" field.
The "Allocation Model" field

Click in the "Filter:" text field and press the Enter key on the keyboard. The three vCloud Director allocation models populate the
pick list.

Select Reservation Pool

Reservation Pool is one of 3 vCD Allocation Models available. It creates a hard reservation that guarantees the Organization will
get a fixed share of the resources available. When introducing new technology, first impressions are of the utmost importance so
the Rainpole administrator decided that creating a guaranteed reservation for the new developers is the best way to ensure a

positive initial user experience.

Select "ReservationPool" as the vCD Allocation Model. Click "Select".
CPU, Memory and Storage values

As a cloud administrator, it is important to understand the customer. An OrgVDC is different type of abstraction for compute
resources and it is critical to understand the needs of the customer in order to provide sufficient capacity.
Enter the values as shown.

Submitting the Workflow

Review the settings and click "Submit" to execute the workflow. Going forward this workflow can be shared in the vCO Web Views
to allow easier and faster access to execute as needed.

The workflow should complete within 10 - 20 seconds.

The end result

Navigate back to vCloud Director and view the new CodeNebulous Organization which was created faster and more accurately
through automation than it could ever be done manually. This type of automation will significantly improve the lives of the cloud
administrators and allow them to scale even as the demand for resources increases.

The new vCD Organization has all the settings supplied in the orchestration workflow.
Under System select "Manage & Monitor" Tab and click on "Organizations". You can create the Tab "CodeNebulous" by double
clicking on the organization name.
Log back into vCD

Navigate to the favorites bar in "Internet Explorer" and choose vCloud Director rainpole.com

Log into Rainpole Cloud

Log into the Rainpole Cloud as a provider administrator to view the new Organization.

The new Organization

View the new Organization within vCloud Director that has been automatically created. Note it has 1 vDC, 2 Catalogs and 1 User
that were all created by the workflow.

The new Org vDC

Navigate to Organization vDCs on the left pane and view the new vDC. It should be set to "Reservation Pool" as it was specified in
the workflow.

Leverage Automation to Deploy a vApp

The key to increasing productivity is to get resources into the hands of users as quickly as possible. RainPole knows this and it is
a key reason they are pushing to move further into cloud computing. A vApp contains all the components packaged together to
allow a developer or knowledge worker to immediately be productive and get their job done. Creating vCD vApps will be a frequent
operation. Automation will help RainPole make the most of their Private Cloud.
This piece of automation to "Instantiate a vApp" will become an important and widely used orchestration tool.

Log into the vCenter Orchestrator Client

Go back to your vCenter Orchestrator.

Select the "Instantiate Rainpole vApp Template " workflow.
Click on "Start workflow..." to initiate execution.

Fill in the mandatory fields

Populate the mandatory fields in the following steps.

First Select the vDC to deploy the vApp into

IMPORTANT: please start at the bottom with "vDC" not with "vApp Template"
Now select the vDC for the new vApp. Note*** Make sure you do this before selecting the vApp.
1) Click "Not set" in the vDC field.

2) Expand the CodeNebulous Organization folder tree.

3) Select the "CodeNebulous vDC" and click "Select" on the bottom right.

Second step Identify the vApp to be instantiated

1) Click on "Not set" next to to the "vApp Template " choice box.
2) Expand the "vCloud Director" folder and sub-folders as shown.
3) Choose one of the Ubuntu Templates and click "Select" on the bottom right.

Name the vApp

Next populate the name field of the vApp definition

Submit the workflow to run

Click "Submit".

Workflow status

Watch workflow status to ensure it completes successfully.

Login as Administrator into Rainpole

Using the favorites bar navigate back to "vCloud Director rainpole.com" and open VCD as administration as "administrator"
"VMware1!"

Navigate to vApp

Through vCloud Director navigate to the Organization that holds the newly created vApp.
Double Click on "CodeNebulous"

The New vApp

View the new vApp and if it's finished creating power it on.

vCenter ChargeBack
In order for a shared model like the cloud to be successful, the incurred costs must be completely transparent. This transparency
reinforces responsible behavior in how users consume resources. The eCOM-DEV developers have historically requested the
biggest most expensive Virtual Machines for their testing and development needs. Now that success can be tied to the total cost of
the project and the resources consumed, it behooves the developers to only request what they need to "get the job done" and save
money along the way to improve the profit and success of the overall project.
vCenter Chargeback is an easy way of charging for consumed resources in vCenter and vCloud Director. With connectors to
vCloud Director, vShield Manager and vCenter Server, Chargeback tracks all consumed resources. Chargeback can be used to
create actual bills for customers or for delivering the metrics to an external billing system.
In this lesson we will login to the web interface of vCenter Chargeback and create a report based on the resources that RainPole
developers are consuming.

Login to vCenter Chargeback

You can find the URL of vCenter Chargeback in the Internet Explorer favorites bar.
User: Admin
Password: VMware1!

Login: "Local"
If LDAP / AD is configured as a login source, it can be used to validate users. RainPole.com is using local Chargeback users at the
moment.
Show vCenter Chargeback settings

From the "Getting Started" Tab click on Settings, to see if the attached data collectors are installed and working.
The "Basic Tasks " list are shortcuts to im portant tasks inside vCenter Chargeback such as adding vCenter servers.

Show data collectors

Look at vCenter servers and Cloud Data Collectors. You can add up to 10 vCenter Servers. The list shows you the attached
sources. Rainpole.com is using a single vCenter server with the instance name "vCenter01".

Collectors en details

The Data Collectors for vShield and vCloud Director can be monitored and may also be installed on different servers. vCenter
Chargeback is based on a distributed software architecture. vCenter Chargeback gets all the information about the vApps a tenant
has created from vCloud Director. vShield Manager is used to collect information about network activities, such as transferred data
and configured network services such as DHCP addresses, NAT, Firewall, etc..
Introducing hierarchies

vCenter Chargeback is collecting data based on hierarchies. A hierarchy is a collection of vApps, VMs, networks etc.. vCloud
Director has a collection of vApp, VMs, networks, etc. for every tenant. These collections are automatically created and maintained
as a Hierarchy in vCenter Chargeback.

You can look into a hierarchy by selecting it. Click on "eCOM-DEV".

Hierarchy structure

As you can see vCenter Chargeback has created entries in the hierarchy matching the vCD inventory. Every vCD Organization
Virtual Datacenter (oVDC) is listed under the appropriate Allocation Model.

Creating a report

If you want to charge for a resource, e.g. a whole oVDC you may click on the "Reports" tab (1.) and then right-click on the
"eCOM-dev-ovdc" element (2.)
Select "Generate Cost Report".

Report continued

(1.) Name the report

(2.) Enter today or the whole current month.
(3.) Make sure you have selected the right Cost Model.

A cost model is a set of costs for resource metrics like vCPU, MEM Disk etc.
As you can see at the "Computation Resources" (4.) you can charge various resources. The rates are stored in the Cost Model (3.)
You can open and modify a Cost Model under the "Manage Cost" tab. We will do this at the end of this Chargeback section
(5.) Click the "Generate Report" button.
Show running reports

As you can see, the report is being generated. Depending on the size of the hierarchy and the billing period this may take some
time. You can run multiple reports at the same time. You can also schedule and email the reports.

Report options

When the report is ready, you can expand the folder tree as well as look at the report in greater detail using RTF, PDF or CSV
formats. Click an icon to generate the desired format. We recommend downloading the report as a PDF!
Download report

To download the created report click on the blue text.

Allow Internet Explorer to open report

If Internet Explorer asks for permission to open the file, please do so.

Open report

If the report looks good to you, the next step is to schedule the report so that it runs automatically every chosen period. The first tab
of the "Generate Cost Report" dialog controls the am ount of detail in a report. The report for the Finance department might be more
detailed, than the report for the CTO.

Activate schedule

If you think the report looks good and it's worth having it each month send out as an email to controlling or others, activate the
scheduling.

Set schedule parameter

You have several options here that pretty much describe themselves.

After selecting a scheduled report, if you want to email the created report automatically every period, click on the envelope and enter
some email addresses. The detailed report is attached to the email as a PDF.

Additional Information about Cost Models

Click "Show" (5.) to display the base rates for each metric. You are also able to charge for HA, Operating Systems, etc. These are
shown in the "Other Costs" Tab(4.).

Chapter 3: Plan for a

migration from private to
public cloud

External Cloud Resources

Login to Abigtelco, a cloud provider used by CodeNebulous. The external cloud looks the same as the internal.
Open Tab

Create a new tab to open the external cloud.

External Cloud Provider "Abigtelco"

Login in with user Orgadmin and the password VMware1!

Roam around and see that it looks almost the same as your internal cloud Rainpole.com. CodeNebulous has a eCommerce vApp
deployed in the cloud!

Catalog

Look at the empty Catalog, we will fill it with the next section

Copy a workload from the public to the private cloud

Most of the existing workloads acquired from Code Nebulous are running in the Public Cloud so it is time to connect with the new
Private Cloud. The Rainpole QA team has a list of criteria that determine if an application can run in the public cloud based on the
sensitivity of data. It is the preference to run workloads in the public cloud if possible and as public cloud security becomes better,
more and more workloads will migrate over. The vCloud Connector which has been pre-installed on vCenter is the tool to
seamlessly migrate workloads from private to public or public to private.
In addition, the IT Manager and his team are struggling with a lack of current infrastructure capacity to manage their existing
workloads while also completing the operational tasks for the merger of Code Nebulous into the IT Infrastructure. To keep the
launch date for the Code Nebulous eCommerce service on track, the CIO has decided to subscribe to ABigTelCo's vCloud
Datacenter Public IaaS service immediately and give the Code Nebulous developers autonomy to securely provision and transfer
their own development environments.
This is the final step in connecting Rainpole and Code Nebulous into a secure and elastic merged entity. This is much more agile
and competitive. This is just the start of the "Journey into the Cloud" for Rainpole. The next Lab will show how the company had to
learn to successfully manage and monitor their cloud. This is critical as more production workloads migrate into the environment.

vCloud Connector Plug in in vCenter

After the vCloud Connector plug in for vCenter has been installed, it will be available under "Solutions and Applications" area in the
"Home" view in vCenter.

Accept Certificate

Accept the certificate warning after clicking the "vCloud Connector" Link
Connect to the eCOM-DEV Organization Cloud by clicking "Add Cloud"

To add a new Cloud click on "Add Cloud"

Input the information for the new Cloud Organization

This will require the URL for the Organization created earlier. "Cloud URL:" https://vcloud.rainpole.com/cloud/org/CodeNeb ulous
User:orgadmin
Password: VMware1!
Click "Add" to finish the dialog.

If necessary get the URL for the Organization by looking at the properties of the Org inside Cloud Director

If you don't know the Cloud URL right click properties of the Org within vCloud Director

The Org URL is listed under "General" in the Org properties

Note the organization URL which is used to access the Cloud from a web browser:
https://vcloud.rainpole.com/cloud/org/CodeNebulous/

The view of the cloud

Now workloads can be transferred between any of the 3 constructs shown in vCloud Connector.

Select a resource to transfer

Expand "eCOM-DEV" and select one of the previously created vApps.

You are allowed to see "Powered Off" vApps only. If your vApp is powered on, just right click on the Name "vCO" and select "Power
Off"

Copy a vApp

Right click the vApp to copy and select "Copy to". Note*** The vApp must be powered off, it's similar to a cold Motion.

Transfer options

Fill in the required fields to complete the transfer. Note*** Select Internal as the target Network in the "Network" drop down. When
complete click "OK" Ensure the target Cloud is "ABigTelco".
Please use the "Internal Network only" since this is the right subnet for that vApp

Copy status

Let the workload copy. Depending on size and network speed this copy can take a long time. It this case the vApp is small and
the copy should take around 3 - 5 minutes. You can view the steps performed to transfer the vApp in the screen shot below.
Transfer steps in vSphere

Underneath the transfer dialog you should be able to see the tasks being performed in vSphere to move the workload to the public
cloud.

The new public Cloud workload

When the task has completed expand the "ABigTelco" Cloud and right click on the Organization which will then provide a link to
launch a web browser and connect directly to the ABigTelco portal.

Navigate to the new vApp

After connecting to the ABigTelco Cloud log in with User: orgadmin, Pass:VMware1!. Navigate to "Catalogs" -> "CodeNebulous
Archived vApps".

Add new vApp to "My Cloud"

Right Click on the new vApp in the Catalog and select "Add to My Cloud"

Add to Cloud

In the resulting popup leave the defaults intact and click "Finish"
If you like, set the leases to 1 hour, since the vApp is just a test vApp.

Access the new vApp

Navigate to "My Cloud" and view the progress of the new vApp creation

Turn off Guest Customization

The Rainpole developer wants the new vApp to be exactly the same as the original that was transferred so we are disabling guest
customization. To do this select "VMs" (1) on the left side right the click the new VM (2) then select "Properties" (3).

VM Properties

In the resulting "Properties" window navigate to the "Guest OS Customization" Tab and uncheck "Enable guest customization".
Guest Customization is a powerful component to leverage when it makes sense, not only can the SID and Passwords be reset but
the machine can be joined to a domain and custom post scripts can be executed inside the Operating System.

Power on the new workload

Power on the new VM by high lighting the VM (1) and clicking the Play icon (2) on the top left and the new transferred Virtual Machine
is running in the Public Cloud.

Summary
The Initial Cloud Infrastructure

This completes Lab01 "Building the Hybrid Cloud". Agility and scalability were two of the main drivers for cloud adoption, offering
Rainpole an elastic, scalable source of computing power. The cloud holds the scalability to support sudden peaks in demand,
which would be impossible to deal with within the "business as usual" traditional datacenter. But the journey to the cloud isnt free

of pitfalls and roadblock either. at this stage Rainpole has a solid foundation to start from but there is still much more do be done
especially around "Managing" and Monitoring" the Hybrid Cloud.
Lab02 and Lab03 continue the Rainpole Cloud journey and go deeper into the challenges inherent in Cloud adoption and how to
successfully address them.
x1612