vROps – vCNS One-Armed, Highly Available load balancing

By | December 9, 2015

Requirements

  • As the solution scales and the number of administrators and consumers requiring access grows, the HTTPS requests on the vROps UI will increase the traffic and the load on the nodes.
  • Prevent a node outage (either the Master or Master Replica) from disrupting access into the solution
  • Use a common name and DNS entry to access the solution

Constraints

  • No available budget for NSX licensing, to use load balancing feature.
  • No available budget for dedicated hardware solution from a 3rd party

Solution

  • Use vCloud Networking and Security Suite
  • vShield Edge devices – Use Load Balancer feature in one-armed mode.

Design

Blog - vShield & vROps LB(1)

Note: IP addresses and VLANs are fictitious.

Note: IP Hash policy was used instead, as Round Robin caused the vROps UI session to timeout every 15 minutes and return to the logon page, despite continuous activity and no other new connections.

Deploy vCloud Network and Security 

  • Deploy vCNS OVF template (5.5.4) using the wizard via vSphere Web Client
    • Note CLI Admin and CLI Privilege passwords!
  • Power on appliance, open console and login into CLI as ‘admin’
    • Run command ‘enable’ and login using privileged account
    • Run command ‘setup’
    • Enter IP information, save and then run command ‘exit’
    • Log back in and check network connectivity (ping & DNS checks)
    • Browse to GUI of vShield Manager – https://x.x.x.x.x
      • Login as admin and password ‘default’
      • If using IE, you may need to run in Compatibility mode
      • Change password once logged in via Settings & Reports>Users>Admin>Edit
    • Configure vCenter registration
      • vCenter Server name – vcenter.domain.com (FQDN)
      • Administrator username and password
    • Configure Lookup Service
      • Host = vcenter.domain.com
      • SSO administrator user and password
    • Configure NTP Server
    • Configure SysLog Server

Deploy Edge Gateway

Datacentre>Network Virtualization>Edges>Green Plus + sign

  • Name & Description
    • Name – LAB-EDGW01
    • Enable HA – Yes
  • CLI Credentials
    • Admin and password
    • Enable SSH – Yes
  • Edge Appliances
    • Appliance Size – Compact
    • Enable Auto rule generation
    • Rule Priority – High
    • Add two appliances, and select different host and datastore for each
  • Interfaces
    • vNIC 0 – Uplink
      • Primary IP = Edge Gateway
      • Other IP(s) = Load Balancer VIP(s)
    • vNIC 1 – Internal-HA
  • Default Gateway
    • Uplink-VLAN
    • Gateway IP address
  • Firewall & HA
    • Default Traffic Policy – Deny
    • Logging – Enabled
    • HA Parameter
      • vNIC = any
      • Management IPs = none specified (local link address will be used – 169.254.x.x)

Configure Load Balancer

  • Manage Edge Gateway
  • Network Virtualization>Edges>Double click
  • DNS Configuration – Change
  • Setup Load Balancer Pools
    • Edge Gateway>Load Balancer>Pools
    • Add and create pool
    • Load Balancer Status – Enable
    • Publish Changes
    • Setup Load Balancer Virtual Server
      • Edge Gateway>Load Balancer>Virtual Servers
      • Add and create using IP address
    • Manage Edge Gateway Firewall Rules
      • Add
        • Name – vROps
        • Type – Internal
        • Source – Any
        • Destination – vROps VIP
        • Service – HTTPS
        • Action – Accept

Resources

vShield Documentation

how-configure-vmware-vshield-manager-and-vshield-endpoint

Leave a Reply