Configuring VMware Cloud on AWS
Outposts in VMware Aria
Operations
VMware Cloud on AWS
Outposts
in VMware Aria
Operations
To manage your
VMware Cloud on AWS
Outposts
instances in
VMware Aria
Operations
, you must configure a
cloud account. The adapter requires the CSP API token that is used to authorize and
communicate with the target VMware Cloud on AWS
Outposts
.Navigate to
API
Tokens
under My Account
and generate a CSP
API token based on your operational needs:- To discover and manage SDDCs, include Administrator (Delete Restricted) or Administrator from VMWare Cloud on AWS service roles.
- For data collection of bills, include either Billing Read-only or Organization Owner roles from All Organization Roles.The data collection of bills requires the bills to be available in the CSP.
- For NSX monitoring, include NSX Cloud Admin or NSX Cloud Auditor roles from VMWare Cloud on AWS service roles.
- To activate the cost calculations based onVMware Cloud on AWS Outpostspricing, you must modify theVMware Cloud on AWS Outpostsrate card on the Cloud Providers tab in the Cost Settings page. For details on updating the rate card, see the VMware KB article KB88488.
- If you have subscribed to both VMC on AWS service andVMware Cloud on AWS Outpostsservice, ensure that they are in different CSP organizations. Otherwise, certain functionalities such as costing, and configuration maximums may not function as expected when both VMC on AWS service andVMware Cloud on AWS Outpostsservices are onboarded for monitoring withinVMware Aria Operations.
- From the left menu, click .
- On the Accounts tab, clickAdd.
- On the Accounts Types page, clickVMware Cloud on AWS.
- Enter a display name and description for the cloud account.
- Name. Enter the name for theVMware Cloud on AWS Outpostsinstance as you want it to appear inVMware Aria Operations.
- Description. Enter any additional information that helps you manage your instances.
- To add credentials for theVMware Cloud on AWS Outpostsinstance, click theAddicon, and enter the required credentials.
- Credential Name. The name by which you are identifying the configured credentials.
- CSP Refresh Token. A CSP API token. For details on generating an API token, see Generating a CSP API Token for VMware Cloud on AWS Outposts.
Enter the following details if you are using proxy server to access internet or public services.- Proxy Host. A remote proxy server IP.
- Proxy Port. The port that is available on a remote proxy server.
- Proxy username. Enter the username of the proxy server or if you want to add a domain configured remote proxy server, then enter the username asusername@domain name.
- Proxy Password. Password for the proxy server username.
- Proxy Domain. The domain has to be empty while using the proxy with domain configuration.
The proxy credentials will be used byNSX-Tadapters. - Determine whichVMware Aria Operationscollector or collector group is used to manage the cloud account. If you have multiple collectors or collector groups in your environment, and you want to distribute the workload to optimize performance, select the collector or collector group to manage the adapter processes for this instance.Ensure that you have Internet connectivity for the collectors to work.
- Organization ID. ClickGet Organizationto auto-fill this field. If you are offline or if you are unable to get the Organization ID, you can enter it manually.The Organization ID refers to the Long Organization ID in the Cloud Service Portal. To obtain this ID in the Cloud Service Portal, click .
- ClickValidate Connectionto validate the connection.
- Bill-based costing is not supported inVMware Cloud on AWS Outposts. In the advanced settings, set "Billing Enabled" field to false
- ClickSave.The page to configure the SDDC inVMware Cloud on AWS Outpostsappears.
- From the list of available SDDCs inVMware Cloud on AWS Outposts, click any one of the SDDCs that you want to monitor fromVMware Aria Operations.
- Configure the vCenter adapter:
- Click thevCentertab, and enter the required credentials.
- Credential Name. The name by which you are identifying the configured credentials.
- User Name. The vCenter user name. Use a user with the 'cloudadmin' role which has full visibility to vCenter. Users with less privileges have limited visibility, for example, the read-only users do not have visibility into management VMs.
- Password. The vCenter password configured for that vCenter user name.
- Select the required collector group.If you have direct connectivity with your VMware Cloud vCenter Server, selectDefault collector group. If you are using a private IP for your vCenter Server or if you want to deploy telegraf agents for application monitoring, selectCloud Proxy. The best practice is to deploy the Cloud Proxy on each SDDC instance ofVMware Cloud on AWS Outposts.Select the Cloud Proxy deployed on the given VC and ensure it has access to the Internet. If the outbound internet access for the Cloud proxy must be restricted, ensure that the minimum Cloud Proxy prerequisites are met.For details, see the "Configuring Cloud Proxies in VMware Aria Operations" topic in on-premGetting Startedguide.It is advised not to use the default collector groups as theVMware Cloud on AWS Outpostsmanagement gateway firewall rule does not allow traffic originating from any address.If you have configured an HTTP proxy on your Cloud Proxy, ensure that your HTTP proxy has an exception to access the NSX Management Policy endpoint.
- If you have installed a Cloud Proxy inVMware Cloud on AWS OutpostsSDDC, the Cloud Proxy might not have outbound internet access to reach theVMware Aria Operationsservice. To activate outbound internet access for the deployed Cloud Proxy and allow Cloud Proxy to connect to vCenter, perform the following steps:
- Request a new public IP in theVMware Cloud on AWS OutpostsSDDC where the Cloud Proxy was deployed. For details, see Request or Release a Public IP Address.
- Add a new NAT rule for the internet that associates private IP of the Cloud Proxy with the public IP. For details, see Create or Modify NAT Rules.
- Add a firewall rule that allows incoming traffic from the public IP that was associated with Cloud Proxy VM in earlier step to vCenter.
- Click thevSANtab. By default, the vSAN adapter is activated.
- SelectUse alternate credentialsto add alternate credentials. Click the plus icon, and enter the credential name, vCenter username, and password, and clickOk.
- SelectEnable SMART data collection, if required.
- ClickValidate Connectionto validate the connection.
- Click theNSXtab. By default, theNSX-Tadapter is activated.
- ClickValidate Connectionto validate the connection. If you have hardened the SDDC environment, then you may get an error while validating theNSX-Tconnection. To resolve this issue, changeNSX-Tadapter instance to use the private IP address ofNSX-Tmanager by following the steps below:
- Navigate to and click yourNSX-Tadapter instance.
- In the list of objects shown, edit the object of typeNSX-Tadapter instance and enter the private IP address ofNSX-Tmanager for your environment in theVirtual IP/NSX Managerfield.
- ClickOK.
- ClickSave This SDDC.The Service Discovery adapter is optional. The steps to configure theVMware Cloud on AWS OutpostsService Discovery adapter are similar to configuring vCenter Service Discovery. For more information about configuring the vCenter Service Discovery. seeConfigure Service Discovery.TheVMware Cloud on AWS Outpostsaccount, with the configured SDDC, is added to the list.