What is VMware Cloud on AWS?
Quote from VMware – "VMware Cloud on AWS brings VMware’s enterprise-class SDDC software to the AWS Cloud with optimized access to AWS services. Powered by VMware Cloud Foundation, VMware Cloud on AWS integrates our compute, storage and network virtualization products (VMware vSphere, VMware vSAN and VMware NSX) along with VMware vCenter management, optimized to run on dedicated, elastic, bare-metal AWS infrastructure."
In short, VMware Cloud on AWS (VMC) provides an identical user experience with local vSphere environments while running all infrastructures on AWS.
In this August, FVE8.8 has been launched with the new support of VMware Cloud on AWS. This blog will walk you through the procedure of monitoring VMware Cloud on AWS with FVE 8.8.
Before You Begin
In order to monitor a VMC instance, add a firewall rule in your VMC Management Gateway. This allows the connections (via port 443) from Foglight Management Server (FMS) to vCenter.
The value of "Source" should be the public IP address of your FMS. If you don't know this IP address or your FMS is using dynamic IP, set this value to "Any". Please note that everyone with internet access could access your VMC instance, if you set to "Any".
Required Account Privileges
After adding a firewall rule, prepare an account for FVE monitoring. As VMC forbids to create a user directly in vCenter and to customize roles, you need to do the following:
- Add an identity source and create a user account in your identity source, usually your AD.
- Grant permissions to the user account created above.
The "Read Only" role at the root level is required at least to monitor VMC, which enables FVE to monitor all objects in VMC.
To collect metrics from files in datastore, the permission with "Browse Datastore" privilege (for example "CloudAdmin" role) is required. VMC has strict permission restrictions, so you can only add the permission to "WorkloadDatasore" which is the only datastore you can use.
To optimize your VMs automatically using FVE, we recommend to add the "CloudAdmin" role to your monitoring account under the "Workloads" folder where all of your VMs exist.
Once your credential is ready, create a VMware agent in FVE. Use either the FQDN of your VMC instance or the IP address directly.
You may receive two alarms about the permission issue as soon as the data collection starts. This is caused by VMC denied the access to the resources that you're not allowed to use (vsanDatastore). This won't stop the data collection for rest of resources.
Now sit tight and start to experience the VMware Cloud on AWS instance monitoring and optimization!