VMware vCloud Director 9.5 – Cross-VDC Networking Blog Series – High-Level Provider Design

In this blog series, we will be covering several aspects of Cross-VDC Networking inside of VMware vCloud Director 9.5. This was created by Daniel Paluszek, Abhinav Mishra, and Wissam Mahmassani.

This blog covers the following:

  1. Overview of the High-Level Design
  2. Failure Scenarios
vCD 9.5 Multi-Site High Level Diagram - Using Provider UDLR


The goal of this high-level design is to provide optimal availability of network services from the Provider and Tenant layer. We must adhere to Cross-vCenter NSX best practices, so do note that we are presuming you are aware with these guidance parameters.

In this suggested design, we have two layers of NSX:

  1. Tenant layer within vCloud Director
  2. Provider Managed layer

The goal is to provide high availability between the two sites while meeting the stated requirements of Cross-VDC networking.

While the Tenant layer is auto-provisioned by vCloud Director, the Provider Managed layer will be initially set up and managed natively in NSX inside of the resource/payload vCenters.

Within the Tenant layer, this is controlled and managed by vCD and provides the spanning of L2 tenant (orgVDC) networks across the member sites by stretching the created Universal Logical Switch. The Tenant Universal Distributed Logical Router (UDLR) will be provisioned by vCD during creation of a VDC Group and will take care of the required routing for the different tenant networks. The tenant Edge Services Gateway (ESG) will terminate all tenant services such as NAT, Edge Firewall, DHCP, VPN, Load Balancing and will be the North/South ingress/egress point for workloads managed by the vCloud Director organization.

In this high-level design, we are deploying the Tenant UDLR with egress points that are in Active/Standby (passive) mode where all Tenant A’s (Coke) workload traffic will egress from a specific Edge. In this example, we will egress from Site-A –

Deploy Tenant UDLR with egress points

The rationale behind Active/Standby mode is to maintain stateful services that are running on the tenant’s ESG and explicit control of the ingress traffic which will also assist in any failure considerations.

Since vCloud Director provides secure and isolated multi-tenancy, we can provide a design on a per Organization (tenant) basis. For example, I could have Tenant B (Pepsi) that has their egress set at Site-B –

Design on per organization basis for multi-tenancy with vCD

Therefore, this allows the Provider to manage tenant traffic and distribute the network utilization across sites.

Now, let’s discussed the Provider Managed layer, which is initially established by the Provider and manage in native NSX terms outside of vCloud Director.

Provider Managed Layer

Each Tenant Edge (<OrgName>-<OrgVDC>-Edge) will peer externally with a pre-provisioned UDLR. This uplink transit interface will be on the VXLAN overlay, or in other words just a Universal Logical Switch that’s presented to vCloud Director as an External Network. With this configuration, a Provider could scale to up to 1,000 tenants as a DLR supports up to 1,000 logical interfaces (LIFs).

In this high-level design, we will be utilizing an Active/Active state with local egress mode at the Provider Layer (Provider UDLR). Therefore, local traffic will egress at its respective local site. With this configuration, a UDLR Control VM will be deployed on each site.

While utilizing an Active/Active configuration, we would also pair this with ECMP on the Provider UDLR (P-UDLR) and Peer with up to 8 Provider Managed Edges spread equally between the two sites. Therefore, we would have E1, E2, E3, and so on until E8 for each site. In summary, we would have the following:

  1. Site-A
    1. Provider Control VM will peer with ESGs 1-4 (Green) on Site-A while peering with ESGs 5-8 on Site-B.
    2. This is possible as E1-E8 reside on the same Universal Logical Switch.
    3. E1-E4 will have a higher BGP weight peering with the Provider-UDLR for any oVDC network routes while E5-E8 will have a lower BGP weight.
  2. Site-B
    1. This will be very similar to Site-A as we will be splitting up ESG’s between the two sites.

The Provider UDLR will reach the Tenant’s Edges uplinks via direct-connected routes. This is where Public IP’s will be floating and hence, Provider UDLR will advertise direct-connected routes to the Provider Edges northbound.

For high availability purposes, the default originate would be advertised to all Provider ESG’s via the upstream physical network while BGP weights prefer the respective local site (for Coke, Site-A, and for Pepsi, Site-B).

Therefore, if we have a physical network failure on Site-A, the local provider edges will withdraw the routes (default originate) being advertised and traffic will then exit from Site-B physical infrastructure via the E4 to E8 Green (since this is the secondary BGP path). Similarly, traffic for site 2 will follow the same path but with Blue ESGs in charge.

Failure Scenarios

vCD 9.5 Multi-Site High Level Diagram - Operational Steady State

In this section, we will be reviewing the vCD NSX design that we are proposing. This focus will be around the packet life around failure considerations and how high availability also plays into these situations.

Scenario 1: Operational Steady State

Pepsi workloads will have their respective Tenant UDLR as their default gateway.

Operational Steady State on Site-A / Pepsi

East/West Traffic:

Pepsi workloads that are communicating L2 East/West whether in the same in a single vCD instance, or across vCD sites, will utilize the stretched L2 universal logical switch and communicate successfully via Host VTEP encapsulation. If it is an Layer 3 / routed communication between workloads, then Tenant UDLR will do the routing on the source host and encapsulate the packet again via the VTEP to the destined workload via its host VTEP.

North/South Traffic:

Traffic originating from Pepsi workloads whether they live on orgVDC Site-A and/or orgVDC Site-B will egress from the Active orgVDC-A-Pepsi Edge Services Gateway. Tenant UDLR has a BGP Configuration with 2 BGP Neighbours: one with the Active Tenant ESG, and another with the Standby Tenant-EDGE, with a higher weight for the Active Tenant-ESG/.

From the Active Tenant-ESG, traffic will egress to the Provider ECMP ESGs (E1 to E4 Green) due to the fact that the Provider UDLR has local egress (Active/Active) being configured in the Provider NSX layer.

The Provider Primary UDLR Control VM is peering BGP for oVDC routes with ECMP E1 to E4 Green on Site-A with weight 60 whereas with BGP weight 30 with ECMP E5 to E8 Green on Site-B.

The Provider Secondary UDLR Control VM is peering BGP for oVDC routes with ECMP E1 to E4 Blue on Site-B with weight 60 whereas with BGP weight 30 with ECMP E5 to E8 Blue on Site-A.

This is shown as highlighted in the diagram below for Tenant Pepsi that has an active Tenant-ESG on Site-A and passive Tenant-ESG on Site-B.

For tenant Coke, it has an active Tenant ESG on site 2 and a passive Tenant ESG on Site-A. Hence traffic will egress from Site-B Provider ESGs (E1 to E4 Blue) again due to the fact of local Egress being configured at the Provider NSX layer. See the diagram below –

Operational Steady State on Site-B/Coke


Note that due to the active/passive mode on the Tenant Layer, we maintained the stateful services that the Tenant ESG provisions such as NATing, firewall services, and so forth.

Always remember that the UDLR control VM is not in the data path as the UDLR is an instance present within the kernel on each vSphere host.

Moreover, notice how we distributed traffic to both sites for optimal efficiency of resources.

Scenario 2: Loss of Tenant’s Active ESG

In this scenario, let’s say we lose the Active ESG on Site-A for Pepsi.

Loss of Tenant's (Site-A) Active ESG

BGP weight kicks in as now the previously “Standby” ESG will become active and hence traffic will egress from the Tenant-ESG on Site-B (OrgVDC-B-Pepsi) and hence traffic will egress from E1 to E4 Blue.

The same above scenario will happen with Tenant-Coke if Coke loses its Active ESG on Site-B.

Loss of Tenant's (Site-B) Active ESG

Scenario 3: Loss of upstream physical switching on Site-A

Loss of upstream physical switching on Site-A

If we lose the physical core upstream, or technically the default originate, traffic will still egress from Active Tenant ESG on Site-A and the Provider UDLR will send the traffic to egress from E5 to E8 Green on Site-B as now and due to BGP weights kicking in, default originate is coming from those Edges on Site-B. Hence all internet traffic will be accessible from Site-B.

Coke traffic (who has their active Tenant-ESG on Site-B) are egressing normally from on E1 to E4 Blue on Site-B (refer to Scenario 1).
We would have the same expected result if I lose Internet connectivity on Site-B where now traffic for active Tenant-ESGs on Site-B will egress from the E5 to E8 Blue while Active Tenant ESGs on Site-A will still egress from E1 to E4 Green.

Loss of upstream physical switching on Site-B


Up next – design considerations for Cross-VDC networking and conclusion to this series.

The post VMware vCloud Director 9.5 – Cross-VDC Networking Blog Series – High-Level Provider Design appeared first on VMware Cloud Provider Blog.

Posted in NSX, vCloud Director, VMware Cloud Provider | Comments Off on VMware vCloud Director 9.5 – Cross-VDC Networking Blog Series – High-Level Provider Design

Project Dimension – VMware’s Edge Computing effort

Advertise here with BSA

Internally some of my focus has been shifting, going forward I will spend more time on edge computing besides vSAN. Edge (and IoT for that matter) has had my interest for a while, and when VMware announced an edge project I was intrigued and interested instantly. At VMworld US the edge computing efforts were announced. The name for the effort is Project Dimension. There were several sessions at VMworld, and I would recommend watching those if you are looking for more info then provided below. The session out of which I took most of the below info was IOT2539BE, titled “Project Dimension: the easy button for edge computing” by Esteban Torres and Guru Shashikumar. Expect more content on Project Dimension in the future as I start getting involved more.

What is Project Dimension? What discussed at VMworld was the following:

  • A new VMware Cloud service; starting at edge locations
  • Enable enterprises to consume compute, storage, and networking at the edge like they consume public cloud
  • VMware will work with OEM partners to deliver and manage hyperconverged appliances in edge locations
    • All appliances will be managed by VMware via VMware Cloud

So what does it include? Well as mentioned it includes hardware, the type etc hasn’t been mentioned, but it was said that Dell and Lenovo are the first two OEMs to support Project Dimension. This hyperconverged solution will include:

  • vSphere
  • vSAN
  • Velocloud

This solution will be managed by a “hybrid cloud control plane” as it is referred to, all by VMware. Architecturally this is what the service will look like:

Now what I found very interesting is that during the session someone asked about the potential for Dimension in on-prem datacenters, and the answer was: “Edge is where we are beginning, but the long-term plan is to offer the same model for data centers as well”. Some may notice that in the above list and diagram NSX is missing, as mentioned during the session, this is being planned for, but preferably will be a “lighter” flavor. What also stands out is that the HCI solution includes not only compute but also networking (switches and SD-WAN appliance).

Now, what is most interesting is the management aspect, VMware and the OEM partner will do the full maintenance/lifecycle management for you. This means that if something breaks the OEM will fix it, you as a customer however always contact VMware, single point of contact for everything. If there’s an upgrade then VMware will go through that motion for you. Every edge cluster for instance also has a vCenter Server instance, but you as an administrator/service owner will not be managing that vCenter Server instance, you will be managing the workloads that run in that environment. This to me makes sense, as when you scale out and potentially have hundreds or thousands of locations you don’t want to spend most of your time managing the infra for that, you want to focus on where the company’s revenue is.

Now getting back to the maintenance/upgrades. How does this work, how do you know you have sufficient capacity to allow for an upgrade to happen? VMware will also ensure this is possible by doing some form of admission control, which prevents you to claim 100% of the physical resources. Another interesting thing mentioned is that Dimension will allow you to chose when the upgrade or patches will be applied. In most environments maintenance will have an impact on workloads in some shape or form, so by providing blackout dates a peak season/time can be avoided.

From a hardware point of view and procurement perspective, this service is also different then you are used to. The services will be on a subscription basis. 1 year or 3-year reserved edge clusters, or more of course. And from a hardware perspective, it kind of aligns with what you typically see in the cloud: Small, Medium or Large instance. Which then refers to the number of resources you get per node. Starting with 3 nodes, of course, have the ability to scale up and potentially start smaller than 3 nodes in the future. The process in terms of sign up / procurement is displayed in the diagram below, delivery would be within 1-2 weeks, which seems extremely fast to me.

What I also found interesting was the mention of a “try and buy” option, you pay for 3 months and if you like it you keep it, and your 3 months contract will go to 1 year (or so) automatically.

At this point you may be asking: why is VMware doing this? Well, it is pretty simple: demand and industry changes. We are starting to see a clear trend, more and more workloads are shifting closer to the consumer. This allows our customers to process data faster and more importantly respond faster to the outcome, and of course, take action through machine learning. But the biggest challenge customers have is consistently managing these locations at a global scale, and this is what Project Dimension should solve. This is not just a challenge at the edge, but across edge, on-prem and public cloud if you ask me. There are so many moving parts, various different tools, and interfaces, which just makes things overly complex.

So what is VMware planning on delivering with Project Dimension? Consistently, reliable and secure hyperconverged infrastructure which is managed through a Cloud Control Plane (single pane of glass management for edge environments) and edge-to-cloud connectivity through Velocloud SD-WAN. (Management traffic for now, but “edge to edge” and “edge to on-prem” soon!) There’s a lot of innovation happening at the back-end when it comes to managing and maintaining 1000s of edge locations, but you as a customer are buying simplicity, reliability, and consistency.

Please note, Project Dimension is in beta, and the team is still looking for beta customers. You need to have a valid use case, as I can see some of you thinking “nice for a home lab for a couple of weeks”, but that, of course, is not what the team is looking for. For those who have a good use case, please go to the product page and leave your details behind: http://vmwa.re/projectdimension

The post Project Dimension – VMware’s Edge Computing effort appeared first on Yellow Bricks.

Posted in cloud, edge, IoT, project dimension, Server, vmc, vmconaws, vmware cloud on aws | Comments Off on Project Dimension – VMware’s Edge Computing effort

vCloud Director 9.x Advanced Load Balancing with F5 Big-IP

vCloud Director exposes NSX load balancing services through the edge gateways, which enables tenant users to deploy their own load balancer instances. However, this makes sense only for the local site.

In this blog post, we will show you how by integrating F5 Big-IP with vCloud Director, you can have an abstract multi-site load balancer, which uses DNS-based load sharing to distribute the load between the sites using several edge gateways. And we will expose this functionality to the tenant users through an vCloud Director UI extension.


vCloud Director Load Balancing Solution Architecture

The diagram outlines the solution architecture – a multi-site application and the management of the application load balancing.

vCloud Director multi-site application and management of the application load balancing

The multi-site application (in blue) runs on two datacenters and has a DNS load balancer, which redirects the application end-user requests to the proper site.

The management of the application load balancing (in green) consists of an Advanced Load Balancing UI extension backed by vRO.



Let’s see how to set up the advanced load balancing process and what will happen in the backend.

Create a New Advanced Load Balancer

From an end-user perspective, creating an advanced load balancer is relatively simple – you just fill in a form provided by the Advanced Load Balancing UI extension.

In the form, you provide:

  • FQDN of the load balancer
  • Number of instances per site
  • Pool members on both sites
vCloud Director - Create a new Advanced Load Balancer

In the backend, the workflow determines where to create the NSX load balancers based on the site where the VMs reside.

NSX Load Balancer Configuration

After the advanced load balancer is created, it will deploy identical NSX load balancers on each site to allow scaling across sites. This also depends on the edge gateways to which the virtual machines are connected.

vCloud Director NSX Load Balancer Configuration

F5 Configuration

When all the NSX load balancers are ready, the workflow will create all the needed F5 objects to allow DNS based load balancing.

The Wide IP is the FQDN of the advanced load balancer.

vCloud Director NSX Load Balancer F5 Configuration

It also defines how requests are going to be balanced across the Wide IP pool members.

vCloud Director NSX Load Balancing Method for Wide IP Pools

The pool members are the virtual server VIP addresses of the load balancers created in NSX.

vCloud Director NSX Load Balancers Pool Members



F5 Big-IP integration with vCloud Director allows tenants to easily create complex load balancing solutions required to support global scalable applications. In this blog post, we have discussed the basic setup. However, DNS-based load balancing usually requires a lot of configuration, which can either be exposed to tenants, or kept as a provider side configuration in the solution, thus hiding the complexity from the end-user. Most importantly, everything is managed through the vCloud Director Portal, giving a unified experience to the end-users.

Integrated NSX Load Balancers into vCloud Director

For more information on vCloud Director, please visit https://www.vmware.com/products/vcloud-director.html

The post vCloud Director 9.x Advanced Load Balancing with F5 Big-IP appeared first on VMware Cloud Provider Blog.

Posted in F5, Load Balancer, NSX, vCloud Director, VMware Cloud Provider | Comments Off on vCloud Director 9.x Advanced Load Balancing with F5 Big-IP

Audio stops working on MAC / OSX

Advertise here with BSA

I have this issue where my sound / audio just stops working on my Mac / OSX. Very annoying, and as I find myself searching for the command every time I have this issue I figured I would simply drop it on my blog as a reminder, much easier to find, at least for me. How do I get my audio working again? Well I simply open a terminal and kill the service responsible for it. It is then auto restarted and it starts working again (you can also kill it through the UI):

sudo killall coreaudiod

I have this problem in OSX 10.14.1, but also had it in 10.14 and 10.13.x. if anyone knows how to solve the problem please leave a comment!

The post Audio stops working on MAC / OSX appeared first on Yellow Bricks.

Posted in audio, osx, sound, Various | Comments Off on Audio stops working on MAC / OSX

New KB articles published for the week ending 17th November,2018

VMware Horizon After changing display scaling on Windows 10, mouse cursor is stuck on upper left Date Published: 11/12/2018 Pool provisioning fails after upgrade Date Published: 11/13/2018 Viewdbchk scanMachines fails with failure of connection to vCenter Server Date Published: 11/12/2018 VMware Horizon Cloud with Hosted Infrastructure Cannot login RDSH during rush hour in VMware Horizon

The post New KB articles published for the week ending 17th November,2018 appeared first on VMware Support Insider.

Posted in KB Digest, Knowledge Base | Comments Off on New KB articles published for the week ending 17th November,2018

Introducing Top vBlog 2018!

It’s that time of year again, well a little later then usual. My annual Top vBlog contest just kicked off and anyone can vote on their favorite VMware & virtualization blogs through 12/15. I first want to introduce our awesome official sponsor of Top vBlog 2018 which is Turbonomic again this year, also special thanks … Continue reading »

[[ This is a content summary only. Visit my website for full links, other content, and more! ]]
Comments Off on Introducing Top vBlog 2018!

Voting now open for Top vBlog 2018!

After a slight delay, voting for Top vBlog 2018 is now open! The number of blogs devoted to VMware and virtualization continues to stay at an amazingly high level, this year there are again almost 300 of them on the ballot. Here’s your chance to show your appreciation to the bloggers for all their hard … Continue reading »

[[ This is a content summary only. Visit my website for full links, other content, and more! ]]
Posted in News, Top vBlog | Comments Off on Voting now open for Top vBlog 2018!

VMware announces the General Availability of VMware Cloud Provider Hub for partners to offer multi-cloud managed services

VMware announces the General Availability of VMware Cloud Provider Hub 2.0 – a centralized portal for partners to transact, deploy and manage VMware XaaS offerings, thereby enabling the partners to offer multi-cloud managed services.

Multi-cloud challenges for Enterprises

The multi-cloud world has opened tremendous opportunities and choices for enterprises to deploy their workloads. Enterprises can now choose from edge to on-prem data centers to public clouds to best fit their workload and budget needs.

Multi-cloud also brings a whole set of challenges for enterprises. It is getting increasingly difficult for enterprises to keep pace with the growing multi-cloud deployment options. And these multi-cloud deployments come with their own tools to monitor and manage the deployments, and enterprises are ending up with siloed operations and increased investments in service integration and management for their multi-cloud deployments, slowing down their digital transformation journey.

VMware Partners in the multi-cloud world

Multi-cloud opportunity and challenges open a brave new world where cloud providers, system integrators and solution providers dominate. These partners offer the skills, scale of operations and managed services that enterprises require in their multi-cloud journey. To cater to the challenges and therefore the opportunities in the multi-cloud market, these partners are in different stages of evolution to offer managed services on multi-cloud and manage the customer relationship and life cycle. While partners have expanded their portfolio of multi-cloud managed services, many are still operating these multi-cloud deployments and managed services in silos with custom tooling.

Introducing VMware Cloud Provider Hub

VMware is introducing the VMware Cloud Provider Hub, a centralized portal to enable the partners to transact, deploy and manage VMware XaaS offerings, which help partners expand their managed services portfolio to asset-light VMware cloud deployments, and offer multi-cloud managed services across their customer-prem, provider-prem, and public cloud deployments.

With Cloud Provider Hub, partners can manage end-to-end customer lifecycle management including onboarding customers, provisioning and managing services for them, having a consolidated view of their usage, and managing support.

Cloud Provider Hub normalizes the way partners leverage VMware Cloud Services and offer them to their customers. Hub exposes a common means to consume, provision and manage customer access to these services, in order for the partners to offer unmanaged, partially managed or fully managed services to their customers.

Cloud Provider Hub offers a Provider console, available via UI and API, for the partner to onboard and manage customers, manage service provisioning and access for customers, and perform usage and support management. Hub offers a Tenant console, which again is available via UI and API, for the partner’s customers to consume services provisioned by the partner.

VMware Cloud on AWS on VMware Cloud Provider Hub

With the availability of VMware Cloud on AWS on Cloud Provider Hub, partners can leverage an asset-light VMware deployment to complement their on-prem deployment. Partners can seamlessly extend their on-prem VMware deployment with VMware Cloud on AWS for hybrid deployments, application migration, elastic scalability needs, and geographic expansion , as well as connect from VMware Cloud on AWS into native AWS for application modernization. Partners can continue to extend the managed services that they offer on their on-prem into VMware Cloud on AWS to meet the expanded market opportunity.

VMware already has partners successfully leveraging the earlier version of Cloud Provider Hub, called the Managed Service Provider (MSP) platform, to help customers migrate from on-prem VMware deployments into VMware Cloud on AWS, offering managed services around architecture, migration, monitoring, backup, security and disaster recovery, as well as multi-cloud applications on VMware Cloud on AWS and AWS.

VMware Cloud Services on VMware Cloud Provider Hub

The availability of VMware Cloud Services on Cloud Provider Hub ensures that partners do not need to invest in and operate siloed managed services for multiple clouds, be it edge, on-prem or public cloud. VMWare Cloud Services are designed to be multi-cloud capable and partners can leverage these services on Hub to offer centralized managed services across edge, vSphere, vCloud Director, VMware Cloud on AWS, AWS, Google Cloud Platform, and Azure.

The VMware Cloud Service available with the launch of Cloud Provider Hub is VMware Log Intelligence. With Log Intelligence on Hub, partners can do centralized log collection for multiple customers across multiple clouds, for centralized log analysis, monitoring of alerts, troubleshooting and incident response. The partners can push customer-specific logs and dashboards to the tenant console of Cloud Provider Hub.

In my conversation with a partner, who has traditionally been a Solution Provider, but started to offer more managed services on multi-cloud, the partner found the centralized monitoring and incident response via VMware Log Intelligence on Hub very appealing. The partner manages multiple customers with different clouds, and with centralized log collection, the support teams in the partner’s organization would be able to quickly troubleshoot customer problems. The partner also can push periodic dashboards for the customers to view in Log Intelligence via the tenant console of Hub. This way the partner needn’t spend valuable hours preparing reports and sharing them with their customers over emails, and the customers get better experience by having a self-service view of their log analysis dashboards.

The path forward

Partners can expect to see more VMware Cloud Services, as well as VMware Cloud Marketplace, which includes third-party applications validated on VMware deployments, on Cloud Provider Hub in future making Hub the central portal for partners to offer managed services on multi-cloud in a consistent way.

For more information on VMware Cloud Provider Hub, visit https://cloud.vmware.com/cloud-provider-hub/

The post VMware announces the General Availability of VMware Cloud Provider Hub for partners to offer multi-cloud managed services appeared first on VMware Cloud Provider Blog.

Comments Off on VMware announces the General Availability of VMware Cloud Provider Hub for partners to offer multi-cloud managed services

The VMware Cloud Provider Hub – The Platform for partners for delivering managed services – What’s New


VMware today launched the VMware Cloud ProviderTM Hub for VMware Cloud Provider Program partners. Cloud Provider Hub is a platform for partners providing end-to-end customer lifecycle management including purchase, provisioning and management of VMware XaaS services. Cloud Provider Hub is the evolution of the Managed Services Platform 1.x which is now retired – users of MSP 1.x are automatically enabled and available in the Cloud Provider Hub.

With this release, VMware is enabling our partners to expand their managed services portfolio with VMware XaaS offerings. Assisting their multi-cloud service offering journey by providing access to services, that advance their hybrid cloud opportunities and address the needs of native public cloud operations.

New features available on Cloud Provider Hub can be split on the key three areas as below and the features in each area are described below

Transact new cloud services

Services available for Provisioning

VMware Cloud on AWS

Earlier this year, VMware released Managed Service Provider (MSP) platform with support for VMware Cloud on AWS service so partners could extend their managed services portfolio, beyond their on-prem deployments, into an ‘asset light’ VMware deployment in the cloud.

VMware Cloud on AWS, now live in all major global geographies, offers providers the most complete hybrid cloud solution, jointly engineered with AWS and running within their world class global cloud.


VMware Hybrid Cloud Extension bundled with VMware Cloud on AWS can be used to connect across the hybrid cloud and deliver migration at massive scale for production workloads, even across diverse VMware environments. VMware Log Intelligence audit log collection capabilities for VMware cloud on AWS service at no additional cost.

VMware Cost Insight also bundled with VMware Cloud on AWS, provides migration assessment and cost analysis to run workloads on VMware Cloud on AWS.

Learn about the new features recently announces for VMware Cloud on AWS here.

VMware Log Intelligence

VMware Cloud Services are a key part of how VMware adds value to partners implementing Hybrid Cloud.

VMware Log Intelligence provides a simple but powerful log collection and analytics tool that can be used to troubleshoot SDDC technologies, on premise or in the public cloud. VMware Log Intelligence supports vSphere, VMware Cloud on AWS, AWS and VMware vCloud Director.

Providers can configure Log Intelligence service at tenant level, end points at tenants, create dashboards, alerts and view at tenant specific level. They can also view all the tenant logs at provider level giving them the flexibility to monitor and creating unified dashboard.

Learn more about Log Intelligence and features it supports here.

Transaction method for these services

Services are available in the Cloud Provider Hub use commitment-based constructs, the same method as in MSP 1.x.

Each service must have a separate commit contract. VMC MSP commit contract is for transacting in VMware Cloud on AWS. We now have a new ‘CMS’ commit contract that must be created and active for transacting in VMware Log Intelligence. When the commit contract (s) are active, services associated with these contracts will be available for provisioning for that provider.

If you have only one commit contract – CMS MSP commit contract, you will only see the Log Intelligence service tile available for provisioning, when logging into VMware Cloud Services.

If you have both commit contracts – VMC commit contract and CMS commit contract, you will see both the service tiles available for provisioning.


Please refer to my upcoming blog series for details on how to transact using these commit contracts

How to access these services

Services can be accessed based on the role and permissions that have been assigned to you.

  • Services, when activated, can be accessed from the Open in service tile.
  • In the case of VMware Cloud on AWS only;
    1. The Add-ons or any other service, for example VMware Cost Insight, will be available under My Services using header icon
    2. Some services as Hybrid Cloud Extension and Site Recovery are already available as Add-On tile using the SDDC provisioned in VMware Cloud on AWS. Log Intelligence and Cost Insight are planned to be available and an Add-On tile soon.

Simplify operations

Providers need to provision different services for differing tenants at any time. Previously a provider needed to request service invitation, using the invitation email received, create tenant organization, onboard services, then deploy and configure. This was cumbersome and now simplified with automation – the provisioning of services for the tenants is now just a few clicks and is customizable to your needs. No more hassles requesting service invitations, waiting for the invitations and searching for the emails to do tenant onboarding or having to deal with expired invitations.

Service activation for the tenant can be done with few steps as below:

  • Any service provider with Provider Administration, Provider Operations Administrator and Provider Account Administrator rights can create a tenant org for their tenants
  • Once a tenant org is created, the service needs to be activated
  • Then the access level for the user organization for the service needs to be provided

We can see the simplified and faster flow below:

  • From the list of services available for provisioning, service providers can enable one or more services for each of their tenants. Service Providers need to provision the service for each tenant by using the Open button.
  1. At this time, there are no tenants for this service provider

So we need to add a tenant using Tenant Management , which results in a tenant org being created with all the metadata provided.

You can  provide the admin contact at a later time. If an admin contact is provided, the email provided becomes a tenant administrator. If an admin contact is not provided, the service provider managing the service access becomes the Tenant Administrator.

  1. Once tenant is added, select the tenant and choose Manage Services
  1. The service provider is switched to a tenant org and selecting Open will do the magic of service activation for the tenant user.

For details on onboarding, refer <here>

Simplified user experience

The Cloud Provider Hub now provides;

  • A self-service UI and API for providers to transact multiple cloud services, tenant management, user management, billing and usage and support
  • A self-service UI and API for tenants to consume the services that providers have given them access to, view usage and manage their user access to the services

Simplified UI and API for both Billing and usage available for providers and tenants


  • Providers can view an aggregated view of usage and effective usage per sku for a given period per organization in provider context
  • Providers can view only the aggregated usage and not effective usage per sku for a given period per organization in tenant organization
  • Previously in MSP 1.x, usage could be downloaded only using the API. Now we provide the ability to download the usage for the last billing period or selected periods – up to 6 months, as a csv file. This file will provide a detailed view of the usage and effective usage for the selected organization (provider or tenant)
  • Providers can also view the payment method – commit contract(s) associated with the provider i.e. the master organization
  • Users with roles who can access Billing and Usage
    • Users with the roles Provider Administrator, Provider Operations Administrator, Provider Billing User, have the required permissions in provider organization
    • A Provider Accounts Administrator has the permission for the assigned tenant accounts only
    • A Tenant Administrator and Tenant Billing User
  • All the above and more can be achieved using billing API’s


Tenants can;

  • View an aggregated view of usage per SKU for a given period for just that tenant organization
  • Download a detailed view of the usage only for the selected organization
  • Users with Tenant Administrator and Tenant Billing User have the permissions for the above operations

Tenants cannot view the payment method – commit contract (s) associated with the provider i.e. the master organizatio



Simplified UI and API for raising support tickets by Provider for any tenant

A cloud provider owns the Terms of Service and manages any support for their end customers. We provide many ways for a provider to extend this support for their customers.

Users with Provider Administrator, Provider Operations Administrator, Provider Accounts Administrator for specific accounts, Provider Support User can use the support feature

  • They can perform the following operations create, add comment, close with reasons
  • The support tickets can be created for any organization provider / tenant
  • Have API support to create, query and patch support requests, which allows you to automate request functions

Additional features:

The Cloud Provider Hub provides additional granular role-based access for end to end customer lifecycle management, with permissions for different operations on the resource (provider organization and tenant organization).

Roles are collections of permissions associated to a user and a resource (resource being provider organization or tenant organization). An example of a role is Provider Administrator in provider org. These roles are specific to the Cloud Provider Hub. Service roles are different and those are based on roles provided by each service

Permissions are actions applied against on a resource, which is organizational. An example is a Provider Administrator in provider organization whom can create and edit tenants. These roles are specific to Cloud Provider Hub. Service roles are different and those are based on roles provided by each service

Roles are typically inherited, which is different from roles offered in MSP 1.x

  • Some roles are inherited, which essentially means that if a role is created in provider organization, it is implicitly applicable to the entire hierarchy below the resource.

Provider administrator, Provider Operations Administrator are created hierarchically on provider org and in every descendant organization i.e. tenant organizations. For example: is adam@acme.com is made a Provider Administrator at a provider level. He is implicitly an administrator all of Acme’s tenant organizations

  • Provider Account Administrator can be inherited only by some descendants, the tenant accounts he is assigned to. If Acme has tenant1 and tenant2 and provider account administrator is assigned to tenant2, he implicitly inherits the role in tenant2 only

The different provider roles with permissions at a provider level are:

  • Provider Admin – can create/modify Service Provider users and roles, customer organizations, customer users and roles, and service access
  • Provider Operations Admin – can create/modify customer organizations, customer users and roles, and service access
  • Provider Billing User – can view aggregate and individual customer usage and billing
  • Provider Support User – can view/create/edit/delete support tickets for provider organization as well as tenant organizations
  • Provider Account Admin – can view and manage operations, services, billing and support for tenants assigned.

The different tenant roles with permissions at a tenant level are:

  • Tenant Admin – can create/modify customer users and roles and service access
  • Tenant User – Access service that has been granted access by the Tenant Admin
  • Tenant Billing User – can view usage for that organization

If you are already in the VCPP MSP program, explore the possibilities of VMware Cloud Provider Hub. If you are not, contact your aggregator or VMware representation and find out about the contract options available to you and become one today.

Additional Resources

  • Learn more about VMware Cloud Provider Hub visit

The post The VMware Cloud Provider Hub – The Platform for partners for delivering managed services – What’s New appeared first on VMware Cloud Provider Blog.

Posted in Cloud Provider, Cloud Services, VMware Cloud Provider | Comments Off on The VMware Cloud Provider Hub – The Platform for partners for delivering managed services – What’s New

Top 20 Articles for NSX,October 2018

Virtual machine in ESXi is unresponsive with a non-paged pool memory leak Licensing vShield 1.x/5.0 VMs running on ESXi 5.5 with vShield endpoint activated fails during snapshot operations Performing vMotion or powering on a virtual machine being protected by vShield Endpoint fails When using VMware vShield App Firewall, virtual machines fail to connect to the

The post Top 20 Articles for NSX,October 2018 appeared first on VMware Support Insider.

Posted in KB Digest, Top 20 | Comments Off on Top 20 Articles for NSX,October 2018