A private cloud is an isolated VMware stack that consists of ESXi hosts,vCenter, vSAN, NSX-T, and HCX. You manage private clouds through theGoogle Cloud console. When you create a private cloud, you get a singlevSphere cluster and all the management VMs that are created in that cluster.
VMware Engine deploys management components in the network that youselect for vSphere/vSAN subnets. The network IP address range is divided intodifferent subnets during the deployment.
Before you begin
Before performing the tasks on this page, perform the following prerequisitesteps.
- Allocate a unique IP address range for vSphere/vSAN subnets of the privatecloud you want to create.
- Minimum CIDR range prefix: /24
- Maximum CIDR range prefix: /20
- If you want global address resolution using Cloud DNS,then enable the Cloud DNS API and completeCloud DNS setup before you create your private cloud.
The vSphere/vSAN subnet address space must not overlap with any network thatwill communicate with the private cloud, such as on-premises networks andGoogle Cloud Virtual Private Cloud (VPC) networks. For more information aboutvSphere or vSAN subnets, see VLANs and subnets on VMware Engine.
Google Cloud CLI and API requirements
To use the gcloud command line tool or the API to manage your VMware Engineresources, we recommend configuring the tools as described below.
gcloud
Set your default project ID:
gcloud config set project PROJECT_ID
Set a default region and/or zone:
gcloud config set compute/region REGION
gcloud config set compute/zone ZONE
For more information on the gcloud vmware tool,reviewing the Cloud SDK reference docs.
API
API examples in this documentation set use the cURL command-line tool toquery the API. A valid access token is required as part of the cURL request.There are many ways to get a valid access token; the following steps use thegcloud tool to generate a access token:
Login to Google Cloud
gcloud auth login
Generate access token and export to TOKEN
export TOKEN=`gcloud auth print-access-token`
Verify that TOKEN is set properly
echo $TOKENOutput:TOKEN
Now, use the authorization token in your requests to the API. For example:
curl -X GET -H "Authorization: Bearer \"$TOKEN\"" -H "Content-Type: application/json; charset=utf-8" https://vmwareengine.googleapis.com/v1/projects/PROJECT_ID/locations
Python
Python code samples in this documentation use the VMware Engine library to communicate with the API. To be able to use this approach, the library needs to be installed and the Application Default Credentials should be configured.
Download and install the Python library
See AlsoWeather science: How to make a cloud in a jar (2 different methods!)Student Project: Make a Cloud in a Bottle | NASA/JPL EduMake Rain Clouds in a BottleWhat would it feel like to touch a cloud?pip install google-cloud-vmwareengine
Configure the ADC information by executing those command in your shell
gcloud auth application-default login
or use a Service Account key file
export GOOGLE_APPLICATION_CREDENTIALS="FILE_PATH"
For more information about the library, visit the reference page or view code samples on GitHub.
Create a private cloud
Console
To create a private cloud using the Google Cloud console, follow these steps:
- Access the Google Cloud console.
- From the main navigation, click Private clouds.
- Click Create.
- Select the location where you want the private cloud deployed.
- Select the node type for your primary cluster.
- Select the number of nodes for the private cloud. For production workloads,create your private cloud with at least 3 nodes. VMware Enginedeletes private clouds that contain only 1 node after 60 days.
- Optional: Click the Customize Cores toggle if you want to reduce thenumber of available cores for each node in the management cluster. Fordetails, see Custom core counts.
- Enter a CIDR range for the VMware management network. For information aboutrestrictions on this range, see the Before you beginsection.
- Enter a CIDR range for the HCX deployment network, which is used fordeploying HCX components. Make sure that the CIDR range doesn't overlapwith any of your on-premises or cloud subnets. The CIDR range must be/27 or higher.
- Click Review and Create.
- Review the settings. To change any settings, click Back.
- Click Create to begin provisioning the private cloud.
The following list describes each field during private cloud creation in moredetail:
- Name: Permanent unique identifier of the private cloud.
- Description: Additional information that's visible on the details pageof the private cloud.
- Region: Geographical region where VMware Engine hosts yourprivate cloud.
- Zone: Subset of a region physically isolated from other zones in thesame region. A zone is a single failure domain within a region.
- Primary cluster name: Name given to the initial vSphere cluster in yourprivate cloud. VMware management appliances of your private cloud run on thiscluster.
- Node type: Hardware configuration of nodes in your primary cluster.
- Nodes: Number of nodes in your primary cluster.
- Management IP address range: IP address range used for vCenter Server, NSXManager, ESXi hosts, and other parts of the private cloud's infrastructure.This range is not used for workload VMs and must not overlap with any part ofyour VPC network or any other network which you plan to connect your privatecloud to.
- VMware Engine network: Network resource that handles privatecloud connections according to a network policy. You and resources connectedto this VMware Engine network can access the private cloud fromwithin Google Cloud.
gcloud
To create a stretched private cloud using the Google Cloud CLI, follow thesesteps:
Optional: List the available regions and zones for your project byrunning the gcloud vmware locations list command.
gcloud vmware locations list \ --project=PROJECT_ID
Replace the following:
PROJECT_ID: the project ID for this request
Create a network for your private cloud by running thegcloud vmware networks create command.
gcloud vmware networks create NETWORK_NAME \ --type=LEGACY \ --location=REGION \ --description="DESCRIPTION"
Replace the following:
NETWORK_NAME: the network name for theprivate cloudREGION: the region for the private cloudDESCRIPTION: a description for the privatecloud
The request returns an operation ID.
Check the status of the operation by running thegcloud vmware operations describe command.When the operation returns as
DONE, check the response to see if theoperation was successful:gcloud vmware operations describe OPERATION_ID \ --location REGION
Replace the following:
OPERATION_ID: the ID from the previous stepREGION: the region for the private cloud
Create a three-node private cloud by running thegcloud vmware private-clouds create command.
gcloud vmware private-clouds create PRIVATE_CLOUD_ID \ --location=ZONE \ --cluster=CLUSTER_ID \ --node-type-config=type=standard-72,count=NODE_COUNT \ --management-range=`IP_ADDRESS` \ --vmware-engine-network=NETWORK_NAME
Replace the following:
See AlsoCLOUD DEVELOPMENTPRIVATE_CLOUD_ID: the name for the privatecloudZONE: the zone for the private cloudCLUSTER_ID: the name for the new clusterin this private cloudNODE_COUNT: the node count. Specify a valueof three or more.IP_ADDRESS: the IP address, for example192.168.0.0/24, for this requestNETWORK_NAME: the network name for thiscloud
The request returns an operations ID you can use to check the progressof the operation.
Check the status of the operation by running thegcloud vmware operations describe command.When the operation returns as
DONE, check the response to see if theoperation was successful.gcloud vmware operations describe OPERATION_ID \ --location REGION
Replace the following:
OPERATION_ID: the ID from the previous stepREGION: the region for the private cloud
Connect the VMware Engine Network to your VPC bysetting up private services access.
Retrieve the vCenter and NSX-T credentials by running thegcloud vmware private-clouds vcenter credentials describe andgcloud vmware private-clouds nsx credentials describe commands, respectively.
gcloud vmware private-clouds vcenter credentials describe \ --private-cloud=PRIVATE_CLOUD_ID \ --location=ZONE
gcloud vmware private-clouds nsx credentials describe \ --private-cloud=PRIVATE_CLOUD_ID \ --location=ZONE
Replace the following:
PRIVATE_CLOUD_ID: the ID for the privatecloudZONE: the zone for the private cloud
API
To create a stretched private cloud using the VMware Engine API, followthese steps:
Create a legacy network by making a
POSTrequest.curl -X POST -H "Authorization: Bearer TOKEN" -H "Content-Type: application/json; charset=utf-8" https://vmwareengine.googleapis.com/v1/projects/PROJECT_ID/locations/REGION/vmwareEngineNetworks?vmwareEngineNetworkId=NETWORK_NAME -d "{"type": "legacy"}"Replace the following:
TOKEN: the authorization token for thisrequestPROJECT_ID: the project for this requestREGION: the region to create this network inNETWORK_NAME: the network name for theprivate cloud
The request returns an operations ID you can use to check the progressof the operation.
Check the status of the operation by making a
GETrequest. Whenthe operation returns asDONE, check the response to see ifthe operation was successful:curl -X GET -H "Authorization: Bearer TOKEN" -H "Content-Type: application/json; charset=utf-8" https://vmwareengine.googleapis.com/v1/projects/PROJECT_ID/locations/REGION/operations/OPERATION_ID
Replace
OPERATION_IDwith the ID from the previous step.Create a three-node private cloud by making a
POSTrequest:curl -X POST -H "Authorization: Bearer TOKEN" -H "Content-Type: application/json; charset=utf-8" https://vmwareengine.googleapis.com/v1/projects/PROJECT_ID/locations/ZONE/privateClouds?privateCloudId=PRIVATE_CLOUD_ID -d "{"networkConfig":{ "vmwareEngineNetwork":"projects/PROJECT_ID/locations/REGION/vmwareEngineNetworks/NETWORK_NAME", "managementCidr":"10.241.0.0/22" },"managementCluster":{ "clusterId": "CLUSTER_ID", "nodeTypeConfigs": { "standard-72": { "nodeCount": NODE_COUNT } } }}"Replace the following:
TOKEN: the authorization token for thisrequest.PROJECT_ID: the project ID for this requestZONE: the zone for the private cloudPRIVATE_CLOUD_ID: the ID for the private cloudREGION: the region of the network for thisprivate cloudNETWORK_NAME: the network name for theprivate cloudCLUSTER_ID: the ID for the new clusterin this private cloudNODE_COUNT: the node count. Specify a valueof three or more.
The request returns an operations ID you can use to check the progressof the operation.
Check the status of the operation by making a
GETrequest. When theoperation returns asDONE, check the response to see if the operationwas successful:curl -X GET -H "Authorization: Bearer TOKEN" -H "Content-Type: application/json; charset=utf-8" https://vmwareengine.googleapis.com/v1/projects/PROJECT_ID/locations/REGION/operations/OPERATION_ID
Replace the following:
PROJECT_ID: the project ID for this requestREGION: the region for the private cloudOPERATION_ID: the ID from the previous step
Connect the VMware Engine Network to your VPC bysetting up private services access.
Retrieve the vCenter and NSX-T credentials by making
GETrequests:curl -X GET -H "Authorization: Bearer \"TOKEN"\" -H "Content-Type: application/json; charset=utf-8" "https://vmwareengine.googleapis.com/v1/projects/PROJECT_ID/locations/ZONE/privateClouds/PRIVATE_CLOUD_ID:showVcenterCredentials"
curl -X GET -H "Authorization: Bearer \"TOKEN"\" -H "Content-Type: application/json; charset=utf-8" "https://vmwareengine.googleapis.com/v1/projects/PROJECT_ID/locations/ZONE/privateClouds/PRIVATE_CLOUD_ID:showNsxCredentials"
Replace the following:
PROJECT_ID: the project ID for this requestZONE: the zone for the private cloudPRIVATE_CLOUD_ID: the ID for the privatecloud
Python
Create a legacy network.
from google.cloud import vmwareengine_v1TIMEOUT = 1200 # 20 minutesdef create_legacy_network( project_id: str, region: str) -> vmwareengine_v1.VmwareEngineNetwork: """ Creates a new legacy network. Args: project_id: name of the project you want to use. region: name of the region you want to use. I.e. "us-central1" Returns: The newly created VmwareEngineNetwork object. """ network = vmwareengine_v1.VmwareEngineNetwork() network.description = ( "Legacy network created using vmwareengine_v1.VmwareEngineNetwork" ) network.type_ = vmwareengine_v1.VmwareEngineNetwork.Type.LEGACY request = vmwareengine_v1.CreateVmwareEngineNetworkRequest() request.parent = f"projects/{project_id}/locations/{region}" request.vmware_engine_network_id = f"{region}-default" request.vmware_engine_network = network client = vmwareengine_v1.VmwareEngineClient() result = client.create_vmware_engine_network(request, timeout=TIMEOUT).result() return resultCreate a three-node private cloud.
from google.api_core import operationfrom google.cloud import vmwareengine_v1DEFAULT_MANAGEMENT_CIDR = "192.168.0.0/24"DEFAULT_NODE_COUNT = 3def create_private_cloud( project_id: str, zone: str, network_name: str, cloud_name: str, cluster_name: str) -> operation.Operation: """ Creates a new Private Cloud using VMWare Engine. Creating a new Private Cloud is a long-running operation and it may take over an hour. Args: project_id: name of the project you want to use. zone: the zone you want to use, i.e. "us-central1-a" network_name: name of the VMWareNetwork to use for the new Private Cloud cloud_name: name of the new Private Cloud cluster_name: name for the new cluster in this Private Cloud Returns: An operation object representing the started operation. You can call its .result() method to wait for it to finish. """ request = vmwareengine_v1.CreatePrivateCloudRequest() request.parent = f"projects/{project_id}/locations/{zone}" request.private_cloud_id = cloud_name request.private_cloud = vmwareengine_v1.PrivateCloud() request.private_cloud.management_cluster = ( vmwareengine_v1.PrivateCloud.ManagementCluster() ) request.private_cloud.management_cluster.cluster_id = cluster_name node_config = vmwareengine_v1.NodeTypeConfig() node_config.node_count = DEFAULT_NODE_COUNT # Currently standard-72 is the only supported node type. request.private_cloud.management_cluster.node_type_configs = { "standard-72": node_config } request.private_cloud.network_config = vmwareengine_v1.NetworkConfig() request.private_cloud.network_config.vmware_engine_network = network_name request.private_cloud.network_config.management_cidr = DEFAULT_MANAGEMENT_CIDR client = vmwareengine_v1.VmwareEngineClient() return client.create_private_cloud(request)The
create_private_cloudfunction returns an operations object you canuse to check the progress of the operation.Check the status of the operation. Fetch current information about anoperation.
from google.cloud import vmwareengine_v1from google.longrunning.operations_pb2 import GetOperationRequestdef get_operation_by_name(operation_name: str) -> Operation: """ Retrieve detailed information about an operation. Args: operation_name: name identifying an operation you want to check. Expected format: projects/{project_id}/locations/{region}/operations/{operation_id} Returns: Operation object with details. """ client = vmwareengine_v1.VmwareEngineClient() request = GetOperationRequest() request.name = operation_name return client.get_operation(request)def get_operation(project_id: str, region: str, operation_id: str) -> Operation: """ Retrieve detailed information about an operation. Args: project_id: name of the project running the operation. region: name of the region in which the operation is running. operation_id: identifier of the operation. Returns: Operation object with details. """ return get_operation_by_name( f"projects/{project_id}/locations/{region}/operations/{operation_id}" )You can use
.result()member method of the operation object to wait forit to complete.Connect the VMware Engine Network to your VPC bysetting up private services access.
Retrieve the vCenter and NSX-T credentials.
from google.cloud import vmwareengine_v1def get_vcenter_credentials( project_id: str, zone: str, private_cloud_name: str) -> vmwareengine_v1.Credentials: """ Retrieves VCenter credentials for a Private Cloud. Args: project_id: name of the project hosting the private cloud. zone: name of the zone hosting the private cloud. private_cloud_name: name of the private cloud. Returns: A Credentials object. """ client = vmwareengine_v1.VmwareEngineClient() credentials = client.show_vcenter_credentials( private_cloud=f"projects/{project_id}/locations/{zone}/privateClouds/{private_cloud_name}" ) return credentialsfrom google.cloud import vmwareengine_v1def get_nsx_credentials( project_id: str, zone: str, private_cloud_name: str) -> vmwareengine_v1.Credentials: """ Retrieves NSX credentials for a Private Cloud. Args: project_id: name of the project hosting the private cloud. zone: name of the zone hosting the private cloud. private_cloud_name: name of the private cloud. Returns: A Credentials object. """ client = vmwareengine_v1.VmwareEngineClient() credentials = client.show_nsx_credentials( private_cloud=f"projects/{project_id}/locations/{zone}/privateClouds/{private_cloud_name}" ) return credentials
As VMware Engine creates your new private cloud, it deploys anumber of VMware components and divides theprovided IP address range into subnets. Private cloud creation can take 30minutes to 2 hours. After the provisioning is complete, you will receive anemail.
What's next
- Get sign-in credentials for management appliances
- Manage your private cloud resources and activity
