Overview

In this lab, you will inspect a Google Cloud VMware Engine Private Cloud and explore vSphere, NSX-T, and HCX management appliances.

Objectives

In this lab, you'll learn how to perform the following tasks:

• Understand Google VMware Engine permissions
• Inspect a Google VMware Engine Private Cloud
• Connect to a Windows jumphost
• Explore the vSphere management appliance
• Explore the NSX-T management appliance
• Explore the HCX management appliance

Prerequisites

This is a read-only lab that allows you to connect to a GCVE private cloud. It also allows you to inspect vSphere and other VMware appliances via a jump host. This is not a typical lab where you will be able to create or edit Google Cloud resources. The lab is designed to give you an overview of the GCVE service and how it can be used to support VMware workloads.

Note: This lab requires an RDP client.

Before you begin, ensure that you have one of the following options installed:

• If you are using Chrome, consider using the Chrome RDP Web Store extension. If you choose this option, you cannot run through this lab in an Incognito/InPrivate window.
• If you are using a Mac, use the Microsoft Remote Desktop App.
• If you are using a Windows machine, use the Windows Remote Desktop Client.

Setup and Requirements

Before you click the Start Lab button

Read these instructions. Labs are timed and you cannot pause them. The timer, which starts when you click Start Lab, shows how long Google Cloud resources will be made available to you.

This hands-on lab lets you do the lab activities yourself in a real cloud environment, not in a simulation or demo environment. It does so by giving you new, temporary credentials that you use to sign in and access Google Cloud for the duration of the lab.

What you need

To complete this lab, you need:

• Access to a standard internet browser (Chrome browser recommended).
• Time to complete the lab.

Note: If you have a personal Google Cloud account or project, do not use it for this lab. Note: If you are using a Pixelbook, open an Incognito window to run this lab.

Log in to Google Cloud Console

1. Using the browser tab or window you are using for this lab session, copy the Username from the Connection Details panel and click the Open Google Console button.

Note: If you are asked to choose an account, click Use another account.

2. Paste in the Username, and then the Password as prompted.
3. Click Next.
4. Accept the terms and conditions.

Since this is a temporary account, which will last only as long as this lab:

• Do not add recovery options
• Do not sign up for free trials

5. Once the console opens, view the list of services by clicking the Navigation menu () at the top-left.

Task 1. Understand Google VMware Engine permissions.

In this task you will learn about the permissions required to manage Google Cloud VMware Engine.

Google Cloud VMware Engine uses Google Cloud IAM roles to control access to resources. The following predefined roles are available for Google Cloud VMware Engine:

• Compute Network User
• Compute Network Viewer
• VMware Engine Service Viewer

In a typical environment, the users who will administer the VMware Engine Private Clouds will need to be assigned the VMware Engine Service Admin IAM role.

The VMware Engine Service Viewer role can be used for users who only require Read-Only access to VMware Engine. This configuration has already been set in your lab environment.

The VMware Engine Service Agent role gives permission to manage network configuration, such as establishing network peering, necessary for Google Cloud VMware Engine.

Now that you understand the roles, let's inspect the Google Cloud VMware Engine Private Cloud.

1. In the Google Cloud Console, ensure your project is set to .

2. Open the Navigation menu () and click IAM & Admin > IAM.

3. Click Grant Access.

4. In the "Select a role" dropdown, type VMware.

You should see the following VMware engine roles that we discussed earlier:

This would be the place where you would assign the roles to the users who will be managing the Google Cloud VMware Engine Private Clouds.

5. Now click Cancel to close the "Grant Access" panel.

6. Click the Google Cloud logo in the top left corner to return to the Google Cloud Console home page.

Task 2. Inspect a Google VMware Engine Private Cloud.

You will now inspect a Google Cloud VMware Engine Private Cloud to understand the components that make up the environment.

1. In the Google Cloud console tab, from the project dropdown, click All and then select qwiklabs-gcve-quiz-lab.

2. Open the Navigation menu () and click View All Products to expand the menu to the full list of services.

3. Scroll down to the Compute section, hover over VMware Engine and click the Pin icon to pin VMware Engine to your menu.

4. Click VMware Engine.

You should see that there is one existing Private Cloud named lab-private-cloud. This is the Private Cloud that was pre-created for you to inspect in this read-only environment.

5. Click lab-private-cloud.

Here you can see more detailed information for your selected Private Cloud, such as:

• Nodes: In Google Cloud VMware Engine, nodes are the building blocks of your private cloud. Each node is a dedicated bare-metal server hosted in Google Cloud, providing compute, storage, and networking resources for your virtual machines (VMs).
• CPU: Represents the virtualized processing power allocated to a Google Cloud VMware Engine node. Choose from various CPU families and core counts to match your workload requirements.
• Storage: Encompasses the vSAN-based storage capacity provisioned for your Google Cloud VMware Engine environment. This includes both capacity and performance tiers for optimal data storage.
• Memory: Defines the amount of RAM allocated to each Google Cloud VMware Engine node. Sufficient memory is crucial for running virtual machines smoothly and efficiently within the VMware environment.
• Region and Zone: When deploying Google Cloud VMware Engine, you select a region (geographical location) and a zone (specific data center within the region) to host your private cloud. This choice impacts factors like latency, availability, and compliance considerations.

At the bottom of the page there are multiple tabs to choose from which contain more information about your private cloud.

6. Click Management Appliances (selected by default).

Here you can see the main management servers that make up the Private Cloud, which are

• vCenter server: The vCenter server is the central management system for your Private Cloud. It is used to manage the ESXi hosts, VMs, and the NSX-T networking.
• NSX Manager: the software-defined networking component of your Private Cloud. It provides the networking and security services for your Private Cloud.
• HCX Manager HCX is a VMware product that provides hybrid cloud services. It is used to migrate VMs from on-premises to the cloud, or between clouds.

7. Click the Clusters tab.

On the Clusters tab you can see the vSphere clusters that make up our Private Cloud. In this lab, you only have a single cluster, however, typically Google Cloud customers will have multiple clusters. On this tab you can also add additional clusters to your Private Cloud.

8. Click cluster (our active cluster).

Here you can see more details about the cluster and the ESXi Nodes that make up the cluster (ESXi Nodes are dedicated bare-metal servers hosted in Google Cloud that provide compute, storage, and networking resources for virtual machines).

9. Click the back arrow next to the name of your private cloud.

10. Click the Subnets tab from the left-hand menu.

This tab allows you to see how your Management IP Address range gets distributed. The first /26 is reserved for the System management subnet, which is where all of the management appliances live (for example, vCenter, NSX-T, etc.)

Five subnets to note are the subnets named; service-1 through to service-5. VMware Engine automatically creates these five subnets when you set up a private cloud. You can use these subnets for various purposes, such as setting up storage, backup, disaster recovery, media streaming, or any other services that need high-performance networking in your private cloud.

11. Click the External IP Addresses tab.

Here you can assign a public IP to a VM or an appliance running in VMware Engine. Using the public IP, the services running on the VM or appliance can be made available over the internet.

12. Click VMware Engine Networks from the left-hand menu.

Here you can see the VMware Engine Networks configured in your environment. VMware Engine networks provide network connectivity between one or more private clouds, Google Cloud VPC networks, and on-premises networks.

Private clouds attach to a VMware Engine network at the time of private cloud creation. You can create multiple VMware Engine networks to isolate private clouds and define unique VPC network peerings.

13. Click VPC Network peerings from the left-hand menu.

Here you can see any VPC network peerings we have configured within the environment. VPC network peerings define network connectivity between VMware Engine networks, Google VPC networks, and other services.

14. Click Network policies from the left-hand menu.

Network policies determine if your VMware workloads within your private cloud can communicate with the internet. By default, Google Cloud VMware Engine is secure, so internet access is disabled for your workloads. You can enable internet access by specifying allowed IP address ranges (CIDR). More details will be shared on this later in the course.

15. Click External Access Rules from the left-hand menu.

This allows you to control specific traffic flowing between the internet and your VMware Engine private cloud. These rules act like traffic filters, working alongside the network policies you set to control how data flows in and out of your private cloud. Creating these rules is similar to setting up firewall rules in Google Cloud.

16. Click the Google Cloud logo in the top left corner to return to the Google Cloud Console home page.

Now that you have inspected a Google Cloud VMware Engine Private Cloud and its components, you will connect to a Windows jumphost to access the management appliances of the Private Cloud.

Task 3. Connect to a Windows jumphost

To access vCenter, NSX manager, and HCX manager, you will use a jumphost. A jumphost is a VM that acts as an intermediary between your local environment and the target machines you want to connect to.

In this lab, the jumphost allows you to establish a secure connection to the VMware Engine Console, as the direct links in the console may only work for those with the correct internal network configuration for connectivity to Google Cloud and their Google Cloud VMware Engine environment.

1. In the Google Cloud console tab, from the project dropdown, click All and then select .

2. Open the Navigation menu () and click Compute Engine > VM instances.

3. Ensure you see a VM instance named windows-vm in the list of VM instances.

4. Click the connect dropdown and select Set Windows Password button.

5. Leave the Username set to the lab student name.

6. Click Set.

7. Copy the generated password and paste it into a text editor or notepad to save it.

8. Click Close.

9. Click RDP.

10. Click Download the RDP file if you will be using a 3rd-party client button.

11. Open the RDP file you downloaded in your RDP Client. Be sure to connect and use the administrator password you saved in a previous step.

Note: instructions to RDP client downloads are available at the top of the lab manual.

12. Once you are logged in to the Windows Server, exit out of the Server Manager to display the desktop.

You should now see a similar screen to the one below:

Now that you are connected to the Jump host you will use the Edge browser to access the VMware management appliances of your Private Cloud, vCenter (using the vSphere Client), HCX, and NSX-T.

Task 4. Explore the vSphere management appliance

In this task, you will explore the vCenter Server Appliance for the lab-private-cloud management cluster.

1. In the Google Cloud console tab, from the project dropdown, click All and then select qwiklabs-gcve-quiz-lab.

2. Open the Navigation menu () and click VMware Engine from the pinned services.

3. Click Go to the new VMware Engine.

4. From the Private clouds section right click and copy the vCenter server URL:

5. Switch back to the open RDP session to the Windows jumphost.

6. Click the Edge browser icon in the task bar at the bottom of the windows.

7. Click Start without your data to skip personalization.

8. Click Continue without this data

9. Click Confirm and start browsing

10. Paste in the vCenter server URL to connect to vCenter.

11. Click Launch vSphere Client (HTML5).

12. Log in to the vSphere client using the following credentials:

    • Username: student@gve.local
    • Password: VMwareLab1234!!

13. Ensure your screen looks like the screenshot below:

14. Explore the vCenter client to see the different sections and options available.

Task 5. Explore the NSX-T management appliance

1. Go back to the Google Cloud Console window.

2. From the Private clouds section right click and copy the NSX Manager URL:

3. Switch back to the open RDP session to the Windows jumphost.

4. Open a new Edge browser tab and paste in the NSX Manager URL to connect to the NSX-T console.

5. Log in to the NSX-T Manager console using the following credentials:

   • Username: student
   • Password: VMwareLab1234!

6. Ensure your screen looks like the screenshot below:

7. Explore the NSX-T Manager console to see the different sections and options available.

Task 6. Explore the HCX management appliance

1. Go back to the Google Cloud Console window.

2. From the Private clouds section right click and copy the HCX Manager URL:

3. Switch back to the open RDP session in the Windows jumphost.

4. Open a new Edge browser tab and paste in the HCX Manager URL to connect to the HCX console.

5. Log in to the HCX Manager console using the following credentials:

   • Username: CloudOwner@gve.local
   • Password: O*A9kCGzKdWLRZxT

6. Ensure your screen looks like the screenshot below:

6. Explore the HCX Manager console to see the different sections and options available.

Congratulations!

In this lab, you successfully navigated the key components of Google Cloud VMware Engine. You explored permissions, inspected private cloud configurations, established connections to jumphosts, and gained hands-on experience with vSphere, NSX-T, and HCX management appliances. This comprehensive exploration equips you with the foundational knowledge to effectively manage and operate VMware environments within the Google Cloud ecosystem. You're now well-prepared to leverage the power of Google Cloud VMware Engine for your organization's virtualization needs.