Skip to content

April 10, 2018

Link VMware Cloud on AWS vCenter to AD in AWS

For a customer I was doing a POC where we had to link the vCenter form the VMware on AWS offering from VMware with an AD that we created in a VPC in AWS. At the moment we where doing the POC there was no really good documentian besides Configuring Hybrid Linked Mode (HLM) for VMware Cloud on AWS.This helped me but was missing steps like setting up the VPN between a VPC and VMware Cloud on AWS Management Gateway.

Following steps need to be executed.

Requirements

VMware on AWS

VPC on AWS

AD in Amazon AWS

AD account

 

Step by step

Steps taken on Amazon AWS

Activate AD

(https://docs.aws.amazon.com/directoryservice/latest/admin-guide/ms_ad_getting_started.html)

Create accounts in AD

Before this can be done you need to create a EC2 instance with AD features activated to access the AD and create user accounts. Detailed step by step can be found here:

https://docs.aws.amazon.com/directoryservice/latest/admin-guide/ms_ad_create_users_groups.html

Create a VPN connection on AWS

This is done in 3 steps

Customer gateway

On your VPC configuruation page you can create a Customer gateway

 

During the creation of this customer gateway you have to specify the public IP address you can find in your VMWare on AWS console for the vCenter in the Management Gateway

Virtual Private Gateway

Here you create a entry that points to your VPC

VPN Connection

Here you link your Customer Gateway with your Virtual Private gateway.

 

During the configuration of your VPN connection in AWS you need to specify the subnet of your vCenter. This can be found on the VMware on AWS console

 

Now you can download the configuration file. I used the Microsoft Windows format as that was for me the most readable

 

In this document you find the 2 public IP addresses of you AWS VPC that can be used to create redundant VPN connection to your vCenter Management Gateway on your VMware on AWS console

Also the Passphrase needed to setup on the VMware on AWS side can be found in this configuration file

 

Steps taken on VMware on AWS console

Create IP SEC VPN connection on the Management Gateway on VMware on AWS Console. Use the public AWS ip address and Passphrase you find in the configuration file downloaded in previous step.

 

If requited a second VPN can be setup with the second AWS ip address found in the configuration file for redundancy.

 

Steps taken on the vCenter console

Login in the vCenter console

 

Go to Administration

 

Go to Linked Domains

 

Before you can can add an Identity Source you need to know the Distinguished Names (DN) for the groups and users. This can be found using the AD Users and Groups tool you can find on the machine used to manage AD users and groups

 

Now you know the DN, you can start linking the domain using an AD over LDAP connection

 

The ip address of the DNS can be found on your configuration page of AD on AWS

 

Now just a Administrator group of the AD needs to selected and you are up and running to grant permissions on the users or groups created in your AD.

 

 

 

 

 

 

 

 

Some screenshots are taken from Configuring Hybrid Linked Mode (HLM) for VMware Cloud on AWS.

Share and Enjoy:
  • LinkedIn
  • Facebook
  • del.icio.us
  • Yahoo! Buzz
  • Twitter
  • Google Bookmarks
Read more from AWS, VMware Cloud on AWS

Leave a comment

Note: HTML is allowed. Your email address will never be published.

Subscribe to comments

required
required