AWS Direct Connect for vRealize Automation

Swisscom's cloud offerings are covering hybrid cloud use cases as well. This article describes what is already possible OOB with vRealize Automation’s AWS integration and Swisscom’s External Cloud Connect features.

AWS-DirectConnect@Swisscom

The Big Picture

 

We are supporting a bidirectional high bandwidth connection to AWS through AWS direct connect. Our Enterprise Service Cloud leverages the public cloud integrations for AWS and Azure as well as the new vRO plugin for Google.

AWS Setup

Accept connection

Once a ECX virtual circuit (VC) is created, the connection is available for acceptance in the respective AWS account (direct connect).

The connection has to be accepted for further processing.


Create Direct Connect Gateway 

Direct Connect Gateway is used for connecting the VC (via private virtual interface, VIF) to the virtual private gateway (VGW). Direct Connect Gateway is region independent an can be used for connecting multiple VGWs (VPCs) to the direct connect connection.


Create Virtual Private Interface 

The private virtual interface will be created and attached to the direct connect gateway. The BGP parameters will be defined in this step as well: 

IPs will be defined by Swisscom and will therefore not be auto-generated 


Associate Private Virtual Gateway to Direct Connect Gateway 

The Direct Connect Gateway can be associate to Virtual Private Gateway (VGW). 


Select the resprective VGW (VPC) which should be associate to the Direct Connect Gateway. 
Direct Connect Gateway – VIF attachments and VGW assoications 

VIF


VGW (VPC) 


Routing Table 

Our VPC has two Subnets

The public subnet is configured in the routing table as follows:


We route the range 10.128.0.0/16 as local ranges (see our already allocated subnets) whereas the range 10.250.0.0/16 will contain the ranges we’ll have on our Enterprise Service Cloud for the customer workload. The ranges below are used from our cloud connect infrastructure.


This screenshot depicts a 6connect aggregate. 6connect is integrated via the vRA IPAM plugin extension. 
 
Please refer to the big picture at the start of this blog to see the overall architecture of our External Cloud Connect.



This diagram shows the overview of the uplink topology connected to our MPLS network backbone.


 This is our full redundant (dual side) uplink topology for enterprise customers. We are offering smaller installations with only 2 or 4 NSX edge nodes.

vRA Setup



We have created a set of composite blueprints for different AWS AMIs. The AMI IDs are different for the same image across AWS regions, so we would have to either parametrize the AMI ID or we’ll have a blueprint per region. For a smoke test of the AWS direct connect we have prepared an image with a preinstalled SimplCommerce application. It is possible to use vRealize Automation software components if the AWS VMs are able to reach vRA and the IaaS manager service (please see AWS and Azure). 


Our MS SQL server blueprint can now be deployed on the aws-direct-connect enabled network. Our vRealize Automation customization offers either a static IP or a DHCP delivered IP with a static reservation. The IP will be taken out from the 6connect IPAM and we can register DNS records both on our DNS (managed offers) and the customer provided DNS. 


For the “AWS SimplCommerce” on Ubuntu blueprint we chose “Subnet in a VPC”.


And we select the subnet and the attached security groups (allow ssh and http inbound).


Now we have a bidirectional connection between our ESC VM and the VMs on AWS! For using vRealize Automation software components please refer to AWS and Azure blog post.   

Credits 

Many thanks to Stefan Schneider, Swisscom, for sharing his profound knowledge of networking to public clouds with me. And to my PM, Stefan Ruckstuhl, for giving me the requirement for this very interesting task.