0% found this document useful (0 votes)

290 views

Tca Userguide

Uploaded by

abitalove

Available Formats

Download as PDF, TXT or read online on Scribd

0% found this document useful (0 votes)

290 views

Tca Userguide

Uploaded by

abitalove

Available Formats

Download as PDF, TXT or read online on Scribd

You are on page 1/ 505

VMware Telco Cloud

Automation User Guide

VMware Telco Cloud Automation 2.3
VMware Telco Cloud Automation Manager 2.3
VMware Telco Cloud Automation Control Plane 2.3
VMware Telco Cloud Automation User Guide

You can find the most up-to-date technical documentation on the VMware website at:

https://docs.vmware.com/

VMware, Inc.
3401 Hillview Ave.
Palo Alto, CA 94304
www.vmware.com

VMware, Inc. 2
Contents

1 Introduction 11
Common Abbreviations 12
API Documentation 15
Deployment Architecture 15
Supported Features on Different VIM Types 17

2 Getting Started 18
Viewing the Dashboard 18

3 Add an Active Directory 20

Add an Active Directory for New Deployment 21
Add an Active Directory for Existing Deployment 21

4 Managing Roles and Permissions 23

Enabling Users and User Groups to Access VMware Telco Cloud Automation 23
Object Level Access Permissions 24
Privileges and Roles 25
Creating Roles and Permissions 32
Create a Role 32
Create Permission 33
Tokens 34

5 Kubernetes Policies 36
Overview of Kubernetes Policies 37
CNF Global Permission Enforcement 39
Types of Kubernetes Policies 40
Lifecycle of an RBAC Policy 40
Create a Policy Manually 42
Edit a Policy 44
Clone a Policy 44
Download a Policy 45
Delete a Policy 45
Finalize a Policy 45
Grant a Policy 45
Edit a Policy Grant 47
Delete a Policy Grant 48
View VIM Policy Grants 49
View Policy Grants For The CNF Package 49

VMware, Inc. 3
VMware Telco Cloud Automation User Guide

Generate a Kubernetes Policy Automatically From CNF Package 49

Import Policies from CNF Package 51

6 Working with Tags 53

7 Configuring Your Virtual Infrastructure 55

Add a Cloud to VMware Telco Cloud Automation 55
Configure the Compute Profile 58
Edit a Virtual Infrastructure Account 59
Force Sync Inventory 60

8 Viewing Your Cloud Topology 61

9 Working with Infrastructure Automation 62

Introduction to Infrastructure Automation 62
Prerequisites 62
Software Versions Interoperable with Infrastructure Automation 65
Managing Specification File 66
Specification File for Cloud Native 66
Configuration and Bootstrapping 86
Automated SDDC Deployment 86
Ready for Network Function 87
Roles 87
Deployment Configurations 88
Configure Global Settings 88
Configure Appliances 91
Add Images or OVF 93
Add Certificate Authority 93
Add a Host Profile 94
Edit, Clone, and Export a Host Profile 96
Supermicro Firmware Upgrade 96
Dell Firmware Upgrade 99
Obtain the Current Firmware Version 100
Managing Domains 101
Add Management Domain 103
Edit a Management Domain 108
Add Workload Domain 109
Edit a Workload Domain 115
Add Compute Cluster 116
Edit a Compute Cluster 120
Add a Cell Site Group 120

VMware, Inc. 4
VMware Telco Cloud Automation User Guide

10 Working with Kubernetes Clusters 136

Working with Management Clusters 139
Upgrade Management Kubernetes Cluster Version 139
Working with Kubernetes Cluster Templates 141
Deploy a Management Cluster 147
Edit a Management Cluster Control Plane 151
Edit a Management Cluster Node Pool 152
Working with V1 Workload Clusters 152
Upgrade Workload Kubernetes Cluster Version 152
Deploying a Workload Kubernetes Cluster 153
Create a v1 Workload Cluster Template 158
Managing Workload Clusters after Deployment 162
Machine Health Check 174
Place Nodes in Maintenance Mode 174
Managing Add-ons for v1 Workload Clusters 175
Working with v2 Workload Clusters 178
Anti-affinity Rules 179
Upgrade v2 Workload Kubernetes Cluster Version 180
Deploy a v2 Workload Cluster 181
Create a v2 Workload Cluster Template 187
Managing v2 Workload Clusters after Deployment 192
Add-ons Reference for v2 Workload Clusters 206
Backing Up and Restoring Kubernetes Clusters 241
Backing Up and Restoring Management Clusters 241
Backing Up and Restoring Workload Clusters 241
Remotely Accessing Clusters From VMware Telco Cloud Automation 257
Access Kubernetes Clusters Using kubeconfig 257
Access a Remote Kubernetes Cluster Using an External SSH Client 258
Access a Remote Kubernetes Cluster Using the Embedded SSH Client 259
Access Kubernetes Cluster when VMware Telco Cloud Automation is Down 259

VMware, Inc. 5
VMware Telco Cloud Automation User Guide

11 Kubernetes Cluster Upgrade Flow 261

Upgrade Validations 261
CaaS Upgrade Backward Compatibility 263

12 Running Cluster Diagnosis 267

13 Managing Network Function Catalogs 269

Onboarding a Network Function 269
Upload a Network Function Package 269
Designing a Network Function Descriptor 270
Edit Network Function Descriptor Drafts 291
Edit a CSAR File Manually 292
Delete a Network Function 292
Customizing Network Function Infrastructure Requirements 293
Node Customization 293
CNF with Customizations Example 311
Download a Network Function Package 323
Edit Network Function Catalog 323
Edit Network Function Catalog General Properties 323
Edit Network Function Topology 324
Edit Infrastructure Requirements 324
Edit Scaling Policies 325
Edit Network Function Rules 326
Edit Workflows 326
Edit the Network Function Catalog Source Files 327
Enhanced Platform Awareness 327
Add Cloud-init Script and Key to a VDU 328
Role-based Access Control to CNFs 329
Remotely Access CNFs Using kubeconfig 329
Access a Remote CNF Using an External SSH Client 329
Access a Remote CNF Using the Embedded SSH Client 330

14 Managing Network Function Lifecycle Operations 331

Instantiating a Network Function 331
Instantiate a Virtual Network Function 332
Instantiate a Cloud Native Network Function 335
External Network Referencing 337
Heal an Instantiated Network Function 338
Scale an Instantiated VNF 339
Scale an Instantiated CNF 340
Operate an Instantiated Network Function 340

VMware, Inc. 6
VMware Telco Cloud Automation User Guide

Run a Workflow on an Instantiated Network Function 341

Terminate a Network Function 341
Hiding Columns in Network Function Inventory 342
Retry, Rollback, and Reset State 342
Reconfigure a Container Network Function 343
Updating CNF Repository from Chartmuseum to OCI 344

15 Managing Network Service Catalogs 346

Onboarding a Network Service 346
Upload a Network Service Package 346
Design a Network Service Descriptor 347
Edit Network Service Descriptor Drafts 350
Delete a Network Service 350
Download a Network Service Package 351
Edit Network Service Catalog 351
Edit Network Service Catalog General Properties 351
Edit Network Service Topology 352
Edit Network Service Workflows 352
Edit the Network Service Catalog Source Files 353

16 Managing Network Service Lifecycle Operations 354

Instantiate a Network Service 354
Run a Workflow on a Network Service 356
Heal a Network Service 357
Terminate a Network Service 358

17 Upgrading Network Functions and Network Services 359

Upgrade a VNF Package 360
Upgrade a CNF Package 361
Upgrade a CNF 361
Upgrade Network Service Package 362

18 Retry or Rollback Cloud Network Function Upgrades 364

19 5G Network Slicing Concepts 365

Enable Network Slicing 367
Deactivate Network Slicing 368

20 Managing Network Slice Catalog 369

Onboarding a Network Slice Template 369
Edit a Network Slice Template 370

VMware, Inc. 7
VMware Telco Cloud Automation User Guide

Instantiating a Network Slice Template 381

21 Managing Network Slicing Lifecycle Operations 383

Network Slice Function Operations 383
Edit a Network Slice Service Order 384

22 Telco Cloud Automation Workflows 388

Aspects of a Workflow 390
Defining Steps in Workflows 396
Workflow Step Types 396
Workflow Step Input 404
Managing Workflow Execution 425
Run a Standalone Workflow 428
Run a Workflow Through a Network Function LCM Operation 429
Run an Embedded Network Function Workflow 429
View all Workflow Executions 430
View Workflow Step Execution Details 430
View Workflow Executions Running on a Network Function 430
View Workflow Executions Running on a Network Service 431
View Workflow Executions Running on vRO 431
Debug Workflow Executions 431
Update Original Workflow Based on Workflow Executin Changes 432
Delete a Workflow Execution 432
End a Workflow Execution 432
Extend Retention Time for Workflow 433
Role-based access control for workflows 433

23 Updating NETCONF Protocol Using VMware Telco Cloud Automation 435

24 Monitoring Performance and Managing Faults 438

Managing Alarms 438
Performance Management Reports 440
Scheduling Performance Management Reports 440
Monitor Instantiated Virtual Network Functions and Virtual Deployment Units 442
Monitor Instantiated CNF 443
Monitor Instantiated Network Services 445

25 Administrating VMware Telco Cloud Automation 446

Managing RBAC Tags 446
Create a Tag 446
Edit a Tag 447

VMware, Inc. 8
VMware Telco Cloud Automation User Guide

26 Upgrading VMware Telco Cloud Automation 456

Upgrade VMware Telco Cloud Automation Using the Upgrade Bundle 456

27 Upgrading Cloud-Native VMware Telco Cloud Automation 458

Upgrade Cloud-Native VMware Telco Cloud Automation with Internet Access 458
Upgrade Cloud-Native VMware Telco Cloud Automation in an Airgapped Environment 459
Upgrade Procedure for 2.1 and Later Versions 460
Upgrade Procedure for 2.0.0 and 2.0.1 461
Cloud-Native VMware Telco Cloud Automation Upgrade Troubleshooting 462

28 Python Software Development Kits 466

29 Global Settings APIs 467

API for CNF Debug Options 467
Global Settings for Cluster Automation 467
API for Cluster Automation Global Settings 468
API to Disble CSR Validation 468
Configure Cluster Automation Settings 468
Global Settings for Concurrency Limit 471

30 Registering Partner Systems 473

Add a Partner System to VMware Telco Cloud Automation 473
Edit a Registered Partner System 475
Associate a Partner System Network Function Catalog 475
Add a Harbor Repository 476
Add an Air Gap Repository 477
Add a Proxy Repository 478
Add Amazon ECR 478

VMware, Inc. 9
VMware Telco Cloud Automation User Guide

31 Appendix 480
Enable Virtual Hyper-Threading 480
A1: PTP Overview 483
A2: Host Profile for PTP and ACC100 486
Prerequisites for ACC100 and PTP 487
Obtaining the Custom File for ACC100 487
Host Profile for PTP in Passthrough mode and ACC100 488
Host Profile for PTP over VF and ACC100 491
Applying Host Profile to Cell Site Group 494
CSAR Configuration for PTP and ACC100 495
Symmetric Layout - Dual Socket Two NUMA System 497
Hyper-threading and NUMA 498
ACC 100 Support for ESXi 8.0 Upgrade 500
PTP Notifications 500
Install O-Cloud DaemonSet 501
Integrate Sidecar with DU Pod 502
Setup User/Group/Storage Policy in vCenter Server for vSphere CSI 503

VMware, Inc. 10
Introduction
1
The VMware Telco Cloud Automation User Guide provides information about how to use
VMware Telco Cloud Automation™. Steps to add your virtual and container infrastructure, and to
create and manage network functions and services, are covered in this guide.

Intended Audience
This information is intended for Telco service providers and users who want to use VMware
Telco Cloud Automation for designing and onboarding network functions and services. It is also
intended for users who want to transition to the cloud-native architecture with Container-as-a-
Service (CaaS) automation, and manage the Kubernetes clusters from a centralized system. To
deploy and activate the VMware Telco Cloud Automation Manager and TCA-CP services, see the
VMware Telco Cloud Automation Deployment Guide.

VMware Technical Publications Glossary

VMware Technical Publications provides a glossary of terms that can be unfamiliar to
you. For definitions of terms used in the VMware technical documentation, go to http://
www.vmware.com/support/pubs.

About VMware Telco Cloud Automation

VMware Telco Cloud Automation is a cloud orchestration solution that accelerates the time-to-
market of modern network functions and services. It provides a simplified life cycle management
automation solution, across any network and any cloud. Some of the features of VMware Telco
Cloud Automation are:

n A native integration for Virtualized Infrastructure Managers (VIMs) and cloud products such
as VMware vCloud NFV, vSphere-based clouds, VMware on mega-cloud providers, and
Kubernetes clouds. These integrations streamline your CSP orchestrations and optimize your
NFV Infrastructure (NFVI) resource use.

n A standard-driven generic VNF manager (G-VNFM) and NFV Orchestration (NFVO) modular
components to integrate any multi-vendor Management and Network Orchestration (MANO)
architecture.

VMware, Inc. 11
VMware Telco Cloud Automation User Guide

VMware Telco Cloud Automation consists of two components:

n VMware Telco Cloud Manager™ - Provides Telcos with NFV-MANO capabilities and enables
the automation of deployment and configuration of Network Functions and Network
Services.

n VMware Telco Cloud Automation Control Plane (TCA-CP) - Provides the infrastructure for
placing workloads across clouds using VMware Telco Cloud Automation.

VMware Telco Cloud Automation

VMware Telco Cloud Manager

TCA - CP TCA - CP TCA - CP TCA - CP TCA - CP TCA - CP

vSphere Endpoint Cloud Director Endpoint Tanzu Endpoint VIO Endpoint Kubernetes Endpoint Vmware Cloud Endpoint

vSphere Cloud Director Tanzu Openstack Kubernetes VMware Cloud

VMware Telco Cloud Infrastructure

vSphere vSAN NSX-T

Shared VMware vRealize Orchestrator Cluster

vRO

This chapter includes the following topics:

n Common Abbreviations

n API Documentation

n Deployment Architecture

n Supported Features on Different VIM Types

Common Abbreviations
Some of the frequently used abbreviations that are used in this guide are listed here with their
descriptions.

NFV
Network Functions Virtualization - The process of decoupling a network function from its
proprietary hardware appliance and running it as a software application in a virtual machine.

VMware, Inc. 12
VMware Telco Cloud Automation User Guide

VNF
A Virtual Network Function (VNF) is a collection of virtual machines interconnected with virtual
links. A VNF exposes its functionality through external connection points. It is managed by a
Virtual Network Function Manager (VNFM), and it can be composed into a higher-level Network
Service (NS) by a Network Function Virtualization Orchestrator (NFVO).

Network Service
A Network Service is a collection of network functions: Virtual (VNF), Cloud-Native (CNF), or
Physical (PNF); interconnected with virtual or physical links. It is managed by an NFVO. A
network function exposes its functionality through external connection points.

CNF
A Cloud-Native Network Function (CNF) is a containerized network function that uses cloud-
native principles. CNFs are designed to run inside containers. Containerization makes it possible
to run services and onboard applications on the same cluster, while directing network traffic to
correct pods.

NFVI
Network Functions Virtualization Infrastructure - Is the foundation of the overall NFV architecture.
It provides the physical compute, storage, and networking hardware that hosts the VNFs. Each
NFVI block can be thought of as an NFVI node and many nodes can be deployed and controlled
geographically.

MANO
Management and Orchestration - Manages the resources in the infrastructure, orchestration, and
life cycle operations of VNFs, CNFs, and Network Services.

VIM
Virtualized Infrastructure Manager - Is a functional block of the MANO and is responsible
for controlling, managing, and monitoring the NFVI compute, storage, and network hardware,
the software for the virtualization layer, and the virtualized resources. The VIM manages the
allocation and release of virtual resources, and the association of virtual to physical resources,
including the optimization of resources.

NFVO
NFV Orchestrator - Is a central component of an NFV-based solution. It brings together different
functions to make a single orchestration service that encompasses the whole framework and has
a well-organized resource use.

VMware, Inc. 13
VMware Telco Cloud Automation User Guide

VNFM
A VNF Manager (VNFM) is responsible for the lifecycle management of Virtual Network
Functions (VNF). It interacts with VIM, NFVO, and Network Function Catalog during lifecycle
management operations.

Note VNFM works with both VNFs and CNFs.

NFD
Network Function Descriptor - Is a deployment template that describes a network function
deployment and operational requirement. It is used to create a network function where life-cycle
management operations are performed.

Network Function Catalog

Is a functional building block within a network infrastructure. It has well-defined external
interfaces and a well-defined functional behavior.

Network Services Catalog

A Network Service Catalog stores the required artifacts to create Network Services and to
manage their life cycle operations. It has well-defined external interfaces and a well-defined
functional behavior.

SVNFM
Specific VNFM. SVNFMs are tightly coupled with the VNFs they manage.

GVNFM
Generic VNFM.

Kubernetes Pods
Kubernetes Pods are inspired by pods found in nature (pea pods or whale pods). The Pods are
groups of containers that share networking and storage resources from the same node. They are
created with an API server and placed by a controller. Each Pod is assigned an IP address, and all
the containers in the Pod share storage, IP address, and port space (network namespace).

CSI
Container Storage Interface. A specification designed to enable persistent storage volume
management on Container Orchestrators (COs) such as Kubernetes. The specification allows
storage systems to integrate with containerized workloads running on Kubernetes. Using CSI,
storage providers, such as VMware, can write and deploy plug-ins for storage systems in
Kubernetes without a need to modify any core Kubernetes code.

VMware, Inc. 14
VMware Telco Cloud Automation User Guide

CNI
Container Network Interface. The CNI connects Pods across nodes, acting as an interface
between a network namespace and a network plug-in or a network provider and a Kubernetes
network.

TCA-CP
VMware Telco Cloud Automation Control Plane. Previously known as VMware HCX for Telco
Cloud.

API Documentation
You can also operate VMware Telco Cloud Automation using APIs.

To view the VMware Telco Cloud Automation API Explorer, Click the Help (?) icon from
the top-right corner of the VMware Telco Cloud Automation user interface and select API
Documentation.

You can also access the APIs from https://developer.vmware.com/apis.

Deployment Architecture
The VMware Telco Cloud Automation implements the architecture that is outlined and defined at
a high-level through logical building blocks and core components.

VMware, Inc. 15
VMware Telco Cloud Automation User Guide

vCenter Server
(Authentication)
VMware Telco
Cloud Automation
Manager
SVNFM
Integration

VMware VMware VMware VMware

Telco Cloud Telco Cloud Telco Cloud Telco Cloud
Automation Automation Automation Automation
Control Plane Control Plane Control Plane Control Plane

VMware Cloud Kubernetes VMware Integrated

vCenter Server
Director Cluster OpenStack

vCenter Server NSX Manager vCenter Server vCenter Server

NSX Manager vCenter PSC NSX Manager NSX Manager

vRealize vRealize vRealize vRealize

Orchestrator Orchestrator Orchestrator Orchestrator

RabbitMQ RabbitMQ

VMware Cloud vSphere- Kubernetes- OpenStack-

Director-based Cloud based Cloud based Cloud based Cloud

n vCenter Server is used for authenticating and signing in to VMware Telco Cloud Automation.

n VMware Telco Cloud Automation supports registration of supported SOL 003 based
SVNFMs.

n VMware Telco Cloud Automation Control Plane (TCA-CP) is deployed on the VIM and paired
with VMware Telco Cloud Automation Manager.

n VMware Telco Cloud Automation Manager connects with TCA-CP to communicate with the
VIMs. The VIMs are cloud platforms such as vCloud Director, vSphere, Kubernetes Cluster, or
VMware Integrated OpenStack.

n vRealize Orchestrator is registered with TCA-CP and is used to run NFV workflows. You can
register for each VIM or for the entire network of VIMs. For information about registering
vRealize Orchestrator with TCA-CP, see VMware Telco Cloud Automation Deployment Guide.

n RabbitMQ is used to track VMware Cloud Director and VMware Integrated OpenStack
notifications and is required only for deployments on these clouds.

VMware, Inc. 16
VMware Telco Cloud Automation User Guide

Supported Features on Different VIM Types

The following table lists the feature sets that are supported on different VIM types.

Table 1-1. Supported Features on Different VIM Types

VMware Telco Cloud Automation

Infrastructure CaaS Generic VNF NFV

Product Versions Automation Automation Manager Orchestrator

vSphere 7.0,7.0 U1, 7.0 ✓ ✓ ✓

U3, 7.0 U3g, 8.0,
8.0b, 8.0u1

7.0 U2, 7.0 U3, ✓ ✓ ✓ ✓

7.0 U3d, 7.0 U3f,
7.0 U3h

VMware Cloud 10.3, 10.3.1, 10.3.2, ✓ ✓

Director 10.3.3, 10.4, 10.4.1

vRealize 8.8, 8.8.1, 8.8.2, ✓ ✓ ✓

Orchestrator 8.9, 8.9.1, 8.10,
8.10.1, 8.10.2, 8.11,
8.11.1

VMware NSX 3.0.2, 3.0.3, 3.1, ✓ ✓ ✓

3.1.2, 3.1.2.1, 3.1.3,
3.1.3.1, 3.2, 3.2.1,
3.2.2, 4.0.1.1,
4.1.0.2

VMware Tanzu 2.1.1 ✓ ✓ ✓ ✓

Kubernetes Grid

Kubernetes n 1.22.9 ✓ ✓ ✓
n 1.22.13
n 1.22.17
n 1.23.10
n 1.23.16
n 1.24.10

VMware 7.2, 7.2.1 ✓ ✓

Integrated
OpenStack

vRealize Log 8.10, 8.10.2 ✓

Insight

VMware Cloud 1.20, 1.22 ✓ ✓ ✓

on AWS

VMware, Inc. 17
Getting Started
2
Complete these high-level tasks to start using VMware Telco Cloud Automation.

1 Install and set up:

n VMware Telco Cloud Automation Control Plane (TCA-CP)

n VMware Telco Cloud Automation

For steps to install and set up these components, see the VMware Telco Cloud Automation
Deployment Guide.
2 Create roles and assign permissions. See Chapter 4 Managing Roles and Permissions.

3 Configure your VIMs. See Chapter 7 Configuring Your Virtual Infrastructure.

This chapter includes the following topics:

n Viewing the Dashboard

Viewing the Dashboard

The Dashboard is the first page that is displayed when you log in to VMware Telco Cloud
Automation.

The following tiles are displayed:

Clouds

Displays the number of clouds in your network and their status.

Alarms
Displays alarms that are in the Critical and Warning states.

Network Functions

Displays the number of instantiated and not instantiated network functions and catalogs. To
go to the Network Function Catalog page, click the Catalog icon.

Network Services

Displays the number of instantiated and not instantiated network services. To go to the
Network Service Catalog page, click the Catalog icon.

VMware, Inc. 18
VMware Telco Cloud Automation User Guide

Network Function Status

Displays a detailed inventory view of the network functions.

Total Resource Allocation Across Clouds

Displays the percentage of CPU, memory, and storage allocated across the clouds.

Resource Utilization

Displays the percentage of CPU, memory, and storage resources used across the clouds.

VMware, Inc. 19
Add an Active Directory
3
Adding active directory in VMware Telco Cloud Automation.

VMware Telco Cloud Automation now supports authentication through vCenter and Active
Directory. You can configure Active Directory for a new deployment or you can upgrade the
already deployed VMware Telco Cloud Automation to the latest version and configure the Active
Directory settings in the upgraded VMware Telco Cloud Automation.

You can log in to the VMware Telco Cloud Automation Appliance Manager and configure
the Active Directory settings to integrate VMware Telco Cloud Automation with your Active
Directory server.

Note Ensure that the logon user name is less than or equal to 20 characters. If the logon user
name is more than 20 characters, the login works but the group retrieval of the user fails, causing
the login to VMware Telco Cloud Automation to fail.

Prerequisites

Note
n When using the Active Directory server, ensure the reachability of Active Directory server to
VMware Telco Cloud Automation Manager.

n Active directory is available only for Telco Cloud Automation Manager and not for Telco
Cloud Automation Control Plane.

n You must use the format <username>@ad for user login.

n Only the users associated with adminGroupName can inherit the system administrator privileges
on VMware Telco Cloud Automation.

n Ensure that you have access to VMware Telco Cloud Automation Appliance Manager.

n Ensure that you have details of Active Directory server.

n Ensure that you have users and groups created in Active Directory server.

n To add a Active Directory for a new deployment of VMware Telco Cloud Automation, see
Add an Active Directory for New Deployment.

n To add a Active Directory for an existing deployment of VMware Telco Cloud Automation,
see Add an Active Directory for Existing Deployment.

VMware, Inc. 20
VMware Telco Cloud Automation User Guide

Add an Active Directory for New Deployment

Procedure to add the Active Directory in a newly deployed VMware Telco Cloud Automation
Manager.

Follow the procedure to add the Active Directory support in a newly deployed VMware Telco
Cloud Automation Manager.

Procedure

1 Login to the VMware Telco Cloud Automation Appliance Manager.

2 Enter the required details for Activation, Datacenter Location, and System Name.

3 Click Continue to save the changes and continue with the deployment.

4 To add the authentication details, select the Active Directory option on the Select
Authentication Provider page.

5 Add the following details on the Connect Your Active Directory for TCA page:

Note You can add the Active Directory configuration for both VMware Telco Cloud
Automation Manager and the VMware Telco Cloud Automation Appliance Manager.

n URL - URL of the Active Directory server.

n Base Distinguished Name for Users - The base distinguished name for the users of the
LDAP directory.

n Base Distinguished Name for Groups - The base distinguished name for the groups of
the LDAP directory.

n Admin User Distinguished Name - The base distinguished name for the administrator of
the LDAP directory.

n Password - Password of the administrator.

n Admin Group Name - Name of the administrator group of the LDAP directory.

6 Click Save to save the changes and continue with the deployment.

Add an Active Directory for Existing Deployment

Procedure to add the Active Directory in an existing VMware Telco Cloud Automation Manager
deployment.

Follow the procedure to add the Active Directory support in an existing VMware Telco Cloud
Automation Manager.

Procedure

1 Login to the VMware Telco Cloud Automation Appliance Manager.

2 To add the authentication configurations, click the Configurations tab.

VMware, Inc. 21
VMware Telco Cloud Automation User Guide

3 To add the Active Directory, click Active Directory.

4 Add the following details:

Note
n You can add the Active Directory configuration for both VMware Telco Cloud Automation
Manager and the VMware Telco Cloud Automation Appliance Manager.

n Switching the authentication provider from the existing vCenter to Active Directory adds
Active Directory and deletes vCenter and SSO configurations. It also removes the access
to VMware Telco Cloud Automation for the existing users configured in vCenter and
permissions set in VMware Telco Cloud Automation.

n URL - URL of the Active Directory server.

n Base Distinguished Name for Users - The base distinguished name for the users of the
LDAP directory.

n Base Distinguished Name for Groups - The base distinguished name for the groups of
the LDAP directory.

n Admin User Distinguished Name - The base distinguished name for the administrator of
the LDAP directory.

n Password - Password of the administrator.

n Admin Group Name - Name of the administrator group of the LDAP directory.

5 Click Save to save the changes.

What to do next

Modify the user group for each permission and set to the active directory. For example,
for a system admin user, you can change the user group from vsphere/sysadmin to
cn=admingroup,ou=groups,dc=server,dc=net. For details, see Create Permission.

VMware, Inc. 22
Managing Roles and Permissions
4
A role is a predefined set of privileges. Privileges define the rights to perform actions and read
properties. For example, the Virtual Infrastructure Administrator role allows a user to read, add,
edit, and delete VIMs. This role also allows the user to perform all the life-cycle management
operations on a Kubernetes cluster template and a Kubernetes cluster instance.

As a vCenter Server user, when you configure vCenter Server in the VMware Telco Cloud
Automation appliance, you are assigned the System Administrator role to access VMware Telco
Cloud Automation. Use this role to create roles and permissions for your users.

A System Administrator or a Role Administrator of VMware Telco Cloud Automation manages

the roles and permissions of users.

This chapter includes the following topics:

n Enabling Users and User Groups to Access VMware Telco Cloud Automation

n Object Level Access Permissions

n Privileges and Roles

n Creating Roles and Permissions

n Tokens

Enabling Users and User Groups to Access VMware Telco

Cloud Automation
VMware Telco Cloud Automation uses the vCenter Server authentication and authorization. Users
and user groups defined in vCenter Server or its identity provider (IDP) can sign in to VMware
Telco Cloud Automation.

To enable a specific vCenter Server user or a user group to access and use VMware Telco Cloud
Automation, you must perform the following steps:

1 Log in to VMware Telco Cloud Automation with System Administrator credentials.

VMware, Inc. 23
VMware Telco Cloud Automation User Guide

2 From the left navigation pane, click Authorization > Permissions.

3 Assign the appropriate Roles to the user or user group. A Role determines the privileges that
the user or user group receives for accessing VMware Telco Cloud Automation.

4 To restrict access for your user or user group to specific objects, you can define the
restrictions in the Advance Filter criteria.

5 Save the permissions.

Users or user groups with the assigned Role can access and use VMware Telco Automation, and
perform tasks according to the specified permissions.

Object Level Access Permissions

You can assign permissions at the object level and associate them to a specific Role.

As a System Administrator, you can restrict a user to access only specific objects. For example,
you can assign permissions to VNF Administrators to access only specific VNFs. The Advance
Filter option allows you to provide object-level permissions to roles.

What are Accessible Objects

Accessible objects are the objects of VMware Telco Cloud Automation that you can access.
Virtual Infrastructure Managers (VIM), Network Function catalogs, Network Function instances,
Network Service catalogs, Network Service instances, Kubernetes cluster templates, and
Kubernetes cluster instances are all accessible objects.

What is the Parent-Child Relationship of an Object

When you define a permission for an object, that permission is implicitly assigned to all instances
created within that object. For example, when you define permissions for a user to access a
certain catalog, the user implicitly has the permissions to access all instances created in that
catalog.

The two major object groups that have an implicit parent-child relationship are:

n Network Function catalogs and Network Function instances.

n Network Service catalogs and Network Service instances.

About Advance Filters

n If a user or a user group has multiple permissions, the list of objects that they can access is a
union of all the objects that can be viewed through each permission.

n Filters that are applied to objects at the parent level are also applied to child objects. For
example, you create permissions for your VNF Administrator with filters to view the VNF
Catalogs of a vendor. When the VNF Administrator logs in, they can view the VNF Catalogs
and the VNFs that belong to the vendor. Here, the parent object is the VNF Catalog and the
child object is the VNF.

VMware, Inc. 24
VMware Telco Cloud Automation User Guide

You can enable Advance Filter and assign object-level permissions when you create or edit
permissions. For steps to create permissions, see Create Permission.

Privileges and Roles

To perform specific operations, you require privileges associated with the specific role. VMware
Telco Cloud Automation includes a set of system-defined roles and associated privileges. You
cannot edit or delete them.

System-defined Privileges
The following tables list the system-defined privileges:

VMware, Inc. 25
VMware Telco Cloud Automation User Guide

Table 4-1. System Wide Privileges

Privilege Included Privilege(s) Accessible Objects

System Admin - Administration n Role Admin All

privileges for all operations. n Role Audit
n System Audit
n Virtual Infrastructure Audit
n Partner System Read
n Network Service Instance Read
n Network Service Catalog Read
n Network Function Catalog Read
n Network Function Instance Read
n Virtual Infrastructure Admin
n Virtual Infrastructure Consume
n Network Function Catalog
Design
n Network Function Catalog
Instantiate
n Network Function Instance
Lifecycle Management
n Network Service Catalog Design
n Network Service Catalog
Instantiate
n Network Service Instance
Lifecycle Management
n Partner System Admin
n Infrastructure Lifecycle
Management
n Infrastructure Design
n Tag Admin
n Workflow Read
n Workflow Design
n Workflow Execute
n System Admin

System Audit - Read privileges for all n Virtual Infrastructure Audit All
operations. n Partner System Read
n Network Service Instance Read
n Network Service Catalog Read
n Network Function Catalog Read
n Network Function Instance Read
n Role Audit
n Workflow Read
n System Audit

Role Admin - Administration n Role Audit Roles and Permissions

privileges for all Roles operations. n Role Admin

VMware, Inc. 26
VMware Telco Cloud Automation User Guide

Table 4-1. System Wide Privileges (continued)

Privilege Included Privilege(s) Accessible Objects

Role Audit - Read privileges for all Role Audit Roles and Permissions
Roles operations.

Tag Admin - Administration privileges Tag Admin Tags

for tag operations.

Table 4-2. Virtual Infrastructure Privileges

Privilege Included Privileges Accessible Objects

Virtual Infrastructure Admin n Virtual Infrastructure Audit n Virtual Infrastructure

- Administration privileges for n Virtual Infrastructure Admin
Infrastructure.

Virtual Infrastructure Audit - Read Virtual Infrastructure Audit n Virtual Infrastructure

privileges for Infrastructure. n Kubernetes Cluster Instance
n Kubernetes Cluster Template

Virtual Infrastructure Consume - Virtual Infrastructure Consume n Virtual Infrastructure

Deploy privileges for VIM.

Infrastructure Design - Design n Workflow Read n Kubernetes Cluster Template

privileges for CaaS cluster templates. n Workflow Design n Workflow Catalogs
n Infrastructure Design

Infrastructure Lifecycle Management n Virtual Infrastructure Consume n Kubernetes Cluster Instance

- Lifecycle management privileges for n Infrastructure Design n Workflow Catalog
CaaS cluster instances. n Workflow Read n Workflow Instances
n Workflow Design
n Workflow Execute
n Infrastructure Lifecycle
Management

Table 4-3. Partner System Privileges

Privilege Included Privileges Accessible Objects

Partner System Read - Read Partner System Read n Virtual Infrastructure

privileges for Partner Systems.

Partner System Admin - n Partner System Read n Virtual Infrastructure

Administration privileges for Partner n Network Function Catalog Read n Workflow Catalog
Systems. n Virtual Infrastructure Consume
n Workflow Read
n Partner System Admin

VMware, Inc. 27
VMware Telco Cloud Automation User Guide

Table 4-4. Network Function Catalog Privileges

Privilege Included Privileges Accessible Objects

Network Function Catalog Design n Network Function Catalog Read n Network Function Catalog
- Design privileges for Network n Workflow Read n Workflow Catalog
Function Catalog. n Workflow Design
n Network Function Catalog
Design

Network Function Catalog Read - n Workflow Read n Network Function Catalog

Read privileges for Network Function n Network Function Catalog Read n Workflow Catalog
Catalog.

Network Function Catalog n Network Function Catalog Read n Network Function Catalog
Instantiate - Instantiation privileges n Virtual Infrastructure Consume n Workflow Catalog
for Network Function Catalog. n Network Function Instance Read
n Workflow Read
n Network Function Catalog
Instantiate

Table 4-5. Network Function Instance Privileges

Privilege Included Privileges Accessible Objects

Network Function Instance Read - Network Function Instance Read n Network Function Instance
Read privileges for Network Function n Network Function Catalog
Instance.

Network Function Instance Lifecycle n Network Function Instance Read n Network Function Instance
Management - Lifecycle management n Network Function Catalog n Workflow Catalog
privileges for Network Function Instantiate n Workflow Instance
Instance. n Network Function Catalog Read
n Virtual Infrastructure Consume
n Workflow Read
n Workflow Execute
n Network Function Instance
Lifecycle Management

VMware, Inc. 28
VMware Telco Cloud Automation User Guide

Table 4-6. Network Service Catalog Privileges

Privilege Included Privileges Accessible Objects

Network Service Catalog Design - n Network Service Catalog Read n Network Service Catalog
Design privileges for Network Service n Network Function Catalog Read n Workflow Catalog
Catalog. n Workflow Read
n Workflow Design
n Network Service Catalog Design

Network Service Catalog Read - n Network Function Catalog Read n Network Service Catalog
Read privileges for Network Service n Workflow Read n Workflow Catalog
Catalog. n Network Service Catalog Read

Network Service Catalog Instantiate n Network Service Catalog Read n Network Service Catalog
- Instantiation privileges for Network n Network Function Catalog Read n Workflow Catalog
Service Catalog. n Virtual Infrastructure Consume
n Network Function Instance Read
n Network Service Instance Read
n Workflow Read
n Network Service Catalog
Instantiate

Table 4-7. Network Service Instance Privileges

Privilege Included Privileges Accessible Objects

Network Service Instance Lifecycle n Network Service Catalog n Network Service Instance
Management - Lifecycle Management Instantiate n Workflow Catalog
privileges for Network Service n Network Service Catalog Read n Workflow Instance
Instance. n Network Function Catalog Read
n Virtual Infrastructure Consume
n Network Function Instance Read
n Network Function Catalog
Instantiate
n Workflow Read
n Workflow Execute
n Network Service Instance
Lifecycle Management

Network Service Instance Read - Network Service Instance Read n Network Service Instance
Read privileges for Network Service n Network Service Catalog
Instance.

VMware, Inc. 29
VMware Telco Cloud Automation User Guide

Table 4-8. Workflow Privileges

Privilege Included Privileges Accessible Objects

Workflow Read Workflow Read Workflow Catalog

Workflow Design n Workflow Read Workflow Catalog

n Workflow Design

Workflow Execute n Workflow Execute n Workflow Catalog

n Workflow Read n Workflow Instance

System-defined Roles
The following table lists the system-defined roles.

Role Privileges

System Administrator n Role Admin

The users assigned to this role can perform all the n System Audit
available actions in VMware Telco Cloud Automation. n Virtual Infrastructure Audit
n Virtual Infrastructure Admin
n Virtual Infrastructure Consume
n Infrastructure Design
n Infrastructure Lifecycle Management
n Network Function Catalog Design
n Network Function Catalog Read
n Network Function Catalog Instantiate
n Network Function Instance Read
n Network Function Instance Lifecycle Management
n Network Service Catalog Design
n Network Service Catalog Read
n Network Service Catalog Instantiate
n Network Service Instance Read
n Network Service Instance Lifecycle Management
n Partner System Read
n Partner System Admin
n Role Audit
n System Admin
n Tag Admin
n Workflow Read
n Workflow Design
n Workflow Execute

Network Function Designer n Network Function Catalog Read

The users assigned to this role can perform all the n Network Function Catalog Design
network function actions such as designing, uploading, n Workflow Read
and managing the Network Function Catalogs. n Workflow Design

VMware, Inc. 30
VMware Telco Cloud Automation User Guide

Role Privileges

Network Function Deployer n Network Function Instance Read

The users assigned to this role can perform all n Network Function Catalog Instantiate
the network function actions related to the life-cycle n Network Function Catalog Read
management operations such as Instantiate, Scale, Heal, n Virtual Infrastructure Consume
and other actions available on a Network Function
n
instance.
n Network Function Instance Lifecycle Management
n Workflow Read
n Workflow Execute

Virtual Infrastructure Administrator n Virtual Infrastructure Audit

The users assigned to this role can perform all the virtual n Virtual Infrastructure Admin
infrastructure-related actions in VMware Telco Cloud n Virtual Infrastructure Consume
Automation. n Infrastructure Design
n Infrastructure Lifecycle Management

Virtual Infrastructure Auditor Virtual Infrastructure Audit

The users assigned to this role can view all the virtual
infrastructure entities in VMware Telco Cloud Automation.

Network Service Designer n Network Service Catalog Design

The users assigned to this role can perform all the n Network Service Catalog Read
network service actions such as designing, uploading, and n Network Function Catalog Read
managing the Network Service Catalogs. n Workflow Read
n Workflow Design

Network Service Deployer n Network Service Instance Read

The users assigned to this role can perform all n Network Service Catalog Instantiate
the network service actions related to the life-cycle n Network Service Catalog Read
management operations such as Instantiate, Scale, Heal, n Network Function Instance Read
and other actions available on a Network Service
n Virtual Infrastructure Consume
instance.
n Network Function Catalog Read
n Network Function Catalog Instantiate
n Network Service Instance Lifecycle Management
n Network Function Instance Lifecycle Management
n Workflow Read
n Workflow Execute

System Auditor n System Audit

The users assigned to this role can view all the entities in n Virtual Infrastructure Audit
VMware Telco Cloud Automation. n Network Service Instance Read
n Network Service Catalog Read
n Network Function Catalog Read
n Network Function Instance Read
n Partner System Read
n Role Audit
n Workflow Read

VMware, Inc. 31
VMware Telco Cloud Automation User Guide

Role Privileges

Role Administrator n Role Admin

The users assigned to this role can perform all the object n Role Audit
access control related actions in VMware Telco Cloud n Tag Admin
Automation.

Partner System Administrator n Partner System Read

The users assigned to this role can perform all the n Partner System Admin
partner system-related actions in VMware Telco Cloud n Network Function Catalog Read
Automation. n Virtual Infrastructure Consume

Partner System Read Only Partner System Read

The users assigned to this role can view all the partner
system entities in VMware Telco Cloud Automation.

Role Auditor Role Audit

The users assigned to this role can view all the object
access control related roles and permissions in VMware
Telco Cloud Automation.

Vendor Admin n Virtual Infrastructure Consume

n Partner System Read
n Network Function Catalog Design
n Network Function Catalog Read
n Network Function Catalog Instantiate
n Network Function Instance Read
n Network Function Instance Lifecycle Management
n Network Service Catalog Design
n Network Service Catalog Read
n Network Service Catalog Instantiate
n Network Service Instance Read
n Network Service Instance Lifecycle Management
n Workflow Read
n Workflow Design
n Workflow Execute

Workflow Designer n Workflow Read

n Workflow Design

Workflow Executor n Workflow Read

n Workflow Execute

Creating Roles and Permissions

Apart from the predefined roles and privileges that are available in VMware Telco Cloud
Automation, you can create custom roles and assign specific privileges to them. You can also
assign specific access permissions to users and user groups.

Create a Role
Create a role and assign specific permissions.

VMware, Inc. 32
VMware Telco Cloud Automation User Guide

Prerequisites

You must be a System Administrator or a Role Administrator to perform this task.

Procedure

1 Log in to the VMware Telco Cloud Automation web interface.

2 From the top-right corner, click the drop-down menu next to the User icon. Go to
Authorization > Roles.

3 Click Create Role.

4 Enter the role name, an optional description, and select the privileges to be associated with
that role.

5 Click Save.

Results

Your role is created successfully and is displayed under the list of roles.

What to do next

n To edit your role, click Edit.

n To delete a role, click Delete. To delete a role, you must delete all its associated permissions.

You can now create permissions for your role.

Create Permission
Create permissions that are applicable only to specific users and user groups.

Prerequisites

You must be a System Administrator or a Role Administrator to perform this task.

Procedure

1 Log in to the VMware Telco Cloud Automation web interface.

2 From the top-right corner, click the drop-down menu next to the User icon. Go to
Authorization > Permissions.

The existing permissions are displayed.

3 Click Create Permission.

4 In the Create Permission page, enter the following information:

n Role - Select the role to associate the permission with.

n Name - Enter a unique name for the permission.

n Description - Enter an optional description about the permission.

VMware, Inc. 33
VMware Telco Cloud Automation User Guide

n User(s) / User Group(s) - Enter the user name or the group name to associate the
permission with. To validate the user and user group name and to associate the
permissions, click Validate.

Note
n When using Active Directory by group, you can provide the group in the following
format cn=admingroup,ou=groups,dc=server,dc=net.

n When using Active Directory by username, you can provide the user name in the
following format userName@ad.

n When using the vCenter, the format to enter the group name is domain\groupName.

n Configure Advanced Filters - Select this option if you want to add advanced filters such
as specific object type, attribute, metric, and their values. For example, you can associate
the permissions that you create for a Network Function Deployer to access a specific
Network Function Catalog, a Network Function Instance, Network Service Catalog,
Network Service Instance, or a Virtual Infrastructure. Click Add. You can also filter objects
in the catalog based on tags by adding specific tags and values to permissions.

5 Click Save.

Results

Your permission is created successfully and is displayed under the list of permissions.

Tokens
VMware Telco Cloud Automation generates a token each time a user remotely accesses a
Kubernetes cluster or a VMware Telco Cloud Automation Control Plane (TCA-CP).

These tokens are available under Authorization > Tokens.

There are different types of tokens:

n Virtual Infrastructure SSH Token: This token is generated when you use login credentials or
the embedded terminal session for accessing a Kubernetes cluster.

n Virtual Infrastructure REST: This token is generated when you use the Download Kube
Config option for accessing a Kubernetes cluster.

n Network Function SSH: This token is generated when you use login credentials or the
embedded terminal session for accessing a Network Function.

n Network Function REST: This token is generated when you use the Download Kube Config
option for accessing a Network Function.

n TCA-M: This token is generated when you use the Show Login Credentials or Open Terminal
options for accessing the TCA-CP.

VMware, Inc. 34
VMware Telco Cloud Automation User Guide

To view more information about a token, click the drop-down arrow against the token. A token
that is not utilized expires after eight hours. A system administrator can revoke a token at any
time.

VMware, Inc. 35
Kubernetes Policies
5
You can control the access to computational resources at various levels, such as:

n Cluster-level access control (binary): Defines whether the user can access the cluster or not.

n Namespace-level access control (binary): Defines whether a user can access the namespace
or not.

n Kubernetes-level access control: Defines what resources a user can access.

Telco Cloud Automation allows you to create different security domains within a single
Kubernetes cluster. These security domains are associated with users, network function
packages, or instances.

This chapter includes the following topics:

n Overview of Kubernetes Policies

n CNF Global Permission Enforcement

n Types of Kubernetes Policies

n Lifecycle of an RBAC Policy

n Create a Policy Manually

n Edit a Policy

n Clone a Policy

n Download a Policy

n Delete a Policy

n Finalize a Policy

n Grant a Policy

n Edit a Policy Grant

n Delete a Policy Grant

n View VIM Policy Grants

n View Policy Grants For The CNF Package

n Generate a Kubernetes Policy Automatically From CNF Package

VMware, Inc. 36
VMware Telco Cloud Automation User Guide

n Import Policies from CNF Package

Overview of Kubernetes Policies

Kubernetes policies allow you to have restricted access to the Kubernetes clusters in addition to
the following:

n Determine the privileges required for a CNF instantiation and LCM operation.

n Assign global Kubernetes privileges to CNF templates or CNF instances.

n Run HELM operations with a limited service account.

A service account provides non-interactive and non-human access to services within the
Kubernetes cluster. Application Pods, system components, and entities, whether internal or
external to the cluster, use specific service account credentials. TCA uses service accounts to
communicate with Kubernetes.

The service accounts are generated in TCA during the Kubernetes VIM registration process or
during the workload cluster creation.

The following diagram illustrates the usage of service accounts for accessing the Kubernetes API.

Figure 5-1. Diagram 1

create

Custom
initiate HELM POD Operator resource
instance
use

use use use

Service account Service account
TCA
(known to TCA) (managed by CNF)

TCA uses the service account provided during VIM registration for the following purposes:

n Interact with Kubernetes APIs

n Create resources such as PODs, operators, and custom resource instances

The PODs might use the service account to access the APIs.

Operators are software extensions to Kubernetes that use custom resources to manage
applications and their components. Operators follow Kubernetes principles, mainly the
control loop principle. Custom resource models the Kubernetes application, which has a
desired state and an actual state. The operator implements a custom controller to ensure
that the desired state is equal to the actual state.

VMware, Inc. 37
VMware Telco Cloud Automation User Guide

The controller resides in a pod and interacts with Kubernetes API in a control loop to move
the actual state to the desired state. The operator may perform (based on the designed CNF)
scheduled jobs on the application. For example, it creates consistent backups. Operators
are shipped in helm charts, including the custom resource definitions and the associated
controllers.

After the HELM resource construction phase is completed, TCA is not aware of what the
operator does on the Kubernetes cluster, similar to a POD with access to the Kubernetes API.

The purpose of the Kubernetes policy in TCA is to control the access level of each of these
entities to Kubernetes. Kubernetes prevents privilege escalation for their clients, which means
that a service account cannot create another service account with a higher level of privilege
than it already has. TCA builds on this principle by providing these entities with a restricted
service account instead of the unrestricted service account. Kubernetes policy controls the level
of restriction.

The level of restriction is defined through the permission model within TCA, which is illustrated in
the following diagram.

Figure 5-2. Diagram 2

K8S cluster

2. filter=(...) 3. filter=(
name=VMware_.*)
User Permission Controls LCM (installation /
scale) to selected namespaces
1. filter=(...)
1 in * 1
NS CNF Namespace Resource
* * *

The following CNF-level permissions control access to the resources:

n CNF LCM / READ: Controls lifecycle operation execution, deletion, and read access to a CNF
instance. See Figure 5-1. Diagram 1.

n VIM: Controls the VIM instance to which you can deploy network functions. See Figure 5-2.
Diagram 2.

n Namespace: Controls which namespaces you can use in the clusterIf the CNF is restricted
to contain Kubernetes resources that reside in a namespace, then the application of
namespace-based RBAC is sufficient. However, if the CNF needs to read (get, list, watch)
or manage resources (create, update, patch, and delete) outside its namespaces, then
Kubernetes policies need to be applied. See Figure 5-3. Diagram 3.

VMware, Inc. 38
VMware Telco Cloud Automation User Guide

Figure 5-3. Diagram 3

1 in * 1
NS CNF Namespace Resource
* * *
1
*
HELM

Cluster
Resource
*

CNF Global Permission Enforcement

The CNF global permission enforcement system allows you to assign and enforce global
permissions.

CNF permission enforcement aims at running the HELM commands in the context of a restricted
service account. This restricted service account requires minimum permissions to perform the
LCM operations. The limited-service account created based on namespace access only might not
be adequate as it does not provide access to cluster-level resources.

The following diagram illustrates the CNF permission enforcement system.

K8S CNF template

NF deployer CNF

LCM

Service Role
HELM Cluster Role
Account Binding

K8S resource Role RW to CNF

namespaces
auto created by TCA

An LCM operation comprises the following steps:

1 TCA communicates with the target VIM and preconfigures it if required.

2 TCA creates a service account with the necessary permissions (role bindings + roles and
cluster roles).

This step ensures that the CNF does not access any other resource than the one allowed by
the role binding.

3 TCA triggers HELM with the created service account.

VMware, Inc. 39
VMware Telco Cloud Automation User Guide

A virtual infrastructure administrator assigns the required privileges by extending the RBAC
permission model with policy and policy grants, which is illustrated in the following diagram.

providing access to *
Resource

apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
VIM Policy rules:
- verbs: [ "create” ]
1
apiGroups: [ "apiextensions.k8s.io/v1" ]
filter=(...) 1 resources: [ "CustomResourceDefinition" ]
CNF package Policy Grant resourceNames: : [ ”NokiaMME1" ]

Types of Kubernetes Policies

Kubernetes policies can be Role-based access control (RBAC) policy or Pod Security Admission
(PSA) policy.

RBAC Policy
RBAC policy allows you to regulate access to computer or network resources based on the roles
of individual users. See Lifecycle of an RBAC Policy.

PSA Policy
PSA policy allows you to regulate access to computer or network resources by enforcing POD
security standards. You can implement the POD security at the cluster level or at the namespace
level by using the namespace labels.

The three levels of Pod Security are privileged, baseline, and restricted. If multiple PSA policies
are applied to a CNF, then a policy that has a more permissive Pod Security Standard is applied
to the CNF.

Note Both PSA and RBAC policies are applied only to CNFs that are in restricted mode, either
instantiated on restricted VIM or set to Restricted manually

Lifecycle of an RBAC Policy

A Kubernetes policy defines a set of permissions that are required in addition to the Read-Write
access to the namespaces of the CNF. As a user with access to the CNF package, you can create
a policy. When you create a policy, you only define the requirement for specific permissions. The
virtual infrastructure administrator grants permission by creating a policy grant. A policy grant
links the policy and VIM with a CNF package. A policy grant may also link with a specific CNF
instance or a CNF LCM operation.

The following table lists the privileges and the corresponding accessible objects.

VMware, Inc. 40
VMware Telco Cloud Automation User Guide

Table 5-1. Kubernetes Policy Privileges

Privilege Policy Template Policy Grant

System Administrtor Read-Write Read-Write

Virtual Infrastructure Administrtor Read-Write Read-Write

Virtual Infrastructure Audit Read-Write Read-Only

Virtual Infrastructure Consume Read-Write Read-Only

When you create a policy, it moves to the draft state with an expiration date set for the policy
automatically. In the draft state, you can edit a policy, and every time you edit a policy, the
expiration date is extended.

Note
n The draft policy is automatically deleted if you do not finalize it before the expiration date.

n After granting a policy, it can no longer be edited or deleted.

The lifecycle of a policy is illustrated in the following diagram.

publish

depend on
Policy (draft) Policy (final) Policy Grant

edit

The policy and policy grant are used during LCM operations to prepare the context in which
HELM is executed. Before executing a HELM operation, TCA creates or updates a service account
and its corresponding roles, cluster roles, or role bindings to represent a context in which the
CNF should be running. Based on policies and policy grants, TCA creates a set of CNF-specific
roles or cluster roles and role bindings. These will make it possible for the service account
to access global resources. Roles are created based on HELM to namespace mapping in the
instantiated VNF to provide Read-Write access to the namespaces in which the CNF resides.
These service accounts reside on a TCA-specific namespace and are labeled with the policy
grant ID or the CNF instance ID. Proper labeling of the service accounts allows you to update or
delete them when you no longer require them.

VMware, Inc. 41
VMware Telco Cloud Automation User Guide

K8S CNF template

Policy Grant

NF deployer CNF

LCM

Namespace Service Role

mapping HELM chart Cluster Role Policy
Account Binding

K8S resource Role RW to CNF

namespaces
auto created by TCA

Create a Policy Manually

You can manually create Kubernetes policies and apply them to any cloud instance.

A policy defines a set of Roles and ClusterRoles that provide additional access to the Kubernetes
resources. Since the Kubernetes resource names vary for every instance, and the policy
templates are fixed, TCA allows a policy to be applied for multiple CNF instances.

Procedure

1 Log in to the VMware Telco Cloud Automation.

2 Click Authorization > Kubernetes Policies.

3 Click Create New.

4 In the Name field, enter name of the policy.

5 (Optional) In the Description field, enter description of the policy.

VMware, Inc. 42
VMware Telco Cloud Automation User Guide

6 From the Type drop-down, select KUBERNETES_RBAC

or KUBERNETES_PSA based on your requirement.

The following table illustrates the policy and sample policy definition.

Policy Type Sample Policy Defintion

KUBERNETES_RBAC apiVersion: rbac.authorization.k8s.io/v1

kind: ClusterRole
metadata:
purpose: istioCRDs
rules:
- apiGroups: ["apiextensions.k8s.io"]
resources: ["customresourcedefinitions"]
resourceNames: ["istiooperators.install.istio.io"]
verbs: ["get", "create", "update", "patch", "delete"]
- apiGroups: ["apiextensions.k8s.io"]
resources: ["customresourcedefinitions"]
verbs: ["create"]

---
apiVersion: rbac.authorization.k8s.io/v1
kind: Role
metadata:
namespace: SomeOtherAppNamespace
purpose: GrantAccessForOtherAppSevices
rules:
- apiGroups: [""]
resources: ["services"]
verbs: ["get", "list"]

KUBERNETES_PSA enforce: baseline

audit: restricted
warn: privileged

7 Click Next.

8 In the Add Policy Details page, browse and upload the YAML file that contains policy details
or enter the policy details similar to the sample provided in the preceding table.

9 Click Finish.

VMware, Inc. 43
VMware Telco Cloud Automation User Guide

Edit a Policy
You can edit a policy to make the changes as required.

Note You cannot edit a policy after granting it.

Procedure

1 Log in to the VMware Telco Cloud Automation.

2 Click Authorization > Kubernetes Policies.

3 Click the vertical ellipse of the policy that you want to edit and click Edit.

4 Make the required changes to the Name, Description, or Type fields and click Next.

5 Click Finish.

Clone a Policy
You can clone any policy and change the name, description, and type of the policy to suit the
new policy.

Procedure

1 Log in to the VMware Telco Cloud Automation.

2 Click Authorization > Kubernetes Policies.

3 Click the vertical ellipse of the policy that you want to clone and click Clone.

4 Make the required changes to the Name, Description, and Type fields and click Next.

5 Click Finish.

VMware, Inc. 44
VMware Telco Cloud Automation User Guide

Download a Policy
You can download a Kubernetes RBAC or PSA policy as a JSON file.

Procedure

1 Log in to the VMware Telco Cloud Automation.

2 Click Authorization > Kubernetes Policies.

3 Click the vertical ellipse of the policy that you want to download and click Download.

Delete a Policy
You can delete a policy when you no longer require it.

Note You cannot delete a policy after granting it.

Procedure

1 Log in to the VMware Telco Cloud Automation.

2 Click Authorization > Kubernetes Policies.

3 Click the vertical ellipse of the policy that you want to delete and click Delete.

4 Click Delete.

Finalize a Policy
Before finalizing a policy, ensure that no further changes are required, as you cannot make any
changes to the policy after finalizing it. You can grant a policy to a user only after finalizing it.

Procedure

1 Log in to the VMware Telco Cloud Automation.

2 Click Authorization > Kubernetes Policies.

3 Click the vertical ellipse of the policy that you want to finalize and click Finalize.

4 Click Finalize.

Grant a Policy
A policy grant is the grant of the requirement as defined in the policy for a selected VIM. A VIM
administrator grants the policy. Granting a policy establishes a connection between the policy,
the VIM on which the policy is granted, and filters of the objects to which the grant applies.

Note You can only grant a policy after finalizing it.

VMware, Inc. 45
VMware Telco Cloud Automation User Guide

Procedure

1 Log in to the VMware Telco Cloud Automation.

2 Click Authorization > Kubernetes Policies.

3 Click the vertical ellipse of the finalized policy that you want to grant and click Grant.

4 In Grant Details, enter a name and click Next.

5 Select the cloud to which you want to grant the policy and Click Next.

6 From the ObjectType drop-down, select Network Function Catalog, Network Function
Instance, or Lifecycle Operation.

Each object type has different attributes. The following table illustrates the attributes and
their description for each object type.

ObjectType Attribute Description

Network Function Catalog Name Name of the Network Function Catalog.

Provider Vendor of the Network Function Catalog.

ProductName Product Name of the Network Function Catalog.

Descriptor ID VNFD identifier of the Network Function Catalog.

Descriptor version VNFD version of the Network Function Catalog.

Software version Software version of the Network Function Catalog.

Tag Tag of the Network Function Catalog.

Network Function Instance Name Name of the Network Function Instance.

VMware, Inc. 46
VMware Telco Cloud Automation User Guide

ObjectType Attribute Description

Tag Tag of the Network Function Instance.

Lifecycle Operation Name Name of the Lifecycle Operation.

The following are the possible Lifecycle Operations:
n Upgrade
n Scale
n Instantiate
n Terminate

7 From the Attribute drop-down, select an attribute.

8 From the Operator drop-down, select an operator.

The following operators are available for each object type. You can select the required
operator.

n Equals to

n Not equals to

n Any of

n Matches.

Note Tag attribute does not support the Matches operator.

Note If there are no filters for Network Function Catalog, the filters within the policy
grant match every Network Function Instance created from the given template. This is also
applicable to Network Function Instances and Lifecycle Operations.

9 In the Values field, enter a value for the selected operator.

10 Click Finish.

Edit a Policy Grant

You can edit the filters of a policy grant as required.

Procedure

1 Log in to the VMware Telco Cloud Automation.

2 Click Infrastructure > Virtual Infrastructure.

VMware, Inc. 47
VMware Telco Cloud Automation User Guide

3 Click the vertical ellipse of the cloud instance in which you want to edit the policy grant and
click View Policy Grants.

4 In the Policy Grants tab, click the vertical ellipse of the policy grant you want to edit and click
Edit.

5 Click Next.

6 From the ObjectType drop-down, select Network Function Catalog, Network Function
Instance, or Lifecycle Operation.

7 From the Attribute drop-down, select an attribute.

8 From the Operator drop-down, select an operator.

9 In the Values field, enter a value for the filter.

10 Click Finish.

Delete a Policy Grant

You can delete a grant from a policy when you do not need it.

Procedure

1 Log in to the VMware Telco Cloud Automation.

2 Click Infrastructure > Virtual Infrastructure.

3 Click the vertical ellipse of the cloud instance in which you want to delete the grant and click
View Policy Grants.

4 In Policy Grants tab, click the vertical ellipse of the grant you want to delete and click Delete.

5 Click Delete.

VMware, Inc. 48
VMware Telco Cloud Automation User Guide

View VIM Policy Grants

You can view all the policy grants for a VIM.

Procedure

1 Log in to the VMware Telco Cloud Automation.

2 Click Infrastructure > Virtual Infrastructure.

3 Click the vertical ellipse of the cloud instance in which you want to view the VIM policy grants
and click View Policy Grants.

View Policy Grants For The CNF Package

You can view all the policy grants for a CNF package.

Procedure

1 Log in to the VMware Telco Cloud Automation.

2 Click Catalog > Network Function.

3 Click the CNF package for which you want to view the policy grants.

4 From Actions drop-down, click View Policy

Grants.

Generate a Kubernetes Policy Automatically From CNF

Package
You can generate a Kubernetes RBAC policy automatically from the CNF package.

A CNF template processor determines the global privileges or namespaces for a CNF.

VMware, Inc. 49
VMware Telco Cloud Automation User Guide

RBAC policies are generated based on the CNF package helm chart resources. If resources
created or accessed by CNF are outside the namespace, TCA creates a new RABC rule for that
resource.

Note
n Some of the resource names may be generated with the Helm release name or random
names from the Helm chart. Therefore, the CNF deployer or VIM Administrator should review
the automatically generated policies.

n Helm inspection may sometimes fail to detect the custom resource details if the resources are
deployed outside Helm. In such a scenario, a warning message is displayed in the description
of the generated policy template.

Procedure

1 Log in to the VMware Telco Cloud Automation.

2 Click Catalog > Network Function.

3 Click the CNF package for which you want to create a policy automatically.

4 From Actions drop-down, click Create Policy.

5 In the Inventory Details tab, click the browse icon in the Select Cloud field.

6 Click the radio button of the cloud instance that you want to select and click OK.

7 In the Helm Charts tab, do one of the following:

n Select Repository URL: Click this radio button to automatically display the repository URL.

n Specify Repository URL: Click this radio button to enter the repository URL, username,
and password in the respective fields.

VMware, Inc. 50
VMware Telco Cloud Automation User Guide

8 In the Inputs tab, provide input value for all the input parameters such as pf,
PHC2SYS_CONFIG_FILE, and PTP4L_CONFIG_FILE.

9 In the Review tab, review all the parameters and click Create Policy.

Import Policies from CNF Package

You can provide predefined policies with the CNF package in CSAR to your operators. A new
folder, secutityPolicies is added to the Artifacts folder, which contains the policy definitions in
the YAML format with the following fields:

n policyType: KUBERNETES_RBAC

n name

n description

n definition: The policy definition.

The following is an example for a policy definition in CSAR.

policyType: KUBERNETES_RBAC
name: Policy 1
description: My favourite policy
definition:
apiVersion: rbac.authorization.k8s.io/v1
kind: Role
metadata:
namespace: SomeOtherAppNamespace
purpose: GrantAccessForOtherAppSevices
rules:
- apiGroups: [""]
resources: ["services"]
verbs: ["get", "list"]

Procedure

1 Log in to the VMware Telco Cloud Automation.

2 Click Catalog > Network Function.

3 Click the CNF package from which you want to import the policies.

VMware, Inc. 51
VMware Telco Cloud Automation User Guide

4 From Actions drop-down, click Import Policy.

5 Select the policies, which are embedded into the Network Function package that you want to
import from the CNF package.

6 Click Import Policy.

Note You can edit the imported policies until they are granted.

VMware, Inc. 52
Working with Tags
6
Tags are labels that contain user-defined keys and values. You can attach tags to catalogs and
instances, and virtual infrastructure. Tagging makes it easier to search and sort resources, and to
assign specific rules to the resource.

Tags help in managing, grouping, and filtering resources in a catalog that has similar properties
or for restricting access to resources to a certain group of users. For example, you can apply
relevant tags when instantiating a network function catalog and filter the network function
instances using these tags. Or, you can assign an SSD tag to your network functions. This way,
you can gently enforce users to deploy these network functions only on VIMs having SSD as the
storage profile.

Users with the Tag Admin privilege can create, edit, or delete tags. The System Administrator
and Role Administrator roles have the Tag Admin privilege by default.

Note Existing tags from VMware Telco Cloud Automation version 1.8 and earlier are exported
and added to the list of tags in VMware Telco Cloud Automation 1.9 during upgrade.

Creating, Editing, and Deleting Tags

You can create a tag, assign key-value pairs and objects to it, edit, and delete the tag using
VMware Telco Cloud Automation. For more information, see Managing RBAC Tags.

Adding Tags to VIMs

You can add tags when adding a VIM, or you can edit an existing VIM to add tags to it. For more
information, see Chapter 7 Configuring Your Virtual Infrastructure.

Add Tags to Permissions

You can add pre-created tags to Permissions, and use these tags for filtering objects in the
catalog. For more information about adding tags to Permissions, see Create Permission.

VMware, Inc. 53
VMware Telco Cloud Automation User Guide

Adding Tags to Network Function Catalogs

You can add tags when onboarding a network function, or you can edit an existing network
function catalog to add tags to it. For more information, see Onboarding a Network Function.

VMware, Inc. 54
Configuring Your Virtual
Infrastructure 7
Before creating and instantiating network functions and services, you must add your virtual
infrastructure to VMware Telco Cloud Automation.

Note VMware Telco Cloud Automation supports vSphere, VMware Cloud Director, Kubernetes
Cluster, VMware Tanzu, VMware Integrated OpenStack, VMware Cloud on AWS, Google VMware
Engine (GVE), and Microsoft Azure VMware Solution (AVS).

You can add a virtual infrastructure from the Infrastructure > Virtual Infrastructure page. The
Virtual Infrastructure page provides a graphical representation of clouds that are distributed
geographically. Details about the cloud such as Cloud Name, Cloud URL, Cloud Type, Tenant
Name, Connection Status, and Tags are also displayed. To view more information such as TCA-
CP URL, Location, User Name, Network Function Inventory, and so on, click the > icon on a
desired cloud.

This chapter includes the following topics:

n Add a Cloud to VMware Telco Cloud Automation

n Configure the Compute Profile

n Edit a Virtual Infrastructure Account

n Force Sync Inventory

Add a Cloud to VMware Telco Cloud Automation

The first step to managing network functions and services is to add a cloud to VMware Telco
Cloud Automation.

Prerequisites

n To perform this task, you must have the Virtual Infrastructure Admin privileges.

Procedure

1 Log in to the VMware Telco Cloud Automation web interface.

2 Navigate to Infrastructure > Virtual Infrastructure and click + Add.

The Add New Virtual Infrastructure Account page is displayed.

VMware, Inc. 55
VMware Telco Cloud Automation User Guide

3 Select the type of cloud. Based on the cloud type you select, enter the following virtual
infrastructure details:

Note VMware Telco Cloud Automation auto-imports self-signed certificates. To import, click
Import from the pop-up window and continue.

a For VMware Cloud Director and VMware Integrated OpenStack (VMware VIO):

Cloud Name Enter a name for your virtual infrastructure.

Cloud URL Enter the TCA-CP cloud appliance URL. This URL is
used for making HTTP requests.

Tags Select the key and value pairs from the drop down
menus. To add more tags, click the + symbol.

Username Enter the user name of a cloud user having edit

permissions on the cloud.
n The format for a vCloud Director-based cloud is
username@organization-name.
n The role of vCloud Director is Organization
Administrator.
n The role of VMware Integrated OpenStack (VIO) is
Project Administrator.

Password Enter the infrastructure user password.

Tenant Name Enter the organization name for vCloud Director. Enter
the project name for VIO.

b For Kubernetes and VMware Tanzu:

Cloud Name Enter a name for your virtual infrastructure.

Cloud URL Enter the TCA-CP cloud appliance URL. This URL is
used for making HTTPS requests.

Tags Enter the labels to associate with your cloud.

Cluster Name Enter the cluster name that you provided when
registering the Kubernetes Cluster in TCA-CP Manager.

Kubernetes Config Enter the YAML kubeconfig file for your Kubernetes
Cluster.

Default Isolation Mode Select one of the following:

n Permissive: No restriction is applied during LCM
operations or proxy remote accesses.
n Restricted: Each Network Function has access to
its namespace, and no access is granted to any
other namespace or cluster-level resources.

Note By default, the K8s VIMs are in permissive

mode, and no cluster-level privilege separation is
enforced. To enable restricted policies, you must
set the isolation mode to Restricted.

VMware, Inc. 56
VMware Telco Cloud Automation User Guide

c For VMware vSphere, Microsoft Azure VMware Solution (AVS), and Google VMware
Engine (GVE):

Cloud Name Enter a name for your virtual infrastructure.

Cloud URL Enter the TCA-CP cloud appliance URL. This URL is
used for making HTTP requests.

Tags Enter the labels to associate with your cloud.

Username Enter the user name of a cloud user having edit

permissions on the cloud. The format for the vSphere
cloud is username@domain-name.

Password Enter the infrastructure user password.

d For Amazon EKS:

Cloud Name Enter a name for your virtual infrastructure.

VMware Telco Cloud Automation Control Plane URL Enter the TCA-CP cloud appliance URL. This URL is
used for making HTTP requests.

Tags Enter the labels to associate with your cloud.

EKS Cluster Name Enter the EKS Cluster name.

EC2 Region Enter the region of your Elastic Compute Cloud (EC2)
systems.

EKS Access Key Enter the EKS Access Key.

EKS Access Secret Enter the secret token, key, or password.

4 Optionally, you can add tags to your cloud. Tags are used for filtering and grouping clouds,
network functions, and network services.

5 Click Validate.

The configuration is validated.

6 Click Add.

Results

You have added the cloud to your virtual infrastructure. You can see an overview of your virtual
infrastructure on the Infrastructure > Virtual Infrastructure page together with a map showing
the physical location of each cloud.

What to do next

To configure additional clouds in your virtual infrastructure, click + Add. To modify your existing
infrastructure, click Edit or Delete.

For VMware Cloud Director, vSphere, and VIO, you must configure the deployment profiles for
your cloud.

VMware, Inc. 57
VMware Telco Cloud Automation User Guide

Configure the Compute Profile

If you have added a vCloud Director, vSphere, or VIO cloud, you must add a compute profile.
Compute Profiles allow you to specify the underlying resource where the virtual network
functions are deployed.

Prerequisites

You must have the Virtual Infrastructure Admin privileges to perform this task.

Procedure

1 Log in to the VMware Telco Cloud Automation web interface.

2 Navigate to Infrastructure > Virtual Infrastructure and select the options symbol against the
virtual infrastructure.

3 Click Manage Compute Profile.

4 Under Compute Profiles, click Add.

5 Enter the following information:

Compute Profiles allow you to specify the underlying resource where the network functions
are deployed.

n For vCloud Director clouds:

n Name - Name of the compute profile.

n Description - A brief description of the profile.

n OrgVdc - Select the Organization vDC from the pop-up window.

n Storage Profile - Select the storage profile from the pop-up window.

n Tag(s) - Enter the labels to associate your compute profile with.

n Location - Enter the cloud location to add the compute profile. To add the compute
profile to the current cloud, select Same as VIM.

n For VIO clouds:

n Name - Name of the compute profile.

n Description - A brief description of the profile.

n AvailabilityZone - Select the Availability Zone.

n Tag(s) - Enter the labels to associate your compute profile with.

n Location - Enter the cloud location to add the compute profile.

n For VMware vSphere clouds:

n Name - Name of the compute profile.

n Description - A brief description of the profile.

VMware, Inc. 58
VMware Telco Cloud Automation User Guide

n Compute - Select the resource pool or cluster.

n Datastore - Select the datastore for the resource pool or cluster.

n Edge Cluster - Select the Edge Cluster from vCenter NSX-T.

n Folder - Select the folder to deploy the virtual machines.

n Tag(s) - Enter the labels to associate your compute profile with.

n Location - Enter the cloud location to add the compute profile.

6 Click Add.

Results

The compute profile is added to your cloud. To view the compute profile, navigate to
Infrastructure > Virtual Infrastructure and click the > icon against the cloud name.

The Resource Status column in the Virtual Infrastructure page displays the resource use of those
clouds that are configured with vCloud Director, vSphere, or VIO VIMs.

What to do next

To edit a compute profile, navigate to Infrastructure > Virtual Infrastructure and click the cloud
name. In the cloud details page, go to the desired compute profile and click the Edit icon.

Edit a Virtual Infrastructure Account

You can edit an existing virtual infrastructure account to updates details such as Cloud Name,
Cloud URL, User Name, Password, and so on.

In this example, we edit the virtual infrastructure details of vCloud Director.

Prerequisites

You must have the Virtual Infrastructure Admin privileges to perform this task.

Procedure

1 Log in to the VMware Telco Cloud Automation web interface.

2 Navigate to Infrastructure > Virtual Infrastructure and select the desired virtual infrastructure
to edit.

3 Click the Edit icon.

The Edit Virtual Infrastructure Account page is displayed.

4 Under Virtual Infrastructure Details, edit the desired details.

5 To Validate the information, click Validate.

6 To update the virtual infrastructure account details, click Update.

VMware, Inc. 59
VMware Telco Cloud Automation User Guide

Force Sync Inventory

If the virtual infrastructure inventory information is not synchronized between VMware Telco
Cloud Automation Control Plane (TCA-CP) and VMware Telco Cloud Automation Manager, you
can initiate a partial sync or a full sync.

Prerequisites

You must have the Virtual Infrastructure Admin privileges to perform this task.

Procedure

1 Log in to the VMware Telco Cloud Automation web interface.

2 Navigate to Infrastructure > Virtual Infrastructure and select the options symbol against the
virtual infrastructure.

3 Click Force Sync Inventory.

4 On the Force Sync Inventory Data of TCA Control Nodes pop-up:

a To synchronize only the missing information, for example, alarms, CNF inventory, worker
node IPs, PM reports, and Harbor repository in partner systems. Select Partial Sync from
the drop-down menu.

b To synchronize the entire virtual infrastructure inventory information, for example, alarms,
CNF inventory, worker node IPs, PM reports, and Harbor repository in partner systems.
Click Full Sync.

5 Click OK.

VMware, Inc. 60
Viewing Your Cloud Topology
8
VMware Telco Cloud Automation provides a visual topology of your cloud sites across
geographies. It enables administrators to manage network functions and services.

To view your cloud sites and services, perform the following steps:

Procedure

1 Log in to the VMware Telco Cloud Automation web interface.

2 From the left navigation pane, click Clouds.

Results

The Clouds page displays the cloud sites that are registered to VMware Telco Cloud Automation.

What to do next

To view details of a cloud site such as Cloud Name, Cloud Type, User Name, and Status, point to
the cloud site.

VMware, Inc. 61
Working with Infrastructure
Automation 9
Infrastructure Automation can deploy the entire SDDC at Central, Regional or the Cell Site. It
automatically deploys the SDDC components such as vCenter, NSX, vSAN, vRO, vRLI, TCA-CP
on the target hosts. It simplifies the deployments and management of the telecommunication
infrastructure.

This chapter includes the following topics:

n Introduction to Infrastructure Automation

n Deployment Configurations

n Managing Domains

n Viewing Tasks

Introduction to Infrastructure Automation

Automatic deployment of the telecommunication infrastructure.

You can manage the telecommunication infrastructure through Infrastructure Automation. It also
deploys the application on various sites based on the site-specific requirements.

The Infrastructure Automation has four stages.

1 Prerequisites

Validations related to the prerequisites of each component before deployment.

2 Configuration and Bootstrapping

Configurations related to networking, appliances, ISO, and domains.

3 Automated SDDC Deployment

Automatic deployment of the SDDC.

4 Ready for Network Functions

All sites are ready. You can configure and initiate the network functions.

Prerequisites
Infrastructure Automation validates various prerequisites before beginning the actual
deployment.

VMware, Inc. 62
VMware Telco Cloud Automation User Guide

Different sites have different prerequisites that must be fulfilled before beginning the actual
deployment. Infrastructure Automation validates all these prerequisites to ensures easy and fast
deployment.

Note Ensure that you have different vSAN disk sizes for cache and capacity tiers, else the cloud
builder may not select the correct cache disk.

Host
n All the hosts in a domain are homogeneous.

n Each host has a minimum of one solid-state disk (SSD) and three solid-state disk/hard disk
drives for vSAN.

n Each host requires two physical NICs connected to the same physical switch.

Physical Switch
n Jumbo Frames enabled on the Physical Switch.

n DHCP enabled on the NSX host overlay network.

n Each ESXi server has a minimum of two physical NICs connected to the switch in trunk mode.
Access to all the VLANs (Management Network, vMotion Network, vSAN, NSX Host Overlay
Network, NSX Edge Overlay Network, Uplink 1 and Uplink 2) on the trunk port.

Domain
n Each domain has a minimum of four hosts.

n DNS name configured for all the appliances in all the domains.

n ESXi servers are installed for each domain through the PXE server or an ISO image.

n A common web server to access the software images at the central site.

n Central and regional sites have the internet connectivity.

Network
n VMware Telco Cloud Automation/ VMware Telco Cloud Automation Control Plane can require
an unrestricted communication to connect.tec.vmware.com and hybridity-depot.vmware.com
over port TCP 443 for license activation and updates.

n VMware Telco Cloud Automation uses different ports for different services. For details, see
VMware Telco Cloud Automation Ports.

VMware, Inc. 63
VMware Telco Cloud Automation User Guide

n Time synchronization through NTP for all VLANs.

n Unique VLANs are created for following networks on the physical switch:

Network MTU Description

Management Network 1500 Used to connect the management components of the software like
vCenter, ESXi, NSX Manager, VMware Telco Cloud Automation, and
VMware Telco Cloud Automation Control Plane.

vMotion Network 9000 Used for the live migration of virtual machines. It is an L2 routable
network and used only for the vMotion traffic within a data center.

vSAN 9000 Used for the vSAN traffic. It is an L2 routable network and is used only for
the vSAN traffic within a data center.

NSX Host Overlay Network 9000 Used for the NSX Edge overlay traffic. Requires a routable with Host
overlay VLAN in the same site. This network requires a DHCP server
to provide IPs to the NSX host overlay vmk interfaces. The DHCP pool
should equal the number of ESXi hosts on this network.

NSX Edge Overlay Network 9000 Used for the overlay traffic between the hosts and Edge Appliances.

Uplink 1 9000 Used for the uplink traffic. Uplink 1 is in the same subnet as the Top of
Rack (ToR) switch uplink address.

Uplink 2 9000 A redundant path for the uplink traffic. Uplink 2 is in the same subnet as
the Top of Rack switch uplink address.

n Configure the same NTP server on both the Cloud Builder and the ESXi host.

n Run the command ntpq -pn on both the Cloud Builder and the ESXi host and check if the
output of the NTP server shows *.

n Name resolution through DNS for all appliances in all the domains.

VMware, Inc. 64
VMware Telco Cloud Automation User Guide

n DNS records for all appliances with forward and reverse resolution.

Note You can create custom naming schemes for the appliances. You can also select
the naming schemes from Appliance Naming Scheme from the drop-down menu when
configuring the global parameters or override the naming schemes when configuring
domains. The options available for the appliance naming scheme are:
n {applianceName}-{domain-Name}

n {applianceName}

n Custom

For example: If the naming scheme is set to {appliancename}-{domainname}, the name for a
Virtual Center appliance is vc-cdc1.telco.example.com, where:
n vc is the appliance name.

n cdc1 is the domain name.

n telco.example.com is the DNS suffix.

License
The licenses for the following components are required:

n VMware vSphere (ESXi)

n VMware NSX-T Data Center

n VMware Telco Cloud Automation

n VMware Telco Cloud Automation Control Plane

n VMware vCenter Server

n VMware vSAN

n (Optional) VMware vRealize Log Insight

Note The actual license requirements may change based on the components installed.

Software Versions Interoperable with Infrastructure Automation

The following table lists the software versions interoperable with Infrastructure Automation.

Software Version

vCenter Server 7.0 U1a, 7.0 U1c, 7.0 U2, 7.0 U2d, 7.0 U3k, 8.0b, 8.0u1

ESXi 7.0 U1a, 7.0 U1c, 7.0 U2, 7.0 U2d, 7.0 U3k, 8.0b, 8.0u1

Note For the RAN sites, you have to manually upgrade VMware vCenter and ESXi. For details,
see vCenter Upgrade.

VMware, Inc. 65
VMware Telco Cloud Automation User Guide

Managing Specification File

Download the specification template, upload the modified specification template, and download
the current specification template.

You can use the specification template to provide infrastructure details for automated
deployment. You can also upload a new specification or download the current specification of
the deployed infrastructure.

Note For the changes required in cloud native deployment, see Specification File for Cloud
Native.

Procedure

1 To download a specification template, click Download Spec Template.

2 To download the current specification of the infrastructure, click Download Spec.

3 To upload a new specification for the infrastructure, click Upload Spec and select the new
specification file.

Specification File for Cloud Native

Changes in the specification file for cloud native deployment.

Cloud native deployment requires additional configuration in cloud specification file.

Prerequisites

Download the cloud native specification file from the Telco Cloud Automation.

VMware, Inc. 66
VMware Telco Cloud Automation User Guide

Procedure

u Open the Specification file and configure the following parameters for cloud native
deployment.

Parameter Description

pscUserGroup The username which creates the kubernetes clusters in the cloud native
VMware Telco Cloud Automation. You can specify this parameter under
settings section or the domains section. The pscUserGroup parameter under
settings section acts as global value and the pscuserGroup parameters
under domain overrides the value for that specific domain.

Note You must specify the pscUserGroup. You can specify the pscUserGroup
either in settings, or in domains or in both the settings and domains.

TCA_BOOTSTRAPPER The bootstrapper for the cloud native VMware Telco Cloud Automation.
Add the following details:
n type

n name

n ipIndex

n rootpassword

n adminpassword

TCA_MANAGEMENT_CLUSTER The cluster manager for the cloud native VMware Telco Cloud Automation.
Add the following details:
n type

n name

n ipIndex

n clusterPassword

TCA_CP The load balancer for VMware Telco Cloud Automation control plane (TCA-
CP).
Add the following details:
n type

n name

n ipIndex

VMware, Inc. 67
VMware Telco Cloud Automation User Guide

Parameter Description

TCA Load balancer for VMware Telco Cloud Automation manager in the cloud
native VMware Telco Cloud Automation.
Add the following details:
n type

n name

n ipIndex

airgapServer The parameter is required only for the airgapped environment.

Add the following details:
n fqdn

n caCert

Note
n Encode the CA certificate with BASE64 encoding.
n For adding the images (.OVA files) for cloud builder deployment, see
Add Images or OVF.

Note
n You can use the domain settings to override the values provided in the settings.

n You cannot override the appliance type TCA_BOOTSTRAPPER appliance in the management
domain of a central site.

n You cannot override the appliance type TCA in the workload domain of a central site.

See the reference code for cloud-specific changes.

{
"domains": [
{
"name": "cdc",
"type": "CENTRAL_SITE",
"subType": "MANAGEMENT",
"enabled": true,
"preDeployed": {
"preDeployed": false
},
"minimumHosts": 3,
"location": {
"city": "Bengal\u016bru",
"country": "India",
"address": "",
"longitude": 77.56,
"latitude": 12.97
},

"switches": [
{
"name": "cdc-dvs001",
"uplinks": [
{

VMware, Inc. 68
VMware Telco Cloud Automation User Guide

"pnic": "vmnic0"
},
{
"pnic": "vmnic1"
}
]
}
],
"services": [
{
"name": "networking",
"type": "nsx",
"enabled": true,
"nsxConfig": {
"shareTransportZonesWithParent": false
}
},
{
"name": "storage",
"type": "vsan",
"enabled": true,
"vsanConfig": {
"vsanDedup": false
}
}
],
"networks": [
{
"switch": "cdc-dvs001",
"type": "management",
"name": "management",
"segmentType": "vlan",
"vlan": 3406,
"mtu": 1500,
"mac_learning_enabled": false,
"gateway": "172.17.6.253",
"prefixLength": 24,
"_comments": [
"If K8S master/worker nodes will be installed on this network,
then it requires DHCP configured on the network"
]
},
{
"switch": "cdc-dvs001",
"type": "vMotion",
"name": "vMotion",
"segmentType": "vlan",
"vlan": 3408,
"mtu": 9000,
"mac_learning_enabled": false,
"gateway": "172.17.8.253",
"prefixLength": 24,
"ipPool": [
{
"start": "172.17.8.10",

VMware, Inc. 69
VMware Telco Cloud Automation User Guide

"end": "172.17.8.20"
}
]
},
{
"switch": "cdc-dvs001",
"type": "vSAN",
"name": "vSAN",
"segmentType": "vlan",
"vlan": 3409,
"mtu": 9000,
"mac_learning_enabled": false,
"gateway": "172.17.9.253",
"prefixLength": 24,
"ipPool": [
{
"start": "172.17.9.10",
"end": "172.17.9.20"
}
]
},
{
"switch": "cdc-dvs001",
"type": "nsxHostOverlay",
"name": "nsxHostOverlay",
"segmentType": "vlan",
"vlan": 3407,
"mtu": 9000,
"mac_learning_enabled": false,
"gateway": "172.17.7.253",
"prefixLength": 24,
"_comments": [
"This network requires DHCP configured on the network"
]
},
{
"switch": "cdc-dvs001",
"type": "nsxEdgeOverlay",
"name": "nsxEdgeOverlay",
"segmentType": "vlan",
"vlan": 3410,
"mtu": 9000,
"mac_learning_enabled": false,
"gateway": "172.17.10.253",
"prefixLength": 24,
"ipPool": [
{
"start": "172.17.10.10",
"end": "172.17.10.20"
}
]
},
{
"switch": "cdc-dvs001",
"type": "uplink",

VMware, Inc. 70
VMware Telco Cloud Automation User Guide

"name": "uplink1",
"segmentType": "vlan",
"vlan": 3411,
"mtu": 9000,
"mac_learning_enabled": false,
"gateway": "172.17.11.253",
"prefixLength": 24,
"ipAddresses": [
"172.17.11.100",
"172.17.11.101"
]
},
{
"switch": "cdc-dvs001",
"type": "uplink",
"name": "uplink2",
"segmentType": "vlan",
"vlan": 3410,
"mtu": 9000,
"mac_learning_enabled": false,
"gateway": "172.17.10.253",
"prefixLength": 24,
"ipAddresses": [
"172.17.10.100",
"172.17.10.101"
]
}
],
"applianceOverrides": [
{
"name": "tb1-cdc-cb",
"enabled": true,
"id": "app-cc834fe9-2f5f-4d7c-9538-4f6cf84a0c3b",
"nameOverride": "tb1-cdc-cb",
"type": "CLOUD_BUILDER",
"ipIndex": 32,
"adminPassword": "Base64 encoded password",
"rootPassword": "Base64 encoded password"
},
{
"name": "tb1-cdc-sddcmgr",
"enabled": true,
"id": "app-94dc5b6f-f034-4d01-be12-a9919bb851e9",
"nameOverride": "tb1-cdc-sddcmgr",
"type": "SDDC_MANAGER",
"ipIndex": 33,
"adminPassword": "Base64 encoded password",
"rootPassword": "Base64 encoded password"
},
{
"name": "tb1-cdc-vc",
"size": "small",
"enabled": true,
"id": "app-20ae3412-d7bb-46fb-a213-3eee4980c59b",
"nameOverride": "tb1-cdc-vc",

VMware, Inc. 71
VMware Telco Cloud Automation User Guide

"type": "VC",
"ipIndex": 31,
"adminPassword": "Base64 encoded password",
"rootPassword": "Base64 encoded password"
},
{
"name": "tb1-cdc-vro",
"enabled": true,
"id": "app-652abcba-954f-4ef2-b66d-ef3ac80ac923",
"nameOverride": "tb1-cdc-vro",
"type": "VRO",
"ipIndex": 40,
"rootPassword": "Base64 encoded password"
},
{
"name": "nsx-cdc",
"size": "large",
"enabled": true,
"id": "app-2d8b171b-8ed0-4093-9492-918e9cbb8881",
"nameOverride": "tb1-cdc-nsx",
"type": "NSX_MANAGER",
"ipIndex": 34,
"adminPassword": "Base64 encoded password",
"rootPassword": "Base64 encoded password",
"auditPassword": "Base64 encoded password"
},
{
"name": "nsx001",
"enabled": true,
"id": "app-69d10093-e451-40d4-8d11-091c87978037",
"nameOverride": "tb1-cdc-nsx01",
"parent": "tb1-cdc-nsx",
"type": "NSX_MANAGER_NODE",
"ipIndex": 35
},
{
"name": "nsx002",
"enabled": true,
"id": "app-ba4fdd21-7f99-4162-939e-7158f82bb4cd",
"nameOverride": "tb1-cdc-nsx02",
"parent": "tb1-cdc-nsx",
"type": "NSX_MANAGER_NODE",
"ipIndex": 36
},
{
"name": "nsx003",
"enabled": true,
"id": "app-f7fd0803-546a-43ae-8b8c-2112c128b12e",
"nameOverride": "tb1-cdc-nsx03",
"parent": "tb1-cdc-nsx",
"type": "NSX_MANAGER_NODE",
"ipIndex": 37
},
{
"name": "edgecluster001",

VMware, Inc. 72
VMware Telco Cloud Automation User Guide

"size": "large",
"enabled": true,
"id": "app-0bd34f11-7970-44eb-9ce0-e969e9a4ef80",
"nameOverride": "edge-cdc",
"tier0Mode": "ACTIVE_STANDBY",
"type": "NSX_EDGE_CLUSTER",
"adminPassword": "Base64 encoded password",
"rootPassword": "Base64 encoded password",
"auditPassword": "Base64 encoded password"
},
{
"name": "nsx-edge001",
"enabled": true,
"id": "app-4f44afa4-e83d-4129-9fef-1854d762fc67",
"nameOverride": "tb1-cdc-edge01",
"parent": "edge-cdc",
"type": "NSX_EDGE",
"ipIndex": 38
},
{
"name": "nsx-edge002",
"enabled": true,
"id": "app-c3311d3a-0931-4b77-9f3f-d4e976e0e88f",
"nameOverride": "tb1-cdc-edge02",
"parent": "edge-cdc",
"type": "NSX_EDGE",
"ipIndex": 39
},
{
"name": "tb1-cdc-mgmt-clus",
"enabled": true,
"id": "app-313a7384-55d5-42ba-aa1e-023b935a3770",
"nameOverride": "tb1-cdc-mgmt-clus",
"type": "TCA_MANAGEMENT_CLUSTER",
"ipIndex": 45,
"rootPassword": "Base64 encoded password"
},
{
"name": "tb1-cdc-bootstrapper-clus",
"enabled": true,
"id": "app-d7376ba4-fc02-4612-8fee-62f1df817b86",
"nameOverride": "tb1-cdc-bootstrapper-clus",
"type": "BOOTSTRAPPER_CLUSTER",
"ipIndex": 46,
"rootPassword": "Base64 encoded password"
},
{
"name": "tb1-tca",
"enabled": true,
"id": "app-b90c397a-c33b-4eb7-80dc-d7fc072b1e13",
"nameOverride": "tb1-tca",
"type": "TCA",
"ipIndex": 42,
"rootPassword": "Base64 encoded password"
},

VMware, Inc. 73
VMware Telco Cloud Automation User Guide

{
"name": "tb1-cdc-tcacp",
"enabled": true,
"id": "app-21d4a277-de90-4c19-a2ea-19d67aa48f36",
"nameOverride": "tb1-cdc-tcacp",
"type": "TCA_CP",
"ipIndex": 43,
"rootPassword": "Base64 encoded password"
},
{
"name": "tb1-cdc-vrli",
"enabled": true,
"id": "app-c2acb9ef-9e9c-4f79-b792-fbc5016132e7",
"nameOverride": "tb1-cdc-vrli",
"type": "VRLI",
"ipIndex": 41,
"adminPassword": "Base64 encoded password",
"rootPassword": "Base64 encoded password"
},
{
"name": "vsannfs",
"enabled": false,
"id": "app-85e35807-12c9-471e-bb5d-11c68c039af5",
"nameOverride": "tb1-cdcvsanfs",
"type": "VSAN_NFS",
"ipIndexPool": [
{
"start": 47,
"end": 49
}
],
"nodeCount": 3,
"shares": [
{
"name": "default-share",
"quotaInMb": 10240
}
],
"_comments": [
"FQDN for each appliance will be generated as {appliance.name}
{nodeIndex}-{domain.name}.{dnsSuffix}.",
"nodeCount should be same with host number provisioned in day1
operation.",
"Make sure ipIndexPool size larger than nodeCount",
"nodeCount should be same with host number provisioned in day1
operation."
],
"rootPassword": "Base64 encoded password"
}
],
"csiTags": {},
"csiCategories": {
"useExisting": false
}
},

VMware, Inc. 74
VMware Telco Cloud Automation User Guide

{
"name": "rdc",
"type": "REGIONAL_SITE",
"subType": "MANAGEMENT",
"enabled": false,
"preDeployed": {
"preDeployed": false
},
"minimumHosts": 3,
"location": {
"city": "Bengal\u016bru",
"country": "India",
"address": "",
"longitude": 77.56,
"latitude": 12.97
},
"licenses": {
"vc": [
"XXXXX-XXXXX-XXXXX-XXXXX-XXXXX"
],
"nsx": [
"XXXXX-XXXXX-XXXXX-XXXXX-XXXXX"
],
"esxi": [
"XXXXX-XXXXX-XXXXX-XXXXX-XXXXX"
],
"vsan": [
"XXXXX-XXXXX-XXXXX-XXXXX-XXXXX"
],
"tca_cp": [
"XXXXX-XXXXX-XXXXX-XXXXX-XXXXX"
],
"vrli": [
"XXXXX-XXXXX-XXXXX-XXXXX-XXXXX"
]
},
"switches": [
{
"name": "rdc-dvs001",
"uplinks": [
{
"pnic": "vmnic0"
},
{
"pnic": "vmnic1"
}
]
}
],
"services": [
{
"name": "networking",
"type": "nsx",
"enabled": true,
"nsxConfig": {

VMware, Inc. 75
VMware Telco Cloud Automation User Guide

"shareTransportZonesWithParent": false
}
},
{
"name": "storage",
"type": "vsan",
"enabled": true,
"vsanConfig": {
"vsanDedup": false
}
}
],
"networks": [
{
"switch": "rdc-dvs001",
"type": "management",
"name": "management",
"segmentType": "vlan",
"vlan": 3406,
"mtu": 1500,
"mac_learning_enabled": false,
"gateway": "172.17.6.253",
"prefixLength": 24,
"_comments": [
"If K8S master/worker nodes will be installed on this network,
then it requires DHCP configured on the network"
]
},
{
"switch": "rdc-dvs001",
"type": "vMotion",
"name": "vMotion",
"segmentType": "vlan",
"vlan": 3408,
"mtu": 9000,
"mac_learning_enabled": false,
"gateway": "172.17.8.253",
"prefixLength": 24,
"ipPool": [
{
"start": "172.17.8.21",
"end": "172.17.8.30"
}
]
},
{
"switch": "rdc-dvs001",
"type": "vSAN",
"name": "vSAN",
"segmentType": "vlan",
"vlan": 3409,
"mtu": 9000,
"mac_learning_enabled": false,
"gateway": "172.17.9.253",
"prefixLength": 24,

VMware, Inc. 76
VMware Telco Cloud Automation User Guide

"ipPool": [
{
"start": "172.17.9.21",
"end": "172.17.9.30"
}
]
},,
{
"switch": "rdc-dvs001",
"type": "nsxHostOverlay",
"name": "nsxHostOverlay",
"segmentType": "vlan",
"vlan": 3407,
"mtu": 9000,
"mac_learning_enabled": false,
"gateway": "172.17.7.253",
"prefixLength": 24,
"_comments": [
"This network requires DHCP configured on the network"
]
},
{
"switch": "rdc-dvs001",
"type": "nsxEdgeOverlay",
"name": "nsxEdgeOverlay",
"segmentType": "vlan",
"vlan": 3410,
"mtu": 9000,
"mac_learning_enabled": false,
"gateway": "172.17.10.253",
"prefixLength": 24,
"ipPool": [
{
"start": "172.17.10.21",
"end": "172.17.10.30"
}
]
},
{
"switch": "rdc-dvs001",
"type": "uplink",
"name": "uplink1",
"segmentType": "vlan",
"vlan": 3411,
"mtu": 9000,
"mac_learning_enabled": false,
"gateway": "172.17.11.253",
"prefixLength": 24,
"ipAddresses": [
"172.17.11.102",
"172.17.11.103"
]
},
{
"switch": "rdc-dvs001",

VMware, Inc. 77
VMware Telco Cloud Automation User Guide

"type": "uplink",
"name": "uplink2",
"segmentType": "vlan",
"vlan": 3410,
"mtu": 9000,
"mac_learning_enabled": false,
"gateway": "172.17.10.253",
"prefixLength": 24,
"ipAddresses": [
"172.17.10.102",
"172.17.10.103"
]
}
],
"applianceOverrides": [
{
"name": "tb1-cdc-cb",
"enabled": true,
"id": "app-17d69bcf-a3c4-4f74-b9c9-777f7857afd8",
"nameOverride": "tb1-rdc-cb",
"type": "CLOUD_BUILDER",
"ipIndex": 52,
"adminPassword": "Base64 encoded password",
"rootPassword": "Base64 encoded password"
},
{
"name": "tb1-cdc-sddcmgr",
"enabled": true,
"id": "app-7dbaab47-6995-4147-b652-4722c23cfa69",
"nameOverride": "tb1-rdc-sddcmgr",
"type": "SDDC_MANAGER",
"ipIndex": 53,
"adminPassword": "Base64 encoded password",
"rootPassword": "Base64 encoded password"
},
{
"name": "tb1-cdc-vc",
"size": "small",
"enabled": true,
"id": "app-b5ead9d7-0ac5-4a24-9b61-763527b3391f",
"nameOverride": "tb1-rdc-vc",
"type": "VC",
"ipIndex": 51,
"adminPassword": "Base64 encoded password",
"rootPassword": "Base64 encoded password"
},
{
"name": "tb1-cdc-vro",
"enabled": true,
"id": "app-890f0dd2-08c9-4b95-83d3-a4272ea93886",
"nameOverride": "tb1-rdc-vro",
"type": "VRO",
"ipIndex": 60,
"rootPassword": "Base64 encoded password"
},

VMware, Inc. 78
VMware Telco Cloud Automation User Guide

{
"name": "nsx-cdc",
"size": "large",
"enabled": true,
"id": "app-cfa7e716-6056-4843-924d-bdb950878e6a",
"nameOverride": "tb1-rdc-nsx",
"type": "NSX_MANAGER",
"ipIndex": 54,
"adminPassword": "Base64 encoded password",
"rootPassword": "Base64 encoded password",
"auditPassword": "Base64 encoded password"
},
{
"name": "nsx001",
"enabled": true,
"id": "app-1e02e9bd-a526-4343-a217-7e0b494b0c22",
"nameOverride": "tb1-rdc-nsx01",
"parent": "tb1-rdc-nsx",
"type": "NSX_MANAGER_NODE",
"ipIndex": 55
},
{
"name": "nsx002",
"enabled": true,
"id": "app-f4738cd2-7414-441c-9b0a-303962a784af",
"nameOverride": "tb1-rdc-nsx02",
"parent": "tb1-rdc-nsx",
"type": "NSX_MANAGER_NODE",
"ipIndex": 56
},
{
"name": "nsx003",
"enabled": true,
"id": "app-c7395a79-7390-4d8e-a47b-ceaa020fb138",
"nameOverride": "tb1-rdc-nsx03",
"parent": "tb1-rdc-nsx",
"type": "NSX_MANAGER_NODE",
"ipIndex": 57
},
{
"name": "edgecluster001",
"size": "large",
"enabled": true,
"id": "app-f9b7b4aa-ec57-406d-aad1-b0d237f3866f",
"tier0Mode": "ACTIVE_STANDBY",
"type": "NSX_EDGE_CLUSTER",
"adminPassword": "Base64 encoded password",
"rootPassword": "Base64 encoded password",
"auditPassword": "Base64 encoded password"
},
{
"name": "nsx-edge001",
"enabled": true,
"id": "app-ec56d220-a465-42ac-9a21-774b0c8fbc81",
"nameOverride": "tb1-cc-edge01",

VMware, Inc. 79
VMware Telco Cloud Automation User Guide

"parent": "edgecluster001",
"type": "NSX_EDGE",
"ipIndex": 70
},
{
"name": "nsx-edge002",
"enabled": true,
"id": "app-7536f85c-3d57-4854-b1a9-444408f77582",
"nameOverride": "tb1-cc-edge02",
"parent": "edgecluster001",
"type": "NSX_EDGE",
"ipIndex": 71
},
{
"name": "tb1-cdc-bootstrapper",
"enabled": true,
"id": "app-551ee02b-b947-400d-b655-9c0b9db21813",
"nameOverride": "tb1-cdc-bootstrapper",
"type": "TCA_BOOTSTRAPPER",
"ipIndex": 44,
"adminPassword": "Base64 encoded password",
"rootPassword": "Base64 encoded password"
},
{
"name": "tb1-cdc-mgmt-clus",
"enabled": true,
"id": "app-24357516-acb4-40f4-872e-bc0ee56c917f",
"nameOverride": "tb1-rdc-mgmt-clus",
"type": "TCA_MANAGEMENT_CLUSTER",
"ipIndex": 64,
"rootPassword": "Base64 encoded password"
},
{
"name": "tb1-cdc-bootstrapper-clus",
"enabled": true,
"id": "app-89649f4c-8787-4fe6-8afb-7ffc5f622aad",
"nameOverride": "tb1-rdc-bootstrapper",
"type": "BOOTSTRAPPER_CLUSTER",
"ipIndex": 63,
"rootPassword": "Base64 encoded password"
},
{
"name": "tb1-cdc-tcacp",
"enabled": true,
"id": "app-713f4f8f-5603-4c9f-9811-796b2523c6fc",
"nameOverride": "tb1-rdc-tcacp",
"type": "TCA_CP",
"ipIndex": 62,
"adminPassword": "Base64 encoded password",
"rootPassword": "Base64 encoded password"
},
{
"name": "tb1-cdc-vrli",
"enabled": true,
"id": "app-51ebc34e-3e46-4462-a836-c538ddd3847b",

VMware, Inc. 80
VMware Telco Cloud Automation User Guide

"nameOverride": "tb1-rdc-vrli",
"type": "VRLI",
"ipIndex": 61,
"adminPassword": "Base64 encoded password",
"rootPassword": "Base64 encoded password"
},
{
"name": "vsannfs",
"enabled": false,
"id": "app-cd581ed8-f481-4ac4-ace3-ce84fade5d93",
"type": "VSAN_NFS",
"ipIndexPool": [
{
"start": 47,
"end": 49
}
],
"nodeCount": 3,
"shares": [
{
"name": "default-share",
"quotaInMb": 10240
}
],
"_comments": [
"FQDN for each appliance will be generated as {appliance.name}
{nodeIndex}-{domain.name}.{dnsSuffix}.",
"nodeCount should be same with host number provisioned in day1
operation.",
"Make sure ipIndexPool size larger than nodeCount",
"nodeCount should be same with host number provisioned in day1
operation."
],
"rootPassword": "Base64 encoded password"
}
],
"csiTags": {},
"csiCategories": {
"useExisting": false
}
}
],
"settings": {
"ssoDomain": "vsphere.local",
"pscUserGroup": "Administrators",
"enableCsiZoning": false,
"validateCloudBuilderSpec": true,
"csiRegionTagNamingScheme": "region-{domainName}",
"clusterCsiZoneTagNamingScheme": "zone-{domainName}",
"hostCsiZoneTagNamingScheme": "zone-{hostname}",
"dnsSuffix": "telco.net",
"airgapServer": {
"fqdn": "airgap-server.telco.net",
"caCert":
"LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUZvVENDQTRtZ0F3SUJBZ0lKQU4rcEtkajNCdGFiTUEwR0NTcU

VMware, Inc. 81
VMware Telco Cloud Automation User Guide

dTSWIzRFFFQkRRVUFNR2N4Q3pBSkJnTlYKQkFZVEFsVlRNUkF3RGdZRFZRUUlEQWROZVZOMFlYUmxNUkV3RHdZRFZRU
UhEQWhOZVVOdmRXNTBlVEVPTUF3RwpBMVVFQ2d3RlRYbFBjbWN4RFRBTEJnTlZCQXNNQkUxNVFuVXhGREFTQmdOVkJB
TU1DMlY0WVcxd2JHVXVZMjl0Ck1CNFhEVEl5TURReU9ERXhNelF6TmxvWERUTXlNRFF5TlRFeE16UXpObG93WnpFTE1
Ba0dBMVVFQmhNQ1ZWTXgKRURBT0JnTlZCQWdNQjAxNVUzUmhkR1V4RVRBUEJnTlZCQWNNQ0UxNVEyOTFiblI1TVE0d0
RBWURWUVFLREFWTgplVTl5WnpFTk1Bc0dBMVVFQ3d3RVRYbENkVEVVTUJJR0ExVUVBd3dMWlhoaGJYQnNaUzVqYjIwd
2dnSWlNQTBHCkNTcUdTSWIzRFFFQkFRVUFBNElDRHdBd2dnSUtBb0lDQVFEWkV4M044VEs3NXk4RU5kVFd0WEl1cjFJ
R3Q0Z3oKaStEZmdCemR1NkJscnNSZ3RSc0UrcDR3Y0xzQ3B5NjJHNStsb0pLL0U5dlFoQWRQVkxvK1lBdlZXTEVkNjk
wdApQcW5iWHpDU3U0QjRHWVZ4Tytjd0ZlTTN5ZXBjYklDK2NGNVcrdndDaDZvaVZjS1RBVjNXeXIrVVd6TXYvem1VCj
dNNHdHbTY3VTJNOFJHR0JNY0FLOFBjblNwRzl5S01QcHA5eFVQZUx1UlhHalB6VFlXTGkySll4aERva3NLQysKVHYwT
25rTkQyUnM3UDZhU2VmSkJROTdvcVpxQllva0o4TjYzaTJpemcySDczM2F4S0Y4WVNUS2NibG5kQVVSNQpPVUMxMHZ3
OTNxaHdCekZVM1RrZzR1cUxvd3dxOHI0MC92VXE5Z2M3eFF2RlFNU3JvcldHVUphZjJHQkRzbUFRCmlXQnpIVmgvTk5
GdlkzQXBnLzhCRXpKRE9LUGxSTDlpQTZTUzFxaGlOVGlwZ3VEV0U3THVDeWJPd1l2QnN0SlIKd0ZIN0s1SDJWSkVjbF
RVdkZkZjJQZWJRU2tXLy9VeTFzQlVtRTcySXNQL2k3S0dhQ1dDUVZ4MHIzUXkwclVneQoxWFFtWlFsbUw5ZVpOc2Q5e
k9EYnk2eVlmL1Z4N1Z2b1FDQWtRZzJqYlVnTmJuTWZ4dWVuaFFHWjI0cW1XWXRqCnFoakJWcjBTU1lwUk5reGdwc2Vi
M3Y0bkRyNU1XczRzUldjWmlpOHZmdTZMUnNJclA1TERlMDRzaGtCeVJmZWYKQ2Z3MXFhc3FIalB6Z1g3N3pTTW9CSk5
LR2NUOFU4SEJKZ1Z2TWQ1bVFrbE1yVzYrNUJrMEpvK0FtM2xyb0tiNwppNWxVWnNPNzJiN29WUUlEQVFBQm8xQXdUak
FkQmdOVkhRNEVGZ1FVOEpBSnBpdUZtOGFDNDhTcnl0WkZNcENMCmZtVXdId1lEVlIwakJCZ3dGb0FVOEpBSnBpdUZtO
GFDNDhTcnl0WkZNcENMZm1Vd0RBWURWUjBUQkFVd0F3RUIKL3pBTkJna3Foa2lHOXcwQkFRMEZBQU9DQWdFQVRQaFFH
Rml4RzBNeGh0SEtkVzhQTHVwbGM4YlBtSmZuWnpVMApaUkRjRzVKNjhNT01CRW1Uc2lHY2h4djU0enF1RzB2ZHVhNHc
vRjhVYXd3bGk4Tkw3anlpYTRuU1oxbEczajAwClEzU1dCbk5kMmFVc1U2TGxrTkpHTFNsU2hYMDNEcGlHdXQxYzRrbl
djdGxzTkRoSm5ESUhzdzNDU1UrYjZKb1IKREJjbE9YVFBhT25GV2ZRMzhJc3Q5Nlk0dWxETXZLdEo2YkduOUtQdldIT
kNTeCswVFIzNkVYVWVzeTliOWR4RQpJYTFEbENlSFRja1AzOXMzTzkxeElXZE0xK1NDRXlHUklMOHZBK3BHTnk3RUJF
Rzlsd3ZvYWhKdFNlbHkyYU9ZCjZJbkVCaG0rL1pFNGtOc282VkVmblJKZnY2bVBRRlAwZTJJanI2aTI4NmNGOFQ5Wkh
pL2hyS3U0djdvSVpSNEoKbEFuTzBmQkNCcFZhL2NJa1R6WXhzSUZFTUVzTHFCSkJZaEZpWWdsVmthTVJiNnZWTW5yNE
l2bHI0VGRObytZTApDSXlmR3N2NWdyYzNZb1JiZ09vY3lYYkpvQmdBdy9pK3ZwMzllNU94ZWR1R3hwRGI0Z0hyNHkze
UdkVE4xWWVDCnJJR3FPdm5rYzZWcWNGbXpLakZndDNLSDQ4V3JoSWg2aU90ZFhQV3l1ektyWGdwSFI3WTRNdUN5K001
THFabXAKdGpzZVNYTEN0OCs2MVhLRGNFZEtLc3ltL2JPbEp1TDJVOW9VaUdFaVp6Q0wycFdxMWU0Z3doNTlwWWRJaUY
yQgpXRzhQaUx1eXZuOG9EZkEwdklIaUhVYlVDdkVkYXNSZTB2Z3JiMGwwSjBHVWlnM3J0MHZsNm4zMG1aa1gzVUs4Cj
BsS0NoSFE9Ci0tLS0tRU5EIENFUlRJRklDQVRFLS0tLS0K"
},
"ntpServers": [
"172.17.6.14"
],
"dnsServers": [
"172.17.6.13"
],
"applianceNamingScheme": "{applianceName}",
"proxy": {
"enabled": false
},
"appliancesSharedWithManagementDomain": [
{
"type": "VRLI",
"enabled": false
}
]
},
"appliances": [
{
"type": "CLOUD_BUILDER",
"id": "app-f988dfbb-8392-436f-a66c-22deaec7919c",
"name": "tb1-cdc-cb",
"ipIndex": 32,
"enabled": true,
"adminPassword": "Base64 encoded password",

VMware, Inc. 82
VMware Telco Cloud Automation User Guide

"rootPassword": "Base64 encoded password"

},
{
"type": "SDDC_MANAGER",
"id": "app-54f28df8-cd3d-4883-8df5-94b62c2733b0",
"name": "tb1-cdc-sddcmgr",
"ipIndex": 33,
"enabled": true,
"adminPassword": "Base64 encoded password",
"rootPassword": "Base64 encoded password"
},
{
"type": "VC",
"id": "app-3b1dbec6-ea4f-4a19-9296-351a6b659b88",
"name": "tb1-cdc-vc",
"ipIndex": 31,
"size": "small",
"enabled": true,
"adminPassword": "Base64 encoded password",
"rootPassword": "Base64 encoded password"
},
{
"type": "VRO",
"id": "app-411b4fbc-c039-4b3f-9a45-a64b3c266acf",
"name": "tb1-cdc-vro",
"ipIndex": 40,
"enabled": true,
"rootPassword": "Base64 encoded password"
},
{
"type": "NSX_MANAGER",
"id": "app-16e92560-b5da-445c-bc7b-9a4fcd543872",
"name": "nsx-cdc",
"ipIndex": 34,
"size": "large",
"enabled": true,
"adminPassword": "Base64 encoded password",
"rootPassword": "Base64 encoded password",
"auditPassword": "Base64 encoded password"
},
{
"type": "NSX_MANAGER_NODE",
"id": "app-ab012e4f-d6cc-449f-bcc7-cc1c2e154435",
"name": "nsx001",
"ipIndex": 35,
"parent": "nsx-cdc"
},
{
"type": "NSX_MANAGER_NODE",
"id": "app-59d6587d-6036-4df3-9487-c273581b5383",
"name": "nsx002",
"ipIndex": 36,
"parent": "nsx-cdc"
},
{

VMware, Inc. 83
VMware Telco Cloud Automation User Guide

"type": "NSX_MANAGER_NODE",
"id": "app-2a285da3-0a18-474d-851b-0a1b84d31646",
"name": "nsx003",
"ipIndex": 37,
"parent": "nsx-cdc"
},
{
"type": "NSX_EDGE_CLUSTER",
"id": "app-6d8710c3-8004-4c95-a760-220febe7a358",
"name": "edgecluster001",
"size": "large",
"tier0Mode": "ACTIVE_STANDBY",
"enabled": true,
"adminPassword": "Base64 encoded password",
"rootPassword": "Base64 encoded password",
"auditPassword": "Base64 encoded password"
},
{
"type": "TCA_BOOTSTRAPPER",
"id": "app-21890852-0f98-4fae-88bd-db316179e905",
"name": "tb1-cdc-bootstrapper",
"ipIndex": 44,
"enabled": true,
"adminPassword": "Base64 encoded password",
"rootPassword": "Base64 encoded password"
},
{
"type": "TCA_MANAGEMENT_CLUSTER",
"id": "app-12634788-3203-4d33-8a01-05f1a9166a89",
"name": "tb1-cdc-mgmt-clus",
"ipIndex": 45,
"clusterPassword": "Base64 encoded password",
"enabled": true,
"rootPassword": "Base64 encoded password"
},
{
"type": "BOOTSTRAPPER_CLUSTER",
"id": "app-0bcbc44e-ac2e-45ed-8f53-e8d5002e030d",
"name": "tb1-cdc-bootstrapper-clus",
"ipIndex": 46,
"clusterPassword": "Base64 encoded password",
"enabled": true,
"rootPassword": "Base64 encoded password"
},
{
"type": "TCA",
"id": "app-f2d56bde-b2de-48d4-b6ef-372c46a4f3a5",
"name": "tb1-tca",
"ipIndex": 42,
"enabled": true,
"rootPassword": "Base64 encoded password"
},
{
"type": "TCA_CP",
"id": "app-8c13c502-ce1c-463d-a6c3-541b36e76558",

VMware, Inc. 84
VMware Telco Cloud Automation User Guide

"name": "tb1-cdc-tcacp",
"ipIndex": 43,
"enabled": true,
"rootPassword": "Base64 encoded password"
},
{
"type": "NSX_EDGE",
"id": "app-14f9bc62-bbcc-4e19-aae5-fba346bada85",
"name": "nsx-edge001",
"ipIndex": 38,
"parent": "edgecluster001"
},
{
"type": "NSX_EDGE",
"id": "app-777e027a-cfcd-46ee-a389-4d747786545a",
"name": "nsx-edge002",
"ipIndex": 39,
"parent": "edgecluster001"
},
{
"type": "VRLI",
"id": "app-5d1559fa-0850-429f-b4e3-0e1707e2d3b6",
"name": "tb1-cdc-vrli",
"ipIndex": 41,
"enabled": true,
"adminPassword": "Base64 encoded password",
"rootPassword": "Base64 encoded password"
},
{
"type": "VSAN_NFS",
"id": "app-cc6659f3-1ef2-4d61-a388-14ba5afaa6c9",
"name": "vsannfs",
"ipIndexPool": [
{
"start": 47,
"end": 49
}
],
"nodeCount": 3,
"enabled": true,
"shares": [
{
"name": "default-share",
"quotaInMb": 10240
}
],
"_comments": [
"FQDN for each appliance will be generated as {appliance.name}{nodeIndex}-
{domain.name}.{dnsSuffix}.",
"nodeCount should be same with host number provisioned in day1 operation.",
"Make sure ipIndexPool size larger than nodeCount",
"nodeCount should be same with host number provisioned in day1 operation."
],
"rootPassword": "Base64 encoded password"
}

VMware, Inc. 85
VMware Telco Cloud Automation User Guide

],
"images": {
"cloudbuilder": "http://172.17.6.12/images/2.1_images/VMware-Cloud-
Builder-4.4.0.0-19312029_OVF10.ova",
"vro": "http://172.17.6.12/images/2.1_images/
O11N_VA-8.6.2.20205-19108182_OVF10.ova",
"tca": "http://172.17.6.12/images/2.1_images/VMware-Telco-Cloud-
Automation-2.1.0-19714586.ova",
"haproxy": [],
"kube": [
"http://172.17.6.12/images/2.1_images/photon-3-kube-v1.22.8-vmware.1-tkg.1-
d69148b2a4aa7ef6d5380cc365cac8cd-19632105.ova"
],
"vsphere_plugin": "http://172.17.6.12/images/2.1_images/vco-plugin.zip",
"vrli": "http://172.17.6.12/images/2.1_images/VMware-vRealize-Log-
Insight-8.6.2.0-19092412_OVF10.ova"
},
"deleteDomains": []
}

Configuration and Bootstrapping

The configuration and bootstrapping involve configuring the global settings, appliance, images,
and domain-specific settings.

The configuration and bootstrapping use two tabs.

n Configuration

On this tab, you can configure global settings, appliances, and images or virtualization files
(OVF).

n Domains

On this tab, you can configure network and licenses for various sites. For example, you can
configure a central site, a regional site, a compute cluster, or a cell site group. You can also
add hosts.

Automated SDDC Deployment

After the configuration and bootstrapping phase is complete, Infrastructure Automation deploys
the software defined data center (SDDC) .

Note The SDDC deployment starts only when the minimum number of hosts are registered for a
domain and the domain is enabled.

As a part of the SDDC deployment, the following software components are installed according to
the domain type.

VMware, Inc. 86
VMware Telco Cloud Automation User Guide

Site Deployment Type

Central A full SDDC with Telco Cloud Automation. It includes:

n VMware vCenter
n VMware NSX
n VMware vRealize Orchestrator
n VMware vRealize Log Insight
n VMware Telco Cloud Automation
n VMware Telco Cloud Automation Control Plane

Regional A full SDDC, includes:

n VMware vCenter
n VMware NSX
n VMware vRealize Orchestrator
n VMware Telco Cloud Automation Control Plane
The central site controls operations in the regional site.

Compute Cluster A vCenter cluster. A central site or a regional site manages the compute cluster

Cell Site Group A set of ESXi hosts, where RAN is deployed. A central or regional site manages the hosts in
the Cell Site Group.

Ready for Network Function

The final step of Infrastructure Automation.

Infrastructure Automation deploys all the required application for the sites and makes the site
ready for network functions. Design and deployment of network services and function can start.
You can now create and initiate the network functions.

Roles
You can perform different operations based on your role.

Based on the roles and associated permissions, a user can perform different roles in
Infrastructure Automation.

System Administrator
A system administrator can manage all the sites.

A system administrator performs the management of the existing sites that are configured and
deployed. A system administrator performs operations that include:

n Adding new licenses.

n Adding new sites.

n Modifying the existing configurations.

Note The system administrator can perform operations depending on the permissions available
to the system administrator.

VMware, Inc. 87
VMware Telco Cloud Automation User Guide

vSphere Admin User

A vSphere (VC) admin user can deploy and configure all the sites.

A VC admin user performs following activities:

n Configuring the sites.

n Adding the licenses.

n Adding the host.

Deployment Configurations
You can configure the global settings, appliance settings, and provide link to ISO images to
deploy.

Configure Global Settings

You can configure networking parameters.

You can configure Service settings and Proxy Config settings on the Global Settings page.

Note You can override the values for each domain when configuring the domains.

Procedure

1 Click the Configuration tab under the Infrastructure Automation.

2 Click Global Settings.

3 To modify the global parameters, click Edit.

VMware, Inc. 88
VMware Telco Cloud Automation User Guide

4 Provide the required details for Service parameters.

Field Description

DNS Suffix Address of the DNS suffix for each appliance. For example:
telco.example.com

DNS Server The IP address of the DNS server. You can add multiple DNS server IP,
separated by comma.
Based on the network type selected during the TCA deployment, you can
enter one of the following:
n IPv4 network type: Enter IPv4 addresses or FQDNs
n IPv6 network type: Enter only FQDNs
n Dual Stack network type: Enter IPv4 addresses or FQDNs for IPv4
interfaces and FQDNs only for IPv6 interfaces

NTP Server Name of the NTP server. For example: time.vmware.com. You can add
multiple NTP server address, separated by comma.
Based on the network type selected during the TCA deployment, you can
enter one of the following:
n IPv4 network type: Enter IPv4 addresses or FQDNs
n IPv6 network type: Enter only FQDNs
n Dual Stack network type: Enter IPv4 addresses or FQDNs for IPv4
interfaces and FQDNs only for IPv6 interfaces

5 To use the proxy server, enable the Proxy Config. Click the Enabled button.

6 Provide the required details for Proxy parameters.

Field Description

Protocol Proxy protocol. Select the value from the drop-down menu.

Proxy Server IP of the proxy server.

Proxy Port Port of the proxy server.

Proxy Username Optional. User name to access the proxy server.

Proxy Password Optional. Password corresponding to the user name to access the proxy
server.

Proxy Exclusion Optional. List of IP and URLs to exclude from proxy. You can use special
characters to provide regular expression URLs. For example, *.abx.xyz.com.

7 Provide the required details for CSI Tagging parameters.

Field Description

Enabled Whether the CSI tagging is enabled.

Region Tag Naming Scheme Tagging scheme for data center. Default value: region-{domainName}.

VMware, Inc. 89
VMware Telco Cloud Automation User Guide

Field Description

Cluster Zone Tag Naming Scheme Tagging scheme for compute cluster or hosts. Default value: zone-
{domainName}.

Host Zone Tag Naming Scheme The CSI tag for the hosts. Default value: zone-{hostname}.

Note Ensure that you use the following naming schemes:

n For Region tag, ensure that the naming scheme contains {domainName}. For example,
<text_identifier>-{domainName}.

n For Cluster Zone tag, ensure that the naming scheme contains the {domainName}. For
example, <text_identifier>-{domainName}.

n For Host Zone tag, ensure that the naming scheme contains the {hostname}. For
example, <text_identifier>-{hostname}.

8 Select the Activation Mode.

Standalone mode of activation is the recommended mode irrespective of air-gapped or non-

air-gapped environment. The SaaS mode of activation is deprecated and will be removed in
future releases.

9 Provide the address of the SaaS server . For example, connect.tec.vmware.com. It is used for
both the activation and the software updates.

Note
n The option is available when you set the Activation Mode to SaaS.

n When using the air-gapped server, set the Activation Mode to Standalone.

n You can provide the air-gapped server details for VMware Telco Cloud Automation
through cloud_spec.json file.

n When you provide the air-gapped server details through cloud_spec.json, remove the
SaaS section. Set the activation mode to Standalone.

n When you provide the air-gapped server details through cloud_spec.json, add the
certificate details only if you have a self-signed CA certificate.

10 Provide the vSphere SSO Domain value.

11 Provide the TCA SSO Credentials value.

Note The TCA SSO credentials are used by Infrastructure Automation for communicating
with the TCA Manager.

12 Provide the Appliance Naming Scheme. Select the value from the drop-down menu. This
naming scheme is used for all the appliances added to VMware Telco Cloud Automation.

13 To deploy the vRealize Log Insight in management domain and share it with workload
domain, enable the Share vRLI with management domain.

VMware, Inc. 90
VMware Telco Cloud Automation User Guide

Configure Appliances
Configure the IP index and password of various appliances available under the Appliance
Configuration.

You can configure the IP index and password for all the appliances available in Infrastructure
Automation.

Note IP index is the index of the IP address in the subnet which is configured in the Networks
under Domain section. The IP for each appliance is derived by adding the IP Index to the
subnet address, so that the administrator does not need to provide an IP for each appliance
in each domain. VMware Telco Cloud Automation recommends to follow a common IP addressing
scheme for all the domains. However, if required, you can override the IP Index for each domain.
Ensure that you provide the IP index based on the subnet value.

Note
n You can configure the Root Password, Admin Password, and Audit Password, and select
the Use above credentials for all the password fields to use the same password for all the
appliances.

n When creating the password for following appliances, ensure that you follow the password
guidelines

n For Cloudbuilder:

n Minimum password length for admin password is 8 characters and must include at
least one uppercase, one lowercase, one digit, and one special character.

n Minimum password length for root password is 8 characters and must include at least
one uppercase, one lowercase, one digit, and one special character.

n vCenter

n The admin password length is between 8 to 20 character and must contain at least
one uppercase, one lowercase, one digit, and one special character (@!#$%?^).

n The root password length is between 8 to 20 character and must contain at least one
uppercase, one lowercase, one digit, and one special character (@!#$%?^).

n NSXT password

n Minimum length for root, admin, and audit password is 12 characters and must
contain at least one lower case, one uppercase, one digit, one special character.
The password should contain at least 5 different characters. Password cannot contain
three consecutive characters. Dictionary word is not allowed. The password should
not contain more than four monotonic character sequence.

Field Description

Appliance Type The name of the appliance. It is a non-editable.

Appliance Name The name of the appliance.

VMware, Inc. 91
VMware Telco Cloud Automation User Guide

Field Description

IP Index The last octet of the IP address. The first three octets of the IP address are
computed from the IP address of the gateway IP.

Note The IP index depends on management subnet prefix length. Ensure that you
provide IP index values within the IP range dictated by that subnet prefix length.
For example, if you use subnet prefix length of 24, then the subnet has 254 IPs.
Hence, the IP index value cannot exceed 254. If you use prefix length of 27 or 28,
then the subnet has 30 or 14 IPs, respectively. The IP index values must then not
exceed 30 or 14, respectively. Ensure that you check the values before adding the
IP index.

Enabled Enable or disable the deployment of appliance across all domain.

Root Password Password of the root user of the appliance.

Note Minimum length of the password is 13 characters and it must include a special
character, a capital letter, a lower-case letter, and a number.

Admin Password Password of the administrator of the appliance.

Note Minimum length of the password is 13 characters and it must include a special
character, a capital letter, a lower-case letter, and a number.

Audit Password Password of the audit user. Applicable only for NSX Manager, and NSX Edge
cluster.

Note Minimum length of the password is 13 characters and it must include a special
character, a capital letter, a lower-case letter, and a number.

Cluster Password Password for creating the cluster. Applicable only for VMware Telco Cloud
Automation management cluster and bootstrapper cluster.

Note Minimum length of the password is 13 characters and it must include a special
character, a capital letter, a lower-case letter, and a number.

NSX Manager Configuration Applicable only for NSX Manager.

n Name: Name of the NSX Manager node.
n IP: The fourth octane of the IP address applicable to the node.

NSX Edge Cluster Configuration Applicable only for NSX Edge Cluster.
n Name: Name of the NSX Edge cluster.
n IP: The fourth octet of the IP address applicable to the node.
n Size: Size of the NSX Edge cluster. Select the option from the drop-down menu.
n Tier0Mode: Whether to deploy the NSX Edge cluster in Active-Standby or
Active-Active. Select the option from the drop-down menu.

Node Count Number of vSAN NFS nodes. Minimum three and a maximum of eight nodes are
required. Applicable only for vSAN NFS.

IP Pool List of static IP indexes for vSAN NFS nodes. Each vSAN NFS node requires one IP.
Applicable only for vSAN NFS.

Shares Size of the NFS share. Applicable only for vSAN NFS.

Procedure

1 Click the Configuration tab under the Infrastructure Automation.

VMware, Inc. 92
VMware Telco Cloud Automation User Guide

2 Click Appliance Configuration.

3 To modify the parameters, click Edit.

Add Images or OVF

Add the URL of the appliance images.

Provide the location where the Infrastructure Automation can locate the install images for all
appliances. The web server stores all the images of application. Provide the complete link of each
appliance image.

To configure the Appliance, follow the steps:

Procedure

1 Click the Configuration tab.

2 Click Images.

3 Click Edit.

4 Provide complete URL of each appliance image.

Note
n You can add multiple images for VMware Tanzu Kubernetes Grid and VMware Tanzu
Kubernetes Grid - HA Proxy.

n For the air-gapped environment, VSAN NFS requires OVF file.

n Manual installation of vSAN requires additional files. For details, see vSAN Manual
approach and add the files required for manual approach in the image server.

Add Certificate Authority

You can configure the certificate authority.

The certificate authority (CA) issues the digital certificate. These certificates help to create a
secure connection between various appliances of a domain.

To add the certificate authority, perform the following:

Procedure

1 Click the Configuration tab

2 Click Security.

3 To add a new certificate signing authority, click Add Certificate Authority.

VMware, Inc. 93
VMware Telco Cloud Automation User Guide

4 Enter the following details on the Add Certificate Authority page.

Field Value

Name The fully qualified domain name (FQDN) of the server.

Country The two-letter ISO code for the country where the organization is located.

Key Size Size of the key used in the certificate.

Valid for days The number of for which the certificate is valid.

Locality The city where the organization is located.

Email Address An email address of the organization.

Organization The complete legal name of the organization. It can include suffixes such as
Inc, Corp, or LLC. Do not use abbreviation.

Organization Unit The division of the organization handling the certificate.

State The state or region where the organization is located. Do not use
abbreviation.

5 To confirm the details, click Add.

Add a Host Profile

You can add, modify, or delete the host profile.

You can create a host profile with specific set of BIOS settings, firmware version, PCI devices,
and PCI groups. When you create a host and select a specific host profile for a domain, VMware
Telco Cloud Automation applies the configurations of the specified host profile to all the hosts
within that domain.

Note
n To upgrade Supermicro firmware, see Supermicro Firmware Upgrade.

n To upgrade Dell firmware, see Dell Firmware Upgrade.

n To obtain the firmware details, see Obtain the Current Firmware Version.

n To add PTP details, see A1: PTP Overview.

Prerequisites

n Ensure that you have details of BIOS keys and values.

n Ensure that you have details of the firmware.

Procedure

1 Click the Configuration tab.

2 Click Host Profile.

VMware, Inc. 94
VMware Telco Cloud Automation User Guide

3 To add a new host profile, click Add .

Note To create a new host profile using the configuration file of other host profile, click Load
Configuration and select the required JSON file.

4 Add the profile name in the Profile Name field.

5 In the BIOS Settings Field, to add values click Add Attributes.

n Add the BIOS key in the Key field.

n Add the corresponding value of the BIOS key in the Value field.

6 In Firmwares, to add values, click Add Firmware.

n Add the firmware name in the Name field.

n Add the identity of the firmware, that the vendor provides, in the Software field.

n Add the version of the firmware to which you want to upgrade the current firmware in the
Version field.

n Add the location of the firmware upgrade file in the Location field.

Note Ensure that you provide a valid URL. The URL must start with HTTP and end with
extensions .XML or .EXE.

n Add the value of checksum of the firmware upgrade file in the Checksum field.

7 In the PCI Device Settings, to add values click Add Device.

n To add a PCI device action, click Add Action.

n Select the value from the drop-down menu. You can select SR-IOV for SRIOV based
devices, PassThrough for PassThrough devices, or Custom for ACC100 devices.

n For the SRIOV device, configure the value of Number of Virtual Functions.

n For PassThrough device, configure the value of Enable Passthrough.

n For Custom (ACC100) devices, provide the configuration file required for ACC100 in
Configuration File field.

n To add a filter for PCI devices, click Add Filter. Provide the values of Key and Value field.

8 In the PCI Device Groups, to add create a device group click Add Group .

a Add the group name in the Device Group Name.

b To add a filter for the device group, click Add Filter and enter the key and value in the
Key and Value field. You can select the value from the drop-down list.

n NUMA ID

n Device ID

n Vendor ID

VMware, Inc. 95
VMware Telco Cloud Automation User Guide

n Alias

n Index

9 In the ESXi Reservation, to add ESXi details.

n Reserved cores per NUMA node - Number of cores reserved for ESXi process. For ESXi
version 7.0U2 and above, the default value is 1. For other ESXi versions, the default value
is 2.

n Reserved Memory per NUMA node - Memory reserved for ESXi process. The default
value is 512 MB.

n (Optional) Min. cores for CPU reservation per NUMA node - Number of physical core
reserved for each NUMA node. If you do not configure this parameter, the value from
reservedCoresPerNumaNode is applied. The default value is 3.

What to do next

Edit, Clone, and Export a Host Profile.

Edit, Clone, and Export a Host Profile

You can edit, clone, export, or delete an existing host profile.

You can modify a host profile, export the host profile details, or create a copy of the host profile
using clone function. You can also delete the host profile and refresh the host profile details.

Prerequisites

Ensure that a host profile exists.

Procedure

1 Click the Configuration tab.

2 Click the Host Profile tab.

3 Select the host profile on which you want to perform the operation.

4 To delete a host profile, click Delete.

5 To modify a host profile, click Edit.

6 To export the configurations of a host profile in a JSON file, click Export. You can use this
JSON file to create a new host profile.

7 To create a duplicate host profile, click Clone.

8 To refresh the details of all the host profile on the Host Profile page, click Refresh.

Supermicro Firmware Upgrade

Manual steps to upgrade the firmware of supermicro.

VMware, Inc. 96
VMware Telco Cloud Automation User Guide

Supermicro firmware upgrade involves manual steps. These steps include creating upgrade
package, modifying the script and validating the integrity of the upgrade package.

Note Ensure that you upload the downloaded firmware upgrade package, the upgrade-
script.sh, and firmware-index.xml in the same absolute path.

Prerequisites

n Obtain the firmware upgrade file.

n Upload the firmware file to a web server.

n Ensure that Telco Cloud Automation has permission to access the web server location to
obtain the uploaded files and packages.

Procedure

1 Create the upgrade-script.sh. Use the below example to create the upgrade script.

Note
n The example uses E810 card. To create the script for other cards, change the E810 to the
card name for which you need to create the script.

n Modify the command nvmupdaten64e with the required command based on the card type.
You can get the commands in readme.txt file in upgrade package.

datastore=$(esxcli storage filesystem list| awk '{ print $1 }' | tail -n +3 | head -n 1)
echo $datastore

cd $datastore/; rm -rf E810; ls *.gz |xargs -n1 tar -xzf

cd $datastore/

check_version(){
#Dont forget the space added below
if echo "X" | ./nvmupdaten64e | grep "Update " ; then
echo "Inside check_version"
echo "./nvmupdaten64e"
return 1
else
echo "it's in else"
return 0
fi
}

e810=$(ls | grep -nr "E810")

if [ -z "$e810" ]
then
echo "Contains different card"
exit 1
else
cd E810

VMware, Inc. 97
VMware Telco Cloud Automation User Guide

esx=$(ls | grep -nr "ESXi_x64")

if [ -n "$esx" ]
then
cd ESXi_x64
echo $PWD
nvm=$(ls | grep -nr "nvmupdaten64e")
echo "NVM is $nvm"
if [[ $1 == "--check_version" ]]
then
check_version
output=$?
echo "output is $output"
return $output
fi
if [[ -n "$nvm" ]]
then
echo "PWD is: $PWD"
./nvmupdaten64e -u -l -o update.xml -b -c nvmupdate.cfg
return 0
else
echo "Invalid package"
return 1
fi
fi
fi

2 Generate the checksum for the upgrade-script.sh.

3 Generate the checksum for the downloaded firmware file.

4 Create the firmware-index.xml. Use the below example to create the firmware index file.

<metaList>
<metadata>
<url>E810_NVMUpdatePackage_v2_32_ESX.tar.gz</url>
<checksum>fbbb201dfcc4c900e4fc5d3a6f4264110d4a32cdecec43c55d04164130b8d249</
checksum>
</metadata>
<metadata>
<url>upgrade-script.sh</url>
<checksum>0faa2fb41347377ad1435911abc4eb38246a7fcf5c3cdcea3e21e34778678cac</
checksum>
</metadata>
</metaList>

a url : In the first url tag, enter the name of the upgrade file.

b checksum : In the first checksum tag, enter the checksum generated for the upgrade
package file.

c url : In the second url tag, enter the name of the upgrade script file.

d checksum : In the second checksum tag, enter the checksum generated for the upgrade
script file.

VMware, Inc. 98
VMware Telco Cloud Automation User Guide

5 Generate the checksum for the firmware-index.xml file.

6 Open Telco Cloud Automation.

7 Navigate to Infrastructure Automation.

8 Click Configuration and then click Host Profile.

9 On the Host Profile page, to add new host profile, click Add.

10 To add firmware details, click Add Firmware. Enter the following details:

n Add the firmware name in the Name field. For Supermicro, this is a user defined field.

n Add the identity of the firmware, that the vendor provides, in the Software field. For
Supermicro, this is a user defined field.

n Add the version of the firmware to which you want to upgrade the current firmware in the
Version field.

n Add the location of the firmware-index.xml file in the Location field.

Note Ensure that you use only a HTTP-based URL.

n Add the checksum generated for the firmware-index.xml file in the Checksum field.

Dell Firmware Upgrade

Upgrade procedure for dell firmware.

The task provide details on how to upgrade the dell firmware. You can add these details in the
host profile, for details, see Add a Host Profile.

Prerequisites

n Ensure that you have obtained the details of the firmware. To obtain the current firmware
version, see Obtain the Current Firmware Version.

n Ensure that you have uploaded the firmware file to a web server.

n Ensure that HostConfig operator can access IPMI network.

Procedure

1 Add the firmware name in the Name field.

2 Add the identity of the firmware, that the vendor provides, in the Software field. SoftwareID
represents the firmware identity. You can obtain the softwareID from the componentID in the
package.xml file bundled within the firmware package that you downloaded. To obtain the
softwareID, use the following steps:

a Download firmware upgrade file from Dell website. The upgrade packge is compressed
using zip format and the upgrade file uses .exe extension.

b Extract the upgrade zip package and obtain the package.xml file.

VMware, Inc. 99
VMware Telco Cloud Automation User Guide

c Search for componentID in package.xml. Get the componentID that matches your device.
For example, for ethernet 25G 2P XXV710 adapter, the componentID is 105834.

<Device componentID="105834" embedded="1">

3 Add the version of the firmware to which you want to upgrade the current firmware in the
Version field.

4 Add the location of the firmware upgrade file in the Location field. You can download the
firmware upgrade package from Dell website. Upload the firmware upgrade package to a
web server.

Note Ensure that you use only a HTTP based url.

5 Add the value of checksum of the firmware upgrade file in the Checksum field. You can
obtain the checksum value from the Dell website using which you downloaded the firmware
upgrade package. The below example shows all the details for firmware upgrade.

softwareId: "105834" # the softwareId for XXV710

name: "XXV710"
version: "20.0.17"
location: "http://10.118.76.38/firmware-store/X710/
Network_Firmware_DK4G2_WN64_20.0.17_A00.EXE"
checksum: "a294442e2268a6ea56c4f9d7eba4b5ec74fe639bf413bddb5003678faac5db57"

Obtain the Current Firmware Version

Procedure to obtain the current firmware version

The process helps you to obtain the current firmware version of the device.

Procedure

1 You can obtain the firmware version through iDRAC.

a Login to iDRAC.

b Navigate to System.

c Click the Inventory tab.

VMware, Inc. 100

VMware Telco Cloud Automation User Guide

2 To obtain the firmware version of network interface cards (NICs), follow the steps:

a Use the SSH to login to the VMware ESXi server.

b Execute the esxcli network nic list command to get a list of all NICs.

esxcli network nic list

Name PCI Device Driver Admin Status Link Status Speed Duplex MAC Address MTU
Description
------ ------------ ------- ------------ ----------- ----- ------ -----------------
---- -----------
vmnic0 0000:1a:00.0 bnxtnet Up Up 25000 Full bc:97:e1:d5:24:20 1500 Broadcom BCM57414
NetXtreme-E 10Gb/25Gb RDMA Ethernet Controller
vmnic1 0000:1a:00.1 bnxtnet Up Up 25000 Full bc:97:e1:d5:24:21 1500 Broadcom BCM57414
NetXtreme-E 10Gb/25Gb RDMA Ethernet Controller
vmnic2 0000:5e:00.0 i40en Up Up 25000 Full 40:a6:b7:59:2c:90 1500 Intel(R) Ethernet
Controller XXV710 for 25GbE SFP28
vmnic3 0000:5e:00.1 i40en Up Up 25000 Full 40:a6:b7:59:2c:91 1500 Intel(R) Ethernet
Controller XXV710 for 25GbE SFP28

c Execute the esxcli network nic get -n vmnic2|grep Firmware command to obtain the
firmware value.

esxcli network nic get -n vmnic2|grep Firmware

Firmware Version: 7.10 0x800075e6 19.5.12

Managing Domains
You can add, delete, and configure various sites to create the infrastructure.

You can add a management domain, workload domain for central site or regional sites. You can
add compute clusters, or cell sites in Infrastructure Automation. You can also add a host for each
site and perform security management for each appliance within domains.

VMware, Inc. 101

VMware Telco Cloud Automation User Guide

You can modify the details of an already added site and view the appliances related to each site.
You can resynchronize the site details after modifying the configurations, to ensure that all the
configurations are working correctly.

Note
n Starting from Release 2.3, VMware Telco Cloud Automation terminates the support for
creating a central data center, regional data center, and compute cluster using Infrastructure
Automation. The feature will enter a maintenance mode starting from releases 2.1 and 2.2.
Post termination, users will have the option to add the pre-deployed data centers through
Infrastructure Automation in a VM-based deployment.

n If you require the Host Profile function for a pre-deployed domain:

n You need to deploy the Telco Cloud Automation Control Plane manually.

n When configuring the Telco Cloud Automation Control Plane through Telco Cloud
Automation Appliance Manager, you must use FQDN for the vCenter.

n You must register the Telco Cloud Automation Control Plane on the Virtual Infrastructure
page of the Telco Cloud Automation Manager.

Figure 9-1. Domains

Node Pool-
AS

Node Pool- AMF

Infra

Harbor SMF

K8’s
GIT Node Pool-
Management
DP
Cluster

Node Pool- VRO UPF

SDM
TCA-CP
Node Pool- VC Node Pool-
AUSF
Signaling CP2
NSX
A-SBC
HSS SCP
(P-CSCF) Workload
Domain/WD03
K8’s
Management Node Pool- Node Pool- Node Pool- Node Pool- Node Pool-
PCF
Cluster Media IMS K8’s Edge AC CS
Management
VRO A-SBC Cluster Node Pool- CU DU
SMSF
(BGW) CP2
TCA-CP VRO
VC I/S/E- MEC DU DU
MRF TCA-CP CHF
CSCF
NSX VC
Workload Workload Workload NSX Workload Workload
Domain/WD01 Cluster 1 Cluster 2 Cluster 1 Cluster 2 Cell Site
Workload
K8’s Workload Cluster
Domain/WD02
TCA
K8’s K8’s K8’s
Workload Workload Workload Workload
TCA-CP TCA-CP
Cluster 1 Cluster 2 Cluster 1 Cluster
VRO VRO K8’s Workload Cluster
Control Plane Control Plane Control Plane
VRLI VRLI
Workload
VC VC Cluster
Worker Node Worker Node Worker Node
NSX NSX K8’s Workload Cluster

VSAN VSAN VSAN VSAN VSAN VSAN VSAN VSAN VSAN

ESXi ESXi ESXi ESXi ESXi ESXi ESXi ESXi ESXi

WD01/
Management WD01/ WD01/ Management WD02/ WD03/ WD02/
Aggregation Cell Site
Domain Compute Cluster Compute Cluster Domain Compute Cluster Compute Cluster Edge Site
Cluster

x50 x1k x20k

Central Data Center x2s Regional Data Center x10

Core Function RAN Function

VMware, Inc. 102

VMware Telco Cloud Automation User Guide

Add Management Domain

You can add the management domain for a central or regional site.

Prerequisites

n Obtain the required licenses and network information required for configuration.

n Regenerate the Self-Signed Certificates on ESXi Hosts. For details, see ESXi Host Certificate.

n Ensure that you configure for vMotion and vSAN network.

Procedure

1 Click Domains under Infrastructure Automation.

2 Select the site type.

n To add management domain for central site, click Central Site.

n To add management domain for regional site, click Regional Site.

3 Click the Add Management Domain icon.

The Add Management Domain page appears.

4 On the Add Management Domain page, provide the required information.

5 To enable the provisioning of the site, Click the button corresponding to Enabled. You cannot
perform this operation on a disabled site.

6 To add an existing management domain, click the button corresponding to Pre-Deployed .

When you enable Pre-Deployed, you must provide Default Resources.

Note
n For a pre-deployed domain, VMware Telco Cloud Automation shows only the required
configurations. Some of these configuration may not appear for non pre-deployed
domains.

n VMware Telco Cloud Automation does not perform any operation on a pre-deployed
workload domain. However, you can add compute cluster and cell site group to the
domain.

n VMware Telco Cloud Automation can auto-detect the resources if only one resource for
resource type is available in the vCenter. If multiple resources for each resource type are
available, you must fill the values.

n When you add a pre-deployed domain, always use Appliance Overrides to enter the
vCenter IP, FQDN, and password.

n For a pre-deployed domain, when adding the DVS name and management network in
Appliance Overrides, ensure that the names match the corresponding DVS name and
management network names in the vCenter.

a Datacenter - Enter the name of the data center.

VMware, Inc. 103

VMware Telco Cloud Automation User Guide

b Cluster - Enter the name of the cluster.

c Datastore - Enter the name of the datastore.

7 Enter the details.

Field Description

Name The name of the site.

Minimum number of hosts Minimum number of hosts required for the site. The number of hosts cannot
be less than 4 or more than 64.

Select Host Profile Select the host profile from the drop-down list. The selected Host profile
gets associated with the each host in the management domain.

Location The location of the site. Click the button corresponding to the location.

Search Enter the keyword to search a location.

Latitude Latitude of the compute cluster location. The details are automatically added
when you select the location. You can also modify the latitude manually.

Longitude Longitude of the compute cluster location. The details are automatically
added when you select the location. You can also modify the longitude
manually.

Note The default value of vSphere SSO Domain is vsphere.local.

For a pre-deployed site, VMware Telco Cloud Automations shows vSphere

SSO Username. Set the value of vSphere SSO Username to user belonging
to the administrator group in the underlying VMware vCenter Server. If you
do not provide the value, system takes administrator as default value.

VMware, Inc. 104

VMware Telco Cloud Automation User Guide

Field Description

Licenses Licenses of various appliances applicable to the site. These appliances

include:
n VMware vSphere (ESXi)
n VMware NSX-T Data Center
n VMware Telco Cloud Automation (available only for Central site)
n VMware Telco Cloud Automation Control Plane
n VMware vCenter Server
n VMware vRealize Log Insight
n VMware vSAN

Services You can enable the networking and storage operations for the specific site.
You can also enable or disable the compression and duplication of data
through
vSAN Deduplication and Compression option.

Note The duplication and compression works only on the all-flash disk
group. When you enable the vSAN Deduplication and Compression option,
you cannot create a hybrid storage group.

8 You can add new CSI categories or use the existing categories from the VMware VSphere
server. You can also create tags corresponding to the CSI categories. To add the CSI
Categories information, add the required information.

Note
n To configure the CSI Categories, enable the Override for the CSI Tagging under Settings,
and Override Value.

n Once added, you cannot edit or remove the CSI configuration.

Field Description

Use Existing Whether to use the existing categories set in the underlying VMware
VSphere server. Click the corresponding button to enable or disable the
option.

Note When use the Use Existing, ensure that you provide values for
both the region categories and the zone categories as set in the underlying
VMware vSphere server.
n When creating Zone category in VMware VSphere, choose Hosts and
Clusters under Associable Object Types.
n When creating Region category in VMware VSphere, choose Datacentre
under Associable Object Types.

Region The CSI category for the datacenter.

Zone The CSI category for the compute clusters or hosts.

CSI Region Tag The CSI tagging for the datacenter.

CSI Zone Tag The CSI tagging for compute clusters or hosts.

VMware, Inc. 105

VMware Telco Cloud Automation User Guide

9 Add the Switch Configuration information. Click plus icon to add more switches and uplinks.

Field Description

Switch Name of the switch.

Uplinks Select the network interface card (NIC) for the central site under Uplinks.

Note A central site requires minimum two NICs to communicate. NIC details
must match the actual configuration across all ESXi servers.

10 Add the Networks information.

Note
n For vMotion and vSAN, the IP pool should equal the total number of ESXi hosts.

n You can click + sign under Networks to create additional VLAN or overlay network to
connect with additional applications.

n For Application network type, you can add DHCP IP Pool.

n Add the gateway and prefix length when creating the VLAN application network if you
enable the networking service and deploy the edge cluster in NDC, RDC, or Compute
Cluster.

n Add the gateway and prefix length when creating the overlay network.

n Ensure that you use same switch for NSX overlay, Host overlay and uplinks for each
domain.

Field Description

Name The name of the network.

Segment Type Segment type of the network. Select the value from the list.

Network Type The type of the network.

Switch The switch details which the sites use for network access.

VLAN The VLAN ID for the network.

MTU The MTU length (in bytes) for the network.

Prefix Length The prefix length for each packet for the network.

Note The Prefix length is applicable only for the IPv4 environment.

Gateway Address The gateway address for the network.

Note The gateway address is applicable only for the IPv4 environment.

VMware, Inc. 106

VMware Telco Cloud Automation User Guide

11 (Optional) Add the Appliance Overrides information. Ensure that the appliance names match
the actual names entered in DNS. If they do not match, you can change the name.

Note
n For NSX-Edge cluster configuration:

n To override the Edge form factor, select the Size from the drop-down menu.

n To override the HA, select the Tier0Mode from the drop-down menu.

n You can configure the Root Password, Admin Password, and Audit Password, and select
the Use above credentials for all the password fields to use the same password for all
the appliances.

n When overriding the password for following appliances, ensure that you follow the
password guidelines

n For Cloudbuilder:

n Minimum password length for admin password is 8 characters and must include at
least one uppercase, one lowercase, one digit, and one special character.

n Minimum password length for root password is 8 characters and must include at
least one uppercase, one lowercase, one digit, and one special character.

n vCenter

n The admin password length is between 8 to 20 character and must contain at

least one uppercase, one lowercase, one digit, and one special character (@!#$%?
^).

n The root password length is between 8 to 20 character and must contain at least
one uppercase, one lowercase, one digit, and one special character (@!#$%?^).

n NSXT password

n Minimum length for root, admin, and audit password is 12 characters and
must contain at least one lower case, one uppercase, one digit, one special
character. The password should contain at least 5 different characters. Password
cannot contain three consecutive characters. Dictionary word is not allowed. The
password should not contain more than four monotonic character sequence.

Field Description

Root Password Password of the root user of the appliance.

Note Minimum length of the password is 13 characters and it must include a

special character, a capital letter, a lower-case letter, and a number.

Admin Password Password of the administrator of the appliance.

Note Minimum length of the password is 13 characters and it must include a

special character, a capital letter, a lower-case letter, and a number.

VMware, Inc. 107

VMware Telco Cloud Automation User Guide

Field Description

Audit Password Password of the audit user. Applicable only for NSX Manager, and NSX Edge
cluster.

Note Minimum length of the password is 13 characters and it must include a

special character, a capital letter, a lower-case letter, and a number.

Cluster Password Password for creating the cluster. Applicable only for VMware Telco Cloud
Automation management cluster and bootstrapper cluster.

Note Minimum length of the password is 13 characters and it must include a

special character, a capital letter, a lower-case letter, and a number.

Override Whether to override the current values.

Appliance Type The type of the appliance.

Name The name of the appliance.

Name Override The new name of the appliance to override the previous name of appliance.

IP Index The IP index of the appliance. The value is fourth octet of the IP address.
The initial three octets are populated from the network address provided in
domain.
VMware Telco Cloud Automation uses IP index to calculate the IP address of
the appliance. It adds the IP Index to the base address of the management
network to obtain the IP address of the appliance.

Note
n IP index is applicable only for the IPv4 environment.
n The IP index depends on management subnet prefix length. Ensure that
you provide IP index values within the IP range dictated by that subnet
prefix length. For example, if you use subnet prefix length of 24, then
the subnet has 254 IPs. Hence, the IP index value cannot exceed 254.
If you use prefix length of 27 or 28, then the subnet has 30 or 14
IPs, respectively. The IP index values must then not exceed 30 or 14,
respectively. Ensure that you check the values before adding the IP
index.

Enabled Whether the appliance is enabled and available for operations.

What to do next

n Add Workload Domain.

n Add Host to a Site.

n Certificate Management.

Edit a Management Domain

You can modify the management domain details, add a host, modify appliance details and
perform certificate management.

VMware, Inc. 108

VMware Telco Cloud Automation User Guide

You can modify the configuration of a management domain, add a host, view the list of
appliances applicable to the management site, and perform certificate management operations
such as generate Certificate Signing Request (CSR), download CSR, and retry the download or
generate CSR operations.

Note
n You cannot modify the CSI tagging information.

n You can add the CSI tagging information only for a new domain.

Procedure

1 Click Domains under Infrastructure Automation.

2 Click the Central Site or Regional Site icon.

3 Select the management site to edit.

4 Click Edit.

5 To modify the configurations, click the Configuration tab.

6 To add a new host, click the Host tab.

7 To view the list of available appliances, click the Appliance tab.

8 To perform certificate operations, click Certificate Management.

What to do next

n Add Host to a Site.

n Certificate Management.

Add Workload Domain

You can add the workload domain for a central or regional site.

To add a workload domain, follow the steps:

Prerequisites

n Obtain the licenses and network information required for configuration.

n Regenerate the Self-Signed Certificates on ESXi Hosts. For details, see ESXi Host Certificate.

n Ensure that you configure the gateway for vMotion and vSAN network.

Procedure

1 Click Domains under Infrastructure Automation.

2 Select the site type.

n To add workload domain for central site, click Central Site.

n To add workload domain for regional site, click Regional Site.

VMware, Inc. 109

VMware Telco Cloud Automation User Guide

3 Click the Add Workload Domain icon.

The Add Workload Domain page appears.

4 To enable the provisioning of the site, click the button corresponding to Enabled. You cannot
perform operations in a disabled site.

5 To add an existing workload domain, click the button corresponding to Pre-Deployed. When
you enable Pre-Deployed, you must provide Default Resources.

Note
n For a pre-deployed domain, VMware Telco Cloud Automation shows only the required
configurations. Some of these configuration may not appear for non pre-deployed
domains.

n VMware Telco Cloud Automation does not perform any operation on a pre-deployed
workload domain. However, you can add compute cluster and cell site group to the
domain.

n When you add a pre-deployed domain, always use Appliance Overrides to enter the
vCenter IP, FQDN, and password.

a Datacenter - Enter the name of the data center.

b Cluster - Enter the name of the cluster.

c Datastore - Enter the name of the datastore.

6 Enter the required details.

Field Description

Name The name of the site.

Minimum number of hosts Minimum number of hosts required for the site. The number of hosts cannot
be less than 4 or more than 64.

Select Host Profile Select the host profile from the drop-down list. The selected Host profile
gets associated with the each host in the workload domain.

Parent site Select the parent site from the drop-down menu.

Location The location of the site. Click to add the location details.

Search Enter the keyword to search a location.

Address Enter the address of the location.

VMware, Inc. 110

VMware Telco Cloud Automation User Guide

Field Description

Latitude Latitude of the compute cluster location. The details are automatically added
when you select the location. You can also modify the latitude manually.

Longitude Longitude of the compute cluster location. The details are automatically
added when you select the location. You can also modify the longitude
manually.

Settings You can modify the service settings and the proxy settings for each site.
These configurations override the global configuration available in Global
Configuration tab on Configuration page. For more details on service and
proxy parameters, see Configure Global Settings.
vSphere SSO Domain is available for local settings and not for global
settings. To configure the vSphere SSO Domain for a domain, enable the
Override and enter the required information in the corresponding Override
Value.
For a pre-deployed site, VMware Telco Cloud Automations shows vSphere
SSO Username. Set the value of vSphere SSO Username to user belonging
to the administrator group in the underlying VMware vCenter Server. If you
do not provide the value, system takes administrator as default value.

Licenses Licenses of various appliances applicable to the site. These appliances

Note The duplication and compression works only on the all-flash disk
group. When you enable the vSAN Deduplication and Compression option,
you cannot create a hybrid storage group.

VMware, Inc. 111

VMware Telco Cloud Automation User Guide

7 You can add new CSI categories or use the existing categories from the VMware VSphere
server. You can also create tags corresponding to the CSI categories. To add the CSI
Categories information, add the required information.

Note
n To configure the CSI Categories, enable the Override for the CSI Tagging under Settings,
and Override Value.

n Once added, you cannot edit or remove the CSI configuration.

Field Description

Use Existing Whether to use the existing categories set in the underlying the VMware
VSphere server. Click the corresponding button to enable or disable the
option.

Note When use the Use Existing, ensure that you provide the values for
both region categories and zone categories as set in the underlying VMware
vSphere server.
n When creating Zone category in VMware VSphere, choose Hosts and
Clusters under Associable Object Types.
n When creating Region category in VMware VSphere, choose Datacentre
under Associable Object Types.

Region The CSI category for the datacenter.

Zone The CSI category for the compute clusters or hosts.

CSI Region Tag The CSI tagging for the datacenter.

CSI Zone Tag The CSI tagging for the compute clusters or hosts.

8 Add the Switch Configuration information. Click plus icon to add more switches and uplinks.

Field Description

Switch The name of the switch.

Uplinks Select the network interface card (NIC) for the regional site under Uplinks.

Note A regional site requires minimum two NICs to communicate. NIC

details should match the actual configuration across all ESXi servers.

VMware, Inc. 112

VMware Telco Cloud Automation User Guide

9 Add the Networks information.

Note
n For vMotion and vSAN, the IP pool should be equal to the total number of ESXi hosts.

n To create additional VLAN or overlay network to connect with additional applications,

click + sign under Networks.

n For Application network type, you can add DHCP IP Pool.

n Add the gateway and prefix length when creating the VLAN application network if you
enable the networking service and deploy the edge cluster in NDC, RDC, or Compute
Cluster.

n Add the gateway and prefix length when creating the overlay network.

n Ensure that you use same switch for NSX overlay, Host overlay and uplinks for each
domain.

Field Description

Name The name of the network.

Segment Type Segment type of the network. Select the value from the list.

Network Type The type of the network.

Switch The switch details which the site uses to access network.

VLAN The VLAN ID for the network.

MTU The MTU length (in bytes) for the network.

Prefix Length The Prefix length for each packet for the network.

Note The prefix length is applicable only for the IPv4 environment.

Gateway Address The gateway address for the network.

Note The gateway address is applicable only for the IPv4 environment.

Network Address The network address for the network.

VMware, Inc. 113

VMware Telco Cloud Automation User Guide

10 (Optional) Add the Appliance Overrides information. Ensure that the appliance names match
the actual names entered in DNS. If they do not match, you can change the name.

Note
n For NSX-Edge cluster configuration:

n To override the Edge form factor, select the Size from the drop-down menu.

n To override the HA, select the Tier0Mode from the drop-down menu.

n You can configure the Root Password, Admin Password, and Audit Password, and select
the Use above credentials for all the password fields to use the same password for all
the appliances.

n When creating the password for following appliances, ensure that you follow the
password guidelines

n For Cloudbuilder:

n Minimum password length for admin password is 8 characters and must include at
least one uppercase, one lowercase, one digit, and one special character.

n Minimum password length for root password is 8 characters and must include at
least one uppercase, one lowercase, one digit, and one special character.

n vCenter

n The admin password length is between 8 to 20 character and must contain at

least one uppercase, one lowercase, one digit, and one special character (@!#$%?
^).

n The root password length is between 8 to 20 character and must contain at least
one uppercase, one lowercase, one digit, and one special character (@!#$%?^).

n NSXT password

n Minimum length for root, admin, and audit password is 12 characters and
must contain at least one lower case, one uppercase, one digit, one special
character. The password should contain at least 5 different characters. Password
cannot contain three consecutive characters. Dictionary word is not allowed. The
password should not contain more than four monotonic character sequence.

Field Description

Root Password Password of the root user of the appliance.

Note Minimum length of the password is 13 characters and it must include a

special character, a capital letter, a lower-case letter, and a number.

Admin Password Password of the administrator of the appliance.

Note Minimum length of the password is 13 characters and it must include a

special character, a capital letter, a lower-case letter, and a number.

VMware, Inc. 114

VMware Telco Cloud Automation User Guide

Field Description

Audit Password Password of the audit user. Applicable only for NSX Manager, and NSX Edge
cluster.

Note Minimum length of the password is 13 characters and it must include a

special character, a capital letter, a lower-case letter, and a number.

Cluster Password Password for creating the cluster. Applicable only for VMware Telco Cloud
Automation management cluster and bootstrapper cluster.

Note Minimum length of the password is 13 characters and it must include a

special character, a capital letter, a lower-case letter, and a number.

Override Whether to override the current values.

Appliance Type The type of the appliance.

Name The name of the appliance.

Name Override The new name of the appliance to override the previous name of appliance.

IP Index IP index of the appliance. The value is fourth octet of the IP address. The
initial three octets are populated from the network address provided in
domain.
VMware Telco Cloud Automation uses IP index to calculate the IP address of
the appliance. It adds the IP Index to the base address of the management
network to obtain the IP address of the appliance.

Enabled Whether the appliance is enabled and available for operations.

What to do next

n Add Host to a Site.

n Certificate Management.

Edit a Workload Domain

You can modify the workload domain details, add a host, modify appliance details and perform
certificate management.

VMware, Inc. 115

VMware Telco Cloud Automation User Guide

You can modify the configuration of a workload domain, add a host, view the list of appliances
applicable to the management site, and perform certificate management operations such as
generate Certificate Signing Request (CSR), download CSR, and retry the download or generate
CSR operations.

Note
n You cannot modify the CSI tagging information.

n You can add the CSI tagging information only for a new domain.

To modify a regional site, follow the steps:

Procedure

1 Click Domains under Infrastructure Automation.

2 Click the Central Site or Regional Site icon.

3 Select the workload management site to edit.

4 Click Edit.

5 To modify the configurations, click the Configuration tab.

6 To add a new host, click the Host tab.

7 To view the list of applicable appliances, click the Appliance tab.

8 To perform certificate operations, click Certificate Management.

What to do next

n Add Host to a Site.

n Certificate Management.

Add Compute Cluster

A compute cluster is a combination of sites managed by a regional or central site.

Procedure

1 Click Domains under Infrastructure Automation.

2 Click the Compute Cluster icon.

3 Click Add.

The Add Domain page appears.

4 On the Add Domain page, provide the required information.

VMware, Inc. 116

VMware Telco Cloud Automation User Guide

5 To enable the provisioning of the site, click the button corresponding to Enabled. You cannot
perform any operation on a disabled site.

Field Description

Name The name of the site.

Minimum number of hosts Minimum number of hosts required for the site. The number of hosts cannot
be less than 4 or more than 64.

Select Host Profile Select the host profile from the drop-down list. The selected Host profile
gets associated with each host in the compute cluster domain.

Parent Site The management or workload domain that manages the cluster. Select from
the drop-down menu.

Location The location of the compute cluster.

Search Enter the keyword to search a location.

Latitude Latitude of the compute cluster location. The details are automatically added
when you select the location. You can also modify the latitude manually.

Longitude Longitude of the compute cluster location. The details are automatically
added when you select the location. You can also modify the longitude
manually.

Note The default value of vSphere SSO Domain is vsphere.local.

Licenses Not applicable. The compute cluster uses the licenses of parent site.

Services n For a compute cluster, you can activate the NSX services. For certain
workloads, if you do not require these services, you can deactivate
these services.
n To use the network services of the parent site, click the Share Transport
Zones With Parent button.
n You can use the vSAN or localstore. Select the value from the drop-
down menu.
Click Enabled button to activate or deactivate the Networking or Storage
services.

VMware, Inc. 117

VMware Telco Cloud Automation User Guide

6 You can add new CSI categories or use the existing categories from the VMware VSphere
server. You can also create tags corresponding to the CSI categories. To add the CSI
Categories information, add the required information under Settings.

Note
n To configure the CSI Categories, enable the Override for the CSI Tagging under Settings,
and Override Value.

n Once added, you cannot edit or remove the CSI configuration.

n For a vSAN disabled compute cluster, ensure that the CSI Zone tag name must contain
{hostname}. For example, <text_identifier>-{hostname}.

Field Description

Use Existing Whether to use the existing categories set in the underlying the VMware
VSphere server. Click the corresponding button to activate or deactivate the
option.

Note When using the Use Existing, ensure that you provide the values for
both the region and the zone categories as set in the underlying VMware
vSphere server.
n When creating a Zone category in VMware VSphere, choose Hosts and
Clusters under Associable Object Types.
n When creating a Region category in VMware VSphere, choose
Datacentre under Associable Object Types.

Region The CSI category for the data center.

Zone The CSI category for the compute clusters or hosts.

CSI Region Tag The CSI tagging for the data center.

CSI Zone Tag The CSI tagging for the compute clusters or hosts.

7 Add the Switch Configuration information. Click plus icon to add more switches and uplinks.

Field Description

Switch The name of the switch.

Uplinks Select the network interface card (NIC) for the compute cluster under
Uplinks.

Note A cell site requires a minimum of two NICs to communicate. The

uplinks must match the actual configuration across all ESXi servers.

VMware, Inc. 118

VMware Telco Cloud Automation User Guide

8 Add the Networks information.

Note
n For vMotion and vSAN, the IP pool should be equal to the total number of ESXi hosts. If
you do not provision the appliances, vSAN, nsxHostOverlay, nsxEdgeOverlay, uplinks are
optional.

n You can click + sign under Networks to create additional VLAN or overlay network to
connect with additional applications.

Field Description

Name The name of the network.

Segment Type Segment type of the network. Select the value from the list.

Network Type The type of the network.

Switch The switch details that the sites use for network access.

VLAN VLAN ID for the network.

MTU MTU length (in bytes) for the network.

Prefix Length Prefix the length for each packet for the network.

Gateway Address The gateway address for the network.

9 (Optional) Add the Appliance Overrides information. Ensure that the appliance names match
the actual names entered in DNS. If they do not match, you can change the name.

Note For NSX-Edge cluster configuration:

n To override the Edge form factor, select the Size from the drop-down menu.

n To override the HA, select Tier0Mode from the drop-down menu.

n You can override the values of vSAN NFS and NSX Edge Cluster for the compute cluster
and deactivate the deployment of vSAN NFS and NSX Edge Cluster for the compute
cluster.

Field Description

Override Whether to override the current values.

Appliance Type The type of the appliance.

Name The name of the appliance.

Name Override The new name of the appliance to override the previous name of appliance.

VMware, Inc. 119

VMware Telco Cloud Automation User Guide

Field Description

IP Index IP index of the appliance. The value is the fourth octet of the IP address. The
initial three octets are populated from the network address provided in the
domain.
VMware Telco Cloud Automation uses IP index to calculate the IP address of
the appliance. It adds the IP Index to the base address of the management
network to obtain the IP address of the appliance.

Note The IP index depends on management subnet prefix length. Ensure

that you provide IP index values within the IP range dictated by that
subnet prefix length. For example, if you use the subnet prefix length of
24, then the subnet has 254 IPs. Hence, the IP index value cannot exceed
254. If you use the prefix length of 27 or 28, then the subnet has 30 or
14 IPs, respectively. The IP index values must then not exceed 30 or 14,
respectively. Ensure that you check the values before adding the IP index.

Enabled Whether the appliance is enabled and available for operations.

Edit a Compute Cluster

Modify the compute cluster details.

You can modify the configuration of a compute cluster and add a host.

Note
n Modifying of CSI tagging information is not applicable.

n You can add the CSI tagging information only for a new domain.

Procedure

1 Click Domains under Infrastructure Automation.

2 Click the Compute Cluster icon.

3 Select the compute cluster to edit.

4 Click Edit.

5 To modify the configurations, click the Configuration tab.

6 To add a new host, click the Host tab.

Add a Cell Site Group

You can add, manage, or delete a cell site group.

To add a cell site group, follow the steps:

Prerequisites

Obtain the network information required for configuration.

VMware, Inc. 120

VMware Telco Cloud Automation User Guide

Procedure

1 Click Domains under Infrastructure Automation.

2 Click the Cell Site Group icon.

3 Click Add.

The Add Domain page appears.

4 On the Add Domain page, provide the required information.

5 Click the button corresponding to Enabled, to enable the provisioning of the site. You cannot
perform any operation on a disabled site.

6 To add an existing cell site group, click the button corresponding to Pre-Deployed. When
you add a Pre-Deployed cell site group, you can override the following values.

n DNS Suffix - Address of the DNS suffix.

n DNS Server - The IP address of the DNS server.

To configure the values, enable the Override and enter the required information in the
corresponding Override Value.

Note
n VMware Telco Cloud Automation does not perform any operation on a pre-deployed
domain.

7 Enter the required details.

Field Description

Name The name of the site.

Select Host Profile Select the host profile from the drop-down list. The selected Host profile
gets associated with each host in the cell site group.

Parent Domain Select the parent domain from the list. The parent site manages all the sites
within the cell site group.

Note The default value of vSphere SSO Domain is vsphere.local.

VMware, Inc. 121

VMware Telco Cloud Automation User Guide

Note
n To configure the CSI Categories, enable the Override for the CSI Tagging under Settings,
and Override Value.

n Once added, you cannot edit or remove the CSI configuration.

n For CSI zone tag, ensure that the name must contain {hostname}. For example,
<text_identifier>-{hostname}.

Field Description

Use Existing Whether to use the existing categories set in the underlying the VMware
VSphere server. Click the corresponding button to activate or deactivate the
option.

Note When using the Use Existing, ensure that you provide the values for
both region categories and zone categories as set in the underlying VMware
vSphere server.
n When creating Zone category in VMware VSphere, choose Hosts and
Clusters under Associable Object Types.
n When creating Region category in VMware VSphere, choose Datacentre
under Associable Object Types.

Region The CSI category for the data center.

Zone The CSI category for the compute clusters or hosts.

CSI Region Tag The CSI tagging for the data center.

CSI Zone Tag The CSI tagging for the compute clusters or hosts.

9 Activate or deactivate the Enable datastore customizations option. By default, this feature is
activated. However, you can deactivate it by clicking the toggle button.

Note The Enable datastore customizations field is available only for non-pre-deployed cell
site groups.

If you activate the datastore customization:

n The datastores for all the hosts associated with this domain are named based on the disk
capacity and free space. For example, if the hostname is host201-telco.example.com, the
datastore with the highest capacity is named host201_localDS-0 where host201 is the
prefix, which is the substring preceding the first hyphen (-) and 0 is the index representing
the datastore with the highest capacity. The remaining datastores are named as host201-
DO-NOT-USE-0, host201-DO-NOT-USE-1, and so on, where the indexes 0 and 1 represent the
decreasing order of the free space. 0 represents the highest possible free space.
n The customization is applicable to all the hosts in the domain.

VMware, Inc. 122

VMware Telco Cloud Automation User Guide

To change the delimiter for extracting prefixes from the host FQDNs, do the following:
a SSH to the TCA VM as admin.

b Use the su command and switch to the root user.

c Use the following docker command to enter the tcf-manager container:

docker exec -it tcf-manager bash

d Edit the DATASTORE_DELIMITER parameter in /opt/vmware/tcf/config/

application_properties.ini.

Note DATASTORE_DELIMITER is applicable only when the datastore customizations are

enabled.

If you deactivate the datastore customization:

n The datastores for all the hosts associated with this domain are named in the order in
which the datastores are fetched from vCenter. For example, if the host name is host201-
telco.example.com, the datastores are named host201-telco-localDS-0, host201-telco-
localDS-1, and so on, where host201-telco is the prefix, which is the first substring
before the dot (.) in the hostname and the indexes 0 and 1 represent the order in which
the datastores are fetched from vCenter.

10 Add the Switch Configuration information. Click plus icon to add more switches and uplinks.

Field Description

Switch The name of the switch.

Uplinks Select the network interface card (NIC) for the site under Uplinks.

Note A site requires a minimum of two NICs to communicate. NIC details

should match the actual configuration across all ESXi servers.

11 Add the Networks information.

Note
n System defines the Management network for a cell site group. User can create custom
VLAN based application networks. All cell sites in a cell site group connect with same
management network.

n For the application network type, you can enable the mac address learning for the port
groups. To enable the mac address learning, enable the Mac Learning available under
Networks.

Field Description

Name The name of the network.

Segment Type Segment type of the network. Select the value from the list.

VMware, Inc. 123

VMware Telco Cloud Automation User Guide

Field Description

Network Type The type of the network.

Switch The switch details that the sites use for network access.

VLAN The VLAN ID for the network.

MTU The MTU length (in bytes) for the network.

Prefix Length The Prefix length for each packet for the network.

Note The Prefix length is applicable only for the IPv4 environment.

Gateway Address The gateway address for the network.

Note The gateway address is applicable only for the IPv4 environment.

What to do next

Add Host to a Site.

Custom Uplink Mapping and Teaming Policy

Switch and network specification for a cell site group is extended to include custom uplink-pnic
mapping and teaming policy, respectively.

Custom mapping is an optional parameter in the domain specification. If you do not provide an
input, then the default mapping and policy is created. You can configure the custom uplink-pnic
mapping and teaming policy using the VMware Telco Cloud Automation web interface or APIs.

Note
n This feature is only applicable to a cell site group.

n You can specify the teaming policy and uplink category mapping only when you are creating
a new cell site group domain. Do not override the settings for the cell site group domains for
which the distributed virtual switches are already created.

The following example is a snippet of the CSG specification file:

{
"name": "test-csg-6",
"type": "CELL_SITE_GROUP",
"enabled": true,
"preDeployed": {
"preDeployed": false
},
"parent": "rdc1",
"switches": [
{
"name": "test-csg-6-dvs001",
"uplinks": [
{
"pnic": "vmnic0",
"name": "PortA1"
},

VMware, Inc. 124

VMware Telco Cloud Automation User Guide

{
"pnic": "vmnic1",
"name": "PortA2"
}
]
},
{
"name": "test-csg-6-dvs002",
"uplinks": [
{
"pnic": "vmnic2",
"name": "PortB1"
},
{
"pnic": "vmnic3",
"name": "PortB2"
}
]
}
],
"networks": [
{
"type": "application",
"name": "dvs1-app-network-1",
"segmentType": "vlan",
"switch": "test-csg-6-dvs001",
"vlan": 0,
"mtu": 1500,
"mac_learning_enabled": false,
"uplinkTeamingPolicy": {
"uplinkPortOrder": {
"active": [
"PortA1"
],
"standby": [
"PortA2"
],
"unused": []
}
}
},
{
"type": "application",
"name": "dvs2-app-network-1",
"segmentType": "vlan",
"switch": "test-csg-6-dvs002",
"vlan": 0,
"mtu": 1500,
"mac_learning_enabled": false,
"uplinkTeamingPolicy": {
"uplinkPortOrder": {
"active": [
"PortB1"
],
"standby": [

VMware, Inc. 125

VMware Telco Cloud Automation User Guide

"PortB2"
],
"unused": []
}
}
},
{
"type": "management",
"name": "management",
"segmentType": "vlan",
"switch": "test-csg-6-dvs001",
"vlan": 0,
"mtu": 1500,
"mac_learning_enabled": false,
"uplinkTeamingPolicy": {
"uplinkPortOrder": {
"active": [
"PortA1"
],
"standby": [
"PortA2"
],
"unused": []
}
}
}
],
"csiTags": {},
"csiCategories": {
"useExisting": false
}
}

To configure the custom uplink-pnic mapping and teaming policy from the web interface,
perform the following:

Procedure

1 Log in to the VMware Telco Cloud Automation

2 Navigate to Infrastructure Automation > Domains.

3 Click Cell Site Group.

4 Select the radio button corresponding to the Cell Site Group for which you want to configure
the uplinks.

5 In the Configurations tab, expand Switch Configuration.

6 Click the toggle button to configure uplinks and provide a unique name for each of the
uplinks.

7 Expand Networks and click the toggle button to specify a mapping for the uplink
categorization.

8 Click Save.

VMware, Inc. 126

VMware Telco Cloud Automation User Guide

Edit a Cell Site Group

You can modify the cell site group details.

You can modify the configuration of cell site group, add a host, and modify the network
configurations related to cell site group.

Note
n Modifying CSI tagging information is not applicable.

n You can add the CSI tagging information only for newly added hosts to a cell site group after
the resync.

n Once a Cell Site Group domain has provisioned or failed hosts, changing the parent of this
Cell Site Group domain and then resyncing it does not migrate the hosts to the vCenter of the
newly selected parent.

n You can specify the parent of a Cell Site Group only when adding or creating the Cell Site
Group domain. You cannot change the parent of a Cell Site Group once hosts are added to it.

To modify a cell site group, follow the steps:

Prerequisites

A cell site group is configured.

Procedure

1 Click Domains under Infrastructure Automation.

2 Click the Cell Site Group icon.

3 To edit a cell site group:

a Select the cell site group to edit.

b Click Edit.

4 Edit the details, as required, and click Save.

Synchronize Cell Site Domain Data

For a cell site group, you can synchronize data at the domain level.

Procedure

1 Click Domains under Infrastructure Automation.

2 Click the site type under which you want to synchronize the domain data.

3 Select the required domain.

VMware, Inc. 127

VMware Telco Cloud Automation User Guide

4 Click Resync.

The Confirm Resync dialog box appears with the Partial Resync check box selected by
default. The Partial Resync option synchronizes the data of the unprovisioned cell site group
and retries for the failed host under the unprovisioned cell site group.

5 In the Confirm Resync dialog box, click Resync.

Add Host to a Site

A minimum number of hosts are required for each site to start the automated deployment for
each site.

You can add a host to any site or site cluster. A minimum number of hosts are required for each
site type to function. You can define the minimum number of hosts for each site when adding the
site.

Note If a cell site domain has multiple Distributed Virtual Switches in it, then the switch to which
the management network is associated should also be mapped to use the vmnic that has the
vmk0 VMKernel network interface attached.

Prerequisites

n A site type for which you want to add a host is already added in Domains.

n When adding a host to the cell site group, ensure that you have at least either the parent
site or the cell site group provisioned. You cannot add a host to a cell site group that has an
unprovisioned parent site.

Parent Site Status Cell Site Group Status Host Addition

Provisioned Provisioned Allowed

Not Provisioned Provisioned Allowed

Not Provisioned Not Provisioned Not Allowed

n Ensure that the certificate is generated with the server hostname as SAN by performing the
following:

a Log in to the ESXi host using an SSH client, Putty, or any other SSH client.

b Regenerate the self-signed certificate by running the following command:

/sbin/generate-certificates

c Restart the hostd and vpxa services by running the following command:

/etc/init.d/hostd restart && /etc/init.d/vpxa restart

Procedure

1 Click the Domains tab under Infrastructure Automation.

VMware, Inc. 128

VMware Telco Cloud Automation User Guide

2 Select the data center for which you want to add a host.

3 Select the site for which you want to add a host.

4 Click Edit to modify the site details.

5 On the Host tab, click Add Host.

6 Configure the network for the host.

Fields Description

Host Address (FQDN) The associated FQDN of the host.

User Name User name to access the host.

Password Password corresponding to the user name to access the host.

vSAN Cache Device Name of the vSAN device used as cache.

You can add the IPMI information for the sites that have host profiles configured with BIOS
and firmware details.

n IPMI Username - User name to access the intelligent platform management interface
(IPMI).

n IPMI Password - Password to access the intelligent platform management interface

(IPMI).

n IPMI Address(FQDN) - Address of the IPMI interface. You must provide the fully qualified
domain name.

n Override datastore customization - Click the toggle button to override the datastore
customization configured at the domain level.

If you activate this option, the Enable datastore customizations field is made available.

n Enable datastore customizations - Click the toggle button to activate the datastore
customization on this host.

If you activate the datastore customization, the datastores on this host are named
based on the disk capacity and free space.

If you deactivate the datastore customization, the datastores on this host are named
in the order in which the datastores are fetched from vCenter.

n Pre-Deployed - Whether the host is a pre-deployed.

Note
n When adding a host to a pre-deployed cell site group, you must add only the pre-
deployed host.

n A pre-deployed host means a host already added to the vCenter and configured as
required.

VMware, Inc. 129

VMware Telco Cloud Automation User Guide

n Use Above credentials for all hosts - If you want to use same user name and password
for each host, select the checkbox.

n Use above IPMI credentials for all hosts - If you want to use same user name and
password to access IPMI for each host, select the checkbox.

7 Click Save.

Edit a Host
Modify an already created host.

To modify the configurations of an already created host or delete an unprovisioned host,

perform the following:

Prerequisites

A host is already added to a site.

Procedure

1 Click Domains under Infrastructure Automation.

2 Click the site type under which you want to modify the host.

3 Select the site to edit.

4 Click Edit.

5 To modify a host, click the Host tab.

6 Select the host to edit. You can perform the following operations on the selected host:

n To delete a host with errors, click Delete and select Force Delete from the Delete page.

n To edit the host configuration, click Edit Host .

n To delete an unprovisioned host, click Delete Host.

n To refresh the host details, click Refresh.

Synchronize Cell Site Host Data

For a cell site group, you can synchronize data at the host level.

Procedure

1 Click Domains under Infrastructure Automation.

2 Click Cell Site Group.

3 Select the cell site group under which you want to synchronize the host data.

4 To synchronize host data, click the Host tab.

5 Select one or more hosts.

VMware, Inc. 130

VMware Telco Cloud Automation User Guide

6 Click Resync.

The Confirm Resync dialog box appears with the Partial Resync check box selected by
default.

7 Determine whether you want to choose the partial Resync option or not based on the
following:

n If you choose the Partial Resync option, hosts are processed based on any of the
following conditions:

n Status of the cell site host is FAILED, and the status of the host setting is NOT
CONFIGURED

n Status of the cell site host is PROVISIONED, and the status of the host setting is
FAILED

n If you don't choose the Partial Resync option, hosts with any status except for IN
PROGRESS and DELETING are processed.

8 In the Confirm Resync dialog box, click Resync.

Delete a Domain
Starting from VMware Telco Cloud Automation version 2.1, the process for deleting domains has
changed.

Previous Behavior
Previously, to delete a domain you had to remove the domain definition from the domains list.
And at the back-end, VMware Telco Cloud Automation deleted the domain.

For example, the following code snippet is a sample cloud spec file with two domains - test1 and
test2.

{
"domains": [
{
"name": "test1",
...
},
{
"name": "test2",
...
}
],
"settings": {
...
},
"appliances": [
...
],
"images": {
...

VMware, Inc. 131

VMware Telco Cloud Automation User Guide

}
}

To delete test1, you had to modify this cloud spec file by removing test1 from it.

{
"domains": [
{
"name": "test2",
...
}
],
"settings": {
...
},
"appliances": [
...
],
"images": {
...
}
}

Current Behavior
Now, to delete a domain you can add a list of strings (names of the domains you need to delete)
to the deleteDomains field in the cloud spec file. For example, deleteDomains" : ["cdc1",
"rdc1"].

It is optional to include or exclude the domain to be deleted in the domains list. The following
code snippet is an example for the new behavior. We provide test1 in deleteDomains list to
delete that domain.

{
"domains": [
{
"name": "test1",
...
},
{
"name": "test2",
...
}
],
"settings": {
...
},
"appliances": [
...
],
"images": {
...
},

VMware, Inc. 132

VMware Telco Cloud Automation User Guide

"deleteDomains": ["test1"]
}

Manually Removing Domain Information

Delete the information of damaged or faulted domains.

You can delete an enabled domain which is in a provisioned state, and has one or more hosts in
DELETE_FAILED state.

Prerequisites

n Remove the infrastructure associated with the domain. For example, management appliances
like vCenter, NSX manager, vRLI, vRO, TCA-CP, DVS, Portgroups, Host Folders, Network
Folders, DataCenters, Clusters, and ESXi hosts.

n Ensure that there is no active task running in Infrastructure Automation.

Procedure

1 Stop the tcf-manager docker container with the command docker stop tcf-manager .

2 Navigate to /common/lib/docker/volumes/tcf-manager-config/_data/ .

a Open the cloud_spec.json file, remove the entries of the domain as required.

b Open the cloud_config.json file, remove the entries of the domain as required.

c Open the ip_usage.json file, remove the entries of the domain as required.

3 Navigate to /common/lib/docker/volumes/tcf-manager-specs/_data/ .

a Open the certificates folder, remove the certificates of the domain as required.

b Open the csrs folder, remove the csr entries of the domain as required.

c Open the private folder, remove the entries of the domain as required.

d Remove the bringup json file of the required domain.

e Remove the appliance properties files of the required domain if available.

4 Stop the tcf-manager docker container with the command docker start tcf-manager .

Certificate Management
You can perform Certificate Signing Request (CSR) for domain.

VMware, Inc. 133

VMware Telco Cloud Automation User Guide

You can generate the CSR, upload SSL server certificate, and retry to generate the CSR.

Note
n Telco Cloud Automation supports only self-signed certificates.

n Do not enclose the certificate or the key in single or double quotes.

n In the certificate, add a new line after -----BEGIN CERTIFICATE----- and before -----END
CERTIFICATE----.

n In the private key, add a new line after -----BEGIN PRIVATE KEY----- and before -----END
PRIVATE KEY-----.

Prerequisites

Certificate Authority (CA) is added. For details on adding CA, see Add Certificate Authority.

Procedure

1 Click Domains under Infrastructure Automation.

2 Click the Central Site or Regional Site icon.

3 Select the management site to edit.

4 Click Edit.

5 To perform certificate operations, click Certificate Management.

6 Select the appliances to perform the operations.

n To generate the CSR, click Generate CSR. It generates the CSR, signs the CSR and applies
the certificate on the selected appliances.

n To upload a SSL server certificate, click Upload SSL Server Certificate.

n In Server Certificate, add the server certificate details.

n In Private Key, add the private key details.

n To finish SSL server certificate upload, click Upload.

n To retry the failed operation, click Retry.

n To refresh the certificate data for appliances, click Refresh.

7 To generate the CSR, click Generate CSR.

Viewing Tasks
You can view the status of the current and the past tasks executed in Infrastructure Automation.

You can view the status of all the tasks. This includes the current task and the older tasks. You
can view the progress, status, and the start and end time of the task.

VMware, Inc. 134

VMware Telco Cloud Automation User Guide

Procedure

1 Click Tasks tab under Infrastructure Automation.

A list of tasks appears.

2 Click the task for which you want to view details.

VMware, Inc. 135

Working with Kubernetes Clusters
10
A Kubernetes cluster is a set of nodes that run containerized applications.

Containerized applications are more lightweight and flexible than virtual machines, and they
share the operating system. In this way, Kubernetes clusters allow for applications to be more
easily developed, moved, and managed. Kubernetes clusters allow containers to run across
multiple machines and environments: Virtual, physical, cloud-based, and on-premises. For more
information about Kubernetes clusters and its components, see the Kubernetes documentation at
https://kubernetes.io/docs/concepts/overview/.

There must be a minimum of one controller node and one worker node for a Kubernetes cluster
to be operational. For production and staging, the cluster is distributed across multiple worker
nodes. For testing, the components can all run on the same physical or virtual node.

Network functions require special customizations such as Real-Time Kernel and HugePages on
Kubernetes Worker nodes. The advantage of deploying Kubernetes clusters through VMware
Telco Cloud Automation is that, it customizes the Kubernetes clusters according to its network
function requirement before deploying the CNFs.

Note The Node Customization feature is applicable only when you deploy Kubernetes clusters
through VMware Telco Cloud Automation.

VMware, Inc. 136

VMware Telco Cloud Automation User Guide

Kubernetes Cluster Deployment Process

Design Cluster
Deploy Kubernetes
Onboard vSphere VIM Template for
Management Cluster
Management Cluster

Design Cluster Kubernetes Workload

Deploy Kubernetes
Template for Cluster auto-onboarded as VIM to
Workload Cluster
Workload Cluster VMware Telco Cloud Automation

Customize Kubernetes Instantiate CNF on

Design / Upload CNF Workload Cluster Kubernetes Workload
CSAR based on CNF requirements Cluster VIM

VMware, Inc. 137

VMware Telco Cloud Automation User Guide

Late Binding and CaaS Automation Workflow

CNF LCM Late binding, CaaS Automation

VMware Telco Cloud Automation - Manager

VMware Telco Cloud Automation - Control Plane

Bootstrapper TKG CLI CCLI

5
1 2 3 4 7
6

Kubernetes NodeConfig VMConfig Kubernetes

Helm Control Operator Operator Cluster API Control
Plane Plane

TKG Management Cluster

NodeConfig
Daemon
TKG TKG Worker
Workload Node
Cluster

vSphere VMs

Legend

1. Helm - CNF Lifecycle Management (CNF LCM)

2. Kubernetes Control Plane - CNF inventory and configuration
3. NodeConfig Operator
• Kubernetes node customization
4. VMConfig Operator
• VM reconfigure
• Power on/off
5. VMware Tanzu Kubernetes Grid (TKG) CLI
• Creating TKG cluster plan files
• Talking to the management cluster for create, delete and upgrade operations through cluster APIs
• Adding nodes
6. Cluster API
• Inventory reading
• Resource management
• Event collection
7. CCLI
• List cluster details
• Run kubectl commands
• SSH to any node of the clusters

VMware, Inc. 138

VMware Telco Cloud Automation User Guide

This chapter includes the following topics:

n Working with Management Clusters

n Working with V1 Workload Clusters

n Working with v2 Workload Clusters

n Backing Up and Restoring Kubernetes Clusters

n Remotely Accessing Clusters From VMware Telco Cloud Automation

Working with Management Clusters

Update the Kubernetes version of a Management cluster, create and edit a Management cluster
template, and deploy a Management cluster.

Upgrade Management Kubernetes Cluster Version

You can upgrade the existing Management Kubernetes Cluster version to the latest versions of
Kubernetes supported in the current version of the VMware Telco Cloud Automation.

You can upgrade the Kubernetes cluster through VMware Telco Cloud Automation.

Note When you upgrade a management cluster to the latest version, the certificate renewal of
the cluster is automatically enabled and the number of days defaults to 90.

The following table lists the Kubernetes upgrade compatibility for the Management cluster when
upgrading from VMware Telco Cloud Automation.

VMware Telco Cloud Automation Existing Kubernetes Versions 1.24.10

2.2 1.23.10 Yes

Before upgrading Kubernetes to the latest version, consider the following constraints and
prepare for the upgrade plan:

n VMware Telco Cloud Automation preserves the customization performed through previous
CNF instantiate / upgrade on the nodepools of the cluster. Any manual changes performed
directly on the nodes are not preserved.

n Applications may face downtime during kubernetes upgrade and may take some time to be
available for operations.

n Clusters may take some time to be available for operations.

n Check and upgrade the required node pools in the Workload cluster.

n The IP addresses of master nodes and the worker nodes change after upgrade.

n If the upgrade fails, you can correct the configuration and perform the upgrade again.

Implications of Not Upgrading Management Cluster

Not upgrading a Management cluster can impact various operations.

VMware, Inc. 139

VMware Telco Cloud Automation User Guide

Not upgrading the management node can impact:

n Ability to edit the management cluster.

n Ability to create, upgrade, and modify the workload cluster managed through the
management cluster.

n Ability to upgrade and instantiate the CNF in the workload cluster managed through the
management cluster.

Upgrade the Kubernetes Version for a Cluster Instance

You can upgrade the existing version of Kubernetes to the latest Kubernetes.

Prerequisites

n Create an upgrade plan for the upgrading the cluster instance, considering the impact of
cluster downtime.

n Take backup of any manual customization added to the clusters. You must take the backup
manually.

Note You need to note down all the manual customization added to the clusters.

Procedure

1 Log in to the VMware Telco Cloud Automation web interface.

2 Go to Infrastructure > CaaS Infrastructure.

The CaaS Infrastructure page is displayed.

3 Select the cluster instance for upgrade.

4 Click the Options (⋮) symbol against the Kubernetes cluster that you want to upgrade.

5 Select Upgrade Cluster.

The Upgrade Cluster window is displayed.

6 In the Select Version field, select the Kubernetes version to upgrade from the list.

7 In the Virtual Machine Template, click the option to select the VM template applicable for the
new version of Kubernetes.

8 Click Upgrade.

The upgrade process starts.

9 Click > to view the progress of the update.

What to do next

To get the latest IP address details of the node, view the Cluster Instances page.

VMware, Inc. 140

VMware Telco Cloud Automation User Guide

Working with Kubernetes Cluster Templates

A Kubernetes cluster template is a blueprint of the Kubernetes cluster and contains the required
configuration. Before creating a Kubernetes cluster, create a Kubernetes cluster template for
deploying the cluster. Using VMware Telco Cloud Automation, you can create a Kubernetes
cluster template, upload, download, edit, and, use it for deploying multiple clusters.

When you define the Kubernetes cluster template, select whether it is a Management cluster
type or a Workload cluster type.

n Management cluster - A Management cluster is a Kubernetes cluster that performs the role
of the primary management and operational center. You use the Management cluster for
managing multiple Workload clusters.

n Workload cluster - The clusters where the actual application resides. Deploy network
functions on the Workload clusters.

When creating a Kubernetes cluster template for a Management cluster or a Workload cluster,
you must provide two types of configuration information:

n Cluster Configuration - Specify the details about the Container Storage Interfaces (CSI) such
as vSphere-CSI, NFS Client, and Container Network Interface (CNI) such as Antrea, Calico, and
Multus, version of Kubernetes, and tools such as Helm Charts.
n Master Node and Worker Node Configuration - Here, you specify the details about the
master node virtual machine and the worker node virtual machines. Specify details such as
the storage, CPU, memory size, number of networks, labels, number of replicas for the master
nodes, and worker nodes, and so on.

Supported Addon Versions

The addon versions are applicable only when deploying new Kubernetes clusters. They are not
applicable when you upgrade your Kubernetes cluster to a newer version.

Addon Versions

VMware
Telco Cloud VMware Tanzu
Automation Kubernetes Grid Kubernetes
Type Name Version Version Version Version

CNI Antrea v1.7.2_vmware. 2.3.0 2.1.1 n 1.22.17

1-tkg.1- n 1.23.16
advanced
n 1.24.10
CNI Calico v3.24.1_vmware
.1-tkg.1

CNI Multus v3.8.0_vmware.

2-tkg.2

CNI Whereabouts v0.5.4_vmware.

1-tkg.1

VMware, Inc. 141

VMware Telco Cloud Automation User Guide

VMware
Telco Cloud VMware Tanzu
Automation Kubernetes Grid Kubernetes
Type Name Version Version Version Version

CSI vSphere CSI v2.6.2_vmware.

2-tkg.2

CSI NFS Client v4.0.2

Monitoring Fluent-Bit v1.9.5_vmware.

1-tkg.1

Monitoring Prometheus v2.37.0_vmware

.2-tkg.1

Networking AKO v1.8.2_vmware.

1-tkg.1

System Cert-Manager 1.10.1+vmware.

1-tkg.2

Tools Velero v1.9.5_vmware.

Note Few of the add-on versions are controlled by TKG and therefore the versions may change
after the release. However, the version documented in the preceding table is the minimum
version available. For information on the updated versions, refer to the TKG documentation.

Create a Management Cluster Template

Create a Management cluster template and use it to deploy your Kubernetes Management
cluster.

Prerequisites

To perform this operation, you require a role with Infrastructure Design privilege.

Procedure

1 Log in to the VMware Telco Cloud Automation web interface.

2 Go to Infrastructure > Caas Infrastructure > Cluster Templates and click Add.

The Add Kubernetes Template wizard is displayed.

3 In the Template Detail tab, provide the following details:

n Name - Enter the name of the template.

n Cluster Type - Select Management Cluster.

n Description (Optional) - Enter a description for the template.

n Tags (Optional) - Add appropriate tags to the template.

VMware, Inc. 142

VMware Telco Cloud Automation User Guide

n Kubernetes Version - By default, the latest version of Kubernetes is selected.

Note The supported Container Network Interface (CNI) for a Management cluster is Antrea.

4 Click Next.

5 In the Master Node Configuration tab, enter the following details:

n Name - Name of the profile

n CPU - Number of vCPUs

n Memory - Memory in GB

n Storage - Storage size in GB

n Replica - Number of controller node VMs to be created. The ideal number of replicas for
production or staging deployment is 3.

n Networks - Enter the labels to group the networks. The minimum number of labels
required to connect to the management network is 1. Network labels are used for
providing networks inputs when deploying a cluster. Meaningful network labels such
as N1, N2, N3, and so on, help the deployment users provide the correct network
preferences. To add more labels, click Add.

Note For the Management network, master node supports only one label.

n Labels (Optional) - Enter the appropriate labels for this profile. These labels are applied to
the Kubernetes node. To add more labels, click Add.

6 To use the vSphere Linked Clone feature for creating linked clones for the Kubernetes nodes,
click Advanced Configuration and select Use Linked Cloning for Cloning the VMs.

7 Click Next.

8 In the Worker Node Configuration tab, add a node pool. A node pool is a set of nodes
that have similar properties. Pooling is useful when you want to group the VMs based on
the number of CPUs, storage capacity, memory capacity, and so on. You can add one node
pool to a Management cluster and multiple node pools to a Workload cluster, with different
groups of VMs. To add a node pool, enter the following details:

n Name - Name of the profile

n CPU - Number of vCPUs

n Memory - Memory in GB

n Storage - Storage size in GB

n Replica - Number of controller node VMs to be created.

n Networks - Enter the labels to group the networks. Network labels provide networks
inputs when deploying a cluster. To add more labels, click Add.

VMware, Inc. 143

VMware Telco Cloud Automation User Guide

n Labels - Enter the appropriate labels for this profile. These labels are added to the
Kubernetes node. To add more labels, click Add.

9 To use the vSphere Linked Clone feature for creating linked clones for the Kubernetes nodes,
click Advanced Configuration and select Use Linked Cloning for Cloning the VMs.

10 Click Next and review the configuration.

11 Click Add Template.

Results

The template is created.

What to do next

Create a Workload cluster template.

Add AVI Kubernetes Operator

You can add the AVI Kubernetes Operator - Operator (AKOO) when creating a Management
cluster template or by editing a cluster configuration.

This topic lists the steps to add AKOO using the Edit Cluster Configuration tab.

Procedure

1 Log in to the VMware Telco Cloud Automation web interface.

2 Go to Infrastructure > CaaS Infrastructure > Cluster Instances.

3 Click the Options (⋮) symbol against the Kubernetes cluster that you want to edit.

4 Click Edit Cluster Configuration.

5 In the Cluster Configuration tab, under Networking, click Add and select ako-operator.

6 Enter the following details:

Option Description

AVI Controller

Controller Host Enter the AVI controller host name. The format is
[scheme://address[:port].
n Scheme: HTTP or HTTPS. Defaults to HTTPS if the
scheme is not specified.
n Address: IPv4 address or the host name of the AVI
controller.
n Port: If port is not specified, it defaults to the port of
the AVI controller.

User Name Enter the user name to log in to the AVI controller.

Password Enter the password to log in to the AVI controller.

Trusted Certificate (Optional) Paste the trusted certificate in native multiline format for
secure communication with the AVI controller.

VMware, Inc. 144

VMware Telco Cloud Automation User Guide

Option Description

Load Balancer and Ingress Service Configuration

Cloud Name Enter the cloud name configured in the AVI Controller.

Default Service Engine Group Enter the service engine group name configured in the
AVI Controller.

Default VIP Network Enter the VIP network name in the AVI Controller.

Default VIP Network CIDR Enter the VIP network CIDR in the AVI Controller.

Note If the certificate or password of the Avi Controller expires, you can edit the AKO
Operator configurations with the new certificate or password.

7 Click Add.

Edit a Kubernetes Cluster Template

You can edit a cluster template to update its description, cluster configuration, tags, Kubernetes
version, master node configuration details, and worker node configuration details.

Note
n Ensure that storage size is 50 GB.

n Ensure that the network label length does not exceed 15 characters.
n Editing the Kubernetes cluster template does not change the cluster instances that are
already deployed.

To perform this operation, you require a role with Infrastructure Design privileges.

Procedure

1 Log in to the VMware Telco Cloud Automation web interface.

2 Go to Infrastructure > CaaS Infrastructure and click the Cluster Templates tab.

3 Select the Kubernetes cluster template that you want to edit.

4 Click Edit.

5 In the Edit Kubernetes Template wizard, make the required updates to the template details,
master node configuration, and worker node configuration fields.

6 Review the updates and click Update Template.

Results

You have successfully updated the cluster template.

VMware, Inc. 145

VMware Telco Cloud Automation User Guide

Download and Upload a Kubernetes Cluster Template

You can download a Kubernetes cluster template as a JSON file and upload it to another
environment. This option is useful when you want to share a validated cluster template across
multiple environments.

Note To make sure that all the features are available, download or upload a Kubernetes cluster
template of the same VMware Telco Cloud Automation version.

Procedure

1 Log in to the VMware Telco Cloud Automation web interface.

2 Go to Infrastructure > CaaS Infrastructure and click the Cluster Templates tab.

3 To download, select the cluster template and click Download.

The cluster template downloads as a JSON file.

4 To upload the JSON file to a different environment, navigate to the environment and log in to
the VMware Telco Cloud Automation web interface.

5 Go to CaaS Infrastructure > Cluster Templates.

6 Click Upload and select the JSON file.

7 Click Upload.

The cluster template uploads to your environment and is available in the CaaS Infrastructure
> Cluster Templates tab.

Delete a Kubernetes Cluster Template

Delete a Kubernetes cluster template from VMware Telco Cloud Automation.

Note You cannot delete a Kubernetes template when it is being used for deploying a cluster.

Procedure

1 Log in to the VMware Telco Cloud Automation web interface.

2 Go to Infrastructure > CaaS Infrastructure and click the Cluster Templates tab.

3 Select the Kubernetes cluster template that you want to delete.

4 Click Delete.

5 Confirm the delete operation.

Results

The cluster template is deleted from VMware Telco Cloud Automation.

Upgrade the Kubernetes Version for Cluster Template

You can upgrade the existing version of the Kubernetes version to the latest Kubernetes version.

VMware, Inc. 146

VMware Telco Cloud Automation User Guide

For steps to upgrade the Kubernetes version of a cluster template, see Edit a Kubernetes Cluster
Template.

Deploy a Management Cluster

Deploy a cluster using the Kubernetes cluster template.

Prerequisites

n You require a role with Infrastructure Lifecycle Management privileges.

n You must have uploaded the Virtual Machine template to VMware Telco Cloud Automation.

n You must have onboarded a vSphere VIM.

n You must have created or uploaded a Management cluster template.

n A network must be present with the DHCP range and the static IP address of the same
subnet.

Procedure

1 Log in to the VMware Telco Cloud Automation web interface.

2 Go to Infrastructure > CaaS Infrastructure and click Deploy Cluster.

Note Depending on the VMware Telco Cloud Automation setup, internet accessed or air-
gapped, the options available for the cluster may change.

3 From the drop-down menu, select Management Cluster (v1).

n If you have saved a validated Management cluster configuration that you want to
replicate on this cluster, click Upload on the top-right corner and upload the JSON file.
The fields are then auto-populated with this configuration information and you can edit
them as required. You can also use the Copy Spec function of VMware Telco Cloud
automation instead of JSON file, for details, see Copy Spec and Deploy New.

n If you want to create a Management cluster configuration from the beginning, perform
the next steps.

4 Select a cloud on which you want to deploy the Kubernetes cluster.

Under the Advanced Options, you can select the Infrastructure for Management Cluster
LCM. The VMware Telco Cloud Automation uses this VIM and associated control planes for
cluster LCM operations.

5 Click Next.

6 The Select Cluster Template tab displays the available Kubernetes cluster templates. Select
the Management Kubernetes cluster template that you have created.

Note If the template displays as Not Compatible, edit the template and try again.

7 Click Next.

VMware, Inc. 147

VMware Telco Cloud Automation User Guide

8 In the Kubernetes Cluster Details tab, provide the following details:

n Name - Enter the cluster name. The cluster name must be compliant with DNS hostname
requirements as outlined in RFC-952 and amended in RFC-1123.

n Description (Optional) - Enter an optional description of the cluster.

n Password - Create a password to log in to the Master and Worker nodes. The default
user name is capv.

Note Ensure that the password meets the minimum requirements displayed in the UI.

n Confirm Password - Confirm the password that you have entered.

n OS Image With Kubernetes - The pop-up menu displays the OS image templates in your
vSphere instance that meet the criteria to be used as a Tanzu Kubernetes Grid base OS
image with the selected Kubernetes version. If there are no templates, ensure that you
upload them to your vSphere environment.

n IP Version - Whether to use the IPv4 or IPv6 for cluster deployment. Select the value
from the drop-down list.

n Virtual IP Address - VMware Tanzu Kubernetes Grid deploys a kube-vip pod that
provides load-balancing services to the cluster API server. Thiskube-vip pod uses a
static virtual IP address to load-balance API requests across multiple nodes. Assign an
IP address that is not within your DHCP range, but in the same subnet as your DHCP
range.

n Syslog Servers - Add the syslog server IP address/FQDN for capturing the infrastructure
logs of all the nodes in the cluster.

n vSphere Cluster - Select the default vSphere cluster on which the Master and Worker
nodes are deployed.

n Resource Pool - Select the default resource pool on which the Master and Worker nodes
are deployed.

n VM Folder - Select the virtual machine folder on which the Master and Worker nodes are
placed.

n Datastore - Select the default datastore for the Master and Worker nodes to use.

n MTU (Optional) - Select the maximum transmission unit (MTU) in bytes for management
interfaces of control planes and node pools. If you do not select a value, the default value
is 1500.

n Domain Name Servers - Enter a valid DNS IP address. These DNS servers are configured
in the guest operating system of each node in the cluster. You can override this option on
the Master node and each node pool of the Worker node. To add a DNS, click Add.

VMware, Inc. 148

VMware Telco Cloud Automation User Guide

n Airgap & Proxy Settings - Use this option when you need to configure the Airgap or the
Proxy environment for VMware Telco Cloud Automation. If you do not want to use the
Airgap or Proxy, select None.

Note You must use either airgap or proxy in an IPv6 setup. Do not select none for an
IPv6 setup.

n In an air-gapped environment:

n If you have added an air-gapped repository, select the repository using the
Airgap Repository drop-down menu.

n If you have not added an air-gapped repository yet and want to add one now,
select Enter Repository Details:

n FQDN - Enter the URL of your repository.

n CA Certificate - If your air-gapped repository uses a self-signed certificate,

paste the contents of the certificate in this text box. Ensure that you copy
and paste the entire certificate, from ----BEGIN CERTIFICATE---- to ----END
CERTIFICATE----.

n In a proxy environment:

n If you have added a proxy, select the proxy using the Proxy Repository drop-
down menu.

n If you have not added proxy yet and want to add one now, select Enter Proxy
Details and provide the following details:

n HTTP Proxy - To route the HTTP requests through proxy, enter the URL or full
domain name of HTTP proxy. You must use the format FQDN:Port or IP:Port.

n HTTPS Proxy - To route the HTTPs requests through proxy, enter the URL
or full domain name of HTTPs proxy. You must use the format FQDN:Port or
IP:Port.

n (Optional) No Proxy - Enter the name of the local server.

Note You must add the cluster node network CIDR, vCenter FQDN(s), harbor
FQDN(s) and any other host that you want to bypass the proxy in this list.

n (Optional) CA Certificate - If your air-gapped repository uses a self-signed

certificate, paste the contents of the certificate in this text box. Ensure that
you copy and paste the entire certificate, from ----BEGIN CERTIFICATE---- to
----END CERTIFICATE----.

9 In Harbor, If you have defined a Harbor repository as a part of your Partner system, click Add
> Select Repository. To add a new repository, click Add > Enter Repository Detail.

Note You can add multiple Harbor repositories.

VMware, Inc. 149

VMware Telco Cloud Automation User Guide

10 Click Next.

11 In the Control Plane Node Configuration tab, provide the following details:

Note VMware Telco Cloud Automation displays the allocated CPU, Memory, and Storage
details along with number of Replica details of the master node. These configurations depend
on the Cluster template selected for Kubernetes Cluster deployment.

n vSphere Cluster (Optional) - If you want to use a different vSphere Cluster for the Master
node, select the vSphere cluster from here.

n Resource Pool (Optional) - If you want to use a different resource pool for the master
node, select the resource pool from here.

n Datastore (Optional) - If you want to use a different datastore for the master node, select
the datastore from here.

n Network - Associate a management or a private network. Ensure that the management

network connects to a network where DHCP is enabled, and can access the VMware
Photon repository.

n Domain Name Servers - You can override the DNS. To add a DNS, click Add.

12 Click Next.

13 In the Worker Node Configuration tab, provide the following details:

n vSphere Cluster (Optional) - If you want to use a different vSphere Cluster for the worker
node, select the vSphere cluster from here.

n Resource Pool (Optional) - If you want to use a different resource pool for the worker
node, select the resource pool from here.

n Datastore (Optional) - If you want to use a different datastore for the worker node, select
the datastore from here.

n Network - Associate a management or a private network. Ensure that the management

network can access the VMware Photon repository.

n Domain Name Servers - You can override the DNS. To add a DNS, click Add.

14 Click Next and review the configuration. You can download the configuration and reuse it for
deploying a cluster with a similar configuration.

15 Click Deploy.

When deploying a management cluster, the certificate renewal of the cluster is automatically
enabled and the number of days defaults to 90.

VMware, Inc. 150

VMware Telco Cloud Automation User Guide

If the operation is successful, the cluster is created and its status changes to Active. If the
operation fails, the cluster status changes to Not Active. If the cluster fails to create, delete
the cluster, upload the previously downloaded configuration, and recreate it.

Results

The Management cluster is deployed and VMware Telco Cloud Automation automatically pairs it
with the cluster of the site.

Note You can deploy one Management cluster at a time. Parallel deployments are queued and
deployed in sequence.

What to do next

n You can view the Kubernetes clusters deployed through VMware Telco Cloud Automation
from the Kubernetes Cluster tab.

n To view more details of the Kubernetes cluster that you have deployed, change the
password, or to add syslog servers, go to CaaS Infrastructure > Cluster Instances and click
the cluster.

Edit a Management Cluster Control Plane

You can scale up or scale down the number of control plane nodes for a cluster. You can also
configure the Machine Health Check for these nodes.

Procedure

1 Log in to the VMware Telco Cloud Automation web interface.

2 Navigate to Infrastructure > CaaS Infrastructure > Cluster Instances.

3 Click ⋮ corresponding to the management cluster that you want to edit and select Edit
Control Plane Node Configuration.

4 (Optional) modify the value of Replicas to scale down or scale up the control plane nodes.

5 (Optional) to activate the machine health check, select Configure Machine Health Check. For
more information, see Machine Health Check.

By default, the Machine Health Check controller is deactivated.

6 Under Advanced Configuration, you can configure the node start-up timeout duration and
set the unhealthy conditions.

a Node Start Up Timeout- (Optional) Enter the time duration for Machine Health Check to
wait for the node to join the cluster. If the node does not join within the specified time,
Machine Health Check considers it unhealthy and starts the remediation process.

b Node Unhealthy Conditions - Set unhealthy conditions for the nodes. If any of these
conditions are met, Machine Health Check considers these nodes as unhealthy and starts
the remediation process.

VMware, Inc. 151

VMware Telco Cloud Automation User Guide

7 Click SAVE.

Edit a Management Cluster Node Pool

You can scale up or scale down the number of nodes for a cluster. You can also configure the
Machine Health Check for these nodes.

Procedure

1 Log in to the VMware Telco Cloud Automation web interface.

2 Navigate to Infrastructure > CaaS Infrastructure > Cluster Instances.

3 Click ⋮ corresponding to the management cluster that you want to edit and select Edit
Worker Node Configuration.

4 Select the node pool that you want to edit and click Edit.

5 Modify the value of Replicas to scale down or scale up the node pool.

6 To activate the machine health check, select Configure Machine Health Check. For more
information, see Machine Health Check.

By default, the Machine Health Check controller is deactivated.

7 Under Advanced Configuration, you can configure the Node Start Up Timeout duration and
set the unhealthy conditions.

b Node Unhealthy Conditions - Set unhealthy conditions for the nodes. If any of these
conditions are met, Machine Health Check considers these nodes as unhealthy and starts
the remediation process.

8 Click UPDATE.

Working with V1 Workload Clusters

Update the Kubernetes version of a V1 Workload cluster, create and edit a Workload cluster
template, and deploy a Workload cluster.

Upgrade Workload Kubernetes Cluster Version

You can upgrade the existing Workload Kubernetes Cluster version to the latest versions of
Kubernetes supported in the current version of the VMware Telco Cloud Automation.

The following table lists the Kubernetes upgrade compatibility for the Workload cluster when
upgrading from VMware Telco Cloud Automation.

VMware, Inc. 152

VMware Telco Cloud Automation User Guide

VMware
Telco Cloud
Automation Existing Kubernetes Versions v1.22.17 v1.23.16 v1.24.10

2.2 1.21.14 Yes No No

2.2 1.22.13 Yes Yes No

2.2 1.23.10 No Yes Yes

Note Before upgrading to TCA 2.3, it is mandatory to upgrade all the Kubernetes clusters
deployed as part of TCA 2.1.x in TCA 2.2.

Implications of Not Upgrading Workload Cluster

Not upgrading an unsupported Workload cluster can impact various operations.

Not upgrading the workload cluster can impact:

n Ability to edit the workload cluster.

n Ability to create, upgrade, and modify the node pools.

n Ability to upgrade and instantiate the CNF.

Deploying a Workload Kubernetes Cluster

Deploy a Workload cluster using the Kubernetes cluster template.You can deploy distributed
Workload clusters where the Master node can be on one vSphere cluster and the Worker node
on another vSphere cluster.

VMware Telco Cloud Automation uses VMware Tanzu Kubernetes Grid to create VMware Tanzu
Kubernetes clusters. VMware Tanzu Kubernetes Grid has concepts such as Management and
Workload clusters. The Management cluster manages the Workload clusters and both these
clusters can be deployed on different vCenter Servers.

For more information about the VMware Tanzu Kubernetes Grid concepts, see Tanzu Kubernetes
Grid Concepts at https://docs.vmware.com/en/VMware-Tanzu-Kubernetes-Grid/index.html.

Deploy a Workload Cluster

Deploy a Workload cluster using the Kubernetes cluster template.

Prerequisites

n You require a role with Infrastructure Lifecycle Management privileges.

n You must have uploaded the Virtual Machine template to VMware Telco Cloud Automation.

n You must have onboarded a vSphere VIM.

n You must have created a Management cluster or uploaded a Workload cluster template.

n A network must be present with a DHCP range and a static IP of the same subnet.

VMware, Inc. 153

VMware Telco Cloud Automation User Guide

n When you enable multi-zone, ensure that:

n For region: vSphere Datacenter has tags attached for the selected category.

n For zone: vSphere Cluster or hosts under the vSphere cluster has tags attached for the
selected category. Ensure that vSphere Cluster and hosts under vSphere cluster do not
share the same tags.

Procedure

1 Log in to the VMware Telco Cloud Automation web interface.

2 Go to Infrastructure > CaaS Infrastructure and click Deploy Kubernetes Cluster.

n If you have saved a validated Workload cluster configuration that you want to replicate
on this cluster, click Upload on the top-right corner and upload the JSON file. The fields
are then auto-populated with this configuration information and you can edit them as
required. You can also use the Copy Spec function of VMware Telco Cloud automation
instead of JSON file, for details, see Copy Spec and Deploy New.

n If you want to create a Workload cluster configuration from the beginning, perform the
next steps.

3 Select a cloud on which you want to deploy the Kubernetes cluster.

4 Click Next.

5 The Select Cluster Template tab displays the available Kubernetes clusters. Select the
Workload Kubernetes cluster template that you have created.

Note If the template displays as Not Compatible, edit the template and try again.

6 Click Next.

7 In the Kubernetes Cluster Details tab, provide the following details:

n Name - Enter the cluster name. The cluster name must be compliant with DNS hostname
requirements as outlined in RFC-952 and amended in RFC-1123.

n Description (Optional) - Enter an optional description of the cluster.

n Management Cluster - Select the Management cluster from the drop-down menu. You
can also select a Management cluster deployed in a different vCenter.

n Password - Create a password to log in to the Master node and the Worker node. The
default user name is capv.

Note Ensure that the password meets the minimum requirements displayed in the UI.

n Confirm Password - Confirm the password that you have entered.

VMware, Inc. 154

VMware Telco Cloud Automation User Guide

n Syslog Servers - Add the syslog server IP address/FQDN for capturing the infrastructure
logs of all the nodes in the cluster.

n vSphere Cluster - Select the default vSphere cluster on which the Master and the Worker
nodes are deployed.

n Resource Pool - Select the default resource pool on which the Master and Worker nodes
are deployed.

n VM Folder - Select the virtual machine folder on which the Master and Worker nodes are
placed.

n Datastore - Select the default datastore for the Master and Worker nodes to use.

n MTU (Optional) - Select the maximum transmission unit (MTU) in bytes for management
interfaces of control planes and node pools. If you do not select a value, the default value
is 1500.

n Airgap & Proxy Settings - Use this option when you need to configure the Airgap or the
Proxy environment for VMware Telco Cloud Automation. If you do not want to use the
Airgap or the Proxy, select None.

n In an air-gapped environment:

n If you have added an air-gapped repository, select the repository using the
Airgap Repository drop-down menu.

n If you have not added an air-gapped repository yet and want to add one now,
select Enter Repository Details:

n Name - Provide a name for your repository.

n FQDN - Enter the URL of your repository.

n CA Certificate - If your air-gapped repository uses a self-signed certificate,

paste the contents of the certificate in this text box. Ensure that you copy
and paste the entire certificate, from ----BEGIN CERTIFICATE---- to ----END
CERTIFICATE----.

n In a proxy environment

n If you have added a proxy repository, select the repository using the Proxy
Repository drop-down menu.

VMware, Inc. 155

VMware Telco Cloud Automation User Guide

n If you have not added a proxy repository yet and want to add one now, select
Enter Repository Details:

n HTTP Proxy - To route the HTTP requests through the proxy, enter the URL or
full domain name of the HTTP proxy.

n HTTPS Proxy - To route the HTTPs requests through the proxy, enter the URL
or full domain name of the HTTPs proxy.

n No Proxy - Enter the name of the local server.

n CA Certificate - If your air-gapped repository uses a self-signed certificate,

paste the contents of the certificate in this text box. Ensure that you copy
and paste the entire certificate, from ----BEGIN CERTIFICATE---- to ----END
CERTIFICATE----.

n Harbor - If you have defined a Harbor repository as a part of your Partner system, click
Add > Select Repository. To add a new repository, click Add > Enter Repository Detail.

Note You can add multiple Harbor repositories.

n NFS Client - Enter the server IP address and the mount path of the NFS client. Ensure that
the NFS server is reachable from the cluster. The mount path must be accessible to read
and write.

n If all the nodes inside the Kubernetes cluster do not have access to the shared datastore,
you can enable multi-zone. To enable multi-zone, provide the following details in the
vSphere CSI:

Note Multi-Zone feature is not supported on an existing Kubernetes cluster that

is upgraded from previous VMware Telco Cloud Automation versions. It is also not
supported on a newly created workload cluster from a Management cluster that is
upgraded from a previous VMware Telco Cloud Automation version.

n Enable Multi-Zone - Click the corresponding button to enable the multi-zone feature.

n Region - Select the region from list of categories. VMware Telco Cloud Automation
obtains the information of categories created in the VMware vSphere server and
displays the list.

Note If you cannot find the region in the list, click Force Refresh to obtain the latest
list of categories from the VMware vSphere server.

n Zone - Select the zone from list of categories. VMware Telco Cloud Automation
obtains the information of zones created in the VMware vSphere server and displays
the list.

Note If you cannot find the zone in the list, click Force Refresh to obtain the latest list
of categories from the VMware vSphere server.

VMware, Inc. 156

VMware Telco Cloud Automation User Guide

n vSphere CSI Datastore (Optional) - Select the vSphere CSI datastore. This datastore must
be accessible from all the nodes in the cluster. This datastore is provided as parameter
to default Storage Class. When you enable the multi-zone, the vSphere CSI Datastore is
disabled.

8 Click Next.

9 In the Control Plane Node Configuration tab, provide the following details:

n vSphere Cluster (Optional) - If you want to use a different vSphere Cluster for the master
node, select the vSphere cluster from here.

n Resource Pool (Optional) - If you want to use a different resource pool for the master
node, select the resource pool from here.

n Datastore (Optional) - If you want to use a different datastore for the master node, select
the datastore from here.

n Network - Associate a management or a private network. Ensure that the management

network connects to a network where DHCP is enabled, and can access the VMware
Photon repository.

n Domain Name Servers - You can override the DNS. To add a DNS, click Add.

10 Click Next.

11 In the Worker Node Configuration tab, provide the following details for each node pool
defined in the template:

n vSphere Cluster (Optional) - If you want to use a different vSphere Cluster for the worker
node, select the vSphere cluster from here.

n Resource Pool (Optional) - If you want to use a different resource pool for the worker
node, select the resource pool from here.

n Datastore (Optional) - If you want to use a different datastore for the worker node, select
the datastore from here.

n Network - Associate a management or a private network. Ensure that the management

network connects to a network where DHCP is enabled, and can access the VMware
Photon repository.

12 Click Next and review the configuration. You can download the configuration and reuse it for
deploying a cluster with a similar configuration.

13 Click Deploy.

VMware, Inc. 157

VMware Telco Cloud Automation User Guide

Results

The Workload cluster is deployed and VMware Telco Cloud Automation automatically pairs it
with the cluster's site.

What to do next

n You can view the Kubernetes clusters deployed through VMware Telco Cloud Automation
from the Kubernetes Cluster tab.

n To view more details of the Kubernetes cluster that you have deployed, go to CaaS
Infrastructure > Cluster Instances and click the cluster.

Create a v1 Workload Cluster Template

Create a Workload cluster template and use it for deploying your workload clusters.

Prerequisites

To perform this operation, you require a role with Infrastructure Design privileges.

Procedure

1 Log in to the VMware Telco Cloud Automation web interface.

2 Go to Infrastructure > Caas Infrastructure > Cluster Templates and click Add.

3 In the Template Details tab, provide the following details:

n Name - Enter the name of the Workload cluster template.

n Cluster Type - Select Workload Cluster.

n Description (Optional) - Enter a description for the template.

n Tags (Optional) - Add appropriate tags to the template.

4 Click Next.

5 In the Cluster Configuration step, provide the following details:

n Kubernetes Version - Select the Kubernetes version from the drop-down menu. For the
list of supported versions, see Table 1-1. Supported Features on Different VIM Types.

VMware, Inc. 158

VMware Telco Cloud Automation User Guide

n CNI - Click Add and select a Container Network Interface (CNI). The supported CNIs are
Multus, Calico, and Antrea. To add additional CNIs, click Add under CNI.

Note
n Either Calico or Antrea and only one of them must be present. Multus is mandatory
when the network functions require any CNI plug-ins such as SRIOV or Host-Device.

n You can add CNI plug-ins such as SRIOV as a part of Node Customization when
instantiating, upgrading, or updating a CNF.

n The following CNIs or CNI plug-ins are available by default:

Note VMware Telco Cloud Automation does not support dhcp in an IPv6
environment.

bandwidth
dhcp
flannel
host-local
loopback
ptp
static
vlan
bridge
firewall
host-device
ipvlan
macvlan
portmap
sbr
tuning

n CSI - Click Add and select a Container Storage Interface (CSI) such as vSphere CSI or
NFS Client. For more information, see https://vsphere-csi-driver.sigs.k8s.io/ and https://
github.com/kubernetes-sigs/nfs-subdir-external-provisioner.

Note You can create a persistence volume using vSphere CSI only if all nodes in cluster
have access to shared datastore.

n Timeout (Optional) (For vSphere CSI) - Enter the CSI driver call timeout in seconds.
The default timeout is 300 seconds.

n Storage Class - Enter the storage class name. This storage class is used to provision
Persistent Volumes dynamically. A storage class with this name is created in the
Kubernetes cluster. The storage class name defaults to vsphere-sc for the vSphere
CSI type and nfs-client for the NFS Client type.

VMware, Inc. 159

VMware Telco Cloud Automation User Guide

n Default Storage Class - To set this storage class as default, enable the Default
Storage Class option. The storage class defaults to True for the vSphere CSI type.
It defaults to False for the NFS Client type. Only one of these types can be the default
storage class.

Note Only one vSphere CSI type and one NFS Client type storage class can be
present. You cannot add more than one storage class of the same type.

n To add additional CSIs, click Add under CSI.

n Tools - The current supported tool is Helm. Helm helps in troubleshooting the deployment
or upgrade of a network function.

n Helm 3.x is pre-installed in the cluster and the option to select the Helm 3.x is removed
from cluster template.

n Helm version 2 is mandatory when the network functions deployed on this cluster
depend on Helm v2. The supported Helm 2 version is 2.17.0.

n If you provide Helm version 2, VMware Telco Cloud Automation automatically deploys
Tiller pods in the Kubernetes cluster. If you require Helm CLI to interact with your
Kubernetes cluster for debugging purposes, install Helm CLI manually.

n Note
n If you require any other version of Helm, apart from the installed versions, you
must install the required versions manually.

Click Add and select Helm from the drop-down menu. Enter the Helm version.

6 Click Next.

7 In the Master Node Configuration tab, enter the following details:

n Name - Name of the pool. The node pool name cannot be greater than 36 characters.

n CPU - Number of vCPUs

n Memory - Memory in GB

n Storage - Storage size in GB. Minimum disk size required is 50 GB.

n Replica - Number of controller node VMs to be created. The ideal number of replicas for
production or staging deployment is 3.

VMware, Inc. 160

VMware Telco Cloud Automation User Guide

n Labels (Optional) - Enter the appropriate labels for this profile. These labels are applied to
the Kubernetes node. To add more labels, click Add.

Note For the Management network, master node supports only one label.

8 To use the vSphere Linked Clone feature for creating linked clones for the Kubernetes nodes,
click Advanced Configuration and select Use Linked Cloning for Cloning the VMs.

9 In the Worker Node Configuration tab, add a node pool. A node pool is a set of nodes that
have similar VMs. Pooling is useful when you want to group the VMs based on the number of
CPUs, storage capacity, memory capacity, and so on. You can add multiple node pools with
different groups of VMs. Each node pool can be deployed on a different cluster or a resource
pool.

Note All Worker nodes in a node pool contain the same Kubelet and operating system
configuration. Deploy one network function with infrastructure requirements on one node
pool.

You can create multiple node pools for the following scenarios:

n When you require the Kubernetes cluster to be spanned across multiple vSphere clusters.

n When the cluster is used for multiple network functions that require node customizations.
To add a node pool, enter the following details:

n Name - Name of the node pool. The node pool name cannot be greater than 36
characters.

n CPU - Number of vCPUs

n Memory - Memory in MB

n Storage - Storage size in GB. Minimum disk size required is 50 GB.

n Replica - Number of controller node VMs to be created.

n Networks - Enter the labels to group the networks. Networks use these labels to provide
network inputs during a cluster deployment. Add additional labels for network types such
as IPvlan, MacVLAN, and Host-Device. Meaningful network labels such as N1, N2, N3,
and so on, help users provide the correct network preferences during deployment. It is
mandatory to include a management interface label. SR-IOV interfaces are added to the
Worker nodes when deploying the network functions.

Note A label length must not exceed 15 characters.

Apart from the management network, which is always the first network, the other labels
are used as interface names inside the Worker nodes. For example, when you deploy a
cluster using the template with the labels MANAGEMENT, N1, and N2, the Worker nodes
interface names are eth0, N1, N2. To add more labels, click Add.

VMware, Inc. 161

VMware Telco Cloud Automation User Guide

n Labels - Enter the appropriate labels for this profile. These labels are applied to the
Kubernetes node and you can use them as node selectors when instantiating a network
function. To add more labels, click Add.

10 Under CPU Manager Policy, set CPU reservations on the Worker nodes as Static or
Default. For information about controlling CPU Management Policies on the nodes, see
the Kubernetes documentation at https://kubernetes.io/docs/tasks/administer-cluster/cpu-
management-policies/.

Note For CPU-intensive workloads, use Static as the CPU Manager Policy.

11 To enable Machine Health Check, select Configure Machine Health Check. For more
information, see Machine Health Check.

12 Under Advanced Configuration, you can configure the Node Start Up Timeout duration and
set the unhealthy conditions.

a (Optional) Enter the Node Start Up Timeout time duration for Machine Health Check to
wait for a node to join the cluster. If a node does not join during the specified time,
Machine Health Check considers it unhealthy.

b Set unhealthy conditions for the nodes. If any of these conditions are met, Machine Health
Check considers these nodes as unhealthy and starts the remediation process.

13 To use the vSphere Linked Clone feature for creating linked clones for the Kubernetes nodes,
click Advanced Configuration and select Use Linked Cloning for Cloning the VMs.

14 Click Next and review the configuration.

15 Click Add Template.

Results

The template is created.

What to do next

Deploy a Management or Workload cluster.

Managing Workload Clusters after Deployment

After you deploy a Kubernetes cluster, you can edit its cluster configuration, Master and Worker
node configurations, upgrade the Kubernetes version, and change the Kubernetes password.

Transform v1 Workload Cluster to v2 Workload Cluster

Using the VMware Telco Cloud Automation user interface, you can transform a Workload cluster
that was created using the v1 API schema to the latest v2 API schema.

Note When you transform a v1 workload cluster to a v2 workload cluster, the certificate renewal
of the cluster is automatically enabled and the number of days defaults to 90.

VMware, Inc. 162

VMware Telco Cloud Automation User Guide

Prerequisites

n You require a role with Infrastructure Lifecycle Management privileges.

Note
n For a successful transformation of node pools, you must perform the sync esx info API call
before initiating a transform of imported v1 clusters.

n After the Workload Cluster transformation:

n You cannot obtain the Task history of transformed Workload Cluster.

n VMware Telco Cloud Automation changes the node pool name from <existing nodepool
name> to <cluster name>-<existing nodepool name >. For example, if a Workload Cluster
w1 has a node pool named np1, then after transformation node pool name becomes
w1-np1.

n You cannot use the v1 API on the transformed Workload Cluster. You can use the v2 API
to manage all the life-cycle management operations on this Workload Cluster.

Procedure

1 Log in to the VMware Telco Cloud Automation web interface.

The CaaS Infrastructure dashboard lists the v1 and v2 clusters and their status.

2 Click the ⋮ menu against a v1 cluster that you want to transform, and click Transform Cluster.

Note After you transform a v1 Workload cluster to v2 Workload cluster, you cannot perform
any v1 operations on it.

3 Click Transform.

Results

VMware Telco Cloud Automation converts the v1 Workload Cluster to v2 Workload cluster. You
can now perform v2 life-cycle management operations on it.

Stop a Cluster Creation Operation

You can stop an ongoing cluster creation operation.

Prerequisites

Note This operation is supported only on Workload clusters.

Procedure

1 Log in to the VMware Telco Cloud Automation web interface.

2 Go to Infrastructure > CaaS Infrastructure > Cluster Instances.

3 Click the Options (⋮) symbol against the Kubernetes cluster creation operation that you want
to stop.

VMware, Inc. 163

VMware Telco Cloud Automation User Guide

4 Click Abort.

Results

VMware Telco Cloud Automation rolls back the progress of Kubernetes Cluster creation
operation and deletes all the deployed nodes. After VMware Telco Cloud Automation stops the
cluster creation operation, you cannot deploy the same cluster again.

Edit a Kubernetes Cluster Configuration

You can add a Container Network Interface (CNI) such as Multus to the existing list of CNIs,
update the Container Storage Interface (CSI) timeout duration, and toggle the default storage
class type. You can add a tool such as Helm to manage your Kubernetes applications and update
its version. You can also add or update the syslog servers to redirect the infrastructure logs of
the Master and Worker nodes, and update the Harbor repository details.

Prerequisites

Ensure that the cluster is not running any operations.

Procedure

1 Log in to the VMware Telco Cloud Automation web interface.

2 Go to Infrastructure > CaaS Infrastructure > Cluster Instances.

3 Click the Options (⋮) symbol against the Kubernetes cluster that you want to edit.

4 Click Edit Cluster Configuration.

5 In the Cluster Configuration tab, add a CNI, CSI, tool, AVI Kubernetes Operator (AKO), or
syslog server, and click Save.

Note In a Workload cluster:

n You cannot edit the Storage Class name in the vSphere-CSI (NFS Client is also not
supported).

n You can add CNI, CSI, or Tools, but cannot remove them.

n You cannot enable Multi-Zone on an existing Kubernetes cluster that is upgraded from
previous VMware Telco Cloud Automation versions. It is also not supported on a newly
created Workload cluster from a Management cluster that is upgraded from a previous
VMware Telco Cloud Automation version.

n You cannot enable or disable multi-zone if any persistent volumes (PV) provisioned
through vSphere CSI are present inside Kubernetes cluster.

Results

You have successfully edited the cluster configuration.

VMware, Inc. 164

VMware Telco Cloud Automation User Guide

Edit a Kubernetes Cluster Master Node Configuration

You can scale up or scale down the number of Master node replicas and add or remove labels.

Procedure

1 Log in to the VMware Telco Cloud Automation web interface.

2 Go to Infrastructure > CaaS Infrastructure > Cluster Instances.

3 Click the Options (⋮) symbol against the Kubernetes cluster that you want to edit.

4 Click Edit Master Node Configuration.

5 In the Master Nodes tab, scale down or scale up the Worker nodes, add or remove labels,
and click Save.

Results

You have successfully edited the Master node configuration of your Kubernetes cluster instance.

Edit a Kubernetes Cluster Node Pool

You can scale up or scale down the number of Worker nodes in each node pool and add labels.
If a network function with infrastructure requirements is running in this node pool, the scaling up
operation automatically applies all the node customizations on the new nodes.

Procedure

1 Log in to the VMware Telco Cloud Automation web interface.

2 Go to Infrastructure > CaaS Infrastructure > Cluster Instances.

3 Click the Options (⋮) symbol against the Kubernetes cluster that you want to edit.

4 Click Edit Worker Node Configuration.

5 To edit a node pool, select the node pool from the Worker Nodes tab, and click Edit.

6 Modify the value of Replicas to scale down or scale up the Worker nodes. You can also add
labels and use these labels as node selectors when instantiating the Network Functions.

7 To enable Machine Health Check, select Configure Machine Health Check. For more
information, see Machine Health Check.

8 Under Advanced Configuration, you can configure the Node Start Up Timeout duration and
set the unhealthy conditions.

b Set unhealthy conditions for the nodes. If any of these conditions are met, Machine Health
Check considers these nodes as unhealthy and starts the remediation process.

9 Click Update.

VMware, Inc. 165

VMware Telco Cloud Automation User Guide

Results

You have successfully edited the Worker node configuration of a Kubernetes cluster instance in
your node pool.

Add a Node Pool

You can add a node pool to your Kubernetes Workload cluster.

Procedure

1 Log in to the VMware Telco Cloud Automation web interface.

2 Go to Infrastructure > CaaS Infrastructure > Cluster Instances.

3 Click the Options (⋮) symbol against the Kubernetes cluster where you want to add the node
pool.

4 Click Edit Worker Node Configuration and click Add.

In Add Node Pool, enter the following information:

n Name - Enter the name of the node pool. The node pool name cannot be greater than 36
characters.

n CPU - Select the number of virtual CPUs in the node pool.

n Memory - Select the amount of memory for the node pool.

n Storage - Select the storage size. Minimum disk size required is 50 GB.

n Replica - Select the number of controller node virtual machines.

n vSphere Cluster (Optional) - To use a different vSphere Cluster, select the vSphere
cluster from here.

n Resource Pool (Optional) - To use a different resource pool, select the resource pool from
here.

n Datastore (Optional) - To use a different datastore, select the datastore from here.

n Labels - Add key-value pair labels to your nodes. You can use these labels as node
selectors when instantiating a network function.

n Networks - You can add the network details.

n Label - Enter the labels to group the networks. Networks use these labels to
provide network inputs during a cluster deployment. Add additional labels for network
types such as IPvlan, MacVLAN, and Host-Device. Meaningful network labels such
as N1, N2, N3, and so on, help users provide the correct network preferences
during deployment. It is mandatory to include a management interface label. SR-IOV
interfaces are added to the Worker nodes when deploying the network functions.

Note A label length must not exceed 15 characters.

VMware, Inc. 166

VMware Telco Cloud Automation User Guide

Apart from the management network, which is always the first network, the other
labels are used as interface names inside the Worker nodes. For example, when you
deploy a cluster using the template with the labels MANAGEMENT, N1, and N2, the
Worker nodes interface names are eth0, N1, N2. To add more labels, click Add.

n Network - Select the network that you want to associate with the label.

n (Optional) MTU - Provide the MTU value for the network. The minimum MTU value is
1500. The maximum MTU value depends on the configuration of the network switch.

n CPU Manager Policy - Set CPU reservations on the Worker nodes as Static or
Default. For information about controlling CPU Management Policies on the nodes, see
the Kubernetes documentation at https://kubernetes.io/docs/tasks/administer-cluster/
cpu-management-policies/.

Note For CPU-intensive workloads, use Static as the CPU Manager Policy.

n Configure Machine Health Check - Click the corresponding button to enable the machine
health check. When you enable the Configure Machine Health Check, you can configure
the health check related options under Advanced Configuration. For details on Machine
Health Check, see Machine Health Check

n Under Advanced Configuration, you can configure the Node Start Up Timeout duration
and set the unhealthy conditions.

Note Node Start Up Timeout is applicable when the Machine Health Check is enabled.

1 (Optional) Enter the Node Start Up Timeout time duration for Machine Health Check
to wait for a node to join the cluster. If a node does not join during the specified time,
Machine Health Check considers it unhealthy.

2 Set unhealthy conditions for the nodes. If the nodes meet any of these conditions,
Machine Health Check considers them as unhealthy and starts the remediation
process.

n To use the vSphere Linked Clone feature for creating linked clones for the Kubernetes
nodes, select Use Linked Cloning for Cloning the VMs.

5 Click Add.

Results

You have successfully added the node pool to your Workload cluster.

Delete a Node Pool

Delete a node pool from the Kubernetes Workload cluster.

VMware, Inc. 167

VMware Telco Cloud Automation User Guide

Prerequisites

Ensure that the node pool is not running any applications.

Procedure

1 Log in to the VMware Telco Cloud Automation web interface.

2 Go to Infrastructure > CaaS Infrastructure > Cluster Instances.

3 Click the Options (⋮) symbol against the Kubernetes cluster and select Edit Worker Node
Configuration.

4 Select the node pool, click Delete, and confirm the operation.

Results

You have successfully deleted the node pool.

Change the Kubernetes Password

You can change the password that you had set when deploying your Kubernetes cluster.

Prerequisites

Ensure that your password meets the minimum security requirements listed in the interface.

Procedure

1 Log in to the VMware Telco Cloud Automation web interface.

2 Go to Infrastructure > CaaS Infrastructure > Cluster Instances.

3 Click the Options (⋮) symbol against the Kubernetes cluster that you want to change the
password.

4 Click Change Password.

5 In the Change Password pop-up window, enter your new password and confirm it.

6 Click Change Password.

Results

You have successfully changed the password of your Kubernetes cluster.

Note It might take some time for the system to reflect the changed password.

Copy Spec and Deploy New

You can copy the configuration of a specific Kubernetes cluster and use it for deploying a new
Kubernetes cluster.

This option is helpful when you are deploying multiple Kubernetes clusters with similar
configurations.

VMware, Inc. 168

VMware Telco Cloud Automation User Guide

Procedure

1 Log in to the VMware Telco Cloud Automation web interface.

2 Navigate to Infrastructure > Caas Infrastructure and select the Kubernetes cluster.

3 Click the Options (⋮) symbol against the Kubernetes cluster and select Copy Spec and
Deploy New.

4 To confirm the operation, click OK.

Results

VMware Telco Cloud Automation automatically generates a new cluster template with the
configuration of the Kubernetes cluster that you copied.

Retry a Failed Cluster Creation Operation

If the cluster creation operation become unavailable due to an unknown error such network
unavailability, you can retry the operation.

Note This operation is available from VMware Telco Cloud Automation version 1.9 onwards.

Note The Retry option retries the cluster creation operation from the point of failure. Which
means, you cannot edit the properties and recreate the cluster from the beginning using Retry.

Procedure

1 Log in to the VMware Telco Cloud Automation web interface.

2 Go to Infrastructure > CaaS Infrastructure > Cluster Instances.

3 To retry a failed Kubernetes Cluster creation operation, click the Options symbol against the
failed Kubernetes cluster and click Retry.

Results

The cluster creation operation resumes.

What to do next

To edit a cluster and then retry the cluster creation operation, you must delete the cluster and
recreate it.

Viewing Cluster Details

After a Kubernetes cluster is deployed, it is listed under Infrastructure > CaaS Infrastructure >
Cluster Instances. To view more information about the Kubernetes cluster, click it.

VMware, Inc. 169

VMware Telco Cloud Automation User Guide

Cluster Details
You can view the details of cluster and the health of various components associated to the
cluster.

n The Details section provides the following information:

n Cluster Type - Management or a Workload cluster.

n Cluster URL - The URL of the cluster API server.

n Cluster Username - User name to access the cluster.

n vSphere Cluster Name - The name of the selected vSphere cluster.

n Management Cluster - The backing Management cluster name.

n Cluster Template - The backing cluster template name.

n The Components sections provides details of various components and their health:

n Component - Name of the component.

n Health - Health status of the component.

Note Telco Cloud Automation obtains the health status directly from Kubernetes and
displays that health status on Telco Cloud Automation user interface.

n Healthy : The component is working fine.

n Unhealthy : The components is not working fine and has some faults.

n Unknown : The component is not available.

Note
n When the cluster is under upgrade or under creation, the status may show
Unknown.

n Management clusters created in older versions of Telco Cloud Automation

remains Unknown, unless you upgrade these clusters to Telco Cloud Automation
2.0.

You can click on the Components to view the details of Pods associated with each
Components.

Click on the Pod to view the following details:

Note Telco Cloud Automation obtains the health status directly from Kubernetes and
displays that health status on Telco Cloud Automation user interface. Kubernetes maintains
the conditions and details.

n Details - Shows the Namespace, Node name, Creation timestamp, and IP associated with
the Pod.

VMware, Inc. 170

VMware Telco Cloud Automation User Guide

n Conditions - Shows the status of Initialized, Ready, Containers Ready, and POD
Scheduled conditions.

n Containers - Shows the Name, State, and Started At time of the container.

Cluster Configuration
The Cluster Configuration tab displays information about the Kubernetes version of the cluster,
upgrade history, its CNI and CSI configurations, any tools such as Helm associated with the
cluster, syslog server details, and Harbor repository details. To edit any of the configuration
information, click Edit.

For the Management Cluster, you can view the name, version, and status of the nodeconfig-
operator and vmconfigoperator under tools on the Cluster Configuration tab. To view more
details of the tools, click the name of the operator.

n nodeconfig-operator

n Details - Shows the version and the health status of the operator.

n K8s Resources - Shows the details of the K8s (Kubernetes) resources.

n Nodeconfig-operator - Shows the Namespace, Created, Replica, and Ready Replicas

of the nodeconfig operator deployment. Click the name of the nodeconfig operator to
view the summary of Details, Conditions, and Pods associated.

n Details - Shows the Namespace, Observed Generation, Created, Replicas,

Updated Replicas, Ready Replicas, and Available Replicas.

n Conditions - Shows the health condition of the operator.

n Pods - Shows the Name, Created, Ready Container, and Phase of the Pod. To
view more details of a pod, click the name of the pod.

n Details - Shows the Namespace, Node name, Creation timestamp, and IP

associated with the Pod.

n Conditions - Shows the status of Initialized, Ready, Containers Ready, and

POD Scheduled conditions.

n Containers - Shows the Name, State, and Started At time of the container.

n Nodeconfig-daemon - Shows the Namespace, Created, Replica, and Ready Replicas

of the nodeconfig DaemonSet. Click the name of the nodeconfig daemon to view the
summary of details, conditions, and associated pods.

n vmconfigoperator

n Details - Shows the version and health status of the operator.

VMware, Inc. 171

VMware Telco Cloud Automation User Guide

n K8s Resources - Shows the Namespace, Created, Replica, and Ready Replicas of the
Deployment.

n vmconfig-operator

n Details - Shows the Namespace, Observed Generation, Created, Replicas,

Updated Replicas, Ready Replicas, and Available Replicas.

n Conditions - Shows the health condition of the operator.

n Pods - Shows the Name, Created, Ready Container, and Phase of the Pod. To
view more details of a pod, click the name of the pod.

n Details - Shows the Namespace, Node name, Creation timestamp, and IP

associated with the pod.

n Conditions - Shows the status of Initialized, Ready, Containers Ready, and

POD Scheduled conditions.

n Containers - Shows the Name, State, and Started At time of the container.

Control Plane Nodes

The Control Plane Nodes tab displays the details about the Control Plane node, labels attached
to the node, and network labels. It also displays the IP addresses and names of the VMs that are
deployed for the Master node. It also displays various health parameters associated with the VMs
like Memory pressure, Disk pressure, PID pressure, and Ready State. You can also click the VMs
to view more details of that VM. To increase or decrease the replica count and to add labels, click
Edit.

n Details - You can view the hardware details like CPU, Storage, Memory, and Replicas, along
with the name of the node. You can also view the status of node whether the node is active
or inactive.

n Network - You can view the network details of the node.

n VMs - You can view various details of the VMs like Memory pressure, Disk pressure, PID
pressure, and Ready State. You can also click the VMs to view more details of that VM.

Click on the VM to view the following information:

n Node Details - Shows the hardware and operating system related details of the VM. This
includes:

n Architecture

n Kernel Version

n Kubelet Version

n OS Image

n Container Runtime Version

n Kube Proxy Version

VMware, Inc. 172

VMware Telco Cloud Automation User Guide

n Operating System

n Conditions - Shows various health conditions like Memory Pressure, Disk Pressure, PID
Pressure, and Ready State of the node pool.

n Addresses - Shows the Hostname, InternalIP and ExternalIP associated with the VM.

n Allocatable/Capacity - Shows the availability and allocation of the resources associated

with the VM.

Worker Nodes
The Worker Nodes tab displays the existing node pools of a Kubernetes cluster. To view more
details of the node pool such as its name, CPU size, memory size, storage size, number of
replicas, node customization details, and its status, click the name of the node pool. When you
click the name of the node pool, you can view the following details:

n Details - You can view the hardware details like CPU, Storage, Memory, and Replicas. You
can also view the status of node pool whether the node pool is active or inactive.

n Labels - You can view the various labels associated with the node pool.

n Network - You can view the network details of the node pool.

n CPU Manager Policy - You can view the type of CPU manager policy associated with the
node pool.

n VMs - You can view various details of the VMs like Memory pressure, Disk pressure, PID
pressure, and Ready State. You can also click the VMs to view the details of that VM.

Click the VM to view the following information:

n NodePool Details

n Node Details - Shows the hardware and the operating system related details of the
VM. This includes:

n Architecture

n Kernel Version

n Kubelet Version

n OS Image

n Container Runtime Version

n Kube Proxy Version

n Operating System

n Conditions - Shows various health conditions like Memory Pressure, Disk Pressure,
PID Pressure, and Ready State of the node pool.

n Addresses - Shows the Hostname, InternalIP, and ExternalIP associated with the VM.

n Allocatable/Capacity - Shows the availability and allocation of the resources

associated with the VM.

VMware, Inc. 173

VMware Telco Cloud Automation User Guide

n Node Customizations - Shows the Kernel and Network details after node customization.

n Tasks - Shows the list of the task performed.

You can also add a node pool to the cluster, edit the number of replicas on a node pool, and
delete a node pool from here.

Tasks
The Tasks tab displays the progress of the cluster-level tasks and their status.

n Management Cluster - Displays the progress of Management cluster tasks along with the
progress of all the Workload cluster tasks that the cluster manages. It also displays the node
pool tasks of all the Workload clusters.

n Workload Cluster - Displays the progress of the Workload cluster tasks along with the
progress of its node pool tasks.

You can apply filters to view the progress of specific operations and specific clusters.

Machine Health Check

Machine Health Check is a controller that provides node health monitoring and node auto-repair
for Tanzu Kubernetes clusters.

You can enable Machine Health Check and define the unhealthy conditions for the controller to
monitor when creating the node pool cluster template. You can also edit the Machine Health
Check conditions on an existing node pool under a Workload cluster. Machine Health Check
monitors the node pools for any unhealthy nodes and tries to remediate by recreating them.
For example, set the maximum duration a node can remain in the not ready state to 15 minutes
after which, the Machine Health Check controller triggers a remediation. For more details on
machine health check, see https://cluster-api.sigs.k8s.io/tasks/automated-machine-management/
healthchecking.html.

By default, the Machine Health Check controller is disabled.

For steps to enable and configure Machine Health Check when creating a Workload cluster
template, see Create a v1 Workload Cluster Template.

For steps to configure Machine Health Check on an existing node pool, see Edit a Kubernetes
Cluster Node Pool.

There may be instances when you want to power down a virtual machine to perform certain
maintenance activities. To avoid Machine Health Check remediating during the down time,
you can place the node pools in Maintenance Mode. For steps to place the Worker node in
Maintenance Mode, see Place Nodes in Maintenance Mode.

Place Nodes in Maintenance Mode

When you want to perform certain reconfigurations on the Worker nodes that involves powering
off and rebooting the virtual machine, you can place the Worker nodes in Maintenance Mode.

VMware, Inc. 174

VMware Telco Cloud Automation User Guide

Procedure

1 Log in to the VMware Telco Cloud Automation web interface.

2 Go to Infrastructure > CaaS Infrastructure > Cluster Instances.

3 Click the Kubernetes cluster that requires the Worker nodes to be placed in Maintenance
Mode.

4 Click the Worker Nodes tab.

5 Click the Options (⋮) symbol against the node and select Enter Maintenance Mode.

Results

The node is placed in Maintenance Mode and the Machine Health Check controller does not
remediate if there is a system down time.

Example

When you place a Worker node in Maintenance Mode and power it off, it does not power on until
you remove it from Maintenance Mode.

What to do next

To remove the Worker node from Maintenance Mode, click the Options (⋮) symbol against the
node and select Exit Maintenance Mode.

Managing Add-ons for v1 Workload Clusters

Configure and upgrade add-ons.

Upgrading Add-Ons
You can now upgrade the add-on operators to a later version from VMware Telco Cloud
Automation.

In a scenario where you upgrade VMware Telco Cloud Automation to a newer patch release
but the underlying VMware Tanzu Kubernetes Grid cluster remains the same, you can upgrade
only the add-ons. Upgrade Management cluster operators such as nodeconfig-operator and
vmconfig-operator, and Workload cluster operators such as CNIs and CSIs to their later versions.

Implication of Not Upgrading Add-Ons

Implications of not upgrading the add-ons of management and workload clusters.
Implications of Not Upgrading Add-ons in the Management Cluster
If the operators are not the latest versions, the corresponding Management cluster displays an
error for upgrading the add-ons. To upgrade Management cluster add-ons individually, use the
Upgrade Add-Ons option.

If you do not upgrade the add-ons of a Management cluster:

n Cannot perform operations on the Management cluster.

VMware, Inc. 175

VMware Telco Cloud Automation User Guide

n Cannot perform operations on the workload cluster that uses management clusters with
earlier add-ons.
Implications of Not Upgrading Add-ons in the Workload Cluster
If the operators are not the latest versions, the corresponding workload clusters display a
warning for upgrading the add-ons. To upgrade workload cluster add-ons individually, use the
Upgrade Add-Ons option.

If you do not upgrade the add-ons of workload cluster:

n Cannot add CSI.

n Cannot add CNI.

Upgrade Add-Ons
Upgrade the add-ons in a Management cluster or a Workload cluster.

Procedure

1 Log in to the VMware Telco Cloud Automation web interface.

2 Go to Infrastructure > CaaS Infrastructure.

The CaaS Infrastructure page is displayed.

3 Click the Options (⋮) symbol against the Kubernetes cluster that you want to upgrade.

4 Click Upgrade Add-Ons.

5 To confirm the action, click OK.

Results

The add-ons upgrade to a newer version.

Add-On Failures
When you provide a wrong input for an add-on when creating a cluster, the cluster creation
operation does not fail immediately.

For example, If you provide a wrong server IP address for a CSI add-on, the cluster creation does
not fail. After the cluster creation operation is completed, a warning message is displayed against
the Kubernetes cluster listing the add-ons that failed during the operation. You can then edit the
Kubernetes cluster and update the CSI add-on details.

Add-On Configuration Reference for v1 Workload Clusters

Use this reference when configuring add-ons on your v1 Workload cluster.

VMware, Inc. 176

VMware Telco Cloud Automation User Guide

vSphere-CSI

Option Description

Zone Zone is the tag category name defined in vCenter Server.

Tags belonging to this category are assigned to the host or
vSphere cluster objects for marking the storage topology.

Region Region is the tag category name defined in vCenter Server.

Tags belonging to this category are assigned to the Data
Center objects for marking the storage topology.

Storage Class Enter the storage class name. This storage class is used to
provision persistent volumes dynamically. A storage class
with this name is created in the Kubernetes cluster.

IsDefault To set this storage class as default, select True.

Reclaim Policy Select whether to delete or retain the add-on during a

reclaim event.

Datastore URL Enter the datastore URL.

NFS-Client

Option Description

Storage Class Enter the storage class name. This storage class is used to
provision persistent volumes dynamically. A storage class
with this name is created in the Kubernetes cluster.

Is Default To set this storage class as default, select True.

NFS Server Address For an IPv4 cluster, enter the IPv4 address or FQDN of the
NFS Server. For an IPv6 cluster, enter the FQDN.

Path Enter the server IP address and the mount path of the NFS
client. Ensure that the NFS server is reachable from the
cluster. The mount path must also be accessible to read
and write.

Harbor
If if have already registered a Harbor, you can click Select Registered Harbor and select the
Harbor from the list. Else you can click Add New Harbor and provide the following details:

Option Description

URL Enter the Harbor URL.

Username Enter the Harbor user name.

Password Enter the Harbor password.

Helm
This add-on has no configuration.

VMware, Inc. 177

VMware Telco Cloud Automation User Guide

Multus

Option Description

Log Level Enter the log level. Select from:

n Panic
n Debug
n Error
n Verbose

Log File Path Path where you want to store the log files.

System Settings

Option Description

Cluster Password Enter the password for the cluster.

Syslog Add the syslog server IP address/FQDN for capturing the

infrastructure logs of all the nodes in the cluster.

Working with v2 Workload Clusters

The CaaS infrastructure API version is upgraded to version 2 (v2).

With this upgrade, users now have better control over cluster failures. You can now view the
status of all the components at a granular level and act on a failure while the cluster creation is
in progress. Also, during the cluster creation process, you can edit or delete a node pool or an
add-on at any point if there is an error.

For example, if an add-on IP address is incorrect, you can view the error immediately, edit the
IP address, and provide the correct one while the cluster creation is in progress. Even though
VMware Telco Cloud Automation is deprecating v1 clusters, you can still perform cluster life-cycle
operations on v1 clusters using the new user interface. However, to access the new features of
the v2 user interface such as granular updates, new add-ons, stretched clusters, and so on, you
must transform your clusters to V2 APIs. You can transform v1 Workload clusters to v2 Workload
clusters using the Transform Cluster option in the VMware Telco Cloud Automation UI. For more
information about transforming a v1 Workload cluster to v2 Workload cluster, see Transform v1
Workload Cluster to v2 Workload Cluster.

Note For this release, you cannot deploy a v2 Management cluster or perform any v2 life-cycle
management operations on Management clusters.

The CaaS Infrastructure Dashboard

The CaaS Infrastructure dashboard provides a new listing page where you can view the v1 and
v2 clusters and the status of their control planes, node pools, and add-ons. You can drill down on
each of the clusters and view further details.

VMware, Inc. 178

VMware Telco Cloud Automation User Guide

Anti-affinity Rules
Anti-affinity rule for K8s worker nodes is enabled in VMware Telco Cloud Automation by default.
Anti-affinity is specific to workload clusters and ensures that the nodes deployed are spread
across different hosts.

Consider the following example where a label node.cluster.x-k8s.io/esxi-host is added to

each worker node to indicate the host on which the anti-affinity rule is applied. Based on the
node to which anti-affinity is applicable, you can control the anti-affinity rules on that node.

apiVersion: apps/v1
kind: Deployment
metadata:
name: nginx-app
spec:
selector:
matchLabels:
app: nginx
replicas: 3
template:
metadata:
labels:
app: nginx
spec:
topologySpreadConstraints:
- maxSkew: 1
topologyKey: node.cluster.x-k8s.io/esxi-host
whenUnsatisfiable: DoNotSchedule
labelSelector:
matchLabels:
app: nginx
nodeSelector:
"telco.vmware.com/nodepool": "npg-1"
containers:
- name: nginx-server
image: harbor-repo.vmware.com/ecp_snc/nginx:1.23.1

In the preceding example, topologySpreadConstraints is used to control the anti-affinity rules

based on the host node.cluster.x-k8s.io/esxi-host and nodeSelector is used to apply the
anti-affinity rule within the node pool npg-1.

By default, workload clusters on vSphere and standalone management clusters follow anti-
affinity rules to deploy node pool workers and control plane nodes on different ESXi hosts.

VMware, Inc. 179

VMware Telco Cloud Automation User Guide

The following diagram illustrates the node placements when the anti-affinity rules are enabled.

Control Plane Node Placement

Node Pool1 Control Plane Worker Node Placement

workload
cluster

Control
Plane Control Plane Control Plane Control Plane
Node Node Node

Node
Pool1
Worker Worker Worker
Node Node Node

Physical Host Physical Host Physical Host

Upgrade v2 Workload Kubernetes Cluster Version

You can upgrade the existing Workload Kubernetes Cluster version to the latest versions of
Kubernetes supported in the current version of the VMware Telco Cloud Automation.

Note When you upgrade a v2 workload cluster to the latest version, the certificate renewal of
the cluster is automatically enabled and the number of days defaults to 90.

The following table lists the Kubernetes upgrade compatibility for the Workload cluster when
upgrading from VMware Telco Cloud Automation.

VMware
Telco Cloud
Automation Existing Kubernetes Versions v1.22.17 v1.23.16 v1.24.10

2.2 1.21.14 Yes No No

2.2 1.22.13 Yes Yes No

2.2 1.23.10 No Yes Yes

Implications of Not Upgrading v2 Workload Cluster

Not upgrading an unsupported Workload cluster can impact various operations.

Not upgrading the workload cluster can impact:

n Ability to edit the workload cluster.

n Ability to create, upgrade, and modify the node pools.

VMware, Inc. 180

VMware Telco Cloud Automation User Guide

n Ability to upgrade and instantiate the CNF.

n About the backward compatibility, please refer to CaaS Upgrade Backward Compatibility.

Deploy a v2 Workload Cluster

Deploy a v2 Workload cluster using the VMware Telco Cloud Automation user interface.

Prerequisites

n You require a role with Infrastructure Lifecycle Management privileges.

n You must have uploaded the Virtual Machine template to VMware Telco Cloud Automation.

n You must have onboarded a vSphere VIM.

n You must have created a Management cluster or uploaded a Workload cluster template.

n A network must be present with a DHCP range and a static IP of the same subnet.

n When you enable multi-zone, ensure that:

n For region: vSphere data center has tags attached for the selected category.

n For zone: vSphere Cluster or hosts under the vSphere cluster has tags attached for the
selected category. Ensure that vSphere Cluster and hosts under vSphere cluster does not
share the same tags.

Procedure

1 Log in to the VMware Telco Cloud Automation web interface.

2 Go to Infrastructure > CaaS Infrastructure and click Deploy Cluster.

3 From the drop-down menu, select Workload Cluster.

4 In the Workload Cluster Deployment wizard, enter information for each of the sub-categories:

5 1. Destination Info

n Management Cluster - Select the Management cluster from the drop-down menu. You
can also select a Management cluster deployed in a different vCenter.

n Destination Cloud - Select a cloud on which you want to deploy the Kubernetes cluster.

n Datacenter - Select a data center that is associated with the cloud.

Advanced Options - Provide the secondary cloud information here. These options are
applicable when creating stretch clusters.

n (Optional) Secondary Cloud - Select the secondary cloud. It is required for stretched
cluster creation.

n (Optional) Secondary Data Center - Select the secondary data center.

n (Optional) NF Orchestration VIM - Provide the details of the VIM. VMware Telco Cloud
Automation uses this VIM and associated Control Planes for NF life cycle management.

VMware, Inc. 181

VMware Telco Cloud Automation User Guide

6 Click Next.

7 2. Cluster Info

n Name - Enter a name for the Workload cluster. The cluster name must be compliant with
DNS hostname requirements as outlined in RFC-952 and amended in RFC-1123.

n TCA BOM Release - The TCA BOM Release file contains information about the Kubernetes
version and add-on versions. You can select multiple BOM release files.

Note After you select the BOM release file, the Security Options section is made
available.

n CNI - Select a Container Network Interface (CNI) such as Antrea or Calico.

n Proxy Repository Access - Available only when the selected management cluster uses a
proxy repository. Select the proxy repository from the drop-down list.

n Airgap Repository Access - Available only when the selected management cluster uses a
airgap repository. Select the airgap repository from the drop-down list.

n IP Version - The IP version specified in the Management cluster is displayed here.

n Cluster End Point - Enter the IP of the API server loadbalancer.

n Cluster (pods) CIDR - Enter the IP for clusters. VMware Telco Cloud Automation uses the
CIDR pool to assign IP addresses to pods in the cluster.

n Service CIDR - Enter the IP for clusters. VMware Telco Cloud Automation uses the CIDR
pool to assign IP addresses to the services in the cluster.

n Enable Autoscaler - Click the toggle button to activate the autoscaler feature.

The autoscaler feature automatically controls the replica count on the node pool by
increasing or decreasing the replica counts based on the workload. If you activate this
feature for a particular cluster, you cannot deactivate it after the deployment.When you
activate the autoscaler feature, the following fields are displayed:

Note The values in these fields are automatically populated from the cluster. However,
you can edit the values.

n Min Size - Sets a minimum limit to the number of worker nodes that autoscaler should
decrease.

n Max Size - Sets a maximum limit to the number of worker nodes that autoscaler
should increase.

n Max Node - Sets a maximum limit to the number of worker and control plane nodes
that autoscaler should increase. The default value is 0.

n Max Node Provision Time - Sets the maximum time that autoscaler should wait for
the nodes to be provisioned. The default value is 15 minutes.

VMware, Inc. 182

VMware Telco Cloud Automation User Guide

n Delay After Add - Sets the time limit for the autoscaler to start the scale-down
operation after a scale-up operation. For example, if you specify the time as 10
minutes, autoscaler resumes the scale-down scan after 10 minutes of adding a node.

n Delay After Failure - Sets the time limit for the autoscaler to restart the scale-down
operation after a scale-down operation fails. For example, if you specify the time as 3
minutes and there is a scale-down failure, the next scale-down operation starts after 3
minutes.

n Delay After Delete - Sets the time limit for the autoscaler to start the scale-down
operation after deleting a node. For example, if you specify the time as 10 minutes,
autoscaler resumes the scale-down scan after 10 minutes of deleting a node.

n Unneeded Time - Sets the time limit for the autoscaler to scale-down an unused node.
For example, if you specify the time as 10 minutes, any unused node is scaled down
only after 10 minutes.

8 Click Next.

9 Security Options

n Click the Enable toggle button to apply the customized audit configuration. Otherwise,
the default audit configuration is applied to the workload cluster.

n Click the POD Security Default Policy toggle button to apply the POD security policies to
the workload cluster.

n POD Security Standard Audit: Policy violation adds an audit annotation to the event
recorded in the audit log, but does not reject the POD.

n POD Security Standard Warn: Policy violation displays an error message on the UI,
but does not reject the POD.

n POD Security Standard Enforce: Policy violation rejects the POD.

Select one of the following options from the preceding drop-down lists:

n Restricted: A fully restrictive policy that follows the current POD security
hardening best practices for providing permissions.

n Baseline: A minimal restrictive policy that prevents known privilege escalations.

Allows the default Pod configurations.

n Privileged: An unrestrictive policy providing the widest possible permissions.

Allows known privilege escalations.

10 Control Plane Info

n To configure Control Plane node placement, click the Settings icon in the Control Plane
Node Placement table.

n Name - Enter the name of the Control Plane node.

n Destination Cloud - The destination cloud is selected by default. To make a different

selection, use the drop-down menu.

VMware, Inc. 183

VMware Telco Cloud Automation User Guide

VM Placement

n Datacenter - Select a data center for the Control Plane node.

n Resource Pool - Select the default resource pool on which the Control Plane node is
deployed.

n VM Folder - Select the virtual machine folder on which the Control Plane node is
placed.

n Datastore - Select the default datastore for the Control Plane node.

n VM Template - Select a VM template.

VM Size

n Number of Replicas - Number of controller node VMs to be created. The ideal

number of replicas for production or staging deployment is 3.

n Number of vCPUs - To ensure that the physical CPU core is used by the same
node, provide an even count of vCPUs if the underlying ESXi host is hyper threading-
enabled, and if the network function requires NUMA alignment and CPU reservation.

n Cores Per Socket (Optional) - Enter the number of cores per socket if you require
more that 64 cores.

n Memory - Enter the memory in GB.

n Disk Size - Enter the disk size in GB.

Network

n Management Network - Select the Management network.

n MTU - Enter the maximum transmission unit in bytes.

n DNS - Provide comma-separated primary and secondary DNS servers.

Labels

n To add the appropriate labels for this profile, click Add Label. These labels are added
to the Kubernetes node.

Advanced Options

n Clone Mode - Specify the type of clone operation. Linked Clone is supported on
templates that have at least one snapshot. Otherwise, the clone mode defaults to Full
Clone.

n Certificate Expiry Days - Specify the number of days for automatic certificate renewal
by TKG before its expiry. By default, the certificate expires after 365 days. If you
specify a value in this field, the certificate is automatically renewed before the set
number of days. For example, if you specify the number of days as 50, the certificate
is renewed 50 days before its expiry, which is after 315 days.

VMware, Inc. 184

VMware Telco Cloud Automation User Guide

The default value is 90 days. The minimum number of days you can specify is 7 and
the maximum is 180.

Note You cannot edit the number of days after you deploy the cluster.

n n

n Kubeadmin Config Template (YAML) - Enable or deactivate the Kubeadmin Config

Template YAML.

n Click Apply.

11 Add-Ons

To deploy an add-on such as NFS Client or Harbor, click Deploy Add-on.

a From the Select Add-On wizard, select the add-on and click Next.

b For add-on configuration information, see Add-On Configuration Reference for v1

Workload Clusters.

12 Click Next.

13 Node Pools

n A node pool is a set of nodes that have similar properties. Pooling is useful when
you want to group the VMs based on the number of CPUs, storage capacity, memory
capacity, and so on. You can add one node pool to a Management cluster and multiple
node pools to a Workload cluster, with different groups of VMs. To add a Worker node
pool, click Add Worker Node Pool.

n Name - Enter the name of the node pool.

n Destination Cloud - The destination cloud is selected by default. To make a different

selection, use the drop-down menu.

VM Placement

n Datacenter - Select a data center for the node pool.

n Resource Pool - Select the default resource pool on which the node pool is deployed.

n VM Folder - Select the virtual machine folder on which the node pool is placed.

n Datastore - Select the default datastore for the node pool.

n VM Template - Select a VM template.

n Enable Autoscaler - This field is available only if autoscaler is enabled for the
associated cluster. At the node level, you can activate or deactivate autoscaler based
on your requirement.

The following field values are automatically populated from the cluster.

n Min Size (Optional) - Sets a minimum limit to the number of worker nodes that
autoscaler should scale down. Edit the value, as required.

VMware, Inc. 185

VMware Telco Cloud Automation User Guide

n Max Size (Optional) - Sets a maximum limit to the number of worker nodes that
autoscaler should scale up. Edit the value, as required.

Note
n Using autoscaler on a cluster does not automatically change its node group
size. Therefore, changing the maximum or minimum size does not scale up or
scale down the cluster size. When you are editing the autoscaler-configured
maximum size of the node pool, ensure that the maximum size limit of the
node pool is lesser than or equal to the current replica count.

n When a scale-down is in progress, it is not recommended to edit the maximum

size of the cluster.

n You can view the scale-up and scale-down events under the Events tab of the
Telco Cloud Automation portal.

VM Size

n Number of Replicas - Number of node pool VMs to be created. The ideal number of
replicas for production or staging deployment is 3.

Note The Number of Replicas field is unavailable if autoscaler is enabled for the
node.

n n Number of vCPUs - To ensure that the physical CPU core is used by the same
node, provide an even count of vCPUs if the underlying ESXi host is hyper threading-
enabled, and if the network function requires NUMA alignment and CPU reservation.

n Cores Per Socket (Optional) - Enter the number of cores per socket if you require
more that 64 cores.

n Memory - Enter the memory in GB.

n Disk Size - Enter the disk size in GB.

Network

n Management Network - Select the Management network.

n MTU - Enter the maximum transmission unit in bytes.

n DNS - Provide comma-separated primary and secondary DNS servers.

n ADD NETWORK DEVICE - Click this button to add a dedicated NFS interface to the
node pool, select the interface, and then enter the following:

n Interface Name - Enter the interface name as tkg-nfs to reach the NFS server.

Labels

n To add the appropriate labels for this profile, click Add Label. These labels are added
to the Kubernetes node.

VMware, Inc. 186

VMware Telco Cloud Automation User Guide

Advanced Options

n Clone Mode - Specify the type of clone operation. Linked Clone is supported on
templates that have at least one snapshot. Otherwise, the clone mode defaults to Full
Clone.

n To enable Machine Health Check, select Configure Machine Health Check

n Kubeadmin Config Template (YAML) - Enable or deactivate the Kubeadmin Config

Template YAML.

n Click Apply.

14 6. Ready to Deploy - Click Deploy.

Results

The cluster details page displays the status of the overall deployment and the deployment status
of each component.

Create a v2 Workload Cluster Template

Create a Workload cluster template and use it for deploying your workload clusters.

Prerequisites

You require a role with Infrastructure Design privileges.

Procedure

1 Log in to the VMware Telco Cloud Automation web interface.

2 Go to Infrastructure > Caas Infrastructure > Cluster Templates.

3 Click Add and select Workload Cluster Template.

4 In the Create Workload Cluster Template wizard, enter information for each of the sub-
categories:

5 Template Info

n Name - Enter the name of the Workload cluster template.

6 1. Destination Info

n Management Cluster - Select the Management cluster from the drop-down menu. You
can also select a Management cluster deployed in a different vCenter.

n Destination Cloud - Select a cloud on which you want to deploy the Kubernetes cluster.

n Datacenter - Select a data center that is associated with the cloud.

Advanced Options - Provide the secondary cloud information here. These options are
applicable when creating stretch clusters.

n (Optional) Secondary Cloud - Select the secondary cloud. It is required for stretched
cluster creation.

VMware, Inc. 187

VMware Telco Cloud Automation User Guide

n (Optional) Secondary Data Center - Select the secondary data center.

n (Optional) NF Orchestration VIM - Provide the details of the VIM. VMware Telco Cloud
Automation uses this VIM and associated Control Planes for NF life cycle management.

7 Click Next.

8 2. Cluster Info

n TCA BOM Release - The TCA BOM Release file contain information about the Kubernetes
version and add-on versions. You can select multiple BOM release files.