vSphere with Tanzu LAB Environment Installation Step-by-Step (Included vCenter, vSAN, NSX, Supervisor Cluster and pfSense)
Hello, I have finally been able to write this detailed article that I have planned for a long time.
In this article, which can be useful for many of my friends, we are going to be install LAB environment similar to the Production environment. Each method used in this article will be a reference within the different other LAB environments that can be installed.
This article will be both understandable for beginners and a reference for experienced friends. It's also including all other end-to-end products and services except VMware vSphere with Tanzu.
So, it will be long and fluent. But it will never be boring.
The LAB environment is going to be as follows.
In this article, we are going to focus on the following topics and do all of them step by step in detail.
- Port Group configuration on Physical Infrastructure
- VLAN, Subnet, NTP and BGP configuration with pfSense Community Edition installation on Physical Infrastructure
- AD and DNS Server installation and configuration on Physical Infrastructure
- Nested ESXi Node installations and configuration on Physical Infrastructure
- vCenter installation and configuration on Physical Infrastructure
- Creation of vCenter Cluster on Nested Infrastructure and adding of ESXi Nodes
- VDS and Port Group configuration on Nested Infrastructure
- vSAN Cluster configuration on Nested Infrastructure
- NSX Manager installation on Physical Infrastructure
- NSX Host Preparation on Nested Infrastructure
- NSX EDGE Node installation and configuration on Nested Infrastructure
- T0 Router configuration on Nested Infrastructure
- BGP Dynamic Routing configuration on Nested Infrastructure
- Underlay Routing test on T1 Router with NSX Overlay Segment
- Supervisor Cluster configuration and installation Nested Infrastructure
- vCenter and NSX Backup configuration on Nested Infrastructure
Let’s start.
Port Group configuration on Physical Infrastructure
We are creating 3 Port Groups for pfSense and Nested Infrastructure on Physical Infrastructure.
ACME-WAN is going to be the WAN Interface required to access the Internet over the Physical Infrastructure.
ACME-MANAGEMENT is going to be Management Interface on Nested Infrastructure.
ACME-LAB-TRUNK is going to be TRUNK Interface for all vLANs and Subnets on Nested Infrastructure.
VLAN, Subnet, NTP and BGP configuration with pfSense Community Edition installation on Physical Infrastructure
pfSense is a very useful tool for LAB environments, with it you can simulate almost any network service.
You can easily make configurations because of the GUI interface. It also needs very few resources. 1 CPU, 2GB Memory and 100GB disk are more than enough for this LAB environment.
VyOS is the most used alternatives, but it is not as useful as pfSense because it is CLI and supports very few network services.
You can download the pfSense ISO from Download pfSense Community Edition
We are creating a new VM for pfSense on the Physical Infrastructure.
We create 3 different Network Adapters for pfSense and connect them sequentially to the Port Groups we have created on the Physical Infrastructure.
- ACME-WAN
- ACME-MANAGEMENT
- ACME-LAB-TRUNK
pfSense runs on FreeBSD. We definitely choose FreeBSD 12 64-bit as the Guest OS Version. It is going to not install with a different Guest OS!
After Power-on the VM that we have created on the Physical Infrastructure, the boot setup screen comes to us automatically over ISO. We continue by choosing Install pfSense.
You can proceed by default for Disk Partitioning.
We continue by selecting the 100GB disk we have added.
The installation will take approximately 1 minute, then we will be able to access the console with Reboot.
When the console screen appears, select (Y) to start the main services.
We create the settings for the MANAGEMENT Interface by selecting Set interfaces IP address (2).
NOTE: We don’t enter an Upstream Gateway IP for this Interface. We are going to enter this when configuring the WAN Interface.
We make the same settings for the WAN Interface. This Interface is going to be the network subnet of the GW address you have used on the Physical Infrastructure.
Later, we enter the Upstream Gateway IP address, which be your Physical Infrastructure GW IP address.
For example, if the IP address of your home modem is 192.168.1.1, this is your Upstream Gateway address. If you want to give an IP for the WAN Interface, you can give 192.168.1.254 as an example.
pfSense is now accessible via GUI. I used Windows Server 2022 as JUMP Server for GUI access. I am going to also be providing Active Directory and DNS services on this.
LDAP is not very necessary for LAB environment, but DNS is very necessary. If you want, you can install a GUI Linux Distro and use BIND on it. You can even activate the BIND DNS service on pfSense.
We provide a Static IP for the JUMP Server. Static IP is important as LDAP and DNS services will be on this server!
You can access the GUI interface with pfSense Management IP on the browser. (admin/pfsense)
First, a Wizard will come, and we will be entering the first settings from here.
We specify a hostname and domain for pfSense. Then we write the Public DNS addresses.
We choose the timezone. pfSense will also be the NTP Server for this LAB environment.
We change the default GUI password.
We save our configurations with Reload.
We’re running an internet access test. Everything is going well :)
For BGP, the FRR package doesn’t come by default, so we download and install the FRR package using Package Manager.
Why am I using pfSense for LAB environment? The answer is very clear as below, almost all network services required for LAB environment are available!
We create the vLANs required for Nested Infrastructure from the Interfaces/vLAN tab.
The parent interface must be vmx2. This is our TRUNK interface.
We add the vLANs we have created on the TRUNK interface. (OPT1/vmx2/ACME-LAB-TRUNK)
Interfaces/OPT1 (vmx2) We just activate the Parent Interface that we will use for the TRUNK interface and set the MTU value to 9000.
If this Interface is not activated, it is going to not work on other vLANs Interfaces running under it. In addition, if the MTU is not set to 9000, MTU cannot be given above 1600 for the vLAN Interfaces below!
We are starting to define VLAN Interfaces one by one.
We created all our TRUNK Interfaces under Interfaces/Interface Assignment.
We create an Interface Groups under Interfaces/Interface Groups and select all TRUNK Interfaces we have added.
We define ANY-ANY access authorization for ACMETRUNK Interface Group on the Firewall/Rules tab.
I don’t want to enter with FW definitions in LAB environment. That’s why I’m making the definitions ANY-ANY.
NOTE: WAN Interface is out of this scope, all external access is BLOKED for WAN Interface!
We activate the NTP service for all Interfaces via the Services/NTP tab.
We activate the FRR service for Dynamic Routing.
NOTE: You can enter a default password for Master Password.
We activate the BGP service via the Services/FRR/BGP tab. I used 65222 as the local AS number. Then we are going to establish a neighborhood with the NSX T0 Router using this AS number.
We choose the IPv4 parameters for the Redistributed Route.
We create a Prefix List from the Services/FRR/Global Settings/Prefix Lists tab.
We are defining the EDGE NODE’s Interface with which we will establish a BGP neighbourhood over Services/FRR/BGP/Neighbors.
For this IP address, we previously created the ACME-EDGE-UPLINK vLAN/Subnet.
Because 222.222.70.1 is the Gateway address of this Subnet, we are going to use IP addresses 222.2222.70.2–3
I am using 65221 as Remote AS number. I will define this AS number later on the NSX T0 Router.
We made all the definitions on the pfSense.
AD and DNS Server installation and configuration on Physical Infrastructure
I am going to also be using Active Director and DNS services on Windows Server 2022, which I have used as JUMP Server.
That’s why we must enter a static ip on the JUMP Server!
We install the AD and DNS role from the Add Roles and Features tab on the Server Manager.
We activate the AD and DNS service from the Server Manager Promote this server to a domain link.
Because we are going to create a new Domain, we choose Add a new forest and set a domain name.
If you see Successfully on Prerequisites Check, you can start the installation. After the installation is complete, the server will reboot automatically.
We turn off the Windows Firewall service on the JUMP Server.
Forward lookup Zone was created automatically on DNS Manager.
I’m also creating a Reverse Lookup Zone.
We create our DNS records for all ESXi Node and Management VMs that will be used by Nested Infrastructure.
Because NTP is an important detail, I will synchronize NTP in JUMP Server.
We have completed the vLAN, Subnet, BGP, NTP, AD and DNS definitions required for the nested infrastructure.
Part 2.
- Nested ESXi Node installations and configuration on Physical Infrastructure.
