All Products
Search

This Product

    :Usage notes

    Document Center

    :Usage notes

    Last Updated:Aug 23, 2023

    This topic describes the notes for activating Alibaba Cloud VMware Service (ACVS), using ACVS, and creating a dedicated VMware environment.

    Term

    Description

    ACVS console

    The ACVS console is hereinafter referred to as the "console".

    dedicated VMware environment

    A dedicated VMware environment is also known as a PrivateCloud instance. The PrivateCloud instance is hereinafter referred to as the "instance".

    VPC

    You must select a virtual private cloud (VPC) when you create a PrivateCloud instance in the ACVS console. After the PrivateCloud instance is created, this VPC can communicate with this PrivateCloud instance.

    CEN

    ACVS supports only Basic Edition transit routers of Cloud Enterprise Network (CEN). If you want to create Basic Edition transit routers of CEN, contact the ACVS product personnel.

    • A PrivateCloud instance needs to communicate with your VPC or your data center. We recommend that you communicate with technical support personnel of Alibaba Cloud and appropriately plan network segments for these purposes before you create a PrivateCloud instance in the ACVS console to prevent the overlapping of the network segments.

    • When you create a PrivateCloud instance, you must select a VPC that resides in the same region as the PrivateCloud instance. We recommend that you use an RFC CIDR block as the VPC CIDR block. RFC is short for Request for Comments (RFC). By default, the VPC can communicate with the PrivateCloud instance. If you want to enable Internet access for a virtual machine in the PrivateCloud instance, you must purchase an Internet NAT gateway and configure the Internet NAT gateway in the VPC. After you associate the Internet NAT gateway with elastic IP addresses (EIPs), Internet access can be implemented.

    • On the Create a PrivateCloud page of the ACVS console, the PrivateCloud network segment parameter specifies the management network segment used by a dedicated VMware environment. Use the planned RFC CIDR blocks excluding 10.254.0.0/16.

    • On the Create a PrivateCloud page of the ACVS console, you must set the VPC instance parameter and the CEN instance parameter. Make sure that the selected VPC has been attached to the corresponding CEN instance when you create a PrivateCloud instance. To ensure normal network communication, the CIDR blocks of the instances attached to a CEN instance cannot overlap. This avoids network conflicts. The instances include a VPC and a virtual border router (VBR).

    • By default, the transit routers created in the CEN console are Enterprise Edition transit routers. ACVS supports only Basic Edition transit routers of CEN. If you want to create Basic Edition transit routers of CEN, submit a ticket for consultation.

    • A VMware virtual machine in a PrivateCloud instance needs to be connected to a NSX-T segment. You must create a NSX-T segment before you configure a network adapter for a VMware virtual machine.

    • To create a NSX-T segment, go to the NSX-T configuration tab of the ACVS console and click Create NSX Overlay network segment. In the Create NSX Overlay network segment dialog box, set the Network segment parameter to a planned RFC CIDR block. To delete a NSX-T segment, go to the NSX-T configuration tab of the ACVS console, find the NSX-T segment that you want to delete, and click Delete in the Operation column. The created NSX-T segment is connected to the compute gateway (CGW) and can communicate with other Alibaba Cloud services and the VPC specified when you create a PrivateCloud instance.

    • Do not create a NSX-T segment on the NSX Manager configuration page. A NSX-T segment created on the NSX Manager configuration page cannot communicate with other Alibaba Cloud services and the VPC specified when you create a PrivateCloud instance.

    • If workloads on VMware virtual machines need to access the Internet or provide services over the Internet, go to the Internet access tab of the ACVS console to configure Internet access. If you create NAT rules on the NSX Manager configuration page, Internet access cannot be implemented.

    • When you configure SNAT or DNAT on the Internet access tab of the ACVS console, select an Internet NAT gateway. After SNAT or DNAT is configured, you can use the VPC console to advertise the default route 0.0.0.0/0 pointed to the Internet NAT gateway to the corresponding CEN instance. The default route is automatically generated.

    • For security reasons, NSX Gateway Firewall is configured with a default policy to forbid virtual machines in a PrivateCloud instance to communicate with VPCs, Alibaba Cloud services (100.64.0.0/10), and the Internet. To make sure that the VMware virtual machines can communicate with VPCs, Alibaba Cloud services, and the Internet, log on to NSX Manager by using an Elastic Compute Service (ECS) jump server. Choose Security > Gateway Firewall > Compute Gateway. On the page that appears, add firewall rules to allow the VMware virtual machines to access VPCs, Alibaba Cloud services, and the Internet.

    • After a PrivateCloud instance is created, a default policy named ali-vpc-access_Do-not-delete-it_Created-by-ACVS is generated on the Management Gateway page of NSX Gateway Firewall. This policy allows you to access VMware management components such as vCenter and NSX Manager by using an ECS jump server created in the corresponding VPC. We recommend that you do not modify this rule unless you have special requirements. If you modify this rule, the preceding management components may not be accessed. If you need to modify this rule, submit a ticket for consultation.