Deployment of Avi Controllers in the First Region

Note: Avi Vantage version 20.1.3 would be used as a place holder release. Any Avi Vantage release beginning v20.1.3 is qualified to be used with VCF 4.1.

Creating a Content Library for Avi Controller OVAs in the First Region

A Content Library is created in the Management Domain to host Avi Controller OVAs.

Prerequisites

  • vCenter has been setup in the Management Domain

  • Avi Controller OVA v20.1.3 has been downloaded to the admin workstation from the aviportal

Procedure

  • Log in to the vCenter Server of the Management Domain.

  • Navigate to Menu > Content Libraries.

  • Click on + to add a new Content Library to host Avi ControllerOVAs.

  • Specify the following information in the Name and location section:

    Setting Value
    Name sfo-m01-avic
    Notes Content Library created to host the Avi Controller OVAs
    vCenter server Select vCenter server of the Management Domain (sfo01m01vc01)
  • Click on NEXT.
  • Specify the following in the Configure content library section:

    Setting Value
    Local content library Select
    Enable publishing Select
  • Click on NEXT.

  • In the Add storage section, select the vSAN datastore.

  • Click on NEXT.

  • Review the data and click on FINISH.

Deploying Avi Controller VMs in the Management Domain in Region A

Three Avi Controller VMs need to be deployed in the Management Domain of Region A. The procedure to create three new Avi Controllers would include:

  • Upload the Avi Controller OVA to the Avi Controller Content Library. Execute this step only for the first Avi Controller deployment.

  • Deploy three Avi Controller VMs using the Avi Controller OVA.

  • Create an anti-affinity VM/Host rule to ensure Avi Controller VMs are placed on separate hosts.

Prerequisites

  • Reserve three IPs in the management network to be assigned to the Avi Controllers which will be used for management communication.

  • Create a Content Library for host Avi Controller OVAs on the Management Domain vCenter Server.

Procedure to deploy an Avi Controller VM on vCenter Server

Uploading the Avi Controller OVA to the Content Library

  • Log in to the vCenter Server of the Management Domain.

  • Navigate to Menu > Content Libraries and click on sfo-m01-avi**.

  • In the Templates section, click on ACTIONS and select Import Item.

  • Select the Source > Source file from Local file and click on UPLOAD FILE.

  • Select the Avi Controller OVA and click on Open.

  • Specify the Destination  > Item name as Avi-Controller-v20.1.3.ova.

  • Click on IMPORT.

Deploying an Avi Controller VM

  • Log into the vCenter Server through a vCenter client.

  • Navigate to one of the ESXi hosts in the Management domain and click on Summary. Click on Hardware and record the CPU {base clock speed}, that will be used to reserve CPU on the Avi Controller VMs.

  • Navigate to Menu > Content Libraries and click on sfo-m01-avic.

  • Navigate to Templates.

  • Right click on Avi-Controller-v20.1.3.ova and select New VM from this Template….

  • Provide a name sfo-m01-avic01a to the Avi Controller VM and select the datacenter in the “select a location for the virtual machine” menu and click on NEXT.

  • Choose one of the hosts within the Management Domain to host the Avi Controller VM and click on NEXT.

  • Review details and click on NEXT.

  • Specify the following in the Select Storage section:

    Setting Value
    VM Storage Policy vSAN Default Storage Policy
    Select virtual disk format As defined in the VM storage policy
    Datastore Storage compatible vSAN datastore
  • Click on NEXT.

  • Choose a port group for the destination network in Network Mapping. This port group is the Management network for the Avi Controller and will be used for all management communication. Click on NEXT.

  • Specify the following properties and click on NEXT.

    • Note: The sysadmin login authentication key is used to specify an SSH public key and is  not required.
    Setting Value
    Management Interface IP address Management IP for the Avi Controller VM
    Management interface subnet mask Specify the subnet for the management network
    Default gateway Specify the gateway
  • Validate and click on NEXT.

  • Navigate to the Avi Controller VM, click on Actions > Edit Settings, and adjust the following Avi Controller VM settings. Click on OK.

    Setting Value
    CPU 8 vCPU; Set reservation to 8*{base clock speed} for the host from earlier
    Memory 24 GB; Set reservation to 24 GB
    Hard disk 1 208 GB

The following is the naming convention used for the Avi Controllers:

  • sfo-m01-avic01a

  • sfo-m01-avic01b

  • sfo-m01-avic01c

Repeat the above steps to create two additional Avi Controllers to be used for the 3-node Avi Controller cluster.

Creating an anti-infinity VM/Host

Create an anti-infinity VM/host rule to ensure that the Controller VMs are placed on separate hosts.

  • Navigate to the vSphere cluster where the Avi Controller VMs are deployed and click on Configure.

  • Create an anti-affinity VM/Host Rules rule by clicking on Add.

  • Create the rule by filling in the following details and click on OK:

    Setting Value
    Name avi-ctrl-anti-affinity-rule
    Enable rule Enable checkbox
    Add VMs Add the three Avi Controller VMs
  • Navigate to each of the three Avi Controller VMs and power them on.

Creating VM Override rules for Avi Controller VMs in the First Region

VM Override rules are programmed for the Avi Controller VMs to guarantee priority recovery.

Prerequisites

Avi Controller VMs have been deployed in the management workload domain.

Procedure to create VM Override Rules for Avi Controller VMs

  • Log in to the vCenter Server of the Management Domain.

  • Navigate to the cluster where Avi Controller VMs are hosted and click on Configure > VM Overrides.

  • Click on + to add a new VM Override rule.

  • Select the Avi Controller VMs from the list and click on Next.

  • Specify the following information in the Add VM Override section.
    Setting Value
    VM Restart Priority Select override and set to High
    Host isolation response Select override and set to Disabled
  • Click on Finish.

Initializing one Avi Controller VM setup in Region A

Prerequisites

  • Deploy three Avi Controller VMs in the Management Domain

Procedure to initialize one Avi Controller VM setup

  • Navigate to the Avi Controller on your browser using  https://sfo-m01-avic01a.sfo.rainpole.io/.

    Note: While the system is booting up, a blank web page or a 503-status code may appear. Wait for about 5 to 10 minutes and then follow the instructions below for the setup wizard:

  • Once the Avi Vantage welcome screen appears, create an admin account by entering the following information and click on Create Account:

    Setting Value
    username admin
    Password Complex Password
    Confirm Password Complex Password
    Email address Enter the administrator email address
  • Specify the DNS and NTP information and click on Next.

    Setting Value
    DNS Resolver(s) IP1, IP2
    DNS Search Domain sfo.rainpole.io
    NTP Server ntp.sfo01.rainpole.local
  • Setup SMTP source as Local Host with From Address as admin@avicontroller.net and click on Next.

  • Select No Orchestrator in the Orchestrator integration page and click on the > arrow.

  • In the Tenant Settings,  select No for Support Multiple Tenants and click on Complete.

The UI will log into the Avi Controller dashboard.

Creating an Avi Controller Cluster in Region A

Prerequisites

  • Deploy three Avi Controller VMs in the Management Domain.

  • Initialize one out of the three Avi Controllers.

Procedure to create an Avi Controller Cluster in Region A

  • Navigate to the Avi Controller which has been initialized on your browser using https://sfo-m01-avic01a.sfo.rainpole.io.

  • To configure the 3-node Avi Controller cluster, navigate to Administration > Controller and select Edit.

  • Specify the Name of the cluster as sfo-m01-avic.

  • Specify the Controller Cluster IP that had been reserved.

  • Add the following details for each of the three Avi Controller nodes. Note: It is recommended to use Avi Controller FQDN.
    Setting Value
    IP sfo-m01-avic01a (sfo-m01-avic01b and sfo-m01-avic01c)
    Name sfo-m01-avic01a (sfo-m01-avic01b and sfo-m01-avic01c)
    Password Leave blank
    Public IP Leave blank
  • Click on Save.  It will take a few minutes for the services to restart and the Avi Controller Cluster to be up.

  • Navigate to the Avi Controller cluster IP which was setup to login to the Avi Controller Cluster on your browser using https://sfo-m01-avic01.sfo.rainpole.io.

Uploading Admin Console SSL Certificate to the Avi Controller

Changing the default certificates used by the Avi Controller for either Portal (UI) or secure channel is a two-step process:

  1. Upload the desired certificate/key to the Controller.

  2. Reference the uploaded certificate/key in the configuration.

Prerequisites

  • An SSL Certificate generated by a trusted certificate authority

Procedure to upload Admin Console SSL Certificate to the Avi Controller

Uploading the Certificate to the Avi Controller

  • Navigate to the Avi Controller which has been initialized on your browser using https://sfo-m01-avic01.sfo.rainpole.io.

  • To upload the SSL cert, navigate to Templates > Security > SSL/TLS Certificates and click on Create and select Controller Certificate.

    Setting Value
    Input Selected
    Name Name for the certificate
  • To upload the Certificate, select either Paste Text or Upload File:
    • If Paste Text, then input the contents of the certificate.

    • If Upload File, then click on Upload file and navigate to where the certificate is locally store. Click on Open.

  • To upload the Key, select either Paste Text or Upload File:
    • If Paste Text, then input the contents of the key.
    • If Upload File, then click on Upload file and navigate to where the key is locally store.  Click on Open.
    Setting Value
    Key passphrase If the key is password protected, key password
  • Click on Validate.

  • Use the uploaded certificate for either Portal (UI) or secure channel.

  • Navigate to Administration > Settings > Access Settings, and click on the Pencil icon.

    Setting Value
    (Portal cert) SSL/TLS Certificate Name of the certificate previously defined Portal certificate
    Secure Channel SSL/TLS Certificate Name of certificate previously defined Secure-channel certificate
  • Click on Save.

Uploading Licenses to the Avi Controller

Prerequisites

Note: If the Avi Controller is to be setup in the NSX ALB – Basic Edition mode, then use the NSX-T serial keys and utilize Option 1 below. Avi Controller will deposit the equivalent NSX ALB - Basic Edition licenses.

Procedure to upload License to the Avi Controller

Option 1 – Manually input key contents

  • Navigate to the Avi Controller on your browser using https://sfo-m01-avic01.sfo.rainpole.io.

  • To apply your Avi license, navigate to Administration > Settings > Licensing and click on Apply key.

    Setting Value
    License Key License key text
  • Click on Apply key.

Option 2 – Upload License Key

  • Navigate to the Avi Controller on your browser using https://sfo-m01-avic01.sfo.rainpole.io.

  • To apply your Avi license, navigate to Administration > Settings  > Licensing and click on Upload from Computer.

  • Navigate to where the license file is locally stored and click on Open.

Setting up the Licensing Tier on the Avi Controller

Avi Controller would be setup in the Enterprise edition by default. You would need to set the Avi Controller in the Basic edition tier, if required.

Note: This is an optional workflow. This should be executed only if the Avi Controller is meant to be setup in the Basic edition.

Prerequisites

  • Appropriate NSX licenses have been applied to the Avi Controller.

Procedure

  • Navigate to the Avi Controller on your browser via https://sfo-m01-avic01.sfo.rainpole.io

  • To set the licensing tier, navigate to Administration > Settings > Licensing and click on the gear icon beside Licensing.

  • Select Basic License option

  • Click on SAVE

  • Refresh the UI after the operation is completed.

Creating a Tenant on the Avi Vantage Platform

Prerequisites

  • Log in to the Avi Controller as an admin user or as any other user with the System-Admin role.

  • The Avi Controller should be setup in the Enterprise edition mode. Tenancy is not available in the Basic edition.

Procedure to create a Tenant on the Avi Vantage Platform

  • Navigate to the Avi Controller on your browser using https://sfo-m01-avic01.sfo.rainpole.io.

  • Navigate to Administration > Tenants, and click on Create.

  • Specify a name for the new tenant.

  • Specify a description.

  • Set the following properties:

Setting Value
Tenant Access to Provider Service Engine Enabled
Tenant VRF Disabled

Control + Data plane tenancy only

Setting Value
Tenant Access to Provider Service Engine Disabled
Tenant VRF Enabled
  • Click on Save.

Note: The admin account is automatically added to each new tenant.

Creating Avi Controller Configuration Backup

Prerequisites

  • A remote server the Avi Controller can SSH to.

  • Directory on the remote server to store the configuration backups.

  • User credentials with the required permissions to SSH into the server and read/write to the backup directory.

Procedure to create Avi Controller Backup

Creating User Credentials configuration for remote backup server

  • Navigate to the Avi Controller which has been initialized on your browser using https://sfo-m01-avic01.sfo.rainpole.io.

  • Navigate to Administration > User Credentials and click on Create.

    Setting Value
    User username
    SSH Credentials selected
    Password selected
    Password Complex Password
  • Click on Save.

Configuration Backup for the Avi Controller Configuration

  • Navigate to the Avi Controller which has been initialized on your browser using https://sfo-m01-avic01.sfo.rainpole.io.

  • Navigate to Administration > System > Configuration Backup and click on the Pencil icon.

    Setting Value
    Enable Configuration Backup selected
    Frequency Desired value
    Frequency unit Desired unit
    Backup Passphrase Complex Password
    Remote Server selected
    Server Address Remote server FQDN or IP address
    Directory Directory on remote server to store backup
    User Credentials Previously created user credential
  • Click on Save.

Password Rotation for the Avi Vantage Platform

Prerequisites

  • Avi Controller cluster has been setup

Procedure

  • Navigate to the Avi Controller which has been initialized on your browser using https://sfo-m01-avic01.sfo.rainpole.io.

  • Click on the Avi logo > My account.

  • Specify the following details:
    Setting Value
    Old Password Current password
    Old Password Renewed password
    Confirm New Password Renewed password
    Public IP Leave blank
  • Click on Save.