Creating a VMware Engine private cloud
A private cloud is an isolated VMware stack that consists of ESXi hosts, vCenter, vSAN, NSX, and HCX. You manage private clouds through the Google Cloud console. When you create a private cloud, you get a single vSphere cluster and all the management VMs that are created in that cluster.
VMware Engine deploys management components in the network that you select for vSphere/vSAN subnets. The internal IP address range is divided into different subnets during the deployment.
Before you begin
Before performing the tasks on this page, perform the following prerequisite steps.
- Allocate a unique IP address range for vSphere/vSAN subnets of the private
cloud you want to create.
- Minimum CIDR range prefix: /24
- Maximum CIDR range prefix: /20
 
- If you want global address resolution using Cloud DNS, then enable the Cloud DNS API and complete Cloud DNS setup before you create your private cloud.
The vSphere/vSAN subnet address space must not overlap with any network that will communicate with the private cloud, such as on-premises networks and Google Cloud Virtual Private Cloud (VPC) networks. For more information about vSphere or vSAN subnets, see VLANs and subnets on VMware Engine.
Google Cloud CLI and API requirements
To use the gcloud command line tool or the API to manage your VMware Engine
resources, we recommend configuring the tools as described below.
gcloud
- Set your default project ID: - gcloud config set project PROJECT_ID 
- Set a default region and zone: - gcloud config set compute/region REGION - gcloud config set compute/zone ZONE 
For more information on the gcloud vmware tool,
see the Cloud SDK reference docs.
API
API examples in this documentation set use the cURL command-line tool to
query the API. A valid access token is required as part of the cURL
request. There are many ways to get a valid access token; the following
steps use the gcloud tool to generate a access token:
- Login to Google Cloud: - gcloud auth login 
- Generate access token and export to TOKEN: - export TOKEN=`gcloud auth print-access-token` 
- Verify that TOKEN is set properly: - echo $TOKEN 
Now, use the authorization token in your requests to the API. For example:
curl -X GET -H "Authorization: Bearer \"$TOKEN\"" -H "Content-Type: application/json; charset=utf-8" https://vmwareengine.googleapis.com/v1/projects/PROJECT_ID/locations
Python
Python code samples in this documentation use the VMware Engine library to communicate with the API. To be able to use this approach, the library needs to be installed and the Application Default Credentials should be configured.
- Download and install the Python library: - pip install google-cloud-vmwareengine 
- Configure the ADC information by executing those command in your shell: - gcloud auth application-default login - Or, use a Service Account key file: - export GOOGLE_APPLICATION_CREDENTIALS="FILE_PATH" 
For more information about the library, visit the reference page or view code samples on GitHub.
Create a standard private cloud
Console
To create a standard private cloud using the Google Cloud console, follow these steps:
- In the Google Cloud console, go to the Private clouds page. 
- Click Select a project and then select the organization, folder, or project where you want to create the private cloud. 
- Click Create. 
- Enter a name for the private cloud. 
- Select Standard private cloud for the private cloud type. 
- Select the location where you want the private cloud deployed. 
- Enter a name for the primary cluster. 
- Select the node type for your primary cluster. 
- Select the number of nodes for the private cloud. For production workloads, create your private cloud with at least 3 nodes. VMware Engine deletes private clouds that contain only 1 node after 60 days. 
- Optional: Click the Customize Cores toggle if you want to reduce the number of available cores for each node in the management cluster. For details, see Custom core counts. 
- Enter a CIDR range for the VMware management network. For information about restrictions on this range, see the Before you begin section. 
- Click Review and Create. 
- Review the settings. To change any settings, click Back. 
- Click Create to begin provisioning the private cloud. 
The following list describes each field during private cloud creation in more detail:
- Name: Permanent unique identifier of the private cloud.
- Description: Additional information that's visible on the details page of the private cloud.
- Region: Geographical region where VMware Engine hosts your private cloud.
- Zone: Subset of a region physically isolated from other zones in the same region. A zone is a single failure domain within a region.
- Primary cluster name: Name given to the initial vSphere cluster in your private cloud. VMware management appliances of your private cloud run on this cluster.
- Node type: Hardware configuration of nodes in your primary cluster.
- Nodes: Number of nodes in your primary cluster.
- Management IP address range: IP address range used for vCenter Server, NSX Manager, ESXi hosts, and other parts of the private cloud's infrastructure. This range is not used for workload VMs and must not overlap with any part of your VPC network or any other network which you plan to connect your private cloud to.
- VMware Engine network: Network resource that handles private cloud connections according to a network policy. You and resources connected to this VMware Engine network can access the private cloud from within Google Cloud.
gcloud
To create a stretched private cloud using the Google Cloud CLI, follow these steps:
- Optional: List the available regions and zones for your project by running the - gcloud vmware locations listcommand:- gcloud vmware locations list \ --project=PROJECT_ID- Replace the following: - PROJECT_ID: the project ID for this request
 
- Create a network for your private cloud by running the - gcloud vmware networks createcommand:- gcloud vmware networks create NETWORK_NAME \ --type=LEGACY \ --location=REGION \ --description="DESCRIPTION"- Replace the following: - NETWORK_NAME: the network name for the private cloud
- REGION: the region for the private cloud
- DESCRIPTION: a description for the private cloud
 - The request returns an operation ID. 
- Check the status of the operation by running the - gcloud vmware operations describecommand: When the operation returns as- DONE, check the response to see if the operation was successful:- gcloud vmware operations describe OPERATION_ID \ --location REGION- Replace the following: - OPERATION_ID: the ID from the previous step
- REGION: the region for the private cloud
 
- Create a three-node private cloud by running the - gcloud vmware private-clouds createcommand:- gcloud vmware private-clouds create PRIVATE_CLOUD_ID \ --location=ZONE \ --cluster=CLUSTER_ID \ --node-type-config=type=NODE_TYPE,count=NODE_COUNT \ --management-range=`IP_ADDRESS` \ --vmware-engine-network=NETWORK_NAME - Replace the following: - PRIVATE_CLOUD_ID: the name for the private cloud.
- ZONE: the zone for the private cloud.
- CLUSTER_ID: the name for the new cluster in this private cloud.
- NODE_TYPE: the node type. For more information, see Node types.
- NODE_COUNT: the node count. Specify a value of three or more.
- IP_ADDRESS: the IP address, for example- 192.168.0.0/24, for this request.
- NETWORK_NAME: the network name for this cloud.
 - The request returns an operations ID you can use to check the progress of the operation. 
- Check the status of the operation by running the - gcloud vmware operations describecommand: When the operation returns as- DONE, check the response to see if the operation was successful.- gcloud vmware operations describe OPERATION_ID \ --location REGION- Replace the following: - OPERATION_ID: the ID from the previous step
- REGION: the region for the private cloud
 
- Connect the VMware Engine Network to your VPC by setting up private services access. 
- Retrieve the vCenter and NSX credentials by running the - gcloud vmware private-clouds vcenter credentials describeand- gcloud vmware private-clouds nsx credentials describecommands, respectively.- gcloud vmware private-clouds vcenter credentials describe \ --private-cloud=PRIVATE_CLOUD_ID \ --location=ZONE- gcloud vmware private-clouds nsx credentials describe \ --private-cloud=PRIVATE_CLOUD_ID \ --location=ZONE- Replace the following: - PRIVATE_CLOUD_ID: the ID for the private cloud
- ZONE: the zone for the private cloud
 
API
To create a stretched private cloud using the VMware Engine API, follow these steps:
- Create a legacy network by making a - POSTrequest.- curl -X POST -H "Authorization: Bearer TOKEN" -H "Content-Type: application/json; charset=utf-8" https://vmwareengine.googleapis.com/v1/projects/PROJECT_ID/locations/REGION/vmwareEngineNetworks?vmwareEngineNetworkId=NETWORK_NAME -d "{"type": "legacy"}"- Replace the following: - TOKEN: the authorization token for this request
- PROJECT_ID: the project for this request
- REGION: the region to create this network in
- NETWORK_NAME: the network name for the private cloud
 - The request returns an operations ID you can use to check the progress of the operation. 
- Check the status of the operation by making a - GETrequest. When the operation returns as- DONE, check the response to see if the operation was successful:- curl -X GET -H "Authorization: Bearer TOKEN" -H "Content-Type: application/json; charset=utf-8" https://vmwareengine.googleapis.com/v1/projects/PROJECT_ID/locations/REGION/operations/OPERATION_ID - Replace - OPERATION_IDwith the ID from the previous step.
- Create a three-node private cloud by making a - POSTrequest:- curl -X POST -H "Authorization: Bearer TOKEN" -H "Content-Type: application/json; charset=utf-8" https://vmwareengine.googleapis.com/v1/projects/PROJECT_ID/locations/ZONE/privateClouds?privateCloudId=PRIVATE_CLOUD_ID -d "{ "networkConfig":{ "vmwareEngineNetwork":"projects/PROJECT_ID/locations/REGION/vmwareEngineNetworks/NETWORK_NAME", "managementCidr":"10.241.0.0/22" }, "managementCluster":{ "clusterId": "CLUSTER_ID", "nodeTypeConfigs": { "standard-72": { "nodeCount": NODE_COUNT } } } }"- Replace the following: - TOKEN: the authorization token for this request.
- PROJECT_ID: the project ID for this request
- ZONE: the zone for the private cloud
- PRIVATE_CLOUD_ID: the ID for the private cloud
- REGION: the region of the network for this private cloud
- NETWORK_NAME: the network name for the private cloud
- CLUSTER_ID: the ID for the new cluster in this private cloud
- NODE_COUNT: the node count. Specify a value of three or more.
 - The request returns an operations ID you can use to check the progress of the operation. 
- Check the status of the operation by making a - GETrequest. When the operation returns as- DONE, check the response to see if the operation was successful:- curl -X GET -H "Authorization: Bearer TOKEN" -H "Content-Type: application/json; charset=utf-8" https://vmwareengine.googleapis.com/v1/projects/PROJECT_ID/locations/REGION/operations/OPERATION_ID - Replace the following: - PROJECT_ID: the project ID for this request
- REGION: the region for the private cloud
- OPERATION_ID: the ID from the previous step
 
- Connect the VMware Engine Network to your VPC by setting up private services access. 
- Retrieve the vCenter and NSX credentials by making - GETrequests:- curl -X GET -H "Authorization: Bearer \"TOKEN"\" -H "Content-Type: application/json; charset=utf-8" "https://vmwareengine.googleapis.com/v1/projects/PROJECT_ID/locations/ZONE/privateClouds/PRIVATE_CLOUD_ID:showVcenterCredentials" - curl -X GET -H "Authorization: Bearer \"TOKEN"\" -H "Content-Type: application/json; charset=utf-8" "https://vmwareengine.googleapis.com/v1/projects/PROJECT_ID/locations/ZONE/privateClouds/PRIVATE_CLOUD_ID:showNsxCredentials" - Replace the following: - PROJECT_ID: the project ID for this request
- ZONE: the zone for the private cloud
- PRIVATE_CLOUD_ID: the ID for the private cloud
 
Python
- Create a legacy network. 
- Create a three-node private cloud. - The - create_private_cloudfunction returns an operations object you can use to check the progress of the operation.
- Check the status of the operation. Fetch current information about an operation. - You can use - .result()member method of the operation object to wait for it to complete.
- Connect the VMware Engine Network to your VPC by setting up private services access. 
- Retrieve the vCenter and NSX credentials. 
As VMware Engine creates your new private cloud, it deploys a number of VMware components and divides the provided IP address range into subnets. Private cloud creation can take 30 minutes to 2 hours. After the provisioning is complete, you will receive an email.
What's next
- Get sign-in credentials for management appliances.
- Manage your private cloud resources and activity.