Configure Cloud Remote in a vCenter region to support a Kubernetes target cloud as follows:

  1. Download the Cloud Remote appliance OVA from
  2. Launch the Cloud Remote appliance from the OVA you downloaded as follows:
    1. Login to the vCenter console using the vSphere web client with Flash, or with the vSphere Windows client. Do not use the HTML5 web client.
    2. Navigate to the folder or resource pool where you want to deploy the OVA. Right click on that resource pool or folder and select Deploy OVF Template.
    3. From the Deploy OVF Template dialog box, for Source, select Local file and click Browse to find the OVA file you downloaded.
    4. Complete the fields for Name and location, Host / Cluster, Resource Pool, Storage, and Disk Format appropriate for your environment.
    5. For the Network Mapping section, make sure to properly map the Management network (public) and VM Network network (private) to the appropriate network names in your environment.
    6. For the Properties section, make sure to check the box labeled Does the VM need a second interface? if the Cloud Remote appliance needs to be multi-homed on a public network and a private network.
    7. Confirm your settings and click Finish to launch the VM.
  3. Optional but recommended for production environments: Deploy two additional instances of the appliance to form a cluster for HA. Cloud Remote includes support for clustering of multiple nodes. You will "add" these two additional instances to the first instance after the first instance is configured.  See Cloud Remote (Conditional) > Scaling for details.
  4. Once the first instance of the appliance has been launched, use the vSphere client to note its IP public and private addresses. You will need this information later on in order login to the Cloud Remote web UI and to complete the Region Connectivity settings in the CloudCenter Suite Web UI. Also note the IP addresses of any other appliances you launch.
  5. Setup the appropriate firewall rules. You will need to open various ports on each instance of the appliance. To do this, use the tools provided by the cloud provider to create a new security group for your Cloud Remote cluster; then, associate each appliance in the cluster with that security group. Use the tables below for guidance on what port rules should be added to that security group.

    Port rules for a single node Cloud Remote deployment:
    22TCPLimit to address space of users needing SSH access for debugging and changing default portsSSH
    443TCPLimit to address space of users needing access to the Cloud Remote web UI for setup and scalingHTTPS (Cloud Remote web UI)
    5671TCPLimit to address of the CloudCenter Suite cluster's local AMQP serviceAMQP
    15671TCPLimit to address space of users needing web access for debugging the remote AMQP serviceHTTPS (AMQP Management)

    The Cloud Remote web UI  and AMQP ports listed above are the defaults used by Cloud Remote. You may change these port numbers using the Change Ports shell script (see Cloud Remote (Conditional) > Custom Port Numbers (Conditional)) once the appliance is fully configured and communicating with the CloudCenter Suite cluster. If you plan to modify any of these three port numbers, update the firewall rules accordingly.

    For a multi-node Cloud Remote cluster deployment, these additional port rules should be added to the same security group used for the single node configuration:

    2377TCP<cr_sec_group> *

     * <cr_sec_group> represents the security group that all Cloud Remote nodes are joined to.

  6. Switch back to the Workload Manager or Cost Optimizer UI and click Configure Region link in the upper left of the Region Connectivity section to bring up the Configure Region dialog box. The toggle settings should be the same as when you set them in the connectivity page of the Add Cloud dialog box. You may need to update the Local AMQP IP Address or the Remote AMQP IP Address fields per the table below.
    Toggle SettingsFieldValue

    Cloud Endpoint Directly Accessible = No
    CloudCenter Directly Accessible from Cloud Remote = Yes

    Local AMQP IP Address

    Pre-populated with the address and port number of the "local" AMQP server running in the CloudCenter Suite cluster.

    If Cloud Remote is accessing the CloudCenter Suite cluster through a user-supplied proxy server or NAT firewall, overwrite this field with the corresponding local AMQP IP address and port number provided by the user-supplied proxy server or NAT firewall and accessible to Cloud Remote.

    Cloud Endpoint Directly Accessible = No
    CloudCenter Directly Accessible from Cloud Remote = No
    Remote AMQP IP Address

    Enter <Cloud_Remote_IP>:<amqp_port>, where
    <Cloud_Remote_IP> = the IP address Cloud Remote which is accessible to the CloudCenter Suite cluster, and
    <amqp_port> = 5671 OR the custom AMQP port number
    you would later set with the Change Ports shell script on the Cloud Remote appliance (see Cloud Remote (Conditional) > Custom Port Numbers (Conditional)).

    If there is no user-supplied NAT firewall or proxy server between the CloudCenter Suite cluster and Cloud Remote, the IP address would be the public IP address of Cloud Remote.

    If there is a NAT firewall or proxy server between the CloudCenter Suite cluster and Cloud Remote, instead, enter the corresponding public IP address and port number that the firewall or proxy server presents to the internet on behalf of the "remote" AMQP server running in Cloud Remote.

    When done, click OK to save the setting and dismiss the dialog box.

  7. After saving the Region Configuration settings, the next step is downloading the connectivity configuration file and copying its encryption key. Click the Download Configuration link in the upper right of the Region Connectivity section, as shown in the figure below.

    Clicking Download Configuration causes two things to happen:

    • A file named will be downloaded by your browser. Make note of the location of this zip file as you will need to upload it to Cloud Remote through the Cloud Remote web UI (see below).
    • The Region Connectivity section header briefly displays the encryption key for the zip file, as shown in figure below. The key is the text after ":- ". You must copy this key within one minute of it being displayed as you will need to enter this key in the Cloud Remote web UI (see below). The key is only displayed for one minute. If you miss the chance to copy it, you must download a new copy of the zip file and copy the new key.

  8. After you have set the region connectivity settings in CloudCenter Suite, and downloaded the zip file and copied the encryption key, login to Cloud Remote web UI.
    1. Open another browser tab and login to https://<Cloud Remote_ip> with the default credentials: admin / cisco. 
    2. You will immediately be required to change your password. Do so. 
    3. You are now brought to the Cloud Remote home page as shown in the figure below.
    4. Click the Apply Configuration button in the page header.
    5. Clicking Apply Configuration cause. This prompts you to select a configuration file and enter the encryption key as shown in the figure below.
    6. Paste the encryption key you saved from the CloudCenter Suite web UI into the Encryption Key field in the dialog box.
    7. Click Select File and browse to the file that you downloaded through the CloudCenter Suite web UI and select it.
    8. Click Confirm.
    9. Once the zip file is successfully transmitted and accepted, the Cloud Remote appliance attempts to establish communication with the CloudCenter Suite cluster and the Cloud Remote web UI home page is updated to show the name of the region it is connecting to in the upper right (see figure below).
    10. Now, switch your focus back to the Region Connectivity section of the target cloud region in the CloudCenter Suite web UI. The status indicator in the Region Connectivity section header will change from Not Configured to Running once connectivity between  Cloud Remote and the CloudCenter Suite cluster is completely established (see figure below).
      After completing these steps, Workload Manager and Cost Optimizer can both use Cloud Remote for communicating with the target cloud region.
  • No labels
Terms & Conditions Privacy Statement Cookies Trademarks