When you deploy a new instance of AVS (Azure VMware Solution), one of the first managerial tasks is to log in to vCenter and the NSX manager UI’s. If you are unfamiliar with working in an Azure environment and how vNet’s operate, this task could seem a bit trivial. This post aims to walk you through the process of accessing these management components through a Bastion host.
When your SDDC finishes deploying, one of the first things you want to do is collect your vCenter’s and NSX managers’ URLs and credentials. You can do this by navigating into AVS from your Azure subscription portal.azure.com
Your “Identity” tab contains the URL’s to manage your vSphere and NSX environments. The IP’s used are provisioned based on the IP range you specified when you deployed your SDDC. You want to make a note of these URLs and the credentials required for each.
Note: that our management stack’s IP range is private and not routable over the public internet.
I will be using a VM residing in Azure Native as my bastion host in my lab environment. For more information about Bastion in Azure, please see https://azure.microsoft.com/en-us/services/azure-bastion/#get-started
The diagram below shows how my bastion host can reach my AVS management stack through the vNET gateway we used when we created our VMware Private Cloud in Azure. For more information on how to create a Private Cloud in Azure please see https://docs.microsoft.com/en-us/azure/azure-vmware/tutorial-configure-networking
Connecting via bastion is the recommended method, as opposed to RDP. With bastion, you don’t have to expose your jump box to the public internet, making it vulnerable to attacks.
Once you log into your Bastion instance, you can open a browser and navigate to your vCenter’s URL you collected from the “Identity” tab.
Enter the credentials collected.
You are now ready to start managing your vSphere environment!