VCF Automation: From Zero to a Running Virtual Machine – A Step-by-Step Guide

Welcome to the following article on building and configuring an environment based on VMware Cloud Foundation 9.0! In the previous parts, we went through the VCF 9.0 installation process, configured the pfSense router, deployed the NSX Edge cluster, and activated the Supervisor. With this in place, it’s time to get to know one of the most powerful tools in the VCF ecosystem – VCF Automation.

VCF Automation is a component that enables flexible, self-service infrastructure consumption based on defined governance policies. In this article, we will walk through the entire process step-by-step – from the provider administrator’s configuration, through creating a tenant organization, to deploying the first virtual machine by a user of that organization. We will pay special attention to how VCF Automation automatically builds the entire, complex network infrastructure in NSX in the background, freeing administrators and developers from manual configuration.

Prerequisites

Before we begin, let’s ensure our environment is ready. Based on the previous articles in the series, we should have:

• A running instance of VMware Cloud Foundation 9.0.
• A configured edge router (in our lab, this is pfSense).
• A deployed and operational NSX Edge cluster (vcf-edge-cl) along with a Tier-0 Gateway (vcf-edge-gw) in Active-Standby mode.
• An activated Supervisor in vSphere, integrated with NSX VPC.

Part 1: Provider-Side Configuration – Creating an Organization

Our journey begins in the Automation Provider Management portal, where, as the administrator of the entire VCF platform, we will prepare the environment for our first tenant.

Step 1: Launching the Quick Start Wizard

After logging into the VCF Automation portal, we are greeted by a welcome screen offering two paths: Quick Start and Manual Setup. Quick Start is a simplified wizard, perfect for quickly creating a fully functional organization. We’ll choose this option.

Step 2: Creating the Organization and Allocating Resources

The wizard will guide us through a few simple steps.

1. Organization Name: First, we provide a unique name for our organization. In this example, it will be vWorld.

1. Infrastructure Allocation: Next, we need to assign resources to the organization. We select the Region (vcf-region) and the Supervisor (vcf-super).

1. Storage Selection: In the next step, we select the Storage Classes that will be available to this organization. We’ll check the default policy for vSAN.

1. Summary and Creation: Finally, the wizard displays a summary of all settings. After verifying them, we click the CREATE AND PROVISION ORGANIZATION button.

Step 3: Monitoring and the Magic Behind the Scenes: What VCF Automation Creates in NSX?

The organization creation process is fully automated. We can monitor its progress in the Organization Provisioning in Progress window.

At this moment, the real magic happens. Clicking the “CREATE” button triggers a powerful automation sequence that builds a complete, isolated, and ready-to-use network infrastructure for the new organization in NSX in the background. Without any manual intervention in NSX, VCF Automation creates:

• NSX Project: This acts as a secure, logical container for all network resources and security policies belonging to the vWorld organization. This ensures complete isolation from other organizations (multi-tenancy).
• NSX Transit Gateway (TGW): This is a dedicated router for the organization that connects its internal VPC networks to the provider gateway, enabling communication with the outside world.
• Default VPC (Virtual Private Cloud): The first, ready-to-use virtual private network. This is where the tenant’s virtual machines and services will run.
• Automatic Routing and NAT: VCF Automation configures a Source NAT (SNAT) rule that allows virtual machines with private IP addresses inside the VPC to communicate with the internet. It also configures all the necessary routing for traffic to flow correctly through the Transit Gateway and the Tier-0 Gateway.

This entire process, visible as a series of completed steps in the progress window, is the foundation of the platform’s self-service nature.

After successful completion, we can verify the newly created resources in the provider administrator’s panel.

Part 2: Organization Configuration by the Service Administrator

Now that the vWorld organization exists, we log into the portal as a Service Administrator to complete its configuration.

Step 1: Verifying the Dashboard and Accessing the Organization

On the main dashboard, we see that we are managing one organization, one region, and one supervisor.

We navigate to manage our vWorld organization by clicking its name. We can see its general settings, including the default URL for the tenant portal.

Step 2: Creating the First User

Every organization needs at least one user. So, we create the “first user.”

1. In the vWorld organization menu, we go to the First User section.
2. Click ADD FIRST USER.

1. In the dialog box, we enter the new user’s details. In our example, this will be luke with the Organization Administrator role.

Part 3: Tenant Administrator’s Environment Preparation

We now log into the VCF Automation portal, this time providing our organization name vWorld and using the credentials of the newly created user, luke.

Step 1: Tenant Administrator’s Dashboard

After logging in, we see luke‘s dashboard. There isn’t much here yet – one project (default-project) and one user.

Step 2: Creating a Namespace

A Namespace is a logical unit within a project that provides access to IaaS services and consumes the pre-provisioned network infrastructure (VPC).

1. Navigate to the project list.

1. Select default-project and go to the Namespaces tab. The list is empty. Click NEW NAMESPACE.

1. In the New Namespace wizard, we fill in the fields, pointing to the VPC that was automatically created by the platform (vcf-region-Default-VPC).

After a moment, the new namespace is active.

The tenant administrator’s dashboard is updated and now shows one namespace.

Step 3: Creating a Content Library and VM Image

1. Navigate to Build & Deploy -> Content Hub -> Content Libraries and click CREATE CONTENT LIBRARY.

1. In the wizard, we provide a name (vcf-content), assign the library to a region, and specify a storage class.

1. After a moment, the library is ready.

1. Navigate to VM Images and click UPLOAD to add a new image.

1. We point to a file, select our vcf-content library, and name the image vcf-lin-tmp.

After the upload is complete, the image is ready.

Part 4: Creating and Deploying a Blueprint

A Blueprint is an Infrastructure as Code (IaC) template that defines the resources to be deployed.

1. Navigate to Build & Deploy -> Content Hub -> Blueprint Design.
2. Click NEW FROM -> Blank canvas.

1. We name our blueprint, e.g., dummyBlueprint.

1. On the design canvas, we drag and connect resources. On the right, we see the YAML code.

formatVersion: 1
inputs: {}
resources:
  CCI_Supervisor_Namespace_1:
    type: CCI.Supervisor.Namespace
    properties:
      name: vcf-nsp-ft7l6
      existing: true
  Virtual_Machine_1:
    type: CCI.Supervisor.Resource
    properties:
      context: ${resource.CCI_Supervisor_Namespace_1.id}
      manifest:
        apiVersion: vmoperator.vmware.com/v1alpha3
        kind: VirtualMachine
        metadata:
          name: virtual-machine-1-${env.shortDeploymentId}
        spec:
          className: best-effort-small
          imageName: vmi-9c4f9d0b39a536d32
          powerState: PoweredOn
          storageClass: vworld-cl01-optimal-datastore-default-policy-raid1
      wait:
        conditions:
          - type: VirtualMachineCreated
            status: 'True'
      existing: false

1. When the design is ready, click DEPLOY.
2. We name our deployment instance, e.g., TestDep-0001, and click DEPLOY.

Part 5: Verifying the Deployment

After a few moments, our deployment succeeds.

We can now check the details of the newly created virtual machine. By navigating to the vSphere client, we can confirm the VM is running and has an IP address.

Finally, VCF Automation allows us to visualize the entire network topology – from the Tier-0 gateway, through the Transit Gateway, VPC, all the way to our single VM.

Conclusion

We have walked the entire path: from an empty VCF Automation installation, through provider configuration, tenant creation, environment preparation, to the deployment of a running virtual machine from a self-service catalog. What is crucial and constitutes the power of this platform is the deep, native integration with NSX. As we’ve seen, the moment the provider administrator configures the organization, VCF Automation automatically provisions the entire, fully isolated, and ready-to-use network infrastructure in NSX, including the NSX Project, VPC, Transit Gateway, routing, and NAT. This gives administrators full control over governance and resources while completely abstracting the network’s complexity from developers, who get the speed and flexibility they need without having to be NSX experts.