Using Terraformer to Import and Manage VMware Infrastructure with Terraform and AWS Backup Strategy

Organizations with hybrid cloud infrastructures often face challenges in managing on-premises resources and integrating them with cloud solutions for backup and recovery. This article outlines a strategy to use Terraformer for importing VMware infrastructure, manage it with the Terraform vSphere provider, and integrate AWS as a reliable backup and restore solution. This approach ensures efficient infrastructure management and disaster recovery capabilities.

---

Hybrid Infrastructure Overview

On-Premises Infrastructure

The local network infrastructure described consists of a dedicated VMware ESXi host with six virtual machines (VMs) configured to provide essential network and IT services for the company. Key components include:

1. Active Directory (AD) Server: Domain controller managing user authentication, DHCP, and DNS services.
2. Backup Server: Utilizing Veeam Backup & Replication for local and cloud-based backups.
3. File Server: Centralized storage for shared files and documents.
4. Terminal Server (TS): Hosts the ERP system for remote access by users.
5. Firebird Database Server: Supports the ERP system and accounting applications.
6. PFsense Firewall: Provides network security and VPN capabilities for remote access.

Cloud Integration via AWS

AWS serves as the cloud-based backup solution for redundancy and disaster recovery. The strategy involves storing Veeam backups in Amazon S3 and utilizing AWS Glacier for long-term archival.

---

Step 1: Use Terraformer to Import VMware Resources

1.1 Install and Configure Terraformer

1. Download Terraformer: Install Terraformer from its GitHub repository.
2. Set Environment Variables:

   export VSPHERE_USER="administrator@vsphere.local"
   export VSPHERE_PASSWORD="your_password"
   export VSPHERE_SERVER="vcenter.example.com"

1.2 Run Terraformer Import

Run the following command to import existing VMware resources:

terraformer import vsphere \
  --resources=vm,datastore,network \
  --connect=vcenter.example.com \
  --user=administrator@vsphere.local \
  --password=your_password \
  --path-output="./output"

• --resources: Specifies the resources to import (e.g., VMs, datastores, networks).
• --path-output: Directory to store generated Terraform configuration files.

1.3 Review Generated Files

Terraformer generates:

• .tf Files: Represent the imported VMware infrastructure.
• Terraform State File: Tracks the current state of imported resources.

Organize and modularize the configuration files as needed.

---

Step 2: Manage VMware Resources with Terraform vSphere Provider

2.1 Configure the vSphere Provider

Set up the Terraform vSphere provider in a provider.tf file:

provider "vsphere" {
  user           = "administrator@vsphere.local"
  password       = "your_password"
  server         = "vcenter.example.com"
  allow_unverified_ssl = true
}

2.2 Refine Imported Resources

Move the imported .tf files to your Terraform project directory and refine the configuration. For example, to manage a virtual machine:

resource "vsphere_virtual_machine" "ad_server" {
  name             = "AD-Server"
  resource_pool_id = "resgroup-123"
  datastore_id     = "datastore-456"

  num_cpus   = 2
  memory     = 4096
  guest_id   = "windows9_64Guest"

  network_interface {
    network_id   = "network-789"
    adapter_type = "vmxnet3"
  }

  disk {
    label            = "disk0"
    size             = 50
    eagerly_scrub    = false
    thin_provisioned = true
  }
}

2.3 Apply Changes

Run Terraform commands to apply the refined configuration:

terraform init
terraform plan
terraform apply

---

Step 3: Backup and Restore Strategy with AWS

3.1 Configure Veeam for AWS S3

1. Create an S3 Bucket: Use Terraform to create a bucket for storing backups:

   resource "aws_s3_bucket" "veeam_backup" {
  bucket = "veeam-backup-bucket"
  acl    = "private"

  # Define lifecycle rules for Intelligent-Tiering
  lifecycle_rule {
    id      = "intelligent-tiering"
    enabled = true

    # Transition to Intelligent-Tiering frequent access tier after creation (automatic)
    transition {
      days          = 0
      storage_class = "INTELLIGENT_TIERING"
    }

    # Transition to Intelligent-Tiering infrequent access tier after 30 days
    transition {
      days          = 30
      storage_class = "STANDARD_IA"
    }

    # Transition to Intelligent-Tiering archive access after 90 days
    transition {
      days          = 90
      storage_class = "GLACIER"
    }

    # Transition to deep archive access tier after 120 days
    transition {
      days          = 120
      storage_class = "DEEP_ARCHIVE"
    }   
   }
  }

  # Enable server-side encryption
  server_side_encryption_configuration {
    rule {
      apply_server_side_encryption_by_default {
        sse_algorithm = "AES256"
      }
    }
  }
}

1. Integrate with Veeam: Configure Veeam Backup & Replication to use the S3 bucket for offsite backups.

3.2 Regular Backup and Testing

• Schedule daily backups to S3 with periodic testing of restore capabilities.
• Implement incremental backups to optimize storage and bandwidth.

3.3 Monitor and Optimize

• Use Amazon CloudWatch to monitor S3 bucket activity.
• Optimize costs by reviewing storage lifecycle policies and access patterns.

---

Conclusion

By combining Terraformer, the Terraform vSphere provider, and AWS backup strategies, you can:

1. Simplify Management: Import and manage VMware resources declaratively.
2. Enhance Resilience: Leverage AWS for reliable offsite backups.
3. Streamline Operations: Automate infrastructure tasks for consistent and scalable management.

This hybrid approach ensures that your on-premises infrastructure is both robust and prepared for disaster recovery scenarios, delivering long-term operational efficiency.