VMware vCloud Director - 1.5 Administrator’s Guide

vCloud Director Administrator's Guide

vCloud Director 1.5

This document supports the version of each product listed and supports all subsequent versions until the document is replaced by a new edition. To check for more recent editions of this document, see http://www.vmware.com/support/pubs.

EN-000636-00

vCloud Director Administrator's Guide

You can find the most up-to-date technical documentation on the VMware Web site at:

http://www.vmware.com/support/

The VMware Web site also provides the latest product updates.

If you have comments about this documentation, submit your feedback to:

docfeedback@vmware.com

Copyright © 2010, 2011 VMware, Inc. All rights reserved. This product is protected by U.S. and international copyright and intellectual property laws. VMware products are covered by one or more patents listed at

http://www.vmware.com/go/patents.

VMware is a registered trademark or trademark of VMware, Inc. in the United States and/or other jurisdictions. All other marks and names mentioned herein may be trademarks of their respective companies.

VMware, Inc.

3401 Hillview Ave. Palo Alto, CA 94304 www.vmware.com

2 VMware, Inc.

vCloud Director Administrator's Guide

Getting Started with vCloud Director 9

Overview of vCloud Director Administration 9

Preparing the System 12

Create a Microsoft Sysprep Deployment Package 12

Replace a Microsoft Sysprep Deployment Package 13

Set User Preferences 14

Change a System Administrator Password 14

Adding Resources to vCloud Director 15

Adding vSphere Resources 15

Adding Cloud Resources 17

Creating and Provisioning Organizations 23

Understanding Leases 23

Create an Organization 24

Allocate Resources to an Organization 28

Adding Networks to an Organization 32

Creating a Published Catalog 35

Enable Catalog Publishing 35

Create a Published Catalog 36

Upload a vApp Template 36

Import a vApp Template from vSphere 37

Upload a Media File 37

Import a Media File from vSphere 38

Publish a Catalog 38

Managing Cloud Resources 39

Managing Provider vDCs 39

Managing Organization vDCs 43

Managing External Networks 49

Managing Organization Networks 50

Managing Network Pools 66

Managing Cloud Cells 67

Managing vSphere Resources 69

Managing vSphere vCenter Servers 69

Managing vSphere ESX/ESXi Hosts 71

VMware, Inc. 3

vCloud Director Administrator's Guide

Managing vSphere Datastores 72

Managing Stranded Items

Managing Organizations 75

Enable or Disable an Organization 75

Delete an Organization 75

Modify an Organization Name 76

Modify an Organization Full Name and Description 76

Modify Organization LDAP Options 76

Modify Organization Catalog Publishing Policy 77

Modify Organization Email Preferences 78

Modify Organization Lease, Quota, and Limit Settings 78

Add a Catalog to an Organization 79

Managing Organization Resources 79

Managing Organization Users and Groups 80

Managing Organization vApps and Virtual Machines 80

Managing System Administrators and Roles 83

Add a System Administrator 83

Import a System Administrator 84

Enable or Disable a System Administrator 84

Delete a System Administrator 84

Edit System Administrator Profile and Contact Information 84

Send an Email Notification to Users 85

Delete a System Administrator Who Lost Access to the System 85

Import an LDAP Group 85

Delete an LDAP Group 86

Change an LDAP Group Description 86

Roles and Rights 86

Create a Role 86

Copy a Role 87

Edit a Role 87

Delete a Role 87

Managing System Settings 89

Modify General System Settings 89

General System Settings 90

Configure SMTP Settings 91

Configure System Notification Settings 91

Configuring Blocking Tasks and Notifications 92

Configuring the System LDAP Settings 93

Customize the vCloud Director Client UI 96

Configure the Public Web URL 97

Configure the Public Console Proxy Address 98

Configure the Public REST API Base URL 98

Configure the Account Lockout Policy 98

4 VMware, Inc.

Monitoring vCloud Director 101

Viewing Tasks and Events 101

Monitor and Manage Blocking Tasks

View Usage Information for a Provider vDC 103

View Usage Information for an Organization vDC 103

Using vCloud Director's JMX Service 104

Viewing the vCloud Director Logs 104

vCloud Director and Cost Reporting 104

Monitoring Quarantined Files 105

Contents

103

Roles and Rights 107

Predefined Roles and Their Rights 107

Index 111

VMware, Inc. 5

vCloud Director Administrator's Guide

6 VMware, Inc.

vCloud Director Administrator's Guide

The VMware vCloud Director Administrator's Guide provides information to the vCloud Director system administrator and organizations, and monitor the system.

Intended Audience

This book is intended for anyone who wants to configure and manage a vCloud Director installation. The information in this book is written for experienced system administrators who are familiar with Linux, Windows, IP networks, and VMware vSphere.

about how to add resources to the system, create and provision organizations, manage resources

VMware, Inc. 7

vCloud Director Administrator's Guide

8 VMware, Inc.

Getting Started with vCloud Director 1

The first time you log in to the vCloud Director Web console, the Home tab guides you through the steps to configure your installation.

You can also set your user preferences and create a Microsoft Sysprep deployment package to support guest customization in vCloud Director virtual machines.

This chapter includes the following topics:

“Overview of vCloud Director Administration,” on page 9

“Log In to the Web Console,” on page 11

“Preparing the System,” on page 12

“Create a Microsoft Sysprep Deployment Package,” on page 12

“Replace a Microsoft Sysprep Deployment Package,” on page 13

“Set User Preferences,” on page 14

“Change a System Administrator Password,” on page 14

Overview of vCloud Director Administration

VMware vCloud Director is a software product that provides the ability to build secure, multi-tenant clouds by

pooling virtual infrastructure resources into virtual datacenters and exposing them to users through Web-

based portals and programmatic interfaces as a fully-automated, catalog-based service.

The VMware vCloud Director Administrator's Guide provides information about adding resources to the system, creating and provisioning organizations, managing resources and organizations, and monitoring the system.

vSphere Resources

vCloud Director relies on vSphere resources to provide CPU and memory to run virtual machines. In addition, vSphere datastores provide storage for virtual machine files and other files necessary for virtual machine operations. vCloud Director also utilizes vSphere distributed switches and vSphere port groups to support virtual machine networking.

You can use these underlying vSphere resources to create cloud resources.

Cloud Resources

Cloud resources are an abstraction of their underlying vSphere resources. They provide the compute and memory resources for vCloud Director virtual machines and vApps. A vApp is a virtual system that contains one or more individual virtual machines, along with parameters that define operational details. Cloud resources also provide access to storage and network connectivity.

VMware, Inc. 9

vCloud Director Administrator's Guide

Cloud resources include provider and organization virtual datacenters, external networks, organization networks, resources.

and network pools. Before you can add cloud resources to vCloud Director, you must add vSphere

Provider Virtual Datacenters

A provider virtual datacenter (vDC) combines the compute and memory resources of a single vCenter Server resource pool with the storage resources of one or more datastores available to that resource pool.

You can create multiple provider vDCs for users in different geographic locations or business units, or for users with different performance requirements.

Organization Virtual Datacenters

An organization virtual datacenter (vDC) provides resources to an organization and is partitioned from a provider vDC. Organization vDCs provide an environment where virtual systems can be stored, deployed, and operated. They also provide storage for virtual media, such as floppy disks and CD ROMs.

A single organization can have multiple organization vDCs.

vCloud Director Networking

vCloud Director supports three types of networks.

External networks

Organization networks

vApp networks

Some organization networks and all vApp networks are backed by network pools.

External Networks

An external network is a logical, differentiated network based on a vSphere port group. Organization networks can connect to external networks to provide Internet connectivity to virtual machines inside of a vApp.

Only system administrators create and manage external networks.

Organization Networks

An organization network is contained within a vCloud Director organization and is available to all the vApps in the organization. An organization network allows vApps within an organization to communicate with each other. You can connect an organization network to an external network to provide external connectivity. You can also create an isolated organization network that is internal to the organization. Certain types of organization networks are backed by network pools.

Only system administrators can create organization networks. System administrators and organization administrators can manage organization networks, although there are some limits to what an organization administrator can do.

vApp Networks

A vApp network is contained within a vApp and allows virtual machines in the vApp to communicate with each other. You can connect a vApp network to an organization network to allow the vApp to communicate with other vApps in the organization and outside of the organization, if the organization network is connected to an external network. vApp networks are backed by network pools.

Most users with access to a vApp can create and manage their own vApp networks. Working with vApp networks is described in the VMware vCloud Director User's Guide.

10 VMware, Inc.

Chapter 1 Getting Started with vCloud Director

Network Pools

A network pool is a group of undifferentiated networks that is available for use within an organization vDC. A network pool is backed by vSphere network resources such as VLAN IDs, port groups, or Cloud isolated networks. all vApp networks. Network traffic on each network in a pool is isolated at layer 2 from all other networks.

Each organization vDC in vCloud Director can have one network pool. Multiple organization vDCs can share the same network pool. The network pool for an organization vDC provides the networks created to satisfy the network quota for an organization vDC.

Only system administrators can create and manage network pools.

vCloud Director uses network pools to create NAT-routed and internal organization networks and

Organizations

vCloud Director supports multi-tenancy through the use of organizations. An organization is a unit of administration for a collection of users, groups, and computing resources. Users authenticate at the organization level, supplying credentials established by an organization administrator when the user was created or imported. System administrators create and provision organizations, while organization administrators manage organization users, groups, and catalogs. Organization administrator tasks are described in the VMware vCloud Director User's Guide.

Users and Groups

An organization can contain an arbitrary number of users and groups. Users can be created by the organization administrator or imported from a directory service such as LDAP. Groups must be imported from the directory service. Permissions within an organization are controlled through the assignment of rights and roles to users and groups.

Catalogs

Organizations use catalogs to store vApp templates and media files. The members of an organization that have access to a catalog can use the catalog's vApp templates and media files to create their own vApps. A system administrator can allow an organization to publish a catalog to make it available to other organizations. Organizations administrators can then choose which catalog items to provide to their users.

Log In to the Web Console

You can access the vCloud Director user interface by using a Web browser.

For a list of supported browsers, see the VMware vCloud Director Installation and Configuration Guide.

Prerequisites

You must have the system administrator user name and password that you created during the system setup.

Procedure

1 Open a Web browser and navigate to https://

hostname.domain.tld

/cloud.

For hostname.domain.tld, provide the fully qualified domain name associated with the primary IP address of the vCloud Director server host. For example, https://cloud.example.com/cloud.

2 Type the system administrator user name and password and click Login.

vCloud Director displays a list of the next tasks you should perform.

VMware, Inc. 11

vCloud Director Administrator's Guide

Preparing the System

The Home

tab in the vCloud Director Web console provides links to the tasks required to prepare the system

for use. Links become active after you complete prerequisite tasks.

For more information about each task, see Table 1-1.

Table 1-1. Quick Start Tasks

Task For More Information

Attach a vCenter “Attach a vCenter Server,” on page 15

Create a Provider Virtual Datacenter “Create a Provider Virtual Datacenter,” on page 17

Create an External Network “Add an External Network,” on page 18

Create a Network Pool “Network Pools,” on page 19

Create an Organization “Create an Organization,” on page 24

Allocate Resources to an Organization “Create an Organization vDC,” on page 43

Add a Network to an Organization “Creating Organization Networks,” on page 50

Add a Catalog to an Organization “Add a Catalog to an Organization,” on page 79

Create a Microsoft Sysprep Deployment Package

Before vCloud Director can perform guest customization on virtual machines with certain Windows guest operating systems, you must create a Microsoft Sysprep deployment package on each cloud cell in your installation.

During

installation, vCloud Director places some files in the sysprep folder on the vCloud Director server host.

Do not overwrite these files when you create the Sysprep package.

Prerequisites

Access to the Sysprep binary files for Windows 2000, Windows 2003 (32- and 64-bit), and Windows XP (32and 64-bit).

Procedure

1 Copy the Sysprep binary files for each operating system to a convenient location on a vCloud Director

server host.

Each operating system requires its own folder.

NOTE Folder names are case-sensitive.

Guest OS Copy Destination

Windows 2000 SysprepBinariesDirectory /win2000

Windows 2003 (32-bit) SysprepBinariesDirectory /win2k3

Windows 2003 (64-bit) SysprepBinariesDirectory /win2k3_64

Windows XP (32-bit) SysprepBinariesDirectory /winxp

Windows XP (64-bit) SysprepBinariesDirectory /winxp_64

SysprepBinariesDirectory represents a location you choose to which to copy the binaries.

12 VMware, Inc.

Chapter 1 Getting Started with vCloud Director

2 Run the /opt/vmware/cloud-director/deploymentPackageCreator/createSysprepPackage.sh

SysprepBinariesDirectory command.

For example, /opt/vmware/cloud-

director/deploymentPackageCreator/createSysprepPackage.sh /root/MySysprepFiles.

Use the service vmware-vcd restart command to restart the cloud cell.

4 If you have multiple cloud cells, copy the package and properties file to all cloud cells.

scp /opt/vmware/cloud-director/guestcustomization/vcloud_sysprep.properties /opt/vmware/cloud-director/guestcustomization/windows_deployment_package_sysprep.cab

next_cell_IP

root@

:/opt/vmware/cloud-director/guestcustomization

5 Restart each cloud cell to which you copy the files.

Replace a Microsoft Sysprep Deployment Package

If you already created a Microsoft Sysprep deployment package and you need to generate a new one, you must replace the existing Sysprep package on each cloud cell in your installation.

Prerequisites

Access to the Sysprep binary files for Windows 2000, Windows 2003 (32- and 64-bit), and Windows XP (32and 64-bit).

Procedure

1 Use the service vmware-vcd stop command to stop the first cloud cell.

2 Copy the new Sysprep binary files for each operating system to a convenient location on a vCloud Director

server host.

Each operating system requires its own folder.

NOTE Folder names are case-sensitive.

Guest OS Copy Destination

Windows 2000 SysprepBinariesDirectory /win2000

Windows 2003 (32-bit) SysprepBinariesDirectory /win2k3

Windows 2003 (64-bit) SysprepBinariesDirectory /win2k3_64

Windows XP (32-bit) SysprepBinariesDirectory /winxp

Windows XP (64-bit) SysprepBinariesDirectory /winxp_64

SysprepBinariesDirectory represents a location you choose to which to copy the binaries.

3 Run the /opt/vmware/cloud-director/deploymentPackageCreator/createSysprepPackage.sh

SysprepBinariesDirectory command.

For example, /opt/vmware/cloud-

director/deploymentPackageCreator/createSysprepPackage.sh /root/MySysprepFiles.

4 Use the service vmware-vcd restart command to restart the cloud cell.

5 If you have multiple cloud cells, stop each cell and copy the package and properties file to each cell.

scp /opt/vmware/cloud-director/guestcustomization/vcloud_sysprep.properties /opt/vmware/cloud-director/guestcustomization/windows_deployment_package_sysprep.cab root@

next_cell_IP

:/opt/vmware/cloud-director/guestcustomization

6 Restart each cloud cell to which you copy the files.

VMware, Inc. 13

vCloud Director Administrator's Guide

Set User Preferences

You can set certain display and system alerts preferences that take effect every time you log in to the system.

Procedure

In the title bar of the Web console, click Preferences.

2 Click the Defaults tab.

3 Select the page to display when you log in.

4 Select the number of days or hours before a runtime lease expires that you want to receive an email

notification.

5 Select the number of days or hours before a storage lease expires that you want to receive an email

notification.

6 Click OK.

Change a System Administrator Password

You can change the password for your system administrator account.

You can change the password of local (non-LDAP) users only.

Procedure

1 Click Preferences in the title bar of the Web console.

2 Click the Change Password tab.

3 Type your current password and then type your new password twice and click OK.

14 VMware, Inc.

Adding Resources to vCloud Director 2

vCloud Director derives its resources from an underlying vSphere virtual infrastructure. After you register vSphere resources in vCloud Director, you can allocate these resources for organizations within the vCloud Director installation to use.

This chapter includes the following topics:

“Adding vSphere Resources,” on page 15

“Adding Cloud Resources,” on page 17

Adding vSphere Resources

vCloud vSphere datastores provide storage for virtual machine files and other files necessary for virtual machine operations.

For information about vCloud Director system requirements and supported versions of vCenter Server and ESX/ESXi see the VMware vCloud Director Installation and Configuration Guide.

Director relies on vSphere resources to provide CPU and memory to run virtual machines. In addition,

Attach a vCenter Server

Attach a vCenter Server to make its resources available for use with vCloud Director. After you attach a vCenter Server, you can assign its resource pools, datastores, and networks to a provider virtual datacenter.

Prerequisites

An instance of vShield Manager is installed and configured for vCloud Director. For more information, see the VMware vCloud Director Installation and Configuration Guide.

Procedure

1 Open the Attach New vCenter Wizard on page 16

Open the Attach New vCenter wizard to start the process of attaching a vCenter Server to vCloud Director.

2 Provide vCenter Server Connection and Display Information on page 16

To attach a vCenter Server to vCloud Director, you must provide connection information and a display name for the vCenter Server.

3 Connect to vShield Manager on page 16

vCloud Director requires vShield Manager to provide network services. Each vCenter Server you attach to vCloud Director requires its own vShield Manager.

4 Confirm Settings and Attach the vCenter Server on page 16

Before you attach the new vCenter Server, review the settings you entered.

VMware, Inc. 15

vCloud Director Administrator's Guide

Open the Attach New vCenter Wizard

Open the Attach New vCenter wizard to start the process of attaching a vCenter Server to vCloud Director.

Procedure

Click the Manage & Monitor tab and then click vCenters in the left pane.

2 Click the Attach New vCenter button.

The Attach New vCenter wizard launches.

Provide vCenter Server Connection and Display Information

To attach a vCenter Server to vCloud Director, you must provide connection information and a display name for the vCenter Server.

Procedure

1 Type the host name or IP address of the vCenter Server.

2 Select the port number that vCenter Server uses.

The default port number is 443.

3 Type the user name and password of a vCenter Server administrator.

The user account must have the Administrator role in vCenter.

4 Type a name for the vCenter Server.

The name you type becomes the display name for the vCenter Server in vCloud Director.

5 (Optional) Type a description for the vCenter Server.

6 Click Next to save your choices and go to the next page.

Connect to vShield Manager

vCloud Director requires vShield Manager to provide network services. Each vCenter Server you attach to vCloud Director requires its own vShield Manager.

Procedure

1 Type the host name or IP address of the vShield Manager to use with the vCenter Server that you are

attaching.

2 Type the user name and password to connect to vShield Manager.

The default user name is admin and the default password is default. You can change these defaults in the vShield Manager user interface.

3 Click Next to save your choices and go to the next page.

Confirm Settings and Attach the vCenter Server

Before you attach the new vCenter Server, review the settings you entered.

Procedure

1 Review the settings for the vCenter Server and vShield Manager.

2 (Optional) Click Back to modify the settings.

3 Click Finish to accept the settings and attach the vCenter Server.

16 VMware, Inc.

Chapter 2 Adding Resources to vCloud Director

vCloud Director attaches the new vCenter Server and registers its resources for provider virtual datacenters to use.

What to do next

Assign a vShield for VMware vCloud Director license key in the vCenter Server.

Assign a vShield License Key in vCenter

After

you attach a vCenter Server to vCloud Director, you must use the vSphere Client to assign a vShield for

VMware vCloud Director license key.

Prerequisites

The vSphere Client must be connected to the vCenter Server system.

Procedure

1 From a vSphere Client host that is connected to the vCenter Server system, select Home > Licensing.

2 For the report view, select Asset.

3 Right-click the vShield-edge asset and select Change license key.

4 Select Assign a new license key and click Enter Key.

5 Enter the license key, enter an optional label for the key, and click OK.

Use the vShield for VMware vCloud Director license key you received when you purchased vCloud Director. You can use this license key in multiple vCenter Servers.

6 Click OK.

Adding Cloud Resources

Cloud resources are an abstraction of their underlying vSphere resources and provide the compute and memory resources for vCloud Director virtual machines and vApps, and access to storage and network connectivity.

Cloud resources include provider and organization virtual datacenters, external networks, organization networks, and network pools. Before you can add cloud resources to vCloud Director, you must add vSphere resources.

For more information about organization virtual datacenters, see “Allocate Resources to an Organization,” on page 28.

For more information about organization networks, see “Adding Networks to an Organization,” on page 32.

Provider Virtual Datacenters

A provider virtual datacenter (vDC) combines the compute and memory resources of a single vCenter Server resource pool with the storage resources of one or more datastores connected to that resource pool.

A provider vDC is the source for organization vDCs.

Create a Provider Virtual Datacenter

You can create a provider vDC to register vSphere compute, memory, and storage resources for vCloud Director to use. You can create multiple provider vDCs for users in different geographic locations or business units, or for users with different performance requirements.

A provider vDC can only include a single resource pool from a single vCenter Server.

VMware, Inc. 17

vCloud Director Administrator's Guide

If you plan to add a resource pool that is part of a cluster that uses vSphere HA, make sure you are familiar with

how vSphere HA calculates slot size. For more information about slot sizes and customizing vSphere HA

behavior, see the VMware vSphere Availability Guide.

Prerequisites

Verify that at least one vCenter Server is attached with an available resource pool to vCloud Director. The resource pool must be in a vCenter cluster that is configured to use automated DRS. The vCenter Server must have the vShield for VMware vCloud Director license key.

Procedure

1 Click the Manage & Monitor tab and click Provider vDCs in the left pane.

2 Click New Provider vDC.

3 Type a name and optional description.

You can use the name and description fields to indicate the vSphere functions available to the provider vDC, for example, vSphere HA.

4 Select the latest supported hardware version and click Next.

This selection determines the latest supported hardware version for virtual machines in organization vDCs based on this provider vDC. Hardware Version 8 requires ESX/ESXi 5.0 hosts. If this provider vDC will use a resource pool that contains ESX/Esxi 5.0 and ESX/ESXi 4.x hosts, select Hardware Version 7.

5 Select a vCenter Server and resource pool and click Next.

If the vCenter Server has no available resource pools, no resource pools appear in the list.

6 Select one or more datastores, click Add, and click Next.

vCloud Director does not support the use of read-only datastores with provider vDCs. In most cases, readonly datastores do not appear in the list, but some read-only NFS datastores might appear. Do not add these datastores to your provider vDC.

Use only shared storage because vSphere DRS cannot migrate virtual machines on local storage.

7 Type the root user name and password for the ESX/ESXi hosts and click Next.

8 Click Finish to create the provider vDC.

External Networks

An external network is a logical, differentiated network based on a vSphere port group. An external network provides the interface to the Internet for virtual machines connected to external organization networks.

For more information about organization networks, see “Understanding Organization Networks,” on page 32.

Add an External Network

Add an external network to register vSphere network resources for vCloud Director to use. You can create organization networks that connect to an external network.

Prerequisites

A vSphere port group is available. If the port group uses VLAN, it can use only a single VLAN. Port groups with VLAN trunking are not supported.

Procedure

1 Click the Manage & Monitor tab and click External Networks in the left pane.

18 VMware, Inc.

Chapter 2 Adding Resources to vCloud Director

2 Click the Add Network button.

Select a vCenter Server and a vSphere port group and click Next.

4 Type the network settings and click Next.

5 Type a name and optional description for the network and click Next.

6 Review the network settings and click Finish.

What to do next

You can now create an organization network that connects to the external network.

Network Pools

A network pool is a group of undifferentiated networks that is available for use within an organization vDC to create vApp networks and certain types of organization networks.

A network pool is backed by vSphere network resources such as VLAN IDs, port groups, or Cloud isolated networks. vCloud Director uses network pools to create NAT-routed and internal organization networks and all vApp networks. Network traffic on each network in a pool is isolated at layer 2 from all other networks.

Add a Network Pool That Is Backed by VLAN IDs

You can add a VLAN-backed network pool to register vSphere VLAN IDs for vCloud Director to use. A VLANbacked network pool provides the best security, scalability, and performance for organization networks.

Prerequisites

Verify that a range of VLAN IDs and a vSphere distributed switch are available in vSphere. The VLAN IDs must be valid IDs that are configured in the physical switch to which the ESX/ESXi servers are connected.

CAUTION The VLANs must be isolated at the layer 2 level. Failure to properly isolate the VLANs can cause a disruption on the network.

Procedure

Click the Manage & Monitor tab and click Network Pools in the left pane.

2 Click Add Network Pool.

3 Select VLAN-backed and click Next.

4 Type a range of VLAN IDs and click Add.

You can create one network for each VLAN ID.

5 Select a vCenter Server and vSphere distributed switch and click Next.

6 Type a name and optional description for the network and click Next.

7 Review the network pool settings and click Finish.

What to do next

You can now create an organization network that is backed by the network pool or associate the network pool with an organization vDC and create vApp networks.

VMware, Inc. 19

vCloud Director Administrator's Guide

Add a Network Pool That Is Backed by Cloud Isolated Networks

You

can create a network pool that is backed by cloud isolated networks. A cloud isolated network spans hosts,

provides traffic isolation from other networks, and is the best source for vApp networks.

An isolation-backed network pool does not require preexisting port groups in vSphere.

Prerequisites

Verify that a vSphere distributed switch is available.

Procedure

1 Click the Manage & Monitor tab and click Network Pools in the left pane.

2 Click Add Network Pool.

3 Select VCD Network Isolation-backed and click Next.

4 Type the number of networks to create from the network pool.

5 (Optional) Type a VLAN ID.

6 Select a vCenter Server and a vSphere distributed switch and click Next.

7 Type a name and optional description for the network and click Next.

8 Review the network pool settings and click Finish.

vCloud Director creates cloud isolated networks in vSphere as they are needed.

What to do next

You can now create an organization network that is backed by the network pool or associate the network pool with an organization vDC and create vApp networks. You can also increase the network pool MTU. See “Set

the MTU for a Network Pool Backed by Cloud Isolated Networks,” on page 21.

Add a Network Pool That Is Backed by vSphere Port Groups

You can add a network pool that is backed by port groups to register vSphere port groups for vCloud Director to use. Unlike other types of network pools, a network pool that is backed by port groups does not require a vSphere distributed switch.

CAUTION The port groups must be isolated from all other port groups at the layer 2 level. The port groups must

be physically isolated or must be isolated by using VLAN tags. Failure to properly isolate the port groups

can cause a disruption on the network.

Prerequisites

Verify that one or more port groups are available in vSphere. The port groups must be available on each ESX/ESXi host in the cluster, and each port group must use only a single VLAN. Port groups with VLAN trunking are not supported.

Procedure

Click the Manage & Monitor tab and click Network Pools in the left pane.

2 Click Add Network Pool.

3 Select vSphere Port Group-backed and click Next.

4 Select a vCenter Server and click Next.

20 VMware, Inc.

Chapter 2 Adding Resources to vCloud Director

5 Select one or more port groups, click Add, and click Next.

You can create one network for each port group.

Type a name and optional description for the network and click Next.

7 Review the network pool settings and click Finish.

What to do next

You can now create an organization network that is backed by the network pool or associate the network pool with an organization vDC and create vApp networks.

Set the MTU for a Network Pool Backed by Cloud Isolated Networks

You can specify the maximum transmission units (MTU) that vCloud Director uses for a network pool that is backed by Cloud isolated networks. The MTU is the maximum amount of data that can be transmitted in one packet before it is divided into smaller packets.

When you configure the virtual machine guest operating system and the underlying physical infrastructure with the standard MTU (1500 bytes), the VMware network isolation protocol fragments frames. To avoid frame fragmentation, increase the MTU to at least 1524 bytes for the network pool and the underlying physical network. You can increase the network pool MTU up to, but not greater than, the MTU of the physical network.

If your physical network has an MTU of less than 1500 bytes, decrease the MTU of the network pool to match the underlying physical network.

Prerequisites

Verify that you have a network pool backed by cloud isolated networks. Before you increase the MTU for a network pool, you must ensure that the physical switch infrastructure supports an MTU of greater than 1500, also known as jumbo frames.

Procedure

1 Click the Manage & Monitor tab and click Network Pools in the left pane.

2 Right-click the network pool name and select Properties.

3 On the Network Pool MTU tab, type the MTU and click OK.

vCloud Director modifies the MTU for the network pool and all other network pools that use the same vSphere distributed switch.

VMware, Inc. 21

vCloud Director Administrator's Guide

22 VMware, Inc.

Creating and Provisioning

Organizations 3

Organizations provide resources to a group of users and set policies that determine how users can consume those resources. Create an organization for each group of users that requires its own resources, policies, or both.

This chapter includes the following topics:

“Understanding Leases,” on page 23

“Create an Organization,” on page 24

“Allocate Resources to an Organization,” on page 28

“Adding Networks to an Organization,” on page 32

Understanding Leases

Creating an organization involves specifying leases. Leases provide a level of control over an organization's storage and compute resources by specifying the maximum amount of time that vApps can be running and that vApps and vApp templates can be stored.

The goal of a runtime lease is to prevent inactive vApps from consuming compute resources. For example, if a user starts a vApp and goes on vacation without stopping it, the vApp continues to consume resources.

A runtime lease begins when a user starts a vApp. When a runtime lease expires, vCloud Director stops the vApp.

The

goal of a storage lease is to prevent unused vApps and vApp templates from consuming storage resources. A vApp storage lease begins when a user stops the vApp. Storage leases do not affect running vApps. A vApp template storage lease begins when a user adds the vApp template to a vApp, adds the vApp template to a workspace, downloads, copies, or moves the vApp template.

When a storage lease expires, vCloud Director marks the vApp or vApp template as expired, or deletes the vApp or vApp template, depending on the organization policy you set.

For more information about specifying lease settings, see “Configure Organization Lease, Quota, and Limit

Settings,” on page 27.

Users can configure email notification to receive a message before a runtime or storage lease expires. See “Set

User Preferences,” on page 14 for information about lease expiration preferences.

VMware, Inc. 23

vCloud Director Administrator's Guide

Create an Organization

Creating an organization involves specifying the organization settings and creating a user account for the organization administrator.

Procedure

1 Open the New Organization Wizard on page 24

Open the New Organization wizard to start the process of creating an organization.

2 Name the Organization on page 25

Provide a descriptive name and an optional description for your new organization.

3 Specify the Organization LDAP Options on page 25

can use an LDAP service to provide a directory of users and groups for the organization. If you do

You not specify an LDAP service, you must create a user account for each user in the organization. LDAP options can only be set by a system administrator and cannot be modified by an organization administrator.

4 Add Local Users to the Organization on page 26

Every organization should have at least one local, non-LDAP, organization administrator account, so that users can log in even if the LDAP service is unavailable.

5 Set the Organization Catalog Publishing Policy on page 26

A catalog provides organization users with a library of vApp templates and media that they can use to create vApps and install applications on virtual machines.

6 Configure Email Preferences on page 26

vCloud Director requires an SMTP server to send user notification and system alert emails. An organization can use the system email settings or use its own email settings.

7 Configure Organization Lease, Quota, and Limit Settings on page 27

Leases, quotas, and limits constrain the ability of organization users to consume storage and processing resources. Use these settings to prevent users from depleting or monopolizing an organization's resources.

8 Confirm Settings and Create the Organization on page 27

Before you create the organization, review the settings you entered.

Open the New Organization Wizard

Open the New Organization wizard to start the process of creating an organization.

Procedure

1 Click the Manage & Monitor tab and then click Organizations in the left pane.

2 Click the New Organization button.

The New Organization wizard starts.

24 VMware, Inc.

Chapter 3 Creating and Provisioning Organizations

Name the Organization

Provide a descriptive name and an optional description for your new organization.

Procedure

Type an organization name.

This name provides a unique identifier that appears as part of the URL that members of the organization use to log in to the organization.

2 Type a display name for the organization.

This name appears in the browser header when an organization member uses the unique URL to log in to vCloud Director. An administrator or organization administrator can change this name later.

3 (Optional) Type a description of the organization.

4 Click Next.

Specify the Organization LDAP Options

You can use an LDAP service to provide a directory of users and groups for the organization. If you do not specify an LDAP service, you must create a user account for each user in the organization. LDAP options can only be set by a system administrator and cannot be modified by an organization administrator.

For more information about entering custom LDAP settings, see “Configuring the System LDAP Settings,” on page 93.

Procedure

1 Select the source for organization users.

Option Description

Do not use LDAP

VCD system LDAP service

Custom LDAP service

Organization administrator creates a local user account for each user in the organization. You cannot create groups if you choose this option.

Use the vCloud Director system LDAP service as the source for organization users and groups.

Connect the organization to its own private LDAP service.

Provide any additional information that your selection requires.

Option Action

Do not use LDAP

VCD system LDAP service

Custom LDAP service

Click Next.

(Optional) Type the distinguished name of the organizational unit (OU) to use to limit the users that you can import into the organization and click Next. If you do not enter anything, you can import all users in the system LDAP service into the organization.

NOTE Specifying an OU does not limit the LDAP groups you can import.

can import any LDAP group from the system LDAP root. However, only

You users who are in both the OU and the imported group can log in to the organization.

Click Next and enter the custom LDAP settings for the organization.

VMware, Inc. 25

vCloud Director Administrator's Guide

Add Local Users to the Organization

Every

organization should have at least one local, non-LDAP, organization administrator account, so that users

can log in even if the LDAP service is unavailable.

Procedure

1 Click Add.

2 Type a user name and password.

3 Assign a role to the user.

4 (Optional) Type the contact information for the user.

5 Select Unlimited or type a user quota for stored and running virtual machines and click OK.

These quotas limit the user's ability to consume storage and compute resources in the organization.

6 Click Next.

Set the Organization Catalog Publishing Policy

A catalog provides organization users with a library of vApp templates and media that they can use to create vApps and install applications on virtual machines.

Generally, catalogs should only be available to users in a single organization, but a system administrator can allow the organization administrator to publish their catalogs to all organizations in the vCloud Director installation.

Procedure

1 Select a catalog publishing option.

Option Description

Cannot publish catalogs

Allow publishing catalogs to all organizations

The organization administrator cannot publish catalogs for users outside of the organization.

The organization administrator can publish catalogs for users in all organizations.

Click Next.

Configure Email Preferences

vCloud Director requires an SMTP server to send user notification and system alert emails. An organization can use the system email settings or use its own email settings.

Procedure

1 Select an SMTP server option.

Option Description

Use system default SMTP server

Set organization SMTP server

The organization uses the system SMTP server.

The organization uses its own SMTP server. Type the DNS host name or IP

and port number of the SMTP server. (Optional) Select the Requires

address authentication check box and type a user name and password.

26 VMware, Inc.

Chapter 3 Creating and Provisioning Organizations

2 Select a notification settings option.

Option Description

Use system default notification settings

Set organization notification settings

The organization uses the system notification settings.

The organization uses its own notification settings. Type an email address that appears as the sender for organization emails, type text to use as the subject prefix for organization emails, and select the recipients for organization emails.

(Optional) Type a destination email address and click Test Email Settings to verify that all SMTP server settings are configured as expected.

4 Click Next.

Configure Organization Lease, Quota, and Limit Settings

For more information about leases, see “Understanding Leases,” on page 23.

Procedure

1 Select the lease options for vApps and vApp templates.

Leases provide a level of control over an organization's storage and compute resources by specifying the maximum amount of time that vApps can run and that vApps and vApp templates can be stored. You can also specify what happens to vApps and vApp templates when their storage lease expires.

2 Select the quotas for running and stored virtual machines.

Quotas determine how many virtual machines each user in the organization can store and power on in the organization's virtual datacenters. The quotas that you specify act as the default for all new users added to the organization.

3 Select the limits for resource intensive operations.

Certain vCloud Director operations, for example copy and move, are more resource intensive than others. Limits prevent resource intensive operations from affecting all the users in an organization and also provide a defense against denial-of-service attacks.

4 Select the number of simultaneous VMware Remote Console connections for each virtual machine.

You might want to limit the number of simultaneous connections for performance or security reasons.

NOTE This setting does not affect Virtual Network Computing (VNC) or Remote Desktop Protocol (RDP) connections.

5 (Optional) Select the Account lockout enabled check box, select the number of invalid logins to accept

before locking a user account, and select the lockout interval.

Click Next.

Confirm Settings and Create the Organization

Before you create the organization, review the settings you entered.

Procedure

1 Review the settings for the organization.

2 (Optional) Click Back to modify the settings.

VMware, Inc. 27

vCloud Director Administrator's Guide

3 Click Finish to accept the settings and create the organization.

What to do next

Allocate resources to the organization.

Allocate Resources to an Organization

You

allocate resources to an organization by creating an organization vDC that is partitioned from a provider

vDC. A single organization can have multiple organization vDCs.

Prerequisites

You must have a provider vDC before you can allocate resources to an organization.

Procedure

1 Open the Allocate Resources Wizard on page 28

Open the Allocate Resources wizard to start the process of creating an organization vDC for an organization.

2 Select a Provider vDC on page 29

An organization vDC obtains its compute and storage resources from a provider vDC. The organization vDC provides these resources to vApps and virtual machines in the organization.

3 Select an Allocation Model on page 29

The allocation model determines how and when the provider vDC compute and memory resources that you allocate are committed to the organization vDC.

4 Configure the Allocation Model on page 29

Configure the allocation model to specify the amount of provider vDC resources to allocate to the organization vDC.

5 Allocate Storage on page 30

An organization vDC requires storage space for vApps and vApp templates. You can allocate storage from the space available on provider vDC datastores.

6 Select Network Pool on page 31

A network pool is a group of undifferentiated networks that is used to create vApp networks and NATrouted or internal organization networks.

7 Name the Organization vDC on page 31

You can provide a descriptive name and an optional description to indicate the vSphere functions available for your new organization vDC.

8 Confirm Settings and Create the Organization vDC on page 31

Before you create the organization vDC, review the settings you entered.

What to do next

Add a network to the organization.

Open the Allocate Resources Wizard

Open the Allocate Resources wizard to start the process of creating an organization vDC for an organization.

Procedure

1 Click the Manage & Monitor tab and click Organizations in the left pane.

28 VMware, Inc.

Chapter 3 Creating and Provisioning Organizations

2 Right-click the organization name and select Allocate Resources from the menu.

The Allocate Resources wizard starts.

Select a Provider vDC

organization vDC obtains its compute and storage resources from a provider vDC. The organization vDC

provides these resources to vApps and virtual machines in the organization.

Procedure

1 Select a provider vDC.

The provider vDC list displays information about available resources and the networks list displays information about networks available to the selected provider vDC.

2 Click Next.

Select an Allocation Model

The allocation model determines how and when the provider vDC compute and memory resources that you allocate are committed to the organization vDC.

Procedure

1 Select an allocation model.

Option Description

Allocation Pool

Pay-As-You-Go

Reservation Pool

Only a percentage of the resources you allocate are committed to the organization vDC. You can specify the percentage, which allows you to overcommit resources.

Resources are only committed when users create vApps in the organization vDC. You can specify a percentage of resources to guarantee, which allows

to overcommit resources. You can make a Pay-As-You-Go organization

you vDC elastic by adding multiple resource pools to its providor vDC.

All of the resources you allocate are immediately committed to the organization vDC. Users in the organization can control overcommitment by specifying reservation, limit, and priority settings for individual virtual machines.

Click Next.

Configure the Allocation Model

Configure the allocation model to specify the amount of provider vDC resources to allocate to the organization vDC.

Procedure

1 Select the allocation model options.

Not all of the models include all of the options.

Option Action

CPU allocation

CPU resources guaranteed

VMware, Inc. 29

Enter the maximum amount of CPU, in GHz, to allocate to virtual machines running in the organization vDC.

Enter the percentage of CPU resources to guarantee to virtual machines running in the organization vDC. You can overcommit resources by guaranteeing less than 100%.

vCloud Director Administrator's Guide

Option Action

Memory allocation

Memory resources guaranteed

vCPU Speed

Maximum number of VMs

Click Next.

Example: Configuring an Allocation Model

When you create an organization vDC, vCloud Director creates a vSphere resource pool based on the allocation model settings you specify. See Table 3-1, Table 3-2, and Table 3-3.

Table 3-1. How Allocation Pool Settings Affect Resource Pool Settings

Allocation Pool Setting

CPU Allocation 25 GHz CPU Limit 25 GHz

CPU % Guarantee 10% CPU Reservation 2.5 GHz

Memory Allocation 50 GB Memory Limit 50 GB

Memory % Guarantee 20% Memory Reservation 10 GB

Enter the maximum amount of memory, in GB, to allocate to virtual machines running in the organization vDC.

Enter the percentage of memory resources to guarantee to virtual machines running in the organization vDC. You can overcommit resources by guaranteeing less than 100%.

Enter the vCPU speed in GHz. Virtual machines running in the organization vDC are assigned this amount of GHz per vCPU.

Enter the maximum number of virtual machines that can be created in the organization vDC.

Allocation Pool Value Resource Pool Setting Resource Pool Value

Table 3-2. How Pay-As-You Go Settings Affect Resource Pool Settings

Pay-As-You-Go Setting

CPU % Guarantee 10% CPU Reservation, CPU Limit 0.00 GHz, Unlimited

Memory % Guarantee 100% Memory Reservation, Memory

Pay-As-You-Go Value Resource Pool Setting Resource Pool Value

0.00 GB, Unlimited

Limit

Resource pools created to support Pay-As-You-Go organization vDCs will always have no reservations or limits.

Pay-As-You-Go settings only affect overcommitment. A 100% guarantee means no overcommitment is

possible. The lower the percentage, the more overcommitment is possible.

Table 3-3. How Reservation Pool Settings Affect Resource Pool Settings

Reservation Pool Setting

CPU Allocation 25 GHz CPU Reservation, CPU Limit 25 GHz, 25 GHz

Memory Allocation 50 GB Memory Reservation, Memory

Reservation Pool Value Resource Pool Setting Resource Pool Value

50 GB, 50 GB

Limit

Allocate Storage

An organization vDC requires storage space for vApps and vApp templates. You can allocate storage from the space available on provider vDC datastores.

Thin provisioning can help avoid over-allocating storage and save storage space. For a virtual machine with a thin virtual disk, ESX/ESXi provisions the entire space required for the disk's current and future activities. ESX/ESXi commits only as much storage space as the disk needs for its initial operations.

30 VMware, Inc.

+ 84 hidden pages