VMware vCloud Director - 5.1 Administrator’s Guide

vCloud Director Administrator's Guide

vCloud Director 5.1.1

This document supports the version of each product listed and supports all subsequent versions until the document is replaced by a new edition. To check for more recent editions of this document, see http://www.vmware.com/support/pubs.

EN-000817-02

vCloud Director Administrator's Guide

You can find the most up-to-date technical documentation on the VMware Web site at:

http://www.vmware.com/support/

The VMware Web site also provides the latest product updates.

If you have comments about this documentation, submit your feedback to:

docfeedback@vmware.com

Copyright © 2010–2012 VMware, Inc. All rights reserved. This product is protected by U.S. and international copyright and intellectual property laws. VMware products are covered by one or more patents listed at

http://www.vmware.com/go/patents.

VMware is a registered trademark or trademark of VMware, Inc. in the United States and/or other jurisdictions. All other marks and names mentioned herein may be trademarks of their respective companies.

VMware, Inc.

3401 Hillview Ave. Palo Alto, CA 94304 www.vmware.com

2 VMware, Inc.

vCloud Director Administrator's Guide 7

Updated Information 9

Getting Started with vCloud Director 11

Overview of vCloud Director Administration 11

Preparing the System 14

Create a Microsoft Sysprep Deployment Package 14

Replace a Microsoft Sysprep Deployment Package 15

Replace SSL Certificates 16

Set User Preferences 17

Adding Resources to vCloud Director 19

Adding vSphere Resources 19

Adding Cloud Resources 21

Creating and Provisioning Organizations 27

Understanding Leases 27

Create an Organization 28

Allocate Resources to an Organization 32

Creating a Published Catalog 41

Enable Catalog Publishing 41

Create a Published Catalog 42

Upload a vApp Template 42

Import a vApp Template from vSphere 43

Upload a Media File 43

Import a Media File from vSphere 44

Publish a Catalog 44

VMware, Inc.

Managing Cloud Resources 45

Managing Provider vDCs 45

Managing Organization vDCs 52

Managing External Networks 64

Managing Edge Gateways 65

Managing Organization vDC Networks 81

Managing Network Pools 94

Managing Cloud Cells 96

vCloud Director Administrator's Guide

Managing vSphere Resources 99

Managing vSphere vCenter Servers 99

Managing vSphere ESX/ESXi Hosts 101

Managing vSphere Datastores 102

Managing Stranded Items 103

Managing Organizations 105

Enable or Disable an Organization 105

Delete an Organization 105

Add a Catalog to an Organization 106

Editing Organization Properties 106

Managing Organization Resources 110

Managing Organization Users and Groups 110

Managing Organization vApps and Virtual Machines 110

Managing System Administrators and Roles 113

Add a System Administrator 113

Import a System Administrator 113

Enable or Disable a System Administrator 114

Delete a System Administrator 114

Edit System Administrator Profile and Contact Information 114

Send an Email Notification to Users 115

Delete a System Administrator Who Lost Access to the System 115

Import a Group 115

Delete an LDAP Group 116

View Group Properties 116

Roles and Rights 116

Managing System Settings 119

Modify General System Settings 119

General System Settings 119

Editing System Email Settings 121

Configuring Blocking Tasks and Notifications 122

Configuring the System LDAP Settings 123

Customize the vCloud Director Client UI 126

Configuring Public Addresses 127

Configure the Account Lockout Policy 129

Configure vCloud Director to use vCenter Single Sign On 129

Monitoring vCloud Director 131

Viewing Tasks and Events 131

Monitor and Manage Blocking Tasks 133

View Usage Information for a Provider vDC 133

View Usage Information for an Organization vDC 133

Using vCloud Director's JMX Service 134

Viewing the vCloud Director Logs 134

vCloud Director and Cost Reporting 134

Monitoring Quarantined Files 135

4 VMware, Inc.

Contents

Roles and Rights 137

Predefined Roles and Their Rights 137

Index 141

VMware, Inc. 5

vCloud Director Administrator's Guide

6 VMware, Inc.

vCloud Director Administrator's Guide

The VMware vCloud Director Administrator's Guide provides information to the vCloud Director system administrator about how to add resources to the system, create and provision organizations, manage resources and organizations, and monitor the system.

Intended Audience

This book is intended for anyone who wants to configure and manage a vCloud Director installation. The information in this book is written for experienced system administrators who are familiar with Linux, Windows, IP networks, and VMware vSphere.

VMware, Inc. 7

vCloud Director Administrator's Guide

8 VMware, Inc.

Updated Information

This vCloud Director Administrator's Guide is updated with each release of the product or when necessary.

This table provides the update history of the vCloud Director Administrator's Guide.

Revision Description

000817-01

000817-00 Initial release.

Added Edge Gateway creation and configuration to the organization vDC creation and organization resource allocation workflows.

Removed an obsolete procedure from the managing provider vDCs section.

VMware, Inc. 9

vCloud Director Administrator's Guide

10 VMware, Inc.

Getting Started with vCloud Director 1

The first time you log in to the vCloud Director Web console, the Home tab guides you through the steps to configure your installation.

You can also set your user preferences and create a Microsoft Sysprep deployment package to support guest customization in vCloud Director virtual machines.

This chapter includes the following topics:

“Overview of vCloud Director Administration,” on page 11

“Log In to the Web Console,” on page 13

“Preparing the System,” on page 14

“Create a Microsoft Sysprep Deployment Package,” on page 14

“Replace a Microsoft Sysprep Deployment Package,” on page 15

“Replace SSL Certificates,” on page 16

“Set User Preferences,” on page 17

Overview of vCloud Director Administration

VMware vCloud Director is a software product that provides the ability to build secure, multi-tenant clouds by pooling virtual infrastructure resources into virtual datacenters and exposing them to users through Webbased portals and programmatic interfaces as a fully-automated, catalog-based service.

The VMware vCloud Director Administrator's Guide provides information about adding resources to the system, creating and provisioning organizations, managing resources and organizations, and monitoring the system.

vSphere Resources

vCloud Director relies on vSphere resources to provide CPU and memory to run virtual machines. In addition, vSphere datastores provide storage for virtual machine files and other files necessary for virtual machine operations. vCloud Director also utilizes vSphere distributed switches and vSphere port groups to support virtual machine networking.

You can use these underlying vSphere resources to create cloud resources.

Cloud Resources

Cloud resources are an abstraction of their underlying vSphere resources. They provide the compute and memory resources for vCloud Director virtual machines and vApps. A vApp is a virtual system that contains one or more individual virtual machines, along with parameters that define operational details. Cloud resources also provide access to storage and network connectivity.

VMware, Inc.

vCloud Director Administrator's Guide

Cloud resources include provider and organization virtual datacenters, external networks, organization vDC networks, and network pools. Before you can add cloud resources to vCloud Director, you must add vSphere resources.

Provider Virtual Datacenters

A provider virtual datacenter (vDC) combines the compute and memory resources of a single vCenter Server resource pool with the storage resources of one or more datastores available to that resource pool.

You can create multiple provider vDCs for users in different geographic locations or business units, or for users with different performance requirements.

Organization Virtual Datacenters

An organization virtual datacenter (vDC) provides resources to an organization and is partitioned from a provider vDC. Organization vDCs provide an environment where virtual systems can be stored, deployed, and operated. They also provide storage for virtual media, such as floppy disks and CD ROMs.

A single organization can have multiple organization vDCs.

vCloud Director Networking

vCloud Director supports three types of networks.

External networks

organization vDC networks

vApp networks

Some organization vDC networks and all vApp networks are backed by network pools.

External Networks

An external network is a logical, differentiated network based on a vSphere port group. organization vDC networks can connect to external networks to provide Internet connectivity to virtual machines inside of a vApp.

Only system administrators create and manage external networks.

Organization vDC Networks

An organization vDC network is contained within a vCloud Director organization vDC and is available to all the vApps in the organization. An organization vDC network allows vApps within an organization to communicate with each other. You can connect an organization vDC network to an external network to provide external connectivity. You can also create an isolated organization vDC network that is internal to the organization. Certain types of organization vDC networks are backed by network pools.

Only system administrators can create organization vDC networks. System administrators and organization administrators can manage organization vDC networks, although there are some limits to what an organization administrator can do.

vApp Networks

A vApp network is contained within a vApp and allows virtual machines in the vApp to communicate with each other. You can connect a vApp network to an organization vDC network to allow the vApp to communicate with other vApps in the organization and outside of the organization, if the organization vDC network is connected to an external network. vApp networks are backed by network pools.

Most users with access to a vApp can create and manage their own vApp networks. Working with vApp networks is described in the VMware vCloud Director User's Guide.

12 VMware, Inc.

Chapter 1 Getting Started with vCloud Director

Network Pools

A network pool is a group of undifferentiated networks that is available for use within an organization vDC. A network pool is backed by vSphere network resources such as VLAN IDs, port groups, or Cloud isolated networks. vCloud Director uses network pools to create NAT-routed and internal organization vDC networks and all vApp networks. Network traffic on each network in a pool is isolated at layer 2 from all other networks.

Each organization vDC in vCloud Director can have one network pool. Multiple organization vDCs can share the same network pool. The network pool for an organization vDC provides the networks created to satisfy the network quota for an organization vDC.

Only system administrators can create and manage network pools.

Organizations

vCloud Director supports multi-tenancy through the use of organizations. An organization is a unit of administration for a collection of users, groups, and computing resources. Users authenticate at the organization level, supplying credentials established by an organization administrator when the user was created or imported. System administrators create and provision organizations, while organization administrators manage organization users, groups, and catalogs. Organization administrator tasks are described in the VMware vCloud Director User's Guide.

Users and Groups

An organization can contain an arbitrary number of users and groups. Users can be created by the organization administrator or imported from a directory service such as LDAP. Groups must be imported from the directory service. Permissions within an organization are controlled through the assignment of rights and roles to users and groups.

Catalogs

Organizations use catalogs to store vApp templates and media files. The members of an organization that have access to a catalog can use the catalog's vApp templates and media files to create their own vApps. A system administrator can allow an organization to publish a catalog to make it available to other organizations. Organizations administrators can then choose which catalog items to provide to their users.

Log In to the Web Console

You can access the vCloud Director user interface by using a Web browser.

For a list of supported browsers, see the VMware vCloud Director Installation and Configuration Guide.

Prerequisites

You must have the system administrator user name and password that you created during the system setup.

Procedure

1 Open a Web browser and navigate to https://

hostname.domain.tld

/cloud.

For hostname.domain.tld, provide the fully qualified domain name associated with the primary IP address of the vCloud Director server host. For example, https://cloud.example.com/cloud.

2 Type the system administrator user name and password and click Login.

vCloud Director displays a list of the next tasks you should perform.

VMware, Inc. 13

vCloud Director Administrator's Guide

Preparing the System

The Home tab in the vCloud Director Web console provides links to the tasks required to prepare the system for use. Links become active after you complete prerequisite tasks.

For more information about each task, see Table 1-1.

Table 1-1. Quick Start Tasks

Task For More Information

Attach a vCenter “Attach a vCenter Server,” on page 19

Create a Provider Virtual Datacenter “Create a Provider Virtual Datacenter,” on page 21

Create an External Network “Add an External Network,” on page 22

Create a Network Pool “Network Pools,” on page 23

Create an Organization “Create an Organization,” on page 28

Allocate Resources to an Organization “Create an Organization vDC,” on page 52

Add a Network to an Organization “Adding Networks to an Organization vDC,” on page 81

Add a Catalog to an Organization “Add a Catalog to an Organization,” on page 106

Create a Microsoft Sysprep Deployment Package

Before vCloud Director can perform guest customization on virtual machines with certain Windows guest operating systems, you must create a Microsoft Sysprep deployment package on each cloud cell in your installation.

During installation, vCloud Director places some files in the sysprep folder on the vCloud Director server host. Do not overwrite these files when you create the Sysprep package.

Prerequisites

Access to the Sysprep binary files for Windows 2000, Windows 2003 (32- and 64-bit), and Windows XP (32and 64-bit).

Procedure

1 Copy the Sysprep binary files for each operating system to a convenient location on a vCloud Director

server host.

Each operating system requires its own folder.

NOTE Folder names are case-sensitive.

Guest OS Copy Destination

Windows 2000 SysprepBinariesDirectory /win2000

Windows 2003 (32-bit) SysprepBinariesDirectory /win2k3

Windows 2003 (64-bit) SysprepBinariesDirectory /win2k3_64

Windows XP (32-bit) SysprepBinariesDirectory /winxp

Windows XP (64-bit) SysprepBinariesDirectory /winxp_64

SysprepBinariesDirectory represents a location you choose to which to copy the binaries.

14 VMware, Inc.

Chapter 1 Getting Started with vCloud Director

2 Run the /opt/vmware/vcloud-director/deploymentPackageCreator/createSysprepPackage.sh

SysprepBinariesDirectory command.

For example, /opt/vmware/vcloud-

director/deploymentPackageCreator/createSysprepPackage.sh /root/MySysprepFiles.

3 Use the service vmware-vcd restart command to restart the cloud cell.

4 If you have multiple cloud cells, copy the package and properties file to all cloud cells.

scp /opt/vmware/vcloud-director/guestcustomization/vcloud_sysprep.properties /opt/vmware/vcloud-director/guestcustomization/windows_deployment_package_sysprep.cab

next_cell_IP

root@

:/opt/vmware/vcloud-director/guestcustomization

5 Restart each cloud cell to which you copy the files.

Replace a Microsoft Sysprep Deployment Package

If you already created a Microsoft Sysprep deployment package and you need to generate a new one, you must replace the existing Sysprep package on each cloud cell in your installation.

Prerequisites

Access to the Sysprep binary files for Windows 2000, Windows 2003 (32- and 64-bit), and Windows XP (32and 64-bit).

Procedure

1 Use the service vmware-vcd stop command to stop the first cloud cell.

2 Copy the new Sysprep binary files for each operating system to a convenient location on a vCloud Director

server host.

Each operating system requires its own folder.

NOTE Folder names are case-sensitive.

Guest OS Copy Destination

Windows 2000 SysprepBinariesDirectory /win2000

Windows 2003 (32-bit) SysprepBinariesDirectory /win2k3

Windows 2003 (64-bit) SysprepBinariesDirectory /win2k3_64

Windows XP (32-bit) SysprepBinariesDirectory /winxp

Windows XP (64-bit) SysprepBinariesDirectory /winxp_64

SysprepBinariesDirectory represents a location you choose to which to copy the binaries.

3 Run the /opt/vmware/vcloud-director/deploymentPackageCreator/createSysprepPackage.sh

SysprepBinariesDirectory command.

For example, /opt/vmware/vcloud-

director/deploymentPackageCreator/createSysprepPackage.sh /root/MySysprepFiles.

4 Use the service vmware-vcd restart command to restart the cloud cell.

5 If you have multiple cloud cells, stop each cell and copy the package and properties file to each cell.

scp /opt/vmware/vcloud-director/guestcustomization/vcloud_sysprep.properties /opt/vmware/vcloud-director/guestcustomization/windows_deployment_package_sysprep.cab

next_cell_IP

root@

:/opt/vmware/cloud-director/guestcustomization

6 Restart each cloud cell to which you copy the files.

VMware, Inc. 15

vCloud Director Administrator's Guide

Replace SSL Certificates

If any members of your vCloud Director server group are using self-signed SSL certificates, you can upgrade them to signed SSL certificates to obtain a higher level of trust within your cloud.

You can use the vCloud Director configuration script to upgrade the SSL certificates on a vCloud Director server. When you run this script on a server that has already been configured, it validates the database connection details and prompts for SSL certificate information, but skips all the other configuration steps, so that the existing configuration is not modified.

Each vCloud Director server requires two SSL certificates, one for each of its IP addresses, in a Java keystore file. You must execute this procedure for each member of your vCloud Director server group. You can use signed certificates (signed by a trusted certification authority) or self-signed certificates. Signed certificates provide the highest level of trust.

Prerequisites

This procedure requires you to stop vCloud Director services on each server for which you replace certificates. Stopping a server can have an impact on cloud operations.

Have the following information available:

Location and password of the keystore file that includes the SSL certificates for this server. See the vCloud Director Installation and Configuration Guide. The configuration script does not run with a privileged identity, so the keystore file and the directory in which it is stored must be readable by any user.

Password for each SSL certificate.

Procedure

1 Log in to the target server as root.

2 Stop vCloud Director services on the server.

3 Run the configuration script on the server.

Open a console, shell, or terminal window, and type:

/opt/vmware/vcloud-director/bin/configure

4 Specify the full path to the Java keystore file that holds the new certificates.

Please enter the path to the Java keystore containing your SSL certificates and private keys:/opt/keystore/certificates.ks

5 Enter the keystore and certificate passwords.

Please enter the password for the keystore: Please enter the private key password for the 'http' SSL certificate: Please enter the private key password for the 'consoleproxy' SSL certificate:

The configuration script replaces the certificates and re-starts vCloud Director services on the server.

What to do next

If you have acquired new certificates for any other members of the vCloud Director server group, use this procedure to replace the existing certificates on those servers

16 VMware, Inc.

Set User Preferences

You can set certain display and system alert preferences that take effect every time you log in to the system. You can also change the password for your system administrator account.

Procedure

1 In the title bar of the Web console, click Preferences.

2 Click the Defaults tab.

3 Select the page to display when you log in.

4 Select the number of days or hours before a runtime lease expires that you want to receive an email

notification.

5 Select the number of days or hours before a storage lease expires that you want to receive an email

notification.

6 Click the Change Password tab.

7 (Optional) Type your current password and type your new password twice.

8 Click OK.

Chapter 1 Getting Started with vCloud Director

VMware, Inc. 17

vCloud Director Administrator's Guide

18 VMware, Inc.

Adding Resources to vCloud Director 2

vCloud Director derives its resources from an underlying vSphere virtual infrastructure. After you register vSphere resources in vCloud Director, you can allocate these resources for organizations within the vCloud Director installation to use.

This chapter includes the following topics:

“Adding vSphere Resources,” on page 19

“Adding Cloud Resources,” on page 21

Adding vSphere Resources

For information about vCloud Director system requirements and supported versions of vCenter Server and ESX/ESXi see the VMware vCloud Director Installation and Configuration Guide.

Attach a vCenter Server

VMware, Inc.

Attach a vCenter Server to make its resources available for use with vCloud Director. After you attach a vCenter Server, you can assign its resource pools, datastores, and networks to a provider virtual datacenter.

Prerequisites

An instance of vShield Manager is installed and configured for vCloud Director. For more information, see the VMware vCloud Director Installation and Configuration Guide.

Procedure

1 Open the Attach New vCenter Wizard on page 20

Open the Attach New vCenter wizard to start the process of attaching a vCenter Server to vCloud Director.

2 Provide vCenter Server Connection and Display Information on page 20

To attach a vCenter Server to vCloud Director, you must provide connection information and a display name for the vCenter Server.

3 Connect to vShield Manager on page 20

vCloud Director requires vShield Manager to provide network services. Each vCenter Server you attach to vCloud Director requires its own vShield Manager.

4 Confirm Settings and Attach the vCenter Server on page 20

Before you attach the new vCenter Server, review the settings you entered.

vCloud Director Administrator's Guide

Open the Attach New vCenter Wizard

Open the Attach New vCenter wizard to start the process of attaching a vCenter Server to vCloud Director.

Procedure

1 Click the Manage & Monitor tab and then click vCenters in the left pane.

2 Click the Attach New vCenter button.

The Attach New vCenter wizard launches.

Provide vCenter Server Connection and Display Information

To attach a vCenter Server to vCloud Director, you must provide connection information and a display name for the vCenter Server.

Procedure

1 Type the host name or IP address of the vCenter Server.

2 Select the port number that vCenter Server uses.

The default port number is 443.

3 Type the user name and password of a vCenter Server administrator.

The user account must have the Administrator role in vCenter.

4 Type a name for the vCenter Server.

The name you type becomes the display name for the vCenter Server in vCloud Director.

5 (Optional) Type a description for the vCenter Server.

6 Click Next to save your choices and go to the next page.

Connect to vShield Manager

vCloud Director requires vShield Manager to provide network services. Each vCenter Server you attach to vCloud Director requires its own vShield Manager.

Procedure

1 Type the host name or IP address of the vShield Manager to use with the vCenter Server that you are

attaching.

2 Type the user name and password to connect to vShield Manager.

The default user name is admin and the default password is default. You can change these defaults in the vShield Manager user interface.

3 Click Next to save your choices and go to the next page.

Confirm Settings and Attach the vCenter Server

Before you attach the new vCenter Server, review the settings you entered.

Procedure

1 Review the settings for the vCenter Server and vShield Manager.

2 (Optional) Click Back to modify the settings.

3 Click Finish to accept the settings and attach the vCenter Server.

20 VMware, Inc.

Chapter 2 Adding Resources to vCloud Director

vCloud Director attaches the new vCenter Server and registers its resources for provider virtual datacenters to use.

What to do next

Assign a vShield for VMware vCloud Director license key in the vCenter Server.

Assign a vShield License Key in vCenter

After you attach a vCenter Server to vCloud Director, you must use the vSphere Client to assign a vShield for VMware vCloud Director license key.

Prerequisites

The vSphere Client must be connected to the vCenter Server system.

Procedure

1 From a vSphere Client host that is connected to the vCenter Server system, select Home > Licensing.

2 For the report view, select Asset.

3 Right-click the vShield-edge asset and select Change license key.

4 Select Assign a new license key and click Enter Key.

5 Enter the license key, enter an optional label for the key, and click OK.

Use the vShield for VMware vCloud Director license key you received when you purchased vCloud Director. You can use this license key in multiple vCenter Servers.

6 Click OK.

Adding Cloud Resources

Cloud resources are an abstraction of their underlying vSphere resources and provide the compute and memory resources for vCloud Director virtual machines and vApps, and access to storage and network connectivity.

For more information about organization virtual datacenters, see “Allocate Resources to an Organization,” on page 32.

For more information about organization vDC networks, see “Managing Organization vDC Networks,” on page 81

Provider Virtual Datacenters

A provider virtual datacenter (vDC) combines the compute and memory resources of a single vCenter Server resource pool with the storage resources of one or more datastores connected to that resource pool.

A provider vDC is the source for organization vDCs.

Create a Provider Virtual Datacenter

You can create a provider vDC to register vSphere compute, memory, and storage resources for vCloud Director to use. You can create multiple provider vDCs for users in different geographic locations or business units, or for users with different performance requirements.

A provider vDC can only include a single resource pool from a single vCenter Server.

VMware, Inc. 21

vCloud Director Administrator's Guide

If you plan to add a resource pool that is part of a cluster that uses vSphere HA, make sure you are familiar with how vSphere HA calculates slot size. For more information about slot sizes and customizing vSphere HA behavior, see the VMware vSphere Availability Guide.

Prerequisites

Verify that at least one vCenter Server is attached with an available resource pool to vCloud Director. The resource pool must be in a vCenter cluster that is configured to use automated DRS. The vCenter Server must have the vShield for VMware vCloud Director license key.

Procedure

1 Click the Manage & Monitor tab and click Provider vDCs in the left pane.

2 Click New Provider vDC.

3 Type a name and optional description.

You can use the name and description fields to indicate the vSphere functions available to the provider vDC, for example, vSphere HA.

4 Select the latest supported hardware version and click Next.

This selection determines the latest supported hardware version for virtual machines in organization vDCs based on this provider vDC. Hardware Version 9 requires ESXi 5.1 hosts.

5 Select a vCenter Server and resource pool and click Next.

If the vCenter Server has no available resource pools, no resource pools appear in the list.

6 Select one or more storage profiles for the provider vDC to support, click Add, and click Next.

7 Click Finish to create the provider vDC.

External Networks

An external network is a logical, differentiated network based on a vSphere port group. An external network provides the interface to the Internet for virtual machines connected to external organization vDC networks.

For more information about organization vDC networks, see “Managing Organization vDC Networks,” on page 81.

Add an External Network

Add an external network to register vSphere network resources for vCloud Director to use. You can create organization vDC networks that connect to an external network.

Prerequisites

A vSphere port group is available. If the port group uses VLAN, it can use only a single VLAN. Port groups with VLAN trunking are not supported.

VMware recommends using an auto-expanding static port group.

Procedure

1 Click the Manage & Monitor tab and click External Networks in the left pane.

2 Click the Add Network button.

3 Select a vCenter Server and a vSphere port group and click Next.

4 Type the network settings and click Next.

5 Type a name and optional description for the network and click Next.

22 VMware, Inc.

Chapter 2 Adding Resources to vCloud Director

6 Review the network settings and click Finish.

What to do next

You can now create an organization vDC network that connects to the external network.

Network Pools

A network pool is a group of undifferentiated networks that is available for use within an organization vDC to create vApp networks and certain types of organization vDC networks.

A network pool is backed by vSphere network resources such as VLAN IDs, port groups, or Cloud isolated networks. vCloud Director uses network pools to create NAT-routed and internal organization vDC networks and all vApp networks. Network traffic on each network in a pool is isolated at layer 2 from all other networks.

Add a Network Pool That Is Backed by VLAN IDs

You can add a VLAN-backed network pool to register vSphere VLAN IDs for vCloud Director to use. A VLANbacked network pool provides the best security, scalability, and performance for organization vDC networks.

Prerequisites

Verify that a range of VLAN IDs and a vSphere distributed switch are available in vSphere. The VLAN IDs must be valid IDs that are configured in the physical switch to which the ESX/ESXi servers are connected.

CAUTION The VLANs must be isolated at the layer 2 level. Failure to properly isolate the VLANs can cause a disruption on the network.

Procedure

1 Click the Manage & Monitor tab and click Network Pools in the left pane.

2 Click Add Network Pool.

3 Select VLAN-backed and click Next.

4 Type a range of VLAN IDs and click Add.

You can create one network for each VLAN ID.

5 Select a vCenter Server and vSphere distributed switch and click Next.

6 Type a name and optional description for the network and click Next.

7 Review the network pool settings and click Finish.

What to do next

You can now create an organization vDC network that is backed by the network pool or associate the network pool with an organization vDC and create vApp networks.

Add a Network Pool That Is Backed by Cloud Isolated Networks

You can create a network pool that is backed by cloud isolated networks. A cloud isolated network spans hosts, provides traffic isolation from other networks, and is the best source for vApp networks.

An isolation-backed network pool does not require preexisting port groups in vSphere.

Prerequisites

Verify that a vSphere distributed switch is available.

VMware, Inc. 23

vCloud Director Administrator's Guide

Procedure

1 Click the Manage & Monitor tab and click Network Pools in the left pane.

2 Click Add Network Pool.

3 Select VCD Network Isolation-backed and click Next.

4 Type the number of networks to create from the network pool.

5 (Optional) Type a VLAN ID.

6 Select a vCenter Server and a vSphere distributed switch and click Next.

7 Type a name and optional description for the network and click Next.

8 Review the network pool settings and click Finish.

vCloud Director creates cloud isolated networks in vSphere as they are needed.

What to do next

You can now create an organization vDC network that is backed by the network pool or associate the network pool with an organization vDC and create vApp networks. You can also increase the network pool MTU. See

“Set the MTU for a Network Pool Backed by Cloud Isolated Networks,” on page 25.

Add a Network Pool That Is Backed by vSphere Port Groups

You can add a network pool that is backed by port groups to register vSphere port groups for vCloud Director to use. Unlike other types of network pools, a network pool that is backed by port groups does not require a vSphere distributed switch.

CAUTION The port groups must be isolated from all other port groups at the layer 2 level. The port groups must be physically isolated or must be isolated by using VLAN tags. Failure to properly isolate the port groups can cause a disruption on the network.

Prerequisites

Verify that one or more port groups are available in vSphere. The port groups must be available on each ESX/ESXi host in the cluster, and each port group must use only a single VLAN. Port groups with VLAN trunking are not supported.

Procedure

1 Click the Manage & Monitor tab and click Network Pools in the left pane.

2 Click Add Network Pool.

3 Select vSphere Port Group-backed and click Next.

4 Select a vCenter Server and click Next.

5 Select one or more port groups, click Add, and click Next.

You can create one network for each port group.

6 Type a name and optional description for the network and click Next.

7 Review the network pool settings and click Finish.

What to do next

You can now create an organization vDC network that is backed by the network pool or associate the network pool with an organization vDC and create vApp networks.

24 VMware, Inc.

Chapter 2 Adding Resources to vCloud Director

Set the MTU for a Network Pool Backed by Cloud Isolated Networks

You can specify the maximum transmission units (MTU) that vCloud Director uses for a network pool that is backed by Cloud isolated networks. The MTU is the maximum amount of data that can be transmitted in one packet before it is divided into smaller packets.

When you configure the virtual machine guest operating system and the underlying physical infrastructure with the standard MTU (1500 bytes), the VMware network isolation protocol fragments frames. To avoid frame fragmentation, increase the MTU to at least 1600 bytes for the network pool and the underlying physical network. You can increase the network pool MTU up to, but not greater than, the MTU of the physical network.

If your physical network has an MTU of less than 1500 bytes, decrease the MTU of the network pool to match the underlying physical network.

Prerequisites

Verify that you have a network pool backed by cloud isolated networks. Before you increase the MTU for a network pool, you must ensure that the physical switch infrastructure supports an MTU of greater than 1500, also known as jumbo frames.

Procedure

1 Click the Manage & Monitor tab and click Network Pools in the left pane.

2 Right-click the network pool name and select Properties.

3 On the Network Pool MTU tab, type the MTU and click OK.

vCloud Director modifies the MTU for the network pool and all other network pools that use the same vSphere distributed switch.

VXLAN Network Pools

vSphere VXLAN networks are based on the IETF draft VXLAN standard. These networks support localdomain isolation equivalent to what is supported by vSphere isolation-backed networks.

When you create a provider vDC, a VXLAN network pool is created in vCloud Director. When you use this network pool, VXLAN virtual wires are created in vCenter Server.

This pool is given a name derived from the name of the containing provider vDC and attached to it at creation. You cannot delete or modify this network pool. You cannot create a VXLAN network pool by any other method. If you rename a provider vDC, its VXLAN network pool is automatically renamed.

vSphere VXLAN networks provide the following benefits.

Logical networks spanning layer 3 boundaries

Logical networks spanning multiple racks on a single layer 2

Broadcast containment

Higher performance

Greater scale (up to 16 million network addresses)

For more information on VXLAN in a vCloud environment, see the vShield Administration Guide.

VMware, Inc. 25

vCloud Director Administrator's Guide

26 VMware, Inc.

Creating and Provisioning

Organizations 3

Organizations provide resources to a group of users and set policies that determine how users can consume those resources. Create an organization for each group of users that requires its own resources, policies, or both.

This chapter includes the following topics:

“Understanding Leases,” on page 27

“Create an Organization,” on page 28

“Allocate Resources to an Organization,” on page 32

Understanding Leases

Creating an organization involves specifying leases. Leases provide a level of control over an organization's storage and compute resources by specifying the maximum amount of time that vApps can be running and that vApps and vApp templates can be stored.

The goal of a runtime lease is to prevent inactive vApps from consuming compute resources. For example, if a user starts a vApp and goes on vacation without stopping it, the vApp continues to consume resources.

A runtime lease begins when a user starts a vApp. When a runtime lease expires, vCloud Director stops the vApp.

The goal of a storage lease is to prevent unused vApps and vApp templates from consuming storage resources. A vApp storage lease begins when a user stops the vApp. Storage leases do not affect running vApps. A vApp template storage lease begins when a user adds the vApp template to a vApp, adds the vApp template to a workspace, downloads, copies, or moves the vApp template.

When a storage lease expires, vCloud Director marks the vApp or vApp template as expired, or deletes the vApp or vApp template, depending on the organization policy you set.

For more information about specifying lease settings, see “Configure Organization Lease, Quota, and Limit

Settings,” on page 31.

Users can configure email notification to receive a message before a runtime or storage lease expires. See “Set

User Preferences,” on page 17 for information about lease expiration preferences.

VMware, Inc.

vCloud Director Administrator's Guide

Create an Organization

Creating an organization involves specifying the organization settings and creating a user account for the organization administrator.

Procedure

1 Open the New Organization Wizard on page 28

Open the New Organization wizard to start the process of creating an organization.

2 Name the Organization on page 29

Provide a descriptive name and an optional description for your new organization.

3 Specify the Organization LDAP Options on page 29

You can use an LDAP service to provide a directory of users and groups for the organization. If you do not specify an LDAP service, you must create a user account for each user in the organization. Only a system administrator can set LDAP options. An organization administrator cannot modify LDAP options.

4 Add Local Users to the Organization on page 30

Every organization should have at least one local organization administrator account, so that users can log in even if the LDAP and SAML services are unavailable.

5 Set the Organization Catalog Publishing Policy on page 30

A catalog provides organization users with a library of vApp templates and media that they can use to create vApps and install applications on virtual machines.

6 Configure Email Preferences on page 30

vCloud Director requires an SMTP server to send user notification and system alert emails. An organization can use the system email settings or use its own email settings.

7 Configure Organization Lease, Quota, and Limit Settings on page 31

Leases, quotas, and limits constrain the ability of organization users to consume storage and processing resources. Use these settings to prevent users from depleting or monopolizing an organization's resources.

8 Confirm Settings and Create the Organization on page 31

Before you create the organization, review the settings you entered.

Open the New Organization Wizard

Open the New Organization wizard to start the process of creating an organization.

Procedure

1 Click the Manage & Monitor tab and then click Organizations in the left pane.

2 Click the New Organization button.

The New Organization wizard starts.

28 VMware, Inc.

Chapter 3 Creating and Provisioning Organizations

Name the Organization

Provide a descriptive name and an optional description for your new organization.

Procedure

1 Type an organization name.

This name provides a unique identifier that appears as part of the URL that members of the organization use to log in to the organization.

2 Type a display name for the organization.

This name appears in the browser header when an organization member uses the unique URL to log in to vCloud Director. An administrator or organization administrator can change this name later.

3 (Optional) Type a description of the organization.

4 Click Next.

Specify the Organization LDAP Options

For more information about entering custom LDAP settings, see “Configuring the System LDAP Settings,” on page 123.

Procedure

1 Select the source for organization users.

Option Description

Do not use LDAP

VCD system LDAP service

Custom LDAP service

Organization administrator creates a local user account for each user in the organization. You cannot create groups if you select this option.

Use the vCloud Director system LDAP service as the source for organization users and groups.

Connect the organization to its own private LDAP service.

2 Provide any additional information that your selection requires.

Option Action

Do not use LDAP

VCD system LDAP service

Custom LDAP service

Click Next.

(Optional) Type the distinguished name of the organizational unit (OU) to use to limit the users that you can import into the organization and click Next. If you do not enter anything, you can import all users in the system LDAP service into the organization.

NOTE Specifying an OU does not limit the LDAP groups you can import. You can import any LDAP group from the system LDAP root. However, only users who are in both the OU and the imported group can log in to the organization.

Click Next and enter the custom LDAP settings for the organization.

VMware, Inc. 29

vCloud Director Administrator's Guide

Add Local Users to the Organization

Every organization should have at least one local organization administrator account, so that users can log in even if the LDAP and SAML services are unavailable.

Procedure

1 Click Add.

2 Type a user name and password.

3 Assign a role to the user.

4 (Optional) Type the contact information for the user.

5 Select Unlimited or type a user quota for stored and running virtual machines and click OK.

These quotas limit the user's ability to consume storage and compute resources in the organization.

6 Click Next.

Set the Organization Catalog Publishing Policy

A catalog provides organization users with a library of vApp templates and media that they can use to create vApps and install applications on virtual machines.

Generally, catalogs should only be available to users in a single organization, but a system administrator can allow the organization administrator to publish their catalogs to all organizations in the vCloud Director installation.

Procedure

1 Select a catalog publishing option.

Option Description

Cannot publish catalogs

Allow publishing catalogs to all organizations

The organization administrator cannot publish catalogs for users outside of the organization.

The organization administrator can publish catalogs for users in all organizations.

2 Click Next.

Configure Email Preferences

vCloud Director requires an SMTP server to send user notification and system alert emails. An organization can use the system email settings or use its own email settings.

Procedure

1 Select an SMTP server option.

Option Description

Use system default SMTP server

Set organization SMTP server

The organization uses the system SMTP server.

The organization uses its own SMTP server. Type the DNS host name or IP address and port number of the SMTP server. (Optional) Select the Requires authentication check box and type a user name and password.

30 VMware, Inc.

Chapter 3 Creating and Provisioning Organizations

2 Select a notification settings option.

Option Description

Use system default notification settings

Set organization notification settings

The organization uses the system notification settings.

The organization uses its own notification settings. Type an email address that appears as the sender for organization emails, type text to use as the subject prefix for organization emails, and select the recipients for organization emails.

3 (Optional) Type a destination email address and click Test Email Settings to verify that all SMTP server

settings are configured as expected.

4 Click Next.

Configure Organization Lease, Quota, and Limit Settings

For more information about leases, see “Understanding Leases,” on page 27.

Procedure

1 Select the lease options for vApps and vApp templates.

Leases provide a level of control over an organization's storage and compute resources by specifying the maximum amount of time that vApps can run and that vApps and vApp templates can be stored. You can also specify what happens to vApps and vApp templates when their storage lease expires.

2 Select the quotas for running and stored virtual machines.

Quotas determine how many virtual machines each user in the organization can store and power on in the organization's virtual datacenters. The quotas that you specify act as the default for all new users added to the organization.

3 Select the limits for resource intensive operations.

Certain vCloud Director operations, for example copy and move, are more resource intensive than others. Limits prevent resource intensive operations from affecting all the users in an organization and also provide a defense against denial-of-service attacks.

4 Select the number of simultaneous VMware Remote Console connections for each virtual machine.

You might want to limit the number of simultaneous connections for performance or security reasons.

NOTE This setting does not affect Virtual Network Computing (VNC) or Remote Desktop Protocol (RDP) connections.

5 (Optional) Select the Account lockout enabled check box, select the number of invalid logins to accept

before locking a user account, and select the lockout interval.

6 Click Next.

Confirm Settings and Create the Organization

Before you create the organization, review the settings you entered.

Procedure

1 Review the settings for the organization.

2 (Optional) Click Back to modify the settings.

VMware, Inc. 31

vCloud Director Administrator's Guide

3 Click Finish to accept the settings and create the organization.

What to do next

Allocate resources to the organization.

Allocate Resources to an Organization

You allocate resources to an organization by creating an organization vDC that is partitioned from a provider vDC. A single organization can have multiple organization vDCs.

Prerequisites

You must have a provider vDC before you can allocate resources to an organization.

Procedure

1 Open the Allocate Resources Wizard on page 33

Open the Allocate Resources wizard to start the process of creating an organization vDC for an organization.

2 Select a Provider vDC on page 33

An organization vDC obtains its compute and storage resources from a provider vDC. The organization vDC provides these resources to vApps and virtual machines in the organization.

3 Select an Allocation Model on page 34

The allocation model determines how and when the provider vDC compute and memory resources that you allocate are committed to the organization vDC.

4 Configure the Allocation Model on page 36

Configure the allocation model to specify the amount of provider vDC resources to allocate to the organization vDC.

5 Allocate Storage on page 37

An organization vDC requires storage space for vApps and vApp templates. You can allocate storage from the space available on provider vDC datastores.

6 Select Network Pool and Services on page 38

A network pool is a group of undifferentiated networks used to create vApp networks and internal organization vDC networks.

7 Configure an Edge Gateway on page 38

You configure an edge gateway to provide connectivity to one or more external networks.

8 Configure External Networks on page 39

Select the external networks that the edge gateway can connect to.

9 Configure IP Settings on a New Edge Gateway on page 39

Configure IP settings for external networks on the new edge gateway.

10 Suballocate IP Pools on a New Edge Gateway on page 39

Suballocate into multiple static IP pools the IP pools that the external networks on the edge gateway provide.

11 Configure Rate Limits on a New Edge Gateway on page 39

Configure the inbound and outbound rate limits for each external network on the edge gateway.

12 Create an Organization vDC Network on page 40

You can create an organization vDC network that is connected to the new edge gateway.

32 VMware, Inc.

Chapter 3 Creating and Provisioning Organizations

13 Name the Organization vDC on page 40

You can provide a descriptive name and an optional description to indicate the vSphere functions available for your new organization vDC.

14 Confirm Settings and Create the Organization vDC on page 40

Before you create the organization vDC, review the settings you entered.

What to do next

Add a network to the organization.

Open the Allocate Resources Wizard

Open the Allocate Resources wizard to start the process of creating an organization vDC for an organization.

Procedure

1 Click the Manage & Monitor tab and click Organizations in the left pane.

2 Right-click the organization name and select Allocate Resources from the menu.

The Allocate Resources wizard starts.

Select a Provider vDC

An organization vDC obtains its compute and storage resources from a provider vDC. The organization vDC provides these resources to vApps and virtual machines in the organization.

Procedure

1 Select a provider vDC.

The provider vDC list displays information about available resources and the networks list displays information about networks available to the selected provider vDC.

2 Click Next.

VMware, Inc. 33

vCloud Director Administrator's Guide

Select an Allocation Model

The allocation model determines how and when the provider vDC compute and memory resources that you allocate are committed to the organization vDC.

Procedure

1 Select an allocation model.

Option Description

Allocation Pool

Pay-As-You-Go

Only a percentage of the resources you allocate from the provider vDC are committed to the organization vDC. You can specify the percentage for both CPU and memory. This percentage is known as the percentage guarantee factor, and it allows you to overcommit resources.

Starting with vCloud Director 5.1, Allocation Pool organization vDCs are elastic by default. This means that the organization vDC spans and utilizes all resource pools associated with its provider vDC. As a result, vCPU frequency is now a mandatory parameter for an Allocation Pool.

Set the vCPU frequency and percentage guarantee factor in such a way that a sufficient number of virtual machines can be deployed on the organization vDC without CPU being a bottleneck factor.

When a virtual machine is created, the placement engine places it on a provider vDC resource pool that best fits the requirements of the virtual machine. A sub-resource pool is created for this organization vDC under the provider vDC resource pool, and the virtual machine is placed under that sub-resource pool.

When the virtual machine powers on, the placement engine checks the provider vDC resource pool to ensure it still has the capacity to power on the virtual machine. If not, the placement engine moves the virtual machine to a provider vDC resource pool with sufficient resources to run the virtual machine. A sub-resource pool for the organization vDC is created if one does not already exist.

The sub-resource pool is configured with sufficient resources to run the new virtual machine. The sub-resource pool's memory limit is increased by the virtual machine's configured memory size, and its memory reservation is increased by the virtual machine's configured memory size times the percentage guarantee factor for the organization vDC. The sub-resource pool's CPU limit is increased by the number of vCPU the virtual machine is configured with times the vCPU frequency specified at the organization vDC level, and the CPU reservation is increased by the number of vCPU configured for the virtual machine times the vCPU specified at the organization vDC level times the percentage guarantee factor for CPU set at the organization vDC level. The virtual machine is reconfigured to set its memory and CPU reservation to zero and placed.

The benefits of the Allocation Pool model are that a virtual machine can take advantage of the resources of an idle virtual machine on the same subresource pool and that this model can take advantage of new resources added to the provider vDC.

In rare cases, a virtual machine is switched from the resource pool it was assigned at creation to a different resource pool at power on because of a lack of resources on the original resource pool. This might involve a minor cost to move the virtual machine disk files to a new resource pool.

Resources are only committed when users create vApps in the organization vDC. You can specify a percentage of resources to guarantee, which allows you to overcommit resources. You can make a Pay-As-You-Go organization vDC elastic by adding multiple resource pools to its provider vDC.

Resources committed to the organization are applied at the virtual machine level.

34 VMware, Inc.

Chapter 3 Creating and Provisioning Organizations

Option Description

When a virtual machine is powered on, the placement engine checks the resource pool and assigns it to another resource pool if the original resource pool cannot accommodate the virtual machine. If there is no sub-resource pool for the resource pool, vCloud Director creates one with an infinite limit and zero rate. The virtual machine's rate is set to its limit times its committed resources and the virtual machine is placed.

The benefit of the Pay-As-You-Go model is that it can take advantage of new resources added to the provider vDC.

In rare cases, a virtual machine is switched from the resource pool it was assigned at creation to a different resource pool at power on due to a lack of resources on the original resource pool. This might involve a minor cost to move the virtual machine disk files to a new resource pool.

In the Pay-As-You-Go model, no resources are reserved ahead of time, so a virtual machine might fail to power on if there aren't enough resources. Virtual machines operating under this model are also unable to take advantage of the resources of idle virtual machines on the same sub-resource pool, since resources are set at the virtual machine level.

Reservation Pool

All of the resources you allocate are immediately committed to the organization vDC. Users in the organization can control overcommitment by specifying reservation, limit, and priority settings for individual virtual machines.

Because there is only one resource pool and one sub-resource pool in this model, the placement engine does not reassign a virtual machine's resource pool when it is powered on. The virtual machine's rate and limit are not modified.

With the Reservation Pool model, sources are always available when needed. This model also offers very fine control over virtual machine rate, limit, and shares, which can lead to optimal usage of the reserved resources if you plan carefully.

In this model, reservation is always done at the primary cluster. If there are not sufficient resources to create an organization vDC on the primary cluster, the organization vDC creation fails.

Other limitations of this model are that it is not elastic and organization users might set non-optimal shares, rates, and limits on virtual machines, leading to underutilization of resources.

For information on the placement engine and virtual machine shares, rates and limits, see the vCloud Director User's Guide.

2 Click Next.

VMware, Inc. 35

vCloud Director Administrator's Guide

Configure the Allocation Model

Configure the allocation model to specify the amount of provider vDC resources to allocate to the organization vDC.

Procedure

1 Select the allocation model options.

Not all of the models include all of the options.

Option Action

CPU allocation

CPU resources guaranteed

vCPU Speed

Memory allocation

Memory resources guaranteed

Maximum number of VMs

2 Click Next.

Enter the maximum amount of CPU, in GHz, to allocate to virtual machines running in the organization vDC. This option is available only for Allocation Pool and Reservation Pool allocation models.

Enter the percentage of CPU resources to guarantee to virtual machines running in the organization vDC. You can overcommit resources by guaranteeing less than 100%. This option is available only for Allocation Pool and Pay-As-You-Go allocation models. The default value for Allocation Pool is 50%, and the default for Pay-As-You-Go is 20%. For an Allocation Pool allocation model, the percentage guarantee also determines what percentage of the CPU allocation is committed for this organization vDC.

Enter the vCPU speed in GHz. Virtual machines running in the organization vDC are assigned this amount of GHz per vCPU. This option is available only for Allocation Pool and Pay-As-You-Go allocation models.

Enter the maximum amount of memory, in GB, to allocate to virtual machines running in the organization vDC. This option is available only for Allocation Pool and Reservation Pool allocation models.

Enter the percentage of memory resources to guarantee to virtual machines running in the organization vDC. You can overcommit resources by guaranteeing less than 100%. This option is available only for Allocation Pool and Pay-As-You-Go allocation models. The default for Allocation Pool is 50%, and the default for Pay-As-You-Go is 20%. For an Allocation Pool allocation model, the percentage guarantee also determines what percentage of the memory allocation is committed for this organization vDC.

Enter the maximum number of virtual machines that can be created in the organization vDC.

Example: Configuring an Allocation Model

When you create an organization vDC, vCloud Director creates a vSphere resource pool based on the allocation model settings you specify.

36 VMware, Inc.

Chapter 3 Creating and Provisioning Organizations

Table 3-1. How Allocation Pool Settings Affect Resource Pool Settings

Allocation Pool Setting

Allocation Pool Value Resource Pool Setting

Sub-Resource Pool Value

Committed Value for this Org vDC Across All SubResource Pools

CPU Allocation 25GHz CPU Limit The sum of the number of

vCPU times vCPU frequency for all associated virtual machines

CPU % Guarantee

Memory Allocation

Memory % Guarantee

10% CPU Reservation The sum of the number of

vCPU times vCPU frequency times percentage guarantee for CPU for all associated virtual machines

50 GB Memory Limit The sum of the

configured memory size for all associated virtual machines

20% Memory Reservation The sum of the

configured memory size times the percentage guarantee for memory for all associated virtual machines

N/A

2.5GHz

N/A

10GB

Table 3-2. How Pay-As-You Go Settings Affect Resource Pool Settings

Pay-As-You-Go Setting

CPU % Guarantee 10% CPU Reservation, CPU Limit 0.00GHz, Unlimited

Memory % Guarantee 100% Memory Reservation, Memory

Pay-As-You-Go Value Resource Pool Setting Resource Pool Value

0.00GB, Unlimited

Limit

Resource pools created to support Pay-As-You-Go organization vDCs always have no reservations or limits. Pay-As-You-Go settings only affect overcommitment. A 100 percent guarantee means no overcommitment is possible. The lower the percentage, the more overcommitment is possible.

Table 3-3. How Reservation Pool Settings Affect Resource Pool Settings

Reservation Pool Setting

CPU Allocation 25 GHz CPU Reservation, CPU Limit 25GHz, 25GHz

Memory Allocation 50 GB Memory Reservation, Memory

Reservation Pool Value Resource Pool Setting Resource Pool Value

50GB, 50GB

Limit

Allocate Storage

An organization vDC requires storage space for vApps and vApp templates. You can allocate storage from the space available on provider vDC datastores.

Thin provisioning can help avoid over-allocating storage and save storage space. For a virtual machine with a thin virtual disk, ESX/ESXi provisions the entire space required for the disk's current and future activities. ESX/ESXi commits only as much storage space as the disk needs for its initial operations.

VMware, Inc. 37

vCloud Director Administrator's Guide

Fast provisioning saves time by using vSphere linked clones for certain operations. See “Fast Provisioning of

Virtual Machines,” on page 112.

IMPORTANT Fast provisioning requires vCenter Server 5.0 or later and ESXi 5.0 or later hosts. If the provider vDC on which the organization vDC is based contains any ESX/ESXi 4.x hosts, you must disable fast provisioning. If the provider vDC on which the organization vDC is based contains any VMFS datastores connected to more than 8 hosts, powering on virtual machines might fail. Make sure that datastores are connected to a maximum of 8 hosts.

Procedure

1 Select the storage profile to allocate and click Add.

2 Enter the amount of storage to allocate.

3 Select the Default instantiation profile from the drop-down menu.

This is the default storage profile used for all virtual machine provisioning operations where the storage profile is not specified.

4 (Optional) Select the Enable thin provisioning check box to enable thin provisioning for virtual machines

in the organization vDC.

5 (Optional) Deselect the Enable fast provisioning check box to disable fast provisioning for virtual

machines in the organization vDC.

6 Click Next.

Select Network Pool and Services

A network pool is a group of undifferentiated networks used to create vApp networks and internal organization vDC networks.

Procedure

1 Select a network pool or select None.

If you select None, you can add a network pool later.

2 Enter the maximum number of networks that the organization can provision from the network pool.

3 (Optional) Select Enable for each available third-party or edge gateway service to enable.

4 Click Next.

Configure an Edge Gateway

You configure an edge gateway to provide connectivity to one or more external networks.

Procedure

1 (Optional) Select Create a new edge gateway to create and configure an edge gateway.

2 Type a name and optional description for the new Edge gateway.

3 Select a gateway configuration for the edge gateway.

4 Select Enable High Availability to enable high availability on the edge gateway.

5 (Optional) Select Configure IP Settings to manually configure the external interface's IP address.

6 (Optional) Select Sub-Allocate IP Pools to allocate a set of IP addresses for gateway services to use.

7 (Optional) Select Configure Rate Limits to choose the inbound and outbound rate limits for each

externally connected interface.

38 VMware, Inc.

Chapter 3 Creating and Provisioning Organizations

8 Click Next.

Configure External Networks

Select the external networks that the edge gateway can connect to.

This page appears only if you selected Create a new edge gateway.

Procedure

1 Select an external network from the list and click Add.

Hold down Ctrl to select multiple networks.

2 Select a network to be the default gateway.

3 (Optional) Select Use default gateway for DNS Relay.

4 Click Next.

Configure IP Settings on a New Edge Gateway

Configure IP settings for external networks on the new edge gateway.

This page appears only if you selected Configure IP Settings during gateway configuration.

Procedure

1 Select Manual from the drop-down menu for each external network for which to specify an IP address.

2 Type an IP address for each external network set to Manual and click Next.

Suballocate IP Pools on a New Edge Gateway

Suballocate into multiple static IP pools the IP pools that the external networks on the edge gateway provide.

This page appears only if you selected Sub-Allocate IP Pools during gateway configuration.

Procedure

1 Select an external network and IP pool to suballocate.

2 Type an IP address or range of IP addresses within the IP pool range and click Add.

Repeat this step to add multiple suballocated IP pools.

3 (Optional) Select a suballocated IP pool and click Modify to modify the IP address range of the

suballocated IP pool.

4 (Optional) Select a suballocated IP pool and click Remove to remove the suballocated IP pool.

5 Click Next.

Configure Rate Limits on a New Edge Gateway

Configure the inbound and outbound rate limits for each external network on the edge gateway.

This page appears only if you selected Configure Rate Limits during gateway configuration. Rate limits apply only to external networks backed by distributed port groups with static binding.

Procedure

1 Click Enable for each external network on which to enable rate limits.

2 Type the Incoming Rate Limit in gigabits per second for each enabled external network.

3 Type the Outgoing Rate Limit in gigabits per second for each enabled external network and click Next.

VMware, Inc. 39

vCloud Director Administrator's Guide

Create an Organization vDC Network

You can create an organization vDC network that is connected to the new edge gateway.

This page appears only if you selected Create a new edge gateway.

Procedure

1 (Optional) Select Create a network for this virtual datacenter connected to this new edge gateway.

2 Type a name and optional description for the new organization vDC network.

3 (Optional) Select Share this network with other vDCs in the organization.

4 Type a gateway address and network mask for the organization vDC network.

5 (Optional) Select Use gateway DNS to use the DNS relay of gateway.

This option is available only if the gateway has DNS relay enabled.

6 (Optional) Enter DNS settings to use DNS.

7 Enter an IP address or range of IP addresses and click Add to create a static IP pool.

Repeat this step to add multiple static IP pools.

8 Click Next.

Name the Organization vDC

You can provide a descriptive name and an optional description to indicate the vSphere functions available for your new organization vDC.

Procedure

1 Type a name and optional description.

2 (Optional) Deselect Enabled.

Disabling the Org vDC prevents new vApps from being deployed to the vDC.

3 Click Next.

Confirm Settings and Create the Organization vDC

Before you create the organization vDC, review the settings you entered.

Procedure

1 Review the settings for the organization vDC.

2 (Optional) Click Back to modify the settings.

3 (Optional) Select Add networks to this organization after this wizard is finished to immediately create

an organization vDC network for this vDC.

4 Click Finish to accept the settings and create the organization vDC.

When you create an organization vDC, vCloud Director creates a resource pool in vSphere to provide CPU and memory resources.

40 VMware, Inc.

Creating a Published Catalog 4

You can publish a catalog to make a set of vApp templates or media files available to all of the organizations in a vCloud Director installation.

Organizations use catalogs to store vApp templates and media files. The members of an organization can use catalog items as the building blocks to create their own vApps.

When you publish a catalog, the items in the catalog become available to all of the organizations in the vCloud Director installation. The administrators of each organization can then choose which catalog items to provide to their users.

Before you can create a published catalog, you must create and provision an organization to contain the catalog.

This chapter includes the following topics:

“Enable Catalog Publishing,” on page 41

“Create a Published Catalog,” on page 42

“Upload a vApp Template,” on page 42

“Import a vApp Template from vSphere,” on page 43

“Upload a Media File,” on page 43

“Import a Media File from vSphere,” on page 44

“Publish a Catalog,” on page 44

Enable Catalog Publishing

Before you can publish an organization's catalogs, you must enable catalog publishing for the organization.

Procedure

1 Click the Manage & Monitor tab and click Organizations in the left pane.

2 Right-click the organization name and select Properties.

3 On the Catalog Publishing tab, select Allow publishing catalogs to all organizations and click OK.

VMware, Inc.

vCloud Director Administrator's Guide

Create a Published Catalog

You can create a published catalog to contain uploaded and imported vApp templates and media files to make available to all organizations. An organization can have multiple catalogs and control access to each catalog individually.

Prerequisites

Verify that you have an organization that allows catalog publishing.

Procedure

1 Click the Manage & Monitor tab and click Organizations in the left pane.

2 Right-click the organization name and select Open.

3 Click Catalogs and select My Organization's Catalogs in the left pane.

4 On the Catalogs tab, click New.

5 Type a catalog name and optional description and click Next.

6 Click Next.

7 Select Publish to all organizations and click Next.

8 Review the catalog settings and click Finish.

Upload a vApp Template

You can upload an OVF package as a vApp template to make the template available to other users. vCloud Director supports OVF 1.0 and OVF 1.1.

vCloud Director supports OVFs based on the Open Virtualization Format (OVF) Specification. If you upload an OVF that includes deployment options, those options are preserved in the vApp template.

You can quarantine files that users upload to vCloud Director so that you can process the files before you accept them. For example, you can scan the files for viruses. See “Quarantine Uploaded Files,” on page 135.

Prerequisites

Verify that the following conditions exist:

The organization to which you are uploading the OVF package has a catalog and an organization vDC.

The computer from which you are uploading has Java Plug-in 1.6.0_10 or later installed.

Procedure

1 Click the Manage & Monitor tab and click Organizations in the left pane.

2 Right-click the organization name and select Open.

3 Click Catalogs and select My Organization's Catalogs in the left pane.

4 On the vApp Templates tab, click Upload.

5 Click Browse, browse to the location of the OVF package, select it, and click Open.

6 Type a name and optional description for the vApp template.

7 Select an organization vDC and catalog and click Upload.

What to do next

Make sure that vSphere Tools is installed on the virtual machines in the vApp. vSphere Tools is required to support guest customization. See the VMware vCloud Director User's Guide.

42 VMware, Inc.

Import a vApp Template from vSphere

You can import a virtual machine from vSphere and save it as a vApp template in a catalog that is available to other users.

Prerequisites

Verify that you are a vCloud Director system administrator.

Procedure

1 Click the Manage & Monitor tab and click Organizations in the left pane.

2 Right-click the organization name and select Open.

3 Click Catalogs and select My Organization's Catalogs in the left pane.

4 On the vApp Templates tab, click Import from vSphere.

5 Select a vCenter Server and a virtual machine.

6 Type a name and optional description for the vApp template.

7 Select an organization vDC and catalog.

8 Choose whether to move or copy the virtual machine to the catalog.

Chapter 4 Creating a Published Catalog

9 Choose whether to mark the vApp template as a Gold Master in the catalog.

If you mark a vApp template as a Gold Master, this information appears in the list of vApp templates.

10 Click OK.

What to do next

Check that vSphere Tools is installed on the virtual machines in the vApp. vSphere Tools is required to support guest customization. See the VMware vCloud Director User's Guide.

Upload a Media File

You can upload an ISO or FLP file to make the media available to other users.

You can quarantine files that users upload to vCloud Director so that you can process the files before you accept them. For example, you might want to scan the files for viruses. See “Quarantine Uploaded Files,” on page 135.

Prerequisites

Verify that the computer from which you are uploading has Java Plug-in 1.6.0_10 or later installed.

Procedure

1 Click the Manage & Monitor tab and click Organizations in the left pane.

2 Right-click the organization name and select Open.

3 Click Catalogs and select My Organization's Catalogs in the left pane.

4 On the Media tab, click Upload.

5 Click Browse, browse to the location of the media file, select it, and click Open.

6 Type a name and optional description for the media file.

7 Select an organization vDC and catalog and click Upload.

VMware, Inc. 43

vCloud Director Administrator's Guide

Import a Media File from vSphere

You can import a media file from a vSphere datastore and save it in a catalog available to other users.

Prerequisites

You must be a vCloud Director system administrator. You must know which datastore contains the media file and the path to that file.

Procedure

1 Click the Manage & Monitor tab and click Organizations in the left pane.

2 Right-click the organization name and select Open.

3 Click Catalogs and select My Organization's Catalogs in the left pane.

4 On the Media tab, click the Import from vSphere button.

5 Type a name and optional description for the media file.

6 Select the source vCenter Server and datastore and type the path to the media file.

7 Select an organization vDC and catalog.

8 Click OK.

Publish a Catalog

You can publish a catalog to make its vApp templates and media files available to all organizations in the installation.

Prerequisites

Verify that the organization that contains the catalog allows catalog publishing.

Procedure

1 Click the Manage & Monitor tab and click Organizations in the left pane.

2 Right-click the organization name and select Open.

3 Click Catalogs and select My Organization's Catalogs in the left pane.

4 On the Catalogs tab, right-click the catalog name and select Publish Settings.

5 On the Publishing tab, select Publish to all organizations and click OK.

The catalog and all of its contents appear under Public Catalogs for all organizations in the vCloud Director installation.

44 VMware, Inc.

Managing Cloud Resources 5

Provider vDCs, organization vDCs, external networks, organization vDC networks, and network pools are all considered cloud resources. After you add cloud resources to vCloud Director, you can modify them and view information about their relationships with each other.

This chapter includes the following topics:

“Managing Provider vDCs,” on page 45

“Managing Organization vDCs,” on page 52

“Managing External Networks,” on page 64

“Managing Edge Gateways,” on page 65

“Managing Organization vDC Networks,” on page 81

“Managing Network Pools,” on page 94

“Managing Cloud Cells,” on page 96

Managing Provider vDCs

After you create a provider vDC, you can modify its properties, disable or delete it, and manage its ESX/ESXi hosts and datastores.

Enable or Disable a Provider vDC

You can disable a provider vDC to prevent the creation of organization vDCs that use the provider vDC resources.

When you disable a provider vDC, vCloud Director also disables the organization vDCs that use its resources. Running vApps and powered on virtual machines continue to run, but you cannot create or start additional vApps or virtual machines.

Procedure

1 Click the Manage & Monitor tab and click Provider vDCs in the left pane.

2 Right-click the provider vDC name and select Enable or Disable.

VMware, Inc.

vCloud Director Administrator's Guide

Delete a Provider vDC

You can delete a provider vDC to remove its compute, memory, and storage resources from vCloud Director. The resources remain unaffected in vSphere.

Prerequisites

Disable the provider vDC.

Disable and delete all organization vDCs that use the provider vDC.

Procedure

1 Click the Manage & Monitor tab and click Provider vDCs in the left pane.

2 Right-click the provider vDC name and select Delete.

3 Click Yes.

Modify a Provider vDC Name and Description

As your vCloud Director installation grows, you might want to assign a more descriptive name or description to an existing provider vDC.

Procedure

1 Click the Manage & Monitor tab and click Provider vDCs in the left pane.

2 Right-click the provider vDC name and select Properties.

3 Type a new name or description and click OK.

You can use the name and description fields to indicate the vSphere functionality available to the provider vDC, for example, vSphere HA.

Merge Provider vDCs

You can merge two or more provider vDCs into a single provider vDC, combining the resources of all merged provider vDCs.

Procedure

1 Click the Manage & Monitor tab and click Provider vDCs in the left pane.

2 Right-click the provider vDC to merge other provider vDCs to and select Merge with.

3 Select one or more provider vDCs to merge with this one and click Add.

Hold down Ctrl to select multiple provider vDCs.

4 (Optional) Enter a new name and description for the provider vDC.

5 Click OK.

The selected provider vDCs are merged into this provider vDC.

Enable or Disable a Provider vDC Host

You can disable a host to prevent vApps from starting up on the host. Virtual machines that are already running on the host are not affected.

To perform maintenance on a host, migrate all vApps off of the host or stop all vApps and then disable the host.

46 VMware, Inc.

Chapter 5 Managing Cloud Resources

Procedure

1 Click the Manage & Monitor tab and click Provider vDCs in the left pane.

2 Right-click the provider vDC name and select Open.

3 Click the Hosts tab.

4 Right-click the host name and select Enable Host or Disable Host.

vCloud Director enables or disables the host for all provider vDCs that use its resources.

Prepare or Unprepare a Provider vDC Host

When you add an ESX/ESXi host to a vSphere cluster that vCloud Director uses, you must prepare the host before a provider vDC can use its resources. You can unprepare a host to remove it from the vCloud Director environment.

For information about moving running virtual machines from one host to another, see “Move Virtual Machines

from one ESX/ESXi Host to Another,” on page 101.

You cannot prepare a host that is in lockdown mode. After you prepare a host, you can enable lockdown mode.

Prerequisites

Before you can unprepare a host, you must disable it and ensure that no virtual machines are running on the host.

Procedure

1 Click the Manage & Monitor tab and click Provider vDCs in the left pane.

2 Right-click the provider vDC name and select Open.

3 Click the Hosts tab.

4 Right-click the host name and select Prepare Host or Unprepare Host.

vCloud Director prepares or unprepares the host for all provider vDCs that use its resources.

Upgrade an ESX/ESXi Host Agent for a Provider vDC Host

vCloud Director installs agent software on each ESX/ESXi host in the installation. If you upgrade your ESX/ESXi hosts, you also need to upgrade your ESX/ESXi host agents.

Procedure

1 Click the Manage & Monitor tab and click Provider vDCs in the left pane.

2 Right-click the provider vDC name and select Open.

3 Click the Hosts tab.

4 Right-click the host name and select Upgrade Host.

vCloud Director upgrades the host agent. This upgrade affects all provider vDCs that use the host.

Repair a Provider vDC ESX/ESXi Host

If the vCloud Director agent on an ESX/ESXi host cannot be contacted, try to repair the host.

Procedure

1 Click the Manage & Monitor tab and click Provider vDCs in the left pane.

2 Right-click the provider vDC name and select Open.

VMware, Inc. 47

vCloud Director Administrator's Guide

3 Click the Hosts tab.

4 Right-click the host name and select Repair Host.

vCloud Director repairs the host. This operation affects all provider vDCs that use the host.

Enable vSphere VXLAN on an Upgraded Provider vDC

Enable vSphere VXLAN on an upgraded provider vDC to create a VXLAN network pool for the provider vDC.

vSphere VXLAN is enabled by default for new provider vDCs.

Prerequisites

Configure VXLAN for your vCloud environment. See the vShield Administrator's Guide.

Procedure

1 Click the Manage & Monitor tab and click Provider vDCs in the left pane.

2 Right-click the Provider vDC name and select Enable VXLAN.

A VXLAN network pool is created for the provider vDC. See “VXLAN Network Pools,” on page 25.

Provider vDC Datastores

Provider vDC datastores provide storage capacity for provider vDCs.

Provider vDC Datastore Metrics

The following information about each provider vDC datastore appears on the Datastores tab of a provider vDC.

Table 5-1. Datastore Metrics

Title Description

Name The name of the provider vDC datastore.

Enabled A checkmark appears when the provider vDC datastore is

enabled.

Type The type of file system the datastore uses, either Virtual

Machine File System (VMFS) or Network File System (NFS).

Used The datastore space occupied by virtual machine files,

including log files, snapshots, and virtual disks. When a virtual machine is powered on, the used storage space also includes log files.

Provisioned The datastore space guaranteed to virtual machines. If any

virtual machines are using thin provisioning, some of the provisioned space might not be in use, and other virtual machines can occupy the unused space.

Requested Provisioned storage in use only by vCloud Director-

managed objects on the datastore. If thin provisioning is enabled on vCloud Director, some of the requested space might not be in use.

vCenter The vCenter Server associated with the datastore.

48 VMware, Inc.

Chapter 5 Managing Cloud Resources

Add a Storage Profile to a Provider vDC

Add a storage profile to a provider vDC to support the storage profile for organization vDCs backed by the provider vDC.

Storage profiles are created and managed in vSphere. See the vSphere documentation or contact your vSphere administrator.

Procedure

1 Click the Manage & Monitor tab and click Provider vDCs in the left pane.

2 Right-click the provider vDC name and select Open.

3 Click the Storage Profiles tab.

4 Click Add Storage Profile.

5 Select a storage profile, click Add and click OK.

Support for the storage profile is added to the provider vDC.

What to do next

Configure organization vDCs backed by the provider vDC to support the storage profile. See “Add a Storage

Profile to an Organization vDC,” on page 63.

Edit the Metadata for a Storage Profile on a Provider vDC

You can edit the metadata for a storage profile on a provider vDC.

Procedure

1 Click the Manage & Monitor tab and click Provider vDCs in the left pane.

2 Right-click the provider vDC name and select Open.

3 Click the Storage Profiles tab.

4 Right-click a storage profile and select Properties.

5 Edit the metadata as appropriate and click OK.

Add a Resource Pool to a Provider vDC

You can add additional resource pools to a provider vDC so that Pay-As-You-Go and Allocation Pool organization vDCs that the provider vDC provides can expand.

When compute resources are backed by multiple resource pools, they can expand as needed to accommodate more virtual machines.

Prerequisites

Verify that one or more available resource pool exists in the same vCenter datacenter as the provider vDC's primary resource pool.

Procedure

1 Click the Manage & Monitor tab and click Provider vDCs in the left pane.

2 Right-click the provider vDC name and select Open.

3 Click the Resource Pools tab.

4 Click Add Resource Pool.

VMware, Inc. 49

vCloud Director Administrator's Guide

5 Select the resource pool to add and click Finish.

vCloud Director adds a resource pool for the provider vDC to use, making elastic all Pay-As-You-Go and Allocation Pool organization vDCs backed by the provider vDC.

vCloud Director also adds a System vDC resource pool beneath the new resource pool. This resource pool is used for the creation of vShield virtual machines and virtual machines that serve as a template for linked clones. Do not edit or delete the system vDC resource pool.

Enable or Disable a Provider vDC Resource Pool

When you disable a resource pool, the memory and compute resources of the resource pool are no longer available to the provider vDC

You must have at least one enabled resource pool on a provider vDC. Disabling a resource pool does not prevent its resources from being used by processes that are already in progress.

Procedure

1 Click the Manage & Monitor tab and click Provider vDCs in the left pane.

2 Right-click the provider vDC name and select Open.

3 Click the Resource Pools tab.

4 Right-click the resource pool and click Enable or Disable.

Detach a Resource Pool From a Provider vDC

If a provider vDC has more than one resource pool, you can detach a resource pool from the provider vDC.

Prerequisites

1 Disable the resource pool on the provider vDC.

2 Migrate any virtual machines from that resource pool to an enabled resource pool.

3 Redeploy any networks that are affected by the disabled resource pool.

4 Redeploy any edge gateways that are affected by the disabled resource pool.

Procedure

1 Click the Manage & Monitor tab and click Provider vDCs in the left pane.

2 Right-click the provider vDC name and select Open.

3 Click the Resource Pools tab.

4 Right-click the resource pool and click Detach.

Migrate Virtual Machines Between Resource Pools on a Provider vDC

You can migrate virtual machines from one resource pool to another on the same provider vDC. You can migrate virtual machines to populate a recently added resource pool, to depopulate a resource pool you plan to decommission, or to manually balance the provider vDC's resources.

Virtual machines that are part of a reservation pool organization vDC cannot be migrated. Templates and media should be migrated separately using datastore migration.

Prerequisites

Verify that you have at least one resource pool on the provider vDC other than the resource pool the virtual machines are on.

50 VMware, Inc.

Procedure

1 Click the Manage & Monitor tab and click Provider vDCs in the left pane.

2 Right-click the provider vDC name and select Open.

3 Click the Resource Pools tab.

4 Right-click the resource pool name and select Open.

5 Right-click the virtual machine name and select Migrate to.

Hold down Ctrl and click to select multiple virtual machines.

6 Choose how to select the destination resource pool for the virtual machine.

Option Description

Automatically select a resource pool

Manually select a resource pool

vCloud Director chooses the destination resource pool for the virtual machines based on the current resource balance of all available resource pools.

Select a resource pool from the list of available resource pools to which to migrate the virtual machines to .

7 Click OK.

Chapter 5 Managing Cloud Resources

Configure Low Disk Space Warnings for a Provider vDC Datastore

You can configure low disk space warnings on a datastore to receive an email from vCloud Director when the datastore reaches a specific threshold of available capacity. These warnings alert you to a low disk situation before it becomes a problem.

Procedure

1 Click the Manage & Monitor tab and click Provider vDCs in the left pane.

2 Right-click the provider vDC name and select Open.

3 Click the Datastores tab.

4 Right-click the datastore name and select Properties.

5 Select the disk space thresholds for the datastore.

You can set two thresholds, yellow and red. When vCloud Director sends an email alert, the message indicates which threshold was crossed.

6 Click OK.

vCloud Director sets the thresholds for all provider vDCs that use the datastore. vCloud Director sends an email alert when the datastore crosses the threshold.

Send an Email Notification to Provider vDC Users

You can send an email notification to all users who own objects in the provider vDC, for example, vApps or media files. You can send an email notification to let users know about upcoming system maintenance, for example.

Prerequisites

Verify that you have a valid connection to an SMTP server.

Procedure

1 Click the Manage & Monitor tab and click Provider vDCs in the left pane.

VMware, Inc. 51

vCloud Director Administrator's Guide

2 Right-click the provider vDC name and select Notify.

3 Type the email subject and message and click Send Email.

Managing Organization vDCs

After you create an organization vDC, you can modify its properties, disable or delete it, and manage its allocation model, storage, and network settings.

Create an Organization vDC

Create an organization vDC to allocate resources to an organization. An organization vDC is partitioned from a provider vDC. A single organization can have multiple organization vDCs.

Prerequisites

You must have a provider vDC before you can allocate resources to an organization.

Procedure

1 Open the New Organization vDC Wizard on page 53

Open the New Organization vDC wizard to start the process of creating an organization vDC.

2 Select an Organization for the Organization vDC on page 53

You can create an organization vDC to provide resources to any organization in the vCloud Director system. An organization can have more than one organization vDC.

3 Select a Provider vDC on page 53

An organization vDC obtains its compute and storage resources from a provider vDC. The organization vDC provides these resources to vApps and virtual machines in the organization.

4 Select an Allocation Model on page 54

The allocation model determines how and when the provider vDC compute and memory resources that you allocate are committed to the organization vDC.

5 Configure the Allocation Model on page 56

Configure the allocation model to specify the amount of provider vDC resources to allocate to the organization vDC.

6 Allocate Storage on page 57

An organization vDC requires storage space for vApps and vApp templates. You can allocate storage from the space available on provider vDC datastores.

7 Select Network Pool and Services on page 58

A network pool is a group of undifferentiated networks used to create vApp networks and internal organization vDC networks.

8 Configure an Edge Gateway on page 58

You configure an edge gateway to provide connectivity to one or more external networks.

9 Configure External Networks on page 59

Select the external networks that the edge gateway can connect to.

10 Configure IP Settings on a New Edge Gateway on page 59

Configure IP settings for external networks on the new edge gateway.

11 Suballocate IP Pools on a New Edge Gateway on page 59

Suballocate into multiple static IP pools the IP pools that the external networks on the edge gateway provide.

52 VMware, Inc.

Chapter 5 Managing Cloud Resources

12 Configure Rate Limits on a New Edge Gateway on page 59

Configure the inbound and outbound rate limits for each external network on the edge gateway.

13 Create an Organization vDC Network on page 60

You can create an organization vDC network that is connected to the new edge gateway.

14 Name the Organization vDC on page 60

You can provide a descriptive name and an optional description to indicate the vSphere functions available for your new organization vDC.

15 Confirm Settings and Create the Organization vDC on page 60

Before you create the organization vDC, review the settings you entered.

Open the New Organization vDC Wizard

Open the New Organization vDC wizard to start the process of creating an organization vDC.

Procedure

1 Click the Manage & Monitor tab and click Organization vDCs in the left pane.

2 Click the add button.

Select an Organization for the Organization vDC

You can create an organization vDC to provide resources to any organization in the vCloud Director system. An organization can have more than one organization vDC.

Procedure

1 Select an organization.

2 Click Next.

Select a Provider vDC

An organization vDC obtains its compute and storage resources from a provider vDC. The organization vDC provides these resources to vApps and virtual machines in the organization.

Procedure

1 Select a provider vDC.

The provider vDC list displays information about available resources and the networks list displays information about networks available to the selected provider vDC.

2 Click Next.

VMware, Inc. 53

vCloud Director Administrator's Guide

Select an Allocation Model

The allocation model determines how and when the provider vDC compute and memory resources that you allocate are committed to the organization vDC.

Procedure

1 Select an allocation model.

Option Description

Allocation Pool

Pay-As-You-Go

Set the vCPU frequency and percentage guarantee factor in such a way that a sufficient number of virtual machines can be deployed on the organization vDC without CPU being a bottleneck factor.

Resources committed to the organization are applied at the virtual machine level.

54 VMware, Inc.

Chapter 5 Managing Cloud Resources

Option Description

The benefit of the Pay-As-You-Go model is that it can take advantage of new resources added to the provider vDC.

Reservation Pool

In this model, reservation is always done at the primary cluster. If there are not sufficient resources to create an organization vDC on the primary cluster, the organization vDC creation fails.

Other limitations of this model are that it is not elastic and organization users might set non-optimal shares, rates, and limits on virtual machines, leading to underutilization of resources.

For information on the placement engine and virtual machine shares, rates and limits, see the vCloud Director User's Guide.

2 Click Next.

VMware, Inc. 55

vCloud Director Administrator's Guide

Configure the Allocation Model

Configure the allocation model to specify the amount of provider vDC resources to allocate to the organization vDC.

Procedure

1 Select the allocation model options.

Not all of the models include all of the options.

Option Action

CPU allocation

CPU resources guaranteed

vCPU Speed

Memory allocation

Memory resources guaranteed

Maximum number of VMs

2 Click Next.

Enter the maximum amount of CPU, in GHz, to allocate to virtual machines running in the organization vDC. This option is available only for Allocation Pool and Reservation Pool allocation models.

Enter the maximum amount of memory, in GB, to allocate to virtual machines running in the organization vDC. This option is available only for Allocation Pool and Reservation Pool allocation models.

Enter the maximum number of virtual machines that can be created in the organization vDC.

Example: Configuring an Allocation Model

When you create an organization vDC, vCloud Director creates a vSphere resource pool based on the allocation model settings you specify.

56 VMware, Inc.

Table 5-2. How Allocation Pool Settings Affect Resource Pool Settings

Allocation Pool Setting

Allocation Pool Value Resource Pool Setting

Sub-Resource Pool Value

Chapter 5 Managing Cloud Resources

Committed Value for this Org vDC Across All SubResource Pools

CPU Allocation 25GHz CPU Limit The sum of the number of

vCPU times vCPU frequency for all associated virtual machines

CPU % Guarantee

Memory Allocation

Memory % Guarantee

10% CPU Reservation The sum of the number of

vCPU times vCPU frequency times percentage guarantee for CPU for all associated virtual machines

50 GB Memory Limit The sum of the

configured memory size for all associated virtual machines

20% Memory Reservation The sum of the

configured memory size times the percentage guarantee for memory for all associated virtual machines

N/A

2.5GHz

N/A

10GB

Table 5-3. How Pay-As-You Go Settings Affect Resource Pool Settings

Pay-As-You-Go Setting

CPU % Guarantee 10% CPU Reservation, CPU Limit 0.00GHz, Unlimited

Memory % Guarantee 100% Memory Reservation, Memory

Pay-As-You-Go Value Resource Pool Setting Resource Pool Value

0.00GB, Unlimited

Limit

Table 5-4. How Reservation Pool Settings Affect Resource Pool Settings

Reservation Pool Setting

CPU Allocation 25 GHz CPU Reservation, CPU Limit 25GHz, 25GHz

Memory Allocation 50 GB Memory Reservation, Memory

Reservation Pool Value Resource Pool Setting Resource Pool Value

50GB, 50GB

Limit

Allocate Storage

An organization vDC requires storage space for vApps and vApp templates. You can allocate storage from the space available on provider vDC datastores.

VMware, Inc. 57

vCloud Director Administrator's Guide

Fast provisioning saves time by using vSphere linked clones for certain operations. See “Fast Provisioning of

Virtual Machines,” on page 112.

Procedure

1 Select the storage profile to allocate and click Add.

2 Enter the amount of storage to allocate.

3 Select the Default instantiation profile from the drop-down menu.

This is the default storage profile used for all virtual machine provisioning operations where the storage profile is not specified.

4 (Optional) Select the Enable thin provisioning check box to enable thin provisioning for virtual machines

in the organization vDC.

5 (Optional) Deselect the Enable fast provisioning check box to disable fast provisioning for virtual

machines in the organization vDC.

6 Click Next.

Select Network Pool and Services

A network pool is a group of undifferentiated networks used to create vApp networks and internal organization vDC networks.

Procedure

1 Select a network pool or select None.

If you select None, you can add a network pool later.

2 Enter the maximum number of networks that the organization can provision from the network pool.

3 (Optional) Select Enable for each available third-party or edge gateway service to enable.

4 Click Next.

Configure an Edge Gateway

You configure an edge gateway to provide connectivity to one or more external networks.

Procedure

1 (Optional) Select Create a new edge gateway to create and configure an edge gateway.

2 Type a name and optional description for the new Edge gateway.

3 Select a gateway configuration for the edge gateway.

4 Select Enable High Availability to enable high availability on the edge gateway.

5 (Optional) Select Configure IP Settings to manually configure the external interface's IP address.

6 (Optional) Select Sub-Allocate IP Pools to allocate a set of IP addresses for gateway services to use.

7 (Optional) Select Configure Rate Limits to choose the inbound and outbound rate limits for each

externally connected interface.

58 VMware, Inc.

Chapter 5 Managing Cloud Resources

8 Click Next.

Configure External Networks

Select the external networks that the edge gateway can connect to.

This page appears only if you selected Create a new edge gateway.

Procedure

1 Select an external network from the list and click Add.

Hold down Ctrl to select multiple networks.

2 Select a network to be the default gateway.

3 (Optional) Select Use default gateway for DNS Relay.

4 Click Next.

Configure IP Settings on a New Edge Gateway

Configure IP settings for external networks on the new edge gateway.

This page appears only if you selected Configure IP Settings during gateway configuration.

Procedure

1 Select Manual from the drop-down menu for each external network for which to specify an IP address.

2 Type an IP address for each external network set to Manual and click Next.

Suballocate IP Pools on a New Edge Gateway

Suballocate into multiple static IP pools the IP pools that the external networks on the edge gateway provide.

This page appears only if you selected Sub-Allocate IP Pools during gateway configuration.

Procedure

1 Select an external network and IP pool to suballocate.

2 Type an IP address or range of IP addresses within the IP pool range and click Add.

Repeat this step to add multiple suballocated IP pools.

3 (Optional) Select a suballocated IP pool and click Modify to modify the IP address range of the

suballocated IP pool.

4 (Optional) Select a suballocated IP pool and click Remove to remove the suballocated IP pool.

5 Click Next.

Configure Rate Limits on a New Edge Gateway

Configure the inbound and outbound rate limits for each external network on the edge gateway.

This page appears only if you selected Configure Rate Limits during gateway configuration. Rate limits apply only to external networks backed by distributed port groups with static binding.

Procedure

1 Click Enable for each external network on which to enable rate limits.

2 Type the Incoming Rate Limit in gigabits per second for each enabled external network.

3 Type the Outgoing Rate Limit in gigabits per second for each enabled external network and click Next.

VMware, Inc. 59

vCloud Director Administrator's Guide

Create an Organization vDC Network

You can create an organization vDC network that is connected to the new edge gateway.

This page appears only if you selected Create a new edge gateway.

Procedure

1 (Optional) Select Create a network for this virtual datacenter connected to this new edge gateway.

2 Type a name and optional description for the new organization vDC network.

3 (Optional) Select Share this network with other vDCs in the organization.

4 Type a gateway address and network mask for the organization vDC network.

5 (Optional) Select Use gateway DNS to use the DNS relay of gateway.

This option is available only if the gateway has DNS relay enabled.

6 (Optional) Enter DNS settings to use DNS.

7 Enter an IP address or range of IP addresses and click Add to create a static IP pool.

Repeat this step to add multiple static IP pools.

8 Click Next.

Name the Organization vDC

You can provide a descriptive name and an optional description to indicate the vSphere functions available for your new organization vDC.

Procedure

1 Type a name and optional description.

2 (Optional) Deselect Enabled.

Disabling the Org vDC prevents new vApps from being deployed to the vDC.

3 Click Next.

Confirm Settings and Create the Organization vDC

Before you create the organization vDC, review the settings you entered.

Procedure

1 Review the settings for the organization vDC.

2 (Optional) Click Back to modify the settings.

3 (Optional) Select Add networks to this organization after this wizard is finished to immediately create

an organization vDC network for this vDC.

4 Click Finish to accept the settings and create the organization vDC.

When you create an organization vDC, vCloud Director creates a resource pool in vSphere to provide CPU and memory resources.

60 VMware, Inc.

Chapter 5 Managing Cloud Resources

Enable or Disable an Organization vDC

You can disable an organization vDC to prevent the use of its compute and storage resources by other vApps and virtual machines. Running vApps and powered on virtual machines continue to run, but you cannot create or start additional vApps or virtual machines.

Procedure

1 Click the Manage & Monitor tab and click Organization vDCs in the left pane.

2 Right-click the organization vDC name and select Enable or Disable.

Delete an Organization vDC

You can delete an organization vDC to remove its compute, memory, and storage resources from the organization. The resources remain unaffected in the source provider vDC.

Prerequisites

Disable the organization vDC and move or delete all of its vApps, vApp templates, and media.

Procedure

1 Click the Manage & Monitor tab and click Organization vDCs in the left pane.

2 Right-click the organization vDC name and select Delete.

3 Click Yes.

Organization vDC Properties

You can edit the properties of an existing organization vDC, including the vDC name and description, allocation model settings, storage settings, and network settings.

Modify an Organization vDC Name and Description on page 61

As your vCloud Director installation grows, you might want to assign a more meaningful name or description to an existing organization vDC.

Edit Organization vDC Allocation Model Settings on page 62

You cannot change the allocation model for an organization vDC, but you can change some of the settings of the allocation model that you specified when you created the organization vDC.

Edit Organization vDC Storage Settings on page 62

After you create and use an organization vDC, you might decide to provide it with more storage resources from its source provider vDC. You can also enable or disable thin provisioning and fast provisioning for the organization vDC.

Edit Organization vDC Network Settings on page 63

You can change the maximum number of provisioned networks in an organization vDC and the network pool from which the networks are provisioned.

Modify an Organization vDC Name and Description

As your vCloud Director installation grows, you might want to assign a more meaningful name or description to an existing organization vDC.

Procedure

1 Click the Manage & Monitor tab and click Organization vDCs in the left pane.

2 Right-click the organization vDC name and select Properties.

VMware, Inc. 61

vCloud Director Administrator's Guide

3 On the General tab, type a new name and description and click OK.

You can use the name and description fields to indicate the vSphere functions available to the organization vDC, for example, vSphere HA.

Edit Organization vDC Allocation Model Settings

You cannot change the allocation model for an organization vDC, but you can change some of the settings of the allocation model that you specified when you created the organization vDC.

Procedure

1 Click the Manage & Monitor tab and click Organization vDCs in the left pane.

2 Right-click the organization vDC name and select Properties.

3 On the Allocation tab, enter the new allocation model settings and click OK.

Option Action

CPU allocation

CPU resources guaranteed

vCPU Speed

Memory allocation

Memory resources guaranteed

Maximum number of VMs

These settings affect only vApps that you start from this point on. vApps that are already running are not affected. The usage information that vCloud Director reports for this organization vDC does not reflect the new settings until all running vApps are stopped and started again.

Enter the maximum amount of CPU, in GHz, to allocate to virtual machines running in the organization vDC. This option is available only for Allocation Pool and Reservation Pool allocation models.

Enter the vCPU speed in GHz. Virtual machines running in the organization vDC are assigned this amount of GHz per vCPU. This option is available only for a Pay-As-You-Go allocation model.

Enter the maximum amount of memory, in GB, to allocate to virtual machines running in the organization vDC. This option is available only for Allocation Pool and Reservation Pool allocation models.

Enter the maximum number of virtual machines that can be created in the organization vDC.

Edit Organization vDC Storage Settings

Fast provisioning requires vCenter Server 5.0 or later and ESXi 5.0 or later hosts. If the provider vDC on which the organization vDC is based contains ESX/ESXi 4.x hosts, you must disable fast provisioning. For information about fast provisioning, see “Fast Provisioning of Virtual Machines,” on page 112.

Procedure

1 Click the Manage & Monitor tab and click Organization vDCs in the left pane.

2 Right-click the organization vDC name and select Properties.

3 Click the Storage tab.

62 VMware, Inc.

Chapter 5 Managing Cloud Resources

4 (Optional) Select Enable thin provisioningto enable thin provisioning for virtual machines in the

organization vDC.

5 (Optional) Select Enable fast provisioningto enable fast provisioning for virtual machines in the

organization vDC.

6 Click OK.

Edit Organization vDC Network Settings

You can change the maximum number of provisioned networks in an organization vDC and the network pool from which the networks are provisioned.

Procedure

1 Click the Manage & Monitor tab and click Organization vDCs in the left pane.

2 Right-click the organization vDC name and select Properties.

3 Click the Network Pool tab.

4 (Optional) Select a network pool from the drop-down menu or select None.

If you select None, you can add a network pool later.

5 (Optional) Enter the maximum number of networks that the organization can provision from the network

pool.

6 Click OK.

Add a Storage Profile to an Organization vDC

Add a storage profile to an organization vDC to support the storage profile for virtual machines on the provider vDC.

Prerequisites

One or more storage profiles must be associated with the provider vDC that backs the organization vDC. See

“Add a Storage Profile to a Provider vDC,” on page 49.

Procedure

1 Click the Manage & Monitor tab and click Organization vDCs in the left pane.

2 Double-click the organization vDC name to open the organization vDC.

3 Click the Storage Profiles tab and click Add.

4 Select a storage profile, click Add and click OK.

Support for the storage profile is added to the organization vDC.

VMware, Inc. 63

vCloud Director Administrator's Guide

Managing External Networks

After you create an external network, you can modify its name, description, and network specification, add IP addresses to its IP address pool, or delete the network.

Modify an External Network Name and Description

As your vCloud Director installation grows, you might want to assign a more descriptive name or description to an existing external network.

Procedure

1 Click the Manage & Monitor tab and click External Networks in the left pane.

2 Right-click the external network name and select Properties.

3 On the Name and Description tab, type a new name and description and click OK.

Modify an External Network Specification

If the network specification for an external network changes, you can modify its network settings.

Procedure

1 Click the Manage & Monitor tab and click External Networks in the left pane.

2 Right-click the external network name and select Properties.

3 On the Network Specification tab, modify the network settings and click OK.

You cannot modify the network mask or default gateway. If you need an external network with a different netmask or gateway, create one.

Add IP Addresses to an External Network IP Pool

If an external network is running out of IP addresses, you can add more addresses to its IP Pool.

Procedure

1 Click the Manage & Monitor tab and click External Networks in the left pane.

2 Right-click the external network name and select Properties.

3 On the Network Specification tab, type an IP address or a range of IP addresses in the text box and click

Add.

4 Click OK.

Delete an External Network

Delete an external network to remove it from vCloud Director.

Prerequisites

Before you can delete an external network, you must delete all of the edge gateways and organization vDC networks that rely on it.

Procedure

1 Click the Manage & Monitor tab and click External Networks in the left pane.

2 Right-click the external network name and select Delete Network.

64 VMware, Inc.

Managing Edge Gateways

An edge gateway provides a routed organization vDC network with connectivity to external networks and can provide services such as load balancing, network address translation, and a firewall.

Edge gateways require vShield Edge 5.1. For more information, see the vShield documentation.

Add an Edge Gateway

An edge gateway provides routing and other services to a routed organization vDC network.

Prerequisites

Verify that you are using vShield 5.1.

Procedure

1 Open the New Edge Gateway Wizard on page 65

Open the New Edge Gateway wizard to start the process of adding an edge gateway to an organization vDC.

2 Select Gateway and IP Configuration Options for a New Edge Gateway on page 66

Configure the edge gateway to connect to one or more physical networks.

Chapter 5 Managing Cloud Resources

3 Select External Networks for a New Edge Gateway on page 66

Select the external networks that the edge gateway can connect to.

4 Configure IP Settings on a New Edge Gateway on page 66

Configure IP settings for external networks on the new edge gateway.

5 Suballocate IP Pools on a New Edge Gateway on page 66

Suballocate into multiple static IP pools the IP pools that the external networks on the edge gateway provide.

6 Configure Rate Limits on a New Edge Gateway on page 67

Configure the inbound and outbound rate limits for each external network on the edge gateway.

7 Configure the Name and Description of a New Edge Gateway on page 67

Enter a name and optional description for the edge gateway.

8 Review the Configuration of a New Edge Gateway on page 67

Review the configuration of an edge gateway before completing the add process.

Open the New Edge Gateway Wizard

Open the New Edge Gateway wizard to start the process of adding an edge gateway to an organization vDC.

Procedure

1 Click the Manage & Monitor tab and click Organization vDCs in the left pane.

2 Double-click the organization vDC name to open the organization vDC.

3 Click the Edge Gateways tab and click the add button.

The New Edge Gateway wizard opens.

VMware, Inc. 65

vCloud Director Administrator's Guide

Select Gateway and IP Configuration Options for a New Edge Gateway

Configure the edge gateway to connect to one or more physical networks.

Procedure

1 Select a gateway configuration for the edge gateway.

Option Description

Compact

Full

2 (Optional) Select Enable High Availability to enable high availability on the edge gateway.

3 (Optional) Select Configure IP Settings to manually configure the external interface's IP address.

4 (Optional) Select Sub-Allocate IP Pools to allocate a set of IP addresses for gateway services to use.

5 (Optional) Select Configure Rate Limits to choose the inbound and outbound rate limits for each

externally connected interface.

6 Click Next.

Requires less memory and compute resources.

Provides increased capacity and performance.

Select External Networks for a New Edge Gateway

Select the external networks that the edge gateway can connect to.

Procedure

1 Select an external network from the list and click Add.

Hold down Ctrl to select multiple networks.

2 Select a network to be the Default Gateway.

3 (Optional) Select Use default gateway for DNS Relay.

4 Click Next.

Configure IP Settings on a New Edge Gateway

Configure IP settings for external networks on the new edge gateway.

This page appears only if you selected Configure IP Settings during gateway configuration.

Procedure

1 Select Manual from the drop-down menu for each external network for which to specify an IP address.

2 Type an IP address for each external network set to Manual and click Next.

Suballocate IP Pools on a New Edge Gateway

Suballocate into multiple static IP pools the IP pools that the external networks on the edge gateway provide.

This page appears only if you selected Sub-Allocate IP Pools during gateway configuration.

Procedure

1 Select an external network and IP pool to suballocate.

2 Type an IP address or range of IP addresses within the IP pool range and click Add.

Repeat this step to add multiple suballocated IP pools.

66 VMware, Inc.

Chapter 5 Managing Cloud Resources

3 (Optional) Select a suballocated IP pool and click Modify to modify the IP address range of the

suballocated IP pool.

4 (Optional) Select a suballocated IP pool and click Remove to remove the suballocated IP pool.

5 Click Next.

Configure Rate Limits on a New Edge Gateway

Configure the inbound and outbound rate limits for each external network on the edge gateway.

This page appears only if you selected Configure Rate Limits during gateway configuration. Rate limits apply only to external networks backed by distributed port groups with static binding.

Procedure

1 Click Enable for each external network on which to enable rate limits.

2 Type the Incoming Rate Limit in gigabits per second for each enabled external network.

3 Type the Outgoing Rate Limit in gigabits per second for each enabled external network and click Next.

Configure the Name and Description of a New Edge Gateway

Enter a name and optional description for the edge gateway.

Procedure

1 Type a Name for the edge gateway.

2 (Optional) Type a Description for the edge gateway.

3 Click Next.

Review the Configuration of a New Edge Gateway

Review the configuration of an edge gateway before completing the add process.

Procedure

1 Review the settings for the new edge gateway and verify they are correct.

2 (Optional) Click Back to make any changes.

3 Click Finish.

Configuring Edge Gateway Services

You can configure services, such as DHCP, firewalls, network address translation (NAT), and VPN for edge gateways. Organization administrators can also configure some network services for their edge gateways.

Configure DHCP for an Edge Gateway

You can configure edge gateways to provide DHCP services to virtual machines connected to associated organization vDC networks.

Prerequisites

System administrators and organization administrators can configure DHCP.

Procedure

1 Click the Manage & Monitor tab and click Organization vDCs in the left pane.

2 Double-click the organization vDC name to open the organization vDC.

VMware, Inc. 67

vCloud Director Administrator's Guide

3 Click the Edge Gateways tab, right-click the edge gateway name and select Edge Gateway Services.

4 Click the DHCP tab and select Enable DHCP.

5 Click Add and type a range of IP addresses.

6 Set the default lease time and maximum lease time or use the default values.

7 Click OK.

vCloud Director updates the edge gateway to provide DHCP services.

NOTE If the DNS settings on a DHCP-enabled edge gateway are changed, the edge gateway no longer provides DHCP services. To correct this issue, disable and reenable DHCP on the edge gateway.

Add a Source NAT rule to an Edge Gateway

A source NAT rule translates the source IP address of outgoing packets on an organization vDC that are being sent to another organization vDC network or an external network.

Procedure

1 Click the Manage & Monitor tab and click Organization vDCs in the left pane.

2 Double-click the organization vDC name to open the organization vDC.

3 Click the Edge Gateways tab, right-click the edge gateway name and select Edge Gateway Services.

4 Click the NAT tab and click Add SNAT.

5 Select an organization vDC network to apply this rule on from the Apply to drop-down menu.

6 Type the original IP address or range of IP addresses to apply this rule on in the Original (Internal) source

IP/range text box.

7 Type the IP address or range of IP addresses to translate the addresses of outgoing packets to in the

Translated (External) source IP/range text box.

8 Select Enabled and click OK.

The IP addresses of outgoing packets on the organization vDC network are translated according to the specifications of the source NAT rule.

Add a Destination NAT rule to an Edge Gateway

A destination NAT rule translates the IP address and port of packets received by an organization vDC network coming from another organization vDC network or an external network.

Procedure

1 Click the Manage & Monitor tab and click Organization vDCs in the left pane.

2 Double-click the organization vDC name to open the organization vDC.

3 Click the Edge Gateways tab, right-click the edge gateway name and select Edge Gateway Services.

4 Click the NAT tab and click Add DNAT.

5 Select an external network or another organization vDC network to apply this rule on from the Apply

to drop-down menu.

6 Type the original IP address or range of IP addresses to apply this rule on in the Original (External)

IP/range text box.

7 Choose the Protocol to apply this rule on from the drop-down menu.

To apply this rule on all protocols, select Any.

68 VMware, Inc.

Chapter 5 Managing Cloud Resources

8 (Optional) Select an Original port to apply this rule to.

9 (Optional) Select an IMCP type to apply this rule to if this rule applies to IMCP.

10 Type the IP address or range of IP addresses for the destination addresses on inbound packets to be

translated to in the Translated (Internal) IP/range text box.

11 (Optional) Select a port for inbound packets to be translated to from the Translated port drop-down menu.

12 Select Enabled, and click OK.

The destination IP address and port are translated according to the destination NAT rule's specifications.

Configure the Firewall for an Edge Gateway

Edge gateways provide firewall protection for incoming and outgoing sessions.

You can set the default firewall action to deny or allow all traffic. You can also add specific firewall rules to allow or deny traffic that matches the rules to pass through the firewall. These rules take precedence over the set default. See “Add a Firewall Rule for an Edge Gateway,” on page 69

System administrators and organization administrators can configure edge gateway firewalls.

Procedure

1 Click the Manage & Monitor tab and click Organization vDCs in the left pane.

2 Double-click the organization vDC name to open the organization vDC.

3 Click the Edge Gateways tab, right-click the edge gateway name, and select Edge Gateway Services.

4 Click the Firewall tab and select Enable firewall to enable firewall services, or deselect it to disable firewall

services.

5 Select the default firewall action.

Option Description

Deny

Allow

Blocks all traffic except when overridden by a firewall rule.

Allows all traffic except when overridden by a firewall rule.

6 (Optional) Select the Log check box to log events related to the default firewall action.

7 Click OK.

Add a Firewall Rule for an Edge Gateway

You can add firewall rules to an edge gateway that supports a firewall. You can create rules to allow or deny traffic that matches the rules to pass through the firewall.

For a firewall rule to be enforced, you must enable the firewall for the edge gateway. See “Configure the Firewall

for an Edge Gateway,” on page 69.

When you add a new firewall rule to an edge gateway, it appears at the bottom of the firewall rule list. For information about setting the order in which firewall rules are enforced, see “Reorder Firewall Rules for an

Edge Gateway,” on page 70.

System administrators and organization administrators can add firewall rules to an edge gateway.

Procedure

1 Click the Manage & Monitor tab and click Organization vDCs in the left pane.

2 Double-click the organization vDC name to open the organization vDC.

3 Click the Edge Gateways tab, right-click the edge gateway name and select Edge Gateway Services.

VMware, Inc. 69

vCloud Director Administrator's Guide

4 Click the Firewall tab and click Add.

5 Type a name for the rule.

6 (Optional) Select Match rule on translated IP to have the rule check against translated IP addresses rather

than original IP addresses and choose a traffic direction to apply this rule on.

7 Type the traffic Source.

Option Description

IP address

Range of IP addresses

CIDR

internal

external

any

8 Select a Source port to apply this rule on from the drop-down menu.

9 Type the traffic Destination.

Option Description

IP address

Range of IP addresses

CIDR

internal

external

any

10 Select the Destination port to apply this rule on from the drop-down menu.

Type a source IP address to apply this rule on.

Type a range of source IP addresses to apply this rule on.

Type the CIDR notation of traffic to apply this rule on.

Apply this rule to all internal traffic.

Apply this rule to all external traffic.

Apply this rule to traffic from any source.

Type a destination IP address to apply this rule on.

Type a range of destination IP addresses to apply this rule on.

Type the CIDR notation of traffic to apply this rule on.

Apply this rule to all internal traffic.

Apply this rule to all external traffic.

Apply this rule to traffic with any destination.

11 Select the Protocol to apply this rule on from the drop-down menu.

12 Select the action.

A firewall rule can allow or deny traffic that matches the rule.

13 Select the Enabled check box.

14 (Optional) Select the Log network traffic for firewall rule check box.

If you enable this option, vCloud Director sends log events to the syslog server for connections affected by this rule. Each syslog message includes logical network and organization UUIDs.

15 Click OK and click OK again.

Reorder Firewall Rules for an Edge Gateway

Firewall rules are enforced in the order in which they appear in the firewall list. You can change the order of the rules in the list.

When you add a new firewall rule to an edge gateway, it appears at the bottom of the firewall rule list. To enforce the new rule before an existing rule, reorder the rules.

Procedure

1 Click the Manage & Monitor tab and click Organization vDCs in the left pane.

2 Double-click the organization vDC name to open the organization vDC.

3 Click the Edge Gateways tab, right-click the edge gateway name and select Edge Gateway Services.

70 VMware, Inc.

Chapter 5 Managing Cloud Resources

4 Click the Firewall tab.

5 Drag the firewall rules to establish the order in which the rules are applied.

6 Click OK.

Enable VPN for an Edge Gateway

You can enable VPN for organization vDCs backed by an edge gateway and create a secure tunnel from one of those organization vDC networks to another network.

vCloud Director supports VPN between organization vDC networks backed by edge gateways and both organization vDC networks in the same organization and remote networks.

System administrators and organization administrators can enable VPN.

Procedure

1 Click the Manage & Monitor tab and click Organization vDCs in the left pane.

2 Double-click the organization vDC name to open the organization vDC.

3 Click the Edge Gateways tab, right-click the edge gateway name and select Edge Gateway Services.

4 Click the VPN tab and select Enable VPN.

5 (Optional) Click Configure Public IPs, type a public IP address, and click OK.

6 Click OK.

What to do next

Create a VPN tunnel between an organization vDC network backed by the edge gateway to another network.

Configure Public IPs for External Networks

You can configure a public IP address for external networks associated with an edge gateway.

Procedure

1 Click the Manage & Monitor tab and click Organization vDCs in the left pane.

2 Double-click the organization vDC name to open the organization vDC.

3 Click the Edge Gateways tab, right-click the edge gateway name and select Edge Gateway Services.

4 Click the VPN tab and click Configure Public IPs.

5 Type an IP address to act as the public IP address for each external network and click OK.

Creating VPN Tunnels on an Edge Gateway

You can create VPN tunnels between organization vDC networks on the same organization, between organization vDC networks on different organizations, and between an organization vDC network and an external network.

vCloud Director does not support multiple VPN tunnels between the same two edge gateways. If there is an existing tunnel between two gateways and you want to add another subnet to the tunnel, delete the existing VPN tunnel and create a new one that includes the new subnet.

Create a VPN Tunnel In an Organization for an Organization vDC Network Backed by an Edge Gateway

You can create a VPN tunnel between an organization vDC network that is backed by edge gateway and another organization vDC in the same organization.

System administrators and organization administrators can create VPN tunnels.

VMware, Inc. 71

vCloud Director Administrator's Guide

If a firewall is between the tunnel endpoints, you must configure it to allow the following IP protocols and UDP ports:

IP Protocol ID 50 (ESP)

IP Protocol ID 51 (AH)

UDP Port 500 (IKE)

UDP Port 4500

Prerequisites

Verify that you have at least two routed organization vDC networks in the organization. One of these networks must be backed by the edge gateway. Both organization vDC networks must have VPN enabled.

Procedure

1 Click the Manage & Monitor tab and click Organization vDCs in the left pane.

2 Double-click the organization vDC name to open the organization vDC.

3 Click the Edge Gateways tab, right-click the edge gateway name. and select Edge Gateway Services.

4 Click the VPN tab and click Add.

5 Type a name and optional description.

6 Select a network in this organization from the drop-down menu and select local and peer networks.

7 Review the tunnel settings and click OK.

vCloud Director configures both peer network endpoints.

Create a VPN Tunnel Between Organizations

You can create a VPN tunnel between two organization vDC networks in different organizations. The organizations can be part of the same vCloud Director installation or a different installation.

Both system administrators and organization administrators can create VPN tunnels.

If there is a firewall between the tunnel endpoints, you must configure it to allow the following IP protocols and UDP ports:

IP Protocol ID 50 (ESP)

IP Protocol ID 51 (AH)

UDP Port 500 (IKE)

UDP Port 4500

Prerequisites

A routed organization vDC network in each of the organizations. The organization vDC networks must have non-overlapping IP subnets and site-to-site VPN enabled.

vShield Manager 5.1.

Procedure

1 Click the Manage & Monitor tab and click Organization vDCs in the left pane.

2 Double-click the organization vDC name to open the organization vDC.

3 Click the Edge Gateways tab, right-click the edge gateway name and select Edge Gateway Services.

4 Click the VPN tab and click Add.

72 VMware, Inc.

Chapter 5 Managing Cloud Resources

5 Type a name and optional description.

6 Select a network in another organization from the drop-down menu.

7 Click Connect to another organization, type the login information for the peer organization, and click

Continue.

Option Description

vCloud URL

Organization

Username

Password

The base URL of the vCloud instance that contains the peer organization. For example, https://www.example.com. Do not include /cloud or /cloud/org/

The organization name that is used as the unique identifier in the organization URL. For example, if the organization URL is https://www.example.com/cloud/org/myOrg, type myOrg.

The user name of an organization administrator or system administrator that has access to the organization.

The password associated with the user name.

orgname

in the URL.

8 Select a peer network.

9 Review the tunnel settings and click Connect.

vCloud Director configures both peer network endpoints.

Create a VPN Tunnel From an Organization vDC Network Backed by an Edge Gateway to a Remote Network

You can create a VPN tunnel between an organization vDC network that is backed by an edge gateway and a remote network.

System administrators and organization administrators can create VPN tunnels.

If a firewall is between the tunnel endpoints, you must configure it to allow the following IP protocols and UDP ports:

IP Protocol ID 50 (ESP)

IP Protocol ID 51 (AH)

UDP Port 500 (IKE)

UDP Port 4500

Prerequisites

Verify that you have a routed remote network that uses IPSec and an organization vDC network backed by an edge gateway.

Procedure

1 Click the Manage & Monitor tab, and click Organization vDCs in the left pane.

2 Double-click the organization vDC name to open the organization vDC.

3 Click the Edge Gateways tab, right-click the edge gateway name, and select Edge Gateway Services.

4 Click the VPN tab and click Add.

5 Type a name and optional description.

6 Select a remote network from the drop-down menu.

7 Select the local organization vDC network.

8 Type the peer settings.

VMware, Inc. 73

vCloud Director Administrator's Guide

9 Review the tunnel settings and click OK.

vCloud Director configures the organization peer network endpoint.

What to do next

Manually configure the remote peer network endpoint. See “Display Peer Settings for a VPN Tunnel to a

Remote Network,” on page 74.

Display Peer Settings for a VPN Tunnel to a Remote Network

After you create a VPN tunnel to a remote network, display the peer settings for the VPN tunnel and configure the remote network according to those settings.

Prerequisites

A VPN tunnel to a remote network. See “Create a VPN Tunnel From an Organization vDC Network Backed

by an Edge Gateway to a Remote Network,” on page 73.

Procedure

1 Click the Manage & Monitor tab and click Organization vDCs in the left pane.

2 Double-click the organization vDC name to open the organization vDC.

3 Click the Edge Gateways tab, right-click the edge gateway name and select Edge Gateway Services.

4 Click the VPN tab.

5 Select the VPN tunnel to display peer settings for, and click Peer settings.

vCloud Director displays the peer settings to configure on the remote network.

What to do next

Configure the displayed peer settings on the remote network.

Edit VPN Settings

You can edit the settings of an existing VPN tunnel.

Prerequisites

A VPN tunnel on the edge gateway. See “Creating VPN Tunnels on an Edge Gateway,” on page 71.

Procedure

1 Click the Manage & Monitor tab and click Organization vDCs in the left pane.

2 Double-click the organization vDC name to open the organization vDC.

3 Click the Edge Gateways tab, right-click the edge gateway name and select Edge Gateway Services.

4 Click the VPN tab.

5 Select the VPN tunnel to display peer settings for, and click Edit.

6 Modify the settings as appropriate and click OK.

74 VMware, Inc.

Chapter 5 Managing Cloud Resources

Enable Static Routing on an Edge Gateway

You can configure an edge gateway to provide static routing services. After you enable static routing on an edge gateway, you can add static routes to allow traffic between vApp networks routed to organization vDC networks backed by the edge gateway.

Procedure

1 Click the Manage & Monitor tab and click Organization vDCs in the left pane.

2 Double-click the organization vDC name to open the organization vDC.

3 Click the Edge Gateways tab, right-click the edge gateway name, and select Edge Gateway Services.

4 On the Static Routing tab, select Enable static routing, and click OK.

What to do next

Create static routes. See “Add Static Routes Between vApp Networks Routed to the Same Organization vDC

Network,” on page 89 and “Add Static Routes Between vApp Networks Routed to Different Organization vDC Networks,” on page 90.

Managing Load Balancer Service on an Edge Gateway

Edge gateways provide load balancing for TCP, HTTP, and HTTPS traffic.

You map an external, or public, IP address to a set of internal servers for load balancing. The load balancer accepts TCP, HTTP, or HTTPS requests on the external IP address and decides which internal server to use. Port 809 is the default listening port for TCP, port 80 is the default port for HTTP, and port 443 is the default port for HTTPS.

Add a Pool Server to an Edge Gateway on page 75

You can add a pool server to manage and share back-end servers flexibly and efficiently. A pool manages health check monitors and load balancer distribution methods.

Edit Pool Server Settings on page 77

You can edit the settings of an existing pool server.

Delete a Pool Server on page 77

You can delete a server pool from an edge gateway.

Add a Virtual Server to an Edge Gateway on page 77

A virtual server is a highly scalable and highly available server built on a cluster of servers called members.

Edit Virtual Server Settings on page 78

You can edit the settings of an existing virtual server.

Delete a Virtual Server on page 78

You can delete a virtual server from an edge gateway.

Add a Pool Server to an Edge Gateway

You can add a pool server to manage and share back-end servers flexibly and efficiently. A pool manages health check monitors and load balancer distribution methods.

Procedure

1 Click the Manage & Monitor tab and click Organization vDCs in the left pane.

2 Double-click the organization vDC name to open the organization vDC.

VMware, Inc. 75

vCloud Director Administrator's Guide

3 Click the Edge Gateways tab, right-click the edge gateway name, and select Edge Gateway Services.

4 On the Load Balancer tab, click Pool Servers and click Add.

5 Type a name and optionally a description for the pool server and clickNext.

6 Click Enable for each service to support.

7 Select a balancing method from the drop-down menu for each enabled service.

Option Description

IP Hash

Round Robin

URI

Least Connected

8 (Optional) Change the default port for each enabled service if necessary.

Selects a server based on a hash of the source and destination IP address of each packet.

Each server is used in turn according to the weight assigned to it. This is the smoothest and fairest algorithm when the server's processing time remains equally distributed.

The left part of the URI (before the question mark) is hashed and divided by the total weight of the running servers. The result designates which server will receive the request. This ensures that a URI is always directed to the same server as long as no server goes up or down.

Distributes client requests to multiple servers based on the number of connections already on the server. New connections are sent to the server with the fewest connections.

9 Click Next.

10 Change the monitor port if required for each service that is to be supported by this pool.

11 Select the health check mode from the drop-down menu for each service.

Option Description

SSL

HTTP

TCP

Tests servers using SSLv3 client hello messages. The server is considered valid only when the response contains server hello messages.

The GET / default method is used to detect server status. Only responses 2xx and 3xx are valid. Other responses (including a lack of response) indicate a server failure.

TCP connection check.

12 (Optional) Change the default health check parameters if necessary.

Option Description

Interval

Timeout

Health Threshold

Unhealth Threshold

Interval at which a server is pinged.

Time within which a response from the server must be received.

Number of consecutive successful health checks before a server is declared operational.

Number of consecutive unsuccessful health checks before a server is declared dead.

13 For HTTP, type the URI referenced in the HTTP ping requests.

14 Click Next.

15 Click Add to add a back-end server to the pool.

16 Type the IP address of the server.

17 Type the weight to indicate the ratio of how many requests are to be served by this back-end server.

18 Change the default port and monitor port for the server if required.

76 VMware, Inc.

Chapter 5 Managing Cloud Resources

19 Click OK.

20 (Optional) Repeat Step 15 through Step 19 to add additional servers.

21 Click Next.

22 Verify that the settings for the pool server are correct and click Finish.

Edit Pool Server Settings

You can edit the settings of an existing pool server.

Prerequisites

There must be an existing pool server on the edge gateway. See “Add a Pool Server to an Edge Gateway,” on page 75

Procedure

1 Click the Manage & Monitor tab and click Organization vDCs in the left pane.

2 Double-click the organization vDC name to open the organization vDC.

3 Click the Edge Gateways tab, right-click the edge gateway name, and select Edge Gateway Services.

4 On the Load Balancer tab, click Pool Servers.

5 Select the pool server to modify and click Edit.

6 Make the appropriate changes and click OK.

Delete a Pool Server

You can delete a server pool from an edge gateway.

Prerequisites

Verify that no virtual servers are using this pool server.

Procedure

1 Click the Manage & Monitor tab and click Organization vDCs in the left pane.

2 Double-click the organization vDC name to open the organization vDC.

3 Click the Edge Gateways tab, right-click the edge gateway name, and select Edge Gateway Services.

4 On the Load Balancer tab, click Pool Servers.

5 Select the pool server and click Delete.

Add a Virtual Server to an Edge Gateway

A virtual server is a highly scalable and highly available server built on a cluster of servers called members.

Prerequisites

The edge gateway must have at least one pool server. See “Add a Pool Server to an Edge Gateway,” on page 75.

Procedure

1 Click the Manage & Monitor tab and click Organization vDCs in the left pane.

2 Double-click the organization vDC name to open the organization vDC.

3 Click the Edge Gateways tab, right-click the edge gateway name, and select Edge Gateway Services.

VMware, Inc. 77

vCloud Director Administrator's Guide

4 On the Load Balancer tab, click Virtual Servers and click Add.

5 Type a name for the virtual server.

6 (Optional) Type a description for the virtual server.

7 Select an external network from the Applied on drop-down menu.

8 Type the IP address of the virtual server.

9 Select a pool from the drop-down menu to be associated with the virtual server.

10 In Services, select Enable for each service to be supported.

11 Change the default Port, Persistence Method, Cookie Name, and Cookie Mode values for each enabled

service as required.

12 Click Enabled to enable the virtual server.

13 (Optional) Click Log network traffic for virtual server.

14 Click OK.

Edit Virtual Server Settings

You can edit the settings of an existing virtual server.

Prerequisites

There must be an existing virtual server on the edge gateway. See “Add a Virtual Server to an Edge

Gateway,” on page 77.

Procedure

1 Click the Manage & Monitor tab and click Organization vDCs in the left pane.

2 Double-click the organization vDC name to open the organization vDC.

3 Click the Edge Gateways tab, right-click the edge gateway name, and select Edge Gateway Services.

4 On the Load Balancer tab, click Virtual Servers.

5 Select the virtual server to modify and click Edit.

6 Make the appropriate changes and click OK.

Delete a Virtual Server

You can delete a virtual server from an edge gateway.

Procedure

1 Click the Manage & Monitor tab and click Organization vDCs in the left pane.

2 Double-click the organization vDC name to open the organization vDC.

3 Click the Edge Gateways tab, right-click the edge gateway name, and select Edge Gateway Services.

4 On the Load Balancer tab, click Virtual Servers.

5 Select the virtual server and click Delete.

Editing Edge Gateway Properties

You can change the settings for an existing edge gateway, including high availability, external network settings, IP pools, and rate limits.

Enable High Availability on an Edge Gateway on page 79

You can configure an edge gateway for high availability.

78 VMware, Inc.

Chapter 5 Managing Cloud Resources

Configure External Networks on an Edge Gateway on page 79

Add or remove external networks connected to an edge gateway.

Configure External Network IP Settings on an Edge Gateway on page 79

Change the IP address for external interfaces on an edge gateway.

Suballocate IP Pools on an Edge Gateway on page 80

Suballocate into multiple static IP pools the IP pools that the external networks on an edge gateway provide.

Configure Rate Limits on an Edge Gateway on page 80

Configure the inbound and outbound rate limits for each external network on the edge gateway.

Enable High Availability on an Edge Gateway

You can configure an edge gateway for high availability.

Procedure

1 Click the Manage & Monitor tab and click Organization vDCs in the left pane.

2 Double-click the organization vDC name to open the organization vDC.

3 Click the Edge Gateways tab, right-click the edge gateway name, and select Properties.

4 Click the General tab and select Enable HA.

Configure External Networks on an Edge Gateway

Add or remove external networks connected to an edge gateway.

Procedure

1 Click the Manage & Monitor tab, and click Organization vDCs in the left pane.

2 Double-click the organization vDC name to open the organization vDC.

3 Click the Edge Gateways tab, right-click the edge gateway name, and select Properties.

4 Click the External Networks tab.

5 (Optional) Select an external network from the top list and click Add to add the external network to the

edge gateway.

Hold down Ctrl to select multiple networks.

6 (Optional) Select an external network from the top list and click Remove to remove the external network

from the edge gateway.

Hold down Ctrl to select multiple networks.

7 Select a network to be the Default Gateway.

8 (Optional) Select Use default gateway for DNS Relay.

9 Click OK.

Configure External Network IP Settings on an Edge Gateway

Change the IP address for external interfaces on an edge gateway.

Procedure

1 Click the Manage & Monitor tab and click Organization vDCs in the left pane.

2 Double-click the organization vDC name to open the organization vDC.

VMware, Inc. 79

vCloud Director Administrator's Guide

3 Click the Edge Gateways tab, right-click the edge gateway name, and select Properties.

4 Click the Configure IP Settings tab.

5 Type a new IP address for each external network to modify, and click OK.

Suballocate IP Pools on an Edge Gateway

Suballocate into multiple static IP pools the IP pools that the external networks on an edge gateway provide.

Procedure

1 Click the Manage & Monitor tab and click Organization vDCs in the left pane.

2 Double-click the organization vDC name to open the organization vDC.

3 Click the Edge Gateways tab, right-click the edge gateway name, and select Properties.

4 Click the Sub-Allocate IP Pools tab.

5 Select an external network and IP pool to suballocate.

6 (Optional) Type an IP address or range of IP addresses within the IP pool range and click Add to add a

suballocated IP pool.

7 (Optional) Select a suballocated IP pool and click Modify to modify the IP address range of the

suballocated IP pool.

8 (Optional) Select a suballocated IP pool and click Remove to remove the suballocated IP pool.

9 Click OK.

Configure Rate Limits on an Edge Gateway

Configure the inbound and outbound rate limits for each external network on the edge gateway.

Rate limits apply only to external networks backed by distributed port groups with static binding.

Procedure

1 Click the Manage & Monitor tab, and click Organization vDCs in the left pane.

2 Double-click the organization vDC name to open the organization vDC.

3 Click the Edge Gateways tab, right-click the edge gateway name, and select Properties.

4 Click the Configure Rate Limits tab.

5 Click Enable for each external network on which to enable rate limits.

6 Type the Incoming Rate Limit in gigabits per second for each enabled external network.

7 Type the Outgoing Rate Limit in gigabits per second for each enabled external network, and click OK.

Delete an Edge Gateway

You can delete an edge gateway to remove it from the organization vDC.

Prerequisites

Delete any organization vDC networks that the edge gateway backs.

Procedure

1 Click the Manage & Monitor tab and click Organization vDCs in the left pane.

2 Double-click the organization vDC name to open the organization vDC.

3 Click the Edge Gateways tab, right-click the edge gateway name, and select Delete.

80 VMware, Inc.

Chapter 5 Managing Cloud Resources

View IP Use for an Edge Gateway

You can view a list of IP addresses that external interfaces on an edge gateway are currently using.

Procedure

1 Click the Manage & Monitor tab and click Organization vDCs in the left pane.

2 Double-click the organization vDC name to open the organization vDC.

3 Click the Edge Gateways tab, right-click the edge gateway name, and select External IP Allocations.

Apply Syslog Server Settings to an Edge Gateway

You can apply syslog server settings to an edge gateway to enable firewall rule logging.

Apply syslog server settings to any edge gateway that was created before the initial creation of those settings. Apply the syslog server settings to an edge gateway any time the settings are changed.

Procedure

1 Click the Manage & Monitor tab and click Organization vDCs in the left pane.

2 Double-click the organization vDC name to open the organization vDC.

3 Click the Edge Gateways tab, right-click the edge gateway name, and select Synchronize syslog server

settings.

4 Click Yes.

Managing Organization vDC Networks

System administrators and organization administrators can add, delete, and modify routed and isolated organization vDC networks. Only a system administrator can add, delete, and modify a direct organization vDC network.

Adding Networks to an Organization vDC

Add a network to an organization vDC to enable its virtual machines to communicate with each other or to provide access to the Internet. A single organization vDC can have multiple networks.

VMware, Inc. 81

vCloud Director Administrator's Guide

Table 5-5. Types of Organization vDC Networks and Their Requirements

Organization vDC Network Type Description Requirements

External organization vDC network - direct connection

External organization vDC network - NAT-routed connection

Internal organization vDC network

Accessible by multiple organizations. Virtual machines belonging to different organizations can connect to and see traffic on this network.

This network provides direct layer 2 connectivity to machines outside of the organization. Virtual machines outside of this organization can connect to virtual machines within the organization directly.

Accessible only by this organization. Only virtual machines within this organization can connect to this network.

This network also provides controlled access to an external network. System administrators and organization administrators can configure network address translation (NAT) and firewall settings to make specific virtual machines accessible from the external network.

On the Org vDC Networks tab, NAT-routed networks display a gateway address.

Accessible only by this organization. Only virtual machines within this organization can connect to and see traffic on this network.

This network provides an organization with an isolated, private network that multiple vApps can connect to. This network provides no connectivity to virtual machines outside this organization. Machines outside of this organization have no connectivity to machines within the organization.

On the Org vDC Networks tab, internal networks do not display an associated gateway address.

External network

vSphere Edge 5.1 and an edge gateway

Network pool

Create an External Direct Organization vDC Network

You can create an external direct organization vDC network that multiple organizations can access. You typically use the external network to connect to the Internet. The organization connects directly to this network.

Prerequisites

An external network.

Procedure

1 Click the Manage & Monitor tab and click Organization vDCs in the left pane.

2 Double-click the organization vDC name to open the organization vDC.

3 Click the Org vDC Networks tab and click Add Network.

4 Select Connect directly to an external network.

5 Select an external network and click Next.

6 Type a name and optional description.

7 (Optional) Select Share this network with other vDCs in the organization to make the organization vDC

network available to other organization vDCs in the organization.

8 Click Next.

82 VMware, Inc.

Chapter 5 Managing Cloud Resources

9 Review the settings for the organization vDC network.

Click Finish to accept the settings and create the organization vDC network, or click Back to modify the settings.

Create an External Routed Organization vDC Network

You can create an external routed organization vDC network that only this organization can access.

Prerequisites

Verify that you have vShield Edge 5.1 and an edge gateway on your organization vDC.

Procedure

1 Click the Manage & Monitor tab and click Organization vDCs in the left pane.

2 Double-click the organization vDC name to open the organization vDC.

3 Click the Org vDC Networks tab and click Add Network.

4 Select Create a routed network by connecting to an existing edge gateway.

5 Select an edge gateway and click Next.

6 Type a Gateway address and Network mask for the organization vDC network.

7 (Optional) Select Use gateway DNS to use the DNS relay of gateway.

This option is available only if the gateway has DNS relay enabled.

8 (Optional) Enter DNS settings to use DNS.

9 (Optional) Enter an IP address or range of IP addresses and click Add to create a static IP pool.

Repeat this step to add multiple static IP pools.

10 Click Next.

11 Type a name and optional description.

12 (Optional) Select Share this network with other vDCs in the organization to make the organization vDC

network available to other organization vDCs in the organization.

13 Click Next.

14 Review the settings for the organization vDC network.

Click Finish to accept the settings and create the organization vDC network, or click Back to modify the settings.

Create an Internal Organization vDC Network

You can create an internal organization vDC network that only this organization can access. The new network provides the organization with an internal network to which multiple vApps can connect.

Prerequisites

Verify that you have a network pool.

Procedure

1 Click the Manage & Monitor tab and click Organization vDCs in the left pane.

2 Double-click the organization vDC name to open the organization vDC.

3 Click the Org vDC Networks tab and click Add Network.

4 Select Create an isolated network within this virtual datacenter and click Next.

VMware, Inc. 83

vCloud Director Administrator's Guide

5 Type a Gateway address and Network mask for the organization vDC network.

6 (Optional) Select Use gateway DNS to use the DNS relay of gateway.

This option is available only if the gateway has DNS relay enabled.

7 (Optional) Enter DNS settings to use DNS.

8 (Optional) Enter an IP address or range of IP addresses and click Add to create a static IP pool.

Repeat this step to add multiple static IP pools.

9 Click Next.

10 Type a name and optional description.

11 (Optional) Select Share this network with other vDCs in the organization to make the organization vDC

network available to other organization vDCs in the organization.

12 Click Next.

13 Review the settings and click Finish to accept the settings.

An organization vDC network is created.

Configuring Organization vDC Network Services

You can configure services, such as DHCP, firewalls, network address translation (NAT), and VPN for certain organization vDC networks. Organization administrators can also configure some network services for their organization vDC networks.

Table 5-6 lists the network services that vCloud Director provides to each type of organization vDC network.

Table 5-6. Network Services Available by Network Type

Network Type DHCP Firewall NAT VPN

External organization vDC network direct connection

External organization vDC network routed connection

Internal organization vDC network X

X X X X

Configure DHCP for an Organization vDC Network

You can configure certain organization vDC networks to provide DHCP services to virtual machines in the organization.

vCloud Director assigns a DHCP IP address to a virtual machine when you power it on if you performed the following tasks:

Enabled DHCP for an organization vDC network

Connected to that network a NIC on a virtual machine in the organization

Selected DHCP as the IP mode for that NIC

System administrators and organization administrators can configure DHCP.

Prerequisites

Verify that you have a routed organization vDC network or an internal organization vDC network.

Procedure

1 Click the Manage & Monitor tab and click Organization vDCs in the left pane.

84 VMware, Inc.

Chapter 5 Managing Cloud Resources

2 Double-click the organization vDC name to open the organization vDC.

3 Click the Org vDC Networks tab, right-click the organization vDC network name, and select Configure

Services.

4 Click the DHCP tab and select Enable DHCP.

5 Type a range of IP addresses or use the default range.

vCloud Director uses these addresses to satisfy DHCP requests. The range of DHCP IP addresses cannot overlap with the static IP pool for the organization vDC network.

6 Set the default lease time and maximum lease time or use the default values.

7 Click OK.

vCloud Director updates the network to provide DHCP services.

Enable the Firewall for an Organization vDC Network

You can configure certain organization vDC networks to provide firewall services. You can enable the firewall on an organization vDC network to enforce firewall rules on incoming traffic, outgoing traffic, or both.

You can deny all incoming traffic, deny all outgoing traffic, or both. You can also add specific firewall rules to allow or deny traffic that matches the rules to pass through the firewall. These rules take precedence over the generic rules to deny all incoming or outgoing traffic. See “Add a Firewall Rule for an Organization vDC

Network,” on page 85.

System administrators and organization administrators can enable firewalls.

Prerequisites

Verify that you have an external routed organization vDC network.

Procedure

1 Click the Manage & Monitor tab and click Organization vDCs in the left pane.

2 Double-click the organization vDC name to open the organization vDC.

3 Click the Org vDC Networks tab, right-click the organization vDC network name, and select Configure

Services.

4 Click the Firewall tab and select Enable firewall.

5 Select the default firewall action.

6 (Optional) Select the Log check box to log events related to the default firewall action.

7 Click OK.

Add a Firewall Rule for an Organization vDC Network

You can add firewall rules to an organization vDC network that supports a firewall. You can create rules to allow or deny traffic that matches the rules to pass through the firewall.

For a firewall rule to be enforced, you must enable the firewall for the organization vDC network. See “Enable

the Firewall for an Organization vDC Network,” on page 85.

When you add a new firewall rule to an organization vDC network, it appears at the bottom of the firewall rule list. For information about setting the order in which firewall rules are enforced, see “Reorder Firewall

Rules for an Organization vDC Network,” on page 86.

System administrators and organization administrators can add firewall rules.

VMware, Inc. 85

vCloud Director Administrator's Guide

Prerequisites

Verify that you have an external NAT-routed organization vDC network.

Procedure

1 Click the Manage & Monitor tab and click Organization vDCs in the left pane.

2 Double-click the organization vDC name to open the organization vDC.

3 Click the Org vDC Networks tab, right-click the organization vDC network name, and select Configure

Services.

4 Click the Firewall tab and click Add.

5 Type a name for the rule.

6 Select the traffic direction.

7 Type the source IP address and select the source port.

For incoming traffic, the source is the external network. For outgoing traffic, the source is the organization vDC network.

8 Type the destination IP address and select the destination port.

For incoming traffic, the destination is the organization vDC network. For outgoing traffic, the destination is the external network.

9 Select the protocol and action.

A firewall rule can allow or deny traffic that matches the rule.

10 Select the Enabled check box.

11 (Optional) Select the Log network traffic for firewall rule check box.

If you enable this option, vCloud Director sends log events to the syslog server for connections affected by this rule. Each syslog message includes logical network and organization UUIDs.

12 Click OK and click OK again.

Reorder Firewall Rules for an Organization vDC Network

Firewall rules are enforced in the order in which they appear in the firewall list. You can change the order of the rules in the list.

When you add a new firewall rule to an organization vDC network, it appears at the bottom of the firewall rule list. To enforce the new rule before an existing rule, reorder the rules.

Prerequisites

Verify that you have a routed organization vDC network with two or more firewall rules.

Procedure

1 Click the Manage & Monitor tab and click Organization vDCs in the left pane.

2 Double-click the organization vDC name to open the organization vDC.

3 Click the Org vDC Networks tab, right-click the organization vDC network name and select Configure

Services.

4 Click the Firewall tab.

5 Drag the firewall rules to establish the order in which the rules are applied.

6 Click OK.

86 VMware, Inc.

Chapter 5 Managing Cloud Resources

Enable VPN for an Organization vDC Network

You can enable VPN for an organization vDC network and create a secure tunnel to another network.

vCloud Director supports VPN between organization vDC networks in the same organization, organization vDC networks in different organizations (including organization vDC networks in different instances of vCloud Director), and remote networks.

System administrators and organization administrators can enable VPN.

Prerequisites

An external routed organization vDC network.

vShield Manager 5.1.

Procedure

1 Click the Manage & Monitor tab and click Organization vDCs in the left pane.

2 Double-click the organization vDC name to open the organization vDC.

3 Click the Org vDC Networks tab, right-click the organization vDC network name, and select Configure

Services.

4 Click the VPN tab and select Enable VPN.

5 (Optional) Type a public IP address.

6 Click OK.

What to do next

Create a VPN tunnel to another network.

Create a VPN Tunnel Within an Organization

You can create a VPN tunnel between two organization vDC networks in the same organization.

Both system administrators and organization administrators can create VPN tunnels.

If a firewall is between the tunnel endpoints, you must configure it to allow the following IP protocols and UDP ports:

IP Protocol ID 50 (ESP)

IP Protocol ID 51 (AH)

UDP Port 500 (IKE)

UDP Port 4500

Prerequisites

At least two routed organization vDC networks with non-overlapping IP subnets and VPN enabled on both networks.

vShield Manager 5.1.

Procedure

1 Click the Manage & Monitor tab and click Organization vDCs in the left pane.

2 Double-click the organization vDC name to open the organization vDC.

3 Click the Org vDC Networks tab, right-click the organization vDC network name, and select Configure

Services.

VMware, Inc. 87

vCloud Director Administrator's Guide

4 Click the VPN tab and click Add.

5 Type a name and optional description.

6 Select a network in this organization from the drop-down menu and select a peer network.

7 Review the tunnel settings and click OK.

vCloud Director configures both peer network endpoints.

Create a VPN Tunnel to a Remote Network

You can create a VPN tunnel between an organization vDC network and a remote network.

System administrators and organization administrators can create VPN tunnels.

If a firewall is between the tunnel endpoints, you must configure it to allow the following IP protocols and UDP ports:

IP Protocol ID 50 (ESP)

IP Protocol ID 51 (AH)

UDP Port 500 (IKE)

UDP Port 4500

Prerequisites

A routed organization vDC network and a routed remote network that uses IPSec.

vShield Manager 5.1.

Procedure

1 Click the Manage & Monitor tab and click Organization vDCs in the left pane.

2 Double-click the organization vDC name to open the organization vDC.

3 Click the Org vDC Networks tab, right-click the organization vDC network name and select Configure

Services.

4 Click the VPN tab and click Add.

5 Type a name and optional description.

6 Select a remote network from the drop-down menu.

7 Type the peer settings.

8 Review the tunnel settings and click OK.

vCloud Director configures the organization peer network endpoint.

What to do next

Manually configure the remote peer network endpoint.

Enable Static Routing for an Organization vDC Network

You can configure certain organization vDC networks to provide static routing services. After you enable static routing on an organization vDC network, you can add static routes to allow traffic between different vApp networks routed to the organization vDC network.

Prerequisites

Verify that you have a routed organization vDC network.

88 VMware, Inc.

Chapter 5 Managing Cloud Resources

Procedure

1 Click the Manage & Monitor tab and click Organization vDCs in the left pane.

2 Double-click the organization vDC name to open the organization vDC.

3 Click the Org vDC Networks tab, right-click the organization vDC network name, and select Configure

Services.

4 On the Static Routing tab, select Enable static routing and click OK.

What to do next

Create static routes. See “Add Static Routes Between vApp Networks Routed to the Same Organization vDC

Network,” on page 89 and “Add Static Routes Between vApp Networks Routed to Different Organization vDC Networks,” on page 90.

Add Static Routes Between vApp Networks Routed to the Same Organization vDC Network

You can add static routes between two vApp networks that are routed to the same organization vDC network. Static routes allow traffic between the networks.

Static routes function only when the vApps included in the routes are running. If you perform any of the following operations on a vApp that includes static routes, the static routes no longer function and you must remove them manually.

Change the parent network of a vApp

Delete a vApp

Delete a vApp network

Prerequisites

Verify that the networks have the following configurations:

vShield Manager 5.1 is installed.

A routed organization vDC network.

Static routing is enabled on the organization vDC network.

Two vApp networks are routed to the organization vDC network.

The vApp networks are in vApps that were started at least once.

Procedure

1 Click the Manage & Monitor tab and click Organization vDCs in the left pane.

2 Double-click the organization vDC name to open the organization vDC.

3 Click the Org vDC Networks tab, right-click the organization vDC network name and select Configure

Services.

4 On the Static Routing tab, click Add.

5 Type a name, network address, and next hop IP.

The network address is for the first vApp network to which to add a static route. The next hop IP is the external IP address of that vApp network's router.

6 Select Within this network and click OK.

VMware, Inc. 89

vCloud Director Administrator's Guide

7 Click OK.

8 Repeat steps Step 4 through Step 7 to add a route to the second vApp network.

Example: Static Routing Example

vApp Network 1 and vApp Network 2 are both routed to Org vDC Network Shared. You can create static routes on the organization vDC network to allow traffic between the vApp networks. You can use information about the vApp networks to create the static routes.

Table 5-7. Network Information

Network Name Network Specification Router External IP Address

vApp Network 1 192.168.1.0/24 192.168.0.100

vApp Network 2 192.168.2.0/24 192.168.0.101

Org vDC Network Shared 192.168.0.0/24 NA

On Org vDC Network Shared, create a static route to vApp Network 1 and another static route to vApp Network 2.

Table 5-8. Static Routing Settings

Static Route to Network Route Name Network Next Hop IP Address Route

vApp Network 1 tovapp1 192.168.1.0/24 192.168.0.100 Within this network

vApp Network 2 tovapp2 192.168.2.0/24 192.168.0.101 Within this network

What to do next

Create firewall rules to allow traffic on the static routes. See “Add a Firewall Rule for an Organization vDC

Network,” on page 85.

Add Static Routes Between vApp Networks Routed to Different Organization vDC Networks

An organization administrator can add static routes between two vApp networks that are routed to different organization vDC networks. Static routes allow traffic between the networks.

You cannot add static routes between overlapping networks or fenced vApps. After you add a static route to an organization vDC network, configure the network firewall rules to allow traffic on the static route. For vApps with static routes, select the Always use assigned IP addresses until this vApp or associated networks are deleted check box.

Static routes function only when the vApps included in the routes are running. If a vApp includes static routes and you perform the following operations, the static routes cannot function and you must remove them manually.

Change the parent network of the vApp

Delete a vApp

Delete a vApp network

Prerequisites

Verify that vCloud Director has the following configurations:

vShield Manager 5.1.

Two organization vDC networks routed to the same external network.

Static routing is enabled on both organization vDC networks.

90 VMware, Inc.

Chapter 5 Managing Cloud Resources

A vApp network is routed to each organization vDC network.

The vApp networks are in vApps that were started at least once.

Procedure

1 Click the Manage & Monitor tab and click Organization vDCs in the left pane.

2 Double-click the organization vDC name to open the organization vDC.

3 Click the Org vDC Networks tab, right-click the organization vDC network name, and select Configure

Services.

4 On the Static Routing tab, click Add.

5 Type a name, network address, and next hop IP address.

The network address is for the vApp network to which to add a static route. The next hop IP address is the external IP address of the router for the organization vDC network to which that vApp network is routed.

6 Select To external network and click OK.

7 Click Add.

8 Type a name, network address, and next hop IP address.

The network address is for the vApp network that is routed to this organization vDC network. The next hop IP address is the external IP address of the router for that vApp network.

9 Select Within this network and click OK.

10 Repeat steps Step 4 through Step 9 to add static routes to the second organization vDC network.

Example: Static Routing Example

vApp Network 1 is routed to Org vDC Network 1. vApp Network 2 is routed to Org vDC Network 2. You can create static routes on the organization vDC networks to allow traffic between the vApp networks. You can use information about the vApp networks and organization vDC networks to create the static routes.

Table 5-9. Network Information

Network Name Network Specification Router External IP Address

vApp Network 1 192.168.1.0/24 192.168.0.100

vApp Network 2 192.168.11.0/24 192.168.10.100

Org vDC Network 1 192.168.0.0/24 10.112.205.101

Org vDC Network 2 192.168.10.0/24 10.112.205.100

On Org vDC Network 1, create a static route to vApp Network 2 and another static route to vApp Network 1. On Org vDC Network 2, create a static route to vApp Network 1 and another static route to vApp Network 2.

Table 5-10. Static Routing Settings for Org vDC Network 1

Static Route to Network Route Name Network Next Hop IP Address Route

vApp Network 2 tovapp2 192.168.11.0/24 10.112.205.100 To external network

vApp Network 1 tovapp1 192.168.1.0/24 192.168.0.100 Within this network

VMware, Inc. 91

vCloud Director Administrator's Guide

Table 5-11. Static Routing Settings for Org vDC Network 2

Static Route to Network Route Name Network Next Hop IP Address Route

vApp Network 1 tovapp1 192.168.1.0/24 10.112.205.101 To external network

vApp Network 2 tovapp2 192.168.11.0/24 192.168.10.100 Within this network

What to do next

Create firewall rules to allow traffic on the static routes. See “Add a Firewall Rule for an Organization vDC

Network,” on page 85.

Reset an Organization vDC Network

If the network services that are associated with an organization vDC network are not working as expected, you can reset the network. Network services include DHCP settings, firewall settings, and so on.

Before you delete a provider vDC, reset the organization vDC networks that depend on it.

No network services are available while an organization vDC network resets.

Prerequisites

Verify that you have a routed organization vDC network or an internal organization vDC network.

Procedure

1 Click the Manage & Monitor tab and click Organization vDCs in the left pane.

2 Double-click the organization vDC name to open the organization vDC.

3 Click the Org vDC Networks tab, right-click the organization vDC network name, and select Reset

Network.

4 Click Yes.

View vApps and vApp Templates That Use an Organization vDC Network

You can view a list of the all the vApps and vApp templates that include virtual machines with a NIC connected to an organization vDC network. You cannot delete an organization vDC network with connected vApps or vApp templates.

Procedure

1 Click the Manage & Monitor tab and click Organization vDCs in the left pane.

2 Double-click the organization vDC name to open the organization vDC.

3 Click the Org vDC Networks tab, right-click the organization vDC network name and select Connected

vApps.

4 Click OK.

Delete an Organization vDC Network

You can delete an organization vDC network to remove it from the organization vDC.

Prerequisites

Verify that no virtual machines are connected to the organization vDC network. See “View vApps and vApp

Templates That Use an Organization vDC Network,” on page 92.

92 VMware, Inc.

Chapter 5 Managing Cloud Resources

Procedure

1 Click the Manage & Monitor tab and click Organization vDCs in the left pane.

2 Double-click the organization vDC name to open the organization vDC.

3 Click the Org vDC Networks tab, right-click the organization vDC network name, and select Delete.

View IP Use for an Organization vDC Network

You can view a list of IP addresses that are currently in use in an organization vDC network IP pool.

Procedure

1 Click the Manage & Monitor tab and click Organization vDCs in the left pane.

2 Double-click the organization vDC name to open the organization vDC.

3 Click the Org vDC Networks tab, right-click the organization vDC network name, and select IP

Allocations.

Editing Organization vDC Network Properties

You can edit the properties of an existing organization vDC network, including the network name and description, IP addresses, and DNS settings.

Add IP Addresses to an Organization vDC Network IP Pool on page 93

If an organization vDC network is running out of IP addresses, you can add more addresses to its IP Pool.

Modify an Organization vDC Network Name and Description on page 94

As your vCloud Director installation increases, you might want to assign a more descriptive name or description to an existing organization vDC network.

Modify an Organization vDC Network DNS Settings on page 94

You can change the DNS settings for certain types of organization vDC networks.

Add IP Addresses to an Organization vDC Network IP Pool

If an organization vDC network is running out of IP addresses, you can add more addresses to its IP Pool.

Prerequisites

Verify that you have a routed organization vDC network or an internal organization vDC network.

Procedure

1 Click the Manage & Monitor tab and click Organization vDCs in the left pane.

2 Double-click the organization vDC name to open the organization vDC.

3 Click the Org vDC Networks tab, right-click the organization vDC network name, and select Properties.

4 Click the Network Specification tab, type an IP address or a range of IP addresses in the text box, and

click Add.

5 Click OK.

VMware, Inc. 93

vCloud Director Administrator's Guide

Modify an Organization vDC Network Name and Description

As your vCloud Director installation increases, you might want to assign a more descriptive name or description to an existing organization vDC network.

Procedure

1 Click the Manage & Monitor tab and click Organization vDCs in the left pane.

2 Double-click the organization vDC name to open the organization vDC.

3 Click the Org vDC Networks tab, right-click the organization vDC network name, and select Properties.

4 Type a new name and optional description and click OK.

Modify an Organization vDC Network DNS Settings

You can change the DNS settings for certain types of organization vDC networks.

Prerequisites

Verify that you have a routed organization vDC network or an internal organization vDC network.

Procedure

1 Click the Manage & Monitor tab and click Organization vDCs in the left pane.

2 Double-click the organization vDC name to open the organization vDC.

3 Click the Org vDC Networks tab, right-click the organization vDC network name, and select Properties.

4 Click the Network Specification tab, type the new DNS information, and click OK.

Managing Network Pools

After you create a network pool, you can modify its name or description or delete it. Depending on the type of network pool, you can also add port groups, Cloud isolated networks, and VLAN IDs.

Modify a Network Pool Name and Description

As your vCloud Director installation grows, you might want to assign a more descriptive name or description to an existing network pool.

Procedure

1 Click the Manage & Monitor tab and then click Network Pools in the left pane.

2 Right-click the network pool name and select Properties.

3 On the General tab, type a new name or description and click OK.

Add a Port Group to a Network Pool

You can add port groups to a network pool that is backed by port groups.

Prerequisites

Verify that you have a network pool that is backed by a port group

Verify that you have an available port group in vSphere

Procedure

1 Click the Manage & Monitor tab and click Network Pools in the left pane.

94 VMware, Inc.

Chapter 5 Managing Cloud Resources

2 Right-click the network pool name and select Properties.

3 On the Network Pool Settings tab, select a port group, click Add, and click OK.

Add Cloud Isolated Networks to a Network Pool

You can add Cloud isolated networks to a VCD network isolation-backed network pool.

Prerequisites

A VCD network isolation-backed network pool

Procedure

1 Click the Manage & Monitor tab and click Network Pools in the left pane.

2 Right-click the network pool name and select Properties.

3 On the Network Pool Settings tab, type the number of VCD isolated networks and click OK.

Add VLAN IDs to a Network Pool

You can add VLAN IDs to a network pool that is backed by a VLAN.

Prerequisites

Verify that your system includes the following items:

A network pool that is backed by a VLAN

Available VLAN IDs in vSphere

Procedure

1 Click the Manage & Monitor tab and click Network Pools in the left pane.

2 Right-click the network pool name and select Properties.

3 On the Network Pool Settings tab, type a VLAN ID range and click Add.

4 Select a vSphere distributed switch and click OK.

Delete a Network Pool

Delete a network pool to remove it from vCloud Director.

Prerequisites

Verify that the following conditions exist:

No organization vDC is associated with the network pool.

No vApps use the network pool

No organization vDC networks use the network pool.

Procedure

1 Click the Manage & Monitor tab and click Network Pools in the left pane.

2 Right-click the network pool name and select Delete.

3 Click Yes.

VMware, Inc. 95

vCloud Director Administrator's Guide

Managing Cloud Cells

You manage cloud cells mostly from the vCloud Director server host on which the cell resides, but you can delete a cloud cell from the vCloud Director Web console.

Table 5-12 lists the basic commands for controlling a cloud cell.

Table 5-12. Cloud Cell Commands

Command Description

service vmware-vcd start

service vmware-vcd restart

service vmware-vcd stop

When you stop a cell, you may want to display a maintenance message to users that attempt to access that cell using a browser or the vCloud API. See “Turn On Cloud Cell Maintenance Message,” on page 96.

Adding Cloud Cells

To add cloud cells to a vCloud Director installation, install the vCloud Director software on additional Cloud Director server hosts in the same vCloud Director cluster.

Starts the cell

Restarts the cell

Stops the cell

For more information, see the VMware vCloud Director Installation and Configuration Guide.

Delete a Cloud Cell

If you want to remove a cloud cell from your vCloud Director installation, in order to reinstall the software, or for some other reason, you can delete the cell.

You can also delete a cell if it becomes unreachable.

Prerequisites

You must stop the cell using the service vmware-vcd stop command.

Procedure

1 Click the Manage & Monitor tab and click Cloud Cells in the left pane.

2 Right-click the cell name and select Delete.

vCloud Director removes information about the cell from its database.

Turn On Cloud Cell Maintenance Message

If you want to stop a cell and let users know that you are performing maintenance, you can turn on the maintenance message.

When the maintenance message is turned on, users who try to log in to the cell from a browser see a message stating that the cell is unavailable because of maintenance. Users who try to reach the cell using the vCloud API receive a similar message.

Procedure

1 Stop the cell by running the service vmware-vcd stop command.

2 Run the /opt/vmware/vcloud-director/bin/vmware-vcd-cell maintenance command.

Users cannot access the cell by using a browser or the vCloud API.

96 VMware, Inc.

Chapter 5 Managing Cloud Resources

Turn Off Cloud Cell Maintenance Message

When you finish performing maintenance on a cell and are ready to restart the cell, you can turn off the maintenance message.

Procedure

1 Run the /opt/vmware/vcloud-director/bin/vmware-vcd-cell stop command.

2 Start the cell by running the service vmware-vcd start command.

Users can now access the cell by using a browser or the vCloud API.

VMware, Inc. 97

vCloud Director Administrator's Guide

98 VMware, Inc.

Managing vSphere Resources 6

After you add vSphere resources to the vCloud Director system, you can perform some management functions from vCloud Director. You can also use the vSphere Client to manage these resources.

vSphere resources include vCenter servers, resource pools, ESX/ESXi hosts, datastores, and network switches and ports.

This chapter includes the following topics:

“Managing vSphere vCenter Servers,” on page 99

“Managing vSphere ESX/ESXi Hosts,” on page 101

“Managing vSphere Datastores,” on page 102

“Managing Stranded Items,” on page 103

Managing vSphere vCenter Servers

After you attach a vCenter Server to vCloud Director, you can modify its settings, reconnect to the vCenter Server, and enable or disable it.

Register vCloud Director with a vCenter Server

You can register vCloud Director with the vCenter Servers it uses.

After you register vCloud Director, it appears as an extension in the vSphere Client Soultions Manager tab. In addition, the vSphere Client sets the Managed By property for vCloud Director-managed virtual machines, which protects those virtual machines from being modified using the vSphere Client.

Procedure

1 Click the Manage & Monitor tab and click vCenters in the left pane.

2 Right-click the vCenter Server name and select Refresh.

3 Click Yes.

Modify vCenter Server Settings

If the connection information for a vCenter Server changes, or if you want to change how its name or description appears in vCloud Director, you can modify its settings.

Procedure

1 Click the Manage & Monitor tab and click vCenters in the left pane.

2 Right-click the vCenter Server name and select Properties.

VMware, Inc.

vCloud Director Administrator's Guide

3 On the General tab, type the new settings and click OK.

Reconnect a vCenter Server

If vCloud Director loses it connection to a vCenter Server, or if you change the connection settings, you can try to reconnect.

Procedure

1 Click the Manage & Monitor tab and click vCenters in the left pane.

2 Right-click the vCenter Server name and select Reconnect vCenter.

3 Read the informational message and click Yes to confirm.

Enable or Disable a vCenter Server

You can disable a vCenter Server to perform maintenance.

Procedure

1 Click the Manage & Monitor tab and click vCenters in the left pane.

2 Right-click the vCenter Server name and select Disable or Enable.

3 Click Yes.

Remove a vCenter Server

You can remove a vCenter Server to stop using its resources with vCloud Director.

Prerequisites

Before you can remove a vCenter server, you must disable it and delete all of the provider vDCs that use its resource pools.

Procedure

1 Click the Manage & Monitor tab and click vCenters in the left pane.

2 Right-click the vCenter Server name and select Detach.

3 Click Yes.

Prepare and Upgrade a vCenter Server Attached to vCloud Director

Before you upgrade a vCenter Server that is attached to vCloud director, you must prepare the server by disabling it in vCloud Director.

Familiarize yourself with the vSphere Upgrade documentation.

Procedure

1 In the vCloud Director web console, click the Manage & Monitor tab and click vCenters in the left pane.

2 Right-click the vCenter Server name and select Disable.

3 Click Yes.

4 Upgrade vCenter Server.

5 In the vCloud Director web console, right-click the vCenter Server name and select Enable.

6 Click Yes.

100 VMware, Inc.

VMware vCloud Director - 5.1 Administrator’s Guide

Specifications and Main Features

Frequently Asked Questions

User Manual

Contents

vCloud Director Administrator's Guide

Updated Information

Getting Started with vCloud Director 1

Overview of vCloud Director Administration

Log In to the Web Console

Preparing the System

Create a Microsoft Sysprep Deployment Package

Replace a Microsoft Sysprep Deployment Package

Replace SSL Certificates

Set User Preferences

Adding Resources to vCloud Director 2

Adding vSphere Resources

Attach a vCenter Server

Open the Attach New vCenter Wizard

Provide vCenter Server Connection and Display Information

Connect to vShield Manager

Confirm Settings and Attach the vCenter Server

Assign a vShield License Key in vCenter

Adding Cloud Resources

Provider Virtual Datacenters

Create a Provider Virtual Datacenter

External Networks

Add an External Network

Network Pools

Add a Network Pool That Is Backed by VLAN IDs

Add a Network Pool That Is Backed by Cloud Isolated Networks

Add a Network Pool That Is Backed by vSphere Port Groups

Set the MTU for a Network Pool Backed by Cloud Isolated Networks

VXLAN Network Pools

Understanding Leases

Create an Organization

Open the New Organization Wizard

Name the Organization

Specify the Organization LDAP Options

Add Local Users to the Organization

Set the Organization Catalog Publishing Policy

Configure Email Preferences

Configure Organization Lease, Quota, and Limit Settings

Confirm Settings and Create the Organization

Allocate Resources to an Organization

Open the Allocate Resources Wizard

Select a Provider vDC

Select an Allocation Model

Configure the Allocation Model

Allocate Storage

Select Network Pool and Services

Configure an Edge Gateway

Configure External Networks

Configure IP Settings on a New Edge Gateway

Suballocate IP Pools on a New Edge Gateway

Configure Rate Limits on a New Edge Gateway

Create an Organization vDC Network

Name the Organization vDC

Confirm Settings and Create the Organization vDC

Creating a Published Catalog 4

Enable Catalog Publishing

Create a Published Catalog

Upload a vApp Template

Import a vApp Template from vSphere

Upload a Media File

Import a Media File from vSphere

Publish a Catalog

Managing Cloud Resources 5

Managing Provider vDCs

Enable or Disable a Provider vDC

Delete a Provider vDC

Modify a Provider vDC Name and Description

Merge Provider vDCs

Enable or Disable a Provider vDC Host

Prepare or Unprepare a Provider vDC Host

Upgrade an ESX/ESXi Host Agent for a Provider vDC Host

Repair a Provider vDC ESX/ESXi Host

Enable vSphere VXLAN on an Upgraded Provider vDC

Provider vDC Datastores

Add a Storage Profile to a Provider vDC