VMware vCloud Director - 5.1 Administrator’s Guide

vCloud Director Administrator's Guide

vCloud Director 5.1.1

This document supports the version of each product listed and supports all subsequent versions until the document is replaced by a new edition. To check for more recent editions of this document, see http://www.vmware.com/support/pubs.

EN-000817-02

vCloud Director Administrator's Guide

You can find the most up-to-date technical documentation on the VMware Web site at:

http://www.vmware.com/support/

The VMware Web site also provides the latest product updates.

If you have comments about this documentation, submit your feedback to:

docfeedback@vmware.com

Copyright © 2010–2012 VMware, Inc. All rights reserved. This product is protected by U.S. and international copyright and intellectual property laws. VMware products are covered by one or more patents listed at

http://www.vmware.com/go/patents.

VMware is a registered trademark or trademark of VMware, Inc. in the United States and/or other jurisdictions. All other marks and names mentioned herein may be trademarks of their respective companies.

VMware, Inc.

3401 Hillview Ave. Palo Alto, CA 94304 www.vmware.com

2 VMware, Inc.

vCloud Director Administrator's Guide 7

Updated Information 9

Getting Started with vCloud Director 11

Overview of vCloud Director Administration 11

Preparing the System 14

Create a Microsoft Sysprep Deployment Package 14

Replace a Microsoft Sysprep Deployment Package 15

Replace SSL Certificates 16

Set User Preferences 17

Adding Resources to vCloud Director 19

Adding vSphere Resources 19

Adding Cloud Resources 21

Creating and Provisioning Organizations 27

Understanding Leases 27

Create an Organization 28

Allocate Resources to an Organization 32

Creating a Published Catalog 41

Enable Catalog Publishing 41

Create a Published Catalog 42

Upload a vApp Template 42

Import a vApp Template from vSphere 43

Upload a Media File 43

Import a Media File from vSphere 44

Publish a Catalog 44

VMware, Inc.

Managing Cloud Resources 45

Managing Provider vDCs 45

Managing Organization vDCs 52

Managing External Networks 64

Managing Edge Gateways 65

Managing Organization vDC Networks 81

Managing Network Pools 94

Managing Cloud Cells 96

vCloud Director Administrator's Guide

Managing vSphere Resources 99

Managing vSphere vCenter Servers 99

Managing vSphere ESX/ESXi Hosts 101

Managing vSphere Datastores 102

Managing Stranded Items 103

Managing Organizations 105

Enable or Disable an Organization 105

Delete an Organization 105

Add a Catalog to an Organization 106

Editing Organization Properties 106

Managing Organization Resources 110

Managing Organization Users and Groups 110

Managing Organization vApps and Virtual Machines 110

Managing System Administrators and Roles 113

Add a System Administrator 113

Import a System Administrator 113

Enable or Disable a System Administrator 114

Delete a System Administrator 114

Edit System Administrator Profile and Contact Information 114

Send an Email Notification to Users 115

Delete a System Administrator Who Lost Access to the System 115

Import a Group 115

Delete an LDAP Group 116

View Group Properties 116

Roles and Rights 116

Managing System Settings 119

Modify General System Settings 119

General System Settings 119

Editing System Email Settings 121

Configuring Blocking Tasks and Notifications 122

Configuring the System LDAP Settings 123

Customize the vCloud Director Client UI 126

Configuring Public Addresses 127

Configure the Account Lockout Policy 129

Configure vCloud Director to use vCenter Single Sign On 129

Monitoring vCloud Director 131

Viewing Tasks and Events 131

Monitor and Manage Blocking Tasks 133

View Usage Information for a Provider vDC 133

View Usage Information for an Organization vDC 133

Using vCloud Director's JMX Service 134

Viewing the vCloud Director Logs 134

vCloud Director and Cost Reporting 134

Monitoring Quarantined Files 135

4 VMware, Inc.

Contents

Roles and Rights 137

Predefined Roles and Their Rights 137

Index 141

VMware, Inc. 5

vCloud Director Administrator's Guide

6 VMware, Inc.

vCloud Director Administrator's Guide

The VMware vCloud Director Administrator's Guide provides information to the vCloud Director system administrator about how to add resources to the system, create and provision organizations, manage resources and organizations, and monitor the system.

Intended Audience

This book is intended for anyone who wants to configure and manage a vCloud Director installation. The information in this book is written for experienced system administrators who are familiar with Linux, Windows, IP networks, and VMware vSphere.

VMware, Inc. 7

vCloud Director Administrator's Guide

8 VMware, Inc.

Updated Information

This vCloud Director Administrator's Guide is updated with each release of the product or when necessary.

This table provides the update history of the vCloud Director Administrator's Guide.

Revision Description

000817-01

000817-00 Initial release.

Added Edge Gateway creation and configuration to the organization vDC creation and organization resource allocation workflows.

Removed an obsolete procedure from the managing provider vDCs section.

VMware, Inc. 9

vCloud Director Administrator's Guide

10 VMware, Inc.

Getting Started with vCloud Director 1

The first time you log in to the vCloud Director Web console, the Home tab guides you through the steps to configure your installation.

You can also set your user preferences and create a Microsoft Sysprep deployment package to support guest customization in vCloud Director virtual machines.

This chapter includes the following topics:

“Overview of vCloud Director Administration,” on page 11

“Log In to the Web Console,” on page 13

“Preparing the System,” on page 14

“Create a Microsoft Sysprep Deployment Package,” on page 14

“Replace a Microsoft Sysprep Deployment Package,” on page 15

“Replace SSL Certificates,” on page 16

“Set User Preferences,” on page 17

Overview of vCloud Director Administration

VMware vCloud Director is a software product that provides the ability to build secure, multi-tenant clouds by pooling virtual infrastructure resources into virtual datacenters and exposing them to users through Webbased portals and programmatic interfaces as a fully-automated, catalog-based service.

The VMware vCloud Director Administrator's Guide provides information about adding resources to the system, creating and provisioning organizations, managing resources and organizations, and monitoring the system.

vSphere Resources

vCloud Director relies on vSphere resources to provide CPU and memory to run virtual machines. In addition, vSphere datastores provide storage for virtual machine files and other files necessary for virtual machine operations. vCloud Director also utilizes vSphere distributed switches and vSphere port groups to support virtual machine networking.

You can use these underlying vSphere resources to create cloud resources.

Cloud Resources

Cloud resources are an abstraction of their underlying vSphere resources. They provide the compute and memory resources for vCloud Director virtual machines and vApps. A vApp is a virtual system that contains one or more individual virtual machines, along with parameters that define operational details. Cloud resources also provide access to storage and network connectivity.

VMware, Inc.

vCloud Director Administrator's Guide

Cloud resources include provider and organization virtual datacenters, external networks, organization vDC networks, and network pools. Before you can add cloud resources to vCloud Director, you must add vSphere resources.

Provider Virtual Datacenters

A provider virtual datacenter (vDC) combines the compute and memory resources of a single vCenter Server resource pool with the storage resources of one or more datastores available to that resource pool.

You can create multiple provider vDCs for users in different geographic locations or business units, or for users with different performance requirements.

Organization Virtual Datacenters

An organization virtual datacenter (vDC) provides resources to an organization and is partitioned from a provider vDC. Organization vDCs provide an environment where virtual systems can be stored, deployed, and operated. They also provide storage for virtual media, such as floppy disks and CD ROMs.

A single organization can have multiple organization vDCs.

vCloud Director Networking

vCloud Director supports three types of networks.

External networks

organization vDC networks

vApp networks

Some organization vDC networks and all vApp networks are backed by network pools.

External Networks

An external network is a logical, differentiated network based on a vSphere port group. organization vDC networks can connect to external networks to provide Internet connectivity to virtual machines inside of a vApp.

Only system administrators create and manage external networks.

Organization vDC Networks

An organization vDC network is contained within a vCloud Director organization vDC and is available to all the vApps in the organization. An organization vDC network allows vApps within an organization to communicate with each other. You can connect an organization vDC network to an external network to provide external connectivity. You can also create an isolated organization vDC network that is internal to the organization. Certain types of organization vDC networks are backed by network pools.

Only system administrators can create organization vDC networks. System administrators and organization administrators can manage organization vDC networks, although there are some limits to what an organization administrator can do.

vApp Networks

A vApp network is contained within a vApp and allows virtual machines in the vApp to communicate with each other. You can connect a vApp network to an organization vDC network to allow the vApp to communicate with other vApps in the organization and outside of the organization, if the organization vDC network is connected to an external network. vApp networks are backed by network pools.

Most users with access to a vApp can create and manage their own vApp networks. Working with vApp networks is described in the VMware vCloud Director User's Guide.

12 VMware, Inc.

Chapter 1 Getting Started with vCloud Director

Network Pools

A network pool is a group of undifferentiated networks that is available for use within an organization vDC. A network pool is backed by vSphere network resources such as VLAN IDs, port groups, or Cloud isolated networks. vCloud Director uses network pools to create NAT-routed and internal organization vDC networks and all vApp networks. Network traffic on each network in a pool is isolated at layer 2 from all other networks.

Each organization vDC in vCloud Director can have one network pool. Multiple organization vDCs can share the same network pool. The network pool for an organization vDC provides the networks created to satisfy the network quota for an organization vDC.

Only system administrators can create and manage network pools.

Organizations

vCloud Director supports multi-tenancy through the use of organizations. An organization is a unit of administration for a collection of users, groups, and computing resources. Users authenticate at the organization level, supplying credentials established by an organization administrator when the user was created or imported. System administrators create and provision organizations, while organization administrators manage organization users, groups, and catalogs. Organization administrator tasks are described in the VMware vCloud Director User's Guide.

Users and Groups

An organization can contain an arbitrary number of users and groups. Users can be created by the organization administrator or imported from a directory service such as LDAP. Groups must be imported from the directory service. Permissions within an organization are controlled through the assignment of rights and roles to users and groups.

Catalogs

Organizations use catalogs to store vApp templates and media files. The members of an organization that have access to a catalog can use the catalog's vApp templates and media files to create their own vApps. A system administrator can allow an organization to publish a catalog to make it available to other organizations. Organizations administrators can then choose which catalog items to provide to their users.

Log In to the Web Console

You can access the vCloud Director user interface by using a Web browser.

For a list of supported browsers, see the VMware vCloud Director Installation and Configuration Guide.

Prerequisites

You must have the system administrator user name and password that you created during the system setup.

Procedure

1 Open a Web browser and navigate to https://

hostname.domain.tld

/cloud.

For hostname.domain.tld, provide the fully qualified domain name associated with the primary IP address of the vCloud Director server host. For example, https://cloud.example.com/cloud.

2 Type the system administrator user name and password and click Login.

vCloud Director displays a list of the next tasks you should perform.

VMware, Inc. 13

vCloud Director Administrator's Guide

Preparing the System

The Home tab in the vCloud Director Web console provides links to the tasks required to prepare the system for use. Links become active after you complete prerequisite tasks.

For more information about each task, see Table 1-1.

Table 1-1. Quick Start Tasks

Task For More Information

Attach a vCenter “Attach a vCenter Server,” on page 19

Create a Provider Virtual Datacenter “Create a Provider Virtual Datacenter,” on page 21

Create an External Network “Add an External Network,” on page 22

Create a Network Pool “Network Pools,” on page 23

Create an Organization “Create an Organization,” on page 28

Allocate Resources to an Organization “Create an Organization vDC,” on page 52

Add a Network to an Organization “Adding Networks to an Organization vDC,” on page 81

Add a Catalog to an Organization “Add a Catalog to an Organization,” on page 106

Create a Microsoft Sysprep Deployment Package

Before vCloud Director can perform guest customization on virtual machines with certain Windows guest operating systems, you must create a Microsoft Sysprep deployment package on each cloud cell in your installation.

During installation, vCloud Director places some files in the sysprep folder on the vCloud Director server host. Do not overwrite these files when you create the Sysprep package.

Prerequisites

Access to the Sysprep binary files for Windows 2000, Windows 2003 (32- and 64-bit), and Windows XP (32and 64-bit).

Procedure

1 Copy the Sysprep binary files for each operating system to a convenient location on a vCloud Director

server host.

Each operating system requires its own folder.

NOTE Folder names are case-sensitive.

Guest OS Copy Destination

Windows 2000 SysprepBinariesDirectory /win2000

Windows 2003 (32-bit) SysprepBinariesDirectory /win2k3

Windows 2003 (64-bit) SysprepBinariesDirectory /win2k3_64

Windows XP (32-bit) SysprepBinariesDirectory /winxp

Windows XP (64-bit) SysprepBinariesDirectory /winxp_64

SysprepBinariesDirectory represents a location you choose to which to copy the binaries.

14 VMware, Inc.

Chapter 1 Getting Started with vCloud Director

2 Run the /opt/vmware/vcloud-director/deploymentPackageCreator/createSysprepPackage.sh

SysprepBinariesDirectory command.

For example, /opt/vmware/vcloud-

director/deploymentPackageCreator/createSysprepPackage.sh /root/MySysprepFiles.

3 Use the service vmware-vcd restart command to restart the cloud cell.

4 If you have multiple cloud cells, copy the package and properties file to all cloud cells.

scp /opt/vmware/vcloud-director/guestcustomization/vcloud_sysprep.properties /opt/vmware/vcloud-director/guestcustomization/windows_deployment_package_sysprep.cab

next_cell_IP

root@

:/opt/vmware/vcloud-director/guestcustomization

5 Restart each cloud cell to which you copy the files.

Replace a Microsoft Sysprep Deployment Package

If you already created a Microsoft Sysprep deployment package and you need to generate a new one, you must replace the existing Sysprep package on each cloud cell in your installation.

Prerequisites

Access to the Sysprep binary files for Windows 2000, Windows 2003 (32- and 64-bit), and Windows XP (32and 64-bit).

Procedure

1 Use the service vmware-vcd stop command to stop the first cloud cell.

2 Copy the new Sysprep binary files for each operating system to a convenient location on a vCloud Director

server host.

Each operating system requires its own folder.

NOTE Folder names are case-sensitive.

Guest OS Copy Destination

Windows 2000 SysprepBinariesDirectory /win2000

Windows 2003 (32-bit) SysprepBinariesDirectory /win2k3

Windows 2003 (64-bit) SysprepBinariesDirectory /win2k3_64

Windows XP (32-bit) SysprepBinariesDirectory /winxp

Windows XP (64-bit) SysprepBinariesDirectory /winxp_64

SysprepBinariesDirectory represents a location you choose to which to copy the binaries.

3 Run the /opt/vmware/vcloud-director/deploymentPackageCreator/createSysprepPackage.sh

SysprepBinariesDirectory command.

For example, /opt/vmware/vcloud-

director/deploymentPackageCreator/createSysprepPackage.sh /root/MySysprepFiles.

4 Use the service vmware-vcd restart command to restart the cloud cell.

5 If you have multiple cloud cells, stop each cell and copy the package and properties file to each cell.

scp /opt/vmware/vcloud-director/guestcustomization/vcloud_sysprep.properties /opt/vmware/vcloud-director/guestcustomization/windows_deployment_package_sysprep.cab

next_cell_IP

root@

:/opt/vmware/cloud-director/guestcustomization

6 Restart each cloud cell to which you copy the files.

VMware, Inc. 15

vCloud Director Administrator's Guide

Replace SSL Certificates

If any members of your vCloud Director server group are using self-signed SSL certificates, you can upgrade them to signed SSL certificates to obtain a higher level of trust within your cloud.

You can use the vCloud Director configuration script to upgrade the SSL certificates on a vCloud Director server. When you run this script on a server that has already been configured, it validates the database connection details and prompts for SSL certificate information, but skips all the other configuration steps, so that the existing configuration is not modified.

Each vCloud Director server requires two SSL certificates, one for each of its IP addresses, in a Java keystore file. You must execute this procedure for each member of your vCloud Director server group. You can use signed certificates (signed by a trusted certification authority) or self-signed certificates. Signed certificates provide the highest level of trust.

Prerequisites

This procedure requires you to stop vCloud Director services on each server for which you replace certificates. Stopping a server can have an impact on cloud operations.

Have the following information available:

Location and password of the keystore file that includes the SSL certificates for this server. See the vCloud Director Installation and Configuration Guide. The configuration script does not run with a privileged identity, so the keystore file and the directory in which it is stored must be readable by any user.

Password for each SSL certificate.

Procedure

1 Log in to the target server as root.

2 Stop vCloud Director services on the server.

3 Run the configuration script on the server.

Open a console, shell, or terminal window, and type:

/opt/vmware/vcloud-director/bin/configure

4 Specify the full path to the Java keystore file that holds the new certificates.

Please enter the path to the Java keystore containing your SSL certificates and private keys:/opt/keystore/certificates.ks

5 Enter the keystore and certificate passwords.

Please enter the password for the keystore: Please enter the private key password for the 'http' SSL certificate: Please enter the private key password for the 'consoleproxy' SSL certificate:

The configuration script replaces the certificates and re-starts vCloud Director services on the server.

What to do next

If you have acquired new certificates for any other members of the vCloud Director server group, use this procedure to replace the existing certificates on those servers

16 VMware, Inc.

Set User Preferences

You can set certain display and system alert preferences that take effect every time you log in to the system. You can also change the password for your system administrator account.

Procedure

1 In the title bar of the Web console, click Preferences.

2 Click the Defaults tab.

3 Select the page to display when you log in.

4 Select the number of days or hours before a runtime lease expires that you want to receive an email

notification.

5 Select the number of days or hours before a storage lease expires that you want to receive an email

notification.

6 Click the Change Password tab.

7 (Optional) Type your current password and type your new password twice.

8 Click OK.

Chapter 1 Getting Started with vCloud Director

VMware, Inc. 17

vCloud Director Administrator's Guide

18 VMware, Inc.

Adding Resources to vCloud Director 2

vCloud Director derives its resources from an underlying vSphere virtual infrastructure. After you register vSphere resources in vCloud Director, you can allocate these resources for organizations within the vCloud Director installation to use.

This chapter includes the following topics:

“Adding vSphere Resources,” on page 19

“Adding Cloud Resources,” on page 21

Adding vSphere Resources

For information about vCloud Director system requirements and supported versions of vCenter Server and ESX/ESXi see the VMware vCloud Director Installation and Configuration Guide.

Attach a vCenter Server

VMware, Inc.

Attach a vCenter Server to make its resources available for use with vCloud Director. After you attach a vCenter Server, you can assign its resource pools, datastores, and networks to a provider virtual datacenter.

Prerequisites

An instance of vShield Manager is installed and configured for vCloud Director. For more information, see the VMware vCloud Director Installation and Configuration Guide.

Procedure

1 Open the Attach New vCenter Wizard on page 20

Open the Attach New vCenter wizard to start the process of attaching a vCenter Server to vCloud Director.

2 Provide vCenter Server Connection and Display Information on page 20

To attach a vCenter Server to vCloud Director, you must provide connection information and a display name for the vCenter Server.

3 Connect to vShield Manager on page 20

vCloud Director requires vShield Manager to provide network services. Each vCenter Server you attach to vCloud Director requires its own vShield Manager.

4 Confirm Settings and Attach the vCenter Server on page 20

Before you attach the new vCenter Server, review the settings you entered.

vCloud Director Administrator's Guide

Open the Attach New vCenter Wizard

Open the Attach New vCenter wizard to start the process of attaching a vCenter Server to vCloud Director.

Procedure

1 Click the Manage & Monitor tab and then click vCenters in the left pane.

2 Click the Attach New vCenter button.

The Attach New vCenter wizard launches.

Provide vCenter Server Connection and Display Information

To attach a vCenter Server to vCloud Director, you must provide connection information and a display name for the vCenter Server.

Procedure

1 Type the host name or IP address of the vCenter Server.

2 Select the port number that vCenter Server uses.

The default port number is 443.

3 Type the user name and password of a vCenter Server administrator.

The user account must have the Administrator role in vCenter.

4 Type a name for the vCenter Server.

The name you type becomes the display name for the vCenter Server in vCloud Director.

5 (Optional) Type a description for the vCenter Server.

6 Click Next to save your choices and go to the next page.

Connect to vShield Manager

vCloud Director requires vShield Manager to provide network services. Each vCenter Server you attach to vCloud Director requires its own vShield Manager.

Procedure

1 Type the host name or IP address of the vShield Manager to use with the vCenter Server that you are

attaching.

2 Type the user name and password to connect to vShield Manager.

The default user name is admin and the default password is default. You can change these defaults in the vShield Manager user interface.

3 Click Next to save your choices and go to the next page.

Confirm Settings and Attach the vCenter Server

Before you attach the new vCenter Server, review the settings you entered.

Procedure

1 Review the settings for the vCenter Server and vShield Manager.

2 (Optional) Click Back to modify the settings.

3 Click Finish to accept the settings and attach the vCenter Server.

20 VMware, Inc.

Chapter 2 Adding Resources to vCloud Director

vCloud Director attaches the new vCenter Server and registers its resources for provider virtual datacenters to use.

What to do next

Assign a vShield for VMware vCloud Director license key in the vCenter Server.

Assign a vShield License Key in vCenter

After you attach a vCenter Server to vCloud Director, you must use the vSphere Client to assign a vShield for VMware vCloud Director license key.

Prerequisites

The vSphere Client must be connected to the vCenter Server system.

Procedure

1 From a vSphere Client host that is connected to the vCenter Server system, select Home > Licensing.

2 For the report view, select Asset.

3 Right-click the vShield-edge asset and select Change license key.

4 Select Assign a new license key and click Enter Key.

5 Enter the license key, enter an optional label for the key, and click OK.

Use the vShield for VMware vCloud Director license key you received when you purchased vCloud Director. You can use this license key in multiple vCenter Servers.

6 Click OK.

Adding Cloud Resources

Cloud resources are an abstraction of their underlying vSphere resources and provide the compute and memory resources for vCloud Director virtual machines and vApps, and access to storage and network connectivity.

For more information about organization virtual datacenters, see “Allocate Resources to an Organization,” on page 32.

For more information about organization vDC networks, see “Managing Organization vDC Networks,” on page 81

Provider Virtual Datacenters

A provider virtual datacenter (vDC) combines the compute and memory resources of a single vCenter Server resource pool with the storage resources of one or more datastores connected to that resource pool.

A provider vDC is the source for organization vDCs.

Create a Provider Virtual Datacenter

You can create a provider vDC to register vSphere compute, memory, and storage resources for vCloud Director to use. You can create multiple provider vDCs for users in different geographic locations or business units, or for users with different performance requirements.

A provider vDC can only include a single resource pool from a single vCenter Server.

VMware, Inc. 21

vCloud Director Administrator's Guide

If you plan to add a resource pool that is part of a cluster that uses vSphere HA, make sure you are familiar with how vSphere HA calculates slot size. For more information about slot sizes and customizing vSphere HA behavior, see the VMware vSphere Availability Guide.

Prerequisites

Verify that at least one vCenter Server is attached with an available resource pool to vCloud Director. The resource pool must be in a vCenter cluster that is configured to use automated DRS. The vCenter Server must have the vShield for VMware vCloud Director license key.

Procedure

1 Click the Manage & Monitor tab and click Provider vDCs in the left pane.

2 Click New Provider vDC.

3 Type a name and optional description.

You can use the name and description fields to indicate the vSphere functions available to the provider vDC, for example, vSphere HA.

4 Select the latest supported hardware version and click Next.

This selection determines the latest supported hardware version for virtual machines in organization vDCs based on this provider vDC. Hardware Version 9 requires ESXi 5.1 hosts.

5 Select a vCenter Server and resource pool and click Next.

If the vCenter Server has no available resource pools, no resource pools appear in the list.

6 Select one or more storage profiles for the provider vDC to support, click Add, and click Next.

7 Click Finish to create the provider vDC.

External Networks

An external network is a logical, differentiated network based on a vSphere port group. An external network provides the interface to the Internet for virtual machines connected to external organization vDC networks.

For more information about organization vDC networks, see “Managing Organization vDC Networks,” on page 81.

Add an External Network

Add an external network to register vSphere network resources for vCloud Director to use. You can create organization vDC networks that connect to an external network.

Prerequisites

A vSphere port group is available. If the port group uses VLAN, it can use only a single VLAN. Port groups with VLAN trunking are not supported.

VMware recommends using an auto-expanding static port group.

Procedure

1 Click the Manage & Monitor tab and click External Networks in the left pane.

2 Click the Add Network button.

3 Select a vCenter Server and a vSphere port group and click Next.

4 Type the network settings and click Next.

5 Type a name and optional description for the network and click Next.

22 VMware, Inc.

Chapter 2 Adding Resources to vCloud Director

6 Review the network settings and click Finish.

What to do next

You can now create an organization vDC network that connects to the external network.

Network Pools

A network pool is a group of undifferentiated networks that is available for use within an organization vDC to create vApp networks and certain types of organization vDC networks.

A network pool is backed by vSphere network resources such as VLAN IDs, port groups, or Cloud isolated networks. vCloud Director uses network pools to create NAT-routed and internal organization vDC networks and all vApp networks. Network traffic on each network in a pool is isolated at layer 2 from all other networks.

Add a Network Pool That Is Backed by VLAN IDs

You can add a VLAN-backed network pool to register vSphere VLAN IDs for vCloud Director to use. A VLANbacked network pool provides the best security, scalability, and performance for organization vDC networks.

Prerequisites

Verify that a range of VLAN IDs and a vSphere distributed switch are available in vSphere. The VLAN IDs must be valid IDs that are configured in the physical switch to which the ESX/ESXi servers are connected.

CAUTION The VLANs must be isolated at the layer 2 level. Failure to properly isolate the VLANs can cause a disruption on the network.

Procedure

1 Click the Manage & Monitor tab and click Network Pools in the left pane.

2 Click Add Network Pool.

3 Select VLAN-backed and click Next.

4 Type a range of VLAN IDs and click Add.

You can create one network for each VLAN ID.

5 Select a vCenter Server and vSphere distributed switch and click Next.

6 Type a name and optional description for the network and click Next.

7 Review the network pool settings and click Finish.

What to do next

You can now create an organization vDC network that is backed by the network pool or associate the network pool with an organization vDC and create vApp networks.

Add a Network Pool That Is Backed by Cloud Isolated Networks

You can create a network pool that is backed by cloud isolated networks. A cloud isolated network spans hosts, provides traffic isolation from other networks, and is the best source for vApp networks.

An isolation-backed network pool does not require preexisting port groups in vSphere.

Prerequisites

Verify that a vSphere distributed switch is available.

VMware, Inc. 23

vCloud Director Administrator's Guide

Procedure

1 Click the Manage & Monitor tab and click Network Pools in the left pane.

2 Click Add Network Pool.

3 Select VCD Network Isolation-backed and click Next.

4 Type the number of networks to create from the network pool.

5 (Optional) Type a VLAN ID.

6 Select a vCenter Server and a vSphere distributed switch and click Next.

7 Type a name and optional description for the network and click Next.

8 Review the network pool settings and click Finish.

vCloud Director creates cloud isolated networks in vSphere as they are needed.

What to do next

You can now create an organization vDC network that is backed by the network pool or associate the network pool with an organization vDC and create vApp networks. You can also increase the network pool MTU. See

“Set the MTU for a Network Pool Backed by Cloud Isolated Networks,” on page 25.

Add a Network Pool That Is Backed by vSphere Port Groups

You can add a network pool that is backed by port groups to register vSphere port groups for vCloud Director to use. Unlike other types of network pools, a network pool that is backed by port groups does not require a vSphere distributed switch.

CAUTION The port groups must be isolated from all other port groups at the layer 2 level. The port groups must be physically isolated or must be isolated by using VLAN tags. Failure to properly isolate the port groups can cause a disruption on the network.

Prerequisites

Verify that one or more port groups are available in vSphere. The port groups must be available on each ESX/ESXi host in the cluster, and each port group must use only a single VLAN. Port groups with VLAN trunking are not supported.

Procedure

1 Click the Manage & Monitor tab and click Network Pools in the left pane.

2 Click Add Network Pool.

3 Select vSphere Port Group-backed and click Next.

4 Select a vCenter Server and click Next.

5 Select one or more port groups, click Add, and click Next.

You can create one network for each port group.

6 Type a name and optional description for the network and click Next.

7 Review the network pool settings and click Finish.

What to do next

You can now create an organization vDC network that is backed by the network pool or associate the network pool with an organization vDC and create vApp networks.

24 VMware, Inc.

Chapter 2 Adding Resources to vCloud Director

Set the MTU for a Network Pool Backed by Cloud Isolated Networks

You can specify the maximum transmission units (MTU) that vCloud Director uses for a network pool that is backed by Cloud isolated networks. The MTU is the maximum amount of data that can be transmitted in one packet before it is divided into smaller packets.

When you configure the virtual machine guest operating system and the underlying physical infrastructure with the standard MTU (1500 bytes), the VMware network isolation protocol fragments frames. To avoid frame fragmentation, increase the MTU to at least 1600 bytes for the network pool and the underlying physical network. You can increase the network pool MTU up to, but not greater than, the MTU of the physical network.

If your physical network has an MTU of less than 1500 bytes, decrease the MTU of the network pool to match the underlying physical network.

Prerequisites

Verify that you have a network pool backed by cloud isolated networks. Before you increase the MTU for a network pool, you must ensure that the physical switch infrastructure supports an MTU of greater than 1500, also known as jumbo frames.

Procedure

1 Click the Manage & Monitor tab and click Network Pools in the left pane.

2 Right-click the network pool name and select Properties.

3 On the Network Pool MTU tab, type the MTU and click OK.

vCloud Director modifies the MTU for the network pool and all other network pools that use the same vSphere distributed switch.

VXLAN Network Pools

vSphere VXLAN networks are based on the IETF draft VXLAN standard. These networks support localdomain isolation equivalent to what is supported by vSphere isolation-backed networks.

When you create a provider vDC, a VXLAN network pool is created in vCloud Director. When you use this network pool, VXLAN virtual wires are created in vCenter Server.

This pool is given a name derived from the name of the containing provider vDC and attached to it at creation. You cannot delete or modify this network pool. You cannot create a VXLAN network pool by any other method. If you rename a provider vDC, its VXLAN network pool is automatically renamed.

vSphere VXLAN networks provide the following benefits.

Logical networks spanning layer 3 boundaries

Logical networks spanning multiple racks on a single layer 2

Broadcast containment

Higher performance

Greater scale (up to 16 million network addresses)

For more information on VXLAN in a vCloud environment, see the vShield Administration Guide.

VMware, Inc. 25

vCloud Director Administrator's Guide

26 VMware, Inc.

Creating and Provisioning

Organizations 3

Organizations provide resources to a group of users and set policies that determine how users can consume those resources. Create an organization for each group of users that requires its own resources, policies, or both.

This chapter includes the following topics:

“Understanding Leases,” on page 27

“Create an Organization,” on page 28

“Allocate Resources to an Organization,” on page 32

Understanding Leases

Creating an organization involves specifying leases. Leases provide a level of control over an organization's storage and compute resources by specifying the maximum amount of time that vApps can be running and that vApps and vApp templates can be stored.

The goal of a runtime lease is to prevent inactive vApps from consuming compute resources. For example, if a user starts a vApp and goes on vacation without stopping it, the vApp continues to consume resources.

A runtime lease begins when a user starts a vApp. When a runtime lease expires, vCloud Director stops the vApp.

The goal of a storage lease is to prevent unused vApps and vApp templates from consuming storage resources. A vApp storage lease begins when a user stops the vApp. Storage leases do not affect running vApps. A vApp template storage lease begins when a user adds the vApp template to a vApp, adds the vApp template to a workspace, downloads, copies, or moves the vApp template.

When a storage lease expires, vCloud Director marks the vApp or vApp template as expired, or deletes the vApp or vApp template, depending on the organization policy you set.

For more information about specifying lease settings, see “Configure Organization Lease, Quota, and Limit

Settings,” on page 31.

Users can configure email notification to receive a message before a runtime or storage lease expires. See “Set

User Preferences,” on page 17 for information about lease expiration preferences.

VMware, Inc.

vCloud Director Administrator's Guide

Create an Organization

Creating an organization involves specifying the organization settings and creating a user account for the organization administrator.

Procedure

1 Open the New Organization Wizard on page 28

Open the New Organization wizard to start the process of creating an organization.

2 Name the Organization on page 29

Provide a descriptive name and an optional description for your new organization.

3 Specify the Organization LDAP Options on page 29

You can use an LDAP service to provide a directory of users and groups for the organization. If you do not specify an LDAP service, you must create a user account for each user in the organization. Only a system administrator can set LDAP options. An organization administrator cannot modify LDAP options.

4 Add Local Users to the Organization on page 30

Every organization should have at least one local organization administrator account, so that users can log in even if the LDAP and SAML services are unavailable.

5 Set the Organization Catalog Publishing Policy on page 30

A catalog provides organization users with a library of vApp templates and media that they can use to create vApps and install applications on virtual machines.

6 Configure Email Preferences on page 30

vCloud Director requires an SMTP server to send user notification and system alert emails. An organization can use the system email settings or use its own email settings.

7 Configure Organization Lease, Quota, and Limit Settings on page 31

Leases, quotas, and limits constrain the ability of organization users to consume storage and processing resources. Use these settings to prevent users from depleting or monopolizing an organization's resources.

8 Confirm Settings and Create the Organization on page 31

Before you create the organization, review the settings you entered.

Open the New Organization Wizard

Open the New Organization wizard to start the process of creating an organization.

Procedure

1 Click the Manage & Monitor tab and then click Organizations in the left pane.

2 Click the New Organization button.

The New Organization wizard starts.

28 VMware, Inc.

Chapter 3 Creating and Provisioning Organizations

Name the Organization

Provide a descriptive name and an optional description for your new organization.

Procedure

1 Type an organization name.

This name provides a unique identifier that appears as part of the URL that members of the organization use to log in to the organization.

2 Type a display name for the organization.

This name appears in the browser header when an organization member uses the unique URL to log in to vCloud Director. An administrator or organization administrator can change this name later.

3 (Optional) Type a description of the organization.

4 Click Next.

Specify the Organization LDAP Options

For more information about entering custom LDAP settings, see “Configuring the System LDAP Settings,” on page 123.

Procedure

1 Select the source for organization users.

Option Description

Do not use LDAP

VCD system LDAP service

Custom LDAP service

Organization administrator creates a local user account for each user in the organization. You cannot create groups if you select this option.

Use the vCloud Director system LDAP service as the source for organization users and groups.

Connect the organization to its own private LDAP service.

2 Provide any additional information that your selection requires.

Option Action

Do not use LDAP

VCD system LDAP service

Custom LDAP service

Click Next.

(Optional) Type the distinguished name of the organizational unit (OU) to use to limit the users that you can import into the organization and click Next. If you do not enter anything, you can import all users in the system LDAP service into the organization.

NOTE Specifying an OU does not limit the LDAP groups you can import. You can import any LDAP group from the system LDAP root. However, only users who are in both the OU and the imported group can log in to the organization.

Click Next and enter the custom LDAP settings for the organization.

VMware, Inc. 29

vCloud Director Administrator's Guide

Add Local Users to the Organization

Every organization should have at least one local organization administrator account, so that users can log in even if the LDAP and SAML services are unavailable.

Procedure

1 Click Add.

2 Type a user name and password.

3 Assign a role to the user.

4 (Optional) Type the contact information for the user.

5 Select Unlimited or type a user quota for stored and running virtual machines and click OK.

These quotas limit the user's ability to consume storage and compute resources in the organization.

6 Click Next.

Set the Organization Catalog Publishing Policy

A catalog provides organization users with a library of vApp templates and media that they can use to create vApps and install applications on virtual machines.

Generally, catalogs should only be available to users in a single organization, but a system administrator can allow the organization administrator to publish their catalogs to all organizations in the vCloud Director installation.

Procedure

1 Select a catalog publishing option.

Option Description

Cannot publish catalogs

Allow publishing catalogs to all organizations

The organization administrator cannot publish catalogs for users outside of the organization.

The organization administrator can publish catalogs for users in all organizations.

2 Click Next.

Configure Email Preferences

vCloud Director requires an SMTP server to send user notification and system alert emails. An organization can use the system email settings or use its own email settings.

Procedure

1 Select an SMTP server option.

Option Description

Use system default SMTP server

Set organization SMTP server

The organization uses the system SMTP server.

The organization uses its own SMTP server. Type the DNS host name or IP address and port number of the SMTP server. (Optional) Select the Requires authentication check box and type a user name and password.

30 VMware, Inc.

+ 114 hidden pages