VMware vCloud Director - 5.1 User’s Guide

vCloud Director User's Guide

vCloud Director 5.1

This document supports the version of each product listed and supports all subsequent versions until the document is replaced by a new edition. To check for more recent editions of this document, see http://www.vmware.com/support/pubs.

EN-000818-00

vCloud Director User's Guide

You can find the most up-to-date technical documentation on the VMware Web site at:

http://www.vmware.com/support/

The VMware Web site also provides the latest product updates.

If you have comments about this documentation, submit your feedback to:

docfeedback@vmware.com

Copyright © 2010–2012 VMware, Inc. All rights reserved. This product is protected by U.S. and international copyright and intellectual property laws. VMware products are covered by one or more patents listed at

http://www.vmware.com/go/patents.

VMware is a registered trademark or trademark of VMware, Inc. in the United States and/or other jurisdictions. All other marks and names mentioned herein may be trademarks of their respective companies.

VMware, Inc.

3401 Hillview Ave. Palo Alto, CA 94304 www.vmware.com

2 VMware, Inc.

vCloud Director User's Guide 7

Getting Started with vCloud Director 9

Understanding VMware vCloud Director 9

Using vCloud Director 10

Set Mozilla Firefox Options 11

Set Microsoft Internet Explorer Options 12

Set User Preferences 13

Change Your Password 14

Managing Users and Groups 15

Managing Users 15

Working with Groups 19

Managing Cloud Resources 21

Managing Virtual Datacenters 21

Managing Organization vDC Networks 22

Managing Expired Items 34

Working in an Organization 35

Understanding Leases 35

Set Up an Organization 36

Review Your Organization Profile 38

Modify Your Email Settings 39

Modify Your Organization's Policies 39

Set Default Domain for Organization Virtual Machines 40

Enable Your Organization to Use an SAML Identity Provider 40

Manage Users and Groups in Your Organization 41

Manage Resources in Your Organization 41

Manage Virtual Machines in Your Organization 42

Viewing Organization Log Tasks and Events 42

VMware, Inc.

Working with Catalogs 45

Add a New Catalog 45

Access a Catalog 46

Publish a Catalog 46

Share A Catalog 47

Change the Owner of a Catalog 47

Delete a Catalog 48

Modify the Properties of Your Catalog 48

vCloud Director User's Guide

Understanding Catalogs and Their Contents 48

Working in Published Catalogs 49

Working with Media Files 51

Upload Media Files 51

Resume the Upload of a Media File 52

Copy Media Files to a Catalog 52

Move Media Files to Another Catalog 52

Delete Media Files 53

Modify Media File Properties 53

Working with vApp Templates 55

Open a vApp Template 55

Add a vApp Template to My Cloud 56

Download a vApp Template 56

Upload an OVF Package as a vApp Template 57

Resume the Upload of a vApp Template 57

Copy a vApp Template from a Public Catalog to an Organization Catalog 58

Copy a vApp Template Between an Organization's Catalogs 58

Move a vApp Template Between an Organization's Catalogs 59

Delete a vApp Template 59

Save a vApp as a vApp Template 59

Modify vApp Template Properties 60

Working with vApps 61

Create a vApp From a vApp Template 62

Create a New vApp 62

Import a Virtual Machine as a vApp 64

About the vApp Placement Engine 64

Copy a vApp 66

Start a vApp 66

Start a vApp with an Older Version of VMware Tools 66

Stop a vApp 67

Suspend a vApp 67

Discard the Suspended State of a vApp 67

Reset a vApp or Virtual Machine 68

View vApp Virtual Machines 68

Add a Virtual Machine to a vApp 68

Import a Virtual Machine to a vApp from vSphere 69

Remove Virtual Machines from a vApp 69

Set vApp Start and Stop Options 70

Working with Networks in a vApp 71

Editing vApp Properties 82

Display a vApp Diagram 84

Change the Owner of a vApp 84

Upgrade the Virtual Hardware Version for a vApp 85

Save vApp as a vApp Template to Your Catalog 85

Create a Snapshot of a vApp 86

4 VMware, Inc.

Revert a vApp to a Snapshot 86

Remove a Snapshot of a vApp 86

Copy a vApp to Another vDC 86

Move a vApp to Another vDC 87

Delete a vApp 87

Contents

Working with Virtual Machines 89

Open a Virtual Machine Console 90

Power On a Virtual Machine 90

Power Off a Virtual Machine 90

Reset a vApp or Virtual Machine 91

Suspend a Virtual Machine 91

Resume a Suspended Virtual Machine 91

Discard the Suspended State of a Virtual Machine 91

Insert a CD/DVD 92

Eject a CD/DVD 92

Insert a Floppy 92

Eject a Floppy 93

Upgrade the Virtual Hardware Version for a Virtual Machine 93

Connect Remotely to a Virtual Machine 93

Create a Snapshot of a Virtual Machine 94

Revert a Virtual Machine to a Snapshot 94

Remove a Snapshot of a Virtual Machine 94

Copy or Move a Virtual Machine to a vApp 94

Delete a Virtual Machine 95

Editing Virtual Machine Properties 95

Installing VMware Tools 101

Guest Operating Systems 112

Index 123

VMware, Inc. 5

vCloud Director User's Guide

6 VMware, Inc.

vCloud Director User's Guide

The VMware vCloud Director User's Guide provides information about managing organizations, catalogs, vApps, and virtual machines.

Intended Audience

This book is intended for anyone who wants to set up and configure organizations in VMware vCloud Director. The information in this book is written for non-system administrators, including organization administrators who will create and set up vApps, catalogs, and virtual machines.

VMware, Inc. 7

vCloud Director User's Guide

8 VMware, Inc.

Getting Started with vCloud Director 1

When you log in to the vCloud Director Web console, the Home tab provides access to your resources and links to common tasks.

You can also set your user preferences and view the product help.

This chapter includes the following topics:

“Understanding VMware vCloud Director,” on page 9

“Log In to the Web Console,” on page 10

“Using vCloud Director,” on page 10

“Set Mozilla Firefox Options,” on page 11

“Set Microsoft Internet Explorer Options,” on page 12

“Set User Preferences,” on page 13

“Change Your Password,” on page 14

Understanding VMware vCloud Director

VMware® vCloud Director provides role-based access to a Web console that allows the members of an organization to interact with the organization's resources to create and work with vApps and virtual machines.

Before you can access your organization, a vCloud Director system administrator must create the organization, assign it resources, and provide the URL to access the Web console. Each organization includes one or more organization administrators, who finishes setting up the organization by adding members and setting policies and preferences. After the organization is set up, non-administrator users can log in to create, use, and manage virtual machines and vApps.

Organizations

An organization is a unit of administration for a collection of users, groups, and computing resources. Users authenticate at the organization level, supplying credentials established by an organization administrator when the user was created or imported. System administrators create and provision organizations, while organization administrators manage organization users, groups, and catalogs.

Users and Groups

An organization can contain an arbitrary number of users and groups. Users can be created locally by the organization administrator or imported from a directory service such as LDAP. Groups must be imported from the directory service. Permissions within an organization are controlled through the assignment of rights and roles to users and groups.

VMware, Inc.

vCloud Director User's Guide

Virtual Datacenters

An organization virtual datacenter (vDC) provides resources to an organization. vDCs provide an environment where virtual systems can be stored, deployed, and operated. They also provide storage for virtual media, such as floppy disks and CD ROMs. An organization can have multiple vDCs.

Organization vDC Networks

An organization vDC network is contained within a vCloud Director organization vDC and is available to all the vApps in the organization. An organization vDC network allows vApps within an organization to communicate with each other. An organization vDC network can be connected to an external network or isolated and internal to the organization. Only system administrators can create organization vDC networks, but organization administrators can manage organization vDC networks, including the network services they provide.

vApp Networks

A vApp network is contained within a vApp and allows virtual machines in the vApp to communicate with each other. You can connect a vApp network to an organization vDC network to allow the vApp to communicate with other vApps in the organization and outside of the organization, if the organization vDC network is connected to an external network.

Catalogs

Organizations use catalogs to store vApp templates and media files. The members of an organization that have access to a catalog can use the catalog's vApp templates and media files to create their own vApps. Organizations administrators can copy items from public catalogs to their organization catalog.

Log In to the Web Console

Use the organization URL to log in to your organization and access the Web console.

Contact your organization administrator if you do not know the organization URL.

Procedure

1 In a browser, type the URL of your organization and press Enter.

For example, type https://cloud.example.com/cloud/org/myOrg.

2 Type your user name and password and click Login. .

What to do next

The Web console displays a list of the common tasks and resources available to you based on your role. An organization administrator can click the Set up this organization link on the Home tab to finish setting up a newly created organization. See “Set Up an Organization,” on page 36 for more information.

Using vCloud Director

When you log into vCloud Director, the first page you see is the Home page. The information that appears on this page are the most common tasks for your role.

Organization administrators see the Set up this organization link as their first task. They also see tasks under these headings.

Organizations and resources

Content

10 VMware, Inc.

Users & Groups

The vApps in your organization are displayed for easy access.

Catalog authors see links to these tasks.

Add Cloud Computer System

Build new vApp

Manage Catalogs

New Catalog

vApp authors see links to these tasks.

Add Cloud Computer System

Build new vApp

vApp users see links to these tasks.

Add Cloud Computer System

The vApps in your organization are displayed for easy access.

Console Access Only users have a read-only access to vCloud Director.

Chapter 1 Getting Started with vCloud Director

Set Mozilla Firefox Options

These options and settings help you display and use the vCloud Director Web console in Mozilla Firefox.

Prerequisites

You have the following.

At least Firefox 3.x

SSL 3.0 Encryption

TLS 1.0 Encryption

Procedure

1 In Firefox, select Tools > Options.

2 Click Content and select the JavaScript check box.

3 Click Privacy.

4 In the Firefox will: drop-down menu, select Use custom settings for history.

5 Select the Accept cookies from sites.

This selection also selects the Accept third-party cookies check box.

6 Click OK.

Bypass the Proxy in Mozilla Firefox

You can configure the Firefox proxy server to bypass certain Web addresses.

If all of these conditions exist, you can configure Firefox to bypass specific Web addresses.

The internal network is configured with a proxy server to access the external network.

The browser's proxy server connection has no local exceptions.

The proxy is not configured to look in the internal network after not finding or connecting to the target on the external network.

VMware, Inc. 11

vCloud Director User's Guide

The user looks for a target on the internal network using Firefox.

Procedure

1 Select an option.

Operating System Action

Windows

Linux

Tools > Options

Edit > Preferences

2 Click the Advanced button.

3 On the Network tab, click the Settings button.

4 Enter the IP of the cell or load balancer in the No Proxy for: field.

The specified Web addresses are bypassed by the Firefox proxy server.

Set Microsoft Internet Explorer Options

These options help you display and use the vCloud Director Web console in Microsoft Internet Explorer.

You have the following.

At least Internet Explorer 7.

SSL 3.0 Encryption

TLS 1.0 Encryption

Procedure

1 In Internet Explorer, select Tools > Internet Options.

2 Click the Security tab.

3 Select the Internet content zone for the vCloud Director server.

4 Click Custom Level and select Enable or Prompt for these options.

Download signed ActiveX controls

Run ActiveX controls and plug-ins

Allow META REFRESH

Active scripting of Microsoft web browser control

5 Click OK.

6 Click the Advanced tab.

7 If you are using Internet Explorer on Windows 2003, complete these tasks.

a Select Start > Settings > Control Panel.

b Select Add or Remove Programs.

c Click Add/Remove Windows Components.

d Disable Internet Explorer Enhanced Security Configuration.

12 VMware, Inc.

Chapter 1 Getting Started with vCloud Director

Bypass the Proxy in Internet Explorer

You can configure the Internet Explorer proxy server to bypass certain Web addresses.

If all of these conditions exist, you can configure Internet Explorer to bypass specific Web addresses.

The internal network is configured with a proxy server to access the external network.

The browser's proxy server connection has no local exceptions.

The proxy is not configured to look in the internal network after not finding or connecting to the target on the external network.

The user looks for a target on the internal network using Internet Explorer.

Procedure

1 Type the IP address of the cell or load balancer so that VMware Remote Console (VMRC) can bypass the

proxy setting.

2 Select Tools > Internet Options.

3 On the Connections tab, click LAN Settings in the bottom panel.

4 In the Proxy Server panel, click Advanced.

5 In the Exception panel, in the Do not use proxy server for addresses beginning with: text box, type the

IP address of the cell or load balancer.

If the configuration management vehicle supports the use of regular expressions, you must type the DNS name of the cell or load balancer.

6 Click OK.

The specified Web addresses are bypassed by the Internet Explorer proxy server.

Set User Preferences

You can set certain display and system alert preferences that take effect every time you log in to the system. You can also change the password for your system administrator account.

Procedure

1 In the title bar of the Web console, click Preferences.

2 Click the Defaults tab.

3 Select the page to display when you log in.

4 Select the number of days or hours before a runtime lease expires that you want to receive an email

notification.

5 Select the number of days or hours before a storage lease expires that you want to receive an email

notification.

6 Click the Change Password tab.

7 (Optional) Type your current password and type your new password twice.

8 Click OK.

VMware, Inc. 13

vCloud Director User's Guide

Change Your Password

If you have a local user account, you can change your password.

Procedure

1 Log in to your organization.

2 In the title bar of the Web console, click Preferences.

3 On the Change Password tab, type your current password, type your new password, and retype your

new password.

4 Click OK.

vCloud Director logs you out.

What to do next

14 VMware, Inc.

Managing Users and Groups 2

An organization administrator is the only one who can add users and groups to an organization. The organization administrator assigns each user or group a role within the organization. Your role controls what you can see and do in vCloud Director.

An organization administrator can create local user accounts within an organization or import users and groups from an LDAP server. Contact your system administrator to set up an LDAP connection.

These default roles exist in vCloud Director.

Organization Administrator

Catalog Author

vApp Author

vApp User

Console Access Only

Contact your system administrator to create custom roles.

This chapter includes the following topics:

“Managing Users,” on page 15

“Working with Groups,” on page 19

Managing Users

The Users page displays a list of users for your organization. You can see whether the users are active, their role, and whether they are local or LDAP.

As an organization administrator, you can complete these operations.

Add a new user

Import users from LDAP

Administers the organization

Creates and publishes new catalogs

Creates vApps and uses catalogs

Uses vApps created by others

Uses virtual machine guest operating systems and shows virtual machine state and properties

VMware, Inc.

Send email notifications

Deactivate a user

Modify a user's properties

Delete a user

vCloud Director User's Guide

Add a Local User

Adding local users allows organization administrators to provide access to users who do not exist on an LDAP server. You can also add local users if you do not plan to use an LDAP server.

Procedure

1 Click Administration.

2 In the left pane, select Members > Users.

3 Click the New User button.

4 Type the user name and password.

5 Select a role.

To create a custom role, contact your system administrator.

6 (Optional) Type the contact information.

7 Select the stored and running virtual machine quota limits for this user.

8 Click OK.

The new user appears on the Users page.

Import an LDAP User

Organization administrators can import users from an LDAP server.

Prerequisites

Verify that the LDAP settings for the organization are set up and working. Contact a system administrator to configure LDAP settings for your organization.

Procedure

1 Click Administration.

2 In the left pane, select Members > Users.

3 Click the Import Users button.

4 Select a Source to import users from.

If your organization has only an LDAP server or SAML provider configured, the source is read-only.

Option Description

LDAP

SAML

5 Click OK.

Import users from an LDAP server.

a Type a full or partial name in the text box and click Search Users.

b Select the users to import and click Add.

Import users from your organization's SAML provider. Type the user names of the users to import and click Add. Separate multiple users with carriage returns.

vCloud Director imports the selected user from your LDAP server to your organization.

16 VMware, Inc.

Chapter 2 Managing Users and Groups

Edit a User

An organization administrator can edit local user properties such as the password, role, contact information, and quotas. For LDAP users, you can only edit their role and quotas.

Procedure

1 Click Administration.

2 In the left pane, select Members > Users.

3 Select a user, right-click, and click Properties.

4 Modify the necessary properties and click OK.

Delete a User

If a user leaves the company or moves to another organization, an organization administrator can delete a user from the organization.

Procedure

1 Click Administration.

2 In the left pane, select Members > Users .

3 Select a user, right-click, and select Disable Account.

4 Reselect this user, right-click, and select Delete.

5 Click OK .

The user is deleted from your organization.

Send User Notifications

An organization administrator can send an email notification to users to notify them of events or issues in the organization.

Procedure

1 Click Administration.

2 In the left pane, select Members > Users.

3 Click the Notify button.

If you select a user and then click this button, the user's name appears as the recipient.

4 Select the recipients and type a subject.

5 Type the message.

6 Click Send Email.

The notification is sent to the selected recipients.

VMware, Inc. 17

vCloud Director User's Guide

Delete Users in Lost and Found

If a user in your organization is removed from a group, if their group is disabled/removed in LDAP, or if the user is deleted/disabled in LDAP, the user appears on the Lost & Found page. An organization administrator can delete the user from the system and assume ownership of the user's objects (for example vApps and vApp templates).

Procedure

1 Click Administration.

2 In the left pane, select Members > Lost & Found.

3 Right-click a user in the list and click Delete.

4 Click OK.

vCloud Director transfers ownership of the user's objects to you unless you deselect the Transfer user's objects to me check box.

Disable or Enable User Accounts

An organization administrator can disable a user account to log the user out of the Web console and prevent the user from logging in again. You can enable a user to allow them to log in.

Procedure

1 Click Administration.

2 In the left pane, select Members > Users.

3 Select a user, right-click, and select Disable Account or Enable Account.

Disable user accounts have a red circle in the Enabled column and enabled user accounts have a green check mark.

What to do next

After you disable a user's account, you can delete that user. See “Delete a User,” on page 17

View and Change a User's Role

An organization administrator assigns a role when adding a user to the organization. The organization administrator can change the user's role later to give the user more rights or fewer rights.

Procedure

1 Click Administration.

2 In the left pane, select Members > Users.

3 Select a user, right-click, and select Properties.

4 In the User role in organization: drop-down menu, select a new role for the user.

The definition of each role appears as a tool tip.

5 Click OK.

18 VMware, Inc.

Working with Groups

On the Groups page, you can review the list of groups in your organization.

You can see group names and their assigned roles. As an organization administrator, you can import groups into your organization, delete groups from your organization, and modify the role of a group.

Import a Group

An organization administrator can import LDAP groups or groups from an SAML identity provider to an organization.

Contact a system administrator to configure LDAP settings for your organization.

Prerequisites

The LDAP settings for the organization must be set up and working or you must have the organization configured to use an SAML identity server.

Procedure

1 Click Administration.

2 In the left pane, select Members > Groups.

Chapter 2 Managing Users and Groups

3 Click the Import Groups button.

4 Select the Source to import from.

If your organization has only an LDAP server or SAML provider configured, the source is read-only.

Option Description

LDAP

SAML

Import groups from an LDAP server.

a Type a full or partial name in the text box and click Search Groups.

b Select the groups to import and click Add.

Import groups from an SAML provider. Type the group name or names and click Add. Separate multiple groups with carriage returns.

5 Select a role for the group.

All the users in the group assigned this role.

6 Click OK.

The group is imported in your organization.

Delete a Group

An organization administrator can delete a group to remove it from the organization.

Deleting a group from an organization affects users who are members of the organization based solely on their membership in the deleted group. These users will not be able to log in to the organization. When you delete a group from an organization the group still exists in LDAP.

Procedure

1 Click Administration.

2 In the left pane, select Members > Groups.

3 Select a group, right-click, and select Delete.

VMware, Inc. 19

vCloud Director User's Guide

4 Click Yes.

Modify the Role of a Group

An organization administrator can review and modify the role assigned to a group in your organization.

Procedure

1 Click Administration.

2 In the left pane, select Members > Groups.

3 Select a group, right-click, and select Properties.

4 Select another role for this group.

5 Click OK.

The new role for this group appears in the Groups page.

20 VMware, Inc.

Managing Cloud Resources 3

A vCloud Director system administrator creates and assigns virtual datacenters and networks to an organization. An organization administrator can view information about these resources and perform a limited set of management tasks. Contact your system administrator if you need more organization virtual datacenters or organization vDC networks..

This chapter includes the following topics:

“Managing Virtual Datacenters,” on page 21

“Managing Organization vDC Networks,” on page 22

“Managing Expired Items,” on page 34

Managing Virtual Datacenters

Virtual datacenters (vDCs) provide processor, memory, and storage resources to your organization. They are assigned to your organization by your system administrator. An organization can have multiple vDCs.

Display Virtual Datacenters

When you display the vDCs in your organization, you can monitor the resources, users, and policy settings that you manage.

You are an organization administrator.

Procedure

1 Click Administration.

2 In the left pane, select Cloud Resources > Virtual Datacenters.

A list of vDCs in your organization appears in the right pane.

3 For details about a vDC, right-click, and select Open.

The vApps, vApp templates, media, and networks attached to this vDC are displayed. When you click through each tab, you can right click on an object to see the operations you can complete.

Review Virtual Datacenter Properties

You can review the properties of the vDCs that are assigned to your organization.

Procedure

1 Click Administration.

2 Select Cloud Resources > Virtual Datacenters.

VMware, Inc.

vCloud Director User's Guide

3 Select a vDC, right-click, and select Properties.

4 Review the properties and click OK.

What to do next

To modify your organizational vDCs, contact your system administrator.

Monitor Your Virtual Datacenter

You can monitor the vDC assigned to your organization and determine when to request additional capacity.

You are an organization administrator.

Procedure

1 Click Administration.

2 Select Cloud Resources > Virtual Datacenters.

3 Click the Monitor button.

Details about the processor, memory, storage, and allocation model appear.

What to do next

Contact your system administrator for more capacity.

Manage Your Virtual Datacenters

You can review information such as the status, allocation model, and the number of vApps in a vDC in your organization.

You are an organization administrator

Procedure

1 Click Administration.

2 In the left pane, select Cloud Resources > Virtual Datacenters.

3 Click the Manage button.

4 Review the information.

What to do next

You can open the vDC to see the objects in it, notify users about issues or changes, or review the vDCs properties. Contact your system administrator to make changes to your vDC.

Managing Organization vDC Networks

Organization vDC networks are created and assigned to your organization vDC by a system administrator. An organization administrator can view information about networks, configure network services, and more.

You can use direct, routed, or internal organization vDC networks.

22 VMware, Inc.

Table 3-1. Types of Organization vDC Networks

Organization vDC Network Type Description

Chapter 3 Managing Cloud Resources

Direct Accessible by multiple organizations. Virtual machines belonging to different

Routed Accessible only by this organization. Only virtual machines in this organization

Internal Accessible only by this organization. Only virtual machines in this organization

organizations can connect to and see traffic on this network.

This network provides direct layer 2 connectivity to virtual machines outside of the organization. Virtual machines outside of this organization can connect to virtual machines in the organization directly.

can connect to this network.

This network also provides controlled access to an external network. System administrators and organization administrators can configure network address translation (NAT), firewall, and VPN settings to make specific virtual machines accessible from the external network.

can connect to and see traffic on this network.

This network provides an organization with an isolated, private network that multiple vApps can connect to. This network provides no connectivity to machines outside this organization. Machines outside of this organization have no connectivity to machines in the organization.

Configuring Oganization vDC Network Services

An organization administrator can configure services, such as DHCP, firewalls, network address translation (NAT), VPN, and static routing for certain organization vDC networks.

The network services available depend on the type of organization vDC network.

Table 3-2. Network Services Available by Network Type

Organization vDC Network Type DHCP Firewall NAT VPN Static Routing

Direct

Routed X X X X X

Internal X

Configure DHCP for an Organization vDC Network

Organization administrators can configure certain organization vDC networks to provide DHCP services to virtual machines in the organization.

When you power on a virtual machine with the following configuration, vCloud Director assigns a DHCP IP address to that virtual machine.

A NIC connected to an organization vDC network that has DHCP enabled.

The IP mode for the connected NIC set to DHCP.

Prerequisites

Verify that you have a routed organization vDC network or an internal organization vDC network.

Procedure

1 Click Administration and select the organization vDC.

2 Click the Org vDC Networks tab, right-click the organization vDC network name and select Configure

Services.

3 Select Enable DHCP.

VMware, Inc. 23

vCloud Director User's Guide

4 Type a range of IP addresses or use the default range.

vCloud Director uses these addresses to satisfy DHCP requests. The range of DHCP IP addresses cannot overlap with the static IP pool for the organization vDC network.

5 Set the default lease time and maximum lease time or use the default values.

6 Click OK.

vCloud Director updates the network to provide DHCP services.

Configure the Firewall for an Organization vDC Network

An organization administrator can configure certain organization vDC networks to provide firewall services. Enable the firewall on an organization vDC network to enforce firewall rules on incoming traffic, outgoing traffic, or both.

When you enable the firewall, you can specify a default firewall action to deny all incoming and outgoing traffic or to allow all incoming and outgoing traffic. You can also add specific firewall rules to allow or deny traffic that matches the rules to pass through the firewall. These rules take precedence over the default firewall action. See “Add a Firewall Rule to an Organization vDC Network,” on page 24.

If a system administrator specified syslog server settings and those settings were applied to the organization vDC network, then you can log events related to the default firewall action. For information about applying syslog server settings, see “Apply Syslog Server Settings to an Organization vDC Network,” on page 33. To view the current syslog server settings see “View Syslog Server Settings for an Organization vDC Network,” on page 33.

Prerequisites

Verify that a routed organization vDC network is in place.

Procedure

1 Click Administration and select the organization vDC.

2 Click the Org vDC Networks tab, right-click the organization vDC network name, and select Configure

Services.

3 Click the Firewall tab and select Enable firewall to enable firewall services, or deselect it to disable firewall

services.

4 Select the default firewall action.

Option Description

Deny

Allow

Blocks all traffic except when overridden by a firewall rule.

Allows all traffic except when overridden by a firewall rule.

5 (Optional) Select the Log check box to log events related to the default firewall action.

6 Click OK.

Add a Firewall Rule to an Organization vDC Network

An organization administrator can add firewall rules to an organization vDC network that supports a firewall. You can create rules to allow or deny traffic that matches the rules to pass through the firewall.

When you add a new firewall rule to an organization vDC network, it appears at the bottom of the firewall rule list. For information about how to set the order in which firewall rules are enforced, see “Reorder Firewall

Rules for an Organization vDC Network,” on page 26.

24 VMware, Inc.

Chapter 3 Managing Cloud Resources

If a system administrator specified syslog server settings and those settings have been applied to the organization vDC network, then you can log firewall rule events. For information about applying syslog server settings, see “Apply Syslog Server Settings to an Organization vDC Network,” on page 33. To view the current syslog server settings see “View Syslog Server Settings for an Organization vDC Network,” on page 33.

Prerequisites

Verify that you have a routed organization vDC network and enable the firewall for the organization vDC network. See “Configure the Firewall for an Organization vDC Network,” on page 24

Procedure

1 Click Administration and select the organization vDC.

2 On the Org vDC Networks tab, right-click the organization vDC network name and select Configure

Services.

3 Click the Firewall tab and click Add.

4 Type a name for the rule.

5 (Optional) Select Match rule on translated IP to have the rule check against translated IP addresses rather

than original IP addresses and choose a traffic direction to apply this rule on.

6 Type the traffic Source.

Option Description

IP address

Range of IP addresses

CIDR

internal

external

any

Type a source IP address to apply this rule on.

Type a range of source IP addresses to apply this rule on.

Type the CIDR notation of traffic to apply this rule on.

Apply this rule to all internal traffic.

Apply this rule to all external traffic.

Apply this rule to traffic from any source.

7 Select a Source port to apply this rule on from the drop-down menu.

8 Type the traffic Destination.

Option Description

IP address

Range of IP addresses

CIDR

internal

external

any

Type a destination IP address to apply this rule on.

Type a range of destination IP addresses to apply this rule on.

Type the CIDR notation of traffic to apply this rule on.

Apply this rule to all internal traffic.

Apply this rule to all external traffic.

Apply this rule to traffic with any destination.

9 Select the Destination port to apply this rule on from the drop-down menu.

10 Select the Protocol to apply this rule on from the drop-down menu.

11 Select the action.

A firewall rule can allow or deny traffic that matches the rule.

12 Select the Enabled check box.

13 (Optional) Select the Log network traffic for firewall rule check box.

If you enable this option, vCloud Director sends log events to the syslog server for connections affected by this rule. Each syslog message includes logical network and organization UUIDs.

VMware, Inc. 25

vCloud Director User's Guide

14 Click OK and click OK again.

Reorder Firewall Rules for an Organization vDC Network

Firewall rules are enforced in the order in which they appear in the firewall list. An organization administrator can change the order of the rules in the list.

When you add a firewall rule to an organization vDC network, the new rule appears at the bottom of the firewall rule list. To enforce the new rule before an existing rule, reorder the rules.

Prerequisites

Verify that a routed organization vDC network with two or more firewall rules is in place.

Procedure

1 Click Administration and select the organization vDC.

2 Click the Org vDC Networks tab, right-click the organization vDC network name, and select Configure

Services.

3 Click the Firewall tab.

4 Drag the firewall rules to establish the order in which the rules are applied.

5 Click OK.

Enable VPN for an Organization vDC Network

An organization administrator can enable VPN for an organization vDC network, then create a secure tunnel to another network.

vCloud Director supports VPN between organization vDC networks in the same organization and remote networks.

Prerequisites

Verify that the following items are in place.

A routed organization vDC network.

vShield Manager 5.1.

Procedure

1 Click Administration and select the organization vDC.

2 Click the Org vDC Networks tab, right-click the organization vDC network name, and select Configure

Services.

3 Click the VPN tab and select Enable VPN.

4 (Optional) Type a public IP address.

5 Click OK.

What to do next

Create a VPN tunnel to another network.

26 VMware, Inc.

Chapter 3 Managing Cloud Resources

Create a VPN Tunnel In an Organization

An organization administrator can create a VPN tunnel between two organizations vDC networks in the same organization.

If the tunnel endpoints have a firewall between them, configure the firewall to allow the following IP protocols and UDP ports:

IP Protocol ID 50 (ESP)

IP Protocol ID 51 (AH)

UDP Port 500 (IKE)

UDP Port 4500

Prerequisites

Verify that the following items are in place.

At least two routed organization vDC networks with nonoverlapping IP subnets and VPN enabled on both networks.

vShield Manager 5.1.

Procedure

1 Click Administration and select the organization vDC.

2 Click the Org vDC Networks tab, right-click the organization vDC network name, and select Configure

Services.

3 Click the VPN tab and click Add.

4 Type a name and optional description.

5 Select a network in this organization from the drop-down menu and select a peer network.

6 Review the tunnel settings and click OK.

vCloud Director configures both peer network endpoints.

Create a VPN Tunnel Between Organizations

An organization administrator can create a VPN tunnel between two organization vDC networks in different organizations. The organizations can be part of the same vCloud Director installation or a different installation.

If the tunnel endpoints have a firewall between them, you must configure it to allow the following IP protocols and UDP ports:

IP Protocol ID 50 (ESP)

IP Protocol ID 51 (AH)

UDP Port 500 (IKE)

UDP Port 4500

Prerequisites

A routed organization vDC network in each of the organizations. The organization vDC networks must have nonoverlapping IP subnets and site-to-site VPN enabled.

vShield Manager 5.1.

VMware, Inc. 27

vCloud Director User's Guide

Procedure

1 Click Administration and select the organization vDC.

2 Click the Org vDC Networks tab, right-click the organization vDC network name, and select Configure

Services.

3 Click the VPN tab and click Add.

4 Type a name and optional description.

5 Select a network in another organization from the drop-down menu.

6 Click Connect to another organization, type the login information for the peer organization, and click

Continue.

Option Description

vCloud URL

Organization

Username

Password

7 Select a peer network.

Base URL of the vCloud instance that contains the peer organization. For example, https://www.example.com. Do not include /cloud or /cloud/org/

Organization name that is used as the unique identifier in the organization URL. For example, if the organization URL is https://www.example.com/cloud/org/myOrg, type myOrg.

User name of an organization administrator or system administrator that has access to the organization.

Password associated with the user name.

orgname

in the URL.

8 Review the tunnel settings and click Connect.

vCloud Director configures both peer network endpoints.

Create a VPN Tunnel to a Remote Network

An organization administrator can create a VPN tunnel between an organization vDC network and a remote network.

If the tunnel endpoints have a firewall between them, configure it to allow the following IP protocols and UDP ports:

IP Protocol ID 50 (ESP)

IP Protocol ID 51 (AH)

UDP Port 500 (IKE)

UDP Port 4500

Prerequisites

Verify that the following items are in place.

A routed organization vDC network and a routed remote network that uses IPSec.

vShield Manager 5.1.

Procedure

1 Click Administration and select the organization vDC.

2 Select Cloud Resources > Networks.

3 Click the Organization vDC Network tab, right-click the organization vDC network name, and select

Configure Services.

28 VMware, Inc.

Chapter 3 Managing Cloud Resources

4 Click the VPN tab and click Add.

5 Type a name and optional description.

6 Select a remote network from the drop-down menu.

7 Type the peer settings.

8 Review the tunnel settings and click OK.

vCloud Director configures the organization peer network endpoint.

What to do next

Manually configure the remote peer network endpoint.

Enable Static Routing for an Organization vDC Network

An organization administrator can configure certain organization vDC networks to provide static routing services. After you enable static routing on an organization vDC network, you can add static routes to allow traffic between different vApp networks routed to the organization vDC network.

Prerequisites

Verify that a routed organization vDC network is in place.

Procedure

1 Click Administration.

2 Select Cloud Resources > Networks.

3 Right-click the organization vDC network name and select Configure Services.

4 On the Static Routing tab, select Enable static routing and click OK.

What to do next

Create static routes.

Add Static Routes Between vApp Networks Routed to the Same Organization vDC Network

An organization administrator can add static routes between two vApp networks that are routed to the same organization vDC network. Static routes allow traffic between the networks.

You cannot add static routes between overlapping networks or fenced vApps. After you add a static route to an organization vDC network, configure the network firewall rules to allow traffic on the static route. For vApps with static routes, select the Always use assigned IP addresses until this vApp or associated networks are deleted check box.

Static routes only function when the vApps included in the routes are running. If you change the parent network of a vApp, delete a vApp, or delete a vApp network, and the vApp includes static routes, those routes cannot function and you must remove them manually.

Prerequisites

Verify that the following conditions are met.

vShield Manager 5.1 is installed.

A routed organization vDC network is in place.

Static routing is enabled on the organization vDC network.

Two vApp networks are routed to the organization vDC network.

VMware, Inc. 29

vCloud Director User's Guide

The vApp networks are in vApps that were started at least once.

Procedure

1 Click Administration.

2 Select Cloud Resources > Networks.

3 Right-click the organization vDC network name and select Configure Services.

4 Click the Static Routing tab and click Add.

5 Type a name, network address, and next hop IP address.

The network address is for the first vApp network to which you want to add a static route. The next hop IP address is the external IP address of that vApp network's router.

6 Select Within this network, and click OK.

7 Click OK.

8 Repeat Step 4 through Step 7 to add a route to the second vApp network.

Example: Static Routing Example

vApp Network 1 and vApp Network 2 are both routed to Org Network Shared. You can create static routes on the organization vDC network to allow traffic between the vApp networks. You can use information about the vApp networks to create the static routes.

Table 3-3. Network Information

Network Name Network Specification Router External IP Address

vApp Network 1 192.168.1.0/24 192.168.0.100

vApp Network 2 192.168.2.0/24 192.168.0.101

Org Network Shared 192.168.0.0/24 NA

On Org Network Shared, create a static route to vApp Network 1 and another static route to vApp Network

Table 3-4. Static Routing Settings

Static Route to Network Route Name Network Next Hop IP Address Route

vApp Network 1 tovapp1 192.168.1.0/24 192.168.0.100 In this network

vApp Network 2 tovapp2 192.168.2.0/24 192.168.0.101 In this network

What to do next

Create firewall rules to allow traffic on the static routes.

Add Static Routes Between vApp Networks Routed to Different Organization vDC Networks

An organization administrator can add static routes between two vApp networks that are routed to different organization vDC networks. Static routes allow traffic between the networks.

30 VMware, Inc.

Chapter 3 Managing Cloud Resources

Prerequisites

Verify that you have the following items:

vShield Manager 5.1.

Two organization vDC networks routed to the same external network.

Static routing is enabled on both organization vDC networks.

A vApp network is routed to each organization vDC network.

The vApp networks are in vApps that were started at least once.

Procedure

1 Click Administration and select the organization vDC.

2 Click the Org vDC Networks tab, right-click the organization vDC network name, and select Configure

Services.

3 Click the Static Routing tab and click Add.

4 Type a name, network address, and next hop IP address.

The network address is for the vApp network to which you want to add a static route. The next hop IP address is the external IP address of the router for the organization vDC network to which that vApp network is routed.

5 Select To external network and click OK.

6 Click Add.

7 Type a name, network address, and next hop IP address.

The network address is for the vApp network that is routed to this organization vDC network. The next hop IP address is the external IP address of the router for that vApp network.

8 Select Within this network and click OK.

9 Repeat Step 2 through Step 8 to add static routes to the second organization vDC network.

Example: Static Routing Example

vApp Network 1 is routed to Org vDC Network 1. vApp Network 2 is routed to Org vDC Network 2. You can create static routes on the organization vDC networks to allow traffic between the vApp networks. You can use information about the vApp networks and organization vDC networks to create the static routes.

Table 3-5. Network Information

Network Name Network Specification Router External IP Address

vApp Network 1 192.168.1.0/24 192.168.0.100

vApp Network 2 192.168.11.0/24 192.168.10.100

Org vDC Network 1 192.168.0.0/24 10.112.205.101

Org vDC Network 2 192.168.10.0/24 10.112.205.100

On Org vDC Network 1, create a static route to vApp Network 2 and another static route to vApp Network 1. On Org vDC Network 2, create a static route to vApp Network 1 and another static route to vApp Network 2.

VMware, Inc. 31

vCloud Director User's Guide

Table 3-6. Static Routing Settings for Org vDC Network 1

Static Route to Network Route Name Network Next Hop IP Address Route

vApp Network 2 tovapp2 192.168.11.0/24 10.112.205.100 To external network

vApp Network 1 tovapp1 192.168.1.0/24 192.168.0.100 Within this network

Table 3-7. Static Routing Settings for Org vDC Network 2

Static Route to Network Route Name Network Next Hop IP Address Route

vApp Network 1 tovapp1 192.168.1.0/24 10.112.205.101 To external network

vApp Network 2 tovapp2 192.168.11.0/24 192.168.10.100 Within this network

What to do next

Create firewall rules to allow traffic on the static routes.

Reset an Organization vDC Network

If the network services, such as DHCP settings, firewall settings, and so on, that are associated with an organization vDC network are not working as expected, reset the network.

No network services are available while an organization vDC network resets.

Prerequisites

Verify that you have an external NAT-routed organization vDC network or an internal organization network.

Verify that you have organization administrator privileges.

Procedure

1 Click Administration and select the organization vDC.

2 Right-click an organization vDC network, and select Reset Network.

3 Click Yes.

View IP Use for an Organization vDC Network

You can view a list of the IP addresses from an organization vDC network IP pool that are currently in use.

Prerequisites

Verify that you are an organization administrator.

Procedure

1 Click Administration and select the organization vDC.

2 Right-clicki an organization vDC network, and select IP Allocations.

Add IP Addresses to an Organization vDC Network IP Pool

If an organization vDC network is running out of IP addresses, you can add more addresses to its IP pool.

You are an organization administrator.

You cannot add IP addresses to external organization vDC networks that have a direct connection.

32 VMware, Inc.

Chapter 3 Managing Cloud Resources

Procedure

1 Click Administration and select the organization vDC.

2 Right-click an organization vDC network and select Properties.

3 On the Network Specification tab, type an IP address or a range of IP addresses in the text box and click

Add.

4 Click OK.

View vApps and vApp Templates That Use an Organization vDC Network

You can view a list of the all the vApps and vApp templates that include virtual machines with a NIC connected to an organization vDC network.

Prerequisites

Verify that you are an organization administrator.

Procedure

1 Click Administration and select the organization vDC.

2 Right-click an organization vDC network and select Connected vApps.

3 Click OK.

View Syslog Server Settings for an Organization vDC Network

You can view the syslog server settings for a routed organization vDC network.

vCloud Director supports logging events related to firewall rules to a syslog server specified by a system administrator.

If an organization vDC network does not have any syslog server settings and you think it should, or if the settings are not what you expected, then you can synchronize the network with the current syslog server settings. See “Apply Syslog Server Settings to an Organization vDC Network,” on page 33. If a problem still exists after you synchronize, contact your system administrator.

Prerequisites

Verify that an external NAT-routed organization vDC network exists.

Verify that you are an organization administrator.

Procedure

1 Click Administration and select the organization vDC.

2 Click the Org vDC Networks tab, right-click the organization vDC network name, and select Properties.

3 Click the Syslog Server Settings tab.

Apply Syslog Server Settings to an Organization vDC Network

You apply syslog server settings to a routed organization vDC network to enable firewall rule logging.

Only a system administrator can specify syslog server settings. Apply those settings to any organization vDC network that was created before the system administrator specified them. Also, apply the syslog server settings to an organization vDC network whenever a system administrator changes the settings.

VMware, Inc. 33

vCloud Director User's Guide

Prerequisites

Verify that an external NAT-routed organization vDC network is in place.

You are an organization administrator.

Procedure

1 Click Administration and select the organization vDC.

2 Click the Org vDC Networks tab, right-click the organization vDC network name, and select Synchronize

syslog server settings.

3 Click Yes.

Managing Expired Items

When vApps or vApp templates expire, you can determine whether you want to renew or delete them.

Manage Expired vApps

You can display a list of expired vApps, delete them, or restore them to your organization.

You are an organization administrator.

The organization policy for what to do when a vApp storage lease expires is set to Move to Expired Items. See

“Configure Organization Lease, Quota, and Limit Settings,” on page 38.

Procedure

1 Select My Cloud > Expired Items.

2 On the Expired vApps tab, review the list of expired vApps.

3 Right-click a vApp and select Delete or Renew and click Yes.

If you selected Delete, the vApp is deleted from the list. If you selected Renew, the restored vApp appears on the vApps page.

Manage Expired vApp Templates

You can display a list of expired vApp templates and delete them or restore them to your organization.

You are an organization administrator.

The organization policy for what to do when a vApp template storage lease expires is set to Move to Expired Items. See “Configure Organization Lease, Quota, and Limit Settings,” on page 38.

Procedure

1 Select My Cloud > Expired Items.

2 Click the Expired vApp Templates tab.

3 Right-click on a vApp template, select Delete or Renew, and click Yes.

If you selected Delete, the vApp template is deleted from the list. If you selected Renew, the vApp template is restored to its catalog.

34 VMware, Inc.

Working in an Organization 4

Most operations in vCloud Director occur in an organization. The system administrator creates the organization and assigns an organization administrator to it.

The system administrator emails the URL of the organization to the organization administrator, who can log in to the organization and set it up. In the Home page the organization administrator clicks the Set up the Organization link to assign resources and manage a variety of operations on the organization.

This chapter includes the following topics:

“Understanding Leases,” on page 35

“Set Up an Organization,” on page 36

“Review Your Organization Profile,” on page 38

“Modify Your Email Settings,” on page 39

“Modify Your Organization's Policies,” on page 39

“Set Default Domain for Organization Virtual Machines,” on page 40

“Enable Your Organization to Use an SAML Identity Provider,” on page 40

“Manage Users and Groups in Your Organization,” on page 41

“Manage Resources in Your Organization,” on page 41

“Manage Virtual Machines in Your Organization,” on page 42

“Viewing Organization Log Tasks and Events,” on page 42

Understanding Leases

Creating an organization involves specifying leases. Leases provide a level of control over an organization's storage and compute resources by specifying the maximum amount of time that vApps can be running and that vApps and vApp templates can be stored.

The goal of a runtime lease is to prevent inactive vApps from consuming compute resources. For example, if a user starts a vApp and goes on vacation without stopping it, the vApp continues to consume resources.

A runtime lease begins when a user starts a vApp. When a runtime lease expires, vCloud Director stops the vApp.

The goal of a storage lease is to prevent unused vApps and vApp templates from consuming storage resources. A vApp storage lease begins when a user stops the vApp. Storage leases do not affect running vApps. A vApp template storage lease begins when a user adds the vApp template to a vApp, adds the vApp template to a workspace, downloads, copies, or moves the vApp template.

VMware, Inc.

vCloud Director User's Guide

When a storage lease expires, vCloud Director marks the vApp or vApp template as expired, or deletes the vApp or vApp template, depending on the organization policy you set.

For more information about specifying lease settings, see “Configure Organization Lease, Quota, and Limit

Settings,” on page 38.

Users can configure email notification to receive a message before a runtime or storage lease expires. See “Set

User Preferences,” on page 13 for information about lease expiration preferences.

Set Up an Organization

After you receive the URL of your organization from the system administrator, you must set it up. On the vCloud Director Home page, click Set up this organization.

You are an organization administrator.

Procedure

1 Change the Organization Full Name on page 36

You can change the full name of an organization. This name appears in the Cloud Director application header when users log in.

2 Import Users and Groups on page 37

You can add users and groups from an LDAP or SAML server to the organization and assign them a role within the organization.

3 Add Local Users to the Organization on page 37

Every organization should have at least one local organization administrator account, so that users can log in even if the LDAP and SAML services are unavailable.

4 Configure Email Preferences on page 37

vCloud Director requires an SMTP server to send user notification and system alert emails. An organization can use the system email settings or use its own email settings.

5 Configure Organization Lease, Quota, and Limit Settings on page 38

Leases, quotas, and limits constrain the ability of organization users to consume storage and processing resources. Use these settings to prevent users from depleting or monopolizing an organization's resources.

Change the Organization Full Name

You can change the full name of an organization. This name appears in the Cloud Director application header when users log in.

You are an organization administrator.

Procedure

1 On Name this Organization page, in the Organization full name, type the new full name.

2 (Optional) Type a description of the organization.

3 Click Next.

36 VMware, Inc.

Chapter 4 Working in an Organization

Import Users and Groups

You can add users and groups from an LDAP or SAML server to the organization and assign them a role within the organization.

Prerequisites

Verify that your organization has a valid connection to an LDAP or SAML server.

Procedure

1 Click Import.

2 Select the type of server to import from.

3 Type a full or partial name of a user or group and click Search.

4 Select the users or groups to import and click Add.

5 Select a role for the users and groups and click OK.

6 Click Next.

Add Local Users to the Organization

Every organization should have at least one local organization administrator account, so that users can log in even if the LDAP and SAML services are unavailable.

Procedure

1 Click Add.

2 Type a user name and password.

3 Assign a role to the user.

4 (Optional) Type the contact information for the user.

5 Select Unlimited or type a user quota for stored and running virtual machines and click OK.

These quotas limit the user's ability to consume storage and compute resources in the organization.

6 Click Next.

Configure Email Preferences

vCloud Director requires an SMTP server to send user notification and system alert emails. An organization can use the system email settings or use its own email settings.

Procedure

1 Select an SMTP server option.

Option Description

Use system default SMTP server

Set organization SMTP server

The organization uses the system SMTP server.

The organization uses its own SMTP server. Type the DNS host name or IP address and port number of the SMTP server. (Optional) Select the Requires authentication check box and type a user name and password.

VMware, Inc. 37

vCloud Director User's Guide

2 Select a notification settings option.

Option Description

Use system default notification settings

Set organization notification settings

The organization uses the system notification settings.

The organization uses its own notification settings. Type an email address that appears as the sender for organization emails, type text to use as the subject prefix for organization emails, and select the recipients for organization emails.

3 (Optional) Type a destination email address and click Test Email Settings to verify that all SMTP server

settings are configured as expected.

4 Click Next.

Configure Organization Lease, Quota, and Limit Settings

For more information about leases, see “Understanding Leases,” on page 35.

Procedure

1 Select the lease options for vApps and vApp templates.

Leases provide a level of control over an organization's storage and compute resources by specifying the maximum amount of time that vApps can run and that vApps and vApp templates can be stored. You can also specify what happens to vApps and vApp templates when their storage lease expires.

2 Select the quotas for running and stored virtual machines.

Quotas determine how many virtual machines each user in the organization can store and power on in the organization's virtual datacenters. The quotas that you specify act as the default for all new users added to the organization.

3 Select the limits for resource intensive operations.

Certain vCloud Director operations, for example copy and move, are more resource intensive than others. Limits prevent resource intensive operations from affecting all the users in an organization and also provide a defense against denial-of-service attacks.

4 Select the number of simultaneous VMware Remote Console connections for each virtual machine.

You might want to limit the number of simultaneous connections for performance or security reasons.

NOTE This setting does not affect Virtual Network Computing (VNC) or Remote Desktop Protocol (RDP) connections.

5 (Optional) Select the Account lockout enabled check box, select the number of invalid logins to accept

before locking a user account, and select the lockout interval.

6 Click Next.

Review Your Organization Profile

You can review and modify some of the information in your organization's profile

You are an organization administrator.

Procedure

1 Click Administration.

38 VMware, Inc.

2 In the left pane, select Settings > General.

3 You can complete these operations.

Review your organization's default URL.

Modify your organization's full name.

Type a description.

4 Click Apply.

Modify Your Email Settings

You can review and modify the default email settings that were set when the system administrator created your organization.

You are an organization administrator.

Procedure

1 Click Administration.

2 In the left pane, select Settings > Email.

3 Select an SMTP server option.

Chapter 4 Working in an Organization

Option Description

Use system default SMTP server

Set organization SMTP server

The organization uses the system SMTP server.

4 Select a notification settings option.

Option Description

Use system default notification settings

Set organization notification settings

The organization uses the system notification settings.

5 (Optional) Type a destination email address and click Test Email Settings to verify that all SMTP server

settings are configured as expected.

6 Click Apply.

Modify Your Organization's Policies

You can review and modify the default policies that were set by the system administrator when your organization was created.

You are an organization administrator.

Procedure

1 Click Administration.

2 In the left pane, select Settings > Policies.

VMware, Inc. 39

vCloud Director User's Guide

3 Select the lease options for vApps and vApp templates.

Leases provide a level of control over an organization's storage and compute resources by specifying the maximum amount of time that vApps can be running and that vApps and vApp templates can be stored. You can also specify what happens to vApps and vApp templates when their storage lease expires.

4 Select the quotas for running and stored virtual machines.

Quotas determine how many virtual machines each user in the organization can store and power on in the organization's virtual datacenters. The quotas you specify act as the default for all new users added to the organization.

5 Select the limits for resource intensive operations.

6 Select the number of simultaneous VMware Remote Console connections for each virtual machine.

You may want to limit the number of simultaneous connections for performance or security reasons.

NOTE This setting does not affect Virtual Network Computing (VNC) or Remote Desktop Protocol (RDP) connections.

7 (Optional) Select the Account lockout enabled check box, select the number of invalid logins to accept

before locking a user account, and select the lockout interval.

8 Click Apply.

Set Default Domain for Organization Virtual Machines

You can set a default domain which virtual machines created in your organization can join. Virtual machines can always join a domain for which they have credentials, regardless of whether or not you specify a default domain.

You are an organization administrator.

Procedure

1 Click Administration.

2 In the left pane, select Settings > Guest Personalization.

3 Select the Enable domain join for virtual machines in this organization.

4 Type the domain name, domain user name, domain password.

These credentials apply to a regular domain user, not a domain administrator.

5 Click Apply.

Enable Your Organization to Use an SAML Identity Provider

Enable your organization to use an SAML identity provider, also called single sign-on, to import users and groups from an SAML identity provider and allow imported users to sign on to the organization with the credentials established in the SAML identity provider.

Prerequisites

Verify that you are logged in as a system or organization administrator.

Verify that you have access to an OpenAM or Active Directory Federation Services SAML identity provider.

40 VMware, Inc.

Chapter 4 Working in an Organization

Create an XML file with the following metadata from your SAML identity provider.

The location of the single sign-on service

The location of the single logout service

The location of the service's X.509 certificate

For information on configuring and acquiring metadata from an OpenAM or Active Directory Federation Services SAML provider, consult the documentation for your SAML provider.

Procedure

1 Click Administration.

2 In the left pane, select Settings > Federation.

3 Select Use SAML Identity Provider.

4 Copy and paste the SAML provider metadata XML into the text box or click Browse to upload the metadata

XML file.

5 Click Apply.

What to do next

Configure your SAML provider with vCloud Director metadata. See your SAML provider's documentation and the vCloud Director Installation and Upgrade Guide.

Configure your SAML provider to provide tokens with the following attribute mappings.

email address = "EmailAddress"

user name = "UserName"

full name = "FullName"

user's groups = "Groups"

Import users and groups from your SAML provider. See “Import an LDAP User,” on page 16 and “Import

a Group,” on page 19.

Manage Users and Groups in Your Organization

You can manage the roles and rights that users and groups have in your organization.

You are an organization administrator.

Procedure

1 Click Administration.

2 In the left pane, select Members > Users or Members > Groups.

You can modify properties or roles.

3 Right-click the user or group and select Properties.

4 Make the necessary changes and click OK.

Your user or group settings are updated. See also Chapter 2, “Managing Users and Groups,” on page 15

Manage Resources in Your Organization

You must monitor and manage the resources you add to your organization.

You are an organization administrator.

VMware, Inc. 41

vCloud Director User's Guide

Procedure

1 Click Administration.

2 In the left pane, under Cloud Resources, select Virtual Datacenters.

The vDCs in your organization appear in the right pane. See also Chapter 3, “Managing Cloud Resources,” on page 21

Manage Virtual Machines in Your Organization

You can manage virtual machines in your organization. Virtual machines provide access to vCloud Director operations at the virtual machine console level.

You are an organization administrator.

Procedure

1 Click My Cloud.

2 In the left pane, select VMs.

3 Select a virtual machine, right-click, and select Properties.

4 Modify the relevant properties in each of the tabs and click OK.

What to do next

For more information on managing virtual machines, see Chapter 9, “Working with Virtual Machines,” on page 89.

Viewing Organization Log Tasks and Events

You can view tasks and events in your organization to monitor and audit vCloud Directory activities.

vCloud Director tasks are long-running operations and their status changes as the task progresses. For example, a task's status generally starts as Running. When the task finishes, its status changes to Successful or Error.

vCloud Director events are one-time occurrence that indicate an important part of an operation or a significant state change for a vCloud Director object. vCloud Director also logs an event every time a user logs in, and notes whether the attempt was successful or not.

View Organization Events

You can view the log for an organization to monitor organization-level events. Failed events and view events are listed by user.

You are an organization administrator.

Procedure

1 Click the My Cloud.

2 In the left pane, click Logs.

3 Click the Events tab.

vCloud Director displays information about each organization-level event.

4 Double-click an event for more information.

Only system administrators can view the details about most events.

42 VMware, Inc.

Chapter 4 Working in an Organization

View Organization Tasks

You can view the tasks in an organization, which helps you monitor and troubleshoot more effectively.

You are an organization administrator.

Procedure

1 Click My Cloud.

2 In the left pane, click Logs.

3 On the Tasks tab, you can examine the tasks in the organization.

4 Select a task, right-click, and select Open.

5 Review the information and click OK.

What to do next

To troubleshoot a failed task, contact your system administrator.

VMware, Inc. 43

vCloud Director User's Guide

44 VMware, Inc.

Working with Catalogs 5

A catalog is a container for vApp templates and media files in an organization. Organization administrators and catalog authors can create catalogs in an organization. Catalog contents can be shared with other users in the organization and can also be published to all organizations in the vCloud Director installation.

There are two types of catalogs in vCloud Director; organization catalogs and public catalogs. Organization catalogs include vApp templates and media files that you can share with other users in the organization. If a system administrator enables catalog publishing for your organization, you can publish an organization catalog to create a public catalog. Organization administrators from any organization in the vCloud Director installation can view the vApp templates and media files in a public catalog and copy those files to a catalog in their organization for use by their members.

There are two ways to add vApp templates to a catalog. You can upload an OVF package directly to a catalog or save a vApp as a vApp template. For more information, see “Upload an OVF Package as a vApp

Template,” on page 57 and “Save a vApp as a vApp Template,” on page 59. You can upload media files

directly to a catalog. See “Upload Media Files,” on page 51.

Members of an organization can access vApp templates and media files that they own or that are shared to them. Organization administrators and system administrators can share a catalog with everyone in an organization, or with specific users and groups in an organization. See “Share A Catalog,” on page 47.

This chapter includes the following topics:

“Add a New Catalog,” on page 45

“Access a Catalog,” on page 46

“Publish a Catalog,” on page 46

“Share A Catalog,” on page 47

“Change the Owner of a Catalog,” on page 47

“Delete a Catalog,” on page 48

“Modify the Properties of Your Catalog,” on page 48

“Understanding Catalogs and Their Contents,” on page 48

“Working in Published Catalogs,” on page 49

Add a New Catalog

You can create catalogs to group your vApp templates and media files.

You are at least a catalog author.

VMware, Inc.

vCloud Director User's Guide

Procedure

1 Click Catalogs > My Organization's Catalogs.

2 On the Catalogs tab, click the Add Catalog button.

3 Type a catalog name and optional description and click Next.

4 (Optional) To share the catalog with members of the organization, click Add Members, select users and

groups, select an access level, click OK, and click Next.

5 Select a catalog publishing option and click Next..

Option Description

Don't publish this catalog to other organizations

Publish to all organizations

NOTE This option might be unavailable, depending on your organizational settings.

6 Review the summary and click Finish.

This catalog will not be visible or available to other organizations in the vCloud Director installation.

This catalog will be visible to all other organizations in the vCloud Director installation. Users with the necessary rights (by default, organization administrators) can view catalog items and copy them to a local organization catalog.

Access a Catalog

Depending on your role in the organization, you can access catalogs in your organization and public catalogs that were published by other organizations.

To access a public catalog, you must be an organization administrator .

To access a catalog in your organization, you must be at least a vApp author.

Procedure

1 Click Catalogs.

2 In the left pane, click on a catalog option.

My Organization's Catalogs

Public Catalogs

3 In the right pane, select a catalog, right-click, and select Open.

Publish a Catalog

When you publish a catalog, all organizations in vCloud Director can see the catalog.

You are at least a catalog author.

Prerequisites

The system administrator has enabled catalog publishing for the organization.

Procedure

1 Click Catalogs.

2 Select a catalog, right-click, and select Publish Settings.

3 On the Publishing tab, select Publish to all organizations.

4 Click OK.

46 VMware, Inc.

Your catalog is available to organization administrators in all organizations.

Share A Catalog

Share a catalog to make its contents available to users in your organization. Users with the proper rights and access level can use vApp templates and media from the shared catalog to create their own vApps.

You are at least a catalog author.

Procedure

1 Click Catalogs > My Organization's Catalogs.

2 Select a catalog, right-click, and select Share.

3 Click Add Members.

4 Select the users and groups with whom you want to share the catalog.

Option Action

Everyone in the organization

Specific users and groups

5 Select an access level and click OK.

Chapter 5 Working with Catalogs

Select this option to share the catalog with everyone.

Select this option, click specific users and groups, and click Add.

Option Supported Actions

Read Only

Read/Write

Full control

The actual actions a user can perform on a catalog and its contents depends on the intersection of the rights of the user and their access level to the catalog. Sharing a catalog with full control does not grant a user rights that the user does not already have.

6 Click OK.

Change the Owner of a Catalog

You can change the owner of a catalog. Before you can delete a user who owns a catalog, you must change the owner or delete the catalog.

You are an organization administrator.

Procedure

1 Click Catalogs > My Organization's Catalogs.

2 On the Catalogs tab, right-click a catalog and select Change Owner.

3 Select a user from the list or search for one.

Open, Add to My Cloud, Download, Copy to Catalog

Open, Add to My Cloud, Download, Copy to Catalog, Publish, Move to Catalog, Delete

Open, Add to My Cloud, Download, Copy to Catalog, Publish, Move to Catalog, Delete, Share

You can search for a user by full name or their user name.

4 Click OK.

VMware, Inc. 47

vCloud Director User's Guide

Delete a Catalog

You can delete a catalog from your organization.

You are at least a catalog author.

Prerequisites

The catalog must not contain any vApp templates or media files. You can move these items to a different catalog or delete them.

Procedure

1 Click Catalogs.

2 In the left pane, click My Organization's Catalogs.

3 Select a catalog, right-click, and select Delete.

4 Click Yes.

The empty catalog is deleted from your organization.

Modify the Properties of Your Catalog

You can review and modify your catalog properties.

You are at least a catalog author.

Procedure

1 Click Catalogs.

2 In the left pane, click My Organization's Catalogs.

3 Select a catalog, right-click, and select Properties.

4 Review the properties in the General, Sharing, and Publishing tabs.

5 Modify the relevant properties and click OK.

Your catalog properties are updated.

Understanding Catalogs and Their Contents

A catalog consists of a list of catalogs, vApp templates, and media files in your organization.

When you click the Catalogs button in the menu bar, these tabs appear.

Catalogs

vApp Templates

Media

If you are an organization administrator, you can access published catalogs in the left pane.

48 VMware, Inc.

Using vApp Templates in a Catalog

You can access vApp templates in a catalog in your organization or, if you are an organization administrator, from a published catalog.

To access a vApp template in a catalog in your organization, in the left pane, click My Organization's Catalogs and click on the vApp Templates tab. Select a vApp template and right-click to see the operations you can complete.

Using Media Files in a Catalog

You can access media files in a catalog in your organization or, if you are a organization administrator, a published catalog.

To access a media file in a catalog in your organization, in the left pane, click My Organization's Catalogs and click on the Media tab. Select a media file and right-click to see the operations you can complete.

Working in Published Catalogs

Organization administrators can access a published catalog and copy its vApp templates and media files to a catalog in their organization. They can then share the organization catalog with other members of their organization so they can use the vApp templates and media files.

Chapter 5 Working with Catalogs

Accessing vApp Templates from a Public Catalog

You can access vApp templates from published catalogs and copy them to your catalog.

You are an organization administrator.

Procedure

1 Click Catalogs.

2 In the left pane, click Public Catalogs.

3 On the vApp Templates tab, select a vApp template, right-click and select an operation.

Open

Add to My Cloud

Download

Copy to Catalog

Properties

You cannot modify properties until you copy the vApp template to your catalog. If you select Add to My Cloud, the vApp template is saved and added as a vApp.

4 Click OK.

The vApp template you selected is added to the specified catalog your organization.

Accessing a Media File from a Public Catalog

You can access a media file from a published catalog and add it to your organization.

You are an organization administrator.

Procedure

1 Click Catalogs.

VMware, Inc. 49

vCloud Director User's Guide

2 In the left pane, click Public Catalogs.

Media files are available for use if they reside in the same vDC as your Cloud vApp.

3 On the Media tab, select a media file, right-click and select Copy to Catalog.

4 Click OK.

The media file is copied to your catalog.

What to do next

You can select the media file and complete a variety of operations on it, such as move it to another catalog in your organization, delete it, or modify its properties.

50 VMware, Inc.

Working with Media Files 6

The catalog allows you to upload, copy, move, and edit the properties of media files.

This chapter includes the following topics:

“Upload Media Files,” on page 51

“Resume the Upload of a Media File,” on page 52

“Copy Media Files to a Catalog,” on page 52

“Move Media Files to Another Catalog,” on page 52

“Delete Media Files,” on page 53

“Modify Media File Properties,” on page 53

Upload Media Files

You can upload media files to a catalog. Users with access to the catalog can use the media files to install applications on their virtual machines.

Prerequisites

VMware, Inc.

Verify that the computer from which you are uploading has Java Plug-in 1.6.0_10 or later installed.

You are at least a catalog author.

Procedure

1 Select Catalogs > My Organization's Catalogs.

2 On the Media tab, click Upload.

3 Type the path to the media file path or click Browse, locate the file, and click Upload.

4 Type a name and optional description for the media file.

This is the name that appears in vCloud Director.

5 Select the destination vDC, storage profile, and catalog.

6 Click Upload.

The media file is uploaded to the specified location. You can click Launch Uploads and Downloads Progress Window to track the progress.

vCloud Director User's Guide

Resume the Upload of a Media File

If you paused, cancelled, or interrupted the upload of a media file, you can resume it.

You are at least a catalog author.

If you log out of vCloud Director and log in, transfer history is lost. You cannot resume the upload.

The default timeout for pending transfer sessions is one hour. You can configure this value.

During pending or stopped transfers, the session keep alive heartbeat kicks in every 15 minutes. To ensure that the session does not time out while tasks are paused, make sure the session timeout value is more than 15 minutes.

Prerequisites

You have initiated the upload or download of a media file.

Procedure

1 In the Launch the Uploads and Downloads Progress Window, click Pauseor Cancel.

The status changes to Stopped in the progress window and Waiting in the Media Files page.

2 In the Launch the Uploads and Downloads Progress Window, click Resume.

The upload or download process resumes.

3 Monitor the progress in the Launch the Uploads and Downloads Progress window.

Copy Media Files to a Catalog

You can copy media files to another catalog.

You are at least a catalog author.

Prerequisites

You have access to multiple vDCs.

Procedure

1 Click Catalogs.

2 On the Media tab, select a media file, right-click, and select Copy To Catalog.

3 Type a name and description.

4 Select the destination catalog and vDC.

5 Click OK.

The media file is copied to and stored in the selected catalog.

Move Media Files to Another Catalog

You can move media files to another catalog in your organization.

You are at least a catalog author.

Prerequisites

You have access to multiple catalogs and vDCs.

52 VMware, Inc.

Procedure

1 Click Catalogs.

2 On the Media tab, select a media file, right-click, and select Move To Catalog.

3 Select a catalog and a vDC.

The catalog you select must be in your organization.

4 Click OK.

The media file is moved to the selected catalog.

Delete Media Files

You can delete media files from your catalog.

You are at least a catalog author.

Procedure

1 Click Catalogs > My Organization's Catalogs.

2 On the Media tab, select a media file, right-click, select Delete.

Chapter 6 Working with Media Files

3 Click Yes.

The media file is deleted.

Modify Media File Properties

You can review and modify some properties of a media file.

You are at least a catalog author.

Procedure

1 Click Catalogs > My Organization's Catalogs.

2 On the Media tab, select a media file, right-click, and select Properties.

3 Modify the name or description.

4 Click OK.

VMware, Inc. 53

vCloud Director User's Guide

54 VMware, Inc.

Working with vApp Templates 7

A vApp template is a virtual machine image that is loaded with an operating system, applications, and data. These templates ensure that virtual machines are consistently configured across an entire organization.

This chapter includes the following topics:

“Open a vApp Template,” on page 55

“Add a vApp Template to My Cloud,” on page 56

“Download a vApp Template,” on page 56

“Upload an OVF Package as a vApp Template,” on page 57

“Resume the Upload of a vApp Template,” on page 57

“Copy a vApp Template from a Public Catalog to an Organization Catalog,” on page 58

“Copy a vApp Template Between an Organization's Catalogs,” on page 58

“Move a vApp Template Between an Organization's Catalogs,” on page 59

“Delete a vApp Template,” on page 59

“Save a vApp as a vApp Template,” on page 59

“Modify vApp Template Properties,” on page 60

Open a vApp Template

You can open a vApp template to learn more about the virtual machines that it contains.

You are at least a vApp user.

Procedure

1 Click Catalogs.

2 In the left pane, click on a catalog option.

My Organization's Catalogs

Public Catalogs

You can open vApp templates in your organization's catalogs or, if you are an organization administrator, from a public catalog.

3 On the vApp Templates tab, select a vApp template, right-click, and select Open.

VMware, Inc.

vCloud Director User's Guide

Add a vApp Template to My Cloud

You can add a vApp template as a vApp from your catalog to My Cloud.

You are at least a vApp author.

If the vApp template is based on an OVF file that includes OVF properties for customizing its virtual machines, those properties are passed to the vApp. If any of those properties are user-configurable, you can specify the values.

Prerequisites

A vApp template is available in a published or a locally shared catalog.

Procedure

1 Click Catalogs.

2 In the left pane, click on a catalog option.

My Organization's Catalogs

Public Catalogs

You can access vApp templates in your organization's shared catalogs or, if you are an organization administrator, from a public catalog.

3 On the vApp Templates tab, select a vApp template, right-click, and select Add to My Cloud.

4 Type a name and optional description for the vApp.

5 Select a runtime and storage lease and click Next.

6 Select a virtual datacenter, configure the virtual machines in the vApp, and click Next.

7 Configure the custom properties, if any, and click Next.

8 Configure the networking options for the vApp and click Next.

9 Review the vApp summary information and click Finish.

vCloud Director creates a vApp on the My Cloud > vApps page.

Download a vApp Template

You can download a vApp template from a catalog locally as an OVF file.

You are at least a catalog author.

Prerequisites

The computer from which you are downloading must have Java Plug-in 1.6.0_10 or later installed.

Procedure

1 Click Catalogs.

2 In the left pane, click on a catalog option.

My Organization's Catalogs

Public Catalogs

You can download vApp templates from your organization's catalogs or, if you are an organization administrator, from a public catalog.

3 On the vApp Templates tab, select a vApp template, right-click, and select Download.

56 VMware, Inc.

4 Navigate to the local folder where you want to save the OVF file and click Save.

You can click the Launch Uploads and Downloads Progress Window button from My Organization's Catalogs to track the progress.

Upload an OVF Package as a vApp Template

You can upload an OVF package from remote shares and your local directory to vCloud Director as a vApp template.

You are at least a catalog creator.

vCloud Director supports OVFs based on the Open Virtualization Format (OVF) Specification. If you upload an OVF file that includes OVF properties for customizing its virtual machines, those properties are preserved in the vApp template.

Prerequisites

The computer from which you are uploading must have Java Plug-in 1.6.0_10 or later installed.

For information about creating OVFs, see the OVF Tool User Guide and VMware vCenter Converter 4.0.1 User's Guide.

vCloud Director does not support uploading compressed OVF files.

Chapter 7 Working with vApp Templates

Procedure

1 Click Catalogs > My Organization's Catalogs.

2 On the vApp Templates tab, click the Upload button.

3 Type the name and path of the OVF file to upload, or click Browse, select the OVF file, and click

Upload.

4 Type a name and optional description for the vApp template.

5 Select a destination vDC and catalog.

6 Click Upload.

You can click the Launch Uploads and Downloads Progress Window button to track the progress.

What to do next

Verify that VMware Tools is installed in each virtual machine in the vApp. See “Installing VMware Tools in a

vApp,” on page 102.

Resume the Upload of a vApp Template

If the upload process is interrupted, paused, or cancelled you can resume it.

You are at least a catalog creator.

If you log out of vCloud Director and log in, transfer history is lost. You cannot resume the upload.

The default timeout for pending transfer sessions is one hour. You can configure this value up to one hour.

Prerequisites

You have initiated the upload or download of a vApp template.

VMware, Inc. 57

vCloud Director User's Guide

Procedure

1 In the Launch Uploads and Downloads Progress Window, click Pauseor Cancel.

The status changes to Stopped in the progress window and Waiting in the vApp Template page.

2 In the Launch Uploads and Downloads Progress Window, click Resume.

The upload or download process resumes.

3 Monitor the progress in the Launch Uploads and Downloads Progress Window .

Copy a vApp Template from a Public Catalog to an Organization Catalog

You can copy a vApp template from a public catalog to your organization catalog to make it available to users in your organization.

You are a vApp author or organization administrator.

Prerequisites

You have a catalog and vDC.

Procedure

1 Click Catalogs.

2 In the left pane, click Public Catalogs.

3 On the vApp Templates tab, select a vApp template, right-click, and select Copy To Catalog.

4 Type a name and optional description for the vApp.

5 Select a destination catalog and vDC.

Select a shared catalog to give organization users access to the template.

6 Click OK.

vCloud Director copies the vApp template to the organization catalog. The vApp appears on the vApp Templates tab in My Organization's Catalogs.

Copy a vApp Template Between an Organization's Catalogs

You can copy a vApp template from one catalog in your organization to another catalog in the same organization. This is useful if the catalogs are shared with different users and you want both groups of users to have access to the vApp template.

You are an organization administrator, catalog author, or vApp author.

Prerequisites

You must have access to at least two catalogs and a vDC with available space.

Procedure

1 Click Catalogs > My Organization's Catalogs.

2 On the vApp Templates tab, right-click a vApp template and select Copy to Catalog.

3 Type a name and optional description for the vApp template.

4 Select the destination catalog and vDC.

If you select a published catalog, the vApp template will be available to all organizations in the vCloud Director installation.

58 VMware, Inc.

Chapter 7 Working with vApp Templates

5 Click OK.

Move a vApp Template Between an Organization's Catalogs

You can move a vApp template from one catalog in your organization to another catalog in the same organization. This is useful if you want to move a template from a published catalog to an unpublished catalog or the reverse.

You are an organization administrator or catalog author.

Prerequisites

You must have access to at least two catalogs and a vDC with available space.

Procedure

1 Click Catalogs > My Organization's Catalogs.

2 On the vApp Templates tab, right-click a vApp template and select Move To Catalog.

3 Select a destination catalog and vDC.

If you select a published catalog, the vApp template will be available to all organizations in the vCloud Director installation.

4 Click OK.

vCloud Director copies the source vApp template to the destination catalog and then deletes the source vApp template.

Delete a vApp Template

You can delete a vApp template from an organization catalog. If the catalog is published, the vApp template is also deleted from Public Catalogs.

You are at least a vApp author.

Procedure

1 Click Catalogs > My Organization's Catalogs.

2 On the vApp Templates tab, select a vApp template, right-click, and select Delete.

3 Click Yes.

The selected vApp is deleted.

Save a vApp as a vApp Template

You can save a vApp to a catalog as a vApp template.

You are at least a vApp author.

Prerequisites

Your organization has a catalog and a vDC with available space.

The vApp must be stopped.

Procedure

1 Click My Cloud.

2 In the left pane, click vApps.

VMware, Inc. 59

vCloud Director User's Guide

3 Right-click a vApp and select Add to Catalog.

4 Type a name and optional description for the vApp template.

5 Select a vDC, a catalog, and a storage lease.

6 Select a vApp creation option.

This option applies when creating a vApp based on this template. It is ignored when building a vApp using individual virtual machines from this template.

Option Description

Make identical copy

Customize VM settings

7 Click OK.

The vApp is saved as a vApp template and appears in the destination catalog.

vApps that are created from this vApp template must follow the guest operating system settings of the vApp template. If you select this option, and guest customization is enabled, the guest operating system is personalized.

Guest operating system is personalized regardless of the vApp template settings, and the guest operating system is personalized when the vApp is deployed. This option requires that a supported version of VMware Tools be installed on all virtual machines in the vApp.

Modify vApp Template Properties

You can modify some basic properties of a vApp template. To make more advanced changes to a vApp template, add it to My Cloud, make the changes, then add it back to the catalog as a new vApp template.

You are an organization administrator.

Procedure

1 Click Catalogs > My Organization's Catalogs.

2 On the vApp Templates tab, right-click a vApp template and select Properties.

3 On the General tab, modify the vApp template name and description.

4 Select a vApp creation option.

This option applies when creating a vApp based on this template. It is ignored when building a vApp using individual virtual machines from this template.

Option Description

Make identical copy

Customize VM settings

5 Choose whether or not to mark the vApp template as a Gold Master in the catalog.

If you mark a vApp template as a Gold Master, this information appears in the list of vApp templates.

6 To reset the vApp template storage lease, select the Reset lease check box and select a new storage lease.

7 Click OK.

60 VMware, Inc.

Working with vApps 8

A vApp consists of one or more virtual machines that communicate over a network and use resources and services in a deployed environment. A vApp can contain multiple virtual machines.

This chapter includes the following topics:

“Create a vApp From a vApp Template,” on page 62

“Create a New vApp,” on page 62

“Import a Virtual Machine as a vApp,” on page 64

“About the vApp Placement Engine,” on page 64

“Copy a vApp,” on page 66

“Start a vApp,” on page 66

“Start a vApp with an Older Version of VMware Tools,” on page 66

“Stop a vApp,” on page 67

“Suspend a vApp,” on page 67

“Discard the Suspended State of a vApp,” on page 67

VMware, Inc.

“Reset a vApp or Virtual Machine,” on page 68

“View vApp Virtual Machines,” on page 68

“Add a Virtual Machine to a vApp,” on page 68

“Import a Virtual Machine to a vApp from vSphere,” on page 69

“Remove Virtual Machines from a vApp,” on page 69

“Set vApp Start and Stop Options,” on page 70

“Working with Networks in a vApp,” on page 71

“Editing vApp Properties,” on page 82

“Display a vApp Diagram,” on page 84

“Change the Owner of a vApp,” on page 84

“Upgrade the Virtual Hardware Version for a vApp,” on page 85

“Save vApp as a vApp Template to Your Catalog,” on page 85

“Create a Snapshot of a vApp,” on page 86

“Revert a vApp to a Snapshot,” on page 86

vCloud Director User's Guide

“Remove a Snapshot of a vApp,” on page 86

“Copy a vApp to Another vDC,” on page 86

“Move a vApp to Another vDC,” on page 87

“Delete a vApp,” on page 87

Create a vApp From a vApp Template

You can create a new vApp based on a vApp template stored in a catalog to which you have access.

Only organization administrators and vApp authors can access vApp templates in public catalogs.

vApp users and above can access vApp templates in organization catalogs shared to them.

Procedure

1 Click My Cloud > vApps.

2 Click the Add vApp from Catalog button.

3 Select My organization's catalogs or Public catalogs from the drop-down menu.

4 Select a vApp template and click Next.

5 Type a name and optional description for the vApp.

6 Select a runtime and storage lease and click Next.

7 Select a virtual datacenter, configure the virtual machines in the vApp, and click Next.

8 Configure the custom properties, if any, and click Next.

9 Configure the networking options for the vApp and click Next.

10 Review the vApp summary information and click Finish.

vCloud Director creates a vApp in My Cloud.

Create a New vApp

If you don't want to create a vApp based on a vApp template, you can create a new vApp using virtual machines from vApp templates, new virtual machines, or a combination of both.

You are at least a vApp author.

Procedure

1 Complete the vApp Profile on page 63

When you create a new vApp, you must provide some basic information.

2 Add Virtual Machines to the vApp on page 63

You can search your catalogs for virtual machines to add to the vApp or add new, blank virtual machines.

3 Configure the Virtual Machines on page 63

Select the virtual datacenter (vDC) in which this vApp is stored and runs when it's started. Name each virtual machine and select the network to which you want it to connect. You can configure additional properties for virtual machines after you complete the wizard.

62 VMware, Inc.

Chapter 8 Working with vApps

4 Configure Networks on page 64

You can determine how the vApp, its virtual machines, and its networks connect to the organization's networks.

Complete the vApp Profile

When you create a new vApp, you must provide some basic information.

Procedure

1 Click My Cloud.

2 In the left pane, click vApps and click the Build New vApp button.

3 Type a name and optional description.

4 Select a runtime and storage lease and click Next.

Add Virtual Machines to the vApp

You can search your catalogs for virtual machines to add to the vApp or add new, blank virtual machines.

You must be an organization administrator or vApp author to access public catalogs.

Procedure

1 To add virtual machines from vApp templates, select My organization's catalogs or Public catalogs from

the drop-down menu, select one or more virtual machines, and click Add.

2 To add a new virtual machine, click New Virtual Machine, provide the required information about the

virtual machine, and click OK.

After you finish creating the new vApp, you can power on the new virtual machine and install an operating system.

3 Click Next.

Configure the Virtual Machines

Procedure

1 Select a vDC.

2 (Optional) Modify the full name and computer name of each virtual machine.

3 Select a primary NIC and network for each virtual machine.

4 Select an IP assignment method for each NIC.

If you select Static - Manual, type the IP address.

5 Click Next.

VMware, Inc. 63

vCloud Director User's Guide

Configure Networks

You can determine how the vApp, its virtual machines, and its networks connect to the organization's networks.

Procedure

1 Select Show networking details.

2 Review the network information.

3 Click Next.

4 Review the summary for the vApp.

5 Click Finish.

Import a Virtual Machine as a vApp

You can import a vSphere virtual machine to your organization as a vApp.

Prerequisites

Verify that you are at least a vApp author.

Procedure

1 Select My Cloud > vApps.

2 Click Import from vSphere.

3 Select a vCenter server from the drop-down menu and select a virtual machine to import.

4 Type a name and optional description for the vApp.

5 Select a virtual datacenter to which to import the vApp from the drop-down menu.

6 (Optional) Select a storage profile for the vApp from the drop-down menu.

7 Choose whether to move or copy the imported virtual machine, and click OK.

vCloud Director imports the vApp into My Cloud.

About the vApp Placement Engine

The vCloud Director placement engine determines what resources, including resource pools, datastores, and networks or network pools, on which to place the virtual machines in a vApp. The placement decision is made independently for each virtual machine in a vApp based on the requirements of that virtual machine.

The placement engine runs in the following scenarios.

When you create a vApp, the placement engine determines what resource pool, datastore, and network pool on which to place the vApp's virtual machines.

When you start a vApp, the placement engine might selectively move the vApp's virtual machines to another resource pool, datastore, or network pool if the current resource pool, datastore, or network pool lacks sufficient resources for the vApp to power on.

When you change the storage profile of a virtual machine, the placement engine moves the virtual machine to a datastore and resource pool that support the new storage profile.

When virtual machines are migrated to different resource pools.

64 VMware, Inc.

Chapter 8 Working with vApps

The placement engine uses the following criteria to select candidate resource pools for a virtual machine.

CPU capacity

Memory capacity

Number of virtual CPUs

Hardware version supported by the host

The placement engine filters out disabled resource pools from the candidate list so that no virtual machine is created on a disabled resource pool. When possible, the placement engine places virtual machines on the same hub as other virtual machines in the organization vDC.

The placement engine uses the following criteria to select candidate datastores for a vApp and its virtual machines.

Storage capacity

Storage profile

The placement engine filters out disabled datastores from the candidate list so that no virtual machine is created on a disabled datastore.

The placement engine uses the network name to select candidate network pools for a vApp and its virtual machines.

After the placement engine selects a set of candidate resources, it ranks the resources and picks the best location for each virtual machine based on the CPU, virtual RAM, and storage configuration of each virtual machine.

While ranking resources, the placement engine examines the current and estimated future resource use. Estimated future use is calculated based on powered-off virtual machines currently placed on a given resource pool and their expected use after they are powered on. For CPU and memory, the placement engine looks at the current unreserved capacity, the maximum use, and the estimated future unreserved capacity. For storage, it looks at the aggregated provisioned capacity provided by the cluster that each resource pool belongs to. The placement engine then considers the weighted metrics of the current and future suitability of each resource pool.

The placement engine favors resource pools that provide the minimum of unreserved capacity for CPU and memory and free capacity for storage. It also gives lower preference to yellow clusters so that yellow clusters are only selected if no healthy cluster is available that satisfies the placement criteria.

When a virtual machine is powered on, either as part of starting a vApp or on its own, the placement engine runs to validate that the resource pool the virtual machine is assigned to has sufficient resources to support the requirements of the virtual machine. This step is necessary because the resource availability on the resource pool might have changed since the virtual machine was created on the resource pool. If the resource pool lacks sufficient capacity to power on the virtual machine, the placement engine finds another compatible resource pool on the provider vDC that satisfies the requirements of the virtual machine and places the virtual machine there. This substitution might result in the migration of the virtual machine's VMDKs to a different datastore if no suitable resource pools are connected to the datastore the VMDKs are located on.

During concurrent deployment situations when a resource pool is close to capacity, the validation of that resource pool might succeed even though the resource pool lacks the resources to support the virtual machine. In these cases, the virtual machine cannot power on. If a virtual machine fails to power on in this situation, start the power on operation again to prompt the placement engine to migrate the virtual machine to a different resource pool.

When the cluster that a resource pool belongs to is close to capacity, a virtual machine on that resource pool might still be able to power on even when no individual host has the capacity to power on the virtual machine. This happens as a result of capacity fragmentation at the cluster level. In such cases, a system administrator should migrate a few virtual machines out of the cluster so that the cluster maintains sufficient capacity.

VMware, Inc. 65

vCloud Director User's Guide

Copy a vApp

To create a new vApp based on an existing vApp, you can copy a vApp and modify the copy to meet your needs.

You are at least a vApp user.

Procedure

1 Click My Cloud.

2 In the left pane, click vApps.

3 Select a vApp, right-click, and select Copy to.

4 Type a name and optional description.

5 Select a vDC.

6 Click OK.

What to do next

Modify the contents and properties of the new vApp.

Start a vApp

Starting a vApp powers on all the virtual machines in the vApp that are not already powered on.

You are at least a vApp author.

Procedure

1 Click My Cloud.

2 In the left pane, click vApps.

3 Select a vApp, right click, and select Start.

Start a vApp with an Older Version of VMware Tools

If a virtual machine in a vApp has an older version of VMware Tools installed and is enabled for guest customization, you might not be able to start it.

Procedure

1 Click My Cloud.

2 In the left pane, select vApps.

3 Select a vApp, right-click, and select Open.

4 Select a virtual machine, right-click, and select Properties.

5 On the Guest OS Customization tab, deselect the Enable Guest Customization check box and click OK.

6 (Optional) Repeat this step for all your virtual machines.

7 Select the vApp, right-click, and select Start.

66 VMware, Inc.

Stop a vApp

Stopping a vApp powers off or shuts down all the virtual machines in the vApp. You must stop a vApp before you can perform certain actions. For example, adding it to a catalog, copying it, moving it, and so on.

You can specify whether stopping a vApp powers off or shuts down its virtual machines in the vApp properties page.

Prerequisites

The vApp must be started.

Procedure

1 Click My Cloud.

2 In the left pane, click vApps.

3 Select a vApp, right-click, and select Stop.

4 Click OK.

Suspend a vApp

Chapter 8 Working with vApps

You can suspend a vApp to save its current state.

Prerequisites

The vApp is running.

Procedure

1 Click My Cloud.

2 In the left pane, click vApps.

3 Select a vApp, right-click, and select Suspend.

The vApp is stopped and is labeled as Stopped.

Discard the Suspended State of a vApp

You can discard the suspended state of a vApp.

Prerequisites

The vApp must be stopped and in a suspended state.

Procedure

1 Click My Cloud.

2 In the left pane, click vApps.

3 Select a vApp, right-click, and select Discard Suspended State.

4 Click Yes.

VMware, Inc. 67

vCloud Director User's Guide

Reset a vApp or Virtual Machine

Resetting a virtual machine clears state (memory, cache, and so on), but the vApps and virtual machines continue to run.

Prerequisites

Your vApp is started and virtual machine is powered on.

Procedure

1 Click My Cloud.

2 In the left pane, select vApps or VMs.

3 Select a vApp or virtual machine, right-click, and select Reset.

View vApp Virtual Machines

You can access and display the virtual machines in a vApp.

Procedure

1 Click My Cloud.

2 In the left pane, click vApps.

3 Select a vApp, right-click, and select Open.

4 Click on the Virtual Machines tab.

Add a Virtual Machine to a vApp

You can add a virtual machine to a vApp.

If the virtual machine is based on an OVF file that includes OVF properties for customization, those properties are retained in the vApp. If any of those properties are user-configurable, you can specify the values in the virtual machine's properties pane after you add it to the vApp.

For information about supported network adapter types, see http://kb.vmware.com/kb/1001805.

Prerequisites

You must be an organization administrator or vApp author to access virtual machines in public catalogs.

Procedure

1 Click the My Cloud tab and click vApps in the left pane.

2 Right-click the vApp and select Open.

3 On the Virtual Machines tab, click the Add VM button.

4 To add virtual machines from vApp templates, select My organization's catalogs or Public catalogs from

the drop-down menu, select one or more virtual machines, and click Add.

5 To add a new virtual machine, click New Virtual Machine, provide the required information about the

virtual machine, and click OK.

After you finish creating the new vApp, you can power on the new virtual machine and install an operating system.

6 Click Next.

7 (Optional) Modify the full name and computer name of each virtual machine.

68 VMware, Inc.

8 Select a primary NIC and network for each virtual machine.

9 (Optional) Select Show network adapter type and select a type for each NIC.

10 Select an IP assignment method for each NIC.

If you select Static - Manual, type the IP address.

11 Click Next.

12 Select Show networking details, review the network information, and click Next.

13 Review the summary for the vApp and click Finish.

Import a Virtual Machine to a vApp from vSphere

You can import an existing virtual machine to a vApp from vSphere

Prerequisites

Verify that you are an organization administrator or vApp author.

Procedure

1 Click the My Cloud tab and click vApps in the left pane.

2 Right-click the vApp and select Open.

Chapter 8 Working with vApps

3 On the Virtual Machines tab, click Import from vSphere.

4 Select the source vCenter server from the drop-down menu and select the virtual machine to import.

5 Enter a name for the imported virtual machine.

6 (Optional) Enter a description for the imported virtual machine.

7 (Optional) Select a storage profile for the imported virtual machine.

8 Choose whether to copy the virtual machine or to move it from the source vCenter server, and click OK.

Remove Virtual Machines from a vApp

You can remove virtual machines from a vApp.

You are at least a vApp author.

Prerequisites

The virtual machine is powered off.

Procedure

1 Click My Cloud.

2 In the left pane, click vApps.

3 Select a vApp, right-click, and select Open.

4 On the Virtual Machines tab, select a virtual machine, right-click and select Delete.

5 Click Yes.

VMware, Inc. 69

vCloud Director User's Guide

Set vApp Start and Stop Options

You can specify certain options that affect what happens to the virtual machines when a vApp is started and stopped.

Prerequisites

You are at least a vApp user.

Procedure

1 Click My Cloud.

2 In the left pane, click vApps.

3 Select a vApp, right-click, and select Properties.

4 On the Starting and Stopping VMs tab, specify the options.

Option Description

Order

Start Action

Boot Delay

Stop Action

Stop Delay

5 Click OK.

For vApps with multiple virtual machines, you can specify the order in which the machines start and stop by typing numbers in the text box. Virtual machines with lower numbers start first and stop last. You cannot enter negative numbers. Virtual machines with the same order are started and stopped at the same time.

Determines what happens to virtual machines when you start the vApp that contains them. By default, this option is set to Power On.

How many seconds vCloud Director waits after starting the virtual machine before starting the next virtual machine.

Determines what happens to virtual machines when you stop the vApp that contains them. By default, this option is set to Power Off, but you can also set it to Shutdown.

How many seconds vCloud Director waits after stopping the virtual machine before stopping the next virtual machine.

Example: Starting and Stopping Virtual Machines

This example shows a the order, boot delay, and stop delay options for the virtual machines in a vApp and how those options affect when each virtual machine starts and stops.

Table 8-1. Virtual Machine Start and Stop Options on vApp1

Virtual Machine Order Boot Delay Stop Delay

VM1 1 0 10

VM2 1 10 10

VM3 1 20 30

VM4 2 0 20

VM5 2 30 60

VM6 3 40 10

When vApp1 is started, the virtual machines start as follows.

1 VM1, VM2, and VM3 start at the same time.

2 After 20 seconds (the longest boot delay from the order 1 virtual machines), VM4 and VM5 start.

70 VMware, Inc.

3 After 30 seconds (the longest boot delay from the order 2 virtual machines) VM6 starts.

When vApp1 is stopped, the virtual machines stop as follows.

1 VM6 stops.

2 After 10 seconds, VM5 and VM4 stop.

3 After 60 seconds, VM3, VM2, and VM1 stop.

Working with Networks in a vApp

The virtual machines in a vApp can connect to vApp networks (isolated or routed) and organization vDC networks (direct or fenced). You can add networks of different types to a vApp to address multiple networking scenarios.

Select the Networking tab in a vApp and select the Show networking details check box to view a list of the networks that are available to the vApp. Virtual machines in the vApp can connect to these networks. If you want to connect a virtual machine to a different network, you must first add it to the vApp.

A vApp can include vApp networks and organization vDC networks. A vApp network can be isolated by selecting None in the Connection drop-down menu. An isolated vApp network is totally contained within the vApp. You can also route a vApp network to an organization vDC network to provide connectivity to virtual machines outside of the vApp. For routed vApp networks, you can configure network services, such as a firewall and static routing.

Chapter 8 Working with vApps

You can connect a vApp directly to an organization vDC network. If you have multiple vApps that contain identical virtual machines connected to the same organization vDC network and you want to start the vApps at the same time, you can fence the vApp. This allows you to power on the virtual machines without conflict, by isolating their MAC and IP addresses.

View vApp Networks

You can access and display the networks in a vApp.

Procedure

1 Click My Cloud.

2 In the left pane, click vApps.

3 Select a vApp, right-click, and select Open.

4 Click on the Networking tab.

5 Select the Show networking details to display details about each network.

Adding Networks to a vApp

You can add vApp networks and Organization vDC networks to a vApp.

Add a vApp Network to a vApp on page 72

Add a vApp network to a vApp to make the network available to virtual machines in the vApp.

Add an Organization vDC Network to a vApp on page 72

Add an organization vDC network to a vApp to make the network available to virtual machines in the vApp.

VMware, Inc. 71

vCloud Director User's Guide

Add a vApp Network to a vApp

Add a vApp network to a vApp to make the network available to virtual machines in the vApp.

Procedure

1 Click My Cloud.

2 In the left pane, click vApps, right-click, and select Open.

3 On the Networking tab, select the Show networking details check box.

4 Click the Add Network button.

5 Select vApp Network and click Next.

6 Type the network specifications and click Next.

7 Type a network name and optional description and click Next.

8 Review your vApp network settings and click Finish.

vCloud Director creates an isolated vApp network and displays it in the network list.

9 (Optional) Select an organization vDC network in the Connection drop-down menu.

This routes the vApp network to the organization vDC network.

10 Click Apply.

What to do next

Connect a virtual machine in the vApp to the network.

Add an Organization vDC Network to a vApp

Add an organization vDC network to a vApp to make the network available to virtual machines in the vApp.

Procedure

1 Click My Cloud.

2 In the left pane, click vApps, right-click, and select Open.

3 On the Networking tab, select the Show networking details check box.

4 Click the Add Network button.

5 Select Organization vDC Network and click Next.

6 Select an organization vDC network and click Finish.

vCloud Director adds the organization vDC network and displays it in the network list.

7 (Optional) Select the Fence vApp check box.

The connection changes from Direct to Fenced for all organization vDC networks in the vApp. Fencing allows identical virtual machines in different vApps to be powered on without conflict by isolating the MAC and IP addresses of the virtual machines.

When fencing is enabled and the vApp is powered on, an isolated network is created from the organization vDC's network pool. A vShield Edge is created and attached to both the isolated network and the organization vDC network. Traffic going to and from the virtual machines pass through vShield Edge, which translates the IP address using NAT and proxy-AR, which allows a router to pass traffic between two networks using the same IP space.

8 Click Apply.

72 VMware, Inc.

Chapter 8 Working with vApps

What to do next

Connect a virtual machine in the vApp to the network.

Configuring Network Services for a vApp Network

You can configure network services, such as DHCP, firewalls, network address translation (NAT), and static routing for certain vApp networks.

The network services available depend on the type of vApp network.

Table 8-2. Network Services Available by Network Type

vApp Network Type DHCP Firewall NAT Static Routing

Direct

Routed X X X X

Isolated X

Configure DHCP for an vApp Network

You can configure certain vApp networks to provide DHCP services to virtual machines in the vApp.

When you enable DHCP for a vApp network, connect a NIC on virtual machine in the vApp to that network, and select DHCP as the IP mode for that NIC, vCloud Director assigns a DHCP IP address to the virtual machine when you power it on.

Prerequisites

A routed vApp network or an isolated vApp network.

Procedure

1 Click the My Cloud tab and click vApps in the left pane.

2 Right-click a vApp and select Open.

3 On the Networking tab, select Show networking details.

4 Right-click the vApp network and select Configure Services.

5 Click the DHCP tab and select Enable DHCP.

6 Type a range of IP addresses or use the default range.

vCloud Director uses these addresses to satisfy DHCP requests. The range of DHCP IP addresses cannot overlap with the static IP pool for the vApp network.

7 Set the default lease time and maximum lease time or use the default values and click OK.

8 Click Apply.

vCloud Director updates the network to provide DHCP services.

NOTE If the DNS settings on a DHCP-enabled vApp network are changed, the vApp network no longer provides DHCP services. To correct this issue, disable and reenable DHCP on the vApp network.

VMware, Inc. 73

vCloud Director User's Guide

Configure the Firewall for a vApp Network

You can configure certain vApp networks to provide firewall services. Enable the firewall on a vApp network to enforce firewall rules on incoming traffic, outgoing traffic, or both.

If a system administrator specified syslog server settings and those settings have been applied to the vApp network, then you can log events related to the default firewall action. For information about applying syslog server settings, see “Apply Syslog Server Settings to a vApp Network,” on page 82. To view the current syslog server settings see “View Syslog Server Settings for a vApp Network,” on page 81.

Prerequisites

A routed vApp network.

Procedure

1 Click the My Cloud tab and click vApps in the left pane.

2 Right-click a vApp and select Open.

3 On the Networking tab, select Show networking details.

4 Right-click the vApp network and select Configure Services.

5 Click the Firewall tab and select Enable firewall to enable firewall services or deselect it to disable firewall

services.

6 Select the default firewall action.

Option Description

Deny

Allow

Blocks all traffic except when overridden by a firewall rule.

Allows all traffic except when overridden by a firewall rule.

7 (Optional) Select the Log check box to log events related to the default firewall action.

8 Click OK.

9 Click Apply.

Add a Firewall Rule to a vApp Network

You can add firewall rules to a vApp network that supports a firewall. You can create rules to allow or deny traffic that matches the rules to pass through the firewall.

For a firewall rule to be enforced, you must enable the firewall for the vApp network. See “Configure the

Firewall for a vApp Network,” on page 74.

When you add a new firewall rule to a vApp network, it appears at the end of the firewall rule list. For information about setting the order in which firewall rules are enforced, see “Reorder Firewall Rules for a

vApp Network,” on page 76.

If a system administrator specified syslog server settings and those settings were applied to the vApp network, then you can log firewall rule events. For information about applying syslog server settings, see “Apply Syslog

Server Settings to a vApp Network,” on page 82. To view the current syslog server settings, see “View Syslog Server Settings for a vApp Network,” on page 81.

74 VMware, Inc.

Chapter 8 Working with vApps

Prerequisites

A routed vApp network.

Procedure

1 Click the My Cloud tab and click vApps in the left pane.

2 Right-click a vApp and select Open.

3 On the Networking tab, select Show networking details.

4 Right-click the vApp network and select Configure Services.

5 Click the Firewall tab and click Add.

6 Type a name for the rule.

7 (Optional) Select Match rule on translated IP to have the rule check against translated IP addresses rather

than original IP addresses and choose a traffic direction to apply this rule on.

8 Type the traffic Source.

Option Description

IP address

Range of IP addresses

CIDR

internal

external

any

Type a source IP address to apply this rule on.

Type a range of source IP addresses to apply this rule on.

Type the CIDR notation of traffic to apply this rule on.

Apply this rule to all internal traffic.

Apply this rule to all external traffic.

Apply this rule to traffic from any source.

9 Select a Source port to apply this rule on from the drop-down menu.

10 Type the traffic Destination.

Option Description

IP address

Range of IP addresses

CIDR

internal

external

any

Type a destination IP address to apply this rule on.

Type a range of destination IP addresses to apply this rule on.

Type the CIDR notation of traffic to apply this rule on.

Apply this rule to all internal traffic.

Apply this rule to all external traffic.

Apply this rule to traffic with any destination.

11 Select the Destination port to apply this rule on from the drop-down menu.

12 Select the Protocol to apply this rule on from the drop-down menu.

13 Select the action.

A firewall rule can allow or deny traffic that matches the rule.

14 Select the Enabled check box.

15 (Optional) Select the Log network traffic for firewall rule check box.

If you enable this option, vCloud Director sends log events to the syslog server for connections affected by this rule. Each syslog message includes logical network and organization UUIDs.

16 Click OK and click OK again.

17 Click Apply.

VMware, Inc. 75

vCloud Director User's Guide

Reorder Firewall Rules for a vApp Network

Firewall rules are enforced in the order in which they appear in the firewall list. You can change the order of the rules in the list.

When you add a new firewall rule to a vApp network, it appears at the bottom of the firewall rule list. If you want to enforce the new rule before an existing rule, reorder the rules.

Prerequisites

A routed vApp network with two or more firewall rules.

Procedure

1 Click the My Cloud tab and click vApps in the left pane.

2 Right-click a vApp and select Open.

3 On the Networking tab, select Show networking details.

4 Right-click the vApp network and select Configure Services.

5 Click the Firewall tab.

6 Drag and drop the firewall rules to establish the order in which the rules are applied.

7 Click OK.

8 Click Apply.

Enable IP Masquerading for a vApp Network

You can configure certain vApp networks to provide IP masquerade services. Enable IP masquerading on a vApp network to hide the internal IP addresses of virtual machines from the organization vDC network.

When you enable IP masquerade, vCloud Director translates a virtual machine's private, internal IP address to a public IP address for outbound traffic.

Prerequisites

Verify that a routed vApp network exists.

Procedure

1 Click the My Cloud tab and click vApps in the left pane.

2 Right-click a vApp and select Open.

3 On the Networking tab, select Show networking details.

4 Right-click the vApp network and select Configure Services.

5 Click the NAT tab and select Port Forwarding.

6 Select Enable IP Masquerade and click OK.

7 Click Apply.

Add a Port Forwarding Rule to a vApp Network

You can configure certain vApp networks to provide port forwarding by adding a NAT mapping rule. Port forwarding provides external access to services running on virtual machines on the vApp network.

When you configure port forwarding, vCloud Director maps an external port to a service running on a port on a virtual machine for inbound traffic.

76 VMware, Inc.

Chapter 8 Working with vApps

When you add a new port forwarding rule to a vApp network, it appears at the bottom of the NAT mapping rule list. For information about how to set the order in which port forwarding rules are enforced, see “Reorder

Port Forwarding Rules for a vApp Network,” on page 78.

Prerequisites

A routed vApp network.

Procedure

1 Click the My Cloud tab and click vApps in the left pane.

2 Right-click a vApp and select Open.

3 On the Networking tab, select Show networking details.

4 Right-click the vApp network and select Configure Services.

5 Click the NAT tab, select Port Forwarding, and click Add.

6 Configure the port forwarding rule.

a Select an external port.

b Select an internal port.

c Select a protocol for the type of traffic to forward.

d Select a VM interface.

e Click OK.

7 Click OK.

8 Click Apply.

Add an IP Translation Rule to a vApp Network

You can configure certain vApp networks to provide IP translation by adding a NAT mapping rule.

When you create an IP translation rule for a network, vCloud Director adds a DNAT and SNAT rule to the vShield Edge associated with the network's port group. The DNAT rule translates an external IP address to an internal IP address for inbound traffic. The SNAT rule translates an internal IP address to an external IP address for outbound traffic. If the network is also using IP masquerade, the SNAT rule takes precedence.

Prerequisites

A routed vApp network.

Procedure

1 Click the My Cloud tab and click vApps in the left pane.

2 Right-click a vApp and select Open.

3 On the Networking tab, select Show networking details.

4 Right-click the vApp network and select Configure Services.

5 Click the NAT tab, select IP Translation, and click Add.

6 Select a VM interface and mapping mode and click OK.

For Manual mapping mode, type an external IP address.

7 Click OK.

8 Click Apply.

VMware, Inc. 77

vCloud Director User's Guide

Reorder Port Forwarding Rules for a vApp Network

Port forwarding rules are enforced in the order in which they appear in the NAT mapping list. You can change the order of the rules in the list.

When you add a new port forwarding rule to a vApp network, it appears at the bottom of the NAT mapping rule list. To enforce the new rule before an existing rule, reorder the rules.

Prerequisites

A routed vApp network with two or more port forwarding rules.

Procedure

1 Click the My Cloud tab and click vApps in the left pane.

2 Right-click a vApp and select Open.

3 On the Networking tab, select Show networking details and click Details.

4 On the NAT tab, click and drag the rules to establish the order in which the rules are applied and click

OK.

5 Click Apply.

Enable Static Routing for a vApp Network

You can configure certain vApp networks to provide static routing services. After you enable static routing on two or more vApp networks, you can add static routes to allow virtual machines on different vApp networks to communicate.

To route traffic between two vApp networks, you must enable static routing on both networks.

Prerequisites

A routed vApp network.

Procedure

1 Click the My Cloud tab and click vApps in the left pane.

2 Right-click a vApp and select Open.

3 On the Networking tab, select Show networking details.

4 Right-click the vApp network and select Configure Services.

5 On the Static Routing tab, select Enable static routing and click OK.

6 Click Apply.

What to do next

Enable static routing on another vApp network and create static routes between the two vApp networks.

Add Static Routes to vApp Networks

You can add static routes between two vApp networks that are routed to the same organization vDC network. Static routes allow traffic between the networks.

You cannot add static routes to a fenced vApp or between overlapping networks. After you add a static route to a vApp network, configure the network firewall rules to allow traffic on the static route. For vApps with static routes, you should select the Always use assigned IP addresses until this vApp or associated networks are deleted check box.

78 VMware, Inc.

Chapter 8 Working with vApps

Static routes only function when the vApps containing the routes are running. If you change the parent network of a vApp, delete a vApp, or delete a vApp network, and the vApp includes static routes, those routes cannot function and you must remove them manually.

Prerequisites

vShield 5.1.

Two vApp networks routed to the same organization vDC network.

The vApp networks are in vApps that were started at least once.

Static routing is enabled on both vApp networks.

Procedure

1 Click the My Cloud tab and click vApps in the left pane.

2 Right-click the first vApp and select Open.

3 On the Networking tab, select Show networking details.

4 Right-click the vApp network and select Configure Services.

5 On the Static Routing tab, click Add.

6 Type a name, network address, and next hop IP and click OK.

The network address is for the vApp network to which you want to add a static route. The next hop IP is the external IP address of that vApp network's router.

7 Click OK.

8 Click Apply.

9 Repeat Step 2 through Step 8 for the second vApp network.

Example: Static Routing Example

vApp Network 1 and vApp Network 2 are both routed to Org Network Shared. You can create a static route on each vApp network to allow traffic between the networks. You can use information about the vApp networks to create the static routes.

Table 8-3. Network Information

Network Name Network Specification Router External IP Address

vApp Network 1 192.168.1.0/24 192.168.0.100

vApp Network 2 192.168.2.0/24 192.168.0.101

Org Network Shared 192.168.0.0/24 NA

On vApp Network 1, create a static route to vApp Network 2. On vApp Network 2, create a static route to vApp Network 1.

Table 8-4. Static Routing Settings

vApp Network Route Name Network Next Hop IP Address

vApp Network 1 tovapp2 192.168.2.0/24 192.168.0.101

vApp Network 2 tovapp1 192.168.1.0/24 192.168.0.100

What to do next

Create firewall rules for the vApp networks to allow traffic on the static routes.

VMware, Inc. 79

vCloud Director User's Guide

Reset Your vApp Network

If the network services, such as DHCP settings, firewall settings, and so on, that are associated with a vApp network are not working as expected, an organization administrator can reset the network. Network services are not available during the reset.

Prerequisites

The vApp is running.

Procedure

1 Click My Cloud.

2 In the left pane, click vApps.

3 Select a vApp, right-click, and select Open.

4 On the Networking tab, select the Show networking details check box.

5 Select a vApp network, right-click, and select Reset Network.

6 Click Yes.

Delete a vApp Network

If you no longer need a network in your vApp, you can delete the network.

Prerequisites

The vApp is stopped and no virtual machines in the vApp are connected to the network.

Procedure

1 Click My Cloud.

2 In the left pane, selectvApps.

3 Select a vApp, right-click, and select Open.

4 On the Networking tab, select the Show networking details check box.

5 Right-click a network in the list and select Delete.

6 Click Apply.

Modify Network Properties

You can modify the properties of the networks in a vApp.

Procedure

1 Select Administration.

2 Select Cloud Resources > Networks.

3 Select a network, right-click, and select Properties.

You can modify the name, description, and portions of the network specification.

4 Modify the relevant properties and click OK.

5 Click Apply.

80 VMware, Inc.

Chapter 8 Working with vApps

Display the IP Allocations for Your vApp Network

You can review the IP allocations for the networks in your vApp.

Procedure

1 Click My Cloud.

2 In the left pane, selectvApps.

3 Select a vApp, right-click, and select Open.

4 On the Networking tab, select the Show networking detailscheck box.

5 Select a network, right-click, and select IP Allocations.

6 Review your allocations and click OK.

Configure IP Address Persistence

By default, when you stop a running vApp or power off a virtual machine, vCloud Director releases any IP and MAC addresses the virtual machines were using. You can configure a vApp to retain the network addresses of its virtual machines until the vApp, VM, or network is deleted.

Static routing relies on the IP addresses of the virtual machines and virtual routers in a vApp. For vApps that use static routing, enable IP persistence to make sure that static routes to and from the vApp remain valid.

Procedure

1 Click My Cloud.

2 In the left pane, selectvApps.

3 Select a vApp, right-click, and select Open.

4 On the Networking tab, select the Always use assigned IP addresses...check box and click Apply.

The virtual machines in the vApp keep their assigned IP and MAC addresses, even when they are powered off.

View Syslog Server Settings for a vApp Network

You can view the syslog server settings for a routed vApp network.

vCloud Director supports logging events related to firewall rules to a syslog server specified by a system administrator.

If a vApp network does not have any syslog server settings and you think it should, or if the settings are not what you expected, then you can synchronize the network with the most current syslog server settings. See

“Apply Syslog Server Settings to a vApp Network,” on page 82. If there is still a problem after you

synchronize, contact your system administrator.

Prerequisites

A routed vApp network.

Procedure

1 Click My Cloud.

2 In the left pane, click vApps.

3 Select a vApp, right-click, and select Open.

4 On the Networking tab, select a vApp network, right-click, and select Properties.

VMware, Inc. 81

vCloud Director User's Guide

5 Click the Syslog Server Settings tab.

Apply Syslog Server Settings to a vApp Network

You apply syslog server settings to a routed vApp network to enable firewall rule logging.

Syslog server settings can only be specified by a system administrator. You should apply those settings to any vApp network that was created before the system administrator specified them. You should also apply the syslog server settings to a vApp network any time a system administrator changes the settings.

Prerequisites

A routed vApp network.

Procedure

1 Click My Cloud.

2 In the left pane, click vApps.

3 Select a vApp, right-click, and select Open.

4 On the Networking tab, select a vApp network, right-click, and select Synchronize syslog server

settings.

5 Click Yes.

Editing vApp Properties

You can edit the properties of an existing vApp, including the vApp name and description, OVF environment properties, leases, and sharing settings.

Modify a vApp Name and Description on page 82

You can change the name and description associated with a vApp to make it more meaningful.

Modify vApp OVF Environment Properties on page 83

If a vApp includes user-configurable OVF environment properties, you can review and modify those properties.

Reset vApp Leases on page 83

You can reset the runtime and storage leases for a vApp.

Share a vApp on page 83

You can share your vApps with other groups or users in your organization. The access controls you set determine the operations that can be completed on the shared vApps.

Modify a vApp Name and Description

You can change the name and description associated with a vApp to make it more meaningful.

You are at least a vApp user.

Procedure

1 Click My Cloud.

2 In the left pane, click vApps.

3 Select a vApp, right-click, and select Properties.

4 On the General tab, modify the vApp name and description and click OK.

82 VMware, Inc.

Chapter 8 Working with vApps

Modify vApp OVF Environment Properties

If a vApp includes user-configurable OVF environment properties, you can review and modify those properties.

If a virtual machine in the vApp includes a value for a user-configurable property of the same name, the virtual machine value takes precedence.

Prerequisites

The vApp is stopped and its OVF environment includes user-configurable properties.

Procedure

1 Click My Cloud.

2 In the left pane, click vApps.

3 Select a vApp, right-click, and select Properties.

4 On the Custom Properties tab, modify the properties and click OK.

Reset vApp Leases

You can reset the runtime and storage leases for a vApp.

You are at least a vApp user.

Procedure

1 Click My Cloud.

2 In the left pane, click vApps.

3 Select a vApp, right-click, and select Properties.

4 On the General tab, select the Reset leases check box, select a runtime and storage lease, and click OK.

Share a vApp

You can share your vApps with other groups or users in your organization. The access controls you set determine the operations that can be completed on the shared vApps.

Procedure

1 Click My Cloud.

2 In the left pane, click vApps.

3 Select a vApp, right-click, and select Share.

4 Click Add Members.

5 Select the users with whom you want to share the vApp.

Option Action

Everyone in the organization

Specific users and group

VMware, Inc. 83

Select this option.

Select this option, select the users and groups, and click Add.

vCloud Director User's Guide

6 Select an access level for the users and groups.

Option Description

Full control

Read/write

Read only

7 Click OK.

Your vApp is shared with the specified users or groups.

Display a vApp Diagram

A vApp diagram provides a graphical view of the virtual machines and networks in a vApp.

Procedure

1 Click My Cloud.

2 On the vApps page, select a vApp, right-click, and select Open.

Users can open, start, save a vApp as a vApp template (Add to Catalog), change the owner, copy to a catalog, and modify properties.

Users can open, start, save a vApp as a vApp template (Add to Catalog), copy to catalog, and modify properties.

Users only have read access to a vApp.

3 Click the vApp Diagram tab.

The vApp diagram is displayed.

What to do next

You can perform most of the same operations from this tab that you can from the Virtual Machines and Networking tabs.

Change the Owner of a vApp

You can change the owner of the vApp, for example, if a vApp owner leaves the company or changes roles within the company.

You are an organization administrator.

Procedure

1 Click My Cloud.

2 In the left pane, click vApps.

3 Select a vApp, right-click, and select Change Owner.

4 Search for a user or select one from the list.

You can search by user name or full name.

5 Click OK.

The new owner's name appears in the Owner column on the vApp page.

84 VMware, Inc.

Upgrade the Virtual Hardware Version for a vApp

You can upgrade the virtual hardware version for all the virtual machines in a vApp. Higher virtual hardware versions support more features.

vCloud Director supports hardware version 4, hardware version 7, hardware version 8, and hardware version 9 virtual machines depending on the resources backing the organization's virtual datacenters.

You cannot downgrade the hardware version of the virtual machines in a vApp.

Prerequisites

The vApp must be stopped and its virtual machines must have the latest version of VMware Tools installed.

Procedure

1 Click My Cloud.

2 In the left pane, click vApps.

3 Select a vApp, right-click, and select Upgrade Virtual Hardware Version.

4 Click Yes.

Chapter 8 Working with vApps

Save vApp as a vApp Template to Your Catalog

You can save a vApp as a vApp template and add it to the catalog.

Procedure

1 Click My Cloud.

2 In the left pane, click vApps.

3 Select a vApp, right-click, and select Add to Catalog.

4 (Optional) Modify the name and description.

5 Select the destination vDC and catalog.

6 In the Storage lease: drop-down menu, select when you would like the vApp template to expire.

7 Select an option.

Option Description

Make Identical Copy

Customize VM Settings

8 Click OK.

Guest operating system is personalized regardless of the vApp template settings, and the guest operating system is personalized when the vApp is deployed.

The vApp is saved as a vApp template in the selected catalog.

VMware, Inc. 85

vCloud Director User's Guide

Create a Snapshot of a vApp

You can take a snapshot of all the virtual machines in a vApp. After you take the snapshots, you can revert all virtual machines in the vApp to the most recent snapshot, or remove all snapshots.

vApp snapshots have the following limitations.

They do not capture NIC configurations.

You cannot create them if any virtual machine in the vApp is connected to an independent disk.

Procedure

1 Select My Cloud > vApps.

2 Right-click the vApp and select Create Snapshot.

3 Click OK.

Revert a vApp to a Snapshot

You can revert all virtual machines in a vApp to the state they were in when the vApp snapshot was created.

Prerequisites

Verify that the vApp has a snapshot.

Procedure

1 Select My Cloud > vApps.

2 Right-click the vApp and select Revert to Snapshot.

3 Click Yes.

Remove a Snapshot of a vApp

You can remove a snapshot of a vApp.

Procedure

1 Select My Cloud > vApps.

2 Right-click the vApp and select Remove Snapshot.

3 Click Yes.

Copy a vApp to Another vDC

When you copy a vApp to another vDC, the original vApp remains in the source vDC.

Procedure

1 Click My Cloud.

2 In the left pane, click vApps.

3 Select a vApp, right-click, and select Copy to.

4 Type a name and description.

5 Select a vDC.

6 Click OK.

86 VMware, Inc.

The new vDC for this vApp appears in the vDC column on the vAppspage.

Move a vApp to Another vDC

When you move a vApp to another vDC, the vApp is removed from the source vDC.

You are at least a vApp author.

Prerequisites

Your vApp is stopped.

Procedure

1 Click My Cloud.

2 In the left pane, click vApps.

3 Select a vApp, right-click, and select Move to.

4 Select a vDC.

5 Click OK.

Delete a vApp

Chapter 8 Working with vApps

You can delete a vApp, which removes it from your organization.

You must be at least a vApp author.

Prerequisites

Your vApp must be stopped.

Procedure

1 Click My Cloud.

2 In the left pane, click vApps.

3 Select a vApp, right-click, and select Delete.

4 Click Yes.

VMware, Inc. 87

vCloud Director User's Guide

88 VMware, Inc.

Working with Virtual Machines 9

Virtual machines have a guest operating system on which you can install and run any software supported by that operating system. In vCloud Director, you can install VMware Tools, insert DVDs and floppy disks, and remotely connect to virtual machines.

These are the most basic operations that you can do on a virtual machine.

Power On, which is equal to powering on a physical machine.

Power Off, which is equal to powering off a physical machine.

Suspend, where the CPU of a deployed virtual machine is frozen. You can suspend a machine when you need to leave a virtual machine but do not want to lose its current state.

Reset, which power cycles the virtual machine.

This chapter includes the following topics:

“Open a Virtual Machine Console,” on page 90

“Power On a Virtual Machine,” on page 90

“Power Off a Virtual Machine,” on page 90

“Reset a vApp or Virtual Machine,” on page 91

VMware, Inc.

“Suspend a Virtual Machine,” on page 91

“Resume a Suspended Virtual Machine,” on page 91

“Discard the Suspended State of a Virtual Machine,” on page 91

“Insert a CD/DVD,” on page 92

“Eject a CD/DVD,” on page 92

“Insert a Floppy,” on page 92

“Eject a Floppy,” on page 93

“Upgrade the Virtual Hardware Version for a Virtual Machine,” on page 93

“Connect Remotely to a Virtual Machine,” on page 93

“Create a Snapshot of a Virtual Machine,” on page 94

“Revert a Virtual Machine to a Snapshot,” on page 94

“Remove a Snapshot of a Virtual Machine,” on page 94

“Copy or Move a Virtual Machine to a vApp,” on page 94

“Delete a Virtual Machine,” on page 95

vCloud Director User's Guide

“Editing Virtual Machine Properties,” on page 95

“Installing VMware Tools,” on page 101

“Guest Operating Systems,” on page 112

Open a Virtual Machine Console

Accessing your virtual machine console allows you to view information about a virtual machine, work with the guest operating system, and perform operations that affect the guest operating system.

You might be required to download and install VMware Remote Console Plug-In. Click OK in the dialog box that appears.

Prerequisites

The virtual machine is powered on.

Procedure

1 Click My Cloud.

2 In the left pane, click VMs.

3 Select a virtual machine, right-click, and select Popout Console.

If you close or refresh a virtual machine console while you have one or more client devices connected, those devices are disconnected.

Power On a Virtual Machine

Powering on a virtual machine is the equivalent of powering on a physical machine.

You cannot power on a virtual machine that has guest customization enabled unless the virtual machine has a current version of VMware Tools installed.

Prerequisites

A virtual machine that is powered off.

Procedure

1 Click My Cloud.

2 In the left pane, click VMs.

3 Select a virtual machine, right-click, and select Power On.

Power Off a Virtual Machine

Powering off a virtual machine is the equivalent of powering off a physical machine.

Prerequisites

A virtual machine that is powered on.

Procedure

1 Click My Cloud.

2 In the left pane, click VMs.

3 Select a virtual machine, right-click, and select Power Off.

90 VMware, Inc.

Reset a vApp or Virtual Machine

Resetting a virtual machine clears state (memory, cache, and so on), but the vApps and virtual machines continue to run.

Prerequisites

Your vApp is started and virtual machine is powered on.

Procedure

1 Click My Cloud.

2 In the left pane, select vApps or VMs.

3 Select a vApp or virtual machine, right-click, and select Reset.

Suspend a Virtual Machine

Suspending a virtual machine preserves its current state.

Prerequisites

A virtual machine that is powered on.

Chapter 9 Working with Virtual Machines

Procedure

1 Click My Cloud.

2 In the left pane, click VMs.

3 Select a virtual machine, right-click, and select Suspend.

4 Click Yes.

Resume a Suspended Virtual Machine

You can resume a suspended virtual machine to power it on and return it to the state it was in when you suspended it.

Prerequisites

A suspended virtual machine.

Procedure

1 Click My Cloud.

2 In the left pane, click VMs.

3 Select a virtual machine, right-click, and select Resume.

Discard the Suspended State of a Virtual Machine

If a virtual machine is in a suspended state, you can discard this state, for example, to free storage space.

Procedure

1 Click My Cloud.

2 In the left pane, click VMs.

3 Select a virtual machine, right-click, and select Discard Suspended State.

VMware, Inc. 91

vCloud Director User's Guide

4 Click Yes.

Insert a CD/DVD

You can access CD/DVD images from catalogs to use in a virtual machine guest operating system. You can install operating systems, applications, drivers, and so on.

Prerequisites

You have access to a catalog with media files.

Procedure

1 Click My Cloud.

2 In the left pane, click VMs.

3 In the right pane, select a virtual machine, right-click, and select Insert CD/DVD from Catalog.

4 Select a media file and click Insert.

The selected CD or DVD is inserted.

Eject a CD/DVD

After you have finished using a CD or DVD in your virtual machine you can eject it.

Procedure

1 Click My Cloud.

2 In the left pane, select VMs.

3 Select a virtual machine, right-click, and select Eject CD/DVD.

The media file is removed from the virtual machine.

Insert a Floppy

You can access floppy disk images from catalogs to use in a guest operating system. When you insert a floppy disk, you can install operating systems, applications, drivers, and so on.

Prerequisites

You have media files in your catalog.

Procedure

1 Click My Cloud.

2 In the left pane, click VMs.

3 Select a virtual machine, right-click, and select Insert Floppy from Catalog.

4 Using the drop-down menu, select a floppy disk image or select one from the list and click Insert.

The selected floppy disk is inserted.

92 VMware, Inc.

Chapter 9 Working with Virtual Machines

Eject a Floppy

After you have finished using a floppy disk in your virtual machine you can eject it.

Procedure

1 Click My Cloud.

2 In the left pane, select VMs.

3 Select a virtual machine, right-click, and select Eject Floppy.

The floppy disk is removed from the virtual machine.

Upgrade the Virtual Hardware Version for a Virtual Machine

You can upgrade the virtual hardware version for a virtual machine. Higher virtual hardware versions support more features.

vCloud Director supports hardware version 4, hardware version 7, hardware version 8, and hardware version 9 virtual machines depending on the resources backing the organization's virtual datacenters.

You cannot downgrade the hardware version of a virtual machine.

Prerequisites

The virtual machine must be powered off and it must have the latest version of VMware Tools installed.

Procedure

1 Click My Cloud.

2 In the left pane, click VMs.

3 Select a virtual machine, right-click, and select Upgrade Virtual Hardware Version.

4 Click Yes.

Connect Remotely to a Virtual Machine

You can use the Remote Desktop Connection file to connect to a deployed virtual machine from your desktop.

Prerequisites

The virtual machine must be powered on, running a Windows guest OS, and have Remote Desktop enabled in the guest OS.

The virtual machine must have an IP assigned on its network that is accessible by the client.

The RDP port 3389 must be open on the guest OS.

Procedure

1 Click My Cloud.

2 In the left pane, click VMs.

3 Select a virtual machine, right-click, and select Download Windows Remote Desktop Shortcut File.

4 In the Download RDP Shortcut File dialog box, click Yes.

5 Navigate to the location where you want to save the file and click Save.

6 Double-click the file and select Connect.

VMware, Inc. 93

vCloud Director User's Guide

Create a Snapshot of a Virtual Machine

You can take a snapshot of a virtual machine. After you take the snapshot, you can revert all the virtual machines to the most recent snapshot, or remove the snapshot.

Snapshots do not capture NIC configurations.

Prerequisites

Verify that the virtual machine is not connected to an independent disk.

Procedure

1 Select My Cloud > VMs.

2 Right-click the vApp and select Create Snapshot.

3 Click OK.

Revert a Virtual Machine to a Snapshot

You can revert a virtual machine to the state it was in when the snapshot was created.

Prerequisites

Verify that the virtual machine has a snapshot.

Procedure

1 Select My Cloud > VMs.

2 Right-click the vApp and select Revert to Snapshot.

3 Click Yes.

Remove a Snapshot of a Virtual Machine

You can remove a snapshot of a virtual machine.

Procedure

1 Select My Cloud > VMs.

2 Right-click the vApp and select Remove Snapshot.

3 Click Yes.

Copy or Move a Virtual Machine to a vApp

You can copy or move a virtual machine to another vApp. When you copy a virtual machine, the original virtual machine remains in the source vApp. If you move a virtual machine, it is removed from the source vApp.

Prerequisites

The virtual machine must be powered off.

Procedure

1 Click My Cloud.

2 In the left pane, click VMs.

3 Select a virtual machine, right-click, and select Copy to or Move to.

94 VMware, Inc.

4 Follow the prompts to complete the wizard.

5 Click Finish.

Delete a Virtual Machine

You can delete a virtual machine from your organization.

Prerequisites

Your virtual machine must be powered off.

Procedure

1 Click My Cloud.

2 In the left pane, click VMs.

3 Select a virtual machine, right-click, and select Delete.

4 Click Yes.

Editing Virtual Machine Properties

You can edit the properties of a virtual machine, including the virtual machine name and description, CPU and memory settings, and OVF environment settings.

Chapter 9 Working with Virtual Machines

Modify Virtual Machine General Properties on page 95

You can review and modify the name, description, and other general properties of a virtual machine.

Modify Virtual Machine CPUs and Memory on page 96

You can modify the number of virtual CPUs and memory for a virtual machine.

Modify Virtual Machine OVF Environment Properties on page 97

If a virtual machine includes user-configurable OVF environment properties, you can review and modify those properties.

Configuring Virtual Machine Resource Allocation Settings on page 97

Reservation pool virtual datacenters support the ability to control resource allocation at the virtual machine level. Users with the necessary rights can customize the amount of resources that are allocated to their virtual machines.

Modifying Virtual Machine Hard Disks on page 99

You can add hard disks, edit hard disks, and delete hard disk from a virtual machine.

Modifying Virtual Machine Network Interfaces on page 100

You can modify virtual machine network settings, reset a MAC address, add a network interface, and delete a network interface.

Modify Virtual Machine General Properties

You can review and modify the name, description, and other general properties of a virtual machine.

Prerequisites

The virtual machine must be powered off to modify some general properties.

Procedure

1 Click My Cloud.

2 In the left pane, click VMs.

VMware, Inc. 95

vCloud Director User's Guide

3 Select a virtual machine, right-click, and select Properties.

4 On the General tab, modify the properties and click OK.

Option Description

Full name

Computer name

Description

Operating System Family

Operating System

Virtual hardware version

Virtual CPU hot add

Memory hot add

Synchronize time

The display name of the virtual machine in vCloud Director.

The computer/host name set in the guest operating system that identifies the virtual machine on a network. This field is restricted to 15 characters because of a Windows OS limitation on computer names.

An optional description of the virtual machines.

Drop-down list containing supported operating system families.

Drop-down list containing supported operating systems.

The virtual hardware version of the virtual machine. Select the Upgrade to and select a hardware version to upgrade the virtual machine hardware.

Select the check box to enable virtual CPU hot add. This allows you to add virtual CPUs to a powered on virtual machine. This feature is only supported on certain guest operating systems and virtual machine hardware versions.

Select the check box to enable memory hot add. This allows you to add memory to a powered on virtual machine. This feature is only supported on certain guest operating systems and virtual machine hardware versions.

Select the check box to enable time synchronization between the virtual machine guest operating system and the virtual datacenter in which it is running.

Modify Virtual Machine CPUs and Memory

You can modify the number of virtual CPUs and memory for a virtual machine.

The number of virtual CPUs and memory that a virtual machine supports depends on its virtual hardware version.

Table 9-1. Virtual Hardware Versions and CPU/Memory Support

Virtual Hardware Version Maximum CPUs Maximum Memory

HW4 4 64GB

HW7 8 255GB

HW8 32 1011GB

You must power off the virtual machine before adding CPUs or memory, unless the virtual machine supports memory hot add and virtual CPU hot add.

Procedure

1 Click My Cloud.

2 In the left pane, click VMs.

3 Select a virtual machine, right-click, and select Properties.

4 On the Hardware tab, select the number of CPUs and total memory for the virtual machine.

5 Click OK.

96 VMware, Inc.

Chapter 9 Working with Virtual Machines

Modify Virtual Machine OVF Environment Properties

If a virtual machine includes user-configurable OVF environment properties, you can review and modify those properties.

If the vApp containing the virtual machine includes a value for a user-configurable property of the same name, the virtual machine value takes precedence.

Prerequisites

The virtual machine is powered off and its OVF environment includes user-configurable properties.

Procedure

1 Click My Cloud.

2 In the left pane, click VMs.

3 Select a virtual machine, right-click, and select Properties.

4 On the Custom Properties tab, modify the properties and click OK.

Configuring Virtual Machine Resource Allocation Settings

Use the resource allocation settings (shares, reservation, and limit) to determine the amount of CPU, memory, and storage resources provided for a virtual machine. Users have several options for allocating resources.

Ensure that a certain amount of memory for a virtual machine is provided by the virtual datacenter.

Guarantee that a particular virtual machine is always allocated a higher percentage of the virtual datacenter resources than other virtual machines.

Set an upper bound on the resources that can be allocated to a virtual machine.

Resource Allocation Shares

Shares specify the relative importance of a virtual machine within a vDC. If a virtual machine has twice as many shares of a resource as another virtual machine, it is entitled to consume twice as much of that resource when these two virtual machines are competing for resources.

Shares are typically specified as High, Normal, or Low and these values specify share values with a 4:2:1 ratio, respectively. You can also select Custom to assign a specific number of shares (which expresses a proportional weight) to each virtual machine.

When you assign shares to a virtual machine, you always specify the priority for that virtual machine relative to other powered-on virtual machines.

The following table shows the default CPU and memory share values for a virtual machine.

Table 9-2. Share Values

Setting CPU share values Memory share values

High 2000 shares per virtual CPU 20 shares per megabyte of configured virtual machine

memory.

Normal 1000 shares per virtual CPU 10 shares per megabyte of configured virtual machine

memory.

Low 500 shares per virtual CPU 5 shares per megabyte of configured virtual machine

memory.

VMware, Inc. 97

vCloud Director User's Guide

For example, a virtual machine with two virtual CPUs and 1GB RAM with CPU and memory shares set to Normal has 2x1000=2000 shares of CPU and 10x1024=10240 shares of memory.

The relative priority represented by each share changes when a new virtual machine is powered on. This affects all virtual machines in the same vDC.

Resource Allocation Reservation

A reservation specifies the guaranteed minimum allocation for a virtual machine.

vCloud Director allows you to power on a virtual machine only if there are enough unreserved resources to satisfy the reservation of the virtual machine. The vDC guarantees that amount even when its resources are heavily loaded. The reservation is expressed in concrete units (megahertz or megabytes).

For example, assume you have 2GHz available and specify a reservation of 1GHz for VM1 and 1GHz for VM2. Now each virtual machine is guaranteed to get 1GHz if it needs it. However, if VM1 is using only 500MHz, VM2 can use 1.5GHz.

Reservation defaults to 0. You can specify a reservation if you need to guarantee that the minimum required amounts of CPU or memory are always available for the virtual machine.

Resource Allocation Limit

Limit specifies an upper bound for CPU and memory resources that can be allocated to a virtual machine.

A vDC can allocate more than the reservation to a virtual machine, but never allocates more than the limit, even if there are unused resources on the system. The limit is expressed in concrete units (megahertz or megabytes).

CPU and memory resource limits default to unlimited. When the memory limit is unlimited, the amount of memory configured for the virtual machine when it was created becomes its effective limit in most cases.

In most cases, it is not necessary to specify a limit. You might waste idle resources if you specify a limit. The system does not allow a virtual machine to use more resources than the limit, even when the system is underutilized and idle resources are available. Specify a limit only if you have good reasons for doing so.

Configure Virtual Machine Resource Allocation Settings

You can configure the resource allocation settings (shares, reservation, and limit) to determine the amount of CPU, memory, and storage resources provided for a virtual machine.

For more information about shares, reservations, and limits, see “Resource Allocation Shares,” on page 97,

“Resource Allocation Reservation,” on page 98, and “Resource Allocation Limit,” on page 98.

Prerequisites

A reservation pool vDC.

Procedure

1 Click My Cloud.

2 In the left pane, click VMs.

3 Select a virtual machine, right-click, and select Properties.

4 Click the Resource Allocation tab and set the priority, reservation, and limit for CPU and memory.

5 Click OK.

98 VMware, Inc.

Chapter 9 Working with Virtual Machines

Modifying Virtual Machine Hard Disks

You can add hard disks, edit hard disks, and delete hard disk from a virtual machine.

Add a Virtual Machine Hard Disk

You can add a virtual hard disk to a virtual machine.

The virtual machine is powered off.

Procedure

1 Click My Cloud.

2 In the left pane, click VMs.

3 Select a virtual machine, right-click, and select Properties.

4 On the Hardware tab, click Add in the Hard Disks section.

5 Select the disk size, bus type, bus number, and unit number and click OK.

What to do next

Power on the virtual machine and use the guest operating system tools to partition and format the new disk.

Edit a Virtual Machine Hard Disk

You can modify the bus number and unit number of a virtual machine hard disk.

The virtual machine is powered off.

Procedure

1 Click My Cloud.

2 In the left pane, click VMs.

3 Select a virtual machine, right-click, and select Properties.

4 On the Hardware tab, select a new bus number or unit number in the Hard Disks section and click OK.

Delete a Virtual Machine Hard Disk

You can delete a virtual machine hard disk.

The virtual machine is powered off.

Procedure

1 Click My Cloud.

2 In the left pane, click VMs.

3 Select a virtual machine, right-click, and select Properties.

4 On the Hardware tab, click Delete in the Hard Disks section and click Yes.

5 Click OK.

VMware, Inc. 99

vCloud Director User's Guide

Modifying Virtual Machine Network Interfaces

You can modify virtual machine network settings, reset a MAC address, add a network interface, and delete a network interface.

Virtual machine version 4 supports up to four NICs, and virtual machine version 7 and 8 support up to ten NICs.

Edit Network Interface Settings

You can disconnect a virtual machine NIC, change the network to which a NIC connects, specify a primary NIC, and change the IP addressing mode for a NIC.

Prerequisites

The virtual machine is powered off.

Procedure

1 Click My Cloud.

2 In the left pane, click VMs.

3 Select a virtual machine, right-click, and select Properties.

4 In the NICs section on the Hardware tab, specify the network settings for each NIC.

Option Action

Connected

Network

Primary NIC

IP Mode

IP Address

Deselect the check box to disconnect a NIC.

Select a network from the drop-down menu.

Select a primary NIC. The primary NIC setting determines the default and only gateway for the virtual machine.The virtual machine can use any NIC to connect to other machines that are directly connected to the same network as the NIC, but it can only use the primary NIC to connect to machines on networks that require a gateway connection.

Select an IP mode.

Static - IP Pool pulls IP addresses from the network's IP pool.

Static - Manual allows you to specify an IP address.

DHCP pulls IP addresses from a DHCP server.

If you selected Static - Manual, type an IP address.

5 Click OK.

Reset a Network Interface MAC Address

You can reset a network interface MAC address if, for example, you have a MAC address conflict or if you need to discard saved state quickly and easily.

Prerequisites

The virtual machine is powered off.

Procedure

1 Click My Cloud.

2 In the left pane, click VMs.

3 Select a virtual machine, right-click, and select Properties.

4 Click the Hardware tab.

100 VMware, Inc.

VMware vCloud Director - 5.1 User’s Guide

Specifications and Main Features

Frequently Asked Questions

User Manual

Contents

vCloud Director User's Guide

Getting Started with vCloud Director 1

Understanding VMware vCloud Director

Log In to the Web Console

Using vCloud Director

Set Mozilla Firefox Options

Bypass the Proxy in Mozilla Firefox

Set Microsoft Internet Explorer Options

Bypass the Proxy in Internet Explorer

Set User Preferences

Change Your Password

Managing Users and Groups 2

Managing Users

Add a Local User

Import an LDAP User

Edit a User

Delete a User

Send User Notifications

Delete Users in Lost and Found

Disable or Enable User Accounts

View and Change a User's Role

Working with Groups

Import a Group

Delete a Group

Modify the Role of a Group

Managing Cloud Resources 3

Managing Virtual Datacenters

Display Virtual Datacenters

Review Virtual Datacenter Properties

Monitor Your Virtual Datacenter

Manage Your Virtual Datacenters

Managing Organization vDC Networks

Configuring Oganization vDC Network Services

Configure DHCP for an Organization vDC Network

Configure the Firewall for an Organization vDC Network

Add a Firewall Rule to an Organization vDC Network

Reorder Firewall Rules for an Organization vDC Network

Enable VPN for an Organization vDC Network

Create a VPN Tunnel In an Organization

Create a VPN Tunnel Between Organizations

Create a VPN Tunnel to a Remote Network

Enable Static Routing for an Organization vDC Network

Add Static Routes Between vApp Networks Routed to the Same Organization vDC Network

Add Static Routes Between vApp Networks Routed to Different Organization vDC Networks

Reset an Organization vDC Network

View IP Use for an Organization vDC Network

Add IP Addresses to an Organization vDC Network IP Pool

View vApps and vApp Templates That Use an Organization vDC Network

View Syslog Server Settings for an Organization vDC Network

Apply Syslog Server Settings to an Organization vDC Network

Managing Expired Items

Manage Expired vApps

Manage Expired vApp Templates

Working in an Organization 4

Understanding Leases

Set Up an Organization

Change the Organization Full Name

Import Users and Groups

Add Local Users to the Organization

Configure Email Preferences

Configure Organization Lease, Quota, and Limit Settings

Review Your Organization Profile

Modify Your Email Settings

Modify Your Organization's Policies

Set Default Domain for Organization Virtual Machines

Enable Your Organization to Use an SAML Identity Provider

Manage Users and Groups in Your Organization

Manage Resources in Your Organization

Manage Virtual Machines in Your Organization

Viewing Organization Log Tasks and Events

View Organization Events

View Organization Tasks

Working with Catalogs 5

Add a New Catalog

Access a Catalog