VMware vCloud Director - 5.5 Administrator’s Guide
vCloud Director Administrator's Guide
vCloud Director 5.5
This document supports the version of each product listed and
supports all subsequent versions until the document is
replaced by a new edition. To check for more recent editions
of this document, see http://www.vmware.com/support/pubs.
EN-001256-01
vCloud Director Administrator's Guide
You can find the most up-to-date technical documentation on the VMware Web site at:
http://www.vmware.com/support/
The VMware Web site also provides the latest product updates.
If you have comments about this documentation, submit your feedback to:
docfeedback@vmware.com
Copyright © 2010–2014 VMware, Inc. All rights reserved. Copyright and trademark information.
VMware, Inc.
3401 Hillview Ave.
Palo Alto, CA 94304
www.vmware.com
2 VMware, Inc.
Contents
vCloud Director Administrator's Guide 7
Updated Information 9
Getting Started with vCloud Director 11
1
Overview of vCloud Director Administration 11
Log In to the Web Console 14
System Administrator Home Page 14
Preparing the System 14
Replace SSL Certificates 15
Set User Preferences 16
Adding Resources to vCloud Director 17
2
Adding vSphere Resources 17
Adding Cloud Resources 19
Creating and Provisioning Organizations 25
3
Understanding Leases 25
Understanding Allocation Models 26
Create an Organization 27
Allocate Resources to an Organization 31
Working With Catalogs 39
4
Enable Catalog Sharing, Publishing, and Subscription 39
Create a Catalog 40
Upload a vApp Template 41
Import a vApp Template from vSphere 42
Upload a Media File 42
Import a Media File from vSphere 43
Share a Catalog 43
Publish a Catalog to External Organizations 44
Subscribe to an External Catalog Feed 44
VMware, Inc.
Managing Cloud Resources 47
5
Managing Provider Virtual Datacenters 47
Managing Organization Virtual Datacenters 54
Managing External Networks 65
Managing Edge Gateways 66
Managing Organization Virtual Datacenter Networks 83
Managing Network Pools 97
Managing Cloud Cells 99
3
vCloud Director Administrator's Guide
Managing Service Offerings 100
Managing vSphere Resources 105
6
Managing vSphere vCenter Servers 105
Managing vSphere ESX/ESXi Hosts 107
Managing vSphere Datastores 109
Managing Stranded Items 110
View Resource Pool Properties 110
View Storage Policy Properties 111
Managing Organizations 113
7
Enable or Disable an Organization 113
Delete an Organization 113
Add a Catalog to an Organization 114
Editing Organization Properties 114
Managing Organization Resources 118
Managing Organization vApps and Virtual Machines 118
Managing System Administrators and Roles 123
8
Add a System Administrator 123
Import a System Administrator 124
Enable or Disable a System Administrator 124
Delete a System Administrator 124
Edit System Administrator Profile and Contact Information 125
Send an Email Notification to Users 125
Delete a System Administrator Who Lost Access to the System 125
Import a Group 125
Delete an LDAP Group 126
View Group Properties 126
Roles and Rights 126
Managing System Settings 129
9
Modify General System Settings 129
General System Settings 129
Editing System Email Settings 131
Configuring Blocking Tasks and Notifications 132
Configuring the System LDAP Settings 133
Customize the vCloud Director Client UI 136
Configuring Public Addresses 137
Configure the Account Lockout Policy 139
Configure vCloud Director to use vCenter Single Sign On 139
Monitoring vCloud Director 141
10
Viewing Tasks and Events 141
Monitor and Manage Blocking Tasks 143
View Usage Information for a Provider Virtual Datacenter 143
View Usage Information for an Organization Virtual Datacenter 143
Using vCloud Director's JMX Service 144
4 VMware, Inc.
Viewing the vCloud Director Logs 144
vCloud Director and Cost Reporting 145
Monitoring Quarantined Files 145
Contents
Roles and Rights 149
11
Predefined Roles and Their Rights 149
Index 155
VMware, Inc. 5
vCloud Director Administrator's Guide
6 VMware, Inc.
vCloud Director Administrator's Guide
The VMware vCloud Director Administrator's Guide provides information to the vCloud Director system
administrator about how to add resources to the system, create and provision organizations, manage
resources and organizations, and monitor the system.
Intended Audience
This book is intended for anyone who wants to configure and manage a vCloud Director installation. The
information in this book is written for experienced system administrators who are familiar with Linux,
Windows, IP networks, and VMware vSphere.
VMware, Inc. 7
vCloud Director Administrator's Guide
8 VMware, Inc.
Updated Information
This vCloud Director Administrator's Guide is updated with each release of the product or when necessary.
This table provides the update history of the vCloud Director Administrator's Guide.
Revision Description
001256-01
001256-00 Initial release.
Corrected a statement about how the allocation pool model works when elastic VDC is disabled in
n
“Understanding Allocation Models,” on page 26.
Added the requirement for 8 CPUs with Full-4 gateway configuration to “Select Gateway and IP
n
Configuration Options for a New Edge Gateway,” on page 67.
Added a topic on enabling VAAI for fast provisioning. See “Enable VAAI for Fast Provisioning on a
n
Datastore,” on page 109.
Added right descriptions to “Predefined Roles and Their Rights,” on page 149.
n
Added requirement for disabling vSAN before creating a provider virtual datacenter in “Create a
n
Provider Virtual Datacenter,” on page 19.
Added information on upgrading an edge gateway in “Upgrade an Edge Gateway,” on page 82.
n
VMware, Inc. 9
vCloud Director Administrator's Guide
10 VMware, Inc.
Getting Started with vCloud Director 1
The first time you log in to the vCloud Director Web console, the Home tab guides you through the steps to
configure your installation.
Overview of vCloud Director Administration on page 11
n
VMware vCloud Director is a software product that provides the ability to build secure, multi-tenant
clouds by pooling virtual infrastructure resources into virtual datacenters and exposing them to users
through Web-based portals and programmatic interfaces as a fully-automated, catalog-based service.
Log In to the Web Console on page 14
n
You can access the vCloud Director user interface by using a Web browser.
System Administrator Home Page on page 14
n
The Home tab provides links to common tasks and support resources.
Preparing the System on page 14
n
The Home tab in the vCloud Director Web console provides links to the tasks required to prepare the
system for use. Links become active after you complete prerequisite tasks.
Replace SSL Certificates on page 15
n
If any members of your vCloud Director server group are using self-signed SSL certificates, you can
upgrade them to signed SSL certificates to obtain a higher level of trust within your cloud.
Set User Preferences on page 16
n
You can set certain display and system alert preferences that take effect every time you log in to the
system. You can also change the password for your system administrator account.
Overview of vCloud Director Administration
VMware vCloud Director is a software product that provides the ability to build secure, multi-tenant clouds
by pooling virtual infrastructure resources into virtual datacenters and exposing them to users through
Web-based portals and programmatic interfaces as a fully-automated, catalog-based service.
The VMware vCloud Director Administrator's Guide provides information about adding resources to the
system, creating and provisioning organizations, managing resources and organizations, and monitoring
the system.
VMware, Inc.
11
vCloud Director Administrator's Guide
vSphere Resources
vCloud Director relies on vSphere resources to provide CPU and memory to run virtual machines. In
addition, vSphere datastores provide storage for virtual machine files and other files necessary for virtual
machine operations. vCloud Director also utilizes vSphere distributed switches and vSphere port groups to
support virtual machine networking.
You can use these underlying vSphere resources to create cloud resources.
Cloud Resources
Cloud resources are an abstraction of their underlying vSphere resources. They provide the compute and
memory resources for vCloud Director virtual machines and vApps. A vApp is a virtual system that
contains one or more individual virtual machines, along with parameters that define operational details.
Cloud resources also provide access to storage and network connectivity.
Cloud resources include provider and organization virtual datacenters, external networks, organization
virtual datacenter networks, and network pools. Before you can add cloud resources to vCloud Director,
you must add vSphere resources.
Provider Virtual Datacenters
A provider virtual datacenter combines the compute and memory resources of a single vCenter Server
resource pool with the storage resources of one or more datastores available to that resource pool.
You can create multiple provider virtual datacenters for users in different geographic locations or business
units, or for users with different performance requirements.
Organization Virtual Datacenters
An organization virtual datacenter provides resources to an organization and is partitioned from a provider
virtual datacenter. Organization virtual datacenters provide an environment where virtual systems can be
stored, deployed, and operated. They also provide storage for virtual media, such as floppy disks and CD
ROMs.
A single organization can have multiple organization virtual datacenters.
vCloud Director Networking
vCloud Director supports three types of networks.
External networks
n
Organization virtual datacenter networks
n
vApp networks
n
Some organization virtual datacenter networks and all vApp networks are backed by network pools.
External Networks
An external network is a logical, differentiated network based on a vSphere port group. organization virtual
datacenter networks can connect to external networks to provide Internet connectivity to virtual machines
inside of a vApp.
Only system administrators create and manage external networks.
12 VMware, Inc.
Chapter 1 Getting Started with vCloud Director
Organization Virtual Datacenter Networks
An organization virtual datacenter network is contained within a vCloud Director organization virtual
datacenter and is available to all the vApps in the organization. An organization virtual datacenter network
allows vApps within an organization to communicate with each other. You can connect an organization
virtual datacenter network to an external network to provide external connectivity. You can also create an
isolated organization virtual datacenter network that is internal to the organization. Certain types of
organization virtual datacenter networks are backed by network pools.
Only system administrators can create organization virtual datacenter networks. System administrators and
organization administrators can manage organization virtual datacenter networks, although there are some
limits to what an organization administrator can do.
vApp Networks
A vApp network is contained within a vApp and allows virtual machines in the vApp to communicate with
each other. You can connect a vApp network to an organization virtual datacenter network to allow the
vApp to communicate with other vApps in the organization and outside of the organization, if the
organization virtual datacenter network is connected to an external network. vApp networks are backed by
network pools.
Most users with access to a vApp can create and manage their own vApp networks. Working with vApp
networks is described in the VMware vCloud Director User's Guide.
Network Pools
A network pool is a group of undifferentiated networks that is available for use within an organization
virtual datacenter. A network pool is backed by vSphere network resources such as VLAN IDs, port groups,
or Cloud isolated networks. vCloud Director uses network pools to create NAT-routed and internal
organization virtual datacenter networks and all vApp networks. Network traffic on each network in a pool
is isolated at layer 2 from all other networks.
Each organization virtual datacenter in vCloud Director can have one network pool. Multiple organization
virtual datacenters can share the same network pool. The network pool for an organization virtual
datacenter provides the networks created to satisfy the network quota for an organization virtual
datacenter.
Only system administrators can create and manage network pools.
Organizations
vCloud Director supports multi-tenancy through the use of organizations. An organization is a unit of
administration for a collection of users, groups, and computing resources. Users authenticate at the
organization level, supplying credentials established by an organization administrator when the user was
created or imported. System administrators create and provision organizations, while organization
administrators manage organization users, groups, and catalogs. Organization administrator tasks are
described in the VMware vCloud Director User's Guide.
Users and Groups
An organization can contain an arbitrary number of users and groups. Users can be created by the
organization administrator or imported from a directory service such as LDAP. Groups must be imported
from the directory service. Permissions within an organization are controlled through the assignment of
rights and roles to users and groups.
VMware, Inc. 13
vCloud Director Administrator's Guide
Catalogs
Organizations use catalogs to store vApp templates and media files. The members of an organization that
have access to a catalog can use the catalog's vApp templates and media files to create their own vApps. A
system administrator can allow an organization to publish a catalog to make it available to other
organizations. Organizations administrators can then choose which catalog items to provide to their users.
Log In to the Web Console
You can access the vCloud Director user interface by using a Web browser.
For a list of supported browsers, see the VMware vCloud Director Installation and Configuration Guide.
Prerequisites
You must have the system administrator user name and password that you created during the system setup.
Procedure
1 Open a Web browser and navigate to https://hostname.domain.tld/cloud.
For hostname.domain.tld, provide the fully qualified domain name associated with the primary IP
address of the vCloud Director server host. For example, https://cloud.example.com/cloud.
2 Type the system administrator user name and password and click Login.
vCloud Director displays a list of the next tasks you should perform.
System Administrator Home Page
The Home tab provides links to common tasks and support resources.
The first time you log in after installing vCloud Director, the Home tab includes a list of quick start tasks,
designed to help you get the system up and running. You can continue to access these tasks even after the
system is configured.
The Home tab also includes links to many of the most common tasks related to managing cloud resources,
organizations, and system users.
Preparing the System
The Home tab in the vCloud Director Web console provides links to the tasks required to prepare the
system for use. Links become active after you complete prerequisite tasks.
For more information about each task, see Table 1-1.
Table 1‑1. Quick Start Tasks
Task For More Information
Attach a vCenter “Attach a vCenter Server,” on page 17
Create a Provider Virtual Datacenter “Create a Provider Virtual Datacenter,” on page 19
Create an External Network “Add an External Network,” on page 21
Create a Network Pool “Network Pools,” on page 21
Create an Organization “Create an Organization,” on page 27
Allocate Resources to an Organization “Create an Organization Virtual Datacenter,” on page 54
14 VMware, Inc.
Table 1‑1. Quick Start Tasks (Continued)
Task For More Information
Add a Network to an Organization “Adding Networks to an Organization Virtual Datacenter,”
Add a Catalog to an Organization “Add a Catalog to an Organization,” on page 114
Replace SSL Certificates
If any members of your vCloud Director server group are using self-signed SSL certificates, you can
upgrade them to signed SSL certificates to obtain a higher level of trust within your cloud.
You can use the vCloud Director configuration script to upgrade the SSL certificates on a vCloud Director
server. When you run this script on a server that has already been configured, it validates the database
connection details and prompts for SSL certificate information, but skips all the other configuration steps, so
that the existing configuration is not modified.
Each vCloud Director server requires two SSL certificates, one for each of its IP addresses, in a Java keystore
file. You must execute this procedure for each member of your vCloud Director server group. You can use
signed certificates (signed by a trusted certification authority) or self-signed certificates. Signed certificates
provide the highest level of trust.
Chapter 1 Getting Started with vCloud Director
on page 84
Prerequisites
This procedure requires you to stop vCloud Director services on each server for which you replace
certificates. Stopping a server can have an impact on cloud operations.
Have the following information available:
n
Location and password of the keystore file that includes the SSL certificates for this server. See the
n
vCloud Director Installation and Configuration Guide. The configuration script does not run with a
privileged identity, so the keystore file and the directory in which it is stored must be readable by
any user.
Password for each SSL certificate.
n
Procedure
1 Log in to the target server as root.
2 Stop vCloud Director services on the server.
3 Run the configuration script on the server.
Open a console, shell, or terminal window, and type:
/opt/vmware/vcloud-director/bin/configure
4 Specify the full path to the Java keystore file that holds the new certificates.
Please enter the path to the Java keystore containing your SSL certificates and
private keys:/opt/keystore/certificates.ks
5 Enter the keystore and certificate passwords.
Please enter the password for the keystore:
Please enter the private key password for the 'http' SSL certificate:
Please enter the private key password for the 'consoleproxy' SSL certificate:
The configuration script replaces the certificates and re-starts vCloud Director services on the server.
VMware, Inc. 15
vCloud Director Administrator's Guide
What to do next
If you have acquired new certificates for any other members of the vCloud Director server group, use this
procedure to replace the existing certificates on those servers
Set User Preferences
You can set certain display and system alert preferences that take effect every time you log in to the system.
You can also change the password for your system administrator account.
Procedure
1 In the title bar of the Web console, click Preferences.
2 Click the Defaults tab.
3 Select the page to display when you log in.
4 Select the number of days or hours before a runtime lease expires that you want to receive an email
notification.
5 Select the number of days or hours before a storage lease expires that you want to receive an email
notification.
6 Click the Change Password tab.
7 (Optional) Type your current password and type your new password twice.
8 Click OK.
16 VMware, Inc.
Adding Resources to vCloud Director 2
vCloud Director derives its resources from an underlying vSphere virtual infrastructure. After you register
vSphere resources in vCloud Director, you can allocate these resources for organizations within the vCloud
Director installation to use.
This chapter includes the following topics:
“Adding vSphere Resources,” on page 17
n
“Adding Cloud Resources,” on page 19
n
Adding vSphere Resources
vCloud Director relies on vSphere resources to provide CPU and memory to run virtual machines. In
addition, vSphere datastores provide storage for virtual machine files and other files necessary for virtual
machine operations.
For information about vCloud Director system requirements and supported versions of vCenter Server and
ESX/ESXi see the VMware vCloud Director Installation and Configuration Guide.
Attach a vCenter Server
VMware, Inc.
Attach a vCenter Server to make its resources available for use with vCloud Director. After you attach a
vCenter Server, you can assign its resource pools, datastores, and networks to a provider virtual datacenter.
Prerequisites
An instance of vShield is installed and configured for vCloud Director. For more information, see the
VMware vCloud Director Installation and Configuration Guide.
Procedure
1 Open the Attach New vCenter Wizard on page 18
Open the Attach New vCenter wizard to start the process of attaching a vCenter Server to vCloud
Director.
2 Provide vCenter Server Connection and Display Information on page 18
To attach a vCenter Server to vCloud Director, you must provide connection information and a
display name for the vCenter Server.
3 Connect to vShield on page 18
vCloud Director requires vShield to provide network services. Each vCenter Server you attach to
vCloud Director requires its own instance of vShield.
4 Confirm Settings and Attach the vCenter Server on page 18
Before you attach the new vCenter Server, review the settings you entered.
17
vCloud Director Administrator's Guide
Open the Attach New vCenter Wizard
Open the Attach New vCenter wizard to start the process of attaching a vCenter Server to vCloud Director.
Procedure
1 Click the Manage & Monitor tab and then click vCenters in the left pane.
2 Click the Attach New vCenter button.
The Attach New vCenter wizard launches.
Provide vCenter Server Connection and Display Information
To attach a vCenter Server to vCloud Director, you must provide connection information and a display
name for the vCenter Server.
Procedure
1 Type the host name or IP address of the vCenter Server.
2 Select the port number that vCenter Server uses.
The default port number is 443.
3 Type the user name and password of a vCenter Server administrator.
The user account must have the Administrator role in vCenter.
4 Type a name for the vCenter Server.
The name you type becomes the display name for the vCenter Server in vCloud Director.
5 (Optional) Type a description for the vCenter Server.
6 Click Next to save your choices and go to the next page.
Connect to vShield
vCloud Director requires vShield to provide network services. Each vCenter Server you attach to vCloud
Director requires its own instance of vShield.
Procedure
1 Type the host name or IP address of the vShield instance to use with the vCenter Server that you are
attaching.
2 Type the user name and password to connect to vShield.
The default user name is admin and the default password is default. You can change these defaults in
the vShield user interface.
3 Click Next to save your choices and go to the next page.
Confirm Settings and Attach the vCenter Server
Before you attach the new vCenter Server, review the settings you entered.
Procedure
1 Review the settings for the vCenter Server and vShield.
2 (Optional) Click Back to modify the settings.
3 Click Finish to accept the settings and attach the vCenter Server.
18 VMware, Inc.
Chapter 2 Adding Resources to vCloud Director
vCloud Director attaches the new vCenter Server and registers its resources for provider virtual datacenters
to use.
What to do next
Assign a vShield for VMware vCloud Director license key in the vCenter Server.
Assign a vShield License Key in vCenter
After you attach a vCenter Server to vCloud Director, you must use the vSphere Client to assign a vShield
for VMware vCloud Director license key.
Prerequisites
The vSphere Client must be connected to the vCenter Server system.
Procedure
1 From a vSphere Client host that is connected to the vCenter Server system, select Home > Licensing.
2 For the report view, select Asset.
3 Right-click the vShield Edge asset and select Change license key.
4 Select Assign a new license key and click Enter Key.
5 Enter the license key, enter an optional label for the key, and click OK.
Use the vShield for VMware vCloud Director license key you received when you purchased vCloud
Director. You can use this license key in multiple vCenter Servers.
6 Click OK.
Adding Cloud Resources
Cloud resources are an abstraction of their underlying vSphere resources and provide the compute and
memory resources for vCloud Director virtual machines and vApps, and access to storage and network
connectivity.
Cloud resources include provider and organization virtual datacenters, external networks, organization
virtual datacenter networks, and network pools. Before you can add cloud resources to vCloud Director,
you must add vSphere resources.
For more information about organization virtual datacenters, see “Allocate Resources to an Organization,”
on page 31.
For more information about organization virtual datacenter networks, see “Managing Organization Virtual
Datacenter Networks,” on page 83
Provider Virtual Datacenters
A provider virtual datacenter combines the compute and memory resources of a single vCenter Server
resource pool with the storage resources of one or more datastores connected to that resource pool.
A provider virtual datacenter is the source for organization virtual datacenters.
Create a Provider Virtual Datacenter
You can create a provider virtual datacenter to register vSphere compute, memory, and storage resources
for vCloud Director to use. You can create multiple provider virtual datacenters for users in different
geographic locations or business units, or for users with different performance requirements.
A provider virtual datacenter can include only a single resource pool from a single vCenter Server.
VMware, Inc. 19
vCloud Director Administrator's Guide
If you plan to add a resource pool that is part of a cluster that uses vSphere HA, make sure you are familiar
with how vSphere HA calculates slot size. For more information about slot sizes and customizing vSphere
HA behavior, see the VMware vSphere Availability Guide.
Prerequisites
Verify that at least one vCenter Server is attached with an available resource pool to vCloud Director.
n
The resource pool must be in a vCenter cluster configured to use automated DRS. The vCenter Server
must have the vShield for VMware vCloud Director license key.
Verify that vSAN is disabled on the vSphere cluster you are using.
n
Set up the VXLAN infrastructure in vShield Manager. See "VXLAN Virtual Wires Management" in the
n
vShield Administration Guide.
Procedure
1 Click the Manage & Monitor tab and click Provider VDCs in the left pane.
2 Click New Provider VDC.
3 Type a name and optional description.
You can use the name and description fields to indicate the vSphere functions available to the provider
virtual datacenter, for example, vSphere HA.
4 Select the latest supported hardware version and click Next.
This selection determines the latest supported hardware version for virtual machines in organization
virtual datacenters based on this provider virtual datacenter. Hardware Version 10 requires ESXi 5.5
hosts.
5 Select a vCenter Server and resource pool and click Next.
If the vCenter Server has no available resource pools, no resource pools appear in the list.
6 Select one or more storage policies for the provider virtual datacenter to support, click Add, and click
Next.
7 Click Finish to create the provider virtual datacenter.
vCloud Director creates a provider virtual datacenter and associated VXLAN network pool.
What to do next
You can enable vSAN on the cluster after the provider virtual datacenter has been created.
External Networks
An external network is a logical, differentiated network based on a vSphere port group. An external
network provides the interface to the Internet for virtual machines connected to external organization
virtual datacenter networks.
For more information about organization virtual datacenter networks, see “Managing Organization Virtual
Datacenter Networks,” on page 83.
20 VMware, Inc.
Chapter 2 Adding Resources to vCloud Director
Add an External Network
Add an external network to register vSphere network resources for vCloud Director to use. You can create
organization virtual datacenter networks that connect to an external network.
Prerequisites
A vSphere port group is available. If the port group uses VLAN, it can use only a single VLAN. Port groups
with VLAN trunking are not supported.
VMware recommends using an auto-expanding static port group.
Procedure
1 Click the Manage & Monitor tab and click External Networks in the left pane.
2 Click the Add Network button.
3 Select a vCenter Server and a vSphere port group and click Next.
4 Type the network settings and click Next.
5 Type a name and optional description for the network and click Next.
6 Review the network settings and click Finish.
What to do next
You can now create an organization virtual datacenter network that connects to the external network.
Network Pools
A network pool is a group of undifferentiated networks that is available for use in an organization virtual
datacenter to create vApp networks and certain types of organization virtual datacenter networks.
A network pool is backed by vSphere network resources such as VLAN IDs, port groups, or cloud isolated
networks. vCloud Director uses network pools to create NAT-routed and internal organization virtual
datacenter networks and all vApp networks. Network traffic on each network in a pool is isolated at layer 2
from all other networks.
Each organization virtual datacenter in vCloud Director can have one network pool. Multiple organization
virtual datacenters can share the same network pool. The network pool for an organization virtual
datacenter provides the networks created to satisfy the network quota for an organization virtual
datacenter.
A VXLAN network pool is created when you create a provider virtual datacenter. In most cases, this is the
only network pool you will need.
VXLAN Network Pools
vSphere VXLAN networks are based on the IETF draft VXLAN standard. These networks support the localdomain isolation equivalent to what is vSphere isolation-backed networks support.
When you create a provider virtual datacenter, a VXLAN network pool is created in vCloud Director. When
you use this network pool, VXLAN virtual wires are created in vCenter Server. Most configurations do not
require network pools beyond the VXLAN network pool.
This pool is given a name derived from the name of the containing provider virtual datacenter and attached
to it at creation. You cannot delete or modify this network pool. You cannot create a VXLAN network pool
by any other method. If you rename a provider virtual datacenter, its VXLAN network pool is automatically
renamed.
VMware, Inc. 21
vCloud Director Administrator's Guide
vSphere VXLAN networks provide the following benefits.
Logical networks spanning layer 3 boundaries
n
Logical networks spanning multiple racks on a single layer 2
n
Broadcast containment
n
Higher performance
n
Greater scale (up to 16 million network addresses)
n
For more information about VXLAN in a vCloud environment, see the vShield Administration Guide.
Add a Network Pool That Is Backed by VLAN IDs
You can add a VLAN-backed network pool to register vSphere VLAN IDs for vCloud Director to use. A
VLAN-backed network pool provides the best security, scalability, and performance for organization virtual
datacenter networks.
Prerequisites
Verify that a range of VLAN IDs and a vSphere distributed switch are available in vSphere. The VLAN IDs
must be valid IDs that are configured in the physical switch to which the ESX/ESXi servers are connected.
CAUTION The VLANs must be isolated at the layer 2 level. Failure to properly isolate the VLANs can cause a
disruption on the network.
Procedure
1 Click the Manage & Monitor tab and click Network Pools in the left pane.
2 Click Add Network Pool.
3 Select VLAN-backed and click Next.
4 Type a range of VLAN IDs and click Add.
You can create one network for each VLAN ID.
5 Select a vCenter Server and vSphere distributed switch and click Next.
6 Type a name and optional description for the network and click Next.
7 Review the network pool settings and click Finish.
What to do next
You can now create an organization virtual datacenter network that is backed by the network pool or
associate the network pool with an organization virtual datacenter and create vApp networks.
Add a Network Pool Backed by vSphere Port Groups
You can add a network pool backed by port groups to register vSphere port groups for vCloud Director to
use. Unlike other types of network pools, a port group-backed network pool does not require a vSphere
distributed switch and can support port groups associated with third-party distributed switches.
CAUTION The port groups must be isolated from all other port groups at the layer 2 level. The port groups
must be physically isolated or must be isolated by using VLAN tags. Failure to properly isolate the port
groups can cause a disruption on the network.
22 VMware, Inc.
Chapter 2 Adding Resources to vCloud Director
Prerequisites
Verify that one or more port groups are available in vSphere. The port groups must be available on each
ESX/ESXi host in the cluster, and each port group must use only a single VLAN. Port groups with VLAN
trunking are not supported.
Procedure
1 Click the Manage & Monitor tab and click Network Pools in the left pane.
2 Click Add Network Pool.
3 Select vSphere Port Group-backed and click Next.
4 Select a vCenter Server and click Next.
5 Select one or more port groups, click Add, and click Next.
You can create one network for each port group.
6 Type a name and optional description for the network and click Next.
7 Review the network pool settings and click Finish.
What to do next
You can now create an organization virtual datacenter network that the network pool backs, or associate the
network pool with an organization virtual datacenter and create vApp networks.
Add a Network Pool That Is Backed by Cloud Isolated Networks
You can create a network pool that is backed by cloud isolated networks. A cloud isolated network spans
hosts, provides traffic isolation from other networks, and is the best source for vApp networks.
An isolation-backed network pool does not require preexisting port groups in vSphere.
Prerequisites
Verify that a vSphere distributed switch is available.
Procedure
1 Click the Manage & Monitor tab and click Network Pools in the left pane.
2 Click Add Network Pool.
3 Select VCD Network Isolation-backed and click Next.
4 Type the number of networks to create from the network pool.
5 (Optional) Type a VLAN ID.
6 Select a vCenter Server and a vSphere distributed switch and click Next.
7 Type a name and optional description for the network and click Next.
8 Review the network pool settings and click Finish.
vCloud Director creates cloud isolated networks in vSphere as they are needed.
What to do next
You can now create an organization virtual datacenter network that is backed by the network pool or
associate the network pool with an organization virtual datacenter and create vApp networks. You can also
increase the network pool MTU. See “Set the MTU for a Network Pool Backed by Cloud Isolated
Networks,” on page 24.
VMware, Inc. 23
vCloud Director Administrator's Guide
Set the MTU for a Network Pool Backed by Cloud Isolated Networks
You can specify the maximum transmission units (MTU) that vCloud Director uses for a network pool that
is backed by Cloud isolated networks. The MTU is the maximum amount of data that can be transmitted in
one packet before it is divided into smaller packets.
When you configure the virtual machine guest operating system and the underlying physical infrastructure
with the standard MTU (1500 bytes), the VMware network isolation protocol fragments frames. To avoid
frame fragmentation, increase the MTU to at least 1600 bytes for the network pool and the underlying
physical network. You can increase the network pool MTU up to, but not greater than, the MTU of the
physical network.
If your physical network has an MTU of less than 1500 bytes, decrease the MTU of the network pool to
match the underlying physical network.
Prerequisites
Verify that you have a network pool backed by cloud isolated networks. Before you increase the MTU for a
network pool, you must ensure that the physical switch infrastructure supports an MTU of greater than
1500, also known as jumbo frames.
Procedure
1 Click the Manage & Monitor tab and click Network Pools in the left pane.
2 Right-click the network pool name and select Properties.
3 On the Network Pool MTU tab, type the MTU and click OK.
vCloud Director modifies the MTU for the network pool and all other network pools that use the same
vSphere distributed switch.
24 VMware, Inc.
Creating and Provisioning
Organizations 3
Organizations provide resources to a group of users and set policies that determine how users can consume
those resources. Create an organization for each group of users that requires its own resources, policies, or
both.
This chapter includes the following topics:
“Understanding Leases,” on page 25
n
“Understanding Allocation Models,” on page 26
n
“Create an Organization,” on page 27
n
“Allocate Resources to an Organization,” on page 31
n
Understanding Leases
Creating an organization involves specifying leases. Leases provide a level of control over an organization's
storage and compute resources by specifying the maximum amount of time that vApps can be running and
that vApps and vApp templates can be stored.
The goal of a runtime lease is to prevent inactive vApps from consuming compute resources. For example, if
a user starts a vApp and goes on vacation without stopping it, the vApp continues to consume resources.
A runtime lease begins when a user starts a vApp. When a runtime lease expires, vCloud Director stops the
vApp.
The goal of a storage lease is to prevent unused vApps and vApp templates from consuming storage
resources. A vApp storage lease begins when a user stops the vApp. Storage leases do not affect running
vApps. A vApp template storage lease begins when a user adds the vApp template to a vApp, adds the
vApp template to a workspace, downloads, copies, or moves the vApp template.
When a storage lease expires, vCloud Director marks the vApp or vApp template as expired, or deletes the
vApp or vApp template, depending on the organization policy you set.
For more information about specifying lease settings, see “Configure Organization Lease, Quota, and Limit
Settings,” on page 31.
Users can configure email notification to receive a message before a runtime or storage lease expires. See
“Set User Preferences,” on page 16 for information about lease expiration preferences.
VMware, Inc.
25
vCloud Director Administrator's Guide
Understanding Allocation Models
An allocation model determines how and when the provider virtual datacenter compute and memory
resources that you allocate are committed to the organization virtual datacenter.
Allocation Pool Allocation Model
With the allocation pool allocation model, a percentage of the resources you allocate from the provider
virtual datacenter are committed to the organization virtual datacenter. You can specify the percentage for
both CPU and memory. This percentage is known as the percentage guarantee factor, and it allows you to
overcommit resources.
Starting with vCloud Director 5.1.2, system administrators can configure allocation-pool organization
virtual datacenters to be elastic or non-elastic. This is a global setting that affects all allocation-pool
organization virtual datacenters. See “Modify General System Settings,” on page 129.
By default, allocation-pool organization virtual datacenters have a elastic allocation pool enabled. Systems
upgraded from vCloud Director 5.1 that have allocation-pool organization virtual datacenters with virtual
machines spanning multiple resource pools have elastic allocation pool enabled by default.
When allocation-pool virtual datacenters have the elastic allocation pool feature enabled, the organization
virtual datacenter spans and uses all resource pools associated with its provider virtual datacenter. As a
result, vCPU frequency is now a mandatory parameter for an allocation pool.
Set the vCPU frequency and percentage guarantee factor in such a way that a sufficient number of virtual
machines can be deployed on the organization virtual datacenter without CPU being a bottleneck factor.
When a virtual machine is created, the placement engine places it on a provider virtual datacenter resource
pool that best fits the requirements of the virtual machine. A subresource pool is created for this
organization virtual datacenter under the provider virtual datacenter resource pool, and the virtual machine
is placed under that subresource pool.
When the virtual machine powers on, the placement engine checks the provider virtual datacenter resource
pool to ensure that it still can power on the virtual machine. If not, the placement engine moves the virtual
machine to a provider virtual datacenter resource pool with sufficient resources to run the virtual machine.
A subresource pool for the organization virtual datacenter is created if one does not already exist.
The subresource pool is configured with sufficient resources to run the new virtual machine. The
subresource pool's memory limit is increased by the virtual machine's configured memory size, and its
memory reservation is increased by the virtual machine's configured memory size times the percentage
guarantee factor for the organization virtual datacenter. The subresource pool's CPU limit is increased by
the number of vCPUs that the virtual machine is configured with times the vCPU frequency specified at the
organization virtual datacenter level. The CPU reservation is increased by the number of vCPU configured
for the virtual machine times the vCPU specified at the organization virtual datacenter level times the
percentage guarantee factor for CPU set at the organization virtual datacenter level. The virtual machine is
reconfigured to set its memory and CPU reservation to zero and the virtual machine placement engine
places the virtual machine on a provider virtual datacenter resource pool.
The benefits of the allocation-pool model are that a virtual machine can take advantage of the resources of
an idle virtual machine on the same subresource pool. This model can take advantage of new resources
added to the provider virtual datacenter.
In rare cases, a virtual machine is switched from the resource pool it was assigned at creation to a different
resource pool at power on because of a lack of resources on the original resource pool. This change might
involve a minor cost to move the virtual machine disk files to a new resource pool.
When the elastic allocation pool feature is disabled, the behavior of allocation-pool organization virtual
datacenters is similar to the allocation pool model in vCloud Director 1.5. In this model, the vCPU frequency
is not configurable. Overcommitment is controlled by setting the percentage of resources guaranteed.
26 VMware, Inc.
Chapter 3 Creating and Provisioning Organizations
Pay-As-You-Go Allocation Model
With the pay-as-you-go allocation model, resources are committed only when users create vApps in the
organization virtual datacenter. You can specify a percentage of resources to guarantee, which allows you to
overcommit resources. You can make a pay-as-you-go organization virtual datacenter elastic by adding
multiple resource pools to its provider virtual datacenter.
Resources committed to the organization are applied at the virtual machine level.
When a virtual machine is powered on, the placement engine checks the resource pool and assigns it to
another resource pool if the original resource pool cannot accommodate the virtual machine. If a subresource pool is not available for the resource pool, vCloud Director creates one with an infinite limit and
zero rate. The virtual machine's rate is set to its limit times its committed resources and the virtual machine
is placed, and the virtual machine placement engine places the virtual machine on a provider virtual
datacenter resource pool.
The benefit of the pay-as-you-go model is that it can take advantage of new resources added to the provider
virtual datacenter.
In rare cases, a virtual machine is switched from the resource pool it was assigned at creation to a different
resource pool at power on because of a lack of resources on the original resource pool. This change might
involve a minor cost to move the virtual machine disk files to a new resource pool.
In the pay-as-you-go model, no resources are reserved ahead of time, so a virtual machine might fail to
power on if there aren't enough resources. Virtual machines operating under this model cannot take
advantage of the resources of idle virtual machines on the same subresource pool, because resources are set
at the virtual machine level.
Reservation Pool Allocation Model
All of the resources you allocate are immediately committed to the organization virtual datacenter. Users in
the organization can control overcommitment by specifying reservation, limit, and priority settings for
individual virtual machines.
Because only one resource pool and one subresource pool are available in this model, the placement engine
does not reassign a virtual machine's resource pool when it is powered on. The virtual machine's rate and
limit are not modified.
With the reservation pool model, sources are always available when needed. This model also offers fine
control over virtual machine rate, limit, and shares, which can lead to optimal use of the reserved resources
if you plan carefully.
In this model, reservation is always done at the primary cluster. If sufficient resources are not available to
create an organization virtual datacenter on the primary cluster, the organization virtual datacenter creation
fails.
Other limitations of this model are that it is not elastic and organization users might set nonoptimal shares,
rates, and limits on virtual machines, leading to underuse of resources.
Create an Organization
Creating an organization involves specifying the organization settings and creating a user account for the
organization administrator.
Procedure
1 Open the New Organization Wizard on page 28
Open the New Organization wizard to start the process of creating an organization.
VMware, Inc. 27
vCloud Director Administrator's Guide
2 Name the Organization on page 28
Provide a descriptive name and an optional description for your new organization.
3 Specify the Organization LDAP Options on page 29
You can use an LDAP service to provide a directory of users and groups for the organization. If you
do not specify an LDAP service, you must create a user account for each user in the organization. Only
a system administrator can set LDAP options. An organization administrator cannot modify LDAP
options.
4 Add Local Users to the Organization on page 29
Every organization should have at least one local organization administrator account, so that users can
log in even if the LDAP and SAML services are unavailable.
5 Set the Organization Catalog Sharing, Publishing, and Subscription Policies on page 30
Catalogs provide organization users with catalogs of vApp templates and media that they can use to
create vApps and install applications on virtual machines.
6 Configure Email Preferences on page 30
vCloud Director requires an SMTP server to send user notification and system alert emails. An
organization can use the system email settings or use its own email settings.
7 Configure Organization Lease, Quota, and Limit Settings on page 31
Leases, quotas, and limits constrain the ability of organization users to consume storage and
processing resources. Use these settings to prevent users from depleting or monopolizing an
organization's resources.
8 Confirm Settings and Create the Organization on page 31
Before you create the organization, review the settings you entered.
Open the New Organization Wizard
Open the New Organization wizard to start the process of creating an organization.
Procedure
1 Click the Manage & Monitor tab and then click Organizations in the left pane.
2 Click the New Organization button.
The New Organization wizard starts.
Name the Organization
Provide a descriptive name and an optional description for your new organization.
Procedure
1 Type an organization name.
This name provides a unique identifier that appears as part of the URL that members of the
organization use to log in to the organization.
2 Type a display name for the organization.
This name appears in the browser header when an organization member uses the unique URL to log in
to vCloud Director. An administrator or organization administrator can change this name later.
3 (Optional) Type a description of the organization.
4 Click Next.
28 VMware, Inc.
Chapter 3 Creating and Provisioning Organizations
Specify the Organization LDAP Options
You can use an LDAP service to provide a directory of users and groups for the organization. If you do not
specify an LDAP service, you must create a user account for each user in the organization. Only a system
administrator can set LDAP options. An organization administrator cannot modify LDAP options.
For more information about entering custom LDAP settings, see “Configuring the System LDAP Settings,”
on page 133.
Procedure
1 Select the source for organization users.
Option Description
Do not use LDAP
VCD system LDAP service
Custom LDAP service
2 Provide any additional information that your selection requires.
Organization administrator creates a local user account for each user in the
organization. You cannot create groups if you select this option.
Use the vCloud Director system LDAP service as the source for
organization users and groups.
Connect the organization to its own private LDAP service.
Option Action
Do not use LDAP
VCD system LDAP service
Custom LDAP service
Click Next.
(Optional) Type the distinguished name of the organizational unit (OU) to
use to limit the users that you can import into the organization and click
Next. If you do not enter anything, you can import all users in the system
LDAP service into the organization.
NOTE Specifying an OU does not limit the LDAP groups you can import.
You can import any LDAP group from the system LDAP root. However,
only users who are in both the OU and the imported group can log in to
the organization.
Click Next and enter the custom LDAP settings for the organization.
Add Local Users to the Organization
Every organization should have at least one local organization administrator account, so that users can log
in even if the LDAP and SAML services are unavailable.
Procedure
1 Click Add.
2 Type a user name and password.
3 Assign a role to the user.
4 (Optional) Type the contact information for the user.
5 Select Unlimited or type a user quota for stored and running virtual machines and click OK.
These quotas limit the user's ability to consume storage and compute resources in the organization.
6 Click Next.
VMware, Inc. 29
vCloud Director Administrator's Guide
Set the Organization Catalog Sharing, Publishing, and Subscription Policies
Catalogs provide organization users with catalogs of vApp templates and media that they can use to create
vApps and install applications on virtual machines.
Catalogs can be shared between organizations in different instances of vCloud Director, between
organizations in the same instance of vCloud Director, or remain accessible only within the host
organization.
Procedure
1 Set the organization catalog policies.
Option Description
Allow sharing catalogs to other
organizations
Allow creation of catalog feeds for
consumption by external
organizations
Allow subscription to external
catalog feeds
2 Click Next.
Allows organization administrators to share this organization's catalogs
with other organizations in this instance of vCloud Director.
If you do not select this option, organization administrators are still able to
share catalogs within the organization.
Allows organization administrators to share this organization's catalogs
with organizations outside this instance of vCloud Director.
Allows organization administrators to subscribe this organization to
catalog feeds from outside this instance of vCloud Director.
Configure Email Preferences
vCloud Director requires an SMTP server to send user notification and system alert emails. An organization
can use the system email settings or use its own email settings.
Procedure
1 Select an SMTP server option.
Option Description
Use system default SMTP server
Set organization SMTP server
2 Select a notification settings option.
Option Description
Use system default notification
settings
Set organization notification
settings
3 (Optional) Type a destination email address and click Test Email Settings to verify that all SMTP server
settings are configured as expected.
The organization uses the system SMTP server.
The organization uses its own SMTP server. Type the DNS host name or IP
address and port number of the SMTP server. (Optional) Select the
Requires authentication check box and type a user name and password.
The organization uses the system notification settings.
The organization uses its own notification settings. Type an email address
that appears as the sender for organization emails, type text to use as the
subject prefix for organization emails, and select the recipients for
organization emails.
4 Click Next.
30 VMware, Inc.
Loading...