vCloud Director User's Guide
vCloud Director 5.5
This document supports the version of each product listed and
supports all subsequent versions until the document is
replaced by a new edition. To check for more recent editions
of this document, see http://www.vmware.com/support/pubs.
EN-001257-01
vCloud Director User's Guide
You can find the most up-to-date technical documentation on the VMware Web site at:
http://www.vmware.com/support/
The VMware Web site also provides the latest product updates.
If you have comments about this documentation, submit your feedback to:
docfeedback@vmware.com
Copyright © 2010–2014 VMware, Inc. All rights reserved. Copyright and trademark information.
VMware, Inc.
3401 Hillview Ave.
Palo Alto, CA 94304
www.vmware.com
2 VMware, Inc.
Contents
vCloud Director User's Guide 7
Updated Information 9
Getting Started with vCloud Director 11
1
Understanding VMware vCloud Director 11
Log In to the Web Console 12
Using vCloud Director 12
Set Mozilla Firefox Options 13
Set Microsoft Internet Explorer Options 14
Set User Preferences 15
Change Your Password 16
Managing Cloud Resources 17
2
Managing Virtual Datacenters 17
Managing Organization Virtual Datacenter Networks 18
Managing Expired Items 30
Working in an Organization 31
3
Understanding Leases 31
Set Up an Organization 32
Review Your Organization Profile 34
Modify Your Email Settings 35
Modify Your Organization's Policies 35
Set Default Domain for Organization Virtual Machines 36
Enable Your Organization to Use an SAML Identity Provider 36
Install Java Cryptography Extension Unlimited Strength Jurisdiction Policy Files 37
Manage Users and Groups in Your Organization 38
Manage Resources in Your Organization 38
Manage Virtual Machines in Your Organization 38
Viewing Organization Log Tasks and Events 39
VMware, Inc.
Working with Catalogs 41
4
Add a New Catalog 42
Access a Catalog 43
Share A Catalog 43
Publish a Catalog to an External Organization 44
Change the Owner of a Catalog 45
Delete a Catalog 45
Change the Properties of Your Catalog 45
Subscribe to an External Catalog Feed 46
3
vCloud Director User's Guide
Understanding Catalogs and Their Contents 46
Working in Published Catalogs 47
Working with Media Files 49
5
Upload Media Files 49
Resume the Upload of a Media File 50
Copy Media Files to a Catalog 50
Move Media Files to Another Catalog 50
Delete Media Files 51
Modify Media File Properties 51
Working with vApp Templates 53
6
Open a vApp Template 53
Add a vApp Template to My Cloud 54
Download a vApp Template 54
Upload an OVF Package as a vApp Template 55
Resume the Upload of a vApp Template 56
Copy a vApp Template from a Public Catalog to an Organization Catalog 56
Copy a vApp Template Between an Organization's Catalogs 57
Move a vApp Template Between an Organization's Catalogs 57
Delete a vApp Template 57
Save a vApp as a vApp Template 58
Modify vApp Properties 58
Change the Guest OS Properties of a vApp Template 59
Working with vApps 61
7
Create a vApp From a vApp Template 62
Create a New vApp 62
Import a Virtual Machine as a vApp 64
Create a vApp From an OVF Package 64
About the vApp Placement Engine 65
Download a vApp as an OVF Package 66
Start a vApp 67
Start a vApp with an Older Version of VMware Tools 67
Stop a vApp 67
Suspend a vApp 68
Discard the Suspended State of a vApp 68
Reset a vApp or Virtual Machine 68
View vApp Virtual Machines 68
Add a Virtual Machine to a vApp 69
Import a Virtual Machine to a vApp from vSphere 69
Remove Virtual Machines from a vApp 70
Set vApp Start and Stop Options 70
Working with Networks in a vApp 71
Editing vApp Properties 83
Display a vApp Diagram 85
Change the Owner of a vApp 85
Upgrade the Virtual Hardware Version for a vApp 85
4 VMware, Inc.
Save vApp as a vApp Template to Your Catalog 86
Save a Powered-On vApp to your Catalog 86
Create a Snapshot of a vApp 87
Revert a vApp to a Snapshot 87
Remove a Snapshot of a vApp 87
Copy a vApp to Another Virtual Datacenter 88
Copy a Powered-On vApp 88
Move a vApp to Another Virtual Datacenter 89
Delete a vApp 89
Contents
Working with Virtual Machines 91
8
Open a Virtual Machine Console 92
Power On a Virtual Machine 92
Power Off a Virtual Machine 92
Reset a vApp or Virtual Machine 93
Suspend a Virtual Machine 93
Resume a Suspended Virtual Machine 93
Discard the Suspended State of a Virtual Machine 93
Insert a CD/DVD 94
Eject a CD/DVD 94
Insert a Floppy 94
Eject a Floppy 95
Upgrade the Virtual Hardware Version for a Virtual Machine 95
Connect Remotely to a Virtual Machine 95
Create a Snapshot of a Virtual Machine 96
Revert a Virtual Machine to a Snapshot 96
Remove a Snapshot of a Virtual Machine 96
Copy or Move a Virtual Machine to a vApp 96
Delete a Virtual Machine 97
Editing Virtual Machine Properties 97
Installing VMware Tools 104
Guest Operating Systems 114
Index 121
VMware, Inc. 5
vCloud Director User's Guide
6 VMware, Inc.
vCloud Director User's Guide
The VMware vCloud Director User's Guide provides information about managing organizations, catalogs,
vApps, and virtual machines.
Intended Audience
This book is intended for anyone who wants to set up and configure organizations in
VMware vCloud Director. The information in this book is written for non-system administrators, including
organization administrators who will create and set up vApps, catalogs, and virtual machines.
VMware, Inc. 7
vCloud Director User's Guide
8 VMware, Inc.
Updated Information
This vCloud Director User's Guide is updated with each release of the product or when necessary.
This table provides the update history of the vCloud Director User's Guide.
Revision Description
001257-01
001257-00 Initial release.
Removed outdated table information in “Guest Operating System Support,” on page 119.
n
Corrected the procedure in “Share A Catalog,” on page 43.
n
VMware, Inc. 9
vCloud Director User's Guide
10 VMware, Inc.
Getting Started with vCloud Director 1
When you log in to the vCloud Director Web console, the Home tab provides access to your resources and
links to common tasks.
You can also set your user preferences and view the product help.
This chapter includes the following topics:
“Understanding VMware vCloud Director,” on page 11
n
“Log In to the Web Console,” on page 12
n
“Using vCloud Director,” on page 12
n
“Set Mozilla Firefox Options,” on page 13
n
“Set Microsoft Internet Explorer Options,” on page 14
n
“Set User Preferences,” on page 15
n
“Change Your Password,” on page 16
n
Understanding VMware vCloud Director
VMware® vCloud Director provides role-based access to a Web console that allows the members of an
organization to interact with the organization's resources to create and work with vApps and virtual
machines.
Before you can access your organization, a vCloud Director system administrator must create the
organization, assign it resources, and provide the URL to access the Web console. Each organization
includes one or more organization administrators, who finishes setting up the organization by adding
members and setting policies and preferences. After the organization is set up, non-administrator users can
log in to create, use, and manage virtual machines and vApps.
Organizations
An organization is a unit of administration for a collection of users, groups, and computing resources. Users
authenticate at the organization level, supplying credentials established by an organization administrator
when the user was created or imported. System administrators create and provision organizations, while
organization administrators manage organization users, groups, and catalogs.
Users and Groups
An organization can contain an arbitrary number of users and groups. Users can be created locally by the
organization administrator or imported from a directory service such as LDAP. Groups must be imported
from the directory service. Permissions within an organization are controlled through the assignment of
rights and roles to users and groups.
VMware, Inc.
11
vCloud Director User's Guide
Virtual Datacenters
An organization virtual datacenter provides resources to an organization. Virtual datacenters provide an
environment where virtual systems can be stored, deployed, and operated. They also provide storage for
virtual media, such as floppy disks and CD ROMs. An organization can have multiple virtual datacenters.
Organization Virtual Datacenter Networks
An organization virtual datacenter network is contained within a vCloud Director organization virtual
datacenter and is available to all the vApps in the organization. An organization virtual datacenter network
allows vApps within an organization to communicate with each other. An organization virtual datacenter
network can be connected to an external network or isolated and internal to the organization. Only system
administrators can create organization virtual datacenter networks, but organization administrators can
manage organization virtual datacenter networks, including the network services they provide.
vApp Networks
A vApp network is contained within a vApp and allows virtual machines in the vApp to communicate with
each other. You can connect a vApp network to an organization virtual datacenter network to allow the
vApp to communicate with other vApps in the organization and outside of the organization, if the
organization virtual datacenter network is connected to an external network.
Catalogs
Organizations use catalogs to store vApp templates and media files. The members of an organization that
have access to a catalog can use the catalog's vApp templates and media files to create their own vApps.
Organizations administrators can copy items from public catalogs to their organization catalog.
Log In to the Web Console
Use the organization URL to log in to your organization and access the Web console.
Contact your organization administrator if you do not know the organization URL.
Procedure
1 In a browser, type the URL of your organization and press Enter.
For example, type https://cloud.example.com/cloud/org/myOrg.
2 Type your user name and password and click Login. .
What to do next
The Web console displays a list of the common tasks and resources available to you based on your role. An
organization administrator can click the Set up this organization link on the Home tab to finish setting up a
newly created organization. See “Set Up an Organization,” on page 32 for more information.
Using vCloud Director
When you log into vCloud Director, the first page you see is the Home page. The information that appears
on this page are the most common tasks for your role.
Organization administrators see the Set up this organization link as their first task. They also see tasks
under these headings.
Organizations and resources
n
Content
n
12 VMware, Inc.
Users & Groups
n
The vApps in your organization are displayed for easy access.
Catalog authors see links to these tasks.
Add Cloud Computer System
n
Build new vApp
n
Manage Catalogs
n
New Catalog
n
vApp authors see links to these tasks.
Add Cloud Computer System
n
Build new vApp
n
vApp users see links to these tasks.
Add Cloud Computer System
n
The vApps in your organization are displayed for easy access.
Console Access Only users have a read-only access to vCloud Director.
Chapter 1 Getting Started with vCloud Director
Set Mozilla Firefox Options
These options and settings help you display and use the vCloud Director Web console in Mozilla Firefox.
Prerequisites
You have the following.
At least Firefox 3.x
n
SSL 3.0 Encryption
n
TLS 1.0 Encryption
n
Procedure
1 In Firefox, select Tools > Options.
2 Click Content and select the JavaScript check box.
3 Click Privacy.
4 In the Firefox will: drop-down menu, select Use custom settings for history.
5 Select the Accept cookies from sites.
This selection also selects the Accept third-party cookies check box.
6 Click OK.
Bypass the Proxy in Mozilla Firefox
You can configure the Firefox proxy server to bypass certain Web addresses.
If all of these conditions exist, you can configure Firefox to bypass specific Web addresses.
The internal network is configured with a proxy server to access the external network.
n
The browser's proxy server connection has no local exceptions.
n
The proxy is not configured to look in the internal network after not finding or connecting to the target
n
on the external network.
VMware, Inc. 13
vCloud Director User's Guide
The user looks for a target on the internal network using Firefox.
n
Procedure
1 Select an option.
Operating System Action
Windows
Linux
Tools > Options
Edit > Preferences
2 Click the Advanced button.
3 On the Network tab, click the Settings button.
4 Enter the IP of the cell or load balancer in the No Proxy for: field.
The specified Web addresses are bypassed by the Firefox proxy server.
Set Microsoft Internet Explorer Options
These options help you display and use the vCloud Director Web console in Microsoft Internet Explorer.
You have the following.
At least Internet Explorer 7.
n
SSL 3.0 Encryption
n
TLS 1.0 Encryption
n
Procedure
1 In Internet Explorer, select Tools > Internet Options.
2 Click the Security tab.
3 Select the Internet content zone for the vCloud Director server.
4 Click Custom Level and select Enable or Prompt for these options.
Download signed ActiveX controls
n
Run ActiveX controls and plug-ins
n
Allow META REFRESH
n
Active scripting of Microsoft web browser control
n
5 Click OK.
6 Click the Advanced tab.
7 If you are using Internet Explorer on Windows 2003, complete these tasks.
a Select Start > Settings > Control Panel.
b Select Add or Remove Programs.
c Click Add/Remove Windows Components.
d Disable Internet Explorer Enhanced Security Configuration.
14 VMware, Inc.
Chapter 1 Getting Started with vCloud Director
Bypass the Proxy in Internet Explorer
You can configure the Internet Explorer proxy server to bypass certain Web addresses.
If all of these conditions exist, you can configure Internet Explorer to bypass specific Web addresses.
The internal network is configured with a proxy server to access the external network.
n
The browser's proxy server connection has no local exceptions.
n
The proxy is not configured to look in the internal network after not finding or connecting to the target
n
on the external network.
The user looks for a target on the internal network using Internet Explorer.
n
Procedure
1 Type the IP address of the cell or load balancer so that VMware Remote Console (VMRC) can bypass
the proxy setting.
2 Select Tools > Internet Options.
3 On the Connections tab, click LAN Settings in the bottom panel.
4 In the Proxy Server panel, click Advanced.
5 In the Exception panel, in the Do not use proxy server for addresses beginning with: text box, type the
IP address of the cell or load balancer.
If the configuration management vehicle supports the use of regular expressions, you must type the
DNS name of the cell or load balancer.
6 Click OK.
The specified Web addresses are bypassed by the Internet Explorer proxy server.
Set User Preferences
You can set certain display and system alert preferences that take effect every time you log in to the system.
You can also change the password for your system administrator account.
Procedure
1 In the title bar of the Web console, click Preferences.
2 Click the Defaults tab.
3 Select the page to display when you log in.
4 Select the number of days or hours before a runtime lease expires that you want to receive an email
notification.
5 Select the number of days or hours before a storage lease expires that you want to receive an email
notification.
6 Click the Change Password tab.
7 (Optional) Type your current password and type your new password twice.
8 Click OK.
VMware, Inc. 15
vCloud Director User's Guide
Change Your Password
If you have a local user account, you can change your password.
Procedure
1 Log in to your organization.
2 In the title bar of the Web console, click Preferences.
3 On the Change Password tab, type your current password, type your new password, and retype your
new password.
4 Click OK.
vCloud Director logs you out.
What to do next
Log in using your new password.
16 VMware, Inc.
Managing Cloud Resources 2
A vCloud Director system administrator creates and assigns virtual datacenters and networks to an
organization. An organization administrator can view information about these resources and perform a
limited set of management tasks. Contact your system administrator if you need more organization virtual
datacenters or organization virtual datacenter networks..
This chapter includes the following topics:
“Managing Virtual Datacenters,” on page 17
n
“Managing Organization Virtual Datacenter Networks,” on page 18
n
“Managing Expired Items,” on page 30
n
Managing Virtual Datacenters
Virtual datacenters provide processor, memory, and storage resources to your organization. They are
assigned to your organization by your system administrator. An organization can have multiple virtual
datacenters.
Display Virtual Datacenters
When you display the virtual datacenters in your organization, you can monitor the resources, users, and
policy settings that you manage.
You are an organization administrator.
Procedure
1 Click Administration.
2 In the left pane, select Cloud Resources > Virtual Datacenters.
A list of virtual datacenters in your organization appears in the right pane.
3 For details about a virtual datacenter, right-click, and select Open.
The vApps, vApp templates, media, and networks attached to this virtual datacenter are displayed.
When you click through each tab, you can right click on an object to see the operations you can
complete.
Review Virtual Datacenter Properties
You can review the properties of the virtual datacenters that are assigned to your organization.
Procedure
1 Click Administration.
VMware, Inc.
17
vCloud Director User's Guide
2 Select Cloud Resources > Virtual Datacenters.
3 Select a virtual datacenter, right-click, and select Properties.
4 Review the properties and click OK.
What to do next
To modify your organizational virtual datacenters, contact your system administrator.
Monitor Your Virtual Datacenter
You can monitor the virtual datacenter assigned to your organization and determine when to request
additional capacity.
You are an organization administrator.
Procedure
1 Click Administration.
2 Select Cloud Resources > Virtual Datacenters.
3 Click the Monitor button.
Details about the processor, memory, storage, and allocation model appear.
What to do next
Contact your system administrator for more capacity.
Manage Your Virtual Datacenters
You can review information such as the status, allocation model, and the number of vApps in a virtual
datacenter in your organization.
You are an organization administrator
Procedure
1 Click Administration.
2 In the left pane, select Cloud Resources > Virtual Datacenters.
3 Click the Manage button.
4 Review the information.
What to do next
You can open the virtual datacenter to see the objects in it, notify users about issues or changes, or review
the virtual datacenter's properties. Contact your system administrator to make changes to your virtual
datacenter.
Managing Organization Virtual Datacenter Networks
Organization virtual datacenter networks are created and assigned to your organization virtual datacenter
by a system administrator. An organization administrator can view information about networks, configure
network services, and more.
You can use direct, routed, or internal organization virtual datacenter networks.
18 VMware, Inc.
Chapter 2 Managing Cloud Resources
Table 2‑1. Types of Organization Virtual Datacenter Networks
Organization Virtual Datacenter
Network Type Description
Direct Accessible by multiple organizations. Virtual machines belonging to different
organizations can connect to and see traffic on this network.
This network provides direct layer 2 connectivity to virtual machines outside of
the organization. Virtual machines outside of this organization can connect to
virtual machines in the organization directly.
Routed Accessible only by this organization. Only virtual machines in this organization
can connect to this network.
This network also provides controlled access to an external network. System
administrators and organization administrators can configure network address
translation (NAT), firewall, and VPN settings to make specific virtual machines
accessible from the external network.
Internal Accessible only by this organization. Only virtual machines in this organization
can connect to and see traffic on this network.
This network provides an organization with an isolated, private network that
multiple vApps can connect to. This network provides no connectivity to
machines outside this organization. Machines outside of this organization have
no connectivity to machines in the organization.
Configuring Oganization Virtual Datacenter Network Services
An organization administrator can configure services, such as DHCP, firewalls, network address translation
(NAT), VPN, and static routing for certain organization virtual datacenter networks.
The network services available depend on the type of organization virtual datacenter network.
Table 2‑2. Network Services Available by Network Type
Organization Virtual
Datacenter Network Type DHCP Firewall NAT VPN Static Routing
Direct
Routed X X X X X
Internal X
Configure DHCP for an Organization Virtual Datacenter Network
Organization administrators can configure certain organization virtual datacenter networks to provide
DHCP services to virtual machines in the organization.
When you power on a virtual machine with the following configuration, vCloud Director assigns a DHCP
IP address to that virtual machine.
A NIC connected to an organization virtual datacenter network that has DHCP enabled.
n
The IP mode for the connected NIC set to DHCP.
n
Prerequisites
Verify that you have a routed organization virtual datacenter network or an internal organization virtual
datacenter network.
Procedure
1 Click Administration and select the organization virtual datacenter.
2 Click the Org VDC Networks tab, right-click the organization virtual datacenter network name and
select Configure Services.
VMware, Inc. 19
vCloud Director User's Guide
3 Select Enable DHCP.
4 Type a range of IP addresses or use the default range.
vCloud Director uses these addresses to satisfy DHCP requests. The range of DHCP IP addresses
cannot overlap with the static IP pool for the organization virtual datacenter network.
5 Set the default lease time and maximum lease time or use the default values.
6 Click OK.
vCloud Director updates the network to provide DHCP services.
Configure the Firewall for an Organization Virtual Datacenter Network
An organization administrator can configure certain organization virtual datacenter networks to provide
firewall services. Enable the firewall on an organization virtual datacenter network to enforce firewall rules
on incoming traffic, outgoing traffic, or both.
When you enable the firewall, you can specify a default firewall action to deny all incoming and outgoing
traffic or to allow all incoming and outgoing traffic. You can also add specific firewall rules to allow or deny
traffic that matches the rules to pass through the firewall. These rules take precedence over the default
firewall action. See “Add a Firewall Rule to an Organization Virtual Datacenter Network,” on page 20.
If a system administrator specified syslog server settings and those settings were applied to the organization
virtual datacenter network, then you can log events related to the default firewall action. For information
about applying syslog server settings, see “Apply Syslog Server Settings to an Organization Virtual
Datacenter Network,” on page 29. To view the current syslog server settings see “View Syslog Server
Settings for an Organization Virtual Datacenter Network,” on page 29.
Prerequisites
Verify that a routed organization virtual datacenter network is in place.
Procedure
1 Click Administration and select the organization virtual datacenter.
2 Click the Org VDC Networks tab, right-click the organization virtual datacenter network name, and
select Configure Services.
3 Click the Firewall tab and select Enable firewall to enable firewall services, or deselect it to disable
firewall services.
4 Select the default firewall action.
Option Description
Deny
Allow
Blocks all traffic except when overridden by a firewall rule.
Allows all traffic except when overridden by a firewall rule.
5 (Optional) Select the Log check box to log events related to the default firewall action.
6 Click OK.
Add a Firewall Rule to an Organization Virtual Datacenter Network
An organization administrator can add firewall rules to an organization virtual datacenter network that
supports a firewall. You can create rules to allow or deny traffic that matches the rules to pass through the
firewall.
When you add a new firewall rule to an organization virtual datacenter network, it appears at the bottom of
the firewall rule list. For information about how to set the order in which firewall rules are enforced, see
“Reorder Firewall Rules for an Organization Virtual Datacenter Network,” on page 22.
20 VMware, Inc.
Chapter 2 Managing Cloud Resources
If a system administrator specified syslog server settings and those settings have been applied to the
organization virtual datacenter network, then you can log firewall rule events. For information about
applying syslog server settings, see “Apply Syslog Server Settings to an Organization Virtual Datacenter
Network,” on page 29. To view the current syslog server settings see “View Syslog Server Settings for an
Organization Virtual Datacenter Network,” on page 29.
Prerequisites
Verify that you have a routed organization virtual datacenter network and enable the firewall for the
organization virtual datacenter network. See “Configure the Firewall for an Organization Virtual Datacenter
Network,” on page 20
Procedure
1 Click Administration and select the organization virtual datacenter.
2 On the Org VDC Networks tab, right-click the organization virtual datacenter network name and select
Configure Services.
3 Click the Firewall tab and click Add.
4 Type a name for the rule.
5 (Optional) Select Match rule on translated IP to have the rule check against translated IP addresses
rather than original IP addresses and choose a traffic direction to apply this rule on.
6 Type the traffic Source.
Option Description
IP address
Range of IP addresses
CIDR
internal
external
any
Type a source IP address to apply this rule on.
Type a range of source IP addresses to apply this rule on.
Type the CIDR notation of traffic to apply this rule on.
Apply this rule to all internal traffic.
Apply this rule to all external traffic.
Apply this rule to traffic from any source.
7 Select a Source port to apply this rule on from the drop-down menu.
8 Type the traffic Destination.
Option Description
IP address
Range of IP addresses
CIDR
internal
external
any
Type a destination IP address to apply this rule on.
Type a range of destination IP addresses to apply this rule on.
Type the CIDR notation of traffic to apply this rule on.
Apply this rule to all internal traffic.
Apply this rule to all external traffic.
Apply this rule to traffic with any destination.
9 Select the Destination port to apply this rule on from the drop-down menu.
10 Select the Protocol to apply this rule on from the drop-down menu.
11 Select the action.
A firewall rule can allow or deny traffic that matches the rule.
12 Select the Enabled check box.
VMware, Inc. 21
vCloud Director User's Guide
13 (Optional) Select the Log network traffic for firewall rule check box.
If you enable this option, vCloud Director sends log events to the syslog server for connections affected
by this rule. Each syslog message includes logical network and organization UUIDs.
14 Click OK and click OK again.
Reorder Firewall Rules for an Organization Virtual Datacenter Network
Firewall rules are enforced in the order in which they appear in the firewall list. An organization
administrator can change the order of the rules in the list.
When you add a firewall rule to an organization virtual datacenter network, the new rule appears at the
bottom of the firewall rule list. To enforce the new rule before an existing rule, reorder the rules.
Prerequisites
Verify that a routed organization virtual datacenter network with two or more firewall rules is in place.
Procedure
1 Click Administration and select the organization virtual datacenter.
2 Click the Org VDC Networks tab, right-click the organization virtual datacenter network name, and
select Configure Services.
3 Click the Firewall tab.
4 Drag the firewall rules to establish the order in which the rules are applied.
5 Click OK.
Enable VPN for an Organization Virtual Datacenter Network
An organization administrator can enable VPN for an organization virtual datacenter network, then create a
secure tunnel to another network.
vCloud Director supports VPN between organization virtual datacenter networks in the same organization
and remote networks.
Prerequisites
Verify that you have a routed organization virtual datacenter network.
Procedure
1 Click Administration and select the organization virtual datacenter.
2 Click the Org VDC Networks tab, right-click the organization virtual datacenter network name, and
select Configure Services.
3 Click the VPN tab and select Enable VPN.
4 (Optional) Type a public IP address.
5 Click OK.
What to do next
Create a VPN tunnel to another network.
22 VMware, Inc.
Chapter 2 Managing Cloud Resources
Create a VPN Tunnel In an Organization
An organization administrator can create a VPN tunnel between two organization virtual datacenter
networks in the same organization.
If the tunnel endpoints have a firewall between them, configure the firewall to allow the following IP
protocols and UDP ports:
IP Protocol ID 50 (ESP)
n
IP Protocol ID 51 (AH)
n
UDP Port 500 (IKE)
n
UDP Port 4500
n
Prerequisites
Verify that you have at least two routed organization virtual datacenter networks with nonoverlapping IP
subnets and VPN enabled on both networks.
Procedure
1 Click Administration and select the organization virtual datacenter.
2 Click the Org VDC Networks tab, right-click the organization virtual datacenter network name, and
select Configure Services.
3 Click the VPN tab and click Add.
4 Type a name and optional description.
5 Select a network in this organization from the drop-down menu and select a peer network.
6 Review the tunnel settings and click OK.
vCloud Director configures both peer network endpoints.
Create a VPN Tunnel Between Organizations
An organization administrator can create a VPN tunnel between two organization virtual datacenter
networks in different organizations. The organizations can be part of the same vCloud Director installation
or a different installation.
Prerequisites
Verify that you have a routed organization virtual datacenter network in each of the organizations. The
organization virtual datacenter networks must have IP subnets that do not overlap and a site-to-site VPN
enabled.
If the tunnel endpoints have a firewall between them, you must configure it to allow the following IP
protocols and UDP ports:
IP Protocol ID 50 (ESP)
n
IP Protocol ID 51 (AH)
n
UDP Port 500 (IKE)
n
UDP Port 4500
n
Procedure
1 Click Administration and select the organization virtual datacenter.
2 Click the Org VDC Networks tab, right-click the organization virtual datacenter network name, and
select Configure Services.
VMware, Inc. 23
vCloud Director User's Guide
3 Click the VPN tab and click Add.
4 Type a name and optional description.
5 Select A network in another organization from the drop-down menu.
6 Click Connect to another organization, type the login information for the peer organization, and click
Continue.
Option Description
vCloud URL
Organization
Username
Password
7 Select a peer network.
8 Review the tunnel settings and click Connect.
Base URL of the vCloud instance that contains the peer organization. For
example, https://www.example.com. Do not include /cloud
or /cloud/org/orgname in the URL.
Organization name that is used as the unique identifier in the organization
URL. For example, if the organization URL is
https://www.example.com/cloud/org/myOrg, type myOrg.
User name of an organization administrator or system administrator that
has access to the organization.
Password associated with the user name.
vCloud Director configures both peer network endpoints.
Create a VPN Tunnel to a Remote Network
An organization administrator can create a VPN tunnel between an organization virtual datacenter network
and a remote network.
If the tunnel endpoints have a firewall between them, configure it to allow the following IP protocols and
UDP ports:
IP Protocol ID 50 (ESP)
n
IP Protocol ID 51 (AH)
n
UDP Port 500 (IKE)
n
UDP Port 4500
n
Prerequisites
Verify that you have a routed organization virtual datacenter network and a routed remote network that
uses IPSec.
Procedure
1 Click Administration and select the organization virtual datacenter.
2 Select Cloud Resources > Networks.
3 Click the Organization VDC Network tab, right-click the organization virtual datacenter network
name, and select Configure Services.
4 Click the VPN tab and click Add.
5 Type a name and optional description.
6 Select a remote network from the drop-down menu.
7 Type the peer settings.
8 Review the tunnel settings and click OK.
24 VMware, Inc.
Chapter 2 Managing Cloud Resources
vCloud Director configures the organization peer network endpoint.
What to do next
Manually configure the remote peer network endpoint.
Enable Static Routing for an Organization Virtual Datacenter Network
An organization administrator can configure certain organization virtual datacenter networks to provide
static routing services. After you enable static routing on an organization virtual datacenter network, you
can add static routes to allow traffic between different vApp networks routed to the organization virtual
datacenter network.
Prerequisites
Verify that a routed organization virtual datacenter network is in place.
Procedure
1 Click Administration.
2 Select Cloud Resources > Networks.
3 Right-click the organization virtual datacenter network name and select Configure Services.
4 On the Static Routing tab, select Enable static routing and click OK.
What to do next
Create static routes.
Add Static Routes Between vApp Networks Routed to the Same Organization Virtual Datacenter Network
An organization administrator can add static routes between two vApp networks that are routed to the
same organization virtual datacenter network. Static routes allow traffic between the networks.
You cannot add static routes between overlapping networks or fenced vApps. After you add a static route to
an organization virtual datacenter network, configure the network firewall rules to allow traffic on the static
route. For vApps with static routes, select the Always use assigned IP addresses until this vApp or
associated networks are deleted check box.
Static routes only function when the vApps included in the routes are running. If you change the parent
network of a vApp, delete a vApp, or delete a vApp network, and the vApp includes static routes, those
routes cannot function and you must remove them manually.
Prerequisites
Verify that the following conditions are met.
A routed organization virtual datacenter network is in place.
n
Static routing is enabled on the organization virtual datacenter network.
n
Two vApp networks are routed to the organization virtual datacenter network.
n
The vApp networks are in vApps that were started at least once.
n
Procedure
1 Click Administration.
2 Select Cloud Resources > Networks.
3 Right-click the organization virtual datacenter network name and select Configure Services.
VMware, Inc. 25
vCloud Director User's Guide
4 Click the Static Routing tab and click Add.
5 Type a name, network address, and next hop IP address.
The network address is for the first vApp network to which you want to add a static route. The next
hop IP address is the external IP address of that vApp network's router.
6 Select Within this network, and click OK.
7 Click OK.
8 Repeat Step 4 through Step 7 to add a route to the second vApp network.
Example: Static Routing Example
vApp Network 1 and vApp Network 2 are both routed to Org Network Shared. You can create static routes
on the organization virtual datacenter network to allow traffic between the vApp networks. You can use
information about the vApp networks to create the static routes.
Table 2‑3. Network Information
Network Name Network Specification Router External IP Address
vApp Network 1 192.168.1.0/24 192.168.0.100
vApp Network 2 192.168.2.0/24 192.168.0.101
Org Network Shared 192.168.0.0/24 NA
On Org Network Shared, create a static route to vApp Network 1 and another static route to vApp Network
2.
Table 2‑4. Static Routing Settings
Static Route to
Network Route Name Network
vApp Network 1 tovapp1 192.168.1.0/24 192.168.0.100 In this network
vApp Network 2 tovapp2 192.168.2.0/24 192.168.0.101 In this network
Next Hop IP
Address Route
What to do next
Create firewall rules to allow traffic on the static routes.
Add Static Routes Between vApp Networks Routed to Different Organization Virtual Datacenter Networks
An organization administrator can add static routes between two vApp networks that are routed to
different organization virtual datacenter networks. Static routes allow traffic between the networks.
You cannot add static routes between overlapping networks or fenced vApps. After you add a static route to
an organization virtual datacenter network, configure the network firewall rules to allow traffic on the static
route. For vApps with static routes, select the Always use assigned IP addresses until this vApp or
associated networks are deleted check box.
Static routes only function when the vApps included in the routes are running. If you change the parent
network of a vApp, delete a vApp, or delete a vApp network, and the vApp includes static routes, those
routes cannot function and you must remove them manually.
Prerequisites
Verify that you have the following items.
Two organization virtual datacenter networks routed to the same external network.
n
Static routing is enabled on both organization virtual datacenter networks.
n
26 VMware, Inc.
Chapter 2 Managing Cloud Resources
A vApp network is routed to each organization virtual datacenter network.
n
The vApp networks are in vApps that were started at least once.
n
Procedure
1 Click Administration and select the organization virtual datacenter.
2 Click the Org virtual datacenter Networks tab, right-click the organization virtual datacenter network
name, and select Configure Services.
3 Click the Static Routing tab and click Add.
4 Type a name, network address, and next hop IP address.
The network address is for the vApp network to which you want to add a static route. The next hop IP
address is the external IP address of the router for the organization virtual datacenter network to which
that vApp network is routed.
5 Select To external network and click OK.
6 Click Add.
7 Type a name, network address, and next hop IP address.
The network address is for the vApp network that is routed to this organization virtual datacenter
network. The next hop IP address is the external IP address of the router for that vApp network.
8 Select Within this network and click OK.
9 Repeat Step 2 through Step 8 to add static routes to the second organization virtual datacenter network.
Example: Static Routing Example
vApp Network 1 is routed to Org virtual datacenter Network 1. vApp Network 2 is routed to Org virtual
datacenter Network 2. You can create static routes on the organization virtual datacenter networks to allow
traffic between the vApp networks. You can use information about the vApp networks and organization
virtual datacenter networks to create the static routes.
Table 2‑5. Network Information
Network Name Network Specification Router External IP Address
vApp Network 1 192.168.1.0/24 192.168.0.100
vApp Network 2 192.168.11.0/24 192.168.10.100
Org VDC Network 1 192.168.0.0/24 10.112.205.101
Org VDC Network 2 192.168.10.0/24 10.112.205.100
On Org VDC Network 1, create a static route to vApp Network 2 and another static route to vApp Network
1. On Org VDC Network 2, create a static route to vApp Network 1 and another static route to vApp
Network 2.
Table 2‑6. Static Routing Settings for Org VDC Network 1
Static Route to
Network Route Name Network
vApp Network 2 tovapp2 192.168.11.0/24 10.112.205.100 To external network
vApp Network 1 tovapp1 192.168.1.0/24 192.168.0.100 Within this network
Next Hop IP
Address Route
VMware, Inc. 27
vCloud Director User's Guide
Table 2‑7. Static Routing Settings for Org VDC Network 2
Static Route to
Network Route Name Network
vApp Network 1 tovapp1 192.168.1.0/24 10.112.205.101 To external network
vApp Network 2 tovapp2 192.168.11.0/24 192.168.10.100 Within this network
What to do next
Create firewall rules to allow traffic on the static routes.
Reset an Organization Virtual Datacenter Network
If the network services, such as DHCP settings, firewall settings, and so on, that are associated with an
organization virtual datacenter network are not working as expected, reset the network.
No network services are available while an organization virtual datacenter network resets.
Prerequisites
Verify that you have an external NAT-routed organization virtual datacenter network or an internal
n
organization network.
Verify that you have organization administrator privileges.
n
Next Hop IP
Address Route
Procedure
1 Click Administration and select the organization virtual datacenter.
2 Right-click an organization virtual datacenter network, and select Reset Network.
3 Click Yes.
View IP Use for an Organization Virtual Datacenter Network
You can view a list of the IP addresses from an organization virtual datacenter network IP pool that are
currently in use.
Prerequisites
Verify that you are an organization administrator.
Procedure
1 Click Administration and select the organization virtual datacenter.
2 Right-clicki an organization virtual datacenter network, and select IP Allocations.
Add IP Addresses to an Organization Virtual Datacenter Network IP Pool
If an organization virtual datacenter network is running out of IP addresses, you can add more addresses to
its IP pool.
You are an organization administrator.
You cannot add IP addresses to external organization virtual datacenter networks that have a direct
connection.
Procedure
1 Click Administration and select the organization virtual datacenter.
2 Right-click an organization virtual datacenter network and select Properties.
28 VMware, Inc.
Chapter 2 Managing Cloud Resources
3 On the Network Specification tab, type an IP address or a range of IP addresses in the text box and
click Add.
4 Click OK.
View vApps and vApp Templates That Use an Organization Virtual Datacenter Network
You can view a list of the all the vApps and vApp templates that include virtual machines with a NIC
connected to an organization virtual datacenter network.
Prerequisites
Verify that you are an organization administrator.
Procedure
1 Click Administration and select the organization virtual datacenter.
2 Right-click an organization virtual datacenter network and select Connected vApps.
3 Click OK.
View Syslog Server Settings for an Organization Virtual Datacenter Network
You can view the syslog server settings for a routed organization virtual datacenter network.
vCloud Director supports logging events related to firewall rules to a syslog server specified by a system
administrator.
If an organization virtual datacenter network does not have any syslog server settings and you think it
should, or if the settings are not what you expected, then you can synchronize the network with the current
syslog server settings. See “Apply Syslog Server Settings to an Organization Virtual Datacenter Network,”
on page 29. If a problem still exists after you synchronize, contact your system administrator.
Prerequisites
Verify that an external NAT-routed organization virtual datacenter network exists.
n
Verify that you are an organization administrator.
n
Procedure
1 Click Administration and select the organization virtual datacenter.
2 Click the Org VDC Networks tab, right-click the organization virtual datacenter network name, and
select Properties.
3 Click the Syslog Server Settings tab.
Apply Syslog Server Settings to an Organization Virtual Datacenter Network
You apply syslog server settings to a routed organization virtual datacenter network to enable firewall rule
logging.
Only a system administrator can specify syslog server settings. Apply those settings to any organization
virtual datacenter network that was created before the system administrator specified them. Also, apply the
syslog server settings to an organization virtual datacenter network whenever a system administrator
changes the settings.
VMware, Inc. 29
vCloud Director User's Guide
Prerequisites
Verify that an external NAT-routed organization virtual datacenter network is in place.
You are an organization administrator.
Procedure
1 Click Administration and select the organization virtual datacenter.
2 Click the Org VDC Networks tab, right-click the organization virtual datacenter network name, and
select Synchronize syslog server settings.
3 Click Yes.
Managing Expired Items
When vApps or vApp templates expire, you can determine whether you want to renew or delete them.
Manage Expired vApps
You can display a list of expired vApps, delete them, or restore them to your organization.
You are an organization administrator.
The organization policy for what to do when a vApp storage lease expires is set to Move to Expired Items.
See “Configure Organization Lease, Quota, and Limit Settings,” on page 34.
Procedure
1 Select My Cloud > Expired Items.
2 On the Expired vApps tab, review the list of expired vApps.
3 Right-click a vApp and select Delete or Renew and click Yes.
If you selected Delete, the vApp is deleted from the list. If you selected Renew, the restored vApp appears
on the vApps page.
Manage Expired vApp Templates
You can display a list of expired vApp templates and delete them or restore them to your organization.
You are an organization administrator.
The organization policy for what to do when a vApp template storage lease expires is set to Move to
Expired Items. See “Configure Organization Lease, Quota, and Limit Settings,” on page 34.
Procedure
1 Select My Cloud > Expired Items.
2 Click the Expired vApp Templates tab.
3 Right-click on a vApp template, select Delete or Renew, and click Yes.
If you selected Delete, the vApp template is deleted from the list. If you selected Renew, the vApp template
is restored to its catalog.
30 VMware, Inc.
Working in an Organization 3
Most operations in vCloud Director occur in an organization. The system administrator creates the
organization and assigns an organization administrator to it.
The system administrator emails the URL of the organization to the organization administrator, who can log
in to the organization and set it up. In the Home page the organization administrator clicks the Set up the
Organization link to assign resources and manage a variety of operations on the organization.
This chapter includes the following topics:
“Understanding Leases,” on page 31
n
“Set Up an Organization,” on page 32
n
“Review Your Organization Profile,” on page 34
n
“Modify Your Email Settings,” on page 35
n
“Modify Your Organization's Policies,” on page 35
n
“Set Default Domain for Organization Virtual Machines,” on page 36
n
“Enable Your Organization to Use an SAML Identity Provider,” on page 36
n
“Install Java Cryptography Extension Unlimited Strength Jurisdiction Policy Files,” on page 37
n
“Manage Users and Groups in Your Organization,” on page 38
n
“Manage Resources in Your Organization,” on page 38
n
“Manage Virtual Machines in Your Organization,” on page 38
n
“Viewing Organization Log Tasks and Events,” on page 39
n
Understanding Leases
Creating an organization involves specifying leases. Leases provide a level of control over an organization's
storage and compute resources by specifying the maximum amount of time that vApps can be running and
that vApps and vApp templates can be stored.
The goal of a runtime lease is to prevent inactive vApps from consuming compute resources. For example, if
a user starts a vApp and goes on vacation without stopping it, the vApp continues to consume resources.
A runtime lease begins when a user starts a vApp. When a runtime lease expires, vCloud Director stops the
vApp.
The goal of a storage lease is to prevent unused vApps and vApp templates from consuming storage
resources. A vApp storage lease begins when a user stops the vApp. Storage leases do not affect running
vApps. A vApp template storage lease begins when a user adds the vApp template to a vApp, adds the
vApp template to a workspace, downloads, copies, or moves the vApp template.
VMware, Inc.
31
vCloud Director User's Guide
When a storage lease expires, vCloud Director marks the vApp or vApp template as expired, or deletes the
vApp or vApp template, depending on the organization policy you set.
For more information about specifying lease settings, see “Configure Organization Lease, Quota, and Limit
Settings,” on page 34.
Users can configure email notification to receive a message before a runtime or storage lease expires. See
“Set User Preferences,” on page 15 for information about lease expiration preferences.
Set Up an Organization
After you receive the URL of your organization from the system administrator, you must set it up. On the
vCloud Director Home page, click Set up this organization.
You are an organization administrator.
Procedure
1 Change the Organization Full Name on page 32
You can change the full name of an organization. This name appears in the Cloud Director application
header when users log in.
2 Import Users and Groups on page 33
You can add users and groups from an LDAP or SAML server to the organization and assign them a
role within the organization.
3 Add Local Users to the Organization on page 33
Every organization should have at least one local organization administrator account, so that users can
log in even if the LDAP and SAML services are unavailable.
4 Configure Email Preferences on page 33
vCloud Director requires an SMTP server to send user notification and system alert emails. An
organization can use the system email settings or use its own email settings.
5 Configure Organization Lease, Quota, and Limit Settings on page 34
Leases, quotas, and limits constrain the ability of organization users to consume storage and
processing resources. Use these settings to prevent users from depleting or monopolizing an
organization's resources.
Change the Organization Full Name
You can change the full name of an organization. This name appears in the Cloud Director application
header when users log in.
You are an organization administrator.
Procedure
1 On Name this Organization page, in the Organization full name, type the new full name.
2 (Optional) Type a description of the organization.
3 Click Next.
32 VMware, Inc.
Chapter 3 Working in an Organization
Import Users and Groups
You can add users and groups from an LDAP or SAML server to the organization and assign them a role
within the organization.
Prerequisites
Verify that your organization has a valid connection to an LDAP or SAML server.
Procedure
1 Click Import.
2 Select the type of server to import from.
3 Type a full or partial name of a user or group and click Search.
If you are importing from a SAML server, you must include the domain name (ex. user@domain.com).
4 Select the users or groups to import and click Add.
5 Select a role for the users and groups and click OK.
6 Click Next.
Add Local Users to the Organization
Every organization should have at least one local organization administrator account, so that users can log
in even if the LDAP and SAML services are unavailable.
Procedure
1 Click Add.
2 Type a user name and password.
3 Assign a role to the user.
4 (Optional) Type the contact information for the user.
5 Select Unlimited or type a user quota for stored and running virtual machines and click OK.
These quotas limit the user's ability to consume storage and compute resources in the organization.
6 Click Next.
Configure Email Preferences
vCloud Director requires an SMTP server to send user notification and system alert emails. An organization
can use the system email settings or use its own email settings.
Procedure
1 Select an SMTP server option.
Option Description
Use system default SMTP server
Set organization SMTP server
The organization uses the system SMTP server.
The organization uses its own SMTP server. Type the DNS host name or IP
address and port number of the SMTP server. (Optional) Select the
Requires authentication check box and type a user name and password.
VMware, Inc. 33
vCloud Director User's Guide
2 Select a notification settings option.
Option Description
Use system default notification
settings
Set organization notification
settings
The organization uses the system notification settings.
The organization uses its own notification settings. Type an email address
that appears as the sender for organization emails, type text to use as the
subject prefix for organization emails, and select the recipients for
organization emails.
3 (Optional) Type a destination email address and click Test Email Settings to verify that all SMTP server
settings are configured as expected.
4 Click Next.
Configure Organization Lease, Quota, and Limit Settings
Leases, quotas, and limits constrain the ability of organization users to consume storage and processing
resources. Use these settings to prevent users from depleting or monopolizing an organization's resources.
For more information about leases, see “Understanding Leases,” on page 31.
Procedure
1 Select the lease options for vApps and vApp templates.
Leases provide a level of control over an organization's storage and compute resources by specifying
the maximum amount of time that vApps can run and that vApps and vApp templates can be stored.
You can also specify what happens to vApps and vApp templates when their storage lease expires.
2 Select the quotas for running and stored virtual machines.
Quotas determine how many virtual machines each user in the organization can store and power on in
the organization's virtual datacenters. The quotas that you specify act as the default for all new users
added to the organization.
3 Select the limits for resource intensive operations.
Certain vCloud Director operations, for example copy and move, are more resource intensive than
others. Limits prevent resource intensive operations from affecting all the users in an organization and
also provide a defense against denial-of-service attacks.
4 Select the number of simultaneous VMware Remote Console connections for each virtual machine.
You might want to limit the number of simultaneous connections for performance or security reasons.
NOTE This setting does not affect Virtual Network Computing (VNC) or Remote Desktop Protocol
(RDP) connections.
5 (Optional) Select the Account lockout enabled check box, select the number of invalid logins to accept
before locking a user account, and select the lockout interval.
6 Click Next.
Review Your Organization Profile
You can review and modify some of the information in your organization's profile
You are an organization administrator.
Procedure
1 Click Administration.
34 VMware, Inc.
2 In the left pane, select Settings > General.
3 You can complete these operations.
Review your organization's default URL.
n
Modify your organization's full name.
n
Type a description.
n
4 Click Apply.
Modify Your Email Settings
You can review and modify the default email settings that were set when the system administrator created
your organization.
You are an organization administrator.
Procedure
1 Click Administration.
2 In the left pane, select Settings > Email.
3 Select an SMTP server option.
Chapter 3 Working in an Organization
Option Description
Use system default SMTP server
Set organization SMTP server
The organization uses the system SMTP server.
The organization uses its own SMTP server. Type the DNS host name or IP
address and port number of the SMTP server. (Optional) Select the
Requires authentication check box and type a user name and password.
4 Select a notification settings option.
Option Description
Use system default notification
settings
Set organization notification
settings
The organization uses the system notification settings.
The organization uses its own notification settings. Type an email address
that appears as the sender for organization emails, type text to use as the
subject prefix for organization emails, and select the recipients for
organization emails.
5 (Optional) Type a destination email address and click Test Email Settings to verify that all SMTP server
settings are configured as expected.
6 Click Apply.
Modify Your Organization's Policies
You can review and modify the default policies that were set by the system administrator when your
organization was created.
You are an organization administrator.
Procedure
1 Click Administration.
2 In the left pane, select Settings > Policies.
VMware, Inc. 35
vCloud Director User's Guide
3 Select the lease options for vApps and vApp templates.
Leases provide a level of control over an organization's storage and compute resources by specifying
the maximum amount of time that vApps can be running and that vApps and vApp templates can be
stored. You can also specify what happens to vApps and vApp templates when their storage lease
expires.
4 Select the quotas for running and stored virtual machines.
Quotas determine how many virtual machines each user in the organization can store and power on in
the organization's virtual datacenters. The quotas you specify act as the default for all new users added
to the organization.
5 Select the limits for resource intensive operations.
Certain vCloud Director operations, for example copy and move, are more resource intensive than
others. Limits prevent resource intensive operations from affecting all the users in an organization and
also provide a defense against denial-of-service attacks.
6 Select the number of simultaneous VMware Remote Console connections for each virtual machine.
You may want to limit the number of simultaneous connections for performance or security reasons.
NOTE This setting does not affect Virtual Network Computing (VNC) or Remote Desktop Protocol
(RDP) connections.
7 (Optional) Select the Account lockout enabled check box, select the number of invalid logins to accept
before locking a user account, and select the lockout interval.
8 Click Apply.
Set Default Domain for Organization Virtual Machines
You can set a default domain which virtual machines created in your organization can join. Virtual
machines can always join a domain for which they have credentials, regardless of whether or not you
specify a default domain.
You are an organization administrator.
Procedure
1 Click Administration.
2 In the left pane, select Settings > Guest Personalization.
3 Select the Enable domain join for virtual machines in this organization.
4 Type the domain name, domain user name, domain password.
These credentials apply to a regular domain user, not a domain administrator.
5 Click Apply.
Enable Your Organization to Use an SAML Identity Provider
Enable your organization to use an SAML identity provider, also called single sign-on, to import users and
groups from an SAML identity provider and allow imported users to sign on to the organization with the
credentials established in the SAML identity provider.
Prerequisites
Verify that you are logged in as a system or organization administrator.
n
36 VMware, Inc.
Chapter 3 Working in an Organization
Verify that you have access to an OpenAM or Active Directory Federation Services SAML identity
n
provider.
Create an XML file with the following metadata from your SAML identity provider.
n
The location of the single sign-on service
n
The location of the single logout service
n
The location of the service's X.509 certificate
n
For information on configuring and acquiring metadata from an OpenAM or Active Directory
Federation Services SAML provider, consult the documentation for your SAML provider.
Procedure
1 Click Administration.
2 In the left pane, select Settings > Federation.
3 Select Use SAML Identity Provider.
4 Copy and paste the SAML provider metadata XML into the text box or click Browse to upload the
metadata XML file.
5 Click Apply.
What to do next
Configure your SAML provider with vCloud Director metadata. See your SAML provider's
n
documentation and the vCloud Director Installation and Upgrade Guide.
Configure your SAML provider to provide tokens with the following attribute mappings.
n
email address = "EmailAddress"
n
user name = "UserName"
n
full name = "FullName"
n
user's groups = "Groups"
n
Import users and groups from your SAML provider.
n
Install the JCE unlimited strength jurisdiction policy files. See
n
Install Java Cryptography Extension Unlimited Strength Jurisdiction Policy Files
Install Java Cryptography Extension unlimited strength jurisdiction files to remove restrictions on
cryptographic strength in JCE. These restrictions can prevent users from successfully logging in to vCloud
Director using vSphere Single Sign On.
Because of import control restrictions of some countries, the version of the JCE policy files that are bundled
in the JRE bundled in vCloud Director, allow strong but limited cryptography to be used, which is
insufficient to deal with the encryption strength used by the SAML identity provider.
Prerequisites
Verify that you are a system administrator.
Procedure
1 In the /opt/vmware/vcloud-director/jre/bin/java -version directory, identify the version of Java
used by vCloud Director.
VMware, Inc. 37
vCloud Director User's Guide
2 Download the policy files for the version of Java being used from the following links.
Java Runtime Environment 6
n
Java Runtime Environment 7
n
3 Use the cell management tool to quiesce the vCloud Director cell.
See the vCloud Director Installation and Upgrade Guide.
4 Stop vCloud Director services.
See the vCloud Director Installation and Upgrade Guide.
5 Locate the JRE policy files in the $VCLOUD_HOME/jre directory and replace them with the downloaded
policy files using the same permissions as the replaced files.
6 Enable the cell using the cell management tool.
What to do next
Repeat this procedure for all cells in vCloud Director.
Manage Users and Groups in Your Organization
You can manage the roles and rights that users and groups have in your organization.
You are an organization administrator.
Procedure
1 Click Administration.
2 In the left pane, select Members > Users or Members > Groups.
You can modify properties or roles.
3 Right-click the user or group and select Properties.
4 Make the necessary changes and click OK.
Your user or group settings are updated.
Manage Resources in Your Organization
You must monitor and manage the resources you add to your organization.
You are an organization administrator.
Procedure
1 Click Administration.
2 In the left pane, under Cloud Resources, select Virtual Datacenters.
The virtual datacenters in your organization appear in the right pane. See also Chapter 2, “Managing Cloud
Resources,” on page 17
Manage Virtual Machines in Your Organization
You can manage virtual machines in your organization. Virtual machines provide access to vCloud Director
operations at the virtual machine console level.
You are an organization administrator.
38 VMware, Inc.
Procedure
1 Click My Cloud.
2 In the left pane, select VMs.
3 Select a virtual machine, right-click, and select Properties.
4 Modify the relevant properties in each of the tabs and click OK.
What to do next
For more information on managing virtual machines, see Chapter 8, “Working with Virtual Machines,” on
page 91.
Viewing Organization Log Tasks and Events
You can view tasks and events in your organization to monitor and audit vCloud Directory activities.
vCloud Director tasks are long-running operations and their status changes as the task progresses. For
example, a task's status generally starts as Running. When the task finishes, its status changes to Successful
or Error.
vCloud Director events are one-time occurrence that indicate an important part of an operation or a
significant state change for a vCloud Director object. vCloud Director also logs an event every time a user
logs in, and notes whether the attempt was successful or not.
Chapter 3 Working in an Organization
View Organization Events
You can view the log for an organization to monitor organization-level events. Failed events and view
events are listed by user.
You are an organization administrator.
Procedure
1 Click the My Cloud.
2 In the left pane, click Logs.
3 Click the Events tab.
vCloud Director displays information about each organization-level event.
4 Double-click an event for more information.
Only system administrators can view the details about most events.
View Organization Tasks
You can view the tasks in an organization, which helps you monitor and troubleshoot more effectively.
You are an organization administrator.
Procedure
1 Click My Cloud.
2 In the left pane, click Logs.
3 On the Tasks tab, you can examine the tasks in the organization.
4 Select a task, right-click, and select Open.
5 Review the information and click OK.
VMware, Inc. 39
vCloud Director User's Guide
What to do next
To troubleshoot a failed task, contact your system administrator.
40 VMware, Inc.
Working with Catalogs 4
A catalog is a container for vApp templates and media files in an organization. Organization administrators
and catalog authors can create catalogs in an organization. Catalog contents can be shared with other users
or organizations in the vCloud Director installation or published externally for access by organizations
outside the vCloud Director installation.
vCloud Director contains private catalogs, shared catalogs, and externally accessible catalogs. Private
catalogs include vApp templates and media files that you can share with other users in the organization. If a
system administrator enables catalog sharing for your organization, you can share an organization catalog
to create a catalog accessible to other organizations in the vCloud Director installation. If a system
administrator enables external catalog publishing for your organization, you can publish an organization
catalog for access by organizations outside the vCloud Director installation. An organization outside the
vCloud Director installation must subscribe to an externally published catalog to access its contents.
You can upload an OVF package directly to a catalog, save a vApp as a vApp template, or import a vApp
template from vSphere. See “Upload an OVF Package as a vApp Template,” on page 55 and “Save a vApp
as a vApp Template,” on page 58. You can upload media files directly to a catalog. See “Upload Media
Files,” on page 49.
Members of an organization can access vApp templates and media files that they own or that are shared
with them. Organization administrators and system administrators can share a catalog with everyone in an
organization or with specific users and groups in an organization. See “Share A Catalog,” on page 43.
VMware, Inc.
This chapter includes the following topics:
“Add a New Catalog,” on page 42
n
“Access a Catalog,” on page 43
n
“Share A Catalog,” on page 43
n
“Publish a Catalog to an External Organization,” on page 44
n
“Change the Owner of a Catalog,” on page 45
n
“Delete a Catalog,” on page 45
n
“Change the Properties of Your Catalog,” on page 45
n
“Subscribe to an External Catalog Feed,” on page 46
n
“Understanding Catalogs and Their Contents,” on page 46
n
“Working in Published Catalogs,” on page 47
n
41
vCloud Director User's Guide
Add a New Catalog
You can create catalogs to group your vApp templates and media files.
Prerequisites
Verify that you are at least a catalog author.
Procedure
1 Click Catalogs and select My Organization's Catalogs in the left pane.
2 On the Catalogs tab, click Add Catalog.
3 Type a catalog name and optional description and click Next.
4 Select the type of storage to use for vApp templates and ISOs in this catalog and click Next.
Option Description
Use any available storage in the
organization
Pre-provision storage on specific
storage policy
5 Click Add Members.
This catalog uses any available storage in the organization.
Select a virtual datacenter storage policy to use for this catalog's vApp
templates and ISOs and click Add. The selected storage policy causes the
vApp template size to count against your catalog storage quota.
NOTE This option might be unavailable, depending on your organizational settings.
a Select which users and groups in the organization can access this catalog.
Select Everyone in this organization to grant catalog access to all users and groups in the
n
organization.
Select Specific users and groups to grant catalog access to certain users or groups and click
n
Add.
b Select the access level for users with access to this catalog from the drop-down menu and click OK.
Select Read Only to grant read access to the catalog's vApp templates and ISOs.
n
Select Read/Write to grant read access to the catalog's vApp templates and ISOs, and to allow
n
user to add vApp templates and ISOs to the catalog.
Select Full Control to grant full access to the catalog's contents and settings.
n
42 VMware, Inc.
Chapter 4 Working with Catalogs
6 Click Add Organizations.
NOTE This option might be unavailable, depending on your organizational settings.
a Select which organizations on this vCloud Director installation can access this catalog.
Select All organizations to grant catalog access to all organizations in the vCloud Director
n
installation.
Select Specific organizations to grant catalog access to certain organizations and click Add.
n
b Select the access level for users with access to this catalog from the drop-down menu and click OK.
Select Read Only to grant read access to the catalog's vApp templates and ISOs.
n
Select Read/Write to grant read access to the catalog's vApp templates and ISOs, and to allow
n
organizations to add vApp templates and ISOs to the catalog.
Select Full Control to grant full access to the catalog's contents and settings.
n
7 Click Next.
8 (Optional) Select Enabled and click to allow the creation of a catalog feed for consumption by catalogs
outside this vCloud Director installation and supply a password for the catalog feed.
9 (Optional) Select Enable early catalog export to optimize synchronization.
Before selecting this option, verify that you have available storage at the transfer server location for the
exported catalog.
10 (Optional) Select Preserve identity information to include BIOS and UUID information in the
downloaded OVF package.
Enabling this option limits portability of the OVF package.
11 Review the catalog settings and click Finish.
The new catalog appears in My Organization's Catalogs. A catalog's displayed status on this page does not
reflect the status of the templates and vApps in the catalog.
Access a Catalog
If the system administrator granted you catalog access, you can access catalogs in your organization and
public catalogs that other organizations published.
Procedure
1 Click Catalogs.
2 In the left pane, click a catalog option.
3 In the right pane, select a catalog, right-click, and select Open.
Share A Catalog
You can share a catalog to make it visible to the administrators in all other organizations in a cloud. Users
with the proper rights and access level can use vApp templates and media from the shared catalog to create
their own vApps.
Prerequisites
Verify that you are an organization administrator and the system administrator has granted you write
access to the catalog.
VMware, Inc. 43
vCloud Director User's Guide
Procedure
1 Click Catalog and select My Organization's Catalogs in the left pane.
2 On the Catalogs tab, right-click the catalog name and select Publish Settings.
3 On the Sharing tab, click Add Members.
4 Select which users and groups in the organization can access this catalog.
Option Description
Everyone in this organization
Specific users and groups
5 Select the access level for users with access to this catalog from the drop-down menu.
Option Description
Read Only
Read/Write
Full Control
6 Click OK.
All users and groups in the organization have access to this catalog.
Select users or groups to grant catalog access to and click Add.
Users with access to this catalog have read access to the catalog's vApp
templates and ISOs.
Users with access to this catalog have read access to the catalog's vApp
templates and ISOs and can add vApp templates and ISOs to the catalog.
Users with access to this catalog have full control of the catalog's contents
and settings.
7 Click Add Organizations.
8 Select which organizations on this vCloud Director installation can access this catalog.
Option Description
All organizations
All organizations in the vCloud Director installation have access to this
catalog.
9 Click OK and click OK again.
The catalog and all of its contents appear under Public Catalogs for selected users and groups in the vCloud
Director installation.
Publish a Catalog to an External Organization
If the system administrator has granted you catalog access, you can publish a catalog externally to make its
vApp templates and media files available for subscription by organizations outside the vCloud Director
installation.
Prerequisites
Verify that the system administrator enabled external catalog publishing for the organization and granted
you catalog access.
Procedure
1 Click Catalog and select My Organization's Catalogs in the left pane.
2 On the Catalogs tab, right-click the catalog name and select Publish Settings.
3 On the External Publishing tab, select Enabled and supply a password for the catalog feed.
4 Click OK.
44 VMware, Inc.
What to do next
Provide the subscription URL listed on the External Publishing tab and the password to grant access to the
catalog. An organization must subscribe to the catalog to gain access to its contents.
Change the Owner of a Catalog
You can change the owner of a catalog. Before you can delete a user who owns a catalog, you must change
the owner or delete the catalog.
Prerequisites
Verify that the system administrator gave you access to the catalog.
Procedure
1 Select Catalog > My Organization's Catalogs.
2 Click the Catalogs tab, right-click a catalog, and select Change Owner.
3 Select a user from the list or search for one.
You can search for a user by full name or by their user name.
4 Click OK.
Chapter 4 Working with Catalogs
Delete a Catalog
You can delete a catalog from your organization.
Prerequisites
Verify that the system administrator gave you access to the catalog.
The catalog must not contain any vApp templates or media files. You can move these items to a different
catalog or delete them.
Procedure
1 Click Catalog.
2 In the left pane, click My Organization's Catalogs.
3 Select a catalog, right-click, and select Delete.
4 Click Yes.
The empty catalog is deleted from your organization.
Change the Properties of Your Catalog
You can review and change your catalog properties.
Prerequisites
Verify that you are at least a catalog author.
Procedure
1 Click Catalog.
2 In the left pane, click My Organization's Catalogs.
3 Select a catalog, right-click, and select Properties.
4 Review the properties in the General, Sharing, and External Publishing tabs.
VMware, Inc. 45
vCloud Director User's Guide
5 Change the relevant properties and click OK.
Your catalog properties are updated.
Subscribe to an External Catalog Feed
You subscribe an organization to an external catalog feed to access a catalog from outside of the installation
of vCloud Director.
Procedure
1 Click Catalogs and select My Organization's Catalogs in the left pane.
2 Click Add Catalog and type a name and optional description for the catalog feed.
3 Select Subscribe to an external catalog and click Next.
4 Select the type of storage to use for this catalog feed and click Next.
Option Description
Use any available storage in the
organization
Pre-provision storage on specific
storage policy
5 Click Add Members.
This catalog feed uses any available storage in the organization.
Select a virtual datacenter storage policy to use for this catalog feed and
click Add.
6 Select which users and groups in the organization can access this catalog feed and click OK.
Option Description
Everyone in this organization
Specific users and groups
All users and groups in the organization have access to this catalog feed.
Select users or groups to which to grant catalog feed access and click Add.
7 Click Add Organizations.
8 Select which organizations on this vCloud Director installation can access this catalog feed and click
OK.
Option Description
All organizations
Specific organizations
All organizations in the vCloud Director installation have access to this
catalog feed.
Select the organizations to which to grant catalog feed access and click
Add.
9 Click Next.
10 Review the catalog feed settings and click Finish.
Understanding Catalogs and Their Contents
An organization's catalog consists of a list of catalogs, vApp templates, and media files in your organization.
When you click Catalog in the menu bar, these tabs appear.
Catalogs
n
vApp Templates
n
Media
n
If you are an organization administrator, you can access catalogs in the left pane.
46 VMware, Inc.
Chapter 4 Working with Catalogs
Access vApp Templates in a Catalog
You can access vApp templates in a catalog in your organization or, if you are an organization
administrator, from a published catalog.
Procedure
1 Click Catalog.
2 In the left pane, click My Organization's Catalogs and click the vApp Templates tab.
3 Right-click a vApp template to see the operations you can complete.
Access Media Files in a Catalog
You can access media files in a catalog in your organization or, if you are a organization administrator, a
published catalog.
Procedure
1 Click Catalog.
2 In the left pane, click My Organization's Catalogs and click the Media tab.
3 Right-click a media file to see the operations you can complete.
Working in Published Catalogs
Organization administrators can access a published catalog and copy its vApp templates and media files to
a catalog in their organization. They can then share the organization catalog with other members of their
organization so that they can use the vApp templates and media files.
Accessing vApp Templates from a Public Catalog
You can access vApp templates from published catalogs and copy them to your catalog.
Prerequisites
Verify that you are an organization administrator.
Procedure
1 Click Catalog.
2 In the left pane, click Public Catalogs.
3 On the vApp Templates tab, select a vApp template, right-click and select an operation.
You cannot change properties until you copy the vApp template to your catalog. If you select Add to
My Cloud, the vApp template is saved and added as a vApp.
4 Click OK.
The vApp template you selected is added to the catalog that you selected in your organization.
Accessing a Media File from a Public Catalog
You can access a media file from a published catalog and add it to your organization.
Prerequisites
Verify that you are an organization administrator.
VMware, Inc. 47
vCloud Director User's Guide
Procedure
1 Click Catalogs.
2 In the left pane, click Public Catalogs.
Media files are available for use if they reside in the same virtual datacenter as your Cloud vApp.
3 On the Media tab, select a media file, right-click and select Copy to Catalog.
4 Click OK.
The media file is copied to your catalog.
What to do next
You can select the media file and move it to another catalog in your organization, delete it, or change its
properties.
48 VMware, Inc.
Working with Media Files 5
The catalog allows you to upload, copy, move, and edit the properties of media files.
This chapter includes the following topics:
“Upload Media Files,” on page 49
n
“Resume the Upload of a Media File,” on page 50
n
“Copy Media Files to a Catalog,” on page 50
n
“Move Media Files to Another Catalog,” on page 50
n
“Delete Media Files,” on page 51
n
“Modify Media File Properties,” on page 51
n
Upload Media Files
You can upload media files to a catalog. Users with access to the catalog can use the media files to install
applications on their virtual machines.
Prerequisites
VMware, Inc.
Verify that the computer from which you are uploading has Java Plug-in 1.6.0_10 or later installed.
You are at least a catalog author.
Procedure
1 Select Catalogs > My Organization's Catalogs.
2 On the Media tab, click Upload.
3 Type the path to the media file path or click Browse, locate the file, and click Upload.
4 Type a name and optional description for the media file.
This is the name that appears in vCloud Director.
5 Select the destination virtual datacenter, storage policy, and catalog.
6 Click Upload.
The media file is uploaded to the specified location. You can click Launch Uploads and Downloads
Progress Window to track the progress.
49
vCloud Director User's Guide
Resume the Upload of a Media File
If you paused, cancelled, or interrupted the upload of a media file, you can resume it.
You are at least a catalog author.
n
If you log out of vCloud Director and log in, transfer history is lost. You cannot resume the upload.
n
The default timeout for pending transfer sessions is one hour. You can configure this value.
n
During pending or stopped transfers, the session keep alive heartbeat kicks in every 15 minutes. To
n
ensure that the session does not time out while tasks are paused, make sure the session timeout value is
more than 15 minutes.
Prerequisites
You have initiated the upload or download of a media file.
Procedure
1 In the Launch the Uploads and Downloads Progress Window, click Pause or Cancel.
The status changes to Stopped in the progress window and Waiting in the Media Files page.
2 In the Launch the Uploads and Downloads Progress Window, click Resume.
The upload or download process resumes.
3 Monitor the progress in the Launch the Uploads and Downloads Progress window.
Copy Media Files to a Catalog
You can copy media files to another catalog.
Prerequisites
Verify that you have access to multiple virtual datacenters.
n
Verify that you are at least a catalog author.
n
Procedure
1 Click Catalogs.
2 On the Media tab, select a media file, right-click, and select Copy To Catalog.
3 Type a name and description.
4 Select the destination catalog.
5 Click OK.
The media file is copied to and stored in the selected catalog.
Move Media Files to Another Catalog
You can move media files to another catalog in your organization.
Prerequisites
Verify that you have access to multiple catalogs and virtual datacenters.
n
Verify that you are at least a catalog author.
n
50 VMware, Inc.
Procedure
1 Click Catalogs.
2 Click the Media tab, select a media file, right-click, and select Move To Catalog.
3 Select a catalog.
The catalog you select must be in your organization.
4 Click OK.
The media file is moved to the selected catalog.
Delete Media Files
You can delete media files from your catalog.
You are at least a catalog author.
Procedure
1 Click Catalogs > My Organization's Catalogs.
2 On the Media tab, select a media file, right-click, select Delete.
Chapter 5 Working with Media Files
3 Click Yes.
The media file is deleted.
Modify Media File Properties
You can review and modify some properties of a media file.
You are at least a catalog author.
Procedure
1 Click Catalogs > My Organization's Catalogs.
2 On the Media tab, select a media file, right-click, and select Properties.
3 Modify the name or description.
4 Click OK.
VMware, Inc. 51
vCloud Director User's Guide
52 VMware, Inc.
Working with vApp Templates 6
A vApp template is a virtual machine image that is loaded with an operating system, applications, and data.
These templates ensure that virtual machines are consistently configured across an entire organization.
This chapter includes the following topics:
“Open a vApp Template,” on page 53
n
“Add a vApp Template to My Cloud,” on page 54
n
“Download a vApp Template,” on page 54
n
“Upload an OVF Package as a vApp Template,” on page 55
n
“Resume the Upload of a vApp Template,” on page 56
n
“Copy a vApp Template from a Public Catalog to an Organization Catalog,” on page 56
n
“Copy a vApp Template Between an Organization's Catalogs,” on page 57
n
“Move a vApp Template Between an Organization's Catalogs,” on page 57
n
“Delete a vApp Template,” on page 57
n
“Save a vApp as a vApp Template,” on page 58
n
“Modify vApp Properties,” on page 58
n
“Change the Guest OS Properties of a vApp Template,” on page 59
n
Open a vApp Template
You can open a vApp template to learn more about the virtual machines that it contains.
You are at least a vApp user.
Procedure
1 Click Catalogs.
2 In the left pane, click on a catalog option.
My Organization's Catalogs
n
Public Catalogs
n
You can open vApp templates in your organization's catalogs or, if you are an organization
administrator, from a public catalog.
3 On the vApp Templates tab, select a vApp template, right-click, and select Open.
VMware, Inc.
53
vCloud Director User's Guide
Add a vApp Template to My Cloud
You can add a vApp template as a vApp from your catalog to My Cloud.
You are at least a vApp author.
If the vApp template is based on an OVF file that includes OVF properties for customizing its virtual
machines, those properties are passed to the vApp. If any of those properties are user-configurable, you can
specify the values.
Prerequisites
A vApp template is available in a published or a locally shared catalog.
Procedure
1 Click Catalogs.
2 In the left pane, click a catalog option.
You can access vApp templates in your organization's shared catalogs or, if you are an organization
administrator, from a public catalog.
3 On the vApp Templates tab, select a vApp template, right-click, and select Add to My Cloud.
4 Type a name and optional description for the vApp.
5 Select a virtual datacenter to add the vApp to.
6 Select the storage policies for the vApp's virtual machines to use when deployed from each virtual
machine's drop-down menu.
7 Select runtime and storage lease duration from the drop-down menus.
8 Configure the networking options for the vApp.
9 (Optional) Configure vApp hardware settings.
Option Description
VCPUs
Memory
Hard disk space
Type the number of virtual CPUs and cores per socket for the vApp's
virtual machines or leave this section unchanged to use the template's
default virtual CPU configuration.
Type the amount of memory for the vApp's virtual machines or leave this
section unchanged to use the template's default memory configuration.
Type the hard disk space for the vApp's virtual machines or leave this
section unchanged to use the template's default hard disk configuration.
10 Click Next.
11 (Optional) Select Power on vApp after this wizard is finished to power on the vApp after vApp
creation is complete.
12 Review the vApp summary information and click Finish.
vCloud Director creates a vApp on the vApps page.
Download a vApp Template
You can download a vApp template from a catalog locally as an OVF file.
You are at least a catalog author.
54 VMware, Inc.
Prerequisites
The computer from which you are downloading must have Java Plug-in 1.6.0_10 or later installed.
Procedure
1 Click Catalogs.
2 In the left pane, click on a catalog option.
My Organization's Catalogs
n
Public Catalogs
n
You can download vApp templates from your organization's catalogs or, if you are an organization
administrator, from a public catalog.
3 On the vApp Templates tab, select a vApp template, right-click, and select Download.
4 Navigate to the local folder where you want to save the OVF file and click Save.
You can click the Launch Uploads and Downloads Progress Window button from My Organization's
Catalogs to track the progress.
Upload an OVF Package as a vApp Template
You can upload an OVF package from remote shares and your local directory to vCloud Director as a vApp
template.
Chapter 6 Working with vApp Templates
You are at least a catalog creator.
vCloud Director supports OVFs based on the Open Virtualization Format (OVF) Specification. If you upload
an OVF file that includes OVF properties for customizing its virtual machines, those properties are
preserved in the vApp template.
Prerequisites
The computer from which you are uploading must have Java Plug-in 1.6.0_10 or later installed.
n
For information about creating OVFs, see the OVF Tool User Guide and VMware vCenter Converter 4.0.1
n
User's Guide.
vCloud Director does not support uploading compressed OVF files.
n
Procedure
1 Click Catalogs > My Organization's Catalogs.
2 On the vApp Templates tab, click the Upload button.
3 Type the name and path of the OVF file to upload, or click Browse, select the OVF file, and click
Upload.
4 Type a name and optional description for the vApp template.
5 Select a destination virtual datacenter and catalog.
6 Click Upload.
You can click the Launch Uploads and Downloads Progress Window button to track the progress.
What to do next
Verify that VMware Tools is installed in each virtual machine in the vApp. See “Installing VMware Tools in
a vApp,” on page 105.
VMware, Inc. 55
vCloud Director User's Guide
Resume the Upload of a vApp Template
If the upload process is interrupted, paused, or cancelled you can resume it.
You are at least a catalog creator.
n
If you log out of vCloud Director and log in, transfer history is lost. You cannot resume the upload.
n
The default timeout for pending transfer sessions is one hour. You can configure this value up to one
n
hour.
During pending or stopped transfers, the session keep alive heartbeat kicks in every 15 minutes. To
n
ensure that the session does not time out while tasks are paused, make sure the session timeout value is
more than 15 minutes.
Prerequisites
You have initiated the upload or download of a vApp template.
Procedure
1 In the Launch Uploads and Downloads Progress Window, click Pause or Cancel.
The status changes to Stopped in the progress window and Waiting in the vApp Template page.
2 In the Launch Uploads and Downloads Progress Window, click Resume.
The upload or download process resumes.
3 Monitor the progress in the Launch Uploads and Downloads Progress Window .
Copy a vApp Template from a Public Catalog to an Organization Catalog
You can copy a vApp template from a public catalog to your organization catalog to make it available to
users in your organization.
You are a vApp author or organization administrator.
Prerequisites
You have a catalog and virtual datacenter.
Procedure
1 Click Catalogs.
2 In the left pane, click Public Catalogs.
3 On the vApp Templates tab, select a vApp template, right-click, and select Copy To Catalog.
4 Type a name and optional description for the vApp.
5 Select a destination catalog and virtual datacenter.
Select a shared catalog to give organization users access to the template.
6 Click OK.
vCloud Director copies the vApp template to the organization catalog. The vApp appears on the vApp
Templates tab in My Organization's Catalogs.
56 VMware, Inc.
Chapter 6 Working with vApp Templates
Copy a vApp Template Between an Organization's Catalogs
You can copy a vApp template from one catalog in your organization to another catalog in the same
organization. This is useful if the catalogs are shared with different users and you want both groups of users
to have access to the vApp template.
You are an organization administrator, catalog author, or vApp author.
Prerequisites
You must have access to at least two catalogs and a virtual datacenter with available space.
Procedure
1 Click Catalogs > My Organization's Catalogs.
2 On the vApp Templates tab, right-click a vApp template and select Copy to Catalog.
3 Type a name and optional description for the vApp template.
4 Select the destination catalog and virtual datacenter.
If you select a published catalog, the vApp template will be available to all organizations in the vCloud
Director installation.
5 Click OK.
Move a vApp Template Between an Organization's Catalogs
You can move a vApp template from one catalog in your organization to another catalog in the same
organization. This is useful if you want to move a template from a published catalog to an unpublished
catalog or the reverse.
You are an organization administrator or catalog author.
Prerequisites
You must have access to at least two catalogs and a virtual datacenter with available space.
Procedure
1 Click Catalogs > My Organization's Catalogs.
2 On the vApp Templates tab, right-click a vApp template and select Move To Catalog.
3 Select a destination catalog and virtual datacenter.
If you select a published catalog, the vApp template will be available to all organizations in the vCloud
Director installation.
4 Click OK.
vCloud Director copies the source vApp template to the destination catalog and then deletes the source
vApp template.
Delete a vApp Template
You can delete a vApp template from an organization catalog. If the catalog is published, the vApp template
is also deleted from Public Catalogs.
You are at least a vApp author.
VMware, Inc. 57
vCloud Director User's Guide
Procedure
1 Click Catalogs > My Organization's Catalogs.
2 On the vApp Templates tab, select a vApp template, right-click, and select Delete.
3 Click Yes.
The selected vApp is deleted.
Save a vApp as a vApp Template
You can save a vApp to a catalog as a vApp template.
Prerequisites
Verify that the following conditions are met.
Your organization has a catalog and a virtual datacenter with available space.
n
You are at least a vApp author.
n
Procedure
1 Click My Cloud.
2 In the left pane, click vApps.
3 Right-click a vApp and select Add to Catalog.
Beginning with vCloud Director 5.5, you can add a running vApp to a catalog. If you select a running
vApp, it will be added to the catalog as a vApp template with all of its virtual machines in a suspended
state.
4 Type a name and optional description for the vApp template.
5 Select a virtual datacenter, a catalog, and a storage lease.
6 Select a vApp creation option.
This option applies when creating a vApp based on this template. It is ignored when building a vApp
using individual virtual machines from this template.
Option Description
Make identical copy
Customize VM settings
vApps that are created from this vApp template must follow the guest
operating system settings of the vApp template. If you select this option,
and guest customization is enabled, the guest operating system is
personalized.
Guest operating system is personalized regardless of the vApp template
settings, and the guest operating system is personalized when the vApp is
deployed. This option requires that a supported version of VMware Tools
be installed on all virtual machines in the vApp.
7 Click OK.
The vApp is saved as a vApp template and appears in the destination catalog.
Modify vApp Properties
You are an organization administrator.
Procedure
1 Click Catalogs > My Organization's Catalogs.
58 VMware, Inc.
Chapter 6 Working with vApp Templates
2 On the vApp Templates tab, right-click a vApp template and select Properties.
3 On the General tab, modify the vApp template name and description.
4 Select a vApp creation option.
This option applies when creating a vApp based on this template. It is ignored when building a vApp
using individual virtual machines from this template.
Option Description
Make identical copy
Customize VM settings
vApps that are created from this vApp template must follow the guest
operating system settings of the vApp template. If you select this option,
and guest customization is enabled, the guest operating system is
personalized.
Guest operating system is personalized regardless of the vApp template
settings, and the guest operating system is personalized when the vApp is
deployed. This option requires that a supported version of VMware Tools
be installed on all virtual machines in the vApp.
5 Choose whether or not to mark the vApp template as a Gold Master in the catalog.
If you mark a vApp template as a Gold Master, this information appears in the list of vApp templates.
6 To reset the vApp template storage lease, select the Reset lease check box and select a new storage
lease.
7 Click OK.
Change the Guest OS Properties of a vApp Template
You can change the guest operating system properties of an existing vApp template, such as password and
domain properties.
Prerequisites
Verify that you are at least a vApp author.
Procedure
1 Click Catalogs.
2 In the left pane, click My Organization's Catalogs.
3 Click the vApp Templates tab, right-click the vApp template to change and select Open.
4 Click the VMs tab, right-click the virtual machine to change and select Properties.
5 Click the Guest OS Customization tab.
6 (Optional) Change guest OS properties.
Option Description
Guest customization.
Change SID
Allow local administrator password
Require administrator to change
password on first login
Enable this VM to join a domain
Browse
Enables or disables guest customization.
Runs Sysprep to change Windows SID. This option is available only for
virtual machines running a Windows guest operating system.
Allows setting an administrator password on the guest operating system.
Requires the administrator to change this password the first time they log
in to the guest operating system.
Type domain properties to have the virtual machine join a domain
Navigate to a customization script, and click OK to add the customization
script to the vApp template.
VMware, Inc. 59
vCloud Director User's Guide
7 Click OK.
60 VMware, Inc.
Working with vApps 7
A vApp consists of one or more virtual machines that communicate over a network and use resources and
services in a deployed environment. A vApp can contain multiple virtual machines.
This chapter includes the following topics:
“Create a vApp From a vApp Template,” on page 62
n
“Create a New vApp,” on page 62
n
“Import a Virtual Machine as a vApp,” on page 64
n
“Create a vApp From an OVF Package,” on page 64
n
“About the vApp Placement Engine,” on page 65
n
“Download a vApp as an OVF Package,” on page 66
n
“Start a vApp,” on page 67
n
“Start a vApp with an Older Version of VMware Tools,” on page 67
n
“Stop a vApp,” on page 67
n
“Suspend a vApp,” on page 68
n
VMware, Inc.
“Discard the Suspended State of a vApp,” on page 68
n
“Reset a vApp or Virtual Machine,” on page 68
n
“View vApp Virtual Machines,” on page 68
n
“Add a Virtual Machine to a vApp,” on page 69
n
“Import a Virtual Machine to a vApp from vSphere,” on page 69
n
“Remove Virtual Machines from a vApp,” on page 70
n
“Set vApp Start and Stop Options,” on page 70
n
“Working with Networks in a vApp,” on page 71
n
“Editing vApp Properties,” on page 83
n
“Display a vApp Diagram,” on page 85
n
“Change the Owner of a vApp,” on page 85
n
“Upgrade the Virtual Hardware Version for a vApp,” on page 85
n
“Save vApp as a vApp Template to Your Catalog,” on page 86
n
“Save a Powered-On vApp to your Catalog,” on page 86
n
61
vCloud Director User's Guide
“Create a Snapshot of a vApp,” on page 87
n
“Revert a vApp to a Snapshot,” on page 87
n
“Remove a Snapshot of a vApp,” on page 87
n
“Copy a vApp to Another Virtual Datacenter,” on page 88
n
“Copy a Powered-On vApp,” on page 88
n
“Move a vApp to Another Virtual Datacenter,” on page 89
n
“Delete a vApp,” on page 89
n
Create a vApp From a vApp Template
You can create a new vApp based on a vApp template stored in a catalog to which you have access.
Only organization administrators and vApp authors can access vApp templates in public catalogs.
n
vApp users and above can access vApp templates in organization catalogs shared to them.
n
If the vApp template is based on an OVF file that includes OVF properties for customizing its virtual
machines, those properties are passed to the vApp. If any of those properties are user-configurable, you can
specify the values.
Procedure
1 Click My Cloud > vApps.
2 Click the Add vApp from Catalog button.
3 Select My organization's catalogs or Public catalogs from the drop-down menu.
4 Select a vApp template and click Next.
5 Type a name and optional description for the vApp.
6 Select a runtime and storage lease and click Next.
7 Select a virtual datacenter, configure the virtual machines in the vApp, and click Next.
8 Configure the custom properties, if any, and click Next.
9 Configure the networking options for the vApp and click Next.
10 Review the vApp summary information and click Finish.
vCloud Director creates a vApp in My Cloud.
Create a New vApp
If you don't want to create a vApp based on a vApp template, you can create a new vApp using virtual
machines from vApp templates, new virtual machines, or a combination of both.
You are at least a vApp author.
Procedure
1 Complete the vApp Profile on page 63
When you create a new vApp, you must provide some basic information.
2 Add Virtual Machines to the vApp on page 63
You can search your catalogs for virtual machines to add to the vApp or add new, blank virtual
machines.
62 VMware, Inc.
3 Configure the Virtual Machines on page 63
Select the virtual datacenter in which this vApp is stored and runs when it's started. Name each
virtual machine and select the network to which you want it to connect. You can configure additional
properties for virtual machines after you complete the wizard.
4 Configure Networks on page 64
You can determine how the vApp, its virtual machines, and its networks connect to the organization's
networks.
Complete the vApp Profile
When you create a new vApp, you must provide some basic information.
Procedure
1 Click My Cloud.
2 In the left pane, click vApps and click the Build New vApp button.
3 Type a name and optional description.
4 Select a runtime and storage lease and click Next.
Add Virtual Machines to the vApp
Chapter 7 Working with vApps
You can search your catalogs for virtual machines to add to the vApp or add new, blank virtual machines.
You must be an organization administrator or vApp author to access public catalogs.
Procedure
1 To add virtual machines from vApp templates, select My organization's catalogs or Public catalogs
from the drop-down menu, select one or more virtual machines, and click Add.
2 To add a new virtual machine, click New Virtual Machine, provide the required information about the
virtual machine, and click OK.
After you finish creating the new vApp, you can power on the new virtual machine and install an
operating system.
3 Click Next.
Configure the Virtual Machines
Select the virtual datacenter in which this vApp is stored and runs when it's started. Name each virtual
machine and select the network to which you want it to connect. You can configure additional properties for
virtual machines after you complete the wizard.
Procedure
1 Select a virtual datacenter.
2 (Optional) Modify the full name and computer name of each virtual machine.
3 Select a primary NIC and network for each virtual machine.
4 Select an IP assignment method for each NIC.
If you select Static - Manual, type the IP address.
5 Click Next.
VMware, Inc. 63
vCloud Director User's Guide
Configure Networks
You can determine how the vApp, its virtual machines, and its networks connect to the organization's
networks.
Procedure
1 Select Show networking details.
2 Review the network information.
3 Click Next.
4 Review the summary for the vApp.
5 Click Finish.
Import a Virtual Machine as a vApp
You can import a vSphere virtual machine to your organization as a vApp.
Prerequisites
Verify that you are at least a vApp author.
Procedure
1 Select My Cloud > vApps.
2 Click Import from vSphere.
3 Select a vCenter server from the drop-down menu and select a virtual machine to import.
4 Type a name and optional description for the vApp.
5 Select a virtual datacenter to which to import the vApp from the drop-down menu.
6 (Optional) Select a storage policy for the vApp from the drop-down menu.
7 Choose whether to move or copy the imported virtual machine, and click OK.
vCloud Director imports the vApp into My Cloud.
Create a vApp From an OVF Package
You can create and deploy a vApp directly from an OVF package without creating a vApp template and
corresponding catalog item.
Prerequisites
Verify that you have an OVF package to upload and that you have permission to upload OVF packages and
create vApps.
Procedure
1 Click My Cloud.
2 In the left pane, click vApps and click Add vApp from OVF.
64 VMware, Inc.
Chapter 7 Working with vApps
3 Select the source from which to upload the OVF package and click Next.
Option Action
URL
Local file
Type the URL of the OVF package to use.
Click Browse and navigate to the OVF package to use.
4 Review the details of the uploaded OVF and click Next.
5 Type a name and optional description for the vApp.
6 Select a virtual datacenter on which to store and run the vApp from the drop-down menu and click
Next.
7 Select a storage policy for the vApp's virtual machines from the drop-down menu and click Next.
8 Select the network for the virtual machines to connect to from each virtual machine's drop-down menu
and click Next.
9 Review the hardware settings for the virtual machines in the vApp and optionally change those
configurations.
If you change the hard disk size, you might need to configure the guest operating system after you
power on the virtual machine. You can only increase hard disk size, but not decrease it.
10 Click Next.
11 Review the vApp's configuration and click Finish.
About the vApp Placement Engine
The vCloud Director placement engine determines what resources, including resource pools, datastores, and
networks or network pools, on which to place the virtual machines in a vApp. The placement decision is
made independently for each virtual machine in a vApp based on the requirements of that virtual machine.
The placement engine runs in the following scenarios.
When you create a vApp, the placement engine determines what resource pool, datastore, and network
n
pool on which to place the vApp's virtual machines.
When you start a vApp, the placement engine might selectively move the vApp's virtual machines to
n
another resource pool, datastore, or network pool if the current resource pool, datastore, or network
pool lacks sufficient resources for the vApp to power on.
When you change the storage policy of a virtual machine, the placement engine moves the virtual
n
machine to a datastore and resource pool that support the new storage policy.
When virtual machines are migrated to different resource pools.
n
The placement engine uses the following criteria to select candidate resource pools for a virtual machine.
CPU capacity
n
Memory capacity
n
Number of virtual CPUs
n
Hardware version supported by the host
n
The placement engine filters out disabled resource pools from the candidate list so that no virtual machine is
created on a disabled resource pool. When possible, the placement engine places virtual machines on the
same hub as other virtual machines in the organization virtual datacenter.
VMware, Inc. 65
vCloud Director User's Guide
The placement engine uses the following criteria to select candidate datastores for a vApp and its virtual
machines.
Storage capacity
n
Storage policy
n
The placement engine filters out disabled datastores from the candidate list so that no virtual machine is
created on a disabled datastore.
The placement engine uses the network name to select candidate network pools for a vApp and its virtual
machines.
After the placement engine selects a set of candidate resources, it ranks the resources and picks the best
location for each virtual machine based on the CPU, virtual RAM, and storage configuration of each virtual
machine.
While ranking resources, the placement engine examines the current and estimated future resource use.
Estimated future use is calculated based on powered-off virtual machines currently placed on a given
resource pool and their expected use after they are powered on. For CPU and memory, the placement
engine looks at the current unreserved capacity, the maximum use, and the estimated future unreserved
capacity. For storage, it looks at the aggregated provisioned capacity provided by the cluster that each
resource pool belongs to. The placement engine then considers the weighted metrics of the current and
future suitability of each resource pool.
The placement engine favors resource pools that provide the minimum of unreserved capacity for CPU and
memory and free capacity for storage. It also gives lower preference to yellow clusters so that yellow
clusters are only selected if no healthy cluster is available that satisfies the placement criteria.
When a virtual machine is powered on, either as part of starting a vApp or on its own, the placement engine
runs to validate that the resource pool the virtual machine is assigned to has sufficient resources to support
the requirements of the virtual machine. This step is necessary because the resource availability on the
resource pool might have changed since the virtual machine was created on the resource pool. If the
resource pool lacks sufficient capacity to power on the virtual machine, the placement engine finds another
compatible resource pool on the provider virtual datacenter that satisfies the requirements of the virtual
machine and places the virtual machine there. This substitution might result in the migration of the virtual
machine's VMDKs to a different datastore if no suitable resource pools are connected to the datastore the
VMDKs are located on.
During concurrent deployment situations when a resource pool is close to capacity, the validation of that
resource pool might succeed even though the resource pool lacks the resources to support the virtual
machine. In these cases, the virtual machine cannot power on. If a virtual machine fails to power on in this
situation, start the power on operation again to prompt the placement engine to migrate the virtual machine
to a different resource pool.
When the cluster that a resource pool belongs to is close to capacity, a virtual machine on that resource pool
might still be able to power on even when no individual host has the capacity to power on the virtual
machine. This happens as a result of capacity fragmentation at the cluster level. In such cases, a system
administrator should migrate a few virtual machines out of the cluster so that the cluster maintains
sufficient capacity.
Download a vApp as an OVF Package
You can download a vApp as an OVF package.
Prerequisites
Verify that the vApp is powered off and undeployed.
Procedure
1 Click My Cloud.
66 VMware, Inc.
2 In the left pane, click vApps.
3 Right-click a vApp and select Download.
4 Type a name for the downloaded OVF package and click Browse to select a download destination.
5 (Optional) Select Preserve Identity to include the UUIDs and MAC addresses of the vApp's virtual
machines in the downloaded OVF package.
6 Click OK.
Start a vApp
Starting a vApp powers on all the virtual machines in the vApp that are not already powered on.
You are at least a vApp author.
Procedure
1 Click My Cloud.
2 In the left pane, click vApps.
3 Select a vApp, right click, and select Start.
Chapter 7 Working with vApps
Start a vApp with an Older Version of VMware Tools
If a virtual machine in a vApp has an older version of VMware Tools installed and is enabled for guest
customization, you might not be able to start it.
Procedure
1 Click My Cloud.
2 In the left pane, select vApps.
3 Select a vApp, right-click, and select Open.
4 Select a virtual machine, right-click, and select Properties.
5 On the Guest OS Customization tab, deselect the Enable Guest Customization check box and click
OK.
6 (Optional) Repeat this step for all your virtual machines.
7 Select the vApp, right-click, and select Start.
Stop a vApp
Stopping a vApp powers off or shuts down all the virtual machines in the vApp. You must stop a vApp
before you can perform certain actions. For example, adding it to a catalog, copying it, moving it, and so on.
You can specify whether stopping a vApp powers off or shuts down its virtual machines in the vApp
properties page.
Prerequisites
The vApp must be started.
Procedure
1 Click My Cloud.
2 In the left pane, click vApps.
3 Select a vApp, right-click, and select Stop.
VMware, Inc. 67
vCloud Director User's Guide
4 Click OK.
Suspend a vApp
You can suspend a vApp to save its current state.
Prerequisites
The vApp is running.
Procedure
1 Click My Cloud.
2 In the left pane, click vApps.
3 Select a vApp, right-click, and select Suspend.
The vApp is stopped and is labeled as Stopped.
Discard the Suspended State of a vApp
You can discard the suspended state of a vApp.
Prerequisites
The vApp must be stopped and in a suspended state.
Procedure
1 Click My Cloud.
2 In the left pane, click vApps.
3 Select a vApp, right-click, and select Discard Suspended State.
4 Click Yes.
Reset a vApp or Virtual Machine
Resetting a virtual machine clears state (memory, cache, and so on), but the vApps and virtual machines
continue to run.
Prerequisites
Your vApp is started and virtual machine is powered on.
Procedure
1 Click My Cloud.
2 In the left pane, select vApps or VMs.
3 Select a vApp or virtual machine, right-click, and select Reset.
View vApp Virtual Machines
You can access and display the virtual machines in a vApp.
Procedure
1 Click My Cloud.
2 In the left pane, click vApps.
68 VMware, Inc.
3 Select a vApp, right-click, and select Open.
4 Click on the Virtual Machines tab.
Add a Virtual Machine to a vApp
You can add a virtual machine to a vApp.
If the virtual machine is based on an OVF file that includes OVF properties for customization, those
properties are retained in the vApp. If any of those properties are user-configurable, you can specify the
values in the virtual machine's properties pane after you add it to the vApp.
For information about supported network adapter types, see http://kb.vmware.com/kb/1001805.
Prerequisites
You must be an organization administrator or vApp author to access virtual machines in public catalogs.
Procedure
1 Click the My Cloud tab and click vApps in the left pane.
2 Right-click the vApp and select Open.
3 On the Virtual Machines tab, click the Add VM button.
Chapter 7 Working with vApps
4 To add virtual machines from vApp templates, select My organization's catalogs or Public catalogs
from the drop-down menu, select one or more virtual machines, and click Add.
5 To add a new virtual machine, click New Virtual Machine, provide the required information about the
virtual machine, and click OK.
After you finish creating the new vApp, you can power on the new virtual machine and install an
operating system.
6 Click Next.
7 (Optional) Modify the full name and computer name of each virtual machine.
8 Select a primary NIC and network for each virtual machine.
9 (Optional) Select Show network adapter type and select a type for each NIC.
10 Select an IP assignment method for each NIC.
If you select Static - Manual, type the IP address.
11 Click Next.
12 Select Show networking details, review the network information, and click Next.
13 Review the summary for the vApp and click Finish.
Import a Virtual Machine to a vApp from vSphere
You can import an existing virtual machine to a vApp from vSphere
Prerequisites
Verify that you are a system administrator.
Procedure
1 Click the My Cloud tab and click vApps in the left pane.
2 Right-click the vApp and select Open.
3 On the Virtual Machines tab, click Import from vSphere.
VMware, Inc. 69
vCloud Director User's Guide
4 Select the source vCenter server from the drop-down menu and select the virtual machine to import.
5 Enter a name for the imported virtual machine.
6 (Optional) Enter a description for the imported virtual machine.
7 (Optional) Select a storage policy for the imported virtual machine.
8 Choose whether to copy the virtual machine or to move it from the source vCenter server, and click
OK.
Remove Virtual Machines from a vApp
You can remove virtual machines from a vApp.
You are at least a vApp author.
Prerequisites
The virtual machine is powered off.
Procedure
1 Click My Cloud.
2 In the left pane, click vApps.
3 Select a vApp, right-click, and select Open.
4 On the Virtual Machines tab, select a virtual machine, right-click and select Delete.
5 Click Yes.
Set vApp Start and Stop Options
You can specify certain options that affect what happens to the virtual machines when a vApp is started and
stopped.
Prerequisites
You are at least a vApp user.
Procedure
1 Click My Cloud.
2 In the left pane, click vApps.
3 Select a vApp, right-click, and select Properties.
4 On the Starting and Stopping VMs tab, specify the options.
Option Description
Order
Start Action
Boot Delay
For vApps with multiple virtual machines, you can specify the order in
which the machines start and stop by typing numbers in the text box.
Virtual machines with lower numbers start first and stop last. You cannot
enter negative numbers. Virtual machines with the same order are started
and stopped at the same time.
Determines what happens to virtual machines when you start the vApp
that contains them. By default, this option is set to Power On.
How many seconds vCloud Director waits after starting the virtual
machine before starting the next virtual machine.
70 VMware, Inc.
Chapter 7 Working with vApps
Option Description
Stop Action
Stop Delay
Determines what happens to virtual machines when you stop the vApp
that contains them. By default, this option is set to Power Off, but you can
also set it to Shutdown.
How many seconds vCloud Director waits after stopping the virtual
machine before stopping the next virtual machine.
5 Click OK.
Example: Starting and Stopping Virtual Machines
This example shows a the order, boot delay, and stop delay options for the virtual machines in a vApp and
how those options affect when each virtual machine starts and stops.
Table 7‑1. Virtual Machine Start and Stop Options on vApp1
Virtual Machine Order Boot Delay Stop Delay
VM1 1 0 10
VM2 1 10 10
VM3 1 20 30
VM4 2 0 20
VM5 2 30 60
VM6 3 40 10
When vApp1 is started, the virtual machines start as follows.
1 VM1, VM2, and VM3 start at the same time.
2 After 20 seconds (the longest boot delay from the order 1 virtual machines), VM4 and VM5 start.
3 After 30 seconds (the longest boot delay from the order 2 virtual machines) VM6 starts.
When vApp1 is stopped, the virtual machines stop as follows.
1 VM6 stops.
2 After 10 seconds, VM5 and VM4 stop.
3 After 60 seconds, VM3, VM2, and VM1 stop.
Working with Networks in a vApp
The virtual machines in a vApp can connect to vApp networks (isolated or routed) and organization virtual
datacenter networks (direct or fenced). You can add networks of different types to a vApp to address
multiple networking scenarios.
Select the Networking tab in a vApp and select the Show networking details check box to view a list of the
networks that are available to the vApp. Virtual machines in the vApp can connect to these networks. If you
want to connect a virtual machine to a different network, you must first add it to the vApp.
A vApp can include vApp networks and organization virtual datacenter networks. A vApp network can be
isolated by selecting None in the Connection drop-down menu. An isolated vApp network is totally
contained within the vApp. You can also route a vApp network to an organization virtual datacenter
network to provide connectivity to virtual machines outside of the vApp. For routed vApp networks, you
can configure network services, such as a firewall and static routing.
You can connect a vApp directly to an organization virtual datacenter network. If you have multiple vApps
that contain identical virtual machines connected to the same organization virtual datacenter network and
you want to start the vApps at the same time, you can fence the vApp. This allows you to power on the
virtual machines without conflict, by isolating their MAC and IP addresses.
VMware, Inc. 71
vCloud Director User's Guide
View vApp Networks
You can access and display the networks in a vApp.
Procedure
1 Click My Cloud.
2 In the left pane, click vApps.
3 Select a vApp, right-click, and select Open.
4 Click on the Networking tab.
5 Select the Show networking details to display details about each network.
Adding Networks to a vApp
You can add vApp networks and organization virtual datacenter networks to a vApp.
Add a vApp Network to a vApp on page 72
n
Add a vApp network to a vApp to make the network available to virtual machines in the vApp.
Add an Organization Virtual Datacenter Network to a vApp on page 73
n
You can add an organization virtual datacenter network to a vApp to make the network available to
virtual machines in the vApp.
Add a vApp Network to a vApp
Add a vApp network to a vApp to make the network available to virtual machines in the vApp.
Procedure
1 Click My Cloud.
2 In the left pane, click vApps, right-click, and select Open.
3 On the Networking tab, select the Show networking details check box.
4 Click the Add Network button.
5 Select vApp Network and click Next.
6 Type the network specifications and click Next.
7 Type a network name and optional description and click Next.
8 Review your vApp network settings and click Finish.
vCloud Director creates an isolated vApp network and displays it in the network list.
9 (Optional) Select an organization virtual datacenter network in the Connection drop-down menu.
This routes the vApp network to the organization virtual datacenter network.
10 Click Apply.
What to do next
Connect a virtual machine in the vApp to the network.
72 VMware, Inc.
Chapter 7 Working with vApps
Add an Organization Virtual Datacenter Network to a vApp
You can add an organization virtual datacenter network to a vApp to make the network available to virtual
machines in the vApp.
Connections can be direct or fenced. Fencing allows identical virtual machines in different vApps to be
powered on without conflict by isolating the MAC and IP addresses of the virtual machines.
When fencing is enabled and the vApp is powered on, an isolated network is created from the organization
virtual datacenter's network pool. An edge gateway is created and attached to the isolated network and the
organization virtual datacenter network. Traffic going to and from the virtual machines pass through the
edge gateway, which translates the IP address using NAT and proxy-AR, which allows a router to pass
traffic between two networks using the same IP space.
Procedure
1 Click My Cloud.
2 In the left pane, click vApps, right-click, and select Open.
3 Click the Networking tab and select the Show networking details check box.
4 Click Add Network.
5 Select Organization VDC Network and click Next.
6 Select an organization virtual datacenter network and click Finish.
vCloud Director adds the organization virtual datacenter network and displays it in the network list.
7 (Optional) Select the Fence vApp check box.
The connection changes from direct to fenced for all organization virtual datacenter networks in the
vApp.
8 Click Apply.
What to do next
Connect a virtual machine in the vApp to the network.
Configuring Network Services for a vApp Network
You can configure network services, such as DHCP, firewalls, network address translation (NAT), and static
routing for certain vApp networks.
The network services available depend on the type of vApp network.
Table 7‑2. Network Services Available by Network Type
vApp Network Type DHCP Firewall NAT Static Routing
Direct
Routed X X X X
Isolated X
Configure DHCP for an vApp Network
You can configure certain vApp networks to provide DHCP services to virtual machines in the vApp.
When you enable DHCP for a vApp network, connect a NIC on virtual machine in the vApp to that
network, and select DHCP as the IP mode for that NIC, vCloud Director assigns a DHCP IP address to the
virtual machine when you power it on.
VMware, Inc. 73
vCloud Director User's Guide
Prerequisites
A routed vApp network or an isolated vApp network.
Procedure
1 Click the My Cloud tab and click vApps in the left pane.
2 Right-click a vApp and select Open.
3 On the Networking tab, select Show networking details.
4 Right-click the vApp network and select Configure Services.
5 Click the DHCP tab and select Enable DHCP.
6 Type a range of IP addresses or use the default range.
vCloud Director uses these addresses to satisfy DHCP requests. The range of DHCP IP addresses
cannot overlap with the static IP pool for the vApp network.
7 Set the default lease time and maximum lease time or use the default values and click OK.
8 Click Apply.
vCloud Director updates the network to provide DHCP services.
NOTE If the DNS settings on a DHCP-enabled vApp network are changed, the vApp network no longer
provides DHCP services. To correct this issue, disable and reenable DHCP on the vApp network.
Configure the Firewall for a vApp Network
You can configure certain vApp networks to provide firewall services. Enable the firewall on a vApp
network to enforce firewall rules on incoming traffic, outgoing traffic, or both.
When you enable the firewall, you can specify a default firewall action to deny all incoming and outgoing
traffic or to allow all incoming and outgoing traffic. You can also add specific firewall rules to allow or deny
traffic that matches the rules to pass through the firewall. These rules take precedence over the default
firewall action. See “Add a Firewall Rule to a vApp Network,” on page 75.
If a system administrator specified syslog server settings and those settings have been applied to the vApp
network, then you can log events related to the default firewall action. For information about applying
syslog server settings, see “Apply Syslog Server Settings to a vApp Network,” on page 82. To view the
current syslog server settings see “View Syslog Server Settings for a vApp Network,” on page 82.
Prerequisites
A routed vApp network.
Procedure
1 Click the My Cloud tab and click vApps in the left pane.
2 Right-click a vApp and select Open.
3 On the Networking tab, select Show networking details.
4 Right-click the vApp network and select Configure Services.
5 Click the Firewall tab and select Enable firewall to enable firewall services or deselect it to disable
firewall services.
74 VMware, Inc.
Chapter 7 Working with vApps
6 Select the default firewall action.
Option Description
Deny
Allow
Blocks all traffic except when overridden by a firewall rule.
Allows all traffic except when overridden by a firewall rule.
7 (Optional) Select the Log check box to log events related to the default firewall action.
8 Click OK.
9 Click Apply.
Add a Firewall Rule to a vApp Network
You can add firewall rules to a vApp network that supports a firewall. You can create rules to allow or deny
traffic that matches the rules to pass through the firewall.
For a firewall rule to be enforced, you must enable the firewall for the vApp network. See “Configure the
Firewall for a vApp Network,” on page 74.
When you add a new firewall rule to a vApp network, it appears at the end of the firewall rule list. For
information about setting the order in which firewall rules are enforced, see “Reorder Firewall Rules for a
vApp Network,” on page 76.
If a system administrator specified syslog server settings and those settings were applied to the vApp
network, then you can log firewall rule events. For information about applying syslog server settings, see
“Apply Syslog Server Settings to a vApp Network,” on page 82. To view the current syslog server settings,
see “View Syslog Server Settings for a vApp Network,” on page 82.
Prerequisites
A routed vApp network.
Procedure
1 Click the My Cloud tab and click vApps in the left pane.
2 Right-click a vApp and select Open.
3 On the Networking tab, select Show networking details.
4 Right-click the vApp network and select Configure Services.
5 Click the Firewall tab and click Add.
6 Type a name for the rule.
7 (Optional) Select Match rule on translated IP to have the rule check against translated IP addresses
rather than original IP addresses and choose a traffic direction to apply this rule on.
8 Type the traffic Source.
Option Description
IP address
Range of IP addresses
CIDR
internal
external
any
Type a source IP address to apply this rule on.
Type a range of source IP addresses to apply this rule on.
Type the CIDR notation of traffic to apply this rule on.
Apply this rule to all internal traffic.
Apply this rule to all external traffic.
Apply this rule to traffic from any source.
9 Select a Source port to apply this rule on from the drop-down menu.
VMware, Inc. 75
vCloud Director User's Guide
10 Type the traffic Destination.
Option Description
IP address
Range of IP addresses
CIDR
internal
external
any
11 Select the Destination port to apply this rule on from the drop-down menu.
12 Select the Protocol to apply this rule on from the drop-down menu.
13 Select the action.
A firewall rule can allow or deny traffic that matches the rule.
14 Select the Enabled check box.
15 (Optional) Select the Log network traffic for firewall rule check box.
If you enable this option, vCloud Director sends log events to the syslog server for connections affected
by this rule. Each syslog message includes logical network and organization UUIDs.
Type a destination IP address to apply this rule on.
Type a range of destination IP addresses to apply this rule on.
Type the CIDR notation of traffic to apply this rule on.
Apply this rule to all internal traffic.
Apply this rule to all external traffic.
Apply this rule to traffic with any destination.
16 Click OK and click OK again.
17 Click Apply.
Reorder Firewall Rules for a vApp Network
Firewall rules are enforced in the order in which they appear in the firewall list. You can change the order of
the rules in the list.
When you add a new firewall rule to a vApp network, it appears at the bottom of the firewall rule list. If you
want to enforce the new rule before an existing rule, reorder the rules.
Prerequisites
A routed vApp network with two or more firewall rules.
Procedure
1 Click the My Cloud tab and click vApps in the left pane.
2 Right-click a vApp and select Open.
3 On the Networking tab, select Show networking details.
4 Right-click the vApp network and select Configure Services.
5 Click the Firewall tab.
6 Drag and drop the firewall rules to establish the order in which the rules are applied.
7 Click OK.
8 Click Apply.
76 VMware, Inc.
Chapter 7 Working with vApps
Enable IP Masquerading for a vApp Network
You can configure certain vApp networks to provide IP masquerade services. Enable IP masquerading on a
vApp network to hide the internal IP addresses of virtual machines from the organization virtual datacenter
network.
When you enable IP masquerade, vCloud Director translates a virtual machine's private, internal IP address
to a public IP address for outbound traffic.
Prerequisites
Verify that a routed vApp network exists.
Procedure
1 Click the My Cloud tab and click vApps in the left pane.
2 Right-click a vApp and select Open.
3 On the Networking tab, select Show networking details.
4 Right-click the vApp network and select Configure Services.
5 Click the NAT tab and select Port Forwarding.
6 Select Enable IP Masquerade and click OK.
7 Click Apply.
Add a Port Forwarding Rule to a vApp Network
You can configure certain vApp networks to provide port forwarding by adding a NAT mapping rule. Port
forwarding provides external access to services running on virtual machines on the vApp network.
When you configure port forwarding, vCloud Director maps an external port to a service running on a port
on a virtual machine for inbound traffic.
When you add a new port forwarding rule to a vApp network, it appears at the bottom of the NAT
mapping rule list. For information about how to set the order in which port forwarding rules are enforced,
see “Reorder Port Forwarding Rules for a vApp Network,” on page 78.
Prerequisites
A routed vApp network.
Procedure
1 Click the My Cloud tab and click vApps in the left pane.
2 Right-click a vApp and select Open.
3 On the Networking tab, select Show networking details.
4 Right-click the vApp network and select Configure Services.
5 Click the NAT tab, select Port Forwarding, and click Add.
6 Configure the port forwarding rule.
a Select an external port.
b Select an internal port.
c Select a protocol for the type of traffic to forward.
VMware, Inc. 77
vCloud Director User's Guide
d Select a VM interface.
e Click OK.
7 Click OK.
8 Click Apply.
Add an IP Translation Rule to a vApp Network
You can configure certain vApp networks to provide IP translation by adding a NAT mapping rule.
When you create an IP translation rule for a network, vCloud Director adds a DNAT and SNAT rule to the
edge gateway associated with the network's port group. The DNAT rule translates an external IP address to
an internal IP address for inbound traffic. The SNAT rule translates an internal IP address to an external IP
address for outbound traffic. If the network is also using IP masquerade, the SNAT rule takes precedence.
Prerequisites
Verify that you have a routed vApp network.
Procedure
1 Click the My Cloud tab and click vApps in the left pane.
2 Right-click a vApp and select Open.
3 Click the Networking tab and select Show networking details.
4 Right-click the vApp network and select Configure Services.
5 Click the NAT tab, select IP Translation, and click Add.
6 Select a virtual machine interface and mapping mode and click OK.
For Manual mapping mode, type an external IP address.
7 If you select manual mapping mode, type an external IP address.
8 Click OK.
9 Click Apply.
Reorder Port Forwarding Rules for a vApp Network
Port forwarding rules are enforced in the order in which they appear in the NAT mapping list. You can
change the order of the rules in the list.
When you add a new port forwarding rule to a vApp network, it appears at the bottom of the NAT
mapping rule list. To enforce the new rule before an existing rule, reorder the rules.
Prerequisites
A routed vApp network with two or more port forwarding rules.
Procedure
1 Click the My Cloud tab and click vApps in the left pane.
2 Right-click a vApp and select Open.
3 On the Networking tab, select Show networking details and click Details.
4 On the NAT tab, click and drag the rules to establish the order in which the rules are applied and click
OK.
5 Click Apply.
78 VMware, Inc.
Chapter 7 Working with vApps
Enable Static Routing for a vApp Network
You can configure certain vApp networks to provide static routing services. After you enable static routing
on two or more vApp networks, you can add static routes to allow virtual machines on different vApp
networks to communicate.
To route traffic between two vApp networks, you must enable static routing on both networks.
Prerequisites
A routed vApp network.
Procedure
1 Click the My Cloud tab and click vApps in the left pane.
2 Right-click a vApp and select Open.
3 On the Networking tab, select Show networking details.
4 Right-click the vApp network and select Configure Services.
5 On the Static Routing tab, select Enable static routing and click OK.
6 Click Apply.
What to do next
Enable static routing on another vApp network and create static routes between the two vApp networks.
Add Static Routes to vApp Networks
You can add static routes between two vApp networks that are routed to the same organization virtual
datacenter network. Static routes allow traffic between the networks.
You cannot add static routes to a fenced vApp or between overlapping networks. After you add a static
route to a vApp network, configure the network firewall rules to allow traffic on the static route. For vApps
with static routes, select the Always use assigned IP addresses until this vApp or associated networks are
deleted check box.
Static routes function only when the vApps containing the routes are running. If you change the parent
network of a vApp, delete a vApp, or delete a vApp network, and the vApp includes static routes, those
routes cannot function and you must remove them manually.
Prerequisites
Verify that the following conditions are met.
Two vApp networks are routed to the same organization virtual datacenter network.
n
The vApp networks are in vApps that were started at least once.
n
Static routing is enabled on both vApp networks.
n
Procedure
1 Click the My Cloud tab and click vApps in the left pane.
2 Right-click the first vApp and select Open.
3 Click the Networking tab and select Show networking details.
4 Right-click the vApp network and select Configure Services.
5 Click the Static Routing tab and click Add.
VMware, Inc. 79
vCloud Director User's Guide
6 Type a name, network address, and next hop IP and click OK.
The network address is for the vApp network to which to add a static route. The next hop IP is the
external IP address of that vApp network's router.
7 Click OK.
8 Click Apply.
9 Repeat Step 2 through Step 8 for the second vApp network.
Example: Static Routing Example
vApp Network 1 and vApp Network 2 are both routed to Org Network Shared. You can create a static route
on each vApp network to allow traffic between the networks. You can use information about the vApp
networks to create the static routes.
Table 7‑3. Network Information
Network Name Network Specification Router External IP Address
vApp Network 1 192.168.1.0/24 192.168.0.100
vApp Network 2 192.168.2.0/24 192.168.0.101
Org Network Shared 192.168.0.0/24 NA
On vApp Network 1, create a static route to vApp Network 2. On vApp Network 2, create a static route to
vApp Network 1.
Table 7‑4. Static Routing Settings
vApp Network Route Name Network Next Hop IP Address
vApp Network 1 tovapp2 192.168.2.0/24 192.168.0.101
vApp Network 2 tovapp1 192.168.1.0/24 192.168.0.100
What to do next
Create firewall rules for the vApp networks to allow traffic on the static routes.
Reset Your vApp Network
If the network services, such as DHCP settings, firewall settings, and so on, that are associated with a vApp
network are not working as expected, an organization administrator can reset the network. Network
services are not available during the reset.
Prerequisites
The vApp is running.
Procedure
1 Click My Cloud.
2 In the left pane, click vApps.
3 Select a vApp, right-click, and select Open.
4 On the Networking tab, select the Show networking details check box.
5 Select a vApp network, right-click, and select Reset Network.
6 Click Yes.
80 VMware, Inc.
Delete a vApp Network
If you no longer need a network in your vApp, you can delete the network.
Prerequisites
The vApp is stopped and no virtual machines in the vApp are connected to the network.
Procedure
1 Click My Cloud.
2 In the left pane, select vApps.
3 Select a vApp, right-click, and select Open.
4 On the Networking tab, select the Show networking details check box.
5 Right-click a network in the list and select Delete.
6 Click Apply.
Modify Network Properties
You can modify the properties of the networks in a vApp.
Chapter 7 Working with vApps
Procedure
1 Select Administration.
2 Select Cloud Resources > Networks.
3 Select a network, right-click, and select Properties.
You can modify the name, description, and portions of the network specification.
4 Modify the relevant properties and click OK.
5 Click Apply.
Display the IP Allocations for Your vApp Network
You can review the IP allocations for the networks in your vApp.
Procedure
1 Click My Cloud.
2 In the left pane, select vApps.
3 Select a vApp, right-click, and select Open.
4 On the Networking tab, select the Show networking details check box.
5 Select a network, right-click, and select IP Allocations.
6 Review your allocations and click OK.
VMware, Inc. 81
vCloud Director User's Guide
Configure IP Address Persistence
By default, when you stop a running vApp or power off a virtual machine, vCloud Director releases any IP
and MAC addresses the virtual machines were using. You can configure a vApp to retain the network
addresses of its virtual machines until the vApp, VM, or network is deleted.
Static routing relies on the IP addresses of the virtual machines and virtual routers in a vApp. For vApps
that use static routing, enable IP persistence to make sure that static routes to and from the vApp remain
valid.
Procedure
1 Click My Cloud.
2 In the left pane, select vApps.
3 Select a vApp, right-click, and select Open.
4 On the Networking tab, select the Always use assigned IP addresses... check box and click Apply.
The virtual machines in the vApp keep their assigned IP and MAC addresses, even when they are powered
off.
View Syslog Server Settings for a vApp Network
You can view the syslog server settings for a routed vApp network.
vCloud Director supports logging events related to firewall rules to a syslog server specified by a system
administrator.
If a vApp network does not have any syslog server settings and you think it should, or if the settings are not
what you expected, then you can synchronize the network with the most current syslog server settings. See
“Apply Syslog Server Settings to a vApp Network,” on page 82. If there is still a problem after you
synchronize, contact your system administrator.
Prerequisites
A routed vApp network.
Procedure
1 Click My Cloud.
2 In the left pane, click vApps.
3 Select a vApp, right-click, and select Open.
4 On the Networking tab, select a vApp network, right-click, and select Properties.
5 Click the Syslog Server Settings tab.
Apply Syslog Server Settings to a vApp Network
You apply syslog server settings to a routed vApp network to enable firewall rule logging.
Syslog server settings can only be specified by a system administrator. You should apply those settings to
any vApp network that was created before the system administrator specified them. You should also apply
the syslog server settings to a vApp network any time a system administrator changes the settings.
Prerequisites
A routed vApp network.
82 VMware, Inc.
Procedure
1 Click My Cloud.
2 In the left pane, click vApps.
3 Select a vApp, right-click, and select Open.
4 On the Networking tab, select a vApp network, right-click, and select Synchronize syslog server
settings.
5 Click Yes.
Editing vApp Properties
You can edit the properties of an existing vApp, including the vApp name and description, OVF
environment properties, leases, and sharing settings.
Modify a vApp Name and Description on page 83
n
You can change the name and description associated with a vApp to make it more meaningful.
Modify vApp OVF Environment Properties on page 83
n
If a vApp includes user-configurable OVF environment properties, you can review and modify those
properties.
Chapter 7 Working with vApps
Reset vApp Leases on page 84
n
You can reset the runtime and storage leases for a vApp.
Share a vApp on page 84
n
You can share your vApps with other groups or users in your organization. The access controls you
set determine the operations that can be completed on the shared vApps.
Modify a vApp Name and Description
You can change the name and description associated with a vApp to make it more meaningful.
You are at least a vApp user.
Procedure
1 Click My Cloud.
2 In the left pane, click vApps.
3 Select a vApp, right-click, and select Properties.
4 On the General tab, modify the vApp name and description and click OK.
Modify vApp OVF Environment Properties
If a vApp includes user-configurable OVF environment properties, you can review and modify those
properties.
If a virtual machine in the vApp includes a value for a user-configurable property of the same name, the
virtual machine value takes precedence.
Prerequisites
The vApp is stopped and its OVF environment includes user-configurable properties.
Procedure
1 Click My Cloud.
VMware, Inc. 83
vCloud Director User's Guide
2 In the left pane, click vApps.
3 Select a vApp, right-click, and select Properties.
4 On the Custom Properties tab, modify the properties and click OK.
Reset vApp Leases
You can reset the runtime and storage leases for a vApp.
You are at least a vApp user.
Procedure
1 Click My Cloud.
2 In the left pane, click vApps.
3 Select a vApp, right-click, and select Properties.
4 On the General tab, select the Reset leases check box, select a runtime and storage lease, and click OK.
Share a vApp
You can share your vApps with other groups or users in your organization. The access controls you set
determine the operations that can be completed on the shared vApps.
Procedure
1 Click My Cloud.
2 In the left pane, click vApps.
3 Select a vApp, right-click, and select Share.
4 Click Add Members.
5 Select the users with whom you want to share the vApp.
Option Action
Everyone in the organization
Specific users and group
Select this option.
Select this option, select the users and groups, and click Add.
6 Select an access level for the users and groups.
Option Description
Full control
Read/write
Read only
Users can open, start, save a vApp as a vApp template (Add to Catalog),
change the owner, copy to a catalog, and modify properties.
Users can open, start, save a vApp as a vApp template (Add to Catalog),
copy to catalog, and modify properties.
Users only have read access to a vApp.
7 Click OK.
Your vApp is shared with the specified users or groups.
84 VMware, Inc.
Display a vApp Diagram
A vApp diagram provides a graphical view of the virtual machines and networks in a vApp.
Procedure
1 Click My Cloud.
2 On the vApps page, select a vApp, right-click, and select Open.
3 Click the vApp Diagram tab.
The vApp diagram is displayed.
What to do next
You can perform most of the same operations from this tab that you can from the Virtual Machines and
Networking tabs.
Change the Owner of a vApp
You can change the owner of the vApp, for example, if a vApp owner leaves the company or changes roles
within the company.
Chapter 7 Working with vApps
You are an organization administrator.
Procedure
1 Click My Cloud.
2 In the left pane, click vApps.
3 Select a vApp, right-click, and select Change Owner.
4 Search for a user or select one from the list.
You can search by user name or full name.
5 Click OK.
The new owner's name appears in the Owner column on the vApp page.
Upgrade the Virtual Hardware Version for a vApp
You can upgrade the virtual hardware version for all the virtual machines in a vApp. Higher virtual
hardware versions support more features.
vCloud Director supports hardware version 4, hardware version 7, hardware version 8, hardware version 9,
and hardware version 10 virtual machines depending on the resources backing the organization's virtual
datacenters.
You cannot downgrade the hardware version of the virtual machines in a vApp.
Prerequisites
The vApp must be stopped and its virtual machines must have the latest version of VMware Tools installed.
Procedure
1 Click My Cloud.
2 In the left pane, click vApps.
3 Select a vApp, right-click, and select Upgrade Virtual Hardware Version.
VMware, Inc. 85
vCloud Director User's Guide
4 Click Yes.
Save vApp as a vApp Template to Your Catalog
You can save a vApp as a vApp template and add it to the catalog.
Procedure
1 Click My Cloud.
2 In the left pane, click vApps.
3 Select a vApp, right-click, and select Add to Catalog.
4 (Optional) Modify the name and description.
5 Select the destination virtual datacenter and catalog.
6 In the Storage lease: drop-down menu, select when you would like the vApp template to expire.
7 Select an option.
Option Description
Make Identical Copy
Customize VM Settings
8 Click OK.
vApps that are created from this vApp template must follow the guest
operating system settings of the vApp template. If you select this option,
and guest customization is enabled, the guest operating system is
personalized.
Guest operating system is personalized regardless of the vApp template
settings, and the guest operating system is personalized when the vApp is
deployed.
The vApp is saved as a vApp template in the selected catalog.
Save a Powered-On vApp to your Catalog
You can save a powered-on vApp as a vApp template and add it to the catalog.
You do not need to power off virtual machines in the vApp before you save the vApp to a catalog. The
memory state of running virtual machines is preserved in the saved vApp.
Prerequisites
Verify that the following conditions are met.
You are at least a vApp user.
n
The organization virtual datacenter is backed by vCenter Server 5.5.
n
Procedure
1 Click My Cloud.
2 In the left pane, click vApps.
3 Select a vApp, right-click, and select Add to Catalog.
4 (Optional) Modify the name and description.
5 Select the destination catalog.
6 In the Storage lease drop-down menu, select when the vApp template should expire.
86 VMware, Inc.
7 Select an option.
Option Description
Make Identical Copy
Customize VM Settings
8 Click OK.
The vApp is added to the catalog in a suspended mode. The added vApp is enabled for network fencing.
What to do next
Modify the network properties of the vApp or power on the vApp.
Create a Snapshot of a vApp
You can take a snapshot of all the virtual machines in a vApp. After you take the snapshots, you can revert
all virtual machines in the vApp to the most recent snapshot, or remove all snapshots.
Chapter 7 Working with vApps
vApps that are created from this vApp template must follow the guest
operating system settings of the vApp template. If you select this option,
and guest customization is enabled, the guest operating system is
personalized.
Guest operating system is personalized regardless of the vApp template
settings, and the guest operating system is personalized when the vApp is
deployed.
vApp snapshots have the following limitations.
They do not capture NIC configurations.
n
You cannot create them if any virtual machine in the vApp is connected to an independent disk.
n
Procedure
1 Select My Cloud > vApps.
2 Right-click the vApp and select Create Snapshot.
3 Click OK.
Revert a vApp to a Snapshot
You can revert all virtual machines in a vApp to the state they were in when the vApp snapshot was
created.
Prerequisites
Verify that the vApp has a snapshot.
Procedure
1 Select My Cloud > vApps.
2 Right-click the vApp and select Revert to Snapshot.
3 Click Yes.
Remove a Snapshot of a vApp
You can remove a snapshot of a vApp.
Procedure
1 Select My Cloud > vApps.
VMware, Inc. 87
vCloud Director User's Guide
2 Right-click the vApp and select Remove Snapshot.
3 Click Yes.
Copy a vApp to Another Virtual Datacenter
When you copy a vApp to another virtual datacenter, the original vApp remains in the source virtual
datacenter.
Procedure
1 Click My Cloud.
2 In the left pane, click vApps.
3 Select a vApp, right-click, and select Copy to.
4 Type a name and description.
5 Select a virtual datacenter.
6 Click OK.
The new virtual datacenter for this vApp appears in the VDC column on the vApps page.
Copy a Powered-On vApp
To create a vApp based on an existing vApp, you can copy a vApp and change the copy to meet your needs.
You do not need to power off virtual machines in the vApp before you copy the vApp. The memory state of
running virtual machines is preserved in the copied vApp.
Prerequisites
Verify that the following conditions are met.
You are at least a vApp user.
n
The organization virtual datacenter is backed by vCenter Server 5.5.
n
Procedure
1 Click My Cloud.
2 In the left pane, click vApps.
3 Select a vApp, right-click, and select Copy to.
4 Type a name and optional description.
5 Select a virtual datacenter.
6 Select a storage policy from the drop-down menu.
7 Click OK.
A copy of the vApp is created in a suspended mode. The copied vApp is enabled for network fencing.
What to do next
Modify the network properties of the new vApp or power on the vApp.
88 VMware, Inc.
Move a vApp to Another Virtual Datacenter
When you move a vApp to another virtual datacenter, the vApp is removed from the source virtual
datacenter.
You are at least a vApp author.
Prerequisites
Your vApp is stopped.
Procedure
1 Click My Cloud.
2 In the left pane, click vApps.
3 Select a vApp, right-click, and select Move to.
4 Select a VDC.
5 Click OK.
Delete a vApp
Chapter 7 Working with vApps
You can delete a vApp, which removes it from your organization.
You must be at least a vApp author.
Prerequisites
Your vApp must be stopped.
Procedure
1 Click My Cloud.
2 In the left pane, click vApps.
3 Select a vApp, right-click, and select Delete.
4 Click Yes.
VMware, Inc. 89
vCloud Director User's Guide
90 VMware, Inc.
Working with Virtual Machines 8
Virtual machines have a guest operating system on which you can install and run any software supported
by that operating system. In vCloud Director, you can install VMware Tools, insert DVDs and floppy disks,
and remotely connect to virtual machines.
These are the most basic operations that you can do on a virtual machine.
Power On, which is equal to powering on a physical machine.
n
Power Off, which is equal to powering off a physical machine.
n
Suspend, where the CPU of a deployed virtual machine is frozen. You can suspend a machine when
n
you need to leave a virtual machine but do not want to lose its current state.
Reset, which power cycles the virtual machine.
n
This chapter includes the following topics:
“Open a Virtual Machine Console,” on page 92
n
“Power On a Virtual Machine,” on page 92
n
“Power Off a Virtual Machine,” on page 92
n
“Reset a vApp or Virtual Machine,” on page 93
n
VMware, Inc.
“Suspend a Virtual Machine,” on page 93
n
“Resume a Suspended Virtual Machine,” on page 93
n
“Discard the Suspended State of a Virtual Machine,” on page 93
n
“Insert a CD/DVD,” on page 94
n
“Eject a CD/DVD,” on page 94
n
“Insert a Floppy,” on page 94
n
“Eject a Floppy,” on page 95
n
“Upgrade the Virtual Hardware Version for a Virtual Machine,” on page 95
n
“Connect Remotely to a Virtual Machine,” on page 95
n
“Create a Snapshot of a Virtual Machine,” on page 96
n
“Revert a Virtual Machine to a Snapshot,” on page 96
n
“Remove a Snapshot of a Virtual Machine,” on page 96
n
“Copy or Move a Virtual Machine to a vApp,” on page 96
n
“Delete a Virtual Machine,” on page 97
n
91
vCloud Director User's Guide
“Editing Virtual Machine Properties,” on page 97
n
“Installing VMware Tools,” on page 104
n
“Guest Operating Systems,” on page 114
n
Open a Virtual Machine Console
Accessing your virtual machine console allows you to view information about a virtual machine, work with
the guest operating system, and perform operations that affect the guest operating system.
You might be required to download and install VMware Remote Console Plug-In. Click OK in the dialog
box that appears.
Prerequisites
The virtual machine is powered on.
Procedure
1 Click My Cloud.
2 In the left pane, click VMs.
3 Select a virtual machine, right-click, and select Popout Console.
If you close or refresh a virtual machine console while you have one or more client devices connected,
those devices are disconnected.
Power On a Virtual Machine
Powering on a virtual machine is the equivalent of powering on a physical machine.
You cannot power on a virtual machine that has guest customization enabled unless the virtual machine has
a current version of VMware Tools installed.
Prerequisites
A virtual machine that is powered off.
Procedure
1 Click My Cloud.
2 In the left pane, click VMs.
3 Select a virtual machine, right-click, and select Power On.
Power Off a Virtual Machine
Powering off a virtual machine is the equivalent of powering off a physical machine.
Prerequisites
A virtual machine that is powered on.
Procedure
1 Click My Cloud.
2 In the left pane, click VMs.
3 Select a virtual machine, right-click, and select Power Off.
92 VMware, Inc.
Reset a vApp or Virtual Machine
Resetting a virtual machine clears state (memory, cache, and so on), but the vApps and virtual machines
continue to run.
Prerequisites
Your vApp is started and virtual machine is powered on.
Procedure
1 Click My Cloud.
2 In the left pane, select vApps or VMs.
3 Select a vApp or virtual machine, right-click, and select Reset.
Suspend a Virtual Machine
Suspending a virtual machine preserves its current state.
Prerequisites
A virtual machine that is powered on.
Chapter 8 Working with Virtual Machines
Procedure
1 Click My Cloud.
2 In the left pane, click VMs.
3 Select a virtual machine, right-click, and select Suspend.
4 Click Yes.
Resume a Suspended Virtual Machine
You can resume a suspended virtual machine to power it on and return it to the state it was in when you
suspended it.
Prerequisites
A suspended virtual machine.
Procedure
1 Click My Cloud.
2 In the left pane, click VMs.
3 Select a virtual machine, right-click, and select Resume.
Discard the Suspended State of a Virtual Machine
If a virtual machine is in a suspended state, you can discard this state, for example, to free storage space.
Procedure
1 Click My Cloud.
2 In the left pane, click VMs.
3 Select a virtual machine, right-click, and select Discard Suspended State.
VMware, Inc. 93
vCloud Director User's Guide
4 Click Yes.
Insert a CD/DVD
You can access CD/DVD images from catalogs to use in a virtual machine guest operating system. You can
install operating systems, applications, drivers, and so on.
Prerequisites
You have access to a catalog with media files.
Procedure
1 Click My Cloud.
2 In the left pane, click VMs.
3 In the right pane, select a virtual machine, right-click, and select Insert CD/DVD from Catalog.
4 Select a media file and click Insert.
The selected CD or DVD is inserted.
Eject a CD/DVD
After you have finished using a CD or DVD in your virtual machine you can eject it.
Procedure
1 Click My Cloud.
2 In the left pane, select VMs.
3 Select a virtual machine, right-click, and select Eject CD/DVD.
The media file is removed from the virtual machine.
Insert a Floppy
You can access floppy disk images from catalogs to use in a guest operating system. When you insert a
floppy disk, you can install operating systems, applications, drivers, and so on.
Prerequisites
You have media files in your catalog.
Procedure
1 Click My Cloud.
2 In the left pane, click VMs.
3 Select a virtual machine, right-click, and select Insert Floppy from Catalog.
4 Using the drop-down menu, select a floppy disk image or select one from the list and click Insert.
The selected floppy disk is inserted.
94 VMware, Inc.
Chapter 8 Working with Virtual Machines
Eject a Floppy
After you have finished using a floppy disk in your virtual machine you can eject it.
Procedure
1 Click My Cloud.
2 In the left pane, select VMs.
3 Select a virtual machine, right-click, and select Eject Floppy.
The floppy disk is removed from the virtual machine.
Upgrade the Virtual Hardware Version for a Virtual Machine
You can upgrade the virtual hardware version for a virtual machine. Higher virtual hardware versions
support more features.
vCloud Director supports hardware version 4, hardware version 7, hardware version 8, hardware version 9,
and hardware version 10 virtual machines depending on the resources backing the organization's virtual
datacenters.
You cannot downgrade the hardware version of a virtual machine.
Prerequisites
Verify that the virtual machine is powered off and and that it has the latest version of VMware Tools
installed.
Procedure
1 Click My Cloud.
2 In the left pane, click VMs.
3 Select a virtual machine, right-click, and select Upgrade Virtual Hardware Version.
4 Click Yes.
Connect Remotely to a Virtual Machine
You can use the Remote Desktop Connection file to connect to a deployed virtual machine from your
desktop.
Prerequisites
The virtual machine must be powered on, running a Windows guest OS, and have Remote Desktop
n
enabled in the guest OS.
The virtual machine must have an IP assigned on its network that is accessible by the client.
n
The RDP port 3389 must be open on the guest OS.
n
Procedure
1 Click My Cloud.
2 In the left pane, click VMs.
3 Select a virtual machine, right-click, and select Download Windows Remote Desktop Shortcut File.
4 In the Download RDP Shortcut File dialog box, click Yes.
VMware, Inc. 95
vCloud Director User's Guide
5 Navigate to the location where you want to save the file and click Save.
6 Double-click the file and select Connect.
Create a Snapshot of a Virtual Machine
You can take a snapshot of a virtual machine. After you take the snapshot, you can revert all the virtual
machines to the most recent snapshot, or remove the snapshot.
Snapshots do not capture NIC configurations.
Prerequisites
Verify that the virtual machine is not connected to an independent disk.
Procedure
1 Select My Cloud > VMs.
2 Right-click the vApp and select Create Snapshot.
3 Click OK.
A snapshot of the virtual machine's state is saved. This doubles the virtual machine's storage consumption
on the organization virtual datacenter.
Revert a Virtual Machine to a Snapshot
You can revert a virtual machine to the state it was in when the snapshot was created.
Prerequisites
Verify that the virtual machine has a snapshot.
Procedure
1 Select My Cloud > VMs.
2 Right-click the vApp and select Revert to Snapshot.
3 Click Yes.
Remove a Snapshot of a Virtual Machine
You can remove a snapshot of a virtual machine.
Procedure
1 Select My Cloud > VMs.
2 Right-click the vApp and select Remove Snapshot.
3 Click Yes.
Copy or Move a Virtual Machine to a vApp
You can copy or move a virtual machine to another vApp. When you copy a virtual machine, the original
virtual machine remains in the source vApp. If you move a virtual machine, it is removed from the source
vApp.
Prerequisites
The virtual machine must be powered off.
96 VMware, Inc.
Procedure
1 Click My Cloud.
2 In the left pane, click VMs.
3 Select a virtual machine, right-click, and select Copy to or Move to.
4 Follow the prompts to complete the wizard.
5 Click Finish.
Delete a Virtual Machine
You can delete a virtual machine from your organization.
Prerequisites
Your virtual machine must be powered off.
Procedure
1 Click My Cloud.
2 In the left pane, click VMs.
3 Select a virtual machine, right-click, and select Delete.
Chapter 8 Working with Virtual Machines
4 Click Yes.
Editing Virtual Machine Properties
You can edit the properties of a virtual machine, including the virtual machine name and description, CPU
and memory settings, and OVF environment settings.
Change Virtual Machine General Properties on page 98
n
You can review and change the name, description, and other general properties of a virtual machine.
Change Virtual Machine CPU and Memory on page 98
n
You can change virtual machine hardware, such as CPU, memory, hard disks, and NICs.
Change Virtual Machine Guest OS Properties on page 99
n
You can change a virtual machine's guest operating system properties, such as password and domain
properties.
Configuring Virtual Machine Resource Allocation Settings on page 100
n
Reservation pool virtual datacenters support the ability to control resource allocation at the virtual
machine level. Users with the necessary rights can customize the amount of resources that are
allocated to their virtual machines.
Modifying Virtual Machine Hard Disks on page 101
n
You can add hard disks, edit hard disks, and delete hard disk from a virtual machine.
Modifying Virtual Machine Network Interfaces on page 102
n
You can modify virtual machine network settings, reset a MAC address, add a network interface, and
delete a network interface.
VMware, Inc. 97
vCloud Director User's Guide
Change Virtual Machine General Properties
You can review and change the name, description, and other general properties of a virtual machine.
Prerequisites
Verify that the virtual machine is powered off.
Procedure
1 Click My Cloud.
2 In the left pane, click VMs.
3 Select a virtual machine, right-click, and select Properties.
4 Click the General tab, change the properties, and click OK.
Option Action
Computer name
Description
Operating System Family
Operating System
Virtual hardware version
Virtual CPU hot add
Memory hot add
Synchronize time
Storage Policy
Type the computer and host name set in the guest operating system that
identifies the virtual machine on a network. This field is restricted to 15
characters because of a Windows OS limitation on computer names.
Type an optional description of the virtual machines.
Select an operating system family from the drop-down menu.
Select an operating system from the drop-down menu.
Virtual hardware version of the virtual machine. Select the Upgrade to and
select a hardware version to upgrade the virtual machine hardware.
Select the check box to enable virtual CPU hot add. This option allows you
to add virtual CPUs to a powered on virtual machine. This feature is only
supported on certain guest operating systems and virtual machine
hardware versions.
Select the check box to enable memory hot add. This option allows you to
add memory to a powered on virtual machine. This feature is only
supported on certain guest operating systems and virtual machine
hardware versions.
Select the check box to enable time synchronization between the virtual
machine guest operating system and the virtual datacenter in which it is
running.
Select a storage policy for the virtual machine to use from the drop-down
menu.
Change Virtual Machine CPU and Memory
You can change virtual machine hardware, such as CPU, memory, hard disks, and NICs.
The number of virtual CPUs and memory that a virtual machine supports depends on its virtual hardware
version.
Table 8‑1. Virtual Hardware Versions and CPU and Memory Support
Virtual Hardware Version Maximum CPUs Maximum Memory
HW4 4 64GB
HW7 8 255GB
HW8 32 1011GB
HW9 64 1011GB
HW10 64 1011GB
98 VMware, Inc.
Chapter 8 Working with Virtual Machines
Prerequisites
If CPU hot add or memory hot add is not enabled for the virtual machine, power off the virtual machine
before you change the CPU or memory.
Procedure
1 Click My Cloud.
2 In the left pane, click VMs.
3 Select a virtual machine, right-click, and select Properties.
4 Click the Hardware tab and select the number of CPUs and cores per socket for the virtual machine.
5 (Optional) Select Expose hardware-assisted CPU virtualization to guest OS to support virtualization
servers or 64-bit virtual machines running on the virtual machine.
6 Select the total memory for the virtual machine from the Total memory drop-down menu.
7 Click OK.
Change Virtual Machine Guest OS Properties
You can change a virtual machine's guest operating system properties, such as password and domain
properties.
Procedure
1 Click My Cloud.
2 In the left pane, click VMs.
3 Select a virtual machine, right-click, and select Properties.
4 Click the Guest OS Customization tab and select Enable guest customization.
5 (Optional) Select Change SID to run Sysprep to change Windows SID.
This option is available only for virtual machines running a Windows guest operating system.
6 (Optional) Select Allow local administrator password to allow setting an administrator password on
the guest operating system.
Option Description
Auto generate password
Specify password
vCloud Director generates an administrator password for the guest
operating system.
Type an administrator password for the guest operating system.
7 (Optional) Select Require administrator to change password on first login to require the administrator
to change this password the first time they log in to the guest operating system.
8 (Optional) Click Enable this VM to join a domain and type domain properties to have the virtual
machine join a domain.
9 (Optional) Click Browse, navigate to a customization script, and click OK to add the customization
script to the virtual machine.
10 Click OK.
VMware, Inc. 99
vCloud Director User's Guide
Configuring Virtual Machine Resource Allocation Settings
Reservation pool virtual datacenters support the ability to control resource allocation at the virtual machine
level. Users with the necessary rights can customize the amount of resources that are allocated to their
virtual machines.
Use the resource allocation settings (shares, reservation, and limit) to determine the amount of CPU,
memory, and storage resources provided for a virtual machine. Users have several options for allocating
resources.
Ensure that a certain amount of memory for a virtual machine is provided by the virtual datacenter.
n
Guarantee that a particular virtual machine is always allocated a higher percentage of the virtual
n
datacenter resources than other virtual machines.
Set an upper bound on the resources that can be allocated to a virtual machine.
n
Resource Allocation Shares
Shares specify the relative importance of a virtual machine within a virtual datacenter. If a virtual machine
has twice as many shares of a resource as another virtual machine, it is entitled to consume twice as much of
that resource when these two virtual machines are competing for resources.
Shares are typically specified as High, Normal, or Low and these values specify share values with a 4:2:1
ratio, respectively. You can also select Custom to assign a specific number of shares (which expresses a
proportional weight) to each virtual machine.
When you assign shares to a virtual machine, you always specify the priority for that virtual machine
relative to other powered-on virtual machines.
The following table shows the default CPU and memory share values for a virtual machine.
Table 8‑2. Share Values
Setting CPU share values Memory share values
High 2000 shares per virtual CPU 20 shares per megabyte of configured virtual
machine memory.
Normal 1000 shares per virtual CPU 10 shares per megabyte of configured virtual
machine memory.
Low 500 shares per virtual CPU 5 shares per megabyte of configured virtual machine
memory.
For example, a virtual machine with two virtual CPUs and 1GB RAM with CPU and memory shares set to
Normal has 2x1000=2000 shares of CPU and 10x1024=10240 shares of memory.
The relative priority represented by each share changes when a new virtual machine is powered on. This
affects all virtual machines in the same virtual datacenter.
Resource Allocation Reservation
A reservation specifies the guaranteed minimum allocation for a virtual machine.
vCloud Director allows you to power on a virtual machine only if there are enough unreserved resources to
satisfy the reservation of the virtual machine. The virtual datacenter guarantees that amount even when its
resources are heavily loaded. The reservation is expressed in concrete units (megahertz or megabytes).
100 VMware, Inc.
Loading...