VMware vCloud Director - 5.5 User’s Guide
vCloud Director User's Guide
vCloud Director 5.5
This document supports the version of each product listed and
supports all subsequent versions until the document is
replaced by a new edition. To check for more recent editions
of this document, see http://www.vmware.com/support/pubs.
EN-001257-01
vCloud Director User's Guide
You can find the most up-to-date technical documentation on the VMware Web site at:
http://www.vmware.com/support/
The VMware Web site also provides the latest product updates.
If you have comments about this documentation, submit your feedback to:
docfeedback@vmware.com
Copyright © 2010–2014 VMware, Inc. All rights reserved. Copyright and trademark information.
VMware, Inc.
3401 Hillview Ave.
Palo Alto, CA 94304
www.vmware.com
2 VMware, Inc.
Contents
vCloud Director User's Guide 7
Updated Information 9
Getting Started with vCloud Director 11
1
Understanding VMware vCloud Director 11
Log In to the Web Console 12
Using vCloud Director 12
Set Mozilla Firefox Options 13
Set Microsoft Internet Explorer Options 14
Set User Preferences 15
Change Your Password 16
Managing Cloud Resources 17
2
Managing Virtual Datacenters 17
Managing Organization Virtual Datacenter Networks 18
Managing Expired Items 30
Working in an Organization 31
3
Understanding Leases 31
Set Up an Organization 32
Review Your Organization Profile 34
Modify Your Email Settings 35
Modify Your Organization's Policies 35
Set Default Domain for Organization Virtual Machines 36
Enable Your Organization to Use an SAML Identity Provider 36
Install Java Cryptography Extension Unlimited Strength Jurisdiction Policy Files 37
Manage Users and Groups in Your Organization 38
Manage Resources in Your Organization 38
Manage Virtual Machines in Your Organization 38
Viewing Organization Log Tasks and Events 39
VMware, Inc.
Working with Catalogs 41
4
Add a New Catalog 42
Access a Catalog 43
Share A Catalog 43
Publish a Catalog to an External Organization 44
Change the Owner of a Catalog 45
Delete a Catalog 45
Change the Properties of Your Catalog 45
Subscribe to an External Catalog Feed 46
3
vCloud Director User's Guide
Understanding Catalogs and Their Contents 46
Working in Published Catalogs 47
Working with Media Files 49
5
Upload Media Files 49
Resume the Upload of a Media File 50
Copy Media Files to a Catalog 50
Move Media Files to Another Catalog 50
Delete Media Files 51
Modify Media File Properties 51
Working with vApp Templates 53
6
Open a vApp Template 53
Add a vApp Template to My Cloud 54
Download a vApp Template 54
Upload an OVF Package as a vApp Template 55
Resume the Upload of a vApp Template 56
Copy a vApp Template from a Public Catalog to an Organization Catalog 56
Copy a vApp Template Between an Organization's Catalogs 57
Move a vApp Template Between an Organization's Catalogs 57
Delete a vApp Template 57
Save a vApp as a vApp Template 58
Modify vApp Properties 58
Change the Guest OS Properties of a vApp Template 59
Working with vApps 61
7
Create a vApp From a vApp Template 62
Create a New vApp 62
Import a Virtual Machine as a vApp 64
Create a vApp From an OVF Package 64
About the vApp Placement Engine 65
Download a vApp as an OVF Package 66
Start a vApp 67
Start a vApp with an Older Version of VMware Tools 67
Stop a vApp 67
Suspend a vApp 68
Discard the Suspended State of a vApp 68
Reset a vApp or Virtual Machine 68
View vApp Virtual Machines 68
Add a Virtual Machine to a vApp 69
Import a Virtual Machine to a vApp from vSphere 69
Remove Virtual Machines from a vApp 70
Set vApp Start and Stop Options 70
Working with Networks in a vApp 71
Editing vApp Properties 83
Display a vApp Diagram 85
Change the Owner of a vApp 85
Upgrade the Virtual Hardware Version for a vApp 85
4 VMware, Inc.
Save vApp as a vApp Template to Your Catalog 86
Save a Powered-On vApp to your Catalog 86
Create a Snapshot of a vApp 87
Revert a vApp to a Snapshot 87
Remove a Snapshot of a vApp 87
Copy a vApp to Another Virtual Datacenter 88
Copy a Powered-On vApp 88
Move a vApp to Another Virtual Datacenter 89
Delete a vApp 89
Contents
Working with Virtual Machines 91
8
Open a Virtual Machine Console 92
Power On a Virtual Machine 92
Power Off a Virtual Machine 92
Reset a vApp or Virtual Machine 93
Suspend a Virtual Machine 93
Resume a Suspended Virtual Machine 93
Discard the Suspended State of a Virtual Machine 93
Insert a CD/DVD 94
Eject a CD/DVD 94
Insert a Floppy 94
Eject a Floppy 95
Upgrade the Virtual Hardware Version for a Virtual Machine 95
Connect Remotely to a Virtual Machine 95
Create a Snapshot of a Virtual Machine 96
Revert a Virtual Machine to a Snapshot 96
Remove a Snapshot of a Virtual Machine 96
Copy or Move a Virtual Machine to a vApp 96
Delete a Virtual Machine 97
Editing Virtual Machine Properties 97
Installing VMware Tools 104
Guest Operating Systems 114
Index 121
VMware, Inc. 5
vCloud Director User's Guide
6 VMware, Inc.
vCloud Director User's Guide
The VMware vCloud Director User's Guide provides information about managing organizations, catalogs,
vApps, and virtual machines.
Intended Audience
This book is intended for anyone who wants to set up and configure organizations in
VMware vCloud Director. The information in this book is written for non-system administrators, including
organization administrators who will create and set up vApps, catalogs, and virtual machines.
VMware, Inc. 7
vCloud Director User's Guide
8 VMware, Inc.
Updated Information
This vCloud Director User's Guide is updated with each release of the product or when necessary.
This table provides the update history of the vCloud Director User's Guide.
Revision Description
001257-01
001257-00 Initial release.
Removed outdated table information in “Guest Operating System Support,” on page 119.
n
Corrected the procedure in “Share A Catalog,” on page 43.
n
VMware, Inc. 9
vCloud Director User's Guide
10 VMware, Inc.
Getting Started with vCloud Director 1
When you log in to the vCloud Director Web console, the Home tab provides access to your resources and
links to common tasks.
You can also set your user preferences and view the product help.
This chapter includes the following topics:
“Understanding VMware vCloud Director,” on page 11
n
“Log In to the Web Console,” on page 12
n
“Using vCloud Director,” on page 12
n
“Set Mozilla Firefox Options,” on page 13
n
“Set Microsoft Internet Explorer Options,” on page 14
n
“Set User Preferences,” on page 15
n
“Change Your Password,” on page 16
n
Understanding VMware vCloud Director
VMware® vCloud Director provides role-based access to a Web console that allows the members of an
organization to interact with the organization's resources to create and work with vApps and virtual
machines.
Before you can access your organization, a vCloud Director system administrator must create the
organization, assign it resources, and provide the URL to access the Web console. Each organization
includes one or more organization administrators, who finishes setting up the organization by adding
members and setting policies and preferences. After the organization is set up, non-administrator users can
log in to create, use, and manage virtual machines and vApps.
Organizations
An organization is a unit of administration for a collection of users, groups, and computing resources. Users
authenticate at the organization level, supplying credentials established by an organization administrator
when the user was created or imported. System administrators create and provision organizations, while
organization administrators manage organization users, groups, and catalogs.
Users and Groups
An organization can contain an arbitrary number of users and groups. Users can be created locally by the
organization administrator or imported from a directory service such as LDAP. Groups must be imported
from the directory service. Permissions within an organization are controlled through the assignment of
rights and roles to users and groups.
VMware, Inc.
11
vCloud Director User's Guide
Virtual Datacenters
An organization virtual datacenter provides resources to an organization. Virtual datacenters provide an
environment where virtual systems can be stored, deployed, and operated. They also provide storage for
virtual media, such as floppy disks and CD ROMs. An organization can have multiple virtual datacenters.
Organization Virtual Datacenter Networks
An organization virtual datacenter network is contained within a vCloud Director organization virtual
datacenter and is available to all the vApps in the organization. An organization virtual datacenter network
allows vApps within an organization to communicate with each other. An organization virtual datacenter
network can be connected to an external network or isolated and internal to the organization. Only system
administrators can create organization virtual datacenter networks, but organization administrators can
manage organization virtual datacenter networks, including the network services they provide.
vApp Networks
A vApp network is contained within a vApp and allows virtual machines in the vApp to communicate with
each other. You can connect a vApp network to an organization virtual datacenter network to allow the
vApp to communicate with other vApps in the organization and outside of the organization, if the
organization virtual datacenter network is connected to an external network.
Catalogs
Organizations use catalogs to store vApp templates and media files. The members of an organization that
have access to a catalog can use the catalog's vApp templates and media files to create their own vApps.
Organizations administrators can copy items from public catalogs to their organization catalog.
Log In to the Web Console
Use the organization URL to log in to your organization and access the Web console.
Contact your organization administrator if you do not know the organization URL.
Procedure
1 In a browser, type the URL of your organization and press Enter.
For example, type https://cloud.example.com/cloud/org/myOrg.
2 Type your user name and password and click Login. .
What to do next
The Web console displays a list of the common tasks and resources available to you based on your role. An
organization administrator can click the Set up this organization link on the Home tab to finish setting up a
newly created organization. See “Set Up an Organization,” on page 32 for more information.
Using vCloud Director
When you log into vCloud Director, the first page you see is the Home page. The information that appears
on this page are the most common tasks for your role.
Organization administrators see the Set up this organization link as their first task. They also see tasks
under these headings.
Organizations and resources
n
Content
n
12 VMware, Inc.
Users & Groups
n
The vApps in your organization are displayed for easy access.
Catalog authors see links to these tasks.
Add Cloud Computer System
n
Build new vApp
n
Manage Catalogs
n
New Catalog
n
vApp authors see links to these tasks.
Add Cloud Computer System
n
Build new vApp
n
vApp users see links to these tasks.
Add Cloud Computer System
n
The vApps in your organization are displayed for easy access.
Console Access Only users have a read-only access to vCloud Director.
Chapter 1 Getting Started with vCloud Director
Set Mozilla Firefox Options
These options and settings help you display and use the vCloud Director Web console in Mozilla Firefox.
Prerequisites
You have the following.
At least Firefox 3.x
n
SSL 3.0 Encryption
n
TLS 1.0 Encryption
n
Procedure
1 In Firefox, select Tools > Options.
2 Click Content and select the JavaScript check box.
3 Click Privacy.
4 In the Firefox will: drop-down menu, select Use custom settings for history.
5 Select the Accept cookies from sites.
This selection also selects the Accept third-party cookies check box.
6 Click OK.
Bypass the Proxy in Mozilla Firefox
You can configure the Firefox proxy server to bypass certain Web addresses.
If all of these conditions exist, you can configure Firefox to bypass specific Web addresses.
The internal network is configured with a proxy server to access the external network.
n
The browser's proxy server connection has no local exceptions.
n
The proxy is not configured to look in the internal network after not finding or connecting to the target
n
on the external network.
VMware, Inc. 13
vCloud Director User's Guide
The user looks for a target on the internal network using Firefox.
n
Procedure
1 Select an option.
Operating System Action
Windows
Linux
Tools > Options
Edit > Preferences
2 Click the Advanced button.
3 On the Network tab, click the Settings button.
4 Enter the IP of the cell or load balancer in the No Proxy for: field.
The specified Web addresses are bypassed by the Firefox proxy server.
Set Microsoft Internet Explorer Options
These options help you display and use the vCloud Director Web console in Microsoft Internet Explorer.
You have the following.
At least Internet Explorer 7.
n
SSL 3.0 Encryption
n
TLS 1.0 Encryption
n
Procedure
1 In Internet Explorer, select Tools > Internet Options.
2 Click the Security tab.
3 Select the Internet content zone for the vCloud Director server.
4 Click Custom Level and select Enable or Prompt for these options.
Download signed ActiveX controls
n
Run ActiveX controls and plug-ins
n
Allow META REFRESH
n
Active scripting of Microsoft web browser control
n
5 Click OK.
6 Click the Advanced tab.
7 If you are using Internet Explorer on Windows 2003, complete these tasks.
a Select Start > Settings > Control Panel.
b Select Add or Remove Programs.
c Click Add/Remove Windows Components.
d Disable Internet Explorer Enhanced Security Configuration.
14 VMware, Inc.
Chapter 1 Getting Started with vCloud Director
Bypass the Proxy in Internet Explorer
You can configure the Internet Explorer proxy server to bypass certain Web addresses.
If all of these conditions exist, you can configure Internet Explorer to bypass specific Web addresses.
The internal network is configured with a proxy server to access the external network.
n
The browser's proxy server connection has no local exceptions.
n
The proxy is not configured to look in the internal network after not finding or connecting to the target
n
on the external network.
The user looks for a target on the internal network using Internet Explorer.
n
Procedure
1 Type the IP address of the cell or load balancer so that VMware Remote Console (VMRC) can bypass
the proxy setting.
2 Select Tools > Internet Options.
3 On the Connections tab, click LAN Settings in the bottom panel.
4 In the Proxy Server panel, click Advanced.
5 In the Exception panel, in the Do not use proxy server for addresses beginning with: text box, type the
IP address of the cell or load balancer.
If the configuration management vehicle supports the use of regular expressions, you must type the
DNS name of the cell or load balancer.
6 Click OK.
The specified Web addresses are bypassed by the Internet Explorer proxy server.
Set User Preferences
You can set certain display and system alert preferences that take effect every time you log in to the system.
You can also change the password for your system administrator account.
Procedure
1 In the title bar of the Web console, click Preferences.
2 Click the Defaults tab.
3 Select the page to display when you log in.
4 Select the number of days or hours before a runtime lease expires that you want to receive an email
notification.
5 Select the number of days or hours before a storage lease expires that you want to receive an email
notification.
6 Click the Change Password tab.
7 (Optional) Type your current password and type your new password twice.
8 Click OK.
VMware, Inc. 15
vCloud Director User's Guide
Change Your Password
If you have a local user account, you can change your password.
Procedure
1 Log in to your organization.
2 In the title bar of the Web console, click Preferences.
3 On the Change Password tab, type your current password, type your new password, and retype your
new password.
4 Click OK.
vCloud Director logs you out.
What to do next
Log in using your new password.
16 VMware, Inc.
Managing Cloud Resources 2
A vCloud Director system administrator creates and assigns virtual datacenters and networks to an
organization. An organization administrator can view information about these resources and perform a
limited set of management tasks. Contact your system administrator if you need more organization virtual
datacenters or organization virtual datacenter networks..
This chapter includes the following topics:
“Managing Virtual Datacenters,” on page 17
n
“Managing Organization Virtual Datacenter Networks,” on page 18
n
“Managing Expired Items,” on page 30
n
Managing Virtual Datacenters
Virtual datacenters provide processor, memory, and storage resources to your organization. They are
assigned to your organization by your system administrator. An organization can have multiple virtual
datacenters.
Display Virtual Datacenters
When you display the virtual datacenters in your organization, you can monitor the resources, users, and
policy settings that you manage.
You are an organization administrator.
Procedure
1 Click Administration.
2 In the left pane, select Cloud Resources > Virtual Datacenters.
A list of virtual datacenters in your organization appears in the right pane.
3 For details about a virtual datacenter, right-click, and select Open.
The vApps, vApp templates, media, and networks attached to this virtual datacenter are displayed.
When you click through each tab, you can right click on an object to see the operations you can
complete.
Review Virtual Datacenter Properties
You can review the properties of the virtual datacenters that are assigned to your organization.
Procedure
1 Click Administration.
VMware, Inc.
17
vCloud Director User's Guide
2 Select Cloud Resources > Virtual Datacenters.
3 Select a virtual datacenter, right-click, and select Properties.
4 Review the properties and click OK.
What to do next
To modify your organizational virtual datacenters, contact your system administrator.
Monitor Your Virtual Datacenter
You can monitor the virtual datacenter assigned to your organization and determine when to request
additional capacity.
You are an organization administrator.
Procedure
1 Click Administration.
2 Select Cloud Resources > Virtual Datacenters.
3 Click the Monitor button.
Details about the processor, memory, storage, and allocation model appear.
What to do next
Contact your system administrator for more capacity.
Manage Your Virtual Datacenters
You can review information such as the status, allocation model, and the number of vApps in a virtual
datacenter in your organization.
You are an organization administrator
Procedure
1 Click Administration.
2 In the left pane, select Cloud Resources > Virtual Datacenters.
3 Click the Manage button.
4 Review the information.
What to do next
You can open the virtual datacenter to see the objects in it, notify users about issues or changes, or review
the virtual datacenter's properties. Contact your system administrator to make changes to your virtual
datacenter.
Managing Organization Virtual Datacenter Networks
Organization virtual datacenter networks are created and assigned to your organization virtual datacenter
by a system administrator. An organization administrator can view information about networks, configure
network services, and more.
You can use direct, routed, or internal organization virtual datacenter networks.
18 VMware, Inc.
Chapter 2 Managing Cloud Resources
Table 2‑1. Types of Organization Virtual Datacenter Networks
Organization Virtual Datacenter
Network Type Description
Direct Accessible by multiple organizations. Virtual machines belonging to different
organizations can connect to and see traffic on this network.
This network provides direct layer 2 connectivity to virtual machines outside of
the organization. Virtual machines outside of this organization can connect to
virtual machines in the organization directly.
Routed Accessible only by this organization. Only virtual machines in this organization
can connect to this network.
This network also provides controlled access to an external network. System
administrators and organization administrators can configure network address
translation (NAT), firewall, and VPN settings to make specific virtual machines
accessible from the external network.
Internal Accessible only by this organization. Only virtual machines in this organization
can connect to and see traffic on this network.
This network provides an organization with an isolated, private network that
multiple vApps can connect to. This network provides no connectivity to
machines outside this organization. Machines outside of this organization have
no connectivity to machines in the organization.
Configuring Oganization Virtual Datacenter Network Services
An organization administrator can configure services, such as DHCP, firewalls, network address translation
(NAT), VPN, and static routing for certain organization virtual datacenter networks.
The network services available depend on the type of organization virtual datacenter network.
Table 2‑2. Network Services Available by Network Type
Organization Virtual
Datacenter Network Type DHCP Firewall NAT VPN Static Routing
Direct
Routed X X X X X
Internal X
Configure DHCP for an Organization Virtual Datacenter Network
Organization administrators can configure certain organization virtual datacenter networks to provide
DHCP services to virtual machines in the organization.
When you power on a virtual machine with the following configuration, vCloud Director assigns a DHCP
IP address to that virtual machine.
A NIC connected to an organization virtual datacenter network that has DHCP enabled.
n
The IP mode for the connected NIC set to DHCP.
n
Prerequisites
Verify that you have a routed organization virtual datacenter network or an internal organization virtual
datacenter network.
Procedure
1 Click Administration and select the organization virtual datacenter.
2 Click the Org VDC Networks tab, right-click the organization virtual datacenter network name and
select Configure Services.
VMware, Inc. 19
vCloud Director User's Guide
3 Select Enable DHCP.
4 Type a range of IP addresses or use the default range.
vCloud Director uses these addresses to satisfy DHCP requests. The range of DHCP IP addresses
cannot overlap with the static IP pool for the organization virtual datacenter network.
5 Set the default lease time and maximum lease time or use the default values.
6 Click OK.
vCloud Director updates the network to provide DHCP services.
Configure the Firewall for an Organization Virtual Datacenter Network
An organization administrator can configure certain organization virtual datacenter networks to provide
firewall services. Enable the firewall on an organization virtual datacenter network to enforce firewall rules
on incoming traffic, outgoing traffic, or both.
When you enable the firewall, you can specify a default firewall action to deny all incoming and outgoing
traffic or to allow all incoming and outgoing traffic. You can also add specific firewall rules to allow or deny
traffic that matches the rules to pass through the firewall. These rules take precedence over the default
firewall action. See “Add a Firewall Rule to an Organization Virtual Datacenter Network,” on page 20.
If a system administrator specified syslog server settings and those settings were applied to the organization
virtual datacenter network, then you can log events related to the default firewall action. For information
about applying syslog server settings, see “Apply Syslog Server Settings to an Organization Virtual
Datacenter Network,” on page 29. To view the current syslog server settings see “View Syslog Server
Settings for an Organization Virtual Datacenter Network,” on page 29.
Prerequisites
Verify that a routed organization virtual datacenter network is in place.
Procedure
1 Click Administration and select the organization virtual datacenter.
2 Click the Org VDC Networks tab, right-click the organization virtual datacenter network name, and
select Configure Services.
3 Click the Firewall tab and select Enable firewall to enable firewall services, or deselect it to disable
firewall services.
4 Select the default firewall action.
Option Description
Deny
Allow
Blocks all traffic except when overridden by a firewall rule.
Allows all traffic except when overridden by a firewall rule.
5 (Optional) Select the Log check box to log events related to the default firewall action.
6 Click OK.
Add a Firewall Rule to an Organization Virtual Datacenter Network
An organization administrator can add firewall rules to an organization virtual datacenter network that
supports a firewall. You can create rules to allow or deny traffic that matches the rules to pass through the
firewall.
When you add a new firewall rule to an organization virtual datacenter network, it appears at the bottom of
the firewall rule list. For information about how to set the order in which firewall rules are enforced, see
“Reorder Firewall Rules for an Organization Virtual Datacenter Network,” on page 22.
20 VMware, Inc.
Chapter 2 Managing Cloud Resources
If a system administrator specified syslog server settings and those settings have been applied to the
organization virtual datacenter network, then you can log firewall rule events. For information about
applying syslog server settings, see “Apply Syslog Server Settings to an Organization Virtual Datacenter
Network,” on page 29. To view the current syslog server settings see “View Syslog Server Settings for an
Organization Virtual Datacenter Network,” on page 29.
Prerequisites
Verify that you have a routed organization virtual datacenter network and enable the firewall for the
organization virtual datacenter network. See “Configure the Firewall for an Organization Virtual Datacenter
Network,” on page 20
Procedure
1 Click Administration and select the organization virtual datacenter.
2 On the Org VDC Networks tab, right-click the organization virtual datacenter network name and select
Configure Services.
3 Click the Firewall tab and click Add.
4 Type a name for the rule.
5 (Optional) Select Match rule on translated IP to have the rule check against translated IP addresses
rather than original IP addresses and choose a traffic direction to apply this rule on.
6 Type the traffic Source.
Option Description
IP address
Range of IP addresses
CIDR
internal
external
any
Type a source IP address to apply this rule on.
Type a range of source IP addresses to apply this rule on.
Type the CIDR notation of traffic to apply this rule on.
Apply this rule to all internal traffic.
Apply this rule to all external traffic.
Apply this rule to traffic from any source.
7 Select a Source port to apply this rule on from the drop-down menu.
8 Type the traffic Destination.
Option Description
IP address
Range of IP addresses
CIDR
internal
external
any
Type a destination IP address to apply this rule on.
Type a range of destination IP addresses to apply this rule on.
Type the CIDR notation of traffic to apply this rule on.
Apply this rule to all internal traffic.
Apply this rule to all external traffic.
Apply this rule to traffic with any destination.
9 Select the Destination port to apply this rule on from the drop-down menu.
10 Select the Protocol to apply this rule on from the drop-down menu.
11 Select the action.
A firewall rule can allow or deny traffic that matches the rule.
12 Select the Enabled check box.
VMware, Inc. 21
vCloud Director User's Guide
13 (Optional) Select the Log network traffic for firewall rule check box.
If you enable this option, vCloud Director sends log events to the syslog server for connections affected
by this rule. Each syslog message includes logical network and organization UUIDs.
14 Click OK and click OK again.
Reorder Firewall Rules for an Organization Virtual Datacenter Network
Firewall rules are enforced in the order in which they appear in the firewall list. An organization
administrator can change the order of the rules in the list.
When you add a firewall rule to an organization virtual datacenter network, the new rule appears at the
bottom of the firewall rule list. To enforce the new rule before an existing rule, reorder the rules.
Prerequisites
Verify that a routed organization virtual datacenter network with two or more firewall rules is in place.
Procedure
1 Click Administration and select the organization virtual datacenter.
2 Click the Org VDC Networks tab, right-click the organization virtual datacenter network name, and
select Configure Services.
3 Click the Firewall tab.
4 Drag the firewall rules to establish the order in which the rules are applied.
5 Click OK.
Enable VPN for an Organization Virtual Datacenter Network
An organization administrator can enable VPN for an organization virtual datacenter network, then create a
secure tunnel to another network.
vCloud Director supports VPN between organization virtual datacenter networks in the same organization
and remote networks.
Prerequisites
Verify that you have a routed organization virtual datacenter network.
Procedure
1 Click Administration and select the organization virtual datacenter.
2 Click the Org VDC Networks tab, right-click the organization virtual datacenter network name, and
select Configure Services.
3 Click the VPN tab and select Enable VPN.
4 (Optional) Type a public IP address.
5 Click OK.
What to do next
Create a VPN tunnel to another network.
22 VMware, Inc.
Chapter 2 Managing Cloud Resources
Create a VPN Tunnel In an Organization
An organization administrator can create a VPN tunnel between two organization virtual datacenter
networks in the same organization.
If the tunnel endpoints have a firewall between them, configure the firewall to allow the following IP
protocols and UDP ports:
IP Protocol ID 50 (ESP)
n
IP Protocol ID 51 (AH)
n
UDP Port 500 (IKE)
n
UDP Port 4500
n
Prerequisites
Verify that you have at least two routed organization virtual datacenter networks with nonoverlapping IP
subnets and VPN enabled on both networks.
Procedure
1 Click Administration and select the organization virtual datacenter.
2 Click the Org VDC Networks tab, right-click the organization virtual datacenter network name, and
select Configure Services.
3 Click the VPN tab and click Add.
4 Type a name and optional description.
5 Select a network in this organization from the drop-down menu and select a peer network.
6 Review the tunnel settings and click OK.
vCloud Director configures both peer network endpoints.
Create a VPN Tunnel Between Organizations
An organization administrator can create a VPN tunnel between two organization virtual datacenter
networks in different organizations. The organizations can be part of the same vCloud Director installation
or a different installation.
Prerequisites
Verify that you have a routed organization virtual datacenter network in each of the organizations. The
organization virtual datacenter networks must have IP subnets that do not overlap and a site-to-site VPN
enabled.
If the tunnel endpoints have a firewall between them, you must configure it to allow the following IP
protocols and UDP ports:
IP Protocol ID 50 (ESP)
n
IP Protocol ID 51 (AH)
n
UDP Port 500 (IKE)
n
UDP Port 4500
n
Procedure
1 Click Administration and select the organization virtual datacenter.
2 Click the Org VDC Networks tab, right-click the organization virtual datacenter network name, and
select Configure Services.
VMware, Inc. 23
vCloud Director User's Guide
3 Click the VPN tab and click Add.
4 Type a name and optional description.
5 Select A network in another organization from the drop-down menu.
6 Click Connect to another organization, type the login information for the peer organization, and click
Continue.
Option Description
vCloud URL
Organization
Username
Password
7 Select a peer network.
8 Review the tunnel settings and click Connect.
Base URL of the vCloud instance that contains the peer organization. For
example, https://www.example.com. Do not include /cloud
or /cloud/org/orgname in the URL.
Organization name that is used as the unique identifier in the organization
URL. For example, if the organization URL is
https://www.example.com/cloud/org/myOrg, type myOrg.
User name of an organization administrator or system administrator that
has access to the organization.
Password associated with the user name.
vCloud Director configures both peer network endpoints.
Create a VPN Tunnel to a Remote Network
An organization administrator can create a VPN tunnel between an organization virtual datacenter network
and a remote network.
If the tunnel endpoints have a firewall between them, configure it to allow the following IP protocols and
UDP ports:
IP Protocol ID 50 (ESP)
n
IP Protocol ID 51 (AH)
n
UDP Port 500 (IKE)
n
UDP Port 4500
n
Prerequisites
Verify that you have a routed organization virtual datacenter network and a routed remote network that
uses IPSec.
Procedure
1 Click Administration and select the organization virtual datacenter.
2 Select Cloud Resources > Networks.
3 Click the Organization VDC Network tab, right-click the organization virtual datacenter network
name, and select Configure Services.
4 Click the VPN tab and click Add.
5 Type a name and optional description.
6 Select a remote network from the drop-down menu.
7 Type the peer settings.
8 Review the tunnel settings and click OK.
24 VMware, Inc.
Chapter 2 Managing Cloud Resources
vCloud Director configures the organization peer network endpoint.
What to do next
Manually configure the remote peer network endpoint.
Enable Static Routing for an Organization Virtual Datacenter Network
An organization administrator can configure certain organization virtual datacenter networks to provide
static routing services. After you enable static routing on an organization virtual datacenter network, you
can add static routes to allow traffic between different vApp networks routed to the organization virtual
datacenter network.
Prerequisites
Verify that a routed organization virtual datacenter network is in place.
Procedure
1 Click Administration.
2 Select Cloud Resources > Networks.
3 Right-click the organization virtual datacenter network name and select Configure Services.
4 On the Static Routing tab, select Enable static routing and click OK.
What to do next
Create static routes.
Add Static Routes Between vApp Networks Routed to the Same Organization Virtual Datacenter Network
An organization administrator can add static routes between two vApp networks that are routed to the
same organization virtual datacenter network. Static routes allow traffic between the networks.
You cannot add static routes between overlapping networks or fenced vApps. After you add a static route to
an organization virtual datacenter network, configure the network firewall rules to allow traffic on the static
route. For vApps with static routes, select the Always use assigned IP addresses until this vApp or
associated networks are deleted check box.
Static routes only function when the vApps included in the routes are running. If you change the parent
network of a vApp, delete a vApp, or delete a vApp network, and the vApp includes static routes, those
routes cannot function and you must remove them manually.
Prerequisites
Verify that the following conditions are met.
A routed organization virtual datacenter network is in place.
n
Static routing is enabled on the organization virtual datacenter network.
n
Two vApp networks are routed to the organization virtual datacenter network.
n
The vApp networks are in vApps that were started at least once.
n
Procedure
1 Click Administration.
2 Select Cloud Resources > Networks.
3 Right-click the organization virtual datacenter network name and select Configure Services.
VMware, Inc. 25
vCloud Director User's Guide
4 Click the Static Routing tab and click Add.
5 Type a name, network address, and next hop IP address.
The network address is for the first vApp network to which you want to add a static route. The next
hop IP address is the external IP address of that vApp network's router.
6 Select Within this network, and click OK.
7 Click OK.
8 Repeat Step 4 through Step 7 to add a route to the second vApp network.
Example: Static Routing Example
vApp Network 1 and vApp Network 2 are both routed to Org Network Shared. You can create static routes
on the organization virtual datacenter network to allow traffic between the vApp networks. You can use
information about the vApp networks to create the static routes.
Table 2‑3. Network Information
Network Name Network Specification Router External IP Address
vApp Network 1 192.168.1.0/24 192.168.0.100
vApp Network 2 192.168.2.0/24 192.168.0.101
Org Network Shared 192.168.0.0/24 NA
On Org Network Shared, create a static route to vApp Network 1 and another static route to vApp Network
2.
Table 2‑4. Static Routing Settings
Static Route to
Network Route Name Network
vApp Network 1 tovapp1 192.168.1.0/24 192.168.0.100 In this network
vApp Network 2 tovapp2 192.168.2.0/24 192.168.0.101 In this network
Next Hop IP
Address Route
What to do next
Create firewall rules to allow traffic on the static routes.
Add Static Routes Between vApp Networks Routed to Different Organization Virtual Datacenter Networks
An organization administrator can add static routes between two vApp networks that are routed to
different organization virtual datacenter networks. Static routes allow traffic between the networks.
You cannot add static routes between overlapping networks or fenced vApps. After you add a static route to
an organization virtual datacenter network, configure the network firewall rules to allow traffic on the static
route. For vApps with static routes, select the Always use assigned IP addresses until this vApp or
associated networks are deleted check box.
Static routes only function when the vApps included in the routes are running. If you change the parent
network of a vApp, delete a vApp, or delete a vApp network, and the vApp includes static routes, those
routes cannot function and you must remove them manually.
Prerequisites
Verify that you have the following items.
Two organization virtual datacenter networks routed to the same external network.
n
Static routing is enabled on both organization virtual datacenter networks.
n
26 VMware, Inc.
Chapter 2 Managing Cloud Resources
A vApp network is routed to each organization virtual datacenter network.
n
The vApp networks are in vApps that were started at least once.
n
Procedure
1 Click Administration and select the organization virtual datacenter.
2 Click the Org virtual datacenter Networks tab, right-click the organization virtual datacenter network
name, and select Configure Services.
3 Click the Static Routing tab and click Add.
4 Type a name, network address, and next hop IP address.
The network address is for the vApp network to which you want to add a static route. The next hop IP
address is the external IP address of the router for the organization virtual datacenter network to which
that vApp network is routed.
5 Select To external network and click OK.
6 Click Add.
7 Type a name, network address, and next hop IP address.
The network address is for the vApp network that is routed to this organization virtual datacenter
network. The next hop IP address is the external IP address of the router for that vApp network.
8 Select Within this network and click OK.
9 Repeat Step 2 through Step 8 to add static routes to the second organization virtual datacenter network.
Example: Static Routing Example
vApp Network 1 is routed to Org virtual datacenter Network 1. vApp Network 2 is routed to Org virtual
datacenter Network 2. You can create static routes on the organization virtual datacenter networks to allow
traffic between the vApp networks. You can use information about the vApp networks and organization
virtual datacenter networks to create the static routes.
Table 2‑5. Network Information
Network Name Network Specification Router External IP Address
vApp Network 1 192.168.1.0/24 192.168.0.100
vApp Network 2 192.168.11.0/24 192.168.10.100
Org VDC Network 1 192.168.0.0/24 10.112.205.101
Org VDC Network 2 192.168.10.0/24 10.112.205.100
On Org VDC Network 1, create a static route to vApp Network 2 and another static route to vApp Network
1. On Org VDC Network 2, create a static route to vApp Network 1 and another static route to vApp
Network 2.
Table 2‑6. Static Routing Settings for Org VDC Network 1
Static Route to
Network Route Name Network
vApp Network 2 tovapp2 192.168.11.0/24 10.112.205.100 To external network
vApp Network 1 tovapp1 192.168.1.0/24 192.168.0.100 Within this network
Next Hop IP
Address Route
VMware, Inc. 27
vCloud Director User's Guide
Table 2‑7. Static Routing Settings for Org VDC Network 2
Static Route to
Network Route Name Network
vApp Network 1 tovapp1 192.168.1.0/24 10.112.205.101 To external network
vApp Network 2 tovapp2 192.168.11.0/24 192.168.10.100 Within this network
What to do next
Create firewall rules to allow traffic on the static routes.
Reset an Organization Virtual Datacenter Network
If the network services, such as DHCP settings, firewall settings, and so on, that are associated with an
organization virtual datacenter network are not working as expected, reset the network.
No network services are available while an organization virtual datacenter network resets.
Prerequisites
Verify that you have an external NAT-routed organization virtual datacenter network or an internal
n
organization network.
Verify that you have organization administrator privileges.
n
Next Hop IP
Address Route
Procedure
1 Click Administration and select the organization virtual datacenter.
2 Right-click an organization virtual datacenter network, and select Reset Network.
3 Click Yes.
View IP Use for an Organization Virtual Datacenter Network
You can view a list of the IP addresses from an organization virtual datacenter network IP pool that are
currently in use.
Prerequisites
Verify that you are an organization administrator.
Procedure
1 Click Administration and select the organization virtual datacenter.
2 Right-clicki an organization virtual datacenter network, and select IP Allocations.
Add IP Addresses to an Organization Virtual Datacenter Network IP Pool
If an organization virtual datacenter network is running out of IP addresses, you can add more addresses to
its IP pool.
You are an organization administrator.
You cannot add IP addresses to external organization virtual datacenter networks that have a direct
connection.
Procedure
1 Click Administration and select the organization virtual datacenter.
2 Right-click an organization virtual datacenter network and select Properties.
28 VMware, Inc.
Chapter 2 Managing Cloud Resources
3 On the Network Specification tab, type an IP address or a range of IP addresses in the text box and
click Add.
4 Click OK.
View vApps and vApp Templates That Use an Organization Virtual Datacenter Network
You can view a list of the all the vApps and vApp templates that include virtual machines with a NIC
connected to an organization virtual datacenter network.
Prerequisites
Verify that you are an organization administrator.
Procedure
1 Click Administration and select the organization virtual datacenter.
2 Right-click an organization virtual datacenter network and select Connected vApps.
3 Click OK.
View Syslog Server Settings for an Organization Virtual Datacenter Network
You can view the syslog server settings for a routed organization virtual datacenter network.
vCloud Director supports logging events related to firewall rules to a syslog server specified by a system
administrator.
If an organization virtual datacenter network does not have any syslog server settings and you think it
should, or if the settings are not what you expected, then you can synchronize the network with the current
syslog server settings. See “Apply Syslog Server Settings to an Organization Virtual Datacenter Network,”
on page 29. If a problem still exists after you synchronize, contact your system administrator.
Prerequisites
Verify that an external NAT-routed organization virtual datacenter network exists.
n
Verify that you are an organization administrator.
n
Procedure
1 Click Administration and select the organization virtual datacenter.
2 Click the Org VDC Networks tab, right-click the organization virtual datacenter network name, and
select Properties.
3 Click the Syslog Server Settings tab.
Apply Syslog Server Settings to an Organization Virtual Datacenter Network
You apply syslog server settings to a routed organization virtual datacenter network to enable firewall rule
logging.
Only a system administrator can specify syslog server settings. Apply those settings to any organization
virtual datacenter network that was created before the system administrator specified them. Also, apply the
syslog server settings to an organization virtual datacenter network whenever a system administrator
changes the settings.
VMware, Inc. 29
vCloud Director User's Guide
Prerequisites
Verify that an external NAT-routed organization virtual datacenter network is in place.
You are an organization administrator.
Procedure
1 Click Administration and select the organization virtual datacenter.
2 Click the Org VDC Networks tab, right-click the organization virtual datacenter network name, and
select Synchronize syslog server settings.
3 Click Yes.
Managing Expired Items
When vApps or vApp templates expire, you can determine whether you want to renew or delete them.
Manage Expired vApps
You can display a list of expired vApps, delete them, or restore them to your organization.
You are an organization administrator.
The organization policy for what to do when a vApp storage lease expires is set to Move to Expired Items.
See “Configure Organization Lease, Quota, and Limit Settings,” on page 34.
Procedure
1 Select My Cloud > Expired Items.
2 On the Expired vApps tab, review the list of expired vApps.
3 Right-click a vApp and select Delete or Renew and click Yes.
If you selected Delete, the vApp is deleted from the list. If you selected Renew, the restored vApp appears
on the vApps page.
Manage Expired vApp Templates
You can display a list of expired vApp templates and delete them or restore them to your organization.
You are an organization administrator.
The organization policy for what to do when a vApp template storage lease expires is set to Move to
Expired Items. See “Configure Organization Lease, Quota, and Limit Settings,” on page 34.
Procedure
1 Select My Cloud > Expired Items.
2 Click the Expired vApp Templates tab.
3 Right-click on a vApp template, select Delete or Renew, and click Yes.
If you selected Delete, the vApp template is deleted from the list. If you selected Renew, the vApp template
is restored to its catalog.
30 VMware, Inc.
Loading...