vExpert

Deep Dive in to Virtualization & Cloud


VMware vCloud Director Virtual Data Center

VMware vCloud Director (vCD) is deployment, automation, and management software for virtual infrastructure resources in multi-tenant cloud environments. VMware vCloud Director provides role-based access to a Web console that allows the members of an organization to interact with the organization’s resources to create and work with vApps and virtual machines.

In this blog we will do learn the basic features, components, tabs etc. and details of vCloud Director Virtual Data Center (VDC)

Virtual Data Center(vDC)

A Virtual Datacenter is a pool of cloud infrastructure resources designed specifically for enterprise business needs. Those resources include compute, memory, storage, and bandwidth. Once Organization vDC is provisioned you can login with below FQDN and see the Organization allocated resources and objects.

https:// {vcd FQDN}/tenant/ {Organization Name}

Compute

vApps

A vApp is a container which consists of one or more virtual machines that communicate over a network and use resources and services in a deployed environment. A vApp that come preconfigured with applications and configuration to provide a specific type of cloud service. vApps can include several virtual machines, working together as a unified application stack. You can create or import a new vApp based on a vApp template stored in a catalog or by importing a Virtual Machine, OVF package.

Virtual Machines

A virtual machine is a software computer that, like a physical computer, runs an operating system and applications. The virtual machine consists of a set of specification and configuration files and is backed by the physical resources of a host. Every virtual machine has virtual devices that provide the same functionality as physical hardware but are more portable, more secure, and easier to manage. In addition to the operations that you can run on a physical machine, vCloud Director virtual machines support virtual infrastructure operations, such as taking a snapshot of virtual machine state, and moving a virtual machine from one host to another.

Affinity Rules

Affinity and anti-affinity rules determine whether VMs are kept together as they are moved around within your environment.

  • Affinity rules keep VMs together on the same host
  • Anti-affinity rules ensure that VMs are distributed across different hosts

For example, if it’s important that your application has very low latency, you can create affinity rules to make sure that the application’s VMs are always kept on the same host. If you want your application to be robust in the event of host failures, you can create anti-affinity rules to spread the VMs across multiple hosts.

Networking

Networks

Like the concept of a subnet, a vApp network is an isolated network within a VMware Cloud Director network that allows specific vApps to communicate with each other. These networks can be either terminating or Edge Service Gateway, which is Routed, Isolated or Direct which is backed by an External Port Group.

Scope

  • Current Organization Virtual Data Center – Provides connectivity for VMs in the current VDC only
  • Data Center Group – Provides connectivity for VMs from all VDCs participating in the Data Center Group. Available Data Center Groups are the ones where the current VDC – “Dreams” participates in.

Network Type

  • Routed – This type of network provides controlled access to machines and networks outside of the VDC or VDC Group through an edge gateway.
  • Use ‘internal interface’ when you want to connect to one of the edge gateway’s internal interfaces (Max Networks Allowed: 9)
  • Use ‘distributed’ when you want fast and efficient East-West routing. The network will be connected to an internal interface of a distributed router that is exclusively associated with this gateway (Max Networks Allowed: 400)
  • Use ‘subinterface’ when you want to connect to the edge gateway’s internal trunk interface (Max Networks Allowed: 200)
  • Isolated – This type of network provides a fully isolated environment, which is accessible only by this organization VDC or VDC Group.
  • Direct – This type of network connects directly to an external network backed by a vSphere Distributed Port group or NSX-T Segment.

Note: – Once Network are created you need to add these networks to respective vApps and then only can assign to the Virtual Machines.

Data Center Groups

A DC group is a collection of multiple vCloud vDCs (up to 4) that provide a common networking scheme for vCD workloads. That means that they will have stretched L2 networks, for East-West traffic, and egress points (Edge Gateways for North-South traffic).

Edges

The ESG gives you access to all NSX Edge services such as firewall, NAT, DHCP, VPN, load balancing, and high availability. You can install multiple ESG virtual appliances in a Data Center. Firewall rules and other NSX Edge services are enforced on traffic between network interfaces. Uplink interfaces of ESGs connect to uplink port groups that have access to a shared corporate network or a service that provides access layer networking. Multiple external IP addresses can be configured for load balancer, site-to-site VPN, and NAT services.

  • Distributed Logical Router – The DLR provides East-West distributed routing with tenant IP address space and data path isolation. Virtual machines or workloads that reside on the same host on different subnets can communicate with one another without having to traverse a traditional routing interface. A logical router can have eight uplink interfaces and up to a thousand internal interfaces. An uplink interface on a DLR generally peers with an ESG, with an intervening Layer 2 logical transit switch between the DLR and the ESG. An internal interface on a DLR peers with a virtual machine hosted on an ESXi hypervisor with an intervening logical switch between the virtual machine and the DLR

Storage

Named Disks

Named disks are standalone virtual disks that you create in Organization VDCs. Organization administrators and users who have the respective rights can create, remove, and update named disks, and connect them to virtual machines. When you create a named disk, it is associated with an Organization VDC but not with a virtual machine. After you create the disk in a VDC, the disk owner or an administrator can attach it to any virtual machine deployed in the VDC. The disk owner can also modify the disk properties, detach it from a virtual machine, and remove it from the VDC

Storage Policy

A storage policy can reference storage capabilities that are advertised by a storage entity or it can reference datastore tags. The policy can include components that enable data services, such as replication or caching, provided by I/O filters, storage systems, or other entities. Storage Policy tab shows the details of policies and the details of that which is assigned to the organization vDC.

Settings

Settings section shows the default Organization vDC Details like Allocation details, sharing of vDC with other Users or groups, Metadata, general-purpose facility for associating user-defined metadata with an object and also you can define the Kubernetes policies.

Libraries

Content Libraries

A catalog is a container for vApp templates and media files in an organization. Organization administrators and catalog authors can create catalogs in an organization. Catalog contents can be shared with other users or organizations in the VMware Cloud Director installation or published externally for access by organizations outside the VMware Cloud Director installation. You can upload an OVF package directly to a catalog, save a vApp as a vApp template, or import a vApp template from vSphere. VMware Cloud Director contains private catalogs, shared catalogs, and externally accessible catalogs. Private catalogs include vApp templates and media files that you can share with other users in the organization. If a system administrator enables catalog sharing for your organization, you can share an organization catalog to create a catalog accessible to other organizations in the VMware Cloud Director installation.

Services

The ability to easily create custom services and display them in the new user interface as tiles under Service Library. The services are created in vRealize Orchestrator as workflows and then presented to tenants or system administrators with simple categorization.

Administration

Access Control

While vCloud Director provides a self-contained identity provider for user accounts, which are created and maintained in the vCloud Director database also it allows to Import Users and Groups from registered identity providers for the authentication. You can create custom roles and assign to respective Users or Groups as pert the Organization requirement.

Identity Providers

A vCloud Director tenant organization can define an identity provider that it shares with other applications or enterprises. Users authenticate to the identity provider to obtain a token that they can then use to log in to the organization. Such a strategy can enable an enterprise to provide access to multiple, unrelated services, including vCloud Director, with a single set of credentials, an arrangement often referred to as single sign-on. Vcloud Director supports below Identity providers.

  • Security Assertion Markup Language (SAML)
  • Lightweight Directory Access Protocol (LDAP)
  • OpenID Connect (OIDC)

Certification Management

Certification Management was a challenging process in earlier vCloud Director releases but from 10.2 release it is very easy as we have this section in provider and tenant login. Trusted Certificates is nothing but the vCD instances trusted now like vCenter, NSX etc. Certificates Library is a place where a provider can store certificates that can be used by tenants for use of AVI Advanced Load Balancer.

Settings

  • General – Administration General Tab will give you the Organization Virtual Data Center related details like name tenant URL etc.
  • Email – You can edit the system email settings, including configuring the SMTP server settings and vCloud Director notification settings. vCloud Director sends system alert emails when it has important information to report. For example, vCloud Director sends an alert when a datastore is running out of space. You can configure vCloud Director to send email alerts to all system administrators or to a specified list of email addresses
  • Guest Personalization – vCloud Director can do the Guest Operating System customization like Network, IP Address, Windows SID, System Name and join the machine to domain. In this section we will provide the domain, credentials, and OU details for the customization.
  • Metadata – General-purpose facility for associating user-defined metadata with an object.
  • Multisite – The vCloud Director Multisite feature enables a service provider or a tenant of multiple, geographically distributed vCloud Director installations (server groups) to manage and monitor those installations and their organizations as single entities. When you associate two vCloud Director sites, you enable administration of the sites as a single entity. You also enable organizations at those sites to form associations with each other
  • Policies – This policies section will help you to configure the vApp and vApp template leases duration and actions after expiry, VM quota, Limits, Password Policies.
  • Quotas – Here you can restrict the quotas of Running VMs, CPU, Memory and Kubernetes Clusters etc. It again depends on your allocation Model.

Monitoring

Monitor section in Vcloud Director tenant portal shows the details Events and Task details performed in that VDC with Description, status, time, and owner details which will help users to troubleshoot if any issues for more troubleshooting you may have to refer the provider Monitoring section or logs.

In upcoming blogs, we will discuss more on VMware vCloud Director. To make this vCD series more understandable, I am splitting this into multiple blogs

Part 1 – What is VMware vCloud Director

Part 2 – VMware vCloud Director Standalone Installation

Part 3 – VMware vCloud Director Installation with High Availability

Part 4 – VMware vCloud Director – Install and Configure RabbitMQ Cluster

Part 5 – VMware vCloud Director Cell Certificates & Load Balancing

Part 6 – VMware vCloud Director Cell Role Switchover

Part 7 – VMware vCloud Director Basic Configuration

Part 8 – VMware vCloud Director Org vDC Configuration

Part 9 – VMware vCloud Director Virtual Data Center

Part 10 – VMware vCloud Director Branding

Thanks,

If you have any comments, please drop me a line.
I hope this article was informative, and don’t forget to buy me a coffee if you found this worth reading.



Leave a Reply

Your email address will not be published. Required fields are marked *


This site uses Akismet to reduce spam. Learn how your comment data is processed.