vCloud Director Administrator's Guide vCloud Director 1.5 This document supports the version of each product listed and supports all subsequent versions until the document is replaced by a new edition. To check for more recent editions of this document, see http://www.vmware.com/support/pubs.
vCloud Director Administrator's Guide You can find the most up-to-date technical documentation on the VMware Web site at: http://www.vmware.com/support/ The VMware Web site also provides the latest product updates. If you have comments about this documentation, submit your feedback to: docfeedback@vmware.com Copyright © 2010, 2011 VMware, Inc. All rights reserved. This product is protected by U.S. and international copyright and intellectual property laws.
Contents vCloud Director Administrator's Guide 7 1 Getting Started with vCloud Director 9 Overview of vCloud Director Administration 9 Log In to the Web Console 11 Preparing the System 12 Create a Microsoft Sysprep Deployment Package 12 Replace a Microsoft Sysprep Deployment Package 13 Set User Preferences 14 Change a System Administrator Password 14 2 Adding Resources to vCloud Director 15 Adding vSphere Resources 15 Adding Cloud Resources 17 3 Creating and Provisioning Organizations 23 Understanding
vCloud Director Administrator's Guide Managing vSphere Datastores 72 Managing Stranded Items 73 7 Managing Organizations 75 Enable or Disable an Organization 75 Delete an Organization 75 Modify an Organization Name 76 Modify an Organization Full Name and Description 76 Modify Organization LDAP Options 76 Modify Organization Catalog Publishing Policy 77 Modify Organization Email Preferences 78 Modify Organization Lease, Quota, and Limit Settings 78 Add a Catalog to an Organization 79 Managing Organization
Contents 10 Monitoring vCloud Director 101 Viewing Tasks and Events 101 Monitor and Manage Blocking Tasks 103 View Usage Information for a Provider vDC 103 View Usage Information for an Organization vDC Using vCloud Director's JMX Service 104 Viewing the vCloud Director Logs 104 vCloud Director and Cost Reporting 104 Monitoring Quarantined Files 105 103 11 Roles and Rights 107 Predefined Roles and Their Rights 107 Index 111 VMware, Inc.
vCloud Director Administrator's Guide 6 VMware, Inc.
vCloud Director Administrator's Guide The VMware vCloud Director Administrator's Guide provides information to the vCloud Director system administrator about how to add resources to the system, create and provision organizations, manage resources and organizations, and monitor the system. Intended Audience This book is intended for anyone who wants to configure and manage a vCloud Director installation.
vCloud Director Administrator's Guide 8 VMware, Inc.
Getting Started with vCloud Director 1 The first time you log in to the vCloud Director Web console, the Home tab guides you through the steps to configure your installation. You can also set your user preferences and create a Microsoft Sysprep deployment package to support guest customization in vCloud Director virtual machines.
vCloud Director Administrator's Guide Cloud resources include provider and organization virtual datacenters, external networks, organization networks, and network pools. Before you can add cloud resources to vCloud Director, you must add vSphere resources. Provider Virtual Datacenters A provider virtual datacenter (vDC) combines the compute and memory resources of a single vCenter Server resource pool with the storage resources of one or more datastores available to that resource pool.
Chapter 1 Getting Started with vCloud Director Network Pools A network pool is a group of undifferentiated networks that is available for use within an organization vDC. A network pool is backed by vSphere network resources such as VLAN IDs, port groups, or Cloud isolated networks. vCloud Director uses network pools to create NAT-routed and internal organization networks and all vApp networks. Network traffic on each network in a pool is isolated at layer 2 from all other networks.
vCloud Director Administrator's Guide Preparing the System The Home tab in the vCloud Director Web console provides links to the tasks required to prepare the system for use. Links become active after you complete prerequisite tasks. For more information about each task, see Table 1-1. Table 1-1.
Chapter 1 Getting Started with vCloud Director 2 Run the /opt/vmware/cloud-director/deploymentPackageCreator/createSysprepPackage.sh SysprepBinariesDirectory command. For example, /opt/vmware/clouddirector/deploymentPackageCreator/createSysprepPackage.sh /root/MySysprepFiles. 3 Use the service vmware-vcd restart command to restart the cloud cell. 4 If you have multiple cloud cells, copy the package and properties file to all cloud cells.
vCloud Director Administrator's Guide Set User Preferences You can set certain display and system alerts preferences that take effect every time you log in to the system. Procedure 1 In the title bar of the Web console, click Preferences. 2 Click the Defaults tab. 3 Select the page to display when you log in. 4 Select the number of days or hours before a runtime lease expires that you want to receive an email notification.
Adding Resources to vCloud Director 2 vCloud Director derives its resources from an underlying vSphere virtual infrastructure. After you register vSphere resources in vCloud Director, you can allocate these resources for organizations within the vCloud Director installation to use.
vCloud Director Administrator's Guide Open the Attach New vCenter Wizard Open the Attach New vCenter wizard to start the process of attaching a vCenter Server to vCloud Director. Procedure 1 Click the Manage & Monitor tab and then click vCenters in the left pane. 2 Click the Attach New vCenter button. The Attach New vCenter wizard launches.
Chapter 2 Adding Resources to vCloud Director vCloud Director attaches the new vCenter Server and registers its resources for provider virtual datacenters to use. What to do next Assign a vShield for VMware vCloud Director license key in the vCenter Server. Assign a vShield License Key in vCenter After you attach a vCenter Server to vCloud Director, you must use the vSphere Client to assign a vShield for VMware vCloud Director license key.
vCloud Director Administrator's Guide If you plan to add a resource pool that is part of a cluster that uses vSphere HA, make sure you are familiar with how vSphere HA calculates slot size. For more information about slot sizes and customizing vSphere HA behavior, see the VMware vSphere Availability Guide. Prerequisites Verify that at least one vCenter Server is attached with an available resource pool to vCloud Director.
Chapter 2 Adding Resources to vCloud Director 2 Click the Add Network button. 3 Select a vCenter Server and a vSphere port group and click Next. 4 Type the network settings and click Next. 5 Type a name and optional description for the network and click Next. 6 Review the network settings and click Finish. What to do next You can now create an organization network that connects to the external network.
vCloud Director Administrator's Guide Add a Network Pool That Is Backed by Cloud Isolated Networks You can create a network pool that is backed by cloud isolated networks. A cloud isolated network spans hosts, provides traffic isolation from other networks, and is the best source for vApp networks. An isolation-backed network pool does not require preexisting port groups in vSphere. Prerequisites Verify that a vSphere distributed switch is available.
Chapter 2 Adding Resources to vCloud Director 5 Select one or more port groups, click Add, and click Next. You can create one network for each port group. 6 Type a name and optional description for the network and click Next. 7 Review the network pool settings and click Finish. What to do next You can now create an organization network that is backed by the network pool or associate the network pool with an organization vDC and create vApp networks.
vCloud Director Administrator's Guide 22 VMware, Inc.
Creating and Provisioning Organizations 3 Organizations provide resources to a group of users and set policies that determine how users can consume those resources. Create an organization for each group of users that requires its own resources, policies, or both.
vCloud Director Administrator's Guide Create an Organization Creating an organization involves specifying the organization settings and creating a user account for the organization administrator. Procedure 1 Open the New Organization Wizard on page 24 Open the New Organization wizard to start the process of creating an organization. 2 Name the Organization on page 25 Provide a descriptive name and an optional description for your new organization.
Chapter 3 Creating and Provisioning Organizations Name the Organization Provide a descriptive name and an optional description for your new organization. Procedure 1 Type an organization name. This name provides a unique identifier that appears as part of the URL that members of the organization use to log in to the organization. 2 Type a display name for the organization. This name appears in the browser header when an organization member uses the unique URL to log in to vCloud Director.
vCloud Director Administrator's Guide Add Local Users to the Organization Every organization should have at least one local, non-LDAP, organization administrator account, so that users can log in even if the LDAP service is unavailable. Procedure 1 Click Add. 2 Type a user name and password. 3 Assign a role to the user. 4 (Optional) Type the contact information for the user. 5 Select Unlimited or type a user quota for stored and running virtual machines and click OK.
Chapter 3 Creating and Provisioning Organizations 2 Select a notification settings option. Option Description Use system default notification settings The organization uses the system notification settings. Set organization notification settings The organization uses its own notification settings. Type an email address that appears as the sender for organization emails, type text to use as the subject prefix for organization emails, and select the recipients for organization emails.
vCloud Director Administrator's Guide 3 Click Finish to accept the settings and create the organization. What to do next Allocate resources to the organization. Allocate Resources to an Organization You allocate resources to an organization by creating an organization vDC that is partitioned from a provider vDC. A single organization can have multiple organization vDCs. Prerequisites You must have a provider vDC before you can allocate resources to an organization.
Chapter 3 Creating and Provisioning Organizations 2 Right-click the organization name and select Allocate Resources from the menu. The Allocate Resources wizard starts. Select a Provider vDC An organization vDC obtains its compute and storage resources from a provider vDC. The organization vDC provides these resources to vApps and virtual machines in the organization. Procedure 1 Select a provider vDC.
vCloud Director Administrator's Guide 2 Option Action Memory allocation Enter the maximum amount of memory, in GB, to allocate to virtual machines running in the organization vDC. Memory resources guaranteed Enter the percentage of memory resources to guarantee to virtual machines running in the organization vDC. You can overcommit resources by guaranteeing less than 100%. vCPU Speed Enter the vCPU speed in GHz.
Chapter 3 Creating and Provisioning Organizations Fast provisioning saves time by using vSphere linked clones for certain operations. See “Fast Provisioning of Virtual Machines,” on page 82. IMPORTANT Fast provisioning requires vCenter Server 5.0 and ESXi 5.0 hosts. If the provider vDC on which the organization vDC is based contains any ESX/ESXi 4.x hosts, you must disable fast provisioning.
vCloud Director Administrator's Guide Adding Networks to an Organization Add a network to an organization to enable its virtual machines to communicate with each other or to provide access to the Internet. A single organization can have multiple organization networks. Understanding Organization Networks An organization network allows virtual machines in the organization to communicate with each other and to access the Internet. Organization networks require an external network, a network pool, or both.
Chapter 3 Creating and Provisioning Organizations 3 Select the type of setup and network type and click Next. You can create an external direct organization network by using either method. 4 Option Network Type Typical Select the external network check box and select direct connection from the drop-down menu. Advanced Select External organization network - direct connection. Select an external network and click Next.
vCloud Director Administrator's Guide 8 Type a name and optional description and click Next. 9 Review the settings for the organization network. Click Finish to accept the settings and create the organization network, or click Back to modify the settings. What to do next If you added external IP addresses, you can set how they are mapped. See “Configure Port Forwarding for an Organization Network,” on page 56.
Creating a Published Catalog 4 You can publish a catalog to make a set of vApp templates or media files available to all of the organizations in a vCloud Director installation. Organizations use catalogs to store vApp templates and media files. The members of an organization can use catalog items as the building blocks to create their own vApps. When you publish a catalog, the items in the catalog become available to all of the organizations in the vCloud Director installation.
vCloud Director Administrator's Guide Create a Published Catalog You can create a published catalog to contain uploaded and imported vApp templates and media files to make available to all organizations. An organization can have multiple catalogs and control access to each catalog individually. Prerequisites Verify that you have an organization that allows catalog publishing. Procedure 1 Click the Manage & Monitor tab and click Organizations in the left pane.
Chapter 4 Creating a Published Catalog Import a vApp Template from vSphere You can import a virtual machine from vSphere and save it as a vApp template in a catalog that is available to other users. Prerequisites Verify that you are a vCloud Director system administrator. Procedure 1 Click the Manage & Monitor tab and click Organizations in the left pane. 2 Right-click the organization name and select Open. 3 Click Catalogs and select My Organization's Catalogs in the left pane.
vCloud Director Administrator's Guide Import a Media File from vSphere You can import a media file from a vSphere datastore and save it in a catalog available to other users. Prerequisites You must be a vCloud Director system administrator. You must know which datastore contains the media file and the path to that file. Procedure 1 Click the Manage & Monitor tab and click Organizations in the left pane. 2 Right-click the organization name and select Open.
Managing Cloud Resources 5 Provider vDCs, organization vDCs, external networks, organization networks, and network pools are all considered cloud resources. After you add cloud resources to vCloud Director, you can modify them and view information about their relationships with each other.
vCloud Director Administrator's Guide n Disable and delete all organization vDCs and organization networks that use the provider vDC. Procedure 1 Click the Manage & Monitor tab and click Provider vDCs in the left pane. 2 Right-click the provider vDC name and select Delete. 3 Click Yes. Modify a Provider vDC Name and Description As your vCloud Director installation grows, you might want to assign a more descriptive name or description to an existing provider vDC.
Chapter 5 Managing Cloud Resources 2 Right-click the provider vDC name and select Open. 3 Click the Hosts tab. 4 Right-click the host name and select Prepare Host or Unprepare Host. vCloud Director prepares or unprepares the host for all provider vDCs that use its resources. Upgrade an ESX/ESXi Host Agent for a Provider vDC Host vCloud Director installs agent software on each ESX/ESXi host in the installation. If you upgrade your ESX/ESXi hosts, you also need to upgrade your ESX/ESXi host agents.
vCloud Director Administrator's Guide 3 Click the Datastores tab. 4 Click Add/Remove. 5 Select a datastore from the list, click Add, and click OK. vCloud Director does not support the use of read-only datastores with provider vDCs. In most cases, readonly datastores do not appear in the list, but some read-only NFS datastores might appear. Do not add these datastores to your provider vDC. Use only shared storage because vSphere DRS cannot migrate virtual machines on local storage.
Chapter 5 Managing Cloud Resources Send an Email Notification to Provider vDC Users You can send an email notification to all users who own objects in the provider vDC, for example, vApps or media files. You can send an email notification to let users know about upcoming system maintenance, for example. Prerequisites Verify that you have a valid connection to an SMTP server. Procedure 1 Click the Manage & Monitor tab and click Provider vDCs in the left pane.
vCloud Director Administrator's Guide 8 Name the Organization vDC on page 47 You can provide a descriptive name and an optional description to indicate the vSphere functions available for your new organization vDC. 9 Confirm Settings and Create the Organization vDC on page 47 Before you create the organization vDC, review the settings you entered. Open the New Organization vDC Wizard Open the New Organization vDC wizard to start the process of creating an organization vDC.
Chapter 5 Managing Cloud Resources Select an Allocation Model The allocation model determines how and when the provider vDC compute and memory resources that you allocate are committed to the organization vDC. Procedure 1 2 Select an allocation model. Option Description Allocation Pool Only a percentage of the resources you allocate are committed to the organization vDC. You can specify the percentage, which allows you to overcommit resources.
vCloud Director Administrator's Guide Table 5-1. How Allocation Pool Settings Affect Resource Pool Settings Allocation Pool Setting Allocation Pool Value Resource Pool Setting Resource Pool Value CPU Allocation 25 GHz CPU Limit 25 GHz CPU % Guarantee 10% CPU Reservation 2.5 GHz Memory Allocation 50 GB Memory Limit 50 GB Memory % Guarantee 20% Memory Reservation 10 GB Table 5-2.
Chapter 5 Managing Cloud Resources Select Network Pool A network pool is a group of undifferentiated networks that is used to create vApp networks and NAT-routed or internal organization networks. Procedure 1 Select a network pool or select None. If you select None, you can add a network pool later. 2 Enter the maximum number of networks that the organization can provision from the network pool. 3 Click Next.
vCloud Director Administrator's Guide Procedure 1 Click the Manage & Monitor tab and click Organization vDCs in the left pane. 2 Right-click the organization vDC name and select Delete. 3 Click Yes. Modify an Organization vDC Name and Description As your vCloud Director installation grows, you might want to assign a more meaningful name or description to an existing organization vDC. Procedure 1 Click the Manage & Monitor tab and click Organization vDCs in the left pane.
Chapter 5 Managing Cloud Resources Edit Organization vDC Network Settings You can change the maximum number of provisioned networks in an organization vDC and the network pool from which the networks are provisioned. Procedure 1 Click the Manage & Monitor tab and click Organization vDCs in the left pane. 2 Right-click the organization vDC name and select Properties. 3 On the Network Pool tab, enter the new network settings and click OK.
vCloud Director Administrator's Guide Delete an External Network Delete an external network to remove it from vCloud Director. Prerequisites Before you can delete an external network, you must delete all of the organization networks that rely on it. Procedure 1 Click the Manage & Monitor tab and click External Networks in the left pane. 2 Right-click the external network name and select Delete Network.
Chapter 5 Managing Cloud Resources Create an External Direct Organization Network You can create an external direct organization network that multiple organizations can access. You typically use the external network to connect to the Internet. The organization connects directly to this network. Prerequisites An external network. Procedure 1 Click the Manage & Monitor tab and click Organization Networks in the left pane. 2 Click Add Network. The Create Organization Network wizard starts.
vCloud Director Administrator's Guide 4 Select the type of setup and network type and click Next. You can create an external routed organization network using either method. 5 Option Network Type Typical Select the external network check box and select routed connection from the drop-down menu. Advanced Select External organization network - NAT-routed connection. Select an external network and network pool and click Next.
Chapter 5 Managing Cloud Resources 5 Select a network pool and click Next. You can deselect the Only use networks accessible by this organization check box to view network pools that are not currently available to the organization through its organization vDCs. When you deselect this check box, you can choose an arbitrary network pool and later create an organization vDC that can access it. 6 Use the default network settings or type your own and click Next.
vCloud Director Administrator's Guide vCloud Director updates the network to provide DHCP services. Enable the Firewall for an Organization Network You can configure certain organization networks to provide firewall services. You can enable the firewall on an organization network to enforce firewall rules on incoming traffic, outgoing traffic, or both. You can deny all incoming traffic, deny all outgoing traffic, or both.
Chapter 5 Managing Cloud Resources 7 Type the destination IP address and select the destination port. For incoming traffic, the destination is the organization network. For outgoing traffic, the destination is the external network. 8 Select the protocol. 9 Select the action. A firewall rule can allow or deny traffic that matches the rule. 10 Select the Enabled check box. 11 (Optional) Select the Log network traffic for firewall rule check box.
vCloud Director Administrator's Guide 4 Click OK. Add External IP Addresses to an Organization Network Before you can configure NAT mapping for an organization network, you must add one or more external IP addresses. Only a system administrator can add external IP addresses to an organization network. Prerequisites An external NAT-routed organization network. Procedure 1 Click the Manage & Monitor tab and click Organization Networks in the left pane.
Chapter 5 Managing Cloud Resources 5 d Select an internal port. e Select a protocol for the type of traffic to forward. f Click OK. Click OK. Configure IP Translation for an Organization Network You can configure certain organization networks to provide IP tanslation. When you add a new IP translation rule to an organization network, it appears at the bottom of the NAT mapping rule list.
vCloud Director Administrator's Guide 3 Click the NAT Mapping tab. 4 Click and drag the rules to establish the order in which the rules are applied. 5 Click OK. Enable Site-to-Site VPN for an Organization Network You can enable site-to-site VPN for an organization network and then create a secure tunnel to another network.
Chapter 5 Managing Cloud Resources 2 Right-click the organization network name and select Configure Services. 3 Click the Site-to-Site VPN tab and click Add. 4 Type a name and optional description. 5 Select a network in this organization from the drop-down menu and select a peer network. 6 Review the tunnel settings and click OK. vCloud Director configures both peer network endpoints.
vCloud Director Administrator's Guide 8 Review the tunnel settings and click Connect. vCloud Director configures both peer network endpoints. Create a VPN Tunnel to a Remote Network You can create a VPN tunnel between an organization network and a remote network. Both system administrators and organization administrators can create VPN tunnels.
Chapter 5 Managing Cloud Resources What to do next Create static routes. See “Add Static Routes Between vApp Networks Routed to the Same Organization Network,” on page 61 and “Add Static Routes Between vApp Networks Routed to Different Organization Networks,” on page 62. Add Static Routes Between vApp Networks Routed to the Same Organization Network You can add static routes between two vApp networks that are routed to the same organization network. Static routes allow traffic between the networks.
vCloud Director Administrator's Guide On Org Network Shared, create a static route to vApp Network 1 and another static route to vApp Network 2. Table 5-7. Static Routing Settings Static Route to Network Route Name Network Next Hop IP Address Route vApp Network 1 tovapp1 192.168.1.0/24 192.168.0.100 Within this network vApp Network 2 tovapp2 192.168.2.0/24 192.168.0.101 Within this network What to do next Create firewall rules to allow traffic on the static routes.
Chapter 5 Managing Cloud Resources 7 Type a name, network address, and next hop IP address. The network address is for the vApp network that is routed to this organization network. The next hop IP address is the external IP address of the router for that vApp network. 8 Select Within this network and click OK. 9 Repeat steps Step 3 through Step 8 to add static routes to the second organization network. Example: Static Routing Example vApp Network 1 is routed to Org Network 1.
vCloud Director Administrator's Guide Procedure 1 Click the Manage & Monitor tab and click Organization Networks in the left pane. 2 Right-click the organization network name and select Reset Network. 3 Click Yes. View vApps and vApp Templates That Use an Organization Network You can view a list of the all the vApps and vApp templates that include virtual machines with a NIC connected to an organization network. You cannot delete an organization network with connected vApps or vApp templates.
Chapter 5 Managing Cloud Resources Modify an Organization Network Name and Description As your vCloud Director installation grows, you might want to assign a more descriptive name or description to an existing organization. Procedure 1 Click the Manage & Monitor tab and click Organization Networks in the left pane. 2 Right-click the organization network name and select Properties. 3 On the Name and Description tab, type a new name and optional description and click OK.
vCloud Director Administrator's Guide If you are unsure whether an organization network's syslog settings are up-to-date, you can view the organization network's syslog settings. See “View Syslog Server Settings for an Organization Network,” on page 65. Prerequisites Verify that you have an external NAT-routed organization network. Procedure 1 Click the Manage & Monitor tab and click Organization Networks in the left pane.
Chapter 5 Managing Cloud Resources 3 On the Network Pool Settings tab, type the number of VCD isolated networks and click OK. Add VLAN IDs to a Network Pool You can add VLAN IDs to a network pool that is backed by a VLAN. Prerequisites Verify that your system includes the following items: n A network pool that is backed by a VLAN n Available VLAN IDs in vSphere Procedure 1 Click the Manage & Monitor tab and click Network Pools in the left pane.
vCloud Director Administrator's Guide Adding Cloud Cells To add cloud cells to a vCloud Director installation, install the vCloud Director software on additional Cloud Director server hosts in the same vCloud Director cluster. For more information, see the VMware vCloud Director Installation and Configuration Guide. Delete a Cloud Cell If you want to remove a cloud cell from your vCloud Director installation, in order to reinstall the software, or for some other reason, you can delete the cell.
Managing vSphere Resources 6 After you add vSphere resources to the vCloud Director system, you can perform some management functions from vCloud Director. You can also use the vSphere Client to manage these resources. vSphere resources include vCenter servers, resource pools, ESX/ESXi hosts, datastores, and network switches and ports.
vCloud Director Administrator's Guide 3 On the General tab, type the new settings and click OK. Reconnect a vCenter Server If vCloud Director loses it connection to a vCenter Server, or if you change the connection settings, you can try to reconnect. Procedure 1 Click the Manage & Monitor tab and click vCenters in the left pane. 2 Right-click the vCenter Server name and select Reconnect vCenter. 3 Read the informational message and click Yes to confirm.
Chapter 6 Managing vSphere Resources What to do next Register vCloud Director with the upgraded server. See “Register vCloud Director with a vCenter Server,” on page 69. Modify vShield Manager Settings If the connection settings for the vShield Manager for a vCenter Server change, or if you want to use a different vShield Manager, you can modify its settings. Procedure 1 Click the Manage & Monitor tab and click vCenters in the left pane. 2 Right-click the vCenter Server name and select Properties.
vCloud Director Administrator's Guide Prepare or Unprepare an ESX/ESXi Host When you add an ESX/ESXi host to a vSphere cluster that vCloud Director uses, you must prepare the host before a provider vDC can use its resources. You can unprepare a host to make it unavailable for use in the vCloud Director environment. For information about moving virtual machines from one host to another, see “Move Virtual Machines from one ESX/ESXi Host to Another,” on page 71.
Chapter 6 Managing vSphere Resources Procedure 1 Click the Manage & Monitor tab and click Datastores in the left pane. 2 Right-click the datastore name and select Enable or Disable. vCloud Director enables or disables the datastore for all provider vDCs that use its resources. Remove a Datastore You can remove a datastore from vCloud Director to prevent provider vDCs from using its storage resources.
vCloud Director Administrator's Guide 2 Right-click a stranded item and select Delete. 3 Click Yes. vCloud Director attempts to delete the stranded item from vSphere. 4 Refresh the page display. If the delete operation is successful, vCloud Director removes the item from the stranded items list. What to do next If the delete operation is unsuccessful, you can force delete the item. See “Force Delete a Stranded Item,” on page 74.
Managing Organizations 7 After you create an organization, you can modify its properties, enable or disable it, or delete it.
vCloud Director Administrator's Guide Procedure 1 Click the Manage & Monitor tab and click Organization in the left pane. 2 Right-click the organization name and select Delete. 3 Click Yes. Modify an Organization Name As your vCloud Director installation grows, you might want to assign a more descriptive name to an existing organization. Prerequisites You must disable the organization before you can rename it. Procedure 1 Click the Manage & Monitor tab and click Organizations in the left pane.
Chapter 7 Managing Organizations 4 5 Select the new source for organization users. Option Description Do not use LDAP Organization administrator creates a local user account for each user in the organization. You cannot create groups if you select this option. VCD system LDAP service Use the LDAP service for the vCloud Director system as the source for organization users and groups. Custom LDAP service Connect the organization to its own private LDAP service.
vCloud Director Administrator's Guide Modify Organization Email Preferences vCloud Director requires an SMTP server to send user notification and system alert emails. You can modify the settings you specified when you created the organization. Procedure 1 Click the Manage & Monitor tab and click Organizations in the left pane. 2 Right-click the organization name and select Properties. 3 Click the Email Preferences tab. 4 Select an SMTP server option.
Chapter 7 Managing Organizations 5 Select the quotas for running and stored virtual machines. Quotas determine how many virtual machines each user in the organization can store and power on in the organization's virtual datacenters. The quota you specify acts as a default for all new users added to the organization. 6 Select the limits for resource intensive operations. Certain vCloud Director operations, for example copy and move, are more resource intensive than others.
vCloud Director Administrator's Guide Managing Organization Users and Groups When you create an organization, you can add one or more local users to the organization. After you create the organization, you, or an organization administrator, can add local users, LDAP users, and LDAP groups to the organization. For more information about adding users and groups to an organization, see the VMware vCloud Director User's Guide.
Chapter 7 Managing Organizations 4 Click Import from vSphere. 5 Select a vCenter Server and a virtual machine. 6 Type a name and optional description for the vApp and select a destination organization vDC. 7 Select whether to copy or move the source virtual machine. 8 Click OK. Place a vApp in Maintenance Mode A system administrator can place a vApp in maintenance mode to prevent non-administrator users from changing the state of the vApp.
vCloud Director Administrator's Guide Fast Provisioning of Virtual Machines Fast provisioning saves time by using linked clones for virtual machine provisioning operations. A linked clone is a duplicate of a virtual machine that uses the same base disk as the original, with a chain of delta disks to track the differences between the original and the clone. If fast provisioning is disabled, all provisioning operations result in full clones.
Managing System Administrators and Roles 8 You can add system administrators to vCloud Director individually, or as part of an LDAP group. You can also add and modify the roles that determine what rights a user has within their organization.
vCloud Director Administrator's Guide Import a System Administrator To add a user with system administrator rights, you can import an LDAP user as a system administrator. System administrators have full rights to vCloud Director and all of its organizations. Prerequisites Verify that you have a valid connection to an LDAP server. Procedure 1 Click the Administration tab and click Users in the left pane. 2 Click Import from LDAP. 3 Type a full or partial name in the text box and click Search Users.
Chapter 8 Managing System Administrators and Roles Send an Email Notification to Users You can send an email notification to all users in the entire installation, all system administrators, or all organization administrators. You can send an email notification to notify users about upcoming system maintenance, for example. Prerequisites Verify that you have a valid connection to an SMTP server. Procedure 1 Click the Administration tab and click Users in the left pane. 2 Click Notify.
vCloud Director Administrator's Guide Delete an LDAP Group You can remove a group of system administrators from the vCloud Director system by deleting their LDAP group. When you delete an LDAP group, users who have a vCloud Director account based solely on their membership in that group are stranded and cannot log in. See “Delete a System Administrator Who Lost Access to the System,” on page 85. Procedure 1 Click the Administration tab and click Groups in the left pane.
Chapter 8 Managing System Administrators and Roles Copy a Role To create a role based on an existing role, you can copy a role and modify its rights. Procedure 1 Click the Administration tab and click Roles in the left pane. 2 Right-click a role and select Copy to. 3 Type a name and optional description for the role. 4 Select the rights for the role and click OK. Edit a Role You can modify the name, description, and rights of a role.
vCloud Director Administrator's Guide 88 VMware, Inc.
Managing System Settings 9 A vCloud Director system administrator can control system-wide settings related to LDAP, email notification, licensing, and general system preferences.
vCloud Director Administrator's Guide General System Settings vCloud Director includes general system settings that you can modify to meet your needs. Table 9-1. General System Settings 90 Name Category Description Synchronization Start Time LDAP Synchronization Time of day to start LDAP synchronization. Synchronization Interval LDAP Synchronization The number of hours between LDAP synchronisations. Login policy Login Policy Select a login policy.
Chapter 9 Managing System Settings Table 9-1. General System Settings (Continued) Name Category Description Enable upload quarantine with a timeout of __ seconds Miscellaneous Select the check box and enter a timeout number representing the amount of time to quarantine uploaded files. For more information about working with quarantined files, see “Monitoring Quarantined Files,” on page 105.
vCloud Director Administrator's Guide Configuring Blocking Tasks and Notifications Blocking tasks and notifications allow a system administrator to configure vCloud Director to send AMQP messages triggered by certain events. Some of these messages are simply notifications that the event has occurred. These are known as notifications.
Chapter 9 Managing System Settings 5 Select the default timeout action. 6 Click Apply. Enable Blocking Tasks You can configure certain tasks to be enabled for blocking tasks. Procedure 1 Click the Administration tab and click Blocking Tasks in the left pane. 2 Click the Blocking Tasks tab. 3 Select the tasks to enable for blocking extensions 4 Click Apply.
vCloud Director Administrator's Guide Table 9-2. Supported Combinations of Operating System, LDAP Server, and Authentication Method (Continued) Operating System LDAP Server Authentication Method Linux OpenLDAP Simple Linux OpenLDAP Simple SSL Configure an LDAP Connection You can configure an LDAP connection to provide vCloud Director and its organizations with access to users and groups on the LDAP server. Prerequisites In order to use Kerberos as your authentication method, you must add a realm.
Chapter 9 Managing System Settings 7 Type a user name and password to connect to the LDAP server. If anonymous read support is enabled on your LDAP server, you can leave these text boxes blank. 8 Authentication Method User Name Description Simple Type the full LDAP DN. Kerberos Type the name in the form of user@REALM.com. Click Apply. What to do next You can now add LDAP users and groups to the system and to organizations that use the system LDAP settings.
vCloud Director Administrator's Guide 2 Click Test LDAP Settings. 3 Type the name of a user in the LDAP directory and click Test. 4 Review the attribute mapping and click OK. What to do next You can customize LDAP user and group attributes based on the results of the test. Customize LDAP User and Group Attributes LDAP attributes provide vCloud Director with details about how user and group information is defined in the LDAP directory. vCloud Director maps the information to its own database.
Chapter 9 Managing System Settings 2 Type a company name. This name appears in the title bar for system administrators and in the footer for all users. 3 To select a custom logo, click Browse, select a file, and click Open. 4 To select a custom theme, click Browse, select a .css file, and click Open. 5 Type a URL that links to a Web site that provides information about your vCloud Director installation. For example, http://www.example.com.
vCloud Director Administrator's Guide 2 Type the public web URL. 3 Click Apply. When you create an organization, its organization URL includes the public web URL instead of the HTTP service IP address. vCloud Director also modifies the organization URLs of existing organizations.
Chapter 9 Managing System Settings 2 Select the Account lockout enabled check box, the System Administrator account can lockout check box, or both. 3 Select the number of invalid logins to accept before locking an account. 4 Select the lockout interval. 5 Click Apply. VMware, Inc.
vCloud Director Administrator's Guide 100 VMware, Inc.
Monitoring vCloud Director 10 System administrators can monitor completed and in-progress operations and view resource usage information at the provider vDC, organization vDC, and datastore level.
vCloud Director Administrator's Guide Procedure 1 Log in to the vCloud Director system as a system administrator. 2 Click the Manage & Monitor tab and click Logs in the left pane. 3 Click the Tasks tab. vCloud Director displays information about each system-level task. 4 Double-click a task for more information.
Chapter 10 Monitoring vCloud Director Procedure 1 Click the Manage & Monitor tab and click Organizations in the left pane. 2 Right-click the organization name and select Open. 3 Click the My Cloud tab and click Logs in the left pane. 4 Click the Events tab. vCloud Director displays information about each organization-level event. 5 (Optional) Double-click an event for more information. Only system administrators can view the details about most events.
vCloud Director Administrator's Guide Using vCloud Director's JMX Service Each vCloud Director server host exposes a number of MBeans through JMX to allow for operational management of the server and to provide access to internal statistics. Access the JMX Service by Using JConsole You can use any JMX client to access the vCloud Director JMX service. JConsole is an example of a JMX client. For more information about the MBeans exposed by vCloud Director, see http://kb.vmware.com/kb/1026065.
Chapter 10 Monitoring vCloud Director You can specify the number of days of chargeback history that vCloud Director saves. See “Modify General System Settings,” on page 89. Monitoring Quarantined Files vCloud Director allows you to quarantine files (vApp templates and media files) that users upload to the system. You can enable upload quarantine and use third-party tools (for example, a virus scanner) to process uploaded files before vCloud Director accepts them.
vCloud Director Administrator's Guide 7 Copy the text of the message to which you want to respond. For example, What to do next Accept or reject the quarantine request.
11 Roles and Rights vCloud Director uses roles, and their associated rights, to determine which users and groups can perform which operations. System administrators can create and modify roles. System administrators and organization administrators can assign roles to users and groups in an organization. vCloud Director includes several predefined roles.
vCloud Director Administrator's Guide Table 11-1.
Chapter 11 Roles and Rights Table 11-1.
vCloud Director Administrator's Guide Table 11-1. Default Rights for the Predefined Roles (Continued) System Administrator Organization Administrator General: Administrator Control X X General: Administrator View X X 110 Catalog Author vApp Author vApp User Console Access Only VMware, Inc.
Index A E account lockout 98 activity log 101, 102 adding resources 15 adding vSphere resources 15 allocation models 29, 45 allocation pool allocation model 29, 45 AMQP broker 92 elastic vDC 29, 42, 45 email notifications 43, 85, 91 email settings 91 ESX/ESXi hosts enabling and disabling 40, 71 moving virtual machines 71 preparing and unpreparing 40, 72 repairing 41, 72 upgrading agent 41, 72 extensions aborting 103 configuring AMQP 92 failing 103 resuming 103 external networks adding 18 adding IP addre
vCloud Director Administrator's Guide L LDAP configuring 93 customizing attributes 96 setting up the connection 94 support 93 synchronizing 96 testing the connection 95 LDAP groups, adding a description 86 leases, runtime and storage 23 licensing, vShield 17 linked clones 82 load balancer 97, 98 logging in 11 logs 104 Lost & Found 85 M MBeans 104 media, uploading 37 Microsoft Sysprep 12, 13 monitoring, tasks and events 101 monitoring vCloud Director 101 MTU 21 N NAT mapping rules, setting the order 57 ne
Index lease settings 27, 78 limit settings 27, 78 managing 75 managing resources 79 monitoring events 102 monitoring tasks 102 naming 25 publishing catalogs 26 quota settings 27, 78 renaming 76 SMTP server 26 SMTP settings 78 users and groups 80 vApps 80 OVF upload 36 P password policy 98 pay-as-you-go allocation model 29, 45 provider vDCs adding resource pools 42 adding storage capacity 41 changing name 40 creating 17 defined 17 deleting 39 enabling or disabling 39 managing 39 monitoring usage 103 publis
vCloud Director Administrator's Guide vCloud Director overview 9 virtual machines, importing from vSphere 80 VPN 58 vShield, licensing 17 vShield for VMware Cloud Director license 17 vShield Manager connecting 16 settings 71 vSphere datastores 72 importing media files from 38 importing virtual machines from 37 resources 69 stranded items 73 vSphere distributed switches, setting the MTU 21 W Web console, logging in 11 114 VMware, Inc.
