vCloud Director Administrator's Guide vCloud Director 5.1.1 This document supports the version of each product listed and supports all subsequent versions until the document is replaced by a new edition. To check for more recent editions of this document, see http://www.vmware.com/support/pubs.
vCloud Director Administrator's Guide You can find the most up-to-date technical documentation on the VMware Web site at: http://www.vmware.com/support/ The VMware Web site also provides the latest product updates. If you have comments about this documentation, submit your feedback to: docfeedback@vmware.com Copyright © 2010–2012 VMware, Inc. All rights reserved. This product is protected by U.S. and international copyright and intellectual property laws.
Contents vCloud Director Administrator's Guide 7 Updated Information 9 1 Getting Started with vCloud Director 11 Overview of vCloud Director Administration 11 Log In to the Web Console 13 Preparing the System 14 Create a Microsoft Sysprep Deployment Package 14 Replace a Microsoft Sysprep Deployment Package 15 Replace SSL Certificates 16 Set User Preferences 17 2 Adding Resources to vCloud Director 19 Adding vSphere Resources 19 Adding Cloud Resources 21 3 Creating and Provisioning Organizations 27 Unde
vCloud Director Administrator's Guide 6 Managing vSphere Resources 99 Managing vSphere vCenter Servers 99 Managing vSphere ESX/ESXi Hosts 101 Managing vSphere Datastores 102 Managing Stranded Items 103 7 Managing Organizations 105 Enable or Disable an Organization 105 Delete an Organization 105 Add a Catalog to an Organization 106 Editing Organization Properties 106 Managing Organization Resources 110 Managing Organization Users and Groups 110 Managing Organization vApps and Virtual Machines 110 8 Man
Contents 11 Roles and Rights 137 Predefined Roles and Their Rights 137 Index 141 VMware, Inc.
vCloud Director Administrator's Guide 6 VMware, Inc.
vCloud Director Administrator's Guide The VMware vCloud Director Administrator's Guide provides information to the vCloud Director system administrator about how to add resources to the system, create and provision organizations, manage resources and organizations, and monitor the system. Intended Audience This book is intended for anyone who wants to configure and manage a vCloud Director installation.
vCloud Director Administrator's Guide 8 VMware, Inc.
Updated Information This vCloud Director Administrator's Guide is updated with each release of the product or when necessary. This table provides the update history of the vCloud Director Administrator's Guide. Revision Description 000817-01 n n 000817-00 VMware, Inc. Added Edge Gateway creation and configuration to the organization vDC creation and organization resource allocation workflows. Removed an obsolete procedure from the managing provider vDCs section. Initial release.
vCloud Director Administrator's Guide 10 VMware, Inc.
Getting Started with vCloud Director 1 The first time you log in to the vCloud Director Web console, the Home tab guides you through the steps to configure your installation. You can also set your user preferences and create a Microsoft Sysprep deployment package to support guest customization in vCloud Director virtual machines.
vCloud Director Administrator's Guide Cloud resources include provider and organization virtual datacenters, external networks, organization vDC networks, and network pools. Before you can add cloud resources to vCloud Director, you must add vSphere resources. Provider Virtual Datacenters A provider virtual datacenter (vDC) combines the compute and memory resources of a single vCenter Server resource pool with the storage resources of one or more datastores available to that resource pool.
Chapter 1 Getting Started with vCloud Director Network Pools A network pool is a group of undifferentiated networks that is available for use within an organization vDC. A network pool is backed by vSphere network resources such as VLAN IDs, port groups, or Cloud isolated networks. vCloud Director uses network pools to create NAT-routed and internal organization vDC networks and all vApp networks. Network traffic on each network in a pool is isolated at layer 2 from all other networks.
vCloud Director Administrator's Guide Preparing the System The Home tab in the vCloud Director Web console provides links to the tasks required to prepare the system for use. Links become active after you complete prerequisite tasks. For more information about each task, see Table 1-1. Table 1-1.
Chapter 1 Getting Started with vCloud Director 2 Run the /opt/vmware/vcloud-director/deploymentPackageCreator/createSysprepPackage.sh SysprepBinariesDirectory command. For example, /opt/vmware/vclouddirector/deploymentPackageCreator/createSysprepPackage.sh /root/MySysprepFiles. 3 Use the service vmware-vcd restart command to restart the cloud cell. 4 If you have multiple cloud cells, copy the package and properties file to all cloud cells.
vCloud Director Administrator's Guide Replace SSL Certificates If any members of your vCloud Director server group are using self-signed SSL certificates, you can upgrade them to signed SSL certificates to obtain a higher level of trust within your cloud. You can use the vCloud Director configuration script to upgrade the SSL certificates on a vCloud Director server.
Chapter 1 Getting Started with vCloud Director Set User Preferences You can set certain display and system alert preferences that take effect every time you log in to the system. You can also change the password for your system administrator account. Procedure 1 In the title bar of the Web console, click Preferences. 2 Click the Defaults tab. 3 Select the page to display when you log in.
vCloud Director Administrator's Guide 18 VMware, Inc.
Adding Resources to vCloud Director 2 vCloud Director derives its resources from an underlying vSphere virtual infrastructure. After you register vSphere resources in vCloud Director, you can allocate these resources for organizations within the vCloud Director installation to use.
vCloud Director Administrator's Guide Open the Attach New vCenter Wizard Open the Attach New vCenter wizard to start the process of attaching a vCenter Server to vCloud Director. Procedure 1 Click the Manage & Monitor tab and then click vCenters in the left pane. 2 Click the Attach New vCenter button. The Attach New vCenter wizard launches.
Chapter 2 Adding Resources to vCloud Director vCloud Director attaches the new vCenter Server and registers its resources for provider virtual datacenters to use. What to do next Assign a vShield for VMware vCloud Director license key in the vCenter Server. Assign a vShield License Key in vCenter After you attach a vCenter Server to vCloud Director, you must use the vSphere Client to assign a vShield for VMware vCloud Director license key.
vCloud Director Administrator's Guide If you plan to add a resource pool that is part of a cluster that uses vSphere HA, make sure you are familiar with how vSphere HA calculates slot size. For more information about slot sizes and customizing vSphere HA behavior, see the VMware vSphere Availability Guide. Prerequisites Verify that at least one vCenter Server is attached with an available resource pool to vCloud Director.
Chapter 2 Adding Resources to vCloud Director 6 Review the network settings and click Finish. What to do next You can now create an organization vDC network that connects to the external network. Network Pools A network pool is a group of undifferentiated networks that is available for use within an organization vDC to create vApp networks and certain types of organization vDC networks. A network pool is backed by vSphere network resources such as VLAN IDs, port groups, or Cloud isolated networks.
vCloud Director Administrator's Guide Procedure 1 Click the Manage & Monitor tab and click Network Pools in the left pane. 2 Click Add Network Pool. 3 Select VCD Network Isolation-backed and click Next. 4 Type the number of networks to create from the network pool. 5 (Optional) Type a VLAN ID. 6 Select a vCenter Server and a vSphere distributed switch and click Next. 7 Type a name and optional description for the network and click Next. 8 Review the network pool settings and click Finish.
Chapter 2 Adding Resources to vCloud Director Set the MTU for a Network Pool Backed by Cloud Isolated Networks You can specify the maximum transmission units (MTU) that vCloud Director uses for a network pool that is backed by Cloud isolated networks. The MTU is the maximum amount of data that can be transmitted in one packet before it is divided into smaller packets.
vCloud Director Administrator's Guide 26 VMware, Inc.
Creating and Provisioning Organizations 3 Organizations provide resources to a group of users and set policies that determine how users can consume those resources. Create an organization for each group of users that requires its own resources, policies, or both.
vCloud Director Administrator's Guide Create an Organization Creating an organization involves specifying the organization settings and creating a user account for the organization administrator. Procedure 1 Open the New Organization Wizard on page 28 Open the New Organization wizard to start the process of creating an organization. 2 Name the Organization on page 29 Provide a descriptive name and an optional description for your new organization.
Chapter 3 Creating and Provisioning Organizations Name the Organization Provide a descriptive name and an optional description for your new organization. Procedure 1 Type an organization name. This name provides a unique identifier that appears as part of the URL that members of the organization use to log in to the organization. 2 Type a display name for the organization. This name appears in the browser header when an organization member uses the unique URL to log in to vCloud Director.
vCloud Director Administrator's Guide Add Local Users to the Organization Every organization should have at least one local organization administrator account, so that users can log in even if the LDAP and SAML services are unavailable. Procedure 1 Click Add. 2 Type a user name and password. 3 Assign a role to the user. 4 (Optional) Type the contact information for the user. 5 Select Unlimited or type a user quota for stored and running virtual machines and click OK.
Chapter 3 Creating and Provisioning Organizations 2 Select a notification settings option. Option Description Use system default notification settings The organization uses the system notification settings. Set organization notification settings The organization uses its own notification settings. Type an email address that appears as the sender for organization emails, type text to use as the subject prefix for organization emails, and select the recipients for organization emails.
vCloud Director Administrator's Guide 3 Click Finish to accept the settings and create the organization. What to do next Allocate resources to the organization. Allocate Resources to an Organization You allocate resources to an organization by creating an organization vDC that is partitioned from a provider vDC. A single organization can have multiple organization vDCs. Prerequisites You must have a provider vDC before you can allocate resources to an organization.
Chapter 3 Creating and Provisioning Organizations 13 Name the Organization vDC on page 40 You can provide a descriptive name and an optional description to indicate the vSphere functions available for your new organization vDC. 14 Confirm Settings and Create the Organization vDC on page 40 Before you create the organization vDC, review the settings you entered. What to do next Add a network to the organization.
vCloud Director Administrator's Guide Select an Allocation Model The allocation model determines how and when the provider vDC compute and memory resources that you allocate are committed to the organization vDC. Procedure 1 34 Select an allocation model. Option Description Allocation Pool Only a percentage of the resources you allocate from the provider vDC are committed to the organization vDC. You can specify the percentage for both CPU and memory.
Chapter 3 Creating and Provisioning Organizations Option Description When a virtual machine is powered on, the placement engine checks the resource pool and assigns it to another resource pool if the original resource pool cannot accommodate the virtual machine. If there is no sub-resource pool for the resource pool, vCloud Director creates one with an infinite limit and zero rate. The virtual machine's rate is set to its limit times its committed resources and the virtual machine is placed.
vCloud Director Administrator's Guide Configure the Allocation Model Configure the allocation model to specify the amount of provider vDC resources to allocate to the organization vDC. Procedure 1 Select the allocation model options. Not all of the models include all of the options. 2 Option Action CPU allocation Enter the maximum amount of CPU, in GHz, to allocate to virtual machines running in the organization vDC.
Chapter 3 Creating and Provisioning Organizations Table 3-1.
vCloud Director Administrator's Guide Fast provisioning saves time by using vSphere linked clones for certain operations. See “Fast Provisioning of Virtual Machines,” on page 112. IMPORTANT Fast provisioning requires vCenter Server 5.0 or later and ESXi 5.0 or later hosts. If the provider vDC on which the organization vDC is based contains any ESX/ESXi 4.x hosts, you must disable fast provisioning.
Chapter 3 Creating and Provisioning Organizations 8 Click Next. Configure External Networks Select the external networks that the edge gateway can connect to. This page appears only if you selected Create a new edge gateway. Procedure 1 Select an external network from the list and click Add. Hold down Ctrl to select multiple networks. 2 Select a network to be the default gateway. 3 (Optional) Select Use default gateway for DNS Relay. 4 Click Next.
vCloud Director Administrator's Guide Create an Organization vDC Network You can create an organization vDC network that is connected to the new edge gateway. This page appears only if you selected Create a new edge gateway. Procedure 1 (Optional) Select Create a network for this virtual datacenter connected to this new edge gateway. 2 Type a name and optional description for the new organization vDC network. 3 (Optional) Select Share this network with other vDCs in the organization.
Creating a Published Catalog 4 You can publish a catalog to make a set of vApp templates or media files available to all of the organizations in a vCloud Director installation. Organizations use catalogs to store vApp templates and media files. The members of an organization can use catalog items as the building blocks to create their own vApps. When you publish a catalog, the items in the catalog become available to all of the organizations in the vCloud Director installation.
vCloud Director Administrator's Guide Create a Published Catalog You can create a published catalog to contain uploaded and imported vApp templates and media files to make available to all organizations. An organization can have multiple catalogs and control access to each catalog individually. Prerequisites Verify that you have an organization that allows catalog publishing. Procedure 1 Click the Manage & Monitor tab and click Organizations in the left pane.
Chapter 4 Creating a Published Catalog Import a vApp Template from vSphere You can import a virtual machine from vSphere and save it as a vApp template in a catalog that is available to other users. Prerequisites Verify that you are a vCloud Director system administrator. Procedure 1 Click the Manage & Monitor tab and click Organizations in the left pane. 2 Right-click the organization name and select Open. 3 Click Catalogs and select My Organization's Catalogs in the left pane.
vCloud Director Administrator's Guide Import a Media File from vSphere You can import a media file from a vSphere datastore and save it in a catalog available to other users. Prerequisites You must be a vCloud Director system administrator. You must know which datastore contains the media file and the path to that file. Procedure 1 Click the Manage & Monitor tab and click Organizations in the left pane. 2 Right-click the organization name and select Open.
Managing Cloud Resources 5 Provider vDCs, organization vDCs, external networks, organization vDC networks, and network pools are all considered cloud resources. After you add cloud resources to vCloud Director, you can modify them and view information about their relationships with each other.
vCloud Director Administrator's Guide Delete a Provider vDC You can delete a provider vDC to remove its compute, memory, and storage resources from vCloud Director. The resources remain unaffected in vSphere. Prerequisites n Disable the provider vDC. n Disable and delete all organization vDCs that use the provider vDC. Procedure 1 Click the Manage & Monitor tab and click Provider vDCs in the left pane. 2 Right-click the provider vDC name and select Delete. 3 Click Yes.
Chapter 5 Managing Cloud Resources Procedure 1 Click the Manage & Monitor tab and click Provider vDCs in the left pane. 2 Right-click the provider vDC name and select Open. 3 Click the Hosts tab. 4 Right-click the host name and select Enable Host or Disable Host. vCloud Director enables or disables the host for all provider vDCs that use its resources.
vCloud Director Administrator's Guide 3 Click the Hosts tab. 4 Right-click the host name and select Repair Host. vCloud Director repairs the host. This operation affects all provider vDCs that use the host. Enable vSphere VXLAN on an Upgraded Provider vDC Enable vSphere VXLAN on an upgraded provider vDC to create a VXLAN network pool for the provider vDC. vSphere VXLAN is enabled by default for new provider vDCs. Prerequisites Configure VXLAN for your vCloud environment.
Chapter 5 Managing Cloud Resources Add a Storage Profile to a Provider vDC Add a storage profile to a provider vDC to support the storage profile for organization vDCs backed by the provider vDC. Storage profiles are created and managed in vSphere. See the vSphere documentation or contact your vSphere administrator. Procedure 1 Click the Manage & Monitor tab and click Provider vDCs in the left pane. 2 Right-click the provider vDC name and select Open. 3 Click the Storage Profiles tab.
vCloud Director Administrator's Guide 5 Select the resource pool to add and click Finish. vCloud Director adds a resource pool for the provider vDC to use, making elastic all Pay-As-You-Go and Allocation Pool organization vDCs backed by the provider vDC. vCloud Director also adds a System vDC resource pool beneath the new resource pool. This resource pool is used for the creation of vShield virtual machines and virtual machines that serve as a template for linked clones.
Chapter 5 Managing Cloud Resources Procedure 1 Click the Manage & Monitor tab and click Provider vDCs in the left pane. 2 Right-click the provider vDC name and select Open. 3 Click the Resource Pools tab. 4 Right-click the resource pool name and select Open. 5 Right-click the virtual machine name and select Migrate to. Hold down Ctrl and click to select multiple virtual machines. 6 7 Choose how to select the destination resource pool for the virtual machine.
vCloud Director Administrator's Guide 2 Right-click the provider vDC name and select Notify. 3 Type the email subject and message and click Send Email. Managing Organization vDCs After you create an organization vDC, you can modify its properties, disable or delete it, and manage its allocation model, storage, and network settings. Create an Organization vDC Create an organization vDC to allocate resources to an organization. An organization vDC is partitioned from a provider vDC.
Chapter 5 Managing Cloud Resources 12 Configure Rate Limits on a New Edge Gateway on page 59 Configure the inbound and outbound rate limits for each external network on the edge gateway. 13 Create an Organization vDC Network on page 60 You can create an organization vDC network that is connected to the new edge gateway. 14 Name the Organization vDC on page 60 You can provide a descriptive name and an optional description to indicate the vSphere functions available for your new organization vDC.
vCloud Director Administrator's Guide Select an Allocation Model The allocation model determines how and when the provider vDC compute and memory resources that you allocate are committed to the organization vDC. Procedure 1 54 Select an allocation model. Option Description Allocation Pool Only a percentage of the resources you allocate from the provider vDC are committed to the organization vDC. You can specify the percentage for both CPU and memory.
Chapter 5 Managing Cloud Resources Option Description When a virtual machine is powered on, the placement engine checks the resource pool and assigns it to another resource pool if the original resource pool cannot accommodate the virtual machine. If there is no sub-resource pool for the resource pool, vCloud Director creates one with an infinite limit and zero rate. The virtual machine's rate is set to its limit times its committed resources and the virtual machine is placed.
vCloud Director Administrator's Guide Configure the Allocation Model Configure the allocation model to specify the amount of provider vDC resources to allocate to the organization vDC. Procedure 1 Select the allocation model options. Not all of the models include all of the options. 2 Option Action CPU allocation Enter the maximum amount of CPU, in GHz, to allocate to virtual machines running in the organization vDC.
Chapter 5 Managing Cloud Resources Table 5-2.
vCloud Director Administrator's Guide Fast provisioning saves time by using vSphere linked clones for certain operations. See “Fast Provisioning of Virtual Machines,” on page 112. IMPORTANT Fast provisioning requires vCenter Server 5.0 or later and ESXi 5.0 or later hosts. If the provider vDC on which the organization vDC is based contains any ESX/ESXi 4.x hosts, you must disable fast provisioning.
Chapter 5 Managing Cloud Resources 8 Click Next. Configure External Networks Select the external networks that the edge gateway can connect to. This page appears only if you selected Create a new edge gateway. Procedure 1 Select an external network from the list and click Add. Hold down Ctrl to select multiple networks. 2 Select a network to be the default gateway. 3 (Optional) Select Use default gateway for DNS Relay. 4 Click Next.
vCloud Director Administrator's Guide Create an Organization vDC Network You can create an organization vDC network that is connected to the new edge gateway. This page appears only if you selected Create a new edge gateway. Procedure 1 (Optional) Select Create a network for this virtual datacenter connected to this new edge gateway. 2 Type a name and optional description for the new organization vDC network. 3 (Optional) Select Share this network with other vDCs in the organization.
Chapter 5 Managing Cloud Resources Enable or Disable an Organization vDC You can disable an organization vDC to prevent the use of its compute and storage resources by other vApps and virtual machines. Running vApps and powered on virtual machines continue to run, but you cannot create or start additional vApps or virtual machines. Procedure 1 Click the Manage & Monitor tab and click Organization vDCs in the left pane. 2 Right-click the organization vDC name and select Enable or Disable.
vCloud Director Administrator's Guide 3 On the General tab, type a new name and description and click OK. You can use the name and description fields to indicate the vSphere functions available to the organization vDC, for example, vSphere HA. Edit Organization vDC Allocation Model Settings You cannot change the allocation model for an organization vDC, but you can change some of the settings of the allocation model that you specified when you created the organization vDC.
Chapter 5 Managing Cloud Resources 4 (Optional) Select Enable thin provisioningto enable thin provisioning for virtual machines in the organization vDC. 5 (Optional) Select Enable fast provisioningto enable fast provisioning for virtual machines in the organization vDC. 6 Click OK. Edit Organization vDC Network Settings You can change the maximum number of provisioned networks in an organization vDC and the network pool from which the networks are provisioned.
vCloud Director Administrator's Guide Managing External Networks After you create an external network, you can modify its name, description, and network specification, add IP addresses to its IP address pool, or delete the network. Modify an External Network Name and Description As your vCloud Director installation grows, you might want to assign a more descriptive name or description to an existing external network. Procedure 1 Click the Manage & Monitor tab and click External Networks in the left pane.
Chapter 5 Managing Cloud Resources Managing Edge Gateways An edge gateway provides a routed organization vDC network with connectivity to external networks and can provide services such as load balancing, network address translation, and a firewall. Edge gateways require vShield Edge 5.1. For more information, see the vShield documentation. Add an Edge Gateway An edge gateway provides routing and other services to a routed organization vDC network. Prerequisites Verify that you are using vShield 5.1.
vCloud Director Administrator's Guide Select Gateway and IP Configuration Options for a New Edge Gateway Configure the edge gateway to connect to one or more physical networks. Procedure 1 Select a gateway configuration for the edge gateway. Option Description Compact Requires less memory and compute resources. Full Provides increased capacity and performance. 2 (Optional) Select Enable High Availability to enable high availability on the edge gateway.
Chapter 5 Managing Cloud Resources 3 (Optional) Select a suballocated IP pool and click Modify to modify the IP address range of the suballocated IP pool. 4 (Optional) Select a suballocated IP pool and click Remove to remove the suballocated IP pool. 5 Click Next. Configure Rate Limits on a New Edge Gateway Configure the inbound and outbound rate limits for each external network on the edge gateway. This page appears only if you selected Configure Rate Limits during gateway configuration.
vCloud Director Administrator's Guide 3 Click the Edge Gateways tab, right-click the edge gateway name and select Edge Gateway Services. 4 Click the DHCP tab and select Enable DHCP. 5 Click Add and type a range of IP addresses. 6 Set the default lease time and maximum lease time or use the default values. 7 Click OK. vCloud Director updates the edge gateway to provide DHCP services.
Chapter 5 Managing Cloud Resources 8 (Optional) Select an Original port to apply this rule to. 9 (Optional) Select an IMCP type to apply this rule to if this rule applies to IMCP. 10 Type the IP address or range of IP addresses for the destination addresses on inbound packets to be translated to in the Translated (Internal) IP/range text box. 11 (Optional) Select a port for inbound packets to be translated to from the Translated port drop-down menu. 12 Select Enabled, and click OK.
vCloud Director Administrator's Guide 4 Click the Firewall tab and click Add. 5 Type a name for the rule. 6 (Optional) Select Match rule on translated IP to have the rule check against translated IP addresses rather than original IP addresses and choose a traffic direction to apply this rule on. 7 Type the traffic Source. Option Description IP address Type a source IP address to apply this rule on. Range of IP addresses Type a range of source IP addresses to apply this rule on.
Chapter 5 Managing Cloud Resources 4 Click the Firewall tab. 5 Drag the firewall rules to establish the order in which the rules are applied. 6 Click OK. Enable VPN for an Edge Gateway You can enable VPN for organization vDCs backed by an edge gateway and create a secure tunnel from one of those organization vDC networks to another network.
vCloud Director Administrator's Guide If a firewall is between the tunnel endpoints, you must configure it to allow the following IP protocols and UDP ports: n IP Protocol ID 50 (ESP) n IP Protocol ID 51 (AH) n UDP Port 500 (IKE) n UDP Port 4500 Prerequisites Verify that you have at least two routed organization vDC networks in the organization. One of these networks must be backed by the edge gateway. Both organization vDC networks must have VPN enabled.
Chapter 5 Managing Cloud Resources 5 Type a name and optional description. 6 Select a network in another organization from the drop-down menu. 7 Click Connect to another organization, type the login information for the peer organization, and click Continue. Option Description vCloud URL The base URL of the vCloud instance that contains the peer organization. For example, https://www.example.com. Do not include /cloud or /cloud/org/orgname in the URL.
vCloud Director Administrator's Guide 9 Review the tunnel settings and click OK. vCloud Director configures the organization peer network endpoint. What to do next Manually configure the remote peer network endpoint. See “Display Peer Settings for a VPN Tunnel to a Remote Network,” on page 74.
Chapter 5 Managing Cloud Resources Enable Static Routing on an Edge Gateway You can configure an edge gateway to provide static routing services. After you enable static routing on an edge gateway, you can add static routes to allow traffic between vApp networks routed to organization vDC networks backed by the edge gateway. Procedure 1 Click the Manage & Monitor tab and click Organization vDCs in the left pane. 2 Double-click the organization vDC name to open the organization vDC.
vCloud Director Administrator's Guide 3 Click the Edge Gateways tab, right-click the edge gateway name, and select Edge Gateway Services. 4 On the Load Balancer tab, click Pool Servers and click Add. 5 Type a name and optionally a description for the pool server and clickNext. 6 Click Enable for each service to support. 7 Select a balancing method from the drop-down menu for each enabled service.
Chapter 5 Managing Cloud Resources 19 Click OK. 20 (Optional) Repeat Step 15 through Step 19 to add additional servers. 21 Click Next. 22 Verify that the settings for the pool server are correct and click Finish. Edit Pool Server Settings You can edit the settings of an existing pool server. Prerequisites There must be an existing pool server on the edge gateway. See “Add a Pool Server to an Edge Gateway,” on page 75 .
vCloud Director Administrator's Guide 4 On the Load Balancer tab, click Virtual Servers and click Add. 5 Type a name for the virtual server. 6 (Optional) Type a description for the virtual server. 7 Select an external network from the Applied on drop-down menu. 8 Type the IP address of the virtual server. 9 Select a pool from the drop-down menu to be associated with the virtual server. 10 In Services, select Enable for each service to be supported.
Chapter 5 Managing Cloud Resources n Configure External Networks on an Edge Gateway on page 79 Add or remove external networks connected to an edge gateway. n Configure External Network IP Settings on an Edge Gateway on page 79 Change the IP address for external interfaces on an edge gateway. n Suballocate IP Pools on an Edge Gateway on page 80 Suballocate into multiple static IP pools the IP pools that the external networks on an edge gateway provide.
vCloud Director Administrator's Guide 3 Click the Edge Gateways tab, right-click the edge gateway name, and select Properties. 4 Click the Configure IP Settings tab. 5 Type a new IP address for each external network to modify, and click OK. Suballocate IP Pools on an Edge Gateway Suballocate into multiple static IP pools the IP pools that the external networks on an edge gateway provide. Procedure 1 Click the Manage & Monitor tab and click Organization vDCs in the left pane.
Chapter 5 Managing Cloud Resources View IP Use for an Edge Gateway You can view a list of IP addresses that external interfaces on an edge gateway are currently using. Procedure 1 Click the Manage & Monitor tab and click Organization vDCs in the left pane. 2 Double-click the organization vDC name to open the organization vDC. 3 Click the Edge Gateways tab, right-click the edge gateway name, and select External IP Allocations.
vCloud Director Administrator's Guide Table 5-5. Types of Organization vDC Networks and Their Requirements Organization vDC Network Type Description Requirements External organization vDC network - direct connection Accessible by multiple organizations. Virtual machines belonging to different organizations can connect to and see traffic on this network. This network provides direct layer 2 connectivity to machines outside of the organization.
Chapter 5 Managing Cloud Resources 9 Review the settings for the organization vDC network. Click Finish to accept the settings and create the organization vDC network, or click Back to modify the settings. Create an External Routed Organization vDC Network You can create an external routed organization vDC network that only this organization can access. Prerequisites Verify that you have vShield Edge 5.1 and an edge gateway on your organization vDC.
vCloud Director Administrator's Guide 5 Type a Gateway address and Network mask for the organization vDC network. 6 (Optional) Select Use gateway DNS to use the DNS relay of gateway. This option is available only if the gateway has DNS relay enabled. 7 (Optional) Enter DNS settings to use DNS. 8 (Optional) Enter an IP address or range of IP addresses and click Add to create a static IP pool. Repeat this step to add multiple static IP pools. 9 Click Next. 10 Type a name and optional description.
Chapter 5 Managing Cloud Resources 2 Double-click the organization vDC name to open the organization vDC. 3 Click the Org vDC Networks tab, right-click the organization vDC network name, and select Configure Services. 4 Click the DHCP tab and select Enable DHCP. 5 Type a range of IP addresses or use the default range. vCloud Director uses these addresses to satisfy DHCP requests. The range of DHCP IP addresses cannot overlap with the static IP pool for the organization vDC network.
vCloud Director Administrator's Guide Prerequisites Verify that you have an external NAT-routed organization vDC network. Procedure 1 Click the Manage & Monitor tab and click Organization vDCs in the left pane. 2 Double-click the organization vDC name to open the organization vDC. 3 Click the Org vDC Networks tab, right-click the organization vDC network name, and select Configure Services. 4 Click the Firewall tab and click Add. 5 Type a name for the rule. 6 Select the traffic direction.
Chapter 5 Managing Cloud Resources Enable VPN for an Organization vDC Network You can enable VPN for an organization vDC network and create a secure tunnel to another network. vCloud Director supports VPN between organization vDC networks in the same organization, organization vDC networks in different organizations (including organization vDC networks in different instances of vCloud Director), and remote networks. System administrators and organization administrators can enable VPN.
vCloud Director Administrator's Guide 4 Click the VPN tab and click Add. 5 Type a name and optional description. 6 Select a network in this organization from the drop-down menu and select a peer network. 7 Review the tunnel settings and click OK. vCloud Director configures both peer network endpoints. Create a VPN Tunnel to a Remote Network You can create a VPN tunnel between an organization vDC network and a remote network.
Chapter 5 Managing Cloud Resources Procedure 1 Click the Manage & Monitor tab and click Organization vDCs in the left pane. 2 Double-click the organization vDC name to open the organization vDC. 3 Click the Org vDC Networks tab, right-click the organization vDC network name, and select Configure Services. 4 On the Static Routing tab, select Enable static routing and click OK. What to do next Create static routes.
vCloud Director Administrator's Guide 7 Click OK. 8 Repeat steps Step 4 through Step 7 to add a route to the second vApp network. Example: Static Routing Example vApp Network 1 and vApp Network 2 are both routed to Org vDC Network Shared. You can create static routes on the organization vDC network to allow traffic between the vApp networks. You can use information about the vApp networks to create the static routes. Table 5-7.
Chapter 5 Managing Cloud Resources n A vApp network is routed to each organization vDC network. n The vApp networks are in vApps that were started at least once. Procedure 1 Click the Manage & Monitor tab and click Organization vDCs in the left pane. 2 Double-click the organization vDC name to open the organization vDC. 3 Click the Org vDC Networks tab, right-click the organization vDC network name, and select Configure Services. 4 On the Static Routing tab, click Add.
vCloud Director Administrator's Guide Table 5-11. Static Routing Settings for Org vDC Network 2 Static Route to Network Route Name Network Next Hop IP Address Route vApp Network 1 tovapp1 192.168.1.0/24 10.112.205.101 To external network vApp Network 2 tovapp2 192.168.11.0/24 192.168.10.100 Within this network What to do next Create firewall rules to allow traffic on the static routes. See “Add a Firewall Rule for an Organization vDC Network,” on page 85.
Chapter 5 Managing Cloud Resources Procedure 1 Click the Manage & Monitor tab and click Organization vDCs in the left pane. 2 Double-click the organization vDC name to open the organization vDC. 3 Click the Org vDC Networks tab, right-click the organization vDC network name, and select Delete. View IP Use for an Organization vDC Network You can view a list of IP addresses that are currently in use in an organization vDC network IP pool.
vCloud Director Administrator's Guide Modify an Organization vDC Network Name and Description As your vCloud Director installation increases, you might want to assign a more descriptive name or description to an existing organization vDC network. Procedure 1 Click the Manage & Monitor tab and click Organization vDCs in the left pane. 2 Double-click the organization vDC name to open the organization vDC.
Chapter 5 Managing Cloud Resources 2 Right-click the network pool name and select Properties. 3 On the Network Pool Settings tab, select a port group, click Add, and click OK. Add Cloud Isolated Networks to a Network Pool You can add Cloud isolated networks to a VCD network isolation-backed network pool. Prerequisites A VCD network isolation-backed network pool Procedure 1 Click the Manage & Monitor tab and click Network Pools in the left pane.
vCloud Director Administrator's Guide Managing Cloud Cells You manage cloud cells mostly from the vCloud Director server host on which the cell resides, but you can delete a cloud cell from the vCloud Director Web console. Table 5-12 lists the basic commands for controlling a cloud cell. Table 5-12.
Chapter 5 Managing Cloud Resources Turn Off Cloud Cell Maintenance Message When you finish performing maintenance on a cell and are ready to restart the cell, you can turn off the maintenance message. Procedure 1 Run the /opt/vmware/vcloud-director/bin/vmware-vcd-cell stop command. 2 Start the cell by running the service vmware-vcd start command. Users can now access the cell by using a browser or the vCloud API. VMware, Inc.
vCloud Director Administrator's Guide 98 VMware, Inc.
Managing vSphere Resources 6 After you add vSphere resources to the vCloud Director system, you can perform some management functions from vCloud Director. You can also use the vSphere Client to manage these resources. vSphere resources include vCenter servers, resource pools, ESX/ESXi hosts, datastores, and network switches and ports.
vCloud Director Administrator's Guide 3 On the General tab, type the new settings and click OK. Reconnect a vCenter Server If vCloud Director loses it connection to a vCenter Server, or if you change the connection settings, you can try to reconnect. Procedure 1 Click the Manage & Monitor tab and click vCenters in the left pane. 2 Right-click the vCenter Server name and select Reconnect vCenter. 3 Read the informational message and click Yes to confirm.
Chapter 6 Managing vSphere Resources What to do next Register vCloud Director with the upgraded server. See “Register vCloud Director with a vCenter Server,” on page 99. Modify vShield Manager Settings If the connection settings for the vShield Manager for a vCenter Server change, or if you want to use a different vShield Manager, you can modify its settings. Procedure 1 Click the Manage & Monitor tab and click vCenters in the left pane. 2 Right-click the vCenter Server name and select Properties.
vCloud Director Administrator's Guide Prepare or Unprepare an ESX/ESXi Host When you add an ESX/ESXi host to a vSphere cluster that vCloud Director uses, you must prepare the host before a provider vDC can use its resources. You can unprepare a host to make it unavailable for use in the vCloud Director environment. For information about moving virtual machines from one host to another, see “Move Virtual Machines from one ESX/ESXi Host to Another,” on page 101.
Chapter 6 Managing vSphere Resources 2 Right-click the datastore name and select Enable or Disable. vCloud Director enables or disables the datastore for all provider vDCs that use its resources. Remove a Datastore You can remove a datastore from vCloud Director to prevent provider vDCs from using its storage resources. Prerequisites Verify that the datastore is disabled and removed from all of the provider vDCs that use it.
vCloud Director Administrator's Guide 3 Click Yes. vCloud Director attempts to delete the stranded item from vSphere. 4 Refresh the page display. If the delete operation is successful, vCloud Director removes the item from the stranded items list. What to do next If the delete operation is unsuccessful, you can force delete the item. See “Force Delete a Stranded Item,” on page 104.
Managing Organizations 7 After you create an organization, you can modify its properties, enable or disable it, or delete it.
vCloud Director Administrator's Guide Add a Catalog to an Organization You can add a catalog to an organization to contain its uploaded and imported vApp templates and media files. An organization can have multiple catalogs and control access to each catalog individually. Prerequisites Verify that you have an organization in which to create a catalog. Procedure 1 Click the Home tab and click Add a catalog to an organization. 2 Select an organization name and click Next.
Chapter 7 Managing Organizations n Modify Organization Lease, Quota, and Limit Settings on page 109 Leases, quotas, and limits constrain the ability of organization users to consume storage and processing resources. You can modify these settings to prevent users from depleting or monopolizing an organization's resources. Modify an Organization Name As your vCloud Director installation grows, you might want to assign a more descriptive name to an existing organization.
vCloud Director Administrator's Guide 5 Provide any additional information required by your selection. Option Action Do not use LDAP Click OK. VCD system LDAP service (Optional) Type the distinguished name of the organizational unit (OU) to use to limit the users that you can import into the organization and click OK. If you do not enter anything, you can import all users in the system LDAP service into the organization. NOTE Specifying an OU does not limit the LDAP groups you can import.
Chapter 7 Managing Organizations 4 5 Select an SMTP server option. Option Description Use system default SMTP server Organization uses the system SMTP server. Set organization SMTP server Organization uses its own SMTP server. If you select this option, type the DNS host name or IP address and port number of the SMTP server. (Optional) Select the Requires authentication check box and type a user name and password. Select a notification settings option.
vCloud Director Administrator's Guide Managing Organization Resources vCloud Director organizations obtain their resources for one or more organization vDCs. If an organization needs more resources, you can add a new organization vDC or modify an existing organization vDC. You can take resources away from an organization by removing or modifying an organization vDC. For more information about adding an organization vDC, see “Create an Organization vDC,” on page 52.
Chapter 7 Managing Organizations Create a vApp Based on a vSphere Virtual Machine A system administrator can import a vSphere virtual machine to an organization as a vCloud Director vApp. Prerequisites Verify that you are logged in to vCloud Director as a system administrator and that the organization has an available organization vDC. Procedure 1 Click the Manage & Monitor tab and click Organizations in the left pane. 2 Right-click the organization name and select Open.
vCloud Director Administrator's Guide Force stopping a vApp does not prevent the vApp from consuming resources in vSphere. After you force stop a vApp in vCloud Director, use the vSphere Client to check the status of the vApp in vSphere and take the necessary action. Prerequisites You must be logged in to vCloud Director as a system administrator. Procedure 1 Click the Manage & Monitor tab and click Organizations in the left pane. 2 Right-click the organization name and select Open.
Managing System Administrators and Roles 8 You can add system administrators to vCloud Director individually, or as part of an LDAP group. You can also add and modify the roles that determine what rights a user has within their organization.
vCloud Director Administrator's Guide Procedure 1 Click the Administration tab and click Users in the left pane. 2 Click Import Users. 3 Select a Source to import users from. If you have only an LDAP server or vCenter Single Sign On configured, the source is read-only. 4 Option Description LDAP Import users from an LDAP server. a Type a full or partial name in the text box and click Search Users. b Select the users to import and click Add. vSphere SSO Import users from vCenter Single Sign On.
Chapter 8 Managing System Administrators and Roles Send an Email Notification to Users You can send an email notification to all users in the entire installation, all system administrators, or all organization administrators. You can send an email notification to notify users about upcoming system maintenance, for example. Prerequisites Verify that you have a valid connection to an SMTP server. Procedure 1 Click the Administration tab and click Users in the left pane. 2 Click Notify.
vCloud Director Administrator's Guide 3 Choose a Source to import from. If you have only an LDAP server or vCenter Single Sign On configured, the source is read-only. 4 Option Description LDAP Import groups from an LDAP server. a Type a full or partial name in the text box and click Search Groups. b Select the groups to import and click Add. vSphere SSO Import groups from vCenter Single Sign On. Type the group name or names and click Add. Separate multiple groups with carriage returns. Click OK.
Chapter 8 Managing System Administrators and Roles n Edit a Role on page 117 You can modify the name, description, and rights of a role. n Delete a Role on page 117 You can delete a role from the system. You cannot delete the System Administrator role or a role that is in use. Create a Role If the existing roles do not meet your needs, you can create a role and assign rights to the role. When you create a role, it becomes available to all of the organizations in the system.
vCloud Director Administrator's Guide 118 2 Right-click a role and select Delete. 3 Click Yes to confirm the deletion. VMware, Inc.
9 Managing System Settings A vCloud Director system administrator can control system-wide settings related to LDAP, email notification, licensing, and general system preferences.
vCloud Director Administrator's Guide Table 9-1. General System Settings (Continued) Name Category Description Activity log history to keep Activity Log Number of days of log history to keep before deleting it. Type 0 to never delete logs. Activity log history shown Activity Log Number of days of log history to display. Type 0 to show all activity. Display debug information Activity Log Enable this setting to display debug information in the vCloud Director task log.
Chapter 9 Managing System Settings Editing System Email Settings You can edit system email settings, including SMTP and notification settings. n Configure SMTP Settings on page 121 vCloud Director requires an SMTP server to send user notifications and system alert emails to system users. Organizations can use the system SMTP settings, or use custom SMTP settings. n Configure System Notification Settings on page 121 vCloud Director sends system alert emails when it has important information to report.
vCloud Director Administrator's Guide Configuring Blocking Tasks and Notifications Blocking tasks and notifications allow a system administrator to configure vCloud Director to send AMQP messages triggered by certain events. Some of these messages are simply notifications that the event has occurred. These are known as notifications.
Chapter 9 Managing System Settings 3 Select the default extension timeout. 4 Select the default timeout action. 5 Click Apply. Enable Blocking Tasks You can configure certain tasks to be enabled for blocking tasks. Procedure 1 Click the Administration tab and click Blocking Tasks in the left pane. 2 Click the Blocking Tasks tab. 3 Select the tasks to enable for blocking extensions 4 Click Apply.
vCloud Director Administrator's Guide Table 9-2. Supported Combinations of Operating System, LDAP Server, and Authentication Method (Continued) Operating System LDAP Server Authentication Method Windows 7 (2008 R2) Active Directory Kerberos SSL Linux OpenLDAP Simple Linux OpenLDAP Simple SSL Configure an LDAP Connection You can configure an LDAP connection to provide vCloud Director and its organizations with access to users and groups on the LDAP server.
Chapter 9 Managing System Settings 7 Type a user name and password to connect to the LDAP server. If anonymous read support is enabled on your LDAP server, you can leave these text boxes blank. 8 Authentication Method User Name Description Simple Type the full LDAP DN. Kerberos Type the name in the form of user@REALM.com. Click Apply. What to do next You can now add LDAP users and groups to the system and to organizations that use the system LDAP settings.
vCloud Director Administrator's Guide 2 Click Test LDAP Settings. 3 Type the name of a user in the LDAP directory and click Test. 4 Review the attribute mapping and click OK. What to do next You can customize LDAP user and group attributes based on the results of the test. Customize LDAP User and Group Attributes LDAP attributes provide vCloud Director with details about how user and group information is defined in the LDAP directory. vCloud Director maps the information to its own database.
Chapter 9 Managing System Settings 2 Type a company name. This name appears in the title bar for system administrators and in the footer for all users. 3 To select a custom logo, click Browse, select a file, and click Open. 4 To select a custom theme, click Browse, select a .css file, and click Open. 5 Type a URL that links to a Web site that provides information about your vCloud Director installation. For example, http://www.example.com.
vCloud Director Administrator's Guide n Configure the Public Console Proxy Address on page 128 If your vCloud Director installation includes multiple cloud cells running behind a load balancer or NAT, or if the cloud cells do not have publicly-routable IP addresses, you can set a public console proxy address.
Chapter 9 Managing System Settings 2 Type the hostname or IP address for the public REST API base URL. This can be the address of the load balancer or some other machine that can route traffic to the HTTP service IP. 3 Click Apply. XML responses from the REST API include the base URL and the transfer service uses the base URL as the upload target.
vCloud Director Administrator's Guide 130 VMware, Inc.
Monitoring vCloud Director 10 System administrators can monitor completed and in-progress operations and view resource usage information at the provider vDC, organization vDC, and datastore level.
vCloud Director Administrator's Guide Procedure 1 Log in to the vCloud Director system as a system administrator. 2 Click the Manage & Monitor tab and click Logs in the left pane. 3 Click the Tasks tab. vCloud Director displays information about each system-level task. 4 Double-click a task for more information.
Chapter 10 Monitoring vCloud Director Procedure 1 Click the Manage & Monitor tab and click Organizations in the left pane. 2 Right-click the organization name and select Open. 3 Click the My Cloud tab and click Logs in the left pane. 4 Click the Events tab. vCloud Director displays information about each organization-level event. 5 (Optional) Double-click an event for more information. Only system administrators can view the details about most events.
vCloud Director Administrator's Guide Using vCloud Director's JMX Service Each vCloud Director server host exposes a number of MBeans through JMX to allow for operational management of the server and to provide access to internal statistics. Access the JMX Service by Using JConsole You can use any JMX client to access the vCloud Director JMX service. JConsole is an example of a JMX client. For more information about the MBeans exposed by vCloud Director, see http://kb.vmware.com/kb/1026065.
Chapter 10 Monitoring vCloud Director You can specify the number of days of chargeback history that vCloud Director saves. See “Modify General System Settings,” on page 119. Monitoring Quarantined Files vCloud Director allows you to quarantine files (vApp templates and media files) that users upload to the system. You can enable upload quarantine and use third-party tools (for example, a virus scanner) to process uploaded files before vCloud Director accepts them.
vCloud Director Administrator's Guide 7 Copy the text of the message to which you want to respond. For example, What to do next Accept or reject the quarantine request.
11 Roles and Rights vCloud Director uses roles, and their associated rights, to determine which users and groups can perform which operations. System administrators can create and modify roles. System administrators and organization administrators can assign roles to users and groups in an organization. vCloud Director includes several predefined roles.
vCloud Director Administrator's Guide Table 11-1.
Chapter 11 Roles and Rights Table 11-1.
vCloud Director Administrator's Guide Table 11-1. Default Rights for the Predefined Roles (Continued) System Administrator Organization Administrator General: Administrator Control X X General: Administrator View X X 140 Catalog Author vApp Author vApp User Console Access Only VMware, Inc.
Index A E account lockout 129 activity log 131, 132 adding resources 19 adding vSphere resources 19 allocation models 34, 36, 54, 56 allocation pool allocation model 34, 54 AMQP broker 122 edge gateway add 38, 58, 67 adding 65 adding a firewall rule 69 apply syslog server settings 81 configuring DHCP 67 configuring firewalls 69 create VPN tunnel 71, 73 deleting 80 description 67 DNS 39, 59, 66, 79 enabling site-to-site VPN 71 enabling static routing 75 external networks 39, 59, 66, 79 gateway configurat
vCloud Director Administrator's Guide defined 22 deleting 64 name and description 64 specification 64 F fast provisioning 37, 57, 62, 112 firewall rules, setting the order 70, 86 G general system settings 119 getting started 11 groups, view 116 guest customization, preparing 14, 15 guided tasks 14 I identity provider 129 importing media files 44 vApp templates 43 J JMX, accessing 134 JMX service 134 K Kerberos realm 125 L LDAP configuring 123 customizing attributes 126 setting up the connection 124 s
Index allocation models 36, 56 changing description 61 changing name 61 confirm settings 40, 60 creating 33, 52, 53 deleting 61 enabling or disabling 61 monitoring usage 133 naming 40, 60 network pools 63 network quota 38, 58 properties 61 selecting a network pool 38, 58 selecting a provider vDC 33, 53 selecting the organization 53 storage capacity 62 organizations adding local users 30 allocating resources 32, 33 catalog publishing 108 confirm settings 31 creating 28 deleting 105 email preferences 30, 108
vCloud Director Administrator's Guide stranded items deleting 103 force deleting 104 system monitoring tasks 131 roles and rights 116 system administrators creating accounts 113 deleting 114 disabling 114 editing accounts 114 from LDAP 113 LDAP groups 115, 116 vCenter Single Sign On groups 115 vSphere SSO groups 115 system events 132 system notification settings 121 system settings, email 121 T Technical Support, to obtain 7 thin provisioning 37, 57, 62 U updated information 9 upgrade vCenter Server 100
