5.1
Table Of Contents
- vCloud Director Administrator's Guide
- Contents
- vCloud Director Administrator's Guide
- Updated Information
- Getting Started with vCloud Director
- Adding Resources to vCloud Director
- Creating and Provisioning Organizations
- Understanding Leases
- Create an Organization
- Allocate Resources to an Organization
- Open the Allocate Resources Wizard
- Select a Provider vDC
- Select an Allocation Model
- Configure the Allocation Model
- Allocate Storage
- Select Network Pool and Services
- Configure an Edge Gateway
- Configure External Networks
- Configure IP Settings on a New Edge Gateway
- Suballocate IP Pools on a New Edge Gateway
- Configure Rate Limits on a New Edge Gateway
- Create an Organization vDC Network
- Name the Organization vDC
- Confirm Settings and Create the Organization vDC
- Creating a Published Catalog
- Managing Cloud Resources
- Managing Provider vDCs
- Enable or Disable a Provider vDC
- Delete a Provider vDC
- Modify a Provider vDC Name and Description
- Merge Provider vDCs
- Enable or Disable a Provider vDC Host
- Prepare or Unprepare a Provider vDC Host
- Upgrade an ESX/ESXi Host Agent for a Provider vDC Host
- Repair a Provider vDC ESX/ESXi Host
- Enable vSphere VXLAN on an Upgraded Provider vDC
- Provider vDC Datastores
- Add a Storage Profile to a Provider vDC
- Edit the Metadata for a Storage Profile on a Provider vDC
- Add a Resource Pool to a Provider vDC
- Enable or Disable a Provider vDC Resource Pool
- Detach a Resource Pool From a Provider vDC
- Migrate Virtual Machines Between Resource Pools on a Provider vDC
- Configure Low Disk Space Warnings for a Provider vDC Datastore
- Send an Email Notification to Provider vDC Users
- Managing Organization vDCs
- Create an Organization vDC
- Open the New Organization vDC Wizard
- Select an Organization for the Organization vDC
- Select a Provider vDC
- Select an Allocation Model
- Configure the Allocation Model
- Allocate Storage
- Select Network Pool and Services
- Configure an Edge Gateway
- Configure External Networks
- Configure IP Settings on a New Edge Gateway
- Suballocate IP Pools on a New Edge Gateway
- Configure Rate Limits on a New Edge Gateway
- Create an Organization vDC Network
- Name the Organization vDC
- Confirm Settings and Create the Organization vDC
- Enable or Disable an Organization vDC
- Delete an Organization vDC
- Organization vDC Properties
- Add a Storage Profile to an Organization vDC
- Create an Organization vDC
- Managing External Networks
- Managing Edge Gateways
- Add an Edge Gateway
- Open the New Edge Gateway Wizard
- Select Gateway and IP Configuration Options for a New Edge Gateway
- Select External Networks for a New Edge Gateway
- Configure IP Settings on a New Edge Gateway
- Suballocate IP Pools on a New Edge Gateway
- Configure Rate Limits on a New Edge Gateway
- Configure the Name and Description of a New Edge Gateway
- Review the Configuration of a New Edge Gateway
- Configuring Edge Gateway Services
- Configure DHCP for an Edge Gateway
- Add a Source NAT rule to an Edge Gateway
- Add a Destination NAT rule to an Edge Gateway
- Configure the Firewall for an Edge Gateway
- Add a Firewall Rule for an Edge Gateway
- Reorder Firewall Rules for an Edge Gateway
- Enable VPN for an Edge Gateway
- Configure Public IPs for External Networks
- Creating VPN Tunnels on an Edge Gateway
- Edit VPN Settings
- Enable Static Routing on an Edge Gateway
- Managing Load Balancer Service on an Edge Gateway
- Editing Edge Gateway Properties
- Delete an Edge Gateway
- View IP Use for an Edge Gateway
- Apply Syslog Server Settings to an Edge Gateway
- Add an Edge Gateway
- Managing Organization vDC Networks
- Adding Networks to an Organization vDC
- Configuring Organization vDC Network Services
- Configure DHCP for an Organization vDC Network
- Enable the Firewall for an Organization vDC Network
- Add a Firewall Rule for an Organization vDC Network
- Reorder Firewall Rules for an Organization vDC Network
- Enable VPN for an Organization vDC Network
- Create a VPN Tunnel Within an Organization
- Create a VPN Tunnel to a Remote Network
- Enable Static Routing for an Organization vDC Network
- Add Static Routes Between vApp Networks Routed to the Same Organization vDC Network
- Add Static Routes Between vApp Networks Routed to Different Organization vDC Networks
- Reset an Organization vDC Network
- View vApps and vApp Templates That Use an Organization vDC Network
- Delete an Organization vDC Network
- View IP Use for an Organization vDC Network
- Editing Organization vDC Network Properties
- Managing Network Pools
- Managing Cloud Cells
- Managing Provider vDCs
- Managing vSphere Resources
- Managing Organizations
- Managing System Administrators and Roles
- Add a System Administrator
- Import a System Administrator
- Enable or Disable a System Administrator
- Delete a System Administrator
- Edit System Administrator Profile and Contact Information
- Send an Email Notification to Users
- Delete a System Administrator Who Lost Access to the System
- Import a Group
- Delete an LDAP Group
- View Group Properties
- Roles and Rights
- Managing System Settings
- Modify General System Settings
- General System Settings
- Editing System Email Settings
- Configuring Blocking Tasks and Notifications
- Configuring the System LDAP Settings
- Customize the vCloud Director Client UI
- Configuring Public Addresses
- Configure the Account Lockout Policy
- Configure vCloud Director to use vCenter Single Sign On
- Monitoring vCloud Director
- Roles and Rights
- Index
8 (Optional) Select an Original port to apply this rule to.
9 (Optional) Select an IMCP type to apply this rule to if this rule applies to IMCP.
10 Type the IP address or range of IP addresses for the destination addresses on inbound packets to be
translated to in the Translated (Internal) IP/range text box.
11 (Optional) Select a port for inbound packets to be translated to from the Translated port drop-down menu.
12 Select Enabled, and click OK.
The destination IP address and port are translated according to the destination NAT rule's specifications.
Configure the Firewall for an Edge Gateway
Edge gateways provide firewall protection for incoming and outgoing sessions.
You can set the default firewall action to deny or allow all traffic. You can also add specific firewall rules to
allow or deny traffic that matches the rules to pass through the firewall. These rules take precedence over the
set default. See “Add a Firewall Rule for an Edge Gateway,” on page 69
System administrators and organization administrators can configure edge gateway firewalls.
Procedure
1 Click the Manage & Monitor tab and click Organization vDCs in the left pane.
2 Double-click the organization vDC name to open the organization vDC.
3 Click the Edge Gateways tab, right-click the edge gateway name, and select Edge Gateway Services.
4 Click the Firewall tab and select Enable firewall to enable firewall services, or deselect it to disable firewall
services.
5 Select the default firewall action.
Option Description
Deny
Blocks all traffic except when overridden by a firewall rule.
Allow
Allows all traffic except when overridden by a firewall rule.
6 (Optional) Select the Log check box to log events related to the default firewall action.
7 Click OK.
Add a Firewall Rule for an Edge Gateway
You can add firewall rules to an edge gateway that supports a firewall. You can create rules to allow or deny
traffic that matches the rules to pass through the firewall.
For a firewall rule to be enforced, you must enable the firewall for the edge gateway. See “Configure the Firewall
for an Edge Gateway,” on page 69.
When you add a new firewall rule to an edge gateway, it appears at the bottom of the firewall rule list. For
information about setting the order in which firewall rules are enforced, see “Reorder Firewall Rules for an
Edge Gateway,” on page 70.
System administrators and organization administrators can add firewall rules to an edge gateway.
Procedure
1 Click the Manage & Monitor tab and click Organization vDCs in the left pane.
2 Double-click the organization vDC name to open the organization vDC.
3 Click the Edge Gateways tab, right-click the edge gateway name and select Edge Gateway Services.
Chapter 5 Managing Cloud Resources
VMware, Inc. 69