VMware is working on a new vCloud Design Best Practices training course, it's still in beta but will be released somewhere around next month. This new course is designed to guide students through the decision points and policy choices available for designing and implementing a VMware vCloud environment. Students will learn to appreciate the effects of design choices in vSphere, vCloud Director, Chargeback, and the vShield Edge capability that is included with vCloud Director. The course culminates in a comprehensive workshop on VMware cloud design. By the end of the course, you should have an understanding of the VMware cloud and be able to do the following:
Evaluate and design a multitenant environment to address both private cloud and public cloud customer needs.
Configure vCloud providers that can accommodate heterogeneous server, storage, and network resources.
Design a network infrastructure optimized for vCloud.
Integrate vCloud Director security with existing LDAP systems and design appropriate security hierarchies with security roles.
The cloud consumer resources are dedicated vCenter clusters that host cloud workloads. These resources are carved up by vCloud Director in the form of one or more provider virtual datacenters, which is a vCenter cluster, and one or more attached datastores. Networking for the resource group will encompass vSphere networks visible to the hosts in that cluster. Provider virtual datacenters are further carved up into organization virtual datacenters, which are backed by vCenter resource pools. If you disable Distributed Resource Scheduling (DRS) on vCenter Clusters level you will lose all resource pools and youâre not able to deploy or power on vApps anymore. This video will show you such a situation, donât try this at home.
In this video you will learn how a vCloud Director network is constructed. The PowerPoint presentation "vCloud networking explained in 1 slide and 52 animations" is created by fellow VCI over at Tuukka Korhonen (itvirtuoosit.fi).
Port group backed network pools require preconfigured set of port groups either on a vNetwork distributed switch or on a standard vSwitch and port groups must be available on each ESX/ESXi host in the cluster. They need to be imported into vCloud Director when creating this network pool. This network pool is used in circumstances where vCenter cannot programmatically create port groups on the fly. Other scenarios when you want to use this network pool is when do not have vNetwork Distributed switches and want to use the Standard switch or when you want to use the Nexus 1000v switches. The port groups must be isolated at the layer 2 level from all other port groups. The port groups must be physically isolated or must be isolated using VLAN tags. Failure to properly isolate the port groups can cause a disruption on the network.
Unlike other types of network pools, a network pool that is backed by port groups does not require a vNetwork distributed switch and this is the only type of network pool that works with Cisco Nexus 1000V virtual switches. A network pool is backed by vSphere network resources such as VLAN IDs, port groups, or cloud isolated networks. Network traffic on each network in a pool is isolated at layer 2 from all other networks. Each organization vDC in vCloud Director can have one network pool. Meaning each Organization vDC can only be assigned to only one network pool. Multiple organization vDCs can share the same network pool but make sure that networks in the pool are isolated. Only system administrators can create and manage network pools.
vApp networks are used for connectivity of virtual machines within a vApp. A vApp can be connected to a vApp specific network or to an organization network. A vApp network isolates the virtual machines in that vApp from everything else; in that way, it is like an internal organization network, but is only used by that vApp. You can connect vApps to organization network to allow them to communicate with other vApps in that organization. When you connect a vApp to an organization network, determine whether you want a fence or direct connection. Fenced will allow you to have identical virtual machines to connect to organization networks without worrying about IP and MAC address conflicts. You can also have additional firewall rules added to protect virtual machines in the vApp. While direct connection will allow you to directly connect the vApp to the organization network.
Todayâs virtualized data center demands that multivendor solutions integrate and work together. VMware vCloud Director facilitates easier deployment of virtual machines to suit the scaling needs of a cloud-enabled data center. One of the key functions of vCloud Director is to provide networking as a managed, allocated resource. vCloud Director uses the advanced features of the Cisco Nexus 1000V Series Switch to provide a scalable, highly secure, and agile cloud solution for private enterprises as well as service providers.
A new feature in vCloud Director 1.5 is support for static routing. This provides the ability to route between network segments without the use of NAT and enables increased flexibility in implementing network connectivity within a vCloud environment. Though most networks will have a directly connected default gateway, it is possible for networks to have more than one router (such as multiple vShield Edge devices). Static routing provides a way to manually configure routing tables so that traffic can be forwarded to these remote networks while still using the default gateway for all remaining traffic. In vCloud Director, static routing can be configured at both the routed organization network level and vApp network level.
For organization networks, routes can be defined within the organization network or to an external network.
For vApp networks, the static routing configuration is simplified as routes are only applied on the external interface.
To demonstrate the different options for static routing with vCloud Director, I've recorded a video which will show you how to add Static Routes Between vApp Networks Routed to Different Organization Networks. An organization administrator can add static routes between two vApp networks that are routed to different organization networks. Static routes allow traffic between the networks. You cannot add static routes between overlapping networks or fenced vApps. After you add a static route to an organization network, configure the network firewall rules to allow traffic on the static route. For vApps with static routes, select the Always use assigned IP addresses until this vApp or associated networks are deleted check box.
Static routes only function when the vApps included in the routes are running. If you change the parent network of a vApp, delete a vApp, or delete a vApp network, and the vApp includes static routes, those routes cannot function and you must remove them manually.
Prerequisites:
vShield 5.0
Two organization networks routed to the same external network
Static routing is enabled on both organization networks
A vApp network routed to each organization network
The vApp networks are in vApps that were started at least once
The virtual machines in a vApp can connect to vApp networks (isolated or routed) and organization networks (direct or fenced). You can add networks of different types to a vApp to address multiple networking scenarios. Select the Networking tab in a vApp and select the Show networking details check box to view a list of the networks that are available to the vApp. Virtual machines in the vApp can connect to these networks. If you want to connect a virtual machine to a different network, you must first add it to the vApp.
A vApp can include vApp networks and organization networks. A vApp network can be isolated by selecting None in the Connection drop-down menu. An isolated vApp network is totally contained within the vApp. You can also route a vApp network to an organization network to provide connectivity to virtual machines outside of the vApp. For routed vApp networks, you can configure network services, such as a firewall and static routing.
There's also a possibility to connect a vApp directly to an organization network. If you have multiple vApps that contain identical virtual machines connected to the same organization network and you want to start the vApps at the same time, you can fence the vApp. This allows you to power on the virtual machines without conflict, by isolating their MAC and IP addresses.
It's also possible configure certain vApp networks to provide firewall services. Enable the firewall on a vApp network to enforce firewall rules on incoming traffic, outgoing traffic, or both. When you enable the firewall, you can specify a default firewall action to deny all incoming and outgoing traffic or to allow all incoming and outgoing traffic. You can also add specific firewall rules to allow or deny traffic that matches the rules to pass through the firewall. These rules take precedence over the default firewall action.
Hold your cloud in your hands with the new VMware vCloud Client for iPad. The VMware vCloud Client for iPad empowers users to view and inspect their VMs, provision environments, and perform basic workload operations -- all from the convenience of an iPad. Existing vCloud users can quickly install the client from the Apple App Store and immediately access their vCloud environments.
This quick start video provides a simplified, step-by-step set of instructions for creating a new virtual machine on the StratoGen vCloud platform. The StratoGen vCloud platform is built upon VMware vCloud Director 1.5. This video is a supplement to the vCloud director 1.5 user manual which provides comprehensive information about the platform.
Step 1 > Log in - Using a supported browser (Internet Explorer 7 or above, or Mozilla Firefox 3 or above) connect to the URL as provided by StratoGen. A typical URL is of the format https://mycloud.stratogen.com/cloud/org/your-organisation. Enter the username and password supplied to login to your account.
Step 2 > Select the âMy Cloudâ tab - The initial homepage for your cloud is displayed. Now click on the âMy Cloudâ tab. In the following steps I will take you through the steps required to create a new virtual machine in your cloud. All virtual machines must reside in a vApp (a vApp is a container that holds 1 or more virtual machines).
Step 3 > Click the â+â symbol to create a new vApp from a catalog. You will now create a new vApp by clicking on the + icon
Step 4 > Select Catalog - You can upload your own virtual machine templates or ISO installation media into your organizationâs catalog, but in this example we will be using one of the pre-built templates supplied by StratoGen. Click on the catalog drop down list and select âPublic catalogsâ.
Step 5 > Select vApp Template - Select the required operating system from the list of vApp Templates. In this example we will be creating a virtual machine with CentOS 5.5 installed, so we select the CentOS 5.5 vApp. This will create a vApp which contains a single CentOS 5.5 virtual machine.
Step 6 > Name your vApp - Enter a name for your new vApp, and a short description if required.
Step 7 > Configure virtual machine - Enter a computer name for your new virtual machine and then click on the âNetworkâ drop down list to select a network to attach it to. In this instance we will select a âDirect Internet Connectionâ. Always leave the IP assignment as âStatic â IP Poolâ. We are now ready to create our vApp and virtual machine. Click âFinishâ.
Step 8 > vApp creation - Thatâs it. Your new vApp and virtual machine will now be created. Your virtual machineâs network settings will be configured automatically and a new root/administrator password will be automatically generated and assigned. We will also review our new virtual machine and note our new password.
Step 9 > vApp display - Once the creation of your vApp has completed, âStoppedâ will be displayed as the status. Select the vApp, and then click on the name. A visual depiction of the vApp is displayed. Now click the âVirtual Machinesâ tab.
Step 10 > Virtual machine properties - This tab shows us the virtual machines in the vApp. In our case this is a single virtual machine called CentOS 5.5. Right click on your virtual machine and select properties. We can now view the properties of our virtual machine. To find the newly assigned root/administrator password for your VM select the âGuest OS Customizationâ tab. Your new password is displayed after the âAuto generate passwordâ text.
VMware vCloud Directo (VCD) enables customers to build a private cloudâbased Infrastructure as a Service (IaaS) offering within their organization. By providing a secure, on-demand ability for end users to deploy workloads, companies can realize a level of agility previously thought impossible.
This VMware vCloud Director 1.5 Evaluation Guide is designed to provide a guided, hands-on evaluation of the most compelling and relevant features of vCloud Director. It walks users through a series of procedures, each building upon the previous. When completed, the evaluator will have a working configuration that illustrates the key concepts that should be understood before deploying a production private cloud solution with vCloud Director.
Because this guide is to be leveraged for evaluation purposes, it has been written to require the least amount of hardware resources possible. This enables users who do not have a dedicated test lab to still fully evaluate the capabilities and concepts of vCloud Director. This purpose-built evaluation environment should not be considered as a template for deploying a production environment.
VMware vCloud Director 1.5 Evaluation Guide
