This guide will help you getting started with VMware Cloud Director at GleSYS, previously known as vCloud. It is a Software-Defined Data Centers (SDDC) management platform that offers highly advanced workload management features, allowing you to access your virtual data center efficiently. Instead of paying for individual virtual servers, you get a predefined pool of CPU, memory, storage, and network resources to allocate to your workloads. Additionally, you can expand or reduce the pool according to your needs.
In Cloud Director, virtual machines are organized into collections called vApps. Although it is possible to configure a VM without a vApp, a vApp provides additional functionality.
For example, you can configure your networks so VMs can communicate with each other but not with different collections of virtual machines. vApps are easy to duplicate, which is convenient if you have a group of VMs that you always deploy together.
If you deployed the VM using a GleSYS template, please read the KB article Customizing a VM Using cloud-init in VMware Cloud Director for additional instructions on how to configure the VM hostname, network, user accounts, passwords etc.
If you plan to keep any VMs, move them to a new vApp. If you have only one VM left in the vApp and wish to keep it, convert it into a standalone VM by selecting All Actions > Convert to VM.
This option is only available when a single VM is in the vApp. If there are multiple VMs, you must move them to another vApp before conversion.
It is possible to import and export vApps from VMware Cloud Director either directly in the Tenant Portal or by using the VMware OVF Tool. The OVF Tool is a command-line utility that helps you import and export OVF packages to and from many VMware products.
If you want to export a VM, converting it to a vApp before exporting is necessary. It is also required that it's powered off during the export.
Using the Tenant Portal:
Using the OVF Tool:
To view the help output, you can run the following command: ovftool --help
Below are two practical examples using OVF Tool:
Command syntax to import a vApp:
ovftool --X:progressSmoothing=10 --X:vCloudTimeout=60000 --X:vCloudKeepAliveTimeout=60000 "C:\temp\import.ova" "vcloud://username@vcd.dc-fbg1.glesys.net?org=<vdo-xxxxx>&vdc=<vdc-xxxxx>&vapp=<vApp name>"
Command syntax to export a vApp:
ovftool --X:progressSmoothing=10 --X:vCloudTimeout=60000 --X:vCloudKeepAliveTimeout=60000 "vcloud://username@vcd.dc-fbg1.glesys.net?org=<vdo-xxxxx>&vdc=<vdc-xxxxx>&vapp=<vApp name>" "C:\temp\export.ova"
For security reasons, a new Cloud Organization has no preconfigured networks. As a result, when you create a virtual machine, it will be isolated from the outside world.
Your Cloud Organization has an Edge Gateway for internet access, firewall, NAT, and VPN functionality for virtual machines.
A network can either be used in the scope of an Edge Gateway or outside it, creating an isolated network between VMs.
The first network to create is an organization-level Virtual Datacenter (VDC) network.
Choose the Scope of the network, i.e. whether it should only apply to a specific organization Virtual Data Center or an entire VDC Group (several VDCs). Click Next to proceed.
Select the type of network you want to create:
Create the Edge Connection. Your organization will have the Edge Gateway deployed, which shows up on the list. Here is also an option to turn off Distributed Routing. Select the Edge Gateway (t1-vdc-xxxxx…) from the list and click Next.
The General step contains general information about the network. The following fields are available:
Fill out the general information for the network. When ready, click Next to proceed.
The Static IP Pools page allows reserving a pool of IPs that will be static. The step is optional.
To add an entry, enter a static IP address (e.g. 192.168.1.2) or range (e.g. 192.168.1.2 to 192.168.1.100) and click Add. The entry appears on the Allocated IP Ranges list, and the total reserved IP addresses are displayed below the list.
The DNS enables adding a primary and secondary DNS and the DNS suffix for the VMs.
Setting up a DNS is optional. Set the IPs of the DNS servers if you wish to use them, and click Next.
Finally, review the information and click Finish to create the network. If you also want to enable DHCP for a network, follow these steps:
Enabling DHCP can be done after creating the network.
Note that this procedure will only work when there's no longer an existing relation to the network, for example, a connected VM.
To access the Edge Gateway configuration screen, open the Edge Gateways tab from the Networks page.
Network Address Translation (NAT) is a technique that allows the translation of public IP addresses to private ones. Using NAT makes connecting multiple servers in an internal network to the same public IP address possible. Moreover, NAT is also the only method to assign a public IP address to a VM connected to an Edge Gateway.
We recommend starting with the NAT rules, as no NAT rules are set up by default. Here are the different types of NAT rules available to choose from:
The firewall rules can be accessed and edited by clicking the Edge Gateway. There is a default rule added automatically, which drops all traffic. You can add new rules above this to allow specific traffic to and from your networks.
To define Firewall rules, start by setting up Static Groups (whole networks including connected VMs) and/or IP Sets (predefined IP addresses) under Security in the left-hand menu. These can then be used in the Firewall rules.
By default, no segmentation occurs between the internal networks connected to an Edge Gateway. The firewall is thus only applied for North-South traffic (ingoing and outgoing) and not East-West (between VMs and networks).
Turning off Distributed Routing on the specific network forces all VM traffic through the service router and makes segmentation between different internal networks possible. It's important to remember that there will be an extra hop when routing traffic through the service router instead of the Distributed Routers on each ESXi host. This extra hop can result in higher latency compared to using Distributed Routing.
To turn off Distributed Routing on your network, you must allow it on the Edge Gateway first. This option may in some cases not be enabled by default, but GleSYS Support can assist with it.
If you did not turn off Distributed Routing when creating the network, you can adjust it later. However, it is essential to note that the change will take effect immediately. Therefore, adjusting the firewall rules beforehand is crucial, especially if the network is in active use.
To deactivate Distributed Routing, do the following:
Creating a snapshot allows you to save one or more restore points of a VM temporarily. This feature comes in handy when upgrading the operating system or software. In case of an error, you can revert the server to a snapshot. However, it's important to note that a snapshot should not replace a backup since it is stored in the same folder as the original VM and relies on the original disk.
In addition, it is best practice to save a snapshot for at most three days, as it can affect the virtual machine's performance. So remember to delete it as soon as it is no longer needed, and limiting the number of active snapshots to a maximum of three per server is also good.
If you need further details on how to work with snapshots, please read the documentation in VMware Cloud Director Tenant Guide.
We initially hand over credentials for an administrator account to our customers. Still, we strongly recommend setting up personal user accounts for each individual who needs access to the portal.
Each user is assigned a role. For example, the Organization Administrator role has complete rights in the portal. In contrast, the Console Access Only role only has access to open the console and view the properties of VMs.
It is possible to create your custom roles with any necessary permissions.
Using an external Identity Provider, e.g. Google Workspace, for Single Sign-On capabilities in the portal is possible. That is also currently the only way to achieve two-factor authentication to the Cloud Director portal.
Read more here about adding a SAML Identity Provider to VMware Cloud Director in the VMware Cloud Director Service Provider Admin Portal Guide.
Our environment supports VMware Cloud Director Availability, which can be used for replication and migration to and from our environment or between our data centers. It is not enabled by default but can be enabled by contacting GleSYS Support.
Read the VMware Cloud Director Availability documentation
The VMware Cloud Director Tenant Portal Guide provides information about administrating your organization and creating and configuring virtual machines, vApps, and networks within vApps. You can also configure advanced networking capabilities that VMware NSX provides for vSphere within a VMware Cloud Director environment. You can also create and manage catalogues, vApp and VDC templates, and create and manage cross-virtual data center networks.
Read the VMware Cloud Director Tenant Portal Guide
Kontakta oss gärna för mer information. Vi hjälper dig att komma fram till den bästa lösningen för dina behov.