vCloud Director - Administration
So now that we've logged into Cloud Propeller vCloud Director, and got to the home screen, let's switch the top tab to Administration section and get into some details.
The Administration section is very powerful as it allows you to manage your Virtual Datacenter users, their access, as well as your Virtual NSX Edge Gateway and it's services (Firewall, Load Balancing, DHCP Pools, VLANs, VPNs and more).
The first screen you'll see when you get into Administration section will me a list of your Virtual Datacenters (most users will see one here, but some may see more than one).
In our example above, you can see that we have a Cloud Propeller - Management Virtual Datacenter. It is Running, it is Enabled, and in our case it is set in Pay as You Go billing model, though yours will most likely be Allocation Pool model.
If you click on Monitor tab in at the top,
your Virtual Datacenter view will switch from a not so useful one, to one that shows you your current Virtual Datacenter utilization / allocation.
In our case here, we can see that we have 2.5GHz of CPUs allocated, 1gb of RAM, and 50GB of SSD Storage.
Note: our CPU's are Intel Xeon 2680v3 @ 2.5GHz. Dividing the amount of processor allocation with this number, will give you the exact number of Virtual CPUs (vCPUs) in use. In our case above, we're using 1 vCPU.
If you double click onto your vDC Name,
you'll dive into a more detailed view of your Virtual Datacenter resources and configuration settings.
In this screen you can manage your vApps, vApp Templates and Catalogs - most useful part of which is the ability to clearly see what resources are used by each of the objects inside.
However, more important and useful are the following two sections:
- Edge Gateways - allows you to manage your VMware NSX Edge Gateway (Firewall, Load Balancing, DHCP Pools, VLANs and more)
- Org VDC Networks - allows you to manage your Virtual Datacenter (VDC) networks & vLANs.
NSX Edge Gateway
Edge Gateway is a VMware NSX Appliance which acts as your Virtual Datacenter's primary Router and Firewall.
Ours is called CP-MGMT-Edge-01, which in this case stands for Cloud Propeller, Management Edge Gateway #1. Yours will be called something different, but as you'll have just one in the list as well, it'll be hard to miss.
Edge appliances can be Single-homed, or distributed (highly available / HA), depending on which option you chose during signup, and can have up to 10 network connections.
First network connection is always used as your Virtual Datacenter's Internet Uplink and has one or more Public IP Addresses attached to it.
Other network connections can be used to connecto to other VLANs / Subnets (DMZs) of your Virtual Datacenter, or can connect your vDC to other locations via VPN tunnels.
- Edge Gateway Services will allow you to manage services that are enabled on your Edge Gateway:
External IP Allocations can show you a list of Public IP Addresses allocated to your Virtual Datacenter.
Re-Apply Service Configuration, Re-Deploy and Upgrade Configuration options should be only used if instructed to do so by Cloud Propeller support. They tend to fix any inconsistencies that may happen every now and then.
Properties will give you some information about your edge gateway like name, configuration, external and sub-allocated IP addresses, and if any Rate-Limits are set on your internet.
We will go into way more detail about how NSX Edge Gateway works in later chapters, but if you wish to browse around for now, right click on it, and get familiar some of the options.
Org VDC Networks
This section will show you all networks (VLANs/Subnets, DMZs) available to your Virtual Datacenter.
In our example case above, we can see that we have 3 networks available to our vDC:
Direct EXT is a direct-connected external (Public) VLAN which is connected to Nic-0 of your NSX Edge Gateway and provides Internet access to your environment (as well as Public IPs which you can map to your Virtual Machines through Edge Gateway's NAT options). Yours will have a real Public IP Address (not something like 192.168.x.y).
ISOLATED network shown here is something you may not have by default in your vDC but you can create it, if you wish to do so, by clickign on the button in the top right corner. Isolated networks do not connect to anything above (i.e. they do not have access to any other networks, or Internet), but are actually fully "isolated" Private VLANs. They are great for Intra-VM communication, for example, if you would like to connect Web Servers to Database Servers, via direct, private network.
ROUTED network represents a most common network type deployed for interconnecting virtual machines, as it also allows them to access the Internet (and to be accessed from Internet by setting up a NAT service on Edge Gateway). In our case above, a routed network 172.16.88.0/24 is created for our vDC and it is connected to our NSX Edge Gateway. As you may have guessed, this network would use up one NIC (network adapter) on the Edge Gateway, leaving 8 more available.
We will go into a lot more detail about Org VDC Networks in later chapter, but for now, feel free to explore them by right clickign onto the networks and checking out the options.
Most commonly used option is Configure Services
which allows you to configure Routed Network Services, like
While you can set up services like NAT and Firewall on Routed networks, in most cases this is NOT the place where you should be doing so. Most services like NAT, Firewall, LB and VPN should be set through the similar Configure Services option of the NSX Edge Gateway itself, not on "per network" basis.