Cloud resources are an abstraction of their underlying vSphere resources and provide the compute and memory resources for vCloud Director virtual machines and vApps, and access to storage and network connectivity.
Cloud resources include provider and organization virtual datacenters, external networks, organization virtual datacenter networks, and network pools. Before you can add cloud resources to vCloud Director, you must add vSphere resources. below is the logical design of vCloud Director which,i am going to use in my lab environment.
vCloud Director Logical Design
Let’s discuss different cloud resources in the logical design one by one.
What is Provider vDC?
A provider virtual datacenter combines the compute and memory resources of a single vCenter Server resource pool with the storage resources of one or more datastores connected to that resource pool.
A provider virtual datacenter is the source for organization virtual datacenters
What is External Networks?
An external network is a logical, differentiated network based on a vSphere port group. An external network provides the interface to the Internet for virtual machines connected to external organization virtual datacenter networks.
What are Network Pools?
Network Pools are a collection of isolated, Layer 2 networks that can be used to create Organization and vApp Networks on-demand and are available to both the Providers and Consumers. The Provider or Cloud Admin creates a network pool before they can be utilized.
There are three types of Network pools that are used in vCloud Director. These are:
- Port group-backed
- vCloud Network Isolation-backed (vCD-NI)
You can add a network pool backed by port groups to register vSphere port groups for vCloud Director to use. Unlike other types of network pools, a port group-backed network pool does not require a vSphere distributed switch and can support port groups associated with third-party distributed switches.
CAUTION: The port groups must be isolated from all other port groups at the layer 2 level. The port groups must be physically isolated or must be isolated by using VLAN tags. Failure to properly isolate the port groups can cause a disruption on the network.
Verify that one or more port groups are available in vSphere. The port groups must be available on each ESX/ESXi host in the cluster, and each port group must use only a single VLAN. Port groups with VLAN trunking are not supported.
- Works with all types of vSwitches.
- Requires manual work or orchestration to create all of the portgroups
- Portgroups needs to be keep in sync on a vSS
- To ensure isolation portgroups rely on VLANs for L2 isolation
You can add a VLAN-backed network pool to register vSphere VLAN IDs for vCloud Director to use. A VLAN-backed network pool provides the best security, scalability, and performance for organization virtual datacenter networks.
Verify that a range of VLAN IDs and a vSphere distributed switch are available in vSphere. The VLAN IDs must be valid IDs that are configured in the physical switch to which the ESX/ESXi servers are connected.
CAUTION: The VLANs must be isolated at the layer 2 level. Failure to properly isolate the VLANs can cause a disruption on the network
- Isolated networks
- Requires VLANs to exist in the physical network hardware (physical switches)
- VLANs are limited to 4096 and depending on your design, the pool can quickly run out
3-vCloud Network Isolation-backed (vCD-NI)
You can create a network pool that is backed by cloud isolated networks. A cloud isolated network spans hosts, provides traffic isolation from other networks, and is the best source for vApp networks.
An isolation-backed network pool does not require pre existing port groups in vSphere.
Verify that a vSphere distributed switch is available.
- Does not have to use VLANs.
- Allows on-demand creation of networks by the consumer
- No management overhead required to pre-provision multiple port groups or VLANs
- Small performance overhead due to encapsulation (dvFilter) runs at around 1% CPU utilization.
- Added MAC header require an increase in MTU same as in MPLS networks
What is Allocation Models?
The allocation model determines how and when the provider virtual datacenter compute and memory resources that you allocate are committed to the organization virtual datacenter. There are three types of allocation models which offered by the vCloud Director.
A percentage of the resources you allocate from the provider virtual datacenter are committed to the organization virtual datacenter. You can specify the percentage for both CPU and memory.
Resources are committed only when users create vApps in the organization virtual datacenter.
All of the resources you allocate are immediately committed to the organization virtual datacenter.
What is Organization?
Organization is the fundamental vCloud Director grouping that contains users, the vApps that they create, and the resources the vApps use. An organization can be internal to your company providing the vCloud Director or to a customer organization that is using your Cloud Director.
What is Organization vDC?
Create an organization virtual datacenter to allocate resources to an organization. An organization virtual datacenter is partitioned from a provider virtual datacenter. A single organization can have multiple organization virtual datacenters.
NOTE: You must have a provider virtual datacenter before you can allocate resources to an organization
What is Organization Networks?
An organization vDC network allows virtual machines in the organization vDC to communicate with each other and to access other networks, including organization vDC networks and external networks, either directly or through an Edge Gateway that can provide firewall and NAT services. There are three types of Organization Network Exists in vCloud Director.
- Organization Direct
- Organization Routed
- Organization Isolated
A direct organization vDC network connects directly to an eternal network. Only a system administrator can create a direct organization vDC network
The cloud must contain an external network
A routed organization vDC network connects to an external network through an Edge Gateway, which is backed by a vShield Edge device. A routed organization vDC network also requires the containing vDC to include a network pool. After a system administrator has provisioned an organization vDC with an Edge Gateway and associated it with a network pool, organization administrator or system administrators can create routed organization vDC networks in that vDC
The vDC must contain an Edge Gateway and a network pool.
An isolated organization vDC network does not require an Edge Gateway or external network, but does require the containing vDC to be associated with a network pool. After a system administrator has created an organization vDC with a network pool, organization administrators or system administrators can create isolated organization vDC networks in that vDC.
The vDC must contain a network pool.
What is vApp Networks?
vApp networks are created by vCloud consumers and connect multiple virtual machines in a vApp. vApp networks separate vApp virtual machines from the workloads in the organization virtual datacenter network. The effect is similar to placing a router in front of a group of systems (vApp) to shield the systems from the rest of the corporate network. vApp networks are instantiated from a network pool and consume vSphere resources while the vApp is running.
There are four type of Connectivity options for vApp networks include the following:
1- vApp Direct
vApps connect directly to the organization virtual datacenter network.
Identical virtual machines can exist in different vApps. A virtual router provides isolation and proxy ARP.
A new network is defined. A virtual router provides NAT and firewall functionality.
Communication is restricted to the virtual machines in the vApp. No connection exists to an organization virtual datacenter network.
What is Catalog?
A catalog is a container for vApp templates and media files in an organization. Organization administrators and catalog authors can create catalogs in an organization. Catalog contents can be shared with other users in the organization and can also be published to all organizations in the vCloud Director installation.
There are two types of catalogs in vCloud Director
- Organization catalogs
- Public catalogs.
Organization catalogs include vApp templates and media files that you can share with other users in the organization.
If a system administrator enables catalog publishing for your organization, you can publish an organization catalog to create a public catalog. Organization administrators from any organization in the vCloud Director installation can view the vApp templates and media files in a public catalog and copy those files to a catalog in their organization for use by their members.