In previous two posts, I showed you, how to create vApp templates and then tell you, how to deploy vApp from that templates into your vCloud environment. In vCloud Director there are lots of Ways to deploy the vApps with respective to vCloud Director Networks, it depends upon your Organization operational requirements.before dig into the different vApp Use Cases.i would highly recommend you should visit my post “Cloud Resources and Logical Design” to get the basic understanding of vCloud Director logical design.
what is vApp?
A vApp consists of one or more virtual machines that communicate over a network and use resources and services in a deployed environment. A vApp can contain multiple virtual machines.
Following are the different vApp deployment Use cases in vCloud Director.
- Use Case 1: vApp Network (Direct) -> Organization VDC Network (Direct)
- Use Case 2: vApp Network (Direct) -> Organization VDC Network (Routed)
- Use Case 3: vApp Network (Direct) -> Organization VDC Network (Isolated)
- Use Case 4:vApp Network (Routed) -> Organization VDC Network (Direct)
- Use Case 5:vApp Network (Routed) -> Organization VDC Network (Routed)
- Use Case 6:vApp Network (Routed) -> Organization VDC Network (Isolated)
- Use Case 7:vApp Network (Isolated)
Its not just end of it. there is one special kind of vApp deployment method in vCloud Director. which we called vApp Fenced. lets see what is vApp Fecning and its different deployment use cases in vCloud Director.
What is vAPP Fencing?
The term “fenced” only means that this vApp is to some extent isolated from the rest of the network. Going with this definition, any vCloud Director network that is not a direct connected one can be called “fenced”, because a vShield Edge device isolates the vApp from other vApps and possibly the internet. This isolation includes the MAC address (outside the vApp, no other VM will see the MAC address of a VM on the inside) as well as the IP address in the case of a NAT router.
Fenced network as in vCloud Director means to have the same subnet in the vApp network as in the organization network. Well, thats not very special because a directly connected vApp network does that, too, right? Yes, but this time this is with a vShield Edge router in between!
Fencing can be done in two ways. Both use the vShield Edge Device.
Option 1: Use the “Fence” option and use your organization IP range directly on your fenced virtual machines. (Same inside and outside IP range 192.168.0.0/24). I will show you this option in Fenced Use Case-1
Option 2: Create a vApp network and make it “routed”. In this case you have one internal IP segment 192.168.150.0/24 and one external IP segment 10.0.150.0/24). I will show you this option in Fenced Use Case-2
Following are the different Fenced Use Cases in vCloud Director.
- Fenced Use Case 1: vApp Network (Fenced) –> Organization VDC Network (Direct)
- Fenced Use Case 2:vApp Network (Fenced) –> Organization VDC Network (Routed)
- To configure Fencing, vApp Network should be Direct (mean fencing is only enable on organization network). If vApp Network is Routed, Fencing will be greyed-out.
- From vCenter Infrastructure, Portgroups will be created for each vApp Fenced Network and vSE VA will be deployed for each fenced vApp Network.
- You can overwrite fencing setting at VM level while deploying it in the vApp.
- You can’t overlap IPs within same Fenced vApp Network.
- When you create Fenced vApp Network, you can’t create any other Direct vApp Network
Lets see one by one these use cases deployment in my vCloud director lab, than you may understand better about their functionality.