Cloud Lab-61: vCloud Director Organizations- “Use Case – Load balance Web Servers in vCloud Director” (Part 2)

This is part 2 of my post regarding Load balacing Use Case of vApp Web Service in vCloud Director. lets see what we will cover in “part 2” .

LAB-61 TASKS (Part 2)

In this Lab, we will perform following tasks

  1. Load Balance Use Case Scenario
  2. Architecture diagram for Load balancing Use Case Scenario
  3. Create NAT Rules for Web Server “SNAT/DNAT”
  4. Firewall Rule for Webserver on “SkyNet Org Network” 
  5. Firewall Rule for WebServer on “vApp Network”
  6. Test Load Balacing Access for “Web Servers”

1-Load Balacnce Use Case Scenario

I have a vApp5 with name “vApp5-Web1” VM which act as “Web Server 1” and “vApp5-Web2” as “WebServer2”. These VM’s are behind routed organization network. I am going to use vCloud Director, which use vShield Edge Firewall Load Balancing feature to load balance the web servers. below diagram is the same which i used in my previous post.

2-Architecture diagram for Load balancing Use Case Scenario


3-Create NAT Rules for Web Server.

 1-Create SNAT Rule For WebServer

At first we have to add a Source NAT rule which apply on you External Network “External-Public2” of organization Firewall. In Original (Internal) Choose your organization Network ( and in translation we select an external IP from VSE sub allocation pool which act as public IP ( address for our Web Servers.

Make sure “Enabled” Check box is checked -> Click “OK”


2-Create DNAT Rule For WebServer

In Second step create a DNAT Rule in Organization Firewall. In rule my External Network is “External-Public2”. Enter your web server external IP address ( as a source. In destination choose virtual IP ( address of your web server pool.

Match your Setting which below screen shot-> Click “OK”


Verify your Both Added NAT Rules -> Click “OK”


4-Firewall Rule for Webserver on “SkyNet Org Network”

By default Firewall Action is “deny” on your “Organization VDC Routed Network” as shown below. We have to add a firewall rule to allow the Web Server traffic to get through. To do this Go to Firewall Tab-> Click “Add”


In Source Enter “external” keyword (so any one from external network can access it). Choose Source Port “any”

In Destination enter you web server external IP ( which is publish to outside world->In Destination port enter “80” ->Click “OK”

Make Sure “Enabled” Check Box is checked.


Verify your added Firewall Rule -> Click “OK”


Wait for VSE to Configured the above settings


Now everything is configured and fine as you can see “Green Check box” in VSE status


5-Firewall Rule for WebServer on “vApp Network”

Now Allow Web Server traffic for the “vApp5” (which contains both of our web server).  go to your vApp “Networking” Tab


Right Click on your vApp Network “vApp5-Network-Routed” -> Click “Configure Services”


You can see the vApp “VM Internal” and “External IP” address mapping in “NAT” tab.


In vApp “Firewall” Tab. there is one rule available by default which allow all outgoing traffic from “vApp5”. but in our case traffic in coming toward “vApp5”.

To Add a Firewall Rule -> Click “Add”


Type a “Descriptive” name and choose the Source “External” with “any” source port. In “Destination” enter organization network subnet ( with “destination port 80” -> Click “OK”


Verify your newly added rule -> Click “OK”


As you can your vApp Network Color changed into yellow-> Click “Apply” to commit the changed which we have made in firewall.


After “Apply” with no error. Your vApp Network went back to normal state as shown belowcloudlab61-vCloudOrganization-LBUsecase-37

6-Test Load Balacing Access for “Web Servers”

Now test the web server load balancing. at the mgmt. PC/Client, open then browser and point it to your Web Server external IP “

If everything is configured correctly then you will get your test page. In my case at first attempt it got web page from “Web Server 2” as shown below


Now if you “refresh” your browser. It will get the “first web server” home page due to “round robin” load balancing method as shown below.



Leave a Reply

Please log in using one of these methods to post your comment: Logo

You are commenting using your account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )


Connecting to %s