With VMware VMware Cloud Director you can build secure, multi-tenant clouds by pooling virtual infrastructure resources into virtual data centers and exposing them to users through Web-based portals and programmatic interfaces as a fully automated, catalog-based service.

In the lab environment, we’ll setup a simple single cell installation, and add our workload vCenter Server vc2.lab.local and the NSX-T Manager nsx1.lab.local as infrastructure resources.

From these infrastructures we’ll create cloud resources such as a provider VDC, a Geneve network pool, and an External network.

Then we’ll create a tenant organization and assign resources from the provider VDC as an organization VDC to this particular organization. We’ll also create an Edge Gateway to allow the tenant to access the outside world from within his Cloud.

VMware Cloud Director fundamentals

VMware Cloud Director adds a layer of resource abstraction to facilitate multi-tenancy and provide interoperability between clouds built to the vCloud API standard.

  • Physical compute, storage, and network resources are passed to the vSphere layer where resource pools, virtual switches, and storage policies are created.
  • Resource pools and datastores are then passed up to VMware Cloud Director and attached to so-called provider virtual data centers.
  • Pure virtual compute and storage resources are exposed to users through virtual data center constructs. Users consume pure virtual resources from virtual data centers through various allocation models.

For multi-tenancy, the following key constructs are introduced by VMware Cloud Director.

OrganizationThe unit of multi-tenancy representing a single logical security boundary. An organization contains users and virtual data centers.
Provider VDCA grouping of compute and storage resources from a single vCenter Server. A provider virtual data center can be composed of one or more resource pools and combines the resource pools with one or more storage policies and can share resources with multiple organizations.
Organization VDCA subgrouping of compute, memory, storage resources, networks, and network routers, allocated from a provider virtual data center. A virtual data center is a deployment environment where VMs or vApps can be instantiated, deployed, and powered on. Virtual data centers cannot span multiple organizations.

Install VMware Cloud Director

VMware Cloud Director can be either installed using the vSphere Client, or using OVF tool.

We’re going to deploy VCD 10.2 from an OVA file in vSphere Client:

  1. Log into the Management vCenter Server (vc1.lab.local), right-click on the cluster Mgmt-Cluster, and select Deploy OVF Template in the context menu
  2. Select the VMware_Cloud_Director-10.2.2.5821-17855679_OVF10.ova file
  3. Provide a name for the virtual machine, i.e.: vcd1a
  4. Click NEXT on the Select a compute resource page
  5. Click NEXT on the Review details page
  6. Select the I accept all license agreements check box and click NEXT
  7. Select Primary – small on the Configuration page (this is sufficient for our lab environment)
  8. Select the the datastore
  9. Select the networks as follows
    1. eth0 Network: Nested Management Network
    2. eth1 Network: Nested vSAN Network
  10. Customize the template as follows (note: every parameter must be entered, otherwise the deployment fails during the initial start).
    1. NTP Server: 172.16.11.4
    2. Initial root password
    3. Expire Root Password Upon First Login: Deselect
    4. Enable SSH root login: Select
    5. Default Gateway: 172.16.11.253
    6. Domain Name: vcd1a
    7. Domain Search Path: lab.local
    8. Domain Name Servers: 172.16.11.4
    9. eth0 Network IP Address: 172.16.11.221
    10. eth0 Network IP Netmask: 255.255.255.0
    11. eth1 Network IP Address: 172.16.13.221
    12. eth1 Network IP Netmask: 255.255.255.0
  11. On the Ready to Complete page, review the configuration settings for the VMware Cloud Director appliance, and click Finish to start the deployment.

The appliance deployment takes a few minutes. Once it has been successfully deployed, we can power on the VM vcd1a using the vSphere Client.

Now we must continue to the configuration phase in the appliance management user interface of the VCD appliance.

  1. Open a Web browser and navigate to https://vcd1a.lab.local:5480
  2. We login using the root account
  3. In section Appliance Settings, configure the appliance details as follows and click Next
    1. NFS mount for transfer file location: 172.16.13.225:/srv/nfs/vcd
    2. DB password for the vcloud user
  4. In the Administrator Account section, configure the system administrator details as follows and click Next
    1. User Name: administrator
  5. In the VMware Cloud Director Settings section, configure the installation of this instance
    1. System Name: vcd1
    2. Installation ID: 1
  6. Click Submit and when the system setup finishes, click OK

After the successful deployment, the Embedded Database Availability and Services tabs appear.

We can now log out of the Cloud Director Appliance Management portal and verify the installation by accessing the VCD provider portal.

  1. Open a Web browser and navigate to https://vcd1a.lab.local/provider/
  2. We login using the administrator account

Configure Infrastructure Resources

First, we’re going to add our workload vCenter Server vc2.lab.local:

  1. Navigate to Resources > Infrastructure Resources > vCenter Server Instances and click ADD
  2. Fill in the vCenter Server details as follows, then click Next:
    1. Name: vc2.lab.local
    2. URL: https://vc2.lab.local
    3. Username: administrator@vsphere.local
    4. Enabled: yes
    5. Use vSphere Services to provide URL
  3. Trust the certificate by clicking TRUST
  4. Turn off the Configure Settings slider on the NSX-V Manager page and click Next
  5. Leave both access sliders off on the Access Configuration page and click Next
  6. Click Finish

The vCenter Server has been added as an instance.

Next, we’re going to add our NSX-T Manager nsx1.lab.local:

  1. Navigate to Resources > Infrastructure Resources > NSX-T Managers and click ADD
  2. Fill in the NSX-T Manager details as follows, then click Save:
    1. Name: nsx1a.lab.local
    2. URL: https://nsx1a.lab.local
    3. Username: admin

The NSX-T Manager has been added.

Create Cloud Resources

Now, that we’ve added both infrastructure resources in our lab, we will create some cloud resources.

Let’s create a Geneve network pool:

  1. Navigate to Resources > Cloud Resources > Network Pools and click NEW
  2. On the General page, set the name of the pool: nsxt-geneve-np
  3. On the Network Pool Type page select: Geneve backed
  4. On the Provider page select: nsx1.lab.local
  5. On the Transport Zone page select: Lab-Overlay-TZ
  6. Click Finish

The network pool has been created.

Then we’ll create an External Network provide uplink connectivity for the tenant Edge Gateways.

  1. Navigate to Resources > Cloud Resources > External Network and click NEW
  2. On the Backing Type page, select: NSX-T Resources (Tier-0 Router)
    1. Select the registered NSX-T Manager: nsx1.lab.local
  3. On the General page, set the name for the network: edge-transit-extnet-1
  4. Configure one subnet and click Next
  5. To add a subnet, click Add
  6. Enter the network Classless Inter-Domain Routing (CIDR) settings: 10.0.0.1/24
  7. Skip the DNS settings
  8. Configure a static IP pool: 10.0.0.100 – 10.0.0.199
  9. Click OK
  10. Click FINISH

The External Network has been created.

As a next step, we’re going to create a Provider VDC from our workload cluster SA-Compute-1:

  1. Navigate to Resources > Cloud Resources > Provider VDCs and click NEW
  2. On the General page, set the name of the Provider VDC: pvdc-1
  3. On the Provider page select: vc2.lab.local
  4. On the Resource Pool page select: SA-Compute-1
  5. On the Storage page select the storage policies: * (Any)
  6. On the Network page chose the network option: Select an NSX-T manager and Geneve Network pool
  7. Select the NSX-T Manager: nsx1a.lab.local
  8. Select the Network Pool: nsxt-geneve-np
  9. Click Finish on the Ready to Complete page

The Provider VDC has been created.

Tenant operations

Once the provider resources have been setup, we’re going to create vCloud tenant and assign resources to it.

Create an Organization

First, we create the organization:

  1. In the Provider portal, navigate to Resources > Cloud Resources > Organizations and click NEW
  2. Enter the following data
    1. Organization name: acme
    2. Organization full name: ACME Corporation Cloud
    3. Click CREATE

The organization has been created. We’ll now configure settings for Catalogs and Policies for this particular organization.

  1. In the Provider portal, navigate to Resources > Cloud Resources > Organizations and click on the tenant-1 organization
  2. Under Configure click Catalog and Edit
  3. Enable the slider Subscribe to external catalogs
  4. Click Keep
  5. On the Policies page, click Edit to set the following policies:
  6. From vApp leases:
    1. Maximum runtime lease: 14 days
  7. Click OK

To enable the tenant administrator to log in to his tenant portal later, we’ll create an user with the administrator role assigned.

  1. In the Provider portal, navigate to Resources > Cloud Resources > Organizations and click on the Open in Tenant Portal icon next to the tenant-1 organization
  2. The tenant portal will open (we’re still logged in as the System Administrator)
  3. In the top navigation bar, click Administration
  4. In the left panel, under Access Control, click Users
  5. The list of users appears; Click New
  6. Enter the user name and the password setting of the user: acme-admin
  7. Choose the role: Organization Administator
  8. Click Save
  9. Close the tenant portal

Allocate resources to an Organization

Now, that the organization has been created, we’re going to create an Organization VDC and allocate resources to it.

  1. In the Provider portal, navigate to Resources > Cloud Resources > Organizations VDCs and click on NEW
  2. On the General page enter the name of the VDC: acme-orgvdc-1
  3. On the Organization page select the Organization: acme
  4. On the Provider VDC page select the provider VDC: pvdc-1
  5. On the Allocation Model page select: Pay-As-You-Go
  6. On the Pay-As-You-Go model page configure the following values:
    1. CPU quota: Unlimited
    2. CPU resources guaranteed: 20 %
    3. vCPU speed: 1 GHz
    4. Memory quota: Unlimited
    5. Memory resources guaranteed: 20 %
    6. Maximum number of VMs: 100
  7. On the Storage Policies page select: *(Any)
    1. Turn Thin Provisioning to ON
    2. Leave Fast Provisioning at OFF
  8. On the Network Pool page select: nsxt-geneve-np
  9. Maximum Provisioned Networks: 100
  10. Click FINISH

Create an Edge Gateway for the Organization

  1. In the Provider portal, navigate to Resources > Cloud Resources > Edge Gateways and click on NEW
  2. On the Organization VDC page select: acme-orgvdc-1
  3. On the General page enter the name of the Edge: acme-egw-1
  4. On the External Networks page select: edge-transit-extnet-1
  5. On the Edge Cluster page select: Use the edge cluster of the external network
  6. On the Allocated IPs page click NEXT
  7. Click FINISH

The Edge Gateway has been created.

Now, that everything has been prepared on the provider side, let’s logout from the provider portal.

Access the tenant cloud

We’ll now have a look on the tenant portal and perfom some basic tasks as an organization administrator.

  1. In a web browser goto the URL: https://vcd1a.lab.local/tenant/acme/
  2. Log in to the ACME organization tenant portal using the credentials, we’ve created as the provider (User name: acme-admin)
  3. The tenant portal opens