Tag: VMware Cloud Director

Deploying the vCenter Server Appliance 8.0.0 to VMware Cloud Director

Recently, I needed to deploy VCSA 8.0.0 in a VMware Cloud Director environment, which initially ended up with the following cryptic error message when trying to import the VCSA OVA file from the installer ISO into a VCD vApp template:

Error: Validation failed for the OVF file you provided: Fatal: Line/char 578/96: cvc-minInclusive-valid: Value ‘-100’ is not facet-valid with respect to minInclusive ‘0’ for type ‘unsignedShort’.

Although not officially supported by VMware, I came up with the following solution: Replace the mentioned value with a valid one in the OVF file as an unsigned short data type cannot have a negative value, i.e. it must be in the range of 0 to 65535. Thus, we’ll simply remove the sign from the value and store it as “100” in the OVF file.

Customizing the VMware Cloud Director Portal

To match corporate branding standards and to create a fully custom cloud experience, we can customize the VMware Cloud Director Service Provider Admin Portal and the VMware Cloud Director Tenant Portal of each organization. In addition, we can modify and add custom links to the two upper right menus in the VMware Cloud Director portals.

As part of the installation, VMware Cloud Director contains two themes – default and dark. We can create, manage, and apply custom themes. In addition, we can change the portal name, the logo, and the browser icon. In addition, the browser title adopts the portal name that we set.

Replace certificates for VMware Cloud Director portal and console proxy

With VMware Cloud Director 10.3, the SSL certificates of the HTTP and the console proxy endpoints are not stored in a PKCS12/JCEKS formatted keystore anymore, but in PEM format only.

So the simplified process is as follows (after creating a backup of the old certificate and key files):

/opt/vmware/vcloud-director/bin/cell-management-tool certificates -j --cert /opt/vmware/vcloud-director/data/transfer/user.http.pem --key /opt/vmware/vcloud-director/data/transfer/user.http.key

/opt/vmware/vcloud-director/bin/cell-management-tool certificates -p --cert /opt/vmware/vcloud-director/data/transfer/user.consoleproxy.pem --key /opt/vmware/vcloud-director/data/transfer/user.consoleproxy.key

Afterwards the cell must be restarted, e.g. using service vmware-vcd restart. The procedure must be performed on all available cells in a cell group.

To customize the VMware Cloud Director URLs we must also edit the Web Portal endpoints in the Service Provider Admin Portal under Administration > Settings > Public Addresses.
There we enter our VMware Cloud Director public URL for HTTPS (secure) connections and click Replace Certificate File to upload the certificates that establish the trust chain for that endpoint. The certificate chain must match the certificate used by the service endpoint, which is the certificate we’ve uploaded to each VMware Cloud Director cell before.

Pro tip: The key must be provided in a separate file, not included in the certificate PEM file. The certificate file must have the following schema:

-----BEGIN CERTIFICATE-----
(Your Primary SSL certificate: DomainName.crt)
-----END CERTIFICATE-----
-----BEGIN CERTIFICATE-----
(Your Intermediate certificate: CA.crt)
-----END CERTIFICATE-----
-----BEGIN CERTIFICATE-----
(Your Root certificate: TrustedRoot.crt)
-----END CERTIFICATE-----

VMware homelab VCD setup

With VMware VMware Cloud Director you can build secure, multi-tenant clouds by pooling virtual infrastructure resources into virtual data centers and exposing them to users through Web-based portals and programmatic interfaces as a fully automated, catalog-based service.

In the lab environment, we’ll setup a simple single cell installation, and add our workload vCenter Server vc2.lab.local and the NSX-T Manager nsx1.lab.local as infrastructure resources.

From these infrastructures we’ll create cloud resources such as a provider VDC, a Geneve network pool, and an External network.

Then we’ll create a tenant organization and assign resources from the provider VDC as an organization VDC to this particular organization. We’ll also create an Edge Gateway to allow the tenant to access the outside world from within his Cloud.

Page 2 of 2

All your base are belong to us.