1. EF++ VMware vCD training Users
HW - EF++ platform technology stack
30/1/14

2. Agenda Formation utilisateur Presentation of the EF++ project
Connection au portail vCD, vCD role : org Admin and vApp Author
Deploiement of vApp
Share a vApp with users
vCD Remote console, Copy&Past feature
vApp with multi VM, GuestOS customization
vCD network architecture
Routed vApp Network, firewall with vSE
How to build vApp templates
Lab – connexion, deploy vapp, add vnic, guestos customization, vmrc and ssh
Catalog management
Upload and download in the cloud
Monitoring org vDC (compute and network)
View vCD events
vCops dashboard, events
Lab vCops

3. Training environment
a vCloud Director vApp will be used to host a new vCloud Director instance for the training
Web
VUM
Sys
Ftp
AD DNS
NAS
vC & DB
vCNS
vCD
training.loc
/24
NAT rule to jump to the web VM
ESXi01
ESXi02
ESXi03
External = /24
vCD Org NW
vxlan /24
vMotion /24

4. EF++ - Training environment accounts
AD & DNS : training.loc, administrator / EFtraining List of service accounts in training.loc / EFtraining SSO admin : / EFtraining1! NAS user : Openfiler / Eftraining ftp user : svc-vcns / Eftraining
Type de compte
Compte
Groupe Active Directory
Service VCOPS
svc-vcops
vSphere Admins
Service vShield Manager (vCloud Network and security)
svc-vcns
Service vCloud Director
svc-vcd
Service Vmware Update Manager
svc-vum
Service Virtual Storage Console
svc-vsc
Comptes Utilisateurs Administrateurs vSphere
Comptes Utilisateurs
Comptes Utilisateurs Administrateurs NetApp
Virtual Storage Admins
Comptes Utilisateur Org1 (vApp Author)
user1
vCloud Users
Compte d’admin Org1 (Org Admin)
user1a
vCloud Org Admins

5. EF++ - Training environment IPVM IP
Application
Comment
tgsefp-ad1
AD & DNS : training.loc
Dedicated MS AD and DNS
tgsefp-vce
vCenter 5.1 & MS SQL Express
DBs : RSA, vcloud, VIM_VCDB
SQL users : vcloud & vum
tgsefp-web
vSphere Web client server, VMware Update Manager
Used to jump onto the training.loc and external NW
Add a second NW vnic connected to External vApp NW
tgsefp-vcd
&14
VMware vCloud Director
vCD cell
tgsefp-vsh
vCNS server
Appliance vShield Manager
tgsefp-nas
Openfiler
Appliance OpenFiler
tgsefp-esx1
vSphere 5.1
Nested Esxi, vmk1 : (vMotion), vmk2 : (vTep)
tgsefp-esx2
Nested Esxi, vmk1 : (vMotion), vmk2 : (vTep)
tgsefp-esx3
Nested Esxi, vmk1 : (vMotion), vmk2 : (vTep)
Not yet regesitered in the vCenter

6. VMware vCloud Director Organizations
Module 5

7. Module Lessons Lesson 1: Organizations
Lesson 2: Organization Virtual Data Centers
Lesson 3: vApp Templates
Lesson 4: Building and Publishing vApps
Lesson 5: Deploying and Running vApps
Lesson 6: Additional Organization VDC Networking

8. Lesson 1: Organizations

9. Organization: Finance
About Organizations
An organization is a logical group of all users (consumers) to which resources will be presented.
An organization has these characteristics:
Enforces a security boundary
Includes appropriate resources and controls
Includes one or more content repositories (catalogs)
Users
Access Control
Catalogs
Provisioned Policies
Organization: Finance
Organization VDCs
vSphere vApp
(VMs with vApp network)
vApp

10. Organization Portals
Each organization has a dedicated portal.

11. Organization Users
Organization users can be created in vCloud Director or by using an LDAP server.
Each user has an administrator-assigned role.
Predefined Role
Privileges
System Administrator
Creates and manages provider VDCs, external networks, network pools, organizations, organization VDCs, organization VDC networks, and catalogs
Organization Administrator
Creates and manages organization users, catalogs, and VMware vSphere® vApp™ templates and organization VDC networks
Catalog Author
Creates, manages, and uses catalogs and vApps
vApp Author
Creates, manages, and uses vApps
vApp User
Similar to vApp Author except that it cannot create vApp or change CPU/memory/disk
Console Access Only
Access to consoles of vApp virtual machines with no power functions

12. Organization Policies
Leases, quotas, and limits help prevent users from depleting or monopolizing an organization’s resources.
Policy type
Settings
Leases
vApp runtime
vApp and vApp template storage
Storage cleanup location
Quotas
Running virtual machines per user
Stored virtual machines per user
Limits
Resource intensive operations per user
Resource intensive operations per organization
Simultaneous connections per virtual machine

13. Expired Items Management (1)
vApps and vApp templates whose storage leases expire are handled as configured under Leases.
These vApps are either moved to an expired holding area or deleted.
The vCloud Director system administrator and the organization administrator have the ability to restore to the organization a vApp that is stored in an Expired Items storage area.

14. Expired Items Management (2)
After a vApp stops running, the clock starts for how long it will remain in the user’s My Cloud.
This type of management can be used to keep organizations and users from cluttering the system with too many vApps and wasting resources.

15. Expired Items Management (3)
After a vApp or vApp template has been moved into Expired Items, either the cloud system administrator or the organization administrator can renew it.
The Expired Items inventory appears under My Cloud.
vApps can also be deleted from Expired Items.

16. Catalogs Catalogs store the following:
vApp templates, which are used to deploy workloads to user clouds
Media (ISO files and FLP files) that can be inserted into CD/DVD and diskette drives on virtual machines
Media can also include other files, such as scripts.
Catalogs can be shared with all users in the organization or with specific users.
Catalogs can be shared with other organizations.
Catalogs can be published to other vCloud Director clouds.
Catalog Objects
vApp Templates
Media
Windows Template
Web Server vApps
Database vApps

17. Catalog Availability Catalogs are made available in four ways:
Private: Available to the owner or creator of the catalog only
Public: Available to other organizations in the cloud
Shared: Available to other specific users in your organization or available to other organizations in your cloud
Published: Available to subscribers in other vCloud Director clouds

18. Organization Catalog Sharing
The system administrator allows or disallows public sharing and publishing of organization catalogs.
If sharing is allowed, the organization catalogs can be shared as visible to other organizations.
Catalogs can be made public to specific organizations or to all organizations.
Catalogs can still be shared within an organization even if sharing with other organizations is not allowed.
Sharing can be set or changed at any time.

19. Organization Catalog Publishing
Publishing allows a catalog to be shared with organizations in other vCloud Director clouds.
The system administrator also controls whether an organization can subscribe to catalogs that are externally published.
Publishing can be set or changed at any time.

20. Catalog Best Practices
Create an administration organization to do the following:
Share public catalogs that offer official build templates to the organization administrators of all organizations
For each consumer organization, follow these practices:
Create a shared catalog for local templates
Use the shared catalog provided by the Administration organization to create standard templates
Recognize that only the Organization Administrator role and the vCloud Director system administrator can view shared and published catalogs
Be very selective about whom you allow to publish catalogs to external clouds.
Be very selective about whom you allow to subscribe from external clouds.

21. Lesson 2: Organization Virtual Data Centers

22. Organization VDCs
An organization VDC is a subset of the resources in a provider VDC.
Provider VDC resources are allocated to tenants in the form of organization VDCs. (Only done by System admin)
Before you can create an organization VDC, you must create an organization (Only done by System admin)
Each organization can have multiple organization VDCs.
Each organization VDC can belong to only a single organization.
vApps, vApp templates, and catalogs cannot be created in an organization until an organization VDC exists.

23. Purpose of an Organization VDC
Organization VDCs enable the cloud provider to securely share provider VDCs resources with multiple tenants. The provider can do so with the following:
Predefined allocations
Ensured control of the tenant’s performance and capacity requirements
Organization A
VDC1 (Tier1)
VDC2 (Tier2)
A single cloud tenant can have multiple organization VDCs. The advantages include:
They consume multiple classes with differing SLAs.
The cost is based on computed needs.
The cloud consumer or user sees the organization VDCs but not the underlying provider VDCs.
vApp

24. Organization VDCs and Provider VDCs
Each organization can have multiple organization VDCs.
Each organization VDC can use resources from a single provider VDC.
Multiple organization VDC can use resources from the same provider VDC.
You cannot create an organization VDC until a provider VDC exists.
organization A
organization B
organization C
VDC-A-1
VDC-A-2
VDC-B-1
VDC-B-2
VDC-C-1
Gold provider VDC
Silver provider VDC
Bronze provider VDC

25. Organization VDC
Enable thin provisioning to reduce storage consumption by committing resources only on demand.
Enable fast provisioning to enable the use of vSphere linked clones.
VM and Network Quota, Storage allocations are set by System administrator

26. Lesson 3: vApp Templates

27. vApp Templates
A vCloud Director virtual appliance (vApp) template is a predefined package of virtual machines and networks that you can use to rapidly instantiate vCloud Director vApps.
Install and preconfigure guest operating systems in the vApp template.
Preconfigure networks in the vApp template.
You cannot power on a vApp template.
vApp Template
vApp

28. Populating Catalogs Options for adding media to a catalog:
Upload an ISO or FLP image file.
Import a media file from a vSphere datastore.*
Copy or move a media file from one catalog to another.
Options for adding vApp templates to a catalog:
Upload an Open Virtualization Format (OVF) package.
Import a virtual machine from vSphere.*
Copy or move a vApp template from one catalog to another.
Create a vApp from a template, modify it, and save it as a template.
Create a vApp from the beginning and save it as a template.
* Requires system administrator permissions

29. Importing vApp Templates
vSphere virtual machines can be imported into vCloud Director:
Only the vCloud Director system administrator role has the right to upload a vSphere virtual machine into vCloud Director.
Virtual machines can be uploaded into a catalog as vApp templates or into My Cloud as vApps.
OVF templates can be uploaded into a catalog as a vApp template.
OVF templates can also be uploaded as a vApp.
Any organization user with sufficient rights can upload OVF templates.
Uploading templates removes any reliance on a system administrator to interact with vSphere.

30. Chain-Length Problems (1)
Each time a vApp is deployed from a vApp template, a linked clone is created.
Linked clones are disk-deduplicated copies of the vApp template.
These copies are based on vSphere snapshots.
Only the data unique to this vApp is stored separately.
Only 31 linked-clone copies of a vApp can exist. Then a new shadow virtual machine is created for each virtual machine in the vApp and a new chain is started.
A large number of linked clones can slow performance.
Only the vCloud Director system administrator can see the chain length of a virtual machine and issue a command to consolidate.

31. Chain-Length Problems (2)
You can see the chain length on the properties of a virtual machine in a template that is stored in a catalog. (Only System Admin)

32. Chain-Length Problems (3)
The command to consolidate is available when you right-click a virtual machine in a template.
You also can view shadow virtual machines.

33. Lesson 4: Building and Publishing vApps

34. vApps (1) vApp A vApp is a package of IT services.
The package includes:
One or more preconfigured virtual machines running the applications included in a service
A vApp network for communication between virtual machines
Metadata for deployment instructions and runtime policies
vApp
OVF descriptor
database
virtual machine
app server

35. vApps (2) A vApp is deployed from a vApp template.
vApps simplify the deployment and ongoing management of an n-tier application.
vApps can contain one or many virtual machines.
vApps encapsulate not only virtual machines but also their interdependencies and resource allocations.
OVF is the distribution format for vApps.
vApp Template
vApp

36. vApp Custom Guest Properties1
The vApp custom guest properties feature the following:
Developers and other users can use OVF descriptors to easily pass user data into guest operating systems.
Benefits:
Easier postdeployment configuration and provisioning of identity to virtual machine and vApps
Provides functionality to bootstrap a wide variety of guest customization solutions
OVF package
vApp
vApp 2
Deployment configuration
Deploy OVF package. 3
vApps
vSphere

37. Considerations for vApps
General design considerations:
Include one virtual CPU. Add vCPUs as needed.
Use the latest version of VMware® Tools™.
Use default shares, reservations, and limits.
Use vmxnet3 network adapters.
Network design considerations:
Each vApp network consumes processor and memory resources and a network from the pool.
Each VMware® vShield Edge™ that is deployed allocates an IP from the static pool available on the organization VDC network.

38. Lesson 5: Deploying and Running vApps

39. Deploying vApps vApps are deployed from local or public catalogs.
When deploying a vApp from a catalog, you can change these settings:
Change the VDC used to run the vApp to any VDC in your organization
Change the storage profile used to run the virtual machines and optional vShield Edge instances.
Change the vApp lease values

40. Copying and Moving vApps
A vApp can be copied or moved from one catalog to another catalog.
Considerations when copying from a public catalog:
The vApp networking might be configured for the unique topology of the source organization, including DNS resolution options, static or manual IP allocations, and host names.
To change vApp settings:
Copy the vApp to a local organization catalog
Deploy the vApp
Update the configuration
Republish

41. Guest Customization
You can configure guest customization settings for any stopped virtual machine.
Guest customization can be used for the following tasks:
Configure the host name
Enable or disable SID generation (for Windows guests)
Set the administrator password
Specify a customization script to be executed
Guest customization requires a virtual machine reboot to finish.

42. Hardware Customization (1)
You can change the hardware settings on a stopped virtual machine.
You might be able to “hot-add” hardware to running virtual machines.

43. Hardware Customization (2)
You can change the vApp network, create a new vApp network, or connect the vApp directly to an organization VDC network.
You can specify the IP addressing used by each virtual machine.
Static IP use requires enabling of guest customizations.

44. IP Addresses and vApp Connections
Edge Gateway
Organization VDC Network ( /24)
vShield Edge
DHCP / Static Pool
vApp
vApp Network
Routed vApp
(Static)
(Manual)
(DHCP)
Edge Gateway
DHCP / Static Pool
Organization VDC Network ( /24)
vApp
vApp Network
Direct-Connect vApp
(Static)
(Manual)
(DHCP)

45. Lab – Change temporary VMware licenses
~ 10 minutes
Licenses in vCD portal
Licenses in vCenter

46. Lab – New vApp with multi VM & Direct Net Connections
~ 30 minutes
Goal :
From the external NW, be able to connect to the Win VM (RDP : 3389), and to the Linux VM (ssh : 22)
New vApp
Direct Connect
Linux VM
Win VM
Step by step:
Deploy from the catalog a new vApp
Add a second VM
Connect them on the external Network (Direct-LAN)
Power on the vApp
Try to connect with SSH from your VM WEB
External NW = /24

47. Lab – New isolated vApp with multi VM
~ 30 minutes
Goal :
From the external NW, be able to connect to the Win VM (RDP : 3389), and to the Linux VM (ssh : 22)
New isolated vApp
Linux VM
Win VM
vApp NW = /24
Step by step:
Power off the previous vApp
Create new vApp network ( /24)
Attach the vApp network with Direct-LAN
Configure the NAT & the firewall service (only inbound SSH)
Power on the vApp
Try to connect with SSH from your VM WEB
Try to ping it
FW enabled ?
External NW = /24

48. Annexe - vApp EF++ changes
After PowerOn vApp, change security setting on vxlan dvs
Enable ntpd on vCD cell, chkconfig ntpd on, service ntpd start.
Register the lookup service in vCD (Federation) :
/ EFtraining1!
Remove the : Use vSphere Single Sign-On
Change IE configuration
Security / Trusted site Low
Privacy : Accep All Cookies, Remove Pop-UP Blocker,
Advanced/Security : remove Check for … revocation, Warm … certificate address mismatch*

49. vCops users dashboards

50. How to connect to vCops dashboard
Connect to the vCops predefined dashboards
UI>/vcops-custom , user/password with your TGI
Know the vApp Health status, workload, vCD and vSphere dependances.
Look at the vCloud vApps dashboard of an organization
Look at the vSphere dashboard to get more details on predefined metrics
Remark : The list of dashboards will depend on your vCops permissions

51. vCloud Director / vCloud organization dashboard
Detail of Health metric view of the vApp
List of Organization Health
List of vApp Health
List of Organization vDC Health
vApp Health tree

52. Super metric : Workload Super metric : Anomalies
vCops Super Metrics
Super metric : Health
Super metrics : compilations of Workload, Anomalies and Faults
Super metric : Workload
CPU, MEM, Disk IO, NET IO
Super metric : Anomalies
What is not normal from the past…
Super metric : Faults
Errors on this object

53. vCloudDirector / vCloud Provider dashboard
List of provider vDC metrics
List of provider vDC
List of provider Organization vDC for a pvDC

54. vCloudDirector / vCloud Shield Edge dashboard
List of vShield Edges devices
vShield device metrics
vShield Edge tree

55. vCops dashboards demos