27 diciembre 2013

Understanding networks in vCloud Director - Part 2/2

Read first "Understanding networks in vCloud Director - Part 1/2"
http://virtualshocks.blogspot.com.es/2013/09/understanding-networks-in-vcloud.html

This part 2/2 is about the "vApp networks" on VMware vCloud Director. This vApp networks connect the virtual machines in a vApp, it´s like configure a router in front a vApp to separate the vm´s from the rest of the vApp or the Cloud enviroment.

What VMware says "vCloud Director coordinates with vCloud Networking and Security Manager to provide automated network security for a vCloud environment. vCloud Networking and Security Edge gateway devices are deployed during the provisioning of routed or private networks. Each vCloud Networking and Security Edge gateway runs a firewall service that allows or blocks inbound traffic to virtual machines that are connected to a public access organization virtual datacenter network.    The vCloud Director web console exposes the ability to create five-tuple firewall rules that are comprised of source address, destination address, source port, destination port, and protocol."


When creating a vApp netork the options are:

-Direct: vApps coonect directly to the organization virtual datacenter network.
-Routed: new network where the router provides NAT and FW functions.
-Isolated: no connections outside de vApp, only inside vApp VM machines can communicate.
-Fenced: Identical virtual machines can exist in different vApps, the virtual router provides isolation and proxy ARP.

Before see some examples, take care with the Network Pool options as defined above:


...Trough the wizard:


..Trough the vApp diagram tab in vCloud Director GUI. This view is one of the best way to review the networking configuration issues clicking on a VM the paths are highlighted:



...Trough the Networks tab you can sleect the network type ant the NAT or FW options:



Let´s check some examples:

CASE1: where 2 Organizations keep comunicated with a External Network: vShield Edge routing and statics routes are necessary

-CASE1: where 2 Organizations keep communicated without NAT but where vShield Edge is necessary.
.



LINK:  vCloud Networking