Home > Blogs > VMware vCloud Blog > Monthly Archives: July 2011

Monthly Archives: July 2011

Update on VMware Service Provider Program (VSPP)

By: Mathew Lodge

The VMware Service Provider Program (VSPP) was created for partners who offer cloud computing and/or hosted IT services. Through a flexible pay-as-you-go license rental model, VSPP allows partners flexibility in service delivery with no up-front expenses. With over 5,200 partners in 45 countries today, VSPP has seen rapid expansion. That, plus feedback on how we can be a better business partner to our service providers, has led us to make some additions and changes to VSPP.

What is changing?

  1. Two new vCloud Service Provider IaaS bundles are now available, based on vSphere 5.0. The previous vSphere 4 cloud IaaS bundles continue to be available to allow service providers to decide when to transition to vSphere 5.
  2. The full vShield Edge product is now included in the Premiere vCloud Service Provider IaaS Bundle. This adds IPSec VPN and load balancing features at no extra cost.
  3. We are changing the licensing metric for the cloud IaaS bundles from allocated virtual RAM to reserved RAM, to allow service providers to exploit the powerful memory oversubscription capabilities of vSphere (see below for details). Associated with this change, there is a 24GB reserved RAM price ceiling per VM and a minimum “floor” for reserved RAM to avoid excessive memory oversubscription (see details below).

What do these changes mean for service providers?

Service providers get improved profitability from VMware by gaining access to new revenue-generating features, and reduced operational costs through more efficient use of their physical server infrastructure.

By repackaging our vCloud Service Provider Bundles, you can choose the level of capability that fits your service offering: one for high-end cloud or hosting capable of handling the most demanding, complex applications and a lower priced bundle for less demanding applications.

The change in licensing metric allows service providers to sell more computing capability from the same infrastructure, helping you to “sweat the assets” of your compute service on a fixed-cost basis. VMware offer the highest consolidation ratio (VMs to physical hardware) of any IaaS vendor and therefore the lowest unit cost per VM, and this licensing change gives you a simple fixed cost basis too (compared to the allocated vRAM model used previously).

Please note that VMware’s new vSphere 5 perpetual licensing scheme (i.e., not the license rental model of VSPP) uses allocated vRAM and CPU sockets as its two pricing metrics. We have seen published commentary and analysis that confuses the VSPP license rental model designed for service providers with the perpetual licensing designed for IT groups virtualizing their own servers. They are different licensing programs and each uses different metrics. 

How can I increase profitability using reserved RAM metering?

We now charge you for the physical memory reserved for the VM, allowing you to vary the memory oversubscription ratio according to the needs of the application and the service level.

  Vspp1

 

Secondly, there is a pricing cap of 24GB per virtual machine, so you can sell very large VMs (up to 1TB in vSphere 5) and you will only be charged for a maximum of 24GB reserved RAM by VMware. vSphere 5 excels at handing large VMs and mission-critical applications, and this provides an incentive to VMware customers to run them at VMware-virtualized service providers. 

Memory oversubscription works because many applications don’t use all the memory allocated to them, and this is compounded by application deployment guidelines for off-the-shelf applications that tend to over-estimate required memory. In addition, with VMs on the same host running identical copies of the same Operating System and/or application mean many memory pages are duplicates. Under vSphere, those VMs can share just one set of those identical memory pages, effectively “deduplicating” memory.

vSphere makes it possible to reserve less physical RAM for a VM without affecting performance, and has five main patented techniques to maximize memory oversubscription. Of course, it is possible to starve a VM of memory too, so there is a 50% reserved memory minimum (or floor, computed as the reserved RAM divided by allocated RAM). We chose this minimum on the advice of our engineering team. If you try to reserve less than 50% of allocated memory you will still be charged for a 50% reservation.

It is 24GB of reserved memory that triggers the cap. For example, a VM allocated 32GB of vRAM with a 50% reservation (i.e., 16GB of reserved RAM) does not trigger the 24GB memory cap.

Here are a couple more examples for clarity: 

Example 2: 10 VMs of 32GB each with 100% reserved RAM would be charged as 240GB total memory (10 x 24GB given the 24GB per VM cap).

Example 3: 10 VMs of 16GB each and 2 VMs of 80GB each, 100% reserved RAM, would be charged as 208GB (160GB + 48GB).

Example 4: 10 VMs of 32GB each with 50% reserved RAM would be charged as 160GB total memory (50% reservation means 16GB per VM x 10) 

As before, only powered-on running VMs are charged.

What’s better about the new bundles vs. those previously available?

The first major enhancement is that VMware has adopted vSphere 5.0 for the new bundles. Additionally, the standard bundle has been upgraded from vSphere Standard Edition to vSphere Enterprise Edition. We’ve also added the distributed network switch feature to the Standard Bundle, based on your feedback that this was a vital component for reducing networking infrastructure costs in your service designs.

For the Premier Service Provider Bundle, we offer vSphere Enterprise Plus and added the full vShield Edge license. The goal is to provide additional revenue generating opportunities from offering VPN and load balancing using vShield Edge, without requiring additional networking hardware or software.  See the charts below for a full outline of each bundle.  

  Vspp2

Your feedback is always valuable:

Attenda, a VSPP member in the UK, has been helping shape some of the recent changes. Philip Longley, Product Manager at Attenda, sent us this:

“Attenda has been a part of the VMware Service Provider Program (VSPP) since the early beta program, and as an active member of the Service Provider Advisory Group have helped shape the latest change. The team at VMware listened to our early feedback on the change to VSPP pricing and introduced changes to closer match our business model.”

Pat O’Day at Bluelock, a vCloud Datacenter Service Provider, notes that the billing adjustments help enterprises better manage their resources by only paying for what they use: 

“VSPP provides us with a subscription-based pricing model that aligns well with our vCloud Datacenter offerings. The new reserved RAM pricing model takes advantage of key VMware technology features while allowing us to control memory allocation for optimal resource management.”

We’d like to thank all of the service providers who provided candid feedback and spent time proposing and discussing potential VSPP changes with our team. We appreciate it!

For future updates on VSPP and the VMware Service Provider community, follow @VMwareSP on Twitter.

For more information on VSPP, or how to become part of VMware’s service provider community, please visit the VMware Service Provider page.

The 10 Big Questions to Ask Cloud Providers

Here at VMware, we want users to be sure that they’ve chosen a public cloud service provider that meets all of their needs. That’s why we’ve created The 10 Big Questions – they are the 10 main questions that every user should ask prospective cloud providers, because a great cloud provider should be able to answer them. Here are the questions:

  1. Do I have to re-write or modify my applications?
  2. Can I move applications back and forth to the public cloud?
  3. How do I know if my cloud is secure?
  4. Can I get flexible role-based access control synchronized with my enterprise directory?
  5. Can I get virtual layer 2 networking and a stateful virtual firewall?
  6. Can I dynamically add memory and CPU to a cloud VM while it’s running?
  7. How can I ensure CPU and memory are guaranteed?
  8. Can I get predictable service costs that still allow me to scale when I need to?
  9. How can I get the cost benefits of multi-tenancy but still access dedicated infrastructure when I need it?
  10. How can I ensure global consistency across cloud service providers? 

There they are, the 10 things every user should be asking prospective cloud providers. With the new VMware vCloud Datacenter Service, offered by a select network of leading service providers, VMware has actually answered all of these questions. Here’s how we stack up:

1. Do I have to re-write or modify my applications?
Nope, not with VMware vCloud Datacenter Service – it functions as an extension to existing VMware-virtualized datacenters. This means that users can move their applications to the cloud with little or no re-work!

2. Can I move applications back and forth to the public cloud?
Absolutely. VMware vCloud Datacenter Service makes it simple for users to transfer VMs from their on-premise vSphere or vCloud Director infrastructure to the cloud and back again, as often as they want. 

3. How do I know if my cloud is secure?
VMware vCloud director has a published set of security controls that VMware cloud partners must adhere to. That means users can always obtain firewall and other security logs, as well as security transparency and the ability to audit.

4. Can I get flexible role-based access control synchronized with my enterprise directory?
VMware vCloud Datacenter Service authenticates using users’ own enterprise directories, so they don’t have to administer a shadow user list. Role-based access control ensures that users get all the control they need to manage their directories.

5. Can I get virtual layer 2 networking and a stateful virtual firewall?
Yup, VMware vCloud Datacenter Service offers a stateful firewall per virtual application, and full virtual layer 2 networking.

6. Can I dynamically add memory and CPU to a cloud VM while it’s running?
VMware vCloud Datacenter Service allows users to dynamically add or remove resources both to and from running VMs, giving them dynamic scale.

7. How can I ensure CPU and memory are guaranteed?
The same VMware vSphere resource controls that people use today to guarantee performance are available through VMware vCloud Datacenter Service. This means that users can get guaranteed reservations, even when they’re sharing the cloud with other tenants.

8. Can I get predictable service costs that still allow me to scale when I need to?
VMware vCloud Datacenter Service provides Virtual Datacenters (VDCs), a collection of CPU, memory and storage, all with predictable costs. Users can then allow self-service or delegated consumption of resources, giving elastic scaling while still maintaining the same predictable costs.

9. How can I get the cost benefits of multi-tenancy but still access dedicated infrastructure when I need it?
VMware vCloud Datacenter Service actually offers both multi-tenant (shared) infrastructure and dedicated (virtual private) Virtual Datacenters. 

10. How can I ensure global consistency across cloud service providers?
Users can achieve global consistency by working with any of our great service provider partners who offer VMware vCloud Datacenter Service. All vCloud Datacenter Services are regularly certified by VMware and are build on a common infrastructure platform—ensuring that users receive the same quality service, no matter which partner they access it through or which part of the world they’re accessing it from.

We’re excited by the new cloud benefits we can provide to customers through VMware vCloud Datacenter Service. To learn more, be sure to visit us online and follow the @vCloud channel for future updates. 

Why VMware vSphere 5 is Setting a New Standard in Virtualization

By: Matt Sarrel

Last week, VMware CEO Paul Maritz announced VMware vSphere 5 and a full set of cloud infrastructure technologies designed to help customers create and maintain efficient and agile virtual infrastructures.  

With nearly 200 new and enhanced capabilities, VMware vSphere 5 will continue to set the standard in virtualization, delivering better application performance and availability for all business-critical applications while automating the management of an increasingly broad pool of datacenter resources. Rounding out the virtualization offering are VMware vShield™ 5, VMware vCenter™ Site Recovery Manager 5, and VMware vCloud® Director 1.5, products that together with VMware vSphere 5, will amplify the value customers can realize from virtualized resources by enabling cloud-scale operations.
 
Security is always important to me, and VMware is evolving their security from a physical model to a virtual software model, driven and managed by policy, enabling customers to trust in the security of their applications and data regardless of where they reside or how frequently they move across various private, public and hybrid cloud environments.  To me, more security is usually a good thing, especially regarding applications and data.
 
vSphere has been beefed up to support VMs that are up to four times more powerful than previous versions, with up to 1 terabyte of memory and 32 virtual CPUs.  High availability features have been enhanced to increase scalability.  Great performance and higher availability means that more business-critical applications can be virtualized.
 
Equally important is the ability of VMware vCloud Director 1.5 to create and maintain Linked Clones. Now administrators can build and patch Linked Clones instead of individual VM’s, which will yield a dramatic time saving. According to VMware, this can reduce provisioning time to as few as 5 seconds while also reducing storage costs by as much as 60 percent.  
 
In a separate announcement VMware introduced the VMware vSphere Storage Appliance™, a new software product that transforms server internal storage into shared pools of storage.  This product is primarily focused on enabling SMB customers to take full advantage of the unique business continuity and automation capabilities of VMware vSphere, including High Availability, vMotion®, and Distributed Resource Scheduler™.  It’s good to see enterprise features filtering down to the SMB market.

Stay tuned for more updates on these products, and follow us on @vCloud.

Matthew D. Sarrel (or Matt Sarrel) is executive director of Sarrel Group, a technology product testing, editorial services, and technical marketing consulting company.  He also holds editorial positions at pcmag.com, eweek, GigaOM, and Allbusiness.com, and blogs at TopTechDog.

VMware’s #cloudtalk – Announcing Our Inaugural Twitter Chat

The #clouderati are certainly a vocal bunch, and if you spend even a small amount of time watching Twitter, you’re bound to see a few of them hash it out over the state of the cloud. Their comments are (usually) quite insightful – and almost always their opinions on cloud differ.

Since these debates happen ad-hoc on Twitter, we wanted to find a way to allow the larger cloud community to have a time and a place to discuss important issues in our industry. What constitutes a cloud foundation? Is open better? What about security? There are plenty of questions and a constant stream of hot topics to discuss when it comes to cloud.

Our first chat will take place July 20th at 11am PT  to discuss security concerns and the public cloud. We plan to host #cloudtalk every month going forward from the @vCloud feed, and encourage the Twitter cloud community to suggest future topics. 

So, how do I participate in #cloudtalk?

  • Follow the #cloudtalk hashtag (via TweetGrid, TweetDeck or another Twitter client) and watch the real-time stream.
  • At 11am PT @vCloud will pose a few questions using the #cloudtalk hashtag to get the conversation rolling.
  • Tag your tweets with the #cloudtalk hashtag. @reply other participants and react to their questions, comments, thoughts via #cloudtalk. Engage!
  • #cloudtalk should last about an hour.

In the meantime, feel free to tweet @vCloud with any questions or future topic suggestions. Hope to catch you in the stream on the 20th!  

UPDATE: We recently learned that another member of the community has been using the hashtag #cloudchat. To avoid any confusion, we've decided to change the name of our Twitter chat to #cloudtalk. We hope to see you all in the stream next Wednesday for #cloudtalk! 

Learn How to Run Your Business in the Cloud – Join VMware and Tier 3 for Tomorrow’s Webinar

By: Matt Sarrel

Tier 3 is putting on an interesting webinar, Learn How to Run Your Business in the Cloud, scheduled for tomorrow at 10am PT. The goal of the webinar is to help you learn how to apply the cloud to your business IT infrastructure in order to take advantage of cost savings and a vast increase in performance and scalability. Learn how to protect business data with the same (or better) level of security and compliance you would offer on premise. 

One thing I’ve learned from playing around with virtualization and cloud infrastructure and platform services is that it is very easy to add or subtract capacity.  That capacity can be CPU, memory, or storage and that translates to greater flexibility than most businesses are going to have in-house regarding provisioning of new applications and servers. That’s great from an end user point of view, yet most IT departments face additional requirements such as availability, security, and compliance. 

The webinar will include a discussion of how to find and contract for cloud services that provide these requirements, such as for fault tolerance and redundancy in order to increase availability. These are things that you need to make sure you have so that you can provide the level of service to your users that they’re used to. Another topic that will also be discussed is what to look for in the SLA that goes along with those enterprise level services. Attendees will also learn how to know that they’ve chosen the right provider—one who enables its users to retain total control over their environment while also giving them what they need.

Be sure to follow the @vCloud and @tier3 handle for future updates. 

Matthew D. Sarrel (or Matt Sarrel) is executive director of Sarrel Group, a technology product testing, editorial services, and technical marketing consulting company.  He also holds editorial positions at pcmag.com, eweek, GigaOM, and Allbusiness.com, and blogs at TopTechDog.

Paul Maritz at the GigaOm Structure Conference – What the “Post-Document” Era Really Means

By: David Davis

David1
The annual GigaOm Structure Conference was held in San Francisco, CA June 22-23 of 2011 with the headline, “making sense of the real cloud”. The conference was sponsored by companies, large and small, the likes of VMware, Terremark, Cisco, EMC, and Microsoft (as well as 200+ other companies). Speakers included leaders of companies (like VMware’s own Paul Maritz and AT&T’s), Technologists (like VMware’s Javier Soltero, CTO of SaaS), and analysts like Vanessa Alvarez (Forrester’s Infrastructure and Cloud Analyst). 

At the Structure conference, Paul Maritz spoke on “Shaping the Cloud”. In his session, Paul covered how VMware’s products defined virtualization and how they continue to push the limits of what’s possible. With the release of VMware’s vCloud Director, VMware is now shaping the cloud computing industry.

After his session, Paul was interviewed by GigaOm. In the interview, Paul discussed how for most of his 33 years in the computer industry, he helped create the automated equivalent of the work desk, where white-collar employees crafted “beautiful documents.” He went on to say that “things are shifting where people now consume streams of content and act on it” and that this “shift in behavior is so new that we don’t even have the vocabulary to express it”. Paul said that, for lack of a better set of terms, we call this change the “post-PC” and “post-document” era.

So what does this mean for you? Your immediate reaction may be that your PC and documents are going away. You might think that you won’t have Microsoft Office documents anymore and, perhaps, that VMware is even planning on replacing those applications – somehow. Let’s clarify what Paul is talking about.

  1. VMware has announced no plans to replace or even compete with the Microsoft Office suite (perhaps with the exception of Zimbra which competes with Exchange/Outlook)
  2. We have been in the “post-PC era” for some time with the popularity of thin client devices (and other portable end user devices) and with the use of desktop virtualization. However, that doesn’t mean that people are going to stop buying PCs anytime soon (but it may have something to do with the poor PC sales numbers over the past few years).
  3. The “post-document era” can be the most puzzling of Paul’s comments as most of us are still tied to constant use of our word processing and spreadsheet applications. However, think about how many web-based applications you use now versus a few years back. These software as a service (SaaS) applications are document-based. They are data-based as they store the data in a relational database then can present and use that data in a multitude of ways.

According to Maritz, the future holds less focus on filing and using documents and more focus on doing what you need to get done with specific applications that help you. Those apps aren’t general-purpose tools (like a word processor or spreadsheet) but specific tools (like a SalesForce CRM and SocialCast).

What can you do to prepare? Virtualize your servers to begin preparing for the cloud. You should test desktop and application virtualization and consider implementing them in production. Besides learning, virtualization and software-as-a-service applications can make your life (as VMware Admins) tremendously easier and save your company time & money.

Be sure to catch tomorrow’s webcast, Raising the Bar, Part V, where Paul Maritz and Steve Herrod will be unveiling the next step in cloud infrastructure. The vCloud team will also be live-tweeting the event on the @vCloud channel.

David Davis is a VMware Evangelist and vSphere Video Training Author for Train Signal. He has achieved CCIE, VCP,CISSP, and vExpert level status over his 15+ years in the IT industry. David has authored hundreds of articles on the Internet and nine different video training courses for TrainSignal.com including the popular vSphere video training package. Learn more about David at his blog or on Twitter and check out a sample of his VMware vSphere video training course from TrainSignal.com.

vCloud Director 1.0.1: Networking Samples

By: Massimo Re Ferre', vCloud Architect

This is a repost from Massimo’s personal blog, IT 2.0 – Next Generation IT Infrastructures.

My old vCloud Director Networking for Dummies post is still going strong according to my blog statistics. I believe this is an indicator that people are looking for more information about this topic so I thought I’d give it a little bit more color and create a few real life examples on how this theory works in practice. I suggest you read the Networking for Dummies post linked above before you dive into this one.

Note also that the other post as well as this one are based on vCloud Director 1.0.1, which is the latest release available as of June 2011. Things may change in the future so, if the vCD release you are using at the time you read this is above 1.0.1, chances are that things could be slightly different. I can’t really say more than that at this point.

Last but not least, everything I will be doing below can be done as a cloud consumer in self-service mode. As a matter of fact I will be doing everything as an Org Admin.

Introduction

To walk through an actual implementation of the networking stack I’ll use my IT20 organization hosted in the Stratogen cloud. This discussion starts with the description of the networking plumbing in my vCloud organization. From the vCD UI it looks like this:

Massimo 1
From a logical perspective it looks like this:

Massimo 2 

My Org has four public Internet addresses that Stratogen associated to my “Routed Network” when they created the tenant. For security reasons I am not going to widely advertise them in this post.

You can see these assigned addresses if you right-click on the Routed Network and select “Configure Services“:

Massimo 3

The last piece of the puzzle is three vApps I have created in this Org and that we are going to connect to the various networks you have seen above. This is supposed to give you a practical idea on how things can be configured. The names of the vApps should be self-explanatory.

Massimo 4

Direct Internet Connection

Let’s start with the most simple of the networking scenarios. Note there is a vApp called “Turnkey_Internet” which is comprised of a single VM. That VM is connected to the “Direct Internet” connection available in my Org. I have only one comment for this example: scaring! Never do this because you are in fact plugging your VM directly into the Internet without any level of protection (other than what you could have inside the Guest OS of course).

This is how my VM is configured:

Massimo 5

And this is how the VM fits into the logical network view: 

Massimo 6

The way this works is pretty straightforward and, if you read the vCloud Director Networking for Dummies post, it should be explained there. Basically the cloud administrator has configured a pool of available IP addresses for this “External Network” (since this is a vSphere PortGroup with native Internet connectivity this pool will contain native Internet IP addresses). Since the Direct Internet connection in my Org is nothing more than a pointer to this vCD External Network which in turns is a pointer (with metadata) to the PortGroup backing it, the result is that the vNIC of my VM gets connected directly to this PortGroup. vCD assigns the (vNIC) an IP in the pool.

I am glad Stratogen configured this network for me – as it is handy if you are experimenting with vCD networking – but in a real life scenario you would never want to connect VMs to a connection like this (directly connected to the Internet). However this may become pretty interesting if you, as an Enterprise, are using virtual data centers hosted in a cloud where the Service Provider has configured an MPLS connectivity back to your headquarter. Something like this: 

Massimo 7

It goes without saying that, in doing so, you are effectively dedicating an External Network (and in turn a PortGroup) to the IT20 Org. If for any reason you give access to another Org to the same External Network (either <Direct> or <Routed> – see next section) you are essentially giving the other Org access to the IT20 MPLS network.

Routed Network – single-tier vApp

This is where things start to become more interesting, slightly more difficult to explain and accomplish at the same time. I have another vApp that is called “Turnkey-Routed”. It contains a single VM that is connected to the Routed Network available in the IT20 organization. You can imagine this Routed Network as a dedicated layer 2 segment protected by a firewall device (vShield Edge). For more information on how this work from a vSphere perspective read the vCloud Director Networking for Dummies post. Essentially the VM in this vApp gets assigned an IP address available in the pool defined for this layer 2 segment. This is how vCD shows the details of the Hardware Properties for this virtual machine:

Massimo 8

And this is how it logically fits into our diagram:

Massimo 9

Note that in the diagram above we went a couple of steps forward. Not only we are protecting the VM with the Edge: I have also configured the Edge to NAT the private IP. To do so I have created a one-to-one mapping rule to one of the four Internet addresses Stratogen assigned to me. I have also configured a firewall rule to only allow traffic on port 12320 to reach the VM (this is because the Turnkey appliance uses particular ports to get access to SSH and web admin interfaces). How did I do this? Move onto the Routed Network and right-click on Configure Services. Point to the “External IP Mapping” tab and configure the NAT rule:

Massimo 10

You would then point to the “Firewall” tab where you can configure the firewall rule I have described above (as an example).

Massimo 11

I have just blocked all traffic coming into this VM except for traffic directed to port 12320. Easy.

Routed Network – multi-tier vApp

The single-tier vApp is still pretty simple. Let’s now focus on the third vApp I have mentioned. This is the “2Tiers” vApp, which is comprised of a front-end Windows VM (Win-Web) and a back-end Linux VM (REHL-DB). The idea is to provide IT20 customers with access to this application protected by multiple levels of security. The first step is to connect the front-end to the Routed Network in the Org and NAT it. This is similar to what we have already done with the single-tier vApp discussed above. I am not going to show screenshots of the NAT and Firewall configurations because the steps are very similar. It goes without saying that the Win-Web VM has a different private IP and I will be using another public IP to create the DNAT rule. This is how the logical layout looks like for this specific vApp. I am opening port 80 for this example:

Massimo 12

As you can see the back-end VM is not yet connected to any network. As I said we want to provide an additional level of security for that VM and we don’t want to connect it “directly” to the Org network. How do we do this? This is where the so called “vApp Networks” come into place. You can imagine vApp Networks as layer 2 network segments dedicated (and only available) to the specific vApp they have been created for. In other words a vApp Network created for one vApp cannot be used by any other vApp. If you want to know more about this concept please refer again to the vCloud Director Networking for Dummies post.

You can create vApp Networks in multiple ways but the easiest one is to click on the “Add Network” choice in the drop-down menu for the vNIC connectivity available in the Hardware Properties of the VM: 

Massimo 13

Selecting it kicks off a brief wizard that asks you the very basic metadata to create a new network (Subnet Mask, Default Gateway, IP Pool etc). You can then select whether you want to protect this dedicated vApp Network with NAT and Firewall functionalities. You can do this in the Networking tab when you “Open” the vApp: 

Massimo 14

Let’s pause for a second here (too many screenshots to digest).

Don’t be fooled. What we are trying to do is to create a logical layout like the one depicted below: 

Massimo 15

In a way we are applying to this vApp Network the same NAT and Firewall principles that we applied to the Routed Network at the organization level. Where do you configure these rules for the Edge device that is backing this vApp Network? Easy. Look at the latest screenshots above and click Details. Done.

This is the tab where you configure the NAT rule so that the DB private IP gets mapped to the Routed Network in the organization: 

Massimo 16

Below is the tab where you configure the Firewall rule to allow DB traffic only (this rule is just an example):

Massimo 17

Conclusions

Let’s now try to put all these pieces together and look at how the logical layout of the workloads running in the organization looks like as a whole:

Massimo 18

As you can see the self-service networking stack in vCloud Director is pretty powerful and flexible although there are certainly things that could (and should) be done better. For example you may argue there is a lot of NATting going on (and I would have a problem arguing the opposite). But, as we said, this post is based on the 1.0.1 version of the product and things may change in the future.

Note that we haven’t covered any example on how to use the “Internal Network” since it should be pretty straightforward. It’s basically a flat layer 2 network that doesn’t go anywhere and only allows VMs attached to it to communicate to each other.

I hope you found this post useful. I’d like to get your feedback.

Massimo currently works as at VMware as a Staff Systems Engineer, vCloud Architect. He works with Service Providers and Outsourcers to help them shape their Public Cloud services roadmap based on VMware cloud technologies. Massimo also blogs about Next Generation IT Infrastructures on his personal blog, IT 2.0.