To fulfill load balancer or proxy requirements, you can change the default endpoint Web addresses for the vCloud Director Web Portal, vCloud Director API, and console proxy.

Public addresses are Web addresses exposed to clients of vCloud Director. Defaults for these addresses are specified during installation. If necessary, you can update the addresses.

If vCloud Director consists of a single cell, the installer creates public endpoints that usually provide sufficient access for API and Web clients. Installations and deployments that include multiple cells typically place a load balancer between the cells and the clients. Clients access the system at the load balancer's address. The load balancer distributes client requests across the available cells. Other network configurations that include a proxy or place the cells in a DMZ also require customized endpoints. Endpoint URL details are specific to your network configuration.

The endpoints for the vCloud Director Tenant Portal and vCloud Director Web Console require SSL certificates, preferably signed. You must specify a path to these certificates when you install or deploy vCloud Director. If you customize any of these endpoints after installation or deployment, you might need to install new certificates that match endpoint details such as hostname and subject alternative name.

For the vCloud Director appliance, you must configure the vCloud Director public console proxy address, because the appliance uses a single IP address with custom port 8443 for the console proxy service. See Step 6.

Prerequisites

Verify that you are logged in as a system administrator. Only a system administrator can customize the public endpoints.

Procedure

  1. From the main menu (Menu), select Administration.
  2. In the left panel, under Settings, click Public Addresses.
  3. To customize the public endpoints, click Edit.
  4. To customize the vCloud Director URLs, edit the Web Portal endpoints.
    1. Enter a custom vCloud Director public URL for HTTP (non-secure) connections.
    2. Enter a custom vCloud Director public URL for HTTPS (secure) connections and click Upload to upload the certificates that establish the trust chain for that endpoint.
      The certificate chain must match the certificate used by the service endpoint, which is the certificate uploaded to each vCloud Director cell keystore with alias consoleproxy. SSL termination of console proxy connections at a load balancer is not supported. The certificate chain must include an endpoint certificate, intermediate certificates, and a root certificate in the PEM format without a private key.
  5. (Optional) To customize the Cloud Director REST API and OpenAPI URLs, turn off the Use Web Portal Settings toggle.
    1. Enter a custom HTTP base URL.
      For example, if you set the HTTP base URL to http://vcloud.example.com, you can access the vCloud Director API at http://vcloud.example.com/api, and you can access the vCloud Director OpenAPI at http://vcloud.example.com/cloudapi.
    2. Enter a custom HTTPS REST API base URL and click Upload to upload the certificates that establish the trust chain for that endpoint.
      For example, if you set the HTTPS REST API base URL to https://vcloud.example.com, you can access the vCloud Director API at https://vcloud.example.com/api, and you can access the vCloud Director OpenAPI at https://vcloud.example.com/cloudapi.
      The certificate chain must match the certificate used by the service endpoint, which is either the certificate uploaded to each vCloud Director cell keystore with alias http or the load balancer VIP certificate if an SSL termination is used. The certificate chain must include an endpoint certificate, intermediate certificates, and a root certificate in the PEM format without a private key.
  6. Enter a custom vCloud Director public console proxy address.
    • Customize the vCloud Director appliance public console proxy address.

      This address is the fully qualified domain name (FQDN) of the vCloud Director appliance eth0 NIC, specified either by FQDN or IP address, with custom port 8443 for the console proxy service.

    • Customize the vCloud Director on Linux public console proxy address.

      This address is the fully qualified domain name (FQDN) of the vCloud Director server or load-balancer with the port number. The default port is 443.

    For example, for a vCloud Director appliance instance with FQDN vcloud.example.com, enter vcloud.example.com:8443.
    vCloud Director uses the console proxy address when opening a remote console window on a VM.
  7. Click Save.