Secure, reliable operation of VMware Cloud Director depends on a secure, reliable network that supports forward and reverse lookup of host names, a network time service, and other services. Your network must meet these requirements before you begin installing VMware Cloud Director.
- IP addresses
VMware Cloud Director server must support two different SSL endpoints. One endpoint is for the HTTPS service. The other endpoint is for the console proxy service. These endpoints can be separate IP addresses, or a single IP address with two different ports. You can use IP aliases or multiple network interfaces to create these addresses. Do not use the Linux
ip addr add command to create the second address.
The VMware Cloud Director appliance uses its
eth0IP address with custom port 8443 for the console proxy service.
- Console Proxy Address
The IP address configured as the console proxy endpoint must not be located behind an SSL-terminating load balancer or reverse proxy. All console proxy requests must be relayed directly to the console proxy IP address.
For an installation with a single IP address, you can customize the console proxy address from the Service Provider Admin Portal. For example, for the VMware Cloud Director appliance, you must customize the console proxy address to vcloud.example.com:8443.
- Network Time Service
You must use a network time service such as NTP to synchronize the clocks of all VMware Cloud Director servers, including the database server. The maximum allowable drift between the clocks of synchronized servers is 2 seconds.
For the VMware Cloud Director appliance deployments, the NFS server used for the transfer share must use a network time service such as NTP to synchronize its clock with that of the VMware Cloud Director appliances. The maximum allowable drift between the clocks of synchronized servers is 2 seconds.
- Server Time Zones
- All VMware Cloud Director servers, including the NFS server used for the transfer share and the database server, must be configured to be in the same time zone.
- Host Name Resolution
All host names that you specify during installation and configuration must be resolvable by DNS using forward and reverse lookup of the fully qualified domain name or the unqualified hostname. For example, for a host named
vcloud.example.com, both of the following commands must succeed on a
VMware Cloud Director host:
nslookup vcloud nslookup vcloud.example.comIn addition, if the host vcloud.example.com has the IP address 192.168.1.1, the following command must return vcloud.example.com:
nslookup 192.168.1.1Reverse DNS lookup of the
eth0IP address is required for the appliance. The following command must succeed in your environment:
host -W 15 -R 1 -T <eth0-IP-address>