With VMware VMware Cloud Director you can build secure, multi-tenant clouds by pooling virtual infrastructure resources into virtual data centers and exposing them to users through Web-based portals and programmatic interfaces as a fully automated, catalog-based service.

The VMware Cloud Director Service Provider Admin Portal Guide provides information about adding resources to the system, creating and provisioning organizations, managing resources and organizations, and monitoring the system.

vSphere and NSX Resources

VMware Cloud Director relies on vSphere resources to provide CPU and memory to run virtual machines. In addition, vSphere datastores provide storage for virtual machine files and other files necessary for virtual machine operations. VMware Cloud Director also uses vSphere distributed switches, vSphere port groups, and NSX Data Center for vSphere to support virtual machine networking.

VMware Cloud Director can also use resources from NSX-T Data Center. For information about registering an NSX-T Manager instance with your cloud, see the VMware Cloud Director Service Provider Admin Portal Guide or the VMware Cloud Director API Programming Guide.

You can use the underlying vSphere and NSX resources to create cloud resources.

Starting with version 9.7, VMware Cloud Director can act as an HTTP proxy server, with which you can enable organizations to access the underlying vSphere environment.

Cloud Resources

Cloud resources are an abstraction of their underlying vSphere resources. They provide the compute and memory resources for VMware Cloud Director virtual machines and vApps. A vApp is a virtual system that contains one or more individual virtual machines with parameters that define operational details. Cloud resources also provide access to storage and network connectivity.

Cloud resources include provider and organization virtual data centers, external networks, organization virtual data center networks, and network pools.

Before you can add cloud resources to VMware Cloud Director, you must add vSphere resources.

Dedicated vCenter Server Instances and Proxies

A dedicated vCenter Server instance is a cloud resource that encapsulates an entire vCenter Server installation. A dedicated vCenter Server instance includes one or more proxies that are access points to different components of the underlying vSphere environment. The provider can create and enable dedicated vCenter Server instances and proxies. The provider can publish a dedicated vCenter Server instance to tenants.

To create and manage dedicated vCenter Server instances and proxies, you can use the Service Provider Admin Portal or the vCloud OpenAPI. See Managing Dedicated vCenter Server Instances and Getting Started with VMware Cloud Director OpenAPI at https://code.vmware.com.

Provider Virtual Data Centers

A provider virtual data center combines the compute and memory resources of a single vCenter Server resource pool with the storage resources of one or more datastores available to that resource pool.

A provider virtual data center can use network resources from an NSX Manager instance that is associated with the vCenter Server instance or from an NSX-T Manager instance that is registered with the cloud.

You can create multiple provider virtual data centers for users in different geographic locations or business units, or for users with different performance requirements.

Organization Virtual Data Centers

An organization virtual data center provides resources to an organization and is partitioned from a provider virtual data center. Organization virtual data centers provide an environment where virtual systems can be stored, deployed, and operated. They also provide storage for virtual media, such as floppy disks and CD ROMs.

A single organization can have multiple organization virtual data centers.

VMware Cloud Director Networking

VMware Cloud Director supports three types of networks.
  • External networks
  • Organization virtual data center networks
  • vApp networks

Some organization virtual data center networks and all vApp networks are backed by network pools.

External Networks

An external network is a logical, differentiated network based on a vSphere port group. Organization virtual data center networks can connect to external networks to provide Internet connectivity to virtual machines inside a vApp.

Starting with version 9.5, VMware Cloud Director supports IPv6 external networks. An IPv6 external network supports both IPv4 and IPv6 subnets, and an IPv4 external network supports both IPv4 and IPv6 subnets.

By default, only System Administrators create and manage external networks.

Organization Virtual Data Center Networks

An organization virtual data center network belongs to a VMware Cloud Director organization virtual data center and is available to all the vApps in the organization. An organization virtual data center network allows vApps in an organization to communicate with each other. To provide external connectivity, you can connect an organization virtual data center network to an external network. You can also create an isolated organization virtual data center network that is internal to the organization.

VMware Cloud Director 9.5 introduces IPv6 support for direct and routed organization virtual data center networks.

Starting with VMware Cloud Director 9.5, System Administrators can create isolated virtual data center networks backed by an NSX-T logical switch. Organization Administrators can create isolated virtual data center networks backed by network pools.

VMware Cloud Director 9.5 also introduces cross-virtual data center networking by configuring stretched networks in virtual data center groups.

By default, only System Administrators can create direct and cross-virtual data center networks. System Administrators and Organization Administrators can manage organization virtual data center networks, although there are some limits to what an Organization Administrators can do.

vApp Networks

A vApp network belongs to a vApp and allows virtual machines in the vApp to communicate with each other. To enable a vApp to communicate with other vApps in the organization, you can connect the vApp network to an organization virtual data center network. If the organization virtual data center network is connected to an external network, the vApp can communicate with vApps from other organizations. vApp networks are backed by network pools.

Most users with access to a vApp can create and manage their own vApp networks. For information about working with networks in a vApp, see VMware Cloud Director Tenant Portal Guide.

Network Pools

A network pool is a group of undifferentiated networks that is available for use within an organization virtual data center. A network pool is backed by vSphere network resources such as VLAN IDs or port groups. VMware Cloud Director uses network pools to create NAT-routed and internal organization virtual data center networks and all vApp networks. Network traffic on each network in a pool is isolated at layer 2 from all other networks.

Each organization virtual data center in VMware Cloud Director can have one network pool. Multiple organization virtual data centers can share one network pool. The network pool for an organization virtual data center provides the networks created to satisfy the network quota for an organization virtual data center.

Only System Administrators can create and manage network pools.

Organizations

VMware Cloud Director supports multi-tenancy by using organizations. An organization is a unit of administration for a collection of users, groups, and computing resources. Users authenticate at the organization level, supplying credentials established by an organization administrator when the user was created or imported. System Administrators create and provision organizations, while Organization Administrators manage organization users, groups, and catalogs. Organization Administrators tasks are described in VMware Cloud Director Tenant Portal Guide.

Users and Groups

An organization can contain an arbitrary number of users and groups. Organization Administrators can create users, and import users and groups from a directory service such as LDAP. The System Administrator manages the set of rights available to each organization. The System Administrator can create and publish global tenant roles to one or more organizations. The Organization Administrator can create local roles in their organizations.

Catalogs

Organizations use catalogs to store vApp templates and media files. The members of an organization that have access to a catalog can use the containing vApp templates and media files to create their own vApps. A System Administrator can allow an organization to publish a catalog to make it available to other organizations. Organization Administrators can then decide which catalog items to provide to their users.