You can create a VMware Cloud Director server group by deploying one or more instances of the VMware Cloud Director appliance. You deploy the VMware Cloud Director appliance by using the vSphere Client (HTML5) or the VMware OVF Tool.
The VMware Cloud Director appliance is a preconfigured virtual machine that is optimized for running the VMware Cloud Director services.
The appliance is distributed with a name of the form VMware Cloud Director-v.v.v.v-nnnnnn_OVF10.ova, where v.v.v.v represents the product version and nnnnnn the build number. For example: VMware Cloud Director-10.2.0.0-9229800_OVA10.ova.
- VMware Photon™ OS
- The VMware Cloud Director group of services
- PostgreSQL 10
The primary-small and standby-small VMware Cloud Director appliance sizes are suitable for lab or test systems. The other sizes meet the minimum sizing requirements for production systems. Depending on the workload, you might need to add additional resources.
Appliance Database Configuration
Starting with version 9.7, the VMware Cloud Director appliance includes an embedded PostgreSQL database with а high availability (HA) function. To create an appliance deployment with a database HA cluster, you must deploy one instance of the VMware Cloud Director appliance as a primary cell, and two instances as standby cells. You can deploy additional instances of the VMware Cloud Director appliance in the server group as vCD application cells, which run only the VMware Cloud Director group of services without the embedded database. vCD application cells connect to the database in the primary cell. See Appliance Deployments and Database High Availability Configuration.
By default, the VMware Cloud Director appliance uses TLS, in place of the deprecated SSL, for database connections, including replication. This feature is active immediately after deployment, using a self-signed PostgreSQL certificate. To use a signed certificate from a certificate authority (CA), see Replace a Self-Signed Embedded PostgreSQL and VMware Cloud Director Appliance Management UI Certificate.
Appliance Network Configuration
eth0
and
eth1
, so that you can isolate the HTTP traffic from the database traffic. Different services listen on one or both of the corresponding network interfaces.
eth0
and
eth1
networks must be placed on separate subnets.
Service | Port on eth0 |
Port on eth1 |
---|---|---|
SSH | 22 | 22 |
HTTP | 80 | n/a |
HTTPS | 443 | n/a |
PostgreSQL | n/a | 5432 |
Management UI | 5480 | 5480 |
Console proxy | 8443 Applicable only for VMware Cloud Director10.4 if you enable the Legacy Console Proxy feature. Starting with version 10.4, by default, both the console proxy traffic and HTTPS communications go over the default 443 port. However, VMware Cloud Director 10.4.1 and later do not support the legacy implementation of the console proxy feature. |
n/a |
JMX | 8998, 8999 | n/a |
JMS/ActiveMQ | 61616 | n/a |
After the creation of the VMware Cloud Director appliance, you can use the vSphere networking features to add a new network interface card (NIC). See the Add a Network Adapter to a Virtual Machine information in the vSphere Virtual Machine Administration guide.
The VMware Cloud Director appliance supports user customization of firewall rules by using iptables
. To add custom iptables
rules, you can add your own configuration data to the end of the /etc/systemd/scripts/iptables file.
Starting with version 10.1, service providers and tenants can use the VMware Cloud Director API to test connections to remote servers, and to verify the server identity as part of an SSL handshake. To protect VMware Cloud Director network connections, configure a deny list of internal hosts that are unreachable to tenants who are using the VMware Cloud Director API for connection testing. Configure the deny list after the VMware Cloud Director installation or upgrade and before granting tenants access to VMware Cloud Director. See Configure a Test Connection Denylist.