You can create a VMware Cloud Director server group by deploying one or more instances of the VMware Cloud Director appliance. You deploy the VMware Cloud Director appliance by using the vSphere Client (HTML5) or the VMware OVF Tool.

Important: Mixed VMware Cloud Director installations on Linux and VMware Cloud Director appliance deployments in one server group are unsupported.

The VMware Cloud Director appliance is a preconfigured virtual machine that is optimized for running the VMware Cloud Director services.

The appliance is distributed with a name of the form VMware Cloud Director-v.v.v.v-nnnnnn_OVF10.ova, where v.v.v.v represents the product version and nnnnnn the build number. For example: VMware Cloud Director-10.2.0.0-9229800_OVA10.ova.

The VMware Cloud Director appliance package contains the following software:
  • VMware Photon™ OS
  • The VMware Cloud Director group of services
  • PostgreSQL 10

The primary-small and standby-small VMware Cloud Director appliance sizes are suitable for lab or test systems. The other sizes meet the minimum sizing requirements for production systems. Depending on the workload, you might need to add additional resources.

Important: Installing any third-party component on the VMware Cloud Director appliance is unsupported. You can install only supported VMware components according to VMware Product Interoperability Matrices. For example, you can install a supported version of a VMware vRealize ® Operations Manager™ or VMware vRealize ® Log Insight™ monitoring agent.

Appliance Database Configuration

Starting with version 9.7, the VMware Cloud Director appliance includes an embedded PostgreSQL database with а high availability (HA) function. To create an appliance deployment with a database HA cluster, you must deploy one instance of the VMware Cloud Director appliance as a primary cell, and two instances as standby cells. You can deploy additional instances of the VMware Cloud Director appliance in the server group as vCD application cells, which run only the VMware Cloud Director group of services without the embedded database. vCD application cells connect to the database in the primary cell. See Appliance Deployments and Database High Availability Configuration.

By default, the VMware Cloud Director appliance uses TLS, in place of the deprecated SSL, for database connections, including replication. This feature is active immediately after deployment, using a self-signed PostgreSQL certificate. To use a signed certificate from a certificate authority (CA), see Replace a Self-Signed Embedded PostgreSQL and VMware Cloud Director Appliance Management UI Certificate.

Note: The VMware Cloud Director appliance does not support external databases.

Appliance Network Configuration

Starting with version 9.7, the VMware Cloud Director appliance is deployed with two networks, eth0 and eth1, so that you can isolate the HTTP traffic from the database traffic. Different services listen on one or both of the corresponding network interfaces.
Note: The eth0 and eth1 networks must be placed on separate subnets.
Service Port on eth0 Port on eth1
SSH 22 22
HTTP 80 n/a
HTTPS 443 n/a
PostgreSQL n/a 5432
Management UI 5480 5480
Console proxy 8443

Applicable only for VMware Cloud Director10.4 if you enable the Legacy Console Proxy feature. Starting with version 10.4, by default, both the console proxy traffic and HTTPS communications go over the default 443 port. However, VMware Cloud Director 10.4.1 and later do not support the legacy implementation of the console proxy feature.

n/a
JMX 8998, 8999 n/a
JMS/ActiveMQ 61616 n/a

After the creation of the VMware Cloud Director appliance, you can use the vSphere networking features to add a new network interface card (NIC). See the Add a Network Adapter to a Virtual Machine information in the vSphere Virtual Machine Administration guide.

The VMware Cloud Director appliance supports user customization of firewall rules by using iptables. To add custom iptables rules, you can add your own configuration data to the end of the /etc/systemd/scripts/iptables file.

Starting with version 10.1, service providers and tenants can use the VMware Cloud Director API to test connections to remote servers, and to verify the server identity as part of an SSL handshake. To protect VMware Cloud Director network connections, configure a deny list of internal hosts that are unreachable to tenants who are using the VMware Cloud Director API for connection testing. Configure the deny list after the VMware Cloud Director installation or upgrade and before granting tenants access to VMware Cloud Director. See Configure a Test Connection Denylist.