To fulfill load balancer or proxy requirements, you can change the default endpoint Web addresses for the VMware Cloud Director Web Portal and VMware Cloud Director API.

Public addresses are Web addresses exposed to clients of VMware Cloud Director. Defaults for these addresses are specified during installation. If necessary, you can update the addresses.

If VMware Cloud Director consists of a single cell, the installer creates public endpoints that usually provide sufficient access for API and Web clients. Installations and deployments that include multiple cells typically place a load balancer between the cells and the clients. Clients access the system at the load balancer's address. The load balancer distributes client requests across the available cells. Other network configurations that include a proxy or place the cells in a DMZ also require customized endpoints. Endpoint URL details are specific to your network configuration.

The endpoints for the VMware Cloud Director Tenant Portal and VMware Cloud Director Web Console require SSL certificates, preferably signed. You must specify a path to these certificates when you install or deploy VMware Cloud Director. If you customize any of these endpoints after installation or deployment, you might need to install new certificates that match endpoint details such as hostname and subject alternative name.

Starting with VMware Cloud Director 10.4, the console proxy uses the same IP address and port as the REST API. The console proxy and REST API use a single certificate. Because of the unified access point, customizing the VMware Cloud Director public console proxy address is no longer necessary. If you want to use the legacy implementation with a dedicated console proxy access point, you can enable the LegacyConsoleProxy feature from the Feature Flags settings menu under the Administration tab of the VMware Cloud Director Service Provider Admin Portal. To enable the LegacyConsoleProxy feature, your installation or deployment must have console proxy settings configured in a previous version and transferred through a VMware Cloud Director upgrade. After enabling or deactivating the feature you must restart the cells.

Note: If your are using VMware Cloud Director with a load balancer that is configured in SSL-termination mode and you enabled the LegacyConsoleProxy feature from the Feature Flags settings menu, you must upload the corresponding SSL certificate to secure the console proxy endpoint.

Prerequisites

Verify that you are logged in as a system administrator. Only a system administrator can customize the public endpoints.

Procedure

  1. From the top navigation bar, select Administration.
  2. In the left panel, under Settings, click Public Addresses.
  3. To customize the public endpoints, click Edit.
  4. To customize the VMware Cloud Director URLs, edit the Web Portal endpoints.
    1. Enter a custom VMware Cloud Director public URL for HTTP (non-secure) connections.
    2. Enter a custom VMware Cloud Director public URL for HTTPS (secure) connections and click Replace Certificate File to upload the certificates that establish the trust chain for that endpoint.
      The certificate chain must match the certificate that the service endpoint uses, which is the Web Portal certificate uploaded to each VMware Cloud Director cell. The certificate chain must include an endpoint certificate, intermediate certificates, and a root certificate in the PEM format without a private key.
  5. Click Next.
  6. (Optional) To customize the VMware Cloud Director REST API and OpenAPI URLs, turn off the Use Web Portal Settings toggle.
    1. Enter a custom HTTP base URL.
      For example, if you set the HTTP base URL to http://vcloud.example.com, you can access the VMware Cloud Director API at http://vcloud.example.com/api, and you can access the VMware Cloud Director OpenAPI at http://vcloud.example.com/cloudapi.
    2. Enter a custom HTTPS REST API base URL and click Replace Certificate File to upload the certificates that establish the trust chain for that endpoint.
      For example, if you set the HTTPS REST API base URL to https://vcloud.example.com, you can access the VMware Cloud Director API at https://vcloud.example.com/api, and you can access the VMware Cloud Director OpenAPI at https://vcloud.example.com/cloudapi.
      The certificate chain must match the certificate that the service endpoint uses, which is either the HTTP certificate uploaded to each VMware Cloud Director cell or the load balancer VIP certificate if an SSL termination is used. The certificate chain must include an endpoint certificate, intermediate certificates, and a root certificate in the PEM format without a private key.
  7. If LegacyConsoleProxy is enabled, enter a custom VMware Cloud Director public console proxy address.
    • Customize the VMware Cloud Director appliance public console proxy address.

      This address is the fully qualified domain name (FQDN) of the VMware Cloud Director appliance eth0 NIC, specified either by FQDN or IP address, with custom port 8443 for the console proxy service.

    • Customize the VMware Cloud Director on Linux public console proxy address.

      This address is the fully qualified domain name (FQDN) of the VMware Cloud Director server or load-balancer with the port number. The default port is 443.

    For example, for a VMware Cloud Director appliance instance with FQDN vcloud.example.com, enter vcloud.example.com:8443.
    VMware Cloud Director uses the console proxy address when opening a remote console window on a VM.
  8. If LegacyConsoleProxy is enabled, to secure the communication with the console proxy endpoint, upload a certificate in PEM format.
    1. Click Select certificate file.
    2. Browse to the certificate file on your computer and select it.
  9. Click Save.