You can attach a vCenter instance so that its resources become available for use in VMware Cloud Director. You can attach a vCenter instance together with its associated NSX-V Manager instance.

For dedicated vCenter instances or for those associated with an NSX Manager instance, you can attach a vCenter instance alone.

VMware Cloud Director can use a vCenter instance either with its associated NSX-V Manager instance or with an NSX Manager instance.

If you want VMware Cloud Director to use this vCenter instance with its associated NSX-V Manager instance, you must attach the vCenter and NSX-V Manager instances together.

If you want VMware Cloud Director to use this vCenter instance with an NSX Manager instance, you must attach the vCenter instance alone. After you attach the vCenter instance alone, you must Register an NSX Manager Instance with VMware Cloud Director.

Note: After you attach a vCenter instance alone, you cannot add its associated NSX-V Manager instance at a later stage. You can unregister and attach again the vCenter instance together with its associated NSX-V Manager instance.

You can attach a vCenter instance to any site from your VMware Cloud Director environment.

You can attach a directly accessible vCenter instance or attach a vCenter instance that is behind a proxy. By using VMware Cloud Director OpenAPI, you can use proxy configurations within VMware Cloud Director to create a proxied connection between a VMware Cloud Director instance and the vCenter instance added to it. This way, the VMware Cloud Director and vCenter instances can exist in different locations or sites.

To attach a vCenter instance that is behind a proxy, first, you must declare a proxy configuration. Then, you must attach a vCenter instance, and configure VMware Cloud Director to use the proxy configuration when accessing the vCenter instance. You can also attach an NSX solution through a proxy. VMware Cloud Director does not support proxy configurations for NSX Data Center for vSphere. You do not need additional SSL configurations or an additional proxy configuration for the Platform Services Controller the vCenter instance is registered with.

Note: In a configuration with a proxy, the VMware Cloud Director to proxy communication can use only HTTP. VMware Cloud Director does not support HTTPS proxy configurations. The communication with the vCenter instance, tunneled through the proxy, is HTTPS and uses the vCenter certificates.

Prerequisites

Add the vCenter Instance to VMware Cloud Director

To add a vCenter instance toVMware Cloud Director, you must enter the vCenter access details.

Prerequisites

Familiarize yourself with the vSphere certificate management options. See the vSphere Certificate Management Overview and Certificate Replacement Overview documentation. The VMware Cloud Director certificate strategy depends on your vSphere certificate choices.
vSphere Option VMware Cloud Director Action
Using VMCA-signed certificates In VMware Cloud Director, trust the CA certificate.
Using the VMCA certificate as an intermediate certificate In VMware Cloud Director, trust the intermediate VMware Certificate Authority (VMCA) certificate.
Using custom certificates where VMCA is not an intermediate certificate Trust the appropriate certificate so that VMware Cloud Director trusts all vSphere components like vCenter and ESXi.
Note: You must ensure that VMware Cloud Director trusts all necessary trust anchors.

Procedure

  1. From the primary left navigation panel, select Resources, and from the page top navigation bar, select Infrastructure Resources.
  2. In the left pane, click vCenter Server Instances and click Add.
  3. If you have a multisite VMware Cloud Director deployment, from the Site drop-don menu, select the site to which you want to add this vCenter instance, and click Next.
  4. Enter a name and, optionally, a description for the vCenter instance in VMware Cloud Director.
  5. Enter the URL of the vCenter instance.
    If the default port is used, you can skip the port number. If a custom port is used, include the port number.
    For example, https://FQDN_or_IP_address:<custom_port_number>.
  6. Enter the user name and password of the vCenter administrator account.
  7. (Optional) To deactivate the vCenter instance after the registration, turn off the Enabled toggle.
  8. Click Next.
  9. If you haven't already established a trust relationship to the endpoint, on the Trust Certificate window confirm if you trust the endpoint.
    Option Description
    Trust the connectivity to an endpoint when VMCA is in use Use this option when in vSphere you are using VMCA-signed certificates or the VMCA as an intermediate certificate.
    1. Review the initial certificate.
    2. If VMCA is not included in the list of certificates, retrieve the additional CA certificates and, depending on your vCenter version, select one of the options.
      • For vCenter 7.0 and later, to fetch the additional CA certificates, click Retrieve. Select the VMCA certificate authority from the updated certificate chain, and trust it.
      • For vCenter 6.7 and earlier, you must manually retrieve the CA certificate from vSphere, and use the Import option to upload the certificate into the VMware Cloud Director certificates.
    Trust the connectivity to an endpoint when VMCA is not in use Use this option when in vSphere you are using custom certificates where VMCA is not an intermediate certificate
    1. Review the initial certificate.
    2. Determine the trust anchor to trust so that the entire vSphere infrastructure is trusted.

      Depending on your deployment, you might have to trust additional CAs. You must ensure that VMware Cloud Director trusts all necessary trust anchors. If necessary, use the Trust Remote Connection option.

    Do not trust the connectivity to this endpoint
    1. Click Cancel.
    2. Repeat Step 5 to Step 8 with a trusted endpoint.
  10. (Optional) Skip adding the NSX-V Manager instance that is associated with the vCenter instance by turning off the Configure Settings toggle and click Next.

    If you want VMware Cloud Director to use this vCenter instance with an NSX-V Manager instance, you must add the vCenter instance alone.

    Note: You cannot add the associated NSX-V Manager instance at a later stage. You can unregister and attach again the vCenter instance together with its associated NSX-V Manager instance.
  11. If you want to add a tenant dedicated vCenter that will not be used as a provider VDC, turn on the Enable tenant access toggle.
    After you add the vCenter instance to VMware Cloud Director, the tenant-related information appears in the details view of the instance.
  12. If you want VMware Cloud Director to generate default proxies for the vCenter instance and SSO services, turn on the Generate proxies toggle.

    After you add the vCenter instance to VMware Cloud Director, the proxies appear in the Proxies tab under vSphere Resources.

  13. On the Ready to Complete page, review the registration details and click Finish.
  14. If you haven't already trusted the necessary certificates, on the Trust vSphere Certificate Authority window, confirm that you trust the certificate so that VMware Cloud Director trusts all vSphere components and the integration with vSphere is complete.
    Important: If you do not trust the vSphere CA, some VMware Cloud Director features do not work.
    You can trust the vSphere CA also after editing the vCenter instance.

What to do next

To enable operations across vCenter instances where the source and destination vCenter instances are not the same, verify that the vCenter instances trust each other independently of VMware Cloud Director. To view the certificates that a vCenter instance trusts, see the Explore Certificate Stores Using the vSphere Client in the VMware vSphere Product Documentation. Verify that each vCenter instance trusts the other vCenter instances that it needs to interact with. See also KB 89906.

(Optional) Add the Associated NSX Manager Instance to VMware Cloud Director

If you want VMware Cloud Director to use this vCenter instance with its associated NSX-V Manager instance, you must add NSX-V Manager access details.

Procedure

  1. On the NSX-V Manager page, leave the Configure Settings toggle turned on.
  2. Enter the URL of the NSX-V Manager instance.
    If the default port is used, you can skip the port number. If a custom port is used, include the port number
    For example, https://FQDN_or_IP_address:<custom_port_number>.
  3. Enter the user name and password of the NSX administrator account.
  4. (Optional) То enable cross-virtual data center networking for the virtual data centers backed by this vCenter instance, turn on the Cross-VDC networking toggle, and enter the control VM deployment properties and a name for the network provider scope.
    The control VM deployment properties are used for deploying an appliance on the NSX-V Manager instance for cross-virtual data center networking components like a universal router.
    Option Description
    Network Provider Scope Corresponds to the network fault domain in the network topologies of the data center groups. For example, boston-fault1.

    For information about managing cross-virtual data center groups, see the VMware Cloud Director Sub-Provider and Tenant Guide.

    Resource Pool Path

    The hierarchical path to a specific resource pool in the vCenter instance, starting from the cluster, Cluster/Resource_Pool_Parent/Target_Resource . For example, TestbedCluster1/mgmt-rp.

    As an alternative, you can enter the Managed Object Reference ID of the resource pool. For example, resgroup-1476.

    Datastore Name The name of the datastore to host the appliance files. For example, shared-disk-1.
    Management Interface The name of the network in vCenter or port group used for the HA DLR management interface. For example, TestbedPG1.
  5. Click Next.
  6. If the endpoint does not have a trusted certificate, on the Trust Certificate window confirm if you trust the endpoint.
    • To add the endpoint to the centralized certificate storage area and continue, click Trust .
    • If you do not trust this endpoint, click Cancel and repeat Step 2 to Step 4 with a trusted endpoint.
  7. Activate or deactivate the access configuration settings.
  8. On the Ready to Complete page, review the registration details and click Finish.

What to do next