Powering on identical virtual machines which are included in different vApps might result in a conflict. To allow powering on of identical virtual machines in different vApps without conflicts, you can fence the vApp.
When fencing is enabled and the vApp is powered on, an isolated network is created from the organization virtual data center network pool. An edge gateway is created and attached to the isolated network and the organization virtual data center network. Traffic going to and from the virtual machines pass through the edge gateway, which translates the IP address using NAT and proxy-AR. This allows a router to pass traffic between two networks by using the same IP space.
Fencing a vApp isolates the MAC and IP addresses of the virtual machines and changes the connection type of the organization VDC networks from direct to fenced. On the fenced networks firewall is automatically enabled and configured so that only outgoing traffic is allowed. When you fence a vApp, you can also configure NAT and firewall rules on the fenced networks.
Prerequisites
- Verify that vApp fencing is supported. vApp fencing is supported if the data center in which you deployed the vApp is backed by NSX Data Center for vSphere. If the virtual data center in which the vApp is deployed is backed by NSX, fencing is not supported, and, to avoid conflict, you must set vApp NAT rules before connecting the vApp to an organization VDC network.
- You can fence only direct vApp networks. If the vApp uses more than one network and the other networks are, for example, routed, only the direct network is fenced.
- The virtual machines in the vApp that use the direct network must be stopped, so that the direct vApp network is not currently in use.
Procedure
- On the Virtual Data Center dashboard screen, click the card of the VDC you want to explore, and from the secondary left panel, select vApps.
- Click to view the vApps in a card view.
- In the card of the selected vApp, click Details.
- Click the Networks tab.
- If the vApp is not fenced, click the Edit button.
- Toggle on the Fence vApp option and click OK.
Results
The IP and MAC addresses of the virtual machines become isolated. You can power on identical virtual machines in different vApps without a conflict.