vCloud Director provides VMware vSphere ® and VMware NSX ™ infrastructure as a service, enabling the tenant isolation required in a cloud environment.

A vCloud Director server group consists of one or more Linux servers. Each server in the group runs a collection of services called a vCloud Director cell. All cells share a single vCloud Director database, and connect to multiple vCenter Server systems, the ESXi hosts that they manage, and the NSX Managers that provide networking services.

Figure 1. vCloud Director Architecture Diagram
The cluster contains four vCloud Director servers, each of which runs a vCloud Director cell. The cluster is connected to vSphere, and to the vCloud Director database.

Figure vCloud Director Architecture Diagram shows a single vCloud Director server group (installation) Within the server group there might be many vCloud Director server hosts, each with a single cell running. Together, the server group shares the vCloud Director database and an NFS file share (not shown). The cloud abstraction is built using the vCloud Director software and leveraging capabilities in both vCenter and NSX, shown in the diagram as connecting to the server group. vCloud Director organizations and their users do not interact directly with vCenter and NSX to create and manage their workloads. For anyone other than a system administrator, all interactions with vCenter and NSX are presented as vCloud Director operations on vCloud Director objects. Permission to access and operate on vCloud Director objects is role-based. Predefined roles provide baseline access to common tasks. Organization administrators can also create custom roles that take advantage of an array of fine-grained rights.

The subsequent subsections describe security at the virtual computing layer, the cloud abstraction, and the virtual networking layer.