With VMware vCloud Director you can build secure, multi-tenant clouds by pooling virtual infrastructure resources into virtual data centers and exposing them to users through Web-based portals and programmatic interfaces as a fully automated, catalog-based service.

The vCloud Director Administrator's Guide provides information about adding resources to the system, creating and provisioning organizations, managing resources and organizations, and monitoring the system.

vSphere and NSX Resources

vCloud Director relies on vSphere resources to provide CPU and memory to run virtual machines. In addition, vSphere datastores provide storage for virtual machine files and other files necessary for virtual machine operations. vCloud Director also uses vSphere distributed switches, vSphere port groups, and NSX Data Center for vSphere to support virtual machine networking.

vCloud Director can also use resources from NSX-T Data Center. For information about registering an NSX-T Manager instance with your cloud, see the vCloud Director Service Provider Admin Portal Guide or the vCloud API Programming Guide for Service Providers.

You can use the underlying vSphere and NSX resources to create cloud resources.

Starting with version 9.7, vCloud Director can act as an HTTP proxy server, with which you can enable organizations to access the underlying vSphere environment.

Cloud Resources

Cloud resources are an abstraction of their underlying vSphere resources. They provide the compute and memory resources for vCloud Director virtual machines and vApps. A vApp is a virtual system that contains one or more individual virtual machines with parameters that define operational details. Cloud resources also provide access to storage and network connectivity.

Cloud resources include provider and organization virtual data centers, external networks, organization virtual data center networks, and network pools. In addition, vCloud Director 9.7 introduces the Software-Defined Data Center (SDDC) and the SDDC proxies as cloud resources that provide access to the underlying vSphere environment from vCloud Director.

Before you can add cloud resources to vCloud Director, you must add vSphere resources.

SDDCs and SDDC Proxies

vCloud Director 9.7 introduces the SDDC as a cloud resource that encapsulates an entire vCenter Server installation. An SDDC includes one or more SDDC proxies that are access points to different components of the underlying vSphere environment. The provider can create and enable an SDDCs and proxies. The provider can publish an SDDC and its proxies to tenants.

To create and manage SDDCs and proxies, you must use the vCloud OpenAPI. See Getting Started with vCloud OpenAPI at https://code.vmware.com.

Provider Virtual Data Centers

A provider virtual data center combines the compute and memory resources of a single vCenter Server resource pool with the storage resources of one or more datastores available to that resource pool.

A provider virtual data center can use network resources from an NSX Manager instance that is associated with the vCenter Server instance or from an NSX-T Manager instance that is registered with the cloud.

You can create multiple provider virtual data centers for users in different geographic locations or business units, or for users with different performance requirements.

Organization Virtual Data Centers

An organization virtual data center provides resources to an organization and is partitioned from a provider virtual data center. Organization virtual data centers provide an environment where virtual systems can be stored, deployed, and operated. They also provide storage for virtual media, such as floppy disks and CD ROMs.

A single organization can have multiple organization virtual data centers.

vCloud Director Networking

vCloud Director supports three types of networks.
  • External networks
  • Organization virtual data center networks
  • vApp networks

Some organization virtual data center networks and all vApp networks are backed by network pools.

External Networks

An external network is a logical, differentiated network based on a vSphere port group. Organization virtual data center networks can connect to external networks to provide Internet connectivity to virtual machines inside a vApp.

Starting with version 9.5, vCloud Director supports IPv6 external networks. An IPv6 external network supports both IPv4 and IPv6 subnets, and an IPv4 external network supports both IPv4 and IPv6 subnets.

By default, only System Administrators create and manage external networks.

Organization Virtual Data Center Networks

An organization virtual data center network belongs to a vCloud Director organization virtual data center and is available to all the vApps in the organization. An organization virtual data center network allows vApps in an organization to communicate with each other. To provide external connectivity, you can connect an organization virtual data center network to an external network. You can also create an isolated organization virtual data center network that is internal to the organization.

vCloud Director 9.5 introduces IPv6 support for direct and routed organization virtual data center networks.

Starting with vCloud Director 9.5, System Administrators can create isolated virtual data center networks backed by an NSX-T logical switch. Organization Administrators can create isolated virtual data center networks backed by network pools.

vCloud Director 9.5 also introduces cross-virtual data center networking by configuring stretched networks in virtual data center groups.

By default, only System Administrators can create direct and cross-virtual data center networks. System Administrators and Organization Administrators can manage organization virtual data center networks, although there are some limits to what an Organization Administrators can do.

vApp Networks

A vApp network belongs to a vApp and allows virtual machines in the vApp to communicate with each other. To enable a vApp to communicate with other vApps in the organization, you can connect the vApp network to an organization virtual data center network. If the organization virtual data center network is connected to an external network, the vApp can communicate with vApps from other organizations. vApp networks are backed by network pools.

Most users with access to a vApp can create and manage their own vApp networks. For information about working with networks in a vApp, see vCloud Director Tenant Portal Guide.

Network Pools

A network pool is a group of undifferentiated networks that is available for use within an organization virtual data center. A network pool is backed by vSphere network resources such as VLAN IDs or port groups. vCloud Director uses network pools to create NAT-routed and internal organization virtual data center networks and all vApp networks. Network traffic on each network in a pool is isolated at layer 2 from all other networks.

Each organization virtual data center in vCloud Director can have one network pool. Multiple organization virtual data centers can share one network pool. The network pool for an organization virtual data center provides the networks created to satisfy the network quota for an organization virtual data center.

Only System Administrators can create and manage network pools.

Organizations

vCloud Director supports multi-tenancy by using organizations. An organization is a unit of administration for a collection of users, groups, and computing resources. Users authenticate at the organization level, supplying credentials established by an organization administrator when the user was created or imported. System Administrators create and provision organizations, while Organization Administrators manage organization users, groups, and catalogs. Organization Administrators tasks are described in vCloud Director Tenant Portal Guide.

Users and Groups

An organization can contain an arbitrary number of users and groups. Organization Administrators can create users, and import users and groups from a directory service such as LDAP. The System Administrator manages the set of rights available to each organization. The System Administrator can create and publish global tenant roles to one or more organizations. The Organization Administrator can create local roles in their organizations.

Catalogs

Organizations use catalogs to store vApp templates and media files. The members of an organization that have access to a catalog can use the containing vApp templates and media files to create their own vApps. A System Administrator can allow an organization to publish a catalog to make it available to other organizations. Organization Administrators can then decide which catalog items to provide to their users.