The Cloud Proxy is a standalone, optional component of vCloud Director that can act as a generic Transmission Control Protocol (TCP) connection proxy. It supports forwarding incoming TCP connections and listening incoming connections.

About this task

By default, the Cloud Proxy can create virtual connections for data to travel from the tenant (on-premise) site to the service provider (cloud) site and reverse. A vCloud Director instance runs Cloud Proxy services on the same Java Virtual Machine (JVM). For scalability purposes, vCloud Director appliances can be configured to act as a different type of cell, each one with its own JVM. For example, you can configure a vCloud Director appliance to act as an Application cell, as a Cloud Proxy cell, or as a combination of both types on the same cell. Cloud Proxy scales out horizontally, depending on the number of concurrent connections.

If you are installing vCloud Availability for vCloud Director on top of an existing vCloud Director infrastructure, you can configure existing vCloud Director appliances to serve as Cloud Proxy instances, by disabling most of the vCloud Director services. Cloud Proxy hosts must have access to the vCloud Director data base and the transfer share.

You can load balance Cloud Proxy instances with different public Virtual IP addresses (VIPs). You can also use SSL certificates different from the other vCloud Director instances.

Cloud Proxy scales out horizontally, depending on the number of concurrent connections.

Cloud Proxy provides the endpoints used for replicating data for the vCloud Availability for vCloud Director solution. Cloud Proxy installation and configuration for vCloud Availability for vCloud Director requires configuration of a vCloud Director instance and network interface.

For testing and developing deployments, you can use the primary vCloud Director host as a Cloud Proxy. Deploy additional Cloud Proxy hosts and register them with vCloud Director to expand capacity.

Prerequisites

  • Create a virtual machine to run the Cloud Proxy. The Cloud Proxy uses the same OS and configuration as the vCloud Director hosts. For more information about supported operating systems, see the vCloud Director for Service Providers Release Notes.

  • Verify that all vCloud Director and Cloud Proxy instances have FQDN configured.

  • Verify that NTP is configured.

  • Verify that the OpenSSL version used in the Guest OS of vCloud Director instance is 1.0.1e-30 or later.

  • Verify that the Cloud Proxy hosts use a wildcard certificate and cover all Cloud Proxy host names. If the Cloud Proxy certificate differs from the one used on your vCloud Director instances, you must update the SSL certificates on the Cloud Proxy hosts. For more information about creating and importing SSL certificates, see the vCloud Director Installation and Upgrade Guide.

Procedure

  1. Pre-installation
    1. Copy the vmware-vcloud-director-X.X.X-YYYY.bin file to the /tmp folder of the new Cloud Proxy virtual machine by running the following command.
      # scp root@vcd-address:/file-path/vmware-vcloud-director-X.X.X-YYYY.bin /tmp
      # chmod 755 /tmp/vmware-vcloud-director-X.X.X-YYYY.bin

      The certificates.ks file is located in the same location as on the primary vCloud Director host. You can find the exact path at user.keystore.path in the responses.properties file. Update the user.keystore.path value to reflect the new path to the certificates file.

    2. Copy the configuration file to the /tmp folder of the new Cloud Proxy virtual machine by running the following command.
      # scp root@vcd-address:/opt/vmware/vcloud-director/etc/responses.properties /tmp
      # chmod 644 /tmp/responses.properties
    3. Copy the certificates file to the /tmp folder of the new Cloud Proxy virtual machine by running the following command.
      # scp root@vcd-address:/root/certificates.ks /tmp
      # chmod 644 /tmp/certificates.ks
    4. Update the database.jdbcUrl value in the responses.properties file to use FQDN for a database host.
    5. Mount shared NFS storage.

      Verify that you have mounted the shared NFS storage to your Cloud Proxy /opt/vmware/vcloud-director/data/transfer.

    6. Cloud Proxy Second Network Interface

      The vCloud Director installation requires a second NIC to be present, but the Cloud Proxy does not use the second NIC. If you have already provisioned your virtual machine with a second NIC you can set the IP address to a single CIDR address, for example 192.168.254.254/32. In this case, you do not need to configure the alias NIC.

    7. If necessary, set up an alias NIC:
      # ifconfig eth0:5 192.168.254.254 up
      
  2. Install

    Run the vCloud Director install script: vmware-vcloud-director-X.X.X-YYYY.bin

    • Do not run the configuration

    • Do not start the vmware-vcd service

  3. Configure

    Use the responses.properties file to configure the vCloud Director host. Make sure that you do not start the vmware-vcd service.

    # /opt/vmware/vcloud-director/bin/configure -r /tmp/responses.properties
    

    This operation takes a few minutes to finish. The system does not display any output during this time.

  4. Specialize a vCloud Director cell to become a dedicated Cloud Proxy cell

    Edit /opt/vmware/vcloud-director/etc/global.properties:

    Add the following property:

    com.vmware.cell.runtime.application=com.vmware.vcloud.cloud-proxy-server.cloudProxyApplication
    
  5. Second NIC

    The second NIC or alias that you used for the install is no longer required. You can safely turn off the interface.

    # ifconfig eth0:5 192.168.254.254 down
    
  6. Start the vCloud Director service.
    service vmware-vcd start
  7. Modify Cloud Proxy address.

    If you are running separate Cloud Proxy instances, you must change the address for the Cloud Proxy server.

    1. Create a protected password files on your vCloud Availability Installer Appliance in the ~/.ssh directory.
      # mkdir ~/.ssh
      # chmod 0700 ~/.ssh
      # echo 'vcd-password' > ~/.ssh/.vcd
      # find ~/.ssh -type f -name '.*' -print0 | xargs -0 chmod 0600
    2. To see the currently configured Cloud Proxy address, run the following command on the vCloud Availability Installer Appliance.
      # vcav vcd get-cloud-proxy \
      --type=to-the-cloud \
      --vcd-address=vcd-address \
      --vcd-user=vcd-user \
      --vcd-password-file=~/.ssh/.vcd

      The vCloud Availability Installer Appliance returns the following message.

      wss://cloud-proxy-IP-address:to-the-cloud-port/socket/cloudProxy
    3. Modify the Cloud Proxy by using the following command.

      You can modify --to-the-cloud-address, --to-the-cloud-port, and --from-the-cloud-address. For this example, --to-the-cloud-address is modified.

      # vcav vcd set-cloud-proxy \
      --to-the-cloud-address=cloud-proxy-FQDN \
      --vcd-address=vcd-address \
      --vcd-user=vcd-user \
      --vcd-password-file=~/.ssh/.vcd

      The vCloud Availability Installer Appliance returns an OK message.