The Cloud Proxy is a standalone, optional component of vCloud Director that can act as a generic Transmission Control Protocol (TCP) connection proxy. It supports forwarding incoming TCP connections and listening incoming connections.

By default, the Cloud Proxy can create virtual connections for data to travel from the tenant (on-premise) site to the service provider (cloud) site and reverse. A vCloud Director instance runs Cloud Proxy services on the same Java Virtual Machine (JVM). For scalability purposes, vCloud Director appliances can be configured to act as a different type of cell, each one with its own JVM. For example, you can configure a vCloud Director appliance to act as an Application cell, as a Cloud Proxy cell, or as a combination of both types on the same cell.

Important:

When creating a Cloud Proxy, if you clone an existing vCloud Director instance, or you start the vCloud Director services before configuring the cell as a dedicated Cloud Proxy, you negatively impact existing vCloud Director instances. By cloning an existing cell, or starting vCloud Director services before configuring the cell as a dedicated Cloud Proxy, the cell registers in the vCloud Director data base as one that can run vCenter proxy listener. Then, when you configure the same cell as a dedicated Cloud Proxy, it is no longer able to run the vCenter proxy listener and you receive a None of the cells have a vCenter proxy service running error in the System > Manage & Monigor > Cloud Cells menu of the vCloud Director user interface. For more information, see https://kb.vmware.com/kb/53172.

If you are installing vCloud Availability on top of an existing vCloud Director infrastructure, you can configure existing vCloud Director appliances to serve as Cloud Proxy instances, by disabling most of the vCloud Director services. Cloud Proxy hosts must have access to the vCloud Director data base and the transfer share.

You can load balance Cloud Proxy instances with different public Virtual IP addresses (VIPs). You can also use SSL certificates different from the other vCloud Director instances.

Cloud Proxy scales out horizontally, depending on the number of concurrent connections.

Cloud Proxy provides the endpoints used for replicating data for the vCloud Availability solution. Cloud Proxy installation and configuration for vCloud Availability requires configuration of a vCloud Director instance and network interface.

For testing and developing deployments, you can use the primary vCloud Director host as a Cloud Proxy. To expand capacity, deploy additional Cloud Proxy hosts and register them with vCloud Director.

Prerequisites

  • Create a virtual machine to run the Cloud Proxy. The Cloud Proxy uses the same OS and configuration as the vCloud Director hosts. For more information about supported operating systems, see the vCloud Director for Service Providers Release Notes.

  • Verify that all vCloud Director and Cloud Proxy instances have FQDN configured.

  • Verify that NTP is configured.

  • Verify that the OpenSSL version used in the Guest OS of vCloud Director instance is 1.0.1e-30 or later.

  • Verify that the Cloud Proxy hosts use a wildcard certificate and cover all Cloud Proxy host names. If the Cloud Proxy certificate differs from the one used on your vCloud Director instances, you must update the SSL certificates on the Cloud Proxy hosts. For more information about creating and importing SSL certificates, see the vCloud Director Installation and Upgrade Guide.

Procedure

  1. Pre-installation
    1. Copy the vmware-vcloud-director-X.X.X-YYYY.bin file to the /tmp folder of the new Cloud Proxy virtual machine by running the following command.
      # scp root@vcd-address:/file-path/vmware-vcloud-director-X.X.X-YYYY.bin /tmp
      # chmod 755 /tmp/vmware-vcloud-director-X.X.X-YYYY.bin

      The certificates.ks file is located in the same location as on the primary vCloud Director host. You can find the exact path at user.keystore.path in the responses.properties file. Update the user.keystore.path value to reflect the new path to the certificates file.

    2. Copy the configuration file to the /tmp folder of the new Cloud Proxy virtual machine by running the following command.
      # scp root@vcd-address:/opt/vmware/vcloud-director/etc/responses.properties /tmp
      # chmod 644 /tmp/responses.properties
    3. Copy the certificates file to the /tmp folder of the new Cloud Proxy virtual machine by running the following command.
      # scp root@vcd-address:/root/certificates.ks /tmp
      # chmod 644 /tmp/certificates.ks
    4. Update the database.jdbcUrl value in the responses.properties file to use FQDN for a database host.
    5. Mount shared NFS storage.

      Verify that you have mounted the shared NFS storage to your Cloud Proxy /opt/vmware/vcloud-director/data/transfer.

    6. Cloud Proxy Second Network Interface

      The vCloud Director installation requires a second NIC to be present, but the Cloud Proxy does not use the second NIC. If you have already provisioned your virtual machine with a second NIC you can set the IP address to a single CIDR address, for example 192.168.254.254/32. In this case, you do not need to configure the alias NIC.

    7. If necessary, set up an alias NIC:
      # ifconfig eth0:5 192.168.254.254 up
      
  2. Install

    Run the vCloud Director install script: vmware-vcloud-director-X.X.X-YYYY.bin

    • Do not run the configuration.

    • Do not start the vmware-vcd service.

  3. Configure

    Use the responses.properties file to configure the vCloud Director host. Make sure that you do not start the vmware-vcd service.

    # /opt/vmware/vcloud-director/bin/configure -r /tmp/responses.properties
    

    This operation takes a few minutes to finish. The system does not display any output during this time.

  4. Specialize a vCloud Director cell to become a dedicated Cloud Proxy cell.

    Edit /opt/vmware/vcloud-director/etc/global.properties:

    Add the following property:

    com.vmware.cell.runtime.application=com.vmware.vcloud.cloud-proxy-server.cloudProxyApplication
    
  5. Second NIC

    The second NIC or alias that you used for the install is no longer required. You can safely turn off the interface.

    # ifconfig eth0:5 192.168.254.254 down
    
  6. Start the vCloud Director service.
    service vmware-vcd start
  7. Modify Cloud Proxy address.

    If you are running separate Cloud Proxy instances, you must change the address for the Cloud Proxy server.

    1. Create a protected password files on your vCloud Availability Installer Appliance in the ~/.ssh directory.
      # mkdir ~/.ssh
      # chmod 0700 ~/.ssh
      # echo 'vcd-password' > ~/.ssh/.vcd
      # find ~/.ssh -type f -name '.*' -print0 | xargs -0 chmod 0600
    2. To see the currently configured Cloud Proxy address, run the following command on the vCloud Availability Installer Appliance.
      # vcav vcd get-cloud-proxy \
      --type=to-the-cloud \
      --vcd-address=vcd-address \
      --vcd-user=vcd-user \
      --vcd-password-file=~/.ssh/.vcd

      The vCloud Availability Installer Appliance returns the following message.

      wss://cloud-proxy-IP-address:to-the-cloud-port/socket/cloudProxy
    3. Modify the Cloud Proxy by using the following command.

      You can modify --to-the-cloud-address, --to-the-cloud-port, and --from-the-cloud-address. For this example, --to-the-cloud-address is modified.

      # vcav vcd set-cloud-proxy \
      --to-the-cloud-address=cloud-proxy-FQDN \
      --vcd-address=vcd-address \
      --vcd-user=vcd-user \
      --vcd-password-file=~/.ssh/.vcd

      The vCloud Availability Installer Appliance returns an OK message.