5.5.5 vApp Networks
vApp networks are created by vCloud consumers and connect multiple virtual machines in a vApp together. vApp networks segment vApp virtual machines from the workloads in the organization virtual datacenter network. The effect is similar to placing a router in front of a group of systems (vApp), thus gaining the ability to shield those systems from the rest of the corporate network. vApp networks are instantiated from a network pool and consume vSphere resources.
Connectivity options for vApp networks include:
Direct – vApps connect directly to the organization virtual datacenter network.
Fenced – Allows identical virtual machines to exist in different vApps by using a virtual router to provide isolation and proxy ARP.
Routed – Define a new network and use a virtual router to provide NAT and firewall functionality.
Isolated – No connection to an organization virtual datacenter network, with communication restricted to the virtual machines in the vApp.
Create vApp networks using one of the following methods:
Fence vApps directly connected to an organization virtual datacenter network. Choose the fence option to automatically create a vApp network that is not visible from the vCloud Director web console. Firewall and NAT services are configurable on a fenced network. Manually create vApp networks using the Add Network wizard. Connecting the vApp network to an organization virtual datacenter network creates a routed connection, with configurable NAT and firewall services.