5. vCloud Resource Design : 5.5 vCloud Networking : 5.5.5 vApp Networks
   
5.5.5 vApp Networks
vApp networks are created by vCloud consumers and connect multiple virtual machines in a vApp together. vApp networks segment vApp virtual machines from the workloads in the organization virtual datacenter network. The effect is similar to placing a router in front of a group of systems (vApp), thus gaining the ability to shield those systems from the rest of the corporate network. vApp networks are instantiated from a network pool and consume vSphere resources.
*Connectivity options for vApp networks include:
*Direct – vApps connect directly to the organization virtual datacenter network.
*Fenced – Allows identical virtual machines to exist in different vApps by using a virtual router to provide isolation and proxy ARP.
*Routed – Define a new network and use a virtual router to provide NAT and firewall functionality.
*Isolated – No connection to an organization virtual datacenter network, with communication restricted to the virtual machines in the vApp.
Create vApp networks using one of the following methods:
*Fence vApps directly connected to an organization virtual datacenter network. Choose the fence option to automatically create a vApp network that is not visible from the vCloud Director web console. Firewall and NAT services are configurable on a fenced network.
*Manually create vApp networks using the Add Network wizard. Connecting the vApp network to an organization virtual datacenter network creates a routed connection, with configurable NAT and firewall services.