5.4.1.3. Network Design Considerations
A vApp network provides network connectivity to virtual machines within a vApp. Virtual machines in a vApp use an organization network to connect to the outside world or to other vApps in the organization. A vApp network is backed by a network pool unless it is directly attached to an organization network that is directly attached to an external network. vApp networks are created with one of the following methods:
Dynamic
– C
reated when a vApp is directly connected to an organization network
and deployed in f
enced m
ode. There is no opportunity to use the DHCP, NAT,
or f
irewall services at the vApp network
level because this network is created automatically
. It is not accessible from the vCloud UI.
Manual
– Created
and either connected to an organization network in NAT mode or left isolated. DHCP, NAT,
or f
irewall service rules can be defined manually at the vApp network level
as needed.
A vApp network can be directly connected to an organization network, whether routed, isolated, or connected with NAT. The following are types of vApp networks:
Direct
– Virtual machines in a vApp
are configured to connect directly to the organization network port
group and are assigned IP addresses from
the organization’s
network range.
NAT-routed –
vApps are protected behind a
VMware vCloud Networking and Security Edge (Edge) instance that provides NAT services for outbound and inbound access.
Fenced
– Allows identical virtual machines to exist in different vApps by
isolating their
MAC addresses.
Fenced vApps are protected behind an Edge instance with proxy Address Resolution Protocol (ARP)
capabilities.
None
– Isolated, with
no external access to an organization network
or other vApps in the organization.
The most common vApp network configurations are described in the following sections.