4.3.2.1. vCloud Networking and Security Edge Deployment and Configuration by the vCloud Administrator
The vCloud administrator can deploy a vCloud Networking and Security Edge Gateway at various stages. For example, a vCloud Networking and Security Edge Gateway can be provisioned while creating a new virtual datacenter (because the vCloud Networking and Security Edge object is now part of the virtual datacenter). A vCloud Networking and Security Edge Gateway can also be added later to an existing virtual datacenter but this is out of scope for this example.
In the following procedure, the initial page of the wizard is used to create a virtual datacenter. The steps in the screenshots for the wizard are highlighted in red.
To use the wizard to create a virtual datacenter
1. On the Allocate Resources screen, click Select Network Pool & Services. Click Next.
2. As part of this process the vCloud administrator entitles the organization for a certain number of networks. In the following example, the HR organization is entitled for 20 networks out of an existing VXLAN network pool.
Note: Before vCloud Director 1.5, this parameter was used only to limit the number of vApp networks an organization could create. As of vCloud Director 5.1 this number entitles and limits an organization for both vApp networks as well as organization virtual datacenter networks to be attached to the vCloud Networking and Security Edge Gateway being created. In fact, now an organization administrator can create organization virtual datacenter networks in self-service mode.
Click Next to proceed to the next screen.
3. The vCloud Networking and Security Edge Gateway wizard page is displayed and the vCloud administrator responds whether an Edge Gateway must be deployed. If Create a new edge gateway is selected, the Configure Edge Gateway screen is displayed.
Note that the number of provisioning steps in the left pane has increased. This is because the provisioning process must accommodate additional information associated to the Edge.
Make appropriate choices for Select a edge gateway configuration (Compact or Full) and Enable High Availability (selected or deselected).
In vCloud Director 5.1, Compact Edge and Full Edge were introduced. These are two different vCloud Networking and Security Edge Gateway virtual machine configurations that provide different input/output throughput. These configurations are related to different virtual hardware configurations as well as different parameters inside the vCloud Networking and Security Edge (Edge) software stack.
Similarly, Edge HA is a VCD 5.1 resiliency feature. If HA is enabled, vCloud Director and vCloud Networking and Security Manager deploy two Edge devices in a clustered configuration. Edge previously leveraged the traditional vSphere HA technology to provide resiliency. If the physical server running the single Edge instance failed, vSphere HA would restart the Edge virtual machine on another server. This means that the associated VCD organization would not be able to communicate externally until the same Edge instance is restarted on a different physical server. With Edge HA introduced in vCloud Director 5.1, the two virtual machines work as a pair and can fail over immediately.
Additional advanced features can be selected in this page. If selected, an additional configuration page is added in the provisioning wizard.
Click Next to proceed to the next screen.
4. Choose an external network and click Next.
Note: Beginning with vCloud Director 5.1, more than one external network can be selected. This is different from the earlier version where only one external network and one organization network could be selected. In this example there is only one external network, so only one can be selected. Now, the vCloud Networking and Security Edge Gateway can be set to act as a DNS relay.
5. Create an organization virtual datacenter network. If the vCloud administrator directs the wizard to create a network, the following page is presented. After completing this screen, click Next.
The network is named “HR-Routed.” It is the only network currently available in the organization.
Upon successful completion of the wizard, the resources are available to the organization. The vCloud Networking and Security Edge Gateway, along with the organization virtual datacenter networks, are all integral parts of the virtual datacenter.
The following screenshot shows the Edge Gateways tab.
The following screenshot shows the Org vDC Networks tab.
What has been shown so far is how to provision a vCloud Networking and Security Edge Gateway (Edge Gateway) as part of the virtual datacenter provisioning wizard. The vCloud administrator can also create the Edge Gateway (or add an additional Edge Gateway) by clicking Add Gateway from the Edge Gateways tab of the organization virtual datacenter consolidated view.
6. Similarly, a vCloud administrator can also add additional organization virtual datacenter networks in the organization virtual datacenter by clicking the green plus sign (Add Network) in the Org vDC Networks tab.
7. Click the link to open a wizard that allows the creation of a new network inside the virtual datacenter. The following screenshot shows what is displayed for a vCloud administrator when adding a network to the virtual datacenter.
The vCloud administrator can create all three types of networks, including a direct connect to the external network (bypassing the Edge Gateway). This is not an option for the organization administrator. The organization administrator cannot deploy an additional vCloud Networking and Security Edge device from the Edge Gateways tab.
