4.3.2 Example
In this example a vCloud administrator provisions a vCloud Networking and Security Edge Gateway as part of an organization virtual datacenter provisioning process. This Edge instance is connected to an external network and an internal organization virtual datacenter network.
Later this example demonstrates how an organization administrator can deploy an additional internal organization virtual datacenter network and connect it to the same vCloud Networking and Security Edge Gateway.
4.3.2.1. vCloud Networking and Security Edge Deployment and Configuration by the vCloud Administrator
The vCloud administrator can deploy a vCloud Networking and Security Edge Gateway at various stages. For example, a vCloud Networking and Security Edge Gateway can be provisioned while creating a new virtual datacenter (because the vCloud Networking and Security Edge object is part of the virtual datacenter). A vCloud Networking and Security Edge Gateway can also be added later to an existing virtual datacenter, but this case is out of scope for this example.
In the following procedure, the initial page of the wizard is used to create a virtual datacenter. The steps in the wizard are highlighted in red in the screenshots.
To use the wizard to create a virtual datacenter
1. On the Allocate Resources screen, click Select Network Pool & Services. Click Next.
2. As part of this process the vCloud administrator entitles the organization for a number of networks. In the following example, the HR organization is entitled for 20 networks out of an existing VXLAN network pool.
NoteBefore vCloud Director 1.5, this parameter was used only to limit the number of vApp networks an organization could create. As of vCloud Director 5.1 this number entitles and limits an organization for both vApp networks as well as organization virtual datacenter networks to be attached to the vCloud Networking and Security Edge Gateway being created. An organization administrator can create organization virtual datacenter networks in self-service mode.
Click Next.
3. The vCloud Networking and Security Edge Gateway wizard page is displayed and the vCloud administrator responds whether an Edge Gateway must be deployed. If Create a new edge gateway is selected, the Configure Edge Gateway screen is displayed.
Note that the number of provisioning steps in the left pane has increased. This is because the provisioning process must accommodate additional information associated with the Edge.
Select your choices for Select a edge gateway configuration (Compact or Full) and Enable High Availability (selected or deselected).
In vCloud Director 5.1, Compact Edge and Full Edge were introduced. These are two different vCloud Networking and Security Edge Gateway virtual machine configurations that provide different input/output throughput. These configurations are related to different virtual hardware configurations as well as different parameters inside the vCloud Networking and Security Edge (Edge) software stack.
Similarly, Edge HA is a vCloud Director 5.1 resiliency feature. If HA is enabled, vCloud Director and vCloud Networking and Security Manager deploy two Edge devices in a clustered configuration. Edge previously leveraged traditional vSphere HA technology to provide resiliency. Previously, if the physical server running the single Edge instance failed, vSphere HA would restart the Edge virtual machine on another server. This means that the associated vCloud Director organization would not be able to communicate externally until the same Edge instance is restarted on a different physical server. With Edge HA, the two virtual machines work as a pair and can fail over immediately.
Additional advanced features can be selected on this page. If selected, an additional configuration page is added in the provisioning wizard.
Click Next.
4. Choose an external network and click Next.
NoteAs of vCloud Director 5.1, more than one external network can be selected. This is different from the earlier version where only one external network and one organization network could be selected. In this example there is only one external network, so only one can be selected. At this point, the vCloud Networking and Security Edge Gateway can be set to act as a DNS relay.
5. Create an organization virtual datacenter network. If the vCloud administrator directs the wizard to create a network, the following page is presented. After completing this screen, click Next.
The network is named “HR-Routed.” It is the only network currently available in the organization.
Upon successful completion of the wizard, the resources are available to the organization. The vCloud Networking and Security Edge Gateway, along with the organization virtual datacenter networks, are all integral parts of the virtual datacenter.
The following screenshot shows the Edge Gateways tab.
The following screenshot shows the Org vDC Networks tab.
What has been shown so far is how to provision a vCloud Networking and Security Edge Gateway (Edge Gateway) using the virtual datacenter provisioning wizard. The vCloud administrator can also create the Edge Gateway (or add an additional Edge Gateway) by clicking Add Gateway from the Edge Gateways tab of the organization virtual datacenter consolidated view.
6. Similarly, a vCloud administrator can also add additional organization virtual datacenter networks in the organization virtual datacenter by clicking the green plus sign (Add Network) in the Org vDC Networks tab.
7. Click the link to open a wizard that guides the creation of a new network inside the virtual datacenter. The following screen is displayed when adding a network to the virtual datacenter.
The vCloud administrator can create all three types of networks, including a direct connect to the external network (bypassing the Edge Gateway). This is not an option for the organization administrator. The organization administrator cannot deploy an additional vCloud Networking and Security Edge device from the Edge Gateways tab.
4.3.2.2. vCloud Networking and Security Edge Configuration and Deployment by the Organization Administrator
In this session, the HR organization administrator takes over from where the vCloud administrator left off. The organization administrator’s view of the organization virtual datacenter is similar to that of the vCloud Administrator.
To configure and deploy the vCloud Networking and Security Edge instance
1. On the hr screen, select HR OrgvDC and click the Edge Gateways tab.
2. Under the Org vDC Networks tab, add a network by clicking the green plus sign (Add Network).
3. The New Organization vDC Network Wizard is displayed. After completing this screen, click Next.
The organization administrator cannot create direct connections to external networks.
An organization administrator can create an isolated or routed network and connect it to an existing vCloud Networking and Security Edge Gateway. In this example we only have one vCloud Networking and Security Edge (Edge) instance, so we will create a “temporary” network and connect it to this existing Edge instance.
4. On the Network Specification screen, define and personalize the new network. Click Next.
5. Set the name for the new network. In this example it is named HR-temporary. The new network is displayed on the summary page of all organization virtual datacenter networks.
At this point, users in the HR organization can attach virtual machines to both of these networks that are routed to the external network using the same Edge Gateway. The two organization virtual datacenter networks can also access each other using static routing configurations automatically defined on the single Edge Gateway.
There is no longer a need to create an Edge device for each routed network deployed. Also, as of vCloud Director 5.1 the organization administrator can create, in self-service mode, organization virtual datacenter networks.
Additionally, the organization administrator can configure all of the possible Edge Gateway services such as DHCP, NAT, firewall, static routing, VPN, and load balancing.
