The following figure shows the vCloud Director Tenancy model overlaid onto a simple customer topology.

 

The Org VDC contains the customer’s workloads which in vCloud Director, whether they are a single VM on a network, or multiple VMs on different networks, are known as vApps. Because vCloud Director does not manage all of the customer’s resources, those in the physical data center outside must be managed by the service provider or, through a different customer-facing portal. Networks that connect Organization VDCs to external data center resources are described within vCloud Director as “external networks”. They terminate on an Org VDC Edge Services Gateway to provide routed, Network Address Translated (NAT’ed) or directly connected access to and from the workloads inside the Org VDC. Networks that are confined to the vCloud Director environment are known as Org VDC Networks.

Both an Organization’s Edge Services Gateways and Org VDC networks can be managed from the vCloud Director Org VDC management page as shown in the following figure.

 

In the current version of vCloud Director, the NSX Distributed Firewall uses the new HTML5 interface which is launched from the Organization VDC’s Actions menu, as shown in the following figure.