7.4.6 Service Network Use Case Example
The following figure shows how shared services (patch repository, license management servers, and logging) can be provided securely to tenants. An external vCloud Director network is provisioned for the service network with two subnets assigned to it. One subnet is used for edge gateways to send their logs to an external syslog, and the other is used for IP address sub-allocation to each customer edge gateway with preconfigured source NAT rules.
Figure 27. Service Network
To provide access to the shared services and send the logs to syslog:
1. Configure the external syslog for edge gateways in vCloud Director under Administration > System Settings > General (IP b.b.b.1).
2. Sub allocate an IP address to the tenant from the external network—services subnet A.
3. Pre-create an edge gateway SNAT rule for this IP address applied on the logging network to reach services in the admin org (SNAT 0.0.0.0/0 > a.a.a.n).
4. Create DNAT rules on the admin edge gateway to reach the internal service VMs (DNAT a.a.a.4 > x.x.x.x, DNAT a.a.a.5 > y.y.y.y).
Tenants can now consume shared services (licensing, patching) on IP addresses a.a.a.4 and a.a.a.5 while Syslog receives only logs from Edge Gateways.
