Virtual Networks
There are three categories of VMware vCloud Director networks:
- External networks
- Organisation VDC networks, and
- vApp networks.
Additional infrastructure objects such as Edge Gateways and network pools are required by most categories of networks.
Topics
- Roles
- vApp Networks
- Organisation VDC Networks
- Organisation VDC Network Connection
- Edge Gateway
- External Networks and Network Pools
The vCloud Director user roles and access rights are set out below.
| Role | Able to |
|
System Administrator |
Create:
|
|
Organisation Administrator |
Create and modify routed and isolated organisation VDC networks. |
|
Users with vApp Author rights |
Create and modify a vApp network. |
vApp Networks
A vApp network is a logical network that controls how the VMs in a vApp connect to each other and to organisation VDC networks.
Users specify the vApp network details in an instantiateVAppTemplate or composeVApp request. The network is created when the vApp is deployed, and deleted when the vApp is un-deployed. All non-isolated VMs in the vApp connect to a vApp network, as specified in their NetworkConnectionSection elements.
Organisation VDC Networks
An organisation VDC network allows the VMs within it to communicate with each other, and access other networks. This includes other organisation VDC networks and external networks, either directly or through an Edge Gateway, that can provide firewall and NAT services.
The table below describes each type of organisation VDC network. Most do not provide any network services. Isolated organisation VDC networks can specify a DhcpPoolService, which provides DHCP addresses from several pools of IP address ranges. All other services, such as NAT, firewall, and load balancing, are configured by a system administrator on the Edge Gateway to which the network connects.
|
Organisation VDC Network Type |
Description |
| Direct |
Connects directly to an external network. Only a system administrator can create a direct organisation VDC network. |
| Routed |
Connects to an external network through an Edge Gateway, which is backed by a vShield Edge device. A routed organisation VDC network also requires the containing VDC to include a network pool. |
| Isolated |
Does not require an Edge Gateway or external network, but does require the containing VDC to be associated with a network pool. |
Organisation VDC Network Connection
An organisation VDC network connection provides controlled access to VMs and networks outside of the organisation VDC, via an Edge Gateway.
System administrators and organisation administrators can configure network address translation (NAT) and firewall settings on the gateway. This makes specific VMs in the VDC accessible from an external network.
Steps
To create an Org VDC Network, follow these steps:
1. Navigate to the VCD you want the network to reside in.
2. Select Networks tab > New > Network Name. A common deployment will have a routed network (that is attached to the ESG).
.PNG)
3. The Add Org VDC Network screen will appear.
.png)
4. Ensure you define all fields marked with an asterisk *. Click Save.
Edge Gateway
An Edge Gateway provides a routed connection between an organisation VDC network and an external network. It can provide any of the services defined in the Gateway Features element, of the Edge Gateway's Configuration.
See Services Available via Edge Services Gateway.
External Networks and Network Pools
External networks and network pools are vSphere resources backed by vSphere portgroup, VLAN, or DVswitch objects. A system administrator must create these. See Create an External Network and Create a Network Pool.
When creating an Edge Gateway, you must supply a reference to an external network. When creating an organisation VDC, you must supply a reference to a network pool, if the VDC will contain routed or isolated networks. See Retrieve a List of External Networks and Network Pools.