This is part 3 of the Q&A article published last year. Eventually I will migrate these to the FAQ section of the site.
If anyone has any questions that are not included in this Q&A or the other Q&A’s post a comment to https://www.davidhill.co/2011/01/q-a/ and I will answer and include in the FAQ.
vCloud Director: vApp Cloning
Q. I have a vAPP comprised of 10 VMs. When I add this vAPP to my cloud using the “Add to My Cloud…” option, I see from vCenter that it is cloning each VM in a serial fashion, not in parallel. I was hoping the 10 source VMs would be cloned in parallel to 10 new VMs. Is this expected behavior and are there any options to change this to clone in parallel to reduce the provisioning time?
A. Serial cloning is the expected behavior. Cloning and deploying new vApps is always done in a serial manner, one VM at a time in the vApp. Cloning is parallel at the vApp level, i.e. if you tried to clone 2 vApps at once.
vCloud Director: Powering on vApps
Q. Is it possible to have a vApp that was provisioned by vCD to automatically power on after provisioning? Currently it appears one has to click on the Play button in the UI.
A. No, not from the UI. You could get the vApp to power on automatically if you created a workflow through vCO.
vCloud Director: “None” Portgroups
Q. In looking at vCenter, managed by vCD, there exists a portgroup called “none.” What is this and what is its purpose with respect to vCD ?
A. When you power off a vApp, the VMs are reconfigured to attach to the “none” portgroup so that the previous portgroup that was being used by the VMs can be destroyed and network pool backing the vApp network can be recovered and reused.
vCloud Director: Org URL Not Found
Q. In vCD, I created an org and the org URL comes up as https://cloudURL/org/tenantOrg. However, attempting to access this Org URL results in an HTTP ERROR: 404 NOT_FOUND error. How do I resolve this problem?
A. Append “/cloud” to the vCD public URL in the VCD public URL setting under the System/Administration/System Settings/Public Addresses.
vCloud Director: LDAP Integration
Q. What permissions are required in Microsoft Active Directory (AD) in order for vCD to attach to AD in the General Settings tab when setting up an LDAP source for the entire cloud? I realize that this permission level may be set by AD, in which case the question becomes what type of LDAP query are we doing so that we can set the correct permission in AD?
A. We only need read permission on the part of the LDAPv3 tree where the user and groups information is stored. We highly recommend that the user account used by vCD be restricted to read-only access to only the user and group objects that it will be importing. In most cases, the default user account in AD should work.
Q. What exactly is synchronized from LDAP, i.e. what data from the LDAP directory is stored in the vCD database?
A. We store the user object attribute data that we are interested in such as “username”, “email”, etc. Basically we will store all the fields you find in the schema section of the LDAPv3 settings page, and this also applies for groups. We do not pull in data for all the users and groups in AD. We only query for users who have been directly imported or have logged into vCD. For groups, we only store data for groups that have been imported. One thing we do not store is the group membership data of users who have never logged into vCD. If you have never logged in, no information about you is stored. On the other hand, if you have logged in, vCD will store the fact that you are a member of a group. Once a group is imported, vCD will store the fact that you are a member of that group.
Q. For users who are currently logged in, changes to their role do not take effect until the cache for their current session expires or they log out and log in again. Does this mean that users have to log in first to get an LDAP record but in cache?
A. Role info is cached in a user’s session, and the cache has a lifetime. If the cache expires, it is renewed with current info.
vCloud Director: MAC Addresses
Q. What range does vCD use for assigning MAC addresses? (A customer who manually assigns MAC addresses wants to avoid conflicts.
A. 00:50:56:XX:NN:NN, where XX is the vCD installation ID in hex, and NN:NN is a sequential number
vCloud Director: OVF Import
Q. A customer wants to be able to import an OVF that requires parameters such as the IP address and license key be passed to the guest OS, but no prompts come up during the import. Is this functionality supported in vCD?
A. No
Q. I get a message “unable to determine type for file” when referencing an OVA file instead of an OVF file. Is OVA supported?
A. OVA is not supported for uploads.
vCloud Director: Importing Multiple VMs
Q. How do I import multiple VMs from vSphere into a single vApp in vCD?
A. When you import a vSphere VM and subsequently create a vApp in vCD, there is no option to import another VM into that same vApp; a new vApp gets created instead. A workaround is to right-click the second vApp, select “Move to…” and select the first vApp as the destination. Alternatively, create a new vApp in vCD, then select all the VMs you would like to import all at once.
vShield Edge VPN
Q. Can firewall rules can be applied to restrict which VMs are accessible over the VPN tunnel?
A. No, the VPN traffic bypasses the firewall rules currently. This may be changing in a future release.
Q. Is it possible to limit which VMs can be accessed as part of the tunnel setup, i.e. by adding remote networks as /32’s vs. to the full subnet?
A. VSE doesn’t actually let you configure the local address space. When you input the configuration into the VSE, you specify a remote subnet currently. Since you are not specifying the local subnet, you cannot restrict access to the local resources. (The local subnet is inferred to be the subnet directly connected to the internal interface; since the VSE doesn’t support static routes or multiple interfaces, there’s only one possible subnet.)
vCloud Connector
Q: Once I copy a VM/vApp from vSphere to vCD using vCC, can I configure its network settings in vCC?
A: No. vCC is meant to be a transporter. It does not support network configuration or other fine-grained configuration of the actual VM/vApp, other than basic power operations. The user should use their existing vSphere Client or vCloud Director console to set those configurations.
No comments yet.