FAQvCloud

For anyone who is new to vCloud I would like to suggest reading these 4 part articles on vCloud Director 101.  Click here to read Part 1.

If you have a question that you have been unable to find an answer too, post it in the comments section of the Q & A article page and I will try to find a solution.

http://www.davidhill.co/2011/01/q-a/

This page is a combination of the Q&A Articles I have released throughout the past year and specific questions readers have asked.  If you are looking for something specific, I would suggest doing a search on the page using key words, eg: vApp.  If you are unable to find an answer to your question try looking over at Chris Colotti’s FAQ page by clicking here.

——————————————————————————————

Question

I am trying to get some scenarios sorted out and have only found a few answers on yours and others blogs. Hopefully you can help.
We are looking to import VMs from a customer via one of the following methods:

1. OVF export from vCenter and upload into vCD
2. OVF Export from vCenter , import OVF to resource vCenter and then Import to vCD
3. Use OVFTool to export and then import into vCD

Q1. For each option I am trying to find out if they would go via the shared NFS share on the cells before being written to the Org vDCs storage. This will then allow me to calc the overall export / import process time.
Q2. If they all go via the share, I assume it has to be as large as the largest VM being imported?
Q3. Also in the vCD 1.5 Users Guide it states compressed OVFs are not supported in vCD, is this the case if you use OVFTool tool to import instead?

Cheers for your help.
Graeme

Answer

A1: Whenever you perform an upload to vCD, it uses the NFS share (correct name Transfer share) as a staging area. It will always go there before being written to the vDC storage.

A2: Correct, the share has to have enough free space to cover the largest upload.

A3: Compressed OVF’s are not supported for 1.5 even using OVFTool.

My preference for your task would be option 1, least amount of headache. You export once, and import once. Option 2 only adds another import export process.

Have you considered vCloud Connector? Makes this a lot easier, with built in workflows? Have a look it is a free application from VMware for this specific task. Also allows you to add multiple vCloud’s and see everything from a vCenter plugin.

——————————————————————————————

Question

When performing vMotion of a vCloud Director virtual machine to a different datastore from vSphere Client, vMotion fails and throws an error “A specified parameter was not correct.”

When you power off the VM, you can migrate it to a different datastore.

Answer

Make sure the data stores are part of the Provider vDC and not separate ones

——————————————————————————————

Question

When importing a vApp from vSphere in VCD 1.5 using “move” (and not “copy”), it seems that VCD will always clone it to the datastore that has the most free space. Obviously, this takes a non-trivial amount of time for large vApps. Is there a way to prevent VCD from cloning the vApp?

Answer

Thats correct, vCloud Director always carries out a clone operation even when selecting a move. It then deletes the previous copy after the clone process has completed. There is no way to prevent the cloning as of v1.5 I am afraid. You are not the first person to highlight this.

——————————————————————————————

Question

I wanted to know the procedure to Add the new Esx Host to VCD and increase the Resources for existing cloud setup.

Thanks in Advance
Ashokv

Answer

Simply add the new host to the cluster providing your PvDC, then under Manage and Monitor, then hosts, highlight the new host, right click and select Prepare host. this will then deploy the vCD agent to that host.

——————————————————————————————

Question from Simon Reynolds

1) There is one vCloud Director (vCD) database.

 

a) What happens to the abilty of Organization Admins, and vCloud System Admins, to access the cloud if the vCD database dissappears?
b) If I restore the vCD from last night’s backup will it “sync” to the present state of the cloud by querying the VC server databases and by using any “cached” info on the vCloud Director cells?
c) What if I have no vCD database backup and create a new vCD database?

2) Within vCloud Director when you configure a firewall for a routed network you are configuring vShield edge device. The VMware Service Provider Program Product Usage Guide Q2 2011 says (on page 23) that VMware vShield for VMware vCloud Director can set firewall policies based on 5-tuples (source ip, source port, destination ip, destination port, portocol).  But when you configure the firewall in the vCloud Director interface there doesn’t seem to be a way of configuring the 5-tuple — all you have in the dialog box is internal ip, port and protocol. Is this just the way it is in vCloud Director 1.0.

 

3) When a vApp VM is noted in the vCloud Director interface as “Partially powered off” — what does that mean? The vSphere client shows the VM as powered off.

Answer

1A) If the vCD database goes offline, all vCD cells will stop responding.  You need to be thinking about high availability when designing your vCloud, Oracle RAC is a solution, or make the database a VM in the Management Cluster and protect using HA.

1B) If the vCD backup is restored from the previous nights backup, some changes to VMs will sync at a later time, but new networks created for example will not be.  These would need to be recreated.

1C) If you have no vCD database backup, and you create a new vCD database you have created a new vCloud environment and would need to start the configuration from step 1 again.

2) That is just the way it is in 1.0.x

3) “Partially Powered off” – GuestOS is shutdown, but VM is still deployed
and configured to a Cloud (vApp/Org) network, resources are still assigned
(Reservation/Limits); in a PAYG model these are set on a VM level during
power on and reset during power off based on the OrgVDC configuration.

“Powered off” – VM is un-deployed, reconfigured to remove resource and
network connectivity.

——————————————————————————————

Question
In a mulitple cell vcd setup, once you provide response file and the installation is completed and configured, I can see the 2nd cell under “Cloud Cells” . However ,the “vcenter” is not checked as shown in your diagram (except the primary cell has vcenter selected). Do I have to login to the web interface of cell2 and provide license keys, configure vcenter/vshield manager to use it?

Answer
In a multiple cell vCD environment, only one cell communicates with vCenter using the VIM API. If this cell is stopped, or goes down the next available cell will take over this duty. This is why you see the tick for the first cell in the vCenter column. To switch the communication to a different cell, log-in to another cell directly using its http IP address as a cloud admin, select Manage and Monitor, vCenters, select the cell you want to change too, right click and select “Reconnect vCenter”. This will then establish the connection from this cell.

——————————————————————————————

vCloud Director: Data Transfer Folder

Q. Once configured, can I change the location of the data transfer folder?

A. You can’t change the location, but you can map another mount point to that directory. The best practice is to map an NFS volume to that directory. This is mentioned in the vCD Installation guide.

Multi-Cell vCloud Director Environments

Q. In a multi-cell environment, is a session-aware load balancer required?

A. No, it’s possible to set up a load balancer that is session-ignorant. In this case, the load balancer redirects to cells round robin with regard to login and session management. Session and authentication data is maintained by the single vCD database supporting the multiple vCD cells.

Q. What happens to a Console session if the vCD database fails?

A. Any Console session already established continues, but no new connections can be established until the vCD database connectivity to vCD cells is restored.

Q. What happens to a Console session if the vCD cell supporting it fails?

A. The Console session will fail and will need to be re-established with a surviving vCD cell.

vCloud Director: Exporting CA Certificates

Q. What are the procedures for exporting CA certificates and their associated private keys from a vCD cell?

A. Follow these steps. You’ll need the original keystore you used to create the certificates.

1) SCP the certificates.ks file from your vCD installation to a Windows RDP session.
2) go to http://sourceforge.net/projects/portecle/  and download the .jar package to Windows.
3) run the .jar on Windows RDP box java -jar pathtoportecle.jar
4) file>open certificates.ks file
5) enter keystore password
6) right-click on the http cert and choose export
7) choose export type “Private Key and Certificate” and export format “PEM Encoded”
8) enter keystore password
9) create new password for .PEM

Q. What are the procedures for exporting CA certificates and their associated private keys from a vCD cell?

A. Follow these steps. You’ll need the original keystore you used to create the certificates.

1) SCP the certificates.ks file from your vCD installation to a Windows RDP session.
2) go to http://sourceforge.net/projects/portecle/  and download the .jar package to Windows.
3) run the .jar on Windows RDP box java -jar pathtoportecle.jar
4) file>open certificates.ks file
5) enter keystore password
6) right-click on the http cert and choose export
7) choose export type “Private Key and Certificate” and export format “PEM Encoded”
8) enter keystore password
9) create new password for .PEM

vCloud Director: Shared Media

Q. I have a situation where there are 2 orgs, the first of which has published ISOs. From the second org, when logged in as an org admin, I can see the ISOs but when I create vApps the vApps cannot see the ISOs. Is there something wrong?

A. This is as designed. The intention is to force someone to copy after publication to ensure that org 1 could delete the object from their catalog and stop paying for that storage; if Org2 has a handle on the object they can’t. This doesn’t help with avoiding multiple copies of the same ISO, but it avoids unwanted dependencies between orgs. This is something we can look at changing in the future.

vCloud Director: vApp Cloning

Q. I have a vAPP comprised of 10 VMs. When I add this vAPP to my cloud using the “Add to My Cloud…” option, I see from vCenter that it is cloning each VM in a serial fashion, not in parallel. I was hoping the 10 source VMs would be cloned in parallel to 10 new VMs. Is this expected behavior and are there any options to change this to clone in parallel to reduce the provisioning time?

A. Serial cloning is the expected behavior. Cloning and deploying new vApps is always done in a serial manner, one VM at a time in the vApp. Cloning is parallel at the vApp level, i.e. if you tried to clone 2 vApps at once.

vCloud Director: Powering on vApps

Q. Is it possible to have a vApp that was provisioned by vCD to automatically power on after provisioning? Currently it appears one has to click on the Play button in the UI.

A. No, not from the UI. You could get the vApp to power on automatically if you created a workflow through vCO.

vCloud Director: “None” Portgroups

Q. In looking at vCenter, managed by vCD, there exists a portgroup called “none.” What is this and what is its purpose with respect to vCD ?

A. When you power off a vApp, the VMs are reconfigured to attach to the “none” portgroup so that the previous portgroup that was being used by the VMs can be destroyed and network pool backing the vApp network can be recovered and reused.

vCloud Director: Org URL Not Found

Q. In vCD, I created an org and the org URL comes up as https://cloudURL/org/tenantOrg. However, attempting to access this Org URL results in an HTTP ERROR: 404 NOT_FOUND error. How do I resolve this problem?

A. Append “/cloud” to the vCD public URL in the VCD public URL setting under the System/Administration/System Settings/Public Addresses.

vCloud Director: LDAP Integration

Q. What permissions are required in Microsoft Active Directory (AD) in order for vCD to attach to AD in the General Settings tab when setting up an LDAP source for the entire cloud? I realize that this permission level may be set by AD, in which case the question becomes what type of LDAP query are we doing so that we can set the correct permission in AD?

A. We only need read permission on the part of the LDAPv3 tree where the user and groups information is stored. We highly recommend that the user account used by vCD be restricted to read-only access to only the user and group objects that it will be importing. In most cases, the default user account in AD should work.

Q. What exactly is synchronized from LDAP, i.e. what data from the LDAP directory is stored in the vCD database?

A. We store the user object attribute data that we are interested in such as “username”, “email”, etc. Basically we will store all the fields you find in the schema section of the LDAPv3 settings page, and this also applies for groups. We do not pull in data for all the users and groups in AD. We only query for users who have been directly imported or have logged into vCD. For groups, we only store data for groups that have been imported. One thing we do not store is the group membership data of users who have never logged into vCD. If you have never logged in, no information about you is stored. On the other hand, if you have logged in, vCD will store the fact that you are a member of a group. Once a group is imported, vCD will store the fact that you are a member of that group.

Q. For users who are currently logged in, changes to their role do not take effect until the cache for their current session expires or they log out and log in again. Does this mean that users have to log in first to get an LDAP record but in cache?

A. Role info is cached in a user’s session, and the cache has a lifetime. If the cache expires, it is renewed with current info.

vCloud Director: MAC Addresses

Q. What range does vCD use for assigning MAC addresses? (A customer who manually assigns MAC addresses wants to avoid conflicts.

A. 00:50:56:XX:NN:NN, where XX is the vCD installation ID in hex, and NN:NN is a sequential number

vCloud Director: OVF Import

Q. A customer wants to be able to import an OVF that requires parameters such as the IP address and license key be passed to the guest OS, but no prompts come up during the import. Is this functionality supported in vCD?

A. No

Q. I get a message “unable to determine type for file” when referencing an OVA file instead of an OVF file. Is OVA supported?

A. OVA is not supported for uploads.

vCloud Director: Importing Multiple VMs

Q. How do I import multiple VMs from vSphere into a single vApp in vCD?

A. When you import a vSphere VM and subsequently create a vApp in vCD, there is no option to import another VM into that same vApp; a new vApp gets created instead. A workaround is to right-click the second vApp, select “Move to…” and select the first vApp as the destination. Alternatively, create a new vApp in vCD, then select all the VMs you would like to import all at once.

vShield Edge VPN

Q. Can firewall rules can be applied to restrict which VMs are accessible over the VPN tunnel?

A. No, the VPN traffic bypasses the firewall rules currently. This may be changing in a future release.

Q. Is it possible to limit which VMs can be accessed as part of the tunnel setup, i.e. by adding remote networks as /32’s vs. to the full subnet?

A. VSE doesn’t actually let you configure the local address space. When you input the configuration into the VSE, you specify a remote subnet currently. Since you are not specifying the local subnet, you cannot restrict access to the local resources. (The local subnet is inferred to be the subnet directly connected to the internal interface; since the VSE doesn’t support static routes or multiple interfaces, there’s only one possible subnet.)

vCloud Connector

Q: Once I copy a VM/vApp from vSphere to vCD using vCC, can I configure its network settings in vCC?

A: No. vCC is meant to be a transporter. It does not support network configuration or other fine-grained configuration of the actual VM/vApp, other than basic power operations. The user should use their existing vSphere Client or vCloud Director console to set those configurations.

vCloud Director Network Isolation (vCD-NI)

Q. What limits exist when creating a vCD-NI-backed network pool?
A. You are limited to the maximum number of ephemeral portgroups you can have per vCenter Server, which is 1016. (This is the same as a VLAN-backed network pool.

Q. How does vCD-NI scale past the 802.1q limit of 4096?
A. The 802.1q protocol (in standard implementations) tops out at 4096 VLANs. The use of vCD-NI requires at most one VLAN per network pool for the transport network.

Q. Is vCD-NI provided as part of vShield Edge?
A. No, it is built into the VMkernel. This is why the product supports a minimum of vSphere 4.0 U2 or 4.1. (Previously it was implemented through the use of service VMs.)

Q. Is a VLAN ID required for the transport network?
A. No, by default if you leave it blank it will use VLAN ID 0. Entering in an actual VLAN ID will add a layer of protection on top of the MAC-in-MAC encapsulation. The requirements for the transport network are:
– Dedicated, not used in the providers environment for anything else
– Non-routed
– Available to all ESX hosts under vCD management and no one else.

The reason it has to be unused and non-routed is that we do not want anyone else to have access to the transport VLAN.  Once you are on the transport VLAN you can see all traffic.  It will be trivial to inject packets into the network on any of the vCD-NI networks, as well as read data flowing through any of the networks.  As such no physical machines should be able to attach to the transport VLAN. For even more security, you can use dedicated physical switches and not use the transport VLAN.

Q. if you have 2 organizations, can you create a vCD-NI-backed network pool for each organization but use the same VLAN ID?
A. Yes, you can have the 2 organizations use the same VLAN tag as long as they are using networks on 2 different vDS. The vDS gets really confused with the same VLAN on 2 different ports.

vCloud Director/vShield Edge: “NAT-Routed” Networks

Q. Is Edge really a routing appliance, i.e. does it support standard routing protocols and broadcasting of what networks it is routing for? Or is it really just a NAT device?

A. Edge is doing NAT translation. It doesn’t support normal routing protocols. vShield Edge is purely a L3 (NAT) device in a VM. At the same time, it can be called a router since it’s technically routing packets at the L3 level. And for this reason we say “NAT-Routed” within vCloud Director.

NAT = Network Address Translation. The translation part usually implies a look-up table.  When most (networking) people think of routing, it usually involves a routing protocol, from a collection of static routes (basic) to intelligent routing protocols such as BGP, OSPF, or even RIP. What vShield Edge does right now is just NAT. You might get confused by the fact that the inside and outside networks are sometimes different and at times they are the same network. It does not matter, as all it does is look at its table of inside and outside mappings to determine where the packet should go. If you have a firewall running then it considers if the packet is allowed through or not.

Q. Does vShield Edge ever show up as the default gateway to a VM?

A. Yes, the internal IP address of the Edge device is always the default gateway for the VMs connected to the internal interface of it. This shows up whenever DHCP is configured on the vShield Edge and the VM is getting the IP address from it.

VLANs and Security

Q. Is VLAN used for security?
A. No, it is intended for separating broadcast traffic and should not be relied upon as mechanism for security. Private networks using a VLAN-backed network pool will each have their own VLAN. For one tenant to try to attack another tenant, they will need to create their own spoofed frames and send them down to the switch. The virtual switch will typically stop such VLAN hopping since it inspects every frame going out and looks at the source MAC and frame header. Since we know where every VM lives on the virtual switches, we can prevent spoofed frames and VLAN hopping. We’ve had this feature since ESX 1.5. Note that you can turn this off in vSphere. Still, to create that spoofed frame, all a hacker has to know is another VLAN ID and he can guess that (there are only 4096 choices).

With vCD-NI-backed network pools, a hacker needs to spoof a frame with MAC-in-MAC encapsulation. Now they need to know the MAC of the destination VM, the MAC of the physical NIC in the source ESX host, and the MAC of the physical NIC in the destination host. For each of these there are over 16 million combinations. Taken all 3 in combination, and you get over 60 trillion combinations to guess at. So, with VLANs you get to guess at 4096 choices and once you get one right you see all of the traffic in that VLAN. With vCD-NI, you get to do 60 trillion guesses and once you get it right you just get to see the traffic going between those 2 VMs—you still don’t get to see all of the other vCD-NI traffic until you guess that match. If you throw in the fact that the provider admin can’t even mis-configure this in any way it’s a pretty good option.

vCloud Director: NFS Requirement

Q. Is an NFS share required for vCD installations?

A. No, it is only needed when you have multiple vCD Cells for transporting ISOs and vApps. For a single cell environment, you don’t need an external NFS share; in this case, you need to make sure that /opt/vmware/cloud-director/data/transfer has enough space to host your transient uploads. When you try to upload ISOs / vApps that exceed the free space you start getting “transfer failures”  errors.

The reason we require an NFS share in a multi-cell environment for vApp uploads is that if one of the cells fails, without NFS (or CIFS) none of the other cells would have access to the upload area of the failed cell. Importing an uploaded vApp or media into a datastore is not necessarily performed by the cell that handled the file upload. Also, the resume function might fail as the upload could be resumed by a different cell.

During installation of vCloud Director, the installer will not attempt to verify the existence of an NFS share. It’s only when the cell starts that verification of the share exists is done. If it cannot verify it, it will write a warning to the log file (not considered an error because other cells may not be up yet but may have previously checked in with the DB).

vCloud Director and vCenter Disabling

Q. If I disable a vCenter Server in vCloud Director, will this prevent me from creating new vApps/VMs?
A. No, vCD makes direct calls to ESX for specific tasks, and as such some tasks might still work when vCenter is unavailable. Disabling a vCenter does not prevent new vApps from being created/powered on. What it does do is disallow any new provider vDCs from being created on the vCenter. Disabling a vCenter does not disable any existing provider/org vDCs on the vCenter.

Scaling vCenters in a vCD Environment

Q. When should I add more vCenter Servers?

A. vCD still issues VIM API calls to vCenter to deploy VMs. A potential bottleneck is there with only up to 8 concurrent operations supported. In a multiple vCenter Server environment, the value from vCD comes in placement of VMs. You don’t have to try and figure out which host to place objects on or how to keep isolation between different tenants. Instead you simply tell the vCloud API to deploy a certain VM in a certain service level and then vCD figures out the placements and maintains the isolation between resources. This removes a lot of the logic that you’d have to program into your own scripts which people do find a lot of value in.

If you have multiple vCenters, then you can increase concurrent operations but it introduces a whole bunch of other problems such as catalog management. Since we’re talking deploying VMs in particular in this thread then you have to consider the nightmare of cross-vCenter templates.

Q. Are there particular network constraints for the networking between vCD and the vCenter(s) that are being managed? That is, could one of the vCenters be in a different datacenter, understanding of course other constraints, but specifically will vCD be able to work with the other vCenter?

A.You should keep everything local to a datacenter (site) in v1.0. While you could manage a vCenter anywhere ,you still have to worry about distribution of load and the fact that you’ll be coming back to the main datacenter for every request. For v1.0 you should set up a different cloud instance in each datacenter where you want to have resources in your cloud.

vSphere: Storage vMotion and vCD Workloads

Q. Is Storage vMotion supported for moving vCD-managed VMs?
A. Yes. Storage VMotion is supported today– you just need to be careful in choosing source and destination LUNs that belong to the same Provider vDC.

vCloud Director: Installation ID

Q. During the installation of vCD, there is an optional step that says “If more than one installation of vShield Manager is connected to this network, select a unique installation ID for the vShield Manager configured to work with this Cloud Director installation using the Installation ID control.” What is the significance of this installation ID?

A. A single installation ID applies to a vCloud Director instance, even one with multiple vCenter Servers and their associated (multiple) vShield Managers.

A vCD installation ID is used to ensure network addressing uniqueness and network traffic separation between distinct vCD instances that happen to utilize the same L2 network. When vCD generates an Ethernet addresses for use by vNICs, it uses the installation ID as one octet of the MACs generated. vCD also uses the installation ID in its network isolation protocol (that backs the VCD-NI network pool).  As you can imagine, this use of the installation ID is independent of vCenters, VSMs or the number of their instances registered with a vCD instance. This ensures that different vCD instances on the same network won’t collide in particular by generating unique MAC addresses.

vCloud Director: Deploying from a Catalog—Does it matter where the vApp resides and goes?

Q. Can a template from a published catalog residing in one org vDC backed by one vCenter Server be deployed to a different org vDC backed by a second vCenter Server?

A. Yes. vCloud Director will automatically export and import the template from the vCenter Servers as needed. The source catalog/template’s org vDC and the destination org vDC need not have visibility to the same datastores when deploying templates.

vCloud Director: Which datastores are used when creating a VM?

Q. If an org vDC has multiple datastores, which one does vCD use when creating a VM?
A. vCD uses the datastore with the most free space at the time of VM creation. This algorithm round-robins and tries to fill up all datastores equally in sequence.

vCloud Director: Organizations

Q. Can an organization span vSphere clusters?
A. Yes, if an organization has access to multiple org vDCs, each mapped to a cluster. An org vDC cannot span a cluster.  An Org vDC is mapped back to a provider VDC, and each provider vDC in vCD 1.0 can have at most one resource pool backing it. (An organization is nothing but a collection of users, policies, catalogs, and org VDCs.)

vCloud Director: Moving a vApp

Q. Is it possible for a user to move a vApp between two org vDCs in an organization?

A. Yes. It’s simply an export and import operation at the vCD level so it will even work across vCenters.

vApp Deployment Error Caused by Unlicensed vShield Edge

Q. I get the following error when attempting to power on a vApp:
Internal Server Error
·         Unable to start vApp “vShield Test”.
·         Unable to start virtual machines in resource pool “0125119915-TestOrgVDC”.
·         Error creating Shield network appliance.vClould-Shield edge error: Creating/configuring the VR failed: vsmHandle.initializeEdge() net:838660745/network-28778 vse:vm-28851 VSM IP:10.91.160.173  failed.HTTP/1.1 403 Forbidden – The user does not have permission to perform this operation.

A. The operation requires a license for vShield Edge. You have to assign this in the vSphere Client. You have to perform this step on top of adding the license through vShield Manager.

vCloud Cell Failover in a Multi-Cell Environment

Q. What happens if a vCloud Cell fails?

A. This is how vCloud Director detects cell failures:
·         Every cell issues a heartbeat to the vCloud database every 30 seconds.
·         One of the cells in vCloud Director checks the health of all cells every 60 seconds. It does the following:
o   If any cell doesn’t have a heartbeat for > 5 minutes, it marks the cell as dead (failed). Thus, it may take about 5 minutes for vCloud Director to detect a cell failure.
o   The database server time is used to compare any time difference.
·         Every cell also has a local failure detection policy which kicks in every X minutes (X < 5 minutes, currently X = 4.5 minutes) and checks if the current cell has successfully written its heartbeat. If it hasn’t, it puts the cell in some form of “lockdown” mode where the cell will discard all incoming requests, vCenter API calls and writes to the database. This is done to prevent accidental data corruption as this particular cell (if it has lost network vonnectivity) is not visible to the rest of the cluster and it may be declared as failed.
·         When the cell is brought back up, it registers itself back by getting a new token and starts running a new heartbeat.

There is a URL that is available and should be used by the Load Balancer to check the health of the cell – https://<host>/cloud/server_status
As of the 1.0 release, vCloud Director tasks are not recoverable. So if a cell fails for whatever reason, all tasks executing on that cell will be marked as failed. This may leave behind some stranded objects in vCenter. However, if no tasks are running on the cell that failed and it is only the vCenter proxy that got affected, these tasks should eventually succeed when the vCenter Proxy service is failed over. The failover has to happen within a 20 minute window; otherwise, the tasks will be marked as TimedOut provided the corresponding vCenter is still up and running.

Load Balancing for Multiple vCD Cells

Q. Can vShield Edge be used as a load balancer for vCD Cells?

A. No vShield Edge 1.0 (the fully licensed one) supports HTTP load balancing, but vCD Cells need HTTPS load balancing.

vCloud Director: Creating Provider vDCs

Q. When creating a provider vDC, should you map to a cluster or resource pool?

A. For simplicity, we recommend mapping to a cluster directly so that a provider vDC has full access to all the resources in the cluster. This avoids possible contention with another resource pool at the same level (what if they were accidentally created to have expandable reservations, for example?).

When creating a Provider vDC, a Cluster or Resource Pool must be selected, this means the Resource Pool must be manually configured before creating and mapping the Provider vDC to the Resource Pool. During the creation of this Resource pool, the admin must specify the resource allocation settings. The Reservation, Shares and Limit settings of a Resource Pool are not changed dynamically when adding additional ESX hosts to the cluster. The admin must change (increase) the reservation and Limit setting each time new hosts are added to the cluster. There is also the issue of share allocations becoming unbalanced if/when you end up with an unbalanced number of powered on vCPUs between resource pools.

The second drawback of the Resource Pool model is sizing. Because multiple Provider vDC Resource Pools will exists beneath the Root Resource Pool (Cluster) level the admin/architect needs to calculate a proper resource allocation ratio for the existing Provider vDCs. Mapping a Provider vDC to a Resource Pool will require manual recalculation of the resource allocation settings each time a new tenant is introduced and when the new Org vDC joins the Provider vDC.

Copyright David Hill

Powered by WordPress. Designed by Woo Themes

Close Bitnami banner
Bitnami