vCloud Director Networks – Part I

Jim Hannan (@HoBHannan), Principal Architect

My next two blog posts will focus on vCloud Director Networks. Most vCloud Director administrators will agree that networking is the most complex and configurable feature in vCloud Director. The real power and flexibility of vCloud Director is in the networking portion, where the available network configurations are virtually endless. House of Brick strongly recommends that clients become familiar with, at minimum, the following network designs:

External Direct
External NAT-routed
Internal only (no outside access)
External NAT-routed Fenced
External Direct-Fenced

House of Brick estimates that 99% of vApp configurations can be supported by one of the above mentioned network configurations. The network design gives customers the flexibility to offer solutions that are much more complex, without a virtualized environment.

For example, consider an Oracle E-Business environment. Typically, an Oracle E-Biz environment will consist of several components. It is not uncommon to have 5–15 VMs supporting an ERP application. Some of these VMs may contain the following components:

Oracle Database
Oracle Forms
Oracle Report or Oracle BI
Oracle OID

Traditional cloning, often performed by DBAs and Application DBAs, can be expensive and time-consuming. In some cases, like with Oracle INFRA, components are unsupported. For example, changing the networking stack, IP address, or hostname is unsupported without a fresh install. With vCloud Director networking, ERP vApps can be cloned and isolated with Internal only networks, External NAT-routed fenced, and External Direct-fenced. This allows the VM to maintain the original network stack configuration (hostname and IP address). In addition to the ability to clone complex environments, it can also simplify the creation of production clones by using vSphere cloning technologies.

Three Primary Layers

vCloud Director networking can be categorized into three layers:

External Networks
Organization Networks
vApp Networks

Figure 1 – vCloud Director Networking Layers


Each layer offers different levels of administrative access. External Networks are administered by the vSphere administrators and vCloud Director administrators. Typically, either the vCloud Director administrators or Organization administrators configure Organization Networks. The vApp’s application owners usually create vApp Networks.

External Networks

The primary role of the External Network is to allow outside access. External Networks also allow vApps access to the internal LAN. External Networks can be built with the following:

vSwitch Standard Switches
dvSwitch or Virtual Distributed Switches
Cisco Nexus 1000v

Figure 2 – Creating an External Network


Figure 3 – Defining External Network Problems


In my next blog, I will discuss Organization and vApp Networks in more detail.

Table of Contents

Related Posts