Re: Few questions on vCloud Director

tomer_leib · ‎04-09-2014

Hi,

I have an organization with 1 vDC that is connected to external network.

I'd like to share this vDC with other users, so each user will be able to log in and create his own vApp.

The problem is that I do not wish to have connection between the different vApps at all, so for example:

User A is creating his vApp with IP 62.192.118.10

User B is creating his vApp with IP 62.219.118.11

And each one is separated from the other.

So, how it can be achieved?

Another question:

I want to create a user role that will be able to create vApp from catalog, but will not be able to change the parameters of the CPU/RAM/Storage at all?

I've tried to remove the permissions "Edit VM hardware" but doing so created a user that is unable to add network to his VM and also cannot change the password.

Thank you all for any assistance here.

tomer_leib · ‎04-10-2014

Anyone?

IamTHEvilONE · ‎04-10-2014

If the VMs have to be on the external network, there is no real segregation that can happen. You could have two separate external networks on different vLANs, but that's a little extreme.

You could use vApp Networks with a NAT enabled on them, which would do what you want. This introduces some networking variables, and you'd have to confirm that this is okay with them.

cfor · ‎04-11-2014

For this I would do one of two things.

1. create vApp networks in each vApp (generally a good idea anyway) - then use NAT for network translation along with an edge firewall. You can use this firewall to allow to deny traffic.

2. If you are using NSX to back the networks in your cloud, you can use the distributed firewall to drive this protection.

ChrisF (VCP4, VCP5, VCP-Cloud) - If you find this or any other answer useful please consider awarding points by marking the answer correct or helpful

All

Few questions on vCloud Director