VMware Cloud Community
gaadmin
Contributor
Contributor

Networking question (complicated!)

To the collective, I hope someone can shed some light on my predicament Smiley Happy

We are trying to place a proxy server in front of a vCloud environment. We would like all web traffic from the vCloud environment (multiple vCloud organisations) through a web proxy to the internet.

We have built vCloud, created 2 organisations and added networking to them.

The vCloud org networks are NAT routed to our prod LAN. We have vShield edge appliance up and running, with their firewalls configured as ALLOW ALL.

For the proxy server, we want to put a NIC onto each of the dVSwitches for each vCD organisation. That way, any traffic coming from a vCD network will go through the proxy. This will effectively cut out the vShield edge appliance for internet traffic (web browsers will have to be configured with the correct IP for the proxy server.)

The problem we have is that we can't get the vCloud VMs to see the Proxy server's interface. The NICs on the proxy are configured just by connecting them to the relevant port group in vCenter, not though any vCD configuration.

In our testing, we also created a new VM (outside vCloud) and added it to the dVswitch for a vCD organisation. Having given it an IP address, it could see other VMs in the Org, but not the default gateway (the vShield edge interface.)

I am confused.

Any input would be much appreciated. 

3 Replies
_morpheus_
Expert
Expert

What kind of network pool are you using for the organization networks?

Reply
0 Kudos
gaadmin
Contributor
Contributor

It's a vCD-NI pool.

Reply
0 Kudos
_morpheus_
Expert
Expert

You can't attach some random VM to a VCDNI portgroup. It won't work. The right way to do it is to import the proxy server into VCD and use VCD to place the proxy server onto the org network.