Hi there Guys
I am hoping somebody can help me with this one. We are setting up a POC for our company to prove the Business value of VCloud director (VDC1.5). We have set up everything but we are having one last issue with VAPP networks. According to our understanding, one can place an Vshield edge device between a VAPP network and the organization network.
We have set up scenario like this, but we are unable to active the Firewall option, as the option stays grayed out as per the attached screenshot.
If we turn on the DHCP service, the edge firewall VM is created, but even then the firewall option in the VCD interface stays grayed out.
Firewall/Routing options will only become available when your vApp Network is 'patched' to an organisation network. You can configure this by going into your vApp's Networking tab and selecting an organisation network from the Connection drop-down list. Without configuring a connection, your vApp network is only availble inside your vApp and only has DHCP capabilities from the edge device.
Firewall/Routing options will only become available when your vApp Network is 'patched' to an organisation network. You can configure this by going into your vApp's Networking tab and selecting an organisation network from the Connection drop-down list. Without configuring a connection, your vApp network is only availble inside your vApp and only has DHCP capabilities from the edge device.
Hi there Nirvy
Ok I see what you mean. But there is one more thing that I do not understand. You talk about the vApp network being patched into the organization network. Based on what you explained to me and what I see is happening I understand the following
A VM in a vApp must have a nic in the attached to the vApp network for traffic to other VM's in the vApp. Then if a VM in a vApp needs to speak to a VM in another vApp it must have a nic attached to the organization network, and this nic can be protected by the Edge Firewall
It never seems as iff the Edge device acts as a bridge between the vApp network and the orgainisation network ?
You can have one NIC do it all, depending on your security needs. If you are trying to create a vAPP where the VM's within it can talk to each other and can talk out to other VM's in other vApps but have a firewall on it you'll want to setup an Organizaional Network of Direct type and connect it from your Network Pool to your External network. When creating your vAPP you'll then create a vAPP network with all your firewall/DHCP settings and then connect that to your organization network. This creates a "fenced" configuration to the point it can be cloned a lot of times but the VM's can still talk to all other VM's on ports you specified, using their "public IP's."
Sort of, the Edge device provides Layer 3 and up services, so it won't bridge exactly. Take a look at this awesome diagram and you will see how many options you have!
http://www.hypervizor.com/diags/Diagram-VMware-vCloud-Director-Networking-Architecture-v1-0.pdf
As eric said, you wouldn't need to multi-home your VMs with one nic on the vApp network and one on an org net or anything like that!
I love that PDF. I have it posted on my wall and was the one that helped me finally understand VCD networking.
Nice pdf.
Your vApp network is not connected to an organization network. Open the vApp, go to networking tab, and change the Connection to something other than None
Thank you to all of you for your assistance. I have managed to figure it out (finally) with all of your help!