VMware Cloud Community
stan12345
Contributor
Contributor

looking for vcloud vapp network recommendations

Hello, I am looking to build a group of VMs in Vcloud that engineers can use to test software. Looking for some recommendations on how to to setup a 'vapp" in vcloud

1. The group of Vms will have windows servers and a virtual ESX server

2. Looking to replicate this group of VMs many times.

3. The group of Vms will have its own internal network (192.168.0.x). Also looking to attach one public IP to one server for public RDP access

Any recommendations on the best way for me to configure this?  Thanks Smiley Happy

Reply
0 Kudos
4 Replies
cfor
Expert
Expert

We do this type of thing all the time.

Here is a basic setup we use, I assume you might need to tweak it a little for your case.

3 vApp networks (A,B,C) [all are vApp networks]

A - is parent connected to our main external corporate network

A - needs to be set to Promiscuous mode after it is created - we had to use VCO to do this (needed for the ESX host if you want internal virtual VM's)

B and C are not connected upstream

A - ESX host management network connected to this

A - We connect all the VM to this network

A - Firewall and NAT enabled: Firewall setup as needed based on access in and out of the vApp

B - iSCSI file appliance attached on this network

B - ESX host has storage network connected on this network

C - used for vMotion when we have more than one ESX host

For the most part this works well - if you have virtual VM's inside you virtual ESX host you might need to do some network tricks (like add extra nics but have them disabled so you can force edge NAT routing to work to the vVM's) - if you are doing this and need more information let me know.

This allows us to deploy this vApp over and over, it always looks the same to itself, and users can connect to external IP addresses that will NAT into the vApp as need for access.

ChrisF (VCP4, VCP5, VCP-Cloud) - If you find this or any other answer useful please consider awarding points by marking the answer correct or helpful
tsugliani
VMware Employee
VMware Employee

Here is a simple diagram depicting how to do that under vCloud Director :

https://www.dropbox.com/s/rgtnmdg776g3ory/SelfContained-vApp.png

Additional Information :

Each time you would deploy this vApp from the catalog, a new vShield Edge is deployed to NAT everything behind it, so no reconfiguration on the Guest Operating system, and the only thing that will change is the public IP of the vShield Edge, that will get an IP on the Org Network / Org VDC Network (depenfing 1.x or 5.1), and fetch its ip from the pool.

Once you get that IP, you will just need to RDP on it, and if you have done the proper DNAT config, it will redirect you on your windows VM. (in my example, you can achieve much more than this :winking_face: )

Reply
0 Kudos
stan12345
Contributor
Contributor

Thanks, very helpful. So in order to use virtual ESX, you used VCO to enable prom mode for new vapps - is that a separately licensed feature?

Does creating and using Vapp networks eliminate need for vshield edge?

Reply
0 Kudos
tsugliani
VMware Employee
VMware Employee

If you use vSphere Hypervisors, you will need to enable promicuous on the backend Network, to put it simply a portgroup/dvPortgroup depending your setup (Check here, my colleague William has written a great article on how to achieve this in a homelab - Warning : This is not supported (http://www.virtuallyghetto.com/2011/10/missing-piece-in-creating-your-own.html)

vApp Networks can help creating L2 networks on demand, in your case you will still need an external access to your lab, so vShield edge is needed to bridge a vApp Network & Org (VDC) Network.

Hope this helps,