Www.thalesgroup.com THALES GROUP INTERNAL EF++ VMware vCD training Users HW - EF++ platform...

www.thalesgroup.com

THALES GROUP INTERNAL

EF++ VMware vCD training

UsersHW - EF++ platform technology stack30/1/14

THALES GROUP INTERNALTRN : 0001-0007610082 rev 001 – date 05/11/2013

Thales Global Services / Modèle : 83150233-DOC-TGS-EN-001

Th

is d

ocu

men

t is

not

to b

e r

epro

du

ced,

mod

ifie

d, a

dap

ted,

pu

blis

hed

, tr

ansl

ate

d in

an

y m

ater

ial f

orm

in w

hole

or

in p

art

nor

dis

clo

sed

to a

ny t

hird

par

ty

with

out t

he p

rior

wri

tten

perm

issi

on

of T

hale

s.©

TH

ALE

S 2

013

– A

ll rig

hts

rese

rve

d.

2 /2 / Agenda

Formation utilisateur•Presentation of the EF++ project•Connection au portail vCD, vCD role : org Admin and vApp Author•Deploiement of vApp•Share a vApp with users•vCD Remote console, Copy&Past feature•vApp with multi VM, GuestOS customization•vCD network architecture•Routed vApp Network, firewall with vSE•How to build vApp templates•Lab – connexion, deploy vapp, add vnic, guestos customization, vmrc and ssh•Catalog management•Upload and download in the cloud•Monitoring org vDC (compute and network)•View vCD events•vCops dashboard, events•Lab vCops



Th

is d

ocu

men

t is

not

to b

e r

epro

du

ced,

mod

ifie

d, a

dap

ted,

pu

blis

hed

, tr

ansl

ate

d in

an

y m

ater

ial f

orm

in w

hole

or

in p

art

nor

dis

clo

sed

to a

ny t

hird

par

ty

with

out t

he p

rior

wri

tten

perm

issi

on

of T

hale

s.©

TH

ALE

S 2

013

– A

ll rig

hts

rese

rve

d.

3 /3 / Training environment

WebVUMSysFtp vC & DB vCDNAS vCNSAD DNS

ESXi01 ESXi02 ESXi03

training.loc192.168.0.0/24

vCD Org NW vxlan - 192.168.20.0/24

External = 192.168.10.0/24

a vCloud Director vApp will be used to host a new vCloud Director instance for the training

NAT rule to jump to the web VM

vMotion - 192.168.5.0/24



Th

is d

ocu

men

t is

not

to b

e r

epro

du

ced,

mod

ifie

d, a

dap

ted,

pu

blis

hed

, tr

ansl

ate

d in

an

y m

ater

ial f

orm

in w

hole

or

in p

art

nor

dis

clo

sed

to a

ny t

hird

par

ty

with

out t

he p

rior

wri

tten

perm

issi

on

of T

hale

s.©

TH

ALE

S 2

013

– A

ll rig

hts

rese

rve

d.

4 /4 / EF++ - Training environment accounts

AD & DNS : training.loc, administrator / EFtraining

List of service accounts in training.loc / EFtraining

SSO admin : admin@system-domain / EFtraining1!NAS user : Openfiler / Eftrainingftp user : svc-vcns / Eftraining

Type de compte Compte Groupe Active Directory

Service VCOPS svc-vcops vSphere AdminsService vShield Manager (vCloud Network and

security)svc-vcns vSphere Admins

Service vCloud Director svc-vcd vSphere AdminsService Vmware Update Manager svc-vum vSphere AdminsService Virtual Storage Console svc-vsc vSphere AdminsComptes Utilisateurs Administrateurs vSphere Comptes Utilisateurs vSphere Admins

Comptes Utilisateurs Administrateurs NetApp Comptes Utilisateurs Virtual Storage Admins

Comptes Utilisateur Org1 (vApp Author) user1 vCloud Users

Compte d’admin Org1 (Org Admin) user1a vCloud Org Admins



Th

is d

ocu

men

t is

not

to b

e r

epro

du

ced,

mod

ifie

d, a

dap

ted,

pu

blis

hed

, tr

ansl

ate

d in

an

y m

ater

ial f

orm

in w

hole

or

in p

art

nor

dis

clo

sed

to a

ny t

hird

par

ty

with

out t

he p

rior

wri

tten

perm

issi

on

of T

hale

s.©

TH

ALE

S 2

013

– A

ll rig

hts

rese

rve

d.

5 /5 / EF++ - Training environment IP

VM IP Application Comment

tgsefp-ad1 192.168.0.10 AD & DNS : training.loc Dedicated MS AD and DNS

tgsefp-vce 192.168.0.11 vCenter 5.1 & MS SQL Express

DBs : RSA, vcloud, VIM_VCDBSQL users : vcloud & vum

tgsefp-web 192.168.0.12192.168.10.2

vSphere Web client server, VMware Update Manager

Used to jump onto the training.loc and external NWAdd a second NW vnic connected to External vApp NW

tgsefp-vcd 192.168.0.13&14

VMware vCloud Director vCD cell

tgsefp-vsh 192.168.0.16 vCNS server Appliance vShield Manager

tgsefp-nas 192.168.0.15 Openfiler Appliance OpenFiler

tgsefp-esx1 192.168.0.21 vSphere 5.1 Nested Esxi, vmk1 : 192.168.5.21 (vMotion), vmk2 : 192.168.20.21 (vTep)

tgsefp-esx2 192.168.0.22 vSphere 5.1 Nested Esxi, vmk1 : 192.168.5.22 (vMotion), vmk2 : 192.168.20.22 (vTep)

tgsefp-esx3 192.168.0.23 vSphere 5.1 Nested Esxi, vmk1 : 192.168.5.23 (vMotion), vmk2 : 192.168.20.23 (vTep)Not yet regesitered in the vCenter

www.thalesgroup.com


VMware vCloud Director Organizations

Module 5



Th

is d

ocu

men

t is

not

to b

e r

epro

du

ced,

mod

ifie

d, a

dap

ted,

pu

blis

hed

, tr

ansl

ate

d in

an

y m

ater

ial f

orm

in w

hole

or

in p

art

nor

dis

clo

sed

to a

ny t

hird

par

ty

with

out t

he p

rior

wri

tten

perm

issi

on

of T

hale

s.©

TH

ALE

S 2

013

– A

ll rig

hts

rese

rve

d.

7 /7 /Module Lessons

Lesson 1: Organizations

Lesson 2: Organization Virtual Data Centers

Lesson 3: vApp Templates

Lesson 4: Building and Publishing vApps

Lesson 5: Deploying and Running vApps

Lesson 6: Additional Organization VDC Networking



Th

is d

ocu

men

t is

not

to b

e r

epro

du

ced,

mod

ifie

d, a

dap

ted,

pu

blis

hed

, tr

ansl

ate

d in

an

y m

ater

ial f

orm

in w

hole

or

in p

art

nor

dis

clo

sed

to a

ny t

hird

par

ty

with

out t

he p

rior

wri

tten

perm

issi

on

of T

hale

s.©

TH

ALE

S 2

013

– A

ll rig

hts

rese

rve

d.

8 /8 /

Lesson 1: Organizations



Th

is d

ocu

men

t is

not

to b

e r

epro

du

ced,

mod

ifie

d, a

dap

ted,

pu

blis

hed

, tr

ansl

ate

d in

an

y m

ater

ial f

orm

in w

hole

or

in p

art

nor

dis

clo

sed

to a

ny t

hird

par

ty

with

out t

he p

rior

wri

tten

perm

issi

on

of T

hale

s.©

TH

ALE

S 2

013

– A

ll rig

hts

rese

rve

d.

9 /9 /About Organizations

An organization is a logical group of all users (consumers) to which resources will be presented.

An organization has these characteristics: Enforces a security boundary

Includes appropriate resources and controls

Includes one or more content repositories (catalogs)

Users Access Control

Catalogs Provisioned Policies

Organization: Finance

Organization VDCs

vSphere vApp(VMs with vApp

network)vApp vApp



Th

is d

ocu

men

t is

not

to b

e r

epro

du

ced,

mod

ifie

d, a

dap

ted,

pu

blis

hed

, tr

ansl

ate

d in

an

y m

ater

ial f

orm

in w

hole

or

in p

art

nor

dis

clo

sed

to a

ny t

hird

par

ty

with

out t

he p

rior

wri

tten

perm

issi

on

of T

hale

s.©

TH

ALE

S 2

013

– A

ll rig

hts

rese

rve

d.

10 /10 /

Each organization has a dedicated portal.

Organization Portals



Th

is d

ocu

men

t is

not

to b

e r

epro

du

ced,

mod

ifie

d, a

dap

ted,

pu

blis

hed

, tr

ansl

ate

d in

an

y m

ater

ial f

orm

in w

hole

or

in p

art

nor

dis

clo

sed

to a

ny t

hird

par

ty

with

out t

he p

rior

wri

tten

perm

issi

on

of T

hale

s.©

TH

ALE

S 2

013

– A

ll rig

hts

rese

rve

d.

11 /11 /

Organization users can be created in vCloud Director or by using an LDAP server.

Each user has an administrator-assigned role.

Organization Users

Predefined Role Privileges

System Administrator Creates and manages provider VDCs, external networks, network pools, organizations, organization VDCs, organization VDC networks, and catalogs

Organization Administrator

Creates and manages organization users, catalogs, and VMware vSphere® vApp™ templates and organization VDC networks

Catalog Author Creates, manages, and uses catalogs and vApps

vApp Author Creates, manages, and uses vApps

vApp User Similar to vApp Author except that it cannot create vApp or change CPU/memory/disk

Console Access Only Access to consoles of vApp virtual machines with no power functions



Th

is d

ocu

men

t is

not

to b

e r

epro

du

ced,

mod

ifie

d, a

dap

ted,

pu

blis

hed

, tr

ansl

ate

d in

an

y m

ater

ial f

orm

in w

hole

or

in p

art

nor

dis

clo

sed

to a

ny t

hird

par

ty

with

out t

he p

rior

wri

tten

perm

issi

on

of T

hale

s.©

TH

ALE

S 2

013

– A

ll rig

hts

rese

rve

d.

12 /12 /Organization Policies

Leases, quotas, and limits help prevent users from depleting or monopolizing an organization’s resources.

Policy type Settings

Leases vApp runtime

vApp and vApp template storage

Storage cleanup location

Quotas Running virtual machines per user

Stored virtual machines per user

Limits Resource intensive operations per user

Resource intensive operations per organization

Simultaneous connections per virtual machine



Th

is d

ocu

men

t is

not

to b

e r

epro

du

ced,

mod

ifie

d, a

dap

ted,

pu

blis

hed

, tr

ansl

ate

d in

an

y m

ater

ial f

orm

in w

hole

or

in p

art

nor

dis

clo

sed

to a

ny t

hird

par

ty

with

out t

he p

rior

wri

tten

perm

issi

on

of T

hale

s.©

TH

ALE

S 2

013

– A

ll rig

hts

rese

rve

d.

13 /13 /

vApps and vApp templates whose storage leases expire are handled as configured under Leases.

These vApps are either moved to an expired holding area or deleted.

The vCloud Director system administrator and the organization administrator have the ability to restore to the organization a vApp that is stored in an Expired Items storage area.

Expired Items Management (1)



Th

is d

ocu

men

t is

not

to b

e r

epro

du

ced,

mod

ifie

d, a

dap

ted,

pu

blis

hed

, tr

ansl

ate

d in

an

y m

ater

ial f

orm

in w

hole

or

in p

art

nor

dis

clo

sed

to a

ny t

hird

par

ty

with

out t

he p

rior

wri

tten

perm

issi

on

of T

hale

s.©

TH

ALE

S 2

013

– A

ll rig

hts

rese

rve

d.

14 /14 /

After a vApp stops running, the clock starts for how long it will remain in the user’s My Cloud.

This type of management can be used to keep organizations and users from cluttering the system with too many vApps and wasting resources.




Th

is d

ocu

men

t is

not

to b

e r

epro

du

ced,

mod

ifie

d, a

dap

ted,

pu

blis

hed

, tr

ansl

ate

d in

an

y m

ater

ial f

orm

in w

hole

or

in p

art

nor

dis

clo

sed

to a

ny t

hird

par

ty

with

out t

he p

rior

wri

tten

perm

issi

on

of T

hale

s.©

TH

ALE

S 2

013

– A

ll rig

hts

rese

rve

d.

15 /15 /

After a vApp or vApp template has been moved into Expired Items, either the cloud system administrator or the organization administrator can renew it.

The Expired Items inventory appears under My Cloud. vApps can also be deleted from Expired Items.




Th

is d

ocu

men

t is

not

to b

e r

epro

du

ced,

mod

ifie

d, a

dap

ted,

pu

blis

hed

, tr

ansl

ate

d in

an

y m

ater

ial f

orm

in w

hole

or

in p

art

nor

dis

clo

sed

to a

ny t

hird

par

ty

with

out t

he p

rior

wri

tten

perm

issi

on

of T

hale

s.©

TH

ALE

S 2

013

– A

ll rig

hts

rese

rve

d.

16 /16 /

Catalog Objects

vApp Templates

Media

Catalogs store the following: vApp templates, which are used to

deploy workloads to user clouds

Media (ISO files and FLP files) that can be inserted into CD/DVD and diskette drives on virtual machines

Media can also include other files, such as scripts.

Catalogs can be shared with all users in the organization or with specific users.

Catalogs can be shared with other organizations.

Catalogs can be published to other vCloud Director clouds.

Catalogs

Windows Template

Web Server vApps

Database vApps



Th

is d

ocu

men

t is

not

to b

e r

epro

du

ced,

mod

ifie

d, a

dap

ted,

pu

blis

hed

, tr

ansl

ate

d in

an

y m

ater

ial f

orm

in w

hole

or

in p

art

nor

dis

clo

sed

to a

ny t

hird

par

ty

with

out t

he p

rior

wri

tten

perm

issi

on

of T

hale

s.©

TH

ALE

S 2

013

– A

ll rig

hts

rese

rve

d.

17 /17 /

Catalogs are made available in four ways:

Private: Available to the owner or creator of the catalog only Public: Available to other organizations in the cloud Shared: Available to other specific users in your organization or

available to other organizations in your cloud Published: Available to subscribers in other vCloud Director clouds

Catalog Availability



Th

is d

ocu

men

t is

not

to b

e r

epro

du

ced,

mod

ifie

d, a

dap

ted,

pu

blis

hed

, tr

ansl

ate

d in

an

y m

ater

ial f

orm

in w

hole

or

in p

art

nor

dis

clo

sed

to a

ny t

hird

par

ty

with

out t

he p

rior

wri

tten

perm

issi

on

of T

hale

s.©

TH

ALE

S 2

013

– A

ll rig

hts

rese

rve

d.

18 /18 /Organization Catalog Sharing

The system administrator allows or disallows public sharing and publishing of organization catalogs. If sharing is allowed, the organization catalogs can be shared as visible to other

organizations.

Catalogs can be made public to specific organizations or to all organizations.

Catalogs can still be shared within an organization even if sharing with other organizations is not allowed.

Sharing can be set or changed at any time.



Th

is d

ocu

men

t is

not

to b

e r

epro

du

ced,

mod

ifie

d, a

dap

ted,

pu

blis

hed

, tr

ansl

ate

d in

an

y m

ater

ial f

orm

in w

hole

or

in p

art

nor

dis

clo

sed

to a

ny t

hird

par

ty

with

out t

he p

rior

wri

tten

perm

issi

on

of T

hale

s.©

TH

ALE

S 2

013

– A

ll rig

hts

rese

rve

d.

19 /19 /Organization Catalog Publishing

Publishing allows a catalog to be shared with organizations in other vCloud Director clouds.

The system administrator also controls whether an organization can subscribe to catalogs that are externally published.

Publishing can be set or changed at any time.



Th

is d

ocu

men

t is

not

to b

e r

epro

du

ced,

mod

ifie

d, a

dap

ted,

pu

blis

hed

, tr

ansl

ate

d in

an

y m

ater

ial f

orm

in w

hole

or

in p

art

nor

dis

clo

sed

to a

ny t

hird

par

ty

with

out t

he p

rior

wri

tten

perm

issi

on

of T

hale

s.©

TH

ALE

S 2

013

– A

ll rig

hts

rese

rve

d.

20 /20 /

Create an administration organization to do the following: Share public catalogs that offer official build templates to the organization

administrators of all organizations

For each consumer organization, follow these practices: Create a shared catalog for local templates

Use the shared catalog provided by the Administration organization to create standard templates

Recognize that only the Organization Administrator role and the vCloud Director system administrator can view shared and published catalogs

Be very selective about whom you allow to publish catalogs to external clouds.

Be very selective about whom you allow to subscribe from external clouds.

Catalog Best Practices



Th

is d

ocu

men

t is

not

to b

e r

epro

du

ced,

mod

ifie

d, a

dap

ted,

pu

blis

hed

, tr

ansl

ate

d in

an

y m

ater

ial f

orm

in w

hole

or

in p

art

nor

dis

clo

sed

to a

ny t

hird

par

ty

with

out t

he p

rior

wri

tten

perm

issi

on

of T

hale

s.©

TH

ALE

S 2

013

– A

ll rig

hts

rese

rve

d.

21 /21 /

Lesson 2:Organization Virtual Data

Centers



Th

is d

ocu

men

t is

not

to b

e r

epro

du

ced,

mod

ifie

d, a

dap

ted,

pu

blis

hed

, tr

ansl

ate

d in

an

y m

ater

ial f

orm

in w

hole

or

in p

art

nor

dis

clo

sed

to a

ny t

hird

par

ty

with

out t

he p

rior

wri

tten

perm

issi

on

of T

hale

s.©

TH

ALE

S 2

013

– A

ll rig

hts

rese

rve

d.

22 /22 / Organization VDCs

An organization VDC is a subset of the resources in a provider VDC.

Provider VDC resources are allocated to tenants in the form of organization VDCs. (Only done by System admin)

Before you can create an organization VDC, you must create an organization (Only done by System admin)

Each organization can have multiple organization VDCs. Each organization VDC can belong to only a single organization. vApps, vApp templates, and catalogs cannot be created in an

organization until an organization VDC exists.



Th

is d

ocu

men

t is

not

to b

e r

epro

du

ced,

mod

ifie

d, a

dap

ted,

pu

blis

hed

, tr

ansl

ate

d in

an

y m

ater

ial f

orm

in w

hole

or

in p

art

nor

dis

clo

sed

to a

ny t

hird

par

ty

with

out t

he p

rior

wri

tten

perm

issi

on

of T

hale

s.©

TH

ALE

S 2

013

– A

ll rig

hts

rese

rve

d.

23 /23 /

Organization VDCs enable the cloud provider to securely share provider VDCs resources with multiple tenants. The provider can do so with the following: Predefined allocations

Ensured control of the tenant’s performance and capacity requirements

Purpose of an Organization VDC

Organization A

VDC2 (Tier2)VDC1 (Tier1)

vApp

A single cloud tenant can have multiple organization VDCs. The advantages include: They consume multiple classes with

differing SLAs. The cost is based on computed needs.

The cloud consumer or user sees the organization VDCs but not the underlying provider VDCs.



Th

is d

ocu

men

t is

not

to b

e r

epro

du

ced,

mod

ifie

d, a

dap

ted,

pu

blis

hed

, tr

ansl

ate

d in

an

y m

ater

ial f

orm

in w

hole

or

in p

art

nor

dis

clo

sed

to a

ny t

hird

par

ty

with

out t

he p

rior

wri

tten

perm

issi

on

of T

hale

s.©

TH

ALE

S 2

013

– A

ll rig

hts

rese

rve

d.

24 /24 /

Each organization can have multiple organization VDCs. Each organization VDC can use resources from a single provider

VDC. Multiple organization VDC can use resources from the same

provider VDC. You cannot create an organization VDC until a provider VDC exists.

Organization VDCs and Provider VDCs

VDC-A-1

VDC-A-2

VDC-B-1

VDC-B-2

VDC-C-1

Gold provider VDC

Silver provider VDC

Bronze provider VDC

organization Corganization Borganization A



Th

is d

ocu

men

t is

not

to b

e r

epro

du

ced,

mod

ifie

d, a

dap

ted,

pu

blis

hed

, tr

ansl

ate

d in

an

y m

ater

ial f

orm

in w

hole

or

in p

art

nor

dis

clo

sed

to a

ny t

hird

par

ty

with

out t

he p

rior

wri

tten

perm

issi

on

of T

hale

s.©

TH

ALE

S 2

013

– A

ll rig

hts

rese

rve

d.

25 /25 / Organization VDC

Enable thin provisioning to reduce storage consumption by committing resources only on demand.

Enable fast provisioning to enable the use of vSphere linked clones.

VM and Network Quota, Storage allocations are set by System administrator



Th

is d

ocu

men

t is

not

to b

e r

epro

du

ced,

mod

ifie

d, a

dap

ted,

pu

blis

hed

, tr

ansl

ate

d in

an

y m

ater

ial f

orm

in w

hole

or

in p

art

nor

dis

clo

sed

to a

ny t

hird

par

ty

with

out t

he p

rior

wri

tten

perm

issi

on

of T

hale

s.©

TH

ALE

S 2

013

– A

ll rig

hts

rese

rve

d.

26 /26 /

Lesson 3: vApp Templates



Th

is d

ocu

men

t is

not

to b

e r

epro

du

ced,

mod

ifie

d, a

dap

ted,

pu

blis

hed

, tr

ansl

ate

d in

an

y m

ater

ial f

orm

in w

hole

or

in p

art

nor

dis

clo

sed

to a

ny t

hird

par

ty

with

out t

he p

rior

wri

tten

perm

issi

on

of T

hale

s.©

TH

ALE

S 2

013

– A

ll rig

hts

rese

rve

d.

27 /27 /

A vCloud Director virtual appliance (vApp) template is a predefined package of virtual machines and networks that you can use to rapidly instantiate vCloud Director vApps.

Install and preconfigure guest operating systems in the vApp template.

Preconfigure networks in the vApp template. You cannot power on a vApp template.

vApp Templates

vApp Template vApp



Th

is d

ocu

men

t is

not

to b

e r

epro

du

ced,

mod

ifie

d, a

dap

ted,

pu

blis

hed

, tr

ansl

ate

d in

an

y m

ater

ial f

orm

in w

hole

or

in p

art

nor

dis

clo

sed

to a

ny t

hird

par

ty

with

out t

he p

rior

wri

tten

perm

issi

on

of T

hale

s.©

TH

ALE

S 2

013

– A

ll rig

hts

rese

rve

d.

28 /28 /

Options for adding media to a catalog: Upload an ISO or FLP image file.

Import a media file from a vSphere datastore.*

Copy or move a media file from one catalog to another.

Options for adding vApp templates to a catalog: Upload an Open Virtualization Format (OVF) package.

Import a virtual machine from vSphere.*

Copy or move a vApp template from one catalog to another.

Create a vApp from a template, modify it, and save it as a template.

Create a vApp from the beginning and save it as a template.

* Requires system administrator permissions

Populating Catalogs



Th

is d

ocu

men

t is

not

to b

e r

epro

du

ced,

mod

ifie

d, a

dap

ted,

pu

blis

hed

, tr

ansl

ate

d in

an

y m

ater

ial f

orm

in w

hole

or

in p

art

nor

dis

clo

sed

to a

ny t

hird

par

ty

with

out t

he p

rior

wri

tten

perm

issi

on

of T

hale

s.©

TH

ALE

S 2

013

– A

ll rig

hts

rese

rve

d.

29 /29 / Importing vApp Templates

vSphere virtual machines can be imported into vCloud Director: Only the vCloud Director system administrator role has the right to upload a

vSphere virtual machine into vCloud Director.

Virtual machines can be uploaded into a catalog as vApp templates or into My Cloud as vApps.

OVF templates can be uploaded into a catalog as a vApp template. OVF templates can also be uploaded as a vApp. Any organization user with sufficient rights can upload OVF

templates. Uploading templates removes any reliance on a system

administrator to interact with vSphere.



Th

is d

ocu

men

t is

not

to b

e r

epro

du

ced,

mod

ifie

d, a

dap

ted,

pu

blis

hed

, tr

ansl

ate

d in

an

y m

ater

ial f

orm

in w

hole

or

in p

art

nor

dis

clo

sed

to a

ny t

hird

par

ty

with

out t

he p

rior

wri

tten

perm

issi

on

of T

hale

s.©

TH

ALE

S 2

013

– A

ll rig

hts

rese

rve

d.

30 /30 /

Each time a vApp is deployed from a vApp template, a linked clone is created.

Linked clones are disk-deduplicated copies of the vApp template. These copies are based on vSphere snapshots.

Only the data unique to this vApp is stored separately.

Only 31 linked-clone copies of a vApp can exist. Then a new shadow virtual machine is created for each virtual machine in the vApp and a new chain is started.

A large number of linked clones can slow performance. Only the vCloud Director system administrator can see the chain

length of a virtual machine and issue a command to consolidate.

Chain-Length Problems (1)



Th

is d

ocu

men

t is

not

to b

e r

epro

du

ced,

mod

ifie

d, a

dap

ted,

pu

blis

hed

, tr

ansl

ate

d in

an

y m

ater

ial f

orm

in w

hole

or

in p

art

nor

dis

clo

sed

to a

ny t

hird

par

ty

with

out t

he p

rior

wri

tten

perm

issi

on

of T

hale

s.©

TH

ALE

S 2

013

– A

ll rig

hts

rese

rve

d.

31 /31 / Chain-Length Problems (2)

You can see the chain length on the properties of a virtual machine in a template that is stored in a catalog. (Only System Admin)



Th

is d

ocu

men

t is

not

to b

e r

epro

du

ced,

mod

ifie

d, a

dap

ted,

pu

blis

hed

, tr

ansl

ate

d in

an

y m

ater

ial f

orm

in w

hole

or

in p

art

nor

dis

clo

sed

to a

ny t

hird

par

ty

with

out t

he p

rior

wri

tten

perm

issi

on

of T

hale

s.©

TH

ALE

S 2

013

– A

ll rig

hts

rese

rve

d.

32 /32 /

The command to consolidate is available when you right-click a virtual machine in a template.

You also can view shadow virtual machines.

Chain-Length Problems (3)



Th

is d

ocu

men

t is

not

to b

e r

epro

du

ced,

mod

ifie

d, a

dap

ted,

pu

blis

hed

, tr

ansl

ate

d in

an

y m

ater

ial f

orm

in w

hole

or

in p

art

nor

dis

clo

sed

to a

ny t

hird

par

ty

with

out t

he p

rior

wri

tten

perm

issi

on

of T

hale

s.©

TH

ALE

S 2

013

– A

ll rig

hts

rese

rve

d.

33 /33 /

Lesson 4: Building and Publishing vApps



Th

is d

ocu

men

t is

not

to b

e r

epro

du

ced,

mod

ifie

d, a

dap

ted,

pu

blis

hed

, tr

ansl

ate

d in

an

y m

ater

ial f

orm

in w

hole

or

in p

art

nor

dis

clo

sed

to a

ny t

hird

par

ty

with

out t

he p

rior

wri

tten

perm

issi

on

of T

hale

s.©

TH

ALE

S 2

013

– A

ll rig

hts

rese

rve

d.

34 /34 / vApps (1)

A vApp is a package of IT services. The package includes:

One or more preconfigured virtual machines running the applications included in a service

A vApp network for communication between virtual machines

Metadata for deployment instructions and runtime policies

vApp

OVF descriptor

database

virtual machine

app server

virtual machine

app server

virtual machine



Th

is d

ocu

men

t is

not

to b

e r

epro

du

ced,

mod

ifie

d, a

dap

ted,

pu

blis

hed

, tr

ansl

ate

d in

an

y m

ater

ial f

orm

in w

hole

or

in p

art

nor

dis

clo

sed

to a

ny t

hird

par

ty

with

out t

he p

rior

wri

tten

perm

issi

on

of T

hale

s.©

TH

ALE

S 2

013

– A

ll rig

hts

rese

rve

d.

35 /35 / vApps (2)

A vApp is deployed from a vApp template. vApps simplify the deployment and ongoing management of an n-

tier application. vApps can contain one or many virtual machines. vApps encapsulate not only virtual machines but also their

interdependencies and resource allocations. OVF is the distribution format for vApps.

vApp Template vApp



Th

is d

ocu

men

t is

not

to b

e r

epro

du

ced,

mod

ifie

d, a

dap

ted,

pu

blis

hed

, tr

ansl

ate

d in

an

y m

ater

ial f

orm

in w

hole

or

in p

art

nor

dis

clo

sed

to a

ny t

hird

par

ty

with

out t

he p

rior

wri

tten

perm

issi

on

of T

hale

s.©

TH

ALE

S 2

013

– A

ll rig

hts

rese

rve

d.

36 /36 / vApp Custom Guest Properties

The vApp custom guest properties feature the following:

Developers and other users can use OVF descriptors to easily pass user data into guest operating systems.

Benefits:

Easier postdeployment configuration and provisioning of identity to virtual machine and vApps

Provides functionality to bootstrap a wide variety of guest customization solutions

vApps

DeployOVF package.

OVF package

1

3

Deploymentconfiguratio

n

2

vSphere

vApp vApp



Th

is d

ocu

men

t is

not

to b

e r

epro

du

ced,

mod

ifie

d, a

dap

ted,

pu

blis

hed

, tr

ansl

ate

d in

an

y m

ater

ial f

orm

in w

hole

or

in p

art

nor

dis

clo

sed

to a

ny t

hird

par

ty

with

out t

he p

rior

wri

tten

perm

issi

on

of T

hale

s.©

TH

ALE

S 2

013

– A

ll rig

hts

rese

rve

d.

37 /37 / Considerations for vApps

General design considerations: Include one virtual CPU. Add vCPUs as needed.

Use the latest version of VMware® Tools™.

Use default shares, reservations, and limits.

Use vmxnet3 network adapters.

Network design considerations: Each vApp network consumes processor and memory resources and a network

from the pool.

Each VMware® vShield Edge™ that is deployed allocates an IP from the static pool available on the organization VDC network.



Th

is d

ocu

men

t is

not

to b

e r

epro

du

ced,

mod

ifie

d, a

dap

ted,

pu

blis

hed

, tr

ansl

ate

d in

an

y m

ater

ial f

orm

in w

hole

or

in p

art

nor

dis

clo

sed

to a

ny t

hird

par

ty

with

out t

he p

rior

wri

tten

perm

issi

on

of T

hale

s.©

TH

ALE

S 2

013

– A

ll rig

hts

rese

rve

d.

38 /38 /

Lesson 5: Deploying and Running vApps



Th

is d

ocu

men

t is

not

to b

e r

epro

du

ced,

mod

ifie

d, a

dap

ted,

pu

blis

hed

, tr

ansl

ate

d in

an

y m

ater

ial f

orm

in w

hole

or

in p

art

nor

dis

clo

sed

to a

ny t

hird

par

ty

with

out t

he p

rior

wri

tten

perm

issi

on

of T

hale

s.©

TH

ALE

S 2

013

– A

ll rig

hts

rese

rve

d.

39 /39 /

vApps are deployed from local or public catalogs. When deploying a vApp from a catalog, you can change these

settings: Change the VDC used to run the vApp to any VDC in your organization

Change the storage profile used to run the virtual machines and optional vShield Edge instances.

Change the vApp lease values

Deploying vApps



Th

is d

ocu

men

t is

not

to b

e r

epro

du

ced,

mod

ifie

d, a

dap

ted,

pu

blis

hed

, tr

ansl

ate

d in

an

y m

ater

ial f

orm

in w

hole

or

in p

art

nor

dis

clo

sed

to a

ny t

hird

par

ty

with

out t

he p

rior

wri

tten

perm

issi

on

of T

hale

s.©

TH

ALE

S 2

013

– A

ll rig

hts

rese

rve

d.

40 /40 /

A vApp can be copied or moved from one catalog to another catalog.

Considerations when copying from a public catalog: The vApp networking might be configured for the unique topology of the source

organization, including DNS resolution options, static or manual IP allocations, and host names.

To change vApp settings: Copy the vApp to a local organization catalog

Deploy the vApp

Update the configuration

Republish

Copying and Moving vApps



Th

is d

ocu

men

t is

not

to b

e r

epro

du

ced,

mod

ifie

d, a

dap

ted,

pu

blis

hed

, tr

ansl

ate

d in

an

y m

ater

ial f

orm

in w

hole

or

in p

art

nor

dis

clo

sed

to a

ny t

hird

par

ty

with

out t

he p

rior

wri

tten

perm

issi

on

of T

hale

s.©

TH

ALE

S 2

013

– A

ll rig

hts

rese

rve

d.

41 /41 /

You can configure guest customization settings for any stopped virtual machine.

Guest customization can be used for the following tasks: Configure the host name

Enable or disable SID generation (for Windows guests)

Set the administrator password

Specify a customization script to be executed

Guest customization requires a virtual machine reboot to finish.

Guest Customization



Th

is d

ocu

men

t is

not

to b

e r

epro

du

ced,

mod

ifie

d, a

dap

ted,

pu

blis

hed

, tr

ansl

ate

d in

an

y m

ater

ial f

orm

in w

hole

or

in p

art

nor

dis

clo

sed

to a

ny t

hird

par

ty

with

out t

he p

rior

wri

tten

perm

issi

on

of T

hale

s.©

TH

ALE

S 2

013

– A

ll rig

hts

rese

rve

d.

42 /42 /

You can change the hardware settings on a stopped virtual machine.

You might be able to “hot-add” hardware to running virtual machines.

Hardware Customization (1)



Th

is d

ocu

men

t is

not

to b

e r

epro

du

ced,

mod

ifie

d, a

dap

ted,

pu

blis

hed

, tr

ansl

ate

d in

an

y m

ater

ial f

orm

in w

hole

or

in p

art

nor

dis

clo

sed

to a

ny t

hird

par

ty

with

out t

he p

rior

wri

tten

perm

issi

on

of T

hale

s.©

TH

ALE

S 2

013

– A

ll rig

hts

rese

rve

d.

43 /43 /

You can change the vApp network, create a new vApp network, or connect the vApp directly to an organization VDC network.

You can specify the IP addressing used by each virtual machine. Static IP use requires enabling of guest customizations.

Hardware Customization (2)



Th

is d

ocu

men

t is

not

to b

e r

epro

du

ced,

mod

ifie

d, a

dap

ted,

pu

blis

hed

, tr

ansl

ate

d in

an

y m

ater

ial f

orm

in w

hole

or

in p

art

nor

dis

clo

sed

to a

ny t

hird

par

ty

with

out t

he p

rior

wri

tten

perm

issi

on

of T

hale

s.©

TH

ALE

S 2

013

– A

ll rig

hts

rese

rve

d.

44 /44 / IP Addresses and vApp Connections

vApp

192.168.210.2(Static)

vApp Network

Organization VDC Network (192.168.11.0/24)

192.168.210.204(Manual)

192.168.210.103(DHCP)

vApp

192.168.11.2(Static)

vApp Network

Organization VDC Network (192.168.11.0/24)

192.168.11.204(Manual)

192.168.11.103(DHCP)

DHCP / Static Pool

DHCP / Static Pool

Edge Gateway

Edge Gateway

vShield Edge

Routed vApp

Direct-Connect vApp



Th

is d

ocu

men

t is

not

to b

e r

epro

du

ced,

mod

ifie

d, a

dap

ted,

pu

blis

hed

, tr

ansl

ate

d in

an

y m

ater

ial f

orm

in w

hole

or

in p

art

nor

dis

clo

sed

to a

ny t

hird

par

ty

with

out t

he p

rior

wri

tten

perm

issi

on

of T

hale

s.©

TH

ALE

S 2

013

– A

ll rig

hts

rese

rve

d.

45 /45 /

Licenses in vCD portal

Licenses in vCenter

Lab – Change temporary VMware licenses ~ 10

minutes



Th

is d

ocu

men

t is

not

to b

e r

epro

du

ced,

mod

ifie

d, a

dap

ted,

pu

blis

hed

, tr

ansl

ate

d in

an

y m

ater

ial f

orm

in w

hole

or

in p

art

nor

dis

clo

sed

to a

ny t

hird

par

ty

with

out t

he p

rior

wri

tten

perm

issi

on

of T

hale

s.©

TH

ALE

S 2

013

– A

ll rig

hts

rese

rve

d.

46 /46 / Lab – New vApp with multi VM & Direct Net Connections

Win VM

External NW = 192.168.10.0/24

Linux VM

192.168.10.20 192.168.10.21

New vAppDirect Connect

Goal :From the external NW, be able to connect to the Win VM (RDP : 3389), and to the Linux VM (ssh : 22)

Step by step:• Deploy from the catalog a new vApp• Add a second VM• Connect them on the external Network (Direct-

LAN)• Power on the vApp• Try to connect with SSH from your VM WEB

~ 30 minutes



Th

is d

ocu

men

t is

not

to b

e r

epro

du

ced,

mod

ifie

d, a

dap

ted,

pu

blis

hed

, tr

ansl

ate

d in

an

y m

ater

ial f

orm

in w

hole

or

in p

art

nor

dis

clo

sed

to a

ny t

hird

par

ty

with

out t

he p

rior

wri

tten

perm

issi

on

of T

hale

s.©

TH

ALE

S 2

013

– A

ll rig

hts

rese

rve

d.

47 /47 / Lab – New isolated vApp with multi VM

Win VM

External NW = 192.168.10.0/24

vApp NW = 10.10.11.0/24

Linux VM

10.10.11.1

10.10.11.2 10.10.11.3

New isolated vAppGoal :From the external NW, be able to connect to the Win VM (RDP : 3389), and to the Linux VM (ssh : 22)

FW enabled

192.168.10.?

Step by step:• Power off the previous vApp• Create new vApp network (10.10.11.0/24)• Attach the vApp network with Direct-LAN• Configure the NAT & the firewall service (only

inbound SSH)• Power on the vApp• Try to connect with SSH from your VM WEB• Try to ping it

~ 30 minutes



Th

is d

ocu

men

t is

not

to b

e r

epro

du

ced,

mod

ifie

d, a

dap

ted,

pu

blis

hed

, tr

ansl

ate

d in

an

y m

ater

ial f

orm

in w

hole

or

in p

art

nor

dis

clo

sed

to a

ny t

hird

par

ty

with

out t

he p

rior

wri

tten

perm

issi

on

of T

hale

s.©

TH

ALE

S 2

013

– A

ll rig

hts

rese

rve

d.

48 /48 / Annexe - vApp EF++ changes

After PowerOn vApp, change security setting on vxlan dvsEnable ntpd on vCD cell, chkconfig ntpd on, service ntpd start.Register the lookup service in vCD (Federation) : https://tgsefp-vce.training.loc:7444/lookupservice/sdkadmin@system-domain / EFtraining1!Remove the : Use vSphere Single Sign-On

Change IE configuration• Security / Trusted site https://*.training.loc, Low• Privacy : Accep All Cookies, Remove Pop-UP Blocker, • Advanced/Security : remove Check for … revocation, Warm …

certificate address mismatch*

www.thalesgroup.com


vCops users dashboards



Th

is d

ocu

men

t is

not

to b

e r

epro

du

ced,

mod

ifie

d, a

dap

ted,

pu

blis

hed

, tr

ansl

ate

d in

an

y m

ater

ial f

orm

in w

hole

or

in p

art

nor

dis

clo

sed

to a

ny t

hird

par

ty

with

out t

he p

rior

wri

tten

perm

issi

on

of T

hale

s.©

TH

ALE

S 2

013

– A

ll rig

hts

rese

rve

d.

50 /50 / How to connect to vCops dashboard

How to :•Connect to the vCops predefined dashboardshttps://<vcops UI>/vcops-custom , user/password with your TGI

•Know the vApp Health status, workload, vCD and vSphere dependances.Look at the vCloud vApps dashboard of an organizationLook at the vSphere dashboard to get more details on predefined metrics

Remark : The list of dashboards will depend on your vCops permissions



Th

is d

ocu

men

t is

not

to b

e r

epro

du

ced,

mod

ifie

d, a

dap

ted,

pu

blis

hed

, tr

ansl

ate

d in

an

y m

ater

ial f

orm

in w

hole

or

in p

art

nor

dis

clo

sed

to a

ny t

hird

par

ty

with

out t

he p

rior

wri

tten

perm

issi

on

of T

hale

s.©

TH

ALE

S 2

013

– A

ll rig

hts

rese

rve

d.

51 /51 / vCloud Director / vCloud organization dashboard

List of Organization Health List of vApp HealthDetail of Health metric view of the vApp

vApp Health treeList of Organization vDC Health



Th

is d

ocu

men

t is

not

to b

e r

epro

du

ced,

mod

ifie

d, a

dap

ted,

pu

blis

hed

, tr

ansl

ate

d in

an

y m

ater

ial f

orm

in w

hole

or

in p

art

nor

dis

clo

sed

to a

ny t

hird

par

ty

with

out t

he p

rior

wri

tten

perm

issi

on

of T

hale

s.©

TH

ALE

S 2

013

– A

ll rig

hts

rese

rve

d.

52 /52 / vCops Super Metrics

Super metric : WorkloadCPU, MEM, Disk IO, NET IO

Super metric : Anomalies

What is not normal from the past…

Super metric : HealthSuper metrics : compilations of

Workload, Anomalies and Faults

Super metric : FaultsErrors on this object



Th

is d

ocu

men

t is

not

to b

e r

epro

du

ced,

mod

ifie

d, a

dap

ted,

pu

blis

hed

, tr

ansl

ate

d in

an

y m

ater

ial f

orm

in w

hole

or

in p

art

nor

dis

clo

sed

to a

ny t

hird

par

ty

with

out t

he p

rior

wri

tten

perm

issi

on

of T

hale

s.©

TH

ALE

S 2

013

– A

ll rig

hts

rese

rve

d.

53 /53 / vCloudDirector / vCloud Provider dashboard

List of provider vDC metricsList of provider vDC

List of provider Organization vDC for a pvDC



Th

is d

ocu

men

t is

not

to b

e r

epro

du

ced,

mod

ifie

d, a

dap

ted,

pu

blis

hed

, tr

ansl

ate

d in

an

y m

ater

ial f

orm

in w

hole

or

in p

art

nor

dis

clo

sed

to a

ny t

hird

par

ty

with

out t

he p

rior

wri

tten

perm

issi

on

of T

hale

s.©

TH

ALE

S 2

013

– A

ll rig

hts

rese

rve

d.

54 /54 / vCloudDirector / vCloud Shield Edge dashboard

vShield device metricsList of vShield Edges devices

vShield Edge tree



Th

is d

ocu

men

t is

not

to b

e r

epro

du

ced,

mod

ifie

d, a

dap

ted,

pu

blis

hed

, tr

ansl

ate

d in

an

y m

ater

ial f

orm

in w

hole

or

in p

art

nor

dis

clo

sed

to a

ny t

hird

par

ty

with

out t

he p

rior

wri

tten

perm

issi

on

of T

hale

s.©

TH

ALE

S 2

013

– A

ll rig

hts

rese

rve

d.

55 /55 / vCops dashboards demos

vCops dashboards demos

Www.thalesgroup.com THALES GROUP INTERNAL EF++ VMware vCD training Users HW - EF++ platform...

Documents

Transcript of Www.thalesgroup.com THALES GROUP INTERNAL EF++ VMware vCD training Users HW - EF++ platform...