Edu en Vcdicm103 Lab Ie

VMware Cloud Director: Install,
Configure, Manage [V10.3]

Lab Manual
VMware Cloud Director V10.3
VMware® Education Services

VMware, Inc.
www.vmware.com/education
VMware Cloud Director: Install, Configure, Manage [V10.3]
Lab Manual
VMware Cloud Director™ V10.3
Part Number EDU-EN-VCDICM103-LAB (10-DEC-2021)

Copyright © 2021 VMware, Inc. All rights reserved. This manual and its accompanying
materials are protected by U.S. and international copyright and intellectual property laws.
VMware products are covered by one or more patents listed at
http://www.vmware.com/go/patents. VMware is a registered trademark or trademark of
VMware, Inc. in the United States and/or other jurisdictions. All other marks and names
mentioned herein may be trademarks of their respective companies. VMware vSphere® Web
Client, VMware vSphere® Client™, VMware vSphere® 2015, VMware vSphere®, VMware
vRealize® Operations Manager™, VMware vRealize® Operations Manager™ for Horizon®,
VMware vRealize® Operations™ Enterprise, VMware vRealize® Operations™, VMware
vRealize® Operations™ Standard, VMware vRealize® Operations™ Advanced, VMware
vRealize®, VMware vCloud Suite®, VMware vCloud Suite® 2015, VMware vCloud Director®,
VMware vCloud Director® for Service Providers, VMware vCloud®, VMware vCenter
Server®, VMware vSphere® vApp(s)™, VMware Workspace ONE®, VMware Workspace
ONE® for React Native, VMware View®, VMware Horizon® View™, VMware Verify™,
VMware Horizon® 7, VMware Horizon® 7, VMware Horizon® 7 on VMware Cloud™ on AWS,
VMware Cloud Director™ service, VMware Cloud Director™, VMware Cloud Director™
service, VMware Cloud Director™ on Dell Technologies Cloud Platform, VMware Cloud™ on
AWS GovCloud (US), VMware Cloud™ on AWS Outposts, VMware Carbon Black®, VMware
vSphere® Storage I/O Control, VMware NSX-T™ Data Center, VMware NSX-T™, VMware
NSX® Manager™, VMware NSX®, VMware Horizon® Standard Edition, VMware Go™,
VMware ESXi™, and AirWatch® by VMware are registered trademarks or trademarks of
VMware, Inc. in the United States and/or other jurisdictions.
The training material is provided “as is,” and all express or implied conditions, representations,
and warranties, including any implied warranty of merchantability, fitness for a particular
purpose or noninfringement, are disclaimed, even if VMware, Inc., has been advised of the
possibility of such claims. This material is designed to be used for reference purposes in
conjunction with a training course.
The training material is not a standalone training tool. Use of the training material for self-
study without class attendance is not recommended. These materials and the computer
programs to which it relates are the property of, and embody trade secrets and confidential
information proprietary to, VMware, Inc., and may not be reproduced, copied, disclosed,
transferred, adapted or modified without the express written approval of VMware, Inc.
Typographical Conventions
The following typographical conventions are used in this course.
Conventions Usage and Examples
Monospace Identifies command names, command options, parameters, code

fragments, error messages, filenames, folder names, directory names,
and path names:
• Run the esxtop command.
• ... found in the /var/log/messages file.
Monospace Identifies user inputs:

Bold
• Enter ipconfig /release.
Boldface Identifies user interface controls:
• Click the Configuration tab.
Italic Identifies book titles:
• vSphere Virtual Machine Administration
{> Indicates placeholder variables:
• {ESXi_host_name>
• ... the Settings/.txt file
Contents
Lab 1 Reviewing the Lab Environment.................................................................................. 1

Task 1: Log In to the Student Desktop .................................................................................................................... 2
Task 2: Verify the vSphere Infrastructure .............................................................................................................. 2
Task 3: Navigate the VMware Cloud Director Infrastructure.......................................................................... 3
Lab 2 Deploying and Configuring the VMware Cloud Director Cells ........................ 5
Task 1: Deploy the VMware Cloud Director Standby Cell................................................................................ 6
Task 2: Configure the VMware Cloud Director Primary Appliance ............................................................ 10
Task 3: Configure the VMware Cloud Director Standby Appliances ......................................................... 12
Lab 3 VMware Cloud Director Cluster Features and Failover .................................. 13
Task 1: View the VMware Cloud Director Appliance Cluster Health and Failover Mode ................... 14
Task 2: Verify the Connectivity Status of a Database High Availability Cluster .................................... 15
Task 3: Recover from a Primary Cell Failure in a High Availability Cluster............................................... 16
Lab 4 Configuring System Administrator Tasks............................................................. 19
Task 1: Create a Network Pool................................................................................................................................ 20
Task 2: Create a VRF Supported Tier-0 Gateway ........................................................................................... 21
Task 3: Create a DVPG Supported External Network ................................................................................... 22
Lab 5 Creating and Configuring the Provider VDC ...................................................... 23
Task 1: Create a Provider VDC................................................................................................................................ 24
Task 2: Manage the Provider VDC ........................................................................................................................ 26
Lab 6 Creating an Organization and Accessing the Tenant Portal ......................... 27
Task 1: Create an Organization from the Provider Portal.............................................................................. 28
Task 2: Access the Organization from the Tenant Portal ............................................................................. 28
Task 3: Create an Organization Administrator User ........................................................................................ 29
Task 4: Manage the Organization Policies........................................................................................................... 30
iv
Lab 7 Creating Organization VDCs and Allocating Resources.................................. 31
Task 1: Create an Organization VDC ..................................................................................................................... 32
Task 2: Manage the Organization VDC ................................................................................................................ 34
Lab 8 Integrating Active Directory and Importing User Group................................ 35
Task 1: Integrate Active Directory from the Provider Portal ....................................................................... 36
Task 2: Integrate the Active Directory Instance to an Organization .........................................................37
Task 3: Import an Active Directory Group in the Organization ....................................................................37
Task 4: Verify the Domain User Access to the Organization ...................................................................... 38
Lab 9 Creating Local Users in the Organizations .......................................................... 39
Task 1: Create Local Users in the Organization ................................................................................................. 40
Task 2: Verify the Access Rights of the Tenant Users .................................................................................. 43
Task 3: Create the Provider Access Control User .......................................................................................... 45
Lab 10 Creating and Managing Role Based Access Control ..................................... 47
Task 1: Create a Provider Access Control Role ................................................................................................ 48
Task 2: Assign the Provider Access Control Role to a Local User ........................................................... 49
Task 3: Verify the Provider Access Control Role Local User Rights ........................................................ 49
Task 4: Create the Custom Role-01 Tenant Access Control Role ............................................................. 51
Task 5: Publish the Custom Role-01 to a Tenant.............................................................................................. 52
Task 6: Assign the Custom Role-01 to a Local User ....................................................................................... 52
Task 7: Create the Custom Role-02 Using the Tenant Portal ..................................................................... 53
Task 8: Assign the Custom Role-02 to a Local User ...................................................................................... 53
Task 9: Verify the Custom Role-02 Local User Rights................................................................................... 54
Lab 11 Creating and Managing Quotas .............................................................................. 55
Task 1: Assign the Organization Quotas .............................................................................................................. 56
Task 2: Verify the Organization Quotas ................................................................................................................57
Task 3: Assign the Group Quotas .......................................................................................................................... 62
Task 4: Verify the Group Quotas ........................................................................................................................... 63
Task 5: Assign the User Quotas.............................................................................................................................. 68
Task 6: Verify the User Quotas ............................................................................................................................... 69
Task 7: Reset the Quotas .......................................................................................................................................... 70
Lab 12 Creating and Managing VMs.................................................................................... 71
Task 1: Create a Standalone VM from the Template .......................................................................................72
Task 2: Create a Standalone VM from the ISO Image ....................................................................................73
Task 3: Import a Standalone VM from vCenter Server.................................................................................. 74
v
Task 4: Upgrade the Virtual Hardware Version for a VM ...............................................................................75
Task 5: Update the VM Resources ........................................................................................................................ 76
Task 6: Suspend the VM .............................................................................................................................................77
Task 7: Create a VM Snapshot ................................................................................................................................ 78
Task 8: Renew a VM Lease ...................................................................................................................................... 80
Lab 13 Creating and Managing vApps .............................................................................. 83
Task 1: Build a New vApp .......................................................................................................................................... 84
Task 2: Create a vApp from an OVF Package ................................................................................................. 86
Task 3: Add a VM to a vApp ................................................................................................................................... 87
Task 4: Copy a VM from a vApp ............................................................................................................................ 88
Task 5: Copy a vApp to Another Virtual Data Center ................................................................................... 89
Task 6: Edit the vApp Properties ........................................................................................................................... 90
Task 7: Create a vApp Snapshot ............................................................................................................................ 91
Task 8: Renew the vApp Lease.............................................................................................................................. 92
Task 9: Change the vApp Owner........................................................................................................................... 93
Lab 14 Creating and Managing the Auto Scaling Groups ........................................... 95
Task 1: Configure the Auto Scale Plug-In ............................................................................................................ 96
Task 2: Publish the Auto Scale Rights Bundle ................................................................................................... 98
Task 3: Publish the Auto Scale Plug-In ................................................................................................................. 98
Task 4: Create a Scale Group .................................................................................................................................. 99
Task 5: Add an Auto Scaling Rule ........................................................................................................................ 100
Task 6: Test the Auto Scaling Rule....................................................................................................................... 101
Lab 15 Creating and Managing Catalogs ........................................................................ 103
Task 1: Add a Catalog Storage Policy to an Organization Virtual Data Center .................................. 104
Task 2: Create a Catalog ......................................................................................................................................... 105
Task 3: Share a Catalog ........................................................................................................................................... 106
Task 4: Publish a Catalog..........................................................................................................................................107
Task 5: Upload the Media Files .............................................................................................................................. 108
Lab 16 Working with vApp Templates ........................................................................... 109
Task 1: Create a vApp Template from an OVF File ....................................................................................... 110
Task 2: Import a VM from vCenter Server as a vApp Template ................................................................ 111
Task 3: Create a vApp from a vApp Template ................................................................................................ 112
Lab 17 Creating and Managing the Organization VDC Template ............................ 113
Task 1: Create an Organization VDC Template from the Provider Portal ..............................................114
vi
Task 2: Instantiate an Organization VDC Template from the Provider Portal ...................................... 116
Task 3: Instantiate an Organization VDC Template from the Tenant Portal ......................................... 117
Lab 18 Provider Networking Tasks .................................................................................... 119
Task 1: Create a Distributed Virtual Port Group Supported External Network................................... 120
Task 2: Create an External Network Using Segments ................................................................................... 121
Task 3: Create a Tier-0 Gateway Using Tier0 ................................................................................................. 122
Task 4: Create a Tier-0 Gateway Using VRF ................................................................................................... 123
Task 5: Create an Edge Gateway .........................................................................................................................124
Task 6: Create a Direct Organization VDC Network ..................................................................................... 125
Task 7: Create an Imported Organization VDC Network............................................................................. 126
Lab 19 Creating and Verifying Organization VDC Networks ................................... 127
Task 1: Read the Three-Tier Application Use Case ........................................................................................ 128
Task 2: Create a Routed Organization VDC Network ..................................................................................129
Task 3: Assign the Routed Organization VDC Network to a vApp .......................................................... 131
Task 4: Create an Isolated Organization VDC Network ............................................................................... 132
Task 5: Create a Second Isolated Organization VDC Network ................................................................. 133
Task 6: Assign the Isolated Organization VDC Network to vApps..........................................................134
Task 7: Assign the Second Isolated Organization VDC Network to a vApp and Verify
Connectivity .................................................................................................................................................136
Task 8: Assign and Verify the Second Isolated Organization VDC Network ....................................... 138
Lab 20 Creating and Verifying vApp Networks .......................................................... 141
Task 1: Read the Applications Server Use Case ..............................................................................................142
Task 2: Read the Database Server VM Use Case...........................................................................................142
Task 3: Create an Isolated vApp Network and Assign to vApps .............................................................143
Task 4: Verify the Isolated Network Connectivity..........................................................................................145
Task 5: Assign the Direct Organization VDC Network to a VM ................................................................146
Task 6: Assign the Imported Organization VDC Network to a VM ..........................................................148
Task 7: Configure a Routed vApp Network......................................................................................................149
Task 8: Verify a Routed vApp Network ............................................................................................................ 150
Lab 21 Configuring and Verifying Edge Gateway Services ...................................... 153
Task 1: Verifying Connectivity Before Configuring NAT...............................................................................154
Task 2: Configure the NAT Services.................................................................................................................... 155
Task 3: Verify the NAT Connectivity ...................................................................................................................156
Lab 22 Creating and Managing a Named Disk .............................................................. 157
vii
Task 1: Create a Named Disk...................................................................................................................................158
Task 2: Attach a Named Disk to a VM ................................................................................................................159
Task 3: Detach the Named Disk............................................................................................................................ 160
Task 4: Delete the Named Disk............................................................................................................................. 160
Lab 23 Creating and Managing a Shared Named Disk ................................................161
Task 1: Create a Shared Named Disk ...................................................................................................................162
Task 2: Attach a Shared Named Disk to a VM .................................................................................................163
Task 3: Detach the Shared Named Disk .............................................................................................................164
Task 4: Delete a VM with an Attached Named Disk ......................................................................................165
Lab 24 Encrypting a VM and a Named Disk .................................................................. 167
Task 1: Verify the Key Provider Details on vCenter Server ........................................................................168
Task 2: Verify the Encryption Policy on vCenter Server .............................................................................169
Task 3: Add an Encryption Policy in VMware Cloud Director ....................................................................169
Task 4: Create an Encrypted Virtual Machine.................................................................................................... 171
Task 5: Verify the Encrypted Virtual Machine................................................................................................... 172
Task 6: Use the Advanced Filtering Encryption Feature.............................................................................. 172
Task 7: Create and Verify an Encrypted Named Disk ................................................................................... 173
Task 8: Use the Encrypted Disk and VM ............................................................................................................174
Lab 25 Verifying Storage IOPS with VMware Cloud Director ................................ 177
Task 1: Verify the Storage IOPS Policy on vCenter Server ........................................................................ 178
Task 2: Verify the Storage IOPS Policy in VMware Cloud Director ......................................................... 178
Task 3: Assign and Verify the vCenter Server Enabled Storage IOPS Policy to a VM .................... 179
Task 4: Enable the VMware Cloud Director Storage IOPS Limiting on the Provider VDC ............ 180
Task 5: Assign and Verify the VMware Cloud Director Enabled Storage IOPS Policy to a VM.... 183
Task 6: Override the Provider VDC Storage Policy on the Organization VDC ................................... 185
Lab 26 Creating and Using the VM Sizing and VM Placement Policies................ 187
Task 1: Verify the Host Groups and Host Rules ...............................................................................................188
Task 2: Create VM Placement Policies ................................................................................................................189
Task 3: Publish VM Placement Policies to the Organization VDC............................................................ 190
Task 4: Create VM Sizing Policies ..........................................................................................................................191
Task 5: Publish VM Sizing Policies to the Organization VDC ...................................................................... 193
Task 6: Create VMs Using the VM Placement and Sizing Policies ............................................................194
Task 7: Verify the VM Placement and Sizing Policies ....................................................................................196
Lab 27 Creating the Advisories Dashboard ................................................................... 197
viii
Task 1: Create Advisories Notifications as a System Administrator.........................................................198
Task 2: Verify Advisories Notifications as a Tenant User .......................................................................... 200
Lab 28 Verifying the VMware Cloud Director CLI Commands .............................. 201
Task 1: Verify the VMware Cloud Director CLI Commands and Operations....................................... 202
Lab 29 Installing and Configuring VMware Cloud Director Management Pack
with vRealize Operations Manager.................................................................................. 205
Task 1: Install the VMware Cloud Director Management Pack in vRealize Operations Manager. 206
Task 2: Configure the VMware Cloud Director Management Pack in vRealize Operations Manager
.........................................................................................................................................................................207
Lab 30 Monitoring the VMware Cloud Director Objects with vRealize
Operations Manager............................................................................................................. 209
Task 1: View the Predefined VMware Cloud Director Dashboards ......................................................... 210
Task 2: View the Predefined Views, Reports, and Alerts Definitions ...................................................... 212
Task 3: Generate a Custom Report ...................................................................................................................... 212
Task 4: Monitor the VMware Cloud Director Objects ................................................................................... 215
Answer Key .............................................................................................................................. 217
ix
Lab 1 Reviewing the Lab Environment
Objective and Tasks

You navigate the vSphere infrastructure and VMware Cloud Director portals to verify the
infrastructure configured in Site-A:
1. Log In to the Student Desktop
2. Verify the vSphere Infrastructure
3. Navigate the VMware Cloud Director Infrastructure
1
Task 1: Log In to the Student Desktop
You access and manage the lab environment from the student desktop. The system assigned to
you is an end-user terminal.
Use Firefox for all browser tasks.
1. Verify that you have successfully logged in to the console desktop.
• User name: student01
• Password: VMware1!
Task 2: Verify the vSphere Infrastructure

You navigate the vSphere infrastructure to verify the preconfigured infrastructure.
1. Select vSphere Site-A > vSphere Client (SA-VCSA-01) from the bookmark.
2. If a certificate warning appears, click Advanced and click Accept the Risk and Continue.
3. Log in to the vSphere Web Client.
• User name: administrator@vsphere.local
4. In the left pane, navigate to sa-vcsa-01.vclass.local > SA-Datacenter > SA-NSX-T &
Compute.
5. Click each resource pool to understand the preconfigured resource pools mapped to the
Site-A provider VDCs.
The resource pools are configured and named RnD-RP and Testing-RP.
6. Expand SA-Management in the left pane.
7. Right-click the SA-VCD-P-1 and SA-VCD-S-1 VMs and select Power > Power On.
8. Verify that the sa-vcd-p-1 and sa-vcd-s-1 VMs are powered on.
9. In the left pane, expand NSXT-EDGE-RP.
10. Identify the sa-nsxedge-01 and sa-nsxedge-02 NSX-T Edge VMs.
a. (Optional) If the edges are powered off, power them on.

b. Right-click the sa-nsxedge-01 and sa-nsxedge-02 edges and select Power > Power On.
c. Verify that sa-nsxedge-01 and sa-nsxedge-02 are powered on.
11. Log out of the vSphere Web Client.
2
Task 3: Navigate the VMware Cloud Director Infrastructure
You navigate the VMware Cloud Director appliance to verify the preconfigured settings.
1. Select VCD Primary > Provider from the bookmark and click SA-VCD-P Provider.
3. Log in to the provider portal.
• User name: administrator
4. Click Provider VDCs in the left pane.
5. Click VMBeans-RnD-PVDC and browse through the various configurations available for the
provider VDC.
Q1. What storage policies are applied to the provider VDC?
A1. RnD- SP.
6. In the left pane, select Organizations.
Q2. How many vApps are created in the Organization VMBeans-RnD-Org?

A2. Six vApps.
7. Click Organization VDCs in the left pane and verify that Beta-OVDC (2), Dev-OVDC (1), and
Research-OVDC (3) are configured by the system administrator.
8. Click Network Pools in the left pane and verify that the VMBeans-NP-01 network pool is
configured by the system administrator.
9. Click Cloud Cells in the left pane, and verify that the version appears as 10.3.0.18295834 and
that the assigned IP address appears as 172.20.10.100 for the sa-vcd-p.vclass.local cell.
10. Click the Infrastructure Resources tab and click vCenter Server Instances in the left pane.
11. Verify that the version appears as 7.0.2 and that vCenter Server Host appears as sa-vcsa-
01.vclass.local.
12. Click NSX-T Managers and verify that the sa-nsxmgr-01 NSX Manager is configured by the
system administrator.
13. On the top bar, click Administration and identify the configured users.
14. Log out of the SA-VCD-P provider portal.
3
Lab 2 Deploying and Configuring the
VMware Cloud Director Cells
Objective and Tasks

You use an OVA file to install the VMware Cloud Director appliance and verify the installation by
navigating the appliance management UI:
1. Deploy the VMware Cloud Director Standby Cell
2. Configure the VMware Cloud Director Primary Appliance
3. Configure the VMware Cloud Director Standby Appliances
5
Task 1: Deploy the VMware Cloud Director Standby Cell
You deploy the standby VMware Cloud Director appliance using an OVA file.
The deployment option for deploying the primary cell and the standby or application cell is the
same. The sa-vcd-p-1 primary cell and sa-vcd-s-2 standby cell are predeployed.
3. Log in to vCenter Server.
4. In the left pane, navigate to the sa-vcsa-01.vclass.local > SA-Datacenter > SA-Management
cluster.
6
5. Deploy the OVF template.
a. Right-click SA-Management and select Deploy OVF Template.
b. Select Local file.
c. Click UPLOAD FILES.
d. Navigate to student01\Desktop\Class Materials and

Licenses\Downloads.
e. Select the OVA VMware_Cloud_Director-10.3.0.0.6300-18217170.ova file.
f. Click Open.
6. Click NEXT.
7. Enter sa-vcd-s-2 as the VM name and click NEXT.
8. Select SA-Management and click NEXT.
9. Click NEXT on the Review details page.
10. Select the I accept all license agreements check box and click NEXT.
11. Select Standby - small and click NEXT.
12. Select SA-Remote-02.
13. Select Thin Provision from the Select virtual Disk Format drop-down menu and click NEXT.
14. Select pg-SA-Management from the eth0 Network drop-down menu.
15. Select pg-SA-Production from the eth1 Network drop-down menu and click NEXT.
7
16. In the Customize template pane, configure the appliance settings, and then click NEXT.
Option Action
NTP Server Enter 172.20.10.1 in the text box.
Initial root password Enter VMware1! in the text box.
Confirm Password Enter VMware1! in the text box.
Expire Root Password Upon First Login Deselect the check box.
Enable SSH root login Select the check box.
eth0 Network Routes Leave blank.
eth1 Network Routes Leave blank.
Default Gateway Enter 172.20.10.1 in the text box.
Domain Name Enter sa-vcd-s-2.vclass.local in

the text box.
Domain Search Path Enter vclass.local in the text box.
Domain Name Severs Enter 172.20.10.11 in the text box.
eth0 Network IP Address Enter 172.20.10.103 in the text box.
eth0 Network Netmask Enter 255.255.255.0 in the text box.
eth1 Network IP Address Enter 172.20.11.103 in the text box.
eth1 Network Netmask Enter 255.255.255.0 in the text box.
17. Review the settings and click FINISH.
You must wait approximately 5 minutes to create the sa-vcd-s-2 VM.
18. Right-click the sa-vcd-s-2 VM and select Power > Power On.
8
19. Open the sa-vcd-s-2 VM console and verify that the VM is powered on and that the VMware
Cloud Director services are running.
9
Task 2: Configure the VMware Cloud Director Primary Appliance
You configure the primary VMware Cloud Director appliance in the appliance management UI.
1. Enter https://172.20.10.101:5480 to log in to the appliance management UI of

the primary appliance instance sa-vcd-p-1. vclass.local.
3. Log in to the appliance management UI.
• User name: root
4. In Appliance Settings, configure the appliance details and then click NEXT.
Option Action
NFS mount for transfer Enter

file location 172.20.10.77:/nfsshare/vcloud_director in
the text box.
DB password for the Enter VMware1! in the text box.

'vcloud' user
Confirm DB password Enter VMware1! in the text box.
Participate in the Leave the setting enabled.

Customer Experience
Improvement Program
5. In Administrator Account, configure the system administrator details and then click NEXT.
Option Action
User name administrator
Password VMware1!
Confirm Password VMware1!
Full name vCD Admin
Email address administrator@vclass.local
10
6. In VMware Cloud Director Settings, configure the installation of this instance.
Option Value
System name SA-VCD-01
Installation ID 1
7. Click SUBMIT and click OK.
The system setup takes approximately 10 to 15 minutes to complete.
If the deployment is successful, the System setup finished successfully

message appears.
a. If the deployment fails and the configure-vcd script failed to

complete error message appears, restart the appliance and configure the appliance.
11
Task 3: Configure the VMware Cloud Director Standby Appliances
You configure the standby VMware Cloud Director appliances in the appliance management UI.

the standby appliance instance sa-vcd-s-1. vclass.local.
• User name: root
4. Enter the NFS mount for the transfer file location on the System Setup page.
The NFS mount location for the transfer file is 172.20.10.77:/nfsshare/vcloud_director.
5. Click SUBMIT.

message appears.

6. Click OK.

the standby appliance instance sa-vcd-s-2. vclass.local.
• User name: root
10. Enter the NFS mount for the transfer file location on the System Setup page.
The NFS mount location for the transfer file is 172.20.10.77:/nfsshare/vcloud_director.
11. Click SUBMIT and click OK.

message appears.

12
Lab 3 VMware Cloud Director Cluster
Features and Failover
Objective and Tasks

Monitor the VMware Cloud Director appliances services and cluster status. Simulate a failover and
recover from a primary cell failure:
1. View the VMware Cloud Director Appliance Cluster Health and Failover Mode
2. Verify the Connectivity Status of a Database High Availability Cluster
3. Recover from a Primary Cell Failure in a High Availability Cluster
13
Task 1: View the VMware Cloud Director Appliance Cluster Health
and Failover Mode
You monitor the cluster status by using the VMware Cloud Director appliance management UI.
1. Enter https://172.20.10.102:5480 to log in to the appliance management UI.

• User name: root
4. Verify the cluster health on the Embedded Database Availability page.
a. Verify that the cluster health status appears as HEALTHY.
b. Verify that the status is running for the three VMware Cloud Director cells in the cluster.
c. Verify that Failover Mode is set to MANUAL.
5. Click the Services tab in the left pane and verify the service status.
The following status appears.
• vmware-vcd: running
• vpostgres: running
• appliance-sync.timer:waiting or running
The Running and Waiting states are healthy and expected for the systemd timer.
14
Task 2: Verify the Connectivity Status of a Database High Availability
Cluster
You use the replication manager tool suite to verify the connectivity between the nodes in your
database high availability cluster.
1. Start the terminal on the console desktop.
2. Connect to the sa-vcd-p.vclass.local VMware Cloud Director cell.
ssh root@172.20.10.101
3. Enter yes to accept the finger print.
4. Enter VMware1! as the password.
5. Change the user to Postgres.
sudo -i -u postgres
6. Verify the cluster connectivity.
/opt/vmware/vpostgres/current/bin/repmgr -f
/opt/vmware/vpostgres/current/etc/repmgr.conf cluster matrix
The command is a single line and must be entered in a single line.
The three entries in the first row are marked with a * symbol because all the nodes are up.
7. Close the terminal window on the console desktop.
15
Task 3: Recover from a Primary Cell Failure in a High Availability
Cluster
You stimulate a failover of the primary appliance and promote a standby appliance to primary and
test the switchover.
4. In the left pane, navigate to sa-vcsa-01.vclass.local > SA-Datacenter > SA-Management.
5. Right-click the sa-vcd-p-1 VM and select Power > Power Off.

6. Click Yes in the Confirm Power off window.
7. Enter https://172.20.10.103:5480 to log in to the appliance management UI.
• User name: root
9. Verify that the Cluster Health status changes to NO ACTIVE PRIMARY.
10. Verify that the sa-vcd-p-1 status changes to unreachable.
11. Click PROMOTE on sa-vcd-s-1 and click OK.
12. Click OK in the Running operation window to verify the promotion.
13. Refresh the browser to refresh the appliance management UI.
The management UI shows two cells with the primary role. The original primary cell has a
failed status and the new primary cell has a running status. The cluster health is DEGRADED.
14. Open a terminal on the console desktop.
15. Connect to the sa-vcd-s-1.vclass.local VMware Cloud Director cell.
ssh root@172.20.10.102
16. Enter yes to accept the fingerprint and enter VMware1! as the password.
17. Change the user to Postgres.
sudo -i -u postgres
16
18. Verify the cluster connectivity.
/opt/vmware/vpostgres/current/bin/repmgr -f
/opt/vmware/vpostgres/current/etc/repmgr.conf cluster matrix
The three entries in the sa-vcd-p-1 row are marked with ? because the sa-vcd-p-1 node is
down. No information about the outbound connections is available.
19. Copy the node ID for the sa-vcd-p-1 node.
20. Replace the <node ID> with the node ID recorded in the previous step and run the command
with the --dry-run option to verify that the prerequisites for unregistering the node are
met.
/opt/vmware/vpostgres/current/bin/repmgr primary unregister

--node-id=<node ID of sa-vcd-p-1> --dry-run
21. Replace the <node ID> with the node ID recorded in the previous step and run the command
to unregister the node.
/opt/vmware/vpostgres/current/bin/repmgr primary unregister

--node-id=node ID
22. Refresh the browser to refresh the appliance management UI.
The Cluster has 2 database nodes deployed warning appears on the

appliance management UI. You require three database nodes for the database HA.
23. Click SWITCHOVER on the sa-vcd-s-2 standby appliance to switch the new primary
appliance to sa-vcd-s-2.
24. Click OK to confirm the switchover and wait for the switchover task to complete.
25. Click OK and refresh the browser to refresh the appliance management UI.
26. Verify that the role of sa-vcd-s-2 changed to primary and the role of sa-vcd-s-1 has changed
to standby.
27. Close the appliance management UI on the console desktop.
28. Close the terminal window on the console desktop.
The deployment and cluster configuration lab tasks use separate nested VMware Cloud
Director Cells to perform the tasks in this lab. For the other lab tasks, another VMware Cloud
Director cell (production environment with single cell) is used with preconfigured objects.
In an ideal production environment, if one of the cells is down, you must deploy a new
standby cell to configure HA for your VMware Cloud Director database as a best practice.
17
18
Lab 4 Configuring System
Administrator Tasks
Objective and Tasks

Configure VMware Cloud Director objects from the VMware Cloud Director provider portal as a
system administrator:
1. Create a Network Pool
2. Create a VRF Supported Tier-0 Gateway
3. Create a DVPG Supported External Network
19
Task 1: Create a Network Pool
You create a network pool so that you can use the network pool to dynamically create
organization VDC networks and vApp networks.
2. Log in to the VMware Cloud Director provider portal.
3. In the left pane, click Network Pools and click NEW.
4. Enter VMBeans-NP-02 in the Name text box.
5. Enter VMBeans-NP-02 in the Description text box and click NEXT.
6. Select Geneve backed for Network Pool Type and click NEXT.
7. Select sa-nsxmgr-01 for Provider and click NEXT.
8. Select VMBeans-Overlay-TZ-02 for Transport Zone and click NEXT.
9. Click FINISH and verify that the status of VMBeans-NP-02 is Normal.
20
Task 2: Create a VRF Supported Tier-0 Gateway
You create a Tier-0 Gateway supported by VRF.
1. In the left pane, click Tier-0 Gateways.
2. Click NEW.
3. Select sa-nsxmgr-01 and click NEXT.
4. Enter VRF-T0-GW-NW-01 as the name.

5. Enter This network allows organizations to access external
resources like the Internet using a VRF Gateway as the description
and Click NEXT.
6. Select T0-GW-VRF-01 as the Tier-0 Router and click NEXT.
7. Configure the subnet and static IP pool settings.
a. Click NEW on the Configuration page.
b. Enter 172.20.10.1/24 in the IP Block text box.
c. Click the Edit pencil icon under Static IP Pools.
d. Enter 172.20.10.111-172.20.10.115 under Static IP Pools.
e. Click ADD.
f. Click SAVE.
To connect a VM to the VRF supported external network, you need the IP address from
this static pool range.
8. Click NEXT and click FINISH.
21
Task 3: Create a DVPG Supported External Network
You create a distributed virtual port group (DVPG) external network so that the VMBeans-RnD-
PVDC workload can reach the external network, the Internet, or any other domain.
1. Select External Networks in the left pane and click NEW.
2. Select vSphere Resources and select Distributed Port Groups to support the network.
NOTE
On the vCenter Server system, the pg-SA-External-DVPG-01 port group is already created
and connected to the uplink, which communicates with the 172.20.12.x network.
3. Click NEXT.
4. Enter DVPG-External-NW-01 as the name.
5. Enter This network allows organizations to access external

resources like the Internet using a DVPG as the description and click
NEXT.
6. Select pg-SA-External-DVPG-01 as the distributed port group and click NEXT.
7. Click NEW and configure the subnet and static IP pool settings.
a. Enter 172.20.12.1/24 in the Gateway CIDR text box.
b. Click the Edit icon next to Primary, Secondary, Suffix.
c. Enter 172.20.10.11 in the Primary DNS text box.

d. Leave the Secondary DNS text box blank.
e. Enter vclass.local as the DNS suffix.
f. Click SAVE.
g. Next to <define>, click the Edit icon.
h. Enter 172.20.12.111-172.20.12.115 in the Static IP Pool text box.
To connect a VM to the external network, you need the IP address from the static pool
range.
i. Click ADD.
j. Click SAVE.
8. Click NEXT and click FINISH.
9. Log out of the provider portal.
22
Lab 5 Creating and Configuring the
Provider VDC
Objective and Tasks

Create a provider VDC as a resource hub for a VMBeans customer:
1. Create a Provider VDC
2. Manage the Provider VDC
23
Task 1: Create a Provider VDC
You create a provider VDC for a testing environment as a resource hub for testing customer
workloads.

4. Click Provider VDCs in the left pane and click NEW.
5. Enter VMBeans-Testing-PVDC in the Name text box.
6. Enter VMBeans Testing PVDC in the Description text box.
7. Verify that the State toggle is turned on and click NEXT.
8. Select sa-vcsa-01 as a provider and click NEXT.
9. Expand SA-NSX-T & Compute and select Testing-RP as the resource pool.
10. Ensure that the hardware version is set to Hardware Version 19 (Default) and click NEXT.
11. In the Storage Policy pane, select Testing-SP and click NEXT.
Testing-SP is already created in vCenter Server.
The customer's resources in VMBeans-Testing-PVDC use the storage from Testing-SP

Storage Policy:
• Testing-SP Storage Policy is in sa-vcsa-01 vCenter Server and is mapped to the SA-
Remote-01 datastore. All VMs in this provider VDC are stored in this datastore.
• You can add multiple storage policies to make multiple datastores available for the
provider VDC. You select only one storage policy.
• To view the storage policies, you can log in to the vCenter Server system.
12. Select Select an NSX-T manager and Geneve Network pool.
13. Select sa-nsxmgr-01.
14. Select VMBeans-NP-02 and click NEXT.
15. Click FINISH.

A child resource pool named System vDC is created under the parent Testing-RP resource
pool in vCenter Server.
24
16. Open a new browser tab and select vSphere Site-A > vSphere Client (SA-VCSA-01).
19. In the left pane, select sa-vcsa-01.vclass.local > SA-Datacenter > SA-NSX-T & Compute.
20. Expand the Testing-RP resource pool to verify that System vDC is created.
21. Click Menu > Policies and Profiles.
22. Select Testing-SP in the right pane under VM Storage Policies.
23. Click the Storage Compatibility tab.
24. Click the COMPATIBLE tab and verify that SA-Remote-01 appears as a compatible storage
that is mapped to the Testing-SP storage policy.
25. Log out of the vSphere Client.
25
Task 2: Manage the Provider VDC
You create and manage different VMware Cloud Director resources from the provider portal as a
provider administrator.
1. Navigate to the provider portal.
2. Click VMBeans-Testing-PVDC.
3. Click General under Configure.
4. Verify that the hardware version is Hardware Version 19.
5. Click Storage Containers under VMBeans-Testing-PVDC and verify that SA-Remote-01 is in

the enabled state.
6. Click External Networks under VMBeans-Testing-PVDC and verify that DVPG-External-

NW-01 appears.
7. Click Resource Pools under VMBeans-Testing-PVDC and verify that Testing-RP appears.
8. Click Storage under Policies of VMBeans-Testing-PVDC and verify that Testing-SP appears
with Capabilities TagBasedPolicy/SAVCD.
26
Lab 6 Creating an Organization and
Accessing the Tenant Portal
Objective and Tasks

Create an organization and create an organization administrator user as a system administrator:
1. Create an Organization from the Provider Portal
2. Access the Organization from the Tenant Portal
3. Create an Organization Administrator User
4. Manage the Organization Policies
27
Task 1: Create an Organization from the Provider Portal
You create a testing organization which includes an organization VDC, a catalog, and organization
policies.
2. Log in to the Site-A Provider portal.
3. Under Organizations, click NEW.
4. Enter VMBeans-Testing-Org in the Organization name text box.
5. Enter VMBeans-Testing-Org in the Organization full name text box.
6. Enter Organization for all Testing workload in the Description text box.
7. Click CREATE.
After creating an organization, you can modify the default settings for catalogs and policies
to make the catalog public and change the default leases and quotas for the organization.
8. Click VMBeans-Testing-Org.
9. Under Configure, click Catalog and verify the default catalog sharing and publishing settings.
The Share catalogs to other organizations, Publish external catalogs, and Subscribe to
external catalogs settings are disabled by default.
Task 2: Access the Organization from the Tenant Portal

You access organizations using the tenant portal and navigate to the tenant portal for the
Marketing and Security organizations to view the menu.
1. Click Organizations in the left pane.
2. Click the icon beside VMBeans-Testing-Org to open the organization portal in a new
browser.
You can access the VMBeans-Testing-Org organization tenant portal directly by using the
URL.
https://sa-vcd-p.vclass.local/tenant/VMBeans-RnD-Org/vbcs
28
Task 3: Create an Organization Administrator User
You create an organization administrator user from the tenant portal as a system administrator.
1. Click Administration on the top bar of the tenant portal.
2. Under Users, click NEW.
3. In the New User wizard, configure the user values and then click SAVE.
Option Action
User name Enter test_admin in the text box.
Password Enter VMware1! in the text box.
Enable Leave the default value.
Configure user's quota Turn on the toggle.
Available roles Select Organization Administrator from the drop-down menu.
Full name Enter Testing Administrator in the text box.
Email address Enter test-admin@vclass.local in the text box.
Phone Leave the value blank.
IM Leave the value blank.
All VMs quota Leave the default value.
Running VMs quota Leave the default value.
The test_admin user appears in the Enabled state.
29
Task 4: Manage the Organization Policies
You access the VMBeans-Testing-Org organization and configure policies for the organization.
2. Click VMBeans-Testing-Org.
3. Click Policies.
4. Click EDIT next to vApp leases.
5. In vApp leases, set the leases for vApp runtime, runtime expiry action, storage, and storage
cleanup.
a. From the Maximum runtime lease drop-down menu, select Never Expires as the
number of days.
b. In the Runtime expiry drop-down menu, leave Suspend as the default value.
c. From the Maximum storage lease drop-down menu, select Never Expires as the
number of days.
d. In the Storage cleanup drop-down menu, leave Mark as expired as the default value.
e. Click SAVE.
6. Click EDIT next to vApp template lease.
7. On vApp template lease, set the storage lease and storage cleanup policies for the vApp
templates.
a. From the Maximum storage lease drop-down menu, select Never Expires as the
number of days.
b. In the Storage cleanup drop-down menu, leave Mark as expired as the default value.
IMPORTANT
You must not change any of the default quotas, limits, or password policies.
c. Click SAVE.
30
Lab 7 Creating Organization VDCs
and Allocating Resources
Objective and Tasks

Create Testing-QA-OVDC as a system administrator and manage the objects of the organization
VDC:
1. Create an Organization VDC
2. Manage the Organization VDC
31
Task 1: Create an Organization VDC
You create an organization VDC that is associated with the VMBeans-Testing-PVDC and you
create the organization VDC from the provider portal.
2. Log in to the Site-A provider portal.

3. In the left pane, select Organization VDCs and click NEW.
4. Enter Testing-QA-OVDC in the Name text box and click NEXT.
5. Select VMBeans-Testing-Org from the list of organizations and click NEXT.
6. Select VMBeans-Testing-PVDC and click NEXT.
7. Click Pay-As-You-Go and click NEXT.
NOTE
The allocation model determines how customers are billed for any resources that they use.
8. On the configure Pay-As-You-Go model page, configure the values and then click NEXT.
Option Action
CPU quota Select Unlimited.
CPU resources Leave 20% as the default value.

guaranteed
vCPU speed Leave 1 GHz as the default value.
Memory quota Select Unlimited.
Memory resources Leave 20% as the default value.

guaranteed
Maximum number of VMs Enter 20 in the text box.
The table shows the committed resources from the provider VDC when using these
allocation settings.
The number of vApps or VMs that you can expect with your allocation settings changes
depending on the allocation model that you select.
32
9. Configure the Storage Policies and then click NEXT.
a. Select Testing-SP.
In vCenter Server, Testing-SP is tagged to the Testing-Tag tag. The tag is applied on
the SA-Remote-01 datastore.
b. Leave Unlimited as the default Allocation Type.
c. Leave Default Instantiation policy as the default Testing-SP.
d. Turn on the Thin provisioning toggle.
e. Turn on the Fast provisioning toggle.
10. Configure the network pool and then click NEXT.
a. Select VMBeans-NP-02.
b. In the Maximum Provisioned Networks text box, enter 50 in the text box.
11. Review the settings and click FINISH.
The Status column shows a green check mark. The State columns show the Enabled state
for EUP-OVDC.
12. After the organization VDC is created, log in to vCenter Server and verify that a child
resource pool is created in Testing-RP with the Testing-QA-OVDC name.
a. Open a new browser and select the vSphere Site-A > vSphere Client (SA-VCSA-01)
bookmark.
b. Log in to the vSphere Web Client.
c. In the left pane, expand sa-vcsa-01.vclass.local > SA-Datacenter > SA-NSX-T &
Compute > Testing-RP.
d. Verify that Testing-QA-OVDC (xxxx) is created.
33
Task 2: Manage the Organization VDC
You create and manage various VMware Cloud Director objects as a provider administrator from
the provider portal.
2. In the left pane, select Organization VDCs.
3. Click Testing-QA-OVDC.
4. Click General under Testing-QA-OVDC.
5. Click EDIT under VM Discovery in the right pane.
6. Select Enabled from the drop-down menu and click SAVE.
7. Click Allocation under Testing-QA-OVDC and verify that the CPU quota and Memory quota
are set to Unlimited.
8. Click Networking under Testing-QA-OVDC.
9. Click EDIT under Edge Cluster in the right pane.
10. Turn on the Use Edge Cluster toggle.
11. Select edge-cluster-01 and click SAVE.
12. Click Resource Pools and verify that the resource pool name is Testing-QA-OVDC (xxx).
13. Click Storage under Policies and verify that both Thin provisioning and Fast provisioning
are enabled.
14. Log out of the SA-VCD-P Provider portal.
34
Lab 8 Integrating Active Directory
and Importing User Group
Objective and Tasks

Integrate Active directory with VMware Cloud Director:
1. Integrate Active Directory from the Provider Portal
2. Integrate the Active Directory Instance to an Organization
3. Import an Active Directory Group in the Organization
4. Verify the Domain User Access to the Organization
35
Task 1: Integrate Active Directory from the Provider Portal
You import an Active Directory instance to VMware Cloud Director through the provider portal
as an administrator.
2. Log in to the SA-VCD-P provider portal.
3. From the top bar, click Administration.
4. Click LDAP under Identity Providers in the left pane.

5. Click CONFIGURE in the right pane.
6. In the Edit LDAP window, click the Connections tab, configure the connection parameters,
and then click SAVE.
Option Action
Server Enter dc.vclass.local in the text box.
Port Enter 389 in the text box.
Base distinguished name Enter cn=users,dc=vclass,dc=local in the text box.
Connector Type Select Active Directory.
Use SSL Leave Disabled as the default value.
Authentication method Leave Simple as the default value.
User name Enter administrator@vclass.local in the text box.
The Custom LDAP tab must appear with all the parameters that you configured.
7. Click TEST.
8. In the Test LDAP window, enter VMware1! as the password.
9. Click TEST.
The test results appear with the Active Directory users and groups.
10. Click CANCEL.
36
Task 2: Integrate the Active Directory Instance to an Organization
You integrate the active directory instance at the organization level as an administrator.
1. From the top bar, click Resources.
2. Click VMBeans-RnD-Org in the right pane.
3. Click OPEN IN TENANT PORTAL.
5. Click LDAP under Identity Providers in the left pane.
6. Click CONFIGURE in the right pane.
7. Select VMware Cloud Director system LDAP service.
8. Enter cn=users,dc=vclass,dc=local in the Distinguished name for the

organizational unit text box and click SAVE.
The LDAP Settings tab displays the configuration.
Task 3: Import an Active Directory Group in the Organization

You import an Active Directory user group as an organization administrator.
1. Select VCD Primary > Tenant from the bookmark and click VMBeans-RnD-Org.
2. Log in to the VMBeans-RnD-Org tenant portal.

• User name: rnd_admin
4. Click Groups under Access Control in the left pane.
5. Click IMPORT GROUPS.
6. In the Import Groups window, enter dcgroup in the Search text box and click SEARCH.
7. Select dcgroup.
8. Scroll to the bottom of the window, select Catalog Author from the Assign Role drop-down
menu and click SAVE.
9. Click dcgroup in the right pane.

No users appear. The dcgroup has two users, dcuser1 and dcuser2, which appear in the table
only after the first log in.
10. Log out of the VMBeans-RnD-Org tenant portal.
11. Click LOGIN AS AN INTEGRATED USER.
37
Task 4: Verify the Domain User Access to the Organization
You log in to the tenant portal as the domain user and verify the access level.
1. Log in to the VMBeans-RnD-Org tenant portal and verify that the user role in the upper-right
corner is Catalog Author.
• User name: dcuser1
a. If you do not see the user role, click the vertical ellipsis icon.
4. Log in to the VMBeans-RnD-Org tenant portal and verify that the user role in the upper-right
corner is Catalog Author.
a. If you do not see the user role, click the vertical ellipsis icon.

Two users, dcuser1 and dcuser2, appear in this group.
38
Lab 9 Creating Local Users in the
Organizations
Objective and Tasks

Create local users in the organization and create provider access control users, assign predefined
roles, and verify their access rights:
1. Create Local Users in the Organization
2. Verify the Access Rights of the Tenant Users
3. Create the Provider Access Control User
39
Task 1: Create Local Users in the Organization
You create a few organization users with different roles as an organization administrator.
4. Click Users under Access Control in the left pane.
5. Click NEW in the right pane.
6. In the Create User wizard, configure the first user values and then click SAVE.
Option Action
User name Enter rnd_cat_user in the text box.
Enable Leave the enabled default toggle.
Configure user's quota Turn off the toggle.
Available roles Select Catalog Author from the drop-down menu.
Full name Enter RnD Catalog user in the text box.
Email address Enter rnd_cat_user@vclass.local in the text box.
All VMs quota Select the Unlimited check box.
Running VMs quota Select the Unlimited check box.
7. Click Users in the left pane.
40
9. In the Create User wizard, configure the second user values and then click SAVE.
Option Action
User name Enter rnd_vapp_user1 in the text box.
Available roles Select vApp User from the drop-down menu.
Full name Enter RnD vApp user1 in the text box.
Email address Enter rnd_vapp_user1@vclass.local in the text box.
10. Click Users in the left pane.
41
12. In the Create User wizard, configure the third user values and then click SAVE.
Setting Value
User name Enter rnd_custom_user in the text box.
Available roles Select vApp User from the drop-down menu.
Full name Enter RnD Custom user in the text box.
Email address Enter rnd_custom_user@vclass.local in the text box.
The rnd_custom_user is used in RBAC and assigned a custom created role.
42
Task 2: Verify the Access Rights of the Tenant Users
You verify the access rights of each user that you created in the VMbeans-RnD-Org tenant
portal.
• User name: rnd_cat_user
You must verify that the user role on the top right is Catalog Author. If you do not see the
user role, click the vertical ellipsis icon.
2. From the top bar, click Libraries.
3. Click Catalogs under Content Libraries in the left pane.
You must be able to view the available catalog.
4. Click Media & Other under Content Libraries in the left pane.
You must be able to view the available media.
5. Click vApp Templates under Content Libraries in the left pane.
You must be able to view the available vApp Templates.
6. From the top bar, click the Data Centers tab.
7. Click the Beta-OVDC (2) card.
In Virtual Machines, you can view that the NEW VM creation option is available and enabled
for the user.
8. Click vApps under Compute in the left pane.
In vApp, you can view that the NEW VAPP creation option is available and enabled for the
user.
9. Click Named Disks under Storage in the left pane.
You can view that the NEW creation option is available and enabled for the user.
43
• User name: rnd_vapp_user1
You must verify that the user role on the top right is vApp User. If you do not see the user
role, click the vertical ellipsis icon.
In Virtual Machines, you can view that the NEW VM creation option exists but is unavailable
for the user.
In vApp, you can view that the NEW VAPP creation option exists but is unavailable for the
user. Adding the vApp using the catalog option is enabled.
No new named disk creation option is available for the user.
44
Task 3: Create the Provider Access Control User
You create a provider access control user as an administrator.
4. Click Users under Provider Access Control in the left pane.
6. In the Create User wizard, configure the first user values and then click SAVE.
Option Action
User name Enter Infra_user in the text box.
Available roles Select Defer to identity provider from the drop-down menu.
The selection is temporary.
Full name Enter Infrastructure User in the text box.
Email address Enter infra_user@vclass.local in the text box.
45
Lab 10 Creating and Managing Role
Based Access Control
Objective and Tasks

Create custom roles, assign the roles to local users, and verify the user rights:
1. Create a Provider Access Control Role
2. Assign the Provider Access Control Role to a Local User
3. Verify the Provider Access Control Role Local User Rights
4. Create the Custom Role-01 Tenant Access Control Role
5. Publish the Custom Role-01 to a Tenant
6. Assign the Custom Role-01 to a Local User
7. Create the Custom Role-02 Using the Tenant Portal
8. Assign the Custom Role-02 to a Local User
9. Verify the Custom Role-02 Local User Rights
47
Task 1: Create a Provider Access Control Role
You log in to the provider portal as an administrator and create a provider access control role.
4. Click Roles under Provider Access Control in the left pane.
5. Click NEW.
6. Configure settings for the role.
a. Configure the role in the Add Role window.
Option Action
Name Enter Infra_Role in the text box.
Description Enter This is a custom role created with

infrastructure permissions in the text box.
b. Select the values in the rights table.
Name View Manage
ADMINISTRATION > GENERAL Select all. None.
INFRASTRUCTURE > Datastore Select all. Select all.
INFRASTRUCTURE > Host Select all. Select all.
INFRASTRUCTURE > Port Group Leave the default value. Select all.
INFRASTRUCTURE > Resource Pool Select all. Select all.
INFRASTRUCTURE > SDDC Select all. Select all.
INFRASTRUCTURE > vCenter Select all. None.
7. Click SAVE and verify that Infra_Role appears in the roles table.
48
Task 2: Assign the Provider Access Control Role to a Local User
You assign the provider access control role to an existing user.
1. Click Users under Provider Access Control in the left pane.
2. Select infra_user in the right pane.
3. Click EDIT.
4. From the Available Roles drop-down menu, delete the existing selected role and select
Infra_role.
5. Click SAVE.
Task 3: Verify the Provider Access Control Role Local User Rights
You verify the provider access control role user rights.
• User name: infra_user
You must verify that the user role on the top right is Infra_Role. If you do not see the user
role, click the vertical ellipsis icon.
2. Click the Cloud Resources tab.
Very limited options are available in the left pane.
You can create a new organization.
4. Click Organization VDCs in the left pane.
You can create new organization VDCs.
5. Click the Infrastructure Resources tab.
Very limited options are available.
Q1. Can you view vCenter Server?

A1. No.
6. Click Resource Pools in the left pane.
You can view all the available Resources Pools.
7. Click Storage Containers in the left pane.
49
8. Select SA-Remote-02 in the right pane.
You can view and edit the storage containers.
9. Click the other items in the left pane and verify the permissions.
Very limited options are available in the left pane.
50
Task 4: Create the Custom Role-01 Tenant Access Control Role
You log in to the provider portal as an administrator and create a tenant access control role.
3. Click Global Roles under Tenant Access Control in the left pane.
4. Click NEW.
5. Configure settings for the role.
a. Select the values in the rights table.
Option Action
Name Enter vApp_User_Custom_Role_01 in the text box.
Description Enter This is a custom role created with limited

permissions in the text box.
b. Select the values in the rights table.
Option View Manage
ACCESS CONTROL > Organization Select all. Select all.
COMPUTE > Organization VDC Select all. Select all.
EXTENSION > Custom Entity Select all. Select all.
EXTENSION > Service Library Select all. Select all.
INFRASTRUCTURE > SDDC Select all. Select all.
INFRASTRUCTURE > vCenter Select all. Select all.
6. Click SAVE.
51
Task 5: Publish the Custom Role-01 to a Tenant
You publish the Tenant Access Control role to an existing organization.
1. Click vApp_User_Custom_Role-01 in the right pane. .
2. Click PUBLISH.
3. In the Publish Global Role window, select the VMBeans-RnD-Org organization.
4. Click SAVE.
Task 6: Assign the Custom Role-01 to a Local User

You assign a Tenant Access Control role to an existing user in the organization.
4. Click Roles under Access Control in the left pane.
You can view vApp_User_Custom_Role_01 in the roles table with a Yes tag in the Read
Only column.
Any role that the system administrator creates cannot be deleted or edited by the
organization users.
6. Select rnd_custom_user in the right pane.
7. Click EDIT.
8. From the Available Roles drop-down menu, delete the existing selected role and select
vApp_User_Custom_Role_01.
9. Click SAVE.
52
Task 7: Create the Custom Role-02 Using the Tenant Portal
You log in to the tenant portal as an organization administrator and create a custom role.
1. Click Roles under Access Control in the left pane.
2. Select vApp User in the right pane.
3. Click CLONE.
4. Configure the clone role in the Clone Role window and then click SAVE.
Option Action
Name Enter vApp_User_Custom_Role_02 in the text box.
Description Enter This is a custom role created with vApp User

rights plus create VM and vApp rights in the text box.
Modify Turn on the toggle.

Selected
Rights
vApp Expand vApp under COMPUTE in the table.
Manage Select the check box under vApp.
Task 8: Assign the Custom Role-02 to a Local User

You assign a custom role to an existing user in the organization.
1. Click Users under Access Control in the left pane. .
2. Select rnd_custom_user in the right pane.
3. Click EDIT.
4. From the Available Roles drop-down menu, remove the existing selected role and select
5. Click SAVE.
53
Task 9: Verify the Custom Role-02 Local User Rights
You verify the custom role user rights from the tenant portal.
1. Log in to the VMBeans-RnD-Org tenant portal and verify that the user role on the top right is
• User name: rnd_custom_user
Q1. Do you see the NEW VM creation option enabled?

A1. Yes. The logged in user wit h the cust om ro le c an create a VM.
Q2. Do you see the NEW VAPP creation option enabled?

A2. Yes. The logged in user wit h the cust om ro le c an create a vApp.
Q3. Do you see the named disk creation option enabled?

A3. No new named d isk creation op tio n is available. Y ou have not e nabled the create name d isk ro le in t he c ustom r ole.
54
Lab 11 Creating and Managing Quotas
Objective and Tasks

You assign quotas for the organization, group, and user, and verify the configuration with multiple
tests:
1. Assign the Organization Quotas
2. Verify the Organization Quotas
3. Assign the Group Quotas
4. Verify the Group Quotas
5. Assign the User Quotas
6. Verify the User Quotas
7. Reset the Quotas
55
Task 1: Assign the Organization Quotas
You assign the quotas for the organization as a system administrator.

The organization page appears by default.
4. Click Quotas under Configure.

By default, no quotas are set on the organization.
5. Click EDIT in the right pane.

The Edit Quota for Organization VMBeans-RnD-Org window appears.
6. Configure the Running VMs quota for the organization in the Edit Quota for Organization
VMBeans-RnD-Org window.
a. Click ADD.
b. From the Name column, select Running VMs Quotas from the drop-down menu.
c. Under Description, enter 2 in the text box.
7. Configure the All VMs quotas for the organization in the Edit Quota for Organization
a. Click ADD.
b. From the Name column, select All VMs Quotas from the drop-down menu.
8. Configure the memory quotas for the organization in the Edit Quota for Organization
a. Click ADD.
b. From the Name column, select Memory Quotas from the drop-down menu.
c. Under Description, enter 5 and select GB from the drop-down menu.
9. Click SAVE.
All the quotas that you configured must be available in a table.
Under All VMs quota, you view 13 / 16, which indicates that 11 VMs and 2 templates exist in
the organization.
Under Running VMs quota, you must view 0 / 2.
Under Memory quota, you must view 0MB / 5GB.
56
Task 2: Verify the Organization Quotas
You verify the All VMs quota, Running VMs quota, and Memory quota set for the organization, as
an organization administrator.
3. Click Administration.
4. Click Quotas under Settings in the left pane and verify that you can view the same settings
from the provider portal.
5. From the top bar, click Data Centers.
6. Click the Research-OVDC (3) card and verify that four VMs are already created in this
OVDC.
All the VMs must be powered off.
7. Click NEW VM to create a VM.
The New VM window appears.
8. Configure the new VM in the New VM window.
a. Enter Quotatest-01 as the name.
b. Enter Quotatest-01 as the computer name.
c. Enter Quotatest-01 as the description.
d. Select New as the type.
e. Select Power on.
f. Under Operating System, select Linux as the OS family.
g. Select CentOS 8 (64-bit) as the operating system.
Leave the other values under Operating System to the default value.
h. Under the Storage, enter 1 GB as the disk size.
i. Click OK.
Q1. Is Quotatest-01 VM created and powered on?

A1. Yes. Quotatest- 01 VM is created and powered on.
57
10. Configure another VM in the New VM window.
e. Select Power on.
f. Under Operating System, select Linux. as the OS family.
h. Under Storage, enter 1 GB as the disk size.

i. Click OK.

A2. Yes. Quotatest- 02 VM is created and powered on.
11. Click NEW VM to create a VM in the New VM window.
e. Select Power on.

i. Click OK.

A3. Yes. Quotatest- 03 VM is created but is not powered o n. This be havior oc curs be cause when the q uotas are set in the org anizat ion, the Running VMs Quot as are co nfig ured to 2. A m aximum of two VMs can be powered on sim ult aneo usly with t his co nfig urat ion.
j. Expand Recent Tasks at the bottom and view the error by clicking the failed task and
click OK.
The Running VMs quota limit: 2 count. Current available

resource: 0 count. Current requirement: 1 count. error appears.
58
e. Select Power on.
i. Click OK.
A4. No. Quotatest-04 VM is not created and is in an Unreso lved state. The behavior occ urs bec ause w hen yo u set t he quot as in t he org anizat ion, All VMs Quot as are conf igured to 16. 11 VMs and 2 templates were already created in this org anizat ion. Therefore, you c an creat e only 3 additio nal VMs or templates. A m aximum of 16 VMs or templates c an be created w ith this co nfig urat ion.
j. Expand Recent Tasks at the bottom and view the error message by clicking the failed
task and click OK.
The All VMs quota limit: 16 count. Current available
13. Delete Quotatest-04, which is in the Unresolved state.
a. Click ACTIONS on the Quotatest-04 VM card.
b. Click Delete from the list.
c. Click DELETE.
d. Verify that the Quotatest-04 VM is deleted successfully.
14. Perform the memory quota test.
a. Power off the Quotatest-02 VM.
b. Click ACTIONS on the Quotatest-02 VM card.
c. Click Power and click Power Off.
d. Click POWER OFF.
15. Increase the memory on the Quotatest-02 VM.
a. Click DETAILS on the Quotatest-02 VM card.
b. Click Compute under Hardware.
c. Scroll to the bottom in the right pane and click EDIT above Memory.
d. In the Edit Memory Details window, enter 4 GB.
e. Click SAVE.
59
16. Power on the Quotatest-02 VM.
a. Click ALL ACTIONS on the top.
b. Click Power and click Power On.
Q5. Did the Quotatest-02 VM power on?

A5. Yes. The Q uotatest- 02 VM powered on successfully and d id not violate any quot a lim it.
17. Power off the Quotatest-02 VM.

a. Click ALL ACTIONS on the top.
b. Click Power and click Power Off.
c. Click POWER OFF.
18. Increase the memory on the Quotatest-02 VM.
a. Click Compute under Hardware.
b. Scroll to the bottom in the right pane and click EDIT above Memory.
c. In the Edit Memory Details window, enter 5 GB in the text box.
d. Click SAVE.
19. Power on the Quotatest-02 VM.
a. Click ALL ACTIONS.

A6. No. Quotatest-02 VM is not powered o n. The behavior o cc urs because whe n you set the q uotas at the org anizat ion level, Memory Q uota was conf igured to 5 G B. At any time, a m aximum of 5 G B of memory c an be assig ned to VMs and powered on s imultaneous ly in t his conf igur atio n.
c. Expand Recent Tasks at the bottom and view the error message by clicking the failed
task.
The Memory quota limit: 5120 MB. Current available
resource: 4096 MB. Current requirement: 5120 MB. error appears.
This is because, Quotatest-01 VM is powered on with 1GB memory allocated to it. Since
the maximum memory quota set on the organization is 5GB, there is only 4GB memory
resource remaining to be used.
d. Click OK.
20. Click Virtual Machines under Compute in the left pane.
c. Click POWER OFF.
60
22. Try powering on the Quotatest-02 VM again.

A7. Yes. The Q uotatest- 02 VM powered on successfully and d id not violate any memory quo ta lim it t his time.

c. Click POWER OFF.
24. Delete Quotatest-01.
c. Click DELETE.
c. Click DELETE.
c. Click DELETE.
27. Click Administration from the top bar.
28. Click Quotas under Settings in the left pane and verify that you view the same settings as
configured initially.
61
Task 3: Assign the Group Quotas
You assign the quotas for the user group that is imported from the domain controller, as an
organization administrator.
1. Before assigning quotas to the user group, modify the organization quota as a system
administrator.
a. Select VCD Primary > Provider from the bookmark and click SA-VCD-P Provider.
b. Log in to the SA-VCD-P provider portal.
c. Click VMBeans-RnD-Org in the right pane.
d. Click Quotas under Configure.
e. Click EDIT.
f. Modify the All VMs quota from 16 and enter 19 in the text box.
g. Modify the Running VMs quota from 2 and enter 4 in the text box.
h. Modify the Memory quota from 5 and enter 7 GB in the text box.
i. Click SAVE.
8. Click Quotas.
9. Click EDIT in the right pane.
The Edit Quota for Group dcgroup window appears.
10. Configure the running VM quotas in the Edit Quota for Group dcgroup window.
a. Click ADD.
b. From the Name column, select Running VMs Quotas from the drop-down menu.
c. In the Description column, enter 2 in the text box.
62
11. Configure all VMs quotas in the Edit Quota for Group dcgroup window.
a. Click ADD.
c. In the Description column, enter 2 in the text box.
12. Configure the memory quotas in the Edit Quota for Group dcgroup window.
a. Click ADD.
b. From the Name column, select Memory Quotas from the drop-down menu.
c. Under Description, enter 5 and select GB from the drop-down menu.
13. Click SAVE.
You can view all the quotas that you configured in the table.
Under the All VMs quota, you can view - / 2.
Under the Memory quota, you can view - / 5GB.
Under the Running VMs quota, you can view - / 2.
You cannot view the current usage at the group level, because the defined value at the
group level is applicable to each user individually.
Task 4: Verify the Group Quotas

You verify the All VMs quota set for the group, as a domain group user.
2. Click the Research-OVDC (3) card.
63
4. Configure the VM in the New VM window.
a. Enter dcuser1VM-01 as the name.
b. Enter dcuser1VM-01 as the computer name.
c. Enter dcuser1VM-01 as the description.
e. Select Power on.

i. Click OK.
Q1. Is dcuser1VM-01 VM created and powered on?

A1. Yes. dcuser1VM-01 VM is created and powered o n.
e. Select Power on.

i. Click OK.

A2. Yes. The dc user1VM-02 VM is created and powered o n.
64
e. Select Power on.
Leave the other settings under Operating System to the default value.

i. Click OK.
Q3. Is the dcuser1VM-03 VM created and powered on?

A3. No. The dcuser1VM- 03 VM is not created be cause the All VM q uot a limit per user in the gr oup is set to 2 .
task.

7. Delete the dcuser1VM-03 which is in the Unresolved state.
a. Click ACTIONS on the dcuser1VM-03 VM card.
c. Click DELETE.
d. Verify that the dcuser1VM-03 VM is deleted successfully.
65
e. Select Power on.
Leave the other settings under Operating System to the default value.

i. Click OK.

e. Select Power on.

i. Click OK.

66
e. Select Power on.

i. Click OK.

A6. No. The dcuser2VM- 03 VM is not created be cause the All VM q uota limit per user in the gro up is set to 2 .
task.

c. Click DELETE.
d. Verify that the dcuser2VM-03 VM is deleted successfully.
67
Task 5: Assign the User Quotas
You assign a user quota for a user as an organization administrator.
4. Click dcuser1 in the right pane.
5. Click Quotas.
The quotas are inherited from the group quota configuration.
6. Click EDIT to modify the quota for dcuser1.
The Edit Quota for dcuser1 window appears.
7. Configure the quota in the Edit Quota for dcuser1 window.
a. Click ADD.

8. Click SAVE.
All VMs quota is now separated and appears in a different table. The other two quotas
appear as Inherited (not modifiable).
The All VMs quota set for dcuser1 is 3.
68
Task 6: Verify the User Quotas
You verify the All VMs quota set for the user, as an organization user.
e. Select Power on.
i. Click OK.

A1. Yes. The dc user1VM-03 VM is created b ut not powered on. This be havior occ urs bec ause w hen t he quotas are set at the organiz atio n level, the Running VMs Quo tas is co nfig ured to 2. A m aximum of two VMs can be powered o n sim ult aneo usly w ith this co nfig urat io n.

e. Select Power on.
i. Click OK.

A2. No. The dcuser1VM- 04 VM is not cre ated and is in an U nresolved state. This be havior oc curs bec ause w hen yo u set t he quo tas at t he user level, t he All VMs Quot as are co nfigured to 3. A m aximum of t hree VMs or templates c an be created by this user w ith the current config urat ion.
69
c. Click DELETE.
Verify that the dcuser1VM-04 VM is deleted successfully.
Task 7: Reset the Quotas

You reset all the quotas limits set for the organization as an administrator.
The organization page appears by default.
4. Click Quotas under Configure.
5. Click EDIT.
6. Select Memory quota and click REMOVE.
7. Select All VMs quota and click REMOVE.
8. Select Running VMs quota and click REMOVE.
9. Click SAVE and verify that no assigned quota is available for this organization.
70
Lab 12 Creating and Managing VMs
Objective and Tasks

Create a standalone VM and perform the VM operations:
1. Create a Standalone VM from the Template
2. Create a Standalone VM from the ISO Image
3. Import a Standalone VM from vCenter Server
4. Upgrade the Virtual Hardware Version for a VM
5. Update the VM Resources
6. Suspend the VM
7. Create a VM Snapshot
8. Renew a VM Lease
71
Task 1: Create a Standalone VM from the Template
You create a standalone VM using templates in Beta-OVDC (2).
2. Log in to the VMware Cloud Director tenant portal.
3. Click the Beta-OVDC (2) card on the Data Centers page.
4. Click Virtual Machines in the left pane.
5. Click New VM at the bottom of the VM window.
6. Configure the VM settings and then click OK.
Option Action
Name Enter StandaloneVM1 in the text box.
Computer Verify that the name is StandaloneVM1.

name
Description Enter Standalone VM1 for the Beta-OVDC organization

VDC in the text box.
Type Select From Template from the drop-down menu.
Select Select DSL from the Template drop-down menu.
Select Select RnD-Sp(VDC Default) from the Storage Policy drop-down menu.
You must wait 3 to 4 minutes to create and power on the StandaloneVM1 VM.
72
Task 2: Create a Standalone VM from the ISO Image
You create a standalone VM using ISO images in Beta-OVDC (2).
2. Click New VM.
Option Action
Computer name Verify that the name is StandaloneVM2.
Description Enter Standalone VM2 for the Beta-OVDC

organization VDC in the text box.
Type Select New from the drop-down menu.
OS family Select Linux from the drop-down menu.
Operating Select Other Linux (64-bit) from the drop-down menu.

System
Boot image Select dsl-4.4.10.iso from the drop-down menu.
Virtual CPUs Select 1 from the drop-down menu.
Memory Select 1 GB from the drop-down menu.
Storage Enter 1 GB in the Size column text box.
You must wait 3 to 4 minutes to create and power on the StandaloneVM2 VM.
73
Task 3: Import a Standalone VM from vCenter Server
You import a standalone VM from vCenter Server to Beta-OVDC (2).
5. Click Beta-OVDC (2) from the list of organization VDCs.
The Beta-OVDC (2) tenant portal appears in a new tab.
7. Click vApps in the left pane.
8. Click IMPORT FROM VCENTER at the bottom of the vApps window.
9. Configure the VM settings.
Option Action
vCenter Select sa-vcsa-01 from the drop-down menu.
Virtual Machine Select Linux-VM-01 from the Virtual Machine list.
Description Enter Standalone VM3 for the Beta-OVDC

organization VDC in the text box.
Storage Policy Select RnD-SP from the drop-down menu.
Move Virtual Machine Turn off the toggle.

(delete source)
10. Click IMPORT.
You must wait 3 to 4 minutes to create the StandaloneVM3 VM.
When you import a VM from vCenter Server, the VM is imported as a vApp.
74
Task 4: Upgrade the Virtual Hardware Version for a VM
You install the latest upgrade of the virtual hardware version for the StandalonVM3 VM.
5. Click DETAILS on the StandalonVM3 VM and record the Virtual Hardware Version on the
General tab. __________
Hardware version must be 13.
6. Select Upgrade Virtual Hardware Version from the StandalonVM3 ALL ACTIONS drop-
down menu on the tenant portal.
7. Click UPGRADE in the Upgrade VM window.
VM hardware version is upgraded on the target guest operating system. If an error occurs
during installation, an error message appears. You can also view the progress of the
installation operation in the Recent Tasks window.
8. Verify Virtual Hardware Version on the General tab.
The Hardware version must be 19.
75
Task 5: Update the VM Resources
You enable the hot-add feature. In the VM power-on state, you verify the changes in the
resource settings in the guest OS.
2. Click DETAILS on the StandalonVM3 VM.
3. Click Compute on the StandaloneVM03 VM page.
4. Click EDIT on the CPU.
5. Turn on the Virtual CPU hot add toggle and click SAVE.
A failed error status message appears when you try to enable the hot add feature on the
virtual CPU when the VM is powered on.
6. Click EDIT on Memory.
7. Turn on the Memory hot add toggle and click SAVE.
A failed error status message appears in Recent Tasks when you try to enable the hot add
feature on the memory when the VM is powered on.
8. Click the ALL ACTIONS drop-down menu on StandaloneVM03 and select Power > Shut
Down Guest OS.
9. Click SHUT DOWN in the Shut Down Guest OS window.
You must wait 2 to 3 minutes for the StandaloneVM03 VM to power off.
10. Click EDIT on the CPU on the StandaloneVM03 VM page.
11. Turn on the Virtual CPU hot add toggle and click SAVE.
12. Click EDIT on the Memory in the StandaloneVM03 VM page.
13. Turn on the Memory hot add toggle and click SAVE.
14. Click the ALL ACTIONS drop-down menu on StandaloneVM03 and select Power > Power
On.
You must wait 2 to 3 minutes for the StandaloneVM3 VM to power on.
15. Click EDIT on the CPU in the StandaloneVM03 VM page.
16. Select 3 in the Virtual CPU drop-down menu and click SAVE.
17. Click EDIT on the Memory in the StandaloneVM03 VM page.

18. Enter 2 in the Memory text box to increase the memory to 2 GB and click SAVE.
You can also use the up and down arrow to change the memory size.
On the StandaloneVM03 VM page, Number of virtual CPUs must change to 3 and Memory
must change to 2 GB.
76
Task 6: Suspend the VM
You suspend the StandaloneVM03 VM.
2. Select VM Console > Launch Web Console from the StandaloneVM03 ACTIONS drop-
down menu.
3. Log in to the StandaloneVM03 VM.
• User name: root
4. Enter cat /var/log/vmware-vmtoolsd-root.log on the StandaloneVM03

console to open the vmware-vmtoolsd-root.log file.
5. Close the web console on the StandaloneVM03 VM.
6. Select Power > Suspend from the StandaloneVM03 ACTIONS drop-down menu.
The status of the StandaloneVM03 VM changes to Partially Suspended. When a VM is

suspended, its current state is preserved by writing the memory to the disk.
The Launch Web Console and Launch Remote Console options are unavailable when the VM
is in a partially suspended state.
7. Select Power > Power On from the StandaloneVM03 ACTIONS drop-down menu.
down menu.
When the VM is suspended, the state is preserved. You can view the vmware-
vmtoolsd-root.log file on the console.
77
Task 7: Create a VM Snapshot
You create a snapshot of a VM and then you use the revert and remove options to revert and
remove the snapshot.
1. Click Virtual Machines in the left pane in the tenant portal.
2. Select Snapshot > Create Snapshot from the StandaloneVM03 ACTIONS drop-down
menu.
3. Verify that the Snapshot the memory of the virtual machine toggle is turned off.
4. Verify that the Quiesce the guest file system toggle is turned off and click CREATE.
5. On the StandaloneVM03 VM card, verify that a blue icon appears on the Storage icon.
down menu.
7. (Optional) If the console does not load, launch it again using a different method.
a. Open a new tab and enter https://sa-vcd-p.vclass.local:8443.
b. Click Advance and click Accept the Risk and Continue.
A blank window opens.
c. Close the tab and close the web console.
d. Click LAUNCH WEB CONSOLE.
8. Enter the following commands on the StandaloneVM03 VM console.
cd /opt
mkdir backup
cd backup
touch test.txt
9. List the files in the backup folder that you created.
ls -ltrh
The test.txt file must appear in the backup folder that you created.
11. Select Snapshot > Revert to Snapshot from the StandaloneVM03 ACTIONS drop-down
menu.
78
12. Click REVERT in the Revert to Snapshot window.
The status of the StandaloneVM03 changes to Powered off because you did not create a
snapshot of the VM memory.
13. Select Power > Power On from the StandaloneVM03 ACTIONS drop-down menu.
14. Select VM Console > Launch Web Console from the ACTIONS drop-down menu.
15. Log in to the StandaloneVM03 VM.
• User name: root
16. On the StandaloneVM03 VM console, change the directory.
cd /opt
17. List the files in the /opt folder.
ls -ltrh
The test.txt file and the backup folder do not appear in the /opt folder because the
StandaloneVM03 VM reverted to the state prior to taking the snapshot.
18. Enter the following commands on the StandaloneVM03 VM console.
mkdir backup
cd backup
touch test.txt
19. List the files in the backup folder that you created.
ls -ltrh
The test.txt file must appear in the backup folder that you created.
21. Select Snapshot > Remove Snapshot from the StandaloneVM03 ACTIONS drop-down
menu.
22. Click REMOVE in the Remove Snapshot window.
On the StandaloneVM03 VM card, you verify that a blue icon disappears on the Storage
icon.
down menu.
79
24. On the StandaloneVM03 VM console, list the files in the /backup folder.
ls -ltrh
The test.txt file in the backup folder is preserved as the StandaloneVM03 VM is
committed. The changes made to the guest operating system are saved.
Task 8: Renew a VM Lease

You renew a VM lease that might expire.
1. Click Virtual Machines in the left pane in the tenant portal.
2. Select Renew Lease from the StandaloneVM1 ACTIONS drop-down menu.
The Runtime and the Storage lease of the StandaloneVM1 is set to Never Expires.
3. Select the Runtime lease check box to set the runtime lease to 1 hour.
a. Select Hour(s) from the drop-down menu.
b. Select 1 from the drop-down menu.
4. Select the Storage lease check box to set the Runtime lease to 1 Day.
a. Select Day(s) from the drop-down menu.
5. Click SAVE.
6. Click the information icon on the StandaloneVM1 card.
You can view the date and time on when the runtime and storage lease of the VM expires.
80
7. Select Renew Lease from the StandaloneVM1 ACTIONS drop-down menu.
8. Select the Runtime lease check box to set the custom runtime lease to 2 days.
a. Select Days(s) from the drop-down menu.
b. Enter 2 as the number of days.
9. Select the Storage lease check box to set the custom storage lease to 2 days.

10. Click SAVE.
11. Click the information icon on the StandaloneVM1 card.
You can view the date and time when the runtime and storage lease of the VM expires.
81
Lab 13 Creating and Managing vApps
Objective and Tasks

Create vApps and perform various vApp operations:
1. Build a New vApp
2. Create a vApp from an OVF Package
3. Add a VM to a vApp
4. Copy a VM from a vApp
5. Copy a vApp to Another Virtual Data Center
6. Edit the vApp Properties
7. Create a vApp Snapshot
8. Renew the vApp Lease
9. Change the vApp Owner
83
Task 1: Build a New vApp
You create a vApp with the Linux VMs in Beta-OVDC (2) using a template and a new VM with
customizable settings.

6. Click New and click New vApp in the right pane.
7. Configure the vApp settings.
Option Action
Name Enter vApp-01 in the text box.
Description Enter vApp-01 for the Beta-OVDC organization VDC in the

text box.
Power on Select the check box.
8. Click ADD VIRTUAL MACHINE.
84
Option Action
Name Enter VM01 in the text box.
Computer Verify that the name is VM01.

name
Description Enter VM01 for the Beta-OVDC organization VDC in the text
box.
Type Click From Template.
Template Select DSL from the templates drop-down menu.
Storage Policy Select Rnd-SP (VCD Default) from the drop-down menu.
10. Click OK to add the VM to the vApp.
11. Click ADD VIRTUAL MACHINE.
Option Action
Computer name Verify that the name is VM02.
Description Enter VM02 for the Beta-OVDC organization VDC in the text
box.
Type Click New.
Operating Select CentOS 7 (64-bit) from the drop-down menu.

System
Virtual CPUs Select 1 from the drop-down menu.
Memory Select 512 MB from the drop-down menu.
13. Under Storage, leave the Storage Policy default settings and change Size to 1 GB.
14. Click OK to add the VM to the vApp.
85
15. Click CREATE to complete the creation of the vApp.
When the vApp is powered on, the VMs are created and powered on.
16. Click DETAILS on the vApp-01 vApp card.
17. Click General on the vApp-01 vApp page and verify that the State is Powered on.
18. Click Virtual Machines on the vApp-01 vApp page.
19. Verify that the VM01 and VM02 VMs are created and in the powered on state.
Task 2: Create a vApp from an OVF Package

You create a vApp with the Linux VM in Beta-OVDC (2) from an OVF package.
2. Click NEW and click Add vApp from OVF in the right pane.
3. In the Create vApp from an OVF file window, click the arrow to open the OVA file.
4. Navigate to the Desktop\Class Materials and Licenses\Downloads

folder and select the DSL.ova file in the Linux VM.
5. Click Open.
The file appears in the Create vApp from OVF window.
6. Click NEXT.
7. Review the details and click NEXT.
8. Configure the vApp Name and Description on the Select vApp Name screen and then click
NEXT.
Option Action
Description Enter vApp-02 for the Beta-OVDC organization VDC in the

text box.
9. Leave the default settings on the Configure Resources page and click NEXT.
10. Leave the default settings on the Configure Networking page and click NEXT.
11. Click NEXT on the Custom Properties page.
12. Select 128 MB as the memory in the Total Memory drop-down menu on the Customize
Hardware page and click NEXT.
86
13. Click Finish on the Ready to Complete page.
You must wait 3 to 4 minutes to create vApp-02.
14. Click DETAILS on the vApp-02 vApp card.
15. Click Virtual Machines on the vApp-02 vApp page and verify that the VM is created.
Task 3: Add a VM to a vApp

You add a VM to a vApp as an organization administrator.
2. From the vApp-01 ACTIONS drop-down menu, select Add > Add VM.
3. Click ADD VIRTUAL MACHINE in the Add VMs to vApp-01 window.
4. Configure the VM settings and click OK.
Option Action
Computer Verify that the name is VM03.

name
Description Enter VM03 for the Beta-OVDC organization VDC in the

text box.
Type Click From Template.
Template Select DSL from the templates drop-down menu.
Storage Policy Select Rnd-SP (VCD Default) from the drop-down menu.
5. Click ADD.
You must wait 3 to 4 minutes to create and power on the VM.
6. Click DETAILS on the vApp-01 vApp to view and edit the vApp properties.
7. Click Virtual Machines on the vApp-01 VM page.
VM03 is created.
87
Task 4: Copy a VM from a vApp
You copy the LinuxServer01 VM in a standalone vApp to vApp-02.
2. Click DETAILS on the StandaloneVM3 vApp to view and edit the vApp properties.
3. Click Virtual Machines on the StandaloneVM3 vApp page.
4. Click the vertical ellipsis icon on LinuxServer01 and select Copy.
5. Select vApp-02 in the Select Destination vApp window.
6. Click NEXT.
7. Select Rnd-SP on the Target VM Storage Policy drop-down menu.
8. Click NEXT in the Configure Resources window.
9. Click DONE in the Ready to Complete window.
11. Click DETAILS on the vApp-02 vApp card to view and edit the vApp properties.
12. Click Virtual Machines on the vApp-02 VM page.
LinuxServer01 is created.
88
Task 5: Copy a vApp to Another Virtual Data Center
You copy the vApp-02 vApp in the Beta-OVDC (2) organization virtual data center to the Dev-
OVDC (1) organization virtual data center.
2. From the vApp-02 ACTIONS drop-down menu, select Copy.
3. Configure the destination organization VDC settings.
Option Action
Name Enter Copy_of_vApp-02 in the text box.
Virtual Data Center Select Dev-OVDC (1) from the drop-down menu.
4. Leave the default values for the other settings to defaults and click OK.
5. Click All Virtual data centers.
6. Click the Dev-OVDC (1) card on the Data Centers page.
The Copy_of_vApp-02 vApp appears in the list of vApps.
8. From the Copy_of_vApp-02 ACTIONS drop-down menu, select Move.
9. Select Beta-OVDC (2) from the list of virtual data centers.
10. Leave the default settings and click OK.
The Copy_of_vApp-02 vApp is not available in the list of vApps when the Move operation
is complete.
11. Click All Virtual data centers.
89
The Copy_of_vApp-02 vApp appears in the list of vApps.
14. From the Copy_of_vApp-02 ACTIONS drop-down menu, select Delete.
15. Click DELETE in the Delete VApp window.
Task 6: Edit the vApp Properties

You modify the general properties of the vApp.
2. Click DETAILS on the vApp-01 vApp.
3. click General on the vApp-01 vApp page and click EDIT.
4. Enter Beta-vApp-01 in the Name text box and click SAVE.
5. Click EDIT above Lease to modify the lease of the vApp.
6. Select the Runtime lease check box and select Runtime lease as 7 Day(s).
7. Select the Storage lease check box and select Runtime lease as 7 Day(s).
8. Click SAVE in the Renew Lease window.
9. Click Metadata on the Beta-vApp-01 vApp page and click EDIT to modify the badges.
10. Select Green in the predefined badges and click SAVE.
A green badge icon appears next to Badges on the vApp Page.
A green badge icon appears next to Badges on the Beta-vApp-01 card.
12. Click the information icon on the Beta-vApp-01 vApp card.
You can view the date and time when the runtime and storage lease of the VM expires.
90
Task 7: Create a vApp Snapshot
You create a snapshot of a vApp and then you use the revert and remove options to revert and
remove the snapshot.
1. Click DETAILS on the Beta-vApp-01 vApp to view and edit the vApp properties.
2. Click Virtual Machines on the Beta-vApp-01 vApp page.
3. Click the vertical ellipsis icon on VM01 and select Snapshot.
The Revert to Snapshot and Remove Snapshot options are unavailable.
The Revert to Snapshot and Remove Snapshot options are unavailable.
5. Click vApps in the left pane in the tenant portal.
6. Select Snapshot > Create Snapshot from the Beta-vApp-01 ACTIONS drop-down menu.
7. Verify that Snapshot the memory of the virtual machine is disabled.
8. Verify that Quiesce the guest file system is disabled and click CREATE.
On the Beta-vApp-01 card, verify that a blue icon appears on Storage.
9. Click DETAILS on the Beta-vApp-01 vApp to view and edit the vApp properties.
The Revert to Snapshot and Remove Snapshot options are enabled.
The Revert to Snapshot and Remove Snapshot options are enabled.
14. Select Snapshot > Remove Snapshot from the Beta-vApp-01 ACTIONS drop-down menu.
15. Click Remove in the Remove Snapshot window.
On the Beta-vApp-01 vApp card, verify that a blue icon disappears on Storage.
16. Click DETAILS on Beta-vApp-01 vApp.
The Revert to Snapshot and Remove Snapshot options are disabled.
The Revert to Snapshot and Remove Snapshot options are disabled.
91
Task 8: Renew the vApp Lease
You renew a vApp lease and set the custom lease on the vApp.
2. Select Renew Lease from the Beta-vApp-01 ACTIONS drop-down menu.
3. Select the Runtime lease check box to set the runtime lease to 12 hours.
a. Select Hour(s) from the drop-down menu.
4. Select the Storage lease check box to set the runtime lease to 1 day.
a. Select Day(s) from the drop-down menu.
5. Click SAVE.
You can check the date and time of the Runtime and Storage lease expiry.
7. Select Renew Lease from the Beta-vApp-01 vApp ACTIONS drop-down menu.
8. Select the Runtime lease check box to set the custom runtime lease to 2 days.

9. Select the Storage lease check box to set the custom storage lease to 2 days.
10. Click SAVE.
You can check the date and time of the Runtime and Storage lease expiry.
92
Task 9: Change the vApp Owner
You change the owner of a vApp from the organization administrator to the organization user.
1. Click vApps in the left pane in the tenant portal.

2. Select Change Owner from the vApp-02 ACTIONS drop-down menu.
3. Select rnd_vapp_user from the list of users and click OK.
On the vApp-02 card, the owner changes to rnd_vapp_user.
4. Log out of the tenant portal.
• User name: rnd_vapp_user
7. On the Data Centers page, click the Beta-OVDC (2) card.
vApp-02 appears in the list of vApps.
14. Select Share from the Beta-vApp-01 ACTIONS drop-down menu.
15. Select rnd_vapp_author from the list of users and click SHARE.
• User name: rnd_vapp_author
Beta-vApp-01 appears in the list of vApps.
21. Log out of the tenant portal as rnd_vapp_author.
93
Lab 14 Creating and Managing the
Auto Scaling Groups
Objective and Tasks

Create the Auto Scale group depending on the predefined criteria to automatically scale the
number of VMs:
1. Configure the Auto Scale Plug-In
2. Publish the Auto Scale Rights Bundle
3. Publish the Auto Scale Plug-In
4. Create a Scale Group
5. Add an Auto Scaling Rule
6. Test the Auto Scaling Rule
95
Task 1: Configure the Auto Scale Plug-In
You enable the metric data collection and enable Auto Scale Plug-in as a VMware Cloud Director
provider administrator.
1. Open a terminal on the student desktop.
The Configure and publish the Auto Scale Plug-in.txt file with the
list of commands is saved on student01\Desktop\Class Materials and
Licenses\Download in the student desktop.
2. Connect to the sa-vcd-p.vclass.local VMware Cloud Director cell.
ssh root@172.20.10.100
You must enter VMware1! as the password.
3. Enable the metric data collection.
/opt/vmware/vcloud-director/bin/cell-management-tool manage-
config -n statsFeeder.metrics.collect.only -v true
4. Enable the publishing of metrics.
/opt/vmware/vcloud-director/bin/cell-management-tool manage-
config -n statsFeeder.metrics.publishing.enabled -v true
5. Create the metrics.groovy file in the /tmp folder.
cd /tmp
vi metrics.groovy
a. Press i to insert the text metrics into the metrics.groovy file.
b. Update the information in the metrics.groovy file.
configuration {
metric("cpu.ready.summation") {
currentInterval=20
historicInterval=20
entity="VM"
instance=""
minReportingInterval=300
aggregator="AVERAGE"
}
}
c. Press ESC on the keyboard and enter:wq to save the metrics.groovy file.
96
6. Change the file permission.
chmod 777 metrics.groovy

7. Import the metrics.groovy file.
$VCLOUD_HOME/bin/cell-management-tool configure-metrics --
metrics-config /tmp/metrics.groovy
8. Enable auto scaling.
$VCLOUD_HOME/bin/cell-management-tool configure-autoscale --
set enabled=true
set username=administrator
encrypt --set password=VMware1\!
The \ sign in the password is used to escape any special characters when you run the
command from the terminal.
9. Disable certificate verification as self-signed certificates are used on the VMware Cloud
Director cell.
set enableHostnameVerification=false
10. Restart the VMware Cloud Director service.
service vmware-vcd restart

11. Verify the status of the VMware Cloud Director service.
service vmware-vcd status

The services take 3 to 4 minutes to run.
The command output resembles the following screenshot.
12. Close the terminal on the console.
97
Task 2: Publish the Auto Scale Rights Bundle
You add the necessary VMWARE:SCALEGROUP rights to the tenant roles as a service provider.
3. Select Administration from the top bar.
4. Select Rights Bundles under Tenant Access Control in the left pane.
5. Select the vmware:scalegroup Entitlement bundle and click Publish.
6. Select Publish to Tenants.
7. Select VMBeans-RnD-Org from the list of tenants.
8. Click SAVE.
Task 3: Publish the Auto Scale Plug-In

You publish the rights bundle to one or more organizations as the service provider.
1. Select More > Customize Portal on the Provider portal.
2. Select the Autoscale plugin check box from the plug-ins list and click PUBLISH.
3. Select the Tenants check box next to Scope to.
4. Select the VMBeans-RnD-Org check box next to Publish to.
5. Click SAVE.
98
Task 4: Create a Scale Group
You create an Auto Scale Group. The amount of VMs in an Auto Scale Group changes
automatically depending on the conditions that you define.
• User name: autoscale_admin
3. Select Applications from the top bar and click the Scale Groups tab in the tenant portal.
4. Click New Scale Group.
5. Configure the host VDC and group name In General Settings and then click NEXT.
Option Action
Host VDC Select Beta-OVDC (2) from the drop-down menu.
Group Name Enter SG-Beta-OVDC(2) in the text box.
Min VMs Select 1 from the drop-down menu.
Max VMs Select 2 from the drop-down menu.
6. Select AutoScale-Template from the list of vApp Templates.
7. Select Rnd-SP (Default) on the Storage Policy drop-down menu and click NEXT.
8. Select I have a fully set-up network in Network.
9. Select Beta-Org-Isolated-NW from the network drop-down menu to select a network for
the scale group.
10. Click CREATE GROUP and ADD RULE.
99
Task 5: Add an Auto Scaling Rule
You add rules to trigger the growing or shrinking of virtual machines in an Auto Scale Group
1. Click ADD RULE to add an Auto Scaling rule.
2. Configure the rule in the Add Rule window.
Option Action
Name Enter Grow-VM-Rule in the text box.
Number of VMs Select 1 from the drop-down menu.
Behavior Select Grow from the drop-down menu.
Cooldown Enter1 in the Minutes text box.
Avg. Utilization Select CPU usage from the drop-down menu.
Condition Select greater or equal to from the drop-down menu.
Amount Enter50% in the text box.
Duration Enter 2 in the Minutes text box.
3. Click ADD.
4. Click ADD RULE to add an Auto Scaling rule.
5. Configure the added rule in the Add Rule pop-up window.
Option Action
Name Enter Shrink-VM-Rule in the text box.
Number of VMs Select 1 from the drop-down menu.
Behavior Select Shrink from the drop-down menu.
Cooldown Enter1 in the Minutes text box.
Avg. Utilization Select CPU usage from the drop-down menu.
Condition Select lower or equal to from the drop-down menu.
Amount Enter50% in the text box.
Duration Enter 2 in the Minutes text box.
6. Click ADD.
7. Select Virtual Machines on the SG-Beta-OVDC(2) details page.
You must wait 10 to 15 minutes for the Beta-OVDC (2)-UUID VM to be created and powered
on.
100
Task 6: Test the Auto Scaling Rule
You generate the CPU workload on Beta-OVDC (2) VM and test the auto scaling rule.
1. Click the SG-Beta-OVDC (2)-UUID VM from the list of virtual machines.
2. Click LAUNCH WEB CONSOLE.
3. (Optional) If the Console does not load, open a new tab and enter https://sa-vcd-
p.vclass.local:8443
a. Click Advance and click Accept the Risk and Continue.
A blank window appears.
b. Close the tab and close the web console.
c. Click LAUNCH WEB CONSOLE.
4. Log in to the SG-Beta-OVDC (2)-UUID VM.
• User name: root
5. Monitor the CPU utilization.
top -c
%Cpu(s) must be less than 5 microseconds.
6. Press q to exit the top session.
7. Generate the CPU load on the guest operating system.
sha1sum /dev/zero &

You must record the process ID. __________
top -c
%Cpu(s) must be less than 50 microseconds.
9. Press q on the keyboard to quit the top session.
10. Select Virtual Machines on the SG-Beta-OVDC (2) page.
No extra virtual machines are created after 5 minutes.

11. Generate the CPU load on the guest operating system and record the process ID.
__________.
sha1sum /dev/zero &
101
top -c
%Cpu(s) must be more than 85 microseconds.
13. Select Virtual Machines on the SG-Beta-OVDC(2) details page.
You must wait 15 to 20 minutes for the second SG-Beta-OVDC (2)-UUID VM to be created
and powered on.
14. On the Beta-OVDC (2)-UUID VM console, press q to exit the top session.
15. Replace the <Process ID> with the process ID recorded in step 7 and run the command to
kill the process used to generate CPU load on the guest OS.
kill <Process ID>

top -c
The %Cpu(s) must be less than 50 microseconds.
17. Press q to quit the top session.
18. Replace the <Process ID> with the process ID recorded in step 11 and run the command to
kill the process used to generate CPU load on the guest OS.
kill <Process ID>

top -c
The %Cpu(s) must be less than 10 micro seconds.
20. Press q to exit the top session.
21. Close the virtual machine web console.
22. Select Virtual Machines on the SG-Beta-OVDC (2) details page.
You must wait 15 to 20 minutes for the second SG-Beta-OVDC (2)-UUID VM to be deleted
from the list of virtual machines.
102
Lab 15 Creating and Managing
Catalogs
Objective and Tasks

Create a catalog storage policy and manage catalogs shared with you in the organization virtual
data center:
1. Add a Catalog Storage Policy to an Organization Virtual Data Center
2. Create a Catalog
3. Share a Catalog
4. Publish a Catalog
5. Upload the Media Files
103
Task 1: Add a Catalog Storage Policy to an Organization Virtual Data
Center
You add a VM storage policy to a provider virtual data center and to an organization virtual data
center.
4. Click VMBeans-RnD-PVDC from the list of the provider virtual data centers.
5. Under Policies, select Storage and click ADD.
6. Select Catalog-SP from the list of Storage Policy and click ADD.
7. Click next to Catalog-SP and click EDIT SUPPORTED TYPES.
8. Turn off the All Current and Future Entitles toggle.
9. Turn on only the Catalog Media and Vapp/VM Templates toggle.
10. Click EDIT to save the Supports Entity Types.
12. Click Beta-OVDC (2) from the list of organization virtual data centers.
13. In Policies, select Storage and click ADD.
14. Select the check boxes next to the Catalog-SP storage policy and click ADD.
104
Task 2: Create a Catalog
You create a catalog as an organization administrator.
• User name: rnd_catalog_author
3. Select Libraries and select Catalogs in the left pane.
4. Click NEW.
5. Configure the catalog in the Create Catalog window and then click OK.
Option Action
Name Enter Beta-OVDC-Catalog in the text box.
Description Enter Catalog to store vApp templates in

the Beta-OVDC in the text box.
Pre-provision on specific Turn on the toggle.

storage policy
Org VDC Select Beta-OVDC (2) from the drop-down menu.
Storage Policy Select Catalog-SP from the drop-down menu.
Beta-OVDC-Catalog appears in the list.
105
Task 3: Share a Catalog
You share a catalog with an organization user.
1. Log in to the Log in to the VMware Cloud Director tenant portal.
2. Select Libraries and select Catalogs in the left panel.
Beta-OVDC-Catalog does not appear on the catalogs list.
7. Click the vertical ellipsis icon next to Beta-OVDC-Catalog and select SHARE.
8. Select Specific Users and Groups in the Share Catalog window.
9. Select rnd_vapp_user from the user list.
10. Select Read/Write from the access level drop-down menu and click SAVE.
Beta-OVDC-Catalog appears on the catalogs list and rnd_catalog_author appears in the

Owner text box.
106
Task 4: Publish a Catalog
You publish a catalog externally to make its vApp templates and media files available for
subscription by organizations external to the VMware Cloud Director installation.
4. Click VMBeans-RnD-Org from the list of organizations.
5. In Configure, select Catalog.

6. Click EDIT to enable the external catalog publishing for the organization.
7. Enable Share catalog to other Organizations, Publish external catalogs, and Subscribe to
external catalogs in the Catalogs sharing and Publishing window.
8. Click KEEP to save the Sharing and Publishing settings.
13. Click the vertical ellipsis icon next to Beta-OVDC-Catalog and select Publish settings.
14. Select Enable Publishing in the Publish the settings for catalog window.
15. Enter VMware1! in the Password text box.
16. Enter VMware1! in the Confirm Password text box.
17. Select the Preserver identity information check box and click SAVE.
18. Click the vertical ellipsis next to Beta-OVDC-Catalog and select Publish settings.
A subscription URL must appear. You must provide the subscription URL when you
subscribe to an external catalog.
19. Click DISCARD.
107
Task 5: Upload the Media Files
You upload new media files to a catalog. Users with access to the catalog can open the media
files with their virtual machines.
1. Click Beta-OVDC-Catalog from the list of catalogs.
2. Click Media & Other under General.
3. Click ADD to upload the media file.
4. Click the upload icon.
5. Navigate to student01\Desktop\Class Materials and

Licenses\Downloads.
6. Select DSL-4.4.4.RC2.iso in the Upload Media window.
7. Click Open.
8. Click OK.
After the upload starts, the dsl-4-4.10.iso media file appears in the grid.
108
Lab 16 Working with vApp Templates
Objective and Tasks

Create a vApp template to the published catalog and deploy a vApp using a vApp template:
1. Create a vApp Template from an OVF File
2. Import a VM from vCenter Server as a vApp Template
3. Create a vApp from a vApp Template
109
Task 1: Create a vApp Template from an OVF File
You create a vApp template from an OVA file and add it to Published-Catalog.
3. Select Libraries and select vApp Templates in the left pane.
4. Click NEW.
5. Click Upload to view to the .ova file.
6. Select CentOS7.ova and click Open.
7. Click NEXT in the Select Source window.
8. Click NEXT on the Review Details page.
9. Configure the vApp template in Select vApp Template and then click NEXT.
Option Action
Name Enter vApp-Template-1 in the text box.
Description Enter vApp-Template-1 for VMBeans-RnD-org in the text box.
Catalog Select Beta-OVDC-Catalog from the drop-down menu.
10. Click FINISH on the Ready to Complete page.
The import might take approximately 4-5 minutes. The new vApp-Template-1 appears in the
templates grid view.
110
Task 2: Import a VM from vCenter Server as a vApp Template
You import a VM from vCenter Server as a vApp template and add it to Published-Catalog.
4. Click Beta-OVDC (2) from the list of organization virtual data centers.
7. Click IMPORT FROM VCENTER.
8. Select the sa-vcsa-01 vCenter Server instance from the drop-down menu.
9. Select CentOS7 from the list of virtual machines.
10. In the Import from vCenter page, configure the vApp template settings and then click NEXT.
Option Action
Name Enter vApp-Template-2 in the text box.
Description Enter vApp-Template-2 for VMBeans-RnD-org in the text box.
Catalog Select Beta-OVDC-Catalog from the drop-down menu.
11. Click IMPORT on the Import from vCenter page.
The new vApp-Template-2 appears in the templates grid view.
111
Task 3: Create a vApp from a vApp Template
You create a new vApp based on a vApp template stored in a catalog.
4. Select vApp-Template-1 and click CREATE VAPP.
5. On the Select Name page, configure the name of the deployed vApp and then click NEXT.
Option Action
Description Enter vApp-03 deployed from vApp-Template-1 in the text

box.
Runtime Select 7 Day(s) from the drop-down menu.

lease
Storage lease Select 7 Day(s) from the drop-down menu.
6.
7. Select Beta-OVDC (2) from the list of organization virtual data centers and click NEXT.
8. Click NEXT on the Compute Policies page.
9. Click NEXT on the Customize Hardware page.
10. Click NEXT on the Configure Networking page.
11. Click FINISH on the Ready to Complete page.
You must wait the create task to complete and verify that vApp-03 is created.
12. Click Applications on the top bar and select Virtual Applications.
vApp-03 appears in the list of vApps.

112
Lab 17 Creating and Managing the
Organization VDC Template
Objective and Tasks

Create organization VDC templates for an organization VDC supported by NSX-T Data Center
and create an organization VDC from an organization VDC template:
1. Create an Organization VDC Template from the Provider Portal
2. Instantiate an Organization VDC Template from the Provider Portal
3. Instantiate an Organization VDC Template from the Tenant Portal
113
Task 1: Create an Organization VDC Template from the Provider
Portal
You create and manage an organization VDC template.
3. Click Organization VDC Templates in the left pane and click NEW.
4. Configure the edge cluster in the Select Candidate Location window.
a. Select NSX-T from the Network Provider Type drop-down menu.
b. Expand VMBeans-Rnd-PVDC and select T0-GW-OVDC.
c. Select edge-cluster-01 from the Edge Cluster For NSX-T Gateway drop-down menu.
d. Select edge-cluster-01 from the Services Edge Cluster drop-down menu.
e. Click NEXT.
5. Select Pay-As-You-Go and click NEXT.
6. Leave the default settings and click NEXT on the Pay-as-you-go page.
7. Select the Catalog-SP check box.
8. Enter 50 GB to set the limit of storage resource for the storage policy in the Allocated
Storage text box.
9. Click NEXT.
10. Configure the edge gateway on the Configure Edge Gateway page.
Option Action
Create a new edge gateway Turn on the toggle.
Name Enter Org-VDC-Template-Edge in the text box.
Description Enter Edge Gateway for Beta-OVDC in the text box.
IP allocation Count Enter 2 in the text box.
a. Click NEXT.
114
11. Configure the organization VDC network on the Configure Organization VDC Network page.
Option Action
Name Enter Org-VDC-Template-NW in the text box.
Description Enter Organization VDC network for Beta-OVDC in the text

box.
Gateway Enter 192.168.101.1/24 in the text box.

CIDR
12. Leave the settings to the default values and click NEXT.
13. Enter 192.168.101.10-192.168.101.50 in the Static IP Pools text box, click ADD,
and click NEXT.
14. Leave the default settings in Configure Network Pools and click NEXT.
15. Select the VMBeans-RnD-Org check box on the Configure Access List page and click NEXT.
16. Configure the VDC template name on the Name This VDC Template page and then click
NEXT.
Option Action
System Name Enter PayAsYouGo-VDCTemplate in the text box.
System Enter PayAsYouGo-VDCTemplate with EDGE Gateway in

Description the text box.
Tenant Name Enter PayAsYouGo-RnD-VDCTemplate in the text box.
Tenant Enter Beta-OVDC-Template with EDGE Gateway in the

Description text box.
17. Click FINISH on the Summary page.
The new VDC template appears in the Organization VDC Templates grid view.
115
Task 2: Instantiate an Organization VDC Template from the Provider
Portal
You instantiate an organization VDC template to create an organization virtual data center from
the provider portal.
1. Select PayASYouGo-VDC-Template and click INSTANTIATE VDC.
2. Configure the VDC on the Instantiate VDC page.
Option Action
Name Enter Demo1-OVDC in the text box.
Description Enter Pay as you go organization VDC deployed from

an Organization VDC template in the text box.
Organization Select VMBeans-RnD-Org from the drop-down menu.

Name
3. Click CREATE.
The creation of the new organization virtual data center is instantiated and might take a few
minutes. You can see the progress of the task in the Recent Tasks pane.
The new Demo1-OVDC organization VDC appears in the Organization VDCs list view.
116
Task 3: Instantiate an Organization VDC Template from the Tenant
Portal
You instantiate an organization VDC template to create a new organization virtual data center
from the tenant portal.
3. From the top bar, select Libraries and select Organization VDC Templates in the left pane.
4. Select PayAsYouGo-RnD-VDCTemplate and click INSTANTIATE VDC.
5. Configure the name in the Instantiate VDC window.
Option Action
Name Enter Demo2-OVDC in the text box.
Description Enter Pay as you go organization VDC deployed from an

Organization VDC template in the text box.
6. Click CREATE.
The creation of the new organization virtual data center is instantiated and might take a few
minutes. You can see the progress of the task in the Recent Tasks pane.
7. Click Data Centers on the top bar.
The new Demo2-OVDC organization VDC appears in the organization VDCs list.
117
118
Lab 18 Provider Networking Tasks
Objective and Tasks

Create an external network, Tier-0 gateways, an edge gateway, a direct organization VDC
network, and an imported organization VDC network as a system administrator:
1. Create a Distributed Virtual Port Group Supported External Network
2. Create an External Network Using Segments
3. Create a Tier-0 Gateway Using Tier0
4. Create a Tier-0 Gateway Using VRF
5. Create an Edge Gateway
6. Create a Direct Organization VDC Network
7. Create an Imported Organization VDC Network
119
Task 1: Create a Distributed Virtual Port Group Supported External
Network
You create an external network supported by a distributed virtual port group (DVPG) in vCenter
Server.
3. Click External Networks in the left pane and click NEW.
4. Select vSphere Resources and select Distributed Port Groups.

5. Click NEXT.
6. Enter DVPG-External-NW-2 as the name.
7. Enter This network is backed by a distributed virtual

portgroup in vCenter Server as the description.
8. Click NEXT.
Distributed port groups are listed.
9. Select pg-SA-External-DVPG-02 as the Distributed Port Group and click NEXT.
10. Configure the Gateway CIDR and static IP pool settings for the external network.
b. Enter 172.20.12.1/24 in the Gateway CIDR text box.
e. Click ADD.
f. Click SAVE.
When you connect a VM to the DVPG supported external network, the VM uses the IP
address from this static pool range.
11. Click NEXT.
12. Click FINISH.
120
Task 2: Create an External Network Using Segments
You create an external network so that the workload from the cloud can reach the external
network, any other network domain, or the Internet.
1. Click NEW under External Networks.
2. Scroll down, select NSX-T Segments, and select sa-nsxmgr-01 from the Select a registered
NSX-T Manager section.
3. Click NEXT.
4. Enter Seg-External-NW-01 as the name.
5. Enter An External Network Using Segments as the description and click NEXT.
6. Select External-01-Seg as the segment and click NEXT.
7. Configure the Gateway CIDR and static IP pool settings.
a. Click NEW.
e. Click ADD.
f. Click SAVE.
To connect a VM to the external network, you need the IP address from this static pool
range.
8. Click NEXT.
9. Click FINISH.
121
Task 3: Create a Tier-0 Gateway Using Tier0
You create a Tier-0 Gateway to import the Tier-0 Gateway from NSX-T Data Center to VMware
Cloud Director.
1. Click Tier-0 Gateways.
You notice that a T0 is already created.
2. Click NEW under Tier-0 Gateways.
3. Select sa-nsxmgr-01 from the NSX Manager drop-down menu and click NEXT.
4. Enter T0-GW-NW-01 as the name.
5. Enter This network allows organizations to import a Tier-0

Gateway from NSX-T to VMware Cloud Director as the description and
click NEXT.
6. Select T0-GW-NW-01 as the Tier-0 router and click NEXT.
7. Configure the subnet and static IP pool settings.
e. Click ADD.
f. Click SAVE.
The edge gateways that are connected to the Tier-0 gateway require IP addresses
from the static IP pools.
8. Click NEXT.
9. Click FINISH.
122
Task 4: Create a Tier-0 Gateway Using VRF
You create a Tier-0 gateway to import the VRF segment from NSX-T Data Center to VMware
Cloud Director.
1. Click NEW under Tier-0 Gateways.
2. Select sa-nsxmgr-01 from the NSX Manager list and click NEXT.
3. Enter VRF-T0-GW-NW-02 as the name.
4. Enter This network allows organizations to import a VRF

Gateway from NSX-T to VMware Cloud Director as the description and
click NEXT.
5. Select T0-GW-VRF-02 as the Tier-0 Router and click NEXT.
6. Configure the Tier-0 gateway IP block and static IP pool settings.
b. Enter 172.20.10.1/24 in the IP Block text box.
e. Click ADD.
f. Click SAVE.
The edge gateways that are connected to the VRF gateway require IP addresses from
the static IP pools.
7. Click NEXT.
8. Click FINISH.
123
Task 5: Create an Edge Gateway
You create an edge gateway that is used during the creation of a routed organization VDC
network.
1. Click Edge Gateways in the left pane and click NEXT.
2. Select Dev-OVDC (1) as the Organization VDC and click NEXT.
3. Enter Dev-Edge-01 in the Name text box.
4. Enter This Edge gateway will be used for Routed Organization

VDC Network and few other edge services in the Description text box and
click NEXT.
5. Select T0-GW-NW-01 on the Tier-0 Gateways page and click NEXT.
6. Select Select specific edge cluster on the Edge Cluster page.
7. Select edge-cluster-01 and click NEXT.
8. Enter 172.20.10.131-172.20.10.140 in the IP Allocation text box on the

Allocated IPs page.
9. Click ADD and click NEXT.
10. Click FINISH.
When you create a dedicated edge gateway in VMware Cloud Director, a Tier-1 gateway in
NSX-T Data Center is created.
124
Task 6: Create a Direct Organization VDC Network
You create a direct organization VDC network in Dev-OVDC (1).
You must be logged in as the system administrator to perform this task because the organization
administrator cannot create a direct organization VDC network.
2. In the right pane, click the icon next to the VMBeans-RnD-Org organization.
A new tab appears with the VMBeans-RnD-Org tenant portal URL.
3. In the Virtual Data Centers pane, click Dev-OVDC (1) card.
4. Click Networks under Networking in the left pane and click NEXT.
The New Organization VDC Network window appears.

5. Select Current Organization Virtual Data Center and click NEXT.
6. On the Network Type page, select Direct and click NEXT.
7. On the General page, configure the values and then click NEXT.
Option Action
Name Enter Dev-Org-Direct-NW in the text box.
Description Enter Shared Direct Org VDC network for Site A in the text
box.
Shared Turn on the toggle.
By sharing the organization VDC network, the other organization VDCs in the
Site A (SA) can view this network. The organization VDCs in the VMBeans-
Testing-Org organizations can access this network.
8. On the External Network Connection page, select DVPG-External-NW-2 and click NEXT.
DVPG-External-NW-2 is the external network that was created previously.
9. Review the configuration and click FINISH.
No object is created or configured on vCenter Server.
125
Task 7: Create an Imported Organization VDC Network
You create an imported organization VDC network in Dev-OVDC (1) OVDC.
You must be logged in as a system administrator.
1. Click NEW to create a network.
2. Select Current Organization Virtual Data Center on the Scope page and click NEXT.
3. Select Imported on the Network Type page and click NEXT.
4. Select Imported-Seg on the NSX-T Logical Switch page and click NEXT.
5. Configure the settings on the General page and then click NEXT.
Option Action
Name Enter Dev-Org-Imported-NW in the text box.
Description Enter Imported organization VDC network for

Dev-OVDC (1) in the text box.
Gateway CIDR Leave 172.16.10.1/24 as the default value.
6. Enter 172.16.10.11-172.16.10.50 under Static IP Pools on the Static IP Pools

page.
7. Click ADD and click NEXT.
8. Configure the settings on the DNS page and then click NEXT.
Option Action
Primary DNS Enter 172.20.10.11 in the text box.
DNS suffix Enter vclass.local in the text box.
The imported organization VDC network is created.
126
Lab 19 Creating and Verifying
Organization VDC Networks
Objective and Tasks

Create organization VDC networks, deploy the edge gateway, and assign the networks to VMs:
1. Read the Three-Tier Application Use Case
2. Create a Routed Organization VDC Network
3. Assign the Routed Organization VDC Network to a vApp
4. Create an Isolated Organization VDC Network
5. Create a Second Isolated Organization VDC Network
6. Assign the Isolated Organization VDC Network to vApps
7. Assign the Second Isolated Organization VDC Network to a vApp and Verify Connectivity
8. Assign and Verify the Second Isolated Organization VDC Network
127
Task 1: Read the Three-Tier Application Use Case
You read the VMBeans-Alpha use case to understand the security applications requirements.
1. Read the VMBeans-RnD Org application configuration scenario.
The VMBeans-RnD Org customer wants to configure a three-tier application with web,
application, and database servers. The customer requires network connectivity to be
available only between the web and application servers and application and database
servers. The database servers must not have connectivity to the web servers but must have
connectivity to the application servers only.
2. Read the proposed solution.
The VMBeans-RnD Org customer can create routed and isolated organization VDC networks
and connect the routed network only to the web servers so that web servers can connect
to another network domain external to the cloud. Connect one isolated organization VDC
network to both the web and application servers. Connect another isolated organization
VDC network to the application and database servers. Web server and application server
can communicate using the first isolated organization VDC network. The application and
database servers can communicate using the second isolated organization VDC network.
128
Task 2: Create a Routed Organization VDC Network
You create a routed organization VDC network in the VMBeans-RnD-Org organization.
You must be logged in as the organization administrator.

3. Click Dev-OVDC (1) from the virtual data centers card view.
4. In the left pane, click Networks under Networking.
6. Click NEXT on the Scope page.
7. In Network Type, leave Routed selected and click NEXT.
8. In Edge Connection, select Dev-Edge-01 and click NEXT.
9. In General, configure the settings and then click NEXT.
Option Action
Name Enter Dev-Org-Routed-NW in the text box.
Gateway Enter Routed organization VDC network for

CIDRDescription Dev-OVDC (1) in the text box.
Gateway CIDR Enter 172.20.40.1/24 in the text box.
10. In Static IP Pools, configure the settings.

a. Enter the IP range 172.20.40.51-172.20.40.100 under Static IP Pools.
b. Click ADD.
c. Click NEXT.
129
11. In DNS, configure the settings and then click NEXT.
Option Action
The routed organization VDC network is created.
13. Open a new browser tab and select vSphere Site-A > vSphere Client (SA-VCSA-01) from
the bookmark.
15. Click the Networking view and verify that a port group is created under the dvs-SA-
Datacenter distributed switch named Dev-Org-Routed-NW-UUID.
130
Task 3: Assign the Routed Organization VDC Network to a vApp
You assign the routed organization VDC network to a Web-Servers vApp.
1. Navigate to the VMBeans-RnD-Org tenant portal tab.
2. In the left pane, click vApps under Compute.
3. Click DETAILS on the Web-Servers vApp card.
4. Click Networks on the Web-Servers vApp page.
5. Click NEW to add the OrgVDC network.
6. Select OrgVDC Network.
7. Select the Dev-Org-Routed-NW network and click ADD.
8. Click Virtual Machines on the Web-Servers vApp page.
9. Click the Web-VM1.
10. Under Hardware, click NICs and click EDIT.
11. Configure NIC0 and then click SAVE.
Option Action
Connected Select the check box.
Network Select Dev-Org-Routed-NW from the drop-down menu.
IP Mode Select Static - IP Pool from the drop-down menu.
MAC Address Clear the existing MAC address by clicking the MAC address
and selecting Reset.
12. Under Guest OS Customization, verify that Enable guest customization is enabled.
a. If guest optimization is not enabled, you must click EDIT, select Enable guest
customization, deselect Auto Generate password, and click SAVE.
13. Click the ALL ACTIONS drop-down menu and select Power > Power On, Force
Recustomization.
When the VM is powered on, an IP address is assigned to the Web-VM1 VM from the Dev-
Org-Routed-NW.
14. Click NICs under Hardware and verify that an IP address appears in the IP Address column.
131
Task 4: Create an Isolated Organization VDC Network
You create an isolated organization VDC network in the VMBeans-RnD-Org organization.
1. In the left pane, click Networks under Networking.
3. Click NEXT in the Scope page.
4. In Network Type, select Isolated and click NEXT.
5. In the General section, configure the settings and then click NEXT.
Option Action
Name Enter Dev-Org-Isolated-NW-01 in the text box.
Description Enter First Isolated organization VDC

network for Dev-OVDC (1) in the text box.
6. In the Static IP Pools section, configure the settings.
a. Enter the 172.20.50.51-172.20.50.100 IP range in Static IP Pools.
b. Click ADD.
c. Click NEXT.
7. In the DNS section, configure the settings and then click NEXT.
Option Action
The isolated organization VDC network is created.
9. Navigate to the open vSphere Client browser tab.
Datacenter distributed switch named Dev-Org-Isolated-NW-01-UUID.
132
Task 5: Create a Second Isolated Organization VDC Network
You create another isolated organization VDC network in the VMBeans-RnD-Org organization.
1. Navigate to the tenant portal.
2. Click NEW under Networks in the right pane.
3. Click NEXT in the Scope page.
4. In Network Type, select Isolated and click NEXT.
5. In the General section, configure the settings and then click NEXT.
Option Action
Name Enter Dev-Org-Isolated-NW-02 in the text box.
Description Enter Second Isolated organization VDC

network for Dev-OVDC (1) in the text box.
6. In the Static IP Pools section, configure the settings.
a. Enter the IP range 172.20.60.51-172.20.60.100 under Static IP Pools.
b. Click ADD.
c. Click NEXT.
7. In the DNS section, configure the settings and then click NEXT.
Option Action
The second isolated organization VDC network is created.
9. Navigate to the open vSphere Client browser tab.
Datacenter distributed switch named Dev-Org-Isolated-NW-02-UUID.
133
Task 6: Assign the Isolated Organization VDC Network to vApps
You assign the isolated organization VDC network to the Web-Servers and App-Servers vApps.
1. Navigate to the VMBeans-RnD-Org tenant portal.
4. Click Networks on the Web-Servers vApp page.
6. Select the OrgVDC Network.
7. Select Dev-Org-Isolated-NW-01 network and click ADD.
9. Click Web-VM1.
10. In Hardware, click NICs and click EDIT.
11. Click NEW.
A new NIC NIC1 is added.
Option Action
Network Select Dev-Org-Isolated-NW-01 from the drop-down menu.
MAC Address Leave the default value.
13. Click the ALL ACTIONS drop-down menu and click Power > Shut Down Guest OS.
You must power on the VM to recustomize the OS.
14. Click the ALL ACTIONS drop-down menu and click Power > Power On, Force
Recustomization.
When the VM is powered on, an IP address is assigned to the Web-VM1 VM from the Dev-
Org-Isolated-NW-01 network.
15. Click NICs under Hardware and verify that an IP address appears in the IP Address column.
134
17. Click DETAILS on the App-Servers vApp card.
18. Click Networks on the App-Servers vApp page.
22. Click Virtual Machines on the App-Servers vApp page.
23. Click the App-VM1.
Option Action
135
Task 7: Assign the Second Isolated Organization VDC Network to a
vApp and Verify Connectivity
You assign the second isolated organization VDC network to an App-VM1 VM and verify the web
server to application server connectivity.

8. Click App-VM1.
10. Click NEW in the Edit NICS for App-VM1 window.
Option Action
Connected Leave the check box selected.
12. Click the ALL ACTIONS drop-down menu and click Power > Power On, Force
Recustomization.
When the VM is powered on, two IP addresses are assigned to the App-VM1 VM one from
the Dev-Org-Isolated-NW-01 network and one from the Dev-Org-Isolated-NW-02 network.
a. If the web console is disconnected, close the console.
136
14. Accept the console certificate manually and open the console:
a. Open a new tab in the browser and enter https://sa-vcd-

p.vclass.local:8443
b. Click Advanced and click Accept the Risk and Continue.
15. Navigate to the tenant portal and click LAUNCH WEB CONSOLE of the VM.
16. Log in to the web console of the App-VM1 VM.
• User name: root
The guest customization takes 2 to 3 minutes and requires multiple reboots of the VM.
17. In the web console window, enter the ip a command and verify that the server has the
following two IP addresses.
• NIC0 (ens192) with an IP address from the 172.20.50.1/24 network
• NIC1 (ens224) with an IP address from the 172.20.60.1/24 network
18. Enter ping -c 3 172.20.50.51.
The ping command must receive a response from Web-VM1 because both the App-VM1
and Web-VM1 VMs are connected to the same isolated organization VDC network. In this
example, 172.20.50.51 is the NIC1 (ens224) IP address of the Web-VM1.
19. Enter ping -c 3 172.20.40.51
The ping command must not receive a response from Web-VM1 because the App-VM1 VM
is not connected to the routed organization VDC network. In this example, 172.20.40.51 is
the NIC0 (ens192) IP address of the Web-VM1.
20. Close the web console of the App-VM1 VM.
137
Task 8: Assign and Verify the Second Isolated Organization VDC
Network
You assign an isolated organization VDC network to the DB-Server-01 VM, verify that the VMs
are assigned IPs from the configured IP pool, and verify the network connectivity between the
database server and the application server VMs.
2. Click DETAILS on the DB-Servers vApp card.
3. Click Networks on the DB-Servers vApp page.
The added organization VDC network appears.
7. Click Virtual Machines on the DB-Servers vApp page.
8. Click the DB-Server1 VM.
9. On the DB-Server1 virtual machine page, click NICs under Hardware.
10. Click EDIT.
11. Configure NIC 0 and then click SAVE.
Option Action
IP Mode Select Static -IP Pool from the drop-down menu.
The NIC0 must have a valid IP address, for example, 172.20.60.52.
a. If the guest optimization is not enabled, you must click EDIT and select Enable guest
customization and deselect Auto Generate password and click SAVE.
13. From the ALL ACTIONS drop-down menu, select Power > Power On, Force
Recustomization.
The guest customization takes 2 to 3 minutes and requires multiple reboots of the VM.
138
15. Log in to the web console of the DB-Server-01 VM.
• User name: root
16. In the web console window, enter the ip a command and verify that the server has an IP
address from the 172.20.60.1/24 (ens192) network.
17. Enter ping -c 3 172.20.60.51
The ping command must receive a response from App-VM1 because both the App-VM1
and DB-Server1 VMs are connected to the same isolated organization VDC network. In this
example, 172.20.60.51 is the NIC0 (ens192) IP address of the App-VM1.
18. Enter ping -c 3 172.20.40.51.
The ping command must not receive a response from Web-Server1 because the routed
organization VDC network is not reachable from the DB-Server1 VM. In this example,
172.20.40.51 is the NIC0 (ens192) IP address of the Web-VM1.
19. Close the DB-Server1 VM web console.
139
140
Lab 20 Creating and Verifying vApp
Networks
Objective and Tasks

Review the use case and create vApp networks to verify connectivity:
1. Read the Applications Server Use Case
2. Read the Database Server VM Use Case
3. Create an Isolated vApp Network and Assign to vApps
4. Verify the Isolated Network Connectivity
5. Assign the Direct Organization VDC Network to a VM
6. Assign the Imported Organization VDC Network to a VM
7. Configure a Routed vApp Network
8. Verify a Routed vApp Network
141
Task 1: Read the Applications Server Use Case
You read the VMBeans-RnD-Org use case to understand the security applications requirements.
1. Read the VMBeans-RnD-Org application configuration scenario.
The VMBeans-RnD Org customer has security applications running on their application
servers. The security application servers must have the connectivity between them but must
not have connectivity to the other servers in the tenant environment.
The VMBeans-RnD Org customer can create isolated vApp networks and connect both the
application servers to the same isolated vApp network. The network traffic is allowed only
between both the servers. The traffic cannot flow out of the vApp environment.
Task 2: Read the Database Server VM Use Case

You read the VMBeans-Alpha use case to understand the database server VM communication
scenario.
1. Read the VMBeans-RnD Org database server configuration requirements.
VMBeans Cloud Director Service Provider receives a request from the VMBeans-RnD Org
customer. The customer has a physical Oracle database server in the server farm that
cannot be imported directly to the tenant portal. Communication must be enabled between
the Oracle database VM and the database VM that runs on the VMware Cloud Director
tenant portal. The Oracle VM must be able to write a few entries to the database tables on
the database VM.
VMBeans Cloud Director Service Provider can bring the VMBeans-Alpha customer Oracle
database VM to the NSX-T Data Center environment.
In the NSX-T Data Center environment, the customer can:
• Connect the Oracle VM directly to a segment.
• Import the segment to VMware Cloud Director as T0.
• Create an imported organization VDC network using the same segment that was
imported in VMware Cloud Director.
• Use the imported network directly connected to the database VM in the VMware Cloud
Director tenant portal.
142
Task 3: Create an Isolated vApp Network and Assign to vApps
You create an isolated vApp network in the VMBeans-RnD-Org organization and assign the
network to vApps.
3. Click Dev-OVDC (1) in the Virtual Data Center pane.

7. Click the App-VM1 VM.
8. From the ALL ACTIONS drop-down menu, select Power > Shut Down Guest OS.
9. Click SHUTDOWN in the Confirm Guest OS Shut Down window.
Wait for the VM to shut down successfully.
11. Click NEW to add an isolated vApp network and select vApp Network.
Option Action
Name Enter Dev-vApp-Isolated-NW in the text box.
Primary DNS Leave blank.
Static IP Pools Enter 10.10.10.11-10.10.10.20 in the text box, click

ADD and click ADD.
An isolated vApp network is created. The Dev-vApp-Isolated-NW network does not have a
connection with any other networks because it is an isolated network. The connection field
of Dev-vApp-Isolated-NW must not show any connectivity to the other networks.
12. On the App-VM1 virtual machine page, click NICs under Hardware and click EDIT.
143
13. Select NIC 0 and configure the NIC.
Option Action
Network Select Dev-vApp-Isolated-NW from the drop-down menu.
14. Select NIC 1 and configure the NIC.
Option Action
Connected Deselect the check box.
Network Leave the default value.
IP Mode Leave the default value.
15. Click SAVE.
Wait for the NIC to update.
Recustomization.
You must wait approximately 3 to 4 minutes for the VM to power on and to perform guest
OS customization at startup.
144
Task 4: Verify the Isolated Network Connectivity
You verify the isolated vApp network connectivity between application servers.
1. Click LAUNCH WEB CONSOLE under App-VM1 virtual machine.

• User name: root
10.10.10.11 (NIC0) IP address.
4. Navigate to the tenant portal and click App-Servers.
5. On the App-Server page, click App-VM2 from the list of virtual machines.
6. Assign the Dev-vApp-Isolated-NW network to NIC0 of the App-VM2 VM using the previous
steps and ensure that NIC0 is connected.
7. Under Guest OS Customization, verify that Enable guest customization is enabled on App-
VM2 virtual machine.
Recustomization.
Guest customization performs the initial configuration of the vApp and restarts the VM
multiple times. The VM takes approximately two minutes to initialize.
9. Click LAUNCH WEB CONSOLE under App-VM2 virtual machine.
10. Log in to the web console of the App-VM-02 VM.

• User name: root
11. In the web console window of App-VM2, enter the ip a command and verify that the
server has the 10.10.10.12 (NIC0) IP address.
12. Enter the ping -c 3 10.10.10.11 command.

The ping command must work. You can reach App-VM1 from App-VM2.
13. Open the console window of App-VM1 and enter the ping -c 3 10.10.10.12
command.
You can reach App-VM2 from App-VM1 and the reverse.
14. Close the console of the VMs.
145
Task 5: Assign the Direct Organization VDC Network to a VM
You assign the direct organization VDC network to a Repo VM in the Dev-OVDC (1) and access
the Internet.
2. Click DETAILS on the Repo-Servers vApp card in the right pane.
3. Click Networks under Repo-Servers vApp.
4. Click NEW and select OrgVDC Network in the window.
5. Select Dev-Org-Direct-NW and click ADD.
The Dev-Org-Direct-NW network is directly connected to the vApp. The Dev-Org-Direct-

NW network must show Direct: Dev-Org-Direct-NW under the connection text box.
6. Click Virtual Machines under Repo-Servers vApp.
7. Click Repo-VM1 in the right pane.
8. Under the Hardware section, click NICs and click EDIT.
9. Configure the NIC0 settings and click SAVE.
Option Action
Network Select Dev-Org-Direct-NW from the drop-down menu.
a. If the guest optimization is not enabled, you must click EDIT and select Enable guest
customization and deselect Auto Generate password and click SAVE.
11. From the ALL ACTIONS drop-down menu, select click Power > Power On, Force
Recustomization.
The guest customization will take 2 to 3 minutes and requires the VM to be restarted a
couple of times.
12. Click Repo-Servers.
13. Click Repo-VM2.
146
14. Under the Hardware section, click NICs and click EDIT.
15. Configure the NIC0 settings and the click SAVE.
Option Action
Network Select Dev-Org-Direct-NW from the drop-down menu.
a. If the guest optimization is not enabled, you must click EDIT, select Enable guest
Recustomization.
When the VM is powered on, the IP address is assigned to the Repo-VM2 VM.
Guest OS customization takes 2 to 3 minutes to complete and requires multiple restarts of

the VM.
18. Click Launch Web Console.
19. Log in to the web console of the Repo-VM2 VM.
• User name: root
20. In the web console window, enter the ip a command and verify that the server has an IP
address from the 172.20.12.1/24 (ens192) network.
21. Ping the Repo-VM1 VM from the Repo-VM2 VM.
ping -c 3 172.20.12.116
The ping command must receive a response from Repo-VM1. The IP address might vary
on your lab. You must ping the IP address of the Repo-VM1.
22. Close the web console of the Repo-VM2 VM.
147
Task 6: Assign the Imported Organization VDC Network to a VM
You assign the imported organization VDC network to a Repo VM in the Dev-OVDC (1).
1. Click vApps under Compute.
2. Click DETAILS on the Repo-Servers vApp card in the right pane.
3. Click Networks under Repo-Servers vApp.
4. Click NEW and select OrgVDC Network in the window.
5. Select Dev-Org-Imported-NW and click ADD.
6. Click Virtual Machines under the Repo-Servers vApp.
7. Click Repo-VM2 in the right pane.
9. Reconfigure the NIC0 settings and click SAVE.
Option Action
Network Select Dev-Org-Imported-NW from the drop-down menu.
11. Click SHUT DOWN in the Confirm Guest OS Shut Down window.
Recustomization.
14. Log in to the web console of the Repo-VM2 VM.
• User name: root
15. In the web console window, enter the ip a command and verify that the server has the IP
address 172.16.10.11 (NIC0 - ens192).
148
16. Ping the Oracle database server from the Repo-VM2 VM.
ping -c 3 172.16.10.51
The ping command must receive a response from Oracle database server. Oracle
Database Server is residing on the vCenter Server with the name DB-VM.
17. Close the web console of the Repo-VM2 VM.
Task 7: Configure a Routed vApp Network

You create a routed vApp network in the VMBeans-RnD-Org organization. You need to
configure the edge cluster on the organization VDC to connect a vApp network to an
organization VDC network.
4. Click Dev-OVDC (1).
5. Click Networking under Dev-OVDC (1).
6. Click EDIT under Edge Cluster in the right pane.
7. Turn on the Use Edge Cluster toggle, select edge-cluster-01, and click SAVE.
11. Click the Dev-OVDC (1) organization VDC card.
149
15. Click NEW and select vApp Network.
Option Action
Name Enter Dev-vApp-Org-Routed-NW in the text box.
Primary DNS Leave the value blank.
Static IP Pools Enter 20.20.20.11-20.20.20.20 in the text box and

click ADD.
Connect to an orgVdc Turn on the toggle, select Dev-Org-Isolated-NW-01, and click

network ADD.
16. Click Dev-vApp-Org-Routed-NW.
17. Verify the routing services offered by the newly created routed vApp network by clicking
Routing under Dev-vApp-Org-Routed-NW network page.
Static Routing is disabled by default.
18. Click Services on the Dev-vApp-Org-Routed-NW network page.
19. Verify that NAT is enabled.
20. Verify the default Firewall Rules and NAT IP Translation Rules.
Task 8: Verify a Routed vApp Network

You assign the routed vApp network to a vApp in the VMBeans-RnD-Org organization and verify
its connectivity.
1. Click App-Servers.
2. Click Virtual Machines under App-Servers.
3. Click the App-VM1 VM.
4. On the App-VM1 virtual machine page, click NICs under Hardware.
5. Click EDIT.
150
6. Select NIC 0 and reconfigure the NIC and then click SAVE.
Option Action
Network Select Dev-vApp-Org-Routed-NW from the drop-down menu.
NIC0 must list an IP address and an external IP address.
If you observe the page is loading for a longer time, then refresh the browser page once to
see the IP's.
You must wait for the VM to shut down successfully.
Recustomization.
• User name: root
20.20.20.11 (NIC0) IP address.
13. Navigate to the tenant portal and click App-Servers.
14. On the App-Server page, click App-VM2 from the list of virtual machines.
15. Assign the Dev-vApp-Org-Routed-NW network to NIC0 of the App-VM2 VM using the
previous steps and ensure that NIC0 is connected.
You must wait for the VM to shut down successfully.
151
Recustomization.
• User name: root
21. In the web console window of App-VM2, enter the ip a command and verify that the
server has the 20.20.20.12 (NIC0) IP address.
The ping command must work. You can reach App-VM1 from App-VM2 on the internal IP
address.
23. Open the console window of App-VM1 and enter the ping -c 3 20.20.20.12
command.
The ping command must work. You can reach App-VM2 from App-VM1 on the internal IP
address.
The ping command must work. You can reach App-VM2 from App-VM1 on the external IP
address.
25. Close the web consoles of the App-VM1 and App-VM2 VMs.
26. Navigate to the tenant portal and log out from the tenant portal.
152
Lab 21 Configuring and Verifying
Edge Gateway Services
Objective and Tasks

Configure the edge gateway services:
1. Verify Connectivity Before Configuring NAT
2. Configure the NAT Services
3. Verify the NAT Connectivity
153
Task 1: Verifying Connectivity Before Configuring NAT
You verify the connectivity to a sub allocated IP address before configuring NAT service on the
edge gateway.
3. Click the Dev-OVDC (1) virtual data centers card.
4. Click vApps.
5. Verify that the Web-Servers vApp is powered on.
8. Click VM Console of Web-VM1.
9. Log in to the web console of the Web-VM1 VM.
• User name: root
The ping command must not work as you have not configured NAT service on the edge
gateway. You will configure NAT in the next task using 172.20.10.131 IP address which is
assigned to the static IP pool of the edge gateway.
11. Close the web console of the VM.
154
Task 2: Configure the NAT Services
You configure NAT rules as an organization administrator to avoid IP conflicts with overlapping IP
addresses in a multitenant environment.
1. Navigate to the tenant portal and click Edges under Networking in the left pane.
2. Click Dev-Edge-01.
3. Click NAT on the Dev-Edge-01 edge gateway page.
4. Click NEW.
5. Add a DNAT rule for the Web-Server-01 VM and then click SAVE.
Option Action
Name Enter DNAT-01 in the text box.
Interface Type Leave the default value.
External IP Enter 172.20.10.131 in the text box.
Internal IP Enter 172.20.40.51 in the text box.
Leave the default values for all other options.
To configure the NAT rules, you use the allocated IPs on the edge gateway. The system
administrator has already allocated the IP pool for Dev-Edge-01. IP 172.20.10.131 is one of
the allocated IPs on the edge gateway that you can use for configuring the DNAT and SNAT
rules. 172.20.40.51 is the routed organization VDC network IP address assigned to the NIC0
(ens192) of the Web-VM1.
The internal IP might vary depending on the Web-VM1 VM IP that you have in your lab
environment. You enter the Web-VM1 VM IP in the Internal IP text box.
6. Click NEW to add a SNAT rule and then click SAVE.
Option Action
Name Enter SNAT-01 in the text box.
Interface Type Select SNAT.
External IP Enter 172.20.10.131 in the text box.
Internal IP Enter 172.20.40.51 in the text box.
The internal IP might vary depending on the Web-VM1 VM IP that you have in your lab
environment. You enter Web-VM1 VM IP in the Internal IP text box.
155
Task 3: Verify the NAT Connectivity
You use NAT to hide your internal VM IP address and use the allocated IP address instead of the
VM IP address to reach the VM.
1. Click Data Centers on the top bar.
2. Click the Dev-OVDC (1) virtual data centers card.
3. Click vApps.
4. Verify that the Web-Servers vApp is powered on.
7. Click VM Console of Web-VM1.

8. Log in to the web console of the Web-VM1 VM.
• User name: root
The ping command must work as you are trying to reach the NATed IP of the vApp.
10. Close the web console of the VM.
156
Lab 22 Creating and Managing a
Named Disk
Objective and Tasks

Create, attach, and detach a named disk to and from a VM:
1. Create a Named Disk
2. Attach a Named Disk to a VM
3. Detach the Named Disk
4. Delete the Named Disk
157
Task 1: Create a Named Disk
You create a named disk as an organization user.
3. Click the Research-OVDC (3) card and verify that you can view two VMs in this OVDC.
5. Click NEW.
6. Configure the named disk in the Create Named Disk window and then click SAVE.
Option Action
Name Enter NamedDisk-01 in the text box.
Description Enter NamedDisk-01 in the text box.
Storage Policy Verify that RnD-SP is selected.
Size of Disk Enter 1 in the text box and select GB from the drop-down menu.
Bus Type Verify that SCSI is selected.
The NamedDisk-01 appears with Attach VM Count as 0.
158
Task 2: Attach a Named Disk to a VM
You attach and verify the named disk to a virtual machine as an organization user.
2. Power on the Cluster-VM1 virtual machine.
a. Click ACTIONS on the Cluster-VM1 VM card.
b. Click Power > Power On.
c. Wait for the Cluster-VM1 virtual machine to power on before you proceed to the next
step.
It takes 1 to 2 minutes for the VM to power on completely.

4. Select NamedDisk-01.
5. Click ATTACH.
6. From the Virtual Machine drop-down menu, select Cluster-VM1.
7. Click ATTACH and wait for the task to finish successfully.
The Attached VM count changes from 0 to 1.
Refresh the browser page manually and observe the menu option. Only DETACH is available.
All the other options are unavailable.
8. Click the i icon next to 1 under the Attached VM Count column to find the name of the VM to
which the NamedDisk-01 is connected to.
The VM name must appear as Cluster-VM1.
10. Click DETAILS on the Cluster-VM1 card.
11. Click Hard Disks under Hardware.
12. Verify that NamedDisk-01 appears.
You can now log in to the operating system and format the disk with a file system and store
data.
159
Task 3: Detach the Named Disk
You detach the named disk from the virtual machine as an organization user.
3. Click DETACH.
The Detach Confirmation dialog box appears.
4. Click DETACH.
When the NamedDisk is detached, the Attached VM count reverts to 0.
8. Verify that NamedDisk-01 does not appear.
You can reattach the same named disk to another virtual machine in the same OS family with
which the disk was formatted the first time. When the disk is attached to the VM, all data in
the disk is available.
Task 4: Delete the Named Disk

You delete the named disk as an organization user.
3. Click DELETE.
If you do not see the delete option enabled, refresh the page.
4. In the Delete Named Disk window, click DELETE.
5. Verify that the named disk is deleted successfully.
160
Lab 23 Creating and Managing a
Shared Named Disk
Objective and Tasks

Create, attach, and detach a shared named disk to multiple VMs:
1. Create a Shared Named Disk
2. Attach a Shared Named Disk to a VM
3. Detach the Shared Named Disk
4. Delete a VM with an Attached Named Disk
161
Task 1: Create a Shared Named Disk
You create a shared named disk as a system administrator.
You are logged in as a system administrator. The organization page appears by default.
VMBeans-RnD-Org tenant portal appears in a new tab.
7. Click NEW.
8. Configure the named disk on the in the Create Named Disk window and then click SAVE.
Option Action
Name Enter SharedNamedDisk-01 in the text box.
Description Enter SharedNamedDisk-01 in the text box.
Storage Policy Verify that RnD-SP is selected.
Size of Disk Enter 1 and select GB from the drop-down menu.
Bus Type Verify that SCSI is selected.
Sharing Type Select Disk from the drop-down menu.
The SharedNamedDisk-01 appears with Attach VM Count as 0.
162
Task 2: Attach a Shared Named Disk to a VM
You attach the shared named disk created by the system administrator to multiple virtual
machines at the same time as an organization administrator.
4. Power on the Cluster-Servers vApp completely.
a. Click vApps under Compute in the left pane.

b. Click ACTIONS on the Cluster-Servers vApp card.
c. Click Power and click Start.
d. Wait for the Cluster-Server vApp to power on before you proceed to the next step.
It takes 1 or 2 minutes for the vApp to power on completely.
6. Select SharedNamedDisk-01.
7. Click ATTACH.
8. From the Virtual Machine drop-down menu, select Cluster-VM1.
Refresh the browser manually and observe the menu option. Only ATTACH and DETACH
options are available. All the other options are unavailable.
10. When SharedNamedDisk-01 is selected, click ATTACH.
11. From the Virtual Machine drop-down menu, select Cluster-VM2 and verify that the shared
named disk is attached to the virtual machines with the same operating system.
Both Cluster-VM1 and Cluster-VM2 are installed with CentOS7.
You can view that Cluster-VM1 is not available in the list as the shared named disk is already
attached to it.
163
13. Click the i icon next to 2 under the Attached VM Count column, to find the name of the VMs
to which the SharedNamedDisk-01 is connected.
The column has Cluster-VM1 and Cluster-VM2.

16. Click Hard Disks under Hardware and verify that SharedNamedDisk-01 appears.
19. Click Hard Disks under Hardware and verify that the same SharedNamedDisk-01 appears.
Task 3: Detach the Shared Named Disk

You detach the shared named disk attached to multiple virtual machines as an organization
administrator.
2. Select SharedNamedDisk-01.
3. Click DETACH.
4. In the Detach Shared Named Disk window, select Cluster-VM2 from the Virtual Machine
drop-down menu and select the virtual machine from which you want to detach the shared
named disk..
5. Click DETACH and wait for the task to finish successfully.
164
Task 4: Delete a VM with an Attached Named Disk
You delete a virtual machine to which the shared named disk is attached as an organization
administrator.
1. Power off the Cluster-Servers vApp.
a. Click vApps under Compute in the left pane.
b. Click ACTIONS on the Cluster-Servers vApp card.
c. Click Power and click Power Off.
d. Click POWER OFF.
e. Wait for the Cluster-Server vApp to power off.
2. Delete the Cluster-VM1 virtual machine.

a. Click Virtual Machines under Compute in the left pane.
b. Click ACTIONS on the Cluster-VM1 virtual machine card.
c. Click Delete.
d. Click DELETE in the Confirm Delete VM window.
Q1. Is the Cluster-VM1 virtual machine deleted even though the shared named disk
is attached to it?
A1.
The same behav ior is app licab le for t he no nshared named dis k. Yes. Cluster-VM1 virt ual m ac hine is de leted. The shared name dis k is automat ic ally detached from that VM.
165
Lab 24 Encrypting a VM and a Named
Disk
Objective and Tasks

Verify the vSphere encryption policy and verify it on the VMware Cloud Director VMs and named
disk:
1. Verify the Key Provider Details on vCenter Server
2. Verify the Encryption Policy on vCenter Server
3. Add an Encryption Policy in VMware Cloud Director
4. Create an Encrypted VM
5. Verify the Encrypted VM
6. Use the Advanced Filtering Encryption Feature
7. Create and Verify an Encrypted Named Disk

8. Use the Encrypted Disk and VM
167
Task 1: Verify the Key Provider Details on vCenter Server
You verify the key provider encryption integration on vCenter Server as an administrator.
1. Select vSphere Site-A from the bookmark and click vSphere Client (SA-VCSA-01).
2. Log in to the vCenter Server Web client.
3. Select sa-vcsa-01.vclas.local in the left pane.
4. Click the Configure tab in the right pane.
5. Click Key Providers under Security and verify that the KMS Connection status appears as
Healthy.
6. Expand SA-Datacenter > SA-NSX-T & Compute in the left pane.
7. Click sa-esxi-05.vclass.local.
9. Click Security Profile under System.
10. Enable the Host Encryption Mode on the sa-esxi-05.vclass.local host.
a. Click Edit in the right pane next to Host Encryption Mode.
b. Select Enabled from the drop-down menu for the Encryption Mode.
c. Click OK.
You must wait for a few seconds and verify that the Encryption mode appears enabled.
You can refresh the web client page.
11. Click sa-esxi-06.vclass.local in the left pane.
12. Enable the Host Encryption Mode on the sa-esxi-06.vclass.local host.
a. Click Edit in the right pane next to Host Encryption Mode.
b. Select Enabled from the drop-down menu for the Encryption Mode.
c. Click OK.
You must wait for a few seconds and verify that the Encryption mode appears enabled.
You can refresh the web client page.
168
Task 2: Verify the Encryption Policy on vCenter Server
You verify the encryption policy on vCenter Server as an administrator.
1. Click Menu on the top bar.
2. Click Policies and Profiles.
VM Storage Policies page appears by default.
3. Select Shared-SP in the right pane and, in the lower section on the page, verify that
encryption is set to Default encryption properties on this storage policy.
4. Click Menu on the top bar.
5. Click Storage. and Expand sa-vcsa-01.vclas.local > SA-Datacenter.
6. Click the SA-Remote-01 datastore and verify that it is tagged with Shared-Tag and Testing-
Tag.
7. Log out of the SA-VCSA-01 vSphere web client.
Task 3: Add an Encryption Policy in VMware Cloud Director

You import the encryption storage policy from vCenter Server to VMware Cloud Director and
assign it to the provider VDC and the organization VDC as a system administrator.
3. Configure the resources by clicking the Infrastructure Resources tab.
a. Click vCenter Server Instances in the left pane.
b. Select sa-vcsa-01 in the right pane.
c. Click REFRESH POLICIES.
d. Click REFRESH in the Refresh vCenter Server Storage Policies window.
Wait until the status of sa-vcsa-01 changes from Busy to Normal.
169
4. Assign the encryption storage policy to the provider VDC.
a. Click the Cloud Resources tab.
b. Click Provider VDCs in the left pane.
c. Click VMBeans-RnD-PVDC in the right pane.
d. Click Storage under Policies.
e. Click ADD in the right pane.
f. Select Shared-SP storage policy from the table.
You can view that the capabilities of the policy must have vSphere Encryption enabled.
g. Click ADD.
5. Assign the encryption storage policy to the organization VDC.
a. Click Organization VDCs in the left pane.
b. Click Research-OVDC (3) in the right pane.
c. Click Storage under Policies.
d. Click ADD in the right pane.
e. Select the Shared-SP storage policy from the table, and leave the allocation type as
unlimited.
f. Click ADD.
g. Expand Shared-SP.
6. Verify that the vSphere or encryption capability appears with the other capabilities.
7. Verify that the fast-provisioning feature is disabled.
8. Verify the addition of the storage policy.
a. Click the Infrastructure Resources tab.
b. Click Storage Policies in the left pane.
The Shared-SP storage policy appears with the other storage policies.
170
Task 4: Create an Encrypted Virtual Machine
You create a virtual machine on an encrypted storage policy as an administrator.
1. Click the Cloud Resources tab.
3. Click Research-OVDC (3) in the right pane.
5. Verify that the Research-OVDC (3) can view the newly added storage policy.
a. Click Storage Policies under Storage in the left pane.
b. Verify that the Shared-SP storage policy appears.
7. Click NEW VM in the right pane, configure the VM ,and then click OK.
Option Action
Name Enter EncryptedVM in the text box.
Type Select New.
Operating System Select CentOS 8 (64-bit) from the drop-down menu.
Storage For Disk 1 Storage policy, select Shared-SP, and for Size, enter 1 GB.
A1.
Q1. Did the VM creation succeed?
No. EncryptedVM vir tual m ac hine is not created bec ause yo u m ust selec t the same stor age policy for the v irtual mac hine files.
8. Scroll up on the New VM page and view the error.

The error A non-encrypted VM cannot contain an encrypted disk.
Target VM home policy: RnD-SP. Target disk-level policies:
Shared-SP. appears.
9. Scroll to the bottom on the New VM page and select the Use custom storage policy check
box.
10. From the Custom storage policy drop-down menu, select Shared-SP.
11. Click OK, wait until the VM creation task is complete, and then verify that the VM is powered
on.
a. If the VM is not powered on, power it on.
A2.
Q2.
Yes. EncryptedVM virt ual machine creat ion suc ceeded.
Did the VM creation succeed this time?
171
Task 5: Verify the Encrypted Virtual Machine
You verify the settings that identify if the VM is encrypted.
1. Click DETAILS on the EncryptedVM card.
The General page appears by default.
The Storage Policy state in the right pane appears as encrypted.
The Policy shows that the disk and its files are encrypted.
3. View the storage policy of a nonencrypted VM.
a. Select Virtual Machines in the left pane.
b. Click DETAILS on the Security-VM1 card.
The storage policy on the General page does not have the encrypted tag.
c. Click Hard Disks under Hardware.
The Policy disk and its files are not encrypted.
Task 6: Use the Advanced Filtering Encryption Feature

You apply an advanced filter and filter the encrypted VM.
2. Click ADVANCED FILTERING in the right pane.
The VM Filtering Options window appears.
3. Under By Specifics, select Encrypted from the Encrypted drop-down menu.
4. Click OK.
Only one VM appears in the EncryptedVM under Virtual Machines.
5. Click Clear all filters in ADVANCED FILTERING.
All the virtual machines appear.
172
Task 7: Create and Verify an Encrypted Named Disk
You create a named disk on an encrypted storage policy.
1. Click Named Disks in the left pane.
One named disk is created and available.
2. Click NEW in the right pane and configure the disk.
Option Action
Name Enter EncryptedNamedDisk in the text box.
Description Enter EncryptedNamedDisk in the text box.
Storage Policy Select Shared-SP from the drop-down menu.
Size of Disk Enter 1 and select GB.
Leave the other settings with their default value.
3. Click SAVE and wait for a few seconds for the Named disk creation task to complete.
After the Encrypted Named Disk is created, it appears in the table.
The Encrypted Column appears with Yes for EncryptedNamedDisk Named Disk and No for
the other Named Disks in the table.
173
Task 8: Use the Encrypted Disk and VM
You try various methods to attach the encrypted named disk to a nonencrypted VM and to an
encrypted VM.
1. Attach an encrypted named disk to an encrypted VM.
a. In the right pane, select EncryptedNamedDisk from Named Disk.
b. Click ATTACH.
The Attach Named Disk page appears.
Q1. Did you find any virtual machine in the list, which is not encrypted?
A1. No. Only the encrypted virt ual machine appears.
c. Select EncryptedVM from the drop-down menu.
d. Click ATTACH.
Attached VM Count on the EncryptedNamedDisk row must be 1.
e. Select Virtual Machines in the pane to verify the EncryptedNamedDisk attachment to

the VM.
f. Click DETAILS on the EncryptedVM card.
g. Click Hard Disks under Hardware and view that the EncryptedNamedDisk is successfully
attached to EncryptedVM.
The EncryptedNamedDisk shows the encrypted tag against the storage policy.
174
2. Change the EncryptedNamedDisk storage policy to a nonencrypted storage policy when the
disk is attached to an encrypted virtual machine.
a. Under Hard Disks, click EDIT in the right pane.
b. Under the Policy column for EncryptedNamedDisk, select RnD-SP.

c. Click SAVE.
Q2. Can you change the storage policy of EncryptedNamedDisk to a nonencrypted

storage policy?
A2. No. You cannot c hange the e ncryptio n st atus of a disk when the v irtual mac hine is powered on.
d. Click DISCARD.
e. Click ALL ACTIONS.
You are powering off EncryptedVM.
f. Click Power.
g. Click Power Off.
h. Click POWER OFF in the Power Off VM window.
i. After the virtual machine is powered off, click EDIT in the right pane under Hard Disks.
j. In the Policy column for EncryptedNamedDisk, select RnD-SP.
k. Click SAVE.
Q3. Can you change the Storage Policy of EncryptedNamedDisk when it was
attached to a powered off Encrypted VM?
A3. Yes. A powered-off VM c an change t he encryptio n stat us of any disk. An encrypted VM can have a no nencrypted disk att ac hed.
l. Click ALL ACTIONS.
You are powering on EncryptedVM.
m. Click Power.
n. Click Power On.
Q4. Can you power on the virtual machine when a nonencrypted NamedDisk is
attached to an encrypted virtual machine?
A4. Yes. A an encrypted VM c an have a nonencrypted dis k att ac hed.
175
3. Revert the EncrypteNamedDisk storage policy to an encrypted storage policy.
a. Click Named Disks under Storage in the left pane.
EncryptedNamedDisk exists on the RnD-SP storage policy.
b. Select EncryptedNamedDisk.
c. Click DETACH.
d. Click DETACH on the confirmation dialog box.
The Attach VM Count for this disk changes to 0.
e. Click EDIT.
You can refresh the page if the EDIT option is not enabled.
f. In the Edit Name Disk window, select Shared-SP from the drop-down menu of Storage
Policy.
g. Click SAVE.
EncryptedNamedDisk exists on Shared-SP Storage Policy. You can refresh the page.
176
Lab 25 Verifying Storage IOPS with
VMware Cloud Director
Objective and Tasks

You assign and verify the vCenter Server based storage IOPS policy and VMware Cloud Director
based storage IOPS policy on VMs:
1. Verify the Storage IOPS Policy on vCenter Server
2. Verify the Storage IOPS Policy in VMware Cloud Director
3. Assign and Verify the vCenter Server Enabled Storage IOPS Policy to a VM
4. Enable the VMware Cloud Director Storage IOPS Limiting on the Provider VDC
5. Assign and Verify the VMware Cloud Director Enabled Storage IOPS Policy to a VM
6. Override the Provider VDC Storage Policy on the Organization VDC
177
Task 1: Verify the Storage IOPS Policy on vCenter Server
You verify the Storage IOPS policy on the vCenter Server as an administrator.
1. On the vSphere Client page, click Menu.
2. Click Policies and Profiles.

VM Storage Policies appears by default.
3. Select Shared-SP in the right pane and verify that Storage I/O Control is set to Low I/O
shares allocation.
The IOPS reservation is set to 10.
4. Click Menu.
5. Click Storage.
6. Expand sa-vcsa-01.vclass.local > SA-Datacenter.
7. Click the SA-Remote-01 datastore.
8. Verify that the SA-Remote-01 datastore is tagged with Shared-Tag and Testing-Tag.
You must not log out of the vCenter Server portal.
Task 2: Verify the Storage IOPS Policy in VMware Cloud Director

You verify the vCenter Server enabled storage IOPS storage policy in VMware Cloud Director as
a system administrator.

3. Verify the storage IOPS capability on the Shared-RP storage policy.

Shared-SP storage policy is the policy on which the storage IOPS is enabled on vCenter
Server. Because Shared-SP is already added to VMBeans-Rnd-PVDC and Research-OVDC
(3), you must not perform those tasks.
b. Click Storage Policies in the left pane.
RnD-SP and Shared-SP storage policies appear.
c. Expand the Shared-SP storage policy.
The capabilities of the policy must have vSphere IOPS enabled.
178
Task 3: Assign and Verify the vCenter Server Enabled Storage IOPS
Policy to a VM
You create a virtual machine in the vCenter Server Storage-IOPS defined storage policy and
verify the IOPS reservation, as an organization administrator.
4. Click NEW VM to create a virtual machine.

Option Action
Name Enter IOPS-VM01 in the text box.
Computer Name Enter IOPS-VM01 in the text box.
Description Enter IOPS-VM01 in the text box.
Type Select New.
OS family Select Linux as the OS family.
Operating System Select CentOS 8 (64-bit) from the drop-down menu.
Storage Select Shared-SP from the Storage Policy drop-down menu and
enter 1 GB as the disk size.
Use custom storage Select the check box and select Shared-SP from the Storage
policy Policy drop-down menu.
6. Verify the vCenter Server storage IOPS setting on the virtual machine disk.
a. Click DETAILS on the IOPS-VM1 card.
b. Click Hard Disks under Hardware.
Q1. What is the IOPS value defined on the IOPS-VM1 hard disk?
A1. The IO PS value assig ned to t he IOPS-VM1 hard d isk is 1 0. The value is t he storage IO PS reservat ion value t hat is defined in vCenter Server on t he S hared-S P stor age policy.
179
Task 4: Enable the VMware Cloud Director Storage IOPS Limiting on
the Provider VDC
You override the vCenter Server defined storage IOPS policy with the VMware Cloud Director
defined IOPS values as a system administrator.
3. Edit the existing storage policy to override the vCenter Server configuration.
a. Click Provider VDCs in the left pane.
b. Click VMBeans-RnD-PVDC in the right pane.

d. Select Shared-SP in the right pane.
e. Click EDIT SETTINGS.
4. In the Edit Storage Policy Settings window, define the values, click EDIT, and then click
CANCEL.
Option Action
IOPS Limiting Enabled Turn on the toggle.
Impact Placement Turn off the toggle.
Maximum Disk IOPS Enter 100 in the text box.
Disk IOPS Per GB Max Enter 20 in the text box.
Default Disk IOPS Enter 20 in the text box.
IOPS Limit Enter 100 in the text box.
Q1. Can you edit the storage policy?

A1. No. When the vCe nter Server storage IO PS is enabled o n a storage policy, VMware C loud Dire ctor c annot overr ide the sett ings.
180
5. Disable the vCenter Server storage policy to override the existing vCenter Server storage
policy.
a. Navigate to the tab where you are logged in as an administrator on the vSphere Client
(SA-VCSA-01) portal.
b. Click Menu.
c. Click Policies and Profiles.
e. Click EDIT.
f. Turn off the vCenter Server policies toggle in the Edit VM Storage Policy window and
click NEXT.
g. Deselect the Enable host based rules check box.
h. Click NEXT.
i. Click NEXT.
j. Click NEXT.
k. Click FINISH.
l. Click YES in the VM Storage Policy in Use window.
vCenter Server policies are disabled on this storage policy.
m. Log out of the SA-VCSA-01 vSphere web client.
6. Navigate to the tab where you are logged in as a system administration on the provider
portal.
b. Click vCenter Server Instances in the left pane.
c. Select sa-vcsa-01 in the right pane.
d. Click REFRESH POLICIES.
e. Click REFRESH in the Refresh vCenter Server Storage Policies window.
Wait until the status of sa-vcsa-01 changes from Busy to Normal.
f. Click Storage Policies in the left pane.
g. Expand the Shared-SP storage policy.
All the vCenter Server capabilities are now disabled and not available.
181
7. Modify the existing storage policy to configure the VMware Cloud Director Storage IOPS
configuration.
a. Click the Cloud Resources tab.
b. Click Provider VDCs in the left pane.

c. Click VMBeans-RnD-PVDC in the right pane.
d. Click Storage under Policies.
e. Select Shared-SP in the right pane.
f. Click EDIT SETTINGS.
8. In the Edit Storage Policy Settings window, define the values and then click EDIT.
Option Action
IOPS Limiting Enabled Turn on the toggle.
Impact Placement Turn off the toggle.

A2. Yes. You c an edit t he stor age policy bec ause t he vCenter Server conf iguratio n o n t he storage po licy is disab led.
9. Expand the Shared-SP storage policy and observe that VCD IOPS capability appears.
The organization VDC inherits the provider VDC storage policy configuration by default.
10. Verify that the organization VDC inherits the provider VDC storage policy configuration.
In the organization VDC, Inherit From Provider VDC is enabled by default.
f. Click CANCEL.
182
Task 5: Assign and Verify the VMware Cloud Director Enabled
Storage IOPS Policy to a VM
You create a virtual machine in the VMware Cloud Director storage IOPS defined storage policy
(provider VDC) and verify the IOPS reservation as an organization administrator.
4. Click NEW VM to create a virtual machine.

5. Configure the VM in the New VM window and then click OK.
Option Action
Name Enter IOPS-VM02 in the text box.
Computer Name Enter IOPS-VM02 in the text box.
Description Enter IOPS-VM02 in the text box.
Type Select New.
OS family Select Linux as the OS family.
Operating System Select CentOS 8 (64-bit) from the drop-down menu. Leave the
remaining default values.
Storage Select Shared-SP from the Storage Policy drop-down menu and
enter 1 GB as the disk size.
Use custom storage Select the check box and select Shared-SP from the Storage
policy Policy drop-down menu.
183
6. Verify the VMware Cloud Director Storage IOPS setting on the virtual machine disk.
a. Click DETAILS on the IOPS-VM2 card.
b. Click Hard Disks under Hardware.
A1. The IO PS value assig ned to IO PS-VM2 hard d isk is 2 0. The value is t he storage IO PS reservat ion value whic h is defined on the prov ider VDC for the S hare-S P st orage po licy.
7. Attach another disk to IOPS-VM2 and verify the Storage IOPS limits.
a. Under Hard Disks, click EDIT.
The Edit Hard Disks for IOPS-VM2 window appears.
b. Click ADD in the Edit Hard Disks for IOPS-VM2 window.
c. On the newly added hard drive, enter 1 as the size, select GB, and select Shared-SP
Policy.
The IOPS value must be 20 as per the defined value.
d. Enter 2 in the text box to increment the size from 1 to 2 GB.
The IOPS value must be 40. With an increment in every GB, you can view an increment
of 20 IOPS to the total IOPS used.
e. Click SAVE.
Q2. Is the new 2 GB size hard drive created?

A2. No. The Shared-SP has 30 IOPS remaining. Requested is 4 0. error appe ars.
Based o n t he virtual machines and named d isks created o n t he S hared-S P stor age policy, 3 0 IO PS remain for you to use. You can create a dis k of m aximum 1500 M B in s ize.
f. Change the size of the disk to 1500 and select MB.
g. Click SAVE.
184
Task 6: Override the Provider VDC Storage Policy on the
Organization VDC
You override the storage IOPS policy on the organization, which is currently defined for the
provider VDC, as a system administrator.
3. Edit the existing storage policy to override the provider VDC configuration.

4. In the Edit Storage Policy Settings window, define the values and then click EDIT.
Option Action
Inherit From Provider VDC Turn off the toggle.
IOPS Limiting Enabled Verify that the toggle is turned on.
5. Expand the Shared-SP storage policy.
The VMware Cloud Director IOPS capability must appear.
The organization VDC storage IOPS limiting configuration is considered for the Research-
OVDC (3) organization VDC.
185
186
Lab 26 Creating and Using the VM
Sizing and VM Placement Policies
Objective and Tasks

Create VM sizing and placement policies and apply them on various VMs:
1. Verify Host Groups and Host Rules
2. Create VM Placement Policies
3. Publish VM Placement Policies to the Organization VDC
4. Create VM Sizing Policies
5. Publish VM Sizing Policies to the Organization VDC
6. Create VMs Using the VM Placement and Sizing Policies
7. Verify the VM Placement and Sizing Policies
187
Task 1: Verify the Host Groups and Host Rules
You review and verify the host placement and VM placement policies on the vCenter Server as a
vSphere administrator.
3. Under Hosts and Cluster view, expand SA-Datacenter > SA-NSX-T & Compute.
4. Click SA-NSX-T & Compute.

6. Click VM/Host Groups under Configurations.
7. Select Research-HostGroup-01.
The sa-esxi-05.vclass.local host that is added to Research-HostGroup-01 appears.
8. Select Research-HostGroup-02.
The sa-esxi-06.vclass.local host that is added to Research-HostGroup-02 appears.
9. Click VM/Host Rules under Configurations.
10. Click Research-VMPlacement-01, verify that the type is Run VMs on Hosts, and the enabled
state is Yes.
This host rule is applied to all the Linux based VMs. The placement of VMs is on the sa-esxi-
05.vclass.local host.
11. Click Research-VMPlacement-02, verify that the type is Run VMs on Hosts, and the enabled
state is Yes.
This host rule is applied to all the Windows based VMs. The placement of VMs is on the sa-
esxi-06.vclass.local host.
188
Task 2: Create VM Placement Policies
You create VM placement policies as a system administrator.
3. Click VM Placement Policies in the left pane.
4. Create a VM placement policy.
a. Click NEW.
The Create VM Placement Policy window appears.
b. Click NEXT.
c. In the General section, configure the VM placement policy.
Option Action
Name Enter Linux-VM-Placement in the text box.
Description Enter Linux-VM-Placement in the text box.
d. Click NEXT.
e. In VM Groups, expand VMBeans-RnD-PVDC cluster from the tree.
f. Select the Research-VMgroup-01 check box.
g. Click NEXT.
h. Click FINISH.
189
5. Create another VM placement policy.
a. Click NEW.
The Create another VM Placement Policy window appears.
b. Click NEXT.
c. In General, configure another VM placement policy.
Option Action
Name Enter NonLinux-VM-Placement in the text box.
Description Enter NonLinux-VM-Placement in the text box.
d. Click NEXT.
e. In VM Groups, expand VMBeans-RnD-PVDC cluster from the tree.
f. Select the Research-VMgroup-02 check box and click NEXT.
g. Click FINISH.
7. Click VMBeans-Rnd-PVDC in the right pane.
8. Click VM Placement under Policies.
9. Verify that the Linux-VM-Placement and NonLinux-VM-Placement policies appear by default.
Task 3: Publish VM Placement Policies to the Organization VDC

You publish the VM placement policies to an organization VDC as a system administrator.
3. Click the VM Placement policy under Policies.
4. Click ADD in the right pane.
5. In the Select Policies to Add to VDC window, select Linux-VM-Placement and NonLinux-
VM-Placement policies from the table.
6. Click OK.
190
Task 4: Create VM Sizing Policies
You define the compute resource allocation for VMs in an organization VDC by creating a VM
Sizing Policies as a system administrator.
1. Click VM Sizing Policies in the left pane to create a few VM sizing policies as a system
administrator.
2. Create a VM sizing policy.

a. Click NEW in the right pane.
The Create VM Sizing Policy window appears.
b. Specify the name and description in the General section and then click NEXT.
Option Action
Name Enter Small in the text box.
Description Enter Small in the text box.
c. Configure the CPU speed in the CPU section and then click NEXT.
Option Action
vCPU Speed Enter 1000 MHz in the text box.
vCPU Count Enter 1 in the text box.
Cores Per Socket Enter 1 in the text box.
CPU Reservation Guarantee Enter 50% in the text box.
CPU Limit Enter 1000 MHz in the text box.
CPU Shares Leave the default value.
d. Configure the memory in the Memory section and then click NEXT.
Option Action
Memory Enter 1024 MB in the text box.
Memory Reservation Guarantee Enter 50% in the text box.
Memory Limit Enter 1024 MB in the text box.
Memory Shares Leave the default value.
e. Click FINISH.
191
3. Create another VM sizing policy.
a. Click NEW in the right pane.
The Create another VM Sizing Policy window appears.
b. Specify the name and description in the General section and then click NEXT.
Option Action
Name Enter Medium in the text box.
Description Enter Medium in the text box.
c. Configure the CPU speed in the CPU section and then click NEXT.
Option Action
vCPU Speed Enter 2000 MHz in the text box.
vCPU Count Enter 2 in the text box.
Cores Per Socket Enter 2 in the text box.
CPU Reservation Guarantee Enter 50% in the text box.
CPU Limit Enter 2000 MHz in the text box.
CPU Shares Leave the default value.
d. Configure the memory in the Memory section and then click NEXT.
Option Action
Memory Enter 2048 MB in the text box.
Memory Reservation Guarantee Enter 50% in the text box.
Memory Limit Enter 2048 MB in the text box.
Memory Shares Leave the default value.
e. Click FINISH.
192
Task 5: Publish VM Sizing Policies to the Organization VDC
You publish the VM sizing policies to an organization VDC as a system administrator.
3. Click VM Sizing policy under Policies.
4. Click ADD in the right pane.
5. In the Select Policies to Add to VDC window, select Small and Medium policies from the
table.
6. Click OK.
7. Log out of the SA-VCD-P Provider portal.

193
Task 6: Create VMs Using the VM Placement and Sizing Policies
You create a few standalone VMs using the VM placement and sizing policies as an organization
user.
4. Create a virtual machine.
a. Click NEW VM to create a virtual machine in the New VM window and then configure its
settings.
Option Action
Name Enter TestVM-01 in the text box.
Computer Name Enter TestVM-01 in the text box.
Description Enter TestVM-01 in the text box.
b. Select the Power on check box.
c. Under Operating System, select Linux as the OS family.
d. Select CentOS 8 (64-bit) as the operating system from the drop-down menu.
Leave the other default settings under Operating System.
e. Specify the placement policy under Compute.
Option Action
Placement Policy Select Linux-VM-Placement from the drop-down menu.
Sizing Policy Select Small from the drop-down menu.
f. Under Storage, enter 1 GB as the disk size and click OK.
194
5. Create another virtual machine.
a. Click NEW VM to create another virtual machine in the New VM window, and then
configure its settings.
Option Action
Name Enter TestVM-02 in the text box.
Computer Name Enter TestVM-02 in the text box.
Description Enter TestVM-02 in the text box.
b. Select the Power on check box.
c. Under Operating System, select Microsoft Windows as the OS family.
d. Select Microsoft Windows 10 (64-bit) as the operating system from the drop-down
menu.
Leave the other default settings under Operating System.
e. Specify the placement policy under Compute.
Option Action
Placement Policy Select NonLinux-VM-Placement from the drop-down menu.
Sizing Policy Select Medium from the drop-down menu.
f. Under Storage, enter 1 GB as the disk size and click OK.
195
Task 7: Verify the VM Placement and Sizing Policies
You verify that the VMs are placed according to the policies applied to them as an organization
user.
1. To verify the VM sizing policy, click Virtual Machines in the left pane.
2. Click DETAILS on the TestVM-01 card in the right pane.
3. Click Compute under Hardware.
4. Verify that the CPU and Memory resources on the VM are as per Small VM Sizing Policy.
6. Click TestVM-02 in the right pane.
7. Click Compute under Hardware.

8. Verify that the CPU and Memory resources on the VM are as per Medium VM Sizing Policy.
11. Expand SA-Datacenter > SA-NSX-T & Compute > RnD-RP > Research-OVDC (3).
12. Click TestVM-01.
Q1. On which host does TestVM-02 exist?

A1. TestVM-01 exists o n s a-esxi- 05.vc lass.lo cal bec ause it uses L inux-VM- Placement.
13. Click TestVM-02.

A2. TestVM-01 exists o n s a-esxi- 06.vc lass.lo cal bec ause it uses NonL inux-VM- Placement.
14. Do not log out of the vCenter Server portal.
196
Lab 27 Creating the Advisories
Dashboard
Objective and Tasks

Create and verify advisories notifications as a system administrator and a tenant user:
1. Create Advisories Notifications as a System Administrator
2. Verify Advisories Notifications as a Tenant User
197
Task 1: Create Advisories Notifications as a System Administrator
You create advisories as a system administrator and verify the mandatory advisories.
3. In the top bar, click Administration.
4. Click Advisories under Settings in the left pane and then click NEW.
5. Enter Mandatory security check is about to begin shortly as the

description.
6. Select Mandatory as the Priority.
The advisory appears with the MANDATORY priority type.
7. Select 1:00 AM from the Active From time drop-down menu and select 11:00 AM as the
time from the Active Until drop-down menu.
The advisory by default is active for a day. You can change the advisory active days and
time. The advisory is valid for a specific time. Mandatory security check advisory is active
only during the specific time.
8. Leave Publish to all users in all organizations selected and click OK.
The mandatory advisory is not published to the specific tenant but to all the tenants.
9. Click NEW.
10. Enter Hello, it is time to patch your database VMs as the description.
11. Select Critical as the Priority.
The advisory appears with the CRITICAL priority type.
12. Select 1:00 AM from the Active From time drop-down menu and select 11:00 PM as the
The advisory for patching the VMs is performed for a day. The advisory appears for the
tenant from 1 AM today to 11 PM of the next day. You can change the advisory active days
and time.
13. Select Publish to specific tenant and select VMBeans-RnD-Org.
14. Click OK.
198
15. Click NEW.
16. Enter Hello, take a snapshot of your application servers as the

description.
17. Select Important as the Priority.
18. Select 1:00 AM from the Active From time drop-down menu and select 11:00 PM as the
19. Click OK.
The advisory appears with the IMPORTANT priority type.
You login as a system administrator to view the advisories.
23. Click the Mandatory security check is about to begin shortly advisory
The mandatory advisories are color coded red and the informational advisories are color
coded orange. The mandatory advisory does not provide an option to snooze or dismiss the
alerts.
24. Click > next to 1/2 on the advisories above the top bar.
25. Click SNOOZE and select Three Hours for the informational advisory.
The information advisory provides an option to snooze or dismiss the alert.
199
Task 2: Verify Advisories Notifications as a Tenant User
You review the advisories as a tenant administrator.
3. Click the Mandatory security check is about to begin shortly advisory
Three advisories appear for an organization administrator. The mandatory advisory does not
provide an option to snooze or dismiss the alerts for an organization administrator.
4. Click > next to 1/3 on the advisories above the top bar to view the second advisory.
View the critical advisory. The critical alert provides an option to DISMISS or SNOOZE.
5. Click SNOOZE and select Three Hours from the first advisory that appears on the top bar.
The advisory is snoozed for three hours and displays after three hours for the organization
administrator.
6. Click > next to 1/3 on the advisories to select the third important advisory.
7. Click DISMISS for the third advisory.
A dismissed advisory is not visible to the users after they log in.
200
Lab 28 Verifying the VMware Cloud
Director CLI Commands
Objective and Tasks

You use the VCD-CLI utility to verify commands to work with VMware Cloud Director objects:
1. Verify the VMware Cloud Director CLI Commands and Operations
201
Task 1: Verify the VMware Cloud Director CLI Commands and
Operations
You use various CLI commands and access different VMware Cloud Director entities using the
CLI tools.
1. Click the Remmina shortcut icon on the taskbar.
2. Enter VMware1! as the password to start Remmina.
3. Right-click SA-CENTOS-01 and click Connect.
4. Enter the vcd login sa-vcd-p.vclass.local system administrator -

i -w command.
5. Enter VMware1! as the password.
The message administrator logged in, org: 'system', vdc: ' '
appears.
6. Enter the vcd catalog list command.
The available catalog in VMBeans-RnD-Org appears.
7. Upload a file to the catalog by entering the vcd catalog upload -p Repo-
Catalog vcd_cli_error.log command.
The file name and size appear after a successful upload to the catalog.
10. Click Libraries from the top pane.
11. Click Media & Other in the left pane.
The vcd_cli_error.log file appears in the right pane in Repo-Catalog belonging to

Beta-VDC (2).
12. Navigate to the VMware Cloud Director CLI and enter the vcd catalog delete
Repo-Catalog vcd_cli_error.log command.
13. Press y to verify the deletion.
14. Navigate to the tenant portal and view that the file is deleted from Media & Other.
202
15. Navigate to the VMware Cloud Director CLI and enter the vcd network external
list command.
The external networks including all the Tier-0 supported external networks appear.
16. Enter the vcd user list command.
All the users in the provider portal appear.
17. Enter the vcd org list command.

All the organizations in the provider portal appear.
18. Enter the vcd org use VMBeans-RnD-Org command.
19. Enter the vcd vdc list command.
The command lists all the organization VDCs in the provider portal.
20. Enter the vcd vdc use "Dev-OVDC (1)" command.
21. Enter the vcd vapp list command.
22. Enter the vcd vapp network create --subnet 30.30.30.1/24 --ip-
range 30.30.30.11-30.30.30.20 DB-Servers DB-Isolated-NW
command.
An isolated vApp network is created in the DB-Servers vApp.
23. Enter the vcd vapp network list DB-Servers command.
All the vApp networks connected to the DB-Servers vApp appear.
24. Navigate to the tenant portal and click Applications on the top bar.
25. Click DETAILS on the DB-Servers vApp card.
26. Click Networks in the General section.
27. Identify the newly added DB-Isolated-NW in the right pane.
28. Navigate to the web console of SA-CENTOS-01 VM and enter the vcd vapp network
delete DB-Servers DB-Isolated-NW command.
The isolated network is deleted.
29. Navigate to the tenant portal and notice that the DB-Isolated-NW no longer appears under
Networks of the DB-Servers vApp.
203
204
Lab 29 Installing and Configuring
VMware Cloud Director Management
Pack with vRealize Operations
Manager
Objective and Tasks

Install and configure the VMware Cloud Director management pack in the vRealize Operations
Manager UI portal:
1. Install the VMware Cloud Director Management Pack in vRealize Operations Manager
2. Configure the VMware Cloud Director Management Pack in vRealize Operations Manager
205
Task 1: Install the VMware Cloud Director Management Pack in
vRealize Operations Manager
You install the VMware Cloud Director management pack in the vRealize Operations UI portal.
1. Select vRealize from the bookmark and click vRealize Operations Manager.
2. Log in to the vRealize Operations Manager UI portal.
• User name: admin
3. Click the Administration tab from the top bar.
4. Select Repository under Solutions in the left pane.
By default, the VMware Cloud Director management pack is not installed in vRealize
Operations Manager and so you must install it.
5. Scroll to the bottom of the page and click ADD/UPGRADE in the right pane.
6. Click BROWSE in Select a Solution in the Add Solution window.
7. Navigate to Desktop\Class Materials and Licenses\Downloads and

select vmware-MPforVCD-5-1601984793916.pak.
8. Click Open.
9. Click UPLOAD.
The upload takes a few minutes to complete. Do not refresh the browser.
The PAK file is uploaded.
10. Review the PAK file and click NEXT.
11. In the Add Solution window, select I accept the terms of this agreement in the End User
License Agreement and click NEXT.
The management pack installation process begins. The installation takes a few minutes to
complete. Do not refresh the browser.
12. Click FINISH.
The VMware Cloud Director Management Pack appears in the Other Management Packs
section at the bottom of the page.
206
Task 2: Configure the VMware Cloud Director Management Pack in
vRealize Operations Manager
You configure the VMware Cloud Director management pack in the vRealize Operations UI
portal.
1. Click Other Accounts under Solutions in the left pane.
2. Click ADD ACCOUNT in the right pane.
3. Click the vCloud Adapter account type.
4. Configure the first instance in the New Account page.
Option Action
Name Enter SA-VCD-P in the text box.
Description Enter Site-A VMware Cloud Director Instance in

the text box.
vCloud Director Host Enter sa-vcd-p.vclass.local in the text box.
Auto Discovery Verify that the value is true.
Organization Verify that the value is System.
Filter By Provider VDCs Leave the value blank.

List
Filter By Organizations Leave the value blank.

List
Credentials Click the Plus + sign.
207
5. Provide the credentials in the Manage Credentials window.
Option Action
Credential Kind Select vCloud System Credentials from the drop-down menu.
Credential name Enter VCD Admin in the text box.
User Name Enter administrator in the text box.
AMQP Password Leave the value blank.
6. Click and verify that VCD Admin is selected in the Credential section.
7. Click VALIDATE CONNECTION.
8. Click ACCEPT to accept the certificate.
The Test connection successful message appears.
a. If this message does not appear, verify that you have performed all the steps correctly.
9. Click OK on the information page with the Test connection successful message.
10. Click ADD.
11. Verify that the SA-VCD-P VMware Cloud Director configured instance appears.
12. Refresh the UI page.
13. Verify that Status appears as OK for the configured instance after a few minutes.
After configuring the management pack, you must wait for two or three collection cycles
before the VMware Cloud Director objects appear on vRealize Operations Manager. Each
collection cycle takes approximately 5 minutes and so you must wait 10 to 15 minutes.
208
Lab 30 Monitoring the VMware Cloud
Director Objects with vRealize
Operations Manager
Objective and Tasks

View the vRealize Operations features, monitor the VMware Cloud Director objects, and create a
custom report:
1. View the Predefined VMware Cloud Director Dashboards
2. View the Predefined Views, Reports, and Alerts Definitions
3. Generate a Custom Report
4. Monitor the VMware Cloud Director Objects
209
Task 1: View the Predefined VMware Cloud Director Dashboards
You view the default dashboards available in vRealize Operations Manager for VMware Cloud
Director.
Because you configured the VMware Cloud Director management pack, the data collection and
plotting take time. In some cases, you might not see any data for an object.
1. Click the Dashboards tab from the top bar.
2. Click the menu option next to Dashboard in the left pane and verify that vCloud Director is
selected.
After you select the vCloud Director dashboard, all the built-in dashboards appear in the left
pane.
3. Select the vCD Alerts dashboard in the left pane.
All the alerts associated with VMware Cloud Director appear.
In the Operations Alerts widget, you can expand any hour that is available. You can also
select an alert and view the related details of the selected alert in the other widget.
4. Select the vCD All Metrics Selector dashboard in the left pane.
All the metrics associated with an object that the management pack for VMware Cloud
Director collects appear in the same pane. The metrics for the selected object appear when
you select the object.
5. Sort the vCD Resources widget by selecting the object type organization and select
VMBeans-RnD-Org in the table.
6. In the Metric Picker widget, expand Properties > vRealize Operations Generated Properties
and double-click Object Type Classification.
7. View the Metrics Chart widget, which plots the chart according to the Metric Picker selection.
8. View the metrics for another VMware Cloud Director object.
a. Select SA-VCD-P in the table.
b. In the Metric Picker widget, expand Properties > vRealize Operations Generated
Properties and double-click Object Type Classification.
c. View the Metrics Chart widget by plotting the chart according to the Metric Picker
selection.
Similarly, you can select any metric picker and view the metric chart.
210
9. Select the vCD Org VDC Utilization dashboard in the left pane.
The vCD Org VDC Utilization dashboard provides a quick view of the top 10 organization
VDCs based on the following metrics.
• CPU usage
• Memory usage
• Storage usage
• Network usage
• vApps
• Storage allocation
Based on these metrics, you can determine the performance of an organization VDC.
You can view each widget and the use of the organization based on CPU, memory, storage,
network, vApps, and storage allocation in MB.
10. Select the vCD vApp Utilization dashboard in the left pane.
The vCD vApp Utilization dashboard provides a quick view of the top 10 vApps based on the
CPU allocation, memory allocation, storage allocation, number of VMs, and number of CPUs.
Based on these metrics, you can determine the performance of a vApp.
11. Select the vCD Mashup Charts dashboard in the left pane.
The vCD Mashup charts dashboard is a reference for obtaining the health of the objects
collected by VMware Cloud Director. The dashboard provides the anomaly count graph
metric. The metric shows the number of anomalies for an object in the form of metrics.
12. Select any object from the vCD Resources widget, observe the Mashup Chart widget, and
display the health of the object.
13. Select the vCD Troubleshooting dashboard in the left pane.
The vCD Troubleshooting dashboard shows all the objects and their relationship in the
management pack for vCloud Director. Based on the selection of an object, the
corresponding health anomalies and its interesting metric is displayed. The dashboard is used
for troubleshooting.
211
Task 2: View the Predefined Views, Reports, and Alerts Definitions
You review the default views and reports available in vRealize Operations Manager for VMware
Cloud Director.
1. On the Dashboards tab, click Views in the left pane.
2. In the right pane, enter vCloud in the Quick Filter (Name) text box.
The predefined views for VMware Cloud Director appear.
3. On the Dashboards tab, click Reports in the left pane.
The predefined reports for VMware Cloud Director appear.
5. Click the Alerts tab from the top bar.
6. Expand Configuration in the left pane.
7. Select Alert Definitions.
The predefined alert definitions for VMware Cloud Director appear.
Task 3: Generate a Custom Report

You generate a custom report.
1. Click the Dashboards tab from the top bar.
2. Click Reports in the left pane.
3. Click ADD in the right pane in the Report Templates tab.
4. In the New Template window, provide the name and description in the Name and Description
section.
Option Action
Name Enter Custom Organization Report in the text box.
Description Enter Custom Organization Report in the text box.
212
5. Configure the custom report.
a. Expand Views and Dashboards.
b. Enter organization - summary in the ALL FILTERS search text box.
c. Click vCloud Director - Organization - Summary and drag it to the right pane.
d. Enter organization vDC network - summary in the ALL FILTERS search

text box.
e. Click vCloud Director - Organization vDC Network - Summary and drag it to the right
pane.
f. Enter storage free in the ALL FILTERS search text box.
g. Click vCloud Director - Organization vDC - Storage Free - Distribution and drag it to the
right pane.
h. Enter Organization to VM Mapping in the ALL FILTERS search text box.
i. Click VCD - vCloud Director to Organization mapping and drag it to the right pane.
6. Expand Formats.
7. Verify that PDF is selected and CSV is deselected.
8. Expand Layout Options and verify that Cover Page, Table of contents, and Footer are
selected.
9. Click SAVE.
10. On the Reports pane, enter custom in the ALL FILTERS search text box.
The report that you created appears.
11. Select Custom Organization Report, click the vertical ellipsis next to the repor, and click Run.
213
12. In the Select an Object window, select vCloud Provider from the drop-down menu, and
select vCloud World from the tree.
13. Click OK.

The status message Running... appears.
14. Click the Generated reports tab.

The Generated Reports tab appears with all the generated reports.
15. When the Status of the report changes from Processing to Completed, select Custom
Organization Report and click the PDF icon on the right to download the report.
16. Select Open with Firefox and click OK to read the report.
The report appears with a cover page, table of contents, and a footer with the VMware Cloud
Director object details.
You might see empty data in the report as it takes time for the vRealize Operations Manager
engine to gather and generate the data.
17. Close the reports tab.
214
Task 4: Monitor the VMware Cloud Director Objects
You monitor a few VMware Cloud Director objects and view the summary details and metrics.
1. Click the Environment tab from the top bar.
2. Expand Management Pack for vCloud Director in the left pane.
3. Select vCloud Provider.
4. Navigate to vCloud World > SA-VCD-P > VMBeans-Rnd-PVDC > Dev-OVDC (1).
5. Select App-Servers from the inventory list.
By default, the Summary tab appears in the right pane.
6. View the widgets in the Summary tab.
You can view all the available information.
7. Click the Metrics tab in the right pane.
8. Expand Metrics > Memory and double-click Allocation (MB).
The graph appears in the right pane and you can view the graph pattern.
9. Select DB-Servers from the inventory list in the left pane.
10. Click the Summary tab.
11. View the widgets in the Summary tab.
You can view all the available information.
12. Click the Metrics tab in the middle pane.
13. Expand Metrics > CPU and double-click Allocation (MHz).
The graph appears on the right pane and you can zoom to view the graph pattern.
You can compare the same metric of various objects and view the graph.
215
14. Select any other objects from the inventory in the left pane and select a different metric for
comparison.
15. Click BACK in the left pane.
16. Click All Objects at the bottom in the left pane.
17. Expand vCloud Adapter in the left pane.
You can expand any object and explore the summary section of each of the object. You can
also monitor and view any object in vRealize Operations Manager.
18. Log out of the vRealize Operations Manager portal.
216
Answer Key
Lab 1 Reviewing the Lab Environment

Q1. What storage policies are applied to the provider VDC?
A1. RnD-SP.
Q2. How many vApps are created in the Organization VMBeans-RnD-Org?
A2. Six vApps.
Lab 10 Creating and Managing Role Based Access Control
Q1. Can you view vCenter Server?
A1. No.
Q1. Do you see the NEW VM creation option enabled?
A1. Yes. The logged in user with the custom role can create a VM.
Q2. Do you see the NEW VAPP creation option enabled?
A2. Yes. The logged in user with the custom role can create a vApp.
Q3. Do you see the named disk creation option enabled?
A3. No new named disk creation option is available. You have not enabled the create name
disk role in the custom role.
Lab 11 Creating and Managing Quotas
A1. Yes. Quotatest-01 VM is created and powered on.
A2. Yes. Quotatest-02 VM is created and powered on.
A3. Yes. Quotatest-03 VM is created but is not powered on. This behavior occurs because
when the quotas are set in the organization, the Running VMs Quotas are configured to 2.
A maximum of two VMs can be powered on simultaneously with this configuration.
A4. No. Quotatest-04 VM is not created and is in an Unresolved state. The behavior occurs
because when you set the quotas in the organization, All VMs Quotas are configured to
16. 11 VMs and 2 templates were already created in this organization. Therefore, you can
217
create only 3 additional VMs or templates. A maximum of 16 VMs or templates can be
created with this configuration.
A5. Yes. The Quotatest-02 VM powered on successfully and did not violate any quota limit.
A6. No. Quotatest-02 VM is not powered on. The behavior occurs because when you set the
quotas at the organization level, Memory Quota was configured to 5 GB. At any time, a
maximum of 5 GB of memory can be assigned to VMs and powered on simultaneously in
this configuration.
A7. Yes. The Quotatest-02 VM powered on successfully and did not violate any memory
quota limit this time.
A1. Yes. dcuser1VM-01 VM is created and powered on.
A2. Yes. The dcuser1VM-02 VM is created and powered on.
A3. No. The dcuser1VM-03 VM is not created because the All VM quota limit per user in the
group is set to 2 .
A6. No. The dcuser2VM-03 VM is not created because the All VM quota limit per user in the
group is set to 2 .
A1. Yes. The dcuser1VM-03 VM is created but not powered on. This behavior occurs
because when the quotas are set at the organization level, the Running VMs Quotas is
configured to 2. A maximum of two VMs can be powered on simultaneously with this
configuration.
A2. No. The dcuser1VM-04 VM is not created and is in an Unresolved state. This behavior
occurs because when you set the quotas at the user level, the All VMs Quotas are
218
configured to 3. A maximum of three VMs or templates can be created by this user with
the current configuration.
Lab 23 Creating and Managing a Shared Named Disk
Q1. Is the Cluster-VM1 virtual machine deleted even though the shared named disk is
attached to it?
A1. Yes. Cluster-VM1 virtual machine is deleted. The shared name disk is automatically
detached from that VM. The same behavior is applicable for the nonshared named disk.
Lab 24 Encrypting a VM and a Named Disk
Q1. Did the VM creation succeed?
A1. No. EncryptedVM virtual machine is not created because you must select the same
storage policy for the virtual machine files.
Q2. Did the VM creation succeed this time?
A2. Yes. EncryptedVM virtual machine creation succeeded.
Q1. Did you find any virtual machine in the list, which is not encrypted?
A1. No. Only the encrypted virtual machine appears.
Q2. Can you change the storage policy of EncryptedNamedDisk to a nonencrypted storage
policy?
A2. No. You cannot change the encryption status of a disk when the virtual machine is
powered on.
Q3. Can you change the Storage Policy of EncryptedNamedDisk when it was attached to a
powered off Encrypted VM?
A3. Yes. A powered-off VM can change the encryption status of any disk. An encrypted VM
can have a nonencrypted disk attached.
Q4. Can you power on the virtual machine when a nonencrypted NamedDisk is attached to
an encrypted virtual machine?
A4. Yes. A an encrypted VM can have a nonencrypted disk attached.
Lab 25 Verifying Storage IOPS with VMware Cloud Director
A1. The IOPS value assigned to the IOPS-VM1 hard disk is 10. The value is the storage IOPS
reservation value that is defined in vCenter Server on the Shared-SP storage policy.
A1. No. When the vCenter Server storage IOPS is enabled on a storage policy, VMware
Cloud Director cannot override the settings.
219
A2. Yes. You can edit the storage policy because the vCenter Server configuration on the
storage policy is disabled.
A1. The IOPS value assigned to IOPS-VM2 hard disk is 20. The value is the storage IOPS
reservation value which is defined on the provider VDC for the Share-SP storage policy.
Q2. Is the new 2 GB size hard drive created?
A2. No. The Shared-SP has 30 IOPS remaining. Requested is 40. error appears.
Based on the virtual machines and named disks created on the Shared-SP storage policy,
30 IOPS remain for you to use. You can create a disk of maximum 1500 MB in size.
Lab 26 Creating and Using the VM Sizing and VM Placement Policies
A1. TestVM-01 exists on sa-esxi-05.vclass.local because it uses Linux-VM-Placement.
A2. TestVM-01 exists on sa-esxi-06.vclass.local because it uses NonLinux-VM-Placement.
220

Edu en Vcdicm103 Lab Ie

Uploaded by

Document Information

Original Title

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

Edu en Vcdicm103 Lab Ie

Uploaded by

Copyright:

Available Formats

VMware Cloud Director: Install,

Configure, Manage [V10.3]

VMware® Education Services

VMware Cloud Director™ V10.3

Part Number EDU-EN-VCDICM103-LAB (10-DEC-2021)

The following typographical conventions are used in this course.

Conventions Usage and Examples

Monospace Identifies command names, command options, parameters, code

• Run the esxtop command.

• ... found in the /var/log/messages file.

Monospace Identifies user inputs:

Boldface Identifies user interface controls:

• Click the Configuration tab.

Italic Identifies book titles:

• vSphere Virtual Machine Administration

{> Indicates placeholder variables:

• ... the Settings/.txt file

Lab 1 Reviewing the Lab Environment.................................................................................. 1

Objective and Tasks

1. Log In to the Student Desktop

2. Verify the vSphere Infrastructure

3. Navigate the VMware Cloud Director Infrastructure

Use Firefox for all browser tasks.

1. Verify that you have successfully logged in to the console desktop.

• User name: student01

Task 2: Verify the vSphere Infrastructure

3. Log in to the vSphere Web Client.

• User name: administrator@vsphere.local

6. Expand SA-Management in the left pane.

9. In the left pane, expand NSXT-EDGE-RP.

10. Identify the sa-nsxedge-01 and sa-nsxedge-02 NSX-T Edge VMs.

a. (Optional) If the edges are powered off, power them on.

c. Verify that sa-nsxedge-01 and sa-nsxedge-02 are powered on.

11. Log out of the vSphere Web Client.

3. Log in to the provider portal.

• User name: administrator

4. Click Provider VDCs in the left pane.

6. In the left pane, select Organizations.

Q2. How many vApps are created in the Organization VMBeans-RnD-Org?

14. Log out of the SA-VCD-P provider portal.

Objective and Tasks

1. Deploy the VMware Cloud Director Standby Cell

2. Configure the VMware Cloud Director Primary Appliance

3. Configure the VMware Cloud Director Standby Appliances

Use Firefox for all browser tasks.

3. Log in to vCenter Server.

• User name: administrator@vsphere.local

a. Right-click SA-Management and select Deploy OVF Template.

b. Select Local file.

c. Click UPLOAD FILES.

d. Navigate to student01\Desktop\Class Materials and

7. Enter sa-vcd-s-2 as the VM name and click NEXT.

8. Select SA-Management and click NEXT.

9. Click NEXT on the Review details page.

11. Select Standby - small and click NEXT.

12. Select SA-Remote-02.

14. Select pg-SA-Management from the eth0 Network drop-down menu.

NTP Server Enter 172.20.10.1 in the text box.

Initial root password Enter VMware1! in the text box.

Confirm Password Enter VMware1! in the text box.

Enable SSH root login Select the check box.

eth0 Network Routes Leave blank.

eth1 Network Routes Leave blank.