Professional Documents
Culture Documents
Lab Manual
The training material is provided “as is,” and all express or implied conditions, representations,
and warranties, including any implied warranty of merchantability, fitness for a particular
purpose or noninfringement, are disclaimed, even if VMware, Inc., has been advised of the
possibility of such claims. This material is designed to be used for reference purposes in
conjunction with a training course.
The training material is not a standalone training tool. Use of the training material for self-
study without class attendance is not recommended. These materials and the computer
programs to which it relates are the property of, and embody trade secrets and confidential
information proprietary to, VMware, Inc., and may not be reproduced, copied, disclosed,
transferred, adapted or modified without the express written approval of VMware, Inc.
www.vmware.com/education
Typographical Conventions
• {ESXi_host_name>
www.vmware.com/education
Contents
iv
Lab 7 Creating Organization VDCs and Allocating Resources.................................. 31
Task 1: Create an Organization VDC ..................................................................................................................... 32
Task 2: Manage the Organization VDC ................................................................................................................ 34
Lab 8 Integrating Active Directory and Importing User Group................................ 35
Task 1: Integrate Active Directory from the Provider Portal ....................................................................... 36
Task 2: Integrate the Active Directory Instance to an Organization .........................................................37
Task 3: Import an Active Directory Group in the Organization ....................................................................37
Task 4: Verify the Domain User Access to the Organization ...................................................................... 38
Lab 9 Creating Local Users in the Organizations .......................................................... 39
Task 1: Create Local Users in the Organization ................................................................................................. 40
Task 2: Verify the Access Rights of the Tenant Users .................................................................................. 43
Task 3: Create the Provider Access Control User .......................................................................................... 45
Lab 10 Creating and Managing Role Based Access Control ..................................... 47
Task 1: Create a Provider Access Control Role ................................................................................................ 48
Task 2: Assign the Provider Access Control Role to a Local User ........................................................... 49
Task 3: Verify the Provider Access Control Role Local User Rights ........................................................ 49
Task 4: Create the Custom Role-01 Tenant Access Control Role ............................................................. 51
Task 5: Publish the Custom Role-01 to a Tenant.............................................................................................. 52
Task 6: Assign the Custom Role-01 to a Local User ....................................................................................... 52
Task 7: Create the Custom Role-02 Using the Tenant Portal ..................................................................... 53
Task 8: Assign the Custom Role-02 to a Local User ...................................................................................... 53
Task 9: Verify the Custom Role-02 Local User Rights................................................................................... 54
Lab 11 Creating and Managing Quotas .............................................................................. 55
Task 1: Assign the Organization Quotas .............................................................................................................. 56
Task 2: Verify the Organization Quotas ................................................................................................................57
Task 3: Assign the Group Quotas .......................................................................................................................... 62
Task 4: Verify the Group Quotas ........................................................................................................................... 63
Task 5: Assign the User Quotas.............................................................................................................................. 68
Task 6: Verify the User Quotas ............................................................................................................................... 69
Task 7: Reset the Quotas .......................................................................................................................................... 70
Lab 12 Creating and Managing VMs.................................................................................... 71
Task 1: Create a Standalone VM from the Template .......................................................................................72
Task 2: Create a Standalone VM from the ISO Image ....................................................................................73
Task 3: Import a Standalone VM from vCenter Server.................................................................................. 74
v
Task 4: Upgrade the Virtual Hardware Version for a VM ...............................................................................75
Task 5: Update the VM Resources ........................................................................................................................ 76
Task 6: Suspend the VM .............................................................................................................................................77
Task 7: Create a VM Snapshot ................................................................................................................................ 78
Task 8: Renew a VM Lease ...................................................................................................................................... 80
Lab 13 Creating and Managing vApps .............................................................................. 83
Task 1: Build a New vApp .......................................................................................................................................... 84
Task 2: Create a vApp from an OVF Package ................................................................................................. 86
Task 3: Add a VM to a vApp ................................................................................................................................... 87
Task 4: Copy a VM from a vApp ............................................................................................................................ 88
Task 5: Copy a vApp to Another Virtual Data Center ................................................................................... 89
Task 6: Edit the vApp Properties ........................................................................................................................... 90
Task 7: Create a vApp Snapshot ............................................................................................................................ 91
Task 8: Renew the vApp Lease.............................................................................................................................. 92
Task 9: Change the vApp Owner........................................................................................................................... 93
Lab 14 Creating and Managing the Auto Scaling Groups ........................................... 95
Task 1: Configure the Auto Scale Plug-In ............................................................................................................ 96
Task 2: Publish the Auto Scale Rights Bundle ................................................................................................... 98
Task 3: Publish the Auto Scale Plug-In ................................................................................................................. 98
Task 4: Create a Scale Group .................................................................................................................................. 99
Task 5: Add an Auto Scaling Rule ........................................................................................................................ 100
Task 6: Test the Auto Scaling Rule....................................................................................................................... 101
Lab 15 Creating and Managing Catalogs ........................................................................ 103
Task 1: Add a Catalog Storage Policy to an Organization Virtual Data Center .................................. 104
Task 2: Create a Catalog ......................................................................................................................................... 105
Task 3: Share a Catalog ........................................................................................................................................... 106
Task 4: Publish a Catalog..........................................................................................................................................107
Task 5: Upload the Media Files .............................................................................................................................. 108
Lab 16 Working with vApp Templates ........................................................................... 109
Task 1: Create a vApp Template from an OVF File ....................................................................................... 110
Task 2: Import a VM from vCenter Server as a vApp Template ................................................................ 111
Task 3: Create a vApp from a vApp Template ................................................................................................ 112
Lab 17 Creating and Managing the Organization VDC Template ............................ 113
Task 1: Create an Organization VDC Template from the Provider Portal ..............................................114
vi
Task 2: Instantiate an Organization VDC Template from the Provider Portal ...................................... 116
Task 3: Instantiate an Organization VDC Template from the Tenant Portal ......................................... 117
Lab 18 Provider Networking Tasks .................................................................................... 119
Task 1: Create a Distributed Virtual Port Group Supported External Network................................... 120
Task 2: Create an External Network Using Segments ................................................................................... 121
Task 3: Create a Tier-0 Gateway Using Tier0 ................................................................................................. 122
Task 4: Create a Tier-0 Gateway Using VRF ................................................................................................... 123
Task 5: Create an Edge Gateway .........................................................................................................................124
Task 6: Create a Direct Organization VDC Network ..................................................................................... 125
Task 7: Create an Imported Organization VDC Network............................................................................. 126
Lab 19 Creating and Verifying Organization VDC Networks ................................... 127
Task 1: Read the Three-Tier Application Use Case ........................................................................................ 128
Task 2: Create a Routed Organization VDC Network ..................................................................................129
Task 3: Assign the Routed Organization VDC Network to a vApp .......................................................... 131
Task 4: Create an Isolated Organization VDC Network ............................................................................... 132
Task 5: Create a Second Isolated Organization VDC Network ................................................................. 133
Task 6: Assign the Isolated Organization VDC Network to vApps..........................................................134
Task 7: Assign the Second Isolated Organization VDC Network to a vApp and Verify
Connectivity .................................................................................................................................................136
Task 8: Assign and Verify the Second Isolated Organization VDC Network ....................................... 138
Lab 20 Creating and Verifying vApp Networks .......................................................... 141
Task 1: Read the Applications Server Use Case ..............................................................................................142
Task 2: Read the Database Server VM Use Case...........................................................................................142
Task 3: Create an Isolated vApp Network and Assign to vApps .............................................................143
Task 4: Verify the Isolated Network Connectivity..........................................................................................145
Task 5: Assign the Direct Organization VDC Network to a VM ................................................................146
Task 6: Assign the Imported Organization VDC Network to a VM ..........................................................148
Task 7: Configure a Routed vApp Network......................................................................................................149
Task 8: Verify a Routed vApp Network ............................................................................................................ 150
Lab 21 Configuring and Verifying Edge Gateway Services ...................................... 153
Task 1: Verifying Connectivity Before Configuring NAT...............................................................................154
Task 2: Configure the NAT Services.................................................................................................................... 155
Task 3: Verify the NAT Connectivity ...................................................................................................................156
Lab 22 Creating and Managing a Named Disk .............................................................. 157
vii
Task 1: Create a Named Disk...................................................................................................................................158
Task 2: Attach a Named Disk to a VM ................................................................................................................159
Task 3: Detach the Named Disk............................................................................................................................ 160
Task 4: Delete the Named Disk............................................................................................................................. 160
Lab 23 Creating and Managing a Shared Named Disk ................................................161
Task 1: Create a Shared Named Disk ...................................................................................................................162
Task 2: Attach a Shared Named Disk to a VM .................................................................................................163
Task 3: Detach the Shared Named Disk .............................................................................................................164
Task 4: Delete a VM with an Attached Named Disk ......................................................................................165
Lab 24 Encrypting a VM and a Named Disk .................................................................. 167
Task 1: Verify the Key Provider Details on vCenter Server ........................................................................168
Task 2: Verify the Encryption Policy on vCenter Server .............................................................................169
Task 3: Add an Encryption Policy in VMware Cloud Director ....................................................................169
Task 4: Create an Encrypted Virtual Machine.................................................................................................... 171
Task 5: Verify the Encrypted Virtual Machine................................................................................................... 172
Task 6: Use the Advanced Filtering Encryption Feature.............................................................................. 172
Task 7: Create and Verify an Encrypted Named Disk ................................................................................... 173
Task 8: Use the Encrypted Disk and VM ............................................................................................................174
Lab 25 Verifying Storage IOPS with VMware Cloud Director ................................ 177
Task 1: Verify the Storage IOPS Policy on vCenter Server ........................................................................ 178
Task 2: Verify the Storage IOPS Policy in VMware Cloud Director ......................................................... 178
Task 3: Assign and Verify the vCenter Server Enabled Storage IOPS Policy to a VM .................... 179
Task 4: Enable the VMware Cloud Director Storage IOPS Limiting on the Provider VDC ............ 180
Task 5: Assign and Verify the VMware Cloud Director Enabled Storage IOPS Policy to a VM.... 183
Task 6: Override the Provider VDC Storage Policy on the Organization VDC ................................... 185
Lab 26 Creating and Using the VM Sizing and VM Placement Policies................ 187
Task 1: Verify the Host Groups and Host Rules ...............................................................................................188
Task 2: Create VM Placement Policies ................................................................................................................189
Task 3: Publish VM Placement Policies to the Organization VDC............................................................ 190
Task 4: Create VM Sizing Policies ..........................................................................................................................191
Task 5: Publish VM Sizing Policies to the Organization VDC ...................................................................... 193
Task 6: Create VMs Using the VM Placement and Sizing Policies ............................................................194
Task 7: Verify the VM Placement and Sizing Policies ....................................................................................196
Lab 27 Creating the Advisories Dashboard ................................................................... 197
viii
Task 1: Create Advisories Notifications as a System Administrator.........................................................198
Task 2: Verify Advisories Notifications as a Tenant User .......................................................................... 200
Lab 28 Verifying the VMware Cloud Director CLI Commands .............................. 201
Task 1: Verify the VMware Cloud Director CLI Commands and Operations....................................... 202
Lab 29 Installing and Configuring VMware Cloud Director Management Pack
with vRealize Operations Manager.................................................................................. 205
Task 1: Install the VMware Cloud Director Management Pack in vRealize Operations Manager. 206
Task 2: Configure the VMware Cloud Director Management Pack in vRealize Operations Manager
.........................................................................................................................................................................207
Lab 30 Monitoring the VMware Cloud Director Objects with vRealize
Operations Manager............................................................................................................. 209
Task 1: View the Predefined VMware Cloud Director Dashboards ......................................................... 210
Task 2: View the Predefined Views, Reports, and Alerts Definitions ...................................................... 212
Task 3: Generate a Custom Report ...................................................................................................................... 212
Task 4: Monitor the VMware Cloud Director Objects ................................................................................... 215
Answer Key .............................................................................................................................. 217
ix
Lab 1 Reviewing the Lab Environment
1
Task 1: Log In to the Student Desktop
You access and manage the lab environment from the student desktop. The system assigned to
you is an end-user terminal.
• Password: VMware1!
1. Select vSphere Site-A > vSphere Client (SA-VCSA-01) from the bookmark.
2. If a certificate warning appears, click Advanced and click Accept the Risk and Continue.
• Password: VMware1!
4. In the left pane, navigate to sa-vcsa-01.vclass.local > SA-Datacenter > SA-NSX-T &
Compute.
5. Click each resource pool to understand the preconfigured resource pools mapped to the
Site-A provider VDCs.
The resource pools are configured and named RnD-RP and Testing-RP.
7. Right-click the SA-VCD-P-1 and SA-VCD-S-1 VMs and select Power > Power On.
8. Verify that the sa-vcd-p-1 and sa-vcd-s-1 VMs are powered on.
2
Task 3: Navigate the VMware Cloud Director Infrastructure
You navigate the VMware Cloud Director appliance to verify the preconfigured settings.
1. Select VCD Primary > Provider from the bookmark and click SA-VCD-P Provider.
2. If a certificate warning appears, click Advanced and click Accept the Risk and Continue.
• Password: VMware1!
5. Click VMBeans-RnD-PVDC and browse through the various configurations available for the
provider VDC.
Q1. What storage policies are applied to the provider VDC?
A1. RnD- SP.
7. Click Organization VDCs in the left pane and verify that Beta-OVDC (2), Dev-OVDC (1), and
Research-OVDC (3) are configured by the system administrator.
8. Click Network Pools in the left pane and verify that the VMBeans-NP-01 network pool is
configured by the system administrator.
9. Click Cloud Cells in the left pane, and verify that the version appears as 10.3.0.18295834 and
that the assigned IP address appears as 172.20.10.100 for the sa-vcd-p.vclass.local cell.
10. Click the Infrastructure Resources tab and click vCenter Server Instances in the left pane.
11. Verify that the version appears as 7.0.2 and that vCenter Server Host appears as sa-vcsa-
01.vclass.local.
12. Click NSX-T Managers and verify that the sa-nsxmgr-01 NSX Manager is configured by the
system administrator.
13. On the top bar, click Administration and identify the configured users.
3
Lab 2 Deploying and Configuring the
VMware Cloud Director Cells
5
Task 1: Deploy the VMware Cloud Director Standby Cell
You deploy the standby VMware Cloud Director appliance using an OVA file.
The deployment option for deploying the primary cell and the standby or application cell is the
same. The sa-vcd-p-1 primary cell and sa-vcd-s-2 standby cell are predeployed.
1. Select vSphere Site-A > vSphere Client (SA-VCSA-01) from the bookmark.
2. If a certificate warning appears, click Advanced and click Accept the Risk and Continue.
• Password: VMware1!
4. In the left pane, navigate to the sa-vcsa-01.vclass.local > SA-Datacenter > SA-Management
cluster.
6
5. Deploy the OVF template.
f. Click Open.
6. Click NEXT.
10. Select the I accept all license agreements check box and click NEXT.
13. Select Thin Provision from the Select virtual Disk Format drop-down menu and click NEXT.
15. Select pg-SA-Production from the eth1 Network drop-down menu and click NEXT.
7
16. In the Customize template pane, configure the appliance settings, and then click NEXT.
Option Action
Expire Root Password Upon First Login Deselect the check box.
18. Right-click the sa-vcd-s-2 VM and select Power > Power On.
8
19. Open the sa-vcd-s-2 VM console and verify that the VM is powered on and that the VMware
Cloud Director services are running.
9
Task 2: Configure the VMware Cloud Director Primary Appliance
You configure the primary VMware Cloud Director appliance in the appliance management UI.
2. If a certificate warning appears, click Advanced and click Accept the Risk and Continue.
• Password: VMware1!
4. In Appliance Settings, configure the appliance details and then click NEXT.
Option Action
5. In Administrator Account, configure the system administrator details and then click NEXT.
Option Action
Password VMware1!
10
6. In VMware Cloud Director Settings, configure the installation of this instance.
Option Value
Installation ID 1
11
Task 3: Configure the VMware Cloud Director Standby Appliances
You configure the standby VMware Cloud Director appliances in the appliance management UI.
2. If a certificate warning appears, click Advanced and click Accept the Risk and Continue.
• Password: VMware1!
4. Enter the NFS mount for the transfer file location on the System Setup page.
5. Click SUBMIT.
The system setup takes approximately 10 to 15 minutes to complete.
8. If a certificate warning appears, click Advanced and click Accept the Risk and Continue.
• Password: VMware1!
10. Enter the NFS mount for the transfer file location on the System Setup page.
12
Lab 3 VMware Cloud Director Cluster
Features and Failover
1. View the VMware Cloud Director Appliance Cluster Health and Failover Mode
13
Task 1: View the VMware Cloud Director Appliance Cluster Health
and Failover Mode
You monitor the cluster status by using the VMware Cloud Director appliance management UI.
• Password: VMware1!
b. Verify that the status is running for the three VMware Cloud Director cells in the cluster.
5. Click the Services tab in the left pane and verify the service status.
• vmware-vcd: running
• vpostgres: running
• appliance-sync.timer:waiting or running
The Running and Waiting states are healthy and expected for the systemd timer.
14
Task 2: Verify the Connectivity Status of a Database High Availability
Cluster
You use the replication manager tool suite to verify the connectivity between the nodes in your
database high availability cluster.
ssh root@172.20.10.101
3. Enter yes to accept the finger print.
sudo -i -u postgres
6. Verify the cluster connectivity.
/opt/vmware/vpostgres/current/bin/repmgr -f
/opt/vmware/vpostgres/current/etc/repmgr.conf cluster matrix
The command is a single line and must be entered in a single line.
The three entries in the first row are marked with a * symbol because all the nodes are up.
15
Task 3: Recover from a Primary Cell Failure in a High Availability
Cluster
You stimulate a failover of the primary appliance and promote a standby appliance to primary and
test the switchover.
1. Select vSphere Site-A > vSphere Client (SA-VCSA-01) from the bookmark.
2. If a certificate warning appears, click Advanced and click Accept the Risk and Continue.
• Password: VMware1!
• Password: VMware1!
The management UI shows two cells with the primary role. The original primary cell has a
failed status and the new primary cell has a running status. The cluster health is DEGRADED.
ssh root@172.20.10.102
16. Enter yes to accept the fingerprint and enter VMware1! as the password.
17. Change the user to Postgres.
sudo -i -u postgres
16
18. Verify the cluster connectivity.
/opt/vmware/vpostgres/current/bin/repmgr -f
/opt/vmware/vpostgres/current/etc/repmgr.conf cluster matrix
The three entries in the sa-vcd-p-1 row are marked with ? because the sa-vcd-p-1 node is
down. No information about the outbound connections is available.
20. Replace the <node ID> with the node ID recorded in the previous step and run the command
with the --dry-run option to verify that the prerequisites for unregistering the node are
met.
23. Click SWITCHOVER on the sa-vcd-s-2 standby appliance to switch the new primary
appliance to sa-vcd-s-2.
24. Click OK to confirm the switchover and wait for the switchover task to complete.
25. Click OK and refresh the browser to refresh the appliance management UI.
26. Verify that the role of sa-vcd-s-2 changed to primary and the role of sa-vcd-s-1 has changed
to standby.
The deployment and cluster configuration lab tasks use separate nested VMware Cloud
Director Cells to perform the tasks in this lab. For the other lab tasks, another VMware Cloud
Director cell (production environment with single cell) is used with preconfigured objects.
In an ideal production environment, if one of the cells is down, you must deploy a new
standby cell to configure HA for your VMware Cloud Director database as a best practice.
17
18
Lab 4 Configuring System
Administrator Tasks
19
Task 1: Create a Network Pool
You create a network pool so that you can use the network pool to dynamically create
organization VDC networks and vApp networks.
1. Select VCD Primary > Provider from the bookmark and click SA-VCD-P Provider.
• Password: VMware1!
6. Select Geneve backed for Network Pool Type and click NEXT.
20
Task 2: Create a VRF Supported Tier-0 Gateway
You create a Tier-0 Gateway supported by VRF.
2. Click NEW.
e. Click ADD.
f. Click SAVE.
To connect a VM to the VRF supported external network, you need the IP address from
this static pool range.
21
Task 3: Create a DVPG Supported External Network
You create a distributed virtual port group (DVPG) external network so that the VMBeans-RnD-
PVDC workload can reach the external network, the Internet, or any other domain.
2. Select vSphere Resources and select Distributed Port Groups to support the network.
NOTE
On the vCenter Server system, the pg-SA-External-DVPG-01 port group is already created
and connected to the uplink, which communicates with the 172.20.12.x network.
3. Click NEXT.
7. Click NEW and configure the subnet and static IP pool settings.
f. Click SAVE.
To connect a VM to the external network, you need the IP address from the static pool
range.
i. Click ADD.
j. Click SAVE.
22
Lab 5 Creating and Configuring the
Provider VDC
23
Task 1: Create a Provider VDC
You create a provider VDC for a testing environment as a resource hub for testing customer
workloads.
1. Select VCD Primary > Provider from the bookmark and click SA-VCD-P Provider.
2. If a certificate warning appears, click Advanced and click Accept the Risk and Continue.
• Password: VMware1!
9. Expand SA-NSX-T & Compute and select Testing-RP as the resource pool.
10. Ensure that the hardware version is set to Hardware Version 19 (Default) and click NEXT.
11. In the Storage Policy pane, select Testing-SP and click NEXT.
Testing-SP is already created in vCenter Server.
• Testing-SP Storage Policy is in sa-vcsa-01 vCenter Server and is mapped to the SA-
Remote-01 datastore. All VMs in this provider VDC are stored in this datastore.
• You can add multiple storage policies to make multiple datastores available for the
provider VDC. You select only one storage policy.
• To view the storage policies, you can log in to the vCenter Server system.
24
16. Open a new browser tab and select vSphere Site-A > vSphere Client (SA-VCSA-01).
17. If a certificate warning appears, click Advanced and click Accept the Risk and Continue.
• Password: VMware1!
19. In the left pane, select sa-vcsa-01.vclass.local > SA-Datacenter > SA-NSX-T & Compute.
20. Expand the Testing-RP resource pool to verify that System vDC is created.
24. Click the COMPATIBLE tab and verify that SA-Remote-01 appears as a compatible storage
that is mapped to the Testing-SP storage policy.
25
Task 2: Manage the Provider VDC
You create and manage different VMware Cloud Director resources from the provider portal as a
provider administrator.
2. Click VMBeans-Testing-PVDC.
7. Click Resource Pools under VMBeans-Testing-PVDC and verify that Testing-RP appears.
8. Click Storage under Policies of VMBeans-Testing-PVDC and verify that Testing-SP appears
with Capabilities TagBasedPolicy/SAVCD.
26
Lab 6 Creating an Organization and
Accessing the Tenant Portal
27
Task 1: Create an Organization from the Provider Portal
You create a testing organization which includes an organization VDC, a catalog, and organization
policies.
1. Select VCD Primary > Provider from the bookmark and click SA-VCD-P Provider.
• Password: VMware1!
6. Enter Organization for all Testing workload in the Description text box.
7. Click CREATE.
After creating an organization, you can modify the default settings for catalogs and policies
to make the catalog public and change the default leases and quotas for the organization.
8. Click VMBeans-Testing-Org.
9. Under Configure, click Catalog and verify the default catalog sharing and publishing settings.
The Share catalogs to other organizations, Publish external catalogs, and Subscribe to
external catalogs settings are disabled by default.
2. Click the icon beside VMBeans-Testing-Org to open the organization portal in a new
browser.
You can access the VMBeans-Testing-Org organization tenant portal directly by using the
URL.
https://sa-vcd-p.vclass.local/tenant/VMBeans-RnD-Org/vbcs
28
Task 3: Create an Organization Administrator User
You create an organization administrator user from the tenant portal as a system administrator.
3. In the New User wizard, configure the user values and then click SAVE.
Option Action
29
Task 4: Manage the Organization Policies
You access the VMBeans-Testing-Org organization and configure policies for the organization.
2. Click VMBeans-Testing-Org.
3. Click Policies.
5. In vApp leases, set the leases for vApp runtime, runtime expiry action, storage, and storage
cleanup.
a. From the Maximum runtime lease drop-down menu, select Never Expires as the
number of days.
b. In the Runtime expiry drop-down menu, leave Suspend as the default value.
c. From the Maximum storage lease drop-down menu, select Never Expires as the
number of days.
d. In the Storage cleanup drop-down menu, leave Mark as expired as the default value.
e. Click SAVE.
7. On vApp template lease, set the storage lease and storage cleanup policies for the vApp
templates.
a. From the Maximum storage lease drop-down menu, select Never Expires as the
number of days.
b. In the Storage cleanup drop-down menu, leave Mark as expired as the default value.
IMPORTANT
You must not change any of the default quotas, limits, or password policies.
c. Click SAVE.
30
Lab 7 Creating Organization VDCs
and Allocating Resources
31
Task 1: Create an Organization VDC
You create an organization VDC that is associated with the VMBeans-Testing-PVDC and you
create the organization VDC from the provider portal.
1. Select VCD Primary > Provider from the bookmark and click SA-VCD-P Provider.
NOTE
The allocation model determines how customers are billed for any resources that they use.
8. On the configure Pay-As-You-Go model page, configure the values and then click NEXT.
Option Action
The table shows the committed resources from the provider VDC when using these
allocation settings.
The number of vApps or VMs that you can expect with your allocation settings changes
depending on the allocation model that you select.
32
9. Configure the Storage Policies and then click NEXT.
a. Select Testing-SP.
In vCenter Server, Testing-SP is tagged to the Testing-Tag tag. The tag is applied on
the SA-Remote-01 datastore.
b. Leave Unlimited as the default Allocation Type.
a. Select VMBeans-NP-02.
b. In the Maximum Provisioned Networks text box, enter 50 in the text box.
The Status column shows a green check mark. The State columns show the Enabled state
for EUP-OVDC.
12. After the organization VDC is created, log in to vCenter Server and verify that a child
resource pool is created in Testing-RP with the Testing-QA-OVDC name.
a. Open a new browser and select the vSphere Site-A > vSphere Client (SA-VCSA-01)
bookmark.
• Password: VMware1!
c. In the left pane, expand sa-vcsa-01.vclass.local > SA-Datacenter > SA-NSX-T &
Compute > Testing-RP.
33
Task 2: Manage the Organization VDC
You create and manage various VMware Cloud Director objects as a provider administrator from
the provider portal.
3. Click Testing-QA-OVDC.
7. Click Allocation under Testing-QA-OVDC and verify that the CPU quota and Memory quota
are set to Unlimited.
12. Click Resource Pools and verify that the resource pool name is Testing-QA-OVDC (xxx).
13. Click Storage under Policies and verify that both Thin provisioning and Fast provisioning
are enabled.
34
Lab 8 Integrating Active Directory
and Importing User Group
35
Task 1: Integrate Active Directory from the Provider Portal
You import an Active Directory instance to VMware Cloud Director through the provider portal
as an administrator.
1. Select VCD Primary > Provider from the bookmark and click SA-VCD-P Provider.
• Password: VMware1!
6. In the Edit LDAP window, click the Connections tab, configure the connection parameters,
and then click SAVE.
Option Action
The Custom LDAP tab must appear with all the parameters that you configured.
7. Click TEST.
9. Click TEST.
The test results appear with the Active Directory users and groups.
36
Task 2: Integrate the Active Directory Instance to an Organization
You integrate the active directory instance at the organization level as an administrator.
1. Select VCD Primary > Tenant from the bookmark and click VMBeans-RnD-Org.
6. In the Import Groups window, enter dcgroup in the Search text box and click SEARCH.
7. Select dcgroup.
8. Scroll to the bottom of the window, select Catalog Author from the Assign Role drop-down
menu and click SAVE.
37
Task 4: Verify the Domain User Access to the Organization
You log in to the tenant portal as the domain user and verify the access level.
1. Log in to the VMBeans-RnD-Org tenant portal and verify that the user role in the upper-right
corner is Catalog Author.
• Password: VMware1!
a. If you do not see the user role, click the vertical ellipsis icon.
4. Log in to the VMBeans-RnD-Org tenant portal and verify that the user role in the upper-right
corner is Catalog Author.
• Password: VMware1!
a. If you do not see the user role, click the vertical ellipsis icon.
38
Lab 9 Creating Local Users in the
Organizations
39
Task 1: Create Local Users in the Organization
You create a few organization users with different roles as an organization administrator.
1. Select VCD Primary > Tenant from the bookmark and click VMBeans-RnD-Org.
• Password: VMware1!
6. In the Create User wizard, configure the first user values and then click SAVE.
Option Action
40
8. Click NEW in the right pane.
9. In the Create User wizard, configure the second user values and then click SAVE.
Option Action
41
12. In the Create User wizard, configure the third user values and then click SAVE.
Setting Value
42
Task 2: Verify the Access Rights of the Tenant Users
You verify the access rights of each user that you created in the VMbeans-RnD-Org tenant
portal.
• Password: VMware1!
You must verify that the user role on the top right is Catalog Author. If you do not see the
user role, click the vertical ellipsis icon.
4. Click Media & Other under Content Libraries in the left pane.
In Virtual Machines, you can view that the NEW VM creation option is available and enabled
for the user.
In vApp, you can view that the NEW VAPP creation option is available and enabled for the
user.
You can view that the NEW creation option is available and enabled for the user.
43
12. Log in to the VMBeans-RnD-Org tenant portal.
• Password: VMware1!
You must verify that the user role on the top right is vApp User. If you do not see the user
role, click the vertical ellipsis icon.
In Virtual Machines, you can view that the NEW VM creation option exists but is unavailable
for the user.
In vApp, you can view that the NEW VAPP creation option exists but is unavailable for the
user. Adding the vApp using the catalog option is enabled.
44
Task 3: Create the Provider Access Control User
You create a provider access control user as an administrator.
1. Select VCD Primary > Provider from the bookmark and click SA-VCD-P Provider.
• Password: VMware1!
6. In the Create User wizard, configure the first user values and then click SAVE.
Option Action
Available roles Select Defer to identity provider from the drop-down menu.
45
Lab 10 Creating and Managing Role
Based Access Control
47
Task 1: Create a Provider Access Control Role
You log in to the provider portal as an administrator and create a provider access control role.
1. Select VCD Primary > Provider from the bookmark and click SA-VCD-P Provider.
• Password: VMware1!
5. Click NEW.
Option Action
INFRASTRUCTURE > Port Group Leave the default value. Select all.
7. Click SAVE and verify that Infra_Role appears in the roles table.
48
Task 2: Assign the Provider Access Control Role to a Local User
You assign the provider access control role to an existing user.
3. Click EDIT.
4. From the Available Roles drop-down menu, delete the existing selected role and select
Infra_role.
5. Click SAVE.
Task 3: Verify the Provider Access Control Role Local User Rights
You verify the provider access control role user rights.
• Password: VMware1!
You must verify that the user role on the top right is Infra_Role. If you do not see the user
role, click the vertical ellipsis icon.
49
8. Select SA-Remote-02 in the right pane.
9. Click the other items in the left pane and verify the permissions.
50
Task 4: Create the Custom Role-01 Tenant Access Control Role
You log in to the provider portal as an administrator and create a tenant access control role.
• Password: VMware1!
3. Click Global Roles under Tenant Access Control in the left pane.
4. Click NEW.
Option Action
6. Click SAVE.
51
Task 5: Publish the Custom Role-01 to a Tenant
You publish the Tenant Access Control role to an existing organization.
2. Click PUBLISH.
4. Click SAVE.
1. Select VCD Primary > Tenant from the bookmark and click VMBeans-RnD-Org.
• Password: VMware1!
You can view vApp_User_Custom_Role_01 in the roles table with a Yes tag in the Read
Only column.
Any role that the system administrator creates cannot be deleted or edited by the
organization users.
7. Click EDIT.
8. From the Available Roles drop-down menu, delete the existing selected role and select
vApp_User_Custom_Role_01.
9. Click SAVE.
52
Task 7: Create the Custom Role-02 Using the Tenant Portal
You log in to the tenant portal as an organization administrator and create a custom role.
3. Click CLONE.
4. Configure the clone role in the Clone Role window and then click SAVE.
Option Action
3. Click EDIT.
4. From the Available Roles drop-down menu, remove the existing selected role and select
vApp_User_Custom_Role_02.
5. Click SAVE.
53
Task 9: Verify the Custom Role-02 Local User Rights
You verify the custom role user rights from the tenant portal.
1. Log in to the VMBeans-RnD-Org tenant portal and verify that the user role on the top right is
vApp_User_Custom_Role_02.
• Password: VMware1!
54
Lab 11 Creating and Managing Quotas
55
Task 1: Assign the Organization Quotas
You assign the quotas for the organization as a system administrator.
1. Select VCD Primary > Provider from the bookmark and click SA-VCD-P Provider.
6. Configure the Running VMs quota for the organization in the Edit Quota for Organization
VMBeans-RnD-Org window.
a. Click ADD.
b. From the Name column, select Running VMs Quotas from the drop-down menu.
c. Under Description, enter 2 in the text box.
7. Configure the All VMs quotas for the organization in the Edit Quota for Organization
VMBeans-RnD-Org window.
a. Click ADD.
b. From the Name column, select All VMs Quotas from the drop-down menu.
c. Under Description, enter 16 in the text box.
8. Configure the memory quotas for the organization in the Edit Quota for Organization
VMBeans-RnD-Org window.
a. Click ADD.
b. From the Name column, select Memory Quotas from the drop-down menu.
c. Under Description, enter 5 and select GB from the drop-down menu.
9. Click SAVE.
All the quotas that you configured must be available in a table.
Under All VMs quota, you view 13 / 16, which indicates that 11 VMs and 2 templates exist in
the organization.
Under Running VMs quota, you must view 0 / 2.
Under Memory quota, you must view 0MB / 5GB.
56
Task 2: Verify the Organization Quotas
You verify the All VMs quota, Running VMs quota, and Memory quota set for the organization, as
an organization administrator.
1. Select VCD Primary > Tenant from the bookmark and click VMBeans-RnD-Org.
• Password: VMware1!
3. Click Administration.
4. Click Quotas under Settings in the left pane and verify that you can view the same settings
from the provider portal.
6. Click the Research-OVDC (3) card and verify that four VMs are already created in this
OVDC.
Leave the other values under Operating System to the default value.
i. Click OK.
57
10. Configure another VM in the New VM window.
Leave the other values under Operating System to the default value.
Leave the other values under Operating System to the default value.
j. Expand Recent Tasks at the bottom and view the error by clicking the failed task and
click OK.
58
12. Click NEW VM to create a VM in the New VM window.
a. Enter Quotatest-04 as the name.
b. Enter Quotatest-04 as the computer name.
c. Enter Quotatest-04 as the description.
d. Select New as the type.
e. Select Power on.
f. Under Operating System, select Linux as the OS family.
g. Select CentOS 8 (64-bit) as the operating system.
Leave the other values under Operating System to the default value.
h. Under Storage, enter 1 GB as the disk size.
i. Click OK.
Q4. Is Quotatest-04 VM created and powered on?
A4. No. Quotatest-04 VM is not created and is in an Unreso lved state. The behavior occ urs bec ause w hen yo u set t he quot as in t he org anizat ion, All VMs Quot as are conf igured to 16. 11 VMs and 2 templates were already created in this org anizat ion. Therefore, you c an creat e only 3 additio nal VMs or templates. A m aximum of 16 VMs or templates c an be created w ith this co nfig urat ion.
j. Expand Recent Tasks at the bottom and view the error message by clicking the failed
task and click OK.
The All VMs quota limit: 16 count. Current available
resource: 0 count. Current requirement: 1 count. error appears.
13. Delete Quotatest-04, which is in the Unresolved state.
a. Click ACTIONS on the Quotatest-04 VM card.
b. Click Delete from the list.
c. Click DELETE.
d. Verify that the Quotatest-04 VM is deleted successfully.
14. Perform the memory quota test.
a. Power off the Quotatest-02 VM.
b. Click ACTIONS on the Quotatest-02 VM card.
c. Click Power and click Power Off.
d. Click POWER OFF.
15. Increase the memory on the Quotatest-02 VM.
a. Click DETAILS on the Quotatest-02 VM card.
b. Click Compute under Hardware.
c. Scroll to the bottom in the right pane and click EDIT above Memory.
d. In the Edit Memory Details window, enter 4 GB.
e. Click SAVE.
59
16. Power on the Quotatest-02 VM.
a. Click ALL ACTIONS on the top.
b. Click Power and click Power On.
c. Expand Recent Tasks at the bottom and view the error message by clicking the failed
task.
The Memory quota limit: 5120 MB. Current available
resource: 4096 MB. Current requirement: 5120 MB. error appears.
This is because, Quotatest-01 VM is powered on with 1GB memory allocated to it. Since
the maximum memory quota set on the organization is 5GB, there is only 4GB memory
resource remaining to be used.
d. Click OK.
20. Click Virtual Machines under Compute in the left pane.
21. Power off the Quotatest-01 VM.
a. Click ACTIONS on the Quotatest-01 VM card.
b. Click Power and click Power Off.
c. Click POWER OFF.
60
22. Try powering on the Quotatest-02 VM again.
a. Click ACTIONS on the Quotatest-02 VM card.
b. Click Power and click Power On.
61
Task 3: Assign the Group Quotas
You assign the quotas for the user group that is imported from the domain controller, as an
organization administrator.
1. Before assigning quotas to the user group, modify the organization quota as a system
administrator.
a. Select VCD Primary > Provider from the bookmark and click SA-VCD-P Provider.
b. Log in to the SA-VCD-P provider portal.
• User name: administrator
• Password: VMware1!
c. Click VMBeans-RnD-Org in the right pane.
d. Click Quotas under Configure.
e. Click EDIT.
f. Modify the All VMs quota from 16 and enter 19 in the text box.
g. Modify the Running VMs quota from 2 and enter 4 in the text box.
h. Modify the Memory quota from 5 and enter 7 GB in the text box.
i. Click SAVE.
2. Log out of the SA-VCD-P provider portal.
3. Select VCD Primary > Tenant from the bookmark and click VMBeans-RnD-Org.
4. Log in to the VMBeans-RnD-Org tenant portal.
• User name: rnd_admin
• Password: VMware1!
5. Click Administration from the top bar.
6. Click Groups under Access Control in the left pane.
7. Click dcgroup in the right pane.
8. Click Quotas.
9. Click EDIT in the right pane.
The Edit Quota for Group dcgroup window appears.
10. Configure the running VM quotas in the Edit Quota for Group dcgroup window.
a. Click ADD.
b. From the Name column, select Running VMs Quotas from the drop-down menu.
c. In the Description column, enter 2 in the text box.
62
11. Configure all VMs quotas in the Edit Quota for Group dcgroup window.
a. Click ADD.
b. From the Name column, select All VMs Quotas from the drop-down menu.
c. In the Description column, enter 2 in the text box.
12. Configure the memory quotas in the Edit Quota for Group dcgroup window.
a. Click ADD.
b. From the Name column, select Memory Quotas from the drop-down menu.
c. Under Description, enter 5 and select GB from the drop-down menu.
13. Click SAVE.
You can view all the quotas that you configured in the table.
Under the All VMs quota, you can view - / 2.
Under the Memory quota, you can view - / 5GB.
Under the Running VMs quota, you can view - / 2.
You cannot view the current usage at the group level, because the defined value at the
group level is applicable to each user individually.
14. Log out of the VMBeans-RnD-Org tenant portal.
15. Click LOGIN AS AN INTEGRATED USER.
• Password: VMware1!
63
4. Configure the VM in the New VM window.
Leave the other values under Operating System to the default value.
Leave the other values under Operating System to the default value.
64
6. Click NEW VM to create a VM in the New VM window.
Leave the other settings under Operating System to the default value.
j. Expand Recent Tasks at the bottom and view the error message by clicking the failed
task.
c. Click DELETE.
• Password: VMware1!
65
12. Click NEW VM to create a VM in the New VM window.
Leave the other settings under Operating System to the default value.
Leave the other values under Operating System to the default value.
66
14. Click NEW VM to create a VM in the New VM window.
Leave the other values under Operating System to the default value.
j. Expand Recent Tasks at the bottom and view the error message by clicking the failed
task.
c. Click DELETE.
67
Task 5: Assign the User Quotas
You assign a user quota for a user as an organization administrator.
• Password: VMware1!
5. Click Quotas.
a. Click ADD.
b. From the Name column, select All VMs Quotas from the drop-down menu.
All VMs quota is now separated and appears in a different table. The other two quotas
appear as Inherited (not modifiable).
68
Task 6: Verify the User Quotas
You verify the All VMs quota set for the user, as an organization user.
1. Log in to the VMBeans-RnD-Org tenant portal.
• User name: dcuser1
• Password: VMware1!
2. Click the Research-OVDC (3) card.
3. Click NEW VM to create a VM in the New VM window.
a. Enter dcuser1VM-03 as the name.
b. Enter dcuser2VM-03 as the computer name.
c. Enter dcuser2VM-03 as the description.
d. Select New as the type.
e. Select Power on.
f. Under Operating System, select Linux as the OS family.
g. Select CentOS 8 (64-bit) as the operating system.
Leave the other values under Operating System to the default value.
h. Under Storage, enter 1 GB as the disk size.
i. Click OK.
69
5. Delete the dcuser1VM-04 which is in the Unresolved state.
c. Click DELETE.
1. Select VCD Primary > Provider from the bookmark and click SA-VCD-P Provider.
• Password: VMware1!
5. Click EDIT.
9. Click SAVE and verify that no assigned quota is available for this organization.
70
Lab 12 Creating and Managing VMs
6. Suspend the VM
7. Create a VM Snapshot
8. Renew a VM Lease
71
Task 1: Create a Standalone VM from the Template
You create a standalone VM using templates in Beta-OVDC (2).
1. Select VCD Primary > Tenant from the bookmark and click VMBeans-RnD-Org.
• Password: VMware1!
Option Action
Select Select RnD-Sp(VDC Default) from the Storage Policy drop-down menu.
You must wait 3 to 4 minutes to create and power on the StandaloneVM1 VM.
72
Task 2: Create a Standalone VM from the ISO Image
You create a standalone VM using ISO images in Beta-OVDC (2).
Option Action
You must wait 3 to 4 minutes to create and power on the StandaloneVM2 VM.
73
Task 3: Import a Standalone VM from vCenter Server
You import a standalone VM from vCenter Server to Beta-OVDC (2).
1. Select VCD Primary > Provider from the bookmark and click SA-VCD-P Provider.
2. If a certificate warning appears, click Advanced and click Accept the Risk and Continue.
• Password: VMware1!
Option Action
74
Task 4: Upgrade the Virtual Hardware Version for a VM
You install the latest upgrade of the virtual hardware version for the StandalonVM3 VM.
1. Select VCD Primary > Tenant from the bookmark and click VMBeans-RnD-Org.
• Password: VMware1!
5. Click DETAILS on the StandalonVM3 VM and record the Virtual Hardware Version on the
General tab. __________
Hardware version must be 13.
6. Select Upgrade Virtual Hardware Version from the StandalonVM3 ALL ACTIONS drop-
down menu on the tenant portal.
VM hardware version is upgraded on the target guest operating system. If an error occurs
during installation, an error message appears. You can also view the progress of the
installation operation in the Recent Tasks window.
75
Task 5: Update the VM Resources
You enable the hot-add feature. In the VM power-on state, you verify the changes in the
resource settings in the guest OS.
5. Turn on the Virtual CPU hot add toggle and click SAVE.
A failed error status message appears when you try to enable the hot add feature on the
virtual CPU when the VM is powered on.
A failed error status message appears in Recent Tasks when you try to enable the hot add
feature on the memory when the VM is powered on.
8. Click the ALL ACTIONS drop-down menu on StandaloneVM03 and select Power > Shut
Down Guest OS.
11. Turn on the Virtual CPU hot add toggle and click SAVE.
13. Turn on the Memory hot add toggle and click SAVE.
14. Click the ALL ACTIONS drop-down menu on StandaloneVM03 and select Power > Power
On.
You must wait 2 to 3 minutes for the StandaloneVM3 VM to power on.
16. Select 3 in the Virtual CPU drop-down menu and click SAVE.
76
Task 6: Suspend the VM
You suspend the StandaloneVM03 VM.
2. Select VM Console > Launch Web Console from the StandaloneVM03 ACTIONS drop-
down menu.
• Password: VMware1!
6. Select Power > Suspend from the StandaloneVM03 ACTIONS drop-down menu.
The Launch Web Console and Launch Remote Console options are unavailable when the VM
is in a partially suspended state.
7. Select Power > Power On from the StandaloneVM03 ACTIONS drop-down menu.
8. Select VM Console > Launch Web Console from the StandaloneVM03 ACTIONS drop-
down menu.
When the VM is suspended, the state is preserved. You can view the vmware-
vmtoolsd-root.log file on the console.
9. Close the web console on the StandaloneVM03 VM.
77
Task 7: Create a VM Snapshot
You create a snapshot of a VM and then you use the revert and remove options to revert and
remove the snapshot.
2. Select Snapshot > Create Snapshot from the StandaloneVM03 ACTIONS drop-down
menu.
3. Verify that the Snapshot the memory of the virtual machine toggle is turned off.
4. Verify that the Quiesce the guest file system toggle is turned off and click CREATE.
5. On the StandaloneVM03 VM card, verify that a blue icon appears on the Storage icon.
6. Select VM Console > Launch Web Console from the StandaloneVM03 ACTIONS drop-
down menu.
7. (Optional) If the console does not load, launch it again using a different method.
cd /opt
mkdir backup
cd backup
touch test.txt
9. List the files in the backup folder that you created.
ls -ltrh
The test.txt file must appear in the backup folder that you created.
11. Select Snapshot > Revert to Snapshot from the StandaloneVM03 ACTIONS drop-down
menu.
78
12. Click REVERT in the Revert to Snapshot window.
The status of the StandaloneVM03 changes to Powered off because you did not create a
snapshot of the VM memory.
13. Select Power > Power On from the StandaloneVM03 ACTIONS drop-down menu.
You must wait 2 to 3 minutes for the StandaloneVM03 VM to power on.
14. Select VM Console > Launch Web Console from the ACTIONS drop-down menu.
• Password: VMware1!
cd /opt
17. List the files in the /opt folder.
ls -ltrh
The test.txt file and the backup folder do not appear in the /opt folder because the
StandaloneVM03 VM reverted to the state prior to taking the snapshot.
mkdir backup
cd backup
touch test.txt
19. List the files in the backup folder that you created.
ls -ltrh
The test.txt file must appear in the backup folder that you created.
21. Select Snapshot > Remove Snapshot from the StandaloneVM03 ACTIONS drop-down
menu.
On the StandaloneVM03 VM card, you verify that a blue icon disappears on the Storage
icon.
23. Select VM Console > Launch Web Console from the StandaloneVM03 ACTIONS drop-
down menu.
79
24. On the StandaloneVM03 VM console, list the files in the /backup folder.
ls -ltrh
The test.txt file in the backup folder is preserved as the StandaloneVM03 VM is
committed. The changes made to the guest operating system are saved.
The Runtime and the Storage lease of the StandaloneVM1 is set to Never Expires.
3. Select the Runtime lease check box to set the runtime lease to 1 hour.
4. Select the Storage lease check box to set the Runtime lease to 1 Day.
5. Click SAVE.
You can view the date and time on when the runtime and storage lease of the VM expires.
80
7. Select Renew Lease from the StandaloneVM1 ACTIONS drop-down menu.
8. Select the Runtime lease check box to set the custom runtime lease to 2 days.
9. Select the Storage lease check box to set the custom storage lease to 2 days.
You can view the date and time when the runtime and storage lease of the VM expires.
81
Lab 13 Creating and Managing vApps
3. Add a VM to a vApp
83
Task 1: Build a New vApp
You create a vApp with the Linux VMs in Beta-OVDC (2) using a template and a new VM with
customizable settings.
1. Select VCD Primary > Tenant from the bookmark and click VMBeans-RnD-Org.
2. If a certificate warning appears, click Advanced and click Accept the Risk and Continue.
• Password: VMware1!
Option Action
84
9. Configure the VM settings.
Option Action
Description Enter VM01 for the Beta-OVDC organization VDC in the text
box.
Storage Policy Select Rnd-SP (VCD Default) from the drop-down menu.
Option Action
Description Enter VM02 for the Beta-OVDC organization VDC in the text
box.
13. Under Storage, leave the Storage Policy default settings and change Size to 1 GB.
85
15. Click CREATE to complete the creation of the vApp.
When the vApp is powered on, the VMs are created and powered on.
17. Click General on the vApp-01 vApp page and verify that the State is Powered on.
19. Verify that the VM01 and VM02 VMs are created and in the powered on state.
2. Click NEW and click Add vApp from OVF in the right pane.
3. In the Create vApp from an OVF file window, click the arrow to open the OVA file.
5. Click Open.
6. Click NEXT.
8. Configure the vApp Name and Description on the Select vApp Name screen and then click
NEXT.
Option Action
9. Leave the default settings on the Configure Resources page and click NEXT.
10. Leave the default settings on the Configure Networking page and click NEXT.
12. Select 128 MB as the memory in the Total Memory drop-down menu on the Customize
Hardware page and click NEXT.
86
13. Click Finish on the Ready to Complete page.
15. Click Virtual Machines on the vApp-02 vApp page and verify that the VM is created.
2. From the vApp-01 ACTIONS drop-down menu, select Add > Add VM.
Option Action
Storage Policy Select Rnd-SP (VCD Default) from the drop-down menu.
5. Click ADD.
6. Click DETAILS on the vApp-01 vApp to view and edit the vApp properties.
VM03 is created.
87
Task 4: Copy a VM from a vApp
You copy the LinuxServer01 VM in a standalone vApp to vApp-02.
2. Click DETAILS on the StandaloneVM3 vApp to view and edit the vApp properties.
6. Click NEXT.
11. Click DETAILS on the vApp-02 vApp card to view and edit the vApp properties.
LinuxServer01 is created.
88
Task 5: Copy a vApp to Another Virtual Data Center
You copy the vApp-02 vApp in the Beta-OVDC (2) organization virtual data center to the Dev-
OVDC (1) organization virtual data center.
Option Action
Virtual Data Center Select Dev-OVDC (1) from the drop-down menu.
4. Leave the default values for the other settings to defaults and click OK.
The Copy_of_vApp-02 vApp is not available in the list of vApps when the Move operation
is complete.
89
12. Click the Beta-OVDC (2) card on the Data Centers page.
6. Select the Runtime lease check box and select Runtime lease as 7 Day(s).
7. Select the Storage lease check box and select Runtime lease as 7 Day(s).
9. Click Metadata on the Beta-vApp-01 vApp page and click EDIT to modify the badges.
You can view the date and time when the runtime and storage lease of the VM expires.
90
Task 7: Create a vApp Snapshot
You create a snapshot of a vApp and then you use the revert and remove options to revert and
remove the snapshot.
1. Click DETAILS on the Beta-vApp-01 vApp to view and edit the vApp properties.
2. Click Virtual Machines on the Beta-vApp-01 vApp page.
3. Click the vertical ellipsis icon on VM01 and select Snapshot.
The Revert to Snapshot and Remove Snapshot options are unavailable.
4. Click the vertical ellipsis icon on VM02 and select Snapshot.
The Revert to Snapshot and Remove Snapshot options are unavailable.
5. Click vApps in the left pane in the tenant portal.
6. Select Snapshot > Create Snapshot from the Beta-vApp-01 ACTIONS drop-down menu.
7. Verify that Snapshot the memory of the virtual machine is disabled.
8. Verify that Quiesce the guest file system is disabled and click CREATE.
On the Beta-vApp-01 card, verify that a blue icon appears on Storage.
9. Click DETAILS on the Beta-vApp-01 vApp to view and edit the vApp properties.
10. Click Virtual Machines on the Beta-vApp-01 vApp page.
11. Click the vertical ellipsis icon on VM01 and select Snapshot.
The Revert to Snapshot and Remove Snapshot options are enabled.
12. Click the vertical ellipsis icon on VM02 and select Snapshot.
The Revert to Snapshot and Remove Snapshot options are enabled.
13. Click vApps in the left pane.
14. Select Snapshot > Remove Snapshot from the Beta-vApp-01 ACTIONS drop-down menu.
15. Click Remove in the Remove Snapshot window.
On the Beta-vApp-01 vApp card, verify that a blue icon disappears on Storage.
16. Click DETAILS on Beta-vApp-01 vApp.
17. Click Virtual Machines on the Beta-vApp-01 vApp page.
18. Click the vertical ellipsis icon on VM01 and select Snapshot.
The Revert to Snapshot and Remove Snapshot options are disabled.
19. Click the vertical ellipsis icon on VM02 and select Snapshot.
The Revert to Snapshot and Remove Snapshot options are disabled.
91
Task 8: Renew the vApp Lease
You renew a vApp lease and set the custom lease on the vApp.
3. Select the Runtime lease check box to set the runtime lease to 12 hours.
4. Select the Storage lease check box to set the runtime lease to 1 day.
5. Click SAVE.
You can check the date and time of the Runtime and Storage lease expiry.
7. Select Renew Lease from the Beta-vApp-01 vApp ACTIONS drop-down menu.
8. Select the Runtime lease check box to set the custom runtime lease to 2 days.
You can check the date and time of the Runtime and Storage lease expiry.
92
Task 9: Change the vApp Owner
You change the owner of a vApp from the organization administrator to the organization user.
93
Lab 14 Creating and Managing the
Auto Scaling Groups
95
Task 1: Configure the Auto Scale Plug-In
You enable the metric data collection and enable Auto Scale Plug-in as a VMware Cloud Director
provider administrator.
The Configure and publish the Auto Scale Plug-in.txt file with the
list of commands is saved on student01\Desktop\Class Materials and
Licenses\Download in the student desktop.
2. Connect to the sa-vcd-p.vclass.local VMware Cloud Director cell.
ssh root@172.20.10.100
You must enter VMware1! as the password.
/opt/vmware/vcloud-director/bin/cell-management-tool manage-
config -n statsFeeder.metrics.collect.only -v true
4. Enable the publishing of metrics.
/opt/vmware/vcloud-director/bin/cell-management-tool manage-
config -n statsFeeder.metrics.publishing.enabled -v true
5. Create the metrics.groovy file in the /tmp folder.
cd /tmp
vi metrics.groovy
a. Press i to insert the text metrics into the metrics.groovy file.
configuration {
metric("cpu.ready.summation") {
currentInterval=20
historicInterval=20
entity="VM"
instance=""
minReportingInterval=300
aggregator="AVERAGE"
}
}
c. Press ESC on the keyboard and enter:wq to save the metrics.groovy file.
96
6. Change the file permission.
$VCLOUD_HOME/bin/cell-management-tool configure-metrics --
metrics-config /tmp/metrics.groovy
8. Enable auto scaling.
$VCLOUD_HOME/bin/cell-management-tool configure-autoscale --
set enabled=true
$VCLOUD_HOME/bin/cell-management-tool configure-autoscale --
set username=administrator
$VCLOUD_HOME/bin/cell-management-tool configure-autoscale --
encrypt --set password=VMware1\!
The \ sign in the password is used to escape any special characters when you run the
command from the terminal.
9. Disable certificate verification as self-signed certificates are used on the VMware Cloud
Director cell.
$VCLOUD_HOME/bin/cell-management-tool configure-autoscale --
set enableHostnameVerification=false
10. Restart the VMware Cloud Director service.
97
Task 2: Publish the Auto Scale Rights Bundle
You add the necessary VMWARE:SCALEGROUP rights to the tenant roles as a service provider.
1. Select VCD Primary > Provider from the bookmark and click SA-VCD-P Provider.
• Password: VMware1!
4. Select Rights Bundles under Tenant Access Control in the left pane.
8. Click SAVE.
2. Select the Autoscale plugin check box from the plug-ins list and click PUBLISH.
5. Click SAVE.
98
Task 4: Create a Scale Group
You create an Auto Scale Group. The amount of VMs in an Auto Scale Group changes
automatically depending on the conditions that you define.
1. Select VCD Primary > Tenant from the bookmark and click VMBeans-RnD-Org.
• Password: VMware1!
3. Select Applications from the top bar and click the Scale Groups tab in the tenant portal.
5. Configure the host VDC and group name In General Settings and then click NEXT.
Option Action
7. Select Rnd-SP (Default) on the Storage Policy drop-down menu and click NEXT.
9. Select Beta-Org-Isolated-NW from the network drop-down menu to select a network for
the scale group.
99
Task 5: Add an Auto Scaling Rule
You add rules to trigger the growing or shrinking of virtual machines in an Auto Scale Group
1. Click ADD RULE to add an Auto Scaling rule.
2. Configure the rule in the Add Rule window.
Option Action
3. Click ADD.
4. Click ADD RULE to add an Auto Scaling rule.
5. Configure the added rule in the Add Rule pop-up window.
Option Action
6. Click ADD.
7. Select Virtual Machines on the SG-Beta-OVDC(2) details page.
You must wait 10 to 15 minutes for the Beta-OVDC (2)-UUID VM to be created and powered
on.
100
Task 6: Test the Auto Scaling Rule
You generate the CPU workload on Beta-OVDC (2) VM and test the auto scaling rule.
3. (Optional) If the Console does not load, open a new tab and enter https://sa-vcd-
p.vclass.local:8443
a. Click Advance and click Accept the Risk and Continue.
• Password: VMware1!
top -c
%Cpu(s) must be less than 5 microseconds.
top -c
%Cpu(s) must be less than 50 microseconds.
101
12. Monitor the CPU utilization.
top -c
%Cpu(s) must be more than 85 microseconds.
You must wait 15 to 20 minutes for the second SG-Beta-OVDC (2)-UUID VM to be created
and powered on.
14. On the Beta-OVDC (2)-UUID VM console, press q to exit the top session.
15. Replace the <Process ID> with the process ID recorded in step 7 and run the command to
kill the process used to generate CPU load on the guest OS.
top -c
The %Cpu(s) must be less than 50 microseconds.
18. Replace the <Process ID> with the process ID recorded in step 11 and run the command to
kill the process used to generate CPU load on the guest OS.
top -c
The %Cpu(s) must be less than 10 micro seconds.
You must wait 15 to 20 minutes for the second SG-Beta-OVDC (2)-UUID VM to be deleted
from the list of virtual machines.
102
Lab 15 Creating and Managing
Catalogs
2. Create a Catalog
3. Share a Catalog
4. Publish a Catalog
103
Task 1: Add a Catalog Storage Policy to an Organization Virtual Data
Center
You add a VM storage policy to a provider virtual data center and to an organization virtual data
center.
1. Select VCD Primary > Provider from the bookmark and click SA-VCD-P Provider.
• Password: VMware1!
4. Click VMBeans-RnD-PVDC from the list of the provider virtual data centers.
5. Under Policies, select Storage and click ADD.
6. Select Catalog-SP from the list of Storage Policy and click ADD.
12. Click Beta-OVDC (2) from the list of organization virtual data centers.
14. Select the check boxes next to the Catalog-SP storage policy and click ADD.
104
Task 2: Create a Catalog
You create a catalog as an organization administrator.
1. Select VCD Primary > Tenant from the bookmark and click VMBeans-RnD-Org.
• Password: VMware1!
4. Click NEW.
5. Configure the catalog in the Create Catalog window and then click OK.
Option Action
105
Task 3: Share a Catalog
You share a catalog with an organization user.
• Password: VMware1!
• Password: VMware1!
7. Click the vertical ellipsis icon next to Beta-OVDC-Catalog and select SHARE.
10. Select Read/Write from the access level drop-down menu and click SAVE.
• Password: VMware1!
106
Task 4: Publish a Catalog
You publish a catalog externally to make its vApp templates and media files available for
subscription by organizations external to the VMware Cloud Director installation.
1. Select VCD Primary > Provider from the bookmark and click SA-VCD-P Provider.
• Password: VMware1!
7. Enable Share catalog to other Organizations, Publish external catalogs, and Subscribe to
external catalogs in the Catalogs sharing and Publishing window.
10. Select VCD Primary > Tenant from the bookmark and click VMBeans-RnD-Org.
• Password: VMware1!
13. Click the vertical ellipsis icon next to Beta-OVDC-Catalog and select Publish settings.
14. Select Enable Publishing in the Publish the settings for catalog window.
17. Select the Preserver identity information check box and click SAVE.
18. Click the vertical ellipsis next to Beta-OVDC-Catalog and select Publish settings.
A subscription URL must appear. You must provide the subscription URL when you
subscribe to an external catalog.
107
Task 5: Upload the Media Files
You upload new media files to a catalog. Users with access to the catalog can open the media
files with their virtual machines.
7. Click Open.
8. Click OK.
After the upload starts, the dsl-4-4.10.iso media file appears in the grid.
108
Lab 16 Working with vApp Templates
109
Task 1: Create a vApp Template from an OVF File
You create a vApp template from an OVA file and add it to Published-Catalog.
1. Select VCD Primary > Tenant from the bookmark and click VMBeans-RnD-Org.
• Password: VMware1!
4. Click NEW.
9. Configure the vApp template in Select vApp Template and then click NEXT.
Option Action
The import might take approximately 4-5 minutes. The new vApp-Template-1 appears in the
templates grid view.
110
Task 2: Import a VM from vCenter Server as a vApp Template
You import a VM from vCenter Server as a vApp template and add it to Published-Catalog.
1. Select VCD Primary > Provider from the bookmark and click SA-VCD-P Provider.
• Password: VMware1!
4. Click Beta-OVDC (2) from the list of organization virtual data centers.
8. Select the sa-vcsa-01 vCenter Server instance from the drop-down menu.
10. In the Import from vCenter page, configure the vApp template settings and then click NEXT.
Option Action
111
Task 3: Create a vApp from a vApp Template
You create a new vApp based on a vApp template stored in a catalog.
1. Select VCD Primary > Tenant from the bookmark and click VMBeans-RnD-Org.
• Password: VMware1!
5. On the Select Name page, configure the name of the deployed vApp and then click NEXT.
Option Action
6.
7. Select Beta-OVDC (2) from the list of organization virtual data centers and click NEXT.
You must wait the create task to complete and verify that vApp-03 is created.
12. Click Applications on the top bar and select Virtual Applications.
112
Lab 17 Creating and Managing the
Organization VDC Template
113
Task 1: Create an Organization VDC Template from the Provider
Portal
You create and manage an organization VDC template.
1. Select VCD Primary > Provider from the bookmark and click SA-VCD-P Provider.
• Password: VMware1!
3. Click Organization VDC Templates in the left pane and click NEW.
c. Select edge-cluster-01 from the Edge Cluster For NSX-T Gateway drop-down menu.
e. Click NEXT.
6. Leave the default settings and click NEXT on the Pay-as-you-go page.
8. Enter 50 GB to set the limit of storage resource for the storage policy in the Allocated
Storage text box.
9. Click NEXT.
10. Configure the edge gateway on the Configure Edge Gateway page.
Option Action
a. Click NEXT.
114
11. Configure the organization VDC network on the Configure Organization VDC Network page.
Option Action
12. Leave the settings to the default values and click NEXT.
13. Enter 192.168.101.10-192.168.101.50 in the Static IP Pools text box, click ADD,
and click NEXT.
14. Leave the default settings in Configure Network Pools and click NEXT.
15. Select the VMBeans-RnD-Org check box on the Configure Access List page and click NEXT.
16. Configure the VDC template name on the Name This VDC Template page and then click
NEXT.
Option Action
The new VDC template appears in the Organization VDC Templates grid view.
115
Task 2: Instantiate an Organization VDC Template from the Provider
Portal
You instantiate an organization VDC template to create an organization virtual data center from
the provider portal.
Option Action
3. Click CREATE.
The creation of the new organization virtual data center is instantiated and might take a few
minutes. You can see the progress of the task in the Recent Tasks pane.
The new Demo1-OVDC organization VDC appears in the Organization VDCs list view.
116
Task 3: Instantiate an Organization VDC Template from the Tenant
Portal
You instantiate an organization VDC template to create a new organization virtual data center
from the tenant portal.
1. Select VCD Primary > Tenant from the bookmark and click VMBeans-RnD-Org.
• Password: VMware1!
3. From the top bar, select Libraries and select Organization VDC Templates in the left pane.
Option Action
6. Click CREATE.
The creation of the new organization virtual data center is instantiated and might take a few
minutes. You can see the progress of the task in the Recent Tasks pane.
The new Demo2-OVDC organization VDC appears in the organization VDCs list.
117
118
Lab 18 Provider Networking Tasks
119
Task 1: Create a Distributed Virtual Port Group Supported External
Network
You create an external network supported by a distributed virtual port group (DVPG) in vCenter
Server.
1. Select VCD Primary > Provider from the bookmark and click SA-VCD-P Provider.
• Password: VMware1!
10. Configure the Gateway CIDR and static IP pool settings for the external network.
e. Click ADD.
f. Click SAVE.
When you connect a VM to the DVPG supported external network, the VM uses the IP
address from this static pool range.
120
Task 2: Create an External Network Using Segments
You create an external network so that the workload from the cloud can reach the external
network, any other network domain, or the Internet.
2. Scroll down, select NSX-T Segments, and select sa-nsxmgr-01 from the Select a registered
NSX-T Manager section.
3. Click NEXT.
5. Enter An External Network Using Segments as the description and click NEXT.
a. Click NEW.
e. Click ADD.
f. Click SAVE.
To connect a VM to the external network, you need the IP address from this static pool
range.
8. Click NEXT.
9. Click FINISH.
121
Task 3: Create a Tier-0 Gateway Using Tier0
You create a Tier-0 Gateway to import the Tier-0 Gateway from NSX-T Data Center to VMware
Cloud Director.
3. Select sa-nsxmgr-01 from the NSX Manager drop-down menu and click NEXT.
e. Click ADD.
f. Click SAVE.
The edge gateways that are connected to the Tier-0 gateway require IP addresses
from the static IP pools.
8. Click NEXT.
9. Click FINISH.
122
Task 4: Create a Tier-0 Gateway Using VRF
You create a Tier-0 gateway to import the VRF segment from NSX-T Data Center to VMware
Cloud Director.
2. Select sa-nsxmgr-01 from the NSX Manager list and click NEXT.
e. Click ADD.
f. Click SAVE.
The edge gateways that are connected to the VRF gateway require IP addresses from
the static IP pools.
7. Click NEXT.
8. Click FINISH.
123
Task 5: Create an Edge Gateway
You create an edge gateway that is used during the creation of a routed organization VDC
network.
When you create a dedicated edge gateway in VMware Cloud Director, a Tier-1 gateway in
NSX-T Data Center is created.
124
Task 6: Create a Direct Organization VDC Network
You create a direct organization VDC network in Dev-OVDC (1).
You must be logged in as the system administrator to perform this task because the organization
administrator cannot create a direct organization VDC network.
2. In the right pane, click the icon next to the VMBeans-RnD-Org organization.
4. Click Networks under Networking in the left pane and click NEXT.
7. On the General page, configure the values and then click NEXT.
Option Action
Description Enter Shared Direct Org VDC network for Site A in the text
box.
By sharing the organization VDC network, the other organization VDCs in the
Site A (SA) can view this network. The organization VDCs in the VMBeans-
Testing-Org organizations can access this network.
8. On the External Network Connection page, select DVPG-External-NW-2 and click NEXT.
125
Task 7: Create an Imported Organization VDC Network
You create an imported organization VDC network in Dev-OVDC (1) OVDC.
2. Select Current Organization Virtual Data Center on the Scope page and click NEXT.
4. Select Imported-Seg on the NSX-T Logical Switch page and click NEXT.
5. Configure the settings on the General page and then click NEXT.
Option Action
8. Configure the settings on the DNS page and then click NEXT.
Option Action
126
Lab 19 Creating and Verifying
Organization VDC Networks
7. Assign the Second Isolated Organization VDC Network to a vApp and Verify Connectivity
127
Task 1: Read the Three-Tier Application Use Case
You read the VMBeans-Alpha use case to understand the security applications requirements.
The VMBeans-RnD Org customer wants to configure a three-tier application with web,
application, and database servers. The customer requires network connectivity to be
available only between the web and application servers and application and database
servers. The database servers must not have connectivity to the web servers but must have
connectivity to the application servers only.
The VMBeans-RnD Org customer can create routed and isolated organization VDC networks
and connect the routed network only to the web servers so that web servers can connect
to another network domain external to the cloud. Connect one isolated organization VDC
network to both the web and application servers. Connect another isolated organization
VDC network to the application and database servers. Web server and application server
can communicate using the first isolated organization VDC network. The application and
database servers can communicate using the second isolated organization VDC network.
128
Task 2: Create a Routed Organization VDC Network
You create a routed organization VDC network in the VMBeans-RnD-Org organization.
1. Select VCD Primary > Tenant from the bookmark and click VMBeans-RnD-Org.
3. Click Dev-OVDC (1) from the virtual data centers card view.
Option Action
129
11. In DNS, configure the settings and then click NEXT.
Option Action
13. Open a new browser tab and select vSphere Site-A > vSphere Client (SA-VCSA-01) from
the bookmark.
• Password: VMware1!
15. Click the Networking view and verify that a port group is created under the dvs-SA-
Datacenter distributed switch named Dev-Org-Routed-NW-UUID.
130
Task 3: Assign the Routed Organization VDC Network to a vApp
You assign the routed organization VDC network to a Web-Servers vApp.
Option Action
MAC Address Clear the existing MAC address by clicking the MAC address
and selecting Reset.
12. Under Guest OS Customization, verify that Enable guest customization is enabled.
a. If guest optimization is not enabled, you must click EDIT, select Enable guest
customization, deselect Auto Generate password, and click SAVE.
13. Click the ALL ACTIONS drop-down menu and select Power > Power On, Force
Recustomization.
When the VM is powered on, an IP address is assigned to the Web-VM1 VM from the Dev-
Org-Routed-NW.
14. Click NICs under Hardware and verify that an IP address appears in the IP Address column.
131
Task 4: Create an Isolated Organization VDC Network
You create an isolated organization VDC network in the VMBeans-RnD-Org organization.
5. In the General section, configure the settings and then click NEXT.
Option Action
b. Click ADD.
c. Click NEXT.
7. In the DNS section, configure the settings and then click NEXT.
Option Action
10. Click the Networking view and verify that a port group is created under the dvs-SA-
Datacenter distributed switch named Dev-Org-Isolated-NW-01-UUID.
132
Task 5: Create a Second Isolated Organization VDC Network
You create another isolated organization VDC network in the VMBeans-RnD-Org organization.
5. In the General section, configure the settings and then click NEXT.
Option Action
b. Click ADD.
c. Click NEXT.
7. In the DNS section, configure the settings and then click NEXT.
Option Action
10. Click the Networking view and verify that a port group is created under the dvs-SA-
Datacenter distributed switch named Dev-Org-Isolated-NW-02-UUID.
133
Task 6: Assign the Isolated Organization VDC Network to vApps
You assign the isolated organization VDC network to the Web-Servers and App-Servers vApps.
9. Click Web-VM1.
Option Action
13. Click the ALL ACTIONS drop-down menu and click Power > Shut Down Guest OS.
14. Click the ALL ACTIONS drop-down menu and click Power > Power On, Force
Recustomization.
When the VM is powered on, an IP address is assigned to the Web-VM1 VM from the Dev-
Org-Isolated-NW-01 network.
15. Click NICs under Hardware and verify that an IP address appears in the IP Address column.
134
16. Click vApps in the left pane.
Option Action
MAC Address Clear the existing MAC address by clicking the MAC address
and selecting Reset.
26. Under Guest OS Customization, verify that Enable guest customization is enabled.
a. If guest optimization is not enabled, you must click EDIT, select Enable guest
customization, deselect Auto Generate password, and click SAVE.
135
Task 7: Assign the Second Isolated Organization VDC Network to a
vApp and Verify Connectivity
You assign the second isolated organization VDC network to an App-VM1 VM and verify the web
server to application server connectivity.
8. Click App-VM1.
Option Action
12. Click the ALL ACTIONS drop-down menu and click Power > Power On, Force
Recustomization.
When the VM is powered on, two IP addresses are assigned to the App-VM1 VM one from
the Dev-Org-Isolated-NW-01 network and one from the Dev-Org-Isolated-NW-02 network.
136
14. Accept the console certificate manually and open the console:
15. Navigate to the tenant portal and click LAUNCH WEB CONSOLE of the VM.
• Password: VMware1!
The guest customization takes 2 to 3 minutes and requires multiple reboots of the VM.
17. In the web console window, enter the ip a command and verify that the server has the
following two IP addresses.
The ping command must receive a response from Web-VM1 because both the App-VM1
and Web-VM1 VMs are connected to the same isolated organization VDC network. In this
example, 172.20.50.51 is the NIC1 (ens224) IP address of the Web-VM1.
The ping command must not receive a response from Web-VM1 because the App-VM1 VM
is not connected to the routed organization VDC network. In this example, 172.20.40.51 is
the NIC0 (ens192) IP address of the Web-VM1.
137
Task 8: Assign and Verify the Second Isolated Organization VDC
Network
You assign an isolated organization VDC network to the DB-Server-01 VM, verify that the VMs
are assigned IPs from the configured IP pool, and verify the network connectivity between the
database server and the application server VMs.
Option Action
12. Under Guest OS Customization, verify that Enable guest customization is enabled.
a. If the guest optimization is not enabled, you must click EDIT and select Enable guest
customization and deselect Auto Generate password and click SAVE.
13. From the ALL ACTIONS drop-down menu, select Power > Power On, Force
Recustomization.
The guest customization takes 2 to 3 minutes and requires multiple reboots of the VM.
138
14. Click LAUNCH WEB CONSOLE.
• Password: VMware1!
16. In the web console window, enter the ip a command and verify that the server has an IP
address from the 172.20.60.1/24 (ens192) network.
The ping command must receive a response from App-VM1 because both the App-VM1
and DB-Server1 VMs are connected to the same isolated organization VDC network. In this
example, 172.20.60.51 is the NIC0 (ens192) IP address of the App-VM1.
The ping command must not receive a response from Web-Server1 because the routed
organization VDC network is not reachable from the DB-Server1 VM. In this example,
172.20.40.51 is the NIC0 (ens192) IP address of the Web-VM1.
139
140
Lab 20 Creating and Verifying vApp
Networks
141
Task 1: Read the Applications Server Use Case
You read the VMBeans-RnD-Org use case to understand the security applications requirements.
The VMBeans-RnD Org customer has security applications running on their application
servers. The security application servers must have the connectivity between them but must
not have connectivity to the other servers in the tenant environment.
The VMBeans-RnD Org customer can create isolated vApp networks and connect both the
application servers to the same isolated vApp network. The network traffic is allowed only
between both the servers. The traffic cannot flow out of the vApp environment.
VMBeans Cloud Director Service Provider receives a request from the VMBeans-RnD Org
customer. The customer has a physical Oracle database server in the server farm that
cannot be imported directly to the tenant portal. Communication must be enabled between
the Oracle database VM and the database VM that runs on the VMware Cloud Director
tenant portal. The Oracle VM must be able to write a few entries to the database tables on
the database VM.
VMBeans Cloud Director Service Provider can bring the VMBeans-Alpha customer Oracle
database VM to the NSX-T Data Center environment.
• Create an imported organization VDC network using the same segment that was
imported in VMware Cloud Director.
• Use the imported network directly connected to the database VM in the VMware Cloud
Director tenant portal.
142
Task 3: Create an Isolated vApp Network and Assign to vApps
You create an isolated vApp network in the VMBeans-RnD-Org organization and assign the
network to vApps.
1. Select VCD Primary > Tenant from the bookmark and click VMBeans-RnD-Org.
• Password: VMware1!
8. From the ALL ACTIONS drop-down menu, select Power > Shut Down Guest OS.
11. Click NEW to add an isolated vApp network and select vApp Network.
Option Action
An isolated vApp network is created. The Dev-vApp-Isolated-NW network does not have a
connection with any other networks because it is an isolated network. The connection field
of Dev-vApp-Isolated-NW must not show any connectivity to the other networks.
12. On the App-VM1 virtual machine page, click NICs under Hardware and click EDIT.
143
13. Select NIC 0 and configure the NIC.
Option Action
Option Action
16. From the ALL ACTIONS drop-down menu, select Power > Power On, Force
Recustomization.
You must wait approximately 3 to 4 minutes for the VM to power on and to perform guest
OS customization at startup.
144
Task 4: Verify the Isolated Network Connectivity
You verify the isolated vApp network connectivity between application servers.
3. In the web console window, enter the ip a command and verify that the server has the
10.10.10.11 (NIC0) IP address.
5. On the App-Server page, click App-VM2 from the list of virtual machines.
6. Assign the Dev-vApp-Isolated-NW network to NIC0 of the App-VM2 VM using the previous
steps and ensure that NIC0 is connected.
7. Under Guest OS Customization, verify that Enable guest customization is enabled on App-
VM2 virtual machine.
a. If guest optimization is not enabled, you must click EDIT, select Enable guest
customization, deselect Auto Generate password, and click SAVE.
8. From the ALL ACTIONS drop-down menu, select Power > Power On, Force
Recustomization.
You must wait approximately 3 to 4 minutes for the VM to power on and to perform guest
OS customization at startup.
Guest customization performs the initial configuration of the vApp and restarts the VM
multiple times. The VM takes approximately two minutes to initialize.
11. In the web console window of App-VM2, enter the ip a command and verify that the
server has the 10.10.10.12 (NIC0) IP address.
13. Open the console window of App-VM1 and enter the ping -c 3 10.10.10.12
command.
You can reach App-VM2 from App-VM1 and the reverse.
145
Task 5: Assign the Direct Organization VDC Network to a VM
You assign the direct organization VDC network to a Repo VM in the Dev-OVDC (1) and access
the Internet.
Option Action
MAC Address Clear the existing MAC address by clicking the MAC address
and selecting Reset.
10. Under Guest OS Customization, verify that Enable guest customization is enabled.
a. If the guest optimization is not enabled, you must click EDIT and select Enable guest
customization and deselect Auto Generate password and click SAVE.
11. From the ALL ACTIONS drop-down menu, select click Power > Power On, Force
Recustomization.
The guest customization will take 2 to 3 minutes and requires the VM to be restarted a
couple of times.
146
14. Under the Hardware section, click NICs and click EDIT.
Option Action
MAC Address Clear the existing MAC address by clicking the MAC address
and selecting Reset.
16. Under Guest OS Customization, verify that Enable guest customization is enabled.
a. If the guest optimization is not enabled, you must click EDIT, select Enable guest
customization, deselect Auto Generate password, and click SAVE.
17. From the ALL ACTIONS drop-down menu, select Power > Power On, Force
Recustomization.
When the VM is powered on, the IP address is assigned to the Repo-VM2 VM.
• Password: VMware1!
20. In the web console window, enter the ip a command and verify that the server has an IP
address from the 172.20.12.1/24 (ens192) network.
ping -c 3 172.20.12.116
The ping command must receive a response from Repo-VM1. The IP address might vary
on your lab. You must ping the IP address of the Repo-VM1.
147
Task 6: Assign the Imported Organization VDC Network to a VM
You assign the imported organization VDC network to a Repo VM in the Dev-OVDC (1).
Option Action
10. From the ALL ACTIONS drop-down menu, select Power > Shut Down Guest OS.
11. Click SHUT DOWN in the Confirm Guest OS Shut Down window.
12. From the ALL ACTIONS drop-down menu, select Power > Power On, Force
Recustomization.
You must wait approximately 3 to 4 minutes for the VM to power on and to perform guest
OS customization at startup.
• Password: VMware1!
15. In the web console window, enter the ip a command and verify that the server has the IP
address 172.16.10.11 (NIC0 - ens192).
148
16. Ping the Oracle database server from the Repo-VM2 VM.
ping -c 3 172.16.10.51
The ping command must receive a response from Oracle database server. Oracle
Database Server is residing on the vCenter Server with the name DB-VM.
1. Select VCD Primary > Provider from the bookmark and click SA-VCD-P Provider.
• Password: VMware1!
7. Turn on the Use Edge Cluster toggle, select edge-cluster-01, and click SAVE.
9. Select VCD Primary > Tenant from the bookmark and click VMBeans-RnD-Org.
• Password: VMware1!
11. Click the Dev-OVDC (1) organization VDC card.
149
15. Click NEW and select vApp Network.
Option Action
17. Verify the routing services offered by the newly created routed vApp network by clicking
Routing under Dev-vApp-Org-Routed-NW network page.
20. Verify the default Firewall Rules and NAT IP Translation Rules.
1. Click App-Servers.
5. Click EDIT.
150
6. Select NIC 0 and reconfigure the NIC and then click SAVE.
Option Action
If you observe the page is loading for a longer time, then refresh the browser page once to
see the IP's.
7. From the ALL ACTIONS drop-down menu, select Power > Shut Down Guest OS.
9. From the ALL ACTIONS drop-down menu, select Power > Power On, Force
Recustomization.
You must wait approximately 3 to 4 minutes for the VM to power on and to perform guest
OS customization at startup.
• Password: VMware1!
12. In the web console window, enter the ip a command and verify that the server has the
20.20.20.11 (NIC0) IP address.
14. On the App-Server page, click App-VM2 from the list of virtual machines.
15. Assign the Dev-vApp-Org-Routed-NW network to NIC0 of the App-VM2 VM using the
previous steps and ensure that NIC0 is connected.
16. From the ALL ACTIONS drop-down menu, select Power > Shut Down Guest OS.
17. Click SHUT DOWN in the Confirm Guest OS Shut Down window.
151
18. From the ALL ACTIONS drop-down menu, select Power > Power On, Force
Recustomization.
You must wait approximately 3 to 4 minutes for the VM to power on and to perform guest
OS customization at startup.
• Password: VMware1!
21. In the web console window of App-VM2, enter the ip a command and verify that the
server has the 20.20.20.12 (NIC0) IP address.
The ping command must work. You can reach App-VM1 from App-VM2 on the internal IP
address.
23. Open the console window of App-VM1 and enter the ping -c 3 20.20.20.12
command.
The ping command must work. You can reach App-VM2 from App-VM1 on the internal IP
address.
The ping command must work. You can reach App-VM2 from App-VM1 on the external IP
address.
25. Close the web consoles of the App-VM1 and App-VM2 VMs.
26. Navigate to the tenant portal and log out from the tenant portal.
152
Lab 21 Configuring and Verifying
Edge Gateway Services
153
Task 1: Verifying Connectivity Before Configuring NAT
You verify the connectivity to a sub allocated IP address before configuring NAT service on the
edge gateway.
1. Select VCD Primary > Tenant from the bookmark and click VMBeans-RnD-Org.
• Password: VMware1!
4. Click vApps.
5. Verify that the Web-Servers vApp is powered on.
• Password: VMware1!
The ping command must not work as you have not configured NAT service on the edge
gateway. You will configure NAT in the next task using 172.20.10.131 IP address which is
assigned to the static IP pool of the edge gateway.
154
Task 2: Configure the NAT Services
You configure NAT rules as an organization administrator to avoid IP conflicts with overlapping IP
addresses in a multitenant environment.
1. Navigate to the tenant portal and click Edges under Networking in the left pane.
2. Click Dev-Edge-01.
3. Click NAT on the Dev-Edge-01 edge gateway page.
4. Click NEW.
5. Add a DNAT rule for the Web-Server-01 VM and then click SAVE.
Option Action
To configure the NAT rules, you use the allocated IPs on the edge gateway. The system
administrator has already allocated the IP pool for Dev-Edge-01. IP 172.20.10.131 is one of
the allocated IPs on the edge gateway that you can use for configuring the DNAT and SNAT
rules. 172.20.40.51 is the routed organization VDC network IP address assigned to the NIC0
(ens192) of the Web-VM1.
The internal IP might vary depending on the Web-VM1 VM IP that you have in your lab
environment. You enter the Web-VM1 VM IP in the Internal IP text box.
Option Action
The internal IP might vary depending on the Web-VM1 VM IP that you have in your lab
environment. You enter Web-VM1 VM IP in the Internal IP text box.
155
Task 3: Verify the NAT Connectivity
You use NAT to hide your internal VM IP address and use the allocated IP address instead of the
VM IP address to reach the VM.
3. Click vApps.
• Password: VMware1!
The ping command must work as you are trying to reach the NATed IP of the vApp.
156
Lab 22 Creating and Managing a
Named Disk
157
Task 1: Create a Named Disk
You create a named disk as an organization user.
1. Select VCD Primary > Tenant from the bookmark and click VMBeans-RnD-Org.
• Password: VMware1!
3. Click the Research-OVDC (3) card and verify that you can view two VMs in this OVDC.
5. Click NEW.
6. Configure the named disk in the Create Named Disk window and then click SAVE.
Option Action
Size of Disk Enter 1 in the text box and select GB from the drop-down menu.
158
Task 2: Attach a Named Disk to a VM
You attach and verify the named disk to a virtual machine as an organization user.
c. Wait for the Cluster-VM1 virtual machine to power on before you proceed to the next
step.
5. Click ATTACH.
Refresh the browser page manually and observe the menu option. Only DETACH is available.
All the other options are unavailable.
8. Click the i icon next to 1 under the Attached VM Count column to find the name of the VM to
which the NamedDisk-01 is connected to.
You can now log in to the operating system and format the disk with a file system and store
data.
159
Task 3: Detach the Named Disk
You detach the named disk from the virtual machine as an organization user.
2. Select NamedDisk-01.
3. Click DETACH.
4. Click DETACH.
You can reattach the same named disk to another virtual machine in the same OS family with
which the disk was formatted the first time. When the disk is attached to the VM, all data in
the disk is available.
2. Select NamedDisk-01.
3. Click DELETE.
If you do not see the delete option enabled, refresh the page.
160
Lab 23 Creating and Managing a
Shared Named Disk
161
Task 1: Create a Shared Named Disk
You create a shared named disk as a system administrator.
1. Select VCD Primary > Provider from the bookmark and click SA-VCD-P Provider.
• Password: VMware1!
You are logged in as a system administrator. The organization page appears by default.
7. Click NEW.
8. Configure the named disk on the in the Create Named Disk window and then click SAVE.
Option Action
162
Task 2: Attach a Shared Named Disk to a VM
You attach the shared named disk created by the system administrator to multiple virtual
machines at the same time as an organization administrator.
1. Select VCD Primary > Tenant from the bookmark and click VMBeans-RnD-Org.
• Password: VMware1!
d. Wait for the Cluster-Server vApp to power on before you proceed to the next step.
6. Select SharedNamedDisk-01.
7. Click ATTACH.
Refresh the browser manually and observe the menu option. Only ATTACH and DETACH
options are available. All the other options are unavailable.
11. From the Virtual Machine drop-down menu, select Cluster-VM2 and verify that the shared
named disk is attached to the virtual machines with the same operating system.
You can view that Cluster-VM1 is not available in the list as the shared named disk is already
attached to it.
12. Click ATTACH and wait for the task to finish successfully.
163
13. Click the i icon next to 2 under the Attached VM Count column, to find the name of the VMs
to which the SharedNamedDisk-01 is connected.
16. Click Hard Disks under Hardware and verify that SharedNamedDisk-01 appears.
19. Click Hard Disks under Hardware and verify that the same SharedNamedDisk-01 appears.
2. Select SharedNamedDisk-01.
3. Click DETACH.
4. In the Detach Shared Named Disk window, select Cluster-VM2 from the Virtual Machine
drop-down menu and select the virtual machine from which you want to detach the shared
named disk..
164
Task 4: Delete a VM with an Attached Named Disk
You delete a virtual machine to which the shared named disk is attached as an organization
administrator.
c. Click Delete.
Q1. Is the Cluster-VM1 virtual machine deleted even though the shared named disk
is attached to it?
A1.
The same behav ior is app licab le for t he no nshared named dis k. Yes. Cluster-VM1 virt ual m ac hine is de leted. The shared name dis k is automat ic ally detached from that VM.
165
Lab 24 Encrypting a VM and a Named
Disk
4. Create an Encrypted VM
167
Task 1: Verify the Key Provider Details on vCenter Server
You verify the key provider encryption integration on vCenter Server as an administrator.
1. Select vSphere Site-A from the bookmark and click vSphere Client (SA-VCSA-01).
• Password: VMware1!
5. Click Key Providers under Security and verify that the KMS Connection status appears as
Healthy.
7. Click sa-esxi-05.vclass.local.
b. Select Enabled from the drop-down menu for the Encryption Mode.
c. Click OK.
You must wait for a few seconds and verify that the Encryption mode appears enabled.
You can refresh the web client page.
b. Select Enabled from the drop-down menu for the Encryption Mode.
c. Click OK.
You must wait for a few seconds and verify that the Encryption mode appears enabled.
You can refresh the web client page.
168
Task 2: Verify the Encryption Policy on vCenter Server
You verify the encryption policy on vCenter Server as an administrator.
3. Select Shared-SP in the right pane and, in the lower section on the page, verify that
encryption is set to Default encryption properties on this storage policy.
6. Click the SA-Remote-01 datastore and verify that it is tagged with Shared-Tag and Testing-
Tag.
1. Select VCD Primary > Provider from the bookmark and click SA-VCD-P Provider.
• Password: VMware1!
169
4. Assign the encryption storage policy to the provider VDC.
You can view that the capabilities of the policy must have vSphere Encryption enabled.
g. Click ADD.
e. Select the Shared-SP storage policy from the table, and leave the allocation type as
unlimited.
f. Click ADD.
g. Expand Shared-SP.
6. Verify that the vSphere or encryption capability appears with the other capabilities.
The Shared-SP storage policy appears with the other storage policies.
170
Task 4: Create an Encrypted Virtual Machine
You create a virtual machine on an encrypted storage policy as an administrator.
5. Verify that the Research-OVDC (3) can view the newly added storage policy.
7. Click NEW VM in the right pane, configure the VM ,and then click OK.
Option Action
Storage For Disk 1 Storage policy, select Shared-SP, and for Size, enter 1 GB.
A1.
Q1. Did the VM creation succeed?
No. EncryptedVM vir tual m ac hine is not created bec ause yo u m ust selec t the same stor age policy for the v irtual mac hine files.
10. From the Custom storage policy drop-down menu, select Shared-SP.
11. Click OK, wait until the VM creation task is complete, and then verify that the VM is powered
on.
a. If the VM is not powered on, power it on.
A2.
Q2.
Yes. EncryptedVM virt ual machine creat ion suc ceeded.
Did the VM creation succeed this time?
171
Task 5: Verify the Encrypted Virtual Machine
You verify the settings that identify if the VM is encrypted.
The Policy shows that the disk and its files are encrypted.
The storage policy on the General page does not have the encrypted tag.
4. Click OK.
172
Task 7: Create and Verify an Encrypted Named Disk
You create a named disk on an encrypted storage policy.
Option Action
3. Click SAVE and wait for a few seconds for the Named disk creation task to complete.
The Encrypted Column appears with Yes for EncryptedNamedDisk Named Disk and No for
the other Named Disks in the table.
173
Task 8: Use the Encrypted Disk and VM
You try various methods to attach the encrypted named disk to a nonencrypted VM and to an
encrypted VM.
b. Click ATTACH.
Q1. Did you find any virtual machine in the list, which is not encrypted?
A1. No. Only the encrypted virt ual machine appears.
d. Click ATTACH.
g. Click Hard Disks under Hardware and view that the EncryptedNamedDisk is successfully
attached to EncryptedVM.
The EncryptedNamedDisk shows the encrypted tag against the storage policy.
174
2. Change the EncryptedNamedDisk storage policy to a nonencrypted storage policy when the
disk is attached to an encrypted virtual machine.
d. Click DISCARD.
f. Click Power.
i. After the virtual machine is powered off, click EDIT in the right pane under Hard Disks.
k. Click SAVE.
Q3. Can you change the Storage Policy of EncryptedNamedDisk when it was
attached to a powered off Encrypted VM?
A3. Yes. A powered-off VM c an change t he encryptio n stat us of any disk. An encrypted VM can have a no nencrypted disk att ac hed.
m. Click Power.
Q4. Can you power on the virtual machine when a nonencrypted NamedDisk is
attached to an encrypted virtual machine?
A4. Yes. A an encrypted VM c an have a nonencrypted dis k att ac hed.
175
3. Revert the EncrypteNamedDisk storage policy to an encrypted storage policy.
b. Select EncryptedNamedDisk.
c. Click DETACH.
e. Click EDIT.
You can refresh the page if the EDIT option is not enabled.
f. In the Edit Name Disk window, select Shared-SP from the drop-down menu of Storage
Policy.
g. Click SAVE.
EncryptedNamedDisk exists on Shared-SP Storage Policy. You can refresh the page.
176
Lab 25 Verifying Storage IOPS with
VMware Cloud Director
3. Assign and Verify the vCenter Server Enabled Storage IOPS Policy to a VM
4. Enable the VMware Cloud Director Storage IOPS Limiting on the Provider VDC
5. Assign and Verify the VMware Cloud Director Enabled Storage IOPS Policy to a VM
177
Task 1: Verify the Storage IOPS Policy on vCenter Server
You verify the Storage IOPS policy on the vCenter Server as an administrator.
3. Select Shared-SP in the right pane and verify that Storage I/O Control is set to Low I/O
shares allocation.
The IOPS reservation is set to 10.
4. Click Menu.
5. Click Storage.
8. Verify that the SA-Remote-01 datastore is tagged with Shared-Tag and Testing-Tag.
You must not log out of the vCenter Server portal.
1. Select VCD Primary > Provider from the bookmark and click SA-VCD-P Provider.
178
Task 3: Assign and Verify the vCenter Server Enabled Storage IOPS
Policy to a VM
You create a virtual machine in the vCenter Server Storage-IOPS defined storage policy and
verify the IOPS reservation, as an organization administrator.
1. Select VCD Primary > Tenant from the bookmark and click VMBeans-RnD-Org.
• Password: VMware1!
Option Action
Storage Select Shared-SP from the Storage Policy drop-down menu and
enter 1 GB as the disk size.
Use custom storage Select the check box and select Shared-SP from the Storage
policy Policy drop-down menu.
6. Verify the vCenter Server storage IOPS setting on the virtual machine disk.
Q1. What is the IOPS value defined on the IOPS-VM1 hard disk?
A1. The IO PS value assig ned to t he IOPS-VM1 hard d isk is 1 0. The value is t he storage IO PS reservat ion value t hat is defined in vCenter Server on t he S hared-S P stor age policy.
179
Task 4: Enable the VMware Cloud Director Storage IOPS Limiting on
the Provider VDC
You override the vCenter Server defined storage IOPS policy with the VMware Cloud Director
defined IOPS values as a system administrator.
1. Select VCD Primary > Provider from the bookmark and click SA-VCD-P Provider.
• Password: VMware1!
3. Edit the existing storage policy to override the vCenter Server configuration.
4. In the Edit Storage Policy Settings window, define the values, click EDIT, and then click
CANCEL.
Option Action
180
5. Disable the vCenter Server storage policy to override the existing vCenter Server storage
policy.
a. Navigate to the tab where you are logged in as an administrator on the vSphere Client
(SA-VCSA-01) portal.
b. Click Menu.
e. Click EDIT.
f. Turn off the vCenter Server policies toggle in the Edit VM Storage Policy window and
click NEXT.
h. Click NEXT.
i. Click NEXT.
j. Click NEXT.
k. Click FINISH.
6. Navigate to the tab where you are logged in as a system administration on the provider
portal.
All the vCenter Server capabilities are now disabled and not available.
181
7. Modify the existing storage policy to configure the VMware Cloud Director Storage IOPS
configuration.
8. In the Edit Storage Policy Settings window, define the values and then click EDIT.
Option Action
9. Expand the Shared-SP storage policy and observe that VCD IOPS capability appears.
The organization VDC inherits the provider VDC storage policy configuration by default.
10. Verify that the organization VDC inherits the provider VDC storage policy configuration.
f. Click CANCEL.
182
Task 5: Assign and Verify the VMware Cloud Director Enabled
Storage IOPS Policy to a VM
You create a virtual machine in the VMware Cloud Director storage IOPS defined storage policy
(provider VDC) and verify the IOPS reservation as an organization administrator.
1. Select VCD Primary > Tenant from the bookmark and click VMBeans-RnD-Org.
• Password: VMware1!
Option Action
Operating System Select CentOS 8 (64-bit) from the drop-down menu. Leave the
remaining default values.
Storage Select Shared-SP from the Storage Policy drop-down menu and
enter 1 GB as the disk size.
Use custom storage Select the check box and select Shared-SP from the Storage
policy Policy drop-down menu.
183
6. Verify the VMware Cloud Director Storage IOPS setting on the virtual machine disk.
Q1. What is the IOPS value defined on the IOPS-VM2 hard disk?
A1. The IO PS value assig ned to IO PS-VM2 hard d isk is 2 0. The value is t he storage IO PS reservat ion value whic h is defined on the prov ider VDC for the S hare-S P st orage po licy.
7. Attach another disk to IOPS-VM2 and verify the Storage IOPS limits.
c. On the newly added hard drive, enter 1 as the size, select GB, and select Shared-SP
Policy.
The IOPS value must be 40. With an increment in every GB, you can view an increment
of 20 IOPS to the total IOPS used.
e. Click SAVE.
g. Click SAVE.
184
Task 6: Override the Provider VDC Storage Policy on the
Organization VDC
You override the storage IOPS policy on the organization, which is currently defined for the
provider VDC, as a system administrator.
1. Select VCD Primary > Provider from the bookmark and click SA-VCD-P Provider.
• Password: VMware1!
3. Edit the existing storage policy to override the provider VDC configuration.
4. In the Edit Storage Policy Settings window, define the values and then click EDIT.
Option Action
The organization VDC storage IOPS limiting configuration is considered for the Research-
OVDC (3) organization VDC.
185
186
Lab 26 Creating and Using the VM
Sizing and VM Placement Policies
187
Task 1: Verify the Host Groups and Host Rules
You review and verify the host placement and VM placement policies on the vCenter Server as a
vSphere administrator.
1. Select vSphere Site-A from the bookmark and click vSphere Client (SA-VCSA-01).
• Password: VMware1!
3. Under Hosts and Cluster view, expand SA-Datacenter > SA-NSX-T & Compute.
7. Select Research-HostGroup-01.
8. Select Research-HostGroup-02.
10. Click Research-VMPlacement-01, verify that the type is Run VMs on Hosts, and the enabled
state is Yes.
This host rule is applied to all the Linux based VMs. The placement of VMs is on the sa-esxi-
05.vclass.local host.
11. Click Research-VMPlacement-02, verify that the type is Run VMs on Hosts, and the enabled
state is Yes.
This host rule is applied to all the Windows based VMs. The placement of VMs is on the sa-
esxi-06.vclass.local host.
188
Task 2: Create VM Placement Policies
You create VM placement policies as a system administrator.
1. Select VCD Primary > Provider from the bookmark and click SA-VCD-P Provider.
• Password: VMware1!
a. Click NEW.
b. Click NEXT.
Option Action
d. Click NEXT.
g. Click NEXT.
h. Click FINISH.
189
5. Create another VM placement policy.
a. Click NEW.
b. Click NEXT.
c. In General, configure another VM placement policy.
Option Action
d. Click NEXT.
g. Click FINISH.
5. In the Select Policies to Add to VDC window, select Linux-VM-Placement and NonLinux-
VM-Placement policies from the table.
6. Click OK.
190
Task 4: Create VM Sizing Policies
You define the compute resource allocation for VMs in an organization VDC by creating a VM
Sizing Policies as a system administrator.
1. Click VM Sizing Policies in the left pane to create a few VM sizing policies as a system
administrator.
Option Action
c. Configure the CPU speed in the CPU section and then click NEXT.
Option Action
d. Configure the memory in the Memory section and then click NEXT.
Option Action
e. Click FINISH.
191
3. Create another VM sizing policy.
b. Specify the name and description in the General section and then click NEXT.
Option Action
c. Configure the CPU speed in the CPU section and then click NEXT.
Option Action
d. Configure the memory in the Memory section and then click NEXT.
Option Action
e. Click FINISH.
192
Task 5: Publish VM Sizing Policies to the Organization VDC
You publish the VM sizing policies to an organization VDC as a system administrator.
5. In the Select Policies to Add to VDC window, select Small and Medium policies from the
table.
6. Click OK.
193
Task 6: Create VMs Using the VM Placement and Sizing Policies
You create a few standalone VMs using the VM placement and sizing policies as an organization
user.
1. Select VCD Primary > Tenant from the bookmark and click VMBeans-RnD-Org.
• Password: VMware1!
a. Click NEW VM to create a virtual machine in the New VM window and then configure its
settings.
Option Action
d. Select CentOS 8 (64-bit) as the operating system from the drop-down menu.
Option Action
194
5. Create another virtual machine.
a. Click NEW VM to create another virtual machine in the New VM window, and then
configure its settings.
Option Action
d. Select Microsoft Windows 10 (64-bit) as the operating system from the drop-down
menu.
Option Action
195
Task 7: Verify the VM Placement and Sizing Policies
You verify that the VMs are placed according to the policies applied to them as an organization
user.
1. To verify the VM sizing policy, click Virtual Machines in the left pane.
4. Verify that the CPU and Memory resources on the VM are as per Small VM Sizing Policy.
9. Select vSphere Site-A from the bookmark and click vSphere Client (SA-VCSA-01).
• Password: VMware1!
11. Expand SA-Datacenter > SA-NSX-T & Compute > RnD-RP > Research-OVDC (3).
196
Lab 27 Creating the Advisories
Dashboard
197
Task 1: Create Advisories Notifications as a System Administrator
You create advisories as a system administrator and verify the mandatory advisories.
1. Select VCD Primary > Provider from the bookmark and click SA-VCD-P Provider.
• Password: VMware1!
4. Click Advisories under Settings in the left pane and then click NEW.
7. Select 1:00 AM from the Active From time drop-down menu and select 11:00 AM as the
time from the Active Until drop-down menu.
The advisory by default is active for a day. You can change the advisory active days and
time. The advisory is valid for a specific time. Mandatory security check advisory is active
only during the specific time.
8. Leave Publish to all users in all organizations selected and click OK.
The mandatory advisory is not published to the specific tenant but to all the tenants.
9. Click NEW.
10. Enter Hello, it is time to patch your database VMs as the description.
12. Select 1:00 AM from the Active From time drop-down menu and select 11:00 PM as the
time from the Active Until drop-down menu.
The advisory for patching the VMs is performed for a day. The advisory appears for the
tenant from 1 AM today to 11 PM of the next day. You can change the advisory active days
and time.
198
15. Click NEW.
18. Select 1:00 AM from the Active From time drop-down menu and select 11:00 PM as the
time from the Active Until drop-down menu.
• Password: VMware1!
23. Click the Mandatory security check is about to begin shortly advisory
The mandatory advisories are color coded red and the informational advisories are color
coded orange. The mandatory advisory does not provide an option to snooze or dismiss the
alerts.
24. Click > next to 1/2 on the advisories above the top bar.
25. Click SNOOZE and select Three Hours for the informational advisory.
199
Task 2: Verify Advisories Notifications as a Tenant User
You review the advisories as a tenant administrator.
1. Select VCD Primary > Tenant from the bookmark and click VMBeans-RnD-Org.
• Password: VMware1!
Three advisories appear for an organization administrator. The mandatory advisory does not
provide an option to snooze or dismiss the alerts for an organization administrator.
4. Click > next to 1/3 on the advisories above the top bar to view the second advisory.
View the critical advisory. The critical alert provides an option to DISMISS or SNOOZE.
5. Click SNOOZE and select Three Hours from the first advisory that appears on the top bar.
The advisory is snoozed for three hours and displays after three hours for the organization
administrator.
6. Click > next to 1/3 on the advisories to select the third important advisory.
A dismissed advisory is not visible to the users after they log in.
200
Lab 28 Verifying the VMware Cloud
Director CLI Commands
201
Task 1: Verify the VMware Cloud Director CLI Commands and
Operations
You use various CLI commands and access different VMware Cloud Director entities using the
CLI tools.
The message administrator logged in, org: 'system', vdc: ' '
appears.
7. Upload a file to the catalog by entering the vcd catalog upload -p Repo-
Catalog vcd_cli_error.log command.
The file name and size appear after a successful upload to the catalog.
8. Select VCD Primary > Tenant from the bookmark and click VMBeans-RnD-Org.
• Password: VMware1!
12. Navigate to the VMware Cloud Director CLI and enter the vcd catalog delete
Repo-Catalog vcd_cli_error.log command.
13. Press y to verify the deletion.
14. Navigate to the tenant portal and view that the file is deleted from Media & Other.
202
15. Navigate to the VMware Cloud Director CLI and enter the vcd network external
list command.
The external networks including all the Tier-0 supported external networks appear.
The command lists all the organization VDCs in the provider portal.
22. Enter the vcd vapp network create --subnet 30.30.30.1/24 --ip-
range 30.30.30.11-30.30.30.20 DB-Servers DB-Isolated-NW
command.
24. Navigate to the tenant portal and click Applications on the top bar.
28. Navigate to the web console of SA-CENTOS-01 VM and enter the vcd vapp network
delete DB-Servers DB-Isolated-NW command.
The isolated network is deleted.
29. Navigate to the tenant portal and notice that the DB-Isolated-NW no longer appears under
Networks of the DB-Servers vApp.
203
204
Lab 29 Installing and Configuring
VMware Cloud Director Management
Pack with vRealize Operations
Manager
1. Install the VMware Cloud Director Management Pack in vRealize Operations Manager
2. Configure the VMware Cloud Director Management Pack in vRealize Operations Manager
205
Task 1: Install the VMware Cloud Director Management Pack in
vRealize Operations Manager
You install the VMware Cloud Director management pack in the vRealize Operations UI portal.
1. Select vRealize from the bookmark and click vRealize Operations Manager.
• Password: VMware1!
By default, the VMware Cloud Director management pack is not installed in vRealize
Operations Manager and so you must install it.
5. Scroll to the bottom of the page and click ADD/UPGRADE in the right pane.
8. Click Open.
9. Click UPLOAD.
The upload takes a few minutes to complete. Do not refresh the browser.
11. In the Add Solution window, select I accept the terms of this agreement in the End User
License Agreement and click NEXT.
The management pack installation process begins. The installation takes a few minutes to
complete. Do not refresh the browser.
The VMware Cloud Director Management Pack appears in the Other Management Packs
section at the bottom of the page.
206
Task 2: Configure the VMware Cloud Director Management Pack in
vRealize Operations Manager
You configure the VMware Cloud Director management pack in the vRealize Operations UI
portal.
Option Action
207
5. Provide the credentials in the Manage Credentials window.
Option Action
Credential Kind Select vCloud System Credentials from the drop-down menu.
6. Click and verify that VCD Admin is selected in the Credential section.
a. If this message does not appear, verify that you have performed all the steps correctly.
9. Click OK on the information page with the Test connection successful message.
11. Verify that the SA-VCD-P VMware Cloud Director configured instance appears.
13. Verify that Status appears as OK for the configured instance after a few minutes.
After configuring the management pack, you must wait for two or three collection cycles
before the VMware Cloud Director objects appear on vRealize Operations Manager. Each
collection cycle takes approximately 5 minutes and so you must wait 10 to 15 minutes.
208
Lab 30 Monitoring the VMware Cloud
Director Objects with vRealize
Operations Manager
209
Task 1: View the Predefined VMware Cloud Director Dashboards
You view the default dashboards available in vRealize Operations Manager for VMware Cloud
Director.
Because you configured the VMware Cloud Director management pack, the data collection and
plotting take time. In some cases, you might not see any data for an object.
2. Click the menu option next to Dashboard in the left pane and verify that vCloud Director is
selected.
After you select the vCloud Director dashboard, all the built-in dashboards appear in the left
pane.
In the Operations Alerts widget, you can expand any hour that is available. You can also
select an alert and view the related details of the selected alert in the other widget.
4. Select the vCD All Metrics Selector dashboard in the left pane.
All the metrics associated with an object that the management pack for VMware Cloud
Director collects appear in the same pane. The metrics for the selected object appear when
you select the object.
5. Sort the vCD Resources widget by selecting the object type organization and select
VMBeans-RnD-Org in the table.
6. In the Metric Picker widget, expand Properties > vRealize Operations Generated Properties
and double-click Object Type Classification.
7. View the Metrics Chart widget, which plots the chart according to the Metric Picker selection.
b. In the Metric Picker widget, expand Properties > vRealize Operations Generated
Properties and double-click Object Type Classification.
c. View the Metrics Chart widget by plotting the chart according to the Metric Picker
selection.
Similarly, you can select any metric picker and view the metric chart.
210
9. Select the vCD Org VDC Utilization dashboard in the left pane.
The vCD Org VDC Utilization dashboard provides a quick view of the top 10 organization
VDCs based on the following metrics.
• CPU usage
• Memory usage
• Storage usage
• Network usage
• vApps
• Storage allocation
Based on these metrics, you can determine the performance of an organization VDC.
You can view each widget and the use of the organization based on CPU, memory, storage,
network, vApps, and storage allocation in MB.
10. Select the vCD vApp Utilization dashboard in the left pane.
The vCD vApp Utilization dashboard provides a quick view of the top 10 vApps based on the
CPU allocation, memory allocation, storage allocation, number of VMs, and number of CPUs.
Based on these metrics, you can determine the performance of a vApp.
11. Select the vCD Mashup Charts dashboard in the left pane.
The vCD Mashup charts dashboard is a reference for obtaining the health of the objects
collected by VMware Cloud Director. The dashboard provides the anomaly count graph
metric. The metric shows the number of anomalies for an object in the form of metrics.
12. Select any object from the vCD Resources widget, observe the Mashup Chart widget, and
display the health of the object.
The vCD Troubleshooting dashboard shows all the objects and their relationship in the
management pack for vCloud Director. Based on the selection of an object, the
corresponding health anomalies and its interesting metric is displayed. The dashboard is used
for troubleshooting.
211
Task 2: View the Predefined Views, Reports, and Alerts Definitions
You review the default views and reports available in vRealize Operations Manager for VMware
Cloud Director.
2. In the right pane, enter vCloud in the Quick Filter (Name) text box.
4. In the right pane, enter vCloud in the Quick Filter (Name) text box.
8. In the right pane, enter vCloud in the Quick Filter (Name) text box.
4. In the New Template window, provide the name and description in the Name and Description
section.
Option Action
212
5. Configure the custom report.
c. Click vCloud Director - Organization - Summary and drag it to the right pane.
e. Click vCloud Director - Organization vDC Network - Summary and drag it to the right
pane.
g. Click vCloud Director - Organization vDC - Storage Free - Distribution and drag it to the
right pane.
i. Click VCD - vCloud Director to Organization mapping and drag it to the right pane.
6. Expand Formats.
8. Expand Layout Options and verify that Cover Page, Table of contents, and Footer are
selected.
9. Click SAVE.
10. On the Reports pane, enter custom in the ALL FILTERS search text box.
11. Select Custom Organization Report, click the vertical ellipsis next to the repor, and click Run.
213
12. In the Select an Object window, select vCloud Provider from the drop-down menu, and
select vCloud World from the tree.
15. When the Status of the report changes from Processing to Completed, select Custom
Organization Report and click the PDF icon on the right to download the report.
16. Select Open with Firefox and click OK to read the report.
The report appears with a cover page, table of contents, and a footer with the VMware Cloud
Director object details.
You might see empty data in the report as it takes time for the vRealize Operations Manager
engine to gather and generate the data.
214
Task 4: Monitor the VMware Cloud Director Objects
You monitor a few VMware Cloud Director objects and view the summary details and metrics.
4. Navigate to vCloud World > SA-VCD-P > VMBeans-Rnd-PVDC > Dev-OVDC (1).
The graph appears in the right pane and you can view the graph pattern.
The graph appears on the right pane and you can zoom to view the graph pattern.
You can compare the same metric of various objects and view the graph.
215
14. Select any other objects from the inventory in the left pane and select a different metric for
comparison.
You can expand any object and explore the summary section of each of the object. You can
also monitor and view any object in vRealize Operations Manager.
216
Answer Key
217
create only 3 additional VMs or templates. A maximum of 16 VMs or templates can be
created with this configuration.
Q5. Did the Quotatest-02 VM power on?
A5. Yes. The Quotatest-02 VM powered on successfully and did not violate any quota limit.
Q6. Did the Quotatest-02 VM power on?
A6. No. Quotatest-02 VM is not powered on. The behavior occurs because when you set the
quotas at the organization level, Memory Quota was configured to 5 GB. At any time, a
maximum of 5 GB of memory can be assigned to VMs and powered on simultaneously in
this configuration.
Q7. Did the Quotatest-02 VM power on?
A7. Yes. The Quotatest-02 VM powered on successfully and did not violate any memory
quota limit this time.
Q1. Is dcuser1VM-01 VM created and powered on?
A1. Yes. dcuser1VM-01 VM is created and powered on.
Q2. Is dcuser1VM-02 VM created and powered on?
A2. Yes. The dcuser1VM-02 VM is created and powered on.
Q3. Is the dcuser1VM-03 VM created and powered on?
A3. No. The dcuser1VM-03 VM is not created because the All VM quota limit per user in the
group is set to 2 .
Q4. Is the dcuser2VM-01 VM created and powered on?
A4. Yes. The dcuser2VM-01 VM is created and powered on.
Q5. Is the dcuser2VM-02 VM created and powered on?
A5. Yes. The dcuser2VM-02 VM is created and powered on.
Q6. Is the dcuser2VM-03 VM created and powered on?
A6. No. The dcuser2VM-03 VM is not created because the All VM quota limit per user in the
group is set to 2 .
Q1. Is the dcuser1VM-03 VM created and powered on?
A1. Yes. The dcuser1VM-03 VM is created but not powered on. This behavior occurs
because when the quotas are set at the organization level, the Running VMs Quotas is
configured to 2. A maximum of two VMs can be powered on simultaneously with this
configuration.
Q2. Is the dcuser1VM-04 VM created and powered on?
A2. No. The dcuser1VM-04 VM is not created and is in an Unresolved state. This behavior
occurs because when you set the quotas at the user level, the All VMs Quotas are
218
configured to 3. A maximum of three VMs or templates can be created by this user with
the current configuration.
Lab 23 Creating and Managing a Shared Named Disk
Q1. Is the Cluster-VM1 virtual machine deleted even though the shared named disk is
attached to it?
A1. Yes. Cluster-VM1 virtual machine is deleted. The shared name disk is automatically
detached from that VM. The same behavior is applicable for the nonshared named disk.
Lab 24 Encrypting a VM and a Named Disk
Q1. Did the VM creation succeed?
A1. No. EncryptedVM virtual machine is not created because you must select the same
storage policy for the virtual machine files.
Q2. Did the VM creation succeed this time?
A2. Yes. EncryptedVM virtual machine creation succeeded.
Q1. Did you find any virtual machine in the list, which is not encrypted?
A1. No. Only the encrypted virtual machine appears.
Q2. Can you change the storage policy of EncryptedNamedDisk to a nonencrypted storage
policy?
A2. No. You cannot change the encryption status of a disk when the virtual machine is
powered on.
Q3. Can you change the Storage Policy of EncryptedNamedDisk when it was attached to a
powered off Encrypted VM?
A3. Yes. A powered-off VM can change the encryption status of any disk. An encrypted VM
can have a nonencrypted disk attached.
Q4. Can you power on the virtual machine when a nonencrypted NamedDisk is attached to
an encrypted virtual machine?
A4. Yes. A an encrypted VM can have a nonencrypted disk attached.
Lab 25 Verifying Storage IOPS with VMware Cloud Director
Q1. What is the IOPS value defined on the IOPS-VM1 hard disk?
A1. The IOPS value assigned to the IOPS-VM1 hard disk is 10. The value is the storage IOPS
reservation value that is defined in vCenter Server on the Shared-SP storage policy.
Q1. Can you edit the storage policy?
A1. No. When the vCenter Server storage IOPS is enabled on a storage policy, VMware
Cloud Director cannot override the settings.
Q2. Can you edit the storage policy?
219
A2. Yes. You can edit the storage policy because the vCenter Server configuration on the
storage policy is disabled.
Q1. What is the IOPS value defined on the IOPS-VM2 hard disk?
A1. The IOPS value assigned to IOPS-VM2 hard disk is 20. The value is the storage IOPS
reservation value which is defined on the provider VDC for the Share-SP storage policy.
Q2. Is the new 2 GB size hard drive created?
A2. No. The Shared-SP has 30 IOPS remaining. Requested is 40. error appears.
Based on the virtual machines and named disks created on the Shared-SP storage policy,
30 IOPS remain for you to use. You can create a disk of maximum 1500 MB in size.
Lab 26 Creating and Using the VM Sizing and VM Placement Policies
Q1. On which host does TestVM-02 exist?
A1. TestVM-01 exists on sa-esxi-05.vclass.local because it uses Linux-VM-Placement.
Q2. On which host does TestVM-02 exist?
A2. TestVM-01 exists on sa-esxi-06.vclass.local because it uses NonLinux-VM-Placement.
220