Vmware Vcloud

VMware vCloud Director:
Install, Configure, Manage

Student Lab Manual
vCloud Director 5.1
VMware® Education Services

vmware" VMware, Inc.
www.vmware.com/education
VMware vCloud Director:
Install, Configure, Manage
vCloud Director 5.1
Part Number EDU-EN-VCICM51-LAB-STU
Student Lab Manual
Revision A
CopyrightlTrademark
Copyright © 2013 VMware, Inc. All rights reserved. This manual and its accompanying
materials are protected by U.S. and international copyright and intellectual property laws.
VMware products are covered by one or more patents listed at http://www.vmware.com/go/
patents. VMware is a registered trademark or trademark of VMware, Inc. in the United States
and/or other jurisdictions. All other marks and names mentioned herein may be trademarks
of their respective companies.
The training material is provided "as is,' and all express or implied conditions,
representations, and warranties, including any implied warranty of merchantability, fitness for
a particular purpose or noninfringement, are disclaimed, even if VMware, Inc., has been
advised of the possibility of such claims. This training material is designed to support an
instructor-led training course and is intended to be used for reference purposes in
conjunction with the instructor-led training course. The training material is not a standalone
training tool. Use of the training material for self-study without class attendance is not
recommended .
These materials and the computer programs to which it relates are the property of, and
embody trade secrets and confidential information proprietary to, VMware, Inc. , and may not
be reproduced, copied , disclosed, transferred, adapted or modified without the express
written approval of VMware, Inc.
Course development: Daniel Crider, Rob Nendel
Technical review: Carla Gavalakis, Tom Thomas, Mike Sutton, Steve Schwarze, Jerry
Ozbun, Lizann Dunegan, Phil Cohen , Andy Cary, John Krueger, David Johnston, Jerry Davis
Technical editing: James Brook
Production and publishing: Ron Morton
WWIN. vmware.com/education
TABLE OF CONTENTS
Lab 1: Configuring VMware vCloud Director Networking .. . ....... ... . .. .. . ... . .... 1
Lab 2: Configuring YMware vCloud Director Network Pools . . ... . . .. .. .. . ... . . ... . .... 7
Lab 3: Creating Provider Virtual Datacenters . . . . . . . . . . . . . . . . . . . .................. . 11
Lab 4: Organizations . . . . . . . . . . . . . . . . . . . . . . . . . . . .. . .......... . .... . .... . ........ 17
Lab 5: Creating VMware vCloud Director vApp Templates .......... . . . . .. . . . . ....... . ... 31
Lab 6: Building and Publishing YMware vCloud Director vApps . . ..... . ... . . . ....... . ... 41
Lab 7: Deploying YMware vCloud Director vApps . . . . . . . . . . .............. . . ....... 51
Lab 8.' YMware vSphere vApp Networking ......................... . .. . ..... . .... . ... 61
Lab 9: Hosting Inbound Services ............. . .. . ................ . . . . .............. 69
Lab 10: Managing Custom Security Roles .................. .. . . . .......... . ... 79
Lab 11: Integrating LDAP and Active Directory ..... . ... . ... . .. .. .. .... ....... .... . .. .. 83
Lab 12: Managing Cloud Resources .............. . .. . . . . . .. . .. . .. . .. . . . . . . . ..... .... 89
Lab 13: Managing Organization Resources ......... .. .. . . .. .. .. . .. . . . . .. . . . .. . . . . . . .. .95
Lab 14: Managing VMware vSphere Resources ..... . ... . . .. . .. .. . ... . ........ . ..... . . 103
Lab 15: Monitoring Cloud Components. . . .... . . . . . .. ... . . .. . ................... . . 111
Lab 16: Organization Users . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .119
Lab 17: Installing VMware vCloud Director .. .. . . . . . .... . ... ..... . .. 127
VMware vCloud Director: Install, Configure, Manage

ii VMware vCloud Director: Install, Configure, Manage
Lab 1
Configuring VMware vCloud Director
Networking
Objective: Configure vCloud Director networking

In this lab, you will perform the following tasks:
1. Install licenses.
2. Configure resource cluster network settings for vCloud Director external networks.
3. Create a vCloud Director external network.
Preparing for the lab

Use the following information:
URL to the VMware® vCenter Server™ Web- https://vcs.vcd-ad.vclass.local:9443/

based console
vCenter Server administrator user name administrator
vCenter Server administrator password vrnwarel!
URL to the VMware vCloud Director® http://vcd. vcd-ad. vclass.local
browser-based console
vCloud Director administrator user name administrator
vCloud Director administrator password vmwarel!
Lab 1 Configuring VMware vCloud Director Networking 1

Perfonn this lab as teams of two students. Each team will manage a VMware® cloud. Students will
be identified as student A and student B. Some items in the lab must be done by both students. But
most tasks will be done by one student while the other student checks the work. Students will take
turns so that both students in the team gain experience with the command and the UI.
Task 1: Install licenses

In this task, you will install VMware® vSphere®, vCloud Director, and VMware vCloud®
Networking and SecurityTM licenses. Student B will do this task. Student A will check the settings.
1. Open your workspace.

2. Open the Control Center virtual machine console and log in using the following credentials.
Username administrator
Password vmware I !
3. On the ControlCenter desktop, double-click the Web-Console shortcut and click the Continue
to tbis website (not recommended) link.
4. Log in to the vSphere Web Client console using the following credentials.
User ID administrator
Password vmwarel!
5. In the left pane, select Administration> Licenses.

6. In the center pane, click the vCenter Server Instances tab.
7. Select VCS.vcd-ad.vclass.local and click Assign License Key.
8. In the Assign License Key wizard, select Assign a new license key from the drop-down menu.
9. Type the vCenter Server license key provided by your instructor and click OK.
10. Click the Hosts tab.
11 . Select esxiOl.vcd-ad.vclass.local and click Assign License Key.
13. Type the vSphere Enterprise license key provided by your instructor and click OK.
14. Select esxi02.vcd-ad.vclass.local and click Assign License Key.
2 Lab 1 Configuring VMware vCloud Director Networking
15. In the Assign License Key wizard, select the license key that you typed and click OK.
16. Click the Solutions tab.
17. Select vCloud Networking and Security and click Assign License Key.
19. Type the vCloud Networking and Security Advanced license provided by your instructor and
click OK.
20. Open a new tab in the Internet Explorer browser.
21. Connect to the URL for the vCloud Director console by using the information in "Preparing for
the lab."
22. Log in to the vCloud Director console as administrator. Type the password vmwarell .
23. The VCD console should open to Administration > License. If it does not, navigate to
Administration> License.
24. Replace the expired VCD license key with the license key supplied by your instructor.
25. Click Apply.
26. Leave both Web consoles running for the next task.
Task 2: Configure resource cluster network settings for vCloud

Director external networks
In this task, you will configure the networking of the vSphere resource cluster. Student A will do
thls task. Student B will check the settings.
1. In the vSphere Web Client console, click the Home icon.
vrnware' vSphere Web Client ~ @
" vCenter ~ Home

~~------------------~~--
2. In the left pane, select vCenter > Networking.
3. Under vCloud Datacenter, right-click dvs-Production and select New Distributed Port
Group.

4. In the New Distributed Port Group wizard, perform the following steps.
Setting Action
Name Type Production and click Next.
Port binding Keep the default of Static binding.
Port allocation Keep the default of Elastic.
Number of ports Keep the default of 8.
Network resource pool Keep the default of (default).
VLAN type Keep the default of None.
Customize default Leave unselected.

policies configuration
5. Click Next.
6. Click Finish.
Task 3: Create a vCloud Director external network

In this task, you will configure an external network for vCloud Director. Student B will do this task.
Student A will check the settings.
1. In Internet Explorer, open a new browser tab and type the URL of the vCloud Director server:
http://vcd.vcd-ad.vclass.local
2. Click the Continue to this Website (not recommended) link and log in to the vCloud Director
console, using the following credentials.
Password vmware 1 !
3. In the vCloud Director console, click 3 Create an external network.

4. In the New External Network wizard, select vCenterServer and select the Production
network.
5. Click Next.

6. Under Configure External Network, click the Add button.
7. In the Add Sub net wizard, perform the following actions.
Setting Action
Gateway address Type 172 .20 . 11.10.
Network mask Type255.255.255.0.
Primary DNS Type 172 . 20 . 10 . 93.
DNS suffIX Type vcd-ad. vclass . local.
Static IP pool Type 172 . 2 0 . 11. 2 0 0

172.20.11.254 and click Add.
8. Click OK
9. Click Next.
10. Under Name this External Network, in the Network name text box, type Production and
click Next.
11 . Under Ready to Complete, click Finish.

Lab 2
Network Pools
Objective: Configure vCloud Director network pools

In this lab, you will perfonn the following tasks:
1. Configure resource cluster network settings for a vCloud network pool.

2. Configure a VLAN-backed network pool.

Use the following infonnation:

based console
vCenter Server administrator password vmwarel!
Lab 2 Configuring VMware vCloud Director Network Pools 7

Perform this lab as teams of two students. Each team will manage a VMware® cloud. Students will
turns so that both students in the team gain experience with the command and the ill.
Task 1: Configure resource cluster network settings for a vCloud

network pool
In this task, you will configure resource cluster settings for VMware vCloud®. Student A wiIl do
this task. Student B will check the settings.
1, In Internet Explorer, click the vSphere Web Client tab.
lfyou are not already logged in to the VMware vSphere® Web Client console, double-click the
Web-Console shortcut on the ControlCenter desktop and log in as Administrator with a
password ofvmwarel!. Select vCenter > Networking.
2. In the left pane, right-click vCloud Datacenter and select New Distributed Switch.
3. In the New Distributed Switch wizard, perform the following actions.
Setting Action
Name Type dvs-VLAN-Pool and click Next.
Version Leave Distributed switch: 5.1.0 selected

and click Next.
Number of uplinks Type 1.
Network 110 Control Keep the default of Enabled.
Default port group Deselect the check box and click Next.
4, Click Finish.
5. When the dvs-VLAN-Pool switch appears in the left pane, right-click dvs-VLAN-Pool and
select Add and Manage Hosts.
6. In the Add and Manage Hosts wizard, leave Add Hosts selected and click Next.
7. Click the Add New Hosts icon, which appears as a green plus (+) sign.
8, In the Select new hosts panel, select the esxi01.vcd-ad.vc1ass.1ocal and esx02.vcd
ad.vc1ass.1ocal check boxes, and click OK
8 Lab 2 Configuring VMware vCloud Director Network Pools

9. Click Next.
10. Under Select physical network adapters, select the vmnic4 check box for both VMware
ESXi™ hosts and click Next.
11. Under Select virtual network adapters, click Next.
12. Under Validate changes, click Next.
13. Under Select VM network adapters, click Next.
14. Under Ready to complete, review the settings and click Finish.
15. Monitor the task status in the Recent Tasks pane. Wait for the task to complete before
continuing.
Task 2: Configure a VLAN-backed network pool

In this task, you will configure a VLAN-backed network pool for vCloud Director. Student A will
do this task. Student B will check the settings.
1. In Internet Explorer, click the VMware vCloud Director tab.
IU.iii
If you are not already logged in to the vCloud Director console, open a new Internet Explorer
tab and log in to the vCloud Director console using the information in "Preparing for the lab."
2. In the vCloud Director console, click 4 Create a network pool.
3. In the Create Network Pool wizard, leave VLAN-backed selected and click Next.
4. Under Configure VLAN-backed Pool, in the VLAND ID range text box, type 200 - 2 9 9 and
click Add.
5. In the vCenter list, select vCenterServer.
6. In the vDS list, select dvs-VLAN-Pool.
7. Click Next.
8. Under Name this Network Pool, type ORG-VLAN-Pool in Name and click Next.
9. Under Ready to Complete, click Finish.
Remain logged in to the vSphere Web Client and vCloud Director consoles.
Lab 2 Configuring VMware vCloud Director Network Pools 9

10 Lab 2 Configuring VMware vCloud Director Network Pools
Lab 3
Creating Provider Virtual Datacenters
Objective: Create provider vDCs

1. Configure a storage profile.

2. Configure resource pools.
3. Create the Generic provider vDC.
4. Create the High-Performance provider vDC.

URL to the VMware® vCenter Server™ Web- https://vcs.vcd-ad.vcIass.local:9443/

based console
URL to the VMware vCloud Director® http://vcd.vcd-ad.vcIass.local
Lab 3 Creating Provider Virtual Datacenters 11

Task 1: Configure a storage profile

In this task, you will configure a storage profile. This task should be done by student A, with student
B checking the settings.
1. On the Control Center desktop, double-click the Web-Console shortcut and click the Continue
to this website (not recommended) link.
2. Log in using the user ID of administrator and the password of vmware I!.
3. In the left pane, click Home.
4. Click the VM Storage Profiles icon.
5. Click the Enable Storage Profiles icon.
,~,I ~ : able VM Storage

~ Bronze Resource
P;~fll~;p~r Compute
6. Select the vCloud-Resource-Cluster cluster. The pane should report that the VM Storage
Profile Status for vCloud-Resource-Cluster is set to Enabled.
7. Click the Close button.
8. Click the Create a New VM Storage Profile icon.
~I e 6' ' .. ' -E
Create a new VM Sto rage Profile

~ ~~-----------------.~~
12 Lab 3 Creating Provider Virtual Datacenters

9. When prompted by the Create New VM Storage Profile wizard, perform the following actions.
Setting Action
Name Type Gold.
Description Type High speed high cost storage.
Storage Capabilities Select Gold-level. Click OK
Task 2: Configure resource pools

In this task, you will configure resource pools. This task should be done by student B, with student
A checking the settings.
1. In the left pane, click Home.
2. Click the Hosts and Clusters icon.
3. Select the vCloud-Resource-Cluster cluster.
4. From the Actions drop-down menu, select New Resource Pool.
5. When prompted by the vCloud-Resource-Cluster: New Resource Pool wizard, perform the
following actions.
Setting Action
Name Type High-Performance-Pool.
CPU Shares Select High.
CPU Reservation Type 3500 MHz
CPU Reservation type Keep the default of Expandable.
CPU Limit Keep the default of Unlimited.
Memory Shares Select High.
Memory Reservation Type 900 MB.
Memory Reservation type Keep the defauH of Expandable.
Memory Limit Keep the default of Unlimited.

6. Click OK.
7. From the Actions drop-down menu, select New Resource Pool.
8. When prompted by the vCloud-Resource-Cluster: New Resource Pool wizard, perform the
following actions.
Setting Action
Name Type Generic-Pool.
CPU Shares Keep the default of Normal.
CPU Reservation Keep the default of no reservation.
CPU Reservation type Keep the default of Expandable.
CPU Limit Keep the default of Unlimited.
Memory Shares Keep the default of Normal.
Memory Reservation Keep the default of no reservation.
Memory Reservation type Keep the default of Expandable.
Memory Limit Keep the default of Unlimited.
9. Click OK.
Task 3: Create the Generic provider vDC

In this task, you will confmn the network configuration of the vCloud Director server and
infrastructure. This task should be done by student A, with student B checking the settings.
1. In Internet Explorer, open a new browser tab and type the URL of the vCloud Director server:
2. Click the Continue to this Website (not recommended) link and log in to vCloud Director,
using the following credentials.
Password vrnwarel!

3. Click the Home tab.
4. Click 2 Create a Provider VDC.
5. When prompted by the Add Provider VDC wizard, perform the following actions.
Setting Action
Name this Provider VDC Type Generic .
Description Type Moderate performance provider

built with bronze-level storage and
no CPU or memory reserved.
Enabled Select the check box.
Highest supported hardware version Select Hardware Version 9. Click Next.
Select Resource Pool Click vCenterServer. Select the Generic-Pool

resource pool. Click Next.
Add Storage Select Bronze. Click Add. Click Next.
Do not click Finish until you have completed the

Prepare Hosts dialog box.
Prepare Hosts Select One credential for all hosts. Type root for
the root server name. Type vmwarel! for the
password. Click Next. Click Finish.
6. Click the Manage & Monitor tab.

7. Click Hosts in the left inventory panel.
8. When both hosts are enabled, ready, and available, go to task 4.

Task 4: Create the High-Performance provider vDC
In this task, you will confrrm the network configuration of the vCloud Director server and
infrastructure. This task should be done by student A, with student B checking the settings.
1. Click the Home tab.
2. Click 2 Create another Provider VDC.
3. When prompted by the Add Provider VDC wizard, perform the following actions.
Setting Action
Name tbis Provider VDC Type High-Performance.
Description Type High performance provider built

with gold and silver storage and
reserved CPU and memory.
Enabled Select the check box.
Highest supported hardware version Select Hardware Version 9. Click Next.
Select Resource Pool Click vCenterServer. Select the High

Performance-Pool resource pool. Click Next.
Add Storage Select Gold. Click Add. Select Silver. Click Add.
Click Next.
4. Click Finish.
Leave the vCloud Director console open for the next lab.

Lab 4
Organizations
Objective: Configure vCloud Director organizations

1. Create and configure the QA organization.

2. Create and configure the RD organization.


based console
Lab 4 Organizations 17
Task 1: Create and configure the QA organization

In this task, you will create the QA organization in vCloud Director. You will also allocate resources
to the organization, configure networking, and create a catalog. Student A will do this task. Student
B will check the settings.
This task has the following subtasks:
• Create the organization.
• Allocate resources to the organization.
• Configure organization networking.
• Add a catalog to the organization.
If you are not logged in to the vCloud Director console, open Internet Explorer and log in to the
vCloud Director server using the following infonnation.
URL http://vcd. vcd-ad.vclass.local
Password VDlwarel!
Create the organization

1. In the vCloud Director console, on the System> Home tab, click 5 Create a new
organization.
2. In the New Organization wizard, under Name this Organization. perfonn the following actions.
Setting Action
Organization name Type QA.
Organization full name Type Quality Assurance.
As you type the organization name, the organization's URL dynamically changes to show what
you are typing and finishes with http://vcd/cloud/orglQAI.
18 Lab 4 Organizations
3. Click Next.
4. Under LDAP options, leave Do not use LDAP selected and click Next.
5. Under Add Local Users, click the Add button.
6. In the New User wizard, perfonn the following actions.
Setting Action
User name Type qa_ admin.
Password Type vmwarell .
Confirm password Type VlIIwarell.
Enable Keep the default.
Role From the drop-down menu, select Organization Administrator.
Full name Type QA Administrator.
Email address Type qa_admin@Vcd-ad.vclass.local.
7. Click OK.
8. Click the Add button and perfonn the following actions to configure a second user.
Setting Action
User name Type qa_userl .
Confirm password Type vmwarell .
Role From the drop-down menu, select vApp Author.
Full name Type QA Userl.
Email address Type qa_ userl@Vcd-ad. vclass . local.
9. Click OK.
10. Click Next.
11. Under Catalog Publishing, select Allow publishing catalogs to aU organizations and click
Next.
12. Under Email Preferences.click Next.
13. Under Policies, perfonn the following actions.
Setting Action
vApp Leases: Click the first drop-down menu and select Never Expires.
Maximum runtime lease
vApp Leases: Click the first drop-down menu and select Never Expires.
Maximum storage lease
vApp template lease: Click the first drop-down menu and select Never Expires.
14. Click Next.

If the QA department did not want to ever stop running VMware vSphere® VAppTM, which
vApp lease setting would you select?
Allocate resources to the organization

1. In the vCloud Director console, on the Home tab, click 6 Allocate resources to an
organization.
2. In the New Organization VDC wizard, select QA and click Next.
3. Under Select Provider VDC, select High-Performance and click Next.
·H·Ii)
The percentage of available resources for each provider is displayed. External networks,
available to each provider virtual datacenter, appear after a provider vDC is selected.
4. Under Select Allocation Model, select Pay-As-You-Go and click Next.
5. Under Configure Pay-As-You-Go Model, keep all the default settings and click Next.
6. Under Allocate Storage, perform. the following actions.
Setting Action
Storage Profiles Select Gold and click Add. Select Silver and click Add.
Storage Limit For the Gold and Silver storage profiles, select the
Unlimited radio button.
Default instantiation profile From the drop-down menu, select Silver.
Enable thin provisioning Select the check box.
Enable fast provisioning Leave selected.
7. Click Next.
8. Under Select Network Pool & Services, select ORG-VLAN-Pool from the Network pool
drop-down menu.
9. In the Quota for this organization text box, type so.
10. Click Next.
11 . Under Configure Edge Gateway, select the Create a new edge gateway check box and
perform the following actions.
Setting Action
Edge Gateway name Type QA Ga teway.
Select an edge gateway configuration Select Compact.
Configure IP Settings Select the check box.
All other settings Leave unselected.
12. Click Next.

13. Under Configure External Networks, select Production and click Add.
14. At the bottom of the wizard page, select the Use default gateway for DNS Relay check box
and click Next.
15. Under Configure IP Settings, click the Change IP Assignment link.
16. In the Change IP Assignment wizard, select Manual from the 1P Assignment drop-down
menu.
17. In the 1P Assignment text box, type 172.20.11.200.
The manual address assigned to an organization edge gateway must be within the range
allocated in the external network. In this case, the IP address must be in the range
172.20.11.200-172.20.11.254.
18. Click OK to close the Change IP Assignment wizard.
19. Click Next.
20. Under Create Organization VDC Network, select the Create a network for tbis virtual
datacenter check box and perform the following actions.
Setting Action
Network name Type QA External.
Sbare tbis network witb otber VDCs Leave unselected.

in tbe organization
Gateway address Type 172 . 30 . 11. 1.
Network mask Type 255.255.255. O.
Use gateway DNS Leave selected.
Primary DNS Keep the default.
Secondary DNS Leave blank.
DNS suffix Type vcd- ad. vc1ass . local.
Static 1P pool Type 172 . 3 0 . 11. 100 - 172 . 3 0 . 11. 19 9 and

click Add.
21. Click Next.

22. Under Name tbis Organization VDC, type QA VDC in the Name text box.
23. Click Next.
24. Under Ready to Complete, click Finisb.
Configure organization networking
2. In the left pane, click Edge Gateways.
3. In the right pane, monitor the QA Gateway status. Wait until the status changes to Ready before
continuing.
4. Right-click QA Gateway and select Edge Gateway Services.
5. In the Configure Services: QA Gateway panel, under the DHCP tab, select the Enable DHCP
check box and click the Add button.
6. In the Add DHCP Pool panel, perform the following actions.
Setting Action
Enable pool Leave selected.
Applied on From the drop-down menu, select QA External.
IP range Type 172 . 30 . 11. 200 -172 • 30 . 11. 254.
Default least time Keep the default.
Max lease time Keep the default.
7. Click OK to close the Add DHCP Pool panel.

8. Click OK.
Add a catalog to the organization

1. Click the Home tab and click 7 Add a catalog to an organization.
2. In the New Catalog wizard, select QA and click Next.
3. Under Name this Catalog, type QA Catalog in the Name text box and click Next.
4. Under Publish this Catalog, select Publish to all organizations and click Next.
5. Under Ready to complete, click Finish.
Task 2: Create and configure the RD organization
In this task, you will create the RD organization in vCloud Director. You will also allocate resources
to the organization, configure networking and create a catalog. Student B will do this task. Student
A will check the settings.
• Create the organization.
• Allocate resources to the organization.
• Configure organization networking.
• Add a catalog to the organization.
Create the organization

1. In the vCloud Director console, on the System> Home tab, click 5 Create anotber
organization.
2. In the New Organization wizard, under Name tbis Organization, perform the following
actions.
Setting Action
Organization name Type RD.
Organization full name Type Research and Development.
As you type the organization name, the organization's URL dynamically changes to show what
you are typing and finishes with http://vcdlcloudiorgIRD/.
3. Click Next.
4. Under LDAP options, leave Do not use LDAP selected and click Next.
5. Under Add Local Users, click the Add button.
6. In the New User wizard, perform the following actions.
Setting Action
User name Type rd_ admin.
Setting Action
Confirm password Type vmwarel!.
Role From the drop-down menu, select Organization

Administrator.
Full name Type RD Administrator.
Email address Typerd_admin@Vcd-ad.vclass.local .
7. Click OK
8. Click the Add button and perform the following actions to configure a second user.
Setting Action
User name Type rd_ userl.
Password Type vmwarell.
Confirm password Type vmwarell .
Role From the drop-down menu, select vApp Author.
Full name Type RD Userl.
Email address Typerd_userl@Vcd-ad.vclass.local .
9. Click OK
10. Click Next.
11. Under Catalog Publishing, select Allow publishing catalogs to all organizations and click
Next.
12. Under Email Preferences.click Next.
13. Under Policies, perform the following actions.
Setting Action
vApp leases: From the first drop-down menu, select Never Expires.
Maximum runtime lease
vApp leases: From the first drop-down menu, select Never Expires.
vApp template lease: From the first drop-down menu, select Never Expires.
Limits Select the radio button to enable input. In the text box,
Number of resource intensive type 5.
operations per user
Number of resource intensive type 50 .
operations per organization
Number of simultaneous type 10.
connections per VM
14. Click Next.

Allocate resources to the organization

1. In the vCloud Director console, on the System> Home tab, click 6 AJlocate more resources to
an organization.
2. In the New Organization VDC wizard, select RD and click Next.
3. Under Select Provider VDC, select Generic and click Next.
4. Under Select AJlocation Model, select Pay-As-You-Go and click Next.
5. Under Configure Pay-As-You-Go Model, keep all the default settings and click Next.
6. Under Allocate Storage, perform the following actions.
Setting Action
Storage Profiles Select Bronze and click Add.
Storage Limit For the Bronze storage profile, select the Unlimited
radio button.
Default instantiation profile Keep the default.
Enable thin provisioning Select the check box.
Enable fast provisioning Leave selected.
7. Click Next.
8. Under Select Network Pool & Services, select ORG-VLAN-Pool from the Network pool
drop-down menu.
9. In the Quota for this organization text box, type 50 •
10. Click Next.

11. Under Configure Edge Gateway, select the Create a new edge gateway check box and
perform the following actions.
Setting Action
Edge Gateway name Type RD Ga teway.
Select an edge gateway configuration Select Compact.
Configure IP Settings Select the check box.
Configure Rate Limits Select the check box.
All other settings Leave unselected.
12. Click Next.

13. Under Configure External Networks, select Production and click Add.
14. At the bottom of the wizard page, select Use default gateway for DNS Relay and click Next.
15. Under Configure IP Settings, click the Change IP Assignment linle
16. In the Change IP Assignment wizard, select Manual from the IP Assignment drop-down
menu.
17. In the IP Assignment text box, type 172 .20 . 11. 201.
The manual address assigned to an organization edge gateway must be within the range
allocated in the external network. In this case, the IP address must be in the range
172.20.11.200-172.20.11.254.
18. Click OK to close the Change IP Assignment wizard.

19. Click Next.
20. Under Configure Rate Limits, select the Production network Enable check box.
21. In the Incoming Rate Limit text box, type 10.
22. In the Outgoing Rate Limit text box, type 10 .
23. Click Next.
24. Under Create Organization VDC Network, select the Create a network for this virtual
datacenter check box and perform the following actions.
Setting Action
Network name Type RD External.
Sbare this network with other Leave unselected.

VDCs in the organization
Gateway address Type 172 . 3 0 . 1. 1.
Network mask Type 2 5 5 . 2 55 . 2 55 . O.
DNS suffix Type vcd-ad. vclass . local.
Static IP pool Type 172.30.1.100-172.30.1.199 and click Add.
25. Click Next.
26. Under Name this Organization VDC, type RD VDC in the Name text box.
27. Click Next.
Configure organization networking

2. In the left pane, click Edge Gateways.
3. In the right pane, monitor the RD Gateway status. Wait until the status changes to Ready before
continuing.
4. Right-click RD Gateway and select Edge Gateway Services.
5. In the Configure Services: RD Gateway panel, under the DHCP tab, select the Enable DHCP
check box and click the Add button.
6. In the Add DnCp Pool panel, perform the following actions.
Setting Action
Enable pool Leave selected.
Applied on: From the drop-down menu, select RD External.
IP range Type 172 . 30 . 1. 200 -172 • 30 . 1. 254.
Default least time Keep the default.
Max lease time Keep the default.
7. Click OK to close the Add DHCP Pool panel.

8. Click OK
Add a catalog to the organization
1. Click the Home tab and click 7 Add a catalog to an organization.
2. In the New Catalog wizard, select RD and click Next.
3. Under Name this Catalog, type RD Catalog in the Name text box and click Next.
4. Under Publish this Catalog, select Publish to all organizations and click Next.
LabS
Creating VMware vCloud Director vApp
Templates
Objective: Create vCloud Director vApp templates

1. Install the Client Integration Plug-In.

2. Create a vApp template for the RD organization.
3. Create a vApp template for the QA organization.


based console
Lab 5 Creating VMware vCloud Director vApp Templates 31

Task 1: Install the Client Integration Plug-In

In this task, you will install the VMware Client Integration Plug-In. Student A will do this task.
Student B will check the settings.
1. If Internet Explorer is open, close it, including all tabs.
2. On the Control Center desktop, double-click the Web-Console shortcut and click the Continue
to tbis website (not recommended) linle
3. Scroll down to the bottom of the browser page and click the Download the Client Integration
Plug-in linle Do not log in to the vSphere Web Client console.
I . '
I
II
4. When prompted, click Run . You are prompted to click Run twice.
5. Close the Internet Explorer window and click Retry. AJI browser windows must be closed
before the plug-in can be installed.
VMWdre (hent Int~grdtlOn Plug In S.1.0 £J

dose the foIowIng browsers to proceed:
- Microsoft Internet Explorer
Cancel
6. In the VMware Client Integration Plug-in 5.1.0 installation wizard, click Next.
7. Under End-User License Agreement, click I accept the terms of the .Iicense agreement and
click Next.
8. Under Destination Folder, click Next.
9. Under Ready to Install tbe Plug-in, click Install.
32 Lab 5 Creating VMware vCloud Director vApp Templates

10. When the installation is complete, click Finisb.
11. On the ControlCenter desktop, double-click the Web-Console shortcut and click the Continue
to tbis website (not recommended) link.
12. At the top of the vSphere Web Client page, click the Plug-In message and select Run Add-on
on All Websites. When prompted, click Run.
~ \lSphere Web <lent
This website wants to run the following add-on: 'VMware Remote Console Plug-in' from 'VMware, Inc,',
13. If the Plug-In message appears again, repeat step 12.
Task 2: Create a vApp template for the RD organization

In this task, you will create a VMware vSphere® VAppTM template. Student B will do this task.
• Deploy an OVF template.
• Verify the deployed OVF template.
• Import the vSphere virtual machine as a vApp template.
Deploy an OVF template

1. Log in to the VMware vSphere® Web Client console using the following credentials.
User ID administrator
Password vmware 1!
2. In the left pane, select vCenter > Hosts and Clusters > vCloud Datacenter.

3. In the right pane, click the Actions drop-down menu and select Deploy OVF Template.
wcs.vcd-ad.~lassJocal Actions ...
.- .ct ions - ·/cs .vcd-a,:l .vclass .local

Summary Monitor
Top Le¥el Objects
4. When prompted to allow plug-in access to the local operating system, click AJlow.
(Iient Integration Access (ontrol EJ

This ste is using VMware Oent Intel7atm Plug-In. Do you want: to aIow t to access
YOU' operating system?
Protocol: https:
Hostname: webcliertsrv.vcd-ad.\
Port: 9443
P' IWflt.ts ask before aIowino this ste
The VMware Oert Int~atIon PIuo-In wII rIVe web appIcations and remote VMs access
to your operating system. Otiy aIow stes you trust.
5. In the Deploy OVF Template wizard, select Local file and click Browse.
6. In the Open file window, if necessary, go to My Documents > d o wn l o ads > v App s >
SU SE- VM.
7. Select the SUS E - VM. ovf file and click Open.

8. Click Next.
9. Under Review details, click Next.
10. Under Select name and folder, select vCloud Datacenter and click Next.

11. Under Select a resource, select vCloud-Resource-Cluster and click Next.
If you do not see the Select a resource step in the wizard, it is because you selected a different
starting point in the hierarchy specified in step 2. The Deploy OVF Template wizard options are
contextual to the selected node. Do not cancel the wizard. Continue with the lab. In step 18 you
will be asked to select the vCloud-Resource-Cluster cluster. You will likely find that the cluster
is already selected.
12. Under Select storage, select datastore1 .
13. From the Select virtual disk format drop-down menu, select Thin Provision.
("-liut·UI
You must select the datastore flfst and then select Thin Provisioning. Selection of a datastore
will reset the Select virtual disk format drop-down menu to Thick Provisioned Lazy Zeroed
each time. Because the classroom envirorunent has limited resources, Thin Provisioning must
be selected. If you accidentally select Thick Provisioning, you will run out of storage resources
before being able to complete labs.
14. Click Next.
15. Under Setup networks, keep the default destination network ofVM Network and click Next.
17. Monitor the task status in the Recent Tasks pane. Wait for the OVF deployment to complete
before continuing.
18. In the left pane, select vCloud-Resource-Cluster.
19. In the right pane, click the Related Objects tab.
20. Click the Top Level Objects tab.
Verify the deployed OVF template

1. In the Top Level Objects list, select SUSE-VM and click the Power on icon.
~ .~ ~ I - Actions ...
NarTl~ .-· r " I r.. _. Ii
Power on the selected virtual m.3 chines.

All 0 ca mt:lr-T'mn'-"~,.",,,,,",,~~-----..,,..,""-
Allocated_Generic o
an vPic_SUSE_ l 1_JeOS i686-0.0 1 o

2. Monitor the power-on operation in the Recent Tasks pane. Wait until the virtual machine has
powered on before continuing.
3. Click the Open Virtual Machine Console icon.
I ,. ,A,ction s ....
~
Nam' r- r-, 1 r r . _ --I
Opens a virtual machine console in a

separate window
Allocated_Generic o
o
4. If Internet Explorer displays a Pop-Up Blocked warning message, perfonn the following
actions:
"Sphere Web Client )(J

~ Pop-up blocked. To see this pop-up or additional options click here. , .
a . Right-click the Pop-Up Blocked message and select AJways AJlow Pop-ups from This
Site.
b. When prompted, click Yes.
c. If prompted to display the Web page again, click Retry.
d. If the console window does not open, select SUSE-VM again and click the Open Virtual
Machine Console icon.
5. In the virtual machine console window, click the Continue to this website (not recommended)
link.
6 . When the virtual machine has fmished booting, log in using the following credentials.
User ID root
Password vmwarel!

7. Close the Popout Console window:
a. Pres Ctrl+Alt to release the pointer.
b. Close the remote console window.
8. In the vSphere Web Client console, click the Shut down icon.
9. When prompted, click Yes.
Import the vSphere virtual machine as a vApp template

1. In Internet Explorer, open a new tab and type the URL of the vCloud Director server:
http : //vcd.vcd-ad.vclass.local
Password vrnwarel!

4. At the top of the left pane, click Organizations.
5. In the right pane, right-click RD and select Open.
6. On the Research and Development Home page, click the Catalogs tab.
7. In the right pane, click the vApp Templates tab and click the Import from vSphere icon.
Catalogs I vApp Templates 1'--M_8_d_ia_ _ __
~
/-lam"!
1.1 ~___o___
Imp_rt fr-o--s-
m v-p-h--e_
e r- .._. lish ... I_I

8. In the Import YM as a vApp Template wizard, perform the following actions.
Setting Action
vCenter Keep the default vCenterServer.
VM Select SUSE_VM.
vApp name Type SUSE-Base.
Description Type Base SUSE Installation.
Virtual Keep the default of RD vnc.

datacenter
Storage profile Keep the default of Bronze.
Catalog Keep the default ofRD Catalog.
Copy or move Select Move VM.
Gold Master Keep the default of No.
9. Click OK.
10. Monitor the SUSE-Base status. Wait until the status changes to Ready before continuing. The
import operation will take a few minutes to complete.
Task 3: Create a vApp template for the QA organization

In this task, you will create a vCloud Director vApp template. Student A will do this task. Student B
will check the settings.
1. In the vCloud Director console, click the System tab.

3. In the left pane, click Organizations.
4. In the right pane, right-click QA and select Open.
5. On the Quality Assurance Home tab, click the Catalogs tab.

6. In the right pane, click the vApp Templates tab and click the Upload icon.
I vApp Templates , Media

r
I \ ~ O.
Statr
Upload ...
7. If prompted with a security warning, select the Always trust content from this publisher
check box, click Yes, and click Run.
The web site's certificate cannot be verified. Do you

want to continue?
8. In the Upload OVF package as a vApp Template panel, click Browse.

9. In the Open file window, go to My Document s > downloads> vApps > win2k3 - VM.
10. Select the Win2k3 - VM. ovf file and click Upload.
11. In the Name text box, type Win2k3 -Base.
12. In the Description text box, type Base W2k3 Installation.
13. From the Storage profile drop-down menu, select Silver.
14. Click Upload.
15. Whenever you are prompted to accept an untrusted certificate, click Yes. You will be asked
multiple times to accept the certificate.
The first certificate warning might appear under the Transfer Progress window.

16. Monitor the running status of the upload using the Transfer Progress window. If the Transfer
Progress window has not opened, click the gear icon and select Launch Uploads and
Downloads Progress Window.
vApp Templates It-M_8_d_i8_ _ _ _._ _ _ _ _ _ _ _ _ _ _ _ _ __
L l I ..
Actions: No Selections
Gold Mas.
Upload
Imp( Imp ort from vSphere .
1% :::J Launerl Uploads and [Io"vvnloads Progress \"'\.lindol./Il
Uploading OVF packages directly into vCloud Director enables various types of organization
users to import vApp templates without the assistance of a system administrator to deploy an
OVF template in vSphere.
17. When the transfer is complete, close the Transfer Progress window.
Vl/in2k3-vApp- Template 100 <;,,:' 0 Succeeded
file :!C :/Documents and Settinl;Js/Admlnistrator.CONTROLCENTER / ~·1y

Docu m ents/d ownloa ds/v Apps/Win2K3 -'oJr.l/'vVin2K3 - \i M ,0 vf
Complete
18. Monitor the Win2k3-Base status. Wait until the status changes to Ready before continuing.
Remain logged in to the vCloud Director console for the next lab.

Lab 6
Building and Publishing VMware vCloud
Director vApps
Objective: Build and publish vCloud Director vApps

1. Build and publish a vApp for the RD organization.

2. Build and publish a vApp for the QA organization.

URL to the VMware® vCenter Server™ Web- https:llvcs.vcd-ad.vclass.local:9443/

based console
URL to the VMware vCloud Director® http://vcd.vcd-ad.vclass.locai
Lab 6 Building and Publishing VMware vCloud Director vApps 41

Task 1: Build and publish a vApp for the RD organization

In this task, you will build a vCloud Director vApp. Student B will do this task. Student A will
check the settings. The vApp will consist of virtual machine templates taken from both the QA and
the RD catalogs.
1. If you are not logged in to the vCloud Director console, open Internet Explorer and log in to the
vCloud Director server using the following information.
URL http://vcd.vcd-ad.vclass.local
Password vmwarel!

4. In the left pane, select Organizations.
6. Click the My Cloud tab.
7. In the left pane, click vApps.
8. In the right pane, click the Build New vApp icon.
~ vApps
+
Build New' vApp .. .
42 Lab 6 Building and Publishing VMware vCloud Director vApps

9. In the New vApp wizard, under Name this vApp, perform the following actions.
Setting Action
Name Type RD-vAppl.
Description Type Web Development App.
Runtime lease Use the drop-down menus to select a lease of 14 days
Storage lease Use the drop-down menus to select a lease of 30 days.
10. Click Next.

11. Under Add Virtual Machines, select My Organization's catalogs from the Look in drop
down menu.
12. In the vApp template list, select SUSE-Base and click the Add button.
13. From the Look in drop-down menu, select Public catalogs.
14. In the vApp template list, select Win2k3-Base and click the Add button.
15. Click Next.
16. Under Configure Resources, use the following table to change the virtual machine names.
Original name New name

SUSE-Base RDl-SUSE-A
Win2k3-Base RDI-Win2k3-A
17. Leave the Bronze storage profile selected for each virtual machine and click Next.
18. Under Configure Virtual Machines, use the following table to change the Computer Name
for each virtual machine.
Virtual machine Computer name

RDl-SUSE-A RDI-VMl
RDI-Win2k3-A RDI-VM2

19. For the RDI-SUSE-A virtual machine, select Add Network from the Network drop-down
menu.
20. In the New vApp Network wizard, under Network specification, perform the following
actions.
Setting Action
Gateway address Type 172 • 3 0 . 11 0 . 1.
Network mask Keep the default.
Primary DNS Type 172.30.1.1.
DNS suffix Type vcd-ad. vc1ass . local.
Static IP pool Select the existing IP range and change it to 172.30.110.100

172.30.110.199 . Click the Modify button.
21 . Click Next.
22. Under General, type RD1-Loca1 in the Network name text box and click Next.
23. Click Finish.
24. For the RDI-Win2k3-A virtual machine, select RDl-Local from the Network drop-down
menu.
25. For both virtual machines, select DHCP from the IP assignment drop-down menu.
26. Click Next.
27. Under Configure Networking, for the RDI-Local network, select RD-External from the
Connection drop-down menu.
28. Click Next.
30. Monitor the RD-vAppl status. Wait until the status changes to Stopped before continuing.
31 . Right-click RD-v Appl and select Open.
32. In the right pane, click the vApp Diagram tab.

33. Scroll down so that all networks are visible. You will see both virtual machines of the vApp
connected to RDI-Local, which connects to RD-External.
RD1·SUSE-A RD1 -Win2kl-A

J
C ( ~ J
.! RD1·LoclIl
- -- ----
RDExternal
34. Click the Networking tab.

35. Right-click RDl-Local and select Configure Services.
36. In the Configure Services wizard, on the nHCP tab, select the Enable nHCP check box.
37. In the IP range text box, type 172.30.110.200-172.30.110.254.
38. Click the NAT tab.
39. From the NAT type drop-down menu, select Port Forwarding.
Changing the NAT type to port forwarding with IP masquerading enabled provides a many-to
one NAT configuration.
41 . Click OK
42. Under the networks list, click Apply. Wait for the configuration change to complete before
continuing.
44. In the right pane, right-click RD-vAppl and select Add to Catalog.

45. In the Add to Catalog wizard, perform the following actions.
Setting Action
Name Keep the default name.
Description Type Web Development App.
All other settings Keep the default.
46. Click OK
47. Monitor the RD-vAppl status. Wait until the status changes to Stopped before continuing.
Task 2: Build and publish a vApp for the QA organization

In this task, you will build a vCloud Director vApp. Student A will do this task. Student B will
check the settings.
00 vApps
+
Build [\Jew v.Cl.pp ...

8. In the New vApp wizard, perfonn the following actions.
Setting Action
Name Type QA-vAppl.
Description Type Testing App.
Runtime lease Use the drop-down menus to select a lease of 14 days.
Storage lease Use the drop-down menus to select a lease of 30 days.
9. Click Next.
10. Under Add Virtual Machines, select Win2k3-Base and click the Add button.
11 . Click Next.
12. Under Configure Resources, use the following table to change the virtual machine names.

Win2k3-Base QAI-Win2k3-A
13. From the Storage Profile drop-down menu, select Silver.

14. Click Next.
15. Under Configure Virtual Machines, change the Computer Name for each virtual machine
using the following table.

QA 1-Win2k3-A QAI-VMI
16. For the QAI-Win2k3-A virtual machine, select Add Network from the Network drop-down
menu.

17. In the New vApp Network wizard, under Network specification, perform the following
actions.
Setting Action
Gateway address Type 172 . 30 . 210 . 1.
Primary DNS Type 172.30.11.1.
DNS suffIX Type vcd- ad. vc lass. local.
Static IP pool Select the existing IF range change the IF range to

172.30.210.100-172.30.210.199. Click the Modify button.
18. Click Next.

19. Dnder General, type QA1-Local in the Network name text box and click Next.
20. Click Finisb.
21. From the IP assignment drop-down menu, select DHCP.
22. Click Next.
23. Dnder Configure Networking, select QA-External from the Connection drop-down menu.
24. Click Next.
25. Dnder Ready to Complete, click Finisb.
26. Monitor the QA-vAppl status. Wait until the status changes to Stopped before continuing.
27. Right-click QA-vAppl and select Open.
28. In the right pane, click the vApp Diagram tab.

29. Scroll down so that all networks are visible. You will see the virtual machines of the vApp
connected to QAl-Local, which connects to QA-External.
QA1-Wln2k3-A
.f. OA1-Local
OAExternal

31 . Right-click the QAl-Local network and select Configure Services.
32. In the Configure Services wizard, on the nHCP tab, select the Enable nHCP check box.
33. In the IF range text box, type 172.30.210.200-172.30.210.254.
34. Click the N AT tab.
37. Click OK.
38. Under the networks list, click Apply. Wait for the configuration update to complete before
continuing.
40. In the right pane, right-click QA-vAppl and select Add to Catalog.

41. In the Add to Catalog wizard, perform the following actions.
Setting Action
Name Keep the default name.
Description Type Testing App.
Virtual datacenter Keep the default.
Storage profile Select Silver.
Catalog Keep the default.
Storage lease Keep the default.
When using this template Select Make identical copy.
42 . Click OK
43. Monitor the vApp status. Wait until the status changes to Stopped before continuing.

Lab 7
Deploying VMware vCloud Director
vApps
Objective: Deploy vCloud Director vApps

1. Deploy vApps for the RD organization.

2. Deploy vApps for the QA organization.

URL to the VMware® vCenter Server™ Web- https:llvcs.vcd-ad.vc\ass.JocaJ :9443/

based console
URL to the VMware vCloud Director®
-----------------------------------------
http ://vcd.vcd-ad.vc\ass.local
vCloud Director administrator password vmware 1!
Lab 7 Deploying VMware vCloud Director vApps 51

As you perform this lab, notice differences when adding the copied VMware vSphere® VAppSTM to
your respective My Cloud containers. One vApp was published with customization specified.
Another was published with the identical copy option selected. As these vApps are copied to
different catalogs and then added to a My Cloud container, the configuration options available and
the steps necessary are significantly different.
Task 1: Deploy vApps for the RD organization

In this task, you will copy a vApp published by a different organization and then configure and run
your vApps. In your vCloud Director environment, the RD and QA organizations share catalogs and
vApps. The RD organization will have two vApps deployed: one created by the RD organization
and the other created by the QA organization.
Although you can deploy to your My Cloud folder a vApp published in a public catalog, this task
will guide you through copying the vApp to your own catalog before deployment.
Student B will do this task. Student A will check the settings.
• Copy a vApp from the QA organization.
• Configure and run the vApps.
Copy a vApp from the QA organization

URL http://vcd. vcd-ad. vclass.local
Password vmwarel!

52 Lab 7 Deploying VMware vCloud Director vApps

6. Click the Catalogs tab.
7. In the left pane, select Public Catalogs.
8. In the right pane, click the Catalogs subtab.
9. Right-click QA Catalog and select Open.
10. On the vApp Templates tab, right-click QA-vAppl and select Copy to Catalog.
11. In the Copy: QA-vAppl wizard, perform the following actions.
Setting Action
Name Type vApp-From-QA.
12. Click OK
13. In the left pane, select My Organization's Catalogs.
14. In the right pane, monitor the vApp-From-QA status. Wait until the status changes to Ready
before continuing.
15. Right-click vApp-From-QA and select Add to My Cloud.
16. In the Add to My Cloud wizard, perform the following actions.
Setting Action
Name Type RD-vApp2.
17. Click OK
20. In the right pane, monitor the RD-vApp2 status. Wait until the status changes to Stopped before
continuing.
21. Right-click RD-vApp2 and select Open.

22. Click the vApp Diagram tab and scroll down so that all networks are visible.
The vApp diagram shows that the virtual machine is connected to the vAppNet-QAI-Local
network. The vAppNet-QA I-Local network does not connect to the organization network
because the vApp must be updated for the current organization topology.

24. For the vAppNet-QA I-Local network, select RD-External from the Connection drop-down
menu.
25. Right-click the vAppNet-QAl-Local network and select Properties.
26. In the Network Properties panel, click the General tab.
27. In the Network name text box, type RD2-Local.
28. Click the Network Specification tab.
29. In the Primary DNS text box, change the IP address to the RD external network gateway by
typing 172 . 30 . 1. l.
30. Click OK.
31 . When you see a Reconfigure DHCP service message, read the message and click OK.
32. Right-click the Rd2-Local network and select Configure Services.
33. In the Configure Services panel, on the DHCP tab, select the Enable DHCP check box.
34. In the IP Range text box, type 172.30.210.200-172.30.210.254 .
38. Click OK
39. Under the networks list, click Apply. Wait for the configuration change to complete before
continuing.
40. Click the vApp Diagram tab and scroll down so that all networks are visible. The RD2-Local
network is connected to the RD External organization network.
Configure and run the vApps

1. In the left pane, click v Apps.
2. In the right pane, right-click RD-vAppl and select Open.
3. Click the Virtual Machines tab.

4. Right-click the RDI-SUSE-A virtual machine and select Properties.
5. In the Virtual Machine Properties panel, click the Guest OS Customization tab.
6. Select the Enable guest customization check box.
7. Select the Allow local administrator password check box and select Specify password.
8. In the Specify password text box, type vmwarel ! .
9. Click OK.
10. In the virtual machines list, right-click RDl-Win2k3-A and select Properties.
13. Select the Change SID check box.
15. In the Specify password text box, type vmwarell .
16. Click OK. Wait for the configuration update to complete before continuing.
18. In the right pane, right-click RD-vAppl and select Start.
19. Right-click RD-v App2 and select Open.
21. Right-click the QAI-Win2k3-A virtual machine and select Properties.
26. In the Specify password text box, type vmwarell .
27. Click OK. Wait for the configuration update to complete before continuing.
29. In the right pane, right-click RD-vApp2 and select Add to Catalog.
30. In the Add to Catalog wizard, select Make identical copy and click OK.
31 . After the RD-vApp2 status changes to Stopped, right-click RD-vApp2 and select Start.
32. When the status for both vApps changes to Running, continue with the lab.

Task 2: Deploy vApps for the QA organization
In this task, you will copy a v App published by a different organization and then configure and run
your vApps. In your vCloud Director environment, the RD and QA organizations share catalogs and
vApps. The QA organization will have two vApps deployed: one created by the RD organization
and the other created by the QA organization.
Although you can deploy to your My Cloud folder a vApp published in a public catalog, this task
will guide you through copying the vApp to your own catalog before deployment.
Student A will do this task. Student B will check the settings.

• Copy a vApp from the RD organization.
• Configure and run the vApps.
Copy a vApp from the RD organization

6. In the left pane, click Public Catalogs.
7. In the right pane, click the Catalogs subtab.
8. Right-click RD Catalog and select open.
9. On the vApp Templates tab, right-click RD-vAppl and select Copy to Catalog.
10. In the Copy: RD-vAppl panel, perform the following actions.
Setting Action
Name Type vApp-From-RD.
Storage profile Select Silver.

11. Click OK
12. In the left pane, at the top, select My Organization's Catalogs.
13. In the right pane, monitor the vApp-From-RD status. Wait until the status changes to Ready
before continuing.
14. Right-click vApp-From-RD and select Add to My Cloud.
15. In the Add to My Cloud wizard, type QA-vApp2 in the Name text box.
16. Click Next.
17. Under Configure Resources, change the virtual machine names using the following table.

RD 1-Win2k3-A QA2-Win2k3-A
RD1-SUSE-A QA2-SUSE-A
18. For each virtual machine, select Silver from the Storage profile drop-down menu.
19. Click Next.
20. Under Configure Networking, change the computer names using the following table.

QA2-SUSE-A QA2-VM1
QA2-Win2k3-A QA2-VM2
21 . For the QA2-Win2k3-A virtual machine, select Add Network from the NIC 0 drop-down
menu.

22. In the New vApp Network wizard, under Network Specification, perform the following
actions.
Setting Action
Gateway address Type 172.30.220.1.
Primary DNS Type 17 2 . 3 0 . 11 . 1.
DNS suffIX Type vcd-ad. vclass . local.
Static IP pool Select the existing IP range and change

it to 172 .30.220.100
172.30.220.199. Click the Modify
button.
23. Click Next.

24. Under General, type QA2 -Local in the Network name text box.
25. Click Next.
27. For the QA2-SUSE-A virtual machine, select QA2-Local from the NIC 0 drop-down menu.
28. Click Next.
29. Click Finisb.
32. In the right pane, monitor the QA-vApp2 status. Wait until the status changes to Stopped before
continuing.
33. Right-click QA-v App2 and select Open.
34. Click the vApp Diagram tab and scroll down so that all networks are visible.
The vApp diagram shows that the virtual machines are connected to the QA2-Local network.
The QA2-Local network does not connect to an organization network.

36. For the QA2-Local network, select QA External from the Connection drop-down menu.
37. Right-click the QA2-Local network and select Configure Services.
38. In the Configure Services panel, on the DHCP tab, select the Enable DHCP check box.
39. In the IP Range text box, type 172.30.220.200-172.30.220.254.
41. From the N AT type drop-down menu, select Port Forwarding.
43. Click OK.
44. Below the networks list, click Apply. Wait for the configuration change to complete before
continuing.
45. Click the v App Diagram tab and scroll down so that all networks are visible.
The QA2-Local network is connected to the QA External organization network.
Configure and run the vApps

2. In the right pane, right-click QA-vAppl and select Open.
4. Right-click the QAI-Win2k3-A virtual machine and select Properties.
9. In the Specify password text box, type vmware1 ! .
10. Click OK
12. In the right pane, right-click QA-vAppl and select Start.
13. Right-click QA-vApp2 and select Open.
15. Right-click the QA2-SUSE-A virtual machine and select Properties.

18. Select the AJlow local administrator password check box and select Specify password.
19. In the Specify password text box, type vmwarell.
20. Click OK
21 . Right-click the QAl-Win2k3-A virtual machine and select Properties.
25. Select the AJlow local administrator password check box and select Specify password.
26. In the Specify password text box, type vmwarell.
27. Click OK
29. In the right pane, right-click QA-vApp2 and select Add to Catalog.
30. In the Add to Catalog wizard, select Silver from the Storage profile drop-down menu.
31 . Select Make identical copy and click OK
32. After the QA-vApp2 status changes to Stopped, right-click QA-vApp2 and select Start.
Wait until all vApps in the RD and QA organizations have started before continuing to the next lab.

Lab 8
VMware vSphere vApp Networking
Objective: Verify vApp network connectivity

1. Verify vApp networking for the RD organization.

2. Verify vApp networking for the QA organization.

URL to the VMware® vCenter Server™ Web- https:llvcs.vcd-ad.vclass.local:9443/

based console
vCenter Server administrator password vrnwarel!
vCloud Director administrator password vrnwarel!
Perform this lab as teams of two students. Each team will manage a VMware® cloud. Students win
turns so that both students in the team gain experience with the command and the VI.
Lab 8 VMware vSphere vApp Networking 61

Task 1: Verify vApp networking for the RD organization
In this task, you will test basic VMware vSphere® VAppTM network connectivity. This task will be
done using the organization administrator account. Student B will do this task. Student A will check
the settings.
1. In Internet Explorer, open a new browser tab and log in to the RD administrator console using
the following information.
URL http://vcd. vcd-ad.vclass.locallcloudlorg/RD
Username rd admin
Password vmwarel!
2. In the RD administrator console, click the My Cloud tab.

4. In the right pane, right-click RD-vAppl and select Open.s
6. Right-click the RDI-Win2k3-A virtual machine and select Popout Console.
7. When the virtual machine login screen appears, expand the Popout Console window so that the
scroll bars disappear.
8. In the Popout Console window, click the keyboard icon in the upper-right comer.
9. Log in to the virtual machine, using the following credentials.
Login administrator
Password vmwarel!
10. On the virtual machine desktop, double-click the Command Prompt shortcut.
62 Lab 8 VMware vSphere vApp Networking

11. In the Command Prompt window, try to ping the RD gateway by typing ping 172.30.1.1.
The ping command will not receive a response.
12. Press Ctrl+C to stop the ping command.
13. Examine the virtual machine IP settings by typing ipconfig.
The virtual machine has a DHCP-assigned IP address in the range of 172.30.110.200
172.30.110.254, with a default gateway of 172.30.110.1.
14. Try to ping the local network gateway by typing ping 172.30. 11 0 . 1. The ping command
will not receive a response.
The local gateway at 172.30.110.1 is attached to the same subnet as the virtual machine. What
might be interfering with network traffic in this context?
16. Mi.n.imize the Popout Console window.

17. In the RD administrator console, click the Networking tab.
18. Right-click RDl-Local and select Configure Services.
19. In the Configure Services wizard, click the NAT tab. Record the router external IP address.
Router e:r..ternallP 172.30.1.1 DO
~ Enable IP Masquerade
Router external address: _ _ _ _ _ _ _ _ _ _ _ __
20. Click the Firewall tab, deselect the Enable firewall check box, and click OK.
21. Click Apply. Wait for the configuration update to complete.
22. Go to the Pop out Console window.
23. In the Command Prompt window, try to ping the local gateway by typing ping
172.30.110.1.
The ping command will receive a response. The gateway firewall device was blocking the
ping response.

24. Try to ping the public interface of the local gateway by typing ping 172.30.1.100.
Substitute the IF address that you recorded in step 19 if different.
The ping command will receive a response, indicating that traffic is being routed through the
local gateway.
25. Try to ping the RD organization gateway by typing ping 172.30.1.1. The ping command
will not receive a response.
The IF address of the RD organization gateway is 172.30.1.1, which is on the same subnet as
the external interface of the RDI-Local gateway. You can ping the external interface of the
RDI-Local gateway but not the IF address of the organization gateway. What might the root
cause be?
27. Minimize the Popout Console window.
28. In the RD administrator console, click the Administration tab.

29. In the left pane, select Virtual Datacenters.
30. In the right pane, right-click RD VDC and select Open.
31. Click the Org VDC Networks tab.
32. Right-click the RD External network and select Configure Services.
33. In the Configure Services wizard, click the Firewall tab.
34 . Deselect the Enable Firewall check box and click OK.
35. Switch to the Popout Console window.

36. In the Command Prompt window, ping the organization gateway by typing ping
172.30.1.1.
The ping command will receive a response because the gateway fIrewall is no longer blocking
traffic. You might need to wait a few moments for the gateway to reconfigure and allow traffic
to pass.
37. Close the Popout Console window.

38. Close the RD administrator console tab.

Task 2: Verify vApp networking for the QA organization
In this task, you will configure firewall rules and test vApp network connectivity. Ibis task will be
done using the organization administrator account. Student A will do this task. Student B will check
the settings. Because basic troubleshooting was performed in task 1, you will configure the
necessary ftrewall settings before testing.
1. In Internet Explorer, open a new browser tab and log in to the QA administrator console using
the following information.
URL http://vcd.vcd-ad.vclass.local/cloudlorg/QA
Username
Password vmwarel!
2. In the QA administrator console, click the My Cloud tab.

6. Right-click the QAl-Local network and select Configure Services.
7. In the Configure Services panel, click the Firewall tab.
8. Click Add.
9. In the Add Firewall Rule wizard, perform the following actions.
Setting Action
Name Type Ping.
Source Type any.
Destination Type any.
Protocol Select ICMP.
10. Click OK to complete the Add Firewall Rule wizard.

11 . Click OK to close the Configure Services panel.
12. Click Apply. Wait for the configuration update to complete before continuing.
13. Click the Administration tab.
15. In the right pane, right-click QA VDC and select Open.
17. Right-click the QA External network and select Configure Services.
19. Click Add.
20. In the Add Firewall Rule wizard, perform the following actions.
Setting Action
Name Type Ping.
Source Type any.
Protocol Select ICMP.

22. Click OK to close the Configure Services panel.
23. Right-click the QA External network and select IP Allocations.
24. In the IP Allocations list, fmd the IP address allocated to QA-vAppl and answer the following
question.
What is the IP address assigned to QA vAppl? _ _ _ _ _ _ _ _ _ _ _ __

25. Click Cancel.
27. In the right pane, click the Virtual Machines tab.
28. Right-click the QAI-Win2k3-A virtual machine and select Popout Console.

29. When the virtual machine log in screen appears, expand the Popout Console window so that the
scroll bars disappear.
30. In the Popout Console window, click the keyboard icon in the upper-right comer.
31. Log in to the virtual machine, using the following credentials.
Login administrator
Password vmwarel!
32. On the virtual machine desktop, double-click the Command Prompt shortcut.
33. In the Command Prompt window, run the following commands.
Command Description
ping 172 . 30.210.1 The local network gateway
ping 172.30 . 11.100 The IP address assigned to QA-vAppl. Replace the IP address
with the value that recorded in step 24.
ping 172.30.11 . 1 The private IP of the organization network gateway
Each ping command should receive a response. If any command fails to receive a response,
repeat steps 5-32 steps to verify ftrewall and network configurations.
34. Close the Popout Console window.

35. Close the QA administrator console tab.
lab 8 VMware vSphere vApp Networking 67

Lab 9
Hosting Inbound Services
Objective: Configure vApps and networks for hosting

inbound services
1. Host a service for the RD organization.

2. Host a service for the QA organization.


based console
URL to the VMware vCloud Director® http://vcd.vcd-ad.vclass.local
vCloud Director administrator password vrnwarel!
Lab 9 Hosting Inbound Services 69

most tasks will be done by one student while the other student checks the work . Students will take
Task 1: Host a service for the RD organization

In this task, you will add a direct-connect organization network through which a VMware vSphere®
VAppTM can be reached from external IP addresses without the need to defme static routes or one-to
one NAT mappings. Student B will do this task. Student A will check the settings.
1, If you are not logged in to the vCloud Director console, open Internet Explorer and log in to the
Password vmwarel!
2, In the vCloud Director console, click the System tab.

3, Click the Manage & Monitor tab.
4, In the left pane, select Organization VDCs.

5. In the right pane, right-click RD VDC and select Open.
6, Click the Org VDC Networks tab.
7, Click the Add Network icon, which appears as a green plus (+) sign.
8, In the New Organization VDC Network wizard, select Connect directly to an external
network.
g, Select Production and click Next.
10, Under Name this Organization vDC Network, type RD Services Network in the Name
text box.
11, ClickNext.
12. Click Finish.
70 Lab 9 Hosting Inbound Services

13. In Internet Explorer, open a new tab and log in as the RD organization administrator using the
following information.
URL ht1p:llvcd.vcd-ad.vclass.local/cloudlorg/RD
Username rd admin
Password vmwarel!
14. In the RD administrator console, click the My Cloud tab.

~ vApps
-+-~- o
Build New vApp ...
17. In the New vApp wizard, under Name this vApp, perform the following actions.
Setting Action
Name Type RD- Services .
Description Type External Services App.
Runtime lease Keep Never Expires.
Storage lease Keep Never Expires.
18. Click Next.

19. Under Add Virtual Machines, select the SUSE-Base virtual machine and click Add. You
might need to use the scroll bar or page controls to fmd the SUSE-Base entry.
20. Click Next.
21 . Under Configure Resources, change the virtual machine name to RDS-SUSE-A.
22. Click Next.

23. Under Configure Virtual Machines, change the computer name to RDS-VM1 .
24. Keep the Bronze storage profile.
25. From the Network drop-down menu, select RD Services Network.
26. Keep the IP assignment of Static - IP Pool and click Next.
27. Under Configure networking, select the Fence vApp check box.
28. Deselect the Firewall check box.
29. Select the Retain IPlMac Resources check box in the far-right column.
30. Click Next.
32. When the RD-Services vApp status changes to Stopped, right-click RD-Services and select
Start.
33. Right-click RD-Services and select Open.
35. When the RDS-SUSE-A virtual machine status changes to Powered On, view the External IP
column and record the address assigned to the virtual machine:
36. Right-click the RDS-SUSE-A virtual machine and select Popout Console.
37. If necessary, click the Continue to this website (not recommended) link.
,a·iii
The virtual machine will reboot because of guest customization steps taken by vCloud Director.
38. Wait for the virtual machine to start and reboot. This process might take a few minutes. You
will experience a noticeable delay before the reboot occurs, while the SUSE login prompt
continues to be displayed.
39. When the virtual machine has rebooted and you are prompted to log in, close the Popout
Console window.
40. Minimize the Internet Explorer window.
41. On the ControlCenter desktop, double-click the Putty shortcut.
42. In the PuTIY window, type the external IP address of the RDS-SUSE-A virtual machine that
you recorded in step 32 and click Open.
43. When prompted, click Yes to confmn the PuITY security alert.

44. Log in to the virtual machine with a user name of root and password ofvmwarel! .
45. Close the PunY window.
46. Close the RD administrator console tab.
Task 2: Host a service for the QA organization

In this task, the system administrator will add an organization network through which a vApp can be
reached from external IP addresses using NAT IP Translation. Student A will do this task. Student B
1. In Internet Explorer, click the system administrator console tab and log in using the following
credentials.
Username Administrator
Password vmwarel!
Only the System Administrator role can create suballocated IP pools on organization gateways.

4. In the left pane, select Edge Gateways.
5. In the right pane, right-click QA Gateway and select Properties.
6. In the Edge Gateway Properties panel, click the Sub-Allocate IP Pools tab.
7. Select Production.
8. In the IP range text box, type 172.20.11. 240 -172.20.11. 24 9 and click Add.
9. ClickOK
10. In Internet Explorer, open a new tab and log in to the QA administrator console using the
URL http://vcd.vcd-ad.vclass.local/c1oud/orglQA
Username
Password vmwarel!

11. In the QA administrator console, click the Administration tab.
13. In the right pane, right-click QA VDC and select Open.
15. Click the gear icon and select Add Network.
16. In the New Organization VDC Network wizard, select Create a routed network by
connecting to an existing edge gateway.
17. Select QA Gateway and click Next.
18. Under Configure network, perfonn the following actions.
Setting Action
Gateway address Type 172.30.100.1.
Network mask Type 255.255.255. O.
DNS Suffix Type vcd-ad. vclass . local.
Static IP Pool Type 172.30.100 . 130-172.30.100.139 and click Add.
19. Click Next.

20. Under Name this Organization vDC Network, type QA Services Network in the Name
text box.
21. Click Next.
23. When the QA Services Network status changes to a green check mark, right-click the network
and select Configure Services.
The suballocated IP range provided by the system administrator is used in the services network
NAT configuration to expose internal virtual machines to the production network.

25. Click the Add button.
26. In the Add Firewall Rule wizard, perfonn the following actions.
Setting Action
Name Type Any TCP.
Source Type any.

29. Click the Add DNAT button.
30. In the Add Destination NAT Rule wizard, perfonn the following steps.
Setting Action
Applied on Select Production.
Original (External) IP/range Type 172 .20 • 11 .24 O.
Protocol Select Any.
Translated (internal) IP/range Type 172.30.100.140.
31. Click OK to complete the Add Destination Nat Rule wizard.

32. Click OK to close the Configure Services panel.

88 vApps
+ o
Build (\Jew vApp ...
36. In the New vApp wizard, under Name tbis vApp, perform the following actions.
Setting Action
Name Type QA- Services.
Description Type External Services App.
Runtime lease Keep Never Expires.
Storage lease Keep Never Expires.
37. Click Next.
38. Under Add Virtual Macbines, select Public Catalogs from the Look In drop-down menu.
39. In the virtual machine list, select the SUSE-Base virtual machine and click Add. You might
need to use the scroll bar or page controls to fmd the SUSE-Base entry.
40. Click Next.
41. Under Configure Resources, change the virtual machine name to QAS-SUSE-A.
42. From the Storage profLle drop-down menu, select Gold.
43. Click Next.
44. Under Configure Virtual Machines, change the computer name to QAS-VM 1.
45. From the Network drop-down menu, select QA Services Network.
46. From the IP Assignment drop-down menu, select Static - Manual.
47. In the IP address text box, type 172.30.100.14 O.
48. Click Next.
49. Under Configure networking, click Next. Do not select Fence vApp.

51. When the QA-Services vApp status changes to Stopped, right-click QA-Services and select
Start.
52. Right-click QA-Services and select Open.
54. When the QAS-SUSE-A status changes to Powered On, right-click the virtual machine and
select Popout Console.
55. If necessary, click the Continue to this website (not recommended) link.
The virtual machine will reboot because of guest customization steps taken by vCloud Director.
56. Wait for the virtual machine to start up and reboot. This process might take a few minutes. You
will experience a noticeable delay before the reboot occurs, while the SUSE login continues to
be displayed.
57. When the virtual machine has rebooted and you are prompted to log in, close the Popout
Console window.
60. In the PuTIY window, type the external IP address of the DNAT rule and click Open. The
external address is 172.20.11.240.
61. When prompted, click Yes to confirm the PuTIY security alert.
62. Log in to the virtual machine with a user name of root and password ofvmwarel!.
63. Close the PuTIY window.

Lab 10
Managing Custom Security Roles
Objective: Manage a custom vCloud Director security

role
1. Create a custom vCloud Director security role.

2. Create a vCloud Director user and test the custom security role.

URL to the VMware® vCenter Server™ Web- https:llvcs.vcd-ad.vclass.locaI:9443/

based console
URL to the VMware vCloud Director® http://vcd.vcd-ad. vclass.local
Lab 10 Managing Custom Security Roles 79

Task 1: Create a clJstom vCloud Director security role

In this task, you will create a custom vCloud Director security role. This task should be done by
student A, with student B checking the settings.
1. If you are not logged in to the vCloud Director console, open Internet Explorer, open a new
browser tab, and type the URL of the vCloud Director server:
Password vmwarel!
3. Click the System tab.

5. In the left panel, click Roles.
6. CI ick the green plus (+) icon to create a role.
7. When prompted by the New Role wizard, perform the following actions.
Setting Action
Name Type CustomRole.
Description TypevApp, Catalog, Org, Org vDC, and User rights.
Catalog Expand Catalog rights. Select View Private and Shared Catalogs.
General Expand General rights. Select Send Notification.
Organization Expand Organization rights. Select View Organization Networks.
Select Edit SMTP Settings.
80 Lab 10 Managing Custom Security Roles

Setting Action
Organization VDC Select all Organization VDC rights.
User Select all User rights.
vApp Select all vApp rights.
8. Click OK
Leave the vCloud Director console open for the next task.
Task 2: Create a vCloud Director user and test the custom security
role
In this task, you will add a vCloud Director user and use the user to test the new custom security
role. This task should be done by student B, with student A checking the settings.
URL http://vcd.vcd-ad. vclass.locallcloudJorgIRD
Username rd admin
Password vmwarel!
2. Log in to vCloud Director with a user ID of rd_ admin and a password of vmware I!.
4. Click Users in the left panel.
5. Click the plus (+) icon to add a user.
6. Type Francis_Dalton in the User name text box.
7. Type vmwarel1 in the Password text box.
8. From the Roles available to this user drop-down menu, select CustomRoJe.
9. Click OK
10. Click Logout.
11. Log in with the user ID of Francis_Dalton and a password ofvmwarel!.
Lab 10 Managing Custom Security Roles 81

12. Experiment with the user role. Answer the following questions:
• Can you create a VMware vSphere® vAppTM? _
• Can you share a vApp that you did not create? _
• Can you access anything in the catalog? _
• Can you see organization networks? _
• Can you see organization virtual datacenters? _
• Can you explain the behavior of this role? _
13. Click Logout.
14. Close the Internet Explorer tab that is the vCloud Director console for the RD organization.
82 Lab 10 Managing Custom Security Roles

Lab 11
Integrating LDAP and Active Directory
Objective: Integrate LDAP into a VMware cloud

1. Integrate Active Directory LDAP with vCloud Director.

2. Import an Active Directory user and group.
3. Test Active Directory users and groups.


based console
URL to the VMware vCloud Director® http://vcd. vcd-ad.vclass.local
vCloud Director administrator password vmware I!
Lab 11 Integrating LDAP and Active Directory 83

Task 1: Integrate Active Directory LDAP with vCloud Director
In this task, you will configure vCloud Director to use Active Directory LDAP. This task should be
done by student B, with student A checking the settings.
1. If you are logged in to the vCloud Director console under any account other than administrator,
log out and log in with a user II) of administrator and a password of vmware I! .
2. Click the System tab.
4. Click Organizations.
5. Right-click the RD organization.

6. Click Open.
8. Click LDAP in the left panel.

9. Select Custom LDAP service.
10. Click the Custom LDAP tab.

11 . Use the following Connection settings to connect to LDAP.
Server 172.20.10.93
Port 389
Base distinguished name dc=vcd-ad,dc=vclass,dc=local
UseSSL Deselect.
Authentication method simple
User name Administrator@Vcd - ad.vclass.local
Password vmwarell
12. Use the following User Attributes settings.
These setting should all already be the default settings for a standard Active Directory LDAP.
Different settings would be required for nonstandard schemas and for OpenLDAP.
84 Lab 11 Integrating LDAP and Active Directory

Object class user
Unique identifier objeetGuid
User name sAMAeeountName
Display name displayName
Given name givenName
Surname sn
Email mail
Telephone telephoneNumber
Group membership dn
identifier
Group back link tokenGroups
13. Use the following Group Attributes settings.
These setting should all already be the default settings for a standard Active Directory LDAP.
Different settings would be required for nonstandard schemas and for OpenLDAP.
Object class group
Unique identifier objeetGuid
Name en
Membership member
Group membership dn
identifier
Group back link identifier obj eetSid
14. Click Apply.

15. Scroll to the top of the window and click Test LDAP Settings. You should see Connected
status. Some attributes might have a green check mark. Do not be concerned if many attributes
are blank.
IH.iij
Some systems might initially be unable to connect. If you see a connection error, wait two
minutes and try to connect again.
Us~r name IQ ':HHuc h for
... Unlqul;' :d-e n.l!ft€' r
... lIs~r "'cirn~
0 ~m.j,
0 DI'H l I::iy name
0 (jfI,O-rto~m o
0 ;um. rr. 6 ,n
0 To' ~tto-m;~
""... <3foup r Ji l .'lti
~rnlJ4l unklu e tCier.t Of
16. In the LDAP Setting Test Results window, type the user name MHanuner.
17. Click Test. All green check marks and all fields should contain values.
18. Click OK.
19. Click Synchronize LDAP.
20. Close the Internet Explorer tab for the vCloud Director console.
Wait five minutes to give the vCloud Director system time to synchronize for the next task.

Task 2: Import an Active Directory user and group
In this task, you will import an Active Directory user and group. This task should be done by student
A, with student B checking the settings.
1. In Internet Explorer, open a new tab and type the URL of the RD organization vCloud Director
server:
http://vcd.vcd-ad.vclass.local/cloud/org/rd/
2. Log in with a user ID ofrd_admin and a password ofvmwarel!.
4. In the left panel, click Users.
5. Click the Import icon.

6. Type SSpade.
7. Click Search.
8. Select SSpade.
9. Click Add.
10. Click OK
11. In the left panel, click Groups.
12. Click the 1m port icon.

13. Type RD-Engineers.
14. Click Search.
15. Select RD-Engineers.

16. Click Add.
17. Click OK
18. Click Logout.

Task 3: Test Active Directory users and groups
In this task, you will test the login capability of Active Directory users and groups. This task should
be done by student B, with student A checking the settings.
1. Use the Internet Explorer browser console for the RD organization at https://vcd.vclass.locall
cloudiorgIRD/.
2. Try to log in with the following user names and passwords. Click Logout after each successful
login.
User 10 Password Result
MKnife vrnwarel! This login should work. MKnife is a member of

the RD-Engineers group.
MHammer vmwarel! This login should fail. MHammer was not

imported, and no group of which MHammer is
a member was imported.
SSpade vmwarel! This login should work. SSpade was manually

imported.

Lab 12
Managing Cloud Resources
Objective: Manage cloud resources as a system

administrator
1. Configure and test email notification settings.

2. Manage organization vDC properties.
3. Manage network IP allocations and pools.


based console
Lab 12 Managing Cloud Resources 89

turns so that both students in the team gain experience with the command and the VI.
Task 1: Configure and test email notification settings

In this task, you will configure email notification settings as a system administrator. Email settings
defmed by the system administrator can be inherited by organizations. Student B will do this task.
1. lfyou are not logged in to the vCloud Director console, open Internet Explorer and log in to the
vCloud Director server using the foUowing infonnation.
URL http://vcd.vcd-ad.vclass.local
Password vmwarel!

4. In the left pane, select Email.
5. In the right pane, under SMTP settings, perfonn the following actions.
Setting Action
SMTP server name Type vcd. vcd- ad. vclass . local.
SMTP server port Keep the default.
Requires authentication Leave unselected.
Sender's email address Type administrator@vcd-ad.vclass.local.
Email subject prefIX Type VCD Notification.
Test destination Type administrator@vcd-ad.vclass.local.
90 Lab 12 Managing Cloud Resources

6. Click Test SMTP settings.
7. When prompted, click OK.
8. At the lower-right comer of the page, click Apply.

9. Minimize the vCloud Director console.
11. In PuTIY, double-click the ven profile.
12. When prompted, log in to the remote system with a user name of root and a password of
vrnwarel!.
The vcd.vcd-ad.vclass.locaI system has been configured as a simple postfix email system. The
email system has been configured so that all email messages are forwarded to the johndoe
mailbox.
13. Type cat /var/mail/johndoe.
14. At the end of the file, you should see a test message similar to the following example:
From administrator@vcd-ad.vclass.local Wed Oct 10 14:47:062012
Return-Path: <administrator@vcd-ad.vclass.locaI>
X-Original-To: administrator@vcd-ad.vclass.local
Delivered-To: johndoe@vcd-ad.vclass.local
Received: from vcd.vcd-ad.vclass.local (vcd.vcd-ad.vclass.local [172.20.1 0.91])
by vcd.vcd-ad.vclass.local (Postfix) with ESMTP id 87562EC5B2
for <administrator@vcd-ad.vclass.local>; Wed, 10 Oct 2012 14:47:06 -0500 (CDT)
Date: Wed, 10 Oct 2012 14:47:06 -0500 (CDT)
From: "administrator@vcd-ad.vclass.locaI" <administrator@vcd-ad.vclass.local>
To: "administrator@vcd-ad.vclass.local" <administrator@vcd-ad.vclass.local>
Message-ID: <1200280528.1.1349898426515.1avaMail.vcloud@vcd.vcd-ad.vclass.local>
Subject: VCD Notification VMware vCloud Director Email Test
15. Close the PuTIY window.

16. Return to the vCloud Director console.

Task 2: Manage organization vDe properties
In this task, you will configure the properties of an organization. Student A will do this task. Student
B will check the settings.

2. In the left pane, select Organization VDCs.
In addition to creating provider virtual datacenters and organization vDCs, the system
administrator can change existing vDC configurations.
3. In the right pane, right-click RD VDC and select Properties.

4. In the Organization VDC Properties panel, under the Allocation tab, perform the following
actions.
Setting Action
CPU resources guaranteed Type 10.
Memory resources guaranteed Type 10.
Maximum number of VMs Type 50.
5. Under the Network Pool & Services tab, change the number of networks provisioned to the
organization by typing 60 in the text box.
6. Click OK Wait for the configuration update to complete before continuing.
Task 3: Manage network IP allocations and pools

In this task, you will examine edge gateway IP allocations and update the network pool. Student B
will do this task. Student A will check the settings.
1. In the left pane, select External Networks.
2. In the right pane, right-click Production and select IP Allocations.
3. In the IP Allocations on Network: Production panel, click the Gateway IP Sub-allocation
tab.
Ranges of external network IP addresses have been suballocated to different organization edge
gateways in this course. Using the suballocation list, answer the following question.
What is the IP range suballocated to the QA gateway? _ _ _ _ _ _ _ _ _ _ __

4. Click the Allocated IP Addresses tab.
The Allocated IP Addresses tab lists all IP addresses allocated on the production network to
attached virtual machines and organization gateway interfaces.
5. In the Allocated IP Addresses list, click the Edge Gateway column header to sort the list by
edge gateway assignment.
6. Find the IP addresses allocated to QA gateway and answer the following questions by
comparing the listed allocations to the suballocation range you recorded in step 3.
External interface of the QA gateway: _ _ _ _ _ _ _ _ _ _ _ __
NAT address used for a VMware vSphere® VAppTM virtual machine:
7. Click Cancel to close the IP Allocations panel.

8. Right-click the Production network and select Properties.
9. In the Network Properties: Production panel, click the Network Specification tab.
The system administrator can disable specific networks here, change network characteristics, or
delete networks.
10. Click Cancel.

11. In the left pane, select Network Pools.
12. In the right pane, right-click ORG-VLAN-Pool and select Properties.

13. In the Network Pool Properties: ORG-VLAN-Pool panel, click the Network Pool Settings
tab.
14. In the VLAN ID Range text box, type 300 - 3 99 and click Add.
15. Click OK

Lab 13
Managing Organization Resources
Objective: Manage resources as an organization

administrator
1. Manage organization properties and policies.

2. Configure email notifications.
3. Manage edge gateways and organization networks.
4. Manage users and catalogs.

URL to the VMware® vCenter Server™ Web- https://vcs.vcd-ad.vc\ass.local:9443/

based console
URL to the VMware vCloud Director® http://vcd.vcd-ad.vclass.locaJ
Lab 13 Managing Organization Resources 95

Task 1: Manage organization properties and policies

In this task, you will manage organization properties and policies. Student A will do this task.
1. In Internet Explorer, open a new tab and log in to the QA administrator page using the
URL http://vcd. vcd-ad.vclass.local/cloudiorglQA
Username
Password vmwarel!

3. In the left pane, click General.
4. In the right pane, change the organization full name by typing the following in the text box:
Quality Assurance and Testing
5. At the bottom-right comer of the page, click the Apply button.
6. In Internet Explorer, click the Refresh button and, if necessary, log in using the credentials
provided in step 1.
The organization pages are branded with the new full name.

8. In the left pane, select Policies.
Organization administrators have full control over lease, default quota, and password lockout
settings. Organization administrators cannot change limits imposed by the system administrator.
96 Lab 13 Managing Organization Resources

9. In the right pane, perform the following actions.
Setting Action
vApp leases: From the second drop-down menu, select Days. From the
Maximum runtime lease first drop-down menu, select 14.
vApp leases: From the second drop-down menu, select Days. From the
Maximum storage lease flfSt drop-down menu, select 30.
vApp leases: From the drop-down menu, select Permanently delete.

Storage cleanup
Password Policies Select the check box.

Account lockout enabled
Invalid logins before lockout Type 3.
Account lockout interval Type 5.
10. Click Apply.
Task 2: Configure email notifications

In this task, you will confIgure and test email notiftcations at the organization level. Student B will
do this task. Student A will check the settings.
1. In the left pane, select Email.
2. In the right pane, under Notification settings, select Set organization notification settings.
3. In the Sender's email address text box, type qa_admin@Vcd-ad.vclass . local.
4. In the Email subject prefix text box, type QA VDC Notification.
5. In the bottom-right comer of the page, click the Apply button.
6. In the left pane, select Users.

7. In the right pane, click the Notify icon.
Users
+
1.
IH·iii
Notifications sent in this context can be addressed to all users in the organization., or to all
organization administrators.
8. In the Notify Users panel, select Organization Administrators from the To drop-down menu.
9. In the Subject text box, type Policy Changes.
10. In the Message text box, type vApp runtime and storage leases have been
reduced to 14 and 30 days respectively.
11. Click Send Email.

12. When prompted, click OK
13. Click Cancel to close the Notify Users panel.
14. Select one or more users in the list and click the Notify icon. Multiple users can be selected by
pressing the Ctrl key when selecting each user.
The user name or number of users selected appears in the notification To field.
15. Click Cancel to close the Notify Users panel.

17. In the right pane, right-click QA VDC and select Notify Users.
IU·iii
Notifications sent in this context are automatically addressed to any user with items in the
organization virtual datacenter. Relevant items are vApp templates, vApps, Media, and any
other object that a user might have attached or created as a resource.
18. Click Cancel.

Task 3: Manage edge gateways and organization networks
In this task, you will manage edge gateways and attached organization networks. Student A will do
this task. Student B will check the settings.
1. Right-click QA VDC and select Open.
2. In the right pane, click the Edge Gateways tab.
3. Right-click QA Gateway and select External IP Allocations.
External IP allocations have an associated category that is useful for identifYing which
addresses are used by which devices and how those addresses are being used. In the displayed
IP allocations list, you will see at least one IP allocated with a category of VSE and at least one
IP allocated with a category of NAT. The VSE category identifies which IP addresses have been
allocated for use by the organization network devices, such as an edge gateway interface, and
which IP addresses have been allocated for NAT translation.
4. Using the IP allocation table, record the IP addresses for each of the following connections:
External interface of the edge gateway: _ _ _ _ _ _ _ _ _ _ _ __
Public address of the hosted QA service virtual machine: _ _ _ _ _ _ _ _ _ _ _ __

5. Click Cancel.
The following steps require that you performed the "Hosting Inbound Services" lab. If you did
not complete that lab, do not perform the ping steps below, but do perform all other steps.
6. On the Control Center computer, select Start> All Programs> Accessories> Command
Prompt.
7. In the Command Prompt window, begin a continuous ping by typing ping 172.20.11.240
-to
8. In the QA administrator console, right-click QA Gateway and select Re-apply service

configuration.

10. In the Command Prompt window, observe network throughput as the update occurs.
iU·iii
You will see very little effect on network throughput as a result of reapplying the edge gateway
service configuration. Monitor the response times and watch for time-out conditions in the
continuous ping operation.
11 . When the reapply of gateway service configuration is complete, return to the QA administrator
console. Leave the continuous ping running.
12. Right-click QA Gateway and select Re-deploy.
14. In the Command Prompt window, observe network throughput as the VMware vShield Edge
device is redeployed.
iU.iii
The redeployment will take a few minutes to complete. During redeployment, you will see the
ping reply times increase. In general, network connectivity is not cut off for long periods of
time. During the redeployment, you will see one or two periods in which full network
interruption occurs.
15. When the redeployment is complete, close the Command Prompt window.
16. In the QA administrator console, click the Org VDC Networks tab.
17. Right-click QA Services Network and select Properties
18. In the Network Properties panel, click the Network Specification tab.
Organization administrators can modify or add IP pool ranges for any given organization
network that is not directly connected to an external network defmed by a system administrator.
19. In the static IP pool range text box, type 172.30.100.160 -172 .30.100.170 and click
Add.
20. Click OK Wait for the configuration update to complete before continuing.

21 . Right-click QA Services Network and select IP allocations.
lu·ni
The IP allocations that are listed apply only to the organization network. Each IP allocation
specifies a virtual machine and a VMware vSphere® VAppTM. One of the IP addresses is listed
as being assigned to a VMware® vShield Edge™ (internal) virtual machine. In this case, the
vShield Edge (internal) virtual machine is the QA gateway and the IF address listed is the
address assigned to its internal interface.
22. Click Cancel.
Task 4: Manage users and catalogs

In this task, you will manage organization users and catalogs. Student B will do this task. Student A
2. In the left pane, select Users.
3. In the right pane, click the gear icon and select New User.
4. In the New User wizard, perform the following actions.
Setting Action
User name Type qa_user2.
Password Type vmwarel !.
Confirm password Type vmwarell.
Role Select vApp User.
Full name Type QA User2.
Email address Type qa_user2®Vcd-ad. vclass . local.
5. Click OK.

6. Right-click qa_userl and select Properties.
7. In the User Properties panel, select Catalog Author from the User role in organization: QA
drop-down menu.
8. Scroll down to the Quotas section.
9. For the All VMs quota, select the left-most radio button and type 10 in the text box.
10. For the Running VMs quota, select the left-most radio button and type 5 in the text box.
11 . Click OK.
14. In the right pane, under the Catalogs subtab, right-click QA Catalog and select Properties.
15. In the Catalog Properties panel, under the Publishing tab, select Don't publish this catalog
to other organizations and click OK.

Lab 14
Managing VMware vSphere Resources
Objective: Manage vSphere resources

1. Manage vCenter server systems.

2. Examine resource pool properties.
3. Manage ESXi hosts.
4. Manage datastores.
5. Manage storage profiles.
6. Examine vSphere distributed switches and port groups.
Lab 14 Managing VMware vSphere Resources 103


based console
Task 1: Manage vCenter server systems

In this task, you will manage a vCenter Server system. Ibis task should be done by student B, with
student A checking the settings.
Password vmwarel!

4. Click vCenters in the left panel.
104 Lab 14 Managing VMware vSphere Resources

5. Point to the Attach New vCenters icon. Through this icon you can add vCenter Server systems
to your cloud.
veentelS
I~O=-_ : ~
~ .t..ttach New vCenter
6. Click the Attach New vCenter icon.

List the required items for attaching a vCenter Server system:
7. Click Cancel.
8. Complete the following information for the vCenter Server system:
Name
Status
vCenter Server
Port Number
Version
vShield Manager
vCenter Proxy
9. In the right panel, select vCenterServer.

10. Click the Actions icon (blue gear symbol).
11. Click Properties.

12. On the General tab, change the name of the vCenter Server system by typing Cloud
Systems vCenter 01 in the vCenter Name text box.
13. Click OK.

14. Click Cloud Systems vCenter 01.
15. Click the actions icon (blue gear symbol).
16. Click Open in vSphere Web Client.
You might see a Pop-Up Blocked warning message at the top of the browser window. Disable
the pop-up blocker and click Open in vSphere Web Client.
17. Click Continue to this website (not recommended).
18. Log in to vCenter Server, using the foUowing credentials.
Username adm inistrator
Password vmwarel!
19. Minimize the vSphere Web Client window and return to the vCloud Director console.
Task 2: Examine resource pool properties

In this task, you will examine a VMware® vSphere® resource pool in vCloud Director. This task
should be done by student A, with student B checking the settings.
Password vmwarel!

4. In the left panel, click Resource Pools.

5. Verify that Generic-Pool and High-Performance-Pool are listed.
6. Right-click High-Performance-Pool and select Properties.
You should see the following information for each datastore:
• Datastore
• Type (
• Connected
• Capacity (Usedffotal)
• % Used
Based on this information, which datastore has the highest free-space capacity?
What is the memory reservation used _ _ _ _ _ _ _ and total _ _ _ _ _ _ _ _ _ in

the entire resource pool?
7. Click OK
Leave the vCloud Director console connected for the next task.
Task 3: Manage E5Xi hosts

In this task, you will manage connected VMware ESXi™ hosts from the vCloud Director console.
This task should be done by student A, with student B checking the settings.

If you have any Internet Explorer tabs running VMware vSphere® Web Client or any other
instances of Internet Explorer running, close them now. You should have only one instance of
Internet Explorer running and it should have a single tab open to the vCloud Director console.

3. In the left panel, click Hosts.
4. Right-click the esxi01.vcd-ad.vclass-local host and select Open in vSphere Web Client.
6. In the left panel, select the esxiOl.vcd-ad.vclass.local host.
You might have to expand VCS.vcd-ad.vclass.local > vCloud Datacenter> vCloud
Resource-Cluster to see theesxiOl host.
7. Click the Related Objects tab.

8. Click the Virtual Machines subtab.
9. Minimize this instance of the vSphere Web Client.
10. In the vCloud director console, right-click the esxi01.vcd-ad.vclass.local host and select
Disable Host. Wait for the Enabled status to change to the stop symbol.
11. Right-click the esxiOl.vcd-ad.vclass.local host and select Redeploy All VMs.
12. Click Yes.
13. On the Windows task bar, click the vSphere Web Client icon to maximize the window.
14. Click the refresh icon at the center top of the browser that is to the right of the Updated time
stamp.
15. Examine the Recent Tasks pane. You should see the Enter Maintenance Mode task, to migrate
virtual machines from one host to the other. Your ESXi hosts do not sufficient capacity to run
all of your VMware vSphere® VAppSTM. So some migrations will fail, preventing the ESXi host
from going into maintenance mode.
16. Wait for the vCenter Server system to finish attempting migrations.
17. Locate the Enter Maintenance Mode task. Click the cancel icon (circle-X). Click Yes.
18. Minimize the vSphere Web Client and return to the vCloud Director console. You should see an
error message in the Status column.
19. Right-click the esxiOl.vcd-ad.vclass.local ESXi host and select Enable Host.
Leave the vCloud Director console running for the next task.

Task 4: Manage datastores
In this task, you will manage vSphere datastores. Ibis task should be done by student B, with
student A checking the settings.
3. In the left pane, click Datastores and Datastore Clusters.
4. Right-click Fast-Datastore-l and select Properties.
Answer the following questions:
a . Which storage profile is this datastore connected to? _ _ _ _ _ _ _ __

b. Does this datastore have any system alerts? _ _ _ _ _ _ __
c. What is the current disk space threshold for yellow? _ _ _ _ _ __
5. Change the yellow level for the disk space threshold to 6GB. Click OK.
Leave the vCloud Director console logged in for the next task.
Task 5: Manage storage profiles

In this task, you will manage storage profiles. Ibis task should be done by student B, with student A
checking the settings.
3. In the left pane, click Storage Profiles.
4. Right-click Bronze and select Properties.
a. Which datastores are in the Bronze storage profile? _ _ _ _ _ _ _ __

b. What percentage of storage has been used in the Bronze storage profLle in each datastore?
5. Click Cancel.
Leave vCloud Director console logged in for the next task.

Task 6: Examine vSphere distributed switches and port groups
In this task, you will view the properties of vSphere distributed switches and port groups. This task
should be done by student B. with student A checking the settings.
3. In the left panel, click Switches & Port Groups.
Which distributed switches have network pools assigned to them?
4. Click the Port Groups tab. You should see all currently assigned port groups.
5. In the upper right of the browser window, type vApp (case-sensitive) and press Enter. You
should now see all port groups that are associated with cloud networks that have "v App" in the
network name.

Lab 15
Monitoring Cloud Components
Objective: Monitor cloud components

1. Monitor provider vDC and organization vDC use.

2. Examine vCloud Director logs.
3. Enable and verifY Syslog logging for vCloud Director networks.


based console
Lab 15 Monitoring Cloud Components 111

Task 1: Monitor provider vDC and organization vDC use

In this task, you will be guided through the vCloud Director console to examine various component
monitoring features. Student B will do this task. Student A will check the settings.
Password vmwarel!

4. In the left pane, select Provider VDCs.
5. In the right pane, click the Monitor button and expand the first column so that the names are
visible and answer the following questions:
Which provider vDC is showing the highest processor used value? _ _ _ _ _ _ _ _ __
Which provider vDC has the highest processor allocation? _ _ _ _ _ _ _ _ _ __
Which provider vDC has the highest memory used value? _ _ _ _ _ _ _ _ _ __
Which provider vDC has the highest memory allocation? _ _ _ _ _ _ _ _ _ __
6. In the far-right column header, click the Customize Columns control.
Reso urce Pools
112 Lab 15 MonitOring Cloud Components

7. In the Customize Columns panel, deselect Processor Allocation, Memory Allocation, and
Storage Allocation. Select Processor Overhead, Memory Overhead, and Storage Overhead.
8. Click OK
Which provider vDC shows the highest processor overhead? _ _ _ _ _ _ _ __
Which provider vDC has the highest memory overhead? _ _ _ _ _ _ _ _ _ __
Which provider vDC has the highest storage overhead? _ _ _ _ _ _ _ _ _ __
9. In the left pane, select Organization VDCs.

10. In the right pane, click the Monitor button and expand the first column so that the names are
fully visible.
IU-iiil
In some cases, a provider vDC might be shared by many organization vDCs. In the class
environment, your provider vDCs back single organization vDCs, so resource use is the same
for each pair.
11. In the far-right column header, click the Customize Columns control.
ResolJrce Pools
12. In the Customize Columns panel, select Used Network Count and vApps, then click OK.
Expand the columns so that the column headings are visible and answer the following
questions:
Which organization vDC has highest used networks count? _ _ _ _ _ _ _ __
Which organization VDC has the most VMware vSphere® VAppSTM?
13. In the left pane, select External Networks.
Lab 15 MonitOring Cloud Components 113

14. In the right pane, examine the IP Pool (Usedffotal) value shown for the Production network
and answer the following question:
What percentage of the IP pool available on Production is in use? _ _ _ _ _ _ __

15. In the left pane, select Network Pools.
16. In the right pane, examine the Pool (Used/Total) value for ORG-VLAN-Pool and answer the
following question:
What percentage ofORG-VLAN-Pool is in use? _ _ _ _ _ _ __
Task 2: Examine vCloud Director logs

In this task, you will examine the event and task logs available in the vCloud Director console. You
will also examine Syslog events related to vCloud Director. In your class environment, the vCenter
Server system was installed with an integrated Syslog server. During the course, vCloud Director
and the vCenter Server system have been sending events to that Syslog server. Student A will do this
task. Student B will check the settings.
1. In the left pane, click Logs.
2. In the right pane, select the Tasks tab and expand the columns so that the column headers are
readable.
The Tasks list shows all events related to tasks initiated by vCloud Director or a particular user.
The Owner column identifies the initiator of the task, which is either system or a user name.
3. In the Tasks list, sort the list by clicking the Owner column heading until the system-owned
tasks appear at the top of the list.
4. Examine the first two pages of tasks and answer the following question:
What two types of system-owned tasks were most frequently logged?
5. Click the Owner column heading until administrator-owned tasks are listed first.
6. Examine the first two pages of tasks and answer the following question:
What two types of administrator-owned tasks were most frequently logged?
7. Click the Events tab.

8. Examine the first few pages to see whether any warnings or errors have occurred.
114 Lab 15 MonitOring Cloud Components

10. On the ControlCenter desktop, select Start > Run.
11. In the Run text box, type \ \ ves . ved - ad . ve 1 as s . loea 1 \ e $ and press the Enter key.
12. In the \\vcs.vcd-ad.vclass.local Windows Explorer window, go to Program Data > VMware >
VMware Syslog Collector> Data > 172.20.10.91.
13. In the 172.20.10.91 folder, double-click the file with the most recent time stamp. The file
opens in Notepad. The current Syslog log file in a folder is usually named syslog. log.
14. Close Notepad after you have examined a few log entries.
Do not close the \\vcs.vcd-ad.vclass.local Windows Explorer window. You need it for the next
task.
Task 3: Enable and verify Syslog logging for vCloud Director networks
In this task, you will configure Syslog settings for network operations, synchronize logging between
the system and an edge gateway, and test firewall rule logging. Student B will do this task. Student
A will check the settings.
You must have completed the "Hosting Inbound Services" lab before beginning this task.
1. In the \\vcs.vcd-ad.vclass.local Windows Explorer window, click the Back button so that the IP
named folders are displayed.
Are there any folders named with an IP address in the range of 172.20.11.200-172.20.11.254?
2. Minimize (do not close) the \\vcs.vcd-ad.vclass.local Windows Explorer window.

3. In the vCloud Director console, click the Administration tab.
4. In the left pane, select General.
5. In the right pane, scroll down until the Networking are appears. Find the Syslog server settings.
6. In the SysJog server 1 text box, type 172.20.10.94.
7. Click Apply.
9. In the left pane, select Edge Gateways.
10. In the right pane, right-click QA Gateway and select Properties.
11. In the Edge Gateway Properties panel, click the Syslog Server Settings tab. A Syslog server
has not been configured.

12. Click Cancel.
13. Right-click QA Gateway and select Syncbronize Syslog Server Settings. Wait for tbe
synchronization to complete.
14. Right-click QA Gateway and select Properties.
15. Click the Syslog Server Settings tab and verify that Syslog server 1 is configured.
16. Click Cancel.
17. Right-click QA Gateway and select Edge Gateway Services.
18. In the Configure Services wizard, click the Firewall tab.
19. Select tbe ping rule and click the Edit button.
20. In the Edit Firewall Rule panel, select the Log network traffic for firewall rule check box
and click OK
21. Click OK to close the Configure Services wizard.
23. On the Control Center desktop, select Start> All Programs> Accessories> Command
Prompt.
24. In the Command Prompt window, ping the public IP of the QA service virtual machine by
typing ping 172.20.11. 240.
The ping command should receive a response. Traffic will be logged to the Syslog server that
has been synchronized on the edge gateway.
25. In the \\vcs.vcd-ad.vclass.local Windows Explorer window, press F5 to refresh the view.
Answer the following question:
What is the name of tbe new IP-named folder? - - - - - - - -
You will see a new folder named witb an IP address in the range of 172.20.11.200
172.20.11.254. This IP address is the external address of the QA gateway. All firewall rules
configured with logging enabled result in events being logged from the external address of the
edge gateway, even if tbe target of the rule is an external NAT IP address.
116 Lab 15 Monitoring Cloud Components

26. Double-click the new folder and double-click the syslog. log fIle. The file opens in Notepad.
The Syslog messages for vShield Edge and fIrewall events can be difficult to read. The syslog
log file for the edge gateway contains other events not directly relating to the fIrewall rule that
you confIgured.
27. In Notepad, search for "icmp." The search should take you to the end of the file.
28. Examine the log entry and close Notepad.
29. Close the \\vcs.vcd-ad.vclass.local Windows Explorer window.
30. Close the Command Prompt window.

118 Lab 15 Monitoring Cloud Components
Lab 16
Organization Users
Objective: Manage vApps as an organization user

1. Change vApp ownership.

2. Share the organization catalog.
3. Add a virtual machine to a vApp.
4. Force recustomization.
5. Share a vApp with other organization users.
6. Reset a vApp network.
Lab 16 Organization Users 119

URL to the VMware® vCenter Server™ Web https://vcs.vcd-ad.vclass.local:9443/

based console
vCenter Server administrator user name admini strator
Task 1: Change vApp ownership

In this task, you will transfer ownership of two VMware vSphere® VAppSTM. Student A will do this
task. Student B will check the settings.
1. If you are currently logged in to the vCloud Director console, click the Logout link in the
upper-right corner of the browser page. You must log out of the vCloud Director console before
continuing.
2. Log in to the QA organization page using the following information.
URL http://vcd.vcd-ad.vclass.local/cloudlorg/QA
Username
Password vmwarel!
3. Click the My Cloud tab. No vApps are listed as being accessible or owned by the qa_userl
account.
4. In the upper-right comer of the page, click the Logout link.
120 Lab 16 Organization Users

5. Log in to the QA organization page, using the following credentials.
Username
Password vrnwarel!

The qa_admin account has access to all vApps created in the organization, including vApps
created by the system administrator.
7. In the vApps list, right-click QA-vAppl and select Change Owner.

8. In the Change Owner wizard, select qa_userl and click OK.
9. Right-click QA-vApp2 and select Change Owner.
10. In the Change Owner wizard, select qa_userl and click OK.
11 . In the upper-right comer of the page, click the Logout link.
Username
Password vrnwarel!

The two vApps that qa_userl now owns appear in the Apps list.

Task 2: Share the organization catalog
In this task, you will transfer ownership of two vApps. Student B will do this task. Student A will
check the settings.
2. In the right pane, click the Catalogs tab and then click the vApp Templates tab. Notice the
number of items listed on each tab.
As the system administrator, you created a catalog for the QA organization lab 4. Later, as the
QA organization administrator, you interacted with that catalog. However, using the
nonadministrative qa_ userl account, you have no access to the catalog. Organization catalogs
are not automatically shared to all organization users.
Username
Password vrnwarel!

7. In the right pane, right-click QA Catalog and select Share.
8. In the Catalog Properties panel, on the Sharing tab, click Add Members.
9. In the Share to Users and Groups wizard, leave Everyone in the organization selected and
click OK.
10. Click the drop-down menu and select ReadlWrite.
11. Click OK.
12. In the catalog list, notice the group icon that appears in the QA catalog Shared column.
Na me 1 ~ Shar" oj
(§ QA Catalog

Username
Password vmwarel!
15. Click the Catalogs tab. In the right pane, the QA catalog appears and can be accessed.
Task 3: Add a virtual machine to a vApp

In this task, you will add a virtual machine to a vApp. Student A will do this task. Student B will
check the settings.
4. Click the Add VM icon, which appears as a green plus (+) sign.
5. In the New Virtual Machine wizard, use the virtual machine list scroll bar and page controls to
find the Win2k3-Base entry.
6. Select the Win2k3-Base virtual machine and click Add.
7. Click Next.
8. Under Configure Resources, change the virtual machine name to QAI-W2k3-B.
9. From the Storage Profile drop-down menu, select Silver.
10. Click Next.
11 . Under Configure Virtual Machines, change the computer name to QAI-VM2.
12. From the Network drop-down menu, select QAl-Local.
13. From the IP Assignment drop-down menu, select DHCP.
14. Click Next.
15. Under Configure Networking, click Next.
17. When the QAI-Win2k3-B virtual machine status changes to Powered Off, right-click the virtual
machine and select Power On.

Task 4: Force recustomization
In this task, you will force recustomization of a virtual machine in a vApp. Student B will do this
task. Student A will check the settings.
1. In the left pane, click v Apps.
2. In the right pane, right-click QA-vApp2 and select Open.
4. Right-click the QA2-Win2k3-A virtual machine and select Power Off.
6. When the QA2-Win2k3-A status changes to Powered Off, right-click the virtual machine and
select Power On and Force Recustomization.
7. When the QA2-Win2k3-A status changes to Powered On, right-click the virtual machine and
select Popout Console.
8. Monitor the virtual machine startup. The Windows login dialog box appears. After a few
minutes, the virtual machine reboots as part of the guest customization process.
9. Continue to monitor the virtual machine startup after the frrst reboot. You will observe several
Windows customizations occur, followed by a fmal restart.
10. When the last reboot has completed and the Windows login dialog box appears, close the
Popout Console window.
Task 5: Share a vApp with other organization users

In this task, you will share a vApp with another organization user. Student A will do this task.
2. In the right pane, right-click QA-vAppl and select Share.
3. In the v App Properties panel, on the Sharing tab, click Add Members.
4. In the Share to Users and Groups wizard, select the Specific users and groups radio button.
5. Select qa_user2 and click Add.
6. Click OK
7. From the qa_user2 Access Level drop-down menu, select Read Only.
8. ClickOK
9. In the upper-right corner of the page, click the Logout link.

Username
Password vmwarel!
11 . Click the My Cloud tab.

12. In the right pane, right-click QA-vAppl and notice which options are available to the qa_user2
account.
Username
Password vmwarel!
Task 6: Reset a vApp network

In this task, you reset a vApp network to force redeployment of the vShield Edge device. Student B
will do this task. Student A will check the settings.
4. Right-click the QAl-Local network and select Reset Network.
5. Read the Reset Network notice and click Yes. Wait for the Reset operation to complete.

Lab 17
Installing VMware vCloud Director
Objective: Install vCloud Director

1. Configure the vCenter Server licenses.

2. Verify the vCenter Server and vSphere DRS configuration.
3. Verify the vCenter Server networking configuration.
4. Configure iSCSI storage.
5. Configure user-defined storage capabilities.
6. Configure storage profiles.
7. Configure Network Time Protocol.
8. Confirm the vCloud Director network configuration.
9. Install vCloud Director.
10. Install the Java keytool.
11. Prepare the vCloud Director SSL keystore and create self-signed certificates.
12. Configure vCloud Director.
13. Create a Sysprep deployment package.
14. Configure the vCloud Director cell.
Lab 17 Installing VMware vCloud Director 127

15. Connect vShield Manager to vCenter Server system.
16. Attach the vCenter Server system and vShield Manager.
17. License vShield Manager.
18. Test vCloud Director.


based console
vCenter Server administrator password vmware 1!
URL to the VMware vCloud Director® http://vcd.vcd-ad.vclass.local
most tasks wiH be done by one student while the other student checks the work. Students will take
Task 1: Configure the vCenter Server licenses

In this task, you will license your VMware® vSphere® resource cluster. Students should work
together in a team of two students working on the same cluster. Students will alternate, with one
student configuring the cluster and the other student double checking settings. Ibis task should be
done by student A, with student B checking the settings.
1. Ask your instructor how to access your student vClass environment.

2. Open your workspace.
3. Open the console of the ControlCenter virtual machine.
4. Log in to the ControlCenter system with the user ID of administrator and the password of
vmwarel !.
128 Lab 17 Installing VMware vCloud Director

5. Click the Internet Explorer shortcut Web-Console. Web-Console is a shortcut to VMware
vSphere® Web Client.
6. Log in using the user ID of administrator and the password of vmware I !.
7. In the Administration pane, click the Licensing icon.
8. Select the vCenter Server Instances tab.
9. In the vCenter Server Instance column, select vcs.vcd-ad.vclass.local.
10. Click Assign License Key.
11. From the drop-down menu, select Assign a new license key.
12. Type the vCenter Server license key provided by your instructor.
13. Type vCenter Server in the Label (optional) text box.
14. Click OK
15. Click the Hosts tab.
16. Select the esx01.vcd-ad.vclass.local host.
19. In the License key text box, type the VMware vSphere® Enterprise Edition™ license key
provided by your instructor.
20. Type vSphere Enterprise Plus in the Label (optional) text box.
21. Click OK
22. Select the esx02.vcd-ad.vclass.local host.
24. Select the vSphere Enterprise Plus license key.
25. ClickOK
26. Click Home.
Remain logged in to the vCenter Server system and leave vSphere Web Client open.

Task 2: Verify the vCenter Server and vSphere DRS configuration
In this task, you will confirm your VMware vSphere® Distributed Resource SchedulerTM cluster
configuration. This task should be done by student B, with student A checking the settings.
The vSpbere DRSNMware vSphere® High Availability configuration used in this lab is specific to
this lab environment. In most production environments, the best practice is to enable features like
vSphere HA, EVC, and Power Management. The configuration that you should use in production
environments depends on individual requirements. vCloud Director requires vSphere DRS to be
enabled. vCloud Director does not require vSpbere HA features.
1. If you are not logged in to the vSphere Web Client, do the following :
a. Double-click the vSphere Web Client shortcut.
b. Log in using the user ID of administrator and the password of vmware 1'.
2. Verify that you have a datacenter and vSphere DRS cluster properly configured:
a. Click Home.
b. In the Home pane, click the Hosts and Clusters icon.
c. Verify that you have a datacenter named vCloud Datacenter.
d. Verify that a vSphere DRS cluster is under the datacenter. In this lab, the vSphere DRS
cluster is named vCloud-Resource-Cluster.
e . Verify that VMware ESXi™ hosts esxiOl.vcd-ad.vclass.local and esxi02.vcd
ad.vclass.local are members of the cluster.
f. Click the vSphere DRS cluster vCloud-Resource-Cluster in the left inventory panel.
g. Click the Manage tab in the vCloud-Resource-Cluster pane.
h. Click the Settings subtab.
i. Click vSphere DRS under Services.
o DRS Automation should be selected and set to Fully Automated.
o Power Management should be set to OfT.
o Advanced Options should be set to None.
j. Click vSphere HA under Services. vSphere HA should be turned off.
k. Click the Summary tab.

I. In the vSphere DRS panel, verify the following settings:
• Migration automation level should be set to Fully Automated.
• Migration threshold should apply priority 1,2, and 3 recommendations.
• Power management automation level should be off.
Remain logged in to the vCenter Server system and leave the vSphere Web Client open.
Task 3: Verify the vCenter Server networking configuration

In this task, you will conftrm your vCenter Server networking confIguration. This task should be
done by student A, with student B checking the settings.
1. Click Home in the upper-left comer of the left pane.
2. Under Inventories, click the Networking icon.
In the left panel, you should see the following three vSphere distributed switches:
• dvs-IP-Storage
• dvs-Production
• dvs-vMotion
3. Select the dvs-IP-Storage switch.
4. Click the Manage tab.
5. Click the Settings subtab under Manage.
6. Expand the VMkemel ports under IP-Storage. You should see two vmkl ports conftgured at IP
addresses 172.20.13.51 and 172.20.13.52.
7. Expand the dvs-IP-Storage-DVUplinks on.
The dvs-IP-Storage switch should be correctly conftgured so that it can be bound to the
VMware vSphere® Virtual iSCSI Adapter. There should only be a single uplink (with two NIC
adapters) for this switch. The uplink is named dvUplinkl. One NIC adapter should be
connected to vmnic3 on esxiOl.vcd-ad.vclass.local. The other NIC adapter should be connected
to vrnnic3 on esxi02.vcd-ad.vclass.local.
I"Jiii[.]~1
If the distributed switch used by IP storage is not limited to a single uplink (one NIC per host) it
will not be possible for the vSphere virtual iSCSI adapter to bind to the VMkemel port. By
default, distributed network switches are created with four potential uplinks.

8. Use the Networking view in vSphere Web Client to confirm that both ESXi hosts have the
following switches and port groups connected to the correct vmnic interfaces.
Switch Port group vmnic

dvs-Production Production vmnicl
dvs-vMotion vMotion vmnic2
dvs-IP-Storage IP-Storage vmnic3
9. Use the Networking view in vSphere Web Client to confmn that the following VMkemel ports
exist with the proper network configuration.
Switch ESXi01 ESXi02 Subnet mask vMotion? Management?

dvs-vMotion 172.20.12.51 172.20.12.52 255.255.255.0 Yes No
dvs-IP-Storage 172.20.13 .51 172.20.13.52 255.255.255.0 No No
Task 4: Configure iSCSI storage

In this task, you will configure your iSCSI storage configuration. This task should be done by
student B, with student A checking the settings.
1. Click Home in the upper-left comer of the left pane.
3. Select the esxi01.vcd-ad.vclass.local ESXi host in the left panel.
5. Click the Storage tab under Manage. The Storage Adapters item should be selected by default
in the left panel. If it is not already selected, click Storage Adapters.
6. Click the green plus (+) icon to add a storage adapter.
7. Select the Software iSCSI Adapter.
8. Click OK Wait for the adapter to be added to the list of storage adapters.
9. Select the iSCSI software adapter that was added. On most systems, this adapter is vmhba33.

10. Click the Properties tab in the lower panel.
11. Click the Edit button.
12. Change the iSCSI name to iqn.I998-0 I .com.vmware:esxiO 1. On most systems, you will need to
delete extra hexadecimal characters that have been appended after esxiOl. When the iSCSI
name matches the correct name, click OK
Example: Before changing the iSCSI name
iSCSI Name' liqn 1998-01 .co m vmwa re 'eSJd01-1 ce7c3fdI

I
iSCSI Alias.
L-
Cilnce l
Example: Correct iSCSI name
iSCSI Name: IIQn .1998-o1 .com.vmware :esxio11 I

ISCSI Alias:
In this lab environment, the iSCSI storage array validates the iSCSI name of the storage
requester. In a production system, consult with your storage administrator to determine the
authentication requirements of the local storage arrays.
13. Click the Targets tab under Adapter Details.
14. Click the Dynamic Discovery tab.
15. Click the Add button.
16. In the iSCSI Server text box, type 172 . 20.13.14 .
17. Keep the default port of 3260.
18. Leave Inherit settings from parent selected.
19. Click OK.
20. Click the Network Port Binding tab_

21. Click the green plus (+) icon to add a VMkemel port.
22. Select the IP-Storage port group. The vmki port should be automatically selected on the
vmnic3 physical network adapter. The Status tab should report that this port group policy is
Compliant. Click OK
23. Click the icon to refresh the host's storage system.
storage Adapters
!iii ~ C ~ ... t- ~=
AdaPte~ iJ - - T\l D~ Statw
PII)(4 fnr 41n~ Refresh the host's storage system '
24. Click the icon to rescan the host for new storage devices or new VMware vSphere® VMFS
volumes. Allow the scan for new storage devices and for new VMFS volumes. Click OK
storage Adapters
Ad.plo r f! b~ Y .- .~ • _ . __ . ' . "
Rescan the host for n ew storage deVices or

. , • •• ~
PIIX4 for 430TX144( ne w V MFS volumes
25. Click the Devices tab under Adapter Details. You should see four iSCSI disk devices.
26. Click the Related Objects tab at the top of the pane.
27. Click the Datastores tab. You should now see the following datastores:
• Fast-Datastore-I
• Fast-Datastore-2
• Medium-Datastore--I
• Slow-Datastore-I
Either a datastore 1 or a datastore2 will be present.
28. Repeat steps 1-24 for the esxi02.vcd-ad.vclass.1ocal host.

In step 12, use iqn. 1998-0 I.com. vmware.esxi02 for the iSCSI name.
Remain logged in to the vCenter Server and leave the vSphere Web Client open.

Task 5: Configure user-defined storage capabilities
In this task, you will configure user-defined storage capabilities. This task should be done by student
A, with student B checking the settings.
1. Click Home in the upper-left comer.
3. Select the esxi01.vcd-ad.vclass.Iocal host.
4. Click the Related Objects tab.
5. Click the Datastores tab.
6. Right-click the Fast-Datastore-l datastore.
7. Select Assign Storage Capability.
8. Click the New button.
9. Type Gold-Level in the Capability name text box.
10. Type Premium Storage in the Description text box. Click OK. Click OK.
11. Right-click the Fast-Datastore-2 datastore.
12. Select Assign Storage Capability.
13. From the drop-down menu, select the Gold-Level storage capability.
14. Repeat steps 6-10 to assign the following user-defmed storage capabilities.
User-defined storage
Datastore capability Description
Medium-Datastore-l Silver-Level Medium speed and cost
storage
Siow-Datastore-l Bronze-Level Low speed and cost storage

Task 6: Configure storage profiles
In this task, you will configure storage profIles. This task should be done by student B, with student
A checking the settings.
2. Click the VM Storage Profiles icon.
3. Click the Enable Storage Profiles icon.
~el ; 5
. Enable VM Storage Profiles per Compute
Re sou r ce
4. Select the vCloud-Resource-Cluster.

5. Click Enable.
6. Click Close.
7. Click the Create a New VM Storage Profile icon.
rjiJ e 6\
NV H ' · • ~E
Create a new VM Sto rage Profile
8. Create the following storage profIles and connect them to the specifIed user-defmed storage
capability.
User-defined storage
Storage profile capability
Gold Gold-Level
Silver Silver-Level
Bronze Bronze-Level

Task 7: Configure Network Time Protocol
In this task, you will configure the Network Time Protocol (NTP). lbis task should be done by
student A, with student B checking the settings.
3. Select the esxi01.vcd-ad.vclass.local host.
5. Click the Settings tab.
6. Click Time Configuration.
7. Verify that the NTP client is running on the ESXi hosts.
8. Verify that at least one NTP server is configured. The NTP sever should be pdc-sql.vcd
ad.vclass.local (the primary domain controller of the Active Directory domain).
9. Repeat steps 3-8 for the esxi02.vcd-ad.vclass.local host.
10. Minimize the vSphere Web Client.
Task 8: Confirm the vCloud Director network configuration

In this task, you will confirm the network configuration of the vCloud Director server and
infrastructure. lbis task should be done by student B, with student A checking the settings.
1. Start the PuTIY tool on the desktop of the ControlCenter virtual machine.
2. Use the PuTIY SSH utility to connect to vcd.vcd-ad.vclass.1ocal.
3. Log in to the vCloud Director server with the root account and a password of vmwarel !.

4. Run the if conf ig - a command to confirm that you have two network interfaces ethO and
ethland that their addresses are correct. The ethO address should match the HTTP service
address of 172.20.10.91. The ethl address should match the console proxy service IP address of
172.20.10.92.
[root@VCD -jf 1fconfig -a

ethB Link encap:Ethernet HWaddr B8:58:56:2E:6S:25
inet addr:172.28.1B.91 Bcast:172.2B.18.255 Mask:255.255.255.e
UP BROADCAST RUNNING MULTICAST MTU:1588 Metric:l
RX packets:23518 errors:286 dropped:fl overruns:8 frame:6
TX packets:1627 errors:8 dropped:B overruns:6 carr1er:8
col11s10ns:8 txqueue1en:1888
RX bytes:1518433 (1.4 M1B) TX bytes:115257 (112.5 KiB)
Interrupt:59 Base address:6x2624
ethl Link encap:Ethernet HWaddr 6S:5B:56:2E:6S:26

inet addr:I72.28.1B.92 Bcast:I72.26.1S.255 Mask:255.255.255.6
UP BROADCAST RUNNING MULTICAST MTU:1588 Metric:l
RX packets:22426 errors:38B dropped:fl overruns:B frame:6
TX packets:163 errors:6 dropped:8 overruns:B carrier:8
(011ision5:8 txqueue1en:18a8
RX bytes:1419781 (1.3 MiB) TX bytes:12233 (11.9 KiB)
Interrupt:67 Base address:8x26a4
5. Run the nslookup command to confirm that the DNS host can resolve the vCloud Director
host name. Type nslookup vcd.
[root@vcd ~]# nslookup vcd

Server: 172.20.10.93
Address: 172.20.10.93#53
Nayne: vcd.vcd-ad.vclass. local

Address: 172.20.10.91

6. Run the nslookup command to confIrm that the DNS host can resolve the vCJoud Director
fuJly qualified domain name. Type nslookup vcd. vcd-ad. vclass . local.
[root@VCD --]# nslookup vcd.vcd-ad.vclass.local

Server: 172.20.10.93
Address: 172.20.10.93#53
Name: vcd.vcd-ad.vclass.local
Address: 172.20.10.91
7. Run the nslookup command to confIrm that the DNS host can resolve the Address Resolution
Protocol (ARP) address of the IP address for the vCloud Director HITP service. Type
nslookup 172.20.10.91.
[root@vcd ~ l# nslookup 172.20.10.91

Server: 172.20.10.93
Address: 172.20.10.93#53
91.10.20.172.in-addr.arpa name = vcd.vcd-ad.vclass.local.
8. Run the nslookup command to confIrm that the DNS host can resolve the ARP address of the
IP address for the vCloud Director console proxy service. Type nslookup 172.20.10.92.
[root@ved -]# nslookup 172.20.10.92

Server: 172.20.10.93
Address: 172.20.10.93#53
92.10.20.172.in-addr.arpa name = ved-conso Ie. vcd-ad. ve lass. local.

9. Type the command grep server /etc/ntp.conf. Verify that at least two NTP servers
have been configured. In the screenshot, three NTP servers are configured: pdc - sq 1 . vcd
ad . vclass .local, 1. pool. ntp. org, and 2. pool. ntp. org. The first NTP server needs
to be the primary domain controller of Active Directory. If this NTP server is not configured,
ask your instructor for assistance.
[~oot@V C D - ]# g~ep server letc/ntp.conr

# Use publlC serve~9 r~om the pool.n t p.org p~oJect.
#broadcast 192.168.1.255 key q2 # broadcast server
#broadcast 22q . 0.1.1 key q2 # multicast server
#rmonyca::!ltserver 2 39.255.2SQ.25Q # manycast server
server 127.1 2 7.1.0
server pdc-sql.vcd-ad . vclass.local
server 1.pool.ntp.org
server 2 . pool.ntp.org
10. Type the command service ntpd status to verify that the NTP daemon is running.
[root@VCo ~]# service ntpd status

ntpd (pid 3511) is running ...
11. lfthe NTP service daemon is not running, type the command service ntpd start. lfthe
service fails to start, ask your instructor for assistance.
Leave your PuTTY SSH session connected to vcd.vcd-ad.vclass.local for the next task.
Task 9: Install vCloud Director

In this task, you will install vCloud Director. This task should be performed by student A, with
student B checking the work.
1. Use the PuTTY SSH utility on the ControlCenter desktop to connect to vcd.vcd-ad.vclass.local
if you are not still connected from task 8.
2. Use the cd command to change directories to the /root/downloads directory where the
vCloud Director software binary is stored.
# cd /root/downloads
3. Type 1 s -1 to determine the exact filename of the vCloud Director software binary. In the
screenshot, the filename is vmware -vcloud-director- 5.1.0 - 810718 . bin. Your
filename will be similar.
[roo t @vcd downloads)# Is -1

total 2616QQ
-nrx r-xr-x 1 root root 26611573Q 5ep 2 3 15:00 vrm,ar e -vc louct-d lreCto~- S . 1.() -Bl0 7 1 8 . bln

If the file does not appear with an x listed beside it, the file is not executable. In the screenshot,
the file is not executable. Type chmod a+x *. bin to change all . bin files in the current
directory to executable files. In the following screenshot, the same listing shows both . bin
files changed to executable files.
[rootBvcd downloads] # Is -1
total 2816H
-rw-r--r-- 1 root root 288115734 Sep 23 15:00 vmware-vcloud-director-5.1.0-81071
3.bin
[rootBvcd downloads]# chmod a+x '.bin
[rootBvcd downloads] # Is -1
total 281644
-rwxr-xr-x 1 root root 288115734 Sep 23 15:00 vl'm.Y6re-vcloud-director-5.1.0-810718.hin
•
4. Run the binary by typing . / in front of the filename. Type the filename correctly: It is case
sensitive. Use the correct filename shown in your system, not the filename in the example.
# ./vmware-vcloud-director-S.l.0-810718.bin
Do not run the configuration script now.
5. Type n in response to Would you like to run the script now (yin)?
Leave the PuTTY SSH session connected to vcd.vcd-ad.vclass.local for the next task.
Task 10: Install the Java keytool

In this task, you will install Java keytool on the vCloud Director server. This task should be
performed by student B, with student A checking the work.
1. Use the PuTTY SSH utility on the Control Center desktop to connect to vcd . vcd
ad. vclass. local if you are not still connected from the last lab.
2. ConfIrm that keytool is available in the vrnware vcloud binary directory by typing the command
Is /opt/vmware/vcloud-director/jre/bin. You should see the keytool binary.
[root@vcd do~nload61# 16 /opt/vm~are/vcloud-director/jre/bin

Co ntrolPanel j ava_VlI' Jcontrol orlJd policytool rwiregi9 try tnan,e5erv
j ava javarJ5
-
k e y tool pack200 rt(,ld servertool rlnpack2 00

3. Run the al ternat i yes command to create a symlink to the new keytool.
# /usr/sbin/alternatives --install /usr/bin/keytool key tool /opt/
vmware/vcloud-director/jre/bin/keytool 1
Type the command correctly, with correct filenames and paths. In the example, the command
ends with the number 1.
4. Type /usr/sbin/al ternatives - -config key tool. The command returns how many
versions of keytool are installed on this system and allows you to set the default version that the
system will use. Select the Java Runtime Envirorunent version 6 keytool.
[root@vcd downloads]# /usr/sbin!alternatives --config keytool
There is 1 program that provides 'keytool' .
Selection Command
"/;+ 1 / opt!vnHuare/vc loud-director / j re/b in/ keytoo 1
Enter to keep the current selection[+], or type seleetion number: 1
Leave the PuTTY SSH session to vcd.vcd-ad.vclass.local connected for the next task.
Task 11: Prepare the vCloud Director SSL keystore and create self
signed certificates
In this task, you will prepare the vCloud Director server SSL keystore and create self-signed
certificates. This task should be performed by student A, with student B checking the work.
2. Create a directory for the certificates with the mkdir command:
# mkdir /opt/certificates
3. Change into the certificates directory with the cd command:

# cd /opt/certificates
4. Run the keytool command to create a certificates keys tore file and an alias for the HTTP
certificate. Use a password ofvmwarel!.

# keytool -keystore certificates.ks -storetype JCEKS -storepass
vmwarel! -genkey -keyalg RSA -alias http
5. After you run the key tool command, you will be prompted with several questions. Use the
following answers.
Keytool questions Answers

First and last name? vcd. vcd-ad. vclass.local
Organizational unit? Cloud Administration
Organization? Cloud Computing
City or locality? <your_city>
State or province? <your_state_ oryrovince>
Two-letter county code?
Correct? yes
Password for HfTP? Press the Enter key to use the default password ofvmwarel!.
[root~vc c1 ctovnload!!lj# Itc.ytool -Ic.eV3t.or e c er~ifice.te~.)r(!!I -!!It.oreql'pe JCEKS -=I1:orep~~ vrn.,arel' -genkey -keyalQ RSA -al::l.e.!!I htt.p
~hat 1!!1 your tlr!lt and la!!t n~i
[Unknown): vcd.vcd-ad.vcla33.1ocal
What. 13 ttle n&tle: at yOllE:' ot:'qanlzatlonal uTIle 'I
( Unkno~nJ: Cloud. Actmlnl!1ttac 10n
What 13 the name or youe ot:Q'anlzatlont
[Unlcnovn]: Cloud Con'l'p Ut i OiWI
What 1:1 ttLe name ot your Clty or Locsl1tyi
(Unkno\iln): fort Worth
What 13 the name ot your: State or PrOvince?
(Unknown]: Texa!!
Whae 1!!1 the t\llD-letter countc'.' code tor ctllS unit 7
( Unknown}: US
I!I CN·vCd.vcd-ad.vCla~!!.local, OU'"'Cloud ltdU'llnl!1{'ce.r;ton, (I-C lOud Compu t l n Q, l.-fot:t Worth, S r-Te x e.~, CeUS C'orrec{' ?
(no] : ye~
Enter k.e:y pa!l~vol:"d toc <http >

(R [:TURN 11: ~ ~ a~ ke: y ~t.Co("e p~.!lword) :
6. Run the keytool command to create an alias for the console proxy certificate. Use the
keys tore password of vmware 1!.
# key tool -keystore certificates.ks -storetype JCEKS -storepass
vmwarel! -genkey -keyalg RSA -alias consoleproxy
You can press the up arrow key to copy the last command. You can edit the copied command.

7. After you run the keytool command, you wil1 be prompted with several questions. Use the
following answers:.
Keytool questions Answers
First and last name? vcd-console. vcd-ad. vclass.local
Organizational unit? Cloud Administration
Organization? Cloud Computing
City or locality? <your_city>
State or province? <your_state_ oryovince>
Two-letter county code?
Correct? yes
Password for console proxy? Press the Enter key to use the default
password ofvmwarel!.
8. Run the keytool command to list the certificates in the keystore.

keytool -keystore certificates . ks -storetype JCEKS -storepass
vmwarel! -list
Keystore type: JCEKS

Keystore provider: SunJCE
Your keystore contains 2 entries
consoleproxy, Aug 30, 2012, PrivateKeyEntry,

Certificate fingerprint (MDS): 'l7:27:F9:SE:AB:AS:CF:'lB:FA:7C:OS:AS:7A:1F:31:6B
http, Aug 30, 2012, PrivateKeyEntry,
Certificate fingerprint (MDS): SC:ES:07:6D:'l3:76:34:97:FB:C'l:03:EB:B8:0S:4E : A8
9. Use the chmod command to make the directory and files readable by all users.
# chmod -R a+r /opt/certificates
Leave your PuITY SSH session connected to vcd.vcd-ad.vclass.local for the next task.

Task 12: Configure vCloud Director
In this task, you will configure the vCloud Director software. lbis task should be done by student B
and checked by student A.
2. Type the command /opt/vmware/vcloud-director/bin/configure.
3. Type 1 to select 172.20.10.91 for the IP address for the HTfP service.
4. Type 1 to select 172.20.10.92 for the IP address for the console proxy service.
5. Type /opt/certifica tes/certificates. ks. for the path to the Java keystore.
6. Type vmware11 for the keystore password.
7. Type 172.20.10.94 for the Syslog server IP address. Use the default syslog port (514).
8. Type 2 to select option 2 for Microsoft SQL Server.
9. Type 172 . 20 . 10 . 93 for the Microsoft SQL Server IP address.
10. Press key to use the default database port of 1433.
11 . Press Enter to use the default database, named vcloud.
12. Press Enter to use the server's default instance.
13. Type cloud_ dba for the Microsoft SQL Server database operator user ID.
14. Type vmware1! for the Microsoft SQL Server database operator password. Wait for the
database installation to complete.
15. Start the vCloud Director service by typing y.
16. Leave the PuTTY SSH utility connected to the vcd.vcd-ad.vclass.local server for the next task.
Task 13: Create a Sysprep deployment package

In this task, you will create a Microsoft Sysprep deployment package for your vCloud Director
server. lbis task should be done by student A and checked by student B.
2. Type the following command:
# /opt/vmware/vcl o ud-direct o r/deploymentPackageCreator/
createSysprepPackage.sh /opt/sysprep

3. Ignore the warning about Windows 2000 guest virtual machines. Wmdows 2000 Sysprep files
are not present in the classroom configuration.
4. Type service vmware-vcd restart to restart the vCloud Director cell. Wait for a
successful startup of the watchdog and cell daemons.
[root.@VCD downloads] # service vrnliTare-vcd rest.art.

St.opping vrnware-vcd-wat.chdog: OK
St.opping Y~ware-vcd-cell: OK
Starting vrnware-vcd-watchdog: OK
St.arting vrnware-vcd-cell
- OK
5. Type exi t to close the PuTTY SSH session. Wait for at least two minutes for the vmware-vcd
service to completely restart before proceeding to the next task.
Task 14: Configure the vCloud Director cell

In this task, you will configure the vCloud Director cell for first use. This task should be done by
student B and checked by student A.
1. Use the Internet Explorer browser on the ControlCenter virtual machine to open a new tab.
Leave the tab with the vSphere Web Client running.
2. In the new Internet Explorer tab, go to https:llvcd.vcd-ad.vclass.local.
3. Click Continue to this website (not recommended).
Tbis security warning appears because self-signed certificates were used to install vCloud
Director.
4. Click Next to start the vCloud Director setup wizard.

5. Click Yes to accept the license agreement. Click Next.
6. Type the vCloud Director license key provided by your instructor. CLick Next.
7. Keep the default administrator for the vCloud Director administrator user ID.
8. Type vmwarell for the administrator user password.
9. Type Cloud Director for the vCloud Director administrator full name contact information.
10. Type cdl'6vcd-ad. vclass .local for the vCloud Director administrator email address.
11 . Click Next.
12. Type Cloud-EnterprisesOl for the vCloud Director system name.

13. Leave the Installation ID set to the default value of I.
14. Click Finisb.
Leave the vCloud Director console open for the next task.
Task 15: Connect vShield Manager to vCenter Server system

In this task, you will connect VMware® vShield ManagerTM to the vCenter Server system. This task
should be done by student B and checked by student A.
1. In the Internet Explorer browser on the Control Center console, open a new tab. Leave the tabs
with the vCloud Director console and the vSphere Web client running.
2. Go to http://172.20.1O.98/.
3. Click Continue to tbis website (not recommended) to ignore the security warning.
4. Type admin for the user name and type defaul t for the password.
5. Click Cbange Password in the top-right comer.
6. Type defaul t for the old password and type vmware1! for the new password.
7. Click Logout. Click OK.
8. Log back in to the vCloud Networking and Security console. Type admin for the user name
and type vmware11 for the password.
9. Click Settings & Reports in the left panel.
10. Click Edit on the right side level with DNS Servers.
11 . Type 172.20.10.93 for the primary DNS server.
12. Click OK.
13. Click Edit on the right side level with Lookup Service.
14. Type a lookup service host ofvcs. vcd-ad. vc1ass . local.

15. Type a single sign-on administrator user name of admin@system-domain.
16. Type a password ofVMware11 . The password is case-sensitive.
17. Click OK.
18. Click Yes to accept the SHAI thumbprint.
19. Click Edit on the right side level with vCenter Server.
20. Type vc s . vcd - ad. vc las s . local for the vCenter Server name.
21 . Type administra tor for the administrator user name.

22. Type vmwareI! for the password.
23. Leave Assign vShield Enterprise Administrator role to this user selected.
24. Click OK
25. Click Yes to accept the SHA 1 thumbprint.
26. Click Edit on the right side level with NTP Server.
27. Type pdc- sgl. vcd-ad . vclass .local in the NTP Server text box.
28. Click OK
29. Click Edit on the right side level with Syslog Server.
30. Type vcs. vcd- ad. vclass .local in the Syslog Server text box.
31 . Leave the Port text box blank to use the default value of 514.
32. Click OK You should now be able to expand Datacenters in the left panel to see your resource
cluster.
8 · Datacenters
B·· vCloud Datacenter
B" vCloud-Resource-Cluster
esxiOl, vcd-ad .vclass ,local
esxi02 .vcd-ad .vclass .Iocal
33. Close the Internet Explorer tab that is connected to the VMware Security Manager server.
Task 16: Attach the vCenter Server system and vShield Manager
In this task, you will attach the vCenter Server system and vSbield Manager to the vCloud Director
cell. This task should be done by student A and checked by student B.
1. Use the Internet Explorer browser on the ControlCenter console to open a new tab. Leave the
tabs with the vCloud Director console and the vSphere Web client running.
2. Go to bttp:llvcd.vcd-ad.vclass.local.
3. Click Continue to this website (not recommended) to ignore the security warning.
4. Click Attach a vCenter.
5. Type vcs. vcd-ad. vclass .local for the vCenter Server system host name.
6. Keep the default port number of 443.
7. Type administrator for the vCenter Server system user ID.
8. Type vmwarell for the vCenter Server administrator password.
9. Type vCen terServer as a vCenter Server name.
10. Type vCenter Server - Resource Cluster in the Description text box.
11. Select Use the following URL.
12. Type https: / /vcs. vcd-ad.vclass .local: 9443 for the URL.
13. Click Next.
14. Type vcns. vcd- ad. vclass .local for the vShield Manager host name.
15. Type admin for the vShield Manager administrator name.
16. Type vmwarell for the vShield Manager administrator password.
17. Click Next.
18. Click Finish.
19. A green check mark should appear next to item 1 on the menu, and the item should change to
Attach anotber vCenter.
Task 17: License vShield Manager

In this task, you will license the vShield Manager for use by vCloud Director. This task should be
done by student A and checked by student B.
1. Use the Internet Explorer browser on the ControlCenter virtual machine to return to the tab
running the vSphere Web Client.
2. If you are not logged in to the vCenter Server system, log in by typing administrator for
the user ill and vmwarell for the password.
3. Click Home.
4. Click Licensing.
5. Click the Solutions tab.
6. Select vCloud Networking and Security.
9. In the License key text box, type the VMware vCloud® Networking and SecurityTM license key
provided by your instructor.
10. Click OK

Task 18: Test vCloud Director
In this task, you will test your installation ofvCloud Director. This task should be done by student B
and checked by student A.
1. Use the Internet Explorer browser on the ControlCenter virtual machine to return to the tab
running the vCloud Director console.
2. If you are not logged in to the vCloud Director console,log in by typing administrator for
the user ID and vmware11 for the password.
3. Create the following to verify your installation:
• A provider virtual datacenter named Test:
• Use Gold storage.
• Type the credentials to prepare both host.
• An external network named Prod-EX:
• Use the Production port group.
• Type a gateway address of 192.168.1.1.
• Type a network mask of 255 . 255.255. O.
• Type a primary DNS of 172.20.10.93 .
• Type a DNS suffIx of test . local.
• Create a static IP pool range of 192.168.1.2-192.168.1.100.
4. Click OK.

~1I 11 1 1 1 11 1 1
1111111111111111 11111 111111111111 111111111111 11111111 111111111111111111111111111 11111111
* E D U - E N - V C I C M 5 1 - LAB - STU *

Vmware Vcloud

Uploaded by

Document Information

Original Title

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

Vmware Vcloud

Uploaded by

Copyright:

Available Formats

VMware vCloud Director:

Install, Configure, Manage

VMware® Education Services

VMware vCloud Director: Install, Configure, Manage

Objective: Configure vCloud Director networking

Preparing for the lab

URL to the VMware® vCenter Server™ Web- https://vcs.vcd-ad.vclass.local:9443/

Lab 1 Configuring VMware vCloud Director Networking 1

Task 1: Install licenses

1. Open your workspace.

5. In the left pane, select Administration> Licenses.

Task 2: Configure resource cluster network settings for vCloud

1. In the vSphere Web Client console, click the Home icon.

vrnware' vSphere Web Client ~ @

" vCenter ~ Home

Lab 1 Configuring VMware vCloud Director Networking 3

Port binding Keep the default of Static binding.

Port allocation Keep the default of Elastic.

Number of ports Keep the default of 8.

Network resource pool Keep the default of (default).

VLAN type Keep the default of None.

Customize default Leave unselected.

Task 3: Create a vCloud Director external network

3. In the vCloud Director console, click 3 Create an external network.

4 Lab 1 Configuring VMware vCloud Director Networking

Network mask Type255.255.255.0.

Primary DNS Type 172 . 20 . 10 . 93.

DNS suffIX Type vcd-ad. vclass . local.

Static IP pool Type 172 . 2 0 . 11. 2 0 0 ­

Lab 1 Configuring VMware vCloud Director Networking 5

Objective: Configure vCloud Director network pools

1. Configure resource cluster network settings for a vCloud network pool.

Preparing for the lab

URL to the VMware® vCenter Server™ Web- https://vcs.vcd-ad.vclass.local:9443/

Lab 2 Configuring VMware vCloud Director Network Pools 7

Task 1: Configure resource cluster network settings for a vCloud

Version Leave Distributed switch: 5.1.0 selected

Number of uplinks Type 1.

Network 110 Control Keep the default of Enabled.

8 Lab 2 Configuring VMware vCloud Director Network Pools

Task 2: Configure a VLAN-backed network pool

Lab 2 Configuring VMware vCloud Director Network Pools 9

Objective: Create provider vDCs

1. Configure a storage profile.

Preparing for the lab

URL to the VMware® vCenter Server™ Web- https://vcs.vcd-ad.vcIass.local:9443/

Lab 3 Creating Provider Virtual Datacenters 11

Task 1: Configure a storage profile

,~,I ~ : able VM Storage

~I e 6' ' .. ' -E

Create a new VM Sto rage Profile

12 Lab 3 Creating Provider Virtual Datacenters

Description Type High speed high cost storage.

Storage Capabilities Select Gold-level. Click OK

Task 2: Configure resource pools

CPU Shares Select High.

CPU Reservation Type 3500 MHz

CPU Reservation type Keep the default of Expandable.

CPU Limit Keep the default of Unlimited.

Memory Shares Select High.

Memory Reservation Type 900 MB.

Memory Reservation type Keep the defauH of Expandable.

Memory Limit Keep the default of Unlimited.

Static IP pool Type 172 . 2 0 . 11. 2 0 0

Select Resource Pool Click vCenterServer. Select the High