vCloud Director 101

I decided to write this blog (read it in reference to my slideshow) to give you guidance on the complex terminologies of VMware vCloud director. I will refer to it vCD from now on to save my poor fingers.

If you’re a vSphere admin, vCD terminology is very different, it uses new terms to label layers, a way to image this is an onion ring, as you peel away the layers you get to the core or centre of the onion, vCD is abstraction layer above your infrastructure. It hides all the bits and pieces your users don’t need to see, and you don’t want them to mess around with!

Massimo gave a great quote. Check out his blog for all things vCD. He wraps it up in this quote.

“Think about how difficult it is to implement something that allows and end-user to create, in self-service mode, separate layer 2 network segments, define custom layer 3 IP policies, configure services such as DHCP, NAT and Firewall… all without having to ask the vSphere / cloud administrator to do all that for you, all without messing up with the cloud-wide setup, all without causing conflicts with the other tenants on the cloud. This is a titanic effort, believe me.”

This blog will not go through the install of vCD, as it is beyond the scope of this article, but have a look over at Kendrick Coleman’s blog site, as he has a fantastic walkthrough on a vCD install. Now let’s tackle the terminology you need to understand, these terms are prompted by the wizard once installation has completed and you’re ready to create your first tenant.

So as my vCD slide outlines, what is vCloud Director, it’s the wrapper around your vSphere infrastructure, it hides the complex bits and automates creation of VM’s and networks without admin intervention.
What is a vCD Cell?

An instance of vCloud Director

Can be scaled by adding multiple cells behind a load balancer

Scales up to 10,000 VMs and 25 vCenter Servers

Creates virtual datacentres by pooling resources into new units of consumption

Secures and Isolates users with vShield, LDAP and RBAC with policies

Components of a vCD Deployment

Min 2xESXi hosts vSphere ENT or ENT+

No Enterprise Plus licence means No vCDNI networking

Shared Storage for DRS of hosts


vCloud Director (VM)

Embedded or remote DB

AD / LDAP Directory

vShield Manager VM

vShield Edge VMs (automatically deployed on ESXi hosts)

vApps, deployed on ESXi hosts

Optional Components

VMware Chargeback

Meter the consumption of VM’s, networks etc., and bill them.

vCloud Connector

Connect Private Clouds to public, makes the interchange of VMs across clouds seamless.

vCD Logical Terminology:

Provider virtual Data Centre (PvDC): A logical grouping of vSphere compute and storage resources where all resources are equal (some clouds may have tiers with platinum/gold/silver)

Organisation: A unit of administration with its own users, groups, policies, and catalogues. An Org has its own security boundary. These are ‘tenants’.

Organisation vDC: A logical grouping of resources from one of more provider vDCs, enabling different performance, SLA, and cost options to be available in the same organisation.


Allocate at least one vCloud Director (Cell) for each vCenter server

Configure the vCloud Director database, VMware appliance is for testing purposes and uses embedded Oracle DB, not for production (16GB Ram, 100GB Storage, 4vCpus)

Read the vCat documentation to see how See VMware recommends building vCloud Director.

Recommended Configuration

Create 2 Clusters, 1 for management and 1 for resource, you don’t want your new cloud to be consuming resources before you have even installed any tenants onto it yet would you?

Create all the VMs needed for management in the management cluster.

Layers of Networking

Customer/Tenant/Organisation Network Layer (Completely Dynamic – No configuration by the customer)

vCloud Director Network Layer

Maps to components of vSphere layer and physical layer

vSphere Network Layer

vSwitches, Port Groups etc. (must be stable and static)

Physical Network Layer

Switches/routers and IP’s etc. (must be stable and static)

vCD Networking Terms:

External Network

The vCD inner networking component is called External Networks. If you want your Organization (and in turns your vApps) to have connectivity to the external world you need to have External Networks. As the word implies, these are networks that are managed by someone that is typically external to the vCD environment and are identified by a vSphere Port Group. That’s in fact what you do when you create a vCD External Network: you point to an existing vSphere Port Group. Essentially you are telling vCloud Director that there is a Port Group that is able to provide external connectivity to your cloud environment. The typical example is a Port Group with VLAN 233 (for instance) which can support native Internet traffic. For naming convention you will be calling this External Network something like Internet or Ext-Net-Internet. I usually suggest naming the vCD External Network after the vSphere Port Group for ease of tracking.

• Connects vCD to the outside world

• Based on a vSphere port group

When you create the port group on the dvSwitch recommended editing settings to make the ports Ephemeral – no limit on ports

Organisational Network

External Networks are easy. With Organization Networks things start to become more “interesting”. In the previous section we have created cloud-wide external connectivity (i.e. External Networks). Now we are zooming inside an Organization. An Organization (or Org) is a logical construct within vCD that describes a tenant or a customer. Cloud end-users are defined inside each Organization.

• A virtual network for tenants / customers

• Communicate with each other and access the internet

• Require an External network, network pool or both

The 3 Types of Org network a tenant can have are:

• External Organisational network: Direct

• External Organisational network: NAT-routed

• Internal Organisational network (private)

3 types of network pools you can allocate to tenants:
VLAN Backed (flexible, no special MTU settings, requires a lot of VLAN management)

Network Isolation Backed (vCDNI – no VLAN ranges to track, must change MTU / mac-in-mac encapsulation)

vSphere Port Group Backed (Standard and Distributed, no auto network deployment – most work involved)

Ideally you need to use vCDNI, so everything is automated, but you will need an Enterprise Plus licence for this feature, and also make sure that the MTU settings are set higher than 1500 at the physical switch level, esx host level and vCenter server level. You can use as high as 9000 without causing problems.

Network Pools

At this point you may have an overall understanding of what a Network Pool is and why it is used. In summary it is a small CMDB that contains layer 2 segments available to vCD administrators and end-users. Note Network Pools need to be created before we start deploying the actual networks we have described above (with the exception of the External Networks because they don’t use Networks Pools).

So far we kept referring to a “layer 2 segment” as a Port Group with an associated VLAN id. This is correct but it doesn’t tell the whole story. There are really three different types of Network Pools one can create.

VLAN-backed Network Pools: this is the easiest to get. You can, for example, create a Network Pool and give it a range of VLAN ID 100 to 199. Whenever you grab one of these IDs because you need to deploy a new layer 2 segment, vCD will tell vCenter “please create on the fly a Port Group, and give it VLAN ID 100″. The next time there is a need for another layer 2 segment vCD will tell vCenter “please create on the fly a Port Group, and give it VLAN ID 101″. And so on. Of course if one of these networks is destroyed during the lifecycle of the cloud, the corresponding VLAN ID gets put back into the pool of available networks to be deployed.

Port Group-backed Network Pools: it is similar to the VLAN-backed. The difference is that the Port Groups need to be pre-provisioned on the vSphere infrastructure and they need to be imported into vCloud Director. So vCD won’t tell vCenter to create these on the fly, they are already there pre-provisioned. Why using this? Well there are some circumstances where vCenter cannot easily (programmatically) create Port Groups on the fly. This is the case when you use vSphere Standard Switches (as opposed to Distributed Switches) or when you use the Nexus 1000v (at the moment vCD cannot manipulate programmatically Port Profiles).

vCloud Director Network Isolation Network Pools: This is when things start to get interesting (again). We use a technique called Mac-in-Mac to create layer 2 separated networks without using VLANs. Yeah that’s right. This is extremely useful for big environments where VLAN management is problematic, either because there is a limited number of VLANs available or because keeping track of VLANs is a big management overhead (especially if you use an excel spread sheet to do that ).

When you create such a Network Pool you only specify how many of these layer 2 networks you want this Network Pool to have and you are done. When vCD starts to deploy Port Groups from this Network Pool you won’t see any VLAN associated to them but they are indeed different layer 2 segments.

Now the acronym VCD-NI and the labels Preprovisioned and Created-on-the-fly in the pictures above should make more sense to you. Try to go back and have a look at them again.
Virtual Machines IP management

First of all note you cannot connect a vNIC to an External Network directly. You can however connect the vNIC to either an Organization Network or a vApp Network.
Now the question is: what happens when you connect a vNIC to either an Organization Network or a vApp Network? How do you control the layer 3 behaviour? As we said, you have a choice of connecting each vNIC of the VM to an Organization Network, a vApp Network or leave the vNIC not connected.
Reference URL’s

Duncan Epping – Creating a vCD Lab on your Mac/Laptop

Chris Colotti – VMware vCloud “In a Box” for your Home Lab

vCloud networking explained in 1 slide and 52 animations

vSphere ESX4: Hot Add CPUs for Linux Guests

Sometime ago within my post entitled vSphere ESX4: Hot Add Memory for Linux Guests, I promised to blog about hot add CPU support to the same VM.  As you may have guessed, I didn’t get around to writing it, and have subsequently found the area well covered elsewhere.

wila has knocked together a very clear procedure here which kind of makes my post unnecessary.

My earlier post has been referenced as a resource by lamw for his helpful guide here:

Add to FacebookAdd to NewsvineAdd to DiggAdd to Del.icio.usAdd to StumbleuponAdd to RedditAdd to BlinklistAdd to Ma.gnoliaAdd to TechnoratiAdd to Furl

vSphere ESX4: Hot Add Memory for Linux Guests

I was asked recently if I could hot-add some RAM to a client’s virtual machine over at virtualDCS. Most of the information I’d found online related to Windows Server versions, but I needed to hot add resources to a Linux VM. was lacking in detail about the hot-add compatibility with client operating systems, so I realised I’d better lab it up and see how it works for myself.

The first problem I had, was that the virtual machine I’d cloned from my clients live VM, was originally built using ESX3.5. Hence, it was VM version 4, and hot add hardware is not supported unless the VM hardware is upgraded to version 7. In order to enable hot-add features, I had to first upgrade VMware Tools, and then shut down the VM again to upgrade the virtual hardware to version 7.

Once this had been done, I made sure the VM General Options (VM > Edit Settings > Options > General Options) was set to the correct OS type. This important, as the interface will only display the Memory/CPU Hotplug options for supported OSes. In my case I was running CentOS 5.3 x86_64, so selected Other Linux 2.6.

General Options

Next I enabled the Hot Add CPU and Memory as below, but was unable to check the radio button for Hot Remove CPU, which is interesting in relation to what I found when playing with Hot Add CPUs (discussed in an upcoming post).


I found that the CentOS build I was using (2.6.18-128.el5) recognises hot added memory automatically. A colleague (thanks Stu) recommended I read the Linux Hotplug Memory docs which made the rest fairly obvious.

My VM was running with 512MB RAM, so I added some more via the vCenter console, so my VM now had 1GB RAM allocated to it. (BTW: even though vCenter appears to let you do this for the 32bit guest version, it doesn’t actually work. The task is reported as successful, but when you check the VM properties again, you’ll see the RAM was not added.)

When memory is hotplugged, the kernel recognizes new memory, makes new memory management tables, and makes sysfs files for new memory’s operation.
If firmware supports notification of connection of new memory to OS, this phase is triggered automatically. ACPI can notify this event. If not, “probe” operation by system administration is used instead.

Now comes the interesting part. Within


there are a number of folders all named ‘memoryX’ where X represents a unique ‘section’ of memory. How big each section is, and hence how many folders you have is dependent on your environment, but you can check the file


to view the size of sections in bytes. Basically, the whole memory has been divided up into equal sized chunks as per the SPARSEMEM memory model.

In each section’s folder there is a file called ‘state’, and in each file is one of two words; online or offline.
Locate the memoryX folder(s) which account for the hot added memory by working out the section sizes above, or (like me), just check the contents of the state files:

#cat /sys/devices/system/memory/memoryX/state

Once you locate the offline sections, you can bring them online as follows:

#echo online > /sys/devices/system/memory/memoryX/state

Validate the memory change is seen, using:


That’s it! Quite simple really.

UPDATE: I noticed that William Lam (lamw on the VMware communities) created a nice script to automate the discovery and online process.  It’s very neat and can be downloaded here:

# William Lam
# hot-add memory to LINUX system using vSphere ESX(i) 4.0
# 08/09/2009

if [ "$UID" -ne "0" ]
 echo -e "You must be root to run this script.\nYou can 'sudo' to get root access"
 exit 1

for MEMORY in $(ls /sys/devices/system/memory/ | grep memory)
 echo "Found sparsemem: \"${SPARSEMEM_DIR}\" ..."
 STATE=$(cat "${SPARSEMEM_STATE_FILE}" | grep -i online)
 if [ "${STATE}" == "online" ]; then
 echo -e "\t${MEMORY} already online"
 echo -e "\t${MEMORY} is new memory, onlining memory ..."
 echo online > "${SPARSEMEM_STATE_FILE}"

Add to FacebookAdd to NewsvineAdd to DiggAdd to Del.icio.usAdd to StumbleuponAdd to RedditAdd to BlinklistAdd to Ma.gnoliaAdd to TechnoratiAdd to Furl

VMware and iSCSI – explained

A colleague alerted me to a great post regarding iSCSI performance with specific reference to VMware ESX hosts.

I know many organisations operating VMware farms with iSCSI storage systems, and I expect many will fall foul of some of these excellent gotchas.  The most important of which is that you should really have multiple iSCSI targets if you want to maximise your performance.  Hence, make sure your iSCSI storage hardware supports presentation of LUN’s as individual targets.

Add to FacebookAdd to NewsvineAdd to DiggAdd to Del.icio.usAdd to StumbleuponAdd to RedditAdd to BlinklistAdd to Ma.gnoliaAdd to TechnoratiAdd to Furl

New Year. New President. Any new ideas?

Barack gave his inauguration speech today, which was very impressive. Unfortunately, it left me feeling depressed about the state of the global economy, and the bleak future awaiting us over the coming months. I guess it’s because I’m not an American, and am therefore missing that ‘Yeah, we can do anything’ gene that seems to have been handed out as they disembarked the Mayflower. It’s a character trait that the rest of the world is both envious of, and sickened by. Maybe it’s a jealousy thing.

What I do know is that even if Pres. Obama manages to turn the US economy around, it won’t happen overnight. Most of us are already feeling the effects of recession. At best it’s affecting our spending decisions for holidays, new cars, and gadgets, and at worst people are losing their jobs, and their homes.

So he asked for new ideas. Any ideas. It started me thinking about ways in which we should change our behaviour, practices and decision making in my industry, IT. IT has traditionally been one of the driving forces at the helm of the economic boom. The healthy race for technological advances has increasingly made everything smaller, yet more powerful. For most businesses, this technological progression has not gone un-noticed, but it has also failed to deliver any startling benefits. A PC which cost £400 5 years ago would have been a fairly good mid-market model, allowing basic office use. The equivalent PC today still appears to cost around £400, so where are the benefits. OK, so we have nice 19″ LCD displays instead of 17″ CRT monitors, but the PC is still a PC.

The same can be said for server class computers from vendors like HP and IBM. 5 years ago, a company would spend £10,000 on a new database server, and a further £20,000 to licence the software to run on it. Today, the same purchases are being made, with amazingly similar budgets.

The problem is more to do with the way people expect to use the technology. 10 years ago, you needed a separate server for each application you wanted to run. Often that old rule is no longer applicable, and yet IT departments continue to hold on to that model. Those IT teams that have been paying attention to the technology available, have already identified that a quad core CPU (which is becoming common even in PC’s now) is way over-powered for most traditional server tasks. These ‘Adaptive Thinkers’ have been quietly deploying virtualization solutions from firms like VMware and Microsoft. Hypervisor based server platforms that can harness the power of these smaller, faster technology advancements in ways that traditional server environments cannot.

If you haven’t already virtualized your IT systems, you’re behind the times. Unfortunately, if you have virtualized, you’re probably still behind the times too. Virtualization is again re-inventing itself with a service focus though IaaS (Infrastructure as a Service). VMware vCloud and Microsoft Azure Cloud platform refocus IT consolidation efforts into the data centre. By providing the environment on a service/rental basis, firms no longer have to look after their own virtualization platforms. This can reduce training costs, support costs, and obviously capital costs.

In the upcoming economic uncertainty, it surely makes sense to take Barack’s advice regarding new ideas, and rethink our approach to traditional computing if we are to survive this approaching storm.

Add to FacebookAdd to NewsvineAdd to DiggAdd to Del.icio.usAdd to StumbleuponAdd to RedditAdd to BlinklistAdd to Ma.gnoliaAdd to TechnoratiAdd to Furl