vCloud Director Management Structure

Ok, I know that I keep writing about vCD but there is so much to talk about, I feel compelled to post more and more information about the intricacies of this product – so I thought I would do a little write-up on the basic components that comprise it and what needs to be setup prior to handing it out to anyone in (or outside) of your organization.

First off, you must create an Organization for each business unit or logical group of people that access a specific subset of your infrastructure. Think of this as the framework that each unit operates within and authenticates to. Granular control can be shoveled out from here to administrators that function within each org.

On that note, the next component(s) are the actual users and groups that each organization has. These account can either exist within vCD or imported from an LDAP directory service (such as Microsoft’s Active Directory). All permissions within the organization are derived from these users and groups assignments.

Virtual Datacenter (or vDC’s for short), is the container of resources that each and every organization is assigned to. This is how much of the vSphere environment an organization is entitled to.  There are two types of vDC’s

  • Provider vDC’s – Under a single vCenter server, this combines the RAM & CPU resources under a single resource pool. Storage can be derived from any storage path in the cluster.
  • Organization vDC’s – This is where those resources mentioned in the previous bullet point are separated out and provided to organizations. This includes resources such as CPU, Memory, SAN and/or NAS storage, CD images and virtual media to name a few. One important thing to remember about vDC’s is that they can belong to multiple organizations.

To separate everything within vCloud Director, Organization Networks are formed when templates are deployed and create vApps (which are basically a collection of virtual machines). Its these Organization Networks that enable all vApps within the Organization to communicate with one another. They can also be setup to communicate externally as well for access to persistent environments. Permissions are a bit granular here and only system administrators can create these networks with organization administrators managing them.

A subset of the Organization Networks are vApp Networks that are encompassed within the vApp itself and enables virtual machines within them to communicate with each other and can be setup to talk to systems outside of the vApp or even to an external network.

The final component are the Catalogs that organizations utilize to store templates that can be deployed by the users. These templates are preconfigured (complete) environments that can be deployed very quickly and allow multiple instances of them to be deployed at once since they are isolated. As stated in the organization networks section, these templates from the catalog can also be configured to talk to external networks as well.

Rick

 

Leave a Reply