Setting up VMware vCloud Director 9.5 for Cross-VDC Networking

In this post, I will be reviewing the necessary steps to support Cross-VDC Networking inside of VMware vCloud Director 9.5. These are fairly straightforward since it aligns to the standard requirements set forth from Cross-vCenter NSX.

Pre-Requisites:

  1. Multi-Site management must be configured between the vCloud Director instances. I will try to add a post on establishing this at a later time.
  2. Ensure you have a unique vCloud Director installation ID. If you have duplicate IDs, this can lead to MAC address conflicts. Fojta did a blog post on updating your ID – please accomplish this before continuing.

Cross-vCenter NSX Configuration

vCD 9.5 does require a standard Cross-vCenter NSX configuration implemented between the resource/payload vCenters before we can do any configuration at the vCloud Director level.

There are many guides out there, but here’s a link to the official VMware documentation on setting up cross-vCenter NSX. 

This can be a single or multi-SSO domain topology. In my environment, here’s what I’ve configured between my two sites: Site-A and Site-B.

  1. From the Networking and Security plugin, I’ve assigned my Site-A NSX Manager while linking Site-B NSX Manager as the secondary instance – 
  2. From there, I need to establish my Universal Segment ID pool and Transport Zone.
  3. Keep in mind you do not want to overlap with an existing Segment ID pool, so pick a number that’s high enough (or out of reach from other pools) – 
  4. From the Transport Zone screen, I’ve created my new Transport Zone named “Universal-TZ” – 
  5. Now I’m ready to connect it to my respective clusters on Site-A and Site-B. Keep in mind I need to hit the drop down for the NSX Manager and attach the respective cluster at your secondary (or additional) location.
  6.  That’s it! Onto the next configuration which is at the vCloud Director level.

vCloud Director Initial Provider Setup

In this step, we need to assign the correlated NSX Manager to each vCenter instance that’s participating in the Cross-VDC networking solution. I will be showing how I’ve done this for my two sites, Site-A and Site-B, while establishing a fault domain.

  1. From my Site-A, navigate to System -> Manage & Monitor -> vSphere Resources -> vCenters – 
  2. We are going to right click, go to Properties of this vCenter – 
  3. From there, we need to go the NSX Manager tab. This is where we populate the following:
    1. Host/IP of NSX Manager
    2. Admin username
    3. Admin password
    4. Control VM Resource Pool vCenter Path – this can be either the MOref object id OR the ‘Cluster/RP’ path – I chose the former.
    5. Control VM Datastore Name – full name
    6. Control VM Management Interface Name – again, full name
    7. Network Provider Scope – now this is where we establish a fault domain. This Network Provider Scope could cover one or many vCenters in a single vCloud Instance. However, when we establish the vdc-Group, we must have a minimum of two different/unique fault domains (or network provider scope) inside of the created vdc-Group.
  5. Now, on my Site-B, I will configure my respective properties along with a Network Provider Scope of “region-b” – 
  6. Great! Next step is to add the Universal Transport Zone as a new network pool on each vCD instance. This is purely importing the created Universal-TZ and moving on, so very easy – 
  7. That’s it – now we are ready to enable a specific orgVDC for cross-VDC networking.

Enabling an orgVDC for Cross-VDC Networking

This is a very simple process – really just enable it on a per orgVDC basis.

  1. Go to your orgVDCs and right click on the orgVDC you want to enable cross-VDC Networking on. For example, I am enabling this on my Daniel oVDC’s – 
  2. Click on the Network Pool and Services sub-tab and you’ll see a new box below the Network Pool that states ‘Enable Cross VDC Networking (Using Network Pool “<Universal-TZ-Pool>”‘ Check this box.
    1. This still allows for local oVDC network creation using the traditional network pool as stated in the screenshot above – this is not a complete conversion to the Universal Transport Zone.
  3. Now, enabling this on my Site-B – 

Permissions/Rights required for Cross-VDC Networking

As discussed in the previous blog post, there are specific rights and roles required for Cross-VDC networking that are not enabled by default for the organization administrator. Please review these before the tenant utilizes Cross-VDC networking.

Cross-VDC Networking Permissions Review

Creation of the initial Cross-VDC Group

Now we are ready to test the creation of a new Cross-VDC group.

  1. Let’s log into the Tenant UI and we should see the Datacenter Groups from the context switching menu – 
  2. Now, I can create my first Cross-VDC group and start establishing my egress points. Awesome! 

More to come here on the Cross-VDC networking capabilities within vCD 9.5 from myself, Wissam Mahmassani, and Abhinav Mishra. Thanks!

-Daniel

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.

%d bloggers like this: