What’s New with VMware vCloud Director 10.0? (1/2)

With much excitement, VMware is announcing vCloud Director (vCD) 10.0 during VMworld US. This continues to provide significant value to our VMware Cloud Providers and tenants that consume vCD for services.

vCD 10.0 continues to demonstrate and focus on the following objectives:

  1. A Service Delivery Platform – rapidly deploy and integrate services into a multi-tenant, scalable platform with ecosystem partnership.
  2. Multi-Workload and Extensible Capabilities – it’s not about traditional VM’s anymore. Distinct additions like native PKS integration or next-generation virtual network services are integrated out of the box.
  3. Intuitive User Experience – while technology can be difficult sometimes, vCD orchestrates and automates many of the backend infrastructure tasks to get services operationalized. With the new H5 interface, this is very evident.

I’m going to summarize a few items that are pertinent to this release. However, this is not this is a comprehensive list by any means. The goal of this post is to provide an overview of why each of these additions/updates matter to our service providers and consumers.

Disclaimer: while vCD 10.0 is announced as of today, features might change based on the general availability (GA) date. I’ve been working with a release candidate build for my review. Therefore, this is subject to change.

  1. HTML5 User Interface Transition
  2. NSX-T Support
  3. Central Point of Management Additions

In Part 2, I will cover:

  1. vCD Appliance Updates and Migration Path
  2. Placement and Sizing Policies
  3. Backup Ecosystem Certification
  4. Miscellaneous

Hang tight, there’s a lot of information here.

HTML5 User Interface Transition

I am happy to announce the transition to the H5 Clarity interface is complete for vCD. Both the tenant and provider user interfaces are functionally equivalent to the Flex interface. As discussed in the past, this has been a multi-step process. Versions 9.1 and 9.5 focused on the Tenant UI while 9.7 introduced some features on the Provider side.

With vCD 10.0, the HTML5 interface is what all users will utilize going forward.

The previous Flex interface is now deprecated but still exists in vCD 10.0. If one requires the Flex interface, you can enable it by using the cell-management-tool and using the flex.ui.enabled subcommand. However, I wouldn’t get used to it – the goal is to remove it in the next release.

Slight Update – 23Sept2019 – while majority of UI functionality has been built into the H5 UI, there a few items that did not make the release. Take a look at my post here that reviews this further.

Not just converting – “rethinking”

A significant amount of thought was put into the transition that took a step back to review “how” we complete operations inside of vCloud Director. Why? Well, it was sometimes not as intuitive in the Flex interface or didn’t provide the proper context to a new vCD user. Over the past 12 to 18 months, there are many new providers utilizing vCD that may not have legacy exposure.

For example, creating a new Organization VDC. If I am a new vCD provider, I’d like to understand how each of the models work (including our new Flex VDC model) and an intuitive visual representation of resource control.

In the bottom screenshots, one can see how this has been thought through for creation –

As many have seen with 9.7, we are also delineating between Cloud Resources and vSphere Resources. This is important as we continue to evolve the dedicated private cloud offering, or Central Point of Management (CPoM). More on that shortly.

Viewing the vSphere Resources, the provider can easily add vCenters, NSX-T/V Managers, and so forth.

NSX-T Support

With vCD 10.0, we now introduce native support for NSX-T adoption and creation of what I consider “functional” network services. This isn’t complete or on parity with what’s provided in V, but a step forward.

NSX-T UI Functionality in vCD 10.0

In the vCD 10.0, a provider and tenant can do the following within the UI:

  1. Creation of Edge Gateways
  2. Configuration of Edge Firewall rules
  3. NAT configuration
  4. IP Allocation and Management
  5. DNS Forwarder/Configuration
  6. OrgVDC Network Creation/Configuration

To start off, an External Network is represented as a Tier-0 (T0) Router now in vCD 10.0. This allows us to scale out resources on demand using NSX-T.

Tomas Fojta has done a great job of summarizing the features available for NSX-T versus NSX-V. Again, this will continue to evolve but read more about it here on Tom’s blog post.

Creation Workflow

From a workflow perspective: Provider creates T0 in NSX-T -> Exposes T0 to vCD as an External Network -> Provider can create ESGs (T1’s) that are stitched to the given External Network.

UI Capabilities

When adding a new oVDC, we can also see our NSX-T Overlay pool available:

Steps on creating an NSX-T Edge are very similar to previous behavior:

Configuring Edge Firewall has a new embedded interface that feels similar to what I’ve seen on VMC:

Adding NAT rules are also very similar:

While IP Allocation also has a new, intuitive experience:

A new addition is Quick IP Allocation. From this menu, we can select a network and quickly add the number of IP’s required:

Creating a new Organization VDC Network is very similar – but we are also able to adopt an existing NSX-T logical switch that would be exposed to this tenant.

Furthermore, the newly created oVDC network looks and behaves exactly the same:

With that said, one can see that we have a few things missing in the UI:

  1. IPsec VPN – this can be instantiated via the API (see below)
  2. L2VPN – this does not exist today with the current supported version of NSX-T
  3. Dynamic Routing – since we pair with a northbound provider T0, routing is immediately stitched from the Tenant T1 to the T0. Therefore, we do not need to establish any type of routing.
    1. Note that route redistribution is controlled at the T0 level – ensure you review this configuration for tenant facing routes.


Configuring an IPSecVPN can be done via the CloudAPI and one can browse the SwaggerUI for further information on this:

With my Daniel-oVDC Edge I recently created; I can see this from a GET call in Postman:

Thoughts on NSX-T

The NSX-T integration to vCD is a journey – this is by no means finished. I expect us to continue to evolve this level of integration. However, co-existing with NSX-V is permissible and allows a provider to expose NSX-T and V virtual network services on a per-oVDC basis.

I want to emphasize that during this journey, vCD abstracts the underlying infrastructure away from the tenant. While there may be variances on functional UI capability, does the tenant care if they are running on NSX-T or NSX-V? Probably not. At the end of the day, we all want to provide distinct, value-added services that meet business or technical objectives. I fully expect the NSX journey to continue to evolve while we look past traditional VM workloads.

I will be spending more time soon and going through an exhaustive list of items available that are distinct in NSX-T.

Central Point of Management Additions

Central Point of Management (CPoM) introduces another value-add service for VMware Cloud Providers. 9.7 brought us the first version of CPoM while 10 expands on this distinct use case. In essence, we can now expose dedicated vCenters via vCD. Many of our cloud providers have a dedicated or hosted private cloud offering. When utilizing CPoM, this allows a provider to expose this offering from a single UI interface while bridging multi-tenant cloud services.

In vCD 10.0, CPoM management can now be done via the UI for the Service Provider. Previously, establishing a new SDDC, exposing it, and creating a default proxy was done via the API – I wrote about it more here. No need to do that anymore. I can now add a dedicated vCenter to a tenant but also manage it directly from the Provider UI:

Again, vCenters can only fit into one of the two roles: IaaS (exposed for pVDC and oVDC objects) or CPoM. You cannot have a vCenter fit in both roles.

From the add vCenter operation, we can see a new toggle option available –

Viewing the new vCD 10.0 UI, there has been a slight change to how the organization user visualizes orgVDCs alongside dedicated vCenters (or vSphere Datacenters) in a subtab –

Clicking on Dedicated vSphere Datacenters, the end user can see their exposed vCenter along with a setup guide that would walk through establishing proper connectivity to the exposed vCenter.

Proxy Configuration

The Proxy Configuration guide detects the end user’s browser and will intuitively walk them through configuring proxy access.

Backing up to the Service Provider UI, the provider administrator can now manage all Proxies created along with certificate management –

We can also see the details of the specific vCenter instance – who is it exposed to, what proxies, and so forth –

These are great additions to CPoM – this makes it much easier to manage and expose dedicated vCenters to organizations inside of vCD.

Next Up

Thanks for sticking with me so far! Next, we will discuss the vCD 10.0 appliance state, new placement and sizing policies, the new backup ecosystem, and some miscellaneous items I want to discuss.

Link to Part 2 of What’s New with vCloud Director 10.0


7 thoughts on “What’s New with VMware vCloud Director 10.0? (1/2)”

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.

%d bloggers like this: