Operating VMware Cloud Director
VMware Cloud Director tenant portal overview
The VMware Cloud Director™ tenant portal is used for administration of your organization and to create and configure virtual machines (VMs), vApps, and networks within vApps.
You can also configure advanced networking capabilities that are provided by VMware NSX® for vSphere® within a VMware Cloud Director environment. With the tenant portal, you can also create and manage catalogs, vApps, and virtual data center (VDC) templates.
Roles, permissions, and users
To access VMware Cloud Director, use single sign-on with your IBM Cloud credentials as the default authentication and authorization mechanism. For a list of the IBM Cloud Identity and Access Management (IAM) Director tenant portal roles and authorizations that are associated with each role see Managing IAM access for VCF as a Service. Organization administrators can create local users that are authenticated by the tenant portal as opposed to IBM Cloud IBM Cloud and can also create additional customized roles that can be assigned against local users.
For more information about roles and permissions, see VMware Cloud Director tenant portal roles and rights.
Modifying your email settings
The Organization Administrator must modify email notification settings to the organization SMTP server.
For more information about modifying SMTP server settings, see Modify your email settings.
Catalogs
A catalog is a container for vApp templates and media files in an organization. Organization administrators and catalog authors can create catalogs in an organization. Catalog contents can be shared with other users or organizations in the VMware Cloud Foundation (VCF) as a Serviceinstallation. Or they can be published externally for access by organizations outside the VCF as a Service installation.
VCF as a Service contains private catalogs, shared catalogs, and externally accessible catalogs. Private catalogs include vApp templates and media files that you can share with other users in the organization. If a system administrator enables catalog-sharing for your organization, you can share an organization catalog to create a catalog accessible to other organizations in the VCF as a Service installation.
If a system administrator enables external catalog publishing for your organization, you can publish an organization catalog for access by organizations outside the VCF as a Service installation. An organization outside the VCF as a Service installation must subscribe to an externally published catalog to access its contents.
Each organization has access to the VCF as a Service public catalog. The catalog contains IBM-compliant images that are configured, secured, and ready for use.
VCF as a Service public catalog
Each organization has access to the VCF as a Service public catalog. The catalog contains IBM-compliant images that are configured, secured, and ready for use.
Review the following considerations for VCF as a Service:
- Public templates that are configured to services on the IBM private network require an extra configuration step to enable VM access to the IBM Services network. For more information, see Enabling VM access to IBM Cloud Services by using the private network.
- Public templates require a minimum level of customization to establish the initial administrator password. For more information, see Changing the guest OS customization properties of a VM.
The public catalog contains vApp templates for the following components:
| Image | Version |
|---|---|
| CentOS | 7.x |
| Microsoft® Windows® | 2022 Standard |
| Microsoft Windows | 2019 Standard |
| Microsoft Windows | 2016 Standard |
| Red Hat Enterprise Linux® | 9.3 |
| Red Hat Enterprise Linux | 8.1 |
| Red Hat Enterprise Linux | 7.7 |
| Rocky Linux | 9.4 |
| Rocky Linux | 8.1 |
CentOS and Rocky templates
The templates that are provided in the public catalog have the following characteristics:
- Latest updates installed
- VMware tools installed
- YUM repository enabled configured to the IBM private network YUM repository
- NTP server that is configured to the IBM private network NTP Server
Microsoft Windows templates
The Microsoft Windows templates that are provided in the public catalog have the following characteristics:
- Latest updates installed
- Windows update enabled configured to the IBM private network Windows update server
- VMware tools installed
- Windows Remote Desktop disabled
- Firewall activated
- Windows Defender activated
- NTP server that is configured to the IBM private network NTP Server
- Windows license configured to activate and receive updates by using the IBM Service Network Microsoft Key Management Server (KMS) and not the internet Microsoft KMS
Red Hat Enterprise Linux templates
The Red Hat Enterprise Linux (RHEL) templates that are provided in the public catalog have the following characteristics:
- Latest updates installed
- VMware tools installed
- Firewall activated
- NTP server that is configured to the IBM private network servers
After you deploy the VM on the tenant portal, register the Red Hat VM with your RHEL activation key in IBM RHEL Capsule Server. To register the Red Hat VM with your RHEL activation key, you must enable VM access to connect to the IBM service network. For more information, see Enabling VM access to IBM Cloud Services by using the private network.
Complete the following steps to register the Red Hat VM with your RHEL activation key.
- In the VMware Solutions console, click Resources > VCF as a Service from the left navigation pane.
- From the Virtual data centers tab, locate and click the Cloud Director instance name.
- On the Summary tab, locate the Red Hat activation key in the Site details panel and click the Copy to clipboard icon.
- Run the following commands from the Red Hat VM.
uuid=$(uuidgen)echo {\"dmi.system.uuid\": \"$uuid\"} > /etc/rhsm/facts/uuid_override.factscat /etc/rhsm/facts/uuid_override.factsEnsure the contents of the uuid_override.facts contains a generated UUID.subscription-manager register --org="customer" --activationkey="ACTIVATION_KEY" --forceWhereACTIVATION_KEYis the Red Hat activation key that you copied to the clipboard.
You can still use another RHEL Capsule Server or a satellite server if you already have an RHEL subscription outside of IBM. Charges for the RHEL license are incurred against RHEL VMs that are running in a VDC.
Defining catalogs and policies
To create a catalog, you must have either the Organizational Administrator or Catalog Author tenant portal role.
For more information about defining catalogs and policies, see Working with catalogs.
Uploading your media or templates
OVF packages can be uploaded to a catalog as a vApp template to make the template available to users. For more information, see Create a vApp template from an OVF file.
Media files, such as ISO disk images and FLP diskette drive images, can be uploaded to a catalog as a media file. For more information, see Working with media files.
The maximum import size is 750 GB. Large image files or templates might take a long time to upload. For assistance with files larger than 750 GB, open an IBM Support ticket by following the steps in Getting help and support.
Virtual machines
When you use the tenant portal, you can create a virtual machine (VM) or provision a VM from a template.
For more information, see Create a standalone virtual machine.
Customizing virtual machine properties
You can edit the properties of a VM, including the VM name and description, hardware and network settings, and operating system settings for a guest.
For more information about working with VMs, see Working with virtual machines.
If you use the tenant portal (Guest OS Customization) to change your Windows Administrator password, ensure that you adhere to Windows complexity requirements. If you change the password in the tenant portal without doing so, the password does not work in the Windows VM template.
Changing the general properties of a virtual machine
You can change the name, description, storage policy, and other general properties of a VM.
Switching between storage properties
Some disk settings cannot be changed while the VM is powered on. For example, you can increase the disk size while the VM is powered on, but you cannot decrease the disk size unless the VM is powered off. A message displays if you must power off the VM before you modify a disk setting. For more information, see Power off a virtual machine.
For more information about changing a storage policy, see Change the general properties of a virtual machine.
If you must power off the VM before you change a storage policy, power the VM back on after the VM is moved to the new storage policy. For more information, see Power on a virtual machine.
Changing the hardware properties of a virtual machine
You can change the hardware properties of a VM, number of vCPUs, memory, hard disk allocation, and network configuration.
Changing the Guest OS Customization properties of a virtual machine
Guest OS customization is optional for all platforms. It is required for VMs that must join a Windows domain when the VMs are being powered on.
When you use an IBM template to create the VM, use the Guest OS Customization pane to acquire or set the unique password for the OS instance. Ensure that the option Enable guest customization is selected and then use one of the Password Reset options to establish the initial administrator credential.
For more information, see Change the guest OS customization properties of a virtual machine.
Changing the advanced properties of a virtual machine
In the Advanced settings, you can configure the resource allocation settings (shares, reservation, and limit) to determine the amount of virtual CPU (vCPU), memory, and storage resources provided for a VM.
For more information, see Edit virtual machine properties.
Using IBM templates
Password requirements apply if the VM is deployed from the IBM templates that are provided in the public catalog. You must use the initial password that was generated during power-on when you first log in to the VM. You can find this password on the VM details page.
If you use the tenant portal Password Reset field to change your Windows Administrator password, ensure that you adhere to Windows complexity requirements. If you change the password in the tenant portal without doing so, the password does not work in the Windows VM template.
- From the Guest OS Customization pane, click EDIT.
- From the Edit Guest Properties pane, locate the password in the Specify password field.
- After a successful login with the initial password, return to the Edit Guest Properties pane to reset the password and log in again with the new password.
vApps
A vApp consists of one or more VMs that communicate over a network and use resources and services in a VDC. Create the vApp and then add VMs and networks.
You can add VMs and networks to the vApp.
For more information about vApps, see Working with vApps.
Networking
For a complete tutorial on how to create VDC networks inside of your VDC, create VMs to attach to your VDC network, and configure NAT and firewall rules on your edge gateway, see Configuring a virtual data center in VMware Cloud Foundation as a Service using the VMware Cloud Director Console.
Enabling VM access to IBM Cloud services by using the private network
You can configure vApps and VMs running inside of the VDC to use the IBM Cloud private network to access IBM Cloud Services. Accessing IBM Cloud services through a private network can save on outbound public networking costs and can provide a higher degree of reliability and security. VDCs route to the IBM Cloud private network through a VDC service network that is configured as an available external network on the VDC edge.
The following services are available:
| Service | IP address (Endpoint) |
|---|---|
| Microsoft Windows Update Server | 161.26.4.21 |
| Microsoft Key Management Server | 161.26.96.8, 161.26.96.9 |
| Red Hat Capsule Server | 161.26.96.25 |
| DNS | 161.26.0.10 (rs1.adn.networklayer.com) and 161.26.0.11 (rs2.adn.networklayer.com) |
| Ubuntu and Debian APT Mirrors | 161.26.0.6 (mirrors.adn.networklayer.com) |
| RHEL and CentOS YUM repo | 161.26.0.6 (mirrors.adn.networklayer.com) |
| NTP | 161.26.0.6 (time.adn.networklayer.com) |
| IBM Cloud Object Storage | s3.direct.xxx.cloud-object-storage.appdomain.cloud |
The VDC must have an edge (public-private or private-only) to enable access to the service network.
Creating a vApp Network for VCF as a Service
If not already completed, create a vApp containing at least two VMs. For more information, see Working with vApps.
- From the tenant portal, click the Menu icon at the upper left of the page and select Data Centers.
- From the main page under Virtual Data Center, click the VDC where you want to create the vApp network.
- In the left pane under Compute, click vApps.
- Click the vApp that you want to add a vApp network to.
- Click the Networks tab, and click NEW in the vApp Fencing section.
- On the Add Network to window, select OrgVDC Network and select the network name.
- Click Add.
For more information, see Working with networks in a vApp.
Accessing Operations Manager
The Operations Manager service is enabled by default. From the Cloud Director tenant portal, click More > Operations Manager to access the Operations Manager web UI.
For more information about using Operations Manager, see Using VMware Chargeback as a Tenant.
Use Operations Manager to view VDC, vApp, and VM level metrics and to export metric data. You can use this data to isolate resource usage and to help understand billing charges.