VMware Vcloud Director ICM Lab PDF

VMware vCloud Director:
Install, Configure, Manage
Student Lab Manual
vCloud Director 5.1
vmware"
VMware Education Services

VMware, Inc.
www.vmware.com/education
VMware vCloud Director:

Install, Configure, Manage
vCloud Director 5.1
Part Number EDU-EN-VCICM51-LAB-STU
Student Lab Manual
Revision A
CopyrightlTrademark
Copyright 2013 VMware, Inc. All rights reserved. This manual and its accompanying
materials are protected by U.S. and international copyright and intellectual property laws.
VMware products are covered by one or more patents listed at http://www.vmware.com/go/
patents. VMware is a registered trademark or trademark of VMware, Inc. in the United States
and/or other jurisdictions. All other marks and names mentioned herein may be trademarks
of their respective companies.
The training material is provided "as is,' and all express or implied conditions,
representations, and warranties, including any implied warranty of merchantability, fitness for
a particular purpose or noninfringement, are disclaimed, even if VMware, Inc., has been
advised of the possibility of such claims. This training material is designed to support an
instructor-led training course and is intended to be used for reference purposes in
conjunction with the instructor-led training course. The training material is not a standalone
training tool. Use of the training material for self-study without class attendance is not
recommended .
These materials and the computer programs to which it relates are the property of, and
embody trade secrets and confidential information proprietary to, VMware, Inc. , and may not
be reproduced, copied , disclosed, transferred, adapted or modified without the express
written approval of VMware, Inc.
Course development: Daniel Crider, Rob Nendel
Technical review: Carla Gavalakis, Tom Thomas, Mike Sutton, Steve Schwarze, Jerry
Ozbun, Lizann Dunegan, Phil Cohen , Andy Cary, John Krueger, David Johnston, Jerry Davis
Technical editing: James Brook
Production and publishing: Ron Morton
WWIN. vmware.com/education
TABLE OF CONTENTS
Lab 1: Configuring VMware vCloud Director Networking ..
. ....... ... . .. .. . ... . .... 1
Lab 2: Configuring YMware vCloud Director Network Pools . . ... .

. .. .. .. . ... . . ... . .... 7
Lab 3: Creating Provider Virtual Datacenters . . . . . . . . . . . . . . . . . .

. .................. . 11
Lab 4: Organizations . . . . . . . . . . . . . . . . . . . . . . . . . . . .. . .......... . .... . .... . ........ 17
Lab 5: Creating VMware vCloud Director vApp Templates .......... . . . . .. . . . . ....... . ... 31
Lab 6: Building and Publishing YMware vCloud Director vApps . . ..... . ... . . . ....... . ... 41
Lab 7: Deploying YMware vCloud Director vApps . . . . . . . . .

. .............. . . ....... 51
Lab 8.' YMware vSphere vApp Networking ......................... . .. . ..... . .... . ... 61
Lab 9: Hosting Inbound Services ............. . .. . ................ . . . . .............. 69
Lab 10: Managing Custom Security Roles .................. .. . .

. .......... . ... 79
Lab 11: Integrating LDAP and Active Directory ..... . ... . ... . .. .. .. .... ....... .... . .. .. 83
Lab 12: Managing Cloud Resources .............. . .. . . . . . .. . .. . .. . .. . . . . . . . ..... .... 89
Lab 13: Managing Organization Resources ......... .. .. . . .. .. .. . .. . . . . .. . . . .. . . . . . . .. .95
Lab 14: Managing VMware vSphere Resources ..... . ... . . .. . .. .. . ... . ........ . ..... . . 103
Lab 15: Monitoring Cloud Components. .

. .... . . . . . .. ... . . .. . ................... . . 111
Lab 16: Organization Users . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

. .119
Lab 17: Installing VMware vCloud Director .. .. . .

. . . .... . ... ..... . .. 127
VMware vCloud Director: Install, Configure, Manage
ii
VMware vCloud Director: Install, Configure, Manage
Lab 1
Configuring VMware vCloud Director

Networking
Objective: Configure vCloud Director networking
In this lab, you will perform the following tasks:
1. Install licenses.
2. Configure resource cluster network settings for vCloud Director external networks.
3. Create a vCloud Director external network.
Preparing for the lab

Use the following information:
URL to the VMware vCenter Server Webbased console
https://vcs.vcd-ad.vclass.local:9443/
vCenter Server administrator user name
administrator
vCenter Server administrator password
vrnwarel!
URL to the VMware vCloud Director

browser-based console
http://vcd. vcd-ad. vclass.local
vCloud Director administrator user name
administrator
vCloud Director administrator password
vmwarel!
Lab 1
Configuring VMware vCloud Director Networking
Perfonn this lab as teams of two students. Each team will manage a VMware cloud. Students will
be identified as student A and student B. Some items in the lab must be done by both students. But
most tasks will be done by one student while the other student checks the work. Students will take
turns so that both students in the team gain experience with the command and the UI.
Task 1: Install licenses

In this task, you will install VMware vSphere, vCloud Director, and VMware vCloud
Networking and SecurityTM licenses. Student B will do this task. Student A will check the settings.
1. Open your workspace.

2. Open the Control Center virtual machine console and log in using the following credentials.
Username
administrator
Password
vmware I !
3. On the ControlCenter desktop, double-click the Web-Console shortcut and click the Continue
to tbis website (not recommended) link.
4. Log in to the vSphere Web Client console using the following credentials.
User ID
administrator
Password
vmwarel!
5. In the left pane, select Administration> Licenses.

6. In the center pane, click the vCenter Server Instances tab.
7. Select VCS.vcd-ad.vclass.local and click Assign License Key.
8. In the Assign License Key wizard, select Assign a new license key from the drop-down menu.
9. Type the vCenter Server license key provided by your instructor and click OK.
10. Click the Hosts tab.
11 . Select esxiOl.vcd-ad.vclass.local and click Assign License Key.
13. Type the vSphere Enterprise license key provided by your instructor and click OK.
14. Select esxi02.vcd-ad.vclass.local and click Assign License Key.
2
Lab 1
15. In the Assign License Key wizard, select the license key that you typed and click OK.
16. Click the Solutions tab.
17. Select vCloud Networking and Security and click Assign License Key.
19. Type the vCloud Networking and Security Advanced license provided by your instructor and
click OK.
20. Open a new tab in the Internet Explorer browser.
21. Connect to the URL for the vCloud Director console by using the information in "Preparing for
the lab."
22. Log in to the vCloud Director console as administrator. Type the password vmwarell .
23. The VCD console should open to Administration > License. If it does not, navigate to
Administration> License.
24. Replace the expired VCD license key with the license key supplied by your instructor.
25. Click Apply.
26. Leave both Web consoles running for the next task.
Task 2: Configure resource cluster network settings for vCloud

Director external networks
In this task, you will configure the networking of the vSphere resource cluster. Student A will do
thls task. Student B will check the settings.
1. In the vSphere Web Client console, click the Home icon.
vrnware' vSphere Web Client

" vCenter
~ @
~ Home
~~------------------~~-2. In the left pane, select vCenter > Networking.
3. Under vCloud Datacenter, right-click dvs-Production and select New Distributed Port
Group.
Lab 1
4. In the New Distributed Port Group wizard, perform the following steps.
Setting
Action
Name
Type Production and click Next.
Port binding
Keep the default of Static binding.
Port allocation
Keep the default of Elastic.
Number of ports
Keep the default of 8.
Network resource pool
Keep the default of (default).
VLAN type
Keep the default of None.
Customize default
policies configuration
Leave unselected.
5. Click Next.
6. Click Finish.
Task 3: Create a vCloud Director external network

In this task, you will configure an external network for vCloud Director. Student B will do this task.
Student A will check the settings.
1. In Internet Explorer, open a new browser tab and type the URL of the vCloud Director server:
http://vcd.vcd-ad.vclass.local
2. Click the Continue to this Website (not recommended) link and log in to the vCloud Director
console, using the following credentials.
Username
administrator
Password
vmware 1 !
3. In the vCloud Director console, click 3 Create an external network.

4. In the New External Network wizard, select vCenterServer and select the Production
network.
5. Click Next.
4
Lab 1
6. Under Configure External Network, click the Add button.

7.
In the Add Sub net wizard, perform the following actions.

Setting
Action
Gateway address
Type 172 .20 . 11.10.
Network mask
Type255.255.255.0.
Primary DNS
Type 172 . 20 . 10 . 93.
DNS suffIX
Type vcd-ad. vclass . local.
Static IP pool
Type 172 . 2 0 . 11. 2 0 0

172.20.11.254 and click Add.
8. Click OK
9. Click Next.
10. Under
Name this External Network, in the Network name text box, type Production and
click Next.
11 . Under
Lab 1
Ready to Complete, click Finish.
Lab 1
Lab 2

Network Pools
Objective: Configure vCloud Director network pools
In this lab, you will perfonn the following tasks:
1. Configure resource cluster network settings for a vCloud network pool.

2. Configure a VLAN-backed network pool.

Use the following infonnation:
administrator
vmwarel!

administrator
vmwarel!
Lab 2
Configuring VMware vCloud Director Network Pools
Perform this lab as teams of two students. Each team will manage a VMware cloud. Students will
turns so that both students in the team gain experience with the command and the ill.
Task 1: Configure resource cluster network settings for a vCloud

network pool
In this task, you will configure resource cluster settings for VMware vCloud. Student A wiIl do
this task. Student B will check the settings.
1,
In Internet Explorer, click the vSphere Web Client tab.

lfyou are not already logged in to the VMware vSphere Web Client console, double-click the
Web-Console shortcut on the ControlCenter desktop and log in as Administrator with a
password ofvmwarel!. Select vCenter > Networking.
2. In the left pane, right-click vCloud Datacenter and select New Distributed Switch.
3. In the New Distributed Switch wizard, perform the following actions.
4,
Setting
Action
Name
Type dvs-VLAN-Pool and click Next.
Version
Leave Distributed switch: 5.1.0 selected

and click Next.
Number of uplinks
Type 1.
Network 110 Control
Keep the default of Enabled.
Default port group
Deselect the check box and click Next.
Click Finish.
5. When the dvs-VLAN-Pool switch appears in the left pane, right-click dvs-VLAN-Pool and
select Add and Manage Hosts.
6. In the Add and Manage Hosts wizard, leave Add Hosts selected and click Next.
7. Click the Add New Hosts icon, which appears as a green plus (+) sign.
8,
In the Select new hosts panel, select the esxi01.vcd-ad.vc1ass.1ocal and esx02.vcd
ad.vc1ass.1ocal check boxes, and click OK
Lab 2
9. Click Next.
10. Under Select physical network adapters, select the vmnic4 check box for both VMware
ESXi hosts and click Next.
11. Under Select virtual network adapters, click Next.
12. Under Validate changes, click Next.
13. Under Select VM network adapters, click Next.
14. Under Ready to complete, review the settings and click Finish.
15. Monitor the task status in the Recent Tasks pane. Wait for the task to complete before
continuing.
Task 2: Configure a VLAN-backed network pool

In this task, you will configure a VLAN-backed network pool for vCloud Director. Student A will
do this task. Student B will check the settings.
1. In Internet Explorer, click the VMware vCloud Director tab.
IU.iii
If you are not already logged in to the vCloud Director console, open a new Internet Explorer
tab and log in to the vCloud Director console using the information in "Preparing for the lab."
2. In the vCloud Director console, click 4 Create a network pool.

3. In the Create Network Pool wizard, leave VLAN-backed selected and click Next.
4. Under Configure VLAN-backed Pool, in the VLAND ID range text box, type 200 - 2 9 9 and
click Add.
5. In the vCenter list, select vCenterServer.
6. In the vDS list, select dvs-VLAN-Pool.
7. Click Next.
8. Under Name this Network Pool, type
ORG-VLAN-Pool
in Name and click Next.
9. Under Ready to Complete, click Finish.

Remain logged in to the vSphere Web Client and vCloud Director consoles.
Lab 2
10
Lab 2
Lab 3
Creating Provider Virtual Datacenters

Objective: Create provider vDCs
1. Configure a storage profile.

2. Configure resource pools.
3. Create the Generic provider vDC.
4. Create the High-Performance provider vDC.

https://vcs.vcd-ad.vcIass.local:9443/
administrator
vmwarel!

http://vcd.vcd-ad.vcIass.local
administrator
vmwarel!
Lab 3
11
Task 1: Configure a storage profile

In this task, you will configure a storage profile. This task should be done by student A, with student
B checking the settings.
1. On the Control Center desktop, double-click the Web-Console shortcut and click the Continue
to this website (not recommended) link.
2. Log in using the user ID of administrator and the password of vmware I!.
3. In the left pane, click Home.
4. Click the VM Storage Profiles icon.
5. Click the Enable Storage Profiles icon.
,~,I ~
: able VM Storage
~ Bronze Resource
P;~fll~;p~r
Compute
6. Select the vCloud-Resource-Cluster cluster. The pane should report that the VM Storage
Profile Status for vCloud-Resource-Cluster is set to Enabled.
7. Click the Close button.
8. Click the Create a New VM Storage Profile icon.
~I e
6'
' ..
' -E
Create a new VM Sto rage Profile
~ ~~-----------------.~~
12
Lab 3
9. When prompted by the Create New VM Storage Profile wizard, perform the following actions.
Setting
Action
Name
Type Gold.
Description
Type High speed high cost storage.
Storage Capabilities
Select Gold-level. Click OK
Task 2: Configure resource pools

In this task, you will configure resource pools. This task should be done by student B, with student
A checking the settings.

1. In the left pane, click Home.
2. Click the Hosts and Clusters icon.
3. Select the vCloud-Resource-Cluster cluster.
4. From the Actions drop-down menu, select New Resource Pool.
5. When prompted by the vCloud-Resource-Cluster: New Resource Pool wizard, perform the
following actions.
Setting
Action
Name
Type High-Performance-Pool.
CPU Shares
Select High.
CPU Reservation
Type 3500 MHz
CPU Reservation type
Keep the default of Expandable.
CPU Limit
Keep the default of Unlimited.
Memory Shares
Select High.
Memory Reservation
Type 900 MB.
Memory Reservation type
Keep the defauH of Expandable.
Memory Limit
Lab 3 Creating Provider Virtual Datacenters
13
6. Click OK.
7.
From the Actions drop-down menu, select New Resource Pool.
8. When prompted by the vCloud-Resource-Cluster: New Resource Pool wizard, perform the
following actions.
Setting
Action
Name
Type Generic-Pool.
CPU Shares
Keep the default of Normal.
CPU Reservation
Keep the default of no reservation.
CPU Reservation type
CPU Limit
Memory Shares
Keep the default of Normal.
Memory Reservation
Keep the default of no reservation.
Memory Reservation type
Memory Limit
9. Click OK.
Task 3: Create the Generic provider vDC

In this task, you will confmn the network configuration of the vCloud Director server and
infrastructure. This task should be done by student A, with student B checking the settings.
1. In Internet Explorer, open a new browser tab and type the URL of the vCloud Director server:
2. Click the Continue to this Website (not recommended) link and log in to vCloud Director,
using the following credentials.
14
Username
administrator
Password
vrnwarel!
Lab 3
3. Click the Home tab.

4. Click 2 Create a Provider VDC.
5. When prompted by the Add Provider VDC wizard, perform the following actions.
Setting
Action
Name this Provider VDC
Type Generic .
Description
Type Moderate performance provider

built with bronze-level storage and
no CPU or memory reserved.
Enabled
Select the check box.
Highest supported hardware version
Select Hardware Version 9. Click Next.
Select Resource Pool
Click vCenterServer. Select the Generic-Pool

resource pool. Click Next.
Add Storage
Select Bronze. Click Add. Click Next.

Do not click Finish until you have completed the
Prepare Hosts dialog box.
Prepare Hosts
Select One credential for all hosts. Type root for

the root server name. Type vmwarel! for the
password. Click Next. Click Finish.
6. Click the Manage & Monitor tab.

7. Click Hosts in the left inventory panel.
8. When both hosts are enabled, ready, and available, go to task 4.
Lab 3
15
Task 4: Create the High-Performance provider vDC

In this task, you will confrrm the network configuration of the vCloud Director server and
infrastructure. This task should be done by student A, with student B checking the settings.
1. Click the Home tab.
2. Click 2 Create another Provider VDC.
3. When prompted by the Add Provider VDC wizard, perform the following actions.
Setting
Action
Name tbis Provider VDC
Type High-Performance.
Description
Type High performance provider built

with gold and silver storage and
reserved CPU and memory.
Enabled
Highest supported hardware version
Select Hardware Version 9. Click Next.
Select Resource Pool
Click vCenterServer. Select the High

Performance-Pool resource pool. Click Next.
Add Storage
Select Gold. Click Add. Select Silver. Click Add.

Click Next.
4. Click Finish.
Leave the vCloud Director console open for the next lab.
16
Lab 3
Lab 4

Organizations
Objective: Configure vCloud Director organizations
1. Create and configure the QA organization.

2. Create and configure the RD organization.

administrator
vmwarel!

administrator
vmwarel!
Lab 4
Organizations
17
Task 1: Create and configure the QA organization

In this task, you will create the QA organization in vCloud Director. You will also allocate resources
to the organization, configure networking, and create a catalog. Student A will do this task. Student
B will check the settings.
This task has the following subtasks:
Create the organization.
Allocate resources to the organization.
Configure organization networking.
Add a catalog to the organization.
If you are not logged in to the vCloud Director console, open Internet Explorer and log in to the
vCloud Director server using the following infonnation.
URL
http://vcd. vcd-ad.vclass.local
Username
administrator
Password
VDlwarel!
Create the organization

1. In the vCloud Director console, on the System> Home tab, click 5 Create a new
organization.
2. In the New Organization wizard, under Name this Organization. perfonn the following actions.
Setting
Action
Organization name
Type QA.
Organization full name
Type Quality Assurance.
As you type the organization name, the organization's URL dynamically changes to show what
you are typing and finishes with http://vcd/cloud/orglQAI.
18
Lab 4
Organizations
3. Click Next.
4. Under LDAP options, leave Do not use LDAP selected and click Next.
5. Under Add Local Users, click the Add button.
6. In the New User wizard, perfonn the following actions.
Setting
Action
User name
Type qa_ admin.
Password
Type vmwarell .
Confirm password
Type VlIIwarell.
Enable
Keep the default.
Role
From the drop-down menu, select Organization Administrator.
Full name
Type QA Administrator.
Email address
Type qa_admin@Vcd-ad.vclass.local.
7. Click OK.
8. Click the Add button and perfonn the following actions to configure a second user.
Setting
Action
User name
Type qa_userl .
Password
Type vmwarell .
Confirm password
Type vmwarell .
Enable
Keep the default.
Role
From the drop-down menu, select vApp Author.
Full name
Type QA Userl.
Email address
Type qa_ userl@Vcd-ad. vclass . local.
9. Click OK.
Lab 4
Organizations
19
10. Click Next.

11. Under Catalog Publishing, select Allow publishing catalogs to aU organizations and click
Next.
12. Under Email Preferences.click Next.
13. Under Policies, perfonn the following actions.
Setting
Action
vApp Leases:
Maximum runtime lease
Click the first drop-down menu and select Never Expires.
vApp Leases:
Maximum storage lease
vApp template lease:

14. Click Next.

If the QA department did not want to ever stop running VMware vSphere VAppTM, which
vApp lease setting would you select?
Allocate resources to the organization

1. In the vCloud Director console, on the Home tab, click 6 Allocate resources to an
organization.
2. In the New Organization VDC wizard, select QA and click Next.

3. Under Select Provider VDC, select High-Performance and click Next.
HIi)
The percentage of available resources for each provider is displayed. External networks,
available to each provider virtual datacenter, appear after a provider vDC is selected.
4. Under Select Allocation Model, select Pay-As-You-Go and click Next.
5. Under Configure Pay-As-You-Go Model, keep all the default settings and click Next.
20
Lab 4
Organizations
6. Under Allocate Storage, perform. the following actions.

Setting
Action
Storage Profiles
Select Gold and click Add. Select Silver and click Add.
Storage Limit
For the Gold and Silver storage profiles, select the

Unlimited radio button.
Default instantiation profile
From the drop-down menu, select Silver.
Enable thin provisioning
Enable fast provisioning
Leave selected.
7. Click Next.
8.
Under Select Network Pool & Services, select ORG-VLAN-Pool from the Network pool
drop-down menu.
9. In
the Quota for this organization text box, type
so.
10. Click Next.

11 . Under Configure Edge Gateway, select the Create a new edge gateway check box and
perform the following actions.

Setting
Action
Edge Gateway name
Type QA Ga teway.
Select an edge gateway configuration
Select Compact.
Configure IP Settings
All other settings
Leave unselected.
12. Click
Next.
13. Under
Configure External Networks, select Production and click Add.
14. At
the bottom of the wizard page, select the Use default gateway for DNS Relay check box
and click Next.
15. Under Configure IP Settings, click the Change IP Assignment link.

Lab 4
Organizations
21
16. In the Change IP Assignment wizard, select Manual from the 1P Assignment drop-down
menu.
17. In the 1P Assignment text box, type 172.20.11.200.
The manual address assigned to an organization edge gateway must be within the range
allocated in the external network. In this case, the IP address must be in the range
172.20.11.200-172.20.11.254.
18. Click OK to close the Change IP Assignment wizard.
19. Click Next.
20. Under Create Organization VDC Network, select the Create a network for tbis virtual
datacenter check box and perform the following actions.
Setting
Action
Network name
Type QA External.
Sbare tbis network witb otber VDCs

in tbe organization
Leave unselected.
Gateway address
Type 172 . 30 . 11. 1.
Network mask
Type 255.255.255. O.
Use gateway DNS
Leave selected.
Primary DNS
Keep the default.
Secondary DNS
Leave blank.
DNS suffix
Type vcd- ad. vc1ass . local.
Static 1P pool
Type 172 . 3 0 . 11. 100 - 172 . 3 0 . 11. 19 9 and

click Add.
21. Click Next.

22. Under Name tbis Organization VDC, type QA VDC in the Name text box.
23. Click Next.
24. Under Ready to Complete, click Finisb.
22
Lab 4
Organizations
Configure organization networking

2. In the left pane, click Edge Gateways.
3. In the right pane, monitor the QA Gateway status. Wait until the status changes to Ready before
continuing.
4. Right-click QA Gateway and select Edge Gateway Services.
5. In the Configure Services: QA Gateway panel, under the DHCP tab, select the Enable DHCP
check box and click the Add button.
6. In the Add DHCP Pool panel, perform the following actions.
Setting
Action
Enable pool
Leave selected.
Applied on
From the drop-down menu, select QA External.
IP range
Type 172 . 30 . 11. 200 -172 30 . 11. 254.
Default least time
Keep the default.
Max lease time
Keep the default.
7. Click OK to close the Add DHCP Pool panel.

8. Click OK.
Add a catalog to the organization

1. Click the Home tab and click 7 Add a catalog to an organization.
2. In the New Catalog wizard, select QA and click Next.
3. Under Name this Catalog, type QA Catalog in the Name text box and click Next.
4. Under Publish this Catalog, select Publish to all organizations and click Next.
5. Under Ready to complete, click Finish.
Lab 4
Organizations
23
Task 2: Create and configure the RD organization

In this task, you will create the RD organization in vCloud Director. You will also allocate resources
to the organization, configure networking and create a catalog. Student B will do this task. Student
A will check the settings.

Create the organization.
Allocate resources to the organization.
Configure organization networking.
Add a catalog to the organization.
Create the organization
1. In the vCloud Director console, on the System> Home tab, click 5 Create anotber
organization.
2. In the New Organization wizard, under Name tbis Organization, perform the following
actions.
Setting
Action
Organization name
Type RD.
Organization full name
Type Research and Development.
As you type the organization name, the organization's URL dynamically changes to show what
you are typing and finishes with http://vcdlcloudiorgIRD/.
3. Click Next.
4. Under LDAP options, leave Do not use LDAP selected and click Next.
5. Under Add Local Users, click the Add button.
6. In the New User wizard, perform the following actions.
24
Setting
Action
User name
Type rd_ admin.
Password
Type vmwarell .
Lab 4
Organizations
Setting
Action
Confirm password
Type vmwarel!.
Enable
Keep the default.
Role
From the drop-down menu, select Organization

Administrator.
Full name
Type RD Administrator.
Email address
Typerd_admin@Vcd-ad.vclass.local .
7. Click OK
8. Click the Add button and perform the following actions to configure a second user.
Setting
Action
User name
Type rd_ userl.
Password
Type vmwarell.
Confirm password
Type vmwarell .
Enable
Keep the default.
Role
From the drop-down menu, select vApp Author.
Full name
Type RD Userl.
Email address
Typerd_userl@Vcd-ad.vclass.local .
9. Click OK
10. Click Next.
11. Under Catalog Publishing, select Allow publishing catalogs to all organizations and click
Next.
12. Under Email Preferences.click Next.
Lab 4
Organizations
25
13. Under Policies, perform the following actions.
Setting
Action
vApp leases:
From the first drop-down menu, select Never Expires.
vApp leases:
vApp template lease:

Limits
Number of resource intensive
operations per user
Select the radio button to enable input. In the text box,

type 5.
Limits
Number of resource intensive
operations per organization

type 50 .
Limits
Number of simultaneous
connections per VM

type 10.
14. Click Next.

Allocate resources to the organization

1. In the vCloud Director console, on the System> Home tab, click 6 AJlocate more resources to
an organization.
2. In the New Organization VDC wizard, select RD and click Next.
3. Under Select Provider VDC, select Generic and click Next.
4. Under Select AJlocation Model, select Pay-As-You-Go and click Next.
5. Under Configure Pay-As-You-Go Model, keep all the default settings and click Next.
26
Lab 4
Organizations
6. Under Allocate Storage, perform the following actions.
Setting
Action
Storage Profiles
Select Bronze and click Add.
Storage Limit
For the Bronze storage profile, select the Unlimited

radio button.
Default instantiation profile
Keep the default.
Enable thin provisioning
Enable fast provisioning
Leave selected.
7. Click Next.
8. Under Select Network Pool & Services, select ORG-VLAN-Pool from the Network pool
drop-down menu.
9. In the Quota for this organization text box, type
50
10. Click Next.

11. Under Configure Edge Gateway, select the Create a new edge gateway check box and
perform the following actions.
Setting
Action
Edge Gateway name
Type RD Ga teway.
Select an edge gateway configuration
Select Compact.
Configure IP Settings
Configure Rate Limits
All other settings
Leave unselected.
12. Click Next.

13. Under Configure External Networks, select Production and click Add.
14. At the bottom of the wizard page, select Use default gateway for DNS Relay and click Next.
15. Under Configure IP Settings, click the Change IP Assignment linle
Lab 4
Organizations
27
16. In the Change IP Assignment wizard, select Manual from the IP Assignment drop-down
menu.
17. In the IP Assignment text box, type 172 .20 . 11. 201.
The manual address assigned to an organization edge gateway must be within the range
allocated in the external network. In this case, the IP address must be in the range
172.20.11.200-172.20.11.254.
18. Click OK to close the Change IP Assignment wizard.
19. Click Next.
20. Under Configure Rate Limits, select the Production network Enable check box.
21. In the Incoming Rate Limit text box, type 10.
22. In the Outgoing Rate Limit text box, type 10 .
23. Click Next.
24. Under Create Organization VDC Network, select the Create a network for this virtual
datacenter check box and perform the following actions.
28
Setting
Action
Network name
Type RD External.
Sbare this network with other

VDCs in the organization
Leave unselected.
Gateway address
Type 172 . 3 0 . 1. 1.
Network mask
Type 2 5 5 . 2 55 . 2 55 . O.
Use gateway DNS
Leave selected.
Primary DNS
Keep the default.
Secondary DNS
Leave blank.
DNS suffix
Static IP pool
Type 172.30.1.100-172.30.1.199 and click Add.
Lab 4
Organizations
25. Click Next.

26. Under Name this Organization VDC, type RD VDC in the Name text box.
27. Click Next.
Configure organization networking

2. In the left pane, click Edge Gateways.
3. In the right pane, monitor the RD Gateway status. Wait until the status changes to Ready before
continuing.
4. Right-click RD Gateway and select Edge Gateway Services.
5. In the Configure Services: RD Gateway panel, under the DHCP tab, select the Enable DHCP
check box and click the Add button.
6. In the Add DnCp Pool panel, perform the following actions.
Setting
Action
Enable pool
Leave selected.
Applied on:
From the drop-down menu, select RD External.
IP range
Type 172 . 30 . 1. 200 -172 30 . 1. 254.
Default least time
Keep the default.
Max lease time
Keep the default.
7. Click OK to close the Add DHCP Pool panel.

8. Click OK
Lab 4
Organizations
29
Add a catalog to the organization

1. Click the Home tab and click 7 Add a catalog to an organization.
2. In the New Catalog wizard, select RD and click Next.
3. Under Name this Catalog, type RD Catalog in the Name text box and click Next.
4. Under Publish this Catalog, select Publish to all organizations and click Next.
30
Lab 4
Organizations
LabS
Creating VMware vCloud Director vApp

Templates
Objective: Create vCloud Director vApp templates
1. Install the Client Integration Plug-In.
2. Create a vApp template for the RD organization.
3. Create a vApp template for the QA organization.

administrator
vmwarel!

administrator
vmwarel!
Lab 5
Creating VMware vCloud Director vApp Templates
31
Task 1: Install the Client Integration Plug-In

In this task, you will install the VMware Client Integration Plug-In. Student A will do this task.
Student B will check the settings.
1. If Internet Explorer is open, close it, including all tabs.

2. On the Control Center desktop, double-click the Web-Console shortcut and click the Continue
to tbis website (not recommended) linle
3. Scroll down to the bottom of the browser page and click the Download the Client Integration
Plug-in linle Do not log in to the vSphere Web Client console.
'
II
4. When prompted, click Run . You are prompted to click Run twice.
5. Close the Internet Explorer window and click Retry. AJI browser windows must be closed
before the plug-in can be installed.
VMWdre (hent Int~grdtlOn Plug In S.1.0
dose the foIowIng browsers to proceed:
- Microsoft Internet Explorer
Cancel
6. In the VMware Client Integration Plug-in 5.1.0 installation wizard, click Next.
7. Under End-User License Agreement, click I accept the terms of the .Iicense agreement and
click Next.
8. Under Destination Folder, click Next.
9. Under Ready to Install tbe Plug-in, click Install.
32
Lab 5
10. When the installation is complete, click Finisb.

11. On the ControlCenter desktop, double-click the Web-Console shortcut and click the Continue
to tbis website (not recommended) link.
12. At the top of the vSphere Web Client page, click the Plug-In message and select Run Add-on
on All Websites. When prompted, click Run.
\lSphere Web <lent
This website wants to run the following add-on: 'VMware Remote Console Plug-in' from 'VMware, Inc,',
13. If the Plug-In message appears again, repeat step 12.
Task 2: Create a vApp template for the RD organization

In this task, you will create a VMware vSphere VAppTM template. Student B will do this task.
Deploy an OVF template.

Verify the deployed OVF template.
Import the vSphere virtual machine as a vApp template.
Deploy an OVF template

1. Log in to the VMware vSphere Web Client console using the following credentials.
User ID
administrator
Password
vmware 1!
2. In the left pane, select vCenter > Hosts and Clusters > vCloud Datacenter.
Lab 5
33
3. In the right pane, click the Actions drop-down menu and select Deploy OVF Template.
wcs.vcd-ad.~lassJocal
Summary
Actions ...
.- .ct ions - /cs .vcd-a,:l .vclass .local
Monitor
Top Leel Objects
4. When prompted to allow plug-in access to the local operating system, click AJlow.
EJ
(Iient Integration Access (ontrol
This ste is using VMware Oent Intel7atm Plug-In. Do you want: to aIow t to access
YOU' operating system?
Protocol: https:
Hostname: webcliertsrv.vcd-ad.\
Port: 9443
P'
IWflt.ts ask before aIowino this ste
The VMware Oert Int~atIon PIuo-In wII rIVe web appIcations and remote VMs access
to your operating system. Otiy aIow stes you trust.
5. In the Deploy OVF Template wizard, select Local file and click Browse.
6. In the Open file window, if necessary, go to My Documents > d o wn l o ads > v App s >
SU SE- VM.
7. Select the SUS E - VM. ovf file and click Open.

8. Click Next.
9. Under Review details, click Next.
10. Under Select name and folder, select vCloud Datacenter and click Next.
34
Lab 5
11. Under Select a resource, select vCloud-Resource-Cluster and click Next.
If you do not see the Select a resource step in the wizard, it is because you selected a different
starting point in the hierarchy specified in step 2. The Deploy OVF Template wizard options are
contextual to the selected node. Do not cancel the wizard. Continue with the lab. In step 18 you
will be asked to select the vCloud-Resource-Cluster cluster. You will likely find that the cluster
is already selected.
12. Under Select storage, select datastore1 .

13. From the Select virtual disk format drop-down menu, select Thin Provision.
("-liutUI
You must select the datastore flfst and then select Thin Provisioning. Selection of a datastore
will reset the Select virtual disk format drop-down menu to Thick Provisioned Lazy Zeroed
each time. Because the classroom envirorunent has limited resources, Thin Provisioning must
be selected. If you accidentally select Thick Provisioning, you will run out of storage resources
before being able to complete labs.
14. Click Next.
15. Under Setup networks, keep the default destination network ofVM Network and click Next.
17. Monitor the task status in the Recent Tasks pane. Wait for the OVF deployment to complete
before continuing.
18. In the left pane, select vCloud-Resource-Cluster.
19. In the right pane, click the Related Objects tab.
20. Click the Top Level Objects tab.
Verify the deployed OVF template
1. In the Top Level Objects list, select SUSE-VM and click the Power on icon.
~
.~
~ I - Actions ...
NarTl~
.- r "
r.. _. Ii
Power on the selected virtual m.3 chines.

All 0 ca mt:lr-T'mn'-"~,.",,,,,",,~~-----..,,..,""-
Allocated_Generic
an vPic_SUSE_ l 1_JeOS i686-0.0 1

Lab 5
35
2. Monitor the power-on operation in the Recent Tasks pane. Wait until the virtual machine has
powered on before continuing.
3. Click the Open Virtual Machine Console icon.
I ,.
,A,ction s ....
r- r-, 1 r
Nam'
Opens a virtual machine console in a
separate window
Allocated_Generic
r . _ --I
4. If Internet Explorer displays a Pop-Up Blocked warning message, perfonn the following
actions:
"Sphere Web Client
)(J
~ Pop-up blocked. To see this pop-up or additional options click here. , .
a . Right-click the Pop-Up Blocked message and select AJways AJlow Pop-ups from This
Site.
b. When prompted, click Yes.
c. If prompted to display the Web page again, click Retry.
d. If the console window does not open, select SUSE-VM again and click the Open Virtual
Machine Console icon.
5. In the virtual machine console window, click the Continue to this website (not recommended)
link.
6 . When the virtual machine has fmished booting, log in using the following credentials.
36
User ID
root
Password
vmwarel!
Lab 5
7. Close the Popout Console window:

a. Pres Ctrl+Alt to release the pointer.
b. Close the remote console window.
8. In the vSphere Web Client console, click the Shut down icon.
9. When prompted, click Yes.
Import the vSphere virtual machine as a vApp template
1. In Internet Explorer, open a new tab and type the URL of the vCloud Director server:
http : //vcd.vcd-ad.vclass.local
Username
administrator
Password
vrnwarel!

4. At the top of the left pane, click Organizations.
5. In the right pane, right-click RD and select Open.
6. On the Research and Development Home page, click the Catalogs tab.
7. In the right pane, click the vApp Templates tab and click the Import from vSphere icon.
I vApp Templates 1'--M_8_d_ia_ _ __
Catalogs
/-lam"!
~
1.1
~___o___
Imp_rt fr-o--sm v-p-h--e_
e r- .._.
lish ...
I_I
Lab 5 Creating VMware vCloud Director vApp Templates
37
8. In the Import YM as a vApp Template wizard, perform the following actions.
Setting
Action
vCenter
Keep the default vCenterServer.
VM
Select SUSE_VM.
vApp name
Type SUSE-Base.
Description
Type Base SUSE Installation.
Virtual
datacenter
Keep the default of RD
Storage profile
Keep the default of Bronze.
Catalog
Keep the default ofRD Catalog.
Copy or move
Select Move VM.
Gold Master
Keep the default of No.
vnc.
9. Click OK.
10. Monitor the SUSE-Base status. Wait until the status changes to Ready before continuing. The
import operation will take a few minutes to complete.
Task 3: Create a vApp template for the QA organization

In this task, you will create a vCloud Director vApp template. Student A will do this task. Student B
will check the settings.
1. In the vCloud Director console, click the System tab.

3. In the left pane, click Organizations.
4. In the right pane, right-click QA and select Open.
5. On the Quality Assurance Home tab, click the Catalogs tab.
38
Lab 5
6. In the right pane, click the vApp Templates tab and click the Upload icon.
r
I
I vApp Templates
, Media
~ O.
Upload ...
Statr
7. If prompted with a security warning, select the Always trust content from this publisher
check box, click Yes, and click Run.
The web site's certificate cannot be verified. Do you

want to continue?
8. In the Upload OVF package as a vApp Template panel, click Browse.
9. In the Open file window, go to My Document s > downloads> vApps > win2k3 - VM.
10. Select the Win2k3 - VM. ovf file and click Upload.
11. In the Name text box, type Win2k3 -Base.
12. In the Description text box, type Base W2k3 Installation.
13. From the Storage profile drop-down menu, select Silver.
14. Click Upload.
15. Whenever you are prompted to accept an untrusted certificate, click Yes. You will be asked
multiple times to accept the certificate.
The first certificate warning might appear under the Transfer Progress window.
Lab 5
39
16. Monitor the running status of the upload using the Transfer Progress window. If the Transfer
Progress window has not opened, click the gear icon and select Launch Uploads and
Downloads Progress Window.
vApp Templates It-M_8_d_i8_ _ _ _._ _ _ _ _ _ _ _ _ _ _ _ _ __
L l I ..
Actions: No Selections
Gold Mas.
Imp(
1%
Upload
Imp ort from vSphere .
:::J Launerl Uploads and [Io"vvnloads Progress \"'\.lindol./Il
Uploading OVF packages directly into vCloud Director enables various types of organization
users to import vApp templates without the assistance of a system administrator to deploy an
OVF template in vSphere.
17. When the transfer is complete, close the Transfer Progress window.
Vl/in2k3-vApp- Template
100 <;,,:'
Succeeded
file :!C :/Documents and Settinl;Js/Admlnistrator.CONTROLCENTER / ~1y

Docu m ents/d ownloa ds/v Apps/Win2K3 -'oJr.l/'vVin2K3 - \i M ,0 vf
Complete
18. Monitor the Win2k3-Base status. Wait until the status changes to Ready before continuing.
Remain logged in to the vCloud Director console for the next lab.
40
Lab 5
Lab 6
Building and Publishing VMware vCloud

Director vApps
Objective: Build and publish vCloud Director vApps
1. Build and publish a vApp for the RD organization.

2. Build and publish a vApp for the QA organization.

https:llvcs.vcd-ad.vclass.local:9443/
administrator
vmwarel!

http://vcd.vcd-ad.vclass.locai
administrator
vmwarel!
Lab 6
Building and Publishing VMware vCloud Director vApps
41
Task 1: Build and publish a vApp for the RD organization

In this task, you will build a vCloud Director vApp. Student B will do this task. Student A will
check the settings. The vApp will consist of virtual machine templates taken from both the QA and
the RD catalogs.
1. If you are not logged in to the vCloud Director console, open Internet Explorer and log in to the
vCloud Director server using the following information.
URL
Username
administrator
Password
vmwarel!

4. In the left pane, select Organizations.
6. Click the My Cloud tab.
7. In the left pane, click vApps.
8. In the right pane, click the Build New vApp icon.
~ vApps
+
Build New' vApp .. .
42
Lab 6
9. In the New vApp wizard, under Name this vApp, perform the following actions.
Setting
Action
Name
Type
Description
Type Web
Runtime lease
Use the drop-down menus to select a lease of 14 days
Storage lease
Use the drop-down menus to select a lease of 30 days.
RD-vAppl.
Development App.
10. Click Next.

11. Under Add Virtual Machines, select My Organization's catalogs from the Look in drop
down menu.
12. In the vApp template list, select SUSE-Base and click the Add button.
13. From the Look in drop-down menu, select Public catalogs.
14. In the vApp template list, select Win2k3-Base and click the Add button.
15. Click Next.
16. Under Configure Resources, use the following table to change the virtual machine names.
Original name
New name
SUSE-Base
RDl-SUSE-A
Win2k3-Base
RDI-Win2k3-A
17. Leave the Bronze storage profile selected for each virtual machine and click Next.
18. Under Configure Virtual Machines, use the following table to change the Computer Name
for each virtual machine.
Virtual machine
Computer name
RDl-SUSE-A
RDI-VMl
RDI-Win2k3-A
RDI-VM2
Lab 6
43
19. For the RDI-SUSE-A virtual machine, select Add Network from the Network drop-down
menu.
20. In the New vApp Network wizard, under Network specification, perform the following
actions.
Setting
Action
Gateway address
Type 172 3 0 . 11 0 . 1.
Network mask
Keep the default.
Primary DNS
Type 172.30.1.1.
Secondary DNS
Leave blank.
DNS suffix
Type vcd-ad. vc1ass . local.
Static IP pool
Select the existing IP range and change it to 172.30.110.100

172.30.110.199 . Click the Modify button.
21 . Click Next.
22. Under General, type RD1-Loca1 in the Network name text box and click Next.
23. Click Finish.
24. For the RDI-Win2k3-A virtual machine, select RDl-Local from the Network drop-down
menu.
25. For both virtual machines, select DHCP from the IP assignment drop-down menu.
26. Click Next.
27. Under Configure Networking, for the RDI-Local network, select RD-External from the
Connection drop-down menu.
28. Click Next.
30. Monitor the RD-vAppl status. Wait until the status changes to Stopped before continuing.
31 . Right-click RD-v Appl and select Open.
32. In the right pane, click the vApp Diagram tab.
44
Lab 6
33. Scroll down so that all networks are visible. You will see both virtual machines of the vApp
connected to RDI-Local, which connects to RD-External.
.!
RD1SUSE-A
RD1 -Win2kl-A
RD1LoclIl
- --
----
RDExternal
34. Click the Networking tab.

35. Right-click RDl-Local and select Configure Services.
36. In the Configure Services wizard, on the nHCP tab, select the Enable nHCP check box.
37. In the IP range text box, type 172.30.110.200-172.30.110.254.
38. Click the NAT tab.
39. From the NAT type drop-down menu, select Port Forwarding.
Changing the NAT type to port forwarding with IP masquerading enabled provides a many-to
one NAT configuration.
41 . Click OK
42. Under the networks list, click Apply. Wait for the configuration change to complete before
continuing.
44. In the right pane, right-click RD-vAppl and select Add to Catalog.
Lab 6
45
45. In the Add to Catalog wizard, perform the following actions.

Setting
Action
Name
Keep the default name.
Description
Type Web Development App.
All other settings
Keep the default.
46. Click OK
47. Monitor the RD-vAppl status. Wait until the status changes to Stopped before continuing.
Task 2: Build and publish a vApp for the QA organization

In this task, you will build a vCloud Director vApp. Student A will do this task. Student B will
check the settings.

00
+
vApps
Build [\Jew v.Cl.pp ...
46
Lab 6
8. In the New vApp wizard, perfonn the following actions.
Setting
Action
Name
Type QA-vAppl.
Description
Type Testing App.
Runtime lease
Storage lease
9. Click Next.
10. Under Add Virtual Machines, select Win2k3-Base and click the Add button.
11 . Click Next.
12. Under Configure Resources, use the following table to change the virtual machine names.
Original name
New name
Win2k3-Base
QAI-Win2k3-A
13. From the Storage Profile drop-down menu, select Silver.

14. Click Next.
15. Under Configure Virtual Machines, change the Computer Name for each virtual machine
using the following table.
Virtual machine
Computer name
QA 1-Win2k3-A
QAI-VMI
16. For the QAI-Win2k3-A virtual machine, select Add Network from the Network drop-down
menu.
Lab 6
47
17. In the New vApp Network wizard, under Network specification, perform the following
actions.
Setting
Action
Gateway address
Type 172 . 30 . 210 . 1.
Network mask
Keep the default.
Primary DNS
Type 172.30.11.1.
Secondary DNS
Leave blank.
DNS suffIX
Type vcd- ad. vc lass. local.
Static IP pool
Select the existing IF range change the IF range to

172.30.210.100-172.30.210.199. Click the Modify button.
18. Click Next.

19. Dnder General, type QA1-Local in the Network name text box and click Next.
20. Click Finisb.
21. From the IP assignment drop-down menu, select DHCP.
22. Click Next.
23. Dnder Configure Networking, select QA-External from the Connection drop-down menu.
24. Click Next.
25. Dnder Ready to Complete, click Finisb.
26. Monitor the QA-vAppl status. Wait until the status changes to Stopped before continuing.
27. Right-click QA-vAppl and select Open.
28. In the right pane, click the vApp Diagram tab.
48
Lab 6
29. Scroll down so that all networks are visible. You will see the virtual machines of the vApp
connected to QAl-Local, which connects to QA-External.
QA1-Wln2k3-A
.f. OA1-Local
OAExternal

31 . Right-click the QAl-Local network and select Configure Services.
32. In the Configure Services wizard, on the nHCP tab, select the Enable nHCP check box.
33. In the IF range text box, type 172.30.210.200-172.30.210.254.
34. Click the N AT tab.
37. Click OK.
38. Under the networks list, click Apply. Wait for the configuration update to complete before
continuing.
40. In the right pane, right-click QA-vAppl and select Add to Catalog.
Lab 6
49
41. In the Add to Catalog wizard, perform the following actions.
Setting
Action
Name
Keep the default name.
Description
Type Testing App.
Virtual datacenter
Keep the default.
Storage profile
Select Silver.
Catalog
Keep the default.
Storage lease
Keep the default.
When using this template
Select Make identical copy.
42 . Click OK
43. Monitor the vApp status. Wait until the status changes to Stopped before continuing.
50
Lab 6
Lab 7
Deploying VMware vCloud Director

vApps
Objective: Deploy vCloud Director vApps
1. Deploy vApps for the RD organization.

2. Deploy vApps for the QA organization.

https:llvcs.vcd-ad.vc\ass.JocaJ :9443/
administrator
vmwarel!
----------------------------------------http ://vcd.vcd-ad.vc\ass.local
administrator
vmware 1!
Lab 7
Deploying VMware vCloud Director vApps
51
As you perform this lab, notice differences when adding the copied VMware vSphere VAppSTM to
your respective My Cloud containers. One vApp was published with customization specified.
Another was published with the identical copy option selected. As these vApps are copied to
different catalogs and then added to a My Cloud container, the configuration options available and
the steps necessary are significantly different.
Task 1: Deploy vApps for the RD organization

In this task, you will copy a vApp published by a different organization and then configure and run
your vApps. In your vCloud Director environment, the RD and QA organizations share catalogs and
vApps. The RD organization will have two vApps deployed: one created by the RD organization
and the other created by the QA organization.
Although you can deploy to your My Cloud folder a vApp published in a public catalog, this task
will guide you through copying the vApp to your own catalog before deployment.
Student B will do this task. Student A will check the settings.
Copy a vApp from the QA organization.
Configure and run the vApps.
Copy a vApp from the QA organization

URL
Username
administrator
Password
vmwarel!

52
Lab 7

6. Click the Catalogs tab.
7. In the left pane, select Public Catalogs.
8. In the right pane, click the Catalogs subtab.
9. Right-click QA Catalog and select Open.
10. On the vApp Templates tab, right-click QA-vAppl and select Copy to Catalog.
11. In the Copy: QA-vAppl wizard, perform the following actions.
Setting
Action
Name
Type vApp-From-QA.
All other settings
Keep the default.
12. Click OK
13. In the left pane, select My Organization's Catalogs.
14. In the right pane, monitor the vApp-From-QA status. Wait until the status changes to Ready
before continuing.
15. Right-click vApp-From-QA and select Add to My Cloud.
16. In the Add to My Cloud wizard, perform the following actions.
Setting
Action
Name
Type RD-vApp2.
All other settings
Keep the default.
17. Click OK
20. In the right pane, monitor the RD-vApp2 status. Wait until the status changes to Stopped before
continuing.
21. Right-click RD-vApp2 and select Open.
Lab 7
53
22. Click the vApp Diagram tab and scroll down so that all networks are visible.
The vApp diagram shows that the virtual machine is connected to the vAppNet-QAI-Local
network. The vAppNet-QA I-Local network does not connect to the organization network
because the vApp must be updated for the current organization topology.
24. For the vAppNet-QA I-Local network, select RD-External from the Connection drop-down
menu.
25. Right-click the vAppNet-QAl-Local network and select Properties.
26. In the Network Properties panel, click the General tab.
27. In the Network name text box, type RD2-Local.
28. Click the Network Specification tab.
29. In the Primary DNS text box, change the IP address to the RD external network gateway by
typing 172 . 30 . 1. l.
30. Click OK.
31 . When you see a Reconfigure DHCP service message, read the message and click OK.
32. Right-click the Rd2-Local network and select Configure Services.
33. In the Configure Services panel, on the DHCP tab, select the Enable DHCP check box.
34. In the IP Range text box, type 172.30.210.200-172.30.210.254 .
38. Click OK
39. Under the networks list, click Apply. Wait for the configuration change to complete before
continuing.
40. Click the vApp Diagram tab and scroll down so that all networks are visible. The RD2-Local
network is connected to the RD External organization network.
Configure and run the vApps
1. In the left pane, click v Apps.
2. In the right pane, right-click RD-vAppl and select Open.
3. Click the Virtual Machines tab.
54
Lab 7
4. Right-click the RDI-SUSE-A virtual machine and select Properties.

5. In the Virtual Machine Properties panel, click the Guest OS Customization tab.
6. Select the Enable guest customization check box.
7.
Select the Allow local administrator password check box and select Specify password.
8. In the Specify password text box, type vmwarel ! .

9. Click OK.
10. In the virtual machines list, right-click RDl-Win2k3-A and select Properties.
13. Select the Change SID check box.
14. Select the Allow local administrator password check box and select Specify password.
15. In the Specify password text box, type vmwarell .
16. Click OK. Wait for the configuration update to complete before continuing.
18. In the right pane, right-click RD-vAppl and select Start.
19. Right-click RD-v App2 and select Open.
21. Right-click the QAI-Win2k3-A virtual machine and select Properties.
26. In the Specify password text box, type vmwarell .
27. Click OK. Wait for the configuration update to complete before continuing.
29. In the right pane, right-click RD-vApp2 and select Add to Catalog.
30. In the Add to Catalog wizard, select Make identical copy and click OK.
31 . After the RD-vApp2 status changes to Stopped, right-click RD-vApp2 and select Start.
32. When the status for both vApps changes to Running, continue with the lab.
Lab 7
55
Task 2: Deploy vApps for the QA organization

In this task, you will copy a v App published by a different organization and then configure and run
your vApps. In your vCloud Director environment, the RD and QA organizations share catalogs and
vApps. The QA organization will have two vApps deployed: one created by the RD organization
and the other created by the QA organization.
Although you can deploy to your My Cloud folder a vApp published in a public catalog, this task
will guide you through copying the vApp to your own catalog before deployment.
Student A will do this task. Student B will check the settings.
Copy a vApp from the RD organization.
Configure and run the vApps.
Copy a vApp from the RD organization

6. In the left pane, click Public Catalogs.
7. In the right pane, click the Catalogs subtab.
8. Right-click RD Catalog and select open.
9. On the vApp Templates tab, right-click RD-vAppl and select Copy to Catalog.
10. In the Copy: RD-vAppl panel, perform the following actions.
56
Setting
Action
Name
Type vApp-From-RD.
Storage profile
Select Silver.
All other settings
Keep the default.
Lab 7
11. Click OK
12. In the left pane, at the top, select My Organization's Catalogs.
13. In the right pane, monitor the vApp-From-RD status. Wait until the status changes to Ready
before continuing.
14. Right-click vApp-From-RD and select Add to My Cloud.
15. In the Add to My Cloud wizard, type QA-vApp2 in the Name text box.
16. Click Next.
17. Under Configure Resources, change the virtual machine names using the following table.
Original name
New name
RD 1-Win2k3-A
QA2-Win2k3-A
RD1-SUSE-A
QA2-SUSE-A
18. For each virtual machine, select Silver from the Storage profile drop-down menu.
19. Click Next.
20. Under Configure Networking, change the computer names using the following table.
Virtual machine
Computer name
QA2-SUSE-A
QA2-VM1
QA2-Win2k3-A
QA2-VM2
21 . For the QA2-Win2k3-A virtual machine, select Add Network from the NIC 0 drop-down
menu.
Lab 7
57
22. In the New vApp Network wizard, under Network Specification, perform the following
actions.
Setting
Action
Gateway address
Type 172.30.220.1.
Network mask
Keep the default.
Primary DNS
Type 17 2 . 3 0 . 11 . 1.
Secondary DNS
Leave blank.
DNS suffIX
Static IP pool
Select the existing IP range and change
it to 172 .30.220.100
172.30.220.199. Click the Modify
button.
23. Click Next.

24. Under General, type QA2 -Local in the Network name text box.
25. Click Next.
27. For the QA2-SUSE-A virtual machine, select QA2-Local from the NIC 0 drop-down menu.
28. Click Next.
29. Click Finisb.
32. In the right pane, monitor the QA-vApp2 status. Wait until the status changes to Stopped before
continuing.
33. Right-click QA-v App2 and select Open.
34. Click the vApp Diagram tab and scroll down so that all networks are visible.
The vApp diagram shows that the virtual machines are connected to the QA2-Local network.
The QA2-Local network does not connect to an organization network.
58
Lab 7
36. For the QA2-Local network, select QA External from the Connection drop-down menu.
37. Right-click the QA2-Local network and select Configure Services.
38. In the Configure Services panel, on the DHCP tab, select the Enable DHCP check box.
39. In the IP Range text box, type 172.30.220.200-172.30.220.254.
41. From the N AT type drop-down menu, select Port Forwarding.
43. Click OK.
44. Below the networks list, click Apply. Wait for the configuration change to complete before
continuing.
45. Click the v App Diagram tab and scroll down so that all networks are visible.
The QA2-Local network is connected to the QA External organization network.
Configure and run the vApps

2. In the right pane, right-click QA-vAppl and select Open.
4. Right-click the QAI-Win2k3-A virtual machine and select Properties.
9. In the Specify password text box, type vmware1 ! .
10. Click OK
12. In the right pane, right-click QA-vAppl and select Start.
13. Right-click QA-vApp2 and select Open.
15. Right-click the QA2-SUSE-A virtual machine and select Properties.
Lab 7
59

18. Select the AJlow local administrator password check box and select Specify password.
19. In the Specify password text box, type vmwarell.
20. Click OK
21 . Right-click the QAl-Win2k3-A virtual machine and select Properties.
25. Select the AJlow local administrator password check box and select Specify password.
26. In the Specify password text box, type vmwarell.
27. Click OK
29. In the right pane, right-click QA-vApp2 and select Add to Catalog.
30. In the Add to Catalog wizard, select Silver from the Storage profile drop-down menu.
31 . Select Make identical copy and click OK
32. After the QA-vApp2 status changes to Stopped, right-click QA-vApp2 and select Start.
Wait until all vApps in the RD and QA organizations have started before continuing to the next lab.
60
Lab 7
Lab 8
VMware vSphere vApp Networking

Objective: Verify vApp network connectivity
1. Verify vApp networking for the RD organization.
2. Verify vApp networking for the QA organization.

https:llvcs.vcd-ad.vclass.local:9443/
administrator
vrnwarel!

administrator
vrnwarel!
Perform this lab as teams of two students. Each team will manage a VMware cloud. Students win
turns so that both students in the team gain experience with the command and the VI.
Lab 8
61
Task 1: Verify vApp networking for the RD organization

In this task, you will test basic VMware vSphere VAppTM network connectivity. This task will be
done using the organization administrator account. Student B will do this task. Student A will check
the settings.
1. In Internet Explorer, open a new browser tab and log in to the RD administrator console using
the following information.
URL
http://vcd. vcd-ad.vclass.locallcloudlorg/RD
Username
rd admin
Password
vmwarel!
2. In the RD administrator console, click the My Cloud tab.

4. In the right pane, right-click RD-vAppl and select Open.s

6. Right-click the RDI-Win2k3-A virtual machine and select Popout Console.
7. When the virtual machine login screen appears, expand the Popout Console window so that the
scroll bars disappear.

8. In the Popout Console window, click the keyboard icon in the upper-right comer.
9. Log in to the virtual machine, using the following credentials.
Login
administrator
Password
vmwarel!
10. On the virtual machine desktop, double-click the Command Prompt shortcut.
62
Lab 8
11. In the Command Prompt window, try to ping the RD gateway by typing ping 172.30.1.1.
The ping command will not receive a response.
12. Press Ctrl+C to stop the ping command.
13. Examine the virtual machine IP settings by typing ipconfig.
The virtual machine has a DHCP-assigned IP address in the range of 172.30.110.200
172.30.110.254, with a default gateway of 172.30.110.1.
14. Try to ping the local network gateway by typing ping 172.30. 11 0 . 1. The ping command
will not receive a response.
The local gateway at 172.30.110.1 is attached to the same subnet as the virtual machine. What
might be interfering with network traffic in this context?
16. Mi.n.imize the Popout Console window.

17. In the RD administrator console, click the Networking tab.
18. Right-click RDl-Local and select Configure Services.
19. In the Configure Services wizard, click the NAT tab. Record the router external IP address.
Router e:r..ternallP
172.30.1.1 DO
~ Enable IP Masquerade
Router external address: _ _ _ _ _ _ _ _ _ _ _ __

20. Click the Firewall tab, deselect the Enable firewall check box, and click OK.
21. Click Apply. Wait for the configuration update to complete.
22. Go to the Pop out Console window.
23. In the Command Prompt window, try to ping the local gateway by typing ping
172.30.110.1.
The ping command will receive a response. The gateway firewall device was blocking the
ping response.
Lab 8
63
24. Try to ping the public interface of the local gateway by typing ping 172.30.1.100.
Substitute the IF address that you recorded in step 19 if different.

The ping command will receive a response, indicating that traffic is being routed through the
local gateway.
25. Try to ping the RD organization gateway by typing ping 172.30.1.1. The ping command
will not receive a response.

The IF address of the RD organization gateway is 172.30.1.1, which is on the same subnet as
the external interface of the RDI-Local gateway. You can ping the external interface of the
RDI-Local gateway but not the IF address of the organization gateway. What might the root
cause be?
27. Minimize the Popout Console window.

28. In the RD administrator console, click the Administration tab.
29. In the left pane, select Virtual Datacenters.

30. In the right pane, right-click RD VDC and select Open.
31. Click the Org VDC Networks tab.
32. Right-click the RD External network and select Configure Services.
33. In the Configure Services wizard, click the Firewall tab.
34 . Deselect the Enable Firewall check box and click OK.
35. Switch to the Popout Console window.

36. In the Command Prompt window, ping the organization gateway by typing ping
172.30.1.1.
The ping command will receive a response because the gateway fIrewall is no longer blocking
traffic. You might need to wait a few moments for the gateway to reconfigure and allow traffic
to pass.
37. Close the Popout Console window.
38. Close the RD administrator console tab.
64
Lab 8
Task 2: Verify vApp networking for the QA organization

In this task, you will configure firewall rules and test vApp network connectivity. Ibis task will be
done using the organization administrator account. Student A will do this task. Student B will check
the settings. Because basic troubleshooting was performed in task 1, you will configure the
necessary ftrewall settings before testing.
1. In Internet Explorer, open a new browser tab and log in to the QA administrator console using
the following information.
URL
http://vcd.vcd-ad.vclass.local/cloudlorg/QA
Username
vmwarel!
Password
2. In the QA administrator console, click the My Cloud tab.

6. Right-click the QAl-Local network and select Configure Services.
7. In the Configure Services panel, click the Firewall tab.
8. Click Add.
9. In the Add Firewall Rule wizard, perform the following actions.
Setting
Action
Name
Type Ping.
Source
Type any.
Destination
Type any.
Protocol
Select ICMP.
All other settings
Keep the default.
10. Click OK to complete the Add Firewall Rule wizard.
Lab 8
65
11 . Click OK to close the Configure Services panel.

12. Click Apply. Wait for the configuration update to complete before continuing.
13. Click the Administration tab.
15. In the right pane, right-click QA VDC and select Open.
17. Right-click the QA External network and select Configure Services.
19. Click Add.
20. In the Add Firewall Rule wizard, perform the following actions.
Setting
Action
Name
Type Ping.
Source
Type any.
Destination
Type any.
Protocol
Select ICMP.
All other settings
Keep the default.

22. Click OK to close the Configure Services panel.
23. Right-click the QA External network and select IP Allocations.
24. In the IP Allocations list, fmd the IP address allocated to QA-vAppl and answer the following
question.
What is the IP address assigned to QA vAppl? _ _ _ _ _ _ _ _ _ _ _ __
25. Click Cancel.
27. In the right pane, click the Virtual Machines tab.
28. Right-click the QAI-Win2k3-A virtual machine and select Popout Console.
66
Lab 8
29. When the virtual machine log in screen appears, expand the Popout Console window so that the
scroll bars disappear.
30. In the Popout Console window, click the keyboard icon in the upper-right comer.
31. Log in to the virtual machine, using the following credentials.

Login
administrator
Password
vmwarel!
32. On the virtual machine desktop, double-click the Command Prompt shortcut.
33. In the Command Prompt window, run the following commands.
Command
Description
ping 172 . 30.210.1
The local network gateway
ping 172.30 . 11.100
The IP address assigned to QA-vAppl. Replace the IP address

with the value that recorded in step 24.
ping 172.30.11 . 1
The private IP of the organization network gateway
Each ping command should receive a response. If any command fails to receive a response,
repeat steps 5-32 steps to verify ftrewall and network configurations.
34. Close the Popout Console window.
35. Close the QA administrator console tab.
lab 8 VMware vSphere vApp Networking
67
68
Lab 8
Lab 9
Hosting Inbound Services

Objective: Configure vApps and networks for hosting
inbound services
1. Host a service for the RD organization.

2. Host a service for the QA organization.

administrator
vmwarel!

administrator
vrnwarel!
Lab 9
69
most tasks will be done by one student while the other student checks the work . Students will take
Task 1: Host a service for the RD organization

In this task, you will add a direct-connect organization network through which a VMware vSphere
VAppTM can be reached from external IP addresses without the need to defme static routes or one-to
one NAT mappings. Student B will do this task. Student A will check the settings.
1, If you are not logged in to the vCloud Director console, open Internet Explorer and log in to the
2,
URL
Username
administrator
Password
vmwarel!
In the vCloud Director console, click the System tab.
3, Click the Manage & Monitor tab.
4,
In the left pane, select Organization VDCs.
5. In the right pane, right-click RD VDC and select Open.
6, Click the Org VDC Networks tab.
7,
Click the Add Network icon, which appears as a green plus (+) sign.
8,
In the New Organization VDC Network wizard, select Connect directly to an external
network.
g,
Select Production and click Next.
10, Under Name this Organization vDC Network, type RD Services Network in the Name
text box.
11, ClickNext.
12. Click Finish.
70
Lab 9
13. In Internet Explorer, open a new tab and log in as the RD organization administrator using the
following information.
URL
ht1p:llvcd.vcd-ad.vclass.local/cloudlorg/RD
Username
rd admin
Password
vmwarel!
14. In the RD administrator console, click the My Cloud tab.

~ vApps
-+-~- o
Build New vApp ...
17. In the New vApp wizard, under Name this vApp, perform the following actions.
Setting
Action
Name
Type RD- Services .
Description
Type External Services App.
Runtime lease
Keep Never Expires.
Storage lease
Keep Never Expires.
18. Click Next.
19. Under Add Virtual Machines, select the SUSE-Base virtual machine and click Add. You
might need to use the scroll bar or page controls to fmd the SUSE-Base entry.
20. Click Next.
21 . Under Configure Resources, change the virtual machine name to RDS-SUSE-A.
22. Click Next.
Lab 9
71
23. Under Configure Virtual Machines, change the computer name to RDS-VM1 .
24. Keep the Bronze storage profile.
25. From the Network drop-down menu, select RD Services Network.
26. Keep the IP assignment of Static - IP Pool and click Next.
27. Under Configure networking, select the Fence vApp check box.
28. Deselect the Firewall check box.
29. Select the Retain IPlMac Resources check box in the far-right column.
30. Click Next.
32. When the RD-Services vApp status changes to Stopped, right-click RD-Services and select
Start.
33. Right-click RD-Services and select Open.
35. When the RDS-SUSE-A virtual machine status changes to Powered On, view the External IP
column and record the address assigned to the virtual machine:
36. Right-click the RDS-SUSE-A virtual machine and select Popout Console.
37. If necessary, click the Continue to this website (not recommended) link.
,aiii
The virtual machine will reboot because of guest customization steps taken by vCloud Director.
38. Wait for the virtual machine to start and reboot. This process might take a few minutes. You
will experience a noticeable delay before the reboot occurs, while the SUSE login prompt
continues to be displayed.
39. When the virtual machine has rebooted and you are prompted to log in, close the Popout
Console window.
40. Minimize the Internet Explorer window.
41. On the ControlCenter desktop, double-click the Putty shortcut.
42. In the PuTIY window, type the external IP address of the RDS-SUSE-A virtual machine that
you recorded in step 32 and click Open.
43. When prompted, click Yes to confmn the PuITY security alert.
72
Lab 9
44. Log in to the virtual machine with a user name of root and password ofvmwarel! .
45. Close the PunY window.
46. Close the RD administrator console tab.
Task 2: Host a service for the QA organization

In this task, the system administrator will add an organization network through which a vApp can be
reached from external IP addresses using NAT IP Translation. Student A will do this task. Student B
1. In Internet Explorer, click the system administrator console tab and log in using the following
credentials.
Username
Administrator
Password
vmwarel!
Only the System Administrator role can create suballocated IP pools on organization gateways.
4. In the left pane, select Edge Gateways.
5. In the right pane, right-click QA Gateway and select Properties.
6. In the Edge Gateway Properties panel, click the Sub-Allocate IP Pools tab.
7. Select Production.
8. In the IP range text box, type 172.20.11. 240 -172.20.11. 24 9 and click Add.
9. ClickOK
10. In Internet Explorer, open a new tab and log in to the QA administrator console using the
URL
http://vcd.vcd-ad.vclass.local/c1oud/orglQA
Username
Password
Lab 9
vmwarel!
73
11. In the QA administrator console, click the Administration tab.

13. In the right pane, right-click QA VDC and select Open.
15. Click the gear icon and select Add Network.
16. In the New Organization VDC Network wizard, select Create a routed network by
connecting to an existing edge gateway.
17. Select QA Gateway and click Next.
18. Under Configure network, perfonn the following actions.
Setting
Action
Gateway address
Type 172.30.100.1.
Network mask
Type 255.255.255. O.
Use gateway DNS
Leave selected.
Primary DNS
Keep the default.
Secondary DNS
Leave blank.
DNS Suffix
Static IP Pool
Type 172.30.100 . 130-172.30.100.139 and click Add.
19. Click Next.

20. Under Name this Organization vDC Network, type QA Services Network in the Name
text box.
21. Click Next.
23. When the QA Services Network status changes to a green check mark, right-click the network
and select Configure Services.
The suballocated IP range provided by the system administrator is used in the services network
NAT configuration to expose internal virtual machines to the production network.
74
Lab 9

25. Click the Add button.
26. In the Add Firewall Rule wizard, perfonn the following actions.
Setting
Action
Name
Type Any TCP.
Source
Type any.
Destination
Type any.
All other settings
Keep the default.

29. Click the Add DNAT button.
30. In the Add Destination NAT Rule wizard, perfonn the following steps.
Setting
Action
Applied on
Select Production.
Original (External) IP/range
Type 172 .20 11 .24 O.
Protocol
Select Any.
Translated (internal) IP/range
Type 172.30.100.140.
31. Click OK to complete the Add Destination Nat Rule wizard.

32. Click OK to close the Configure Services panel.
Lab 9
75
88
vApps
Build (\Jew vApp ...
36. In the New vApp wizard, under Name tbis vApp, perform the following actions.
Setting
Action
Name
Type QA- Services.
Description
Type External Services App.
Runtime lease
Keep Never Expires.
Storage lease
Keep Never Expires.
37. Click Next.
38. Under Add Virtual Macbines, select Public Catalogs from the Look In drop-down menu.
39. In the virtual machine list, select the SUSE-Base virtual machine and click Add. You might
need to use the scroll bar or page controls to fmd the SUSE-Base entry.
40. Click Next.
41. Under Configure Resources, change the virtual machine name to QAS-SUSE-A.
42. From the Storage profLle drop-down menu, select Gold.
43. Click Next.
44. Under Configure Virtual Machines, change the computer name to QAS-VM 1.
45. From the Network drop-down menu, select QA Services Network.
46. From the IP Assignment drop-down menu, select Static - Manual.
47. In the IP address text box, type 172.30.100.14 O.
48. Click Next.
49. Under Configure networking, click Next. Do not select Fence vApp.
76
Lab 9

51. When the QA-Services vApp status changes to Stopped, right-click QA-Services and select
Start.
52. Right-click QA-Services and select Open.
54. When the QAS-SUSE-A status changes to Powered On, right-click the virtual machine and
select Popout Console.
55. If necessary, click the Continue to this website (not recommended) link.
The virtual machine will reboot because of guest customization steps taken by vCloud Director.
56. Wait for the virtual machine to start up and reboot. This process might take a few minutes. You
will experience a noticeable delay before the reboot occurs, while the SUSE login continues to
be displayed.
57. When the virtual machine has rebooted and you are prompted to log in, close the Popout
Console window.
60. In the PuTIY window, type the external IP address of the DNAT rule and click Open. The
external address is 172.20.11.240.
61. When prompted, click Yes to confirm the PuTIY security alert.
62. Log in to the virtual machine with a user name of root and password ofvmwarel!.
63. Close the PuTIY window.
Lab 9
77
78
Lab 9
Lab 10
Managing Custom Security Roles

Objective: Manage a custom vCloud Director security
role
1. Create a custom vCloud Director security role.

2. Create a vCloud Director user and test the custom security role.

https:llvcs.vcd-ad.vclass.locaI:9443/
administrator
vmwarel!

http://vcd.vcd-ad. vclass.local
administrator
vmwarel!
Lab 10
79
Task 1: Create a clJstom vCloud Director security role

In this task, you will create a custom vCloud Director security role. This task should be done by
student A, with student B checking the settings.
1. If you are not logged in to the vCloud Director console, open Internet Explorer, open a new
browser tab, and type the URL of the vCloud Director server:
Username
administrator
Password
vmwarel!
3. Click the System tab.

5. In the left panel, click Roles.
6. CI ick the green plus (+) icon to create a role.
7. When prompted by the New Role wizard, perform the following actions.
Setting
Action
Name
Type CustomRole.
Description
TypevApp, Catalog, Org, Org vDC, and User rights.
Catalog
Expand Catalog rights. Select View Private and Shared Catalogs.
General
Expand General rights. Select Send Notification.
Organization
Expand Organization rights. Select View Organization Networks.

Select Edit SMTP Settings.
80
Lab 10
Setting
Action
Organization VDC
Select all Organization VDC rights.
User
Select all User rights.
vApp
Select all vApp rights.
8. Click OK
Leave the vCloud Director console open for the next task.
Task 2: Create a vCloud Director user and test the custom security
role
In this task, you will add a vCloud Director user and use the user to test the new custom security
role. This task should be done by student B, with student A checking the settings.
URL
http://vcd.vcd-ad. vclass.locallcloudJorgIRD
Username
rd admin
Password
vmwarel!
2. Log in to vCloud Director with a user ID of rd_ admin and a password of vmware I!.
4. Click Users in the left panel.
5. Click the plus (+) icon to add a user.
6. Type Francis_Dalton in the User name text box.
7. Type vmwarel1 in the Password text box.
8. From the Roles available to this user drop-down menu, select CustomRoJe.
9. Click OK
10. Click Logout.
11. Log in with the user ID of Francis_Dalton and a password ofvmwarel!.
Lab 10
81
12. Experiment with the user role. Answer the following questions:
Can you create a VMware vSphere vAppTM? _
Can you share a vApp that you did not create? _
Can you access anything in the catalog? _
Can you see organization networks? _
Can you see organization virtual datacenters? _
Can you explain the behavior of this role? _
13. Click Logout.
14. Close the Internet Explorer tab that is the vCloud Director console for the RD organization.
82
Lab 10
Lab 11
Integrating LDAP and Active Directory

Objective: Integrate LDAP into a VMware cloud
1. Integrate Active Directory LDAP with vCloud Director.

2. Import an Active Directory user and group.
3. Test Active Directory users and groups.

administrator
vmwarel!

administrator
vmware I!
Lab 11
83
Task 1: Integrate Active Directory LDAP with vCloud Director

In this task, you will configure vCloud Director to use Active Directory LDAP. This task should be
done by student B, with student A checking the settings.
1. If you are logged in to the vCloud Director console under any account other than administrator,
log out and log in with a user II) of administrator and a password of vmware I! .
2. Click the System tab.
4. Click Organizations.
5. Right-click the RD organization.

6. Click Open.
8. Click LDAP in the left panel.

9. Select Custom LDAP service.
10. Click the Custom LDAP tab.

11 . Use the following Connection settings to connect to LDAP.
Server
172.20.10.93
Port
389
Base distinguished name
dc=vcd-ad,dc=vclass,dc=local
UseSSL
Deselect.
Authentication method
simple
User name
Administrator@Vcd - ad.vclass.local
Password
vmwarell
12. Use the following User Attributes settings.
These setting should all already be the default settings for a standard Active Directory LDAP.
Different settings would be required for nonstandard schemas and for OpenLDAP.
84
Lab 11
Object class
user
Unique identifier
objeetGuid
User name
sAMAeeountName
Display name
displayName
Given name
givenName
Surname
sn
Email
mail
Telephone
telephoneNumber
Group membership
identifier
dn
Group back link
tokenGroups
13. Use the following Group Attributes settings.
These setting should all already be the default settings for a standard Active Directory LDAP.
Different settings would be required for nonstandard schemas and for OpenLDAP.
Object class
group
Unique identifier
objeetGuid
Name
en
Membership
member
Group membership
identifier
dn
Group back link identifier
obj eetSid
14. Click Apply.
Lab 11
85
15. Scroll to the top of the window and click Test LDAP Settings. You should see Connected
status. Some attributes might have a green check mark. Do not be concerned if many attributes
are blank.
IH.iij
Some systems might initially be unable to connect. If you see a connection error, wait two
minutes and try to connect again.
Us~r
name IQ ':HHuc h for
...
...
0
0
0
0
0
""...
Unlqul;' :d-e n.l!ft' r

lIs~r "'cirn~
~m.j,
DI'H l I::iy name
(jfI,O-rto~m o
;um. rr. 6
To'
,n
~tto-m;~
<3foup r Ji l .'lti
~rnlJ4l
unklu e tCier.t Of
16. In the LDAP Setting Test Results window, type the user name MHanuner.
17. Click Test. All green check marks and all fields should contain values.
18. Click OK.
19. Click Synchronize LDAP.
20. Close the Internet Explorer tab for the vCloud Director console.
Wait five minutes to give the vCloud Director system time to synchronize for the next task.
86
Lab 11
Task 2: Import an Active Directory user and group

In this task, you will import an Active Directory user and group. This task should be done by student
A, with student B checking the settings.
1. In Internet Explorer, open a new tab and type the URL of the RD organization vCloud Director
server:
http://vcd.vcd-ad.vclass.local/cloud/org/rd/
2. Log in with a user ID ofrd_admin and a password ofvmwarel!.
4. In the left panel, click Users.
5. Click the Import icon.
6. Type SSpade.
7. Click Search.
8. Select SSpade.
9. Click Add.
10. Click OK
11. In the left panel, click Groups.
12. Click the 1m port icon.
13. Type RD-Engineers.
14. Click Search.
15. Select RD-Engineers.
16. Click Add.
17. Click OK
18. Click Logout.
Lab 11
87
Task 3: Test Active Directory users and groups

In this task, you will test the login capability of Active Directory users and groups. This task should
be done by student B, with student A checking the settings.
1. Use the Internet Explorer browser console for the RD organization at https://vcd.vclass.locall
cloudiorgIRD/.
2. Try to log in with the following user names and passwords. Click Logout after each successful
login.
88
User 10
Password
Result
MKnife
vrnwarel!
This login should work. MKnife is a member of

the RD-Engineers group.
MHammer
vmwarel!
This login should fail. MHammer was not

imported, and no group of which MHammer is
a member was imported.
SSpade
vmwarel!
This login should work. SSpade was manually

imported.
Lab 11
Lab 12
Managing Cloud Resources

Objective: Manage cloud resources as a system
administrator
1. Configure and test email notification settings.

2. Manage organization vDC properties.
3. Manage network IP allocations and pools.

administrator
vmwarel!

administrator
vmwarel!
Lab 12
89
turns so that both students in the team gain experience with the command and the VI.
Task 1: Configure and test email notification settings

In this task, you will configure email notification settings as a system administrator. Email settings
defmed by the system administrator can be inherited by organizations. Student B will do this task.
1. lfyou are not logged in to the vCloud Director console, open Internet Explorer and log in to the
vCloud Director server using the foUowing infonnation.
URL
Username
administrator
Password
vmwarel!

4. In the left pane, select Email.
5. In the right pane, under SMTP settings, perfonn the following actions.
90
Setting
Action
SMTP server name
Type vcd. vcd- ad. vclass . local.
SMTP server port
Keep the default.
Requires authentication
Leave unselected.
Sender's email address
Type administrator@vcd-ad.vclass.local.
Email subject prefIX
Type VCD Notification.
Test destination
Type administrator@vcd-ad.vclass.local.
Lab 12
6. Click Test SMTP settings.

7. When prompted, click OK.
8. At the lower-right comer of the page, click Apply.

9. Minimize the vCloud Director console.

11. In PuTIY, double-click the
ven profile.
12. When prompted, log in to the remote system with a user name of root and a password of
vrnwarel!.
The vcd.vcd-ad.vclass.locaI system has been configured as a simple postfix email system. The
email system has been configured so that all email messages are forwarded to the johndoe
mailbox.
13. Type cat /var/mail/johndoe.
14. At the end of the file, you should see a test message similar to the following example:
From administrator@vcd-ad.vclass.local Wed Oct 10 14:47:062012
Return-Path: <administrator@vcd-ad.vclass.locaI>
X-Original-To: administrator@vcd-ad.vclass.local
Delivered-To: johndoe@vcd-ad.vclass.local
Received: from vcd.vcd-ad.vclass.local (vcd.vcd-ad.vclass.local [172.20.1 0.91])
by vcd.vcd-ad.vclass.local (Postfix) with ESMTP id 87562EC5B2
for <administrator@vcd-ad.vclass.local>; Wed, 10 Oct 2012 14:47:06 -0500 (CDT)
Date: Wed, 10 Oct 2012 14:47:06 -0500 (CDT)
From: "administrator@vcd-ad.vclass.locaI" <administrator@vcd-ad.vclass.local>
To: "administrator@vcd-ad.vclass.local" <administrator@vcd-ad.vclass.local>
Message-ID: <1200280528.1.1349898426515.1avaMail.vcloud@vcd.vcd-ad.vclass.local>
Subject: VCD Notification VMware vCloud Director Email Test
15. Close the PuTIY window.

16. Return to the vCloud Director console.
Lab 12
91
Task 2: Manage organization vDe properties

In this task, you will configure the properties of an organization. Student A will do this task. Student
B will check the settings.

2. In the left pane, select Organization VDCs.
In addition to creating provider virtual datacenters and organization vDCs, the system
administrator can change existing vDC configurations.
3. In the right pane, right-click RD VDC and select Properties.

4. In the Organization VDC Properties panel, under the Allocation tab, perform the following
actions.
Setting
Action
CPU resources guaranteed
Type 10.
Memory resources guaranteed
Type 10.
Maximum number of VMs
Type 50.
5. Under the Network Pool & Services tab, change the number of networks provisioned to the
organization by typing 60 in the text box.
6. Click OK Wait for the configuration update to complete before continuing.
Task 3: Manage network IP allocations and pools

In this task, you will examine edge gateway IP allocations and update the network pool. Student B
will do this task. Student A will check the settings.
1. In the left pane, select External Networks.

2. In the right pane, right-click Production and select IP Allocations.
3. In the IP Allocations on Network: Production panel, click the Gateway IP Sub-allocation
tab.
Ranges of external network IP addresses have been suballocated to different organization edge
gateways in this course. Using the suballocation list, answer the following question.
What is the IP range suballocated to the QA gateway? _ _ _ _ _ _ _ _ _ _ __
92
Lab 12
4. Click the Allocated IP Addresses tab.

The Allocated IP Addresses tab lists all IP addresses allocated on the production network to
attached virtual machines and organization gateway interfaces.
5. In the Allocated IP Addresses list, click the Edge Gateway column header to sort the list by
edge gateway assignment.
6. Find the IP addresses allocated to QA gateway and answer the following questions by
comparing the listed allocations to the suballocation range you recorded in step 3.
External interface of the QA gateway: _ _ _ _ _ _ _ _ _ _ _ __

NAT address used for a VMware vSphere VAppTM virtual machine:
7. Click Cancel to close the IP Allocations panel.
8. Right-click the Production network and select Properties.

9. In the Network Properties: Production panel, click the Network Specification tab.
The system administrator can disable specific networks here, change network characteristics, or
delete networks.
10. Click Cancel.
11. In the left pane, select Network Pools.
12. In the right pane, right-click ORG-VLAN-Pool and select Properties.

13. In the Network Pool Properties: ORG-VLAN-Pool panel, click the Network Pool Settings
tab.
14. In the VLAN ID Range text box, type 300 - 3 99 and click Add.
15. Click OK
Lab 12
93
94
Lab 12
Lab 13
Managing Organization Resources

Objective: Manage resources as an organization
administrator
1. Manage organization properties and policies.

2. Configure email notifications.
3. Manage edge gateways and organization networks.
4. Manage users and catalogs.

https://vcs.vcd-ad.vc\ass.local:9443/
administrator
vmwarel!

http://vcd.vcd-ad.vclass.locaJ
administrator
vmwarel!
Lab 13
95
Task 1: Manage organization properties and policies

In this task, you will manage organization properties and policies. Student A will do this task.
1. In Internet Explorer, open a new tab and log in to the QA administrator page using the
URL
http://vcd. vcd-ad.vclass.local/cloudiorglQA
Username
Password
vmwarel!

3. In the left pane, click General.
4. In the right pane, change the organization full name by typing the following in the text box:
Quality Assurance and Testing
5. At the bottom-right comer of the page, click the Apply button.
6. In Internet Explorer, click the Refresh button and, if necessary, log in using the credentials
provided in step 1.
The organization pages are branded with the new full name.
8. In the left pane, select Policies.
Organization administrators have full control over lease, default quota, and password lockout
settings. Organization administrators cannot change limits imposed by the system administrator.
96
Lab 13
9. In the right pane, perform the following actions.
Setting
Action
vApp leases:
From the second drop-down menu, select Days. From the

first drop-down menu, select 14.
vApp leases:
From the second drop-down menu, select Days. From the

flfSt drop-down menu, select 30.
vApp leases:
Storage cleanup
From the drop-down menu, select Permanently delete.
Password Policies
Account lockout enabled
Invalid logins before lockout
Type 3.
Account lockout interval
Type 5.
10. Click Apply.
Task 2: Configure email notifications

In this task, you will confIgure and test email notiftcations at the organization level. Student B will
do this task. Student A will check the settings.
1. In the left pane, select Email.
2. In the right pane, under Notification settings, select Set organization notification settings.
3. In the Sender's email address text box, type qa_admin@Vcd-ad.vclass . local.
4. In the Email subject prefix text box, type QA VDC Notification.
5. In the bottom-right comer of the page, click the Apply button.
6. In the left pane, select Users.
Lab 13
97
7. In the right pane, click the Notify icon.

Users
+
1.
IHiii
Notifications sent in this context can be addressed to all users in the organization., or to all
organization administrators.
8. In the Notify Users panel, select Organization Administrators from the To drop-down menu.
9. In the Subject text box, type Policy Changes.
10. In the Message text box, type vApp runtime and storage leases have been
reduced to 14 and 30 days respectively.
11. Click Send Email.

12. When prompted, click OK
13. Click Cancel to close the Notify Users panel.
14. Select one or more users in the list and click the Notify icon. Multiple users can be selected by
pressing the Ctrl key when selecting each user.
The user name or number of users selected appears in the notification To field.
15. Click Cancel to close the Notify Users panel.
17. In the right pane, right-click QA VDC and select Notify Users.
IUiii
Notifications sent in this context are automatically addressed to any user with items in the
organization virtual datacenter. Relevant items are vApp templates, vApps, Media, and any
other object that a user might have attached or created as a resource.
18. Click Cancel.
98
Lab 13
Task 3: Manage edge gateways and organization networks

In this task, you will manage edge gateways and attached organization networks. Student A will do
this task. Student B will check the settings.
1. Right-click QA VDC and select Open.

2. In the right pane, click the Edge Gateways tab.
3. Right-click QA Gateway and select External IP Allocations.
External IP allocations have an associated category that is useful for identifYing which
addresses are used by which devices and how those addresses are being used. In the displayed
IP allocations list, you will see at least one IP allocated with a category of VSE and at least one
IP allocated with a category of NAT. The VSE category identifies which IP addresses have been
allocated for use by the organization network devices, such as an edge gateway interface, and
which IP addresses have been allocated for NAT translation.
4. Using the IP allocation table, record the IP addresses for each of the following connections:
External interface of the edge gateway: _ _ _ _ _ _ _ _ _ _ _ __
Public address of the hosted QA service virtual machine: _ _ _ _ _ _ _ _ _ _ _ __
5. Click Cancel.
The following steps require that you performed the "Hosting Inbound Services" lab. If you did
not complete that lab, do not perform the ping steps below, but do perform all other steps.
6. On the Control Center computer, select Start> All Programs> Accessories> Command
Prompt.
7. In the Command Prompt window, begin a continuous ping by typing ping 172.20.11.240
-to
8. In the QA administrator console, right-click QA Gateway and select Re-apply service

configuration.
Lab 13
99
10. In the Command Prompt window, observe network throughput as the update occurs.
iUiii
You will see very little effect on network throughput as a result of reapplying the edge gateway
service configuration. Monitor the response times and watch for time-out conditions in the
continuous ping operation.
11 . When the reapply of gateway service configuration is complete, return to the QA administrator
console. Leave the continuous ping running.
12. Right-click QA Gateway and select Re-deploy.
14. In the Command Prompt window, observe network throughput as the VMware vShield Edge
device is redeployed.
iU.iii
The redeployment will take a few minutes to complete. During redeployment, you will see the
ping reply times increase. In general, network connectivity is not cut off for long periods of
time. During the redeployment, you will see one or two periods in which full network
interruption occurs.
15. When the redeployment is complete, close the Command Prompt window.
16. In the QA administrator console, click the Org VDC Networks tab.
17. Right-click QA Services Network and select Properties
18. In the Network Properties panel, click the Network Specification tab.
Organization administrators can modify or add IP pool ranges for any given organization
network that is not directly connected to an external network defmed by a system administrator.
19. In the static IP pool range text box, type 172.30.100.160 -172 .30.100.170 and click
Add.
20. Click OK Wait for the configuration update to complete before continuing.
100
Lab 13
21 . Right-click QA Services Network and select IP allocations.
luni
The IP allocations that are listed apply only to the organization network. Each IP allocation
specifies a virtual machine and a VMware vSphere VAppTM. One of the IP addresses is listed
as being assigned to a VMware vShield Edge (internal) virtual machine. In this case, the
vShield Edge (internal) virtual machine is the QA gateway and the IF address listed is the
address assigned to its internal interface.
22. Click Cancel.
Task 4: Manage users and catalogs

In this task, you will manage organization users and catalogs. Student B will do this task. Student A
2. In the left pane, select Users.

3.
In the right pane, click the gear icon and select New User.
4.
In the New User wizard, perform the following actions.
Setting
Action
User name
Type qa_user2.
Password
Type vmwarel !.
Confirm password
Type vmwarell.
Enable
Keep the default.
Role
Select vApp User.
Full name
Type QA User2.
Email address
Type qa_user2Vcd-ad. vclass . local.
5. Click OK.
Lab 13
101
6. Right-click qa_userl and select Properties.

7. In the User Properties panel, select Catalog Author from the User role in organization: QA
drop-down menu.
8. Scroll down to the Quotas section.
9. For the All VMs quota, select the left-most radio button and type 10 in the text box.
10. For the Running VMs quota, select the left-most radio button and type 5 in the text box.
11 . Click OK.
14. In the right pane, under the Catalogs subtab, right-click QA Catalog and select Properties.
15. In the Catalog Properties panel, under the Publishing tab, select Don't publish this catalog
to other organizations and click OK.
102
Lab 13
Lab 14
Managing VMware vSphere Resources

Objective: Manage vSphere resources
1. Manage vCenter server systems.

2. Examine resource pool properties.
3. Manage ESXi hosts.
4. Manage datastores.
5. Manage storage profiles.
6. Examine vSphere distributed switches and port groups.
Lab 14
103

administrator
vmwarel!

administrator
vmwarel!
Task 1: Manage vCenter server systems

In this task, you will manage a vCenter Server system. Ibis task should be done by student B, with
student A checking the settings.
Username
administrator
Password
vmwarel!

4. Click vCenters in the left panel.
104
Lab 14
5. Point to the Attach New vCenters icon. Through this icon you can add vCenter Server systems
to your cloud.
veentelS
I~O=-_
~ .t..ttach New vCenter
6. Click the Attach New vCenter icon.
List the required items for attaching a vCenter Server system:
7. Click Cancel.
8.
Complete the following information for the vCenter Server system:

Name
Status
vCenter Server
Port Number
Version
vShield Manager
vCenter Proxy
9. In the right panel, select vCenterServer.

10. Click the Actions icon (blue gear symbol).
11. Click Properties.
Lab 14 Managing VMware vSphere Resources
105
12. On the General tab, change the name of the vCenter Server system by typing Cloud
Systems vCenter 01 in the vCenter Name text box.
13. Click OK.
14. Click Cloud Systems vCenter 01.
15. Click the actions icon (blue gear symbol).
16. Click Open in vSphere Web Client.
You might see a Pop-Up Blocked warning message at the top of the browser window. Disable
the pop-up blocker and click Open in vSphere Web Client.
17. Click Continue to this website (not recommended).
18. Log in to vCenter Server, using the foUowing credentials.
Username
adm inistrator
Password
vmwarel!
19. Minimize the vSphere Web Client window and return to the vCloud Director console.
Task 2: Examine resource pool properties

In this task, you will examine a VMware vSphere resource pool in vCloud Director. This task
should be done by student A, with student B checking the settings.

Username
administrator
Password
vmwarel!

4. In the left panel, click Resource Pools.
106
5. Verify that Generic-Pool and High-Performance-Pool are listed.

6. Right-click High-Performance-Pool and select Properties.
You should see the following information for each datastore:
Datastore
Type (
Connected
Capacity (Usedffotal)
% Used
Based on this information, which datastore has the highest free-space capacity?
What is the memory reservation used _ _ _ _ _ _ _ and total _ _ _ _ _ _ _ _ _ in

the entire resource pool?
7. Click OK
Leave the vCloud Director console connected for the next task.
Task 3: Manage E5Xi hosts

In this task, you will manage connected VMware ESXi hosts from the vCloud Director console.
This task should be done by student A, with student B checking the settings.
If you have any Internet Explorer tabs running VMware vSphere Web Client or any other
instances of Internet Explorer running, close them now. You should have only one instance of
Internet Explorer running and it should have a single tab open to the vCloud Director console.
3. In the left panel, click Hosts.
4. Right-click the esxi01.vcd-ad.vclass-local host and select Open in vSphere Web Client.
6. In the left panel, select the esxiOl.vcd-ad.vclass.local host.
You might have to expand VCS.vcd-ad.vclass.local > vCloud Datacenter> vCloud
Resource-Cluster to see theesxiOl host.
7. Click the Related Objects tab.

Lab 14
107
8. Click the Virtual Machines subtab.

9. Minimize this instance of the vSphere Web Client.
10. In the vCloud director console, right-click the esxi01.vcd-ad.vclass.local host and select
Disable Host. Wait for the Enabled status to change to the stop symbol.
11. Right-click the esxiOl.vcd-ad.vclass.local host and select Redeploy All VMs.
12. Click Yes.
13. On the Windows task bar, click the vSphere Web Client icon to maximize the window.
14. Click the refresh icon at the center top of the browser that is to the right of the Updated time
stamp.
15. Examine the Recent Tasks pane. You should see the Enter Maintenance Mode task, to migrate
virtual machines from one host to the other. Your ESXi hosts do not sufficient capacity to run
all of your VMware vSphere VAppSTM. So some migrations will fail, preventing the ESXi host
from going into maintenance mode.
16. Wait for the vCenter Server system to finish attempting migrations.
17. Locate the Enter Maintenance Mode task. Click the cancel icon (circle-X). Click Yes.
18. Minimize the vSphere Web Client and return to the vCloud Director console. You should see an
error message in the Status column.
19. Right-click the esxiOl.vcd-ad.vclass.local ESXi host and select Enable Host.
Leave the vCloud Director console running for the next task.
108
Lab 14
Task 4: Manage datastores

In this task, you will manage vSphere datastores. Ibis task should be done by student B, with
student A checking the settings.
3. In the left pane, click Datastores and Datastore Clusters.
4. Right-click Fast-Datastore-l and select Properties.
Answer the following questions:
a . Which storage profile is this datastore connected to? _ _ _ _ _ _ _ __
b. Does this datastore have any system alerts? _ _ _ _ _ _ __
c. What is the current disk space threshold for yellow? _ _ _ _ _ __
5. Change the yellow level for the disk space threshold to 6GB. Click OK.
Leave the vCloud Director console logged in for the next task.
Task 5: Manage storage profiles

In this task, you will manage storage profiles. Ibis task should be done by student B, with student A
checking the settings.
3. In the left pane, click Storage Profiles.
4. Right-click Bronze and select Properties.
a. Which datastores are in the Bronze storage profile? _ _ _ _ _ _ _ __
b. What percentage of storage has been used in the Bronze storage profLle in each datastore?
5. Click Cancel.
Leave vCloud Director console logged in for the next task.
109
Task 6: Examine vSphere distributed switches and port groups

In this task, you will view the properties of vSphere distributed switches and port groups. This task
should be done by student B. with student A checking the settings.
3. In the left panel, click Switches & Port Groups.
Which distributed switches have network pools assigned to them?
4. Click the Port Groups tab. You should see all currently assigned port groups.
5. In the upper right of the browser window, type vApp (case-sensitive) and press Enter. You
should now see all port groups that are associated with cloud networks that have "v App" in the
network name.
110
Lab 14
Lab 15
Monitoring Cloud Components

Objective: Monitor cloud components
1. Monitor provider vDC and organization vDC use.

2. Examine vCloud Director logs.
3. Enable and verifY Syslog logging for vCloud Director networks.

administrator
vmwarel!

administrator
vmwarel!
Lab 15
111
Task 1: Monitor provider vDC and organization vDC use

In this task, you will be guided through the vCloud Director console to examine various component
monitoring features. Student B will do this task. Student A will check the settings.
URL
Username
administrator
Password
vmwarel!

4. In the left pane, select Provider VDCs.
5. In the right pane, click the Monitor button and expand the first column so that the names are
visible and answer the following questions:
Which provider vDC is showing the highest processor used value? _ _ _ _ _ _ _ _ __

Which provider vDC has the highest processor allocation? _ _ _ _ _ _ _ _ _ __
Which provider vDC has the highest memory used value? _ _ _ _ _ _ _ _ _ __
Which provider vDC has the highest memory allocation? _ _ _ _ _ _ _ _ _ __
6. In the far-right column header, click the Customize Columns control.
Reso urce Pools
112
Lab 15 MonitOring Cloud Components
7. In the Customize Columns panel, deselect Processor Allocation, Memory Allocation, and
Storage Allocation. Select Processor Overhead, Memory Overhead, and Storage Overhead.
8. Click OK
Which provider vDC shows the highest processor overhead? _ _ _ _ _ _ _ __
Which provider vDC has the highest memory overhead? _ _ _ _ _ _ _ _ _ __
Which provider vDC has the highest storage overhead? _ _ _ _ _ _ _ _ _ __
9. In the left pane, select Organization VDCs.
10. In the right pane, click the Monitor button and expand the first column so that the names are
fully visible.
IU-iiil
In some cases, a provider vDC might be shared by many organization vDCs. In the class
environment, your provider vDCs back single organization vDCs, so resource use is the same
for each pair.
11. In the far-right column header, click the Customize Columns control.
ResolJrce Pools
12. In the Customize Columns panel, select Used Network Count and vApps, then click OK.
Expand the columns so that the column headings are visible and answer the following
questions:
Which organization vDC has highest used networks count? _ _ _ _ _ _ _ __
Which organization VDC has the most VMware vSphere VAppSTM?
13. In the left pane, select External Networks.
Lab 15
MonitOring Cloud Components
113
14. In the right pane, examine the IP Pool (Usedffotal) value shown for the Production network
and answer the following question:
What percentage of the IP pool available on Production is in use? _ _ _ _ _ _ __
15. In the left pane, select Network Pools.
16. In the right pane, examine the Pool (Used/Total) value for ORG-VLAN-Pool and answer the
following question:
What percentage ofORG-VLAN-Pool is in use? _ _ _ _ _ _ __
Task 2: Examine vCloud Director logs

In this task, you will examine the event and task logs available in the vCloud Director console. You
will also examine Syslog events related to vCloud Director. In your class environment, the vCenter
Server system was installed with an integrated Syslog server. During the course, vCloud Director
and the vCenter Server system have been sending events to that Syslog server. Student A will do this
task. Student B will check the settings.
1. In the left pane, click Logs.
2. In the right pane, select the Tasks tab and expand the columns so that the column headers are
readable.
The Tasks list shows all events related to tasks initiated by vCloud Director or a particular user.
The Owner column identifies the initiator of the task, which is either system or a user name.
3. In the Tasks list, sort the list by clicking the Owner column heading until the system-owned
tasks appear at the top of the list.
4. Examine the first two pages of tasks and answer the following question:
What two types of system-owned tasks were most frequently logged?
5. Click the Owner column heading until administrator-owned tasks are listed first.
6. Examine the first two pages of tasks and answer the following question:
What two types of administrator-owned tasks were most frequently logged?
7. Click the Events tab.
8. Examine the first few pages to see whether any warnings or errors have occurred.
114
Lab 15
MonitOring Cloud Components
10. On the ControlCenter desktop, select Start > Run.

11. In the Run text box, type \ \ ves . ved - ad . ve 1 as s . loea 1 \ e $ and press the Enter key.
12. In the \\vcs.vcd-ad.vclass.local Windows Explorer window, go to Program Data > VMware >
VMware Syslog Collector> Data > 172.20.10.91.

13. In the 172.20.10.91 folder, double-click the file with the most recent time stamp. The file
opens in Notepad. The current Syslog log file in a folder is usually named syslog. log.
14. Close Notepad after you have examined a few log entries.
Do not close the \\vcs.vcd-ad.vclass.local Windows Explorer window. You need it for the next
task.
Task 3: Enable and verify Syslog logging for vCloud Director networks
In this task, you will configure Syslog settings for network operations, synchronize logging between
the system and an edge gateway, and test firewall rule logging. Student B will do this task. Student
A will check the settings.
You must have completed the "Hosting Inbound Services" lab before beginning this task.
1. In the \\vcs.vcd-ad.vclass.local Windows Explorer window, click the Back button so that the IP
named folders are displayed.
Are there any folders named with an IP address in the range of 172.20.11.200-172.20.11.254?
2. Minimize (do not close) the \\vcs.vcd-ad.vclass.local Windows Explorer window.

3. In the vCloud Director console, click the Administration tab.
4. In the left pane, select General.
5. In the right pane, scroll down until the Networking are appears. Find the Syslog server settings.
6. In the SysJog server 1 text box, type 172.20.10.94.
7. Click Apply.
9. In the left pane, select Edge Gateways.
10. In the right pane, right-click QA Gateway and select Properties.
11. In the Edge Gateway Properties panel, click the Syslog Server Settings tab. A Syslog server
has not been configured.
Lab 15 Monitoring Cloud Components
115
12. Click Cancel.

13. Right-click QA Gateway and select Syncbronize Syslog Server Settings. Wait for tbe
synchronization to complete.
14. Right-click QA Gateway and select Properties.
15. Click the Syslog Server Settings tab and verify that Syslog server 1 is configured.
16. Click Cancel.
17. Right-click QA Gateway and select Edge Gateway Services.
18. In the Configure Services wizard, click the Firewall tab.
19. Select tbe ping rule and click the Edit button.
20. In the Edit Firewall Rule panel, select the Log network traffic for firewall rule check box
and click OK
21. Click OK to close the Configure Services wizard.
23. On the Control Center desktop, select Start> All Programs> Accessories> Command
Prompt.
24. In the Command Prompt window, ping the public IP of the QA service virtual machine by
typing ping 172.20.11. 240.
The ping command should receive a response. Traffic will be logged to the Syslog server that
has been synchronized on the edge gateway.
25. In the \\vcs.vcd-ad.vclass.local Windows Explorer window, press F5 to refresh the view.
Answer the following question:
What is the name of tbe new IP-named folder?
- - - - - - - You will see a new folder named witb an IP address in the range of 172.20.11.200
172.20.11.254. This IP address is the external address of the QA gateway. All firewall rules
configured with logging enabled result in events being logged from the external address of the
edge gateway, even if tbe target of the rule is an external NAT IP address.
116
Lab 15
26. Double-click the new folder and double-click the syslog. log fIle. The file opens in Notepad.
The Syslog messages for vShield Edge and fIrewall events can be difficult to read. The syslog
log file for the edge gateway contains other events not directly relating to the fIrewall rule that
you confIgured.
27. In Notepad, search for "icmp." The search should take you to the end of the file.
28. Examine the log entry and close Notepad.
29. Close the \\vcs.vcd-ad.vclass.local Windows Explorer window.
30. Close the Command Prompt window.
Lab 15
117
118
Lab 15
Lab 16
Organization Users
Objective: Manage vApps as an organization user
1. Change vApp ownership.

2. Share the organization catalog.
3. Add a virtual machine to a vApp.
4. Force recustomization.
5. Share a vApp with other organization users.
6. Reset a vApp network.
Lab 16
Organization Users
119

URL to the VMware vCenter Server Web
based console
admini strator
vmwarel!

administrator
vmwarel!
Task 1: Change vApp ownership

In this task, you will transfer ownership of two VMware vSphere VAppSTM. Student A will do this
task. Student B will check the settings.
1. If you are currently logged in to the vCloud Director console, click the Logout link in the
upper-right corner of the browser page. You must log out of the vCloud Director console before
continuing.
2. Log in to the QA organization page using the following information.
URL
http://vcd.vcd-ad.vclass.local/cloudlorg/QA
Username
Password
vmwarel!
3. Click the My Cloud tab. No vApps are listed as being accessible or owned by the qa_userl
account.
4. In the upper-right comer of the page, click the Logout link.
120
Lab 16
Organization Users
5. Log in to the QA organization page, using the following credentials.

Username
Password
vrnwarel!

The qa_admin account has access to all vApps created in the organization, including vApps
created by the system administrator.
7. In the vApps list, right-click QA-vAppl and select Change Owner.
8. In the Change Owner wizard, select qa_userl and click OK.
9. Right-click QA-vApp2 and select Change Owner.
10. In the Change Owner wizard, select qa_userl and click OK.
11 . In the upper-right comer of the page, click the Logout link.
Username
Password
vrnwarel!

The two vApps that qa_userl now owns appear in the Apps list.
Lab 16
Organization Users
121
Task 2: Share the organization catalog

In this task, you will transfer ownership of two vApps. Student B will do this task. Student A will
check the settings.

2. In the right pane, click the Catalogs tab and then click the vApp Templates tab. Notice the
number of items listed on each tab.
As the system administrator, you created a catalog for the QA organization lab 4. Later, as the
QA organization administrator, you interacted with that catalog. However, using the
nonadministrative qa_ userl account, you have no access to the catalog. Organization catalogs
are not automatically shared to all organization users.
Username
Password
vrnwarel!

7. In the right pane, right-click QA Catalog and select Share.
8. In the Catalog Properties panel, on the Sharing tab, click Add Members.
9. In the Share to Users and Groups wizard, leave Everyone in the organization selected and
click OK.
10. Click the drop-down menu and select ReadlWrite.

11. Click OK.
12. In the catalog list, notice the group icon that appears in the QA catalog Shared column.
Na me
Shar" oj
QA Catalog
122
Lab 16
Organization Users

Username
Password
vmwarel!
15. Click the Catalogs tab. In the right pane, the QA catalog appears and can be accessed.
Task 3: Add a virtual machine to a vApp

In this task, you will add a virtual machine to a vApp. Student A will do this task. Student B will
check the settings.
4. Click the Add VM icon, which appears as a green plus (+) sign.
5. In the New Virtual Machine wizard, use the virtual machine list scroll bar and page controls to
find the Win2k3-Base entry.
6. Select the Win2k3-Base virtual machine and click Add.

7. Click Next.
8. Under Configure Resources, change the virtual machine name to QAI-W2k3-B.
9. From the Storage Profile drop-down menu, select Silver.
10. Click Next.
11 . Under Configure Virtual Machines, change the computer name to QAI-VM2.
12. From the Network drop-down menu, select QAl-Local.
13. From the IP Assignment drop-down menu, select DHCP.
14. Click Next.
15. Under Configure Networking, click Next.
17. When the QAI-Win2k3-B virtual machine status changes to Powered Off, right-click the virtual
machine and select Power On.
Lab 16
Organization Users
123
Task 4: Force recustomization

In this task, you will force recustomization of a virtual machine in a vApp. Student B will do this
task. Student A will check the settings.

1. In the left pane, click v Apps.
2. In the right pane, right-click QA-vApp2 and select Open.
4. Right-click the QA2-Win2k3-A virtual machine and select Power Off.
6. When the QA2-Win2k3-A status changes to Powered Off, right-click the virtual machine and
select Power On and Force Recustomization.
7. When the QA2-Win2k3-A status changes to Powered On, right-click the virtual machine and
select Popout Console.
8. Monitor the virtual machine startup. The Windows login dialog box appears. After a few
minutes, the virtual machine reboots as part of the guest customization process.
9. Continue to monitor the virtual machine startup after the frrst reboot. You will observe several
Windows customizations occur, followed by a fmal restart.
10. When the last reboot has completed and the Windows login dialog box appears, close the
Popout Console window.
Task 5: Share a vApp with other organization users

In this task, you will share a vApp with another organization user. Student A will do this task.

2. In the right pane, right-click QA-vAppl and select Share.
3. In the v App Properties panel, on the Sharing tab, click Add Members.
4. In the Share to Users and Groups wizard, select the Specific users and groups radio button.
5. Select qa_user2 and click Add.
6. Click OK
7. From the qa_user2 Access Level drop-down menu, select Read Only.
8. ClickOK
9. In the upper-right corner of the page, click the Logout link.
124
Lab 16
Organization Users
Username
Password
vmwarel!
11 . Click the My Cloud tab.
12. In the right pane, right-click QA-vAppl and notice which options are available to the qa_user2
account.
Username
Password
vmwarel!
Task 6: Reset a vApp network

In this task, you reset a vApp network to force redeployment of the vShield Edge device. Student B
will do this task. Student A will check the settings.

4. Right-click the QAl-Local network and select Reset Network.
5. Read the Reset Network notice and click Yes. Wait for the Reset operation to complete.
Lab 16
Organization Users
125
126
Lab 16
Organization Users
Lab 17
Installing VMware vCloud Director

Objective: Install vCloud Director
1. Configure the vCenter Server licenses.

2. Verify the vCenter Server and vSphere DRS configuration.
3. Verify the vCenter Server networking configuration.
4. Configure iSCSI storage.
5. Configure user-defined storage capabilities.
6. Configure storage profiles.
7. Configure Network Time Protocol.
8. Confirm the vCloud Director network configuration.
9. Install vCloud Director.
10. Install the Java keytool.
11. Prepare the vCloud Director SSL keystore and create self-signed certificates.
12. Configure vCloud Director.
13. Create a Sysprep deployment package.
14. Configure the vCloud Director cell.
Lab 17
127
15. Connect vShield Manager to vCenter Server system.

16. Attach the vCenter Server system and vShield Manager.
17. License vShield Manager.
18. Test vCloud Director.

administrator
vmware 1!

administrator
vmwarel!
most tasks wiH be done by one student while the other student checks the work. Students will take
Task 1: Configure the vCenter Server licenses

In this task, you will license your VMware vSphere resource cluster. Students should work
together in a team of two students working on the same cluster. Students will alternate, with one
student configuring the cluster and the other student double checking settings. Ibis task should be
done by student A, with student B checking the settings.
1. Ask your instructor how to access your student vClass environment.

2. Open your workspace.
3. Open the console of the ControlCenter virtual machine.
4. Log in to the ControlCenter system with the user ID of administrator and the password of
vmwarel !.
128
Lab 17
5. Click the Internet Explorer shortcut Web-Console. Web-Console is a shortcut to VMware

vSphere Web Client.
6. Log in using the user ID of administrator and the password of vmware I !.
7. In the Administration pane, click the Licensing icon.
8. Select the vCenter Server Instances tab.
9. In the vCenter Server Instance column, select vcs.vcd-ad.vclass.local.
10. Click Assign License Key.
11. From the drop-down menu, select Assign a new license key.
12. Type the vCenter Server license key provided by your instructor.
13. Type vCenter Server in the Label (optional) text box.
14. Click OK
15. Click the Hosts tab.
16. Select the esx01.vcd-ad.vclass.local host.
19. In the License key text box, type the VMware vSphere Enterprise Edition license key
provided by your instructor.
20. Type vSphere Enterprise Plus in the Label (optional) text box.
21. Click OK
22. Select the esx02.vcd-ad.vclass.local host.
24. Select the vSphere Enterprise Plus license key.
25. ClickOK
26. Click Home.
Remain logged in to the vCenter Server system and leave vSphere Web Client open.
Lab 17
129
Task 2: Verify the vCenter Server and vSphere DRS configuration

In this task, you will confirm your VMware vSphere Distributed Resource SchedulerTM cluster
configuration. This task should be done by student B, with student A checking the settings.
The vSpbere DRSNMware vSphere High Availability configuration used in this lab is specific to
this lab environment. In most production environments, the best practice is to enable features like
vSphere HA, EVC, and Power Management. The configuration that you should use in production
environments depends on individual requirements. vCloud Director requires vSphere DRS to be
enabled. vCloud Director does not require vSpbere HA features.
1. If you are not logged in to the vSphere Web Client, do the following :
a. Double-click the vSphere Web Client shortcut.

b. Log in using the user ID of administrator and the password of vmware 1'.
2. Verify that you have a datacenter and vSphere DRS cluster properly configured:
a. Click Home.
b. In the Home pane, click the Hosts and Clusters icon.
c. Verify that you have a datacenter named vCloud Datacenter.
d. Verify that a vSphere DRS cluster is under the datacenter. In this lab, the vSphere DRS
cluster is named vCloud-Resource-Cluster.
e . Verify that VMware ESXi hosts esxiOl.vcd-ad.vclass.local and esxi02.vcd
ad.vclass.local are members of the cluster.
f. Click the vSphere DRS cluster vCloud-Resource-Cluster in the left inventory panel.
g. Click the Manage tab in the vCloud-Resource-Cluster pane.

h. Click the Settings subtab.
i.
Click vSphere DRS under Services.

o
DRS Automation should be selected and set to Fully Automated.
Power Management should be set to OfT.
Advanced Options should be set to None.
j. Click vSphere HA under Services. vSphere HA should be turned off.
k. Click the Summary tab.
130
Lab 17
I. In the vSphere DRS panel, verify the following settings:
Migration automation level should be set to Fully Automated.

Migration threshold should apply priority 1,2, and 3 recommendations.
Power management automation level should be off.
Remain logged in to the vCenter Server system and leave the vSphere Web Client open.
Task 3: Verify the vCenter Server networking configuration

In this task, you will conftrm your vCenter Server networking confIguration. This task should be
done by student A, with student B checking the settings.
1. Click Home in the upper-left comer of the left pane.

2. Under Inventories, click the Networking icon.
In the left panel, you should see the following three vSphere distributed switches:
dvs-IP-Storage
dvs-Production
dvs-vMotion
3. Select the dvs-IP-Storage switch.
4. Click the Manage tab.
5. Click the Settings subtab under Manage.
6. Expand the VMkemel ports under IP-Storage. You should see two vmkl ports conftgured at IP
addresses 172.20.13.51 and 172.20.13.52.
7. Expand the dvs-IP-Storage-DVUplinks on.
The dvs-IP-Storage switch should be correctly conftgured so that it can be bound to the
VMware vSphere Virtual iSCSI Adapter. There should only be a single uplink (with two NIC
adapters) for this switch. The uplink is named dvUplinkl. One NIC adapter should be
connected to vmnic3 on esxiOl.vcd-ad.vclass.local. The other NIC adapter should be connected
to vrnnic3 on esxi02.vcd-ad.vclass.local.
I"Jiii[.]~1
If the distributed switch used by IP storage is not limited to a single uplink (one NIC per host) it
will not be possible for the vSphere virtual iSCSI adapter to bind to the VMkemel port. By
default, distributed network switches are created with four potential uplinks.
Lab 17
131
8. Use the Networking view in vSphere Web Client to confirm that both ESXi hosts have the
following switches and port groups connected to the correct vmnic interfaces.
Switch
Port group
vmnic
dvs-Production
Production
vmnicl
dvs-vMotion
vMotion
vmnic2
dvs-IP-Storage
IP-Storage
vmnic3
9. Use the Networking view in vSphere Web Client to confmn that the following VMkemel ports
exist with the proper network configuration.
Switch
ESXi01
ESXi02
Subnet mask
vMotion?
Management?
dvs-vMotion
172.20.12.51
172.20.12.52
255.255.255.0
Yes
No
dvs-IP-Storage
172.20.13 .51
172.20.13.52
255.255.255.0
No
No
Task 4: Configure iSCSI storage

In this task, you will configure your iSCSI storage configuration. This task should be done by
student B, with student A checking the settings.
1. Click Home in the upper-left comer of the left pane.

3. Select the esxi01.vcd-ad.vclass.local ESXi host in the left panel.
5. Click the Storage tab under Manage. The Storage Adapters item should be selected by default
in the left panel. If it is not already selected, click Storage Adapters.
6. Click the green plus (+) icon to add a storage adapter.
7. Select the Software iSCSI Adapter.
8. Click OK Wait for the adapter to be added to the list of storage adapters.
9. Select the iSCSI software adapter that was added. On most systems, this adapter is vmhba33.
132
Lab 17
10. Click the Properties tab in the lower panel.

11. Click the Edit button.
12. Change the iSCSI name to iqn.I998-0 I .com.vmware:esxiO 1. On most systems, you will need to
delete extra hexadecimal characters that have been appended after esxiOl. When the iSCSI
name matches the correct name, click OK
Example: Before changing the iSCSI name
iSCSI Name'
iSCSI Alias.
liqn 1998-01 .co m vmwa re 'eSJd01-1 ce7c3fdI

I
LCilnce l
Example: Correct iSCSI name
iSCSI Name:
IIQn .1998-o1 .com.vmware :esxio11
ISCSI Alias:
In this lab environment, the iSCSI storage array validates the iSCSI name of the storage
requester. In a production system, consult with your storage administrator to determine the
authentication requirements of the local storage arrays.
13. Click the Targets tab under Adapter Details.

14. Click the Dynamic Discovery tab.
15. Click the Add button.
16. In the iSCSI Server text box, type 172 . 20.13.14 .
17. Keep the default port of 3260.
18. Leave Inherit settings from parent selected.
19. Click OK.
20. Click the Network Port Binding tab_
Lab 17
133
21. Click the green plus (+) icon to add a VMkemel port.
22. Select the IP-Storage port group. The vmki port should be automatically selected on the
vmnic3 physical network adapter. The Status tab should report that this port group policy is
Compliant. Click OK
23. Click the icon to refresh the host's storage system.
storage Adapters
!iii ~
AdaPte~
~ ...
iJ
~=
t-
- T\l D~
Statw
PII)(4 fnr 41n~ Refresh the host's storage system '
24. Click the icon to rescan the host for new storage devices or new VMware vSphere VMFS
volumes. Allow the scan for new storage devices and for new VMFS volumes. Click OK
storage Adapters
Ad.plo r
f!
b~ Y
.-
.~
__ . ' . "
. ,
Rescan the host for n ew storage deVices or
PIIX4 for 430TX144( ne w V MFS volumes
25. Click the Devices tab under Adapter Details. You should see four iSCSI disk devices.
26. Click the Related Objects tab at the top of the pane.
27. Click the Datastores tab. You should now see the following datastores:
Fast-Datastore-I
Fast-Datastore-2
Medium-Datastore--I
Slow-Datastore-I
Either a datastore 1 or a datastore2 will be present.
28. Repeat steps 1-24 for the esxi02.vcd-ad.vclass.1ocal host.

In step 12, use iqn. 1998-0 I.com. vmware.esxi02 for the iSCSI name.
Remain logged in to the vCenter Server and leave the vSphere Web Client open.
134
Lab 17
Task 5: Configure user-defined storage capabilities

In this task, you will configure user-defined storage capabilities. This task should be done by student
A, with student B checking the settings.
1. Click Home in the upper-left comer.
3. Select the esxi01.vcd-ad.vclass.Iocal host.
4. Click the Related Objects tab.
5. Click the Datastores tab.
6. Right-click the Fast-Datastore-l datastore.
7. Select Assign Storage Capability.
8. Click the New button.
9. Type Gold-Level in the Capability name text box.
10. Type Premium Storage in the Description text box. Click OK. Click OK.
11. Right-click the Fast-Datastore-2 datastore.
12. Select Assign Storage Capability.
13. From the drop-down menu, select the Gold-Level storage capability.
14. Repeat steps 6-10 to assign the following user-defmed storage capabilities.
Datastore
User-defined storage
capability
Medium-Datastore-l
Silver-Level
Medium speed and cost

storage
Siow-Datastore-l
Bronze-Level
Low speed and cost storage
Description
Lab 17
135
Task 6: Configure storage profiles

In this task, you will configure storage profIles. This task should be done by student B, with student
A checking the settings.

2. Click the VM Storage Profiles icon.
3. Click the Enable Storage Profiles icon.
~el ; 5
. Enable VM Storage Profiles per Compute
Re sou r ce
4. Select the vCloud-Resource-Cluster.

5. Click Enable.
6. Click Close.
7. Click the Create a New VM Storage Profile icon.
rjiJ e 6\
NV
'
~E
Create a new VM Sto rage Profile
8. Create the following storage profIles and connect them to the specifIed user-defmed storage
capability.
Storage profile
User-defined storage
capability
Gold
Gold-Level
Silver
Silver-Level
Bronze
Bronze-Level
136
Lab 17
Task 7: Configure Network Time Protocol

In this task, you will configure the Network Time Protocol (NTP). lbis task should be done by
student A, with student B checking the settings.
3. Select the esxi01.vcd-ad.vclass.local host.
5. Click the Settings tab.
6. Click Time Configuration.
7. Verify that the NTP client is running on the ESXi hosts.
8. Verify that at least one NTP server is configured. The NTP sever should be pdc-sql.vcd
ad.vclass.local (the primary domain controller of the Active Directory domain).
9. Repeat steps 3-8 for the esxi02.vcd-ad.vclass.local host.

10. Minimize the vSphere Web Client.
Task 8: Confirm the vCloud Director network configuration

In this task, you will confirm the network configuration of the vCloud Director server and
infrastructure. lbis task should be done by student B, with student A checking the settings.
1. Start the PuTIY tool on the desktop of the ControlCenter virtual machine.
2. Use the PuTIY SSH utility to connect to vcd.vcd-ad.vclass.1ocal.
3. Log in to the vCloud Director server with the root account and a password of vmwarel !.
Lab 17
137
4. Run the if conf ig - a command to confirm that you have two network interfaces ethO and
ethland that their addresses are correct. The ethO address should match the HTTP service
address of 172.20.10.91. The ethl address should match the console proxy service IP address of
172.20.10.92.
[root@VCD -jf 1fconfig -a
ethB
Link encap:Ethernet HWaddr B8:58:56:2E:6S:25
inet addr:172.28.1B.91 Bcast:172.2B.18.255 Mask:255.255.255.e
UP BROADCAST RUNNING MULTICAST MTU:1588 Metric:l
RX packets:23518 errors:286 dropped:fl overruns:8 frame:6
TX packets:1627 errors:8 dropped:B overruns:6 carr1er:8
col11s10ns:8 txqueue1en:1888
RX bytes:1518433 (1.4 M1B) TX bytes:115257 (112.5 KiB)
Interrupt:59 Base address:6x2624
ethl
Link encap:Ethernet HWaddr 6S:5B:56:2E:6S:26
inet addr:I72.28.1B.92 Bcast:I72.26.1S.255 Mask:255.255.255.6
UP BROADCAST RUNNING MULTICAST MTU:1588 Metric:l
RX packets:22426 errors:38B dropped:fl overruns:B frame:6
TX packets:163 errors:6 dropped:8 overruns:B carrier:8
(011ision5:8 txqueue1en:18a8
RX bytes:1419781 (1.3 MiB) TX bytes:12233 (11.9 KiB)
Interrupt:67 Base address:8x26a4
5. Run the nslookup command to confirm that the DNS host can resolve the vCloud Director
host name. Type nslookup vcd.
[root@vcd
Server:
Address:
~]#
nslookup vcd
172.20.10.93
172.20.10.93#53
Nayne:
vcd.vcd-ad.vclass. local
Address: 172.20.10.91
138
Lab 17
6. Run the nslookup command to confIrm that the DNS host can resolve the vCJoud Director
fuJly qualified domain name. Type nslookup vcd. vcd-ad. vclass . local.
[root@VCD --]# nslookup vcd.vcd-ad.vclass.local

Server:
172.20.10.93
Address:
172.20.10.93#53
Name: vcd.vcd-ad.vclass.local
Address: 172.20.10.91
7. Run the nslookup command to confIrm that the DNS host can resolve the Address Resolution
Protocol (ARP) address of the IP address for the vCloud Director HITP service. Type
nslookup 172.20.10.91.
[root@vcd
Server:
Address:
~ l#
nslookup 172.20.10.91
172.20.10.93
172.20.10.93#53
91.10.20.172.in-addr.arpa
= vcd.vcd-ad.vclass.local.
name
8. Run the nslookup command to confIrm that the DNS host can resolve the ARP address of the
IP address for the vCloud Director console proxy service. Type nslookup 172.20.10.92.
[root@ved -]# nslookup 172.20.10.92
Server:
172.20.10.93
Address:
172.20.10.93#53
92.10.20.172.in-addr.arpa
Lab 17
name
ved-conso Ie. vcd-ad. ve lass. local.
139
9. Type the command grep server /etc/ntp.conf. Verify that at least two NTP servers
have been configured. In the screenshot, three NTP servers are configured: pdc - sq 1 . vcd
ad . vclass .local, 1. pool. ntp. org, and 2. pool. ntp. org. The first NTP server needs
to be the primary domain controller of Active Directory. If this NTP server is not configured,
ask your instructor for assistance.
[~oot@V C D - ]# g~ep server letc/ntp.conr
# Use publlC serve~9 r~om the pool.n t p.org p~oJect.
#broadcast 192.168.1.255 key q2

# broadcast server
#broadcast 22q . 0.1.1 key q2

# multicast server
#rmonyca::!ltserver 2 39.255.2SQ.25Q
# manycast server
server 127.1 2 7.1.0
server pdc-sql.vcd-ad . vclass.local
server 1.pool.ntp.org
server 2 . pool.ntp.org
10. Type the command service ntpd status to verify that the NTP daemon is running.
[root@VCo
ntpd (pid
service ntpd status
3511) is running ...
~]#
11. lfthe NTP service daemon is not running, type the command service ntpd start. lfthe
service fails to start, ask your instructor for assistance.

Leave your PuTTY SSH session connected to vcd.vcd-ad.vclass.local for the next task.
Task 9: Install vCloud Director

In this task, you will install vCloud Director. This task should be performed by student A, with
student B checking the work.
1. Use the PuTTY SSH utility on the ControlCenter desktop to connect to vcd.vcd-ad.vclass.local
if you are not still connected from task 8.

2. Use the cd command to change directories to the /root/downloads directory where the
vCloud Director software binary is stored.
# cd /root/downloads
3. Type 1 s -1 to determine the exact filename of the vCloud Director software binary. In the
screenshot, the filename is vmware -vcloud-director- 5.1.0 - 810718 . bin. Your
filename will be similar.
[roo t @vcd downloads)# Is -1

total 2616QQ
-nrx r-xr-x 1 root root 26611573Q 5ep 2 3 15:00
140
vrm,ar e -vc louct-d lreCto~- S . 1.() -Bl0 7 1 8 . bln
Lab 17
If the file does not appear with an x listed beside it, the file is not executable. In the screenshot,
the file is not executable. Type chmod a+x *. bin to change all . bin files in the current
directory to executable files. In the following screenshot, the same listing shows both . bin
files changed to executable files.
[rootBvcd downloads] # Is -1
total 2816H
-rw-r--r-- 1 root root 288115734 Sep 23 15:00 vmware-vcloud-director-5.1.0-81071
3.bin
[rootBvcd downloads]# chmod a+x '.bin
[rootBvcd downloads] # Is -1
total 281644
-rwxr-xr-x 1 root root 288115734 Sep 23 15:00 vl'm.Y6re-vcloud-director-5.1.0-810718.hin
4. Run the binary by typing . / in front of the filename. Type the filename correctly: It is case
sensitive. Use the correct filename shown in your system, not the filename in the example.
# ./vmware-vcloud-director-S.l.0-810718.bin
Do not run the configuration script now.

5. Type n in response to Would you like to run the script now (yin)?
Leave the PuTTY SSH session connected to vcd.vcd-ad.vclass.local for the next task.
Task 10: Install the Java keytool

In this task, you will install Java keytool on the vCloud Director server. This task should be
performed by student B, with student A checking the work.
1. Use the PuTTY SSH utility on the Control Center desktop to connect to vcd . vcd
ad. vclass. local if you are not still connected from the last lab.
2. ConfIrm that keytool is available in the vrnware vcloud binary directory by typing the command
Is /opt/vmware/vcloud-director/jre/bin. You should see the keytool binary.
[root@vcd do~nload61# 16 /opt/vm~are/vcloud-director/jre/bin
Co ntrolPanel
j ava_VlI' Jcontrol orlJd
policytool rwiregi9 try
j ava
javarJ5
k e y tool
pack200 rt(,ld
servertool
Lab 17
tnan,e5erv
rlnpack2 00
141
3. Run the al ternat i yes command to create a symlink to the new keytool.
# /usr/sbin/alternatives --install /usr/bin/keytool key tool /opt/
vmware/vcloud-director/jre/bin/keytool 1
Type the command correctly, with correct filenames and paths. In the example, the command
ends with the number 1.
4. Type /usr/sbin/al ternatives - -config key tool. The command returns how many
versions of keytool are installed on this system and allows you to set the default version that the
system will use. Select the Java Runtime Envirorunent version 6 keytool.
[root@vcd downloads]# /usr/sbin!alternatives --config keytool
There is 1 program that provides 'keytool' .
Selection
"/;+ 1
Command
/ opt!vnHuare/vc loud-director / j re/b in/ keytoo 1
Enter to keep the current selection[+], or type seleetion number:
Leave the PuTTY SSH session to vcd.vcd-ad.vclass.local connected for the next task.
Task 11: Prepare the vCloud Director SSL keystore and create self
signed certificates
In this task, you will prepare the vCloud Director server SSL keystore and create self-signed
certificates. This task should be performed by student A, with student B checking the work.
2. Create a directory for the certificates with the mkdir command:
# mkdir /opt/certificates
3. Change into the certificates directory with the cd command:
# cd /opt/certificates
4. Run the keytool command to create a certificates keys tore file and an alias for the HTTP
certificate. Use a password ofvmwarel!.
142
Lab 17
# keytool -keystore certificates.ks -storetype JCEKS -storepass

vmwarel! -genkey -keyalg RSA -alias http
5. After you run the key tool command, you will be prompted with several questions. Use the
following answers.
Keytool questions
Answers
First and last name?
vcd. vcd-ad. vclass.local
Organizational unit?
Cloud Administration
Organization?
Cloud Computing
City or locality?
<your_city>
State or province?
<your_state_ oryrovince>
Two-letter county code?

Correct?
yes
Password for HfTP?
Press the Enter key to use the default password ofvmwarel!.
[root~vc c1 ctovnload!!lj#
~hat
Itc.ytool -Ic.eV3t.or e c er~ifice.te~.)r(!!I -!!It.oreql'pe JCEKS -=I1:orep~~ vrn.,arel'
1!!1 your tlr!lt and la!!t
[Unknown):
vcd.vcd-ad.vcla33.1ocal
What. 13 ttle n&tle: at yOllE:' ot:'qanlzatlonal uTIle
( Unkno~nJ:
-genkey -keyalQ RSA -al::l.e.!!I htt.p
n~i
'I
Cloud. Actmlnl!1ttac 10n
What 13 the name or youe ot:Q'anlzatlont

[Unlcnovn]:
Cloud Con'l'p Ut i OiWI
What 1:1 ttLe name ot your Clty or Locsl1tyi

(Unkno\iln):
fort Worth
What 13 the name ot your: State or PrOvince?

(Unknown]:
Texa!!
Whae 1!!1 the t\llD-letter countc'.' code tor

( Unknown}:
I!I
ctllS
unit 7
US
CNvCd.vcd-ad.vCla~!!.local,
OU'"'Cloud ltdU'llnl!1{'ce.r;ton,
(I-C lOud Compu t l n Q,
l.-fot:t Worth,
S r-Te x e.~,
CeUS C'orrec{' ?
ye~
(no] :
Enter k.e:y
pa!l~vol:"d
(R [:TURN 11:
toc
<http >
~ ~ a~
ke: y ~t.Co("e
p~.!lword)
6. Run the keytool command to create an alias for the console proxy certificate. Use the
keys tore password of vmware 1!.
# key tool -keystore certificates.ks -storetype JCEKS -storepass

vmwarel! -genkey -keyalg RSA -alias consoleproxy
You can press the up arrow key to copy the last command. You can edit the copied command.
Lab 17
143
7. After you run the keytool command, you wil1 be prompted with several questions. Use the
following answers:.
Keytool questions
Answers
First and last name?
vcd-console. vcd-ad. vclass.local
Organizational unit?
Cloud Administration
Organization?
Cloud Computing
City or locality?
<your_city>
State or province?
<your_state_ oryovince>
Two-letter county code?

Correct?
yes
Password for console proxy?
Press the Enter key to use the default

password ofvmwarel!.
8. Run the keytool command to list the certificates in the keystore.

keytool -keystore certificates . ks -storetype JCEKS -storepass
vmwarel! -list
Keystore type: JCEKS
Keystore provider: SunJCE
Your keystore contains 2 entries
consoleproxy, Aug 30, 2012, PrivateKeyEntry,
Certificate fingerprint (MDS): 'l7:27:F9:SE:AB:AS:CF:'lB:FA:7C:OS:AS:7A:1F:31:6B
http, Aug 30, 2012, PrivateKeyEntry,
Certificate fingerprint (MDS): SC:ES:07:6D:'l3:76:34:97:FB:C'l:03:EB:B8:0S:4E : A8
9. Use the chmod command to make the directory and files readable by all users.
# chmod -R a+r /opt/certificates
Leave your PuITY SSH session connected to vcd.vcd-ad.vclass.local for the next task.
144
Lab 17
Task 12: Configure vCloud Director

In this task, you will configure the vCloud Director software. lbis task should be done by student B
and checked by student A.
2. Type the command /opt/vmware/vcloud-director/bin/configure.
3. Type 1 to select 172.20.10.91 for the IP address for the HTfP service.
4. Type 1 to select 172.20.10.92 for the IP address for the console proxy service.
5. Type /opt/certifica tes/certificates. ks. for the path to the Java keystore.
6. Type vmware11 for the keystore password.
7. Type 172.20.10.94 for the Syslog server IP address. Use the default syslog port (514).
8. Type 2 to select option 2 for Microsoft SQL Server.
9. Type 172 . 20 . 10 . 93 for the Microsoft SQL Server IP address.
10. Press key to use the default database port of 1433.
11 . Press Enter to use the default database, named vcloud.
12. Press Enter to use the server's default instance.
13. Type cloud_ dba for the Microsoft SQL Server database operator user ID.
14. Type vmware1! for the Microsoft SQL Server database operator password. Wait for the
database installation to complete.
15. Start the vCloud Director service by typing y.
16. Leave the PuTTY SSH utility connected to the vcd.vcd-ad.vclass.local server for the next task.
Task 13: Create a Sysprep deployment package

In this task, you will create a Microsoft Sysprep deployment package for your vCloud Director
server. lbis task should be done by student A and checked by student B.
2. Type the following command:
# /opt/vmware/vcl o ud-direct o r/deploymentPackageCreator/
createSysprepPackage.sh /opt/sysprep
Lab 17 Installing VMware vCloud Director
145
3. Ignore the warning about Windows 2000 guest virtual machines. Wmdows 2000 Sysprep files
are not present in the classroom configuration.
4. Type service vmware-vcd restart to restart the vCloud Director cell. Wait for a
successful startup of the watchdog and cell daemons.
[root.@VCD downloads] # service vrnliTare-vcd rest.art.
St.opping vrnware-vcd-wat.chdog:
St.opping Y~ware-vcd-cell:
Starting vrnware-vcd-watchdog:
St.arting vrnware-vcd-cell
OK
OK
OK
OK
5. Type exi t to close the PuTTY SSH session. Wait for at least two minutes for the vmware-vcd
service to completely restart before proceeding to the next task.
Task 14: Configure the vCloud Director cell

In this task, you will configure the vCloud Director cell for first use. This task should be done by
student B and checked by student A.
1. Use the Internet Explorer browser on the ControlCenter virtual machine to open a new tab.
Leave the tab with the vSphere Web Client running.
2. In the new Internet Explorer tab, go to https:llvcd.vcd-ad.vclass.local.

3. Click Continue to this website (not recommended).
Tbis security warning appears because self-signed certificates were used to install vCloud
Director.
4. Click Next to start the vCloud Director setup wizard.
5. Click Yes to accept the license agreement. Click Next.
6. Type the vCloud Director license key provided by your instructor. CLick Next.
7. Keep the default administrator for the vCloud Director administrator user ID.
8. Type vmwarell for the administrator user password.
9. Type Cloud Director for the vCloud Director administrator full name contact information.
10. Type cdl'6vcd-ad. vclass .local for the vCloud Director administrator email address.
11 . Click Next.
12. Type Cloud-EnterprisesOl for the vCloud Director system name.
146
Lab 17
13. Leave the Installation ID set to the default value of I.
14. Click Finisb.
Leave the vCloud Director console open for the next task.
Task 15: Connect vShield Manager to vCenter Server system

In this task, you will connect VMware vShield ManagerTM to the vCenter Server system. This task
should be done by student B and checked by student A.
1. In the Internet Explorer browser on the Control Center console, open a new tab. Leave the tabs
with the vCloud Director console and the vSphere Web client running.
2. Go to http://172.20.1O.98/.
3. Click Continue to tbis website (not recommended) to ignore the security warning.
4. Type admin for the user name and type defaul t for the password.
5. Click Cbange Password in the top-right comer.
6. Type defaul t for the old password and type vmware1! for the new password.
7. Click Logout. Click OK.
8. Log back in to the vCloud Networking and Security console. Type admin for the user name
and type vmware11 for the password.
9. Click Settings & Reports in the left panel.

10. Click Edit on the right side level with DNS Servers.
11 . Type 172.20.10.93 for the primary DNS server.
12. Click OK.

13. Click Edit on the right side level with Lookup Service.
14. Type a lookup service host ofvcs. vcd-ad. vc1ass . local.

15. Type a single sign-on administrator user name of admin@system-domain.
16. Type a password ofVMware11 . The password is case-sensitive.
17. Click OK.

18. Click Yes to accept the SHAI thumbprint.
19. Click Edit on the right side level with vCenter Server.
20. Type vc s . vcd - ad. vc las s . local for the vCenter Server name.
21 . Type administra tor for the administrator user name.
Lab 17
147
22. Type vmwareI! for the password.

23. Leave Assign vShield Enterprise Administrator role to this user selected.
24. Click OK
25. Click Yes to accept the SHA 1 thumbprint.
26. Click Edit on the right side level with NTP Server.
27. Type pdc- sgl. vcd-ad . vclass .local in the NTP Server text box.
28. Click OK
29. Click Edit on the right side level with Syslog Server.
30. Type vcs. vcd- ad. vclass .local in the Syslog Server text box.
31 . Leave the Port text box blank to use the default value of 514.
32. Click OK You should now be able to expand Datacenters in the left panel to see your resource
cluster.
Datacenters
B vCloud Datacenter
B"
vCloud-Resource-Cluster
esxiOl, vcd-ad .vclass ,local
esxi02 .vcd-ad .vclass .Iocal
33. Close the Internet Explorer tab that is connected to the VMware Security Manager server.
Task 16: Attach the vCenter Server system and vShield Manager
In this task, you will attach the vCenter Server system and vSbield Manager to the vCloud Director
cell. This task should be done by student A and checked by student B.
1. Use the Internet Explorer browser on the ControlCenter console to open a new tab. Leave the
tabs with the vCloud Director console and the vSphere Web client running.
2. Go to bttp:llvcd.vcd-ad.vclass.local.
3. Click Continue to this website (not recommended) to ignore the security warning.
4. Click Attach a vCenter.
5. Type vcs. vcd-ad. vclass .local for the vCenter Server system host name.
6. Keep the default port number of 443.
148
Lab 17
7. Type administrator for the vCenter Server system user ID.

8. Type vmwarell for the vCenter Server administrator password.
9. Type vCen terServer as a vCenter Server name.
10. Type vCenter Server - Resource Cluster in the Description text box.
11. Select Use the following URL.
12. Type https: / /vcs. vcd-ad.vclass .local: 9443 for the URL.
13. Click Next.
14. Type vcns. vcd- ad. vclass .local for the vShield Manager host name.
15. Type admin for the vShield Manager administrator name.
16. Type vmwarell for the vShield Manager administrator password.
17. Click Next.
18. Click Finish.
19. A green check mark should appear next to item 1 on the menu, and the item should change to
Attach anotber vCenter.
Task 17: License vShield Manager

In this task, you will license the vShield Manager for use by vCloud Director. This task should be
done by student A and checked by student B.
1. Use the Internet Explorer browser on the ControlCenter virtual machine to return to the tab
running the vSphere Web Client.
2. If you are not logged in to the vCenter Server system, log in by typing administrator for
the user ill and vmwarell for the password.
3. Click Home.
4. Click Licensing.
5. Click the Solutions tab.
6. Select vCloud Networking and Security.
9. In the License key text box, type the VMware vCloud Networking and SecurityTM license key
provided by your instructor.
10. Click OK
Lab 17
149
Task 18: Test vCloud Director

In this task, you will test your installation ofvCloud Director. This task should be done by student B
and checked by student A.
1. Use the Internet Explorer browser on the ControlCenter virtual machine to return to the tab
running the vCloud Director console.
2. If you are not logged in to the vCloud Director console,log in by typing administrator for
the user ID and vmware11 for the password.
3. Create the following to verify your installation:
A provider virtual datacenter named Test:
Use Gold storage.
Type the credentials to prepare both host.
An external network named Prod-EX:
Use the Production port group.

Type a gateway address of 192.168.1.1.
Type a network mask of 255 . 255.255. O.
Type a primary DNS of 172.20.10.93 .
Type a DNS suffIx of test . local.
Create a static IP pool range of 192.168.1.2-192.168.1.100.
4. Click OK.
150
Lab 17
~1I 11 1 1 1 11 1 1
1111111111111111 11111
111111111111 111111111111 11111111 111111111111111111111111111 11111111
* E D U - E N - V C I C M 5 1 - LAB - STU *

VMware Vcloud Director ICM Lab PDF

Hochgeladen von

Dokumentinformationen

Originalbeschreibung:

Originaltitel

Copyright

Verfügbare Formate

Dieses Dokument teilen

Dokument teilen oder einbetten

Freigabeoptionen

Stufen Sie dieses Dokument als nützlich ein?

Sind diese Inhalte unangemessen?

Copyright:

Verfügbare Formate

VMware Vcloud Director ICM Lab PDF

Hochgeladen von

Copyright:

Verfügbare Formate

VMware vCloud Director:

Install, Configure, Manage

Student Lab Manual

vCloud Director 5.1

VMware Education Services

VMware vCloud Director:

. ....... ... . .. .. . ... . .... 1

Lab 2: Configuring YMware vCloud Director Network Pools . . ... .

Lab 3: Creating Provider Virtual Datacenters . . . . . . . . . . . . . . . . . .

Lab 4: Organizations . . . . . . . . . . . . . . . . . . . . . . . . . . . .. . .......... . .... . .... . ........ 17

Lab 7: Deploying YMware vCloud Director vApps . . . . . . . . .

Lab 9: Hosting Inbound Services ............. . .. . ................ . . . . .............. 69

Lab 10: Managing Custom Security Roles .................. .. . .

Lab 12: Managing Cloud Resources .............. . .. . . . . . .. . .. . .. . .. . . . . . . . ..... .... 89

Lab 13: Managing Organization Resources ......... .. .. . . .. .. .. . .. . . . . .. . . . .. . . . . . . .. .95

Lab 15: Monitoring Cloud Components. .

Lab 16: Organization Users . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

Lab 17: Installing VMware vCloud Director .. .. . .

VMware vCloud Director: Install, Configure, Manage

VMware vCloud Director: Install, Configure, Manage

Configuring VMware vCloud Director

Preparing for the lab

vCenter Server administrator user name

vCenter Server administrator password

URL to the VMware vCloud Director

http://vcd. vcd-ad. vclass.local

vCloud Director administrator user name

vCloud Director administrator password

Configuring VMware vCloud Director Networking

Task 1: Install licenses

1. Open your workspace.

5. In the left pane, select Administration> Licenses.

Configuring VMware vCloud Director Networking

Task 2: Configure resource cluster network settings for vCloud

1. In the vSphere Web Client console, click the Home icon.

vrnware' vSphere Web Client

~~------------------~~-2. In the left pane, select vCenter > Networking.

Configuring VMware vCloud Director Networking

Type Production and click Next.

Keep the default of Static binding.

Keep the default of Elastic.

Keep the default of 8.

Network resource pool

Keep the default of (default).

Keep the default of None.

Task 3: Create a vCloud Director external network

3. In the vCloud Director console, click 3 Create an external network.

Configuring VMware vCloud Director Networking

6. Under Configure External Network, click the Add button.

In the Add Sub net wizard, perform the following actions.

Type 172 .20 . 11.10.

Type 172 . 20 . 10 . 93.

Type vcd-ad. vclass . local.

Type 172 . 2 0 . 11. 2 0 0

Ready to Complete, click Finish.

Configuring VMware vCloud Director Networking

Configuring VMware vCloud Director Networking

Configuring VMware vCloud Director

1. Configure resource cluster network settings for a vCloud network pool.

Preparing for the lab

vCenter Server administrator user name

vCenter Server administrator password

-------------------2. In the left pane, select vCenter > Networking.