Introduction

This document is intended to serve as a “quick start” guide to phoenixNAP Virtual Private Datacenter and Data Security Cloud products. Both of these products utilize the VMware vCloud Director user interface to manage virtual machines and networking.

In this document, we will cover how to perform initial network configuration, how to create a vApp, and how to connect a VM to the internet.

Additional in-depth documentation for these features, as well as other functionality available within vCloud Director, is available by clicking the question mark icon in the upper right corner, followed by the Help link in the menu that pops up:

help link for vcloud director

This document also assumes that you have received your login URL and credentials from the phoenixNAP Provisioning Team, and can successfully log into your vCloud Director portal.

You will also need the public IP information provided by the Provisioning team. The screenshots and instructions in this document will cover the HTML5 version of the interface.

Initial Network Configuration

When a new Cloud Organization is created, it initially has no networks configured.  This is done for security reasons so that by default, any virtual machines created are isolated from the outside world.  Your Cloud Organization also has a VMware Edge Gateway appliance assigned to it, which will be used to provide internet access, firewall, NAT, and VPN functionality to your virtual machines.

Creation of an Org VDC Network

The first network that should be created is an organization-level Virtual Datacenter network.  To do so, click on the Network link in the Network menu on the left side of the screen:

Creating Org VDC Network

Then, click the Add button on the next screen:

Add Button for Org VDC Network

This will bring you to the “Add Org VDC Network” screen, which will look similar to this one:

Add Org VDC Network screen

These settings should be configured as follows:

  • Org VDC: This should already be set to the name of your virtual datacenter. If not, select yours from the drop-down menu.
  • Name: This can be any name you want to use to reference this network in the future.
  • Description: Optional description of this network.
  • Share this network with other VDCs: This will only affect you have multiple virtual datacenters, which is not common.
  • Type: For this first network, select “Routed network” to create a network that will connect to the Edge Gateway and can reach the internet. Additional networks may be created as either Isolated (internal-only) or routed.
  • Edge Gateway: Your organization will already have an Edge Gateway deployed. Click on it to select it as the Edge Gateway that this network will connect to.
  • Allow Guest VLAN and Create as Subinterface: Most clients will leave these unchecked.
  • Gateway address: This is the internal IP that you want your VMs to connect to in order to reach the internet – such as 192.168.20.1.
  • Network mask: This should match the subnet size you wish to use, such as 255.255.255.0.
  • Primary and Secondary DNS: Set these to the IPs of the domain name servers you wish to use.
  • DNS Suffix: If you need a specific DNS suffix for your local VMs, enter it here.
  • Static IP pool: If you want to identify a pool of IPs that will be reserved as static IPs, enter the IP range here in the format shown on the screen, such as 192.168.20.10 – 192.168.20.100.

Click “Save” to commit these settings.

Edge Gateway Configuration

To access the Edge Gateway configuration screen, click on the “Edges” item in the menu on the left side of the screen:

Edge Gateway configuration

This will show you a list of Edge Gateways configured on your account. In most cases, your account will only have one listed, with your organization’s name assigned to it:

example of an account added

Clicking on the Edge Gateway itself will show the current Edge Gateway Settings, and will also enable the “Configure Services” button. Click the “Configure Services” button to manage the Edge Gateway virtual appliance.

This will open up the Edge Gateway Services Screen. The Firewall rules will already have a few entries pre-built as part of pre-configured services, which you should not need to change in most cases:

screenshot of the Edge Gateway Services Screen

To allow traffic either inbound (internet to VM) or outbound (VM to internet), you will need to create both NAT rules and Firewall rules.

Managing NAT Rules

We recommend starting with the NAT rules. Click on the “NAT” link in the top part of the screen to view and manage NAT rules:

By default you will not have any NAT rules set up – this example organization already has some created as part of configuring an IPSEC VPN.

Creating a Source NAT Rule

To allow traffic from your VMs to reach the internet, click on the “SNAT Rule” button to add a SNAT (Source NAT) rule.

SNAT Rule button

These settings should be configured as:

  • Applied On: This should default to your Edge Gateway’s pre-configured external network.
  • Original Source IP/Range: This will be the same internal IP and subnet as defined earlier, such as 192.168.20.0/24.
  • Translated Source IP/Range: This will be the external IP that you want traffic to show up as. You will need to enter one of your usable public IPs here.
  • Description: An optional text description of the rule.
  • Enabled: This should be enabled by default.
  • Enable logging: Optional logging of traffic matching this rule.

Click “Keep” to commit these settings.

Creating a Destination NAT Rule

If you want to allow traffic from the internet to directly reach one of your virtual machines, you will need to create a DNAT rule to translate the public IP and port to a private IP and port. Click on the “DNAT Rule” button to add a DNAT (Destination NAT) rule.

These settings should be configured as:

  • Applied On: This should default to your Edge Gateway’s pre-configured external network.
  • Original IP/Range: This will be the public IP your external users will use to connect.
  • Protocol: This will be the IP protocol type that will be mapped with this NAT rule.
  • Original Port or ICMP Type: One or both of these will be greyed out depending on the setting chosen in Protocol. This is used to identify the type of traffic that will be mapped with this rule.
  • Translated IP/Range: This will be the internal IP of the virtual machine that you want this traffic to reach.
  • Translated Port: The port on the virtual machine that this traffic should be sent to.
  • Description: An optional text description of the rule.
  • Enabled: This should be enabled by default.
  • Enable logging: Optional logging of traffic matching this rule.

Click “Keep” to commit these settings.

Creating Firewall Rules

With the NAT rules created, Firewall rules matching this traffic must also be created so that the traffic matching these NAT rules will be allowed through. To start creating a rule, click on the “+” button. This will enter a new rule in the list as shown below:

The firewalls rules are directly edited on this screen.  Double-clicking on a field will allow you to edit the contents of that field.  The process for creating and editing a rule is the same whether you are editing a rule for SNAT or DNAT traffic, only the settings themselves will change.  These rules are only shown as examples. You will need to consider your own desired network configuration before applying rules to your environment.

An example rule to allow all traffic from VMs to reach the internet:

  • Name: Egress traffic
  • Type: User
  • Source: Internal IP range (such as 192.168.20.0/24)
  • Destination: Any
  • Service: Any
  • Action: Accept

An example rule to allow inbound traffic to port 443 on a virtual machine:

  • Name: HTTPS
  • Type: User
  • Source: Any
  • Destination: Internal IP of the VM serving HTTPS
  • Service: tcp:443:any
  • Action: Accept

You can also use the up and down arrow buttons at the top of the screen to re-order rules.  Traffic will be handled by the first rule that it matches.  For example, if you have a “deny all inbound” traffic rule, this should be the last rule after all rules that specifically allow certain types of inbound traffic.

Click “Save changes” on the right side of the screen to apply the firewall rules to your Edge Gateway.

Virtual Machine Creation and Management With Vcloud Director

Within vCloud Director, virtual machines are typically grouped into collections called “vApps”. While it is possible to configure a VM without a vApp, it is still recommended to use vApps as they provide additional functionality.  For example, your networks can be configured so that VMs within a vApp can communicate with each other, but cannot communicate with other vApps.  vApps can also be easily duplicated if you have a collection of VMs that are always deployed together.

Create a vApp

To access the vApp screen, click the “vApps” entry in the menu on the left side of the screen:

access the vApp screen

Click on the “Build New vApp” button at the top of the screen to start building a new vApp.

A name for the vApp is required, and an optional description text field is also provided. Once you click on “Select a VDC” menu, a list of your Virtual datacenters will pop up. Most clients will only have one and should select it.

Virtual Machine Creation

Then, click “Add Virtual Machine” to add the first virtual machine to this vApp.
If your organization has a VM template on it that you wish to use, you can select “From Template” and select the template you wish to clone. Otherwise, set “Type” to “New” to see the full list of settings:

create a new VM

These will be configured as follows:

  • Name: The name you want to display for this VM within vCloud Director.
  • Computer Name: The hostname of the guest system.
  • Description: An optional text description of the machine.
  • Type: Should be set to “New” unless using a template.
  • OS family: Set this to the operating system family that best matches your desired guest OS.
  • Operating System: Set this to the specific operating system you plan on installing within the guest OS. Note that this only configures the VM for compatibility with this guest – it does not actually install the guest OS selected.
  • Boot image: If you have installation media uploaded to your catalog, you can select it here, and it will be automatically connected to the VM upon creation. If not, you can connect it manually later.
  • Size: This will pre-populate with a list of common VM sizes based on the operating systems selected. Select a size from the list shown.
    • If none of the shown settings match your desired configuration, click “Customize” to be taken to the detailed sizing settings, where you can manually configure the following:
    • Virtual CPUs: This is the total number of virtual CPUs that will be assigned to the VM. One virtual CPU is approximately equal to one physical CPU core.
    • Cores per socket: This controls how many sockets the guest OS will see. It does not modify the number of cores, only how they are presented to the guest.  In most cases (and especially for VMs that are not very large), this should be set to the same as the Virtual CPUs setting.
    • Memory: Virtual RAM assigned to the VM, shown in megabytes.
    • Storage: This allows you to add and configure the size of virtual hard disks.
  • Networking: By default, this will be connected to your routed network created earlier. If you need to change the network, IP allocation, or add more virtual NICs, click the “Customize” button to do so.

Click the “OK” button to apply these settings to the VM.  This will return you to the “Build new vApp” screen.  You may repeat the process above if you want to add more VMs at this time, or you can add more VMs at a later date.

Once you have added your initial VM(s) to the vApp, click “Build” to create the vApp.

Once the vApp has been created, it will show an entry on the vApp screen:

The buttons at the bottom of the vApp allow you to control the vApp as a whole, or modify it:

  • Power: This will enable you to power on, power off, suspend, or reset the entire vApp.
  • More: This shows further settings and functionality to manage the vApp.Additional details on these functions are available within the online Help.

Details: This will open the vApp and show you a detailed list of the VMs, as well as additional settings related to the vApp:

Clicking on the Virtual Machine in the top pane will bring you to the settings of that VM, which allow you to further customize the VM and its virtual hardware.

Alternatively, you can also click on the “Virtual Machines” item in the menu on the left, and see a list of all VMs in all vApps:

Virtual Machine setting in vCloud director

The VMs on this screen will each have an entry as shown:

If you have not already connected install media to a VM, you can do it on this screen by clicking “More,” then “Insert Media.” If you have already connected install media or created a VM from a template, you can power on the VM, then click “More,” and click “Launch Web Console” to manage the VM directly.

Library Management

Libraries are where installation media and VM templates are stored.

To access Libraries, click the menu icon near the top left of the screen, and click “Libraries”:

vApp Template Libraries

The default screen will show you vApp Templates. You can click the “Add” button if you have an OVA or OVF file you wish to upload as a template, and follow the on-screen instructions to upload and configure the template.

Catalogs

Catalogs are collections of installation media and templates. You can access them by clicking the “Catalogs” button on the menu on the left.

A catalog may be one managed by phoenixNAP and shared among all users, or it can be one that you create with your own installation media and templates. The Public_Shared catalog should already be connected to your organization, which can be used for common installation media.
If you want to upload your own installation media, click “Add” on this screen to create your own catalog. The following screen will prompt you for a name, and an optional description, before allowing you to click “OK”.

Uploading Installation Media

Once you have created a catalog, click the “Media & Other” menu item to upload files to it.

Click the “Add” button at the top of the screen to upload installation media. Assign a name to the instllation media, then select the ISO file you wish to upload:

Once the upload is complete, you will be able to use this install media on VMs in your organization.