Page tree
Skip to end of metadata
Go to start of metadata




System Overview

The Link vCloud Virtual Private Cloud Service allows our customers to deploy a fully managed Virtual Private Datacenter (VDC) in a secure and highly available environment. Our Datacenter facilities are tightly integrated with our network services to allow both public and private connections between the VDC and the end user.

Architecture

The Architecture of the Virtual Private Cloud Service is designed to have no single point of failure of the core system. The result is a secure multi-tenant environment. The diagram below describes how the VMware core services are constructed to allow for logically isolated Organizations within the environment.

Each environment is deployed from a regional datacenter which supports the VMware vCloud Virtual Private Cloud Services. Each Virtual Private Cloud Service supports one or more Provider Virtual Datacenters which host individual organizations. The customer VDC environment is built within a customer organization. Resources such as catalogues and network services can be shared within an organization. Below is a high level representation of this hierarchy.


Organization VDCs support groupings of Virtual Machines (VMs) with pre-defined characteristics such as network connectivity, virtual CPU, virtual RAM, and virtual disk space. A vApp is a VM container that consists of one or more VMs.




Virtual Datacenter Deployment Models

Internet VPN Delivery

Customers can access the virtual datacenter via an Internet VPN device. This configuration is supported with most remote firewalls that have IPSEC VPN capabilities. This method relies on a secure tunnel being established between the customer's VDC and remote site.

Private Network Delivery

Customers may choose to deploy a private network between the virtual private data center and their office(s). This approach provides enhanced security for the network traffic as well as a much higher level of performance. LinkBermuda provides both domestic and international private networks to create an end-to-end service.

In addition to the above two deployments you can also have just an Internet Delivery or any combination of the three deployment models. 



Managing your Virtual Private Cloud

Each Virtual Private Cloud Service is managed through the vCloud web-based console. Your environment will initially be configured with the following resources:

  • A Customer Organization with a single administrative user and custom web portal address
  • An initial Virtual Datacenter (resources sized based on contracted terms)
  • Access to a Public Catalog of common Virtual Machines (additional license fees may apply)
  • An initial private Local Area Network to support Vitual Machines
  • An Edge Gateway (Firewall) with an Internet connection (bandwidth based on contracted terms)

Example URL:

https://vcd.link.bm/cloud/org/CustomerName/

The initial home screen will provide an overview of your environment with a number of tools to customize and deploy resources to your Virtual Datacenter. The menu in the upper right hand corner allows you to change your password (Preferences), look up documentation (Help) and Logout. The following sections outline how to navigate the vCloud interface and how to perform common tasks.

The key tabs at the top of the page are:

  • Home
  • My Cloud
  • Catalogs
  • Administration

Administration

The Administration tab contains all of the details of your environment and is the central location for managing your Virtual Datacenters (VDCs).

User Account Management

In the menu on the left click on Members > Users to display a list of all users who can login to your vCloud portal. 

There should be an account already present which has the Organization Administrator role. You can add accounts by clicking the green plus symbol. You can create accounts with the following roles:

  • Organization Administrator - top-level access that can perform all functions in the Organization
  • Catalog Author - can fully create and manage all aspects of vApps and catalog items
  • vApp Author - can fully create and manage all aspects of vApps
  • vApp User - can manage all aspects of vApps
  • Console Access Only - can only access the console of VMs

You can send an email to all users by clicking the Notify mail icon and also edit accounts by clicking on the gear icon.

Managing a VDC

In the menu on the left click on Cloud Resources > Virtual Datacenters. A list of your VDCs will be shown. If you click on the Monitor tab you will see the resource usage of your VDC.

Click on the VDC name to view the details and manage the components of the VDC.

The components of the VDC are broken down into 6 areas:

  • vApps
  • vApp Templates
  • Media & Other
  • Storage Policies
  • Edge Gateways
  • Org VDC Networks

vApps

The vApps tab displays the vApps deployed in this VDC. You can manage the vApp at the vApp-level from this tab and perform basic functions such as changing the power state, create a vApp template of the vApp and edit the vApp properties.

Clicking on the vApp name takes you to the My Cloud tab which drills down into the VMs contained within the vApp.

vApp Templates

The vApp Templates tab displays the templates that have been created in the VDC. You can deploy a vApp from the template by clicking the Add to My Cloud... icon.You can also download the template, upload a new version or edit its properties.

Clicking on the vApp Template name will take you to the Catalogs tab which drills down into the VMs contained within the vApp Template.

Media & Other

The Media & Other tab displays ISO files (CD or DVD optical disk images) that have been uploaded to your VDC. These files are the equivalent of optical disks that can be inserted into the virtual CD/DVD drive of a VM. You can download the ISO file, upload a new version or edit its properties.

Storage Policies

The Storage Policies tab displays the disk space usage for the VDC.

Edge Gateways

The Edge Gateways tab displays the Edge Gateways deployed in your VDC. Each VDC is deployed with an Edge Gateway and a connection to the internet. Edge Gateways can only be deployed by a LinkBermuda Administrator.

As shown in the Virtual Datacenter Deployment Models section, Edge Gateways are networking devices that connect your VDC to the outside world. You can view the settings of the Edge Gateway by right-clicking on the Edge Gateway and selecting Properties.

The Configure IP Settings tab displays the public IP address assigned to the Edge Gateway's external interface in the IP Addresses column.

The Sub-Allocate IP Pools tab displays the public IP addresses assigned to the Edge Gateway which can be assigned to VMs as NAT addresses. The base Virtual Private Cloud package comes with 2 public IP addresses which along with the Edge Gateway's public IP address will be listed here.

The Configure Rate Limits tab displays the speed of the internet connection on the Edge Gateway.

In addition if the Edge Gateway stops functioning correctly you can Re-Apply Service Configuration... to refresh all of the settings or Re-Deploy... to destroy and re-create the Edge Gateway. 

Edge Gateways provide the following services:

  • DHCP
  • NAT
  • Firewall
  • Static Routing
  • VPN
  • Load Balancer

Right-click on the Edge Gateway and select Edge Gateway Services... to configure the above services.

DHCP

From the DHCP tab you can create a DHCP pool for automating the assignment of IP addresses to your VMs.

  1. Check the Enable DHCP checkbox. 
  2. Click the Add button to create the DHCP Pool.
  3. In the Applied on dropdown box select the internal Org VDC Network to assign this pool to.
  4. Enter the IP range of the pool. The IP range should be addresses from the selected Org VDC Network and should not clash with any Static IP Pools already defined (See Org VDC Networks).
  5. Adjust the lease values or keep the default ones.
  6. Click the OK button.

When assigning IP addresses to the network interfaces of your VMs, you can now select DHCP as the IP Mode.

NAT

On the NAT tab you can link internal private IP addresses to the public IP addresses assigned to your VDC (as displayed on the Sub-Allocate IP Pools tab described above).

Source NAT (SNAT) translates private IP addresses to public IP addresses (Outbound from the Edge Gateway). You can create a SNAT rule by clicking the Add SNAT... button. Add a relevant internal (private) IP address or range and a relevant external (public) IP address or range.

Destination NAT (DNAT) translates public IP addresses to private IP addresses (Inbound to the Edge Gateway). You can create a DNAT rule by clicking the Add DNAT... button. Add a relevant external (public) IP address or range and a relevant internal (private) IP address or range. You can also enable Port Address Translation (PAT) for DNAT rules.

NAT rules should almost always be applied on vCD-Internet which represents the external interface of the Edge Gateway.

The order of the NAT rules does make a difference. Rules are applied from the top of the list based on the first matching rule.

Firewall

On the Firewall tab you can enable the firewall and add rules to restrict traffic to and from your VDC.

Check the Enable firewall checkbox to use the firewall. Set the Default action to Deny or Allow. Click the Add button to create a rule.

Enter a name for the rule. Enter the Source IP address or network. If this is an outbound rule for an internal VM you should enter the IP address as the private IP address of the VM. You can also use the keywords anyinternal or external. Enter a source port or leave the default any. Enter a Destination IP address or network. If this is an inbound rule for access to an internal VM then the IP address should be the public IP address of the VM (which should be setup on the NAT tab). You can also use the keywords anyinternal or external. Set the Destination port (type in the port number if not listed in the dropdown box). Set the Protocol as TCPUDPTCP & UDPICMP or any. Set the Action to Allow or Deny. Click the OK button.

The order of the firewall rules does make a difference. Rules are applied from the top of the list based on the first matching rule.

Static Routing

The Static Routing tab allows you to setup a static route to an external network. This would typically be used to connect the VMs in your VDC to the devices in your remote office as shown in the Private Network Delivery deployment model. Check the Enable static routing checkbox. Click the Add button to create the Static Route. Enter the destination Network you are trying to reach and the Next Hop IP that will connect you to this network. The static route should be applied on an external interface on the Edge Gateway that has visibility of this next hop IP address.

VPN

From the VPN tab you can create an IPSEC site-to-site VPN connection to another VPN gateway. 

Check the Enable VPN checkbox. Click the Configure Public IPs... button if you wish to assign a different public IP address to the VPN other than the Edge Gateway's IP address. Click the Add... button to configure the VPN.

  1. Determine whether you will Establish VPN to a network in this organization, a network in another organization or a remote network (the following steps will assume a remote network).
  2. In the Local Networks window select the local network you will be peering.
  3. For Peer Networks enter the distant end peering network.
  4. For the Local Endpoint select vCD-Internet (which represents the external interface of the Edge Gateway).
  5. The Local ID should be the public IP address of the Edge Gateway (unless you assigned a different public IP address under Configure Public IPs...).
  6. The Peer ID and Peer IP should be the IP address of the distant end VPN gateway.
  7. Set the matching Encryption protocol, Shared Key and MTU as the distant end VPN gateway.
  8. Click the OK button.
Load Balancer

The Load Balancer tab allows you to configure a Load Balancer to map a single public IP address to multiple VMs on internal IP addresses. The Load Balancer will accept requests on HTTP, HTTPS or a specified TCP port and distribute the requests to one or more VMs..

First create a pool of servers by clicking Pool Servers and then the Add button.

Enter a name for the pool of servers and click Next.

Check the boxes next to the protocols you wish to listen for. Change the Balancing Method by selecting a method from the dropdown box. Enter an alternate Port number if not the default. Click Next.

Configure the Health-Check settings. If monitoring on an alternate port other than the default, enter the port number in the Monitor Port column. Choose the method of performing the Health-Check by selection a method in the Mode dropdown box. If the Mode is HTTP enter the URI at the bottom. Click Next.

Click the Add button to add a member to the pool. Enter the internal IP address of the VM and a Ratio weight. Enter an alternate Port and Monitor Port if not using the default. Click OK. Repeat these steps for additional members. Click Next.

Click Finish to create the pool. Next create a highly available Load Balancer virtual server to distribute traffic to the member pool you just created.

Click on Virtual Servers and then the Add button. Enter a name for the Virtual Server. Select vCD-Internet in the Applied on dropdown box. Enter a public IP address in the IP address field. This will be the logical IP address of the Load Balancer. Set the Pool to the member pool you just created. In the Services table check the Enabled box next to the services you will be listening on and select a Persistence Method if applicable. Click OK.

Org VDC Networks

The Org VDC Networks tab displays the networks available to your VDC. These can include internal private networks used for LAN access within your VDC as well as external private networks that connect your VDC to your remote office as shown in the Private Network Delivery deployment model. By default you can create up to 10 internal private networks. External private networks can only be created by a LinkBermuda Administrator. 

You can view the settings of the Org VDC Network by right-clicking on the name and selecting Properties.

The Network Specification tab displays the Gateway address (the interface address on the Edge Gateway), the DNS settings and a Static IP Pool of addresses if configured.

In addition you can right-click on the name and select IP Allocations and view which IP addresses are in use in the Org VDC Network.

You can right-click on the name and select Connected vApps to display which vApps are currently connected to the Org VDC Network.

Users can create two types of Org VDC Networks:

  • Isolated - a network only accessible to VMs within the VDC
  • Routed - a network routed through the Edge Gateway

Click the green plus symbol to create a new Org VDC Network.

Select whether you will create an isolated network or a routed network. If creating a routed network select an Edge Gateway from the table. Click Next.

Enter a Gateway address (for the routed network this represents the interface address on the Edge Gateway) and a Network mask. Check the Use gateway DNS checkbox to use the DNS servers on the Edge Gateway or enter your own below. If you wish to use a static pool of IP addresses for your VMs (as opposed to or in addition to a DHCP pool) enter the range(s) here. Click Next.

Enter a Name for the network and click Next.

Review the settings and click Finish to create the Org VDC Network.

Catalogs

The Catalogs tab displays vApp Templates and disk images (in the form of ISO files) which are available to the Organization.

Public Catalogs

Under Public Catalogs LinkBermuda provides access to a shared catalog named LinkBermuda Catalog where you have access to vApp Templates of common operating systems.

Click on the vApp Templates tab to view the available vApp Templates.

The operating systems currently available are:

  • CentOS 7 (GUI interface installed by default)
  • Ubuntu 16 (Command line only)
  • Windows Server Standard 2012 R2
  • Windows Server Standard 2016
  • Windows Server Standard 2019

Microsoft Licenses

There are additional monthly charges for any Microsoft Windows servers deployed in your Organization.

To deploy one of the vApp Templates, highlight the operating system you want and click the Add to My Cloud... icon.

Enter a name and description for the vApp and select which VDC to create it in. Click Next.

Enter a name for the VM. Click Next.

Enter a hostname for the VM in the Computer Name column. In the Networks column select the Org VDC Network that the VM will connect to. Check the Switch to the advanced networking workflow checkbox for additonal IP address assignment options if necessary. Click Next.

Adjust the CPU, Memory and Disk space. Click Next.

Review all of your settings and check the Power on vApp after this wizard is finished checkbox if you wish to immediately power on the vApp after it is deployed. Click the Finish button to deploy the vApp into your VDC.

Initial VM Settings

Refer to the My Cloud section for notes on initial settings for the deployed VM such as locating the initial Administrator/root password and adjusting the virtual hardware.

My Organization's Catalogs

My Organization's Catalogs are where you can create one or more of your own catalogs to store vApp Templates and disk images.

Warning

vApp Templates and ISO files consume resources in your VDC in the form of disk space and VM quotas. Bear this in mind when planning the size of your VDC.

The Catalogs tab lists the catalogs that you have created for your Organization. Click the green plus symbol to create a catalog.

The vApp Templates tab is identical to the vApp Templates tab in the Administration > Virtual Datacenters section. You can deploy a vApp from the template by clicking the Add to My Cloud... icon.You can also download the template, upload a new version or edit its properties. The exception is that from this tab you can also upload a new vApp Template (OVF or OVA file format) to the catalog. Click the Upload... button to do this.

Enter a URL to the OVF file or locate the OVF file on your local hard drive. Click the Upload button to begin.

The Media & Other tab is identical to the Media & Other tab in the Administration > Virtual Datacenters section. These ISO files are the equivalent of optical disks that can be inserted into the virtual CD/DVD drive of a VM. You can download the ISO file, upload a new version or edit its properties. The exception is that from this tab you can also upload a new ISO file to the catalog. Click the Upload... button to do this.

Enter a URL to the ISO file or locate the ISO file on your local hard drive. Click the Upload button to begin.

My Cloud

The My Cloud tab is where you manage the vApps and VMs within your Organization.

vApps

In the menu on the left click on vApps. You will see a list of all of the vApps in your Organization.

By right-clicking on the vApp name you can control the power state of the vApp, share it with other Organization users, change the owner, add it to a catalog as a vApp Template, copy or move it to another VDC. You can view the Properties of the vApp to change its settings.

On the General tab you can change the Name of the vApp or set a lease for the vApp.

On the Starting and Stopping VMs tab you can configure a custom startup/shutdown order for powering on and powering off the VMs within the vApp.

On the Sharing tab you can share this vApp with specific user in the Organization.

You can view the VMs within the vApp by right-clicking the vApp name and selecting Open.

The vApp Diagram tab displays a network diagram of the VMs and their network connections. Click on the VM thumbnail to open a VM console or right-click the VM to display the VM Actions menu. In the toolbar you can click the Add VM... button to add a new VM to the vApp.

Select a vApp Template from a catalog and click the Add button or click the button New Virtual Machine to create an empty VM for which you will install the operating system yourself. Click Next and complete the wizard similar to the steps seen here.

In the toolbar click the Add Network... button to add a new network to the vApp.

You can choose to add either an existing Organization VDC network or to create a new vApp network only accessible to the VMs in this vApp. If you choose to create a vApp network complete the network details as seen here.

The Virtual Machines tab lists the VMs within the vApp. Click on the VM thumbnail to open a VM console or right-click the VM name to display the VM Actions menu. Click the green plus symbol to add a VM to the vApp. Select a vApp Template from a catalog and click the Add button or click the button New Virtual Machine to create an empty VM for which you will install the operating system yourself. Click Next and complete the wizard similar to the steps seen here.

The Networking tab displays the Org VDC Networks and vApp networks associated with the vApp. If you right-click on the network name and select IP Allocations you can view the IP addresses assigned to VMs in just this vApp. You can add a network to the vApp by clicking the green plus symbol. You can choose to add either an existing Organization VDC network or to create a new vApp network only accessible to the VMs in this vApp. If you choose to create a vApp network complete the network details as seen here.

Back on the main vApp view you can create a vApp using one of three methods:

  • Add vApp from Catalog
  • Add vApp from OVF
  • Build New vApp

Add vApp from Catalog

Click the green plus symbol to create a vApp from a vApp Template in the catalog.

Select a vApp Template from a catalog (Click All Templates to see all available vApp Templates). Click Next and complete the wizard as shown in the steps here.

Add vApp from OVF

Click the green plus/cube symbol to create a vApp from an OVF file.

Enter a URL to the OVF file or locate the OVF file on your local hard drive. Click Next.

Review the details of the OVF (and accept any license agreements if necessary). Click Next and complete the wizard as shown in the steps here.

Build New vApp

Click the asterisk/squares symbol to create a new vApp from scratch.

Enter a Name for the vApp, the VDC to place the vApp in and any lease requirements. Click Next.

Select a vApp Template from a catalog and click the Add button or click the button New Virtual Machine to create an empty VM for which you will install the operating system yourself. Click Next and complete the wizard similar to the steps seen here.

VMs

In the menu on the left click on VMs. You will see a list of all of the VMs in your Organization.

Click on the VM thumbnail to open a VM console. By right-clicking on the VM name you can control the power state of the VM, install VMware Tools, upgrade the Virtual Hardware Version, copy or move it to another vApp. If you created an empty VM you can select Insert CD/DVD from Catalog to install the operating system from disk. You can view the Properties of the VM to change its settings.

On the General tab you can change the name of the VM and upgrade the Virtual hardware version.

On the Hardware tab you can adjust the resources of the VM and add or remove CPU or Memory. You can add disks or increase disk sizes. You can also add NICs, change the adapter type (check the Show network adapter type checkbox) or adjust the IP Mode (e.g. change from Static - IP Pool to Static - IP Manual or DHCP).

Making changes to some resources may have impacts to the underlying operating system of the VM or additional steps may be required for the operating system to recognize the changes.

On the Guest OS Customization tab you can make changes to interact with the operating system of the VM. VMware Tools should be installed in order to take full advantage of the Guest OS Customization features. The VM must also be powered off to make changes on this tab. For Windows operating systems you can check the Change SID checkbox if you cloned or made a copy of another Windows VM.

The Password Reset section allows you to specify a password for the VM. In particular if you deploy vApps from the LinkBermuda Catalog the passwords are set as follows:

  • CentOS 7 - look at the Guest OS Customization tab of the VM to see the root password (next to Auto generate password)
  • Ubuntu 16 - look at the Guest OS Customization tab of the VM to see the root password (next to Auto generate password)
  • Windows Server Standard 2012 R2 - look at the Guest OS Customization tab of the VM to see the Administrator password (next to Auto generate password)
  • Windows Server Standard 2016 - look at the Guest OS Customization tab of the VM to see the Administrator password (next to Auto generate password)
  • Windows Server Standard 2019 - look at the Guest OS Customization tab of the VM to see the Administrator password (next to Auto generate password)

After making changes on the Guest OS Customization tab you can push them out to the VM by performing a Power On and Force Recustomization of the VM from the vApps > Virtual Machines tab.

Some actions can only be performed while the VM is powered on or while it is powered off.

Expired Items

If you assign a lease to a vApp or vApp Template and set it to move the item to Expired Items on expiration (as opposed to permanently delete on expiration) it will be displayed here. By default vApp and vApp Templates are set to never expire.

Logs

The Logs section displays all Tasks and Events carried out in your Organization.

Home

The Home tab provides quick access to common tasks and provides a summary of the resources deployed in your Organization.

The Set up this organization link in the upper left hand corner allows you to edit the settings of the Oragnization such as changing the displayed name of the Organization, adding user accounts, changing email settings or adjusting vApp lease settings and VM quotas.

The menu underneath Quick Access allows you three options to deploy a vApp either by deploying from the Catalog, deploying from OVF or building a new vApp from scratch.

The main window on the Home tab displays all of the vApps currently deployed in your Organization. From this view you can change the power state of the vApp, click on the thumbnail image to open a VM console or click the Open link which will take you to the My Cloud tab for that vApp.

The menu on the right side of this view is a list of direct links to specific areas on the My Cloud, Catalogs and Administration tabs or links to common tasks.

  • No labels