The most secure connections require a well-signed certificate, one that includes a complete trust chain rooted in a well-known public certificate authority.
You can also use a self-signed certificate or one signed by a private certificate authority, but if you do that you must first import that certificate into the vCloud Director truststore.

Important: This article is specific to VMware vCloud Director for Service Provider version 9.0 and 9.1. For information on other releases, see the "System Requirements and Installation" section of that release's Release Notes.
 

VMware Cloud Director for Service Provider 9.x

Configuring SSL Connections Between vCloud Director and PostgreSQL Without a Well-Signed Certificate

During the Configure Network and Database Connections phase of vCloud Director installation, the configuration agent asks whether you want to require the use of SSL for all connections between vCloud Director and a PostgreSQL database. The most secure connections require a well-signed certificate, one that includes a complete trust chain rooted in a well-known public certificate authority. You can also use a self-signed certificate or one signed by a private certificate authority, but if you do that you must first import that certificate into the vCloud Director truststore. In this case, in addition to having the self-signed or private cert on postgres DB, copy the self-signed or private cert generated also to vCD Cell at some location
 

1. When initially configuring vCloud Director, SSL will not be enabled on the database. The PostgreSQL server can be configured with SSL enabled, so long as it also accepts non-SSL connections. After installation is complete, you can use the following steps to enable SSL connections to your PostgreSQL vCloud Director database.
2. If using a self-signed certificate or a certificate signed by a private certificate authority, use the following command on each cell to import the certificate into the vCloud Director truststore.
    
   [root@cell1 /opt/vmware/vcloud-director/bin]#cell-management-tool import-trusted-certificates --source /path/to/self-signed-or-private-cert/
3. Use the following command to enable SSL connections between vCloud Director and PostgreSQL.
   
   [root@cell1 /opt/vmware/vcloud-director/bin]#cell-management-tool reconfigure-database --database-ssl true

PostgreSQL Performance Tuning

When used as a vCloud Director database, PostgreSQL may require certain configuration adjustments to achieve good performance at scale. These adjustments fall into two categories.

Database Configuration

This fragment of postgressql.conf is appropriate for a system with 16GB memory. (You must re-start the database after you change this file.)

max_connections = 500
# Set effective cache size to 50% of total memory.
effective_cache_size = 8GB
# Set shared buffers to 25% of total memory
shared_buffers = 4 GB

Autovacuum Parameters

This fragment of postgressql.conf incudes autovacuum parameters appropriate for typical vCloud Director workloads.

autovacuum = on
track_counts = on
autovacuum_max_workers = 3
autovacuum_naptime = 1min
autovacuum_vacuum_cost_limit = 2400

Note: The system sets a custom autovacuum_vacuum_scale_factor for the activity and activity_parameters tables.