Installing VMware vCloud Director 5.5.x best practices (2059451)
VMware vCloud Director builds on the VMware vSphere foundation and exposes virtualized shared infrastructure as multitenant virtual data centers that are decoupled from the underlying hardware and isolated from one another. You can expose virtual data centers to users through a Web-based portal and define and expose a catalog of services that you can deploy within the virtual data center.
This article outlines the basic configurations that are necessary to get started with vCloud Director 5.x.
Note: For more information, see the vCloud Director Installation and Upgrade Guide. The guide contains definitive information. If there is a discrepancy between the guide and this article, assume that the guide is correct.
Provides storage, compute, and networking capacity to vCloud Director. Before you begin the installation, consider how much vSphere and vCloud Director capacity you need, and plan a configuration that can support it.
Configuration requirements depend on many factors, including the number of organizations in the cloud, the number of users in each organization, and the activity level of those users. These guidelines can serve as a starting point for most configurations:
- Allocate one vCloud Director server (cell) for each vCenter Server that you want to make accessible in your cloud.
- Be sure that all vCloud Director servers meet at least the minimum requirements for memory, CPU, and storage detailed in vCloud Director hardware and software requirements section.
- Configure the vCloud Director database as described in the Installing and Configuring a vCloud Director Database section of the vCloud Director Installation and Upgrade Guide.
vCloud Director hardware and software requirements
Each server in a vCloud Director server group must meet certain hardware and software requirements. In addition, a supported database must be accessible to all members of the group. Each server group requires access to a vCenter Server, a vShield Manager server, and one or more ESXi hosts.
For information on the supported vCenter Server, ESXi/ESX, and vShield Manager versions, see the VMware Product Interoperability Matrixes.
vSphere configuration requirements
vCenter Servers and ESXi/ESX hosts intended for use with vCloud Director must meet specific configuration requirements. The requirements include:
- vCenter Server networks intended for use as vCloud Director external networks or network pools must be available to all hosts in any cluster intended for vCloud Director to use. Making these networks available to all hosts in a data center simplifies the task of adding new vCenter servers to vCloud Director.
- DRS is enabled on the cluster intended for vCloud Director with the automation level set to Fully Automated.
- vSphere Distributed Switches must be used for cross-host fencing and network pool allocation.
- vCenter Servers must trust their hosts. All hosts in all clusters managed by vCloud Director must be configured to require verified host certificates. In particular, you must determine, compare, and select matching thumbprints for all hosts. See Configure SSL Settings in the vCenter Server and Host Management documentation.
Note: Storage DRS with an automation level of Fully Automated is recommended though it is not required. This configuration requires shared storage attached to all ESXi hosts in a DRS cluster. vCloud Director can take full advantage of Storage DRS, including support for fast provisioning with vCenter 5.1 or later.
vSphere licensing requirements
vCloud Director requires these vSphere licenses:
- VMware DRS, licensed by vSphere Enterprise and Enterprise Plus.
- VMware Distributed Switch and dvFilter, licensed by vSphere Enterprise Plus. This license enables creation and use of vCloud Director isolated networks.
Supported vCloud Director operating systems
- CentOS 6 (64-bit) Update 4
- CentOS 6 (64-bit) Update 5
- Red Hat Enterprise Linux 5 (64-bit) Update 4
- Red Hat Enterprise Linux 5 (64-bit) Update 5
- Red Hat Enterprise Linux 5 (64-bit) Update 6
- Red Hat Enterprise Linux 5 (64-bit) Update 7
- Red Hat Enterprise Linux 5 (64-bit) Update 8
- Red Hat Enterprise Linux 5 (64-bit) Update 9
- Red Hat Enterprise Linux 6 (64-bit) Update 1
- Red Hat Enterprise Linux 6 (64-bit) Update 2
- Red Hat Enterprise Linux 6 (64-bit) Update 3
- Red Hat Enterprise Linux 6 (64-bit) Update 4
- Red Hat Enterprise Linux 6 (64-bit) Update 5
|Each vCloud Director server requires approximately 1350 MB of free space for the installation and log files.|
|Each vCloud Director server must be provisioned with at least 4 GB of memory.|
|Each vCloud Director server must include installations of several common Linux software packages. These packages are typically installed by default with the operating system software. If any are missing, the installer fails with a diagnostic message.|
Required software packages
|Package Name||Package Name|
Supported vCloud Director databases
Supported LDAP servers
|Platform||LDAP Server||Authentication methods|
|Windows Server 2003||Active Directory||Simple, Simple SSL, Kerberos, Kerberos SSL|
|Windows Server 2008||Active Directory||Simple|
|Windows 7 (2008 R2)||Active Directory||Simple, Simple SSL, Kerberos, Kerberos SSL|
|Linux||OpenLDAP||Simple, Simple SSL|
Supported guest operating systems
vCloud Director 5.1 supports a wide variety of operating systems. For more information on support and customization, see Supported Guest Operating systems in vCloud Director 5.5 (2058524).
Creating SSL certificates for vCloud Director
vCloud Director requires SSL to secure communications between clients and servers. Before you install and configure a vCloud Director server group, you must create two certificates for each member of the group and import the certificates into host keystores.
Each vCloud Director server requires two IP addresses, so that it can support two different SSL endpoints. Each server requires two SSL certificates, one for each SSL endpoint.
Note: All directories in the pathname to the SSL certificates must be readable by the user vcloud.vcloud. This user is created by the vCloud Director installer.
- List the IP addresses for this server. Use a command such as ifconfig to discover this server's IP addresses.
- For each IP address, run this command to retrieve the fully qualified domain name to which the IP address is bound:
- Make a note of each IP address, the fully qualified domain name associated with it, and whether vCloud Director should use the address for the HTTP service or the console proxy service. You need the fully qualified domain names when you create the certificates, and the IP addresses when you configure network and database connections.
- Create the certificates. You can use certificates signed by a trusted certification authority, or self-signed certificates. Signed certificates provide the highest level of trust. A 2,048-bit key length provides a high level of security. For more information, see Generating SSL certificates for VMware vCloud Director (1026309).
Installing and configuring vShield
vCloud Director depends on vShield Manager to provide network services to the cloud. Install and configure vShield Manager before you begin installing vCloud Director.
You must associate each vCenter Server that you add to vCloud Director with a unique instance of vShield. For information about the network requirements and supported versions of vShield, see Installing vCloud Networking and Security 5.5.x best practices (2059449).
This procedure applies only to new installations of vCloud Director. If you are upgrading an existing installation of vCloud Director, you can optionally upgrade its associated vShield installation. A new release of vShield cannot work with an existing release of vCloud Director. For more information, see Best practices for upgrading to VMware vCloud Networking and Security 5.5 (2055673).
Installing and configuring an AMQP broker
AMQP, the Advanced Message Queuing Protocol, is an open standard for message queuing that supports flexible messaging for enterprise systems. vCloud Director includes an AMQP service that you can configure to work with an AMQP broker, such as RabbitMQ, to provide cloud operators with a stream of notifications about events in the cloud. If you want to use this service, you must install and configure an AMQP broker.
- Download the RabbitMQ Server from the VMware RabbitMQ page.
- Perform the RabbitMQ installation instructions to install RabbitMQ on any convenient host. The RabbitMQ server host must be reachable on the network by each vCloud Director cell.
- During the RabbitMQ installation, make a note of the values that you need to supply when configuring vCloud Director to work with this RabbitMQ installation:
- The fully-qualified domain name of the RabbitMQ server host. For example, amqp.example.com.
- A username and password that are valid for authenticating with RabbitMQ.
- The port at which the broker listens for messages. The default is 5672.
- The RabbitMQ virtual host. The default is /.
Downloading and installing the VMware public key
The installation file is digitally signed. To verify the signature, you must download and install the VMware public key. You can use the Linux rpm tool and the VMware public key to verify the digital signature of the vCloud Director installation file, or any other signed downloaded file from VMware.com.
If you install the public key on the computer where you plan to install vCloud Director, the verification happens as part of the installation or upgrade. You can also manually verify the signature before you begin the installation or upgrade procedure, then use the verified file for all installations or upgrades. For more information on this procedure, see Downloading and installing the VMware Public Key to validate a vCloud Director installation (2005832).
Creating a vCloud Director server group
A vCloud Director server group consists of one or more vCloud Director servers. Each server in the group runs a collection of services called a vCloud Director cell. To create a server group, you install vCloud Director software on each server, configure its network and database connections, and start its vCloud Director services. For more information, see the vCloud Director Installation and Upgrade Guide.
Note: This procedure is for new installations only. If you are upgrading an existing vCloud Director installation, see Best practices for upgrading to VMware vCloud Networking and Security 5.5 (2055673).