> For the complete documentation index, see [llms.txt](https://docs.glesys.com/llms.txt). Markdown versions of documentation pages are available by appending `.md` to page URLs; this page is available as [Markdown](https://docs.glesys.com/products/compute/vmware-cloud-director-as-a-service/how-tos/virtual-machine-creation-and-management-with-cloud-director.md). # Virtual Machine creation and management with Cloud Director *** In Cloud Director, virtual machines are organized into collections called vApps. Although it is possible to configure a VM without a vApp, a vApp provides additional functionality. For example, you can configure your networks so VMs can communicate with each other but not with different collections of virtual machines. vApps are easy to duplicate, which is convenient if you have a group of VMs that you always deploy together. ## Working with VMs ### Creating a VM 1. Navigate to **Compute** → **Virtual Machines** and click **New VM**. 2. Enter a **Name** and a **Computer Name** (hostname). 3. Select Type: * **New** if you want to perform a clean operating system install using an ISO file. * **From Template** if you want to use an existing template. 4. Click **OK** to create the VM. 5. Click **Details** to make additional configuration changes after creating the machine. If you deployed the VM using a Glesys template, please read the section on how to customize a VM using cloud-init for additional instructions on how to configure the VM hostname, network, user accounts, passwords, etc. ### Deleting a VM 1. First, shut down the existing VM. 2. Now it is possible to delete it by clicking **All Actions** → **Delete**. ## Working with vApps ### Creating a vApp 1. Navigate to **Compute** → **vApps** and click **New** → **New vApp**. 2. Enter a **Name** for the new vApp. 3. If you need to add new VMs to this vApp, click **Add Virtual Machine**. However, this step is optional and can be performed later. 4. Click **Create**. ### Deleting a vApp 1. To delete a vApp, click **All Actions** followed by **Delete**. Keep in mind that deleting a vApp will also **delete all VMs associated** with it. If you plan to keep any VMs, move them to a new vApp. If you have only one VM left in the vApp and wish to keep it, convert it into a standalone VM by selecting **All Actions** → **Convert to VM**. ### Adding an existing VM to a vApp 1. Navigate to **Compute** → **Virtual Machines** and locate the VM. 2. Click **Actions** → **Move**. 3. Choose your destination vApp. 4. Adjust the resources as necessary and click **Next**. 5. Review the information and click **Done**. The VM now belongs to the specified vApp. ### Converting a vApp to a VM 1. Converting a vApp to a VM is done under **All Actions** → **Convert to VM**. This option is only available when a single VM is in the vApp. If there are multiple VMs, you must move them to another vApp before conversion. ### Importing and exporting vApps It is possible to import and export vApps from VMware Cloud Director either directly in the Tenant Portal or by using the VMware OVF Tool. The OVF Tool is a command-line utility that helps you import and export OVF packages to and from many VMware products. If you want to export a VM, converting it to a vApp before exporting is necessary. It is also required that it's powered off during the export. #### Using the tenant portal * **Export**: Power off the vApp. Navigate to **Compute** > **vApps**. Choose the specific vApp and click **Actions** > **Download**. * **Import**: Navigate to **Compute** > **vApps** and click the **New** button. Click **Add vApp From OVF**. #### Using the OVF tool 1. To download the tool from VMware, navigate to this URL: [Open Virtualization Format (OVF) Tool](https://developer.broadcom.com/tools/open-virtualization-format-ovf-tool/latest) 2. Here is the [OVF Tool User Guide](https://techdocs.broadcom.com/us/en/vmware-cis/vsphere/vsphere-sdks-tools/7-0/ovf-tool-user-s-guide.html) if you need further guidance. To view the help output, you can run the following command: `ovftool --help` Below are two practical examples using OVF Tool. Command syntax to **import** a vApp: {% code title="Command" %} ``` ovftool --X:progressSmoothing=10 --X:vCloudTimeout=60000 --X:vCloudKeepAliveTimeout=60000 "C:\temp\import.ova" "vcloud://username@vcd.dc-fbg1.glesys.net?org=&vdc=&vapp=" ``` {% endcode %} Command syntax to **export** a vApp: {% code title="Command" %} ``` ovftool --X:progressSmoothing=10 --X:vCloudTimeout=60000 --X:vCloudKeepAliveTimeout=60000 "vcloud://username@vcd.dc-fbg1.glesys.net?org=&vdc=&vapp=" "C:\temp\export.ova" ``` {% endcode %} ## Working with networks For security reasons, a new Cloud Organization has no preconfigured networks. As a result, when you create a virtual machine, it will be isolated from the outside world. Your Cloud Organization has an Edge Gateway for internet access, firewall, NAT, and VPN functionality for virtual machines. A network can either be used in the scope of an Edge Gateway or outside it, creating an isolated network between VMs. ### Creating an organization VDC network The first network to create is an organization-level Virtual Datacenter (VDC) network. 1. Navigate to **Networking** → **Networks** and click **New** button to start the VDC network creation process. 2. Then, walk through the following steps in the Wizard to create a new network: #### Scope Choose the Scope of the network, i.e., whether it should only apply to a specific organization Virtual Data Center, or an entire VDC Group (several VDCs). Click **Next** to proceed. #### Network type Select the type of network you want to create: 1. Choose **Routed** as the type if the network should go through an existing Edge Gateway, or 2. **Isolated** as type if the network should only be reachable within the current VDC. Click **Next** to proceed. #### Edge connection Create the Edge Connection. Your organization will have the Edge Gateway deployed, which shows up on the list. Here is also an option to turn off Distributed Routing. Select the Edge Gateway (t1-vdc-xxxxx…) from the list and click **Next**. #### General The **General** step contains general information about the network. The following fields are available: * **Name**. Create any name you want to use to reference this network in the future. * **Description (optional)**. A description of this network. * **Dual-Stack Mode (optional)**. The switch enables the network to have both IPv4 and IPv6 subnets. * **Gateway CIDR**. The CIDR includes the IP address of the gateway, e.g. 192.168.1.1/24 represents the gateway address 192.168.1.1 and its associated routing prefix 192.168.1.0, or equivalently, its subnet mask 255.255.255.0. The CIDR value cannot be changed once it is provided. * **Guest VLAN Allowed (optional)**. Virtual Guest tagging. Fill out the general information for the network. When ready, click **Next** to proceed. #### Static IP pools The Static IP Pools page allows reserving a pool of IPs that will be static. The step is optional. To add an entry, enter a static IP address (e.g. 192.168.1.2) or range (e.g. 192.168.1.2 to 192.168.1.100) and click **Add**. The entry appears on the **Allocated IP Ranges** list, and the total reserved IP addresses are displayed below the list. #### DNS The DNS enables adding a primary and secondary DNS and the DNS suffix for the VMs. Setting up a DNS is optional. Set the IPs of the DNS servers if you wish to use them, and click **Next**. Finally, review the information and click **Finish** to create the network. If you also want to enable DHCP for a network, follow these steps: #### Enable DHCP (optional) Enabling DHCP can be done after creating the network. 1. Navigate to **Networking** → **Networks**. 2. Select the **Network** you want to edit. 3. Navigate to **IP Management** → **DHCP** and click **Activate**. 4. Enter the following required information: * **DHCP Mode:** Network * **Listener IP address:** The IP address of the DHCP service (e.g. 192.168.1.254) 5. Click **Next** to proceed. 6. Click **Add** to create a DHCP pool. Please note that this pool must be outside any previously created static IP Pool. For example, if you have a static IP Pool with the IP addresses 192.168.1.2-192.168.1.100, you could use 192.168.1.101–192.168.1.253 for the DHCP pool. Click **Next** to proceed. 7. **Optional**. Enter the DNS servers that connected VMs should obtain from the DHCP service. Click **Next** to proceed. 8. Review the configuration and click **Finish** to activate DHCP. ### Deleting an organization VDC network 1. Navigate to **Networking** > **Networks**. 2. Select a network and click **Delete**. Note that this procedure will only work when there's no longer an existing relation to the network, for example, a connected VM. ### Edge Gateway configuration To access the Edge Gateway configuration screen, open the **Edge Gateways** tab from the **Networks** page. #### NAT rules Network Address Translation (NAT) is a technique that allows the translation of public IP addresses to private ones. Using NAT makes connecting multiple servers in an internal network to the same public IP address possible. Moreover, NAT is also the only method to assign a public IP address to a VM connected to an Edge Gateway. We recommend starting with the NAT rules, as no NAT rules are set up by default. Here are the different types of NAT rules available to choose from: * **DNAT**: This rule translates a public IP address and all or specific ports to a private IP address. You can, for example, send all HTTPS traffic to a public IP to VM1, while RDP traffic to the same IP instead is sent to VM2. * **SNAT**: This rule is used for outbound traffic and translates a private IP address to a public IP address. * **No DNAT**: If you have specified an IP range, you can use this rule to exclude specific IP addresses from existing DNAT rules. Make sure any No DNAT rule has a higher priority than the DNAT rule, or it will not work. * **No SNAT**: The same as above, but for SNAT rules. * **REFLEXIVE NAT** (sometimes called stateless NAT): For Reflexive, to **egress traffic**, the firewall is applied to the translated source address after NAT is done. For Reflexive, to **ingress traffic**, the firewall is applied to the original destination address before NAT is done. #### Firewall rules The firewall rules can be accessed and edited by clicking the **Edge Gateway**. There is a default rule added automatically, which drops all traffic. You can add new rules above this to allow specific traffic to and from your networks. To define Firewall rules, start by setting up **Static Groups** (whole networks including connected VMs) and/or **IP Sets** (predefined IP addresses) under **Security** in the left-hand menu. These can then be used in the Firewall rules. #### Non-Distributed Routing By default, no segmentation occurs between the internal networks connected to an Edge Gateway. The firewall is thus only applied for North-South traffic (ingoing and outgoing) and not East-West (between VMs and networks). Turning off Distributed Routing on the specific network forces all VM traffic through the service router and makes segmentation between different internal networks possible. It's important to remember that there will be an extra hop when routing traffic through the service router instead of the Distributed Routers on each ESXi host. This extra hop can result in higher latency compared to using Distributed Routing. To turn off Distributed Routing on your network, you must allow it on the Edge Gateway first. This option may, in some cases, not be enabled by default, but Glesys Support can assist with it. If you did not turn off Distributed Routing when creating the network, you can adjust it later. However, it is essential to note that the change will take effect immediately. Therefore, adjusting the firewall rules beforehand is crucial, especially if the network is in active use. To deactivate Distributed Routing, do the following: 1. Navigate to **Networking** → **Networks**. 2. Choose the network you want to edit. Under the General section, click **Edit**. 3. Click on the Connection tab, uncheck Distributed Routing, and click **Save**. ## Working with snapshots Creating a snapshot allows you to save one or more restore points of a VM temporarily. This feature comes in handy when upgrading the operating system or software. In case of an error, you can revert the server to a snapshot. However, it's important to note that a snapshot should not replace a backup since it is stored in the same folder as the original VM and relies on the original disk. In addition, it is best practice to save a snapshot for at most three days, as it can affect the virtual machine's performance. So remember to delete it as soon as it is no longer needed, and limiting the number of active snapshots to a maximum of three per server is also good. If you need further details on how to work with snapshots, please read the documentation in [VMware Cloud Director Tenant Guide](https://docs.vmware.com/en/VMware-Cloud-Director/10.4/VMware-Cloud-Director-Tenant-Portal-Guide/GUID-9DFA69F7-BC5B-4E62-B07D-59DAB1D1534B.html). ### Creating a snapshot 1. Navigate to **All actions** → **Snapshot**. 2. To create a snapshot, click **Create Snapshot**. ### Reverting to a snapshot 1. Navigate to **All actions** → **Snapshot**. 2. To revert to a snapshot, click **Revert to Snapshot**. ### Deleting a snapshot 1. Navigate to **All actions** > **Snapshot**. 2. To delete a snapshot, click **Remove Snapshot**. ## Working with backups Our Cloud Director tenant portal has a built-in integration with Veeam, which you can access by purchasing our backup service. It provides a self-service portal that enables you to manage your backup tasks and execute restores more effortlessly. If you back up a VM or vApp running in Falkenberg, it will automatically be stored in our Stockholm data center, and vice versa. ## Access control ### Users We initially hand over credentials for an administrator account to our customers. Still, we strongly recommend setting up personal user accounts for each individual who needs access to the portal. ### Roles Each user is assigned a role. For example, the **Organization Administrator role** has complete rights in the portal. In contrast, the **Console Access Only role** only has access to open the console and view the properties of VMs. It is possible to create your own custom roles with any necessary permissions. ### Identity providers Using an external Identity Provider, e.g., Google Workspace, for Single Sign-On capabilities in the portal is possible. That is also currently the only way to achieve two-factor authentication to the Cloud Director portal. Read more here about adding a SAML Identity Provider to VMware Cloud Director in the [VMware Cloud Director Service Provider Admin Portal Guide](https://docs.vmware.com/en/VMware-Cloud-Director/10.3/VMware-Cloud-Director-Service-Provider-Admin-Portal-Guide/GUID-89329614-343E-44AC-9AD3-90A3119D970B.html). ## External VMware documentation Our environment supports **VMware Cloud Director Availability**, which can be used for replication and migration to and from our environment or between our data centers. It is not enabled by default, but can be enabled by contacting Glesys Support. [Read the VMware Cloud Director Availability documentation](https://docs.vmware.com/en/VMware-Cloud-Director-Availability/index.html) The VMware Cloud Director **Tenant Portal** Guide provides information about administering your organization and creating and configuring virtual machines, vApps, and networks within vApps. You can also configure advanced networking capabilities that VMware NSX provides for vSphere within a VMware Cloud Director environment. You can also create and manage catalogues, vApp and VDC templates, and create and manage cross-virtual data center networks. [Read the VMware Cloud Director Tenant Portal Guide](https://docs.vmware.com/en/VMware-Cloud-Director/10.4/VMware-Cloud-Director-Tenant-Portal-Guide/GUID-74C9E10D-9197-43B0-B469-126FFBCB5121.html) --- # Agent Instructions This documentation is published with GitBook. GitBook is the documentation platform designed so that both humans and AI agents can read, navigate, and reason over technical content effectively. Learn more at gitbook.com. ## Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://docs.glesys.com/products/compute/vmware-cloud-director-as-a-service/how-tos/virtual-machine-creation-and-management-with-cloud-director.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.