www.open902.com

My own Knowledge Base made public ..

8. vShield Edge & Organization Network

Browse to your organization

Administration > Edge Gateways and click the green “+”

edge-01

 

Here I just leave the defaults and click Next

edge-02

 

Select your external network and click Next

edge-03

 

Give your Edge Gateway a Name and click Next

edge-04

 

At the overview – click Finish

edge-05

 

The vShield Manager will now deploy a vShield Edge – this may take a few minutes

edge-06

 

The Edge should now show up under your System vDC Resource Pool

edge-07

edge-08

 

The Edge should now take an IP from the External Network Pool you have created.

edge-09

 

Change over to Org VDC Network and click the green “+”

edge-10

 

As mentioned, you can connect an organization directly to an external network, of which the external IPs will be assigned from. Here however I will create a routed network using the Edge I just created.

Select Create a routed network by connecting to an existing edge gateway, select the Edge just created and click Next

edge-11

 

Now enter the PRIVATE network details.

This is the network behind the Edge Gateway – these are the details your VMs will be using

 

Click Next

edge-12

 

Give it a name and click Next

edge-13

 

At the overview, click Finish

edge-14

 

Let it do its thing

edge-15

 

Once done, your network is ready to be used by the organization. Or is it ?

Well, this is a virtual router and uses NAT. By default the firewall blocks everything and no NAT is configured.

Let’s do a basic setup here. I will simply allow everything Outgoing.

 

We know the external interface of the Edge Gateway has the IP 192.168.1.80.

 

Go back to the Edge Gateways tab, right click the Edge and select Properties

edge-19

 

Change to the tab Sub-Allocate IP Pools and click External Network. On the right you can see the available IPs (192.168.1.80-99)

So we know 192.168.1.80 is taken for the Edge itself so I enter 192.168.1.81 and click Add, then click OK

edge-20

 

Give it a few seconds to sort itself out

edge-21

 

No right click your Edge and click Edge Gateway Services

edge-17

 

Go the the NAT tab. Here you can create two kinds of NAT rules.

  • SNAT – This is your outgoing NAT rule (e.g. you want to browse the internet).
  • DNAT – This is your incoming NAT rule (e.g. you want to SSH / RDP to a specific server)

 

Whilst you don’t need a DNAT rule, you will need at least a single SNAT rule to get to the internet from inside the VM.

Here I don’t need 1-1 NAT mappings. I just create one NAT rule, allowing the whole internal subnet out which will presents itself as 192.168.1.81

edge-22

edge-23

 

Move to the tab Firewall

I am just creating an outgoing firewall so I can test my VM, click OK

edge-24

 

Btw., a good article about vCloud Networking can be found HERE.

 

Installation of vCD 5.5 content

1. Installation
2. vShield Manager
3. VXLAN Config
4. Initial vCD Config
5. Create a Provider vDC
6. External Network
7. Create an Organization vDC
8. vShield Edge / Org Network
9. Final Testing
10. Install a second vCloud Cell