It looks like the last post generated some interest around the networking side of things – particularly the use of vShield firewalls ( or my complete lack of them ) . I’ve done a little more digging and while it wasn’t immediately obvious to a newcomer to cloud director , there is a way of using the vShield firewalls within a deployment – that’ll serve me right for not fully RTFM
By deploying an additional network for a given vApp , I am able to connect that to the internet connection and specify some NAT & Firewall rules to publish services from that application to the network. It also makes the vApp diagram look pretty.
Note that the Management network ( as I’ve called it ) is a vApp specific network rather than an organisation wide one, hence why I still have an internal network connection to the VM so that it can talk to other VM’s with the VDC. The firewall VM I configured earlier is organisation wide , so any machine in the VDC could be publish via it. For larger deployments I wonder if it would make sense ( although its not really within the spirit of “the cloud” ) to use hardware devices for edge networking – for example an f5 load balancer. While they do have a VM available which would offer a per vApp LTM instance , some shops may want the functionality of the physical hardware ( for example SSL offload ) . There may also be licence considerations when it comes to deploying the edge layer as multiple virtual instances.
Still to come in subsequent posts – deploying a “real” application to a public vCloud Director instance.