Managing Dedicated vCenter Server Instances

With dedicated vCenter Server instances, you can use VMware Cloud Director as a central point of management (CPOM) for your vSphere environments.

When you add a vCenter Server instance to VMware Cloud Director, you can specify the purpose of the instance.

Dedicated vCenter Server
The infrastructure of an attached vCenter Server instance is encapsulated as a Software-Defined Data Center (SDDC) and is fully dedicated to a single tenant. You create a dedicated vCenter Server instance by enabling the tenant access for that instance. After you enable the tenant access, you can publish a dedicated vCenter Server instance to a tenant.
Shared vCenter Server
The provider can use different resource pools of the vCenter Server instance across multiple provider VDCs and then allocate those resource pools to different tenants. A shared vCenter Server instance cannot be published to tenants.
None
The vCenter Server instance does not have any specific purpose.

VMware Cloud Director can act as an HTTP proxy server for the dedicated vCenter Server instances and the vCenter Server instances that do not have a set purpose.

With dedicated vCenter Server instances, you can use VMware Cloud Director as a central point of management for all your vSphere environments.

  • You can dedicate the resources of a vCenter Server instance to a single tenant by publishing the corresponding dedicated vCenter Server only to its organization. The tenant does not share these resources with other tenants. The tenant can access this dedicated vCenter Server instance by using a UI or API proxy without a VPN required.
  • You can use VMware Cloud Director as a lightweight directory to register all your vCenter Server instances.
  • You can use VMware Cloud Director as an API endpoint for all your vCenter Server instances.

You can enable the tenant access and mark a vCenter Server instance as dedicated, during or after the attachment of the target vCenter Server instance to VMware Cloud Director. See Attach a vCenter Server Instance.

With an attached vCenter Server instance, you can create either a shared vCenter Server or a dedicated vCenter Server. If you created a shared vCenter Server instance, you cannot use this vCenter Server instance to create a dedicated vCenter Server, and the reverse.

You can create proxies that tenants can use to access the underlying vSphere environment. Users can log in to the UI or API of the components with proxies by using their VMware Cloud Director accounts.

Dedicated vCenter Server instances in VMware Cloud Director remove the requirement for vCenter Server to be publicly accessible. To control the access, you can enable and disable the tenant access to an SDDC in VMware Cloud Director.

A proxy is the access point to a component from an SDDC, for example, a vCenter Server instance, an ESXi host, or an NSX Manager instance. By enabling and disabling a proxy, you can allow and stop the tenant access through that proxy.

Creating and Managing Dedicated vCenter Server Instances

To create and manage dedicated vCenter Server instances and proxies, you can use the Service Provider Admin Portal or the VMware Cloud Director OpenAPI. For VMware Cloud Director OpenAPI, see Getting Started with VMware Cloud Director OpenAPI at https://code.vmware.com.

Important:

VMware Cloud Director requires a direct network connection to each dedicated vCenter Server instance. If the vCenter Server instance uses an external Platform Services Controller, VMware Cloud Director requires a direct network connection to the Platform Services Controller as well.

To use VMware OVF Tool in a proxied dedicated vCenter Server, VMware Cloud Director requires a direct connection to each ESXi host.

  1. Create a dedicated vCenter Server instance.

    When you add a vCenter Server instance to the VMware Cloud Director environment, you can create a dedicated vCenter Server instance by enabling the tenant access in the Add vCenter Server wizard. While attaching the vCenter Server instance, you can also create a proxy for it. See #GUID-88470D75-4899-45DF-B01D-49C847CA4945. You can enable the tenant access of vCenter Server instances that are already added to VMware Cloud Director and do not have a specified use. See #GUID-C6724453-5E4E-49C8-A338-7F5CE159D375. Enabling the tenant access makes the vCenter Server instance available to be published to tenants.

  2. Add a proxy.

    You can create a proxy either when you attach a vCenter Server instance to VMware Cloud Director or later. If the vCenter Server instance uses an external Platform Services Controller, VMware Cloud Director creates a proxy for the Platform Services Controller as well. With parent and child proxies, you can hide certain proxies from the tenants or you can enable and disable groups of child proxies through their parent proxies. For information on creating a proxy after you add a vCenter Server instance to VMware Cloud Director, see #GUID-090BFA79-CFA9-48B5-B1D6-D8D9C1BF4D8A.

    You can edit, enable, disable, and delete proxies from the Proxies tab under vSphere Resources.
    Note: When you add a proxy to a dedicated vCenter Server instance, you must upload the certificate and the thumbprint, so that tenants can retrieve the certificate and the thumbprint if the proxied component uses self-signed certificates.

    To view and manage certificates and certificate revocation lists (CRLs), see #GUID-EB922800-0DE6-4CD3-B5DD-850145398CA7.

  3. Get the certificate and the thumbprint of the created proxies, and verify that the certificate and the thumbprint are present and correct. See #GUID-EB922800-0DE6-4CD3-B5DD-850145398CA7.
  4. Publish the dedicated vCenter Server instance to one or more organizations.

    You can publish a dedicated vCenter Server instance to a tenant and make it visible in the VMware Cloud Director Tenant Portal. In most cases, one vCenter Server instance should be published only to one tenant. See #GUID-13FBCBFD-415D-44C3-BA77-D4FCB0AC6D59.

  5. To enable the tenants to access the dedicated vCenter Server instances and proxies from the VMware Cloud Director Tenant Portal, you must publish the CPOM extension plug-in to their organizations. See . See the VMware Cloud Director Service Provider Admin Portal Guide.