Managing SDDCs and SDDC Proxies

Starting with version 9.7, vCloud Director can act as an HTTP proxy server between tenants and the underlying vSphere environment. A Software-Defined Data Center (SDDC) encapsulates the infrastructure of an attached vCenter Server instance. An SDDC proxy is an access point to a component from an SDDC, for example, a vCenter Server instance, an ESXi host, or an NSX Manager instance.

With the SDDC feature, you can use vCloud Director as a central point of management for all your vSphere environments.
  • You can dedicate the resources of a vCenter Server instance to a single tenant by publishing the corresponding SDDC only to its organization. The tenant does not share these resources with other tenants. The tenant can access this SDDC by using a UI or API proxy without a VPN required.
  • You can use vCloud Director as a lightweight directory to register all your vCenter Server instances.
  • You can use vCloud Director as an API endpoint for all your vCenter Server instances.

Before you create an SDDC, you must attach the target vCenter Server instance to vCloud Director. See Attach a vCenter Server Instance.

Note: By default, with an attached vCenter Server instance, you can create either a provider VDC or an SDDC. If you created a provider VDC backed by an vCenter Server instance, you cannot use this vCenter Server instance to create an SDDC, and the reverse. You can use the vCloud API to modify the system settings of your vCloud Director installation so that a vCenter Server instance can back both a provider VDC and an SDDC.

You can create and publish SDDCs and SDDC proxies to organizations in your cloud. Users can use the SDDC proxies to access the underlying vSphere environment. Users can log in to the UI or API of the proxied components by using their vCloud Director accounts.

SDDCs in vCloud Director remove the requirement for vCenter Server to be publically accessible. To control the access, you can enable and disable an SDDC in vCloud Director, and you can enable and disable an SDDC proxy.

Creating and Managing SDDCs and SDDC Proxies

To create and manage SDDCs and proxies, you must use the vCloud OpenAPI. See Getting Started with vCloud OpenAPI at https://code.vmware.com.

Important:

vCloud Director requires a direct network connection to each vCenter Server instance for use as an SDDC. If the vCenter Server instance uses an external Platform Services Controller instance, vCloud Director requires a direct network connection to the Platform Services Controller instance as well.

To use VMware OVF Tool in a proxied SDDC, vCloud Director requires a direct connection to each ESXi host.

  1. Create an SSDC backed by an attached and enabled vCenter Server instance.

    vCloud Director creates the SDDC with a default proxy for the vCenter Server instance. If the vCenter Server instance uses an external Platform Services Controller instance, vCloud Director creates a proxy for the Platform Services Controller instance as well.

  2. Get the certificate and the thumbprint of the created proxies, and verify that the certificate and the thumbprint are present and correct.
  3. Enable the SDDC.
  4. Publish the SDDC to one or more organizations.
  5. To enable users to access the SDDCs and the SDDC proxies from the vCloud Director Tenant Portal, you must publish the CPOM extension plug-in to their organizations. See . See the vCloud Director Service Provider Admin Portal Guide.
After you create and publish an SDDC, you can add, edit, enable, disable, and remove its SDDC proxies.
Note: When you add a proxy to an SDDC, you must upload the certificate and the thumbprint, so that tenants can retrieve the certificate and the thumbprint if the proxied component uses self-signed certificates.