To provide a flexible and secure network infrastructure in a multipurpose cloud environment, VMware Cloud Director uses a layered networking architecture with four categories of networks. The network categories are external networks, organization virtual data center (VDC) networks, and vApp networks.
An external network provides an uplink interface that connects networks and virtual machines in your Virtual Data Center environment to outside networks, such as a VPN, a corporate intranet, or the public Internet.
An external network is backed either by a single vSphere network, by multiple vSphere networks, or by an NSX-T Data Center tier-0 logical router.
Organization VDC Networks
Organization virtual data center (VDC) networks enable vApps to communicate with each other or with external networks outside the organization. Depending on the connection of the organization VDC network to an external network, there are several different types of organization VDC networks.
Organization VDC networks provide direct or routed connections to external networks, or can be isolated from external networks and other organization VDC networks. Routed connections require an edge gateway and a network pool in the organization VDC.
vApp networks allow virtual machines to communicate with each other or, by connecting to an organization VDC network, with virtual machines in other vApps. A vApp network is contained within a vApp. A vApp network can be isolated from other networks or connected to an organization VDC network. Every vApp contains a vApp network. The network is created when the vApp is deployed, and deleted when the vApp is undeployed
Types of Networks in a vApp
The virtual machines in a vApp can connect to vApp networks, which can be isolated, direct, or routed, and to organization VDC networks. You can add networks of different types to a vApp to address multiple networking scenarios.
Virtual machines in the vApp can connect to the networks that are available in a vApp. If you want to connect a virtual machine to a different network, you must first add this network to the vApp. A vApp can include vApp networks and organization VDC networks. An isolated vApp network is contained within the vApp.
You can also route a vApp network to an organization VDC network to provide connectivity to virtual machines outside of the vApp. For routed vApp networks, you can configure network services, such as a firewall and static routing.
You can connect a vApp directly to an organization VDC network.
If you have multiple vApps that contain identical virtual machines connected to the same organization VDC network and you want to start the vApps at the same time, you can fence the vApp. Fencing the vApp allows you to power on the virtual machines without a conflict, by isolating their MAC and IP addresses.
An edge gateway provides a routed organization VDC network with connectivity to external networks and can provide services such as load balancing, network address translation, and a firewall. VMware Cloud Director supports IPv4 and IPv6 edge gateways.