Add new Organization vDC network for a new customer
Login to vCloud Director via the URL and credentials provided by Green Cloud Support.
Navigate to the Administration tab inside your vCloud Organization. Click the Virtual Datacenter line
item shown. Now click the Org VDC Networks tab. Click the green "+" sign to “Add Network…”
Unless you have special network requirements that require an isolated network, choose the option to
“Create a routed network…” and then click an available Edge Gateway device from the list. Note that
you can attach no more than 10 “Org VDC Networks” to a single edge gateway. If you need an additional
Edge Gateway, contact Green Cloud Support.
Click Next.
For the “Gateway address”, enter an IP that will be bound to the Edge Gateway device for this
customer’s network. This address will be the default gateway for any VMs in this network. In example:
192.168.102.1. Enter an appropriate Network mask. You may enter in your own Primary and Secondary
DNS servers or you may use the Green Cloud DNS servers: 198.71.77.5 and 198.71.76.5.
In the Static IP pool section, enter a range of IP addresses that you want vCloud Director to assign IPs
out of for new servers (VMs) that you create. Click Next.
Now give this new network a unique identifying name. We recommend including the name and/or
unique customer number that you may have internally. You can also use the description field to provide
more details. Click Next and Finish.
Add a New vApp (for a new customer) and new VM from Template
Navigate to the My Cloud tab inside your vCloud Organization.
In the vApps window (selected on the left), click the green "+" sign to “Add vApp from Catalog”
Select vApp template
The dialogue will show a drop-down menu that reads "My organization's catalogs"
Change this to "Public Catalogs" if using a Green Cloud template.
Then click the All Templates button. This will load the list of provided vApp Templates.
Select the preferred OS by name from this list and click Next neas the bottom.
Name this vApp
The vApp Name and description should be the same as the VM name if keeping a one-to-one
relationship. Preferably, use this template:
<<your-customer ID>> dash <<Company Name>> dash <<ServerName>>
Example: 10000000001-BobsTrucking
Click Next.
Configure Resources
Enter the Virtual Machine Name, just as you did for the vApp Name, but now adding the OS
<<Account ID>> dash <<Company Name>> dash <<ServerName>>
Example: 10000000001-BobsTrucking-FS01NVL
The Storage Profile should be left as is unless you actually wish to change the VM to be on a different
storage tier that is available in your VDC. Click Next.
Configure Networking
Modify the Computer Name to be the appropriate hostname the server OS will have (e.g. FS01NVL).
Change the NIC 0 Network from “None” to be the appropriate Organization VDC for this vApp
Click Next.
Select the appropriate number of virtual CPUs, Memory and Hard Disk space. Note that “Cores per
socket” should remain at 1. You cannot exceed your VDC’s resource limits .
Be sure to heed the note at the bottom of the window advising that if you increase the Hard Disk slze,
you will need to use the OS’s tools and commands to increase the partition/filesystem size.
Click Next.
DO NOT change "Power on vApp after this wizard is finished" (leave it unchecked).
Click Finish.
Initial vApp and VM Settings
Navigate to My Cloud > vApps
Right-click the newly created App select "Properties"
Click the "Starting and Stopping VMs" tab and verify that Stop Action is set to Shut Down and then click
OK if you had to change the action or Cancel if you didn’t.
In the left sidebar, under My Cloud, click VMs
Right-click the newly created VM and select "Properties" (VM must be in Powered Off state to make the
following changes)
General
Ensure the Computer name reflects the correct hostname
Ensure the appropriate Operating System is selected
Hardware
Scroll down and ensure the NIC is set to use the IP Mode of "Static – IP Pool"
Guest OS Customization
Verify that there is a check next to "Enable guest customization"
Check “Change SID” (if Windows)
Check to enable Allow local administrator password. You can select to either have vCloud choose a
random secure password or you may choose to specify your own. If you do elect to choose your own,
you must be sure to choose one that meets the OS’s default complexity requirements.
Click OK.
Power On
Upon initial boot, vCloud will configure the VM according to the chosen settings. This requires two
reboots and as such, you should wait at least 5 minutes before attempting to RDP, ssh, or console to the
VM. If console is opened, wait several minutes for the configuration to complete.
Windows Activation
If you are creating a Windows VM, you must contact Green Cloud Support to have the Windows
instance activated. Please specify the VM name in the body of the email.
Firewall, NAT, and VPN
Navigate to Administration > Virtual Datacenters > Org VDC Networks tab
Right-click the Org VDC Network to which the new vApp/VM is connected and choose “Configure
Services”
NAT
Click the “Add SNAT...” button
Change "Applied on:" to be pod3-external
 Set "Original (Internal) IP" to the local network, like 192.168.100.0/24
Set the "Translated (External) source IP/range:" to be the public IP assigned to the Edge Gateway, like
162.218.104.XXX
Click the “Add DNAT...” button
Change the "Applied on:" to pod3-external
Set "Original (External) IP" to the public IP on the corresponding Edge Gateway, like 162.218.104.XXX
Set the "Protocol" as needed
Set the "Original port" as desired
The "Translated (Internal) IP" will need to be the private IP of the VM
Set the "Translated port" as needed.
Click OK
If you need additional public IP addresses allocated to the Edge Gateway device that this Org VDC
Network is attached to in order to avoid conflicting NAT rules, contact Green Cloud Support.
Firewall
Click the Add button.
Create an Outbound rule and add inbound rules as needed.
Example Outbound rule:
Name – Outbound
Source – internal
Source port – any
Destination –external
Destination port – any
Protocol – ANY
Action – Allow
VPN
To create a site-to-site VPN contact Green Cloud Support and complete the form at the end of this
document. Note that you must add Firewall rule(s) to allow inbound traffic from the local subnets on the
peer side of the VPN.
Add a VM to an existing vApp
Keeping in mind that the suggested multi-tenant layout for all of your customers is to have one
vApp per customer and all of a single customer’s virtual servers inside that vApp, if you have a
customer that has more than one server, below are the steps to add a new server to an existing
vApp:
Navigate to My Cloud > vApps
From the list presented, click on the name of the vApp that you want to add a server to.
Click the Virtual Machines tab. Click the green "+" sign to “Add VM…”
The dialogue will show a drop-down menu that reads "My organization's catalogs"
Change this to "Public Catalogs" if using a Green Cloud template. Click on the VM type/OS that you wish
to add keeping in mind that there are multiple pages. Now press the Add button.
Click Next.
Fill in the unique name that you want to assign to the VM and choose the Storage Profile for the VM
based on the storage tiers you’ve purchased for your vDC. NOTE: If you do not have enough available
storage space in your vDC, you will not be able to create the VM. Click Next.
In the Computer Name column, type in the hostname you want the OS to have. In the Network column,
you will most likely want to choose the organization VDC network that exists for this customer (see
instructions on the 1st page). Make sure that the IP Assignment option says “Static – IP Pool”
Click Finish.
Refer to page 3 for customizing the resources (vCPU, RAM, Hard disk size) allocated to this virtual server.
The same instructions and warnings in the Guest Customization, Power On, and Windows Activation
headings apply to a virtual server added to an existing vApp.
Site-to-Site VPN Tunnel Information
CustName – AcctNo
Customer/Vendor Tunnel Endpoint
Setting/Notes
<<please provide>>
IPSEC Device and version
<<please provide>>
Local ID (IP Address, Email address, other value)
<<please provide>>
Protected Resources (a range may be used). This is
commonly referred to as private IP LANs or
“network lists” to be routed inside the VPN tunnel.
Green Cloud Tunnel Endpoint
VMware vShield Edge Appliance
<< vShield Edge IP >>
192.168.100.0/24
(default, but can be modified – VM range starts at
192.168.100.100)
Pre-Shared Key:
<< PSK, 32 characters only >>
IKE Authentication (Pre-Shared Key)
Pre-Shared Key:
<< PSK, 32 characters only >>
ICMP (Inbound and Outbound)
TCP: (all TCP ports allowed)
UDP: (all UDP ports allowed)
Allowed Ports between private IP host(s) or LAN(s)
inside LAN-to-LAN tunnel
ICMP (Inbound and Outbound)
TCP: (all TCP ports allowed)
UDP: (all UDP ports allowed)
Triple DES (3DES)
SHA-1
Group 2 (1024-bits)
SA Lifetime: 86400 seconds
Triple DES (3DES)
Group 2 (1024-bits)
SA Lifetime: 28800 seconds
ESP
SHA-1 / HMAC-128
Yes – Group 2 (1024-bits)
1500
(e.g. T1 1.5Mbps, DSL 20Mbps, etc)
IKE Encryption Algorithm
IKE Message Hash Algorithm
IKE Diffie-Hellman Group
IPSEC Encryption
IPSEC Diffie-Hellman Group
Internet Protocol Security
IPSEC Hash Algorithm
Perfect Forward Secrecy
Max Transmission Unit (MTU)
Bandwidth to VM
Triple DES (3DES)
SHA-1
Group 2 (1024-bits)
SA Lifetime: 86400 seconds
Triple DES (3DES)
Group 2 (1024-bits)
SA Lifetime: 28800 seconds
ESP
SHA-1 / HMAC-128
Yes – Group 2 (1024-bits)
1500