vCloud Air Advanced Networking Services Guide vCloud Air This document supports the version of each product listed and supports all subsequent versions until the document is replaced by a new edition. To check for more recent editions of this document, see http://www.vmware.com/support/pubs.
vCloud Air Advanced Networking Services Guide You can find the most up-to-date technical documentation on the VMware Web site at: http://www.vmware.com/support/ The VMware Web site also provides the latest product updates. If you have comments about this documentation, submit your feedback to: docfeedback@vmware.com Copyright © 2015 VMware, Inc. All rights reserved. Copyright and trademark information. VMware, Inc. 3401 Hillview Ave. Palo Alto, CA 94304 www.vmware.com 2 VMware, Inc.
Contents Preface 5 1 Introducing Advanced Networking Services for vCloud Air 7 Upgrade an Edge Gateway to Advanced Networking Services Log In and Navigate to Advanced Networking Services 9 Statistics and Logs for Advanced Networking Services 11 7 2 Advanced Routing for vCloud Air 15 Specify Global Configuration 15 Add a Static Route 16 Configure BGP 17 Configure OSPF 18 Configure Route Redistribution 20 3 Certificate and Security Group Management 23 Certificate Management in vCloud Air 23 Generate a Ce
vCloud Air Advanced Networking Services Guide Create an Application Profile 40 Create a Service Monitor 43 Add a Server Pool 45 Add a Virtual Server 46 Add an Application Rule 47 6 Secure Access Using Virtual Private Networks 49 SSL VPN-Plus Overview 49 About Configuring SSL VPN-Plus 50 Configure Server Settings 51 Add an IP Pool 52 Add a Private Network 53 Add an Authentication Server 54 Add an Installation Package 56 Add an SSL VPN-Plus User 57 Add a Web Resource for SSL VPN-Plus Access 58 Edit Client
Preface The vCloud Air Advanced Networking Services Guide provides information about configuring networking for ® VMware vCloud Air Advanced Networking Services, including how to configure dynamic routing, firewall rules, load balancing, and VPN access. Intended Audience This guide is intended for network administrators and virtual administrators who will be configuring networking in vCloud Air.
vCloud Air Advanced Networking Services Guide 6 VMware, Inc.
Introducing Advanced Networking Services for vCloud Air 1 ® VMware vCloud™ Air Advanced Networking Services, powered by the VMware NSX™ network virtualization platform, offer enhanced security controls and routing, and network scaling capabilities in the cloud. vCloud Air Advanced Networking Services allow customers to achieve unprecedented security and isolation in a public cloud.
vCloud Air Advanced Networking Services Guide When you upgrade an edge gateway to Advanced Networking Services, the edge gateway configuration is maintained through the upgrade; for example, if you configured firewall rules or load balancing, the edge gateway will maintain the firewall settings and be configured for load balancing after the upgrade. NOTE After upgrading an edge gateway, you cannot revert the edge gateway to its previous state.
Chapter 1 Introducing Advanced Networking Services for vCloud Air Figure 1‑1. vCloud Air Air Gateway Before Upgrade After you upgrade an edge gateway, the networking functionality available in the vCloud Air Web UI changes. Figure 1‑2. vCloud Air Gateway After Upgrade After an upgrade, the tabs for configuring NAT and firewall rules are moved to thevCloud Director Web UI to match the NSX user experience.
vCloud Air Advanced Networking Services Guide Procedure 1 Go to https://vca.vmware.com and log in to vCloud Air using your user name and password. If you are logging in to vCloud Air for the first time, see Sign In to vCloud Air in the vCloud Air User's Guide for information. The VMware vCloud Air services page appears. 2 Click the My Subscriptions tile. The VMware vCloud Air Dashboard appears. 3 Click the Gateways tab and click the tile for the gateway you want to mange.
Chapter 1 Introducing Advanced Networking Services for vCloud Air Statistics and Logs for Advanced Networking Services You can view statistics and access logs for the edge gateways deployed for Advanced Networking Services. Statistics Navigate to an edge gateway in vCloud Director, right click and select Edge Gateway Services. VMware vCloud Edge Gateway Services appears in a new browser tab. By default the Dashboard tab is selected.
vCloud Air Advanced Networking Services Guide Figure 1‑3. Statistics on the SSL VPN-Plus Dashboard IPsec VPN Click the IPSEC VPN tab > Show IPsec Statistics to display the status of the tunnel. Firewall Rules You can view statistics for edge gateway firewall rules and Trust Group firewall rules in the following ways: 1 12 Navigate to a Firewall tab: n For an edge gateway firewall rule, see “Log In and Navigate to Advanced Networking Services,” on page 9.
Chapter 1 Introducing Advanced Networking Services for vCloud Air 2 On the Firewall tab, click (column display icon) and select the Stats check box. The page refreshes and the Stats column appears in the table. 3 Click (the stats icon) for a rule. Figure 1‑4. Statistics for an Edge Gateway Firewall Rule You can view the traffic related to the rule—traffic packets and size. Figure 1‑5.
vCloud Air Advanced Networking Services Guide 2 Configure a syslog server to receive the log data. See Capturing vCloud Air Edge Gateway Data with Syslog in the VMware vCloud Blog. The logged data is accessible via your configured syslog server. 14 VMware, Inc.
Advanced Routing for vCloud Air 2 You can specify static and dynamic routing for each edge gateway in vCloud Air. To enable dynamic routing, you can configure an edge gateway using the Border Gateway Protocol (BGP) or the Open Shortest Path First (OSPF) protocol.
vCloud Air Advanced Networking Services Guide 4 5 To specify the default gateway, click Edit next to Default Gateway. a Select an interface from which the next hop towards the destination network can be reached. b Type the gateway IP address if required. c Edit the MTU if required and type a description. d Click Save. To configure dynamic routing, click Edit next to Dynamic Routing Configuration. NOTE If you have IPsec VPN configured in your environment, you should not use dynamic routing.
Chapter 2 Advanced Routing for vCloud Air 5 Option Description MTU Edit the maximum transmission value for the data packets if required. The MTU value cannot be higher than the MTU value set on the edge gateway interface. See “Specify Global Configuration,” on page 15 for information about he MTU set for the default edge gateway. Description (Optional) Type a description for the static route. Click OK. What to do next Configure a NAT rule for the static route.
vCloud Air Advanced Networking Services Guide c Type a value (a globally unique number between 1-65534) for the Remote AS. vCloud Air assigns the remote AS number to the border device you are creating the connection for. d If necessary, edit the default weight for the neighbor connection. e If necessary, edit the default interval for the Keep Alive Time. f If necessary, edit the default interval for the Hold Down Time.
Chapter 2 Advanced Routing for vCloud Air Prerequisites A Router ID must have been selected. “Specify Global Configuration,” on page 15 Procedure 1 Log in to vCloud Air and navigate to the vCloud Edge Gateway Services UI. See “Log In and Navigate to Advanced Networking Services,” on page 9 for information. 2 Click the Routing tab and OSPF. 3 In OSPF Configuration, complete the OSPF options: 4 a Click Edit next to OSPF Configuration. b Select Enable OSPF.
vCloud Air Advanced Networking Services Guide d (Optional) Select Ignore Interface MTU Settings to disable MTU mismatch detection on received Database Descriptor (DBD) packets. When configuring OSPF, routers connected to the same shared subnet should have the same MTU setting. However, you can force OSPF neighbors to establish a session even when their interface MTU settings do not match.
Chapter 2 Advanced Routing for vCloud Air 6 To specify redistribution criteria for the IP prefix, complete the following steps: a 7 VMware, Inc. Click the Add ( ) icon in Route Redistribution table. b In Learner Protocol, select the protocol that learns routes from other protocols. c In Allow Learning from, select the types of networks from which routes can be learned. d In Action, select whether to permit or deny redistribution from the selected types of networks. e Click OK.
vCloud Air Advanced Networking Services Guide 22 VMware, Inc.
Certificate and Security Group Management 3 Advanced Networking Services provides functionality to manage certificates for use with SSL VPN-Plus and IPsec VPN tunnels. Additionally, Advanced Networking Services enables use of grouping objects for use in creating firewall rules and load balancer server pools.
vCloud Air Advanced Networking Services Guide You generate a CSR with a matching private-key file that must remain on the edge gateway. The CSR contains the matching public key and other information such as your organization's name, location, and domain name. Procedure 1 Log in to vCloud Air and navigate to the vCloud Edge Gateway Services UI. See “Log In and Navigate to Advanced Networking Services,” on page 9 for information. 2 Click the Certificates tab and Actions > Generate CSR.
Chapter 3 Certificate and Security Group Management 2 Generate a CSR. See “Generate a Certificate Signing Request,” on page 23 for information. The CSR is generated and displayed in the certificates list. 3 Have an online CA sign this CSR. 4 Import the signed certificate by performing the following steps: a From the Certificates tab, select Actions > Import Certificate. b In the Import Certificate dialog box, paste the contents of the signed certificate. c Click OK.
vCloud Air Advanced Networking Services Guide 6 7 If you are adding a Certificate, configure the following options: n Private Key—required for enabling public key/private key encryption n Password n Retype Password Click OK. You can now sign your own certificates. Add a Certificate Revocation List A Certificate Revocation List (CRL) is a list of subscribers and their status, which is provided and signed by Microsoft.
Chapter 3 Certificate and Security Group Management 2 3 Click the Grouping Objects tab and IP Sets. Click the Add ( ) icon. The Add IP Addresses dialog box appears. 4 Type a name for the group. 5 (Optional) Type a description for the group. 6 Type the IP addresses to be included in the group. 7 Click OK. Create a Service You can create a service and then define rules for that service. Procedure 1 Log in to vCloud Air and navigate to the vCloud Edge Gateway Services UI.
vCloud Air Advanced Networking Services Guide 28 VMware, Inc.
Network Security and Isolation 4 Advanced Networking Services provides functionality to create robust firewalls to protect your virtual machines deployed in vCloud Air from outside network traffic as well as to create internal firewalls to isolate virtual machines from each other.
vCloud Air Advanced Networking Services Guide Firewall for Trust Groups The Trust Group firewall allows you to segment virtual data center entities like virtual machines based on virtual machine names and attributes. The Trust Groups firewall is a hyper visor kernel-embedded firewall that provides visibility and control for virtualized workloads and networks.
Chapter 4 Network Security and Isolation 2 Auto-plumbed rules (rules that enable control traffic to flow for edge gateway services). 3 User-defined rules on Firewall user interface. 4 Default rule. Add an Edge Gateway Firewall Rule The Firewall tab displays rules created on the centralized Firewall tab in a read-only mode. Any rules that you add here are not displayed on the centralized Firewall tab.
vCloud Air Advanced Networking Services Guide 5 Point to the Source cell of the new rule. Perform one of the following options: Option Description Click Type the source IP address. The firewall supports both IPv4 and IPv6 formats. Click To specify the source as an object other than a specific IP address: a . Select one or more objects and click b c You can create a new IP Set. Once you create the new object, it is added to the source column by default.
Chapter 4 Network Security and Isolation 7 Point to the Service cell of the new rule. Perform one of the following options: Option Click Click Description To specify the service as a port–protocol combination: a Select the service protocol. NOTE The edge gateway supports ALG for FTP only. b Under Advanced options, type the port number. c Click OK. To select a pre-defined service or service group, or define a new one: a .
vCloud Air Advanced Networking Services Guide 2 Click the Firewall tab. The table of configured rules for the edge gateway firewall appears. n n Disable a rule by clicking Edit a rule by clicking , or enable a rule by clicking . . NOTE The default firewall rule for an edge gateway blocks all incoming traffic. You can change the default action and logging settings. Default firewall settings apply to traffic that does not match any of the user-defined firewall rules.
Chapter 4 Network Security and Isolation 4 Click Publish Changes. Manage Trust Groups Firewall Rules Default firewall settings apply to traffic that does not match any of the user-defined firewall rules. The default firewall rule for Trust Groups is displayed on the centralized firewall user interface, and the default rule for each edge gateway is displayed at the edge gateway level. The default Trust Group rule allows all L3 and L2 traffic to pass through all prepared clusters in your infrastructure.
vCloud Air Advanced Networking Services Guide 9 Point to the Source cell and perform one of the following options: Option Description Click Type the source IP address. The Trust Groups firewall supports IPv4 format only. Click To specify the source as an object other than a specific IP address: a . Select one or more objects and click b c You can create a new IP Set. Once you create the new object, it is added to the source column by default.
Chapter 4 Network Security and Isolation 11 Point to the Service cell of the new rule and perform one of the following options: Option Description To specify the service as a port–protocol combination: a Select the service protocol. NOTE The Trust Groups firewall supports Application Level Gateway (ALG) for the following protocols: FTP, CIFS, ORACLE TNS, MS-RPC, and SUN-RPC. b Type the port number and click OK. Click To select a pre-defined service or service group, or define a new one: a .
vCloud Air Advanced Networking Services Guide 14 Click Publish Changes. Edit a Trust Groups Firewall Rule Firewall rules for Trust Groups are added to a virtual data center in vCloud Air. You can edit and delete only the user-defined firewall rules that were added to a virtual data center. You cannot edit or delete an auto-generated rule or the default rule.
Load Balancing 5 The load balancer enables network traffic to follow multiple paths to a specific destination. It distributes incoming service requests evenly among multiple servers in such a way that the load distribution is transparent to users. Load balancing helps achieve optimal resource utilization, maximizing throughput, minimizing response time, and avoiding overload.
vCloud Air Advanced Networking Services Guide Configure the Load Balancer Service You can specify global load balancer configuration parameters. Procedure 1 Log in to vCloud Air and navigate to the vCloud Edge Gateway Services UI. See “Log In and Navigate to Advanced Networking Services,” on page 9 for information. 2 Click the Load Balancer tab and Global Configuration. 3 Click Edit next to Load balancer global configuration.
Chapter 5 Load Balancing 3 Click the Add ( ) icon. The New Profile dialog box appears. 4 Type a name for the profile. 5 (Optional) Configure the following options for the application profile: VMware, Inc. Option Description Type Select the way in which you want to send requests to the server—HTTP, HTTPS, TCP, or UDP. By default, HTTP is selected for the traffic type. Depending on the type selected, the remaining options in the New Profile dialog are enabled or disabled.
vCloud Air Advanced Networking Services Guide Option Description Mode Select the mode by which the cookie should be inserted. The following cookie insertion modes are supported: n Insert n The edge gateway sends a cookie. When the server sends one or more cookies, the client will receive one extra cookie (the server cookies plus the edge gateway cookie). When the server does not send any cookies, the client will receive the edge gateway cookie only.
Chapter 5 Load Balancing Create a Service Monitor You create a service monitor to define health check parameters for a particular type of network traffic. When you associate a service monitor with a pool, the pool members are monitored according to the service monitor parameters. Procedure 1 Log in to vCloud Air and navigate to the vCloud Edge Gateway Services UI. See “Log In and Navigate to Advanced Networking Services,” on page 9 for information. 2 3 Click the Load Balancer tab and Service Monitoring.
vCloud Air Advanced Networking Services Guide Example: Extensions Supported for Each Protocol Table 5‑1. Extensions for HTTP/HTTPS Protocols Monitor Extension Description no-body Does not wait for a document body and stops reading after the HTTP/HTTPS header. NOTE An HTTP GET or HTTP POST is still sent; not a HEAD method. max-age=SECONDS Warns when a document is more than SECONDS old. The number can be in the form 10m for minutes, 10h for hours, or 10d for days.
Chapter 5 Load Balancing Table 5‑3. Extensions for TCP Protocol (Continued) Monitor Extension Description quit=STRING Sends a string to the server to cleanly close the connection. refuse=ok|warn|crit Accepts TCP refusals with states ok, warn, or criti. By default, uses state crit. mismatch=ok|warn|crit Accepts expected string mismatches with states ok, warn, or crit. By default, uses state warn. jail Hides output from the TCP socket.
vCloud Air Advanced Networking Services Guide Option Description HTTPHEADER URL 5 Add members to the pool. a Click the Add ( ) icon. b Type the name and IP address of the server member. c Type the port where the member is to receive traffic on and the monitor port where the member is to receive health monitor pings. d In Weight, type the proportion of traffic this member is to handle. e Type the maximum number of concurrent connections the member can handle.
Chapter 5 Load Balancing 5 Option Description Application Profile Select the application profile to be associated with the virtual server. You can associate only an application profile with the same protocol as the virtual server that you are adding. Name Type a name for the virtual server. Description (Optional) Type a description for the virtual server. IP Address Type the IP address that the load balancer is listening on.
vCloud Air Advanced Networking Services Guide What to do next Associate the new application rule to a virtual server added for the load balancer. Click the Load Balancer tab > Virtual Servers and the Edit ( ) icon. Associate applications rules by clicking the Advanced tab. See “Add a Virtual Server,” on page 46 for the steps to associate applications rules with a virtual server. 48 VMware, Inc.
Secure Access Using Virtual Private Networks 6 You can connect to vCloud Air by using the following secure methods—an SSL VPN-Plus tunnel or an IPsec VPN tunnel. Use Advanced Networking Services to configure these tunnels. After configuring your VPN tunnels, use a VPN client from your remote location to log into vCloud Air and manage your Infrastructure-as-a-Service resources.
vCloud Air Advanced Networking Services Guide Figure 6‑1. SSL VPN-Plus Interaction vCloud Air edge gateway Corporate LAN Admin Remote users connecting through web access mode Internet Edge SSL VPN external Windows Server Remote users connecting through SSL client SSL VPN-Plus supports VPN clients on the following operating systems: n Windows XP and above NOTE Windows 8 is supported.
Chapter 6 Secure Access Using Virtual Private Networks 5 Add an Installation Package on page 56 Create an installation package of the SSL VPN-Plus client for the remote user. 6 Add an SSL VPN-Plus User on page 57 Add a remote user to the local database. 7 Add a Web Resource for SSL VPN-Plus Access on page 58 Add a server that the remote user can connect to via a Web browser.
vCloud Air Advanced Networking Services Guide 5 (Optional) Change the port number. By default, Advanced Networking Services use port 443, which is the default port for HTTPS/SSL traffic. A port number is required to configure the installation package; however, you can set any TCP port for communications. 6 Select the encryption method. 7 (Optional) From the Server Certificate table, select the server certificate that you want to add. Or Select Use Default Certificate. 8 Click OK.
Chapter 6 Secure Access Using Virtual Private Networks Add a Private Network Add the network that you want the remote user to be able to access. Each private network that requires access through a VPN tunnel must be added as a separate entry. If necessary, use Route Summarization to limit the number of entries in the Private Network table. Procedure 1 Log in to vCloud Air and navigate to the vCloud Edge Gateway Services UI.
vCloud Air Advanced Networking Services Guide Add an Authentication Server Instead of a local user, you can add an external authentication server (AD, LDAP, RADIUS, or RSA) which is bound to the SSL gateway. All users with accounts on the bound authentication server will be authenticated. The maximum time to authenticate over SSL VPN is 3 minutes. This maximum is set because the nonauthentication timeout is 3 minutes; the non-authentication timeout value is not configurable.
Chapter 6 Secure Access Using Virtual Private Networks Table 6‑1. AD and LDAP Authentication Server Options (Continued) n Option Description Use this server for secondary authentication Whether to use the server as the second level of authentication. Terminate Session if authentication fails Ends the session when authentication fails. RADIUS authentication server Table 6‑2. RADIUS authentication server options n Option Description IP Address The IP address of the external server.
vCloud Air Advanced Networking Services Guide Table 6‑3. RSA-ACE authentication server options (Continued) Option Description Use this server for secondary authentication Whether to use the server as the second level of authentication. Terminate Session if authentication fails Ends the session when authentication fails. NOTE Adding a user for SSL VPN-Plus automatically adds a local authentication server in the SSL VPN-Plus > Authentication page and configures the default values.
Chapter 6 Secure Access Using Virtual Private Networks Procedure 1 Log in to vCloud Air and navigate to the vCloud Edge Gateway Services UI. See “Log In and Navigate to Advanced Networking Services,” on page 9 for information. 2 3 Click the SSL VPN-Plus tab and Installation Package. Click the Add ( ) icon. The Add Installation Package dialog box appears. 4 Type a profile name for the installation package. 5 In Gateway, type the IP address or FQDN of the public interface of the edge gateway.
vCloud Air Advanced Networking Services Guide Procedure 1 Log in to vCloud Air and navigate to the vCloud Edge Gateway Services UI. See “Log In and Navigate to Advanced Networking Services,” on page 9 for information. 2 3 Click the SSL VPN-Plus tab and Users. Click the Add ( ) icon. The Add User dialog box appears. 4 5 Configure the following options for the user: Option Description User ID Type the user ID. Password Type the password. Re-type Password Retype the password.
Chapter 6 Secure Access Using Virtual Private Networks 4 5 Configure the following options as required: Option Description Name Type the name for the Web resource. URL Type the URL of the Web resource that you want the remote user to access. HTTP Method (Optional) Depending on whether the remote user wants to read from or write to the Web resource, select the HTTP method. HTTP Query (Optional) Type the GET or POST query parameters.
vCloud Air Advanced Networking Services Guide Add a Script You can add multiple login or logoff scripts. For example, you can bind a login script for starting Internet Explorer with gmail.com; when a remote user logs in to the SSL client, Internet Explorer opens gmail.com. Procedure 1 Log in to vCloud Air and navigate to the vCloud Edge Gateway Services UI. See “Log In and Navigate to Advanced Networking Services,” on page 9 for information. 2 3 Click the SSL VPN-Plus tab and Login/Logoff Scripts.
Chapter 6 Secure Access Using Virtual Private Networks 5 Select To Randomize keys of virtual keyboard Make the virtual keyboard keys random. Enable forced timeout Disconnect remote users after the specified timeout period is over. Type the timeout period in minutes. Session idle timeout When there is no activity on a user's session for the specified period, end the user session after that period is over. User notification Type a message to be displayed to remote users after they log in.
vCloud Air Advanced Networking Services Guide You can deploy an edge gateway agent behind a NAT device. In this deployment, the NAT device translates the VPN address of an edge gateway instance to a publicly accessible address facing the Internet. Remote VPN routers use this public address to access the edge gateway instance. You can place remote VPN routers behind a NAT device as well. You must provide the VPN native address and the VPN Gateway ID to set up the tunnel.
Chapter 6 Secure Access Using Virtual Private Networks Procedure 1 Log in to vCloud Air and navigate to the vCloud Edge Gateway Services UI. See “Log In and Navigate to Advanced Networking Services,” on page 9 for information. 2 Click the Routing tab and IPSEC VPN. 3 Next to Global configuration status, click Change. The Global Configuration dialog box appears. 4 Type a global pre-shared key for those sites whose peer endpoint is set to any and select Display shared key to display the key.
vCloud Air Advanced Networking Services Guide 4 Complete the following settings for the IPsec VPN connection: Option Description Enabled Select the checkbox to enable the connection between the two VPN endpoints. Enable perfect forward secrecy (PFS) Select to generate unique public keys for all sessions your users initiate. Enabling PFS ensures that vCloud Air does not create a link between the edge gateways private key and each session key.
Chapter 6 Secure Access Using Virtual Private Networks 5 Option Description Pre-Shared Key If you selected PSK as the authentication type, type an alphanumeric string between 32 and 128 characters, which includes at least one uppercase letter, one lowercase letter, and one number. Indicates that the secret key shared between vCloud Air and the peer site is to be used for authentication. NOTE The shared key must match the key that is configured on the remote site VPN device.
vCloud Air Advanced Networking Services Guide 66 VMware, Inc.
IP Service Management: NAT and DHCP 7 Advanced Networking Services provides functionality to manage Network Address Translation for the virtual machines deployed in vCloud Air and to configure the DHCP server for an edge gateway. You can manage these services by using Advanced Networking Services or by using the networking features in the vCloud Air UI and vCloud Director UI. See the vCloud Air Networking Guide for information.
vCloud Air Advanced Networking Services Guide n Configuring multiple NAT rules on multiple edge gateway interfaces IMPORTANT By default, edge gateways are deployed with firewall rules configured to deny all network traffic to and from the virtual machines on the edge gateway networks. Also, NAT is disabled by default so that edge gateways are unable to translate the IP addresses of the incoming and outgoing traffic.
Chapter 7 IP Service Management: NAT and DHCP Option Description ICMP Type When you select ICMP (an error reporting and a diagnostic utility used between devices to communicate error information) in the Protocol field, select the ICMP Type from the drop-down menu. ICMP messages are identified by the “type” field. By default, the ICMP type is set to “any.” Translated IP/Range Type the IP address or a range of IP addresses to which destination addresses on inbound packets will be translated.
vCloud Air Advanced Networking Services Guide Add a DHCP IP Pool The DHCP service requires a pool of IP addresses. An IP pool is a sequential range of IP addresses within the network. Virtual machines protected by the edge gateway that do not have an address binding are allocated an IP address from this pool. An IP pool's range cannot intersect one another, thus one IP address can belong to only one IP pool. Procedure 1 Log in to vCloud Air and navigate to the vCloud Edge Gateway Services UI.
Chapter 7 IP Service Management: NAT and DHCP 3 Click the Add ( ) icon. The Add DHCP Binding dialog box appears. 4 Configure the following options for the DHCP bindings: Option 5 VMware, Inc. Action Auto Configure DNS Select to use the DNS service configuration for the DHCP binding. Lease never expires Select to bind the address to the MAC address of the virtual machine forever. Interface Select the edge gateway interface to bind. VM Name Select the virtual machine to bind.
vCloud Air Advanced Networking Services Guide 72 VMware, Inc.
Index G glossary 5 I intended audience 5 VMware, Inc.
vCloud Air Advanced Networking Services Guide 74 VMware, Inc.
