Secure, reliable operation of vCloud Director depends on a secure, reliable network that supports forward and reverse lookup of hostnames, a network time service, and other services. Your network must meet these requirements before you begin installing vCloud Director.

The network that connects vCloud Director servers, the database server, vCenter servers, and vShield Manager servers, must meet several requirements:

IP addresses

Each vCloud Director server requires two IP addresses, so that it can support two different SSL connections. One connection is for the HTTP service. The other is for the console proxy service. You can use IP aliases or multiple network interfaces to create these addresses. You cannot use the Linux ip addr add command to create the second address .

Console Proxy Address

The IP address configured as the console proxy address must not be located behind an SSL-terminating load balancer or reverse proxy. All console proxy requests must be relayed directly to the console proxy IP address.

Network Time Service

You must use a network time service such as NTP to synchronize the clocks of all vCloud Director servers, including the database server. The maximum allowable drift between the clocks of synchronized servers is 2 seconds.

Server Time Zones

All vCloud Director servers, including the database server, must be configured to be in the same timezone.

Hostname Resolution

All host names that you specify during vCloud Director and vShield Manager installation and configuration must be resolvable by DNS using forward and reverse lookup of the fully qualified domain name or the unqualified hostname. For example, for a host named mycloud.example.com, both of the following commands must succeed on a vCloud Director host:

nslookup mycloud
nslookup mycloud.example.com

In addition, if the host mycloud.example.com has the IP address 192.168.1.1, the following command must return mycloud.example.com:

nslookup 192.168.1.1

Transfer Server Storage

To provide temporary storage for uploads and downloads, an NFS or other shared storage volume must be accessible to all servers in a vCloud Director cluster. This volume must have write permission for root. Each host must mount this volume at $VCLOUD_HOME/data/transfer, typically /opt/vmware/vcloud-director/data/transfer. Uploads and downloads occupy this storage for a few hours to a day. Transferred images can be large, so allocate at least several hundred gigabytes to this volume.