Deploying Multitenant Nodes
Multitenant Node

vCloud Connector nodes are multitenant, that is, one node can be used by multiple tenants to transfer content to and from a cloud.

As a public vCloud service provider (or the administrator of a private vCloud Director cloud serving many departments), you can deploy a multitenant node in the cloud for your customers to use, instead of requiring each customer to install a node in their own organization in the cloud.

Each node can support 20 tenants. Depending on the number of tenants, you might need to deploy multiple vCloud Connector nodes.

For example, you might deploy the following nodes.

Multitenant Node A for customers 1-20 on public vCloud 1

Multitenant Node B for customers 21-40 on public vCloud 1

Multitenant Node C for customers 41-60 on public vCloud 2

Multitenant Node D for customers 61-80 on public vCloud 2

After you deploy the nodes, you provide the appropriate node URL to each set of customers for them to register the node with their own vCloud Connector servers.

As each multitenant node is dedicated to a group of customers, vCloud Connector does not support using a load balancer in front of a multitenant node.

Customers' vCloud Connector servers must be able to reach the following.

The multitenant node

The cloud

The vCloud Connector server accesses the cloud directly to get the inventory and for tasks such as powering on or powering off virtual machines and vApps. It accesses the cloud through the vCloud Director API endpoint.

Each multitenant node can support up to 20 organizations.

Check whether your customers want to use HTTPS or UDT as the data transfer protocol for copy. The default protocol is HTTP(S). To use UDT, both the source and destination nodes must have UDT enabled. If UDT is enabled on only one of the nodes, for example, if it is enabled on the multitenant node and not on the customer's node, then HTTP(S) is used.

Note that the multitenant node must be registered with a customer's server before you can select the Enable UDT option for the multitenant node. UDT cannot be enabled on a node until the node is registered with a server.

For more information, see Selecting Copy Options.

If you use UDT, and if the multitenant node is being accessed by a public FQDN, ensure that its hostname is set to the public FQDN.

1

Determine how many multitenant nodes you need based on the number of customers you intend to support.

Each node can support 20 organizations.

2

Install and configure vCloud Connector nodes in the public vCloud, one for each set of customers.

See Installing vCloud Connector for more information.

Note

You do not need to install a vCloud Connector server in the public cloud.

3

Set NAT and firewall rules as specified below.

4

Add valid SSL certificates to the nodes. See Add Valid SSL Certificates for information.

If you add a valid certificate and enable SSL, customers need to import the corresponding CA root certificate into the trusted keystore of their server and nodes. See Add CA Root Certificate to Trusted Keystore for information.

5

Increase the node staging area. See Configure vCloud Connector Node Allocated Storage for information.

Note

If you use NFS share to increase the staging area, use the nolock option for mounting the NFS share.

6

If you are planning to use UDT, and if the multitenant node is going to be accessed by a public FQDN, ensure that the node's hostname is set to the public FQDN.

a

Log in to the multitenant node console.

b

Change to root user.

su root

The default password is vmware.

c

Edit the /etc/hosts file and add the following line as the first entry.

multitenantNodeInternalIP multitenantNodeFQDN

d

Exit the console.

7

Email the appropriate node URL to each set of customers. Specify either the IP address of the node or its fully qualified domain name (FQDN).

https://vCCNodeIPaddress

For example: https://10.10.100.10

https://vCCNodeFQDN

For example: https://node1.company.com

Also inform customers whether the multitenant node has a valid certificate and has SSL enabled so that they can select the appropriate settings while registering the node.

8

Ask customers to register the node with their vCloud Connector servers using the node URL you provided and their own organization credentials.

See Register vCloud Connector Nodes with vCloud Connector Server.

9

Enable UDT on the node, if required.

Each customer will register the multitenant node with their own vCloud Connector server, using the URL you provided and their own organization credentials. This enables them to transfer content to and from their organization in the public vCloud.

For an on-premise vCloud Connector server and node to reach the multitenant node in the public cloud, you need to set NAT and firewall rules in the public cloud.

Set these rules.

Open port 443 for HTTPS traffic.

Open port 80 for HTTP traffic.

Open port 8190 for UDT traffic, if you enable UDT on the multitenant node.

Note

If these ports are in use, you can use a different port for the original (outbound) port.

Note

Do not open port 5480, which is used to access the node Admin Web console. As a service provider, you configure the multitenant node before you provide the node URL to your customers.

Sample NAT Rule for Multitenant Node

Rule

Original IP

Port

Translated IP

Port

Protocol

DNAT

Public IP

443

Private IP of node

443

TCP

DNAT

Public IP

80

Private IP of node

80

TCP

DNAT

Public IP

8190

Private IP of node

8190

UDP

SNAT

Private IP of node

Any

Public IP

Any

Any

Sample Firewall Rule for Multitenant Node

Source

Port

Destination

Port

Protocol

Any

Any

Public IP

443, 80

TCP

Any

Any

Public IP

8190

UDP

Private IP of node

Any

Any

443, 80

TCP

Private IP of node

Any

Any

8190

UDP

As the multitenant node administrator, you can access node log files for all customers from the node console or Admin Web console. Log files are divided by organization. See Accessing Log Files from the Console and Accessing Log Files from the User Interface for more information.

Customers do not have access to the multitenant node console or Admin Web console. They can access node log files from their vCloud Connector server Admin Web console. See Accessing Log Files for Multitenant Nodes for more information.

To upgrade a multitenant node, follow the process described in Upgrading to vCloud Connector 2.7. After you upgrade a multitenant node, customers who have registered the node with their vCloud Connector servers need to reload the cloud in the vCloud Connector user interface.