Most of
vCloud Director implementations I’ve worked on where multi-cells
implementations behind a load balancer to distribute the load and “hide” the
cells from direct internet access.
In those
scenarios you must configure the Public Address on vCloud configuration page,
this way the cells will reply back to end users the public address instead of
it’s internal address.
Starting
with vCloud Director for Service Providers 5.6.3 there’s a few more flexible
ways of configuring it.
Now we have options for:
- vCloud
Director public URL
- vCloud
Director secure public URL
- vCloud
Director secure certificate chain
- vCloud
Director public REST API base URL
- vCloud
Director secure public REST API base URL
-vCloud
Director public REST API certificate chain
As you
could see we have a few new options, we could specify different address for
HTTP and HTTPS access, but also when you specify the secure addresses you must
include the certificate chain to be used, this means you wont use the internal
cell’s certificate you specified during the cell’s installation.
This gives
you the flexibility to have internal certificate provided by a internal CA and
do real SSL OffLoad on your Load Balancer.
Remember:
Consoly proxy still no able to provide SSL Offload, so you still need that
valid certificate internal to the cell.
If you recall during cells implementation, there’s
no API certificate bind to service during cell’s installation, so in the cases
you want a different API URL than vCD URL having the option to specify it’s own
certificate handy is awesome.