Just Another IT Blog

It's time to share some of my experiences, crazy ideas, tips and tricks !!!

Post Page Advertisement [Top]


Most of vCloud Director implementations I’ve worked on where multi-cells implementations behind a load balancer to distribute the load and “hide” the cells from direct internet access.

In those scenarios you must configure the Public Address on vCloud configuration page, this way the cells will reply back to end users the public address instead of it’s internal address.
Starting with vCloud Director for Service Providers 5.6.3 there’s a few more flexible ways of configuring it.


Now we have options for:
- vCloud Director public URL
- vCloud Director secure public URL
- vCloud Director secure certificate chain
- vCloud Director public REST API base URL
- vCloud Director secure public REST API base URL
-vCloud Director public REST API certificate chain
 
As you could see we have a few new options, we could specify different address for HTTP and HTTPS access, but also when you specify the secure addresses you must include the certificate chain to be used, this means you wont use the internal cell’s certificate you specified during the cell’s installation.
This gives you the flexibility to have internal certificate provided by a internal CA and do real SSL OffLoad on your Load Balancer.




 Remember: Consoly proxy still no able to provide SSL Offload, so you still need that valid certificate internal to the cell.

 If you recall during cells implementation, there’s no API certificate bind to service during cell’s installation, so in the cases you want a different API URL than vCD URL having the option to specify it’s own certificate handy is awesome.



 The vCD's documentation was not update to reflect those new options yet, so I hope this posts helps to clarify a little bit about how to use them.

 

Bottom Ad [Post Page]