What’s New in vCloud Director 10

With clockwork efficiency after less than 6 months there a is new major release of vCloud Director – version 10. As usual, I will try to summarize all the new functionality compared to the previous release 9.7. I have similar posts about 9.7, 9.5 and 9.1 so you can get quickly up to speed if you are not familiar with them as well.

User Interface

From the tenant UI perspective the HTML5 UI (/tenant) has been evolving to add missing legacy (Flex) UI functionality. You can now customize VM network adapter during VM creation, change user password and user settings.

The top ribbon bar now provides more information and new search option.

New universal tenant login page (/login) was added:

Tenant UI also provides new functionality such as NSX-T network management.

The provider HTML5 UI now contains all the actions the cloud service provider needs to do (various Settings screens, tenant migration, …), so the legacy Flex UI is actually disabled by default. There are still however some missing features like direct VM import from vCenter Server, Org VDC template creation or edit of VM guest properties.

If necessary, you can enable Flex UI with this command (run on any cell and reboot them all):

cell-management-tool manage-config -n flex.ui.enabled -v true

Among some of the new Provider UI features are:

  • compute policy management (VM Sizing Policies and Provider VDC specific VM Placement Policies).

  • NSX-T provider actions such as Geneve network pool creation, import of T0 for external networks and Org VDC Edge Gateway management including quite useful quick external IP addresses sub-allocation (available for NSX-V Edge Gateways in API as well).
  • SDDC Proxy and token management (CPOM feature)

NSX-T Support

As hinted above, NSX-T integration has been improved massively. I am going to deep dive into the topic in a separate article, so let me cover it here very quickly.

In the previous vCloud Director releases the system administrator could only import NSX-T based networks (overlay logical segments) as tenant Org VDC networks and that was it. In the current release the tenants now can create NAT-routed and isolated networks with firewalling, DHCP and DNS forwarding services provided by NSX-T T1 Gateways. The vCloud Director networking objects did not change much which means there should not be major difference between NSX-V backed and NSX-T backed Org VDC from the usability perspective. However, there is not full feature parity between NSX-V and NSX-T functionality; sometimes it is due to NSX-T not providing these features (SSL VPN), sometimes due to vCloud Director not yet caught up. Expect more in the future as this is a journey.

Note: Only NSX-T version 2.5 is supported by vCloud Director 10.0.


  • API version has been bumped up to 33.0, while versions 27.0-32.0 are still supported but 27.0 and 28.0 are marked for deprecation.
  • There is a new API authentication mechanism. The OpenAPI provides two different authentication endpoints (one for provider: /cloudapi/1.0.0/sessions/provider the other for tenants /cloudapi/1.0.0/sessions). You can disable for API version 33.0 the old authentication mechanism (/api/sessions) with the following command:cell-management-tool manage-config -n vcloud.api.legacy.nonprovideronly -v trueThis means it is now quite easy with Web Application Firewall to protect the provider API authentication from the internet.
  • OpenAPI provides new (faster) way to collect audit events from vCloud Director via AuditTrail API call. Note that vCloud Director now stores audit events only for limited time in order to keep the database size and query speed manageable.
  • The NSX-T related networking APIs are not pass-through as was the case with NSX-V and instead use the OpenAPI calls.
  • vCloud Director Appliance API: each appliance node now provides its own appliance API to get database state provide by replication manager. It is also possible to remotely execute database standby node promotion  and thus automate database failover with external tooling or load balance to the active database node for 3rd party database usage.
    GET https://<appliance IP>:5480/api/1.0.0/is_primary
    GET https://<appliance IP>:5480/api/1.0.0/nodes

    POST https://<appliance IP>:5480/api/1.0.0/nodes/<node name>/promote

Other Features

  • Improved vRealize Orchestrator (vRO) integration. Two more custom properties vcd_sessionToken and _vcd_apiEndpoint can be passed from vCloud Director to vRO workflow so the workflow during its execution can connect in the particular user context via the vCloud Director Plugin to vCloud Director and provide access only to those objects the user has access to.
    The spelling of two other custom properties was fixed from _vdc_userName and _vdc_isAdmin to _vcd_userName and _vcd_isAdmin (but is still backwards compatible).
    The new vRO vCloud Director Plugin now also supports vRO Clustering so the vCloud Director connection is automatically shared across vRO nodes.
  • RBAC support for NSX-V Edge ECMP and DNS features. The former was asked by many providers in order to keep NSX-V licensing at Advanced edition and not to get accidentally bumped to Enterprise edition if tenant enabled ECMP on its Org VDC Edge Gateway.
  • Legacy Org VDC allocation models can now be changed to flex allocation model which allows for switching allocation models of existing Org VDCs.
  • When system administrator enables Distributed Firewall via UI it is possible to choose if the new tenant firewall section should be created at the bottom (and not on top by default). This was before possible only via API.

  • MS SQL is no longer supported as vCloud Director database. To use vCloud Director version 10.0 you must either use the appliance form factor with its embedded PostgreSQL database or an external PostgreSQL. Migration is supported.
  • Compatible VCD-CLI version 22.0 and pycloud 21.0 SDK were released as well.

17 thoughts on “What’s New in vCloud Director 10

  1. Hello!
    Please tell me
    Cassandra Db integrates with vCloud10?
    I have such a situation.
    There was Applince vCloud 9.5 + MS SQL + Cassandra
    Updated vCloud 9.5 -> 9.7
    Migrated with MS SQL -> Postgress
    And already updated vCloud 9.7 -> vCloud 10
    During the update, lost contact with Cassandra Db
    after cleaning Cassandra Db, reconnected to vCloud 10
    After restarting the vCloud service, the “Monitoring Chart” menu did not appear in the interface.

      1. Tomas.
        Thank you very much for your answer.
        After updating vCloud to version 10.0.0-15450333
        The tab again appeared in the interface – “Monitoting Chart”

  2. Hi Tomas,
    It’s seems there is a bug with DefaultComputePolicy in vCloud Director

    If you set a pure VM Placement Policy (without VM Sizing parameters) as DefaultComputePolicy on a vdc,
    you can’t create NEW VM because the OK button stay disabled in the modal-content. (creating vApp from Library doesn’t suffer that issue)

    – If I use an custom API created compute policy (with Placement Policy and memory limitation for instance) as DefaultComputePolicy, the OK button in ‘NEW VM’ modal-content works.
    – vCloud Director 9.7 doesn’t suffer that issue

    Is that a knowned issue ?

    1. OK button stays disabled because one must select a sizing policy. Unlike placement policies, selection of sizing policy is not optional, otherwise how will provider ever enforce fixed T-Shirt sizing.

    2. If the placement policy selected (or set as default) already has sizing information in it, then selection of yet another sizing policy is not needed and hence OK button becomes enabled right away.

  3. Hi Tomas,

    I have deployed single Primary appliance for vcd 10.0 and looks like HA database is giving below message

    “No nodes found in cluster”

    How can I resolve that so that it detects that I have one primary node. I am planning to add 1 standby node too but before that i need to resolve this on Primary.

    Any help is appreciated.

  4. Yes. Thats what i am thinking but my vCD is up and running and i have many vapps already running. Here are the logs.

    2020-07-02 10:03:23,620 | INFO | uWSGIWorker4Core0 | Successfully authenticated user “root”
    2020-07-02 10:03:23,895 | ERROR | uWSGIWorker3Core0 | ERROR: Command ‘cd /opt/vmware/vcloud-director && sudo -n -u postgres /opt/vmware/vpostgres/current/bin/repmgr cluster show’ returned non-zero exit status 1.
    2020-07-02 10:03:23,895 | ERROR | uWSGIWorker3Core0 | Return code: 1
    2020-07-02 10:03:23,895 | DEBUG | uWSGIWorker3Core0 | Parsed Cluster Status: {}
    2020-07-02 10:03:23,895 | DEBUG | uWSGIWorker3Core0 | Got cluster status: {}
    root@l1dpdvcld039 [ /opt/vmware/var/log/vcd ]# date
    Thu Jul 2 10:03:56 UTC 2020
    root@l1dpdvcld039 [ /opt/vmware/var/log/vcd ]# cd /opt/vmware/vcloud-director
    root@l1dpdvcld039 [ /opt/vmware/vcloud-director ]# sudo -n -u postgres /opt/vmware/vpostgres/current/bin/repmgr cluster show
    ERROR: no node information was found – please supply a configuration file

    1. Primary node must be deployed as first node of a VCD instance. So obviously you are doing something fundamentally wrong if you are trying to deploy primary DB node to already existing VCD instance.

  5. Right. I have deployed Primary Node as VCD instance. I was checking the possibility of deploying 1 Standby node for DB HA.

  6. I think I got your point. Looks like I deployed vCD cell application and not the Primary. How can I check what config i chose while deploying?

  7. Hi Tom, I can’t add a vcenter in Provide in vCloud Director version: When I go to create the Provider VDC, there are no vcenters available. I do see Vcenter is Vcloud vsphere resources, and it looks like my vcenter is added as SDDC. I have shared to my organization as well – is there any additional requirements to add vcenter to provider vdc?

  8. hi, about the api call
    /cloudapi/1.0.0/sessions/provider, could you provide more detail about authentication.
    when I tried with basic auth, I got response status “406 Not Acceptable”.

    “minorErrorCode”: “NOT_ACCEPTABLE”,
    “message”: “The request accept header is invalid.”,
    “stackTrace”: null

  9. Hello Tomas, After updating from 9.7 to 10.0, I can no longer enter the provider api with the administrator user. With the root user I have no problems.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.