in Cloud, Networking 239 Words

VMware Cloud Director Cells Behind Internet Proxy

Update 4/25/2022: This configuration no longer works with VMware Cloud Director 10.3.x.

Update 9/6/2022: This configuration works again in VMware Cloud Director 10.4 and 10.3.3.3.

VMware Cloud Director cells are usually deployed in the management cluster and their access to Internet might be limited due to security considerations. This can be a problem because certain features do require outgoing access to external (Internet) resources:

  • Catalog subscription: the cell will need access to the published catalog URL
  • Multisite: if you associate multiple Organizations together, some API calls are fan-out by the cell to the respective associated API endpoints, therefore the cell needs to be able to access them (even its own external API endpoint)
  • Cell Appliance VAMI repository for patches or upgrades

The latest VCD release 10.2.1 now does support internet proxy which means there is no need to have full internet access to the management environment.

On the VCD Appliance the proxy can be configured by editing /etc/sysconfig/proxy file:

root@vcloud1 [ ~ ]# cat /etc/sysconfig/proxy
# Enable a generation of the proxy settings to the profile.
# This setting allows to turn the proxy on and off while
# preserving the particular proxy setup.
#
PROXY_ENABLED="yes"

# Some programs (e.g. wget) support proxies, if set in
# the environment.
# Example: HTTP_PROXY="http://proxy.provider.de:3128/"
HTTP_PROXY="http://proxy.fojta.com:3128"

# Example: HTTPS_PROXY="https://proxy.provider.de:3128/"
HTTPS_PROXY="http://proxy.fojta.com:3128"

You need to restart vmware-vcd service to apply the configuration.

Advertisement

7 thoughts on “VMware Cloud Director Cells Behind Internet Proxy

  1. Hello Fojta,
    I have a question about vCloud 10.2.1, in the Architeting document for 8.2 you describe to we use the following options:

    database.pool.maxActive = 200
    vcloud.http.maxThreads = 200
    vcloud.http.minThreads = 32
    vcloud.http.acceptorThreads = 16
    networking.vsmSocketTimeoutInMillis = 3600000
    vcloud.http.maxQueuedHttpRequests = 200
    vcloud.http.requestsBaseLine = 100

    I use this since VCD 9.1 to 9.5 then 9.7 and 10.1. Can I use it for 10.2.1 too ?
    These values still valid ?

    My Cells has 4 VCPU and 16 GB RAM each.

    Reply

  2. Hi Tom,

    Thank you so much since this one I really need it. However, I would like to ignore the proxy by using NO_PROXY whole local domain. I’m very please if being advised by you. Thanks again

    Note: I tried but not working correctly
    NO_PROXY=”localhost,127.0.0.1,*.mydomain.com”

    Regards,
    Phuoc

    Reply

  3. Similar request – would love to use a proxy for certain operations but not all operations. Does all traffic go through the proxy including database traffic?

    Reply

  4. Hello Tom,
    you have mentioned above settings will not work with VCD 10.3.x. Is there any new settings or alternative settings?

    Reply

Leave a Reply

Fill in your details below or click an icon to log in:

Gravatar
WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Cancel

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.