Pivotal Cloud Foundry v1.7

Deploying Operations Manager to vCloud Air and vCloud

Page last updated:

Note: Pivotal Cloud Foundry (PCF) for vCloud Air and vCloud Director is deprecated and availability is restricted to existing customers. Contact Support for more information.

This topic is a prerequisite to Configuring Ops Manager Director for vCloud Air and vCloud.

This topic describes how to configure the vCloud or vCloud Air Edge Gateways Configure Services screen and install Pivotal Cloud Foundry (PCF) Ops Manager for your Elastic Runtime environment.

Note: PCF does not currently support vCloud Air On Demand.

Accessing the vShield Edge Gateway Services Interface

Follow these steps to access the vCloud or vCloud Air Edge Gateways Configure Services screen. For more information about edge gateway services, see the VMware vCloud Director documentation.

  1. Log into vCloud or vCloud Air.

  2. Click the Gateways tab and your virtual datacenter on the Gateways page. The Gateways > Gateways Details page appears.

  3. Click Manage Advanced Gateway Settings on the right side of the Gateways > Gateways Details page. The vCloud Director > Administration > Edge Gateways page appears.

  4. Select the gateway you want to configure, then click the gear icon and select Edge Gateway Services.

    Select edge

    The Configure Services screen for your virtual datacenter displays with the following tabs:

    • DHCP
    • NAT
    • Firewall
    • Static Routing
    • VPN
    • Load Balancer

    Config services

    Note: The following sections describe how to perform the minimum configuration steps: setting up NAT rules, firewalls, static routing, and a load balancer. Ensure that you configure the Edge Gateways Configure Services screen with any additional settings that your environment requires.

Configuring NAT Rules

The following section describe how to configure your vCloud or vCloud Air Edge Gateway to ensure that Elastic Runtime can access the web.

To do this, you configure the single source NAT rule (SNAT) and three destination NAT (DNAT) rules that Elastic Runtime requires:

  • Elastic Runtime accesses the Internet using an SNAT rule.

  • Elastic Runtime’s API endpoint, which is fronted by HAProxy, requires a DNAT rule to forward traffic from a public IP.

  • Ops Manager also requires a DNAT rule to connect external sources on any port to its public IP, as illustrated:

Ops man dnat rule

vCloud or vCloud Air evaluates NAT rules in the order you list them in, from top to bottom, on the NAT tab of the Edge Gateways Configure Services screen. The image is an example of the configured SNAT rule and a DNAT rule.

Nat example

Create SNAT and DNAT Rules

To allow outbound connections through Ops Manager public IP address, configure an SNAT rule. To enable inbound traffic over SSH to your Ops Manager VM, create a DNAT rule.

Note: Using the Elastic Runtime IP address for outbound connections can be problematic for DNS resolution.

  1. In the Edge Gateways Configure Services screen, select the NAT tab.

  2. Configure an SNAT rule:

    1. From the Applied on drop down menu, select the network where you want to apply the NAT rule.
    2. In the Original (Internal) source IP/range field, enter the IP range/subnet mask.
    3. In the Translated (External) source IP/range field, enter the Ops manager public IP.
    4. Ensure the checkbox Enabled is checked.

    Snat 1

  3. Create a destination NAT (DNAT) rule by following the same procedure, using the following configuration:

    • Applied on: Select your external network
    • Original (External) IP/range: Enter the public IP address for Ops Manager
    • Protocol: Select TCP & UDP
    • Original Port: Select 22
    • Translated (Internal) IP/range: Enter the private IP address of your Ops Manager
    • Translated port: 22

Create Firewall Rules for SNAT and DNAT

  1. In the Edge Gateways Configure Services screen, select the Firewall tab.

  2. Create a SNAT firewall rule allowing outbound traffic from all internal IP addresses to all IP external addresses.


  3. Create a DNAT firewall rule allowing inbound traffic from the public IP to the private IP address of your Ops Manager.

Allow Inbound Web Traffic for Ops Manager

Repeat the steps above for ports 80 and 443 for the same public address.

Allow Inbound Web Traffic for Elastic Runtime

Repeat the steps above for ports 80 and 443 for the Elastic Runtime public IP address.

Setting up Static Routing

Select the Enable static routing checkbox.

Setting up Network Rules for Elastic Runtime DNS Resolution

  1. In the Edge Gateways Configure Services screen, select the Load Balancer tab.

  2. Click Pool Servers, then click Add.


    The Add Load Balancer Member Pool wizard appears.

  3. Name the pool Load Balancer to Elastic Runtime.

  4. In the Configure Service step, enable the pool to support HTTP port 80 and HTTPS port 443. We recommend using the default balancing method, Round Robin.


  5. In the Configure Health-Check step, enter Monitor Port 80 for HTTP and 443 for HTTPS. For both HTTP and HTTPS, change the Mode to TCP.

    Health check

  6. In the Manage Members step, click Add. Enter the IP address of the HAProxy VM. Specify 80 for the HTTP port values and 443 for the HTTPS port values.


  7. Click Finish.

  8. Click Virtual Servers.

    Virtual servers

  9. Click Add.

  10. Complete the new virtual server form with the following information:

    • Name: Load Balancer
    • Applied On: Select your external network
    • IP Address: Enter the public IP address of your Elastic Runtime instance
    • Pool: Select the Load Balancer to Elastic Runtime pool
    • Services: Enable HTTP on port 80 with a Persistence Method of None, and HTTPS on port 443 with a Persistence Method of Session Id
    • Enabled: Select this checkbox


  11. Click OK to complete.

Deploying Ops Manager to vCloud or vCloud Air

The following procedures guide you through uploading and deploying Ops Manager as a vApp on vCloud or vCloud Air. Refer to the Known Issues topic before getting started.

Note: vCloud and vCloud Air use the vCloud Director Web Console, which only supports 32-bit browsers like Firefox. It does not support Chrome. Refer to Article 2034554 in the VMware Knowledge Base for more information about browser versions that the vCloud Director supports.

Upload Ops Manager

You must either upload the Ops Manager vApp into your catalog or use a vApp that your cloud administrator uploaded to your organization’s catalog.

Note: The first time you upload software to vCloud Director, you must install the Client Integration Plug-in and restart all browsers. If the plug-in does not work and you continue to receive a message prompting you to download it, check the plug-in permissions for your browsers.

  1. Download Pivotal Cloud Foundry Operations Manager for vCloud Air and vCloud Director from Pivotal Network.

  2. Log into vCloud Director.

  3. Navigate to Catalogs > My Organization’s Catalogs and select a catalog or click Add to create a new catalog.

    Pcf vcloud 00

    If you are creating a new catalog:

    • Enter a name for the new catalog and click Next.
    • Select a storage type and click Next.
    • Specify sharing (if needed) and click Next.
    • Review your settings and click Finish.
  4. Navigate to the vApp Templates tab for your catalog and click Upload.

    Pcf vcloud 02

  5. Select Local file and browse to your .ovf file.

    Pcf vcloud 03a

  6. Enter a name for your Ops Manager vApp, enter a description, and click Upload.

    Pcf vcloud 03b

    vCloud Director transfers the OVF package to a staging environment, then uploads it to your catalog.

  7. Navigate to the Home view and click Add vApp from Catalog.

    Pcf vcloud 07

  8. Select your Ops Manager vApp and click Next.

    Pcf vcloud 09

  9. Complete the Add vApp from Catalog wizard, changing the default settings as necessary for your environment. See Complete the vApp Wizard and Deploy Ops Manager for more information.

Complete the vApp Wizard and Deploy Ops Manager

After adding the Ops Manager vApp to your vCloud Director, you can finish the set up and deploy as follows:

  1. Check the I agree checkbox to accept licenses and click Next.

  2. Enter the name of your Ops Manager vApp, select the virtual data center where the vApp should run, and click Next.

    Pcf vcloud 11

  3. Choose a storage policy and click Next.

    Pcf vcloud 12

  4. Set the network mapping Destination to the network name, set IP allocation to Static — Manual, and click Next.

    Pcf vcloud 13

  5. Enter the desired networking information, set an admin password for the Ops Manager vApp, and click Next.

    Pcf vcloud 14

    Note: The order of the items on your screen may vary from the order shown in this image.

    The following list contains tips on entering specific networking information:

    • DNS: If you are unsure of your Pivotal Ops Manager DNS, you can use the Google Public DNS value For more information, refer to the Using Google Public DNS topic.
    • Default Gateway: On the vCloud Air or vCloud Dashboard, click the Gateways tab and copy the GATEWAY IP value.
    • IP Address: Navigate to the My Clouds > VMs page, locate the Pivotal Ops Manager VM, and copy the IP address from the IP Address column. If this column does not display, click the Customize Columns icon on the right side to set your column display preferences.
  6. Review the hardware specifications of the virtual machine and click Next.

  7. In the Ready to Complete dialog, check the Power on vApp After This Wizard is Finished checkbox and click Finish.

  8. Navigate to the Home view to verify that your Ops Manager vApp is being created.

    Pcf vcloud 17

Create a DNS Entry

Note: Ops Manager 1.7 security features require you to create a fully qualified domain name in order to access Ops Manager during the initial configuration.

Create a DNS entry for the IP address that you used for Ops Manager. You must use this fully qualified domain name when you log into Ops Manager in the Installing Pivotal Cloud Foundry on vSphere and vCloud Air topic.

Return to the Installing Pivotal Cloud Foundry Guide

Create a pull request or raise an issue on the source for this page in GitHub