In the Part-1 & Part-2 we configured HyTrust KeyControl Cluster & vCenter, In this post we will configure Cloud director to utilize what we have configured till now…

Attach Storage Policy to Provider VDC

To update the information in the vCloud Director database about the VM storage policies which we had created in underlying vSphere environment, we must refresh the storage policies of the vCenter Server instance.

• Login to Cloud Director with cloud admin account and go to vSphere resources and choose vCenter on which we had created policies and click on “REFRESH POLICIES”
  • 
• You can add a VM storage policy to a provider virtual data center, after which you can configure organization virtual data centers backed by this provider virtual data center to support the added storage policy.
  • Login to Cloud Director, go to Provider VDCs and choose PVDC which is backed by the cluster where we had created storage policies.
  • Click on “ADD”
  • 
• Choose the Policy that we created in previous post.
  • 
  • 

Attach Storage Policy to Organization VDC

You can configure an organization virtual data center to support a VM storage policy that you previously added to the backing provider virtual data center.

• Now click on Organization VDCs, and click the name of the target organization virtual data center like 
  • 
• Click the Storage tab, and click Add.
  • 
• You can see a list of the available additional storage polices in the source provider virtual data center
• Select the check boxes of one or more storage policies that you want to add, and click Add.
  • 

Self Services Tenant Consumption

When Provider’s tenant try to create a VM/vAPP (A virtual machine can exist as a standalone machine or it can exist within a vApp) , he can use the encryption policy that we have created previously.

• This is new VM creation wizard from template , Tenant user must choose “use custom storage policy” and select the “encryption policy”
  • 
• Once VM is provisioned , user can go and check the Storage policy by clicking on VM.
  • 
• User can also go in to “Hard Disk” section of VM and check disk policy.
  • 

Encrypt Named Disks

Named disks are standalone virtual disks that you create in Organization VDCs.When you create a named disk, it is associated with an Organization VDC but not with a virtual machine. After you create the disk in a VDC, the disk owner or an administrator can attach it to any virtual machine deployed in the VDC. The disk owner can also modify the disk properties, detach it from a virtual machine, and remove it from the VDC. System administrators and organization administrators have the same rights to use and modify the disk as the disk owner.

• Here we will create a new encrypted “Named Disk” by choosing storage policy as “Encryption Policy”.
  • 
• Cloud Director allow users to connect these named disks
• Click the radio button next to the name of the named disk that you want to attach to a virtual machine, and click Attach
• From the drop-down menu, select a virtual machine to which to attach the named disk, and click Apply.
  • 

This competes three part Cloud Director encryption configuration and use by the tenants , this features enables VMware Cloud Providers new offering and monetisation opportunities, go ahead , deploy and start offering additional/deferential services.