VMware vCloud Director Within Enterprise IT Private Clouds

We keep hearing about “moving to the cloud”, which is great for those of us at VMware, and equally great for our customers.  I, for one, love all this cloud talk, as I’m part of our vCloud Delivery Team.  Within our group, I specifically work on the enterprise side.  We have some folks who focus on service providers like Terremark, and others (like me) who focus more on enterprise customers.  But I see a frequent misperception by some enterprise thought-leaders, who think that vCloud Director is not for the enterprise.  When I dig further, it’s because much of the traditional “cloud” messaging once focused around multi-tenancy solutions and end-user self-service.  That’s neither bad, nor is it completely untrue.  Indeed, we do play well in those spaces.  But when enterprises hear certain messages, some say: “What? You want me to let Phil in HR create his own VMs?” The answer is most likely no, or at least not yet, but the whole conversation misses a key point.

vCloud in a multi-tenancy environment really does fit well for a service provider OR a large parent entity that hosts systems for multiple subsidiaries where secure separation is required by the Organization users.  In these cases, the classic multi-tenancy makes a lot of sense.  However, to the millions of other enterprises, perhaps it seems like overkill to create seprate tenants for each organization when there is a small number of users we want to provide the self-service access.  Should Phil in HR be provisioning VMs for himself?  Maybe yes, maybe no.  But what I submit from experience is that in most enterprises only a few select individuals in IT currently have the ability to provision VM’s.  For the enterprise this is key to where vCloud Director fits the enterprise IT users.

Let’s think about the users not the technology….

There are literally hundreds of folks in most IT departments who are either system admins or developers for different organizations’ applications.  Today most of those folks still have to request a VM from someone with access to vCenter to get a VM for a new project.  Then there’s a long (often quasi-manual) workflow to be satisfied, a bunch of paperwork, the “right” sysadmin has to come back from lunch, or training, or vacation, etc.  Maybe the task is done offshore, and completed by the next day.  Overall, provisioning takes more time than it should, or could.  This a key place for vCloud Director in the Enterprise, if you ask me.

So maybe the focus should be on making it easier NOT for Phil in HR, but for many enterprise system admins to deploy new VMs quickly, so everyone can start using them.  What I’m proposing is that for enterprise folks who feel vCloud Director is only for the Service Providers……think again!  Look around your IT department and see how many people do NOT have access to vCenter.  How many of THOSE people could benefit from the deployment workflow that vCloud Director provides, whether or not it provides “self service” to each end-user?  Of course vCD can reach to the end user, but it doesn’t have to.

Being an ex-system admin myself…..I think a lot of IT folks fit this bill.  Now layer on top of that the ability for Chargeback (or perhaps even just showback) of IT costs to corporate stovepipes like HR, Finance, Test/Dev, Sales, etc. – and vCloud Director becomes a very powerful enterprise tool.  The model in the enterprise should focus first on internal organizations that need applications.  Those become the “Orgs” in vCloud Director.  However the “Users” for those “Orgs” should not all be people in them, but rather the IT personnel who manage that Org’s applications and systems.  This means a single administrator could have access to both the Sales and HR Organization vDC’s, or maybe manage apps for only one.  Either way, IT can deploy and self-provision Virtual Machines for that Organization’s needs far more rapidly.  By still separating the Organizations by group (i.e., HR) or function (i.e., staging), IT still has the ability to chargeback the individual groups for the usage they need.  The result is better, faster, more responsive enterprise IT.

So does this look like a multi-tenant setup?  On paper, sure.  They’re definitely similar.  But maybe some users actually cross Organizations because those “users” are in fact IT superusers, not real “end users”, Or maybe it’s a mix.  In so many conversations we get caught up on the complete isolation of tenants within vCloud Director and forget that it’s so flexible we can easily position it within the enterprise IT space to spread out work currently being handled by just two or three folks.  I don’t think I’m suggesting anything new here, I am simply trying to point out that there is a place for vCloud Director in the enterprise IT space, but we need to broaden our thinking about who the “tenants” and “users” might be.

As always this is nothing more than the author’s opinion on this topic.  I am simply trying to provide another possible way of looking at where VMware vCloud Director fits with users specifically within Enterprise IT.  All I am suggesting is that we think about the other alternatives for where VMware vCloud Director fits in your enterprise, and maybe a proof of concept is in order to flush out the options for your enterprise.

About Chris Colotti

Chris is active on the VMUG and event speaking circuit and is available for many events if you want to reach out and ask. Previously to this he spent close to a decade working for VMware as a Principal Architect. Previous to his nine plus years at VMware, Chris was a System Administrator that evolved his career into a data center architect. Chris spends a lot of time mentoring co-workers and friends on the benefits of personal growth and professional development. Chris is also amongst the first VMware Certified Design Experts (VCDX#37), and author of multiple white papers. In his spare time he helps his wife Julie run her promotional products as the accountant, book keeper, and IT Support. Chris also believes in both a healthy body and healthy mind, and has become heavily involved with fitness as a Diamond Team Beachbody Coach using P90X and other Beachbody Programs. Although Technology is his day job, Chris is passionate about fitness after losing 60 pounds himself in the last few years.


  1. what do you think about vshield-edge component in vcloud director? how do you compare it to common FWs ? to common Routers ? (well , NAT devices at least) , to common load-balancers ? do you think vmware will be the vendor for all this stuff ? 😉

    • Being an employee I might be biased . I think vShield Edge as a component of vCloud Director will continue to expand. It really is right now the only way to separate the Org Networks from each other and prevent inbound traffic. Since it sets itself up for the most part it is also fairly easy to use. I have one in my lab for use INSIDE and OUTSIDE my cloud. I use a VSE to separate my View Desktop network from the rest of my networks. I also then have one inside my vCloud front ending a VCNI network pool for ease of use. Granted the thing we see most is the challenge when the ENterprises actually WANT to get to the VM’s behind it via SSH or Terminal Server. That poses a set of design considerations on how and where VSE can or should be used. I guess the short answer is always….It Depends. I think in the Enterprise Private clouds VSE plays a different role than in the Service Providers overall.

Leave a Reply

Your email address will not be published. Required fields are marked *