Page tree

CloudConnect Docs

Skip to end of metadata
Go to start of metadata

Setting Up your vCloud Org

Last Updated:  


The CloudConnect Platform associates each VMware Cloud Director Virtual Datacenter with a Microsoft Active Directory Domain.  The Virtual Datacenter provides the data storage, processing, and networking capabilities to deploy Virtual Machines, while the Virtual Datacenter's associated Active Directory Domain provides authentication, authorization, licensing, and policy-based management of user accounts and computer (VM) objects.  At least Domain Controller for that Active Directory Domain must be running on a Virtual Machine inside its associated Cloud Director Virtual Datacenter.  There is no functional limit to the number of Virtual Datacenters and Active Directory Domain Forests in your Cloud Director Deployment.  CloudConnect recommends a keeping a Virtual Datacenter's Active Directory Domains siloed in its own Forest for maximum portability, extensibility, and security.

The CloudConnect Platform supports two deployment models for end user organizations, mspCloud and PrivateDomain.  Your VMware Cloud Director instance supports concurrent deployments of these models.  You may begin with mspCloud, Private Domain, or a combination of mspCloud and Private Domains.  Generally, as a deployment matures, there will be an mspCloud Domain and many Private Domains in your Cloud Director deployment.

In an mspCloud Virtual Datacenter deployment, an Active Directory Domain is deployed to manage one or multiple organization tenants, who do not currently have or do not wish to have a dedicate Active Directory for their organization.  In this deployment model, each Tenant's compute and data storage is allocated by a subset of a Virtual Datacenter known as a vApp Container (collection of virtual machines), a dedicated virtual network (orgVdc Network).  Each tenant is represented and partitioned in Active Directory with its own assigned Organizational Unit.  The Organizational Unit contains the tenant's user accounts, computer objects, security groups, and group policies.  List Object Mode may be enabled in this environment to prevent tenant objects from being visible to others when searching Active Directory.  When following mspCloud organization deployment protocols, the virtual machines associated with each tenant exist in their own Layer 2 domain for networking purposes.

In a Private Domain Virtual Datacenter deployment, an Active Directory Domain is deployed exclusively for a single organization tenant.  This may be an extension of their existing Active Directory Domain or a New Active Directory Domain.  In this deployment model, the tenant's compute and data storage may be allocated to Virtual Machines at any level of their dedicated Virtual Datacenter.  The tenant will also have broad networking flexibility with a dedicated Edge Gateway (Router), and dedicated Public IP address.  The tenant may structure and manage the entire Active Directory Domain according to their own unique requirements and existing Corporate IT policies.

Generally, end user organizations who do not currently have an existing Active Directory Domain, are best suited to be deployed as a tenant in an mspCloud, while end user organizations with an existing on-premise or third-party hosted Active Directory Domain are best suited to be deployed in their own Private Domain.


Applies to: