To display the networks available to a virtual datacenter:

1. Go to Virtual datacenters → select virtual datacenter → Network.

• The default network is highlighted with a star symbol
• A network with an internet gateway is highlighted with a globe symbol
• In public cloud, to synchronize networks and IP addresses, click the round arrows synchronize button
• In AWS, you can filter the list of private networks by Availability Zone

Screenshot: Private networks in private cloud

Screenshot: Private networks in public cloud (AWS)

In the Networks list, to view the pool and allocation of IPs:

• To display all the IPs in the virtual datacenter, click the All button at the top of the list
• To display the IPs in a network, click the Network name

You can then:

• Use the slider at the bottom of the list to move through the pages 
• Filter the list by entering text in the Search box. The filter works with all the columns of the table including:

• • IP Address
  • MAC address
  • Network name
  • Virtual appliance using the IP
  • VM using the IP
  • Provider ID of the entity using the IP (for example, a load balancer)

Private networks are only available within a virtual datacenter. However, your cloud provider may configure an external gateway for your virtual datacenter.

To create a private network:

1. Go to Virtual datacenters → select virtual datacenter → Network → Private
2. Click the + add button  and complete the dialog

Create private network

Create private network Amazon

For more details see GUI Create network Private

You can configure static routes when you create or edit a network. However, you should check with your systems administrator about when your VM will receive changes to static routes.

For more details see GUI Create network Static routes

To create new IP addresses in a private network do these steps.

1. Go to Virtual datacenters → optionally select a virtual datacenter
2. Go to Networks → Private → select a private network
3. On the Private IPs page, click the add + button and enter details

Or you can add an IP directly to a VM. To do this:

1. Go to Virtual datacenters → Edit VM → Network
2. Click the add + button and enter details (or drag the Auto-generated IP label into the Network pane)
   
   For more details see GUI Create IP addresses

To edit a private network

1. Go to Virtual datacenters → select a virtual datacenter → Network
2. Select the network
3. Click the pencil edit button below the Networks list
4. You can change the network Name, Gateway, DNS settings, and optionally make the network the new default for this virtual datacenter.
5. Click Save

The new settings will apply to all VMs deployed after you save the network.

You can delete a private network if no VMs are using its IPs and it is not the default network for the virtual datacenter.

To delete a private network:

1. Go to Virtual datacenters → select a virtual datacenter → Network → Private
2. Select the network and click the delete button below the networks list. 

The platform automatically onboards external networks when you onboard virtual datacenters from vCloud Director.

To display onboarded external networks

1. Go to Virtual datacenters → Network → Select vCloud VDC → External

If an onboarded network has been deleted in the provider, its name will display in light gray text. If a VM is using an IP from this network, then you cannot deploy the VM.

If there are no VMs using the IPs of an external network that was already deleted in the provider, to delete the network in the platform, select it and click the delete button.

Each virtual datacenter requires a default network. If you deploy a VM without assigning a NIC, the platform will add one from the default network. You cannot unselect the default network, instead you must assign a new default network to replace it.

To set a network as the default, you will require privileges to access this network in the virtual infrastructure.

To assign a network as the default for a virtual datacenter do these steps:

1. Go to Virtual datacenters → select virtual datacenter → Network → network type, e.g. Private
2. Create or edit a network
3. Select the Default network checkbox 
   
   • This default will override the platform default network and any network set for the enterprise in the datacenter
   • The new default network will apply to all VMs deployed after you set it
   • For a public network that is the virtual datacenter default, obtain IP addresses for your VMs before you deploy

In public networks you can reserve or purchase public IP addresses for your VMs. Reserved IPs may be charged while they are reserved, even if they are not used in VMs. 

To add new public IP addresses to your virtual datacenter:

1. Click the + Add button on the Public IPs page to display the list of available public IPs
   
   1. To move between pages, use pagination controls such as arrows and page numbers
   2. To filter your search, enter an IP address or Network name in the Search filter box
2. Select IP addresses to add them to your virtual datacenter 
3. Click Add to reserve the IPs

The platform will add the IPs to your VDC

You can also reserve public IPs directly from the Edit VM dialog.

During onboarding from public cloud, the platform will onboard existing public IP addresses in providers that support them, such as AWS and Azure. You can obtain them from the provider and assign them to your virtual datacenters and VMs.

To add public IP addresses to your virtual datacenter, so that you can later assign them to your VMs:

1. Go to Virtual datacenters → Select a public cloud virtual datacenter → Network → Public
2. On the Allocated public IPs page, click the + add button
3. To add the public IP to a virtual datacenter, click the Add to VDC link near the IP address

Now when you edit a VM in the VDC and go to Network → Public, the platform will display the public IP address and you can add it to your VM.

To obtain a public IP directly for a VM, click Purchase public IPs.

To onboard any public IP addresses that were already created in your cloud provider, or update changes made directly in the provider:

1. Go to Virtual datacenters → select a public cloud virtual datacenter → Network → Public
2. Click the double arrow synchronize public IPs button (beside the + add button)

You can release a public IP if it is not assigned to a VM.

In private cloud, to release a public IP that belongs to a public network, select the IP in the IP list and click the delete button.

In public cloud, click the link to Remove from VDC and then click the delete button.

You can use Quality of Service (QoS) traffic shaping parameters to limit the bandwidth for each public IP in a virtual datacenter.  

This feature applies to public IPs in infrastructure and managed by NSX in vCenter and vCenter clusters.

When you upgrade the platform or create a virtual datacenter, the public IPs bandwidth limit is disabled. To enable the limit for the public IPs of the VDC, edit the bandwidth limit. 

To edit the bandwidth limit and enable it in the platform:

1. Select the virtual datacenter and go to Network → QoS
2. Click the pencil edit button 
   1. To set the bandwidth limit in a specific direction, select the Enabled checkbox for that direction
   2. Set QoS values to apply to each public IP in virtual datacenter. This bandwidth will be set for each public IP in the virtual datacenter.

For more details see: 

• GUI Edit Public IPs bandwidth limit
• Limit bandwidth of Public IPs with QoS
  
  

To register changes that were made outside the platform, save existing public IP bandwidth values. In the API, to register changes, send a POST request with the existing values.

The private IP reservation feature will prevent users from assigning reserved IPs to VMs within the platform. The platform does not display reserved IPs to allow users to select them for VMs. You can only assign reserved IPs to VMs from outside of Abiquo, for example, using a script. If you onboard a VM with a reserved IP, the platform logs a warning message.

To reserve private IPs:

1. Go to Virtual datacenters → Networks → Private
2. Select the IPs and click the lock button
3. Enter the reason for the reservation

4. The platform will list the VMs in the virtual datacenter. Optionally select VMs to indicate where the IPs might be used. Note that you must check that the VMs are able to use these IPs. This selection does not assign the IPs to VMs.
   

The platform will display a padlock symbol and the reason beside the IP reserved addresses.

When the Network Address Translation (NAT) integration is available in your environment, to display NAT IPs and NAT rules:

1. Go to Virtual datacenters → select virtual datacenter → Network → NAT
   
   

To display NAT rules for a VM:

1. Go to Virtual datacenters → select VM → go to VM control panel → select NAT
   
   

To manage or display NAT rules for a VM:

1. Go to Virtual datacenters → edit VM → Networks → NAT

To enable VMs outside your VDC to connect to a VM with a private IP address, after you obtain a NAT IP, create a destination NAT rule, which is also called a DNAT rule. 

To create a DNAT rule:

1. Go to Virtual datacenters → Virtual appliances → edit VM
2. If your VM does not yet have an IP, go to Network → NICs and add a private IP
3. Go to Network → DNAT
4. Click the + add button on the top right-hand side of the tab

5. Enter the details of the DNAT rule

   

   For more details see GUI Add NAT rule DNAT
   
   

6. Click Add
7. Save the VM

To send outgoing traffic through a NAT IP that is not the default one, add an additional SNAT rule with these steps:

To create an SNAT rule:

1. Go to Virtual datacenters → Virtual appliances → edit VM
2. If your VM does not yet have an IP, go to Network → NICs and add a private IP
3. Go to Network → SNAT
4. Click the + add button on the top right-hand side of the tab

5. Enter the addresses of the SNAT rule

   

   For more details see GUI Add NAT rule SNAT
   
   

6. Click Add
7. Save the VM

To use a NAT IP address as a public IP address for a load balancer:

1. Use the virtual datacenter's NAT IP address or obtain an additional NAT IP address. See Obtain an additional NAT IP address for a virtual datacenter
2. Create the load balancer and select the NAT IP

The platform will automatically create a NAT rule to match the port mappings of the routing rule of the load balancer.

In addition to the NAT IP address assigned to the virtual datacenter, you can obtain NAT IP addresses for creating additional NAT rules.

To obtain an additional NAT IP address:

1. Go to Virtual datacenters → Network → NAT
2. Click the + add button on the top right-hand side of the screen
3. Select the NAT network and click Accept

The platform will reserve an IP address and allocate it to your virtual datacenter.

You can then use the NAT IP address as the public IP address for a load balancer or to provide access to a private IP address.

You can use Quality of Service (QoS) traffic shaping parameters to limit the bandwidth for all the NSX NAT IPs in a virtual datacenter. 

When you create a virtual datacenter, the new "natbandwidthlimit" attribute is present but you must edit the virtual datacenter to enable it in the platform and in the NSX. 

To edit the bandwidth limit and apply it in the NSX:

1. Select the virtual datacenter and go to Network → QoS
2. Click the pencil edit button 
   1. To enable the bandwidth limit in a specific direction, select the Enabled checkbox for that direction
   2. Set QoS values for your virtual datacenter. Be sure to allow enough bandwidth to share between all the NAT IPs in the virtual datacenter.

For more details see GUI Edit NAT bandwidth limit

To register changes that were made outside the platform, save existing NAT bandwidth values. In the API, to register changes, send a POST request with the existing values.

The platform provides a unified interface to firewalls in varied cloud environments. 

This section describes firewall policies, which are similar to security groups. The platform supports firewall policies in private cloud with network managers (NSX, NSX-T) and in public cloud.

Abiquo firewall policies represent.

• AWS security groups
• Azure firewall policies
• GCP firewall rules
• OCI network security groups

For more details, please see the public cloud features table for each provider.

In vCloud Director, the platform also supports classic firewalls, which are Edge firewalls at level of the public cloud region (orgVDC). See Manage classic firewalls. 

You can display and manage firewalls in the platforms at the level of the virtual datacenter or the location (public cloud region or datacenter).

To display firewalls in a virtual datacenter in a provider:

1. Go to Virtual datacenters → select a virtual datacenter → Network → Firewalls
   

To display all firewalls in Google Cloud Platform

1. Go to myCloud → Global view → select the GCP provider → Networks → Firewalls

To display all firewalls in a location (public cloud region or datacenter):

1. Go to Cloud virtual datacenters view → Locations
2. Select a location
3. Go to Network → Firewalls
   
   Firewalls that do not exist in the provider are grayed out, and you should delete these firewalls.

To display firewalls in an Azure Resource Group:

1. Go to Cloud virtual datacenters view
2. Go to Global → Azure → Resource Groups → select a resource group
3. To display the details of the firewall, edit the firewall

The synchronization process will onboard firewalls and it will update the platform's information about firewalls that already exist in the cloud provider. The platform synchronizes automatically when you onboard virtual resources from public cloud. Depending on the provider, the platform may support synchronization at the level of the location (public cloud region) or virtual datacenter.

To synchronize firewalls do these steps:

1. In the myCloud view go to Virtual datacenters, or Locations, or for Google Cloud Platform select the Global view
2. Go to Network → Firewalls
3. Click the double-arrow synchronize button 

To synchronize a firewall in AWS before you add new firewall rules:

1. Select the firewall and click the double-arrow synchronize button

The platform can create firewall policies in virtual datacenters in the provider, or in the platform only, for later use in providers, depending on provider support.

To create a new firewall, do these steps:

1. Go to Virtual datacenters → Network → Firewalls
2. Click the Add button
3. Enter the firewall details
   
   For more details see GUI Create firewall policy
   
   
4. Click Save to create the firewall
5. Add Firewall rules as described below

If you entered a virtual datacenter, the platform created your firewall in the provider. The platform will display a Provider-ID and a Virtual datacenter ID for the firewall. 

If you selected No virtual datacenter, the firewall will be created in the platform in the public cloud region for your enterprise. The synchronize process will not update this firewall. The platform will not create it in the provider until you select a virtual datacenter.

You can define firewall rules for inbound and outbound traffic in your firewall policy.

To add a new firewall rule:

1. Select the virtual datacenter or location
2. Select the firewall
3. On the Firewall rules panel, click the pencil Edit button
4. Select the Inbound or Outbound tab for the traffic direction you wish to control
5. Enter the details of a rule
   1. Protocol
   • • Select from Common protocols, OR
     • Select and enter a Custom protocol
   1. Port range with the Start port and End port that this rule will apply to. To enter one port, enter the same value twice, or optionally apply the rule to a number of ports at the same time
   2. Sources or Targets as a network address and netmask
6. Click Add. The firewall rule will be added to the Firewall rules list
7. Enter more rules as required, then click Save

Before you begin:

1. Check if your provider allows you to move firewalls. For example, Azure ARM allows you to move firewalls to other VDCs in the same resource group

To move a firewall to another virtual datacenter

1. Go to Virtual datacenters → Locations or Global
2. Select the public cloud region, or Azure provider and resource group
3. Edit the firewall policy and select the new Virtual datacenter
   
   

To delete a firewall policy:

1. Edit each VM that is using the firewall policy to remove the firewall policy
2. Select the firewall policy
3. Click the Delete button

The load balancer feature aims to simplify the creation of load balancers across all providers in the multi-cloud platform, providing a unified interface.

In AWS, Abiquo supports Application load balancers (see Manage Application Load Balancers) and Classic load balancers (described on this page). 

Please refer to cloud provider documentation as the definitive guide to the load balancing features.  And remember to check your cloud provider's pricing before you begin.

In vCloud Director, load balancers belong to a public cloud region, not a virtual datacenter. This means that in vCloud Director, you can attach VMs from more than one virtual datacenter to the same load balancer, and these load balancers do not work with private networks, which belong to only one virtual datacenter.

You can display and manage load balancers in the platform at the level of the virtual datacenter or the location (public cloud region or datacenter).

To display load balancers in virtual datacenters:

1. Go to Cloud virtual datacenters view

2. Select a virtual datacenter

3. Go to Network → Load balancers.

To display load balancers in a region, including those that do not exist in the provider.

1. Go to Cloud virtual datacenters view
2. Click the Locations button and select a location
3. Go to Network → Load balancers
   
   
   Load balancers that do not exist in the provider are displayed in light gray text and you should delete these load balancers.

To display load balancers in an Azure Resource Group:

1. Go to Cloud virtual datacenters view
2. Go to Global → Azure → Resource Groups → select a resource group
3. To display the details of the load balancer, edit the load balancer

Before you begin:

• Synchronize your virtual datacenters (including VMs, networks, firewalls, firewall rules, and load balancers)
• If required by your provider, create firewalls for your VMs to allow your load balancers to access the VMs
• In Azure make sure that your VMs belong to availability sets

To create a load balancer:

1. Go to Virtual datacenters → select a virtual datacenter → Network → Load balancers 
   1. For vCloud, select All virtual datacenters → Network → Load balancers → Region

2. Click the + add button and complete the following dialogs according to your cloud provider's documentation

Load balancer general information

The following screenshots are from AWS or Azure

For more details see GUI Create load balancer General info

Load balancer routing rules

For more details see GUI Create load balancer Routing rules

Load balancer SSL certificate

For more details see GUI Add a new certificate

Load balancer health check

For more details see GUI Create load balancer Health check

Load balancer firewalls

For more details see GUI Create load balancer Firewalls

Assign load balancer nodes

For more details see GUI Create load balancer Nodes

The platform enables you to create site-to-site VPNs between virtual datacenters and other virtual datacenters or other entities. 

This feature is available in datacenters using VMware with NSX-NAT or NSX-gateway.

To manage VPNs, go to Virtual datacenters → select a virtual datacenter → Network → VPN

Initial support for VPNs is per VDC, which means you need to create a separate VPN site for each connected virtual datacenter. Both sites of a VPN must have the same encryption and authentication settings, and inverse local and remote network configurations.

The following table describes VPN functionality in the providers.

To connect private cloud with public cloud, define the VPN site in private cloud first. 

To create the VPN site for site1:

1. Go to Virtual datacenters → select a virtual datacenter → Network → VPN
2. Click the + add button and enter the VPN details

The platform will create the VPN site.

For more details see GUI Create a VPN

To create the VPN site for site2 in another VDC:

1. Select the Virtual datacenter
2. Add another VPN site using the same encryption and authentication settings, and the remote network configuration of the first VPN site as the local values. 

After you have created both VPN sites, on the VPNs tab, to check the connection in the network virtualization system, click the Check link in the VPN Status column, or when you edit a VPN site.