Organization Network

An organization network provides network services to one particular organization, whereas an external network is created at the provider level and supplies connectivity to multiple organizations. There are three options when creating organization networks: internal, NAT-connected, and direct-connected. An organization administrator cannot create an organization network due to the configuration of external IPs; only a system administrator can configure this.

Internal

An organization can be set up so that it does not have a connection to the Internet or a connection to any other external network, just an internal connection. An internal-only network could be set up for groups of test virtual machines; a virtual machine can be configured with multiple network interfaces so that it has a connection to the internal network as well as one of the other two types. With an internal organization network, vApps can connect, but there is no traffic outside the organization.

Network Address Translation (NAT)-Connected

Network Address Translation (NAT)-connected, sometimes called a “routed network,” can be connected to the external network through a vShield Edge device. The vShield Edge device provides port-forwarding services, NAT, DNS forwarding, and DHCP services to the network; the vShield Edge device gets provisioned automatically
by vCloud Director as needed. A NAT connection allows for virtual machines to communicate with each other while only having one IP seen from the Internet. Another use of NAT is to fence, which includes two sets of IP addresses: external and internal. Fencing allows for several vApps to utilize the same internal IP addresses and extremely useful for test environments.

Direct Communication

The last option for an organization network is a direct connection. The organization would use an external net- work to connect to external systems, including the Internet. Using this method, a user can connect directly to a virtual machine using remote desktop or even SSH. If a vApp configured for a direct connection then the vApp’s IP addresses must be statically assigned or a DHCP server must be connected to the external providing the vApp with those IP addresses.

For further reading, check out my vCloud Director 5.1 Networking Concepts white paper!