A slide deck has been circulating called “Life before and after vCloud Director” that claims to “reveal” that a vCloud environment could be designed to reduce redundancy. Chris Colotti makes some excellent points in a short and clear rebuttal:
A vShield appliance is only needed if you choose to NAT route the Organization networks or the vApp networks. These are not required, but are used if the design considerations call for it. Yes it can fail, anything can fail, so that statement is pretty broad. However, it is a VM protected most likely by VMware HA as are so many other production Virtual Machines today. There is also multiple blog posts about how VMware Fault Tolerance can be used to protect the vShield Manager as well as the deployed vShield Appliances themselves.
The appliance is the firewall, router, DHCP, and Load balancer for Selected Networks and Organizations, but not for the “vCD Systemâ€. You can always use direct connected networks and external firewalls, as well as load balancers and VPN devices. Again, vShield is NOT a requirement it is simply a tool to assist in the design of a multi-tenant vCloud Director deployment. We have also had folks deploy other Virtual Machines in the cloud itself to handle some of these functions including virtual load balancers.
The slide deck probably is based on an article from last year called “VMware vShield Manager design raises availability concerns“.
It is worth noting that VMware’s publicly stated best practice, per KB: 2011480, is to use fault tolerance with vShield.