Hi all,
so I am looking at another problem now. Previously, with vCloud Director, VMware has recommended to deploy a WAF in front of the Web UI, to block malicious data and prevent user access to certain urls. I want to do a similar setup for vCAC, in that a tenant can access only his /org/tenantURL. Furthermore users (assigned to a business group) should only be able to access the system through the WAF, that is the clients from their network would only be authorize to do this thorugh the WAF, which would have its own dns name and virtual ip. So it basically looks like this: Client network <-> WAF <-> vCAC (traffic from and to goes through WAF). The WAF would also handle ssl termination. There not a single word about such a configuration in the vCAC 6.0 documentation, whreas the vCD documentation mentions this as a good practice for example here: http://www.vmware.com/files/pdf/techpaper/VMW_10Q3_WP_vCloud_Director_Security.pdf
Can anyone part with some knowledge on how to implement such a setup? We already have the WAF in place but struggle with the ssl temrination an "translating" the dns name in the HTTP transactions of vCAC on the WAF from and to the client (probably due to the SAML token generation).
Thanks in advance for you help!