Abiquo 4.7.1 reintroduces support for fenced vApps in vCloud Director by default. When private networks have a connection to the outside world, "fenced" means that vCloud creates a routed NAT configuration and maintains the configuration of MAC and IP addresses between vCloud deployments.
To prevent the platform from creating fenced vCloud vApps, set the "vcd.fenceVapp" property to false on the Remote Services server. See Abiquo Configuration Properties#vcd.
If vCloud vApps are not fenced, users cannot work with Abiquo VM firewall policies in their virtual datacenters. However, users can always work with Abiquo classic firewalls.
In Abiquo virtual datacenters (vApps in vCloud), private networks (vApp networks) can have a connection to the outside world. The administrator can configure this connection using the vcd.parentnetwork property for Abiquo and for the enterprise. The possible values are:
The default value of "edge-uplink" uses the external network connected to the orgVdc Edge gateway. If you set vcd.parentnetwork to a value "edge-uplink" or the name of another orgVDC network, when you create a private network in Abiquo, the platform will connect the vCloud vApp network to the external network. The fence mode for the vApp will be NAT_ROUTED. If the fenceVapp property is set to true, then vCloud will retain the IP and MAC addresses of the Edge gateway between vCloud deployments.
When you set vcd.parentnetwork to a value of "none", the private networks in Abiquo do not have a connection to the outside world. With no parent network, the fence mode is ISOLATED. This would be equivalent to the typical "default_private_network". In this case, the fenceVapp property does not apply.