This solution doesn't require a vApp router, and it works for isolated vApps and isolated Organization Networks. Depending on what you would like to build, you need different parts:

To add a VM to a vApp, see the Adding a VM to a vApp recipe in Chapter 3, Better vApps.

This additional VM will be the Jumphost VM. Do not power on the Jumphost VM yet, as this is an important step in the recipe.

The recipe is the same for vApp and for Organization Networks. We will focus on the additional VM we have created. Perform the following steps:

We have placed a dual-homed VM (Jumphost VM) on the border between the two networks (it is sitting on the fence). The Jumphost VM is assigned a public IP from the External Network Pool and a private IP from the isolated vApp or Organization Network. The important thing is that the public address is the primary gateway and has the gateway address assigned to it, making it possible to route back the connection to your desktop. This can also be achieved by adding static routing to the Jumphost VM's OS; however, for most people, this is rather confusing.

The following diagram shows a Jumphost configuration for a vApp and an organization configuration:

All vanilla Linux and Windows OSs have routing between interface cards disabled. It has to be explicitly activated (see the See more section of this recipe). This means that the Jumphost VM is sitting on both the networks without connecting them. This makes the Jumphost VM rather interesting. You can now access the Jumphost VM via RDP/SSH as well as any kind of file-sharing that has been set up. This makes it possible to connect to a fully isolated network and share files between the External Network and the isolated network.

If you take this principle further, you could create your own router, load balancer, and other kinds of gateways.

If you are using this host as a bastion host, please be aware that you will need to harden it.