"do a one to one nat for each vm inside a org vdc?"
No. you don't have to. you would have to have some form of nat if you aren't using a Direct Connect external network.
"how would other vms communicate if they are private?"
If they are attached to a vApp network, the "Network Pool" facilitates private communication (aka isolation) to avoid IP/Mac conflicts on the physical networks.
If you have 3 physically separate Datacenters and that the networks are completely isolated, each Datacenter should be a Provider vDC.
It doesn't matter if you have one or more vCenters ... I would say it'd be ideal to have one set of Management servers (vCenter/vShield/etc) per Datacenter ... since you don't want some cross dependencies.
So each provider maps to a vCenter/Physical Datacenter.
An organization vdc is a subset of a Physical provider vDC (Datacenter in your case). You can create one or more Org vDCs per Provider.
So .... maybe we have 3 Organizations (Research, Development, and Sales). Your 3 Datacenters have different Performance levels (High, Medium, Low). You want each department to have access to each tier of resources.
You could, do something like this:
Make an Organization called "Research"
create and Organization vDC called "High-Research", and give 50% of resources to it, and assign it to the 'Research' Organization.
you've created 1 Org vDC at this time ... if any user in the Research Organization deploys to "High-Research" it'll actually be placed in the corresponding datacenter.
You can repeat this process as many times as you want, assuming you have available resources.
When it comes to network pools, you just want to make sure that each datacenter has a blocked off section. So dedicate like a vLAN to a vCDNI pool, and trunk it to all NICs associated to the distributed switch.
Since you mention Lab Manager .... Here are some Lab Manager to vCloud Director terms:
LM = Physical Networks ---- vCloud = Direct Connect External Org vDC Networks
LM = Virtual Networks ---- vCloud = vApp Networks
LM = N/A ---- vCloud = Routed/Isolated Org vDC Networks
LM = Host Spanning Transport Network ---- vCloud = Network Pool
Note: LM's host spanning was essentially VCDNI type, you just didn't have any other options.
LM = Organization ---- vCloud = Organization
LM = Workspace (Main) ---- vCloud = My Cloud
LM = Workspace (not-main) ---- vCloud = N/A
LM = Configuration ---- vCloud = vApp
LM = Resources > Resource Pool ---- vCloud = Provider vDC
Note: in the case of Lab Manager you directly mapped a Cluster/Resource Pool directly to an Organization. vCloud requires that assign some subset of the Provider to an Organization via an Organization vDC.
LM = N/A ---- vCloud = Organization vDC
LM = Library ---- vCloud = Catalog
LM = VM Templates ---- vCloud = Templates (exist inside Catalog vApps)