Date post: | 21-Jan-2018 |
Category: |
Technology |
Upload: | amazon-web-services |
View: | 782 times |
Download: | 0 times |
© 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
Paul Bockelman, AWS Principal Solutions Architect (WWPS)
Oren Root, VMware Senior Product Line Manager
August 14, 2017
VMware and AWS Together—VMware
Cloud on AWS
What to expect from the session
• Why hybrid IT?
• Product overview of VMware Cloud on AWS
• Technical overview – review key enabling technologies
• Technical drilldown – how this thing works
• Illustrated use cases for an integrated VMware/AWS ecosystem
Revisiting the NIST cloud deployment models…
Private cloud
The cloud
infrastructure:
• Is operated solely for
an organization.
• May be managed by
the organizations or
a third party and…
• May exist on-
premises or off-
premises.
Community cloud
The cloud
infrastructure:
• Is shared by several
organizations and
supports a specific
community that has
shared concerns
(e.g., mission,
security
requirements, policy,
and compliance
considerations).
• May be managed by
the organizations or
a third party and…
• May exist on-
premises or off-
premises.
Public cloud
The cloud
infrastructure:
• Is made available to
the general public or
a large industry
group and…
• Is owned by an
organization selling
cloud services.
Hybrid cloud
The cloud
infrastructure:
• Is a composition of
two or more clouds
(private, community,
or public) that remain
unique entities, but
are bound together
by standardized or
proprietary
technology that
enables data and
application portability
(e.g., cloud bursting
for load balancing
between clouds).
The NIST Definition of Cloud Computing
Authors: Peter Mell and Tim Grance - Version 15, 10-7-09
https://www.nist.gov/sites/default/files/documents/itl/cloud/cloud-def-v15.pdf
What do customers really want for hybrid IT?
Run workloads on-premises
Run workloads in the cloud
Tight integration between on-
premises and the cloud
Without buying new hardware
VMware Cloud on AWS removes these barriers and enables faster hybrid cloud adoption
Common challenges with hybrid cloud adoption
Incongruent networks
Operational inconsistency
Need to learn new skill sets & tools
Multiple monitoring &
control mechanisms
Multiple virtual machine formats
VMware Cloud on AWS: Overview
vRealize Suite, PowerCLI
VMware Cloud on AWS
AWS Global InfrastructureCustomer data center
Management
(vCenter Server)
vCenter ServerSingle pane of glass and API across on-premises and cloud
Access to all AWS services
Amazon
EC2
Amazon
S3
Amazon
RDS
AWS Direct
ConnectIAMAmazon
Redshift
…
…
…
…
AWS CloudFormation, AWS CLI, SDK
AWS Global Infrastructure
Technical Preview
VMware Cloud on AWS: AWS view
VMware
operated,
supported, and
maintained
… Fully configured VMware software stack running
on state-of-the-art infrastructure provisioned on-
demand in minutes
Latest software
• VCSA, ESXi, NSX, VSAN, H5 client
Dynamic capacity
• DRS/HA compute cluster (Intel x86)
• VSAN storage cluster (SSD)
• NSX network virtualization (10 Gbps+)
Flexible topology
• Standalone cloud cluster
• Hybrid connectivity to on-premises
• Cloud-to-cloud connectivity
Overview
…
…
…
ESXi
ESXi
ESXi
…ESXi
…ESXi
…ESXi
VMware Cloud on AWS
Single-tenant (dedicated) bare-metal
Amazon EC2 hardware
vCenter
Server
Technical Preview
Gateway
NSX
Manager
AWS Global Infrastructure
VMware Cloud on AWS: AWS integration
Access to all native AWS services
Amazon
EC2
Amazon
S3
Amazon
RDS
AWS Direct
ConnectIAMAWS IoT
…
…
…
…
VMware Cloud on AWS
Technical Preview
VMware Cloud on AWS: Ops and support
The fully configured VMware Cloud software
stack will be provisioned, operated, and
maintained directly by VMware.
Overview
Provisioning
• Automated account creation and
environment provisioning by using the API
• Automated interconnection created between
VMware and AWS customer accounts
Operations
• Support provided by VMware directly
• AWS infrastructure (for VMware Cloud on
AWS) support managed by VMware
• Ongoing infrastructure monitoring
Maintenance
• Ongoing stack maintenance managed
directly by VMware
• Upgrade implementation and execution
Technical Preview
Common scenarios and use cases
There are multiple reasons and scenarios for why a VMware or AWS customer would
consider VMware Cloud on AWS.
Scenario 1:
Maintain and expand
ExpandMaintain
Geo expansion
Disaster recovery, backup, and
continuity of operations
Scenario 2:
Consolidate and migrate
MigrateConsolidate
Data center consolidation
Application migration
Scenario 3:
Workload flexibility
Prod, dev, test, lab, and training
Burst capacity
Flex as needed
Technical Preview
VMware Cloud on AWS: Account structure
• VMware Cloud VPC account- A new AWS solution account is created for each customer
- Is owned, operated, and paid directly by VMware
- Each solution account is single tenant for all ESXi hosts
- Solution account is linked to a VMware Master-Payor account
• AWS customer VPC account - Is owned, operated, and paid directly by the customer
- A VMware Cloud elastic network interface is automatically deployed into the customer
VPC with customer consent
- Has full access to the entire catalog of native AWS services within the AWS Region of
deployment
Technical Preview
VMware Cloud on AWS: Access model
• VMware Cloud on AWS is delivered “as a service” with the following
operational model:- AWS manages the physical resources
- VMware manages the hypervisor and management components (includes monitoring,
patching, upgrades, etc.)
- Customers manage their VMs (and networks)
• Customer access is via vCenter and VMware Cloud on AWS portal with
some restrictions:- No root ESXi access
- No vSphere Distributed Switch (VDS) configuration access
- No direct management of VM/NSX Edge access
Technical Preview
VMware Cloud on AWS: Simplified mode
• Auto-deploy and provision the VMware Cloud on
AWS infrastructure resources via predefined
workflows
• Setup of initial networks and admin access granted
to vCenter
• Deploy a prescriptive network topology
• Establish predefined VPN connectivity
• Provide inbound access to workload VMs
• Control firewall access to workload VMs
• Consume pre-created VMware Cloud on AWS
network services
• Deploy workload VMs
• Attach workload VMs to networks
• Create new networks
• Manage IP addressing for workload VMsvSphere (H5)
Web Client
VI Admin
Cloud
Admin
VMware Cloud
on AWS Web
Portal
Technical Preview
Compute: vSphere on bare metal
Compute
- 36 PCPUs (72 vCPUs)
- 512 GB RAM
- Dedicated host
vSphere features
- vSphere HA
- vMotion
- DRS
- Elastic DRS
Storage
- ESXi boot-from-EBS
- 14 TB NVMe-backed local
raw storage
Networking
- 10 Gbps+
- VMware Cloud ENI
vSphere
Amazon EC2Based on the I3 Instance family
Technical Preview
• Industry-leading private
storage virtualization
platform
• Flash SSD on bare-metal
hosts
• Fully featured
QoS – IOPS Limits
Storage Policy-Based
Management
Erasure coding
Storage capabilities
Storage: VSAN
Disk group 1 Disk group 2
Write buffer
Capacity
tier
ESXi-01 VSAN
VSAN
Technical Preview
Networking: NSX
Network virtualization platform for VMware
• Industry-leading private SDDC network virtualization platform
• 10 Gbps+ NICs on bare metal
• Fully featured advanced networking and security services
- Switching (logical layer2 networks over layer3 routing domains)
- Routing
- Firewalling
- Load balancing
- VPN
NSX
Technical Preview
Overlay Network
VM1
192.168.1.10 192.168.1.11
VXLAN 5001
VM2VM3
10.1.50.10 10.1.50.11
VM4
VXLAN 5002
10.1.50.1192.168.1.1 10.1.50.1192.168.1.1
Overlay Network
Underlay Network
10.20.30.40 10.20.30.41VTEP VTEP
VMware ESXi VMware ESXi
Existing customer environment
Customer Data Center
vSphere Environment
Non-vSphere Environment
ESXi
Deploy a bespoke NSX Edge appliance into
your existing vSphere environment to extend
the VMware Cloud on AWS environment to your
premises.
Technical Preview
Bespoke
NSX Edge
Provision VMware Cloud on AWS (SDDC) VPC
Customer Data Center
vSphere Environment
Non-vSphere Environment
ESXi
ESXi
Amazon EC2
The full VMware Cloud on AWS
stack will be auto-provisioned
and configured at launch into a
single-tenant AWS account
(owned and operated by
VMware).
VMware Cloud VPC
Technical Preview
IGW
Bespoke
NSX Edge
MGW
&
CGW
Provision or designate a target customer-owned VPC
Customer Data Center
Customer VPC
VPC subnet VPC subnet
vSphere Environment
Non-vSphere Environment
ESXi
VMware Cloud VPC
ESXi
Amazon EC2
A customer-owned AWS account
is created and/or assigned to
interoperate with the VMware
Cloud on AWS VPC.
Technical Preview
IGW
Router
Customer
GW
Bespoke
NSX Edge
MGW
&
CGW
Internet
ESXi
Connect data center to SDDC VPC (via L3VPN)
Customer Data Center
vSphere Environment
Non-vSphere Environment
ESXi
Customer VPC
VPC subnet VPC subnet
VMware Cloud VPC
Amazon EC2
Technical Preview
IGW
Router
Customer
GW
Bespoke
NSX Edge
Internet
MGW
&
CGW
Private SDDC connectivity is
established from the customer
data center to the SDDC VPC via
an L3VPN
Connect data center to customer VPC (AWS Direct Connect)
Customer Data Center
vSphere Environment
Non-vSphere Environment
ESXi
Customer VPC
VPC subnet VPC subnet
AWS Direct
Connect
Private
VIF
VMware Cloud VPC
ESXi
Amazon EC2
Technical Preview
IGW
Router
Customer
GW
Bespoke
NSX Edge
Internet
MGW
&
CGW
Private connectivity is established
from the customer data center to the
customer-owned VPC for non-
SDDC traffic via AWS Direct
Connect
Internet
Connect data center to SDDC VPC (via Direct Connect)
Customer Data Center
vSphere Environment
Non-vSphere Environment
ESXi
Customer VPC
VPC subnet VPC subnet
AWS Direct
Connect
Private
VIF
VMware Cloud VPC
ESXi
Amazon EC2
(Advanced option) Create a secondary transit
path for a separate VLAN (using hosted private
or public VIFs*) from the customer data center
to the SDDC VPC traffic.
Compute, vMotion, and Cluster
ManagementHosted
Private
VIF(s) or
VPN over
Public VIF
Technical Preview
IGW
Router
Customer
GW
Customer
GW
Bespoke
NSX Edge
MGW
&
CGW
* Requires L3VPN connectivity over AWS Direct Connect to MGW and CGW
Connect VMware Cloud VPC and customer VPC
Customer VPC
Customer Data Center
AWS Direct
Connect
VMware Cloud
ENI
VPC subnet VPC subnet
VPC subnet
vSphere Environment
Non-vSphere Environment
ESXi
VMware Cloud VPC
ESXi
Amazon EC2
Connect the VMware
Cloud VPC and the
customer VPC using a
private VMware Cloud ENI.
Private
VIF
Technical Preview
IGW
Router
Customer
GW
Customer
GW
Bespoke
NSX Edge
MGW
&
CGW
Internet
Deploy and consume native AWS services
Customer VPC VMware Cloud VPC
Customer Data Center
AWS Direct
Connect
VMware Cloud
ENI
VPC subnet VPC subnet
VPC subnet
Private Managed
AWS ServicesCustomer Instances
vSphere Environment
Non-vSphere Environment
ESXi
ESXi
Amazon EC2
Public
VIF
Regional AWS Services
AWS
Lambda
Amazon
S3
Amazon
CloudFront
Etc.
Private
VIF
Technical Preview
IGW
Router
Customer
GW
Customer
GW
Bespoke
NSX Edge
MGW
&
CGW
Internet
Operating in the hybrid ecosystem: Examples
• Use vMotion to migrate a virtual machine from a customer data
center to VMware Cloud on AWS
• Copy an object from a virtual machine in VMware Cloud to an
Amazon S3 bucket
• Connect a virtual machine in VMware Cloud to an Amazon Redshift
cluster
• Connect web server hosted on a virtual machine in VMware Cloud
using public Internet access
Technical Preview
Operating in the hybrid ecosystem: vMotion
Customer VPC
Customer Data Center
AWS Direct
Connect
VMware Cloud
ENI
VPC subnet VPC subnet
VPC subnet
Private Managed
AWS ServicesCustomer Instances
vSphere Environment
Non-vSphere Environment
ESXi
Private
VIF
VMware Cloud VPC
ESXi
Amazon EC2
vMotion from site to VMware Cloud
Regional AWS Services
AWS
Lambda
Amazon
S3
Amazon
CloudFront
Etc.
Technical Preview
IGW
Router
Customer
GW
Customer
GW
Bespoke
NSX Edge
MGW
&
CGWPublic
VIF
Internet
Operating in the hybrid ecosystem: Amazon S3
Customer VPC
Customer Data Center
AWS Direct
Connect
VMware Cloud
ENI
VPC subnet VPC subnet
VPC subnet
Private Managed
AWS ServicesCustomer Instances
vSphere Environment
Non-vSphere Environment
ESXi
Private
VIF
VMware Cloud VPC
ESXi
Amazon EC2
Copy an
object from
virtual
machine to
S3 Regional AWS Services
AWS
Lambda
Amazon
S3
Amazon
CloudFront
Etc.
Technical Preview
IGW
Router
Customer
GW
Customer
GW
Bespoke
NSX Edge
CGWPublic
VIF
Internet
Operating in the hybrid ecosystem: Amazon Redshift
Customer VPC
Customer Data Center
AWS Direct
Connect
VMware Cloud
ENI
VPC subnet VPC subnet
VPC subnet
Private Managed
AWS ServicesCustomer Instances
vSphere Environment
Non-vSphere Environment
ESXi
Private
VIF
VMware Cloud VPC
ESXi
Amazon EC2
Connect
virtual
machine to
Amazon
Redshift Regional AWS Services
AWS
Lambda
Amazon
S3
CloudFront Etc.
Technical Preview
IGW
Router
Customer
GW
Customer
GW
Bespoke
NSX Edge
MGW
&
CGWPublic
VIF
Internet
Operating in the hybrid ecosystem: VM internet access
Customer VPC
Customer Data Center
AWS Direct
Connect
VMware Cloud
ENI
VPC subnet VPC subnet
VPC subnet
Private Managed
AWS ServicesCustomer Instances
vSphere Environment
Non-vSphere Environment
ESXi
Private
VIF
VMware Cloud VPC
ESXi
Amazon EC2
Connect to a
virtual
machine
from the
internet
Assign
Elastic IP
Configure
NAT/FW
Regional AWS Services
AWS
Lambda
Amazon
S3
Amazon
CloudFront
Etc.
Technical Preview
IGW
Router
Customer
GW
Customer
GW
Bespoke
NSX Edge
MGW &
CGWPublic
VIF
Internet
Security and governance
• Customers maintain access security control of the VMware Cloud ENI using
standard AWS security practices (security groups, NACL, flow logs, and so
on)
• vMotion traffic is encrypted
• VM-level encryption
• Audit-quality logging
• Fully managed offering delivered by VMware
• VMware manages the infrastructure patching and upgrades of the VMware
Cloud environment
Technical Preview
Consumption model
Technical Preview
Consumption-based billing
• On-demand / hourly model
• 1 or 3-year reserved model*
Compelling TCO
• Attractive TCO vs. traditional on-premises
• Comparable vs. native cloud, depending on consolidation ratio
Loyalty discounts
• Leverage existing investments with VMware
• Purchase VMware Cloud on AWS at a lower rate