Date post: | 08-May-2015 |
Category: |
Technology |
Upload: | tracepointmarketing |
View: | 443 times |
Download: | 3 times |
© 2011 VMware Inc. All rights reserved
Vmware: vCloud
Paul Manaton
Copyright © 2011 VMware, Inc. All rights reserved. This product is protected by U.S. and international copyright and intellectual property laws. VMware products are covered by one or more patents listed at http://www.vmware.com/go/patents. VMware is a registered trademark or trademark of VMware, Inc. in the United States and/or other jurisdictions. All other marks and names mentioned herein may be trademarks of their respective companies.
Agenda
09:00 - Registrations and Coffee
09:15 - Introduction to vCloud Director
09:35 - Architecting your cloud
10:00 - Live demonstration of vCloud Director
10:50 - Q&A
11:00 - Coffee break
2 Confidential
Copyright © 2011 VMware, Inc. All rights reserved. This product is protected by U.S. and international copyright and intellectual property laws. VMware products are covered by one or more patents listed at http://www.vmware.com/go/patents. VMware is a registered trademark or trademark of VMware, Inc. in the United States and/or other jurisdictions. All other marks and names mentioned herein may be trademarks of their respective companies.
3 Confidential
Copyright © 2011 VMware, Inc. All rights reserved. This product is protected by U.S. and international copyright and intellectual property laws. VMware products are covered by one or more patents listed at http://www.vmware.com/go/patents. VMware is a registered trademark or trademark of VMware, Inc. in the United States and/or other jurisdictions. All other marks and names mentioned herein may be trademarks of their respective companies.
4 Confidential
Copyright © 2011 VMware, Inc. All rights reserved. This product is protected by U.S. and international copyright and intellectual property laws. VMware products are covered by one or more patents listed at http://www.vmware.com/go/patents. VMware is a registered trademark or trademark of VMware, Inc. in the United States and/or other jurisdictions. All other marks and names mentioned herein may be trademarks of their respective companies.
The VMware Cloud Overview
5 Confidential
Copyright © 2011 VMware, Inc. All rights reserved. This product is protected by U.S. and international copyright and intellectual property laws. VMware products are covered by one or more patents listed at http://www.vmware.com/go/patents. VMware is a registered trademark or trademark of VMware, Inc. in the United States and/or other jurisdictions. All other marks and names mentioned herein may be trademarks of their respective companies.
Platform
Virtual Datacenter
Virtual Infrastructure
Infrastructure
Network Storage Server
What we need
Operations
Charge back
Performance
Capacity
IaaSOrchestration
Runbook
Automation
Configuration
Consumption
Service CatalogSelf-Service
PortalApproval ITSM
Copyright © 2011 VMware, Inc. All rights reserved. This product is protected by U.S. and international copyright and intellectual property laws. VMware products are covered by one or more patents listed at http://www.vmware.com/go/patents. VMware is a registered trademark or trademark of VMware, Inc. in the United States and/or other jurisdictions. All other marks and names mentioned herein may be trademarks of their respective companies.
Platform
vCloud Director
vSphere
Infrastructure
Network Storage Server
VMware delivers
vCOPs
Chargeback
vCenter Operations
vCenter CapacityIQ
IaaSOrchestration
vCenter Orchestrator
vConfiguration Manager
Consumption
vService Manager
Copyright © 2011 VMware, Inc. All rights reserved. This product is protected by U.S. and international copyright and intellectual property laws. VMware products are covered by one or more patents listed at http://www.vmware.com/go/patents. VMware is a registered trademark or trademark of VMware, Inc. in the United States and/or other jurisdictions. All other marks and names mentioned herein may be trademarks of their respective companies.
8 Confidential
The foundation for Infrastructure as a Service is vCloud Director
VMware’s vision is to build as a services on this platform
Standardization. Construct virtual data centers by pooling compute, storage, and networking resources together
Offers self-service. Construct Service Catalogs, application architectures can be deployed by non-technical people or by automated triggers such as ticketing systems
Secure multi-tenancy, ability to run multiple organisations on the same platform
Report consumption, permit charge or show back of what has been consumed and allow for different cost models
Characteristics of IaaS Clouds
Programmatic control via open APIs, ability to automate tasks and ensure mobility or resources between clouds
10
VMware vCloud Director
To make this possible, cloud requires new resource abstractions
Secure Private Cloud
Organization: Marketing Organization: Finance
Organization VDCs CatalogsOrganization VDCs Catalogs
VMware vSphere
VMware vCenter Server
Resource Pools Datastores Port Groups
(Go
ld)
(Bro
nze
)
Provider Virtual Datacenters
(Sil
ver)
Users & Policies Users & Policies
11
VMware vSphere and vCenter Server
Clusters and Resource Pools• Provide cloud compute
• DRS is a requirement for the clustero Shared storageo vMotion compatible or EVC enabled
Datastores• Provide cloud storage
• Abstract away underlying storage
type
Portgroups• Provide cloud networking
• Abstract away underlying
networking infrastructure
• vSwitch, vNetwork Distributed
Switch or Nexus 1000VFC Storage
vNetwork Distributed Switch
vSphere Cluster/Resource Pool
iSCSI Storage NFS Storage
vCenter Server
ESXi/ESX hosts
12
VMware vCloud Director
Define standard infrastructure
tiers called Virtual Datacenters• Pool virtualized infrastructure
resources across multiple vCenter
Servers
Define standard collections of
VMs called vApps Create Organizations and
manage users with RBAC Provide UI for users to self
provision vApps into Virtual
Datacenters Provide secure multi-tenancy
using vShield Edge
13
vApp
Container of one or more VMs,
Networking & security
appliances • Package up multi-tier application
architectures
• Upload vApp to a service catalog for
easy one-click redeployment
• Select boot order of VMs, start
delays and stop delays
• Set policies for vApp, storage lease
vApp
App
OS
App
OS
App
OS
Uses the OVF standard• Captures meta data about the VMs
• Allows import and export between
clouds in standard format
VMwarevShield
vApp Networks
14
Fast Provisioning using Linked Clones For Improved Agility
vmdkTemplate
• Provisions new VMs from a template without replicating the entire image
• Instead, links the images (clones) so that common elements are stored only once
Overview
• Dramatically speeds up provisioning time from >2 minutes to <5 seconds
• Reduces storage footprint (and cost) by over 60%
Benefitsvmdk vmdk vmdk
15
Networking & Security : Introducing vShield Products
VMware vSphere VMware vSphere
DMZ Application 1 Application 2
Securing the Private Cloud End to End: from the Edge to the Endpoint
vShield Edge
Secure the edge of the virtual datacenter
vShield App and Zones
Create segmentation between enclaves or silos of workloads
vShield Endpoint
Offload anti-virus processing
vShield Manager
Centralized Management
16
Provide Choice in Resource Consumption Models
With Vmware Chargeback we have set 3 “out of the box” consumption models
Allocated Pool – “Bill for thevirtual container”
Reservation Pool – “Bill for the physical container”
Pay-Per-vApp – Purchase VMs of specified sizes and contents
17 Confidential
Open standards make the hybrid cloud possible
vApp
Provisioning and Control of the Application
vCloud API: First Open API to Consume and
Control Cloud Resources
PublicClouds
PrivateCloud
Open Virtualization Format: First Industry Standard Cloud
Workload
18
Consumption Visibility
Show back or Charge back to consumers
• vCloud Director resources like broadband network traffic, public IP addresses, DHCP, NAT can be metered and billed
Setup leases to assure resource reclamation
VMware vSphere
19 Confidential
vCloud.vmware.com
20 Confidential
Connecting the Clouds
Cloud ServiceProvidersPrivate Cloud Move workloads
Traditional
vSphere/vCenter
Connect L2 networks
vCloud.vmware.com
21 Confidential
vSM Cloud Provisioning
Enhance provisioning and cloud self-service for vCloud Director
Standardize and automate service delivery of hybrid Clouds
Ensure policy compliance in higher governance environments
22 Confidential
vCloud Director and VMware Service Manager
Capabilities vCloud DirectorVMware Service
Manager – Cloud Provisioning
Accelerates end user time-to-market by enabling intelligent virtual machine provisioning across VMware vSphere® clusters with on-demand access..
Ensures secure isolation and enforce control with policy-based user controls and VMware vShield™ security technologies.
Uses open standards for interoperability and application portability between clouds
Consolidates infrastructure and delivers resources as configurable, easy-to-manage virtual datacenters.
Provides vCloud Director services in a service catalog for easiest end-user consumption
Standardizes and automates services from request, approvals, provisioning, changes, to notification
Provides tracking and reporting for higher governance environments
23 Confidential
Architecting for the Cloud
24 Confidential
Major considerations.
Users
• Who can do what with which resources?
What controls/policies should be in place?
• Who needs to authorise what?
Services
• What does your catalog need to look like?
Technical considerations
• Storage, CPU, RAM, Networks
25 Confidential
Where are you now?
What percentage are you virtualised?
• Do you want t got further?
What is our infrastructure costing?
• Can you achieve savings within current estate?
What barriers are stopping you maximising the potential?
• People, Budget
26 Confidential
Where do you want to go?
Public/Private/Hybrid?
• Where to go and what goes where?
27
Some Technical Detail
28 Confidential
Cloud Director architecture … the basics
vCenter
ESX ESX
vSphere Client
vCenter
ESX ESX
vCenter
ESX ESX
vCD
Cell(s)
vCloud APIs
vSphere Client (Plug-in)
vCD Portal “Build your Own tool/portal”
3rd party portals
(i.e. iWave ITO)
Resource Pod
29 Confidential
VMware vCloud Director Installation and Licensing
Installs on RHEL 5 U4 or higher 64-bit machine
VMware vCloud Director supports • VMware vSphere Editions
• VMware vSphere Enterprise*
• VMware vSphere Enterprise Plus
• VMware vCenter Server Editions
• VMware vCenter Server Standard
• Minimum requirements
• vSphere and vCenter Server versions 4.0 U2 and 4.1.
VMware vCloud Director licensed by concurrent powered-on VMs managed by VCD
vCenter ServerVMware vCloud
Director
*vSphere Enterprise will not support VLAN backed Network Pools and VMware vCloud Director Network Isolation (VCDNI) backed Network Pools
30 Confidential
Network Fencing
Allows developers to provision Layer-2 isolated networks in seconds…
Deploy multiple copies of the vApp on the same Org/External network without modifying hostname or IP address
• Each VM keep original hostname/IP information inside the fence
• Each VM assigned a new IP outside the fence
31 Confidential
vShield Edge – simplifying complex virtual networking
Provides virtual routing between physical and virtual networks
Brings firewalling/NATing ‘inside’ the virtual environment
Provides more flexibility, without the need to always go to external physical firewalls, but centrally managed
Extremely useful for test/dev environments
VCD-Network Isolation reduces the need for VLANs in crowded datacentres
Enables secure multi-tenancy for Service Providers
32 Confidential
vShield Edge networking
Physical
DMZ network
Internet
Physical
Secure network
Tenant A
DMZ routed network Tenant A
DMZ direct network
Tenant A
Secure direct network
Tenant A
Secure routed network
vApp network
vApp
33 Confidential
Connecting the Clouds
Cloud ServiceProvidersPrivate Cloud Move workloads
Traditional
vSphere/vCenter
Connect L2 networks
34 Confidential
IPsec VPN between 2 External networks
192.168.100.1/24 192.168.200.1/24
192.168.100.200/24192.168.100.100/24
192.168.100.1
IPsec VPN192.168.100.101
192.168.200.1
192.168.100.106
Edge Edge
Internet
35 Confidential
Five Tuple Firewalls
Create complex firewall rules for enhanced security
• Firewall rules now can be configured for <source address, source port, protocol, destination port, destination address>
• Support for ICMP protocol in addition to tcp and udp
36 Confidential
Static Routing
37 Confidential
Chargeback and Billing in VMware Cloud Director
• vCloud Service Director itself does NOT do billing or chargeback
• There is NO billing information or metering information presented in the interface
• All chargeback is done through vCenter Chargeback
Ava
ilab
ilit
y
Self-Service Cloud
vCenter Chargeback
3rd-Party Billing
vCenter Chargeback
• Monitor and charge for vCloud resources
• Deliver targeted multi-tenant reports
• Integrate with 3rd-party billing
38 Confidential
vCenter Chargeback Overview
39 Confidential
vCenter Chargeback
Chargeback awareness and metering for vCD
• Organizations
• Virtual Datacenters (VDCs)
• vApps, templates, media file storage
Support for vCSD Resource Allocation Models
• Pay as you go – pay for each vApp deployed
• Reservation Pool – pay for a guaranteed set of resources
• Allocation Pool – aka burst charging, pay for a guaranteed set of resources, can use more than guaranteed but that
gets charged at a premium rate
Applicable Charges
• Count of public IP addresses
• Broadband traffic (Tx/Rx), per public IP
• CPU, Memory, Storage (base and premium, templates and media file storage)
• Fixed monthly charges for a vApp
40 Confidential
VMware Service Manager Cloud Provisioning
Utilizes the VMware Service Manager and vCloud Director Connector
Provides additional functionality to vCloud Director:
• Customized Customer Entry Portal
• Configurable and Extendable Request Forms
• Change Request Management for Owned Items
• Flexible Workflows
• Plug into vCO to kick off 3rd party workflows
41 Confidential
Standardize and Automate Service Delivery of Hybrid Clouds
The automation engine helps Cloud providers standardizeand deliver Cloud infrastructure.
Electronicapprovalprocess Error
notification,if any
Requestinitiated byend-user
Policy-basedlogic
Provisioningin vCloud Director
Successfulservice
deployment
Databaseupdate
42 Confidential
VSM includes a connector to vCenter Orchestrator (vCO)
Introducing vCO in the Provisioning Process can enhance service automation by providing advanced technical orchestration capabilities
While VSM acts as the ‘Traffic Cop’ enforcing the service oriented workflow
Enhanced Provisioning Automation with vCO
Oracle EM
VMware Service Manager
vCloud Director
vCO
vCenter
3rd Party Systems
vCloud Director
43
Lets See the Product in Action
44
Case Study
45 Confidential
Oxford University
Secure DbaaS
Hybrid Cloud
46 Confidential
A Video
47
Many ThanksQuestions?
48 Confidential
A little bit on futures
49 Confidential
Introducing vFabric Data Director
Do for Databases what vSphere does for Servers
• Extends vSphere benefits to Databases
• Drastic Cost Savings for Databases
• CAPEX
• OPEX
• Consolidates Thousands of Databases & Simplifies Management
Built on and Integrated with vSphere 5.0
50 Confidential
Path to PaaS
Infrastructure-as-a-Service (IaaS)
• Centralized management of Compute, Storage,
and Network resources
• Self-service management of Infrastructure
resources
• Dependent on Virtualization
IaaS + Database-as-a-Service
• Centralized management of Databases
• Self-service database operations
• Leverages IaaS architecture
Platform-as-a-Service (PaaS)
• Centralized applications development framework optimized for the cloud
• Integrates automation provided by IaaS and
DBaaS
vSphere + vCloud Director vFabric Data Director Cloud Foundry
51 Confidential
vFabric Data Director
vFabric Data Director
• Powers database-as-a-service across private and public vClouds
• Self-service database virtualization platform for traditional and new databases
• First database enabled is PostgreSQL database with optimization for vSphere
• Oracle support in 2012
• MS SQL support in 2013
• Will integrate with vCD
Self-service IT Control vSphere-Optimized
VMware vSphere 5
App App AppAppApp App App App
Graphical User Interface/API
52 Confidential
Backup/Restore: Built-in Policies
DBA’s have limited time to enable, monitor, and test backup and recovery policies for all databases.
Solution: Built-In Backup Policies
• Fully integrated backup & restore process (backup templates)
• Automated scheduled backups
• Policy driven backup retention
• Self-service manual backups
• Database remains on line duringbackup
• Dual backup techniques integrated into single policy
• External Backups
• Resilient external backups
• Snapshots with Database Consistency
• Faster to take and restore
53 Confidential
Backup/Restore - Point-in-Time Recovery
Database recovery is cumbersome and error prone
Solution: Fully automated point-in-time recovery
• Comprehensive view of database backups
• Point in time recover with a few clicks
54 Confidential
Innovative Database Cloning
The average production database has 6 clones (dev, qa) and each clone takes days to create.
Solution: Innovative Database Cloning
• Automation and flexibility
• Choice of what to clone • Data and schema
• Schema only
• Choice of clone point• Backup (include PITR)
• Current state of database
• Choice of destination database configuration• Copy parent database configuration
• Specify destination database configuration
55 Confidential
Innovative Database Cloning
• Full Database Clone• Complete physical copy of parent
• Isolation between parent and clone
• Linked Database Clone• Clone created from parent snapshot
• Clone in minutes regardless of database size
• Delta disk to track change from parent
• Application transparent
• Great of diagnostic scenarios
Dev QA Perf
Linked DB Clones
Full DB Clone
Staging
Production
“House of Brick has always found that VMware outshines the competition when it comes to the tools supporting their cloud infrastructure. With vFabric Data Director, even routine operations such as database cloning are now automated and are as easy as one simple click.”
- David Woodward, COO, House of Brick
56 Confidential
Security
Role Based Access Control
• Out-of-the-Box Roles• Organization Administrator
• Developer
• Custom Roles
Fine-grained Security Privileges
• Over 30 different privileges• Create/Edit/Delete Database
• Backup/Restore/Clone Database
• Create/Edit/Delete Template
• Edit Template/Database settings
Benefits
• Robust security enables self-service
• Custom roles ease security management
57 Confidential
Flexible Database Templates
Solution: Flexible Database Templates
• Customize templates for database configuration and backup
• Robust role-based access control which templates users can access
• Search and browse templates
• Fast provisioning
Benefits
• Enforce IT standards and control
• Ease of use
• Ensure reliability and repeatability
Database provisioning and configuration requires sophisticated DBA with limited time.
58 Confidential
Dashboards
• Database performance
• Resource utilization
• Capacity planning
• System health, etc.
End to End Monitoring
• System, Organization, Database Group, Database
Alarms and Notifications
• Out-of-the-Box alarms
• Custom alarms and thresholds
Monitoring – Manage by exception
59 Confidential
vFabric AppDirector
AppDirector automates application deployments on hybrid clouds, specifically on VCD 1.5
vCloud Director 1.5
Application Stack
Applications
Custom or Packaged App binaries, config
.war, .jar, .tar, .zip etc
Middleware, OSApp servers, messaging, web servers, databases, operating systems, load balancers, etc
60 Confidential
Proliferation of Middleware, OS
60
Application teamsInfrastructure teams
A forward-looking large enterprise
1. Too many combinations of OS, middleware, scripts
2. Post deployment compliance headaches
3. Environment readiness for middleware adding to deployment time
Middleware, OS – Standardization, Collaboration, Policy-based enforcement?
cachedatabasemessaging
appserver appserver appserver
load balancer
worker
load balancer
Application Infrastructure teams
2
61 Confidential
What are key goals for AppDirector
Simplicity
• Automated deployment on cloud
• Intuitive graphical user interface
Cloud Ready
• Model-once, deploy anywhere (portability)
• Standardization of middleware, OS
• Open and Extensible
Active App Management
• Integrated Application Performance Management for dynamic remediation of apps
1
2
3
62 Confidential
vFabric AppDirector
Open architecture for model-driven, orchestrated provisioning on any IaaS cloud
Standardization of heterogeneous middleware, packaged apps, OS
Best-practice application blueprints for deployment patterns
1 2
3
Collaborative, integrated application management
4
cachedatabasemessaging
appserver
appserver
appserver
load balancer
worker
load balancer
63 Confidential
Deployment EnvironmentsDeployment Environments
Application BlueprintApplication Blueprint
Architect
Cloud Admin
Deployment
Profile
(dev)
Deployment
Profile
(dev)
Application Binaries
Application Stack - (Middleware, OS)
Deployment
Profile
(test)
Deployment
Profile
(test)
Deployment
Profile
(prod)
Deployment
Profile
(prod)
App Dev, QA, Release
Test Org VDCTest Org VDC Prod Org VDCProd Org VDCDev Org VDCDev Org VDC
vFabric AppDirector – “Model-driven” cloud-ready App provisioning
Catalog
Standardized configurations of OS, Middleware
Middleware Admin
Automated Deployment Plans with Orchestration
Logical Application Topology with Application Policies, Configurations
Pre-instrumented with App Monitoring
Collection of deployment settings
Makes blueprints portable across clouds
64 Confidential
Model Application BlueprintUse canvas to create deployment topology
Standardized templates
from catalog
Standardized scripted
services from catalog
65 Confidential
Select Deployment Environment, Cloud Templates, Networks
Steps in deployment profile
Based on logical names used for templates and NICs in the blueprint, system picks cloud templates and networks on the selected deployment environment