Confidential │ ©2019 VMware, Inc.Confidential │ ©2019 VMware, Inc.
Realiseer een echte hybridecloud met VMConAWS
Viktor van den [email protected]
Dennis van [email protected]
August 2019
Confidential │ ©2019 VMware, Inc.Confidential │ ©2019 VMware, Inc. 22
Wie zijn wij?
Viktor van den BergSolutions Engineer Commercial @ VMware NLVMware Cloud on AWS SMEVCDX-DCV, VCIX-CMA, VCIX-NV
Dennis van HoftenSenior Solutions Architect Financial Services @ VMware NLCloud Native SMEVMware Cloud on AWS SME
Confidential │ ©2019 VMware, Inc.Confidential │ ©2019 VMware, Inc. 33
Agenda
• Introduction• Why a hybrid cloud?• Introduction and architecture of VMware Cloud on AWS
• Deep dive• Compute, Storage and Availability• Networking• Cloud migration with HCX
Confidential │ ©2019 VMware, Inc.Confidential │ ©2019 VMware, Inc. 44
Technology Is Transforming Every Industry
Connected and data-driven healthcare
Mobile and securefinancial services
Analytics-driven precision farming
Confidential │ ©2019 VMware, Inc.Confidential │ ©2019 VMware, Inc. 55
Top 10 CIO Investment priorities 2019Source: CIO.COM
o Securityo People/talent (training, acquiring, and leading)o Digital Transformationo Analytics/BI/AI/IoT/RPAo Cloudo Improve, lose, or replace activities relative to applications and infrastructureo Low Code/No Code o Business & IT continuityo Application upgradeso Getting more value out of previously made investments
Confidential │ ©2019 VMware, Inc.Confidential │ ©2019 VMware, Inc. 66
Deliver SaaS Apps
Develop for Cloud
Extend to Cloud
Modernize Datacenter
Security
Automation & Operations
Agile IT Delivery Innovate
Cost & Flexibility
Control & Compliance
Application needs are driving IT initiativesDigital Business Seeks These Outcomes
Confidential │ ©2019 VMware, Inc.Confidential │ ©2019 VMware, Inc. 77
Advanced analytics
Next-generation storefronts
Self-service experiences
IndustrialIoT
Data-Defined Business
Processes
Business process automation
in the next five yearsthan in the last 40 years
More applications andsolutions will be deployed
Cloud Strategy
Confidential │ ©2019 VMware, Inc.Confidential │ ©2019 VMware, Inc. 88
….enabled by a hybrid cloud that delivers consistent infrastructure and operationsModern business applications require flexibility
Public Cloud Private Cloud Compute Edge
Confidential │ ©2019 VMware, Inc.Confidential │ ©2019 VMware, Inc. 99
….enabled by a hybrid cloud that delivers consistent infrastructure and operationsModern business applications require flexibility
Public Cloud Private Cloud Compute Edge
WEBAPP
BusinessAPP
StorefrontAPP
IOT
Store Service
Confidential │ ©2019 VMware, Inc.Confidential │ ©2019 VMware, Inc. 1010
Key requirements and challenges of a hybrid cloud
Public Cloud Private Cloud Compute Edge
Operational Inconsistencies
Different Skillsets & Tools
Disparate Management Tools & Security Controls
Inconsistent Application SLAs
IncompatibleMachine Formats
Challenges and Complexity
Confidential │ ©2019 VMware, Inc.Confidential │ ©2019 VMware, Inc. 1111
Hybrid cloud realities ‘ How to prevent silo’s ‘ Incompatible formats = refactoring
CONFIDENTIAL 11
APPSAPPS APPSAPPS
Confidential │ ©2019 VMware, Inc.Confidential │ ©2019 VMware, Inc. 12©2018 VMware, Inc.
Refactoring and Rearchitecting is hardThe 6 Application migration strategies
Confidential │ ©2019 VMware, Inc.Confidential │ ©2019 VMware, Inc. 13©2018 VMware, Inc.
“Monthly Uptime Percentage” is calculated by subtracting from 100% the percentage of minutes during the month in which Amazon EC2 or Amazon EBS, as applicable, was in the state of “Region Unavailable”
“Region Unavailable” means that more than one Availability Zone in which you are running an instance, within the same Region, is “Unavailable” to you.”
Design for AvailabilityCan your applications scale across Availability Zones?
Confidential │ ©2019 VMware, Inc.Confidential │ ©2019 VMware, Inc.
So what you need is a universal construction kit for the cloud
Confidential │ ©2019 VMware, Inc.Confidential │ ©2019 VMware, Inc. 1515
Making the Hybrid Cloud a RealityExtend the private Cloud Foundation into the public cloud and consume as a service
PRIVATECLOUD
PUBLICCLOUD
Delivered as-a-servicePrivately Managed and Operated
Compute Storage Network
Cloud Management
VMware Cloud Foundation
Lifecycle Automation
Confidential │ ©2019 VMware, Inc.Confidential │ ©2019 VMware, Inc. 1616
What if you could deliver application portability with the same platform on any cloud The value of the VMware Hybrid Cloud
Private Cloud
VMware Cloud Foundation
Network Compute Storage
Automation & Operations
Edge
VMware Cloud Foundation
Network Compute Storage
Automation & Operations
…
CLOUD PROVIDER PROGRAM
Public Cloud
VMware Cloud Foundation
Network Compute Storage
Automation & Operations
Confidential │ ©2019 VMware, Inc.Confidential │ ©2019 VMware, Inc. 1717
What if the platform is integrated with the native cloud servicesThe value of the VMware Hybrid Cloud
Private Cloud
VMware Cloud Foundation
Network Compute Storage
Automation & Operations
Edge
VMware Cloud Foundation
Network Compute Storage
Automation & Operations
…
CLOUD PROVIDER PROGRAM
Public Cloud
VMware Cloud Foundation
Network Compute Storage
Automation & Operations
Amazon EC2
AmazonS3
AmazonRDS
AWS Direct Connect
AWS IAMAWS IoT
…
…
…
…
AWS Native ServicesNative Cloud Services
• Azure SQL• Azure DW• Azure Data Factory• Azure Visual Studio• Azure Databricks• Azure Data Lake• Azure Data Explorer
Confidential │ ©2019 VMware, Inc.Confidential │ ©2019 VMware, Inc. 1818
What if the platform is integrated with the native cloud servicesThe value of the VMware Hybrid Cloud
Private Cloud
VMware Cloud Foundation
Network Compute Storage
Automation & Operations
Edge
VMware Cloud Foundation
Network Compute Storage
Automation & Operations
…
CLOUD PROVIDER PROGRAM
Public Cloud
VMware Cloud Foundation
Network Compute Storage
Automation & Operations
Amazon EC2
AmazonS3
AmazonRDS
AWS Direct Connect
AWS IAMAWS IoT
…
…
…
…
AWS Native ServicesNative Cloud Services
• Azure SQL• Azure DW• Azure Data Factory• Azure Visual Studio• Azure Databricks• Azure Data Lake• Azure Data Explorer
CONSISTENT EXPERIENCEOpen Source IaaS, PaaS, CaaS, FaaS • Tooling • Telemetry
CONSISTENT OPERATIONSManagement and Operations • Across Clouds
CONSISTENT INFRASTRUCTURECompute, Networking, Storage, and Security (VMs, Containers, XaaS)
Confidential │ ©2019 VMware, Inc.Confidential │ ©2019 VMware, Inc. 1919
Any Device
Any App
Any Cloud
VMware VisionDeliver the essential, ubiquitous digital foundation
Cloud Native Containerized SaaS Traditional
Hybrid Clouds
Telecom Cloud
Public Clouds
Edge Computing
Confidential │ ©2019 VMware, Inc.Confidential │ ©2019 VMware, Inc. 2020
Any Device
Any App
Any Cloud
VMware VisionDeliver the essential, ubiquitous digital foundation
Cloud Native Containerized SaaS Traditional
Hybrid Clouds
Telecom Cloud
Public Clouds
Edge Computing
Any Cloud
TelecommunicationsCloud
Hybrid Clouds Public Clouds
VMware Cloud Foundation
IntrinsicSecurity
Common Operations
Common Infrastructure
21
Our mission
We create a seamless experience across clouds
22Confidential │ ©2019 VMware, Inc. 22Confidential │ ©2019 VMware, Inc.
Introduction & Architecture of VMConAWS
23
VMware Cloud Foundation
Integrated software defined cloud platform
Simplest to deploy and operate
Built-in intrinsic security
Supports traditional and new workloads
Enables path to hybrid cloud
Public CloudPrivate Cloud
Lifecycle Automation
Compute Storage Network
Cloud Management
VMware Cloud FoundationIntrinsic Security
24
Cloud Foundation
Cloud Foundation
Cloud Foundation
Building a Hybrid Cloud with VMware Cloud PartnersPublic cloud services offered by our strategic partners
Geo 1
Workload mobility between clouds
HCX
Cloud Foundation
Geo 2
Geo 3Cloud Foundation
VMware Cloud Management
Operational Consistency Across the Hybrid Cloud
On PremCloud
Confidential │ ©2019 VMware, Inc.Confidential │ ©2019 VMware, Inc. 2525
VMware and AWS partnering to deliver a seamlessly integrated hybrid cloud
• Leading compute, storage and network virtualization capabilities
• Support for a broad range of workloads • De-facto standard for the enterprise DC
• Flexible consumption economics• Broadest set of cloud services• Global scale and reach
Jointly engineered solution delivers the best of VMware and AWS for customers
26
Cloud Foundation
Cloud Foundation
Cloud Foundation
Building a Hybrid Cloud with VMware Cloud on AWSPublic cloud service sold, delivered and supported by VMware
Region 1
Workload mobility between clouds
HCX
Cloud Foundation
Region 2
Region 3Cloud
Foundation
Amazon EC2
AmazonS3
AmazonRDS
AWS Direct
Connect
AWS IAM
AWS IoT
VMware Cloud Management
Operational Consistency Across the Hybrid Cloud
On PremCloud
VMware Cloud on AWS
Access to All AWS Services
Confidential │ ©2019 VMware, Inc.Confidential │ ©2019 VMware, Inc. 2727
VMware Cloud on AWSDelivering proven enterprise capabilities on the world's most popular public cloud
Rich VMware SDDC delivered as a cloud service on
AWS
Consistency and familiarity of
VMware technologies
Easy workload portability and hybrid capabilities
Direct access to the power of native AWS
services
Existing and new apps with Containers and VMs
As-a-Service Consistent Portable Integrated Any App
Confidential │ ©2019 VMware, Inc.Confidential │ ©2019 VMware, Inc. 2828
VMware Cloud on AWS: Jointly engineered cloud service
• VMware SDDC running on AWS bare metal
• Sold, operated & supported by VMware and its partners
• On-demand capacity and flexible consumption
• Full operational consistency with on-premises SDDC
• Seamless large-scale workload portability and hybrid operations
• Global AWS footprint, reach, availability over time
• Direct access to native AWS services
AWS Global InfrastructureCustomer data
Center
vSphere vSAN NSX
Operational management
AWS services
vRealize Suite, ISV ecosystem
vCentervCenter
VMware CloudTM on AWSPowered by VMware Cloud Foundation
Large-scale application migration
Confidential │ ©2019 VMware, Inc.Confidential │ ©2019 VMware, Inc. 29
VMware Cloud on AWS is a cloud serviceJointly engineered, one-stop shop for customers
AWS Global Infrastructure
vSphere vSAN
VMware CloudTM on AWSPowered by VMware Cloud Foundation
Single support owner
NSX
Operations
• Support provided by VMware directly
• AWS infrastructure (for VMware Cloud on AWS) support managed by VMware
• Physical resources managed by AWS
• Ongoing infrastructure monitoring
Maintenance
• Ongoing stack maintenance managed directly by VMware
• Upgrade implementation and execution
Confidential │ ©2019 VMware, Inc.Confidential │ ©2019 VMware, Inc.
VMware In-Product Support Experience
Intelligent Search: Surfaces popular content based on the user’s location and contextual usage in the product
Chat with VMware Support: Quickly address questions or issues with highly skilled VMware Support Engineers and Customer Support Representatives
Support Requests (SRs): Create and manage SRs or our Support Engineers can create SRs on their behalf via chat without leaving the product.
Ask the Community: Engage and pose questions to actively moderated communities backed by passionate VMware Support Engineers and VMware Experts around the globe.
Service Health: Review live status of VMware Cloud Services and receive important service notifications.
Confidential │ ©2019 VMware, Inc.Confidential │ ©2019 VMware, Inc. 3131
Simultaneously expanding to multiple global AWS Regions
Available-Mar 2019 Q2 2019 H2 2019Asia Pacific (Singapore) South America (Sao Paulo)* Europe (Sweden)Canada (Central)* Asia Pacific (Seoul)* China (Hong Kong)Europe (Paris) Asia Pacific (Osaka-Local)** Bahrain
Asia Pacific (Mumbai)* Gov Cloud US East
* Stretched cluster not supported ** Disaster Recovery site only, gated entry
Available Regions
US West (Oregon)US East (N. Virginia)Europe (London) Europe (Frankfurt)Asia Pacific (Sydney) Europe (Ireland)US West (N. California)*US East (Ohio) Asia Pacific (Tokyo) Gov Cloud US West
Last updated: March 8, 2019
Confidential │ ©2019 VMware, Inc.Confidential │ ©2019 VMware, Inc. 3232
Use Cases
Data Center Extension
Disaster Recovery
Cloud Migrations
Application Modernization
Confidential │ ©2019 VMware, Inc.Confidential │ ©2019 VMware, Inc. 3333
HCX Hybrid Interconnect
vSphere 5.0+KVM, Hyper-V
Legacy VMs
VMware HCXAccelerating the SDDC Modernization and Cloud Journey
HCX
Modern EnterpriseDatacenter
Modern vSphere
MIGRATIONREBALANCINGDISASTER RECOVERY
VCD / VCF
IBM, OVHFujitsu, CTC
VMC on AWS
Modern SDDC
PREM CLOUD
Confidential │ ©2019 VMware, Inc.Confidential │ ©2019 VMware, Inc. 3434
On-demand / hourly model
1 or 3-year reserved model
Buy add-on services
VMware SPP or HPP Credits
Purchase Orders
Credit Card
Consumption-based Billing Various Payment Methods
Flexible consumption models
35Confidential │ ©2019 VMware, Inc.Confidential │ ©2019 VMware, Inc.
VMware Cloud on AWS Roadmap
Let’s review the live roadmap
https://cloud.vmware.com/vmc-aws/roadmap
Confidential │ ©2019 VMware, Inc.Confidential │ ©2019 VMware, Inc. 3636
VMware Cloud on AWS Feature LifecycleFeature Lifecycle Phases
Feature now available for use by applicable
customers. May not be available in all AWS
regions.
Feature released in preview to gather
feedback. May not be available to all
applicable customers or in all AWS regions.
Feature in active development and
testing.
Feature under consideration or
planned for future development.
Available In Preview Developing Planned
This information is for informational purposes only and may not be incorporated into any contract. There is no commitment or obligation that items in ‘Preview’, ‘Developing’, and ‘Planned’, will become ‘Available’.
Confidential │ ©2019 VMware, Inc.Confidential │ ©2019 VMware, Inc. 37Confidential │ ©2018 VMware, Inc.
Confidential │ ©2019 VMware, Inc.Confidential │ ©2019 VMware, Inc. 3838
VMware Cloud on AWS Architecture
AWS Global InfrastructureCustomer data
Center
vSphere vSAN NSX
vSphere-based environment AWS services
vRealize Suite, 3rd party ISV ecosystem
vCentervCenter
VMware CloudTM on AWSPowered by VMware Cloud Foundation
Large-scale application migration
S3 Lambda Redshift
ELB CodeBuild KMS
…
Confidential │ ©2019 VMware, Inc.Confidential │ ©2019 VMware, Inc. 3939
Cloud SDDC Configurations
2 SDDCs per Organization*
Up to 20 vSphere clusters per SDDC
3 to 16 hosts per cluster
Only Cluster-01 has management workloads
2 types of hosts • I3• R5
* Soft Limit
Confidential │ ©2019 VMware, Inc.Confidential │ ©2019 VMware, Inc. 4040
Cluster Configuration
Overview
VMware infrastructure VMs stored on vSAN
• vCenter• NSX• HCX
Cluster size 3-16 nodes• Dynamically add and remove
nodes
vSphere High Availability
vSphere DRS
vSphere/vSAN Cluster
…
Confidential │ ©2019 VMware, Inc.Confidential │ ©2019 VMware, Inc. 4141
Cloud Service Operating ModelRestrictive Access Model
No root vSphere access
No VIB installations
No VDS configuration access
No direct management VM access
Management Gateway
Internet / Direct connect
Managed by VMware Managed by Customer
vSAN Datastore Workload Datastore
Confidential │ ©2019 VMware, Inc.Confidential │ ©2019 VMware, Inc. 4242
vSphere Availability Configuration
Availability: Enabled
Host Monitoring: Enabled
Admission Control Policy: Percentage Based
Host Failures to Tolerate: 1
VM & App Monitoring: Enabled
Host Isolation Response: Power off & Restart VMs
vSphere/vSAN Cluster
…Mgmt Resource Pool Customer Resource Pool
Mgmt Datastore Customer Datastore
VMware Ops(Automation, Support)
Customer Administrator (Cloud Admin)
Confidential │ ©2019 VMware, Inc.Confidential │ ©2019 VMware, Inc. 4343
vSphere DRS Configuration
DRS: Enabled
Migration threshold: 3
DPM: Disabled
Resource Pools created to isolate MGMT from customer VMs
Affinity Rules via Compute Policy
vSphere/vSAN Cluster
…Mgmt Resource Pool Customer Resource Pool
Mgmt Datastore Customer Datastore
VMware Ops(Automation, Support)
Customer Administrator (Cloud Admin)
Confidential │ ©2019 VMware, Inc.Confidential │ ©2019 VMware, Inc. 4444
vSAN Cluster
Expand the Cloud SDDC automatically as needed
1. Host is added
2. Network is automatically configured
3. vSAN datastore capacity automatically increased
Automatic Host Configuration
vSAN Cluster
Management Network
vMotion Network
vSAN Network
VXLAN Network
Confidential │ ©2019 VMware, Inc.Confidential │ ©2019 VMware, Inc. 4545
Scaling Hosts For On-Demand RequirementsElastic DRS
§ Enabled at the cluster level
§ Automatically scale cluster based on
utilization
§ Monitoring interval every 5 minutes
§ Enabled by default for storage only scale up
§ Scales up when ANY resource crosses pre-
defined threshold
§ Scales down when ALL resources consistently
remain below thresholds
Confidential │ ©2019 VMware, Inc.Confidential │ ©2019 VMware, Inc. 4646
CPU
Memory
Storage
vSAN ClustervSphere/vSAN Cluster
Expand the Cloud SDDC automatically as needed
1. Any resource above threshold.
2. Add Host.
3. All resources below threshold.
4. Remove Host.
Sleeps for 30min after two successive scale events.
Elastic DRS Integration
Confidential │ ©2019 VMware, Inc.Confidential │ ©2019 VMware, Inc.
Hybrid Cloud Operations & vCenter Cloud Gateway
§ Single view for Hybrid Cloud Management
§ Hybrid Linked Mode provides operational consistency
§ On-Premises vCenter connects to SDDC vCenters
§ Cold Migration and vMotion from the UI
§ Per-VM EVC support for Cross-Cloud vMotion
Confidential │ ©2019 VMware, Inc.Confidential │ ©2019 VMware, Inc. 4848
Define policies to implement desired states and placement constraintsCompute Policy
Declarative Control PlaneCaptures desired behavior
and end-state of a collection of vCenter
objects in terms of policies
Abstraction of underlying infrastructure
Captures business intent at a SDDC level rather than at a
cluster or inventory object level by leveraging inventory tags
Preferential policies
Enables compliance of inventory objects while keeping infrastructure
constraints in mind
Confidential │ ©2019 VMware, Inc.Confidential │ ©2019 VMware, Inc. 4949
Define policies to implement VM placement constraintsCompute Policy
VM-Host Affinity• Provides ability to
associate VMs to a specific host group within a VMware Cloud on AWS SDDC cluster
VM-VM Anti-Affinity• Allows a group of virtual
machines to be spread across multiple hosts
• Prevents simultaneous failure of those virtual machines in the event of host failure
Disable DRS vMotion• provides ability to prevent
vMotion triggered by DRS load-balancing, except during host maintenance mode
• Ideal for vMotion-sensitive workloads such as large transactional databases and real-time transaction processing applications
Confidential │ ©2019 VMware, Inc.Confidential │ ©2019 VMware, Inc. 5050
Define policies to implement VM placement constraintsCompute Policy
VM-VM Affinity• Specifies which VMs
should run on the same ESXi host
• Typically used to keep latency to a minimum
VM-Host Anti-Affinity• Specifies VMs that should not
run on specific ESXi hosts• Avoid running general purpose
VMs on hosts marked for running resource intensive VMs
Confidential │ ©2019 VMware, Inc.Confidential │ ©2019 VMware, Inc. 51Confidential │ ©2018 VMware, Inc.
Confidential │ ©2019 VMware, Inc.Confidential │ ©2019 VMware, Inc. 5252
Bare metal infrastructure
AWS i3.metal• Intel Xeon E5-2686 v4 processors• 36 cores• 2.3 GHz• 512 GiB RAM• 15 TB NVMe flash• 25 Gbps Networking
AWS R5.metal• Intel® Xeon® Platinum 8000 Series (Skylake-SP)• 48 cores• 2.5 GHz• 768 GiB RAM• EBS Storage only (15-35 TB)• 14 Gbps EBS Bandwidth• 25 Gbps Networking
Confidential │ ©2019 VMware, Inc.Confidential │ ©2019 VMware, Inc. 5353
I3.metal Compute Cluster Configuration
Dual socket CPU host configuration
Intel E5-2686 v4
18 Cores per socket at 2.3 GHz
Hyper-Threading is disabled
512 GiB memory per host
576108
81921536
TO
TO
CORES
GiB
CORES
GiB
3 NODE CLUSTER 16 NODE CLUSTER
Confidential │ ©2019 VMware, Inc.Confidential │ ©2019 VMware, Inc. 5454
R5.metal Compute Cluster Configuration
Dual socket CPU host configuration
Intel Platinum 8000 Series CPUs
24 Cores per socket up to 3.1 GHz
Hyper-Threading is disabled
768 GiB memory per host
768144
122882304
TO
TO
CORES
GiB
CORES
GiB
3 NODE CLUSTER 16 NODE CLUSTER
Confidential │ ©2019 VMware, Inc.Confidential │ ©2019 VMware, Inc. 5555
Custom CPU Core Counts
Regular Cluster “Custom” Cluster
…
• Increased deployment flexibility
• Specify just the number of CPU cores you need per host (applied cluster wide)
• Reduce costs for running mission-critical applications licensed per-core
• Permanent – set at deployment – can not be changed – not valid on cluster 1
• Valid for i3 and r5 (8, 16, 36 or 48 with r5)
…
Confidential │ ©2019 VMware, Inc.Confidential │ ©2019 VMware, Inc. 5656
Health Service is enabled
RAID 1, 5 and 6 available *
Enabled:
✓ vSAN Encryption
✓ Deduplication
✓ Compression
2 Disk Groups
8 self-encrypting NVMe devices
10.2TB raw capacity per host
vSAN Node Configuration
Storage Policy Configuration
I3.metal vSAN ArchitectureHighly performant and resilient Storage System
VMware Cloud on AWS SDDC
…Management VMs Customer workload VMs
Amazon EC2 I3.metal
Amazon EC2 I3.metal
Amazon EC2 I3.metal
Confidential │ ©2019 VMware, Inc.Confidential │ ©2019 VMware, Inc. 5757
Elastic vSAN: ability to scale up capacity post deployment
Diskless host instance R5.metal
VMware vSAN integrated with Amazon Elastic Block Storage (EBS)
Higher capacity per host for better VM consolidation – raw capacity ranging from 15TiB to 35TiB
Faster remediation of host failures
vSAN Node Configuration • 3 Disk Groups• 3 – 7 capacity disks• Compression enabled• Deduplication disabled
New: Add EBS capacity post deployment in 5TiB increments, applied cluster-wide
Tech P
re-
view
Availa
ble
VMware Cloud on AWS SDDC
Elastic vSAN
Amazon EC2 R5.metal
Amazon EC2 R5.metal
Amazon EC2 R5.metal
EBS EBS EBS EBS EBS EBS EBS EBS EBS
EBS EBS EBS EBS EBS EBS EBS EBS EBS
EBS EBS EBS EBS EBS EBS EBS EBS EBS
…Management VMs Customer workload VMs
For storage-dense environments to cost-effectively scale storage
Confidential │ ©2019 VMware, Inc.Confidential │ ©2019 VMware, Inc. 5858
Default Cluster Configuration
Restricted to one AWS Region and Availability Zone (AZ)
Automatically detects failed hardware
Auto remediation hardware allows automatic recovery from HA events
Provision new host and eject failed node without customer intervention
One Cluster, One region
AWS Global Infrastructure
AWS Region
SDDC
Availability Zone Availability Zone
ManagementResource Pool
Workload Resource Pool
Cluster
99.9%
Confidential │ ©2019 VMware, Inc.Confidential │ ©2019 VMware, Inc. 5959
vSAN ClustervSAN Cluster
Host Failure Remediation: VMware
1. Problem Identified
2. Add Host
3. Data Rebuilt/Resynced (where needed)
4. Problem Host Removed
Evacuation of failed/problem hosts and provisioning new host is automated
Mgmt Datastore Customer Datastore
…
Confidential │ ©2019 VMware, Inc.Confidential │ ©2019 VMware, Inc. 6060
VM Storage Policies
Storage policies• Declarative policy based
control point for data services– Availability– Space Reservation– QoS– Etc..
• Assigned to VM Home and virtual disk objects
• Can be modified anytime without downtime
Managed and Stored in vCenter
VM Storage policies
Policy OS/Gen Data
VMware Cloud on AWS
policy definition
ValuePolicy
Site disaster tolerance
Failure to Tolerate
Space Reservation
IOPS Limits
None - Standard Cluster
1 Failure - RAID-1 (mirroring)
50%
1000
Confidential │ ©2019 VMware, Inc.Confidential │ ©2019 VMware, Inc. 6161
Compliance ready Data-at-Rest Encryption
Fully integrated with the AWS KMS
FIPS 140-2 Validated
Cloud Admin key management
Built-in integration with AWS Key Management System for vSAN encryption
AWS KMS
Confidential │ ©2019 VMware, Inc.Confidential │ ©2019 VMware, Inc. 6262
Stretched Cluster Configuration
Stretched cluster with common logical networks with vSphere HA/DRS enabled
Synchronous replication between AZs for mission-critical applications
If one AZ goes down, it is simply treated as a vSphere HA event and VM is restarted in the other AZ
First time infrastructure level AZ resilience!
One Cluster, One region, Multi AZ High Availability
AWS Global Infrastructure
AWS Region
Availability Zone
ManagementResource Pool
Availability Zone
Workload Resource Pool
SDDC
Cluster
99.99%
Confidential │ ©2019 VMware, Inc.Confidential │ ©2019 VMware, Inc. 6363
VMware Site Recovery
Delivered as an add-on service
Built on VMware’s proven disaster recovery solutions
Automated DR runbook with application-centric runbooks
Bi-directional protection between cloud and on-prem as well as between AWS availability zones
Integrated deeply with the VMware Cloud on AWS services
Disaster Recovery in the Cloud
VR
VR
AWS Global Infrastructure
SDDC
Availability Zone
ManagementResource Pool
Workload Resource Pool
Cluster
SRM
Customer Data Center
vCenter
SRM
Confidential │ ©2019 VMware, Inc.Confidential │ ©2019 VMware, Inc. 6464
End-to-End Disaster Recovery Capabilities
Non-disruptive TestingAutomated testing in isolated network
Ensures predictability of recovery time objectives (RTO)
SRM SRM
Automated FailbackRe-protect using original recovery plan
Streamlines bi-directional migrations
Automated FailoverRunbook automation
Single-click initiation
Emphasizes fastest possible recovery after outage
Detailed Reporting
Single click report generation
Detailed reporting for each individual workflow
Summarized test results and detailed coverage of all steps
VMware Cloud on AWSOn-Premises
SDDCSDDC
Confidential │ ©2019 VMware, Inc.Confidential │ ©2019 VMware, Inc. 6565
VMware Site Recovery for VMware Cloud on AWSProtecting business operations with fast, large-scale Disaster Recovery as a Service
Replace existing or new DR site/solution for
on-premises applications
Complement existing DR site/solution for
on-premises applications
DR for VMware Cloud on AWS to other regions or
back to on-premises
Confidential │ ©2019 VMware, Inc.Confidential │ ©2019 VMware, Inc.
VMware Cloud VPC Customer VPC
ENI @25Gbps
AZ1
AZ2
Customer Data Center
Internet
vSphere Environment
ESXiCompute
vSphereStorage
vSANNetwork
NSX
vCenter
Color coding
• Paid by VMware – Charged back to Customer
• Paid by Customer to AWS directly
AWS region A
free
free
free
free
AWS region B
$0.05/GB
AWS Direct Connect
$0.02/GB
Cross-Region$0.02/GB
Cross-AZ$0.01/GB
Cross-AZ$0.01/GB
free
$0.09/GB
free
S3 in region A
S3 Public end-point
free
free
Confidential │ ©2019 VMware, Inc.Confidential │ ©2019 VMware, Inc. 67Confidential │ ©2018 VMware, Inc.
Confidential │ ©2019 VMware, Inc.Confidential │ ©2019 VMware, Inc. 6868
Key Categories of NSX Networking and Security Capabilities
Connectivity Security/Services Visibility
Confidential │ ©2019 VMware, Inc.Confidential │ ©2019 VMware, Inc. 6969
Elastic Data Center Network Overview
Management Pool§ vCenter Server, PSC, NSX Manager§ NSX Edge Gateway (MGW)§ NSX Logical Switch for management VMs§ Firewall and VPN for security
Compute Pools§ NSX Edge Gateway (CGW) § NSX Logical Switch for workload VMs§ Firewall and VPN for security§ NAT to connect VMs to the Internet
MGW CGW
vSAN Cluster
Managed by VMware Managed by Customer
VC NSX PSC VM VM VMVM VM
INTERNET / DIRECT
CONNECT
Confidential │ ©2019 VMware, Inc.Confidential │ ©2019 VMware, Inc. 7070
• Firewall• VPN• Micro segmentation• IPFIX• Port Mirroring
NSX-T Provides
Connectivity
Networking in VMware Cloud on AWSHybrid Networking and Connectivity Capabilities
• Direct Connect (DX)• IPSEC VPN• AWS VPC
Confidential │ ©2019 VMware, Inc.Confidential │ ©2019 VMware, Inc. 7171
InternetNSX-T Architecture view
CGW
ENI
25Gbps
Routed Network 1
192.168.1.0/24
Routed Network 2
172.16.2.0/24
VM VMVM VM
VMware Cloud VPC
Amazon EC2
AmazonS3
AmazonRDS
AWS IoT
AWS Native Services
(Customer)
L2 Extended Network
On-PremDef GW
VM
MGW
VCEdge(2)
Ctrl(3)
VPN
Workload LS-1 (Overlay) Workload LS-2 (Overlay)
ESXi hosts
NSXmgr
Edge Appliance
Direct Connect
Management Part Compute Part
Tier 0
Tier 1 Tier 1
Confidential │ ©2019 VMware, Inc.Confidential │ ©2019 VMware, Inc. 7272
NSX integrates with AWS Direct Connect for End-to-End Private Networking
Interconnectivity with Direct Connect
High bandwidth and low latency connectivity for all traffic types
All traffic types supported across Direct Connect
IPSec VPN for encrypted traffic but not required
AWSDirect Connect
Connectivity
Compute
Storage
NetworkSDDC
Compute
Storage
NetworkSDDC
On-Premises Data Center VMware Cloud on AWS
Confidential │ ©2019 VMware, Inc.Confidential │ ©2019 VMware, Inc. 7373
Direct Connect Configuration: Private VIF Example Connectivity
Compute
Storage
NetworkSDDC
On-Premises Data Center
AWS DXRouter
CustomerRouter
DX Location
10.10.0.0/16 10.30.0.0/16
Private VIF
eBGP
Entire VPC CIDR AdvertisedManagement Appliance Network
Logical Network Segments
interface gi0/0.100VLAN 100IP 168.254.254.14/30
BGP AS 65502MD5 Key
dxvif-aabbccddVLAN 100IP 168.254.254.13/30å
BGP AS 64512MD5 Key
CustomerNetwork
AWS BackboneNetwork
Compute
Storage
NetworkSDDC
VMware Cloud on AWS
CGW
Network A
Network B
MGW
Router
Confidential │ ©2019 VMware, Inc.Confidential │ ©2019 VMware, Inc. 7474
End-to-end connectivity via Route based VPNInterconnectivity with NSX Edge IPsec and L2 VPN
Route Based VPN - BGP
Dual-homed tunnels across unique endpoints for resiliency
Higher Throughput using DPDK technology
L2 VPN enabling Layer2 extension for DR and DC extension use cases
Connectivity
Compute
Storage
NetworkSDDC
Compute
Storage
NetworkSDDC
On-Premises Data Center VMware Cloud on AWS
Confidential │ ©2019 VMware, Inc.Confidential │ ©2019 VMware, Inc. 7575
High BW and Resilient Connectivity
Feature: ECMP with Route Based IPSEC VPN
ECMP can be used with Route Based IPSEC VPN in VMware Cloud on AWS
Benefits:Route Based IPSEC VPN with ECMP can be used in VMware Cloud on AWS SDDC to provide additional bandwidth and connectivity resiliency to on-prem, AWS VPCs, and to AWS TGW
Compute
Storage
NetworkvSphere-baseddata center
Compute
Storage
Network
VMware Cloud on AWSOn-Premises Data Center
Route Based IPSEC VPN
SDDC with NSX
Connectivity
ECMP
Route Based IPSEC VPN
Confidential │ ©2019 VMware, Inc.Confidential │ ©2019 VMware, Inc. 7676
Backup and Resilient Connectivity at Low Cost
Feature: Direct Connect with VPN as Standby
Direct Connect Private VIF can be configured with Route Based IPSEC VPN as Standby for non-ESXi and non-vMotion traffic
Benefits:IPSEC VPN can provide backup for Direct Connect Private VIF and additional resiliency for connectivity to on-prem at low cost
Compute
Storage
NetworkvSphere-baseddata center
Compute
Storage
Network
VMware Cloud on AWSOn-Premises Data Center
Route Based IPSEC VPN
SDDC with NSX
Connectivity
AWS Direct ConnectPrivate VIF
Active
Standby
Confidential │ ©2019 VMware, Inc.Confidential │ ©2019 VMware, Inc. 7777
NSX SecurityMicro-Segmentation – Distributed Firewall
Granular control for East-West traffic between workloads
Simplified policies based on the application (e.g. VM names, user-defined tags)
Policies follow workloads wherever they are moved within SDDC
Connectivity
Compute
Storage
NetworkSDDC
On-Premises Data Center VMware Cloud on AWS
Compute
Storage
NetworkSDDC
VMware Cloud on AWS
CGW
Network A
Network B
MGW
Router
Confidential │ ©2019 VMware, Inc.Confidential │ ©2019 VMware, Inc. 7878
Micro-segmentation example
Confidential │ ©2019 VMware, Inc.Confidential │ ©2019 VMware, Inc. 7979
Micro-segmentation example
Confidential │ ©2019 VMware, Inc.Confidential │ ©2019 VMware, Inc. 8080
Micro-segmentation example
Confidential │ ©2019 VMware, Inc.Confidential │ ©2019 VMware, Inc. 8181
Granular flow and packet level visibility through IPFIX and Port Mirroring Consistent Operational Tooling for Monitoring & Security
Network flow and packet visibility for Monitoring and Troubleshooting (IPFIX)
Plug into your current visibility tools on-premises and on VMware Cloud on AWS
Packet logging accessible through Log IntelligenceVisibility
PerformanceSecurity
Consume with your existing tools
Visibility
Compute
Storage
NetworkSDDC
On-Premises Data Center VMware Cloud on AWS
Compute
Storage
NetworkSDDC
82Confidential │ ©2019 VMware, Inc. 82Confidential │ ©2019 VMware, Inc.
Cloud Migration
Confidential │ ©2019 VMware, Inc.Confidential │ ©2019 VMware, Inc.
VMware Customers are Saying…
Operating Across Multiple Clouds
Migrating Applications
Modernizing App Dev / Kubernetes
Scaling / Temp Capacity
What is the top priority for your cloud strategy?
Source: VMware customer poll June 2019
Confidential │ ©2019 VMware, Inc.Confidential │ ©2019 VMware, Inc. 84©2018 VMware, Inc.
Workload Migration and Mobility ChallengesBarriers customers face when trying to move workloads to the cloud
Application Dependency
Mapping Delays
Cross-site networking and security issues
Incompatible, non-interoperable
stacks
Business Disruption
Confidential │ ©2019 VMware, Inc.Confidential │ ©2019 VMware, Inc. 8585
HCX Hybrid Interconnect
vSphere 5.0+KVM, Hyper-V
Legacy VMs
VMware HCXAccelerating the SDDC Modernization and Cloud Journey
HCX
Modern EnterpriseDatacenter
Modern vSphere
MIGRATIONREBALANCINGDISASTER RECOVERY
VCD / VCF
IBM, OVHFujitsu, CTC
VMC on AWS
Modern SDDC
PREM CLOUD
Confidential │ ©2019 VMware, Inc.Confidential │ ©2019 VMware, Inc. 8686
APPLICATIONMIGRATION
Datacenter Evacuation / Refresh
Greenfield Upgrade / Migrate
DR to the CloudSecure Scheduled Migration
WORKLOADREBALANCING
DISASTER PROTECTION
Multi-Cloud Workload Migration
App / Workload Rebalancing
HCX Use CasesSimplifying Application Mobility for Migration and Disaster Recovery
Confidential │ ©2019 VMware, Inc.Confidential │ ©2019 VMware, Inc. 8787
HCX for VMC
Migrate
HCX
DR Site
vSphere
Legacy DC
vSphere 5.5+
• Migrating large scale to VMC
• Protect from VMC to existing DR side
HCX Advantage
• Driving Large scale migration
• DRaaS + HCX for Protection to DR site
• Secure migration and DR traffic
• Network and IP preservation
• Partial DR
• High scale L2 Extensibility
Sample Customer ScenariovCenter
ESX
VMware Cloud on AWS
HCX
Protect
Confidential │ ©2019 VMware, Inc.Confidential │ ©2019 VMware, Inc. 88
HCX: Advanced
Any to Any VMware Migration
Bulk Migration with minimal
downtime
Retain IP addressing schemes and security
policies for app migration
Network path redundancy and
bandwidth management
Extend networks in few clicks
Reduced impact of latency across sites.
Optimal Migration waves determination
Confidential │ ©2019 VMware, Inc.Confidential │ ©2019 VMware, Inc. 89
HCX Enterprise
KVM + Hyper-V tovSphere Migration
Replication Assisted vMotion
/ Live Bulk Migration with zero
downtime
AdvancedDisaster Recovery
with SRM Readiness
NON-VSPHERE BULK MIGRATION
LARGE SCALE LIVE
MIGRATION
OPTIMIZEDDISASTER RECOVERY
Add-On SKU for Enterprise Features
Confidential │ ©2019 VMware, Inc.Confidential │ ©2019 VMware, Inc.
Extend Infrastructure
HCX – Operational Model
HCX SaaS
HCXProvider
HCXEnterprise
HCXProvider
HCXProviderAbstract Infrastructure
App Landscape
DEDICATED CLOUD
DRaaS
DaaS
HYBRID DMZ
Shared Services
Mobilize App Landscape
InternetWAN
vSphere+On-Prem
VC, VCD or VCF
VCS orVCF
VMC on AWS
Confidential │ ©2019 VMware, Inc.Confidential │ ©2019 VMware, Inc.
HCX in ActionCompleted migration of 24.9 GB VM on VCF:- 13 mins on prem Mexico to Paris cloud (139 ms)- 8 mins on prem Mexico to Toronto cloud (55 ms)
Customers call us: “Game Changer..” “Magical..” “Missing Link..”
92Confidential │ ©2019 VMware, Inc. 92Confidential │ ©2019 VMware, Inc.
Summary
Confidential │ ©2019 VMware, Inc.Confidential │ ©2019 VMware, Inc.
The value and challanges of a hybrid cloud• Application Portability and cloud migrations• Consistent infrastructure, operations and experience
VMC on AWS• A Managed and jointly engineered Cloud service• Based on VCF• Scalable infrastructure• Highly available• Network integration and security
Summary
Confidential │ ©2019 VMware, Inc.Confidential │ ©2019 VMware, Inc. 9494
VMworld Europe 2019
Ø Hear Expert PerspectivesLearn from top VMware and industry experts about what's coming next in IT.
Ø Connect and CollaborateCatch up with colleagues, meet new friends, and explore ideas with fellow attendees.
Ø Advance Your CareerBuild your skills to solve tomorrow's challenges today with VMware certifications and hands-on labs.
Ø Have Serious FunRelax and let loose with games, recreation events, sponsored get-togethers, and VMworld Fest—our can’t-miss party.
4 - 7 NOVEMBER 2019BARCELONA
Welcome to a world that empowers you to Make Your Mark.
Confidential │ ©2019 VMware, Inc.
Thank You
Confidential │ ©2019 VMware, Inc.
Thank You