building vmware software-defined data...

BuildingVMwareSoftware-DefinedDataCenters

TableofContents

BuildingVMwareSoftware-DefinedDataCentersCreditsAbouttheAuthorAbouttheReviewerwww.PacktPub.com

eBooks,discountoffers,andmoreWhysubscribe?

PrefaceWhatthisbookcoversWhatyouneedforthisbookWhothisbookisforConventionsReaderfeedbackCustomersupport

DownloadingthecolorimagesofthisbookErrataPiracyQuestions

1.TheSoftware-DefinedDataCenterThedemandforchangeBusinesschallenges:Theusecase

ThebusinessviewTheITview

ToolstoenableSDDCTheimplementationjourney

TheprocesscategoryTheprocesschangeexampleinTom'sorganization

ThepeoplecategoryThepeopleexampleinTom'sorganization

ThetechnologycategoryThetechnologyexampleinTom'sorganization

Whyarethesethreetopicssoimportant?Additionalpossibilitiesandopportunities

Theself-healingdatacenterTheself-scalingdatacenter

Summary2.IdentifyAutomationandStandardizationOpportunities

AutomationprinciplesDaytwoautomationThe80:20ruleThinkbig,startsmall

TheefficiencybottleneckBringingitalltogether

ScriptorworkflowIdentifyingprocessesandhowtoautomatethemITdeliveryframeworks

WhatifnoCMDBorticketmanagementisinplaceAchievingstandardization

DeploymentstandardsOrganizationautomationexamples

SimpleVMdeploymentThehybridclouddeployment

TheanalysisofthehybridclouddeploymentThebetterapproach

Summary3.VMwarevSphere:TheSDDCFoundation

BasicsandrecommendationsforvSphereintheSDDCDistributedResourceSchedulerResourcepoolsStorageDRSDistributedVirtualSwitchHostProfiles

vSphereconfigurationconsiderationsSeparatemanagementclusterManagementclusterresourceconsiderations

SeparatemanagementVDSThepayloadcluster

TheresourcepoolapproachTheclusterapproach

StoragePolicyBasedManagementSPBMdefinition

IntegratedvSphereautomationBestpracticesandrecommendations

Summary4.SDDCDesignConsiderations

ThebusinessusecaseThebusinesschallengeTheCIOchallengeConstraints,assumptions,andlimitations

ConstraintsLimitsAssumptions

ScalabilityandfuturegrowthvRealizeAutomationvRealizeCodeStream

vRealizeOrchestratorvRealizeOperationsManagervRealizeBusinessvRealizeLogInsightNSX

DesignandrelationsofSDDCcomponentsLogicaloverviewoftheSDDCclustersLogicaloverviewofthesolutioncomponents

ThevRealizeAutomationdesignSmallEnterprise

InfrastructuredesignexamplesNetworkStorageCompute

DesigningthetenantsTenants,businessgroups,andinfrastructurefabricsWhatisatenant?

Whatisabusinessgroup?Whatisafabricgroup?Whatistheinfrastructurefabric?

WhatmustbeincludedinthedesignWhatifthevSphereenvironmentisalreadyrunning?

Summary5.VMwarevRealizeAutomation

vRAinstallationFirstthingsfirstAdvancedinstallationconfiguration

vRAconceptsvRA'slittlehelper

DEMTheIaaSservervRealizeOrchestrator

TheInfrastructuretabEndpointsComputeResourcesReservationsManagedMachines

TheAdministrationtabApprovalPoliciesDirectoriesManagementCatalogManagementPropertyDictionaryReclamation

BrandingNotificationsEventsvROconfiguration

vRAconceptsAsaServicesynonyms

IaaSPaaSXaaS

BlueprintsSinglemachineblueprintsMultimachineblueprintsApplicationautomation

SampleconfigurationsTemplatepreparationinvCenterCreatinganetworkpoolCreatingasetofpropertiesCreatingtheIaaSblueprintPublishingtheblueprintasaservice

Summary6.vRealizeOrchestrator

vRealizeOrchestratorprinciplesWorkflowelementsanddesign

Attributes,inputs,andoutputsInputsAttributesOutputsConfigurationsWorkflowelements

Workflowcreation101CreatingtheworkflowIntegratingtheworkflowintovRA

AddingthepropertiestotheblueprintExternalservicesConnectingvROtovCenter

vROcontextactionsinvCenterFindingandenablingcontextactions

Enablingacontext-basedworkflowSummary

7.ServiceCatalogCreationServicecatalogsDefiningacatalog

MultiplecatalogsCatalogs:Aslessaspossibleasmanyasrequired

ProvidebasiccatalogsaswellasspecificcatalogsChooseadescriptiveandshortnameOutcome-orientedversustechnology-oriented

KnowyouraudienceServicecatalogcreationinvRA

Firststep:CreatingthecatalogSecondstep:PublishingcatalogitemsThirdstep:Entitlingaservice

MultimachineblueprintdesignexampleSoftwarecomponentsSampleapplicationdesign

DefiningthecomponentsApachewebserverPHPwebcomponentMySQLwebcomponentFSTIndustrieswebcomponentFSTIndustriesDBcomponent

DefiningtheblueprintSummary

8.NetworkVirtualizationusingNSXNetworkVirtualization101

CurrentnetworkinginfrastructuresVLAN:Networkvirtualizationknownforalmost30yearsTraditionalroutingandsecurityModernnetworkapproach

L3Networking-thenewarchitectureNetworkvirtualizationfortherescue

NSXterminologyVXLANEDGELogicalSwitchesVTEPNSXcontroller

NSXsetupandpreparationESXiprerequisitesforVXLAN/NSXNetworkprerequisitesforNSXStep1:InstallingNSXmanagerStep2:Settingupthecomponents

PreparetheESXihostsDeploytheNSXcontrollernodesDefiningthesegmentIDConfiguringthetransportparametersSetupthetransportzone

Step3:Virtualnetworking101

AddaLogicalSwitchAddaDistributedLogicalRouterAddaEDGEservicesGatewayDynamicroutingbetweenvirtualandphysical

ConnectingvRealizeAutomationNetworkreservationsSettingupNSXnetworkprofiles

TheexternalprofileTheNATprofileTheroutedprofile

UsingNSXnetworkprofilesinblueprintSummary

9.DevOpsConsiderationsWhatisDevOps

AgilitymeetspoliciesHowdoesDevOpswork

WhatarecontainersContainersarenotVMsContainerhost:Virtualorphysical

DevOpsandShadowITRadicalnewITapproach

CattleversuspetsChangingtheorganizationalculture

PaaSaspartofDevOpsTheCloudFoundryframework

CloudFoundryandtheSDDCvRealizeCodeStream:DevOpswithoutcontainers

AllaboutthepipelinevRealizeCodeStreamintegration

SDDCandDevOps:AmixedworldDevOpsrequirementsEnterpriserequirementsLegacyandDevOps:Coexistenceinoneenvironment

UseDevOpsprinciplestomanagetheSDDCSummary

10.CapacityManagementwithvRealizeOperationsCapacitymonitoringintheSDDCvRealizeOperationsManager

vROps6.3deploymentworkflowCapacitymonitoringOverprovisioningandresourceallocationNavigatingvRealizeOperationsManager

CapacityremainingCapacityplanning

ProjectsinvRealizeOperationsManagerReportsinvRealizeOperationsManagerViewsinvRealizeOperationsManager

Summary11.TroubleshootingandMonitoring

MonitoringandanalyticsintheSDDCTheriskoffalsepositivesManagementversuspayloadmonitoring

ManagementmonitoringPayloadmonitoringKPIsversusthresholds

vRealizeOperationsManagerAnalyticsusingvRealizeOperationsManager

ExploringvRealizeOperationsManageranomaliesBadgesandwhattheydescribe

TheHealthbadgeandhowtoreaditTheRiskbadgeandhowtoreaditTheEfficiencybadgeandhowtoreadit

ServicehealthinformationinvRealizeAutomationLogmanagementintheSDDC

MillionsoflogentriesLogmanagementfromthebigdataperspectivevRealizeLogInsight

SDDCcomponentstoaddtovRealizeLogInsightHowtoanalyzelogsusingvRLIUsingtheInteractiveAnalyticsViewCreatingandusingdashboardsThepro-activeanalyticsfeatures

Summary12.ContinuousImprovement

ContinualServiceImprovementTechnicalassurance

ReviewingblueprintsReviewingautomationandintegration

RevisitingthebusinesscaseITILintheSDDC

MatchingtherequirementstothesolutionApplyingcontinuousserviceimprovementtotheSDDC

Summary

BuildingVMwareSoftware-DefinedDataCenters

Allrightsreserved.Nopartofthisbookmaybereproduced,storedinaretrievalsystem,ortransmittedinanyformorbyanymeans,withoutthepriorwrittenpermissionofthepublisher,exceptinthecaseofbriefquotationsembeddedincriticalarticlesorreviews.

Everyefforthasbeenmadeinthepreparationofthisbooktoensuretheaccuracyoftheinformationpresented.However,theinformationcontainedinthisbookissoldwithoutwarranty,eitherexpressorimplied.Neithertheauthor,norPacktPublishing,anditsdealersanddistributorswillbeheldliableforanydamagescausedorallegedtobecauseddirectlyorindirectlybythisbook.

PacktPublishinghasendeavoredtoprovidetrademarkinformationaboutallofthecompaniesandproductsmentionedinthisbookbytheappropriateuseofcapitals.However,PacktPublishingcannotguaranteetheaccuracyofthisinformation.

Firstpublished:December2016

Productionreference:1061216

PublishedbyPacktPublishingLtd.

LiveryPlace

35LiveryStreet

Birmingham

B32PB,UK.

ISBN978-1-78646-437-8

www.packtpub.com

Credits

Author

ValentinHamburger

CopyEditors

SafisEditing

DiptiMankame

Reviewer

DanielKoeck

ProjectCoordinator

JudieJose

CommissioningEditor

KartikeyPandey

Proofreader

SafisEditing

AcquisitionEditor

VijinBoricha

Indexer

PratikShirodkar

ContentDevelopmentEditor

RashmiSuvarna

Graphics

KirkD'Penha

TechnicalEditor

GauravSuri

ProductionCoordinator

ShantanuN.Zagade

AbouttheAuthorValentinHamburgerwasworkingatVMwareformorethansevenyears.Inhisformerrole,hewasaleadconsultingarchitectandtookcareofthedeliveryandarchitectureofcloudprojectsincentralEMEA.Inhiscurrentrole,heisEMEAsolutionsleadforVMwareatHitachiDataSystems(HDS).FurthermoreheworksasanadvisorwithHDSengineeringontheHitachiEnterpriseCloud,whichisbasedonVMwarevRealizetechnology.HeholdsmanyindustrycertificationsinvariousareassuchasVMware,Linux,andIBMPowercomputeenvironments.HeservesasapartnerandtrustedadvisortoHDScustomersprimarilyinEMEA.HismainresponsibilitiesareensuringthatHDS'sfutureinnovationsalignwithessentialcustomerneedsandtranslatingcustomerchallengestoopportunitiesfocusedonvirtualizationtopics.ValentinenjoyssharinghisknowledgeasaspeakeratnationalandinternationalconferencessuchasVMworld.

IwanttopersonallythankDanielKoeckforreviewingthetechnicalcontentofthisbookandprovidingsuchvaluableandproductiveinputs.BesideshistechnicalexpertiseIamhappytohavehimasafriendandsupporterforthisbook.Furthermore,IwanttothankmybeautifulwifeanddaughterfortheirpatienceandunderstandingwhileIwaswritingthisbook.Withouttheirsupportandlove,thiswouldn’thavebeenpossibleatall.FinallyIdowanttothankRashmiSuvarnawhohadpatiencewithmeasanauthorandsupportedmewherevershecouldinordertogetallthisworkdone.

AbouttheReviewerDanielKoeckhasbeenworkingfor15yearsinIT.Heleadedlargescale(morethan20,000VMs)projects,reachingfromServiceProviderClouds,toDevOpsenabledlargescalesoftwaresolutionsinthelast6years.HeholdsadegreeforappliedcomputerscienceandIT-security.DanielisanIBMRedbookGoldauthor,andco-authoredothermanyotherbooksandwhitepapersaboutx86virtualization.HeisregularlyinvitedasaspeakertodifferentuniversitiesandtechnologyconferencesalloverEuropeandUSA,andenjoyssharinghisexperiencethere.Youcanfindhimontwitter@Cloudsandwakes.

www.PacktPub.com

eBooks,discountoffers,andmoreDidyouknowthatPacktofferseBookversionsofeverybookpublished,withPDFandePubfilesavailable?YoucanupgradetotheeBookversionatwww.PacktPub.comandasaprintbookcustomer,youareentitledtoadiscountontheeBookcopy.Getintouchwithusatcustomercare@packtpub.comformoredetails.

Atwww.PacktPub.com,youcanalsoreadacollectionoffreetechnicalarticles,signupforarangeoffreenewslettersandreceiveexclusivediscountsandoffersonPacktbooksandeBooks.

https://www2.packtpub.com/books/subscription/packtlib

DoyouneedinstantsolutionstoyourITquestions?PacktLibisPackt'sonlinedigitalbooklibrary.Here,youcansearch,access,andreadPackt'sentirelibraryofbooks.

Whysubscribe?FullysearchableacrosseverybookpublishedbyPacktCopyandpaste,print,andbookmarkcontentOndemandandaccessibleviaawebbrowser

PrefaceThisbookusesthemostup-to-date,cutting-edgeVMwareproductstohelpyoudeliveracompleteunifiedhybridcloudexperiencewithinyourinfrastructure.

ItwillhelpyoubuildanSDDCarchitectureandpracticestodeliverafullyvirtualizedinfrastructurewithcost-effectiveIToutcomes.Intheprocess,youwillusesomeofthemostadvancedVMwareproductssuchasvSphere,vRealizeAutomationandOrchestrator,andNSX.YouwillseehowtoprovisionapplicationsandITservicesonprivatecloudsorIaaSwithseamlessaccessibilityandmobilityacrossthehybridenvironment.

ThisbookwillensurethatyoudevelopanSDDCapproachforyourdatacenterthatfulfillsyourorganization'sbusinessneedsandtremendouslyboostsyouragilityandflexibility.Itwillalsoteachyouhowtodraft,design,anddeploytoolsetsandsoftwaretoautomateyourdatacenterandspeedupITdeliverytomeetyourlinesofbusinessesdemands.Intheend,youwillbuildunifiedhybridcloudsthatdramaticallyboostyourIToutcomes.

WhatthisbookcoversChapter1,TheSoftware-DefinedDataCenter,discussesprinciplesandbasicsabouttheSDDC.Besidesthetechnicalaspects,itwillalsohighlighttheorganizationalaspectsandthattheSDDCisanewwayofmanagingandrunningadatacenterandthereforealsoanarchitecturalchange.Also,itwilldescribetheimplementationjourneyandwhatisnecessarytotakeintoaccountbesidesthetechnologicalaspects.

Chapter2,IdentifyAutomationandStandardizationOpportunities,highlightsthemainprinciplesofautomationandstandardization.Thedifferencesbetweenscriptsandworkflowsaredescribed.Also,itwillbringexampleshowtoapplystandardizationandautomationtothedatacenterinordertomaketheSDDCflexibleandagileaspossible.

Chapter3,VMwarevSphere:TheSDDCFoundation,coversimportantvSpherefunctions,whichwilldecreasetheamountofcustomizationwhenitcomestoautomation.SincevirtualizationisthebaseofanSDDC,thischapterwillfocusonexamplesandconfigurationsforvSphere.ThischapterwilldiscussadvancedvSpherefunctionsandtheirimportanceforanSDDC.

Chapter4,SDDCDesignConsiderations,explainsthemainprinciplesofanSDDCdesignincludingdetailedexamples.Highlightedarealsowhatassumptions,constraintsandlimitsareandhowtheywillinfluenceadesign.Furthermore,itwillshowasimple–to-followapproachtotranslatebusinesschallengesinatechnicalsolutionandthereforeanagileandefficientSDDCdesign.

Chapter5,VMwarevRealizeAutomation,introducesvRA(formallyknownasvCloudAutomationCenter)anditscapabilities.Theimplementationofthedesignconsiderationsoftheformerchapterwillbediscussed,anditwillshowotherimportantconfigurationoptions,principles,andconcepts.Also,itwillfocusonthecreationofso-calledblueprintsandwhatisneededtoprepareaVMtemplatetobedeployed.

Chapter6,vRealizeOrchestrator,touchesonwhatworkflowsareandhowtheycanbedevelopedinacontrolledandcleanmanner.ItwillhighlighthowtointegratethoseintovRealizeAutomationtocreatepowerfulservicesforalmostanytaskintheSDDC.Inaddition,itwilldiscusswhatpostdeploymentthird-partyintegrationcanbeachievedusingvRO(forexample,IPAMandCMDBintegration).

Chapter7,ServiceCatalogCreation,bringsupthebasicservicecatalogdesign.Also,itbridgesthebusinesscasetotheservicecataloganddescribeswhythatisimportantandhowthatsynccanbeachieved.Itwillexplainbasedonanexamplehowtoconfigureanoutcome-focusedservicecataloginvRealizeAutomation.

Chapter8,NetworkVirtualizationusingNSX,discussessoftware-definednetworkingprinciples.IthighlightsNSXbasicfunctionsandconfigurationsandwhyitisagamechangerwithintheSDDC.WithNSX,broaddatacenterautomationcanbefullyachievedbygainingmaximal

flexibilityandagilityforservicedeployments.ItwillalsocoverthebaseconfigurationandintegrationwithSDDCbasedonpracticalexamplesanddetailedintegrationdescriptions.

Chapter9,DevOpsConsiderations,describesDevOpsingeneralandwhatchangesitbringstoITandtheSDDC.ItdiscussesmostofthemoderntechnologiestorunDevOpsincludingcontainersandcontainerframeworkssuchasPivotalCloudFoundry.Furthermore,itdescribesaDevOpsapproachtorunandmanagetheSDDCitselfusingVMwarevRealizeCodeStreamManagementPackforITDevOps.ThiswilladdadditionalagilityandflexibilitywhenitcomestomanagingandoperatingtheSDDC.

Chapter10,CapacityManagementwithvRealizeOperations,mentionshowimportantapropercapacitymanagementisinafullyautomateddatacenter.Itwillhighlighttechniquesandprinciplesinregardtosuccessfullyplaninfrastructureexpansion.Itprovidespracticalconfigurationexamplesforresourceplanningandpredictivecapacitymaintenance.

Chapter11,TroubleshootingandMonitoring,explainsthemonitoringandanalyticsmethodsfortheSDDC.Sinceanautomateddatacentermighthavedifferentchallengesintermsofmonitoring,itfurtherhighlightsthedifferencestostaticinfrastructureandwhyitisimportanttohaveasmartmonitoringandanalyticsapproachfortheSDDC.Itwilldescribehowtolimittheimpactofissueswithsmartandpredictivetroubleshootingandanalyticsmethods,includingtheuseofvRealizeLogInsight.

Chapter12,ContinuousImprovement,mentionstheimportanceofcontinuouslyworkingontheservicesandprocesseswithintheSDDC.OncetheSDDCisdeployedandfunctionsproperlyitistimetoreflectandmaybeupdatethecreatedservices.Thechaptermentionshowimportantitistodetectpossibleprocessflawsorglitchesandupdatethose.Furthermore,itsummarizestheimportanceofITILinamoderndatacenterandexplainsthattheSDDCisbasicallythefullyautomatedversionofITILbringingallitsbenefitstolifewithoutallitsdrawbackslikethebureaucracyoverhead.

WhatyouneedforthisbookvRealizeAutomationvRealizeOrchestratorvRealizeOperationsManagervRealizeLogInsightvRealizeCodeStream

ManagementpackforITDevOpsVMwarevSphereVMwareNSX

WhothisbookisforIfyouareanITprofessionalorVMwareadministratorwhovirtualizesdatacentersandITinfrastructures,thisbookisforyou.DevelopersandDevOpsengineerswhodeployapplicationsandserviceswouldalsofindthisbookuseful.DatacenterarchitectsandthoseattheCXOlevelwhomakedecisionswillappreciatethevalueinthecontent.

ConventionsInthisbook,youwillfindanumberoftextstylesthatdistinguishbetweendifferentkindsofinformation.Herearesomeexamplesofthesestylesandanexplanationoftheirmeaning.

Codewordsintext,databasetablenames,foldernames,filenames,fileextensions,pathnames,dummyURLs,userinput,andTwitterhandlesareshownasfollows:"ProvideameaningfulnamesuchasBackup."

Anycommand-lineinputoroutputiswrittenasfollows:

msdtc–uninstall

Ablockofcodeissetasfollows:

#!/bin/bash

#Turnoffiptablesforappserveraccess

/sbin/serviceiptablesstop

Newtermsandimportantwordsareshowninbold.Wordsthatyouseeonthescreen,forexample,inmenusordialogboxes,appearinthetextlikethis:"ClickOKtostorethenewproperty."

Warningsorimportantnotesappearinaboxlikethis.

Tipsandtricksappearlikethis.

ReaderfeedbackFeedbackfromourreadersisalwayswelcome.Letusknowwhatyouthinkaboutthisbook-whatyoulikedordisliked.Readerfeedbackisimportantforusasithelpsusdeveloptitlesthatyouwillreallygetthemostoutof.Tosendusgeneralfeedback,simplye-mailfeedback@packtpub.com,andmentionthebook'stitleinthesubjectofyourmessage.Ifthereisatopicthatyouhaveexpertiseinandyouareinterestedineitherwritingorcontributingtoabook,seeourauthorguideatwww.packtpub.com/authors.

CustomersupportNowthatyouaretheproudownerofaPacktbook,wehaveanumberofthingstohelpyoutogetthemostfromyourpurchase.

DownloadingthecolorimagesofthisbookWealsoprovideyouwithaPDFfilethathascolorimagesofthescreenshots/diagramsusedinthisbook.Thecolorimageswillhelpyoubetterunderstandthechangesintheoutput.Youcandownloadthisfilefromhttps://www.packtpub.com/sites/default/files/downloads/BuildingVMwareSoftwaredefinedDataCenters_ColorImages.pdf

ErrataAlthoughwehavetakeneverycaretoensuretheaccuracyofourcontent,mistakesdohappen.Ifyoufindamistakeinoneofourbooks-maybeamistakeinthetextorthecode-wewouldbegratefulifyoucouldreportthistous.Bydoingso,youcansaveotherreadersfromfrustrationandhelpusimprovesubsequentversionsofthisbook.Ifyoufindanyerrata,pleasereportthembyvisitinghttp://www.packtpub.com/submit-errata,selectingyourbook,clickingontheErrataSubmissionFormlink,andenteringthedetailsofyourerrata.Onceyourerrataareverified,yoursubmissionwillbeacceptedandtheerratawillbeuploadedtoourwebsiteoraddedtoanylistofexistingerrataundertheErratasectionofthattitle.

Toviewthepreviouslysubmittederrata,gotohttps://www.packtpub.com/books/content/supportandenterthenameofthebookinthesearchfield.TherequiredinformationwillappearundertheErratasection.

PiracyPiracyofcopyrightedmaterialontheInternetisanongoingproblemacrossallmedia.AtPackt,wetaketheprotectionofourcopyrightandlicensesveryseriously.IfyoucomeacrossanyillegalcopiesofourworksinanyformontheInternet,pleaseprovideuswiththelocationaddressorwebsitenameimmediatelysothatwecanpursuearemedy.

Pleasecontactusatcopyright@packtpub.comwithalinktothesuspectedpiratedmaterial.

Weappreciateyourhelpinprotectingourauthorsandourabilitytobringyouvaluablecontent.

QuestionsIfyouhaveaproblemwithanyaspectofthisbook,youcancontactusatquestions@packtpub.com,andwewilldoourbesttoaddresstheproblem.

Chapter1.TheSoftware-DefinedDataCenterOriginallythetermsoftware-defineddatacenter(SDDC)hasbeenintroducedbyVMware,tofurtherdescribethemovetoacloud-likeITexperience.Thetermsoftware-definedisanimportantbitofinformation.Itbasicallymeansthateverykeyfunctioninthedatacenterisperformedandcontrolledbysoftware,insteadofhardware.Thisopensawholenewwayofoperating,maintainingbutalsoinnovatinginamoderndatacenter.

Buthowdoesaso-calledSDDClooklike,andwhyisawholeindustrypushingsohardtowardsitsadoption?Thisquestionmightalsobeareasonwhyyouarereadingthisbook,whichismeanttoprovideadeeperunderstandingofitandgivepracticalexamplesandhintshowtobuildandrunsuchadatacenter.Meanwhile,itwillalsoprovidetheknowledgeofmappingbusinesschallengeswithITsolutions.Thisisapracticewhichbecomesmoreandmoreimportantthesedays.

IThascomealongwayfromapurebackoffice,taskorientedroleintheearlydays,toabusinessrelevantasset,whichcanhelporganizationstocompetewiththeircompetition.Therehasbeenamajorshiftfromapureinfrastructureproviderroletoabusinessenablementfunction.Today,mostorganizationsbusinessisjustasgoodastheirinternalITagilityandabilitytoinnovate.TherearemanyexamplesinvariousmarketswhereawholebusinessbranchwasbuiltonITinnovationssuchasNetflix,AmazonWebServices(AWS),Uber,Airbnb,justtonameafew.

However,itisunfairtocompareanystartupwithatraditionalorganization.Astartuphasoneapplicationtomaintainandtheyhavetobuildupacustomerbase.

Atraditionalorganizationhasawidecustomerbaseandmanyapplicationstomaintain.SotheyneedtoadapttheirinternalITtobecomeadigitalenterprise,withalltheflexibilityandagilityofastartup,butalsomaintainingthetrustandcontrolovertheirlegacyservices.

Thischapterwillcoverthefollowingpoints:

WhyisthereademandforSDDCinITWhatisSDDCUnderstandthebusinesschallengesandmapittoSDDCdeliverablesTherelationofanSDDCandaninternalprivatecloudIdentifynewdatacenteropportunitiesandpossibilitiesBecomeacenterofinnovationtoempoweryourorganization'sbusiness

ThedemandforchangeTodayorganizationsfacedifferentchallengesinthemarkettostayrelevant.Thebiggestmovewasclearlyintroducedbysmartphonesandtablets.Itwasnotjustacomputerinasmallerdevice,theychangedthewayITisdeliveredandconsumedbyendusers.Thesedevicesprovedthatitcanbesimpletoconsumeandinstallapplications.Justsearchinanappstore,choosewhatyoulike,useitaslongasyoulikeit.Ifyoudonotneeditanylonger,simplyremoveit.Allwithverysimplisticcommandsandeasytousegestures.

MoreandmorepeoplerelyingonITservicesbyusingasmartphoneastheirterminaltoalmosteverything.Thesedevicescreatedademandforfastandeasyapplicationandservicedelivery.Soinaway,smartphoneshavenotonlytransformedthewholemobilemarket,theyalsotransformedhowmodernapplicationsandservicesaredeliveredfromorganizationstotheircustomers.

Althoughitwouldbequiteunfairtocomparealargeenterprisedatacenterwithanappstoreorenterpriseservicedeliverywithanyappinstallsonamobiledevice,therearestartupsandindustries,whichrelysolelyonthesmartphoneastheirtargetforservices,suchasUberorWhatsApp.

Ontheotherside,smartphoneappsalsointroduceawholenewwayofdeliveringITservices,sinceanycompanyneverknowshowmanypeoplewillusetheappsimultaneously.Butinthebackend,theystillhavetousewebserversanddatabasestocontinuouslyprovidecontentanddatafortheseapps.

Thisalsointroducesanewvaluemodelforallothercompanies.Peoplestarttojudgeacompanybythequalityoftheirsmartphoneappsavailable.Also,peoplestartedtomigratetocompanieswhichmightofferbettersmartphoneintegrationasthepreviousoneused.Thisisnotboundtoasingleindustry,butaffectsabroadspectrumofindustriestodaysuchasthefinancialindustry,carmanufacturers,insurancegroups,andevenfoodretailers,justtonameafew.

Aclassicdatacenterstructuremightnotbeidealforquickandseamlessservicedelivery.Thesearchitecturesarecreatedbyprojectstoserveaparticularusecaseforacoupleofyears.Anexampleofthisbiggerapplicationenvironmentsiswebserverfarms,traditionalSAPenvironments,oradatawarehouse.

Traditionallytheseweredesignedwithanassumptionabouttheirgrowthanduse.Specialprojectteamshavesetthemupacrossthedatacenterpillars,asshowninthefollowingfigure.Typically,thoseprojectteamsseparateaftersuchtheapplicationenvironmenthasbeencompleted.

Allthesepillarsinthedatacenterarerequiredtoworktogether,buteveryoneofthemalsoneedstomindtheirownbusiness.Mostlythosedifferentdivisionsalsohavetheirownprocesseswhichthenmayintegrateintoadatacenterwideprocess.Therewasagoodreasontostructureadatacenterinthisway,thesimplefactthatnobodycanbeanexpertineverydiscipline.Companiesstartedtocreategroupstooperatecertainareasinadatacenter,eachbuildingtheirownexpertisefortheirownsubject.

ThiswasevolvingandbecamethemostappliedmodelforIToperationswithinorganizations.Many,ifnotall,biggerorganizationshaveadoptedthisapproachandpeoplebuildtheircareersonthesedefinitions.ItservedITwellfordecadesandensuredthateachpartywasaddingitsbestknowledgetoanygivenproject.

However,thissetuphasoneflaw,ithasnotbeendesignedformassivechangeandscale.Thebiggerthesedivisionsget,theslowertheycanreacttorequestfromothergroupsinthedatacenter.Thisintroducesabi-directionalissue,sinceallgroupsmaygrowatasimilarrate,theoverallservicedeliverytimemightalsoincreaseexponentially.

Unfortunately,thisalsointroducesacostfactorwhenitcomestoservicedeploymentsacrossthesepillars.Eachnewservice,anorganizationmightintroduceordevelop,willrequireeachareaofITtocontribute.Traditionally,thisisdonebyhumanhandoversfromonedepartmenttotheother.

Eachofthesehandoverswilldelaytheoverallprojecttimeorservicedeliverytime,whichisalsooftenreferredtoastimetomarket.Itreflectstheneededtimeintervalfromtherequestofanewservicetoitsactualdelivery.Itisimportanttomentionthatthisisalevelofcomplexityeverymodernorganizationhastodealwithwhenitcomestoapplicationdeploymenttoday.

Thedifferencebetweenorganizationsmightbeinthesizeoftheseparateunits,buttheprincipleisalwaysthesame.Mostorganizationstrytobringtheiroverallservicedeliverytimedowntobequickerandmoreagile.ThisisoftenrelatedtobusinessreasonsaswellasITcostreasons.

Insomeorganizations,thetimetodeliverabrandnewservicefromrequesttofinalrolloutmaytake90workingdays.Thismeansarequestormightwait18weeksormorethanfourandahalfmonthfromrequestinganewbusinessservicetoitsactualdelivery.Donotforgetthatthisreflectsthecompleteservicedelivery,overallgroupsuntilitisreadyforproduction.Also,afterthese90days,therequirementoftheoriginalrequestmighthavechangedwhichwouldleadintorepeatingtheentireprocess.

Oftenaquickertimetomarketisdrivenbythelinesofbusiness(LOB)ownerstorespondtoa

competitorinthemarket,whomightalreadydelivertheirservicesfaster.Thismeansthattoday'sIThaschangedfromapureinternalserviceprovidertoabusinessenablersupportingitsorganizationtofightthecompetitionwithadvancedandinnovativeservices.

WhilethisintroducesagreatchancetotheITdepartmenttoenableandsupporttheirorganizationsbusiness,italsointroducesathreatatthesametime.IftheinternalITstrugglestodeliverwhatthebusinessisaskingfor,itmayleadtoleverageshadowITwithintheorganization.

ThetermshadowITdescribesasituationwhereeithertheLOBsofanorganizationoritsapplicationdevelopershavegrownsodisappointedwiththeinternalITdeliverytimes,thattheyactuallyuseanexternalproviderfortheirrequirements.ThisbehaviorisnotagreedwiththeITsecurityandcanleadtoheavybusinessorlegaltroubles.

Thishappensmoreoftenthanonemightexpect,anditcanbeassimpleasputtingsomeinternalfilesonapubliccloudstorageprovider.Theseservicesgrantquickresults.ItisassimpleasRegister-Download-Use.Theyareveryquickinenrollingnewusersandsometimesprovidealimiteduseforfree.Thedeveloperorbusinessownermightnotevenbeawarethatthereissomethingnon-compliantgoingonwhileusingtheseservices.

Sobesidesthebusinessdemandforaquickerservicedeliveryandthesecurityaspect,anorganization'sITdepartmenthasnowalsothepressureofstayingrelevant.ButSDDCcanprovidemuchmorevaluetotheITthanjuststayingrelevant.

TheautomateddatacenterwillbeanenablerforinnovationandtrustandintroduceaneweraofITdelivery.Itcannotonlyprovidefasterservicedeliverytothebusiness,itcanalsoenablenewservicesorofferingstohelpthewholeorganizationbeinginnovativefortheircustomersorpartners.

Businesschallenges:TheusecaseToday'sbusinessstrategiesofteninvolveadigitaldeliveryofservicesofanykind.ThisimpliesthattherequirementsamodernorganizationhastowardstheirinternalIThavechangeddrastically.Unfortunately,thebusinessownersandtheITdepartmenttendtohavecommunicationissuesinsomeorganizations.Sometimestheyevenoperatecompletelydisconnectedfromeachother,asifeachofthemweretheirownsmallcompanywithintheorganization.

Nevertheless,alotofdatacenterautomationprojectsaredrivenbyenhancedbusinessrequirements.Insomeofthesecases,theITdepartmenthasnotbeenmadeawareofwhatthesebusinessrequirementslooklike,orevenwhattheactualbusinesschallengesare.SometimesITjustgetsaslittleinformationas:Wearedoingcloudnow.

It'sadangeroussimplification,sincetheusecaseiskeywhenitcomestodesigningandidentifyingtherightsolutiontotheorganization'schallenges.ItisimportanttogettherequirementsfromtheITdeliverysideaswellasthebusinessrequirementsandexpectations.

Hereisasimpleexamplehowausecasemightbeidentifiedandmappedtotechnicalimplementation.

ThebusinessviewJohnworksasabusinessownerinaninsurancecompany.Herecognizesthattheirbiggestcompetitorinthemarketstartedtoofferamobileapplicationtotheirclients.Theappissimpleandallowstodoonlinecontractmanagementandtellstheclientswhichproductstheyhaveenrolledaswellasrichinformationaboutcontracttimelinesandpossibleconsolidationoptions.

Heaskshismanagertostartaprojecttoalsodeliversuchanapplicationtotheircustomers.Sinceitisonlyasimplesmartphoneapplication,heexpectsthatitsdevelopmentmighttakeacoupleofweeksandthentheycanstartabetaphase.Tobecompetitiveheestimatesthattheyshouldhavesomethingusablefortheircustomerswithinamaximumof5months.Basedonthesefacts,hegotapprovalfromhismanagertorequestsuchaproductfromtheinternalIT.

TheITviewTomisthedatacentermanagerofthisinsurancecompany.Hegotinformedthatthebusinesswantstohaveasmartphoneapplicationtodoallkindsofthingsforthenewandexistingcustomers.Heisresponsibleforcreatingaprojectandbringallnecessarypeopleonboardtosupportthisprojectandfinallydelivertheservicetothebusiness.Theprogrammingoftheappwillbedonebyanexternalconsultingcompany.

Tomdiscussesacoupleofquestionsregardingthisrequestwithhisteam:

Howmanyusersdoweneedtoserve?Howmuchtimedoweneedtocreatethisenvironment?Whatistheexpectedlevelofavailability?Howmuchcomputepower/diskspacemightberequired?

Afteraroundofbrainstormingandintensediscussion,theteamstillisquiteunsurehowtoanswerthesequestions.Foreveryquestion,thereareacoupleofvariablestheteamcannotpredict.

Willonlyafewoftheirthousandsofusersadapttotheapp,whatiftheyundersizethemiddlewareenvironment?

Whatiftheuseradoptionriseswithinacoupleofdays,whatifitlowersandtheenvironmentisoverpoweredandthereforethecostistoohigh?

Tomandhisteamidentifiedthattheyneedadynamicsolutiontobeabletoservethebusinessrequest.Hecreatesamappingtomatchpossibletechnicalcapabilitiestotheusecase.Afterthismappingwascompleted,heisusingittodiscusswithhisCIOifandhowitcanbeimplemented.

Businesschallenge Question ITcapability

Easytouseapptowinnewcustomers/keepexisting

Howmanyusersdoweneedtotheserver?

Dynamicscaleofanenvironmentbasedonactualperformancedemand.

Howmuchtimedoweneedtocreatethisenvironment?

Tofulfilltheexpectationstheenvironmentneedstobeflexible.Startsmall–scalebig.

Whatistheexpectedlevelofavailability?

Analyticsandmonitoringoveralllayers.Includingpossibleself-healingapproach.

Howmuchcomputepower/diskspacemightberequired?

Createcomputenodesbasedonactualperformancerequirementsondemand.Introduceacapacityondemandmodelforrequiredresources.

Giventhistable,Tomrevealedthatwiththeircurrentdatacenterstructureitisquitedifficulttodeliverwhatthebusinessisaskingfor.Also,hegotacoupleofrequirementsfromotherdepartments,whicharegoinginasimilardirection.

Basedonthesemappings,heidentifiedthattheyneedtochangetheirwayofdeployingservicesandapplications.Theywillneedtouseafairamountofautomation.Also,theyhavetospanthesefunctionalitiesacrosseachdatacenterdepartmentasaholisticapproach,asshowninthefollowingdiagram:

Inthisexample,TomactuallyidentifiedaverystrongusecaseforSDDCinhiscompany.Based

ontheactualbusinessrequirementsofasimpleapplication,thewholeITdeliveryofthiscompanyneedstoadopt.Whilethismaysoundlikepurefiction,thesearethechallengesmodernorganizationsneedtofacetoday.

Itisveryimportanttoidentifytherequiredcapabilitiesfortheentiredatacenterandnotjustforasingledepartment.Youwillalsohavetoservethelegacyapplicationsandbringthemontothenewmodel.Thereforeitisimportanttofindasolution,whichisservingthenewbusinesscaseaswellasthelegacyapplicationseitherway.InthefirststageofanySDDCintroductioninanorganization,itisthekeytokeepingalwaysaneyeonthebigpicture.

ToolstoenableSDDCThereisabasicandbroadlyaccepteddeclarationofwhatanSDDCneedstooffer.Itcanbeconsideredasthesecondevolutionarystepafterservervirtualization.Itoffersanabstractionlayerfromtheinfrastructurecomponentssuchascompute,storage,andnetworkbyusingautomationandtoolsassuchasaself-servicecatalogInaway;itrepresentsavirtualizationofthewholedatacenterwiththepurposetosimplifytherequestanddeploymentofcomplexservices.OthercapabilitiesofanSDDCare:

Automatedinfrastructure/serviceconsumptionPolicybasedservicesandapplicationsdeploymentChangestoservicescanbemadeeasilyandinstantlyAllinfrastructurelayersareautomated(storage,network,andcompute)Nohumaninterventionisneededforinfrastructure/servicedeploymentHighlevelofstandardizationisusedBusinesslogicisforchargebackorshowbackfunctionality

AlloftheprecedingpointsdefineanSDDCtechnically.ButitisimportanttounderstandthatanSDDCisconsideredtosolvethebusinesschallengesoftheorganizationrunningit.Thatmeansbasedontheactualbusinessrequirements,eachSDDCwillserveadifferentusecase.Ofcourse,thereisthemainsetupyoucanadoptandrollout,butitisimportanttounderstandyourorganization'sbusinesschallengesinordertopreventanyplanningordesignshortcomings.

Also,torealizethisfunctionality,SDDCneedsacoupleofsoftwaretools.Thesearedesignedtoworktogethertodeliveraseamlessenvironment.Thedifferentpartscanbeseenlikegearsinawatchwhereeachgearhasanequallyimportantroletomaketheclockworkfunctioncorrectly.

ItisimportanttorememberthiswhenbuildingyourSDDC,sincemissingononepartcanmakeanotherverycomplexorevenimpossibleafterward.

ThisisalistofVMwaretoolsbuildinganSDDC:

vRealizeBusinessforCloudvRealizeOperationsManagervRealizeLogInsightvRealizeAutomationvRealizeOrchestratorvRealizeAutomationConvergedBlueprintvRealizeCodeStreamVMwareNSXVMwarevSphere

vRealizeBusinessforCloudisachargeback/showbacktool.Itcanbeusedtotrackthecostofservicesaswellasthecostofawholedatacenter.SincetheagilityofanSDDCismuchhigherthanforatraditionaldatacenter,itisimportanttotrackandshowalsothecostofaddingnewservices.Itisnotonlyimportantfromafinancialperspective,italsoservesasacontrolmechanismtoensureusersarenotdeployinguncontrolledservicesandleavingthemrunningeveniftheyarenotrequiredanymore.

vRealizeOperationsManagerisservingbasicallytwofunctionalities.Oneistohelpwiththe

troubleshootingandanalyticsofthewholeSDDCplatform.Ithasananalyticsengine,whichappliesmachinelearningtothebehaviorofitsmonitoredcomponents.Theanotherimportantfunctioniscapacitymanagement.Itiscapableofprovidingwhat-ifanalysisandinformsaboutpossibleshortcomingsofresourceswaybeforetheyoccur.Thesefunctionalitiesalsousethemachinelearningalgorithmsandgetmoreaccurateovertime.Thisbecomesveryimportantinadynamicenvironmentwhereon-demandprovisioningisgranted.

vRealizeLogInsightisaunifiedlogmanagement.Itoffersrichfunctionalityandcansearchandprofilealotoflogfilesinseconds.ItisrecommendedtouseitasauniversallogendpointforallcomponentsinyourSDDC.ThisincludesallOSesaswellasapplicationsandalsoyourunderlyinghardware.Inaneventoferror,itismuchsimplertohaveacentrallogmanagementwhichiseasilysearchableanddeliversanoutcomeinseconds.

vRealizeAutomation(vRA)isthebaseautomationtool.ItisprovidingthecloudportaltointeractwithyourSDDC.Theportalitprovidesoffersthebusinesslogicsuchasservicecatalogs,servicerequests,approvals,andapplicationlifecycles.However,itreliesstronglyonvRealizeOrchestratorforitstechnicalautomationpart.vRAcanalsotapintoexternalcloudstoextendtheinternaldatacenter.ExtendinganSDDCismostlyreferredtoashybridcloud.ThereareacoupleofsupportedcloudofferingsvRAcanmanage.

vRealizeOrchestrator(vRO)isprovidingtheworkflowengineandthetechnicalautomationpartoftheSDDC.Itisliterallytheorchestratorofyournewdatacenter.vROcanbeeasilyboundtogetherwithvRAtoformaverypowerfulautomationsuite,whereanythingwithanapplicationprogramminginterface(API)canbeintegrated.Also,itisrequiredtointegratethird-partysolutionsintoyourdeploymentworkflows,suchasconfigurationmanagementdatabase(CMDB),IPaddressmanagement(IPAM),orticketingsystemsviaITservicemanagement(ITSM).

vRealizeAutomationConvergedBlueprintwasformallyknownasvRealizeAutomationApplicationServicesandisanadd-onfunctionalitytovRA,whichtakescareofapplicationinstallations.Itcanbeusedwithpre-existingscripts(likeWindowsPowerShellorBashonLinux),butalsowithvariablesreceivedfromvRA.Thismakesitverypowerfulwhenitcomestoon-demandapplicationinstallations.ThistoolcanalsomakeuseofvROtoprovideevenbettercapabilitiesforcomplexapplicationinstallations.

vRealizeCodeStreamisanadditiontovRAandservesspecificusecasesintheDevOpsareaoftheSDDC.ItcanbeusedwithvariousdevelopmentframeworkssuchasJenkins.Alsoitcanbeusedasatoolfordeveloperstobuildandoperatetheirownsoftwaretest,QAanddeploymentenvironment.Notonlycanthedeveloperbuildtheseseparatestages,themigrationfromonestageintoanothercanalsobefullyautomatedbyscripts.ThismakesitaverypowerfultoolwhenitcomestostageanddeploymodernandtraditionalapplicationswithintheSDDC.

VMwareNSXisthenetworkvirtualizationcomponent.Giventhecomplexitysomeapplications/servicesmightintroduce,NSXwillprovideagoodandprofoundsolutiontohelpsolvingit.Thechallengesinclude:

DynamicnetworkcreationMicrosegmentationAdvancedsecurityNetworkfunctionvirtualization

VMwarevSphereismostlythebaseinfrastructureandusedasthehypervisorforservervirtualization.YouareprobablyfamiliarwithvSphereanditsfunctionalities.However,sincetheSDDCisintroducingachangetoyoudatacenterarchitecture,itisrecommendedtorevisitsomeofthevSpherefunctionalitiesandconfigurations.ByusingthefullpotentialofvSphereitispossibletosaveeffortwhenitcomestoautomationaspectsaswellastheservice/applicationdeploymentpartoftheSDDC.

Thisrepresentsyourtoolboxrequiredtobuildtheplatformforanautomateddatacenter.Allofthemwillbringtremendousvalueandpossibilities,buttheyalsowillintroducechange.ItisimportantthatthischangeneedstobeaddressedandisapartoftheoverallSDDCdesignandinstallationeffort.Embracethechange.

TheimplementationjourneyWhileabigpartofthisbookfocusesonbuildingandconfiguringtheSDDC,itisimportanttomentionthattherearealsonon-technicalaspectstoconsider.Creatinganewwayofoperatingandrunningyourdatacenterwillalwaysinvolvepeople.ItisimportanttoalsobrieflytouchthispartoftheSDDC.Basically,therearethreemajorplayerswhenitcomestoafundamentalchangeinanydatacenter,asshowninthefollowingimage:

Basically,therearethreemajortopicsrelevantforeverysuccessfulSDDCdeployment.Sameasforthetoolsprinciple,thesethreedisciplinesneedtoworktogetherinordertoenablethechangeandmakesurethatallbenefitscanbefullyleveraged.

Thesethreecategoriesare:

PeopleProcessTechnology

TheprocesscategoryDatacenterprocessesareasestablishedandsettledasITitself.Beginningwiththefirstoperatortaskslikechangingtapesorstartingproceduresuptohighlysophisticatedprocessestoensurethattheservicedeploymentandmanagementisworkingasexpectedtheyhavealreadycomealongway.However,someoftheseprocessesmightnotbefitforpurposeanymore,onceautomationisappliedtoadatacenter.TobuildanSDDCitisveryimportanttorevisitdatacenterprocessesandadaptthemtoworkwiththenewautomationtasks.Thetoolswillofferintegrationpointsintoprocesses,butitisequallyimportanttoremovebottlenecksfortheprocessesaswell.However,keepinmindthatifyouautomateabadprocess,theprocesswillstillbebad,butfullyautomated.Soitisalsonecessarytorevisitthoseprocessessothattheycanbecomeslimandeffectiveaswell.

RememberTom,thedatacentermanager.HehassuccessfullyidentifiedthattheyneedanSDDCtofulfillthebusinessrequirementsandalsodidausecasetoITcapabilitiesmapping.WhilethismappingismainlytalkingaboutwhattheITneedstodelivertechnically,itwillalsoimplythatthecurrentITprocessesneedtoadapttothisnewdeliverymodel.

TheprocesschangeexampleinTom'sorganization

IfthecomputedepartmentworksonaserviceinvolvingOSdeployment,theyneedtofilloutanExcelsheetwithIPaddressesandservernamesandsendittothenetworkingdepartment.ThenetworkadminswillensurethatthereisnodoublebookingbyreservingtheIPaddressandapprovetherequestedhostname.Aftersuccessfullyprovingtheuniquenessofthisdata,nameandIPgetaddedtotheorganization'sDNSserver.

Themanualpartofthisprocessisnolongerfeasibleoncethedatacenterenterstheautomationera,imaginethateverytimesomebodyordersaserviceinvolvingaVM/OSdeploy,thenetworkdepartmentgetsane-mailcontainingtheExcelwiththeIPandhostnamecombination.Thewholeprocesswillhavetostopuntilthisstepismanuallyfinished.

Toovercomethis,theprocesshastobechangedtouseanautomatedsolutionforIPAM.ThenewprocesshastotrackIPandhostnamesprogrammaticallytoensurethereisnoduplicationwithintheentiredatacenter.Also,aftersuccessfullycheckingtheuniquenessofthedata,ithastobeaddedtotheDomainNameSystem(DNS).

Whilethisisasimpleexampleofonesmallprocess,normallythereisalargenumberofprocessesinvolvedwhichneedtobereviewedforafullyautomateddatacenter.ThisisaveryimportanttaskandshouldnotbeunderestimatedsinceitcanbeadifferentiatorforsuccessorfailureofanSDDC.

Thinkaboutallotherprocessesinplace,whichareusedtocontrolthedeploy/enable/installmechanicsinyourdatacenter.Hereisasmallexamplelistofquestionstoaskregardingestablishedprocesses:

WhatisourcurrentIPAM/DNSprocess?DoweneedtoconsideraCMDBintegration?Whatisourcurrentticketingprocess?(ITSM)Whatisourprocesstogetresourcesfromthenetwork,storage,andcompute?WhatOS/VMdeploymentprocessiscurrentlyinplace?Whatisourprocesstodeployanapplication(handovers,steps,ordepartmentsinvolved)?Whatdoesourcurrentapprovalprocesslooklike?

Doweneedatechnicalapprovaltodeliveraservice?Doweneedabusinessapprovaltodeliveraservice?

Whatintegrationprocessdowehaveforaservice/applicationdeployment?DNS,ActiveDirectory(AD),DynamicHostConfigurationProtocol(DHCP),routing,InformationTechnologyInfrastructureLibrary(ITIL),andsoon

Nowfortheapprovalquestion,normallytheseareanexceptionfortheautomationpartsinceapprovalsaremeanttobemanualinthefirstplace(eithertechnicalorbusiness).Ifalltheotheranswerstothisexamplequestionsinvolvehumaninteractionaswell,considertochangingtheseprocessestobefullyautomatedbytheSDDC.

Sincehumaninterventioncreateswaitingtimes,ithastobeavoidedduringservicedeploymentsinanyautomateddatacenter.Thinkofitastheroboticconstructionbandstoday'scarmanufacturersareusing.Theprocessestheyhaveimplemented,developedoveragesofexperience,arealldesignedtostopthebandonlyincaseofanemergency.

ThesamecomestruefortheSDDC;trytoenabletheautomateddeploymentthroughyourprocesses,stoptheautomationonlyincaseofanemergency.

Identifyingprocessesisthesimplepart,changingthemisthetrickypart.However,keepinmindthatthisisanall-newmodelofITdelivery,thereforethereisnogoldenwayofdoingit.Onceyouhavecommittedtochangethoseprocesses,keepmonitoringiftheytrulyfulfilltheirrequirement.

ThisleadstoanotherprocessprincipleintheSDDC:ContinualServiceImprovement(CSI).Revisitwhatyouhavechangedfromtimetotimeandmakesurethatthoseprocessesarestillworkingasexpected,iftheydon't,changethemagain.

ThepeoplecategorySinceeverydatacenterisrunbypeople,itisimportanttoalsoconsiderthatachangeoftechnologywillalsoimpactthosepeople.TherearesomeclaimsthatanSDDCcanberunwithonlyhalfofthestafforsaveacoupleofemployeessinceallisautomated.

Thetruthis,anSDDCwilltransformITrolesinadatacenter.Thismeansthatsomeclassicrolesmightvanish,whileotherswillbeaddedbythischange.

Itisunrealistictosaythatyoucanrunanautomateddatacenterwithhalfthestaffthanbefore.Butitisrealistictosaythatyourstaffcanconcentrateoninnovationanddevelopmentinsteadofworkinga100%tokeepthelightson.Andthisisthechangeanautomateddatacenterintroduces.Itopensupthepossibilitiestoevolveintoamorearchitectureanddesignfocusedroleforcurrentadministrators.

ThepeopleexampleinTom'sorganization

Currently,therearetwoadminsinthecomputedepartmentworkingforTom.Theyaremanagingandmaintainingthevirtualenvironment,whichislargelyVMwarevSphere.TheyarecreatingVMsmanually,deployinganOSbyanetworkinstallroutine(whichwasarequirementforphysicalinstalls-sotheykepttheprocess)andthenhandingthereadyVMsovertothenextdepartmenttofinishinstallingtheservicetheyaremeantfor.

RecentlytheyhaveexperiencedalotofdemandforVMsandeachofthemconfigures10to12VMsperday.Giventhis,theycannotconcentrateonotheraspectsoftheirjob,likeimprovingOSdeploymentsorthehandoverprocess.

Atafirstlook,itseemsliketheSDDCmightreplacethesetwoemployeessincethetoolswilllargelyautomatetheirwork.Butthatislikesayingajackhammerwillreplaceaconstructionworker.

Actually,theirroleswillshifttoamorearchitecturalaspect.TheyneedtocomeupwithatemplateforOSinstallationsandanimprovementhowtofurtherautomatethedeploymentprocess.Also,theymightneedtoaddnewservices/partstotheSDDCinordertofulfillthebusinessneedscontinuously.

SoinsteadofcreatingalltheVMsmanually,theyarenowfocusedondesigningablueprint,abletobereplicatedaseasyandefficientaspossible.

Whiletheirtasksmighthavechanged,theirworkforceisstillimportanttooperateandruntheSDDC.However,giventhattheyfocusondesignandarchitecturaltasksnow,theyalsohavethetimetointroduceinnovativefunctionsandadditionstothedatacenter.

KeepinmindthatanautomateddatacenteraffectsalldepartmentsinanITorganization.Thismeansthatalsothetasksofthenetworkandstorageaswellasapplicationanddatabaseteams

willchange.Infact,inanSDDCitisquiteimpossibletostilloperatethedepartmentsdisconnectedfromeachothersinceadeploymentwillaffectallofthem.

Thisalsoimpliesthatallofthesedepartmentswillhaveadminsshiftingtohigher-levelfunctionsinordertomaketheautomationpossible.Intheindustry,thisshiftisalsooftenreferredtoasOperationalTransformation.Thisbasicallymeansthatnotonlythetoolshavetobeinplace,youalsohavetochangethewayhowthestaffoperatesthedatacenter.Inmostcasesorganizationsdecidetoformaso-calledcenterofexcellence(CoE)toadministerandoperatetheautomateddatacenter.

Thisvirtualgroupofadminsinadatacenterisverysimilartoprojectgroupsintraditionaldatacenters.ThedifferenceisthatthesepeopleshouldbepermanentlyassignedtotheCoEforan

SDDC.Typicallyyoumighthaveonechampionfromeachdepartmenttakingpartinthisvirtualteam.

Eachpersonactsasanexpertandambassadorfortheirdepartment.Withthisprinciple,itcanbeensuredthatdecisionsandoverlappingprocessesarewelldefinedandreadytofunctionacrossthedepartments.Also,asanambassador,eachparticipantshouldadvertisethenewfunctionalitieswithintheirdepartmentandenabletheircolleaguestofullysupportthenewdatacenterapproach.

ItisimportanttohavegoodexpertiseintermsoftechnologyaswellasgoodcommunicationskillsforeachmemberoftheCoE.

ThetechnologycategoryThisisthethirdaspectofthetriangletosuccessfullyimplementanSDDCinyourenvironment.Oftenthisisthepartwherepeoplespendmostoftheirattention,sometimesbyignoringoneoftheothertwoparts.However,itisimportanttonotethatallthreetopicsneedtobeequallyconsidered.Thinkofitlikeathree-leggedchair,ifonelegismissingitcanneverstand.

Thetermtechnologydoesnotnecessarilyonlyrefertonewtoolsrequiredtodeployservices.Italsoreferstoalreadyestablishedtechnology,whichhastobeintegratedwiththeautomationtoolset(oftenreferredtoasthird-partyintegration).ThismightbeyourAD,DHCPserver,e-mailsystem,andsoon.

Theremightbetechnologywhichisnotenablingorempoweringthedatacenterautomation,soinsteadofonlythinkingaboutaddingtools,theremightalsobetoolstoberemovedorreplaced.ThisisanormalITlifecycletaskandhasbeengonethroughmanyiterationsalready.Thinkofthingslikeafaxmachineorthetelex;youmightnotusethemanymore,theyhavebeenreplacedbye-mailandmessaging.

ThetechnologyexampleinTom'sorganization

Theteamusessometoolstomaketheirdailyworkeasierwhenitcomestonewservicedeployments.OneofthetoolsisalittlegraphicaluserinterfacetoquicklyaddcontenttoAD.Theadminsuseittoinsertthehostname,organizationalunit(OU)aswellascreatingthecomputeraccountwithit.Thiswasmeanttosaveadmintimesincetheydon'thavetoopenallthevariousmenusintheADconfigurationtoaccomplishthesetasks.

Withtheautomatedservicedelivery,thishastobedoneprogrammatically.OnceanewOSisdeployedithastobeaddedtotheADincludingallrequirementsbythedeploymenttool.SinceADoffersanAPIthiscanbeeasilyautomatedandintegratedintothedeploymentautomation.Insteadofpainfullyintegratingthegraphicaltool,thisisnowdonedirectlybyinterfacingtheorganization'sAD,ultimatelyreplacingtheoldgraphicaltool.

Theautomateddeploymentofaserviceacrosstheentiredatacenterrequiresafairamountofcommunication.Notinatraditionalway,butmachine-to-machinecommunicationleveragingprogrammableinterfaces.UsingsuchAPIsisanotherimportantaspectoftheapplieddatacentertechnologies.Mostofthetoday'sdatacentertools,frombackupallthewayuptowebservers,docomewithAPIs.ThebettertheAPIisdocumented,theeasiertheintegrationintotheautomationtool.Insomecases,youmightneedthevendorstosupportyouwiththeintegrationoftheirtools.

Ifyouhaveidentifiedatoolinthedatacenter,whichdoesnotofferanyAPIorevencommand-lineinterface(CLI)optionatall,trytofindawayaroundthissoftwareorevenconsiderreplacingitwithanewtool.

APIsaretheequivalentofhandoversinthemanualworld.Thebetterthecommunicationworksbetweentools,thefasterandeasierthedeploymentwillbecompleted.Tocoordinateandcontrol

allthiscommunication,youwillneedfarmorethanscriptstorun.Thisisataskforanorchestrator,whichcanrunallnecessaryintegrationworkflowsfromacentralpoint.Thisorchestratorwillactasaconductorforabigorchestra.ItwillformthebackboneofyourSDDC.

Whyarethesethreetopicssoimportant?Thetechnologyaspectclosesthetriangleandbringsthepeopleandtheprocessespartstogether.Iftheprocessesarenotalteredtofitthenewdeploymentmethods,automationwillbepainfulandcomplextoimplement.Ifthedeploymentstopsatsomepoint,sincetheprocessesrequiremanualintervention,thepeoplewillhavetofillinthisgap.

Thismeansthattheynowhavenewroles,butalsoneedtomaintainsomeoftheiroldtaskstokeeptheprocessrunning.Byintroducingsuchanunbalancedimplementationofanautomateddatacenter,theworkloadforpeoplecanactuallyincrease,whiletheservicedeliverytimesmaynotdramaticallydecrease.Thismayleadtoanavoidanceoftheautomatedtaskssincethemanualinterventionmightbeseenasfasterbyindividualadmins.

SoitisveryimportanttoacceptallthreeaspectsasthemainpartoftheSDDCimplementationjourney.Theyallneedtobeaddressedequallyandthoughtfullytounveilthebenefitsandimprovementsanautomateddatacenterhastooffer.

However,keepinmindthatthistrulyisajourney.AnSDDCisnotimplementedindaysbutinmonths.Giventhis,alsotheimplementationteaminthedatacenterhasthistimetoadoptthemselvesandtheirprocesstothisnewwayofdeliveringITservices.Also,allnecessarydepartmentsandtheirleadneedtobeinvolvedinthisprocedure.

AnSDDCimplementationisalwaysateameffort.

AdditionalpossibilitiesandopportunitiesAllthepreviewsmentionedtopicsservethesolegoaltoinstallandusetheSDDCwithinyourdatacenter.However,onceyouhavetheSDDCrunningtherealfunbeginssinceyoucanstarttointroduceadditionalfunctionalitiesimpossibleforanytraditionaldatacenter.Let'sjustbrieflytouchonsomeofthepossibilitiesfromanITview.

Theself-healingdatacenterThisisaconceptwheretheautomaticdeploymentofservicesisconnectedtoamonitoringsystem.Oncethemonitoringsystemdetectsthataserviceorenvironmentmaybefacingconstraints,itcanautomaticallytriggeranadditionaldeploymentforthisservicetoincreasethethroughput.

Whilethisisapplicationdependent,forinfrastructureservicesthiscanbecomequitehandy.ThinkofESXihostautodeploymentsifcomputepowerisbecomingaconstraint,ordatastoredeploymentsifdiskspaceisrunninglow.Ifthisautomationisactingtooaggressiveforyourorganization,itcanbeusedwithanapprovalfunction.Oncethemonitoringdetectsashortcomingitwillaskforapprovaltofixitwithadeploymentaction.

Insteadofgettingane-mailfromyourmonitoringsystemthatthereisaconstraintidentified,yougetane-mailwiththeconstraintandtheresolvingaction.Allyouneedtodoistoapprovetheaction.

Theself-scalingdatacenterAsimilarprincipleistouseacapacitymanagementtooltopredictthegrowthofyourenvironment.Ifitapproachesatrigger,thesystemcanautomaticallygenerateanorderletter,containingallneededcomponentstosatisfythegrowingcapacitydemands.

Thiscanthenbesenttofinanceorthepurchasingmanagementforapprovalandbeforeyouevengetintoanycapacityconstraints,thenewgearmightbeavailableandreadytorun.However,considertheregularturnaroundtimefororderinghardware,whichmightaffecthowfarinthefutureyouhavetosetthetriggerforsuchfunctionality.

Bothofthisopportunitiesaremorethanjustnicetohaves,theyenableyourdatacentertobetrulyflexibleandproactive.DuetothefactthatanSDDCisofferingahighamountofagility,itwillalsoneedsomeself-monitoringtostayflexibleandusableandtofulfillunpredictabledemand.

SummaryInthischapter,wediscussedthemainprinciplesanddeclarationsofanSDDC.Itprovidedanoverviewoftheopportunitiesandpossibilitiesthisnewdatacenterarchitectureprovides.Also,itcoveredthechangeswhichwillbeintroducedbythisnewapproach.Finally,itdiscussedtheimplementationjourneyanditsinvolvementwithpeople,processes,andtechnology.

Inthenextchapter,wewilldivedeepintoidentifyingtasksandprocessesforautomationwithinthedatacenter.ItwilldiscussinmoredetailwhatlevelofautomationanSDDCrequiresandwhystandardizationisveryimportantforautomatedservicesdeployment.

Chapter2.IdentifyAutomationandStandardizationOpportunities"Ajourneyofathousandmilesmustbeginwithasinglestep."-LaoTzu

Inthiscase,itisthejourneyofbuildingtheSDDCandfullyautomatingyourdatacenter.Automationisthekeywordanditisveryworthwhiletospendafairamountoftimetoidentifytasksforautomation.Thedifficultpartisautomatingtherightthings,efficientlyandhelpfulforthedailyoperationsofamoderndatacenter.

Automationitselfisnotanewtopicwithinadatacenter.Therehasalwaysbeenautomationpresentinformofscriptscalledbydatecontrolledtaskmanagers.IntheLinuxworld,itisusuallycrondcallingcommand-linescripts.InWindows,thiscanbedoneusingthetaskmanager.

However,theSDDCautomationapproachisbiggerthanalocaltaskbasedautomation.Itneedstointroduceautomationacrossmanydifferenttools,infrastructure,anddepartments.Thereforeitneedstobecontrolledandmanagedbyacentralinstance,whichoftenisreferredtoasanorchestrator.Also,thereneedstobeoneplacewherethisautomationiscontrolledandmanaged,otherwiseitwillbecomeverydifficulttoimplementchangesandupdates.

Beforeyoustartandautomateeachandeverymanualtaskinthedatacenteritisimportanttothinkaboutwhatmakessenseandwhatdoesnot.Also,thepartnerofautomationisstandardization.Withoutstandards,itwillbeimpossibletoautomate,sinceworkflowswillhavenosenseforexceptions.Itisimportanttodefineapathforcertaintasksandthenrigidlyfollowit.Thereforetheimportantstepistomakesurethispathisvalidandwellworkingbeforeautomatingit.

Thischapterwillcoverthefollowingtopics:

AutomationprinciplesandbestpracticesComparisonofascriptversusaworkflowIdentifyprocessestofindapathforautomationIdentifyyourITdeliveryframeworkStandardizationofrepeatabletasksExamplesofappliedstandardizationandautomationapproach

AutomationprinciplesAutomationisatopic,whichseemsquitesimpleandstraightforwardatafirstglance.Mostlyitisseenassimpleas:

1. Findarepeatabletask.2. Createascriptorprogramtoreplacethemanualsteps.3. Addittoatriggerorschedulerforrepeatedexecution.

Whilethisistruefortheactualscriptingthefirstpointismaybethemostimportant.Therearemanytasksinamoderndatacenter,butnotallaregoldcandidatesforautomation.

DaytwoautomationAutomatingdailymanualtaskswhichareimportanttorunandoperatethedatacenterandoftenperformedbyadminsareso-calleddaytwooperations.Normallyeachdatacenterhasquiteafewofthemhappeninginthebacktokeeprunning.Theveryfirststepintotheautomationworldshouldbetoproperidentifyanddefinethosetasks,aswellasfindarepeatableandclearwayofexecutingthem.Thereforeyoushouldthinkofafewcriteriatosuccessfullyidentifythosetasks:

OftenrepeatedperworkdayExecutionisstraightandlinearDoesnotrequirepatternrecognitionDonotrelatetoothertaskstofinishOptionalcriteria:Followarunbooktobeexecuted

Basedonthesecriteriatheremightbealreadyalotoftaskswhichcanbeautomatedtojustreducetheamountofmanualtimetorunadatacenter.IntheSDDC,itisallaboutincreasingtheefficiency.Also,thosetasksareoftennottheadminsfavoriteandmostprobablytheremightbealreadyscriptstosupporttheadminswiththeirmonotonetaskworkerrole.

The80:20ruleThisisanolderprinciplewhichbasicallydescribestheamountofworkversusthevalueaddataskorprojectcanbring.

Hereareafewexamplesoftypical80:20ruleclaims:

80percentofworkisneededtofinalizethelast20percentofaproject.

80percentoftaskscanbeeasilyautomatedbut20percentarerealdifficulttotackle

Thisisaveryimportantruletofollow,picktherighttasksforautomationattherighttime.Assimpleasthat.BasedonrealSDDCprojectexperience,alotofimplementationsfailbecausethisrulewascompletelyignored.Itisimportanttopickthe80%oftaskswhichareeasytoaccomplishandtherearemultiplereasonsforfollowingthisstrategy.

Firstofall,itisanewITprojectsoeverybodywillwatchcloselywhatishappening.Itismuchbettertohavealotoflittlesuccessfulthingsgoingon,thanonebigsophisticatedprojectwheretheoutcomemaybeunclearforacoupleofmonths.

Second,itgrowsconfidenceintheteamandwiththemanagerthatthiswholeSDDCprojectistherightthingtodo.Succeedinginsmallautomationchunksistranslatedtosucceedingwiththebiggercomplexorchestrationtasks,whichwillcome.

Third,itisimportanttogainallthisexperiencewiththesesmallertaskssincethemostcomplexoneswilldefinitelyrequireeverylessonlearnedfromtheformerautomationprojects.

ThisleadstothesecondimportantprinciplewhenitcomestoautomationandanySDDCitself.

Thinkbig,startsmallThisisasimportantasthe80:20rule.Keepaneyeonthebigpicture,butstartsmalltogetquickwins.Asmentionedbefore,quickwinsareimportanttomakeeverybodybelieveintheprojectitself.Also,ithelpstoadvertisethevalueoftheoverallSDDCinsmallerchunksandsuccessnews.Thosetwoprinciplesplayverywelltogetherwhenitcomestoautomationandshouldbekeptinmindforallupcomingautomationrequests/tasks.Forthistoworkproperly,thereareafewpractices,whichmayhelptoeasetheworkoncomplexandbigtasks:

BreakbigtasksintosmallerchunksUsethe80:20rule(again)onthischunksCommunicateeachsuccessfulcompletionofachunkaswinRebuildthebigtasksbyrecombiningthesmallerchunks

However,cuttingabigtaskintosmallerpiecestoautomatethewholethingisonlyoneaspectofthisprinciple.Itisalsoametaphorforkeepingthewholecomplexityofadatacenterinmindandidentifiesrealisticandefficientwaystoautomateprocessesaswellasincreasetheefficiency.Thinkbigintermsofhowmanytasksarerequiredtosucceedinordertodeployaserviceintoyourdatacenter.Howmanytasksarerequiredtojustaddresourcesorevenchangearesourceallocationtoanexistingservice?

TheefficiencybottleneckEfficiencyandbottlenecksarenormallynottwothingswhichhavetoomuchincommon.Butwhenitcomestoautomation,thesetwocanaddupwhichnormallyhasthesideeffectthatitcompletelyzeroesoutanyefficiencyortimebenefits.Thereareafewexampleswhenthishappens,alotoftheseexamplesarebecauseofcommunicationissuesorbecauseofalackofstandardization.

Thereisagoodchancethateachdepartmentlooksattheirowntasksandtriestoautomateasmuchaspossibletomakethemsmootherandquicker.Butthisisactuallyquitedifficultifthewholeprocessisalsodependentonotherdepartments.Sotheymightkeepworkingontheirendoftheprocesstomakeitasefficientaspossible.

Thereisoneveryprominentexampleofthisefficiencybottleneck.Itwasusedtointroducevirtualizationandwasusedalottoshowitsgreatness.

Createaserver(VM)in5minutesinsteadofanhour!

Wow,yousavenearlyanhourbyusingvirtualizationandittakesjust5minutestocreateanewserver.Thisisanimprovementof92.6%!

Buthowlongdoesittaketodeploythewholeserviceacrossalldepartments?

Iftheoveralldeploymenttimeofaservicemighttakeupto90workdays,theimprovementontheserverinstallationisonly0.02%(rounded)oftheoverallprocess.

Soitisimportanttoknowthescaleofataskorprocessandthenstartimprovingit.Theremightbeareaswhichareconsumingalotoftimebecauseofmanualwork,automatingthemmightbeaddingmorevaluetotheoveralltimesavings.

However,thisdoesnotmeanthatthetimeimprovementsduetoautomation(virtualization)arenotimportant.Itdoesonlymeanthattheyareapieceoftheoverallpuzzle.Thethinkbigapproachaddressesthewholeservicedeliveryprocess,thestartsmallstepintheoverallprocessmightbetointroducevirtualizationtoinstallaserverin5minutes.Butthebigpictureneedstobekeptinmindtorealizethewholeprocess.However,automatingtheentiredatacenterneedsasolidbasisandthereforealotofthesesmallstepsarerequiredtoformthebiggerprocess.Thebettertheseworkontheirown,theeasiertheycanbehandledbyautomationlateron.

BringingitalltogetherThesefourprinciplesshouldhelpandguideeveryonewhoiswillingtointroduceanSDDCandstartautomatingtheirdatacenter.Theyarerelevantforthewholedatacenterandalldepartments.Asingleplayercannotaccomplishthis,allhavetobeaboardreadytorevolutionizethewayITisdelivered.InatypicalSDDCproject,itisimportanttostartbyidentifyingthescopefirst.ThescopecontainsthemainfunctionalitiesoftheSDDC,whichmightalsobetranslatedtothemostimportantautomationfunctionalitiesanSDDCshoulddeliver.

Itcontainsatleastoneserviceorapplicationandthecompleterolloutofthisservice.Alltasksandnecessarystepsaredocumentedandknownbyeachpartywhoisinvolvedintheoverallautomation.Theservicehasbeenchosenbyapplyingthe80:20rule,soitshouldbeonewhichiseasyenoughtobeaccomplishedinareasonableamountoftime(quickwin).Allstepsbetweendepartments(process)areknownandcanbeautomated.Also,third-partyintegrationisunderstoodandcanalsobedonebyusingworkflowsandautomationprinciples.

Congratulations,youhavesuccessfullychosenthestartingpointforyourSDDC!

ScriptorworkflowItisimportanttounderstandthedifferencesbetweenaworkflowandascript.Asmentionedearlier,scriptsarewellestablishedintheITandoriginallywerecreatedtocompletesmallertasksfasterthanahumancould.Typically,scriptsprovideasinglescriptinglanguagelikeBashscriptsinUNIXorPowerShellscriptsinWindows.Theycanalsobeusedtoaddresscomplextaskscallingotherscriptsintroducingmultiplelayersofrelationstosuccessfullycompleteatask.Byfollowingthislogic,itcangetveryconfusingverysoon.

Thesescriptshavetohavelogictowaitfortheirsubscriptstocomebackwithstatusinformation(success/failure/idle).Thisstatusqueriesarenotassimpleasitsoundsandsometimesrequiresanownscript,justtotakecareofallthesubscriptsrunning.Also,theycan'tsimplybestoppedsincetheyhavenocontroloverthesubscriptsrunninginthebackground.

Oftenscriptsaremaintainedbyasingleadmin,whoisawareoftheirlogicandfunctions.Thescriptscanberunwithouttheadmin,buthemightberequiredtodotroubleshootingortoaddadditionalfeatures.Itisbestpracticetohaveacentralscriptinghostrunningallrequiredscripts.Butthismightonlybetrueforthesolution/scriptinglanguagethescriptisusing.

TheLinuxteammighthaveacentralLinuxhost,theWindowsadminsdoitfromaWindowssystem,thenetworkadminmayhavetheircompleteownintegrationandthestorageadminhassomerunbooklikeinstructionstoconfigureagivenstoragearray.Finally,theSANadminsmight

usesomeSSHcombinationtoaccesstheirfiberchannelswitchesandcreate/changethezoningonceinawhile.

Allthismighthaveworkedperfectlyinthepast,butonceyouentertheSDDCera,theseconceptscannotkeepupwiththemassivescale.Thatdoesnotmeanthattheirlogicandhardworkisautomaticallylost.Butthereneedstobeacentralsystemwhichiscallingandmanagingallautomationtakesoverallrequireddepartments.Thisiswhatmostsoftwarevendorscallanorchestrator.

Typically,anorchestratorisrunningworkflowsinordertoautomatetasks.Theorchestratortakescareoftheschedulingandmakestheworkflowsalsotriggerableiftheyneedtorunondemand.Itcancallaworkflowfromaworkflow,butkeeptherelationandtracktoquicklyshowwhatiscurrentlyrunning.Itkeepstrackofallthereferencedworkflowsandtheirstatusandprovidesaframeworktoeasilymakethestatusofdifferentworkflowsavailabletotheoverallworkflow,withoutacomplexlogictothinkof!

Sotheorchestrator'sjobistokeeptrackofitsrunningworkflowandtheirstatus.Thisenablessomegreatfunctionality,whichisonlylimitedavailableforscripts.Youcanpauseaworkflowincludingitssubworkflows.Youcanstopaworkflowandautomaticallyknowwhatchangeshavebeenmadealready.Youmightevenbeabletorollbackchangesfromaworkflow.Thisprovidesalotmoreflexibilitythanascriptcould.Also,ifaworkflowfailsyoucouldtroubleshootandrunitfromwhereitstopped.Thisprovidesgreatflexibilityintermsofdevelopingandqualitycheckingautomation.

Besidesthat,allyourworkflowsstayinoneplace,beingabletorunendeditbymultipleusers.Normallyanorchestratoralsoappliesaversioningmodelinordertomakesurethateachworkflowisusingitsmostrecentversionincludingallitschangesandaddedfunctions.Changingbetweenversionsisasimplemouseclickandupdatestheentireworkflowlibrary.

Withinaworkflow,thereistypicallyscriptingelementsresponsibleforcallingcertainautomationfunctionwithtargetinfrastructure.Thebrilliantthingaboutaworkflowis,itisnotlimitedtoasinglescriptinglanguage,itcancallwhateverisrequiredatthisstep.TheworkflowcanstartbydoingtheRESTcall,continuetotalktovCenterandendbyprovidingdataviaSQLintoadatabase.Thatofferaveryhighlevelofflexibility,plusyoucanuseexistingscriptsandcalls.Allyouneedtodoisadaptitintotheworkflowsbyensuringthatdatacanbesharedacrosstheseworkflowsteps.

SincethiswillbuildthebackboneofyourSDDC,itisimportanttocreatesimpleandsmoothrunningworkflows.Thereareacoupleofbestpracticestofollowwhenyoucreateworkflows:

Pickasimpletasktostartwith(80:20rule)KeepthescriptingwithintheworkflowstepsasshortandsimpleaspossibleIfaseriesofstepsisusedmultipletimesinaworkflow,thinkofcreatingasubworkflowcontainingthesestepsKeepinmindthatitwillbeeasiertomaintaintobreakcomplexworkflowsinsmallerworkflowstocallForeverysubstantialchange,changetheversionoftheworkflowUsereasonableandunderstandablestatusmessagesforworkflowstepsThinkofpossibleerrorsandimplementtheerrorhandlingintheworkflow

Toleverageallfunctionalitiesanorchestratorwithworkflowshastoofferitisimportanttofollowthatrules.Atthebeginning,itmightfeelstrangetohaveonly10linesofcodeinascriptedelement,butthatquicklybecomesnormalandfamiliarwhencreatingaworkflow.Ifyouaredoingalotofscriptingalready,thismightpossiblybethebiggestchange,trytopreventyourselffromwritinglongandcomplexstepsinaworkflow.

Anexampleworkflowcouldlooklike:

1. QueryaVMsassociateddatacenterviavSphereAPI.2. QueryaVMsassociatedclusterviavSphereAPI.3. Composetheinformationintovariables.4. CreateanSQLstatementusingthesevariablestoinjectintotoaCMDBdatabase.5. Providestatusmessage(success/failure).6. Endworkflow.

Noweachofthiscanbedonewithasinglelineofcode.ThisisjustasimpleexampleofapossibleITILautomationfunctionality.Withthemixoflanguages(vSphereAPIandSQLcode)andthepossibilitytosharevariablesacrosssteps,itmakesitquiteeasytoaccomplishthistask.

Anorchestratorandworkflows,ingeneral,shouldmakecomplexautomationtaskseasytocreate,butkeepinmindthatithighlydependsonthewaytheworkflowsarecreated.Thisiswhyyouneedtoapplytheautomationprinciplestotheworkflowsinordertofullyleverageallworkflowbenefits.

IdentifyingprocessesandhowtoautomatethemThisisoneofthemaindiscussionpointswhenitcomestoanSDDC.Theconceptofautomationacrossdepartmentsisdependentonthepre-existingprocesses.Thefirststepofautomatingthemisactuallyidentifyingalltheirstagesandrequirements.ThismightbeatrickytaskbutisveryimportantforapplyingallSDDCbenefitslateron.

Howwouldaperfectprocesslookliketobeautomated?

CleardefinedstepsandstationsTheexecutionoftheprocessispreapproved;noapprovalsrequiredduringruntimeWelldefinedrequirementsandoutcomesforeachstationAllusedtoolsareprogrammable(API,scripts,CLI,andsoon)Allendpoints/toolscanbereachedfromasinglelocationAll(yet)manualtaskscanbeautomatedusingworkflows

Again,thisreflectsthedescriptionofaperfectcandidate.Theremightbeachancethatyouhaveprocesses,whichfulfillonlypartsofthesecriteria.Ifthatisthecase,itisveryimportanttobeabletochangethepartoftheprocess,whichdoesnotfitintotheautomationcriteria.Thishappensfromtimetotimesinceprocessesarelessoftenchangedthantools.Also,somepracticesinaprocessmightbeprovenbuthaven'tbeenrevisitedforalongtimeandcanbethereforeoutdated.

Hereareexampleswhereitbecomesquitedifficulttoautomateaprocessbecauseofsuchsteps:

Manualdataentry:SomeorganizationsmanagetheirinternalITassetsbyExcel.SometimestheyeventrackIPaddressesandhostnamesusingthisversatiletool.ThebigproblemwithExcelis,itisnotprogrammablefromtheoutside.

Recommendedchange:Iftheprocessrequiresmanualdataentrysteps,itishighlyrecommendedtorethinkthesesteps.Byhavingallprocessstepsautomated,theneedformanualdataentrymightalreadybeirrelevant.

Sinceanorchestratortakescareofalldataentriesitcanalsoprovidetheprocessoutcometoanyprogrammableinterface.

Noprogrammabletools:Therearetoolsinthedatacenter,whichmaylackanAPIorsimplyhavenodocumentationfortheirAPI.However,theymightbeusedforimportantstepswithinaprocess.SomeofthesemaybeusedasCMDBandothersmaybesimplyusedtotracktheprogressandthecurrentstageoftheprocess.

Recommendedchange:Firstrevisitthepurposeofthetoolandprovethatitisstillvalidand

requiredtocompletetheprocess.IfthisisthecasetrytofindawaytoingestorextractdatafromthetoolevenwithoutanAPI.

Thinkoutoftheboxandexploreallfeasiblepossibilitiesforthesetools.Ifadatabaseisused,maybeSQLcommandscanbeleveraged.SometoolssupportingestionofdataviaXMLfiles.OthersmayhaveanimportorexportfunctionalityforCSVorfeatureacommandlinetobeused.

IfthereisabsolutelynowaytoprogramthetoolwithoutaGUI,itmightbenecessarytoeitherchangetheprocesstoworkwithoutthistoolorreplacethetoolwithonewhichfeaturesanAPIoranyotherprogrammableinterface(fileimport).

Onceyouhaveidentifiedallstepsoftheprocessandalltoolsandactionsrequired,itisreadyfortheautomation.Trynottocreateagiantworkflowtocovereverything,breakitinsmallerworkflows.Maybeoneworkflowforeachtooltointegrate,oroneforeachmajorprocesstaskorstep.Byusingthismethoditwillbequiteeasytoreplaceatoolorchangeastepintheprocess,simplychangethecorrespondingworkflowandlettheUberworkflowcallit.

Thisisalsocalledmodularapproachandshouldbeappliedtokeeptheworkflowautomationsimpleandmaintainable.

Byapplyingthemodularapproach,youalsoensurethatyoucanaccomplishtheautomationofevencomplexprocesses.Itisbasicallytheuseofallbestpracticesdiscussedearlierforautomation.Thisapproachwillalsograntthatyoucancommunicateeverysmallsuccessasabigwin,everytimeonestepoftheoverallprocessrunsasaworkflow,thatisawin.Donotforgettocommunicateit,sincegoodnewswillhelptheentireITtosuccessfullyfinishanSDDCproject.

ITdeliveryframeworksEachIThasitsowndeliveryframeworks.Evenifitisatinycompany,therearesometoolsandactionswhichneedtobeperformedtosuccessfullydeliveranyapplicationorservice.Thetermframeworkmeansbasicallythatitisapredefinedroutineorsetoftoolswhichshouldmakeitsdeliveryeasier.Thesenormallyconsistoutofinstallationtoolsusedforapplicationdelivery,deploymenttoolsforOSesandconfigurationtoolsforinfrastructure.Alltogethertheyformyourdeliveryframework.

ITisimportanttounderstandwhatfunctioneachtooliscovering.Sometimestherearetoolswhichalreadycoverapartofaprocessoranentireprocess.Thenitisimportanttounderstandhowtointeractwiththosetoolsandatwhichpointtheautomationhastohandoverthetasktothistools.Averypopularexampleisticketmanagingsystems.Inbiggercompanies,theyaretypicallypartofthedeliveryprocess,eventhoughtheyservearatherpassiverole.However,theydocovernormallyquiteabigpartofotherprocessessuchaschangemanagement,releaseplanningaswellastrackingservicedeployments.

ThereisamisbelievethatITILplaysnoroleinamodernSDDC,thatisactuallynottrue.ITILisstillvalid,withthedifferencethattheintegrationcannowbedonecompletelyautomatically.Thisguaranteesitscompletenessovermanualdataentryandalsohelpstorelievesometedioustasksfromtheadministrators.ThisisatypicalexampleofanITdeliveryprocesstakingcareofallthetechnicalorchestration,handingoverallnecessaryinformationtotheticketingsystemandthen,ifitgotasuccessfulreturn,continuingthetaskandclosingtheticket.

Ifthisisalreadyinplace,respecttheticketingandchangeprocessandconcentrateonthetechnicalhandoverwithinyourautomationworkflows.

ThesamecomestrueforCMDB.ThisisatypicalITILrequirementandcontainsandmaintainsallsoftwareandhardwareconfigurationswithinadatacenter.Itismeanttoholdthisinformationinordertokeeptrackofchangesaswellasknowingwhatisdeployedandrunninginthedatacenter.Youmightnotfindthisinsmallerdatacenters,butinbiggerones,withthousandsofserversandhundredsofapplications,itmightbecomenecessarytomaintainaCMDB.TokeepthesesCMDBsaccurateisoftenoneofthelesspopularthingstodoforanadministrator.Sometimestheyarealreadyusingdataoutoftheticketingsystem.Sometimesacompleteconfigurationdatasethastobeprovidedplustheticketingsystemisrequiredtofileachange/support/deploymentrequest.

However,withthepowerofautomation,alsothisdataentrycanbetakencareofbythetechnicaldeploymentworkflow.AllweneedistoknowwhichdataisrequiredtogointotheCMDBandifwecanuseanAPItosimplyhandthedataover.Also,eachtimesomebodyrequestsachangewecanupdatetherecordtokeepthedataaccurate.Finally,onceauserhasdecidedtoremoveaworkload/application,automationcaneventuallymarktherecordintheCMDBasapplication

deleted.

ThesearestepsoftheITdeliveryframeworkwhichtypicallyformabiggerpicture.SincealldepartmentshavetoaddtheirdatatoaCMDBorusetheticketmanagementsystem.Thismeansthatautomationwithinthedatacentermakesthejoboftheteamseasiertokeepthiskindofinformationaccurate.Butitisimportanttoknowwhenandwherethesetoolsareusedandwhatdatagoesintothem.

WhatifnoCMDBorticketmanagementisinplaceOntheotherhand,ifyourorganizationisnotusingaCMDBorticketmanagementsystemyet,thegoodnewsisthatalotoftheSDDCfunctionsandfeaturesarequitesimilartotheseframeworks.Therefore,youdonotneedtospecificallyintroducetheseconceptsalltogetherwiththeSDDC.YoucouldsimplydeclarethewaytheSDDCmanagementhandlesdeploymentsasyourchangeandconfigurationmanagementstandards.SinceintroducingaproperticketmanagementsystemmightbeascomplexasintroducinganSDDC,youmightconsiderusingtheSDDCsoptionsfirstandthendecideifitisfulfillingyourrequirements.However,therearesomeregulationswhichmightstillrequireaCMDBorticketsystem,toensurecompliancestandards.

Allthisispartofyourframework,byidentifyingyourinternaldatacenterprocessesyoumightalsoidentifyhowyourdeliveryframeworklookslike.Alwayskeepinmindthatthisisrelevantforallinvolvedpartiesanddepartments.Itdoesnotmakesensetohaveitfullydocumentedfortheserverdepartment,buttheprocessesandtoolsforanyotherdepartmentsaremostlyunknown.AlwayskeepinmindthattheSDDCwilltoucheachandeverypartofyourdatacenter,evenifitmighthaveabigshareintheserverunit,itcanandwillnotworkwithouttheparticipationofeveryotherdepartmentinthedatacenter.

Achievingstandardization

ThisismaybethebigtopicwhenitcomestotheSDDCorautomationitself.Forscriptsandworkflows,itisparamounttoadheretoastandardindoingthings.Ifalldeploymentsconsistofsomeexceptionsitmightbeimpossibletouseautomationtodeploy.Normallythereareafewtasksinadatacenter,whichhavealreadybeenstandardized.Thereareafewfactors,whichpointoutthatsomethingisalreadyfollowingastandard:

ThereisaformtorequesttheserviceTheserviceisdeployedaccordingtopresetchoicesThesechoiceswillmodularfitmostrequirementsTheremightberunbookstocreateanyconfig/deployanyserviceThereisacatalogofservices

Typicallyanyofthesethingsdescribethestandardizedsetupofaservice.Standardizationbasicallystandsforeasilyrepeatableactions,basedonpredefineddataentryforms.Thisiswhystandardizationgoeshandinhandwithautomation.IfeverydeploymentisdifferentandeveryOSiscustom,ifeverynetworksettingisuniqueandeverystoragerequirementisdifferent,itwillbeimpossibletoautomateitinastraightforwardmanner.Workflowsareperfectforapplyingstandards,butonlylimitedusableforexceptionsandcustomizedinstallations.

Therefore,oneofthemostimportantthingstodobeforecreatinganSDDCisensuringstandardizationisinplace.Thegoodnewsisalotoforganizationsalreadyhavesomekindstandardizationinplace.

Thereareareaswherestandardizationistransparentfortheenduser:

Inthestorageteam,thepoolsize,logicaldevice(LDEV)sizeorlogicalunitnumber(LUN)sizecanbesetinchunks(forexample,100GBsteps)Inthenetworkteam,IPs/networksmayberequestedatapoolorrangelevel(forexample,

20addresses)Intheserverdepartment,VMscanberequestedusingpredefinedcomputeandmemoryvalue1vCPUwith2GBRAM,2vCPUwith4GBRAM,andsoon

However,therearestandards,whichmightinfluencetheusermorethantheinfrastructurestandards.Mostly,thoseareOStoapplicationcombinations.OronlycertainOStypesaresupportedfordeployment.Typically,organizationstrytokeepthezooofOSesandapplicationsassmallaspossibleandasbigasnecessary.Therefore,mostlytheysupportsomeversionsofWindowsaswellassomespecificLinuxdistributions.

TheseareoftensetbytheITgroupitself.JustkeepinmindthatforeveryOS/applicationyouwanttosupport,youneedtohavesomebodywhocanhelpyoutroubleshootandfixproblemswhichmayariseontheseplatforms.

DeploymentstandardsAlso,sometimesstandardizationcanleadtotheintroductionofso-calledrunbooks,whichareneededtoinstallanOSoranyapplicationontopofit.Theserunbooksneedtobeasuptodateaspossibletostayrelevant.SosomebodyneedstoproveallthestepsoverandoverandupdatethemastheOSes/applicationsdevelop.Thisoftenisafull-timejobandconsumesalotoftime.Therefore,someITdepartmentstrytokeepthisatalowprofile,topreventtheirstafffromconstantlyupdatingthoserunbooks.

Arunbooktypicallyisadetailedstepbystepguidewhichiseasytofollowbyanadministrator.Normally,theyarewritteninawaythatevenanewemployeecanfollowtheirinstructions.Biggerorganizationscanhavemultiplerunbooksfortensorhundredsofusecases.However,sincethisisareadandcopyexercise,thisworkmightbequiteerrorproneforadministratorswhoaredoingitforthefirstcoupleoftimes.

Thegoodnewsisthatwithautomation,thisistakenoverbytheorchestratorrunningtheworkflows.Theworkflowreplacestherunbookandiswayquickerthanahumanincompletingthesteps.Also,ithasnoissuesindoingthesamestepsoverandoveragain.Thisiswhystandardizationandautomationgosowelltogether.

Insteadofmaintainingtherunbooks,administratorsorservicedesignersnowkeeptheworkflowuptodate.

Byfollowingthemodularapproach,thisshouldbequitesimpletodo.Oncetheworkflowisupdateditcanberuntorecheckitsfunctionality.Noonewillhavetositthroughallthestepsandcopyonthescreenwhat'swritteninabook.

Beforeautomation,standardizationwaslimitingyourserviceportfoliobutenhancingyourefficiency.WiththeSDDCyoucanactuallybroadenyourportfoliowhilestillkeepingstandardizationwiththepowerofautomation.Indeed,youwillbeabletoaccomplishmoretasksthanbefore,withenhancedefficiencyanddiversity.

OrganizationautomationexamplesManythingshavebeencoveredalready,butthissectionshouldgiveanoverviewwhattothinkaboutwhenitcomestoautomationandstandardization.Also,itwillhighlighthowactualprojectsdealtwithchallengesandrequirementswhichwerediscoveredduringtheworkflowcreation.

Often,notallrequirementsforadeploymentordeliverytaskinadatacentermaybeknownbyalladministrators.Thisisbecausetraditionally,everyoneisfocusingontheirowntasksuntiltheyhanditovertoanothergroupordepartment.

SimpleVMdeploymentThemissionsoundsquitesimple:DeployaVMinadatacenteroutofaportal.Theserveradministratorinofusmightthink:Easy,justcreateatemplatefortheOS,addsomecustomization(hostname,IP)andthat'sit.

Indeed,thefirststepwastocreateatemplatecontainingtheOS.ButthereisalsoarequirementtousethemostrecentversionoftheOSforeachdeployment.

ThefirstsidetaskwastocreateaworkflowwhichensuresthattheOStemplateisasuptodateaspossible.Thiswasnecessarytopreventtheinstallationofahugeamountofpatches,whichmayslowdowntheoverallsetupprocess.

Oncethishasbeencreated,theorganizationdecidedthatitisbesttohavemultiplestorageperformanceclasses.ThiswasalreadyintroducedforthemanualinstallationofVMsandmustbeavailableforautomatedinstallationsaswell.

ThesecondsidetaskwastouseaworkflowtoidentifytherightdatastoretoputtheVMonto,basedontheselectedperformanceclass.Also,ItneededtobeensuredthattheworkflowisnotsimplyfillinguponedatastorebutdistributingtheVMsacrossallpossiblematches.

Afterthathasbeenaccomplished,thejourneycontinued.ThisorganizationhasanIPaddressmanagementtoolinplace.ThesetoolstypicallyreserveIPaddressesoutofapoolandalsoworkasanorganization-wideDNSserver.

ThethirdsidetaskwasthattheIPaddressrequesthastobeforwardedtothattooltoentertheVMshostnameandcreatetheproperreservationrecord.Also,thisworkflowhastoremoveIPaddressandhostnamereservation,oncetheVMisdeleted.

Afterthiswassuccessfullyaccomplished,theOShastobebroughtintotherightADorganizationalunit(OU).TheOUisactuallydependentontheuser/departmentwhorequestedtheVM,alsotheusershouldbeentitledtotheVMtoactuallylogintotheOSwithitsADaccount.ItwasalsorequestedthattheusercanspecifyagrouporotheruserswhoshouldhaveaccesstotheVM.

ThefourthsidetaskwastogetalltheinformationeitherautomaticallyorbyaformfromarequestortoputtheVMintherightOU.ThencreateaworkflowwhichaddsacomputeraccountinthisOUandentitlestherequestoraswellasadditionalusers/groupstobeabletologintothe

newOS.Also,thisworkflowneedstoremovethecomputeraccountandtheuserentitlements,oncetheVMiseventuallydeleted.

Furthermore,theorganizationisusingaCMDBtotrackalldeploymentsandchanges.ForeachandeverynewcreatedservertherehastobeaspecificdatasetenteredintotheCMDB.

ThefifthsidetaskwastocaptureallrequiredCMDBdataliketheCPU,RAM,anddiskoftheVM.Butalsoonwhichclusteritisdeployedandinwhichdatacenteritisgoingtoreside.Again,allthiswasdoneinaworkflowwhichalsohasthepossibilitytoadddeletedtothecreateddatasetoncetheVMgetsremoved.

TherewheremultiplesitesandtherequestorshouldhavethechancetoactuallychoseinwhichdatacentertheVMwillbedeployed.Also,theyshouldhavethechancetochooseadisasterrecoveryoptionfortheVM.Also,abackupretentionpolicyshouldbeofferedtotherequestor.

Thesixthsidetaskwastoidentifyandofferthedifferentdatacenters.Also,aworkflowwascreatedtoinstantiatereplicationforselectVMs(iftherequestorchoosesthisoption).

BackupintegrationwasdoneusinganXMLfileinterfacetothebackupsystem,tellingitabouttheretentionpolicy(apresetstandardpolicy)andtheVMnameanddatacenterlocation.TheXMLfileisdynamicallycreatedbytheworkflow.Again,everythingtoberemovedoncetheVMgetsdeleted.

OncealltheseworkflowshavebeencompletedtheVMdeploymentcanactuallyrun.Thiswasmainlyrequirementsfromthecomputedepartmentandthenetworkrequirementswererathereasy(predefinedVLANtodeployinto).

However,itmayillustratehowquicklysimplelookingtaskscangetcomplicated.

SothetypicalthingstoaskwhenitcomesVMdeploymentsare:

ArethereanyspecialADrequirements?Arethereanyperformanceoptions(SLAs,classes)required?IsthereanyIPAMorDHCPreservationsysteminuse?Ismultidatacenterdeploymentrequired?IsreplicationoftheVMrequired?Isbackupintegrationarequirement?Doestheretentionpolicyforbackupneedstobeselectable?DoesthedeploymentdataneedtogointoaCMDB?

Additionalthingstothinkof:

Virusscannerintegration

Isworkflowbasedbackuprestorearequirement?PossiblenetworkandroutingconfigurationrequirementsOSupdateandtemplaterequirementsSecurityrequirements(hardening,creating/obtainingcertificates,andsoon)IntegrationofamonitoringtoolAnypossiblethird-partymanagementtoolintegration?

Therearemanymorethingswhichmightcomeupduringthiskindofdeployments.RememberthisisstillaVMwithanOSonlyinstallation.Onceanapplicationisaddedtothis,ormultiVM/serviceinstallationsthewholerequirementsgetevenmorecomplex.

However,thisexampleshouldillustratethatthereisoftenmorebehindasimplesoundingtaskthenonemightexpect.Beopentoaskingthesetypeofquestionsupfronteveniftheanswermightbeunknownforthemoment.Thebetterthepreparationisforsuchtasks,theeasieritistoputeverythinginanorchestrationframework.

ThehybridclouddeploymentThisisanothergoodexampleofanorganization,lookingtodeployoneoftheirkeyapplicationsintoahybridcloud.Typically,thetermhybridclouddescribesacloudsetupwhereanorganization'sdatacenterisvirtuallyconnectedwithacloudprovider.Therefore,servicescansimplyeitherbedeployedinthelocaldatacenter,orinthehybridcloudenvironment.

Thegoalwastohavethekeyapplicationrunninginthehybridcloudwithallnecessarysupportingsystems.Afteraworkshoptoidentifytheapplicationsrequirement,itturnedoutthatitconsistsoutofacoupleofapplicationservers,somewebfrontendservers,twodatabaseservers,andsomeadditionalhelperserversformaintenanceandorchestrationoftheapplication.Itwasalittlemorethan15VMsallwithdifferentfunctionsandOSes(LinuxandWindows)butallformtogetheroneapplication.

AnapplicationdoesnottypicallyonlyconsistoutofoneVMwithanOSandsomesoftwareinstalled.OftenVMsandsoftwareareonlycomponentsofbiggerapplications.Agoodexampleforthatiscompanywebpages.Thesetypicallyconsistoutofwebservers,applicationserversaswellasdatabaseserversforthecontent.Therearemanyapplicationswhichrequiremultipleserverstofunctioninadatacenter.

InordertobringalltheseVMstothehybridcloud,ithasbeendecidedtocreateagiantvirtualcontainer.Thiscontainerisbasicallyofferingavirtualnetworkinfrastructure(AppServ,DB,andwebserverareallrequiredtorunindifferentVLANs).Thisapplicationcontainerisautomaticallycreated(perAPI/workflow)tobetestedinthelocaldatacenter.Onceallthisissuccessful,thehybriddeploymentshallbetested.

Multipleweekswerespentonfinalizingthecontainercreationanddeploymentautomation.Thisisalreadyaquitecomplexandhighsophisticatedusecase,butitisdoablethroughautomationandworkfloworchestration.

Eventually,everythingwasreadyandcouldbeautomaticallydeployedinthelocaldatacenter.Sothedecisionwasmadetoputthewholedeploymentintothehybridcloud.

Sincethisapplicationisverymuchself-contained,thehybridclouddoesnothavetohaveaVPNtunnelintothelocaldatacenter.Thiswasalsorejectedduetosecurityreasons.

Thedeploymentwentfineandafteracoupleofhours,theapplicationwithallits15VMsanddatabasewasrunningonthehybridcloud.

However,unfortunately,itwasnotusable.NoadmincouldlogintotheVMs,allaccountsandusersappearedtobelocked.Also,theapplicationserverscouldnotcommunicatewiththedatabaseservers.

Theanalysisofthehybridclouddeployment

Alotofworkwasputintotheautomationandcontainercreationofthisapplication.Theapproachwasfinefromatechnicalpointofview.Buttheproblemwasthattheapplicationteamwasnotinvolvedwithallthiswork.Itwasa100%infrastructureproject.Oncetheapplicationwasdeployed,theVMstriedtoreachanADservertoverifytheuseraccounts.SincetherewasnoADserverdeployedinthehybridcloud,nobodycouldlogontotheVMs.

Also,therewasanexternalservicebususedtoinstantiatethecommunicationfromtheapplicationserverstothedatabasesystems.Thisservicebuswasnotpresentaswellinthehybridcloud.

Soifitcomestohybridclouddeployments,itisimportanttothinkabouteveryaspectofit.Keepinmindthatifthereisnodirectconnectionintoyourdatacenter,theremightbenoADorDNSorDHCPserveravailableforthedeployedVMs.

Keepthebigpictureinmindandaskquestionswhichmightbeobviousbutknowingisalwaysbetterthanguessing.

Thebetterapproach

Hybridcloudisagoodwayinordertoprovideresourcesforburstingorforcapacitywhichisrequiredonceforanapplication.Therearegoodexamplesthatthisconceptmakesalotofsenseandalsothatitcanworkflawlessly.

Inordertoensurethatthisworks,beawareoftherequirementsoftheseapplicationsandprovideavalidsolutionforthem.AnexamplecouldbetoclonesomeADservertoruninthecloud,ortohaveaverysolidsite-to-siteVPNlineinplace,whichservestheadvancedneedsoftheapplication.

Therearemanyglobalorganizationssuccessfullyleveragingthebenefitsofsuchanapproach.Besidestheperformanceorcapacityreasons,somedosoinordertohavetheservicelocatedclosertotheenduser.

Imaginethatanairlineprovidesamapservicetotheirpilots.Thisservicemightincludethemapsanddirectivesforeveryairporttheyoperate.Wouldn'titbegreatifthedatacanbederivedfromalocalsourceinsteadofalwaystravelingtheentireworldtogettothesepilots?Thisisaperfectusecaseforhybridcloudandmakestheapplicationevenbetterandmoreresponsivefortheendusers.

Whenitcomestohybridcloud,thinkoutoftheboxtoaddcapabilitiestoyourapplication,whichhasnotbeenpossibleinatraditionaldatacenter!

SummaryInthischapter,wediscussedthemainprinciplesofautomationandstandardization.Also,thedifferencesofworkflowsandscriptshavebeenhighlighted.Finally,twoexampleshavebeendescribedtogiveabetterinsighthowautomationandstandardizationmightbeappliedinareal-worldusecase.

Inthenextchapter,wediscussthefoundationoftheSDDCwhichisbuiltonVMwarevSphere.ItwillbemuchmoretechnicalandprovideadetaileddescriptionofusefulvSpherefeaturesandfunctionalitiesfitfortheSDDC.WewillalsorecapsomevSphereautomationbasicsroundworkloaddeployment,storagemanagement,andmanagementbestpractices.

Chapter3.VMwarevSphere:TheSDDCFoundationVMwarevSphereisthefoundationfortheSDDC.Itisthehypervisortobuildtherestoftheautomationandmanagementfunctionallyupon.Consideritasthebasementforyourdatacenterautomation.vSphereisoftenseenasthegiveninfrastructureprovider.Likearealbasement,itissometimesnotseenastheimportantbitofacloudorSDDCenvironment.

However,thisdoesnotmeanthatitisunimportant,aseverysupportorbasementinstallation;ifyoumakemistakeshere,yourwholeSDDCmightbeweakandloose.Also,vSphereisofferingautomation,whichisbuiltalreadyintothehypervisor.Whilesomeofthesefunctionsmightbenotasimportantfortraditionalenvironments,theyareahugetimesaverforanSDDC.EveryvSpherefunctionality,whichisofferingtimeandeffortsavingsshouldbestronglyconsideredfortheSDDC.

Ifyouhaven'talreadyconsideredanEnterprisePluslicenseforvSphere,youmaydosonow.EnterprisePlusisthemostfeature-richlicensingoptionforVMwarevSpheresupportingalotofhelpingandsometimesnecessaryfeaturesforanSDDC.Ifyouwanttoseeafulloverviewoffeaturesandfunctionalitiespleasevisithttp://www.vmware.com/licensing.

KeepinmindthateachbuildinfunctionalitywhicheasestheoperationofyourSDDCsavesyoufromcreatingworkflowstoaccomplishexactlythis.Automationisimportant,butyoudonotneedtoreinventthewheelandprogrameverythingyourself.Theprincipleweareapplyinghereis:Keepitassimpleaspossible.

Thischapterwilltouchonthefollowingtopics:

vSpherebasicsinanSDDCvSphereconfigurationconsiderationsfortheSDDCAvailabilityandresiliencyRecapofrecentSDDCrelevantvSpherefeaturesBestpracticesandgoodpracticestoconfigureyourvSphereenvironmentfortheSDDCBuildinvSphereautomationcapabilities

BasicsandrecommendationsforvSphereintheSDDCThischapterisnotdiscussinggeneralvSpherebasics,thetitlemightbeslightlymisleading.YoushouldalreadyhaveaprofoundvSphereknowledgeandknowyourwayaroundinvCenterserver.Also,youshouldknowhowtosetupandconfigureanESXiserver.However,inatraditionalvSphereenvironment,somefeaturesmightnotbeasimportantandthereforetheymightnotbeconsideredtobeused.Thischapteristotouchsomebasicfeatures,whichwillhelpyouinefficientlysettingupyourSDDContopofvSphere.

Alltheserecommendationsarebasedongoodpractice,buttheywillnotreplacetheneedforadesignofthevSphereinfrastructuretomeetyourSDDCsrequirements.ThevSpheredesignisaveryimportantpointandshouldnotbeunderestimated.

Besidesthat,herearesomevSphereprerequisitesforasuccessfulSDDCinstallation:

ChecktheinteroperabilitymatrixforallusedVMwareproductsEnsurethemostrecentversionofvSphereandvCenterisusedUpdateautomationforvSphere(updatemanager)isinplaceFullyworkingDNS;allcomponentscanberegisteredandresolvedAccessfromvCenterandSDDCcomponentsispossibleintotheESXimanagementLANvSpherecertificatesareallvalidandnotself-signed(includingPSC)NetworkTimeProtocol(NTP)serviceisavailableandusedbyallESXihostsvCenterrole-basedaccessispreparedaccordingly(serviceuser,read-onlyroles,andsoon)

Byfollowingtheserecommendations,youwillsavetimeandeffortwithinanSDDCimplementation.AlotofthemhavebeendesignedandintroducedbyVMwarewiththeSDDCideainthebackground.Everyfunction,whichsavesyoufromdesigningandcreatingitfromscratchfortheSDDC,shouldbeused.

DistributedResourceSchedulerDistributedResourceScheduler(DRS)isoneoftheoldestfeaturesofVMwarevSphereandhasreceivedalonglistofupdatesandenhancementssinceitsintroduction.Itsjobistokeeptheclusterbalancedintermsofresourceusage.ThisdoesnotmeantokeepthesameamountofVMsoneachhost,thisisapopularmisbelief.ItwillcontinuouslymonitorVMresourcedemandslikeCPUandmemoryanddecidewhichhostmightbeperfecttofulfillthose.ItisanautomationroutinetomanagetheVMdistributionwithinaclusterandalsotoapplyself-healingvMotiononcetheresourcedemandcan'tbemetanymore.DRSisbeingconfiguredinthevSphereclustersettingsandhasacoupleofdifferentmodesitcansupport:

GradeofautomationLevelofaggressivenessVMgroupsHostgroupsAffinityrulesAnti-affinityrulesHostaffinityrulesResourcepools

Mostly,DRSgetsenabledandsometimesthereareacoupleofaffinityrulesconfigured.MostorganizationsapplythedefaultsandletDRSdoItsthing.Somesettheautomationleveltomanual,inthatcase,anadministratorcandecidewhathappenstoaVMtobemigrated.DRSwillaskiftheVMcanbemoved,andmoreimportant,alsowheretopoweronnewVMs.

OneoftheothermajorthingsDRStakescareofisadmissioncontrol.

Thismeansthat,basedontheutilizationandresourceavailability,DRSdecideswheretostart/deployaVM.ThisisaveryimportantfeatureifyouwanttodeployVMsautomatically.

ItishighlyrecommendedtosetDRStoFullyAutomatedinanySDDCenvironment.ThisenablesvSpheretochoosetherighthostfordeployingorpoweringonVMs.Theaggressivenessmightbesettomediocre,dependentonyouraverageworkloadprofile.Ifyouignorethissetting,yourclusterorhostsmightbeunbalancedwhichcanleadtosevereperformanceissues!

Theaffinitysettingisamorecomplextopic.AnySDDCwillalsoworkwithoutsettingaffinitytoVMsorhostgroups.However,theremightbeapplicationswhereyourequireaffinitygroupsorVManti-affinity.Justtorecapwhataffinity/anti-affinitymeans:

AVMshouldrunonthesamehostasanother:VM=VMaffinityAVMshouldnotinonthesamehostasanother:VM!=VManti-affinityAVMshouldrunonaspecifiedgroupofhostsinthecluster:VM=hostgroupaffinityAVMshouldnotrunonaspecifiedgroupofhostinthecluster:VM!=hostgroupanti-affinity

TheForceAffinePowerOnsettinginadvancedDRSshouldalsobereviewed.ThisswitchcancontrolwhatshouldhappentoVM-to-VMaffinityifthereisaresourceissue.Ifitissetto0,itmeanstheVMscanstillpoweronwithoutrespectingtheaffinityrule.Ifitissetto1,theVMscannotbepoweredoniftheaffinityrulecannotberespected.However,thissettinghasnothingtodowithVM-to-VManti-affinity!

Forhostgroups,thereisadifferencebetweenshouldrunandmustrun.Beverycarefulifyouchoosethelatterone.ItmeanstheVMcannotviolateitshostgroupaffinitypolicy,evenifit'soriginalhostgrouphasanoutage!

AffinityrulescanalsoaffectvSphereHighAvailability(HA),beverycarefulifyouuseMustrunonhostsingroupsettings,remembertoconfigureHAaccordinglyandallowittoviolatetheaffinityrulesincaseofanHAevent,otherwisetheseVMswillnotberestartedonsurvivinghostsiftheyareoutsideoftheirconfiguredhostgroup.

Hostgroupsareusefulifyouhaveacross-rackorcrossserverroomorevenmetroclusterinuse.TheycanbeusedtoensurethatnotallVMsendupinoneplace.TheycaneasilybeintegratedintovRealizeAutomation,whichwillsavealotoftimeandeffortifthislevelofcontrolisrequired.Mostlythisisdoneforcross-datacenterdeploymentstosupportametrocluster.TherequestorcoulddecidewheretheVMneedstorun(DC1orDC2);vRealizeOrchestratoristhenusingthevSphereAPItoplacetheVMintherighthostaffinitygroup.

Thishostgroupaffinity/anti-affinityisalsooftenusedtoseparateVMsbetweendifferentdatacenterroomsorsections.AllhostsinoneroomorsectionformahostgroupandvRAcanthenusealocationparametertomatchthosegroupsofhosts.

ResourcepoolsResourcepoolsareamajorpartofDRSandhelpDRStoshareanddistributeresourcesamongsthostsinacluster.However,theyareprobablyoneofthemostdiscussedandmisunderstoodconceptsintheentireVMwareecosystem.

Donotuseresourcepoolsasfoldersortostructurethelookandfeelofyourenvironment.EveniftheyarenotconfiguredtheywillfollowtheirfunctionandlimitorenableresourcesforallVMscontained.Also,neverplaceVMsside-by-sidetoaresourcepool,thiswilldegradeperformanceforallVMsundertheresourcepool!

Inacloudenvironment,resourcepoolscanbeusedtoonlyprovideashareofyouravailableinfrastructuretoatenant.However,beawarethatyouhavetouseresourcepoolsforallworkloadsonceyougetstarted,sincehavingVMsoutsideofresourcepools(intherootfolderofthecluster)willleadtoperformanceconstraints.

Generally,itisnotnecessarytouseresourcepoolsforavRealizeCloud,butinabiggerenvironment,itmightbeusefultocarveoutaspecificamountofresources.Thebestpracticesfortheusageofthesefeaturesis:Keepitassimpleaspossibleandonlyascomplexasnecessary.

Therearesomegoodblogsavailabletodiscussthewayresourcepoolsworkingreatdetail.OneofthebestresourcesistheblogofFrankDenneman,hedidabrilliantseriestodescribehowalltheshares,reservationandlimitationfunctionalitiesworktogether.Also,onthetopicofadvancedvSphereHAandhowitworksinharmonywithDRS,DuncanEppinghashisblogcalledYellowBricks,whichisdefinitelywortharead!

Beforeyoudecidetouseresourcepoolsyoushouldmakesurethatyouhaveallinformationrequiredtocreatecrispandfunctionalconfigurations.Also,resourcepoolsneedmaintenancetoo.Ifyourclustergrowsoryourresourceschange,thesechangesneedtobereflectedintheresourcepools.

StorageDRSStorageDRSisnotaslongaroundasDRSitself,butitcanbeseenasoneofthevSphere'sstandardfunctionalities.Basically,itcreatesaDRS-likeautomationacrossVirtualMachineFileSystem(VMFS)datastores.Thoseareaddedtoso-calleddatastoreclustersandeveryVMFSaddedwillbeprovidingmorecapacityandperformancetotheentiredatastorecluster.

Often,ifStorageDRSismentioned,peoplethinkimmediatelyoftheI/Oload-balancingcapabilitiesofthisfunction.Whiletheymightbeanoptiontopreventanoisyneighborproblem,sometimestheycannotbefullyleveragedsincethestoragearraymighthavesimilarfeatures,typicallyreferredtoasauto-tieringordynamictiering.

Oncethearrayhassuchacapability,theStorageDRSI/Oload-balancingmaybedisabled,dependentifthearraywillsupportitornow.WithVASA2.0VMwareaddedthecapabilitytosupportsucharraysandgiveStorageDRSmoreinsightsbeforemigratingworkloadsbasedontheirI/Opattern.Makesureyoustoragevendorissupported;otherwiseitmightleadtoconfusionandadegradedperformance.Ifthevendordoesnotsupportit,itcanbeturnedoffindividually.

PleaserefertoyourstoragevendortofindoutifstorageI/Oload-balancingcanbeenabledevenifthearrayisusingauto-tieringordynamictieringfunctions.

Intheprecedingscreenshot,weseeaStorageDRSconfigurationsettoFullyAutomated.However,theI/ObalanceautomationlevelissettoNoAutomation(ManualMode)toensurethatthissettinggoeswellwiththeusedstoragearray.

AnotherusefulfunctionofStorageDRSclustersistheautoplacementofVirtualMachineDisks

(VMDKs).Basically,assoonasadatastoreclusterischosentohouseaVMDK,itdeterminesthebestfittingdatastoreintermsofIOPsandbalance(numberofVMDKsalreadypresent)toplacethatnewdisk.ThisissimilartotheadmissioncontrolfunctionofDRStodetermineonwhichhostaVMisbesttobepoweredon.

InanSDDCenvironment,whereVMsgetdynamicallyprovisioned,thisisaveryusefulfunctionsincethesystembasicallybalancesthestoragedeploymentitselfanddeterminesthebestdatastoretobeusedforaVMDKplacement.BeforethisfunctionalitywasavailableinvSphere,allthishadtobedoneusingscriptsorworkflows.Enablingitshouldnotonlyprovideatime-savingfactorbutalsoaddsvaluableandpracticalautomationtoyourenvironment.

AnotherimportantfeatureofStorageDRSistheoutofspaceavoidancemovefunctionality.Itisathreshold,whichcanbeconfiguredtomoveVMDKstodifferentdatastoresincasetheoriginaldatastoreisrunningoutoffreespace.ThisshouldavoidthattheVMsareforcedtopause,whichisastandardvSpherebehaviorifdatastoresrunoutofspace.ItwillmovetheVMDKtoadifferentdatastoreinsteadwithenoughfreespacebeforeanimpactmighthappen.Soitcanbeseenlikeapro-activedowntimeprevention,whichisofferedbyStorageDRSoutofthebox.

IntheStorageDRSclusterconfig,thisissetto80%perdefault.Inthatcase,SDRSwilltrytofindanotherdatastoretomovesomeVMsontotofreeupspacebeforeanyimpactwillhitotherVMs.Also,VMevacuationautomationlevelneedstobeenabledforthistotakeeffect.Inthiscase,itisusingtheclustersetting,whichissettoFullyAutomated

TheI/OmetricinclusionfunctionisanotherusefulsettingatanSDRScluster.SettingaSDRSclustertoFullyAutomatedmeansthatitwillapplyrecommendationsimmediately.ThesettingwillprovideinformationaboutthegeneralI/Obehaviorofdatastoresandworkloadsanduseits

findingsforanySDRSrecommendation.ItwillalsopreventadatastorefrombeingfilledwithtoomanyhighprofileI/OVMs.

ItishighlyrecommendedtousetheautoplacementandthespaceavoidancemovefunctionalityinanSDDCenvironment.ThesetwoStorageDRSfeatureswillbasicallyensurethatyourenvironmentstayshealthyandeasethedeploymentofVMsondatastores.

DistributedVirtualSwitchThevSphereDistributedVirtualSwitch(DVS)isensuringthateachandeveryhostinaclusterorevenavCenterishavingthesamenetworkconfigurationaswellasportgroupsettings.Itisalogicallayerwhichensuresthatonceyouaddaportgroupcentrally;allotherhostswillalsohavethesameconfigurationinstantlyavailable.

InanSDDCenvironment,thisisanimportantandtime-savingfunctionwhichalsoensuresacommonconfigurationacrossallhostsinagivencluster/datacenterorvCenter.

Basically,theswitchescanbesetuponavCenterlevelanddifferenthostsfromdifferentclusterscanbeaddedtoeachswitchviatheirphysicaluplinks.ItalsoofferssomeotherhelpfulfunctionalitylikeNetworkI/OControl,whichiscontrollingthepreferenceofspecifictraffictypes,forexample,VirtualMachineTraffic,vMotion,VADP(dataprotection),management,andsoon.

ThisisusefultoensurethattheVirtualMachineTrafficisalwaysgettingpreferredoverotherservicesontheavailablebandwidth,evenifforexample,vMotionisusingahighamountofresourcestomigrateaVM.Itisrecommendedtousethesharestosetthepreference.Althoughitisalsopossibletosetstaticreservations,thesecanalsoharmanenvironment.Shareswillonlykickinoncethereisbandwidthcongestion.Ifthereisnone,anytraffictypecanuseasmuchbandwidthasitneeds.ThisenablesaverydynamicandfairtrafficmanagementonthevSphereDistributedSwitch(VDS).

Reservationswillbedeductedfromtheoverallbandwidth,evenifthereisnocongestion.Thismeansotherserviceswillnotbeabletousethereservedbandwidth,evenifthetraffictypeholdingareservationisnotfullyutilizingit.Thisprincipleisverysimilartoresourcereservationsandsharesmanagementforcomputing.

NetworkI/OControlisonlyavailablewiththeDVS.

NetworksharesinNICworksimilartocomputesharesinresourcepoolsorVMs.Theywillonlyenforceifthereiscongestiononthenetwork.Thisiswhysharesarethebettertoolstopreventcongestion.Ifthereisnone,theywillnotenforceanyprotocoltoslowdown.

Inthisexample,thereare500sharesfortheentirenetworkavailable.AllESXibasedtraffictypesgot50shares,whiletheVMtraffictypegot100.Thismeansthatinthecaseofcongestion,500Mbit(1/5th)ofthebandwidthwillbeavailableexclusivelytotheVMtraffic.Iftheothertraffictypesarenotusedinyourenvironment,youcansettheirsharestozero,butrememberthatthischangestheoveralloutcomeofallothertraffictypesaswell.

IfwesetVSANandiSCSIto0,wewouldenduphaving400sharesforthewholesystem,sowepromotedeveryotherprotocolmorebandwidthincaseofacongestion.OurVMtraffictypecannowuseupto750Mbit(1/4th)oftheoverallbandwidth.However,justtobeclear,ifyouuseVSANoriSCSIitmightnotbewisetosettheirsharessimplytozero.Thewholeideaistobalancewisely,sobecarefulwhenchangingthesesettings!

Donotmisinterpretsharesassomekindofmaximumsettings.Ifthereisnocongestion,eachtraffictypecanconsumeasmuchbandwidthasavailable.However,ifvMotionwouldsaturatetheentireconnection,shareswillkickinandprovidefairnessoftraffictypes.

OftenmultipleDVSareusedinanenvironment,toseparatethemanagementnetworkswitchfromthepayloadnetworkswitch.ThisisalsodonetopreventhumanerrorsinceallportgroupsofaDVScanbeseenonanyparticipatingvSpherehost.However,thisisdependentonyourchosenvSpheredesignandgoodpractice.Buttypically,organizationstendtoruntheirownDVSformanagement,separatedfromtheonerunningallpayloadVMs.

ForanSDDCenvironment,theDVSisveryvaluablesinceitcanbeeasilyextendedtoaddedhosts.Also,itcanspanmultipleclustersanddatacentersinvCenter.SincetheDVSisrunningatthevCenterlevel,itisaveryversatileandeasytomaintainvirtualnetworkswitch.Givenanautomateddatacentermightbeextendedmoreoftenasatraditionaldatacenters,thiscanbeatimesaveraswellasagoodpracticeforautomationandstandardization.

Also,ifNSXisanoption,aVDSisaprerequisiteforanynetworkvirtualization.

HostProfilesVMwareHostProfilesareaconfigurationtemplateforvSpherehosts.TheprincipleistoconfigureabaselinehostandthenusethishosttocreateaHostProfilefromitssettings.TheseprofilescanbeattachedtoeitheranyindividualESXihostortoacluster.

Thisfunctionalityeasestheprocessofaddingresourcestoacluster.Assoonasthehostwillbeputintotheclusteritwillrunacompliancecheck.Afterthat,thehostcanbebroughtintomaintenancemodetoremediatetheHostProfile,whichwillsetalltheconfigurationchangesaccordingtothebaselinehost.

HostProfilesareagreatwaytokeepacommonconfigurationforallESXiHostsinavCenter.Theirusewillenhancetheflexibilityaswellasthescalabilityoftheenvironment.

Ifachangedconfigurationneedstobepushedtoallhostsinanenvironment(DNSchange,networksettings,andsoon)thiscaneasilybeaccomplishedbycreatingoreditingaHostProfile.

HostProfilesarealsoenablinganothervSpherefeature,whichiscalledAutoDeploy.AutoDeployisaservice,whichcaninstallandsetupvSpherehostsautomaticallyoncetheyboot.ItcaneitherfullyinstallESXionthelocaldisk/USBstick/SDcard,oritcandoafullnetworkbootofESXi.Inthecaseofthenetworkboot,HostProfilesareneededtoensurethehostisreadyandfullyconfiguredonceitisupandrunning.Sinceeveryrebootmakesthehostafreshinstall,HostProfilesarerequiredtoensureallconnectionandclusterinformationareavailabletotheHost.

AutoDeployistypicallyusedinaverylargeenvironmenttosupportrapidscalabilityandgrowthofthedatacenter.InanSDDCitcanbeusefultomaketheadd-onofahostassimpleandstandardizedaspossible.

vSphereconfigurationconsiderationsTheSDDCwillinfluencethewayyoumightconfigureandsetupvSphereinadatacenter.WhileanyvSphereenvironmentcanbethebaseforanSDDC,itmightmakesensetorevisitsomeofitssettingsandmakethemfitfortheSDDC.Basically,therearetwomajorapproachestothinkabout:

ThemanagementclusterandallthemanagementrelevantVMsandapplicationsTheenvironmentrunningallyourproduction/developmentortestVMsoftenreferredtoaspayload

Bothconfigurationsareimportantandneedtobewellthoughtthrough.InaclassicvSphereonlyenvironment,theneedofamanagementclustermightbenotasstrongasinanSDDCenvironment,sinceallitrunsisvCenterandmaybesomevirtualdesktopmanagers(ifapplicable).SoitcanoftenberunonsmallvSpherehostswithalow-performanceconfiguration.IfyouaddmonitoringlikevRealizeOperationsandLogInsighttheperformancerequirementsofthisclusterwillrisesincethesetwotoolswillrequireintensememoryandCPUpowertoservemediumorlargeenvironments.

SeparatemanagementclusterThisisageneralrecommendationfromVMware.EverybiggervSphereenvironmentshouldhaveitsseparatedmanagerclusterwhereallmanagementVMsareinstalledonto.InanSDDCenvironment,alltherequiredtoolstoruntheSDDCwillbeaddedintothemanagementclusteraswell.Therefore,itisimportanttoplanaccordinglyandprovideitwithallnecessaryresources.

SotherequirementsofyourmanagementclusterwillchangedramaticallyinanSDDC.IfyoualsointendtoaddNSXtothepicture,youneedtoruntheNSXmanageraswellasthinkaboutaseparateNSXEdgecluster.

HereisalistofVMsyouwillhavetofitinyourmanagementclusterforamediumsizeSDDCinstallation:

2xvRealizeAutomationappliance2xDEMworkerforvRealizeAutomation2xIaaSserverforvRealizeAutomation1x(or2x)vRealizeOrchestrator1x(or2x)vRealizeOperationsManager1x(or2x)vRealizeLogInsight1xvRealizeBusinessforCloud1xNSXManager(ifapplicable)3xNSXcontrollernodes1xvRealizeCodeStream(ifapplicable)1xvCenterserver

ThismeansthatyourSDDCmanagementserverwillhaveatleast16managementserverswithdifferentresourceandperformancerequirementstohost.SomeoftheseservicesrequireextensiveresourcessuchasdiskspaceorheavyCPUandmemoryworkloads.EspeciallyvRealizeOperationsandvRealizeLogInsightcaneasilyconsumeacoupleofterabyteofstorageandrequirehigh-performanceCPUandmemoryconfigurations.

Becauseofthisaddedduties,themanagementclustergetsmoreimportantandthereforeneedswellthoughtthroughhighavailabilitysettings.vSphereHAshouldbeconfiguredtoprotectallnecessaryVMstorunandmanageyourSDDC.However,keepinmindthatothermanagementserverscanrunonthisclusteraswell.ItisnotexclusivelyreservedforVMwareproducts.

Ifyouplantointroduceacampusormetroclustersetupwithsharedstoragebetweentwodatacenters,thisconceptneedstobeextendedtothemanagementclusteraswell.ThismightbelessimportantinapurevSphereenvironment,butfortheSDDCitisimperativetomakesuretheportalishighavailableandreachable.JustkeepinmindthatallconsumerswillhavetogothroughtheportaltomanagetheirVMsandotherorderedobjects.Iftheportalisdown,theyhavenooptiontointeractwiththeirinstallation.

AnotherimportantpointhereistheHARestartPriority.TheSDDCcomponentsmayrequireaspecialrestartorderafteranoutage.Otherwise,theymightbeupbuttheportalisnotrunning

becauseofmissingconnectionrequirements.Inthefollowingscreenshot,youwillfindasamplehowtoconfiguretherestartpriorityforanSDDCmanagementcluster:

Obviously,vCenterisalsoimportanttobeupandrunningasoneofthefirstVMs,butthatshouldbeagiveninanyenvironment.Besidesthat,thelogicforthisstartuppriorityisthefollowing:

1. StartvRealizeAutomationportalandDistributedExecutionMangers(DEM)firsttobringuptheportalandgeneralfunctionality.

2. StartvRealizeLogInsightwiththesamepriorityincaseslogsneedstobeanalyzed.3. StartupvRealizeOrchestratortomakesurethatanyadditionalworkflowsortheXaaS

componentscanwork.OrchestratorcanstartandregisteritselffineifvRAisalreadyrunning.

4. StartupvRealizeOperationsandvRealizeBusinesstorestorecapacityandanalyticsmonitoringaswellaschargebackandshowbackfunctionalities.

Inthecaseoftwodatacentersandastretchedmanagementcluster,itmightbeveryhelpfultosetanaffinityruletohaveallcomponentsrunninginthesamedatacenter.Thiswillpreventrandomoutagesincaseoneofthedatacentersiteshasanissue.However,ifyouuseaclusteredvRAsetup(aswellasothercomponents)makesurethateachsiterunsoneinstanceofit,insteadofhavingbothononesite!

ManagementclusterresourceconsiderationsItisstronglyrecommendedtohaveatleastthreehostsinyourmanagementcluster.Ifyouareusingacampusormetroclustersetup,makesurethatyouusehostgroupsandVMgroupstodistributetheVMsacrossbothsitesaccordingly.Threehostsareimportanttoalsocovermaintenanceevents.IfvSphereupgradesneedtobeapplied,thehostoftenneedstoberestartedoratleastbroughtintomaintenancemode.Duringthesetimesyourclusterresiliencyisdiminished.Ifyouwouldonlyhavetwohosts,thismeansthattherearenoresourcesleftincaseofafailedoftheotherhost.Therefore,itisstronglyrecommendedtohaveatleasta2+1configurationinplace.However,inanNSXusecase,themanagementclusterneedstohaveatleast6hosts(3persite)inordertohousetheadditionalrequiredNSXcontrollers(3persite,oneperhost).

SeparatemanagementVDS

Besidestheseparatemanagementcluster,itmightbeusefultoalsocreateaseparatemanagementVDS.Oneofthereasonstodothisistolimitthefailuredomain.

AVDSisnothingmorethanasoftwarecomponenttogiveaccesstothephysicalNetworkInterfaceCard(NIC)ofavSpherehost.Thisisdonebycreatingfailover(NICteaming)configurationsaswellasthroughaddingso-calledportgroups.Butsuchaswitchalsorepresentsitsownfailuredomain,whichmeansincasesomethingisgoingwrongwiththisVDS,itwillonlyaffectthemanagementcluster.Limitingyourfailuredomainisapassivemovewhichwillenhanceyouroverallresiliency.

Anotherreasonisoftentoaddsecurity.SinceallportgroupsinaVDScanbeusedonallparticipatingESXihosts,itmightbepossibletoaccidentallyaddaVMinthewrongportgroup.Ifthisportgroupispartoftheoverallmanagementnetwork-severeharmcouldbedonebyaccessingthisnetwork.TopreventthissituationaseparatemanagementVDShelpstologicallyseparatealltheproductionnetworksfromthemanagementnetworks.Basically,itcanalsoallbedonewithonesingleVDS,butsomeorganizationsmayrestrictthisduetosecurityregulationsandforcetohaveaseparationofVDS.

ThepayloadclusterThemainprincipleofanSDDCistoshareworkloadsonageneralpurposeinfrastructure.Thisisdonebyusinglogicalsoftwareconstructstocreatetheimpressionthataselectareaisprovidingresourcesfordeployedapplication.Typically,thiscanbedonebyeithercreatingownclusterstohostdifferentusecases,orbycreatingresourcepoolstocarveoutresourcesandperformancefromabiggercluster.

vSphereprovideshighflexibilityinwhattechniquetouse,buttherearedifferences,prosandconswitheachapproach.

TheresourcepoolapproachResourcepoolsareoneoptioninvSpheretoreserveandlimitresources.TheyalsooffersharestoensureafairprioritizationofCPUandmemory.Resourcepoolscanbeusedtocreateatieringapproachfordifferentworkloads.Theycanalsobeusedtoseparateworkloadclassesfromeachother.Someorganizationsuseresourcepoolstoseparatetest/devfromproductionworkloads.Theresourcepoolsactasaresourcebrokerandensurethateachclassgetstheresourcesitdemands.However,ifoneclassisexceedingitsresourcerequirements,theycanensurethattheotherclassstillgetstherequiredresources.

InanSDDCtheycanbeusedasareservation(ormultiplereservations)foratenant.Meaningallworkloadsofthattenantwillbedeployedinthesespecificresourcepools.

Althoughtheycanalsobeconfiguredtosetalimit,thislimitwouldbepermanent.Thismeansthateveniftheresourcesmightbeavailable,thelimitwillpreventallVMsintheresourcepooltoconsumemorethantheallowedresources.ThisisnottobeunderestimatedsinceamemorylimitinaresourcepoolcanleadtoVMsswappingouttheirmemorypagessincethereisnomoreRAMavailable.ACPUlimitcanleadtotheartificialslowdownoftheVMtoensuretheboundaryiskept.Thisisaveryforcefulwaytoensurethatanenvironmentisstayinginitsboundaries.

Resourceshapingshouldbedonebyusingshareswithinresourcepools.Thiswaygrantsthattheresourcepoolwillprovidethenecessaryresourcesincaseofcongestionbyusingtheshares.Ifthereisnocongestion,theVMscanusemoreresourcesthanthepoolisconfiguredfor.Assoonasthisconflictswithanotherresourcepoolinthesystem,thesharesareusedtodeterminetheprioritiesofthepools/VMstogettoresources.

Thisgrantsthat,ifthereisnocongestioninthesystem,VMscanuseasmanyresourcesasavailable.Ifthereiscongestion,thesharesensurethatthedifferentclassesgetexactlyasmanyresourcesasconfiguredintheresourcepool.Thismeansthatsharesofferamuchmoreflexiblewayofresourcemanagementthanlimits.

However,thesesharesneedtobeadjustedifyouaddaresourcepooltothecluster.Youshouldcomeupwithaformulatoaddsharestoapoolbasedonwhatitshoulddeliver.

Asimpleexamplemightbe:

Development=30%ofclusterresourcesTest=10%ofclusterresourcesProduction=60%ofclusterresources

Sinceyoucandefinesharesyourself,theycanbeeasilyusedtorepresentthesevalues.Tofurtheraddtothisexample,thefollowingsharesmightbeadded:

Development=3sharespervCPU/GBmemory(morevCPUsmeansmoresharestoadd)Test=1sharepervCPU/GBofmemory

Production=6sharespervCPU/GBofmemory

Somepeoplesimplyaddastaticnumberofsharestoaresourcepool,butthatcanleadtotheopposite,performancedegrade.Let'slookatanexampleofstaticsharesinpools:

Pooltesthas1000sharesandhouses50VMsPoolproductionhas6000sharesandhouses600VMs

Firstglanceseemsthatproductionhasmuchmoreresources(shares)availablethantest.ButifyoubreakitdowntotheVMlevel,atestVMgets20shares,aproductionVMgetsonly10shares.

Thismeansthatinacongestionevent,testVMsgettwiceasoftenaccesstoresourcesthanproductionVMs.

Thisisanimportantprincipletounderstand.Byapplyingtheeasypercentageapproach,thesharesperresourcepoolmustbecalculatedonaperVMlevel.IfyouaddVMstoaresourcepool,alsothenumberofshareshastobechanged,everytime!

Thisismaybeoneofthedownsidesofresourcepools,theyareflexibleandagile,buttheyneedtobeconfiguredaccurately.Thisisalsooneofthemainreasonswhyitisveryharmfultousethemasafolderstructure,evenifyouneverconfiguretheirshares,theywillforceVMstoaligntotheirconfiguration.TypicallythiscaneitherbedonebyusingvRealizeOrchestratororbyusingvSpherePowerCLIscriptswhicharecheckingandchangingsharesperpoolonaregular(hourly/daily)basis.

Prosandcons:

+DynamicandagileapproachtograntresourcestoVMs+Easyworkswithmultipleclustersizes+Nowastedcapacity-NeedscontinuousadoptionifnewVMsareadded-Needswell-structuredresourcetieringmodel-Needsadditionalautomation

TheclusterapproachPoolingresourcesacrossyourdatacentercanalsobedonebyputtingcertainworkloadsoncertainclusters.Ifyourenvironmentisbigenoughthismightbeanattractivewaytoensurethatdifferenttiersofworkloadsdonotaffectothertiers.Also,thisapproachisveryattractivefromalicensingperspective.Similarsoftwaremightbelicensedmoreeffectivelywhenrunningonthesamecluster.Inthiscase,thissetupisverycommon.

Typicallythisisdonebycreatingtierbasedclusterssuchastest,dev,orproduction.Eachclusterrepresentsoneworkloadclass/tierandwillonlyhosttherespectivetier.ThisiseasytohandlesinceyouphysicallyseparatetheworkloadsbylettingthemrunondistinctvSpherehosts.InanSDDCenvironment,atenantcanhaveoneormultipleclustersasareservation.Workloadsdeployedbythattenantwillthenalwaysendinoneoftheseclusters.

Basically,theclustercanbeseenasgiantresourcepools,thedifferenceisthatthereisnoneedtoconfigureanysharesorresourcereservation.

However,keepinmindthateachclustermustmeetallresiliencyandavailabilityrequirements.Ifthisexampleisusedinacampusormetroclusterenvironment,youneedenoughhoststodistributeacrossbothsides.Theminimalconfigurationforeachclusterissimilartothemanagementclusterrequirements:2+1.Otherwise,youcan'tensureresiliencyduringmaintenancewindows.Ofcourse,thismightbedonedifferentlyintestanddevenvironments.Inthiscase,atwo-nodeclustermightbeacceptableinordertoactintheinterestofbudget.However,keepinmindthattheresiliencyisdiminishedwiththissetup.Ifthetestordevclustersserveaproductionpurpose(can'tworkproductivelywithouttheseenvironments)thethree-nodesetupmightbemoreappropriate.

Thisimpliesthateachofyourtiersisrunningontheirveryowncluster.Sointhetest/dev/productionexample,oneclusterisneededforeachgroup.Soevenifyoustartsmall,youwouldneedatleastnineESXihost,tobeginwith.Thisisoneofthedownsidesoftheclusterapproach;itrequiresmoreresourcesthantheresourcepoolshaping.Also,keepinmindthatyouneedtomapdifferentVMFSvolumestoadifferentclustertostaywithinVMware'sbestpractices.Soitwillalsoincreaseyourstoragemappingeffortaswellasyouroverallstorageconsumption.Typicallythisapproachischosenforlargeenvironments,wherehundredsorthousandsofVMsrunintheselecttier.Inthiscase,itmightmakealotofsensetouseseparateclusters.Butinasmallerenvironment,itsimplyisn'tmuchcostattractive.

Prosandcons:

+Easyapproachtoclassifyusinghardwareresources+Goodandeasyscalabilitysincenochangesneedtobemade-Possiblewasteofresources,licenses,andthereforecost.-Needswell-structuredresourcetieringmodel-Eachtierneedsitsowncluster

BothoptionsworkwellwithvRealizeAutomation.Intheend,itisuptotherequirementsyouhavetofulfillwhichwayismoreappealingtoyou.Intermsofscalability,bothoptionsscaleverywell.Thebiggestdifferenceisthoughthattheresourcepooloptionscalesbeginningwith3hostsfor3tiers.

ItscalesdynamicandefficientlyasyouaddhostsifyoualwayschangetheresourcepoolsettingstoaccommodatenewVMsandresources.

Theclusteroptionscalesbeginningwith9hostsfor3tiers,soitaddedthreetimesthecost.Youscaletheindividualtiersbyaddinghoststotheirclusterswithoutanychangeortasktocomplete.

BothoptionscanscaleverywelluptoVMwareprovidedmaximumsforvSphere

vSphere6.0scaleseasilyupto64hostsperclusterand10,000VMsaswellas1,000hostspervCenter

StoragePolicyBasedManagementStoragePolicyBasedManagement(SPBM)isrelativelynewtothevSphereworld.ItgotintroducedwithvSphere5.0andhasbeenquiteenhancedsincethen.ThebasicprincipleofSPBMistomanagethestorageinformofVMFSdatastoresbasedonprecreatedpoliciesinsteadoftryingtofigureouttheirfunctionbytheirname.

Typically,organizationspickedadistinctnameschemetoapplytothedatastorestoidentifytheircapabilities.Suchanamecouldlooklike:

S1PDR040

ThisisacodetoidentifywhatthisVMFSdatastorehastooffer.Translateditmeans:

S1=site1P=productionDR=disasterrecovery/replicateddatastore040=LUNIDtoidentifyinESXi/storagesystem

AlltheadminshavetoknowallthisabbreviationsandcodestoquicklyidentifywhereaVMshouldbedeployed.WhileStorageDRSaddsonesimplificationforthatsinceallVMFSofakindandsitecouldbeputtogetherinabigstoragecluster,SPBMaddsanothersolution.ItcancreatestoragepoliciesandmatchVMFSdatastoresordatastoreclusterstowardthatpolicies.

TheinterestingthingwithSPBMis,theycanbeappliedonaperVMDKlevel.SoeachdiskofaVMcanhaveitsveryownstoragepolicyattached.InsteadoftryingtodecryptcomplexdatastorenamesalltheadminhastodoknowispickingthefittingpolicypertheVMDKandthecompatibledatastorewillbeshowninthedeploymentwizard.

Foramanualdeploymentthatisatimesaverandalsopreventsdeploymentserrors(wrongdatastorepickedbecauseoflostintranslationissue).

InanSDDCwherestoragetieringmightbearequirement,thisfunctionalityisnotjustnicetohave,itisamuch-neededfunctionality.

SPBMdefinitionSPBMscanbedefinedinvariousways.ThisdescriptionishighlightingtwoeasytomaintainwaystocreatestoragepoliciestobeusedineithervSphereorvRealizeAutomationfortieringpurposes.ThisisoneofvSphereintegratedautomationfunctionalitieswhichshouldnotbeunderestimatedforanSDDCsinceitaddedvaluablefeatureswithoutmuchefforttoconfigure.

StaticSPBMconfiguration

Inthisconfiguration,youcanselectthedatastoreswhichshouldbecompatiblewiththepolicybasedontags.Thesetagshavetobeaddedtothedatastoresbeforeyoucancreatethepolicy.ToaddatagtoaVMFSdatastore:

1. ClickonHomeinthevCenterWebClient.2. GototheStorageoverviewinvCenterWebClient.3. Right-clickonthedatastoreyouwanttoaddthetagtoandselectAssignTag.4. Ifnotagsareavailableclickonthenewtagsigntocreateanewtag.5. Createanewtagcategoryifneeded(forexample,Storage).6. Selectthenewlycreatedtagtoassignittothedatastore.

Inourpreviousexample,tagscanbe:

ProductionReplicatedPerformanceclass(Gold,Platinum,Ultra)

ThesetagscaneitherbeassignedtoindividualVMFSdatastoreortoanentiredatastorecluster.Afteryoutaggedallyourdatastoresyoucanusethistagsinthestoragepoliciestomatchtheirrequirements.

Inourcase,thatwouldbeastoragepolicycalledProductionwhichrequiresthetags,Replicated,Production,andUltra.Tocreatethispolicy,dothefollowingtasks:

1. ClickonHomeinthevCenterWebClient.2. Intheoverviewscreen,clickonVMStoragePolicies.3. ClickontheCreateanewVMstoragepolicyiconattopleft.4. Giveitanameandadescription.5. Under2aRule-Set1selectAddtag-basedrule....6. Addallrequiredtagstothepolicy.7. Provideavaliddescriptionwhatthispolicyisincluding.8. Checkthecompatibledatastoresintheoverview.9. ClickFinish.

Youjustcreatedavalidstoragepolicybasedontags.IfthispolicyisselectedwithaVMdeployment,itwillonlyshowcompatibleVMFSdatastoresfortheVMdeployment.

DynamicSPBMconfiguration

Besides,theSPBMconfigurationbasedontagsthiscanalsobedoneonlivearraydata.Thisbringstheadvantagethatthestoragepolicycanbecreatedbasedoncapabilitiesdeliveredbythestoragearray.ItcouldincluderequirementssuchasMaxLatencyorMaxIOPsbasedonrealdataprovidedbythearray.

Tomakethisworkyouneedtoinstallaso-calledvSphereAPIforStorageAwareness(VASA)providerfromyourarrayvendor.Eachvendorhastheirownprovider,typicallytheyareeitheravApptodownload,ortheyarealreadyrunningononeofthearraycontrollers.Inanycase,youneedtoconnectvCentertotheVASAproviderbeforeyoucancreatesuchadynamicstoragepolicy.

FollowthesestepstoenabletheVASAproviderinvCenter:

1. GotothetreeviewinvCenter.2. ClickonvCenteratthetop.3. SelecttheStorageProvidertabonthefarrightinthemainwindow.4. Clicktheaddicon(green+)toconnecttoyourvendorsVASAprovider.

5. ClickOKandsavetheconnection.

Makesuretheconnectionisworking.DetailsonhowtoconnecttotheVASAprovidermayvarypervendor.

OnceyouhaveconfiguredyourstoragevendorsVASAprovider,youcanbegincreatingastorageprofilebasedonactualstoragecapabilities.Theconfigurationissimilartotheonewiththetags,exceptthatyounowcanselecttheVASAproviderasadatasource:

1. ClickonHomeinthevCenterWebClient.2. Ontheoverviewscreen,clickonVMStoragePolicies.3. ClickontheCreateanewVMstoragepolicyiconattopleft.4. Giveitanameandadescription.5. Under2aRule-Set1selectAddtag-basedrule....6. Addallrequiredtagstothepolicy.7. Provideavaliddescriptionwhatthispolicyisincluding.8. Checkthecompatibledatastoresintheoverview.9. ClickFinish.

Done,youjustcreatedastoragepolicybasedonstoragecapabilities.ThebeautyofthisisthattheVASAproviderandSPBMwillautomaticallydetectcompatibleVMFSvolumes/LUNs.

InvRealizeAutomation7,thesepoliciescanbeleveragedinIaaSblueprintsorevenselectedwhileorderingaVM.Inthiscase,theVMwillonlybedeployedontothepolicycompatibleVMFSvolumes.BeforeSPBMwasbuiltintovSphereandvRA;theserequirementscouldonlyberealizedbasedoncomplexvRealizeOrchestratorworkflowsoftencustomcreatedforeachscenario.

Now,thisfunctionalitycanbesimplypreconfiguredinvSphereandleveragedinvRA.ThissimplifiestheimplementationoftheSDDCalotandgrantsthateachVMisrunningontherightstoragetier.

IntegratedvSphereautomationvSpherealreadycomeswithveryrichandbuilt-inautomationfunctionality.Initially,allthiswasaddedtomaketheadministratorsliveseasier.UltimatelyitwasmeanttoeasethedailyoperationofmediumandlargevSpheredeployments.Overtime,theSDDCevolvedandbroughtupnewpossibilitiestodeployworkloadsinavSphereenvironment.

WiththisnewpossibilityalsorequirementsareraisedregardingbasicSLAsliketiering,performanceclasses,security,andsoon.

FortheSDDC,thefeatureswhichmadethevSphereadministratorsliveeasierhavebecomeahugetimesaverforanySDDCdeployment.ThinkabouttheeffortsavingsyougetbyusingallofthisautomationvSphereprovidesperdefault.

Thesefunctionalitiescansaveweeksofcustomworkflowscriptingorimplementationwork.JustrememberthatVMware'sengineersspentafairamountoftimedevelopingalltheirfunctionalitytoblendinperfectlyinthevSphereenvironment.DRS,StorageDRS,vMotion,HA,SPBMworktogetherinperfectunisontomakeagoodvSphereenvironmentaperfectbaseinstallationfortheSDDC.

ItisimportanttoleveragethealreadyintegratedautomationfeaturesvSpherebringswithit'soutoftheboxfunctionalities.AllfunctionswhichcanbeconfiguredandusedinvSphereareahugetimesaverfortheSDDCsincetheydonothavetobecreatedandprogrammedinvRealizeOrchestratorwithbigefforts.

DRSandStorageDRSisjustonebigexampleofmakingmaintenanceandinitialplacementofVMsanautomatedtaskofvSphere.Withoutthisfunctionality,itwouldrequirequiteanefforttoplaceVMsortosupporthostmaintenance.SincevMotiontakescareofevacuatingVMsfromhostsplannedformaintenancemode,thisistransparenttotheSDDCandthereforealsototheenduseroftheservice.

StorageDRSisagoodhelperinpreventingunplanneddowntimebyusingtheoutofspaceavoidancemovefunctionality;thisisnotjustanicefeature,itcanbealivesaver.Besidesthat,italsotakescareofplacingVMsontotherightdatastoreoutofadatastorecluster.ThisisanotherfunctionalitywhichhasnotbeenavailableinthepastandthereforecreatedquiteaneffortinvRealizeOrchestrator(orwithPowerShellscripts)tochoosetherightdatastoreforaVMtobedeployedonto.

Finally,resourcepoolsprovideagreatoptiontoshapetheenvironmentinthemostefficientwaybutneedsomeattentionontheirown.Ifyouarenotcompletelysurethatyourresourcepooldesignisexactlydoingwhatyouwantittodo,reviewitorthinkofchangingtotheclustershapingapproach.Resourcepoolscanbequiteacomplextopic,thatisalsowhyDuncanEppingandFrankDennemancreatedacompleteseriesofbooksaboutvSphereHAandDRS.ThisisahighlyrecommendedreadifyouwanttolearnallthedetailsaboutvSphereresourcepoolsand

howtheywork.

AllvSphereautomationfunctionalityshouldbetakenintoaccounttoease

BestpracticesandrecommendationsAhealthyandwellconfiguredvSphereenvironmentisaperfectbaseforanySDDCinstallation.Checkyourenvironmentandseeifyoucaneitheraddtheautomationfeaturesdiscussedorenhanceyourcurrentuseofthem.InanSDDCthereisnottoomuchspaceformanualtasks,thereforeanythingwhichcanbesolvedwithautomationandisrequiredfortheSDDCtoworkprobablyshouldbeconsidered.

SpendenoughtimetoevaluateyourvSphereenvironmentifitisactuallyreadyforcloud.Ifyouidentifymanualtasksorverystaticsettingswhicharecomplextoreplicateonaddedhosts,trytosolvethesebyusingtheprovidedtoolsetofvSphere.ItisimportanttoidentifyroadblocksbeforetheyaregettingdeadendsinanSDDCdeployment.

AnSDDCisaboutenhancingagilityinyourdatacenterandfulfillingyourbusinessesITdemandsinaquickandstraightforwardway.Itwillneedsomecustomizationforintegrationintothird-partymanagementtoolsinyourdatacenter.ButthiseffortshouldnotbespentonvSphereintegration.

BeforeyouidentifyataskwhichmightneedtobecustomizedinvRealizeOrchestrator,thinktwiceifthiscanbefulfilledwithstandardvCenterfunctionality.

Savinglicensecostbysacrificingsomeofthisfeaturesisactuallyratherburningcostthansavingit.Theproblemis,evenifyoufindaquickwayandreproducesomeofthesefeaturesinvRealizeOrchestrator,everytimeyouchangeathinginyourenvironmentyouhavetorecheckifyourvSphereOrchestratorworkflowisstillworking.ThismaybecomeahugeeffortandtimefactorwhileoperatingyourSDDC.

Thisiswhyusingbuilt-invSphereautomationisoneofthemostimportantbestpracticestofollowwhenpreparingyourenvironmentforinstallinganSDDC.

SummaryInthischapter,wediscussedthemainprinciplesofbuildinvSphereautomationandsomeofitsadvancedfeatures.FrombasicHAandresiliencytopics,allthewaytovSphereintegratedresourceshapingoptionsarevalidfunctionsfortheSDDC.ByleveragingalltheseincludedfunctionsinvSphereandbyensuringthatyourclustersaremeetingHAandresiliencystandardsthiswillformahealthyandcapableinfrastructurelayerforyourSDDC.

ThenextchapterwillhighlightSDDCdesignconsiderationstotakeintoaccount.ItwilldiscussthetoolsrequiredfortheSDDCbasedontherequirements.Furthermore,itwillhelpyoutomapbusinessrequirementstoactualSDDCdesignelementsandtoformproperdecisionswhichtoolsarerequired.ItwilltouchallcomponentsrequiredforanSDDCaswellascomponentstoenhancetheSDDCpossibilities.Also,itwillguideyoutobasicdesignprincipleswhichincludeassumptions,risksaswellasconstraintsyouhavetotakeintoaccount.

Chapter4.SDDCDesignConsiderationsIfyouhaveneverdoneanydesignbefore,thischaptershouldgiveyouagoodstartingpointandsomeusefulinsightsaboutwhatisgoodandprovenpractice.Itwilltalkaboutthebasicprinciplesyouwanttoputintoyourdesignaswellashowtodocumentanyassumptionsconstraintsandlimitations.

ThedesignisprobablyoneofthemostimportantthingsinanySDDCimplementation.However,thedesignitselfwillbeformedoutoftheactualrequirementsandbusinesscases.ThisisoneofthereasonswhyabusinesscaseoratleastausecaseforanSDDCisveryimportant.

TheusecaseorbusinesscasewillinfluencethewaytheSDDCisconfiguredandshaped,thereforeyoushouldputasmucheffortindocumentingthebusinessandusecases,asincreatingtheinitialSDDCdesignitself.

Anotherimportanttaskisthetranslationfromabusinesscaseintoafunctionaldesignaswellashowanytechnicalrequirementsaredirectlyorindirectlyrelatedtoabusinesscase.

Besidesthespecificusecasemapping,theSDDCneedstobeversatile,scalable,andcapableforfutureundertakings.Thereshouldberoomforadditionalfunctionalitiesaswellasroomforaddingresourcesasneededforthefuture.Intheend,anautomateddatacenterneedstoscaletransparentlyfromtheuser'spointofview.Therefore,itneedsalsotobedesignedtoscaleeasilyandunnoticedforanyportalusersorprogrammaticconsumptionusingitsAPI.

Thischapterwillcoverthefollowingpoints:

BusinessneedsandthedesignequivalentGenerallogicaldesignprinciplesBestpracticesontakingassumptionsScalabilityoftheenvironmentDo'sanddon'tswhendesigningautomationExampledesignconsiderationsWhatmustorwhatcanbeinthedesign

ThebusinessusecaseThisisalsooftenreferredtoasbusinessusecaseandshoulddescribeanITneedfromabusinessperspective.Manyorganizationshavesuchcases,butsomelackoftranslatingthemintoITneeds.Sometimes,thereissimplynocommunicationbetweenthelinesofbusinessandtheIT.Thisoftenendsinabadrelationshipbetweenthosetwodepartments.OftenthebusinessthinksITistooslow,complexandancienttounderstandtheirneedsanddeliverwhattheyaskfor.Ontheotherhand,theIToftengetsjustafractionoftheproblem,butthenithasalreadyescalatedafewtimesandnowonlycomplaintsreachtheITdepartment.

SinceasuccessfulSDDCisaboutcommunication(people,processes,technology)itisimportanttounderstandthebusinessneedsofanorganizationtocreateasolutionwhichiscapableofsupportingthemandevengivethemanadvantageoverthecompetition.ThefirststepofcreatingyourSDDCdesignistodocumentandquestionthatbusinessneed.Thenyoucantranslateitintoatechnicaldesignandimplementit,therefore.

Let'sdoasamplebusinesscasejusttogiveyouanimpressionwhattheflowofthistranslationmightlooklike.

ThebusinesschallengeXYZCorpisawell-knowninsurancecompany.Theyarearoundforquitesometimewithanestablishedandbroadcustomerbase.Theirservicesarebasedonpersonalcontactwiththeircustomersaswellaswell-trainedandexperiencedemployees.Sinceafewmonths,anothercompanyistakingtheirbusinessawaybyapproachingtheircustomersandmakingthemchangeovertothem.Ithasbeenidentifiedthatthisnewcompanyoffersarichmobileapplicationaswellassomeadd-onservicesXYZhasnotbeenconsideredyet.

Theapplicationfromthecompetitorcollectsallinsurancereportsandcanidentifyandalertitstermination.Also,itcanidentifyduplicatecontractsandthereforesavemoneyfortheclients.Allthisisincludedforfreeinthismobileapp.

TheCIOchallengeTheyidentifiedthisasarisktolosemorecustomersandinstructedtheirchiefinformationofficer(CIO)tofindasolutionandcomeupwiththeirownappincludingthefunctionalityofthecompetitor.TheCIOstasknowistofindoutifandhowtheITdepartmentcandeliverthisask.Basedontheirlastmeeting,theyusevirtualizationforquickVMdeployment.However,alltheseactionsaredonemanually.Theinstallationofservicesishandledbyadifferentdepartmentandthenthereistheoperationsunitwhorunsallproductionservices.Alloverallittakesthemalittlemorethan1-5monthstobringanewwebserverfarmup.Nottospeakaboutchangingthecapacityofarunningwebserverfarmandincorporatingallthevarioussecurityandregulatoryrestrictions.

Thisisnotanunusualusecase,althoughmanyorganizationmighthavetheirownapp,notallareusingitasastrategicassettoactivelyattractcustomers.Therearevariousreasonswhythismightbecomplex,butintheend,thereisalwayssomeonewhohasdoneitandearnsallthecustomercreditwiththat.

Now,thetaskfortheCIOandhisteamistomatchthebusinessrequirementtoatechnicalrequirement/ITdeliverable.Therefore,theimportantbitsmustbeextractedandtechnicallytranslated:

AwebserverfarmforthemobileappisrequiredItneedstobescalableNumberofusersandadoptionisunknownOtherservicesneedtoexchangeinformationwiththisapplicationNeedstobejoinedwithexistingcustomerbaseDynamicdeploymentofadditionalservicesmightberequired

AlltheseareaspectsofanSDDC.Thescopeseemstobethemobileapp,whichshouldpossiblyserveallexistingcustomersofXYZCorp.Also,thereshouldbeawaytoputinnewfunctionalityovertimeandfeatureenhancementswithoutdisruptingtheusersorlongdevelopmenttimes.

Besidesthat,theserviceshouldbepre-configuredandeasytodeploy.Onceitisrunning,thereshouldbeanoptiontoeithergrowitmanuallyoraddamonitoringwhichaddssystemsbasedonitsusage.Thisshouldallhappenautomaticallyandwithoutinterruptingtheservice.Thisisamajorfactorsinceapplicationperformanceisalwaysseencriticalbyendusers.

TheCloudManagementPortal(CMP)shouldbecapableofdeployingthisserviceautomatically.ButthiswillonlybeusedbyalimitedsetofusersinXYZCorp.ProbablyfromtheITengineers,developersandoperationsgroupsonly.Sothedesignneedstofitforasmallsetofusers.

Also,inordertosetupawebserverfarm,theOSdeploymenthastobeautomated.TheCMP

shouldbecapableofdeployingInfrastructureasaService(IaaS)forOSonly,butalsotoinstallanapplicationafterthisdeploymenthashappened.

Also,XYZCorphasacoupleofthird-partysystemswhereanynewservicedeploymentneedstoregisterinto.Theautomationshouldfullyintegrateintothosesystemstopreventanymanualintervention.Andfinally,apredictiveresourceanalysismightberequired,topreventanyshortageofcompute,network,ormemoryresources.Thissystemshouldworkalertbasedandinformaboutapossiblebottleneckbeforeitoccurs.Thiscouldthenbeworkedintotheprocurementplanningtomakesureadditionalresourcesareordersandavailablebeforeanyimpactishittingtherunningservices.

Allthisshouldrunautomatedincludingabasicself-serviceportalwherenewservicescanbeordered/maintainedandremovedbytheportalusers.

Thiswasthefirststepofidentifyingwhatmightberequiredtosolvethisbusinesscaseefficiently.Thenextstepwouldbetodocumentallfactsandpossibilitiestofurthercreateadesignwhichtakesallthisintoaccount.

Constraints,assumptions,andlimitationsThesethreecomponentswillshapethewayyousetupandinstallyourSDDC.Let'sbrieflytouchonwhateachofthistermsmeansinadesignandhowtoidentifyanddocumenttheseterms.

Constraints

Aconstraintissomethingyoucannotinfluencenorchangeinthedatacenter.Sinceitisnon-changeableitshouldbedocumentedasaconstrainttoexplainwhyyoumighthavechosenthedesignyoudid.Constraintscanbevariousthings,theydonotneedtobeonlytechnical,alsoprocessesorpeoplecanbeaconstraint.Sinceaconstraintwillmassivelyinfluencethechosenpathofinstallationandconfiguration,theyshouldallbedocumentedinatableatthebeginningofthedesign.

Hereisasampleconstrainttable:

ConstraintID Description Impact

C001 DMZandproductionmustbephysicallyseparated

MorehostsaswellasacomplexdeploymentmethodarerequiredtoensurenoDMZworkloadcanberunonproductionorviceversa

C002AllIPaddressesmustbeobtainedfromacentralIPAM

IPAMneedstobeintegratedintothecloudmanagementsolution

C003AlldeployedVMsneedtoberegisteredwiththeCMDB

CMDBmustbeprogrammable(API)andwillbeintegratedwiththeautomaticVMdeployment

C004Everynon-standardchangeneedstobeapprovedanddocumented

Approvalpoliciesneedtobeusedandimplementedforpossibleservicechangesintheportal

C005NoVMtemplatedeploymentisallowedtobeused

ServicedeploymenthastobeconfiguredtodoPrebootExecutionEnvironment(PXE)bootforVMstoinstallanoperatingsystem

Thisisjustanexample,therecanbevariousotherthingsandthosedependontheorganization'sprocessesandoperationstructures.However,ifthereisachancetoeliminateaconstraintit

shouldbedone.SinceeveryconstraintmightlimityourSDDCcapabilities.

Thedocumentationofconstraintsalsooftenhelpstogetawareofthem.Sometimesonemightthink,thatishowitis,ormyfavoritequote,ithasalwaysbeenlikethat.Thinkoutofthesepatternstoidentifyifsomeoftheconstraintsarestillvalid.Whileeliminatingaconstraintcansometimesbeverydifficult(politics,people,processes)itcanalsobeakeyfactorinmakingtheSDDCsuccessful.Sothesecondpartofdocumentingconstraintsis,findthosewhichcanbeeliminated.

ToomanyconstraintscanputthewholeSDDCatrisksinceitmightendinanon-functioningornon-beneficialstate.ThethirdstepofgettingawareofyourconstraintsismakingsuretheyarenotpreventinganymajorSDDCfunctionality.DatacenterautomationmeanschangeandchangemeanthatmanytasksorprocessesneedtoberevisitediftheystillmakesenseinanSDDCenvironment.

Oneweirdprocessforacloudenvironmentwastoopenaticketfordeployingaservice.NottodocumentitsconfigurationinaCMDBorticketingsystem,butbecauseoftheoperatorshadthemandatetodoso.Iftheydidn't,theirmanagerwillgetanalertabouttheirproductivity.Sotheyrequestedthateachportalaction(deployaservice,changeaservice,andsoon)isopeninginaticketundertheirnamesandclosesitafterit'sdone.Thisisatypicalexampleofalegacyprocesswhichisnotfittingintotheautomateddatacenterworld.Whileitwaspossibletointegratethis,itwasquiteahighefforttoautomatethat.Sotheprojectwasmoreexpensivethaninitiallythough.Thisistheimpactofaconstraintwhichmighthavebeenabletobeeliminated.

Oncealltheconstraintshavebeenidentifiedlet'smoveontothenexttopic.

Limits

Alimitcanbephysicalorlogicalanddescribesacircumstancewhichcan'tbesimplychanged.Limitsareoftentechnical,butcanalsobeorganizationalorprocessrelated.Anorganizationwhichhasonlyonedatacenterhasthisasalimit.Itcannoteasilystandupaseconddatacenter.Whilethisisasomewhatextremeexample,therearemanylimitswhichsoundeasytosolvebutareasdifficulttoresolveasthedatacenterexample.

Theprocessforthelimitsisthesameasfortheconstraints.However,limitsandconstraintscanberelatedtoeachother.Aconstraintcancreatealimitandviceversa,alimitcanbepresentduetoaconstraint.

Asimpleexampleforthatis:

Theprojecthasafixedbudget,whichisacostlimitandcannoteasilyovercome.

Thiscreatesaconstraintdescribingadditionalcostscannotbecovered.Theimpactwouldbetokeepthedesignsimpleandremovesomeoftheplannedintegrationwork.

Hereisasamplelimitstable:

L001 Thecorenetworkcannotdelivermorethan10Gbit.

Inordertopreventcongestion,multiplenicewillbeusedtoseparatemanagement,backup,andproductiontraffic.

L002 PXEnetworkcannotsupportmorethan10simultaneousdeployments.

Globalservicedeploymentneedstobeconfiguredtonotexceed10simultaneousservicedeploymentsifPXEbootisinvolved.

L003 Linkspeedtothesecondarydatacenteris100Mbit.

AsynchronousreplicationneedstobeconsideredinordertoconfigureDRprevention.

Pre-definedprojectdeadline,setbeforethedesign/projectplanwascreatedtohandoverthefullyinstalledandrunningsystem.

Scopeneedstobere-visitedandareverseprojectplanneedstobecreated.Somefeaturesmightnotbeimplementedduetothisdeploymenttimelimit.

L005 OnlytwoFTEswillsupportthisproject.

Implementationtimemightbelongergiventhelimitedresources.

Inthistable,youwillnoticethatC005:NoVMtemplatedeploymentisactuallyrelatedtoL002:PXElimitonsimultaneousOSinstalls.Thisisanexamplehowconstraintsandlimitsmightimpacteachother.Iftheconstraintwouldmoveaway,thelimitwouldalsobegoneatonce.Thiswouldactuallymaketheplatformmorecomprehensiveandcapable.

Limitsarenormallyquitehardorimpossibletoeliminate,excepttheyarerelatedtoconstraints.Thereforeagooddesignhastoacknowledgethemandtryingtoworkaroundthem.Itisimportanttohaveafullunderstandingofalllimitsbeforeyoustartyourdesign,otherwise,youmightplanforfeaturesandthennoticethattheycannotbeused.Itisalwayseasiertobewellpreparedandawaretocreateyourdesignaroundthat,thantryingtoimproviselateronwithoutjeopardizingthewholeintegrityandfunctionalityoftheSDDC.

Documentingthelimitsopensupthesameopportunityasdocumentingconstraints.Theycanbere-visited,discussedandmaybethereisalreadyasolutiontoovercometheminthedatacenter.Aswiththeconstraints,theimportantfactoristhatbasedonthedocumentedlimitsitismuch

easiertofollowupthanifthereisnothingbutguessing.

Assumptions

Eventhebestandwell-prepareddesignteamorSDDCarchitectneedstobeeducatedguessingsometimes.Itisjustimpossibletobeawareofeveryaspectandeveryrequirementbeforeyoucreateyourdesign.Therefore,aswellaswiththeothertwo,documentyourassumptionsandtheirimpact.Assumptionscanbere-visitedanytimeandcorrectedwheneverpossible.However,someofthemwillonlyrevealoncethedatacenterautomationhasbeensetup,oroncethefirstcoupleofservicesarerunning.Therefore,assumptionsshouldnotleadtoabsolutedesigndecisions.Theyshouldgiveyouadirectionandanideawhatmightberequired.Creatinganon-reversibleconfigurationwhichmightlimityourlateruseoftheplatformshouldbeprevented.

However,assumptionsareanimportantpartofthedesignsincetheywillunderlinewhycertainthingsinthesystemmightbeconfiguredastheyare.Itisimportanttorelatethemtodesigndecisionssincetheywillhelpthereaderofyourdesigntounderstandwhyyoutookcertaindecisions.Thismakesitmucheasiertoformasounddesignandalsotodefendtheconfigurationifrequired.

Assumptionscancoverallsortsofthings,beginningfromtechnicalassumptionstoprocessbasedassumptionsorapplication/servicebasedassumptions.Oftenassumptionsarealreadyabigpartofanydatacenter.Inabiggerorganization,theadminsometimesdoesnotknowwhatwillbeinstalledonaVM,sotheycreatethoseVMsbasedonassumptionsandbestpractices.

Inanautomateddatacenterthereisalotwhichcanbeassumed:Growth,deploymentsperday,portalusers,services,servicerequirements,servicescalability,resourceavailability,resourceconstraints,andsoon.

Thislistcouldgetverylong.Inordertorelatethattoadesign,itisimportanttolistonlyrelevantassumptionswhichalsohaveameasurableimpactonthedesignandsetupoftheSDDC.

Hereisasampleassumptionstable

A001 Theapplicationsupportsdynamicscale-out.

TheserviceneedstobedesignedtosupportaddingVMsondemand.

A002 Onlyonedepartment/groupisusingtheCMP.

Onlyonetenantandbusinessgroupneedtobesetuptosupportthis.

Backupisdoneseparatelyandwillnot Easierintegrationofserviceswithout

A003 beconfigurableintheCMP. advancedcustomizationrequirements.

A004 Noadvancednetworking/firewallrulesarerequiredbytheapplication.

Easierintegrationofserviceswithoutadvancedcustomizationrequirements.

A005Mixofdifferentsubnets/VLANspervSpherehostisallowedduetologicalnetworkseparation.

LesscostandeffortwiththevSphereimplementation.Nocustomservicedesignintheportalrequired.

A004isagoodassumption,butmightbeveryunusualformostprojects.VMware'sNSXcouldhelptoaddresspossiblerequirementsandfurtherautomatethedeploymentofcomplexapplications.Ifso,considerittobepartoftheinitialSDDCdesign.

Whilesomeoftheseassumptionsmightsoundobvioustoyou,itisimportanttounderstandthatinhugeprojectsthereisalwaysachanceofmisunderstandings.Soassumptionscanalsobeusedtodocumentsoftrequirements.IfyoulookatA002,itstatesthatonlyonedepartmentmightbeusingtheportal.Thedesigndecision,therefore,istocreateonlyonetenant.Thissaveseffortandprojecttime.Also,thedecisionofcreatingonetenantistiedtotheassumption,whichmakesitquiteeasytounderstand.Sometimespeoplechangetheirmindinthemiddleofaproject.Thisoftenleadstomissedmilestonesanddeadlines.Oftentherecanbeadiscussionthatthischangehasn'thadanyimpactonthedesign.Ifalltheassumptionsandthereforethescopeiswelldefinedinthebeginning,thosediscussionsdonotneedtohappen.

Soassumptionsaregoodtokeeptrackwithdesigndecisionsandalsotodeliveravalidpointwhythisdecisionhasbeentaken.Besidesofthat,theyhelptoguesswhatimpactachangeofthisassumptionsmighthaveontheSDDCimplementation/configuration.

Also,allassumptionsinthistablearelinkedtospecificsettings.Thosesettingscanbechangedanytime.However,theimpactmightbeconfiguration/projecttimeaswellascosts,butthesystemisnotlimitedtotheseconfigurations.Tryalwaystokeepthelimitingfactorofassumptionsanditslinkeddecisionsaslowaspossible.Sinceassumptionscanchangeratherquicklyyoumightneedtore-visittheconfigurationandadaptittothenewrequirements.

Whilethesearesomeworst-caseexamples,theyareallfromrealSDDCimplementations.Agooddesigniskeepingtrackoftheseaspects.ItisalsoagoodpracticetocreateanIDforeachdesigndecisionandmapittoanyofthesethreedescriptions.Itwillimprovethereadabilityandunderstandabilityofyourdesignifalldecisioncanbetrackedbacktoaconstraint,limitorassumption.

ScalabilityandfuturegrowthIfyouareabouttodesignyourVMwareSDDCyoushouldalwayshavegrowthandscalabilityinmindwhiledoingso.ThereisalotofoptionstoinstalltheneededVMwarecomponentsforsmall,mediumorevenlargeenvironments,butitisimportantthatallofthemarehavingtheirownrequirementsandlimitations.

Keepinmindthatalbeitthereisaverygoodimplementationofaself-serviceportalinvRealize,thewholeSDDCcanalsobeconsumedprogrammaticallyusingAPIs.ThereisAPIsforvRealizeAutomationanditspluginsaswellasforthevRealizeOrchestrator.Thismightincludeascenariowhereapplicationserversgetdeployedonaspecificdaytopreventadditionalpower.Aftertheirtaskisdonetheyaresimplyremovedfromtheenvironmenttofreeuptheresourcesfortheotherexistingworkloads.TheprogrammaticconsumptionofthewholeSDDCalsoneedstobeconsideredinagooddesigndocument.

BeforestartingcreatingadesignorevendeployingthetoolsitmightbeimportanttoexploreandunderstandeachofthecomponentsoftheSDDC.Typicallythefollowingcomponentswillberequiredtobuildthedatacenterautomationfoundation.

vRealizeAutomationThisservesasthecentralfrontend.OftenitisalsoreferredtoastheCMPwhereendusersoradministratorscanrequestservicestobedeployed.Butthisisoneofitsobviousfunctions,actually,itisdoingmuchmorethanthat.Italsousesso-calledDistributedExecutionManagers(DEM)tomonitorandexecuteworkflows.vRealizeAutomationtakescareofthebasicautomationtasksaswellasworkflowsfordeployingVMsandevenapplications.Also,itcanleverageandintegratewithadvancedfeatureslikeNSX.Itwillalsobetheinterfacewherealltheservicetemplates,calledblueprints,willbecreatedanddesigned.Thesecanbesimple,likeasingleVM,orcomplexlikeacoupleofVMsincludingasoftwaredeployment.

ThisisthecoreoftheSDDCandthereforequiteimportanttobedesignedandsizedcorrectly.

vRealizeCodeStreamThisservesasagoodadditiontovRealizeandmakestheSDDCfitforDevOpstasks.Itcanautomatethestagingofapplications.Furthermore,itfeaturesthecreationofcustomdevelopmentenvironmentsincludingVMs,applicationinstallation,andgatingrules.ThisiscalledapipelineinvRealizeCodeStream.Therulescandescribeifandwhenanapplicationcanreachthenextstage.AllthiscanbeautomatedbyintegratingeitheradevelopertoollikeJenkinsorbyleveragingscriptsorevenvRealizeOrchestratorworkflows.Whilethisadditionmightnotberelevantforthebusinessendusers,itwillhaveanimpacthowdeveloperscanmakeuseoftheSDDCandspeeduptheirworktoo.Thismakesitaveryusefultooltospeedupapplicationdeploymentanddiscovernewwaysofdeployingenterprisegradeservices.

vRealizeOrchestratorThisisthehiddenstaramongstallSDDCcomponents.VMwareisevenofferingvRealizeOrchestrator(vRO)includedinthevCenterlicenseforeverycustomer.However,thisisnotheavilyadvertisedsonottoomanycustomersareawareofthisbrillianttool.

Itsroleistorunworkflowsandorchestratetheirexecutionsfromacentralpoint.Thissoundsnotexciting,butactually,itisexciting.Itisatrueorchestrator,thatmeansthatitcandothisforallandeverythingwhichhasanAPIforitscontrol.ThereasontohaveitinanSDDCistointegrateintothenon-VMwaresoftware.Thiscanbeaticketingsystem,anIPAMorevenexternalloadbalancerorstoragesystems.Alltheseactionscanbecreatedinseparateworkflows,thesecanalsobecalledfromotherworkflows(nestedexecution).

ThesecondbigaddonwiththevRealizeOrchestratoristheabilitytocreateorderableservicesinvRealizeAutomationbasedonworkflows.ThismeansthatitisevenpossibletoprovideinnovativeworkflowsinthevRealizeAutomationportalwhichhavenottoomuchtodowithvirtualizationorVMwareitself.AnexampleofthisisADautomation,whereausercouldactuallyrequestauseraccountforanotheruser.

TheorchestratorisasimportantasvRealizeAutomationitself.Sincemanyworkflowsmightrunalsosimultaneouslyinabigenvironment,itisimportanttoalsoreflectthisinthedesignforthistool.

vRealizeOperationsManagervRealizeOperationsManager(vROps)hastwoprimaryfunctions.OneistheongoinganalyticsandmonitoringoftheSDDCenvironment,theotheristhecapacityplanningoptionsandpossibilities.BothofthesetasksarenotdirectlyimpactingthefunctionoftheSDDC,butstillcriticalfortheenvironment.Especiallythecapacitymanagementaspectshouldnotbeunderestimated.Sinceacloudenvironmentisinconstantchange,itisimportanttoknowandunderstandhowmuchmoreloadanenvironmentcantakeuntilitneedsfurtherresources.

Besidesthat,ifthereisanythingnotworkingasexpected,itisimportanttobeabletoquicklyidentifythefailingcomponentandhowitmightberelatedtootherprocessesandtasksinthesystem.ThatcanbedoneusingtheanalyticspartofvRealizeOperationsManager.Thisprovidesmorethanjustmetrics,itunderstandsrelationsandprovidesarelationalmappingandevencreatesapossiblerootcauseanalysis.Allthisisnotseenbytheenduserontheportal,butitisimportanttoguaranteeahealthyandfullyfunctionalcloudenvironment.

vRealizeBusinessThisistheshowbackorfinancialpartoftheSDDC.IttakescareofthecostofVMsandmakessurethattheseareseenbytheenduseroncetheVMsgetordered.Italsodoescostcomparisonbetweendifferentcloudofferingsifapplicable.Basically,thesizinganddesignofvRealizeBusinessshouldmatchthedesignandsizingforvRealizeAutomation.

Thisisagainoneoftheserviceswhichwillnotharmtheproduction,butitwillhaveaninfluenceontheoverallsystem.Ifrequestorsdonotknowhowexpensivearequestis,itmighthighlyirritatethem.Certainly,itwillforapprovers,iftheyneedtosignoffaVMrequestandtheyhavenoideaofthecost.SoitisanotherexampleofatoolintheSDDCwhichisnottechnicallyblockinganytasksorworkflows,butfromaprocesspointofview,itcanbeashowstopperissueifitdoesnotrun.

vRealizeLogInsightSimilarasvRealizeOperationsManager,vRealizeLogInsight(vRLI)isnotanactivecomponentintherequest/deployprocess.vRealizeLogInsightisanadvancedlogcollectingandsearchingtool.Itismeantforquicklyfindingmessagesinlogs.Theselogscanliterallycomefromeverywhere,aslongastheyaretextbased,vRLIwillbeabletoparseandsearchtheminaverypowerfulway.

Butitisnotonlyhypervisorlogs,allmanagementcomponentsinanSDDCshouldlogintovRealizeLogInsight.Thismeansallthesystems/tools/VMsrunningtheSDDCsendtheirmessagesandlogfilesstraightintovRealizeLogInsight.Thishasthehugeadvantagethatalllogsarecentralandeasilysearchable.Inacomplexcloudenvironment,thiscanbekeyinordertospeeduptroubleshootingoreventofindthefailingcomponent.AnSDDChasmanymovingparts,soasolutionlikethisisrequiredinordertobeabletodotroubleshootingandmonitoring.

Therefore,vRealizeLogInsighthastobesizedanddesignedtosupporttherestoftheSDDCasgoodaspossible.

NSXNSXisVMware'snetworkvirtualizationlayer.Itcanenabletrueon-demandnetworkingincludingsecurityfunctionality.Italsofeaturesadvancedroutingandprotocolmanagementfeatures.ItisnotjustanicetohaveiftheSDDCshouldbetrulyelasticandagileNSXisamusttosupportthedifferentneedsofthedeployedservices.Mostlyitisknownformicrosegmentation,whichmeansmultipleservicescansitonthesamenetworkwithoutbeingabletoinfluenceeachotheronthenetworksegment.

Anexampleofthismightbeawebserverandadatabaseserversittingonthesamenetwork.Butthewebservercanonlycontactthedatabaseserverthroughport80.However,NSXneedsalsotobedesignedcorrectlytoprovidetheneededperformanceandavailabilityfortheentireSDDC.SincethisisanentiretaskofitsowntherewillbeanownchapterofNSXdiscussingalltheoptionsandpossibilitiesofthisamazingpieceoftechnology.NSXshouldbeintheequationfortheentireSDDCdesign,eventhoughitneedsitsowndesignaswell.Therequirements,limits,andassumptionswillultimatelyalsoaffecttheNSXdesign.

AnSDDCisthesumofitscomponentsandmorethanjustasingleapplication/infrastructure,eachandeverycomponentshouldbedesignedforthesizeandthegrowthaccordingtotheestimatefortheentireenvironment.Thismeans,ifonedecidestodesignalargeinstallationofvRealizeAutomation,thisalsoneedstobereflectedinvRealizeOperationsManager,vRealizeOrchestratoraswellasvRealizeBusinessandfinallyvRealizeLogInsight.Sinceallofthesearecorecloudmanagementcomponentsandautomationsystems,allofthemneedtobeadoptedforservingalargeenvironment.

DesignandrelationsofSDDCcomponentsThesearebestpracticesandprovenpracticeshowadesignforallcomponentsintheSDDCmightlooklike.Itwillhighlightapossibleclusterlayoutincludingadetaileddescriptionwantneedstobeputwhereandwhyacertainconfigurationneedstobemadelikethat.

Typically,everydesignshouldhaveanoverviewtoquicklyunderstandwhatthesolutionisgoingtolooklikeandhowthemajorcomponentsarerelated.IntheSDDConecouldstartdrawingtheusedvSphereClustersincludingtheirfunctions.

LogicaloverviewoftheSDDCclustersThisfollowingimagedescribesanSDDCthatisgoingtoberunonthethreeclusterapproach:

Thethreeclustersareasfollows:

ThemanagementclusterforallSDDCmanagingservicesTheedgeforNSXclusterwhereallthenorth-southnetworktrafficisflowingthrough

TheactualpayloadclusterwheretheproductionVMsgetdeployedonto

NewerbestpracticesfromVMware,asdescribedintheVMwarevalidateddesigns(VVD)version3.0alsoproposeatwo-clusterapproach.Inthiscase,theedgeclusterisnotneededanymoreandalledgeVMsaredeployeddirectlyontothepayloadcluster.Thiscanbeabetterchoicefromacostandscalabilityperspective.However,itisimportanttochoosethemodelaccordinglytotherequirementsandconstraintsfoundinthedesign.

Thedetailofthisoverviewshouldbeonlyascomplexasnecessarysinceitspurposeistogiveaquickimpressionoverthesolutionanditsconfiguration.Typically,thereareafewoftheseoverviewsforeachsection.

ThisformsabasicSDDCdesignwheretheedgeandthemanagementclusterareseparated.AccordingtothelatestVMwarebestpractices,payloadandedgeVMscanalsorunonthesamecluster.Thisbasicallyisadecisionbasedonscaleandsizeoftheentireenvironment.Oftenitisalsoadecisionbasedonalimitorarequirement(forexample,edgehostsneedtobephysicallyseparatedfrommanagementhosts)

LogicaloverviewofthesolutioncomponentsThisisasimportantastheclusteroverviewandshoulddescribethebasicstructureoftheusedSDDCcomponentsincludingsomepossibleconnectionstothird-partyintegrationlikeIPAM.

Also,itshouldprovideabasicunderstandinghowtherelationshipbetweenthedifferentsolutionsis.

Itisimportanttohaveanunderstandingofthesecomponentsandhowtheyworktogether.ThiswillbecomeimportantduringthedeploymentoftheSDDCsincenoneofthesecomponentsshouldbeleftoutorconfiguredwrong.EspeciallyforthevRealizeLogInsightconnectsthatisimportant.

IfnotallcomponentsareconfiguredtosendtheirlogsintovRealizeLogInsight,therewillbegapswhichcanmaketroubleshootingverydifficultorevenimpossible.Aplan,whichdescribestherelation,canbeveryhelpfulduringthisstepoftheSDDCconfiguration.

Theseconnectionsshouldalsobereflectedinatabletoshowtherelationshipandcontrolifeverythinghasbeensetupcorrectly.Thebetterthedetailisinthedesign,thelowerthechancethatsomethinggetsconfiguredwrongorisforgottenduringtheinstallation.

ThevRealizeAutomationdesign

Basedonthedecisionandtheusecasetherearetwosetupmethods/designsvRealizeAutomation7supportswhenbeinginstalled.

Smallstandsforaverydenseandeasytodeploydesign.Itisnotrecommendedforanyenterpriseworkloadsorevenforproduction.ButitisidealtobeusedinaProofofConcept(PoC)environment,orforasmalldev/testenvironmenttoplayaroundwithSDDCprinciplesandfunctions.

TheclueofthesmalldeploymentisthatalltheIaaScomponentscanresideononesingleWindowsVM.OptionaltherecanbeadditionalDEMsattachedwhicheasesfuturescale.However,thissetuphasonefundamentaldisadvantage:Thereisnobuilt-inresilienceorHAfortheportalorDEMlayer.

ThismeansthateveryglitchinoneofthesecomponentswillalwaysaffecttheentireSDDC.

Enterprise

AlthoughthisisamorecomplexwaytoinstallvRealizeAutomationthisoptionwillbereadyforproductionusecasesandismeanttoservebigenvironments.AllthecomponentsinthisdesignwillbedistributedacrossmultipleVMstoenableresiliencyandhighavailability.

Inthisdesign,thevRealizeAutomationOVA(vApp)isrunningtwice.Toenabletrueresiliencealoadbalanceneedstobeconfigured.Theusersaccesstheloadbalancerandgetforwardedtooneoftheportals.VMwarehasagooddocumentationonconfiguringNSXasaloadbalancerforthispurpose,aswellasF5loadbalancer.Basically,anyloadbalancercanbeused,aslongasit

supportsHTMLprotocolchecks.

DNSaliasorMSload-balancingshouldnotbeusedforthis,sincethesemethodscannotproveifthetargetserverisstillalive.AccordingtoVMware,therearechecksrequiredfortheloadbalancertounderstandifeachofthevRAAppsisstillavailable.IfthesechecksarenotimplementedtheuserwillgetanerrorwhiletryingtoaccessthebrokenvRA

InadditiontothevRealizeAutomationportal,therehastobealoadbalanceralsoforthewebservercomponents.Also,thesecomponentswillbeinstalledonaseparateWindowsVM.TheloadbalancerforthiscomponentshasthesamerequirementsthantheoneforthevRealizeAutomationinstances.

TheactivewebservermustonlycontainoneWebcomponentofvRA,whilethesecond(passive)webservercancontaincomponent2,3,andmore.

Finally,alsotheDEMworkershavetobedoubledandputbehindaloadbalancertoensurethatthewholesolutionisresilientandcansurviveanoutageofanyoneofthecomponents.

Ifthisdesignisused,theVMsforthedifferentsolutionsneedstorunondifferentESXihostsinordertoguaranteefullresiliencyandhighavailability.Therefore,VMaffinitymustbeusedtoensurethatneverbothDEMs,webserverorvRAappliancesrunonthesameESXihost.Itisveryimportanttosetthisrules,otherwise,asingleESXioutagemightaffecttheentireSDDC.

ThisisoneofVMware'ssuggestedreferencedesignsinordertoensurevRAavailabilityforusersrequestingservices.Althoughitisonlyasuggestionitishighlyrecommendedforaproductionenvironment.Albeitallthecomplexity,itoffersthehighestgradeofavailabilityandensuresthattheSDDCcanstayoperativeevenifthemanagementstackmighthavetroubles.

vSphereHAcannotdeliverthisgradeofavailabilitysincetheVMwouldpoweroffandonagain.ThiscanbeharmfulinanSDDCenvironment.Also,tocomebackupoperations,thestartuporderisimportant.SinceHAcan'treallytakecareofthatitmightpowertheVMbackonatasurvivinghost,buttheSDDCmightstillbeunusableduetoconnectionerrors(wrongorder,stalledcommunication,andsoon).

Oncethedecisionwasmadeforoneofthisdesignsitshouldbedocumentedaswellinthesetupsection.Also,takecarethatnoneofthelimits,assumptions,orrequirementsareviolatedwiththatdecision.

AnothermechanismofresiliencyistoensurethattherequiredvRASQLdatabaseisconfiguredasanSQLcluster.Thiswouldensurethatnosinglepointoffailurecouldaffectthiscomponent.

TypicallybigorganizationshavealreadysomeformofSQLclusterrunning,wherethevRAdatabasecouldbeinstalledon.Ifthispossibilityisnotexistent,itisstronglyrecommendedtosetupsuchaclusterinordertoprotectthedatabaseaswell.ThisfactshouldbedocumentedinthedesignasarequirementwhenitcomestothevRAinstallation.

InfrastructuredesignexamplesTheSDDCdesignshouldalsoincludethelogicalinfrastructuredesigndescriptions.Thisshouldcoverthecomputesector,storageaswellastheapproachtothenetworkdesign.Allthesedecisionsanddescriptionsshouldbetakenwiththebusinesscaseinmindandultimatelyenablethiscase.

Inthisexample,thebusinesscasewasanewmobileappwhichshouldbeflexibleandquicktodeployandscale.Sincethereisnodata,howmanyuserswillactuallyleveragethisappshouldalsobeflexibleintermsofperformance.Theimportantquestiontosolvefornowis:Whatmighttheinfrastructureneedtoprovideinordertoservethisusecase.

Network

TheSDDCwilluseNSXasasoftware-definednetworkprovider.Thisisrelevantfortheusecaseforvariousaspects:

ThewebapplicationwillneedmultiplenetworkswithfirewallandsecurityneedsThesenetworksmightneedtobeprovisionedon-demandThefirewallrulesneedtobeattachedtotheapplicationandremovediftheapplicationisscalingdown/addedifscalingupSinceitisimpossibletopredicttheusernumber,theactualnetworkrequirementscan'tbeforecasted

SincetheedgeclusterisalreadyinthedesigntheNSXfunctionalityneedstobeaddedtovRealizeAutomation.Whensettingup(designing)NSXitisimportanttosticktothisrequirements.

InvRealizeAutomation,thesefunctionscanbeaddedtoablueprint(aservicetemplate)andthereforethereisnoneedtopre-definethemintheSDDCdesignitself.Ifthereisaseparatesectionfortheblueprintdesign,thisiswherethenetworkfunctionsneedtobedocumentedandmanaged.

Storage

Theremightbedifferentperformanceclassesavailableregardingthestorageinthedatacenter.vSpherecandifferentiatestorageclassesbyusingtheSPBM,whichwasdescribedearlierinthisbook.

ByusingtheSPBMfunctionality,vRAcancreateSLAorratecardserviceclasses,whichcanbeusedbyblueprints.ThedesignshouldhighlighttheseclassesanddecisionssotheycaneasilybeconfiguredoncethebaseinstallationofvRAisdone.

Thisisanexampleofdefiningthesesstorageclasses:

Policyname Diskdrivesused Performanceguarantee

Ultra Allflashdrives 500IOPs/TB

Gold SASdrives 100IOPs/TB

Capacity SATAdrives 15IOPs/TB

Foreasierconfiguration,theseclassesshouldbedefinedinvSphereusingSPBMandmatchingdatastores(orVASA).IfthoserulesarepresenttheycanbeleveragedwithinvRealizeAutomationbysimplyaddingthemtotheinfrastructureconfiguration.

Inourbusinesscase,theapplicationmightrunthewebserversfromtheCapacitytier,butthedatabasesmightallrunontheUltratier.Thiscanalsobesetrightwithintheblueprint.Ifthisisdonelikethis,theuserwillnothavetochoosetherightstorage.Also,anautomation,whichmightdeploymoreinstances,isalwaysdoingtherightsetup.

Basedonrequirementsorbusinesscasetheremightbemanymorestorageclassestobedefined.TherecouldalsobeextraclasseslikeUltraReplicationor,whatismorecommon,thatthemostexpensiveclassfeaturesalsoreplicationandHAcapabilities.Whilethemostaffordabletiermightbesimplystoragewithoutanyresiliencyoravailabilityguarantee.

Thisisafavoriteoptionusedbypubliccloudprovidersinordertomaketheirofferlookmuchmoreaffordable.Ifonedigsdeeperintothat,itmightbediscoveredthattheofferedstorageisnotevenpersistent.

Compute

Liketheothertworesources,therearewaystocarveoutcomputeresources.ThisislesscommonbutcanbedoneusingvRealizeAutomation.Asdescribedearlier,iteitherusesawholevSphereclusterascomputeresourceorresourcepools.

Byusingresourcepoolsperformanceclassescouldbeintroduced.Thismightbeveryhelpfulforthebusinesscasewearelookingatsincetheappneedstobedevelopedsomewhere.Andthisappdevelopmentworkloadshouldmostcertainlynotinfluencetheproductionworkload.

Therefore,atest/devresourcepoolcouldbeaddedtotheavailablevRealizeAutomationresources,oraseparatetest/devcluster.Thishighlydependsonthevolume.Inthiscase,thevolumeoftheappisnotknown,soalsotheresourceneedsfortest/devandproductionareunknown.Themostefficientwaywouldbetousepre-configuredresourcepoolsinorderto

provideflexiblebutfairresourcestothetwodifferentworkloads.

Thedefinitionofthesecouldlooklikethis:

Policyname Resourcepool Shares Performance

Production Prod 10000 Unlimited/sharescontrolled

Development&Test Test/dev 2000 Unlimited/sharescontrolled

AllthesevSphereresourcescanbetransformedtoresourcereservationswhichthencanbeusedinvRealizeAutomationtoformtheusableinfrastructure.

DesigningthetenantsOneofthebuildinfunctionalitiesofvRealizeAutomationistheseparationofclients.Thisisoftenreferredtoasmultitenancyanddescribesalogicalseparationofresources,users,andservices.

Smallerorganizationsareoftenusingonesingletenantandorganizetheseparationofdepartments,ifapplicable,inso-calledbusinessgroups.Biggerorganizationsmighthavetheneedforastricterseparationandthereforeusetenantstoseparatedifferentsubsidiariesfromeachother.ThismightberequiredsinceallthesesubsidiariescanhavedifferentADscontainingtheusers.

IntheSDDCdesign,itisnecessarytodescribethesetenantsandhowtheyrelatetoeachother.Again,itdependsonthebusinesscaseandtheusecasedrivingtheSDDCinstallation.Inourexample,theremightonlybeonetenantrequiredbutmultiplebusinessgroups,asfollows:

XYZCorp'stenant,connectedtotheADTestanddevbusinessgroupwithdedicatedresourcesProductionbusinessgroupwithdedicatedresources

ThiswouldfitthebusinesscasebutisalsobasedontheassumptionthatallrequiresusersareinthesameADorthatthereisatleastatrustbetweenADs.Ifthatisnotthecaseanothertenantmightberequiredfortestanddevelopment.

Fromasecurityaspect,itisnotrecommendedtoseparateintenants,businessgroupsaremeantforthatpurpose.Eachtenantcomeswithitsownadministrationandrole-basedaccessstructure.ThemoretenantsthemorecomplexthisconfigurationgetandthemoreoperationaleffortanSDDCneeds.Thegoldenruleis,aslessaspossibleasmuchasneeded.

Tenants,businessgroups,andinfrastructurefabrics

ThetenancyandbusinessgroupconfigurationneedstobedescribedintheSDDCdesign.Sometimesitmightbenecessarytoalsogiveashortexplaintheactionofwhatiswhatandwhyitisneeded.Likeforallotherdesigndecisions,itisrecommendedtolinktheassumptions,limits,andrequirementsalsotothetenantlayout.

ThisisasampleimagewiththreedifferenttenantsandshouldexplainhowseparationisaccomplishedintheSDDC.

Whatisatenant?

Atenantisalogicalseparationandcanbeassignedtoanorganization.TypicallyitconnectstoaspecificADtoimportuserrolesandaccessrights.EachtenantcanbeconnectedtoadifferentAD,alsothisAD'sdonothavetorelatetoeachother.Thisisimportantsinceitmightbethatall

theseorganizationsalsodonotrelatetoeachother.AveryprominentexampleoftenantsisCocaColaandPepsirunninginseparatetenantsbutonthesameSDDCinfrastructure.

Eachtenanthasalsoanowntenantadmin,thisrolecandefineandadministerthebusinessgroupsandassignrolestodifferentusersinthetenant.Thoserolesareasfollows:

BusinessGroupManager:Isreliableofmanagingresourcesandserviceswithinthebusinessgroupaswellasuserprivileges.Thisrolecannominateotheruserstobeadesigner,anapprovalmanagerorasimpleconsumerFabricadmin:Isreliableoftakingcareoftheinfrastructure(calledfabric)thetenantcanaccess.Thisrolewillalsotakecareofthereservations,whicharecreatedforeachbusinessgroup.Areservationisasmallerlogicalseparatedpartoftheavailableresourcesfortheentiretenant.Thisishelpfultocontrolhowmanyresourcesabusinessgroupmighthaveaccessto.Oftennotallresourcesaremadeavailabletobeabletoeasilyexpandifnecessary.IaaSadmin:Thisroleisabletocontrolandprovidetheso-calledinfrastructurefabric.TheinfrastructurefabricisasetofallavailableresourcestotheSDDC.Thiscanevenincludeexternalcloudstoenableahybridmodeorphysicalmachines.TheIaaSadminmakessurethattheseresourcesareavailableandcanbeusedbythefabricadminsofthetenants.

Whatisabusinessgroup?

Thebusinessgroupisbasicallyalogicalseparationwithinatenant.Itismeanttogivedifferentdepartmentsinanorganizationtheirownspacewithinthetenant.Tostayinourexample,theremightbeaProductionbusinessgroupandoneforTestandDevelopment.

IntheCokeexample,thebusinessgroupsmightbe"Finance,Development,IT,Legal".However,itisimportanttodesignthisagainaccordingtothebusinesscaseandtoyourorganizationalprocesses.businessgroupsshouldbedesignedwiththesameruleinthebackgroundastenants:Keepitsimple,asmuchasneeded,asfewaspossible.

Userscanbepartofmultiplebusinessgroupsandcanseeanddeploydifferentservicesasaresultofthis.AusercouldbepartofDev&TestandProductionandcoulddeployservicesinbothgroups.Servicescanbeassignedtoaspecificgrouportomultiplebusinessgroupstobeavailableinaglobalform.ThismakessensefordefaultIaaSserviceslikeadeploymentofaVMincludinganOS.

Whatisafabricgroup?

ThisisthelogicalpartoftheIaaSfabricabusinessgroupcanconsume.Thefabricgroupisfurtherdivided(ifapplicable)inso-calledreservations.Asdescribedinthepreviousimage,abusinessgroupcanholdareservationfortheirtenant'sfabricgroup

Asdescribedearlierinourexample,thesereservationswouldactuallyreflecttheresourcepoolspreviouslycreatedinvSphere.However,invRealizeAutomation,reservationscanbefurthergranularconfigured:

MaxnumberofCPUpowerandmemorycanbedefinedperreservationMaxnumberofavailablestoragespacecanbedefinedperreservationGeneralVMquota(limit)canbedefinedperreservation

ThissettingmightbeimportanttoensuretheflexibilityandavailabilityoftheSDDC.Aquotacanmakesurethattheenvironmentisnotbroughtdownbymassdeployments.Furthermore,alimitonmemory,CPU,anddiskcanensurethatthephysicalresourceswillnotbeoverloaded.Incasethelimitisreacheditcanbesimplyreset.Ifaphysicalresourceisfullyloadeditwillbemoredifficulttoresolvethiscondition.

Inourexample,itisabitdifficulttosetalimitsincetheactualresourceusageisnotknown.Therefore,thedesignshouldassumeabigreservationprovidingmostoftheresources.Also,aflexibleapproachwillbeneeded,incasethedeployedserviceswillrequiremoreresourcesthanoriginallyconfigured.

Whatistheinfrastructurefabric?

Theso-calledinfrastructurefabricisacombinationofallresourcesavailabletotheSDDC.TheseresourceswillbeattachedtovRealizeAutomationbyso-calledendpoints.ThoseendpointswillgivevRealizeAutomationdirectaccesstotheattachedresources.Thisisalistofdefaultendpointsforcloudandhypervisors:

Infrastructure:vCenterKVM(REVM)MicrosoftHyper-V

Cloud:vCloudAirvCloudDirectorAmazonWebServicesMicrosoftAzureOpenStack

Foreachoftheseendpoints,resourcescanbeaddedtotheinfrastructurefabric.Thesecanbefurtherusedwithinthereservationsofthefabricgroups.

Therearealsoresources,whichmightnotneedoruseanendpointandcanstillbeused.ThismightincludetheprovisioningofphysicalserversusinganAPIcall.SuchservicesaretypicallycreatedbyusingvRealizeOrchestratorworkflowsandwillbeincludedinvRealizeautomationbyusingtheXaaSfunctionality.

Inthiscase,noendpointisneededsincevRealizeAutomationistriggeringtheworkflowinvRealizeOrchestratortoactuallyprovisiontheservice.However,withthistypeofservice,itisalsorequiredtothinkaboutreservationontheworkflow/blueprintlevel,sincebusinessgroupreservationscannotbeappliedtoXaaSservices.

Thepurposeofallthisistodescribeitinyourdesignandincludeeverydecisionmadeinthatdocument.Itisalsoimportanttofurtherbrieflydescribeafunctionalityandthedesigndecisionsothatthiscanstillbeunderstoodifreadyearslater,orbymaybe,lesstechnicallyfocusedpeople.

WhatmustbeincludedinthedesignInagoodSDDCdesign,allconfigurationsanddecisionsaredocumentedandcanbeeasilydefended.ItwillalsoincludeallothercomponentsbesidesforvRealizeAutomationifthereareanydesigndecisionsmadewhichinfluencetheirstandarddeployment.

Ifresilienceisarequirement,itshouldbeincludedanddescribedthroughtheentiredesign.SinceanSDDChasquitealotofmovingparts,thedesignshouldbethebaselinehowtheyareinstalledandworkingtogether.Finally,thebusinesscaseshouldbedescribedattheverybeginningofadesign.Also,themappingofconstraints,limitsandassumptionsisimportantandshouldbereflectedineverydesigndecision.

Also,itwillmakesensetodesignatestordevelopmentenvironmentatasmallerscale.Theseenvironmentscanbeusedtorehearseupdatesorupgradesaswellastodevelopnewservicesandintroducethemtotheproductionenvironmentatalaterstage.Especiallyifitcomestoupgrades,theprocedureshouldbetestedbeforedoingitintheproductionenvironment.Intheinterestofbudgetandresources,thoseenvironmentsdonotneedtobeascomplexandresilientastheproduction,buttheyshouldbeassimilaraspossibleinordertogetreasonableresults.Thisisanimportantaspectandshouldnotbeunderestimatedwhenitcomestotheoveralldesign!

WhatifthevSphereenvironmentisalreadyrunning?

IfanSDDCiscreatedontopofarunningvSphereenvironment,itisimportanttoeitherincludetheoldvSpheredesignasanattachment.Iftherearenewclusterscreatedtohouseeitherpayload,edgeoreventhemanagement,allthesechangesshouldbedocumentedaswellinanextrasection.ItisOKtorefertothealreadycreateddesign,butitshouldbeeasilyunderstandable.

Alotofexternalreferencestoanattachmentwilldistractthereadersflow.Also,itmightbedifficulttokeeptheoverviewiftherearealotofpointerstoanexternaldocument.Usebriefdescriptionsoftheoriginaldesignandonlypointtoittomakethereaderawarethattheremightbemoreinformationavailable.

SummaryInthischapter,wecoveredthemainprinciplesofadesignincludingsomeexamples.WelookedatafictivebusinesscaseandlearnedhowitsrequirementscouldbetranslatedintoatechnicalSDDCsetup.Also,wetouchedsomeimportantdesignprinciplesaroundassumptions,constraints,andlimitsaswellasgotaglimpseofwhatvRealizeAutomationmighthavetooffer.

ThenextchapterwillprovidedeepdiveknowledgeregardingvRealizeAutomationandfurtherdiscussitspossibilitiesandfunctionalities.Beginningfromtipsforitsinstallationitwillhighlighthowtorealizeservicedeployments,approvalworkflowsaswellasexternalprocessintegration.Also,servicedefinitionscalledblueprintswillplayabigpart.

Chapter5.VMwarevRealizeAutomationTheCMPoftheSDDCisoneofthemostimportantcomponentsintheentireinstallation.Itisthefirstpointofinteractionforusers,admins,andevenapplicationsiftheyorder/requestnewservices.Also,itneedstobeeasytoconsume,quick,andscalable,aswellasresponsiveandintuitivetouse.InaVMwareSDDC,thistooliscalledvRealizeAutomation(vRA)andittriestocombinealloftheseassetsintoasingleportal.Also,behindthecurtain,itneedstofulfillseveralotherrequirementssuchasmultitenancyaswellasbusinessandtechnicalapprovalsforservicerequestsandtheirpolicy-basedplacement.

Theanotherstrongdeliverableofaself-serviceportaloraCMPistheabstractionofcomplextasksintosimplerequestableserviceswhichdonotrequireanytechnicalskillsfromtheuser.Thinkofitlikeyourorganization'sAppStorewhichsimplyenablesthedeploymentofcomplexandlesscomplexapplications.Alltheuserhastodoisclickonaniconandprovideminimalinput,andtheservicegetsdeployedautomatically.

Besidesthat,vRAmightalsoworkasacloudbroker,whereservicescannotonlybedeployedonpremises,theycanalsobedeployedononeofthevariouspubliccloudofferings.AllthiscanbecontrolledandenabledbyconfiguringvRAaccordingtothedesignandusecaseyouidentifiedforyourorganization.SincethereisalotofcustomizationandconfigurationwhichcanbedoneusingvRA,itisrecommendedtosticktothecreateddesignfortheinitialconfigurationtonotgetlostinalltheoptions.

ThischapterwillexplainthemostimportantoptionsandconfigurationsforvRAinanSDDCenvironment.Also,itwillfurtherexplainsettingsandconfigurationbasedontheidentifiedusecasefromearlierchapters.

Thefollowingpointswillbecovered:

InstallationtipsandtricksDescriptionofvRAconceptsConfigurationexamples

vRAinstallationInvRAversion7,VMwaremadetheinstallationoneofthesimplestinthehistoryofthetool.Beforethat,itwasnotasimpleinstallation.SometimesevenVMwareProfessionalServicesOrganizationtookmorethanadaytoinstallthetool.ThankstotheengineeringeffortVMwareputintotheshinyandnewinstallationroutine,thiscanbeaccomplishedinacoupleofhours,dependingonthechosensetup(smalllaborenterprise).

Theverynicethingaboutthenewinstalleristhatitguidestheadminthroughallthestepsandevents,andprovidesacontrolledwayofrollingbackafteranerrorbyusingVMwaresnapshots,justfollowthesuggestedprocedureoftheinstallerandthereshouldbenobadsurprises.

FirstthingsfirstTogetstarted,vRAneedstobedownloaded(thevApp)fromVMware.ThevAppcanthenbeimportedintotheseparatevSpheremanagementcluster.Theimportwillbringupaconfigurationwizardwherethemostimportantspecsforthedeploymentneedtobeputin:

IPaddressAdminpasswordDNSnameDefaultgatewaySearchdomain

BeforethedeploymentofthevRAappliance(s),theDNSshouldbesetup.Nameresolutionisveryimportantforthistoolandcanmakethedifferencebetweensuccessandfailure.Itisveryimportanttocheckbothforwardandreverselookupbeforeproceeding.

Basedonthechosensetup,vRAwillneedoneormoreWindowsVMstodeploytheDEMandIaaScomponentsinto.ItisrecommendedthattheseVMsalsogetprovisionedupfronttobereadytouseoncethevRAvApphasbeenfullydeployed.Besidestheverystraightforwardsetupguide,VMwarealsorenewedtheinstallationguideforvRAtocoverallthenecessarystepstomakesurethatvRAgetsdeployedsuccessfully.Inthecaseofenterprisedeployment,additionalconfigurationoutsideofvRAisrequiredtobeabletousethisdeployment;thismainlyincludestheconfigurationoftheloadbalancerfortheIaaS,DEMs,aswellasforthevRAinstancesthemselves.

TheIaaSserver(s)needsaMicrosoftSQLdatabasetoworkproperly.EitheraseparatedatabaseinstanceoratleastadatabaseregisteredonanexistingMSSQLserver.ThevRAinstallationwizardwilltakecareofsettingupthedatabaseincludingtherequireddataschema.

EveryWindowsVMinthevRAecosystemneedstohaveMSDTCenabled/installedinordertofunctionproperly.Sometimesitisrequiredtoreregister/reinstallthisontheDEMworkersorontheSQLdatabase:

1. Openanadministratorcommandprompt.2. Runthefollowingcommand:msdtc-uninstall.3. Rebootthevirtualmachine.4. Openaseparatecommandpromptandrunthefollowingcommand:msdtc-install

<manager-service-host>(managerservicehostisoptional).

Onceeverythingisprepared,thedeploymentcanbegin,fromthispointon,itwillbeguidedandshouldbewellfolloweduntilthevalidationstep.

Togettheinstallationstarted,awebbrowserisneededtoaccessthenewlydeployedvRAvApp.

ToaccessthevRA7webinstaller,openabrowserandconnecttothefreshlyinstalledvRAapplianceusingthisformat:https://vra-a.yourdomain.local:5480

ThiswillopenthevRAappliancewebconfiguration,whichwillstartguidingyouthroughthefurtherinstallation.InordertoassistwiththeconfigurationoftheWindowsVMs/components,theagentneedstobedownloadedfromthevRAvAppanditneedstobeinstalledonallparticipatingvRAWindowsVMs.ThisensuresthatvRAcanconfigureandinstallmissingproductsusingtheagentrightatthemomentofsettinguptheportal,prettyneat.

Takenoteofallnamesandconfigurationsprovidedduringthesetup.SomeofthemwillberequiredafterwardtosetupvRAcorrectly.OneimportantnametowritedownisthevCenterendpointname.ItwillbesetupattheDEMworkerconfig.TheDEMwillhaveatextfieldtoenterthename(thedefaultisvCenter).ThisnameisrequiredtoaddtheendpointlatertovRA.ItcannotberetrievedfromtheDEMonceithasbeenset.Ifthisnameiswrong,vRAcannotsuccessfullyaddtheendpoint!

IfvRAfindsmissingconfigurationandpiecesontheWindowsVMs,itwillprovideanoptiontofixthese.ThisisaveryhandyfunctiontopreventconnectingtoeachWindowsVManddoingitmanually.Mostly,itworksfineandaddsthemissingconfiguration/roles/toolsdirectlytotheWindowsVMs:

Onceallthisissettledandsolved,thesetupwillsuggestmakingasnapshotofallcomponents(vRAappliance(s)aswellasallinvolvedWindowsVMs).Itishighlyrecommendedtofollow

thisinstructionforallcomponents.Thesnapshotwillbeusedasarollbackoptionincasesomethinghasgonewrongwiththesetup.Ifthisisnotdoneatthispoint,theentiresetuphastoberevisited.

AdvancedinstallationconfigurationOnceallcomponentshavebeensuccessfullysetup,itistimetocreatetheothernecessaryconfigurationforthecomponents.Inthecaseofasimplelabdeployment,nothingelsehastobedonehere.Inthecaseofanenterprisedeployment,theloadbalancerfortheDEMs,IaaS,andforthevRAapplianceVMshastobeconfiguredproperly.

Thisisrequired,sincetheusershouldonlyhaveoneunifiedURLtouse,nomatterwhethervRA-aorvRA-bisservingitsrequest.Theapplicationitselfiscluster-aware,sonoOSclusterhastobecreated;thisincludestheWindowscomponentsaswell.However,theSQLdatabaserequiredforvRAshouldalsobeclusteredusingMicrosoftbestpractices.RefertoyourSQLdatabaseadminsortheMicrosoftdocumentationformoreinfoonSQLclusters.

TheconfigurationoftheloadbalanceriswelldocumentedbyVMwareandwouldbetoomuchtobedescribedindetailhere.TheactualdocumentationforvRA7,includingtheloadbalancerconfiguration,canbefoundattheVMwaresupportsite.

Loadbalancerwhitepaper:http://pubs.vmware.com/vra-70/topic/com.vmware.ICbase/PDF/vrealize-automation-70-load-balancing.pdf

Aftereverythinghasbeensetupandcontrolled,besuretoremovethesnapshotsfromtheVMs.Atthisstage,vRAwillbefullyfunctionalfromaportalpointofviewandisreadytobeconfiguredforthefirsttime.

Oncethesetupiscomplete,thesystemwilltellyouthatthereisaspecialusertologontovRAnamedconfigurationadmin,usingthepasswordprovidedearlierintheinstallationwizard.ThisuserwillbethefirststepofconfiguringvRA;evenforthat,thereisanautomationVMwareisofferingrightinthefreshlyinstalledportal.

LoggingontothesystemwiththatuserwillbringupavRAportalandtherewillbeoneserviceunderCatalogwhichwillautomatethesetupandconfigurationofthefirstordefaulttenantofvRA.Eventhisstepcannowbedonewithafewsimpleclicksifdesired.Itisassimpleasrunningtheservice,puttinginallthenecessaryinformation,andwaitingforvRAtocompleteconfiguringitself.However,albeitthisisveryhandy,itishighlyrecommendedtofirstunderstandtheprinciplesincaseanythinghastobealteredoraddedmanually.

vRAconceptsIfthisisthefirstencounterwiththetool,itwillthrowalotofnewtermsatadministrators,yettobeunderstood.WhileitfollowsVMware'smethodologyandnamingconventions,thereareacoupleofthingswhicharenotusedbyanyothertoolintheVMwareecosystem.

vRA'slittlehelperBesidestheportalitself,vRArequiressomehelperservicestoactuallygetthingsdoneintheunderlyingenvironment.Duringthesetup,thoseareconfiguredandalignedtoworktogetherwithvRAtobeabletoautomatetheunderlyinginfrastructure.

DEMissometimesalsoreferredtoasthemanagerservice.Basically,thiscomponentisconnectingvRAtopossibledeploymenttargetsforVMs.ThiscanbevCenter(assuggestedduringthewizard-driveninstallationforvRA)butitcanalsobeotherhypervisortargetssuchasHyper-VorKVM.Besidesthat,vRAwillalsobeabletoconnecttoexternalcloudssuchasAmazonWebServices(AWS),vCloudAir(VMware),andMicrosoftAzure,aswellasOpenStackinstallations.MostofthesetargetsneedtohaveaDEMworkerconfiguredtoaccessthose.ThisconfigurationcaneitherbeaddedtoanexistingDEMoranewDEMforthesetargetstobedeployed.

Therearealsoso-calledDEMworkerswhichshouldalwaysbeinstalledonseparateVMs.UseatleasttwoDEMworkersforaproduction-gradeenvironment.

TheIaaSserver

Basically,thisisthewebservercomponentofvRA,whichprovidestheportalaswellasitsbasicfunctionality.Insmallenvironments,itcanbeinstalledtogetherwiththeDEMonthesameVM/OS.Inenterpriseenvironments,itistypicallyinstalledasaseparateVM.TheIISconfigurationisdonebythevRAsetuproutine,whichtakescarethatallrequiredfunctionsfortheportalareavailable.

vRealizeOrchestrator

vRealizeOrchestratorisoneofthemostimportantcomponentsinavRAsetup.ThevRAself-configurationserviceisbasicallyavROworkflow,whichisaddedasaso-calledXaaSservicetothefreshlyinstalledvRA.AnythingasaService(XaaS)basicallymeansthatanythingwhichcanbeautomatedcanbearequestableserviceinvRA.vROisincludedinthevRAapplianceorcanberunseparatelyasitsownvApp.Inlargeenvironments,itmakessensetoseparatevROfromvRAtosharetheloadofthetools.vROcanalsobeinstalledinanHAsetupandsyncitscontenttomultiplevROtiers.

TheInfrastructuretabUnderthistab,vRAofferstheinfrastructureoptionsandconfigurations.Dependingontheuserrole,itwilldisplaymoreorfeweroptionstobeconfigured.TheInfrastructuretabwillcovereverythingwhichhastodowiththeavailableresources,whethertheyarephysicalorcloudresources.

Endpoints

AnendpointisaninfrastructuretargetonwhichvRAcandeployVMs.ThefirstandmostimportantendpointwillbevCenter.TheendpointnamehastobeexactlythesameastheoneprovidedtotheDEMduringitssetup.Thismeansthenamewillalsobecase-sensitive.vRAcanhavemultipleendpointsincludingcloudsaswellasotherhypervisors.Endpointswillactuallyformtheso-calledinfrastructurefabricfromwhichresourcescanbecutoutintheformofreservationsandofferedtoportalusers.

ComputeResources

EitherbyhighlightinganendpointandhoveringoverthearrowsymbolorbyclickingontheResourcesmenuattheleft-handpan,theportalwilldisplayallcurrentlydiscoveredresources.IntermsofvCenter,thesewillbevSphereclusters,includingtheirstorageconfigurationsuchasdatastoresorevendatastoreclusters.Inthismenu,resourcesfromanendpointcanalsobeexcluded.

ThisespeciallymakessenseifthemanagementclusterispartofthesamevCenter,butshouldnevershowupasaresourceavailabletoendusersinvRA.Inthiscase,itcanbesimplyunelectedbyun-tickingthebox:

Reservations

Thishandlesthereservedcapacityforatenant/businessgroupbasedontheactualavailableresources.Forexample,notallresourcesfromtheclustermightbemadeavailableforagivenaudience:

Resources:Clusterhas4TBofmemory,20TBofdatastores,and120GHzofCPUavailableReservation:Clusterhas2TBofmemory,5TBofdatastores,and70GHzofCPUavailable

ThisreservationwillbeenforcedbyvRAandisunknowntovSphereorvCenter.Also,ithasnothingtodowithresourcepoolreservations.However,avSphereresourcepoolcanalsobechosenasaproviderinsteadofanentirecluster.Theideaofareservationistoguaranteeaselectpartoftheinfrastructurefabricwithoutexposingallofitscapabilities.Reservationscanbedynamicallyincreasedandshrunk.

ManagedMachines

Underthisoption,vRAwilllistallcurrentmanagedVMsdeployedusingtheportal(orimported).ThisisespeciallyusefulsincenotalluserswillseeallVMsdeployed,theywillonlyseetheirownVMs.Ifthereisanincidenttoanalyze,anadministratorwiththeappropriaterole

assignedcouldusethistotracewhethervRAisabletoreachtheVM.Besidesthat,itwillalsolisttheownerandthestateofalldeployedandcurrentlymanagedVMsforquickidentification.

TheAdministrationtabUnderthistab,vRAprovidesglobaland/ortenant-relatedadministrationoptionsdependingontheuser'srole.Theseoptionscontroltheglobalconfigurationofatenant.ThisincludesconnectingtoanAD,definingdefaulthostnames,andconfiguringbusinessgroups,aswellasothersettings.

ApprovalPolicies

Approvalsareimportanttokeepanautomateddatacentercleanandstructured.Ifeverythingwasfreeandinstanttodeploywithoutapprovals,userswouldkeepcreatingmachinesuntilthedatacentereventuallyranoutofspace.Therearealsoprocessandregulatoryreasonstohaveapprovalpolicies.Thismenuwillallowapprovalstobedefinedbasedonvariousdifferentconditions.

Approverscanbedefinedbyusernameorgroup;additionally,vRAcantrytofetchthemanagerofarequestinguserrightfromAD.

Approvalsaredistinguishedintwomajorgroups:preapprovalsorpostapprovals.Preapprovalsarerunbeforearequestisprocessed.Therewillbenoprovisioninguntiltherequesthasbeenapproved.

Postapprovalsareissuedaftertherequesthasbeenprocessed.Iftheapproverdeniestherequest,allprovisionedresourceswillbedeletedinstantly.Bothcanbeusedatthesametime.Therearescenarioswhereitmakessensetousebothtypesofapproval.

Ifthetechnicalapproverneedstoensurethatarequestcanbefulfilledtechnicallyorcapacity-wise,itwillmakesensetoaddthisasapreapproval.Ifthereisafinancialdecision-makerwhoneedstoapprovetheuseofresources,itmightmakesensetodothisaftertheresourcehasbeenprovisioned.Bydoingthat,itwillbeinstantlyavailabletotheuser/groupafterithasbeenapproved.

Finally,approvalscanbesetonmanydifferentactionsanditemsinvRA,fromcreatingsnapshotstodeployingmachines,allthewaytodestroyingadeployment.Alltheseactionscanhavedifferentapprovalrulesaswellasdifferentapprovers.

Notonlycanthedifferentcategoriesbeapproved,butapprovalswillalsobeabletobesetbasedonconditions.Forexample:

2vCPUand4GBRAMrequiresatechnicalpreapprovalTheservicehasbeenrequestedtwotimesinsteadofoneTheserviceisexceedingacertaincostlimitTheserviceiscomingformadistinctuserorgroup

Also,aconfigurationispossiblewhereallapproversneedtoapprove,oranyapprovercandothis.

DirectoriesManagement

ThissettingensuresthatvRAcanbeaddedtoauserdirectorysuchasMicrosoftActiveDirectory.ItisusedtobrowseusersandgrantaccesstocertainvRAfunctionalities.Directoryaccesscanbesetonaper-tenantbasis,whichmeansthateverytenantcanbeconnectedtoadifferentuserdirectory.Thisensuresthatseparateorganizationscanusetheirownuserdirectoryanddonothavetoduplicatethisdataintoanylocalportaluserdirectory.

HerealltheusersandgroupsgetmatchedtovRA'srole-basedaccessmodel.Thereareseparaterolesinthesystem,fromasimpleusertoadesigner,aswellasatenantadmin.Accordingtotherole,theycanaccomplishdifferenttasksinvRA:

User Role

Systemadministrator

(Doesnotfollowthemultitenancyconcept)

Thisroletypicallyownstheentireconfiguration.Itwillensurethatnewtenantsarecreatedaswellasnewusersgetassignedtothesetenantsastenantadministrator.

IaaSadministrator

(Doesnotfollowthemultitenancyconcept)

Thisroletakescareofalltheattachedresourcessuchascloud,vSphere,network,andsoon,andwillorganizeitintotenant-levelfabricgroups.Thesecanthenbepointedtowardfabricadministrators.

Tenantadministrator

(Doesnotfollowentirelythemultitenancyconcept)

Typically,thisroleisclosetothebusiness.Itisresponsibleforconfiguringthetenant,includingitsbranding,aswellasaddingtenantusersandgroupmanagement.Also,resourceusagecanbetrackedbythetenantadministrator,whocanthenusethisdatatotriggeraresourcereclamationrequest.

Fabric

Responsibleforthemanagementofphysicalmachinesandcomputeresourcesassignedtotheirfabricgroups.Theyalsotakecareofthecreationandmanagementofreservationsandpolicieswithintheirtenant.Additionally,they

administrator managepropertygroupsaswellasthemachineprefixesandthepropertydictionarythatareusedacrossalltenantsandbusinessgroups.

Blueprintarchitect

(Doesnotfollowentirelythemultitenancyconcept)

Thisrolecancreateblueprintsdesignedfortheconsumertoberequestedthroughtheservicecatalog.Typically,thisroleisassignedtoITarchitectswithinanorganization.

Catalogadministrator Managestheservicecatalogsandalsodecidesthenewservices.

Approvaladministrator

Managesapprovalpolicies.Thesecanbeaddedtocatalogsanddefinewhatarequestorcanorderwithorwithoutanapproval.

Approver Canapprovecatalogrequestsfromotherusers.

Businessgroupmanager

Managesoneormoreso-calledbusinessgroups.Aspartofthis,theycanentitleusersorgroupsintheirtenant/businessgrouptoservicecatalogs.Also,theycanrequestandmanageitemsonbehalfoftheusersintheirbusinessgroup.

Supportuser Theycanrequestandmanagecatalogitemsonbehalfofotherusersintheirgroup.Typicallyfulfilledbysupportadministratorsaswellasoperators.

Businessuser

Thisisthetypicalconsumerrole.Theycanrequestservicesfromacatalogandmanagethoseprovisionedresourcesintheportal.

Ofcourse,theserolescanbecombinedaswell.Therearesomenotablesideeffectswhencombining,sothisfeatureshouldbeusedwithcare.Onesideeffectisthatifthefabricadministratorroleiscombinedwithasystem-widerolesuchasIaaSadministrator,itcancontrolallthefabricitemsforALLtenantsinthesystem.System-widerolesarecommentedwithDoesnotfollowmultitenancyconceptinthistableforbetterunderstanding.

Theblueprintarchitectrolecanseeassetseveniftheyarenotpartofthetenantitislocatedin.Indetail,ablueprintarchitectcanseeallreservationpolicies,storagereservationpolicies,

networkprofiles,machineprefixes,propertydictionaryaswellasbuildprofiles.Again,theycannottamperwithassetsnotbelongingtotheirtenant,buttheyhaveasortofreadallability.Thisiswhythisroledoesnotfollowthemultitenancyconceptentirely.

Thetenantadministratorrolehasasimilarcapabilityifafabricgroupissharedamongdifferenttenants.Eventhougheachtenanthasitsownreservations,thetenantadministratorcanseethereservationoftheothertenants.Again,read-only,butitisrevealed,though.

CatalogManagement

vRAorganizesServicesinso-calledcatalogs.Theycanbeseenascategoriesandthereforeholdmayservicesofakind.Catalogsareusefultoorganizetheserviceofferings,butalsotogivetherightusersorgroupsaccesstotheirservices.Insteadofentitlingeachandeveryservice,thewholecatalogcanbeentitled.

Categoriesofcatalogsmaybe:

InfrastructureasaService:OSdeploymentsofVMsormultipleVMswillbeaddedtothiscatalogPlatformasaService:ApplicationdeploymentsincludingOSdeploymentswillbeavailableunderthiscatalogDirectoryservices:IfthereisanyADself-serviceforusers,thismighthavebeenshownhere

PropertyDictionary

vRAmaintainsadictionaryofproperties.Thosecanbeusedasinputsfortheservices.Typically,propertiesholdinformation,whicharerequiredforpreorpostprocessingofservicerequests.ThisinformationcanbeusedtorunavROworkflowoncetheVMisdeployed,ortoaddacustomhostnameduringprovisioning.Also,theycanbeusedtoinstructthevRAagent,alsoreferredtoastheGuestAgenttoruncertainscriptsaftertheVMdeployment.AllusablevRAbuilt-inpropertiesandtheirmeaningcanbefoundinthevRAinstallationdocumentationfromVMware.ItishighlyrecommendedtomakeyourselffamiliarwiththoseinordertousethefullpotentialofvRA.

Additionally,propertiescanalsobeuser-definedtoaskforspecificsettingstobeusedinvRealizeOrchestratorworkflows.Itisrecommendedtouseauniquepresettoquicklyidentifycustomproperties,also,thishelpstopreventusingsystem-widepropertiesinsteadofcustomones.

ClickonPropertyDefinitionstodefinecustomproperties.Also,apropertygroupneedstobedefinedinordertousecustompropertiesinblueprints.Thisisjustalogicalcontainertowhichmultiplecustompropertiescanbeadded.

Reclamation

Thisisbasicallythefunctionalitytoreclaimso-calledwastedspacefromtheenvironment.If

vRealizeOperationsisused,itcanbeconnectedtothisserviceandwilldeliverdataandsuggestionsonVMswhichcanbereclaimed.Areclamationrequestcanbestartedatthismenubasedonthedataprovided.IfvRealizeOperationsisnotused,vRAwilluseitsownalgorithmtodisplayreclaimableVMs.

Branding

Foratenantadmin,thisiswherethelookandfeeloftheportalcanbechangedtosupportanycustomeridentity.Colors,logos,andtext,aswellastheloginscreenandevenalogonboxcanbecustomizedtofullyblendintoanorganizationalenvironment.Thesecustomizationscanbedonepertenant.

Notifications

Underthismenu,mailserversforinsideandoutsidenotificationscanbesetup.vRAwillsende-mailstowardusersforallkindofevents.Typically,thoseincludetheexpirationofaservice,orifsomethingisnotgoingasitshould.Theserversandthee-mailaccounttouseforthesemailingscanbesethere.Also,undertheScenariossubmenu,allthenotificationactionscanbeactivatedorsuspended.Thisisespeciallyimportantifapprovalsshouldalsoworkwithe-mailreplies,therefore,thissettingshouldbeconfiguredverycarefully.

Events

ThiscanbeusedtodisplayeventlogsofvRA.Inthislistview,allvRAeventsaredisplayedplusadditionalcontent.Itcanbeseenastheaudittrailoftheentirecloudportal.Itisusefultoanalyzeortroubleshootuserrequests.

ThesecondmenuiscalledSubscriptionsandcontainsaverypowerfuloptionofvRA7.Inpreviousversions,VMprovisioningcouldbetweakedbyaddingso-calledworkflowstubs.ThesestubsareboundtospecificVMdeploymentstatessuchaspreapproval,postapproval,provisioning,ordeleting.Theseworkflowstubswereusedtoaddthird-partysystemfunctionalitysuchasIPAMfunctionalityorimplementingabackupworkflow.

However,invRA7,theseworkflowstubshavebeenreplacedwithso-calledsubscriptions.Thesearemoreflexibleandcanbeaddedeasierthanworkflowstubs,sincevRAcandecidetorunthembasedonaseriesofcriteria,whichtheusercanset.Thesecanalsoincludecustomproperties,whichmakesiteveneasiertoruncustomizationworkflowsduringaVMdeployment.

vROconfiguration

ThisisthepartwherethevRealizeOrchestratorinterfaceissetup.UnderServerConfiguration,itcanbedecidedtouseanexternalvROinsteadofthebuilt-invROserver.Inlargeenvironments,itisrecommendedtohaveatleastoneexternalvROserverforexecutingallthenecessarycustomizationworkflows.Also,ifvROisalreadyusedfordailyautomationinanenvironment,itmakesalotofsensetousethesamealsoforthecloudautomation.

TheembeddedvROcomeswithaseriesofpluginspre-set-upalready.ThesearenecessarytouseallfeaturesofvRA7integration,suchasNSX.IfallthesepluginsneedtobetransferredtotheexternalvRO,thereisasimpletrickhowtodownloadthese:

1. OpenWinSCPoranotherSCPcopytoolofyourchoice.2. ConnecttothevRAapplianceusinguserrootandyourchosenpassword.3. Navigatetothefollowingdirectory:/usr/lib/vco/app-server/plugins.4. Allplugin.darfilescannowbedownloadedandimportedintotheexternalvRO.

vRAconceptsSomeofthevRAconceptshavebeenalreadyaddressedinChapter4,SDDCDesignConsiderations.However,thereareafewconceptsofvRAwhicharecriticaltounderstandinordertocreateasoundconfigurationoftheportalanditsfunctionalities.Themostimportantconceptistheserviceconcept.ItcanbeseenasthecentralpointofvRAandthereforeshouldbewellunderstood.

vRAorganizesdeploymentsinso-calledservicesandservicecatalogs.AserviceisfarmorethanjustoneVM;itcanconsistofvariousdifferentconstructs.However,aservicealwaysstartswithablueprint.

AsaServicesynonymsInthecloudspace,therearemanyasaServicedefinitionsaround.Unfortunately,notallofthemmeanthesamething,eveniftheyusethesameacronym.ThisisalistofthemostpopularandmostusedacronymsandhowtheyaretranslatedintovRA.

InfrastructureasaService(IaaS)andisprobablythemostpopularcloudabbreviation.Normally,iforganizationsrefertoIaaS,theymeansimpledeploymentssuchasasingleVMwithorwithoutanoperatingsysteminstalled.Orabaremetaldeployment,alsowithanoperatingsysteminstalled.Itshouldcoverallconfigurationandinstallationstepsforthosedeploymentsuntilitcanbefullyusedbyanenduser.Inmostofthecases,thisisthesimplestwaytostartwithautomation,eventhoughtherearehiddencaveatswiththismethod.

However,thisisthemoststandardterm,sinceitalwaysmeanstoprovisionsomeinfrastructure-relatedservicesperauser'srequest.

InvRA7,IaaSisoftenreflectedusingVMtemplatestoclonenewVMs.However,someorganizationsprefertousePXEbootenvironmentsinordertodeployVMsandkeepusingtheirlegacyprocesses.Thiscanbeimportantincombinationwiththird-partyapplicationinstallationframeworkssuchasPuppetorSalt.

PlatformasaService(PaaS).Thistermisprobablythemostmisusedterminregardstocloudcomputing.Theproblemis,aplatformisnotawell-describedasset.Itcanbealotofthingsandthereforetheabbreviationisusedforalldifferentcaseswherevendorsororganizationsthinkitmightbeagoodfit.EspeciallyintheDevOpsworld,thistermhasanentirelydifferentmeaningfromatechnologypointofview.

HereareafewexampleswherePaaSmightbeused:

AservicedeploymentcontainstheOSaswellastheapplicationlayerformultipleVMsAservicedeploymentcreatesaVMincludingOSandSQL-DBconfiguration,readyforotherVMsconnectingtheDBAservicedeploymentcreatesanentireJavadevelopmentenvironmentAplatformwhichrunsaJavaenvironment,readytorun.jarpackagesondemandAplatformwhichrunsaJavaenvironmentincludingevenNo-SQLDBsandallothernecessarycomponentstorunJavaprograms

ToavoidalostintranslationissuewithPaaS,itisalwaysrecommendedtounderstandtheexpectationsaswellastheusecase.Oncetheseareclear,themutualunderstandingofPaaSmightbeclearaswell.

InvRA,currently,PaaSisexecutedasapplicationinstallationondemandusingapplicationautomationservices.

XaaSisbasicallyaVMwaredefinition.ThemeaningofthisistounderlinetheadvancedfunctionalitiesofvRAinconjunctionwithvRealizeOrchestrator.AnythingcanbasicallyrunasaworkflowonOrchestratorandthereforecanbebroughtintovRealizeasaXaaSblueprint.

vRAhasitsownmenusectiontodefineXaaS.TheworkitselfisdonebyvRO,whichmeansthatalsotheworkflowmustbepre-existingtobeincludedinvRA.

EverythingwithanAPIcanbeautomatedandturnedintoarequestableXaaSinvRA'sservicecatalog.ThatcanstartwithanADadd-onfunctionsuchasaddingnewusers,allthewaytocallingnon-VMwarehardwaretostartup/installanOS.

InvRA,XaaSisusedtodirectlyincludeandrequestvROworkflowsintheportal.

BlueprintsInvRA,blueprintsarethebuildingplansofservices.Basically,theycanbeseenastemplatesforVMdeployments.However,theycancontainfarmorethanjustVMstodeploy.AcomplexblueprintcandeployVMs,networks,securitysettings,andfirewallrules,aswellasloadbalancersandmore.

InvRA7,VMwarehasintroducedabrand-newblueprintdesigner.ThisdesignerisalsoknownastheConvergedBlueprintDesignerandcombinesafantasticnewfeatureofvRA7,multiendpointblueprints.Inthepast,itwasnotpossibletohaveblueprintsdeployingmachinesorservicesindifferentinfrastructurefabrics.EachblueprintwaslockedtoanendpointinvRA.Inordertoachievethat,therewasaseparatemodulecalledapplicationautomationwheredifferentvRAblueprintscouldformanapplicationblueprintwhichwouldhavethatpossibility.

However,invRAIaaS,withouttheapplicationautomationcomponent,thatmeantthatifablueprintwasmadeforvSphere,itcouldnotbeusedforAWSorHyper-Voranyotherendpoint.

InvRA7,VMwaredecidedtoworkaroundthatlimitationbyallowingalsoIaaSblueprintsincludingmultipledifferenttargets.SoevenanIaaSblueprintwithtwoVMscannowbedeployedon,forexample,vCloudAirandvCenteratthesametime.Itwillbepresentedintheportalassingleservice.

However,forsingleVMs,thelimitationstillexistsandusersmightseeaportalwheretherearethreedifferentWindowsVMs:oneforvSphere,oneforAWS,andoneforvCloudAir,forexample.

Toeasethewholeprocess,though,VMwaredecidedtocreatetheConvergedBlueprintDesigner,whichcancombinedifferentendpointtargetsaswellasapplicationautomationtasks:

VMwaretypicallyhasdifferentcategoriesforservicesorblueprintsinvRA.Eachofthesecategoriesreferstoaverydifferenttypeaswellascoveringdifferentfunctionalityandusecases.

Singlemachineblueprints

Thisistheeasiestblueprintconfiguration.Asthenameimplies,itreferstoasinglemachineplusthenecessaryadditionsuchasanetwork.ThequickestwaytoprovisionavirtualmachineisusingvCentertemplatesintheblueprint.However,vRA7supportsmanyotherpossibilitiessuchasWMI(Windowsimagefile)andKickstarter,aswellasusinganexternalvROworkflowformachineprovisioning.ItdependsontheprocessesandstandardsrequiredtoprovisionVMs.Whatevermethodmaybepreferred,ablueprintinvRAcanbeconfiguredtousethismethodandautomateallthesteps.Eventhoughitmightbearelativelyslownetworkinstallation,theaddedautomationwillstillenhancetheoverallprocess.

Multimachineblueprints

Similartosinglemachineblueprints,theycanhaveadifferentdeploymentmethod.ThemaindifferenceistheycanhaveadifferentdeploymentmethodperVMusedintheblueprint.IfsomeVMsmightendonacloudversusothersmightbedeployedinternally,theycanandmusthavedifferentdeploymentmethods.Allthiscanbeconfiguredinaunifiedblueprintbyusingtheeditor.

IfVMsshouldbeprovisionedoutsideofvCenter,itisimportanttomakesurethatthechosenprovisioningmethodisalreadyworking.Forinstance,ifcloningfromatemplateischosenfor

vCloudAir,thetemplateshouldbealreadyconfiguredandreadyinvCloudAir.ThesameistrueforvCenterandotherendpoints,ofcourse.

Iftheprovisioningmethodisset,usingthegraphicaleditorcanalsosettheorderinwhichtheVMsaregoingtobeprovisioned.Thismightbeimportantifsoftwarecomponentsareinstalledaswellonthemachines.Todefinethis,thegraphicaldesignerhasafunctiontodrawanarrowfromthedependentmachinetothecomponent/machineitdependson.Thiscanbedonebyclickingonthelittleroundiconappearingintheupper-leftcorneroftheVM.

Thedependentmachinewillbedeployedafterthedependingcomponentisfullyavailable.Inthefollowingfigure,theAWSmachinewillbedeployedafterthevSpheremachineisupandrunning:

Applicationautomation

BeforevRA7,applicationautomationwasaseparateservice,runningonaseparatevirtualappliance.Blueprintshadtobelinkedwiththisservice,whichthencouldusethislinktoprovideaGUItomanageandinstalladditionalapplications.ThishasnowbeenmergedintothegeneralblueprintdesigninvRA7.

TheheadingSoftwareComponentsunderCategoriesinthetop-leftcornercontainspredefinedsoftwareinstallments,readytobeusedinblueprints.Beforetheycanbeselectedthere,theyhavetobesetupinvRA7.

Thesearethestepstosetupasoftwarecomponent:

1. OpenthevRAportaleitherasconfigurationadminorasanotheruserwithanappropriaterole.

2. ClickontheDesigntabandthenonSoftwareComponents.3. ClickontheNewbuttontoaddanewcomponent.

4. Giveadescriptivename(IDgetsauto-generatedfromthename).5. Selectthecontainertype,forexample,Machine.6. Providepropertiesifnecessary,forexample,databasename,username,password,andso

on.7. Under3.Actions,providethenecessaryinstallationactions.ThesecanbeeitherInstall,

Configure,Start,orUninstall.AllofthesecanbeusingeitherBashorPowerShellorCMDscript,dependingonthesoftwareandOSitshouldrunon.Typically,theinstallationscriptisalsodownloadingthesoftwaresourcepackage.

8. ProvethenewlyaddedsoftwarecomponentandclickFinishtosaveit.9. Inordertobeusablebyblueprintarchitects,itmustbepublished.Thisisdonebyselecting

itandclickingonthePublishbutton.

ThecontainertypedefineswhatvRAwillallowtobedonewiththisapplication.Furthermore,ittellstheGUIwhereandhowthesoftwarecomponentcanbeused.TherearethreedifferenttypesavailableinvRA:

Machinecomponent:Thismeansthesoftwarecanbeinstalledonamachineonly.Itisnotpossibletoinstallthissoftwareontopofothersoftwareinstallments.Softwarecomponent:Inthiscase,thesoftwareismeanttobeinstalledonother,alreadyrunningsoftwarecomponents,forinstance,likeawebserversetupontopofanalreadyinstalledApacheWebServer.Namedsoftwarecomponent:Thisallowsoneofthealreadydefinedcomponentstobepicked.Thissoftwarewouldthenbeanaddition/installmentonlyforthiscomponent.Thiscanbe,forexample,aJavaprogramtobeinstalledontopofthebasicbutspecificJavainstallation.

Ifthereisnosoftwarecomponentdefinedyet,onlytwooptionswilldisplay-MachineComponentandSoftwareComponent,sincetheNamedSoftwarecomponentneedstobepresentbeforeitcanbeselected.

Typically,theusedscriptsfortheactionsarepre-existingfortheselectedsoftware.Theapplicationteammayalreadyusethesescriptstoconductunattendedinstallations.Toeasethereuseofthesescripts,vRAsupportsthemostusedscriptinglanguages,suchasPowerShell,Bash,andCMD.

SampleconfigurationsThissectionwilldescribehowtoconfigureablueprint,addittoaservicecatalog,andmakeitorderableforusersinagivenbusinessgroup.Itwillcoverthefollowingpointsingreaterdetail:

CreatingandpreparingatemplateinvCentertobeusedforablueprintCreatinganetworkpooltobeusedwithapre-existingVLANCreatingasetofpropertiestobeusedwiththeblueprintCreatinganIaaSblueprintforaVMPublishingtheserviceforagivenbusinessgroup(entitlements)

TemplatepreparationinvCenterBeforetheblueprintcanrelyonthetemplate,afewthingshavetobecheckedinvCenterinordertomakeitasuccessfulandstraightforwarddeployment.Hereisalistofthingswhichshouldbeconsideredforthetemplate:

ThemostrecentVMwaretoolsshouldbeinstalledinthetemplateThevRAGuestAgentshouldbeinstalledsuccessfullyinthetemplateIfitisaWindowstemplate,itshouldNOTbepartofadomain(onlyaworkgroup)ForWindowsorLinuxVMs,thereshouldbeavalidcustomizationspecificationavailableinvSphere.Thetemplateshouldhavealimitedsize,forexample,40GBforWindowsServer2012-withonedisk.Ofcourse,thisdependsalsoonprocesses,standards,andpoliciesfromtheorganization.Allnecessarysoftwarewhichcanandshouldbepre-fittedisalreadyinstalled(forexample,AVscanner,backupclient,andsoon)

Thepartwiththecustomizationspecificationispossiblyoneofthemostimportant.EspeciallyforWindowsVMClones,itisimportanttohavethisreadyforvRA.ThiswillbeusedwitheverydeploymentandensurethatallWindowsVMsarecorrectlyactivatedandaddedtothedomainifnecessary.

However,alsoforLinux,thosespecificationsettingsareimportant,sincetheytakecareofresettingtheinterfaceconfiguration(ifcfg)filestoensurethenetworkcomesupcorrectly.AdetailedinstructiononhowtosetupaspecificationsettingcanbefoundintheVMwarevSpheredocumentation.

Makesuretonotethenameofthespecification;vRAwillreferenceitbythenameonly,whichisofcoursealsocase-sensitive.

CreatinganetworkpoolNetworkpoolsarerequiredtoattachthedeployedVMtoapre-existingLANenvironment.Typically,theydescribeaportgrouponvSphere.However,itisrecommendedtoeithernamethemidenticallytotheportgrouptheyattachto,oratleasteasilyidentifiable.

NetworkpoolscanadditionallycontainreservedIPaddresses.Inasense,vRAdeliversapoorman'sIPAMwhereablockofIPscanbereservedforvRAandeverytimeaVMisdeployeditwillgetanIPoutofthislist.ThisistypicallyusedinlegacyenvironmentswithoutNSXpossibilities.

Also,theuseofanexternalDHCPissupported;inthiscase,noIPsarereservedandtheVMsarejustdeployedrelyingontheexternalDHCPtodeliveranIPaddress.Also,itispossibletointegrateanIPAMserviceusingvROworkflows.

InvRA7.2,theInfobloxintegrationworksoutofthebox:

Tocreateanetwork,pleasefollowthesesteps:

1. OpenvRAandlogonwithaprivilegeduser(atleasttenantadmin).2. ClickonInfrastructureandthenonNetworkProfiles.3. ClicktheNewbuttonandselectExternal.4. Provideadescriptivename-bestpracticeistoincludetheVLANIDifany.5. ProvidetheVLANaswellassubnetinformationforthepool.6. ClickonIPRangeandenteravalidIPrangeforyournetwork,forexample,192.168.0.2

-192.168.0.250.

7. Savetheconfiguration.

Beforecontinuing,ensurethatthenewlycreatednetworkpoolisassociatedwithavSphereportgroupundertheInfrastructure|Reservationstab:

8. ClickontheInfrastructuretab.9. ClickonReservationsintheleft-handmenu.10. Choosethereservationregardingyourtenant.11. ClickontheNetworktab.12. Checkthenetworkpath(VDSportgroup)whichrelatestothecreatednetworkprofile.13. ChoosetheNetworkProfileinthedrop-downlist.14. ClickOKtosavetheconfiguration.

CreatingasetofpropertiesAsdescribed,propertieswillbeusefultointegratethird-partysolutionssuchasbackup.Let'screatearetentionpolicyproperty,wheretheusercouldchoosehowlongthemachinewillbekept:

1. OpenvRAandlogonwithaprivilegeduser.2. ClickontheAdministrationtab.3. ClickonPropertyDictionary.4. ClickonthePropertyDefinitionsmenuontheleft-handside.

5. ClickontheNewbuttontoaddtheproperties.6. Enteradescriptivepropertyname,remembertousecustomprefixessuchasExample-note

thatthelabelcanbedifferentthanthename!7. Chooseadatatype,forexample,String.8. Definethedisplayadvice,forexample,Dropdown.9. ChoosePre-DefinedValues.10. Enterthedesiredbackupretentionvalues,forexample,1month,3months,1year.

Createapropertiesgroupifnotalreadypresent.Thiswillenablethepropertiestobeusedalsoinblueprintsbyaddingsimplythepropertiesgroup.Toaddagroup,followthesesteps:

1. ClickonPropertiesGroupintheleft-handmenu.2. ClickontheNewbutton.3. Provideadescriptivename(maybewiththesameprefixastheproperty).TheIDgets

generatedautomaticallyoutofthename(needstobeunique!).4. InthePropertiesfield,clickonNewandusetheselectortochoosethepreviouslycreated

property.5. ClickonShowinRequestsotheuserisabletochoosefromthepropertyvalues.6. ClickOKtosavetheproperty.7. ClickSavetosavethepropertygroup.

CreatingtheIaaSblueprintNow,sincewehavecompletedallthepre-work,thedesignoftheblueprintitselfcanbedoneusingthepreconfiguredassets.Inthiscase,itwillbeaWindows2012blueprintwhichwillbeaddedtoadistinctnetworkinapresetVLAN.Forbackupoptions,therewillbeaselectableamountofretentionperiodfortheuserinthestepsof1month,3monthsor1year:

1. OpenvRAandloginwithaprivilegeduserholdingatleastthedesignerrole.2. ClickonBlueprintsintheleft-handsidemenu.3. ClickontheNewbutton.4. Provideadescriptivename,suchasWindows2012.5. Giveitadescription;thiswillbeseenbytheuserrequestingtheservice.6. SetArchivedays.7. Settheminimumandmaximumleasetime:

Archive(days)willbethetimeframeduringwhichvRAkeepstheVMonadisk,eveniftheVMhasexpireditslease.Itcanbesetto0,whichmeansifaVMexpires,itgetsinstantlydeleted.

8. UnderthePropertiestab,clicktheAddbuttononthePropertygroupstabandselectthepreviouslysetupPropertiesgroup.

9. ClickOKtogettothegraphicaldesigner.10. InthedesignerUI,dragavSphereMachinefromtheleft-handsideintothecanvas.11. Inthetop-leftcorner,attheCategoriesarea,clickontheNetworkandSecurityoption.12. DraganddropanExistingNetworkintotheblueprint.

13. Clickonthenewlyaddednetworkicontoopenitspreferencesatthebottomofthecanvas.14. UnderGeneral,clickonthebuttonandchoosethepreviouslycreatednetwork.15. ClickonthevSphereMachineonthecanvastoopenitspreferencesatthebottomofthe

canvas.16. IntheGeneraltab,provideanID(nospaces)aswellasadescription.17. SelecteitherGroupDefaultorapresetmachinenameprefixfromthedrop-downfield.18. Settheminimumandmaximumcountofinstancesallowedintheblueprint.Leavingthat

blankisequivalenttonolimit.

Afteryouhaveaddedallthis,itistimetoconfiguretheinstallationmethodfortheblueprint.Thereshouldbeatemplateintheenvironmenttouse;thisishowtoconfiguretheblueprintinstallationleveragingvSpheretemplates:

1. ClickontheBuildInformationtab.2. SelectCloneintheActiondrop-downmenu.3. UnderClonefrom,clickonthebuttonwiththethreedotstotheWindows2012template

fromthevCenterendpoint.4. UnderCustomizationSpec,writeexactlythenameofthevCentercustomizationspec,

includingupper-andlowercaselettersandpossiblespaces.Tip:GotopoliciesinvCenter,selectit,andcopyandpastethenametopreventtypos!

5. UndertheMachineResourcestab,theminimumandmaximumvCPU,memory,andstorageconfigurationcanbeset.

6. UndertheStoragetab,thetemplatediskshouldshowupasagiven.Themachinecannotbesmallerthanthetemplatedisksize.Additionaldiskstoaddcanbeconfiguredhere.

7. ClickontheNetworktabandthenontheNewbutton.8. SelecttheaddednetworkyourVLAN-asassignmenttype,selectDHCPandclickOK.This

willensuretheVMgetsaVLANfromthepreviouslycreatedpool.9. ClickSaveandthenFinish.10. Theblueprintissuccessfullyconfigured:

PublishingtheblueprintasaserviceNow,sincetheblueprintisconfiguredandusingalltheotherservices,itistimetopublishit.Thislaststepwilladdittothecatalogandthereforeitcanberequestedbyusersondemand:

1. WhilestillloggedontovRA,intheDesigntab,selectthenewlycreatedblueprint.2. ClickonPublishintheheadingrow.3. TheblueprintstatuswillchangetoPublished.

Now,sincetheblueprintispublished,itcanbeseenunderCatalogItems.Toaddittoacatalog,dothefollowing:

1. ClickontheAdministrationtab.2. SelectCatalogItemsintheleft-handmenu.3. ClickonthenewlyaddedWindows2012blueprint.4. Inthesettingsscreen,pickaservice(probablyIaaS)andselectaniconforyourblueprintif

applicable.5. ClickNewandnoteworthytomakethenewlyaddedservicestandout:

SummaryCongratulations,thiswastheconfigurationofyourfirstblueprint,includingadvancedparameters;thenewserviceisnowreadytobeorderedusingthecatalogmenu.ThisconcludesthechapteronvRA.Itwasmeanttoprovidepowerfulinsightsofwhatthistoolcanachievewiththerightconfiguration.

Althoughitisimpossibletodescribeeveryfunctioningreatdetailinthischapter,thisshouldbeanoverviewofthemostimportantfunctionalities.Finally,thechapterconcludedinaseriesofsampleconfigurationstocreateafirstWindowsserviceblueprintforapre-existingcatalog.

Inthenextchapter,thefocuswillbeonvRealizeOrchestrator.ThisisthepowerfulcounterparttovRAandwillenhancethedeploymentofVMsbyrunningindividualworkflowsbasedonproperties.Also,itcanbeusedtocreatecompletelynewservicesbasedonworkflowswhichwillbeimportedasXaaSservicestobeorderedusingthevRealizeportal.

Chapter6.vRealizeOrchestratorAllinfrastructureautomationneedsacentralelementwhichcontrolstherestoftheinfrastructure.InaVMwareSDDC,thisroleisfulfilledbyvRO.

ButvROdoeswaymorethancontrollingthevirtualcomponentsoftheSDDC.ItcanbeusedtocontrolliterallyanythingwithanAPIandadescriptionofhowtouseit.Inatypicaldatacenter,thereisalmostneveragreenfieldinstallationpossible.Thismeansevenifeverythingisrestartedfromscratch,thereisalmostalwayssomeservice,process,ortoolwhichrequiresintegration.Beitforbilling,formonitoring,orjustforsimpleIPaddressmanagement,integrationiskey.

ProbablyoneofthebestargumentsforvROisitsprice.VMwareincludesvROineveryvCenterlicense,withoutanyadditionalcharge.

Moredocumentation,plugins,andinfoaboutvROcanbefoundhere:http://www.vmware.com/products/vrealize-orchestrator.html

Besidesthat,itisamatureandversatileorchestrationplatform,whichofferswaymoreintegrationthanonlytheVMwareecosystem.vROcanbeextendedbyusingso-calledplugins.ThesecanbedownloadedfromtheVMwaresolutionexchange.Also,uploadsarepossibletothisspace.ItcanbeconsideredasvRO'sappstore.Pluginsmaybefreeofchargeorcomewithlicensing,whichdependsonthevendorandthefunctionoftheplugin.Often,hardwareorsoftwarevendorsprovidetheseforfreewiththeirsolutions,buttherearealsofamousexampleswhereapartnerhascreatedapluginforacertaintoolandchargescustomersalicensefeeforusingitinvRO.

vRealizeOrchestratorprinciplesanditsbasicdatamodelWorkflowcreation101IntegrationbetweenvRealizeOrchestratorandvRealizeAutomationSamplevRealizeOrchestratorblueprintintegrationconfigurationvRealizeOrchestratorandexternalservices(XaaS)

vRealizeOrchestratorprinciplesTheorchestratorisinstalledasavirtualappliancewhichcanbeobtainedfromtheVMwarewebsite.Onceinstalled,ithastobeconnectedtotheVMwarevCenterbyusingthevSphereIdentityAppliance.

WorkflowelementsanddesignInvRO,allautomationtasksaremanagedinso-calledworkflows.Aworkflowisanumberofactionsanddecisionswhichwillbeexecutedinastructuredandpresetorder.Workflowscanalsocallotherworkflowstoaccomplishtasks.Theworkflowcallingsubworkflowswillalwayskeeptrackofthestatusofallelementsithasinitsexecutionpath.However,eveniftherearevirtuallynolimitsonhowmanynestedworkflowsaworkflowcancall,itmakesthereadingandunderstandingofafunctionquitecomplex.Thisfeatureshouldbeusedwithcareinordertokeepthehumanreadabilityhighenoughforeasytroubleshooting.

InvRealizeAutomation,itmightbenecessarytocreatecustomworkflowsforthird-partyintegrationortorealizetaskswhicharerequiredbyestablishedprocesses.vRealizeOrchestratormakesiteasytocreate,manage,andupdateworkflows.However,itcomeswithprincipleswhichshouldbeknowntomakethisaneasyandstraightforwardtask.

Thereforethedatamodel,variablebehavior,andbestpracticesshouldbeknownbeforecreatingcustomworkflows.

BesidesvRO'scapabilitiesincallingworkflowsinastructuredmanner,itisalsoveryimportanttodevelopandcodetheseworkflowsinastructuredandsimplemanner.TherearevariousguidesfromVMwareonhowtocodeandensurethatnoteverythinggetspackedintoagiantscriptedtask.

Functionsshouldbeseparatedinsmallchunksofscriptedtasks(ifnecessary).Iftheygetusedmoreoften,itmightbeworthittocreateso-calledactionswhichcanbeusedindifferentworkflowsindependently.ThefirststeptosuccessfulvROworkflowsistoembracethedifferencefromtraditionalscripting.Bybreakingcomplextasksintomultipleelementswithinaworkflow,vROcanplayallitsstrengthstomaketheseworkflowseasytomaintainandtotroubleshoot.Thefollowingsectionwilldiscusstheelementsandthecreationofasimpleworkflow.However,itisjustanexample;formoredetailedguidanceoncodingandworkflowcreationinvRealizeOrchestrator,thereisaverygoodVMwarewhitepaper,vRealizeOrchestratorCodingDesignGuide.

TheVMwareworkflowcodingguidecanbeobtainedfromthisweblink:http://pubs.vmware.com/orchestrator-70/topic/com.vmware.ICbase/PDF/vrealize_orchestrator_coding_design_guide.pdf

Also,thereisaveryhelpfulwebblogcalledthevCOTeamwhichcanbefoundunderwww.vcoteam.info,ithasgoodexamplesforbeginnersandadvancedworkflowcoders.

Attributes,inputs,andoutputs

EachworkflowinvROknowsthreebasicvariabletypes.Theseareimportanttopassondata

betweeneitherworkflowelementsorsubworkflows.Therearemajordifferencesbetweenthosevariablesinhowtheycanbeusedwithinaworkflowdefinition.

Ingeneral,vROhasdifferentvariabledatamodelstooffer.Thesearebasedontheinformationthevariablemightstore.Thisisquitesimilartoscriptinglanguagesorvirtualbasicscript,wheredifferentvariablemodelsneedtobeusedforthesamereason.

vROcoverstheobviouscontenttypes,suchastext,number,andboolean.Butthereisalsoaproduct-anduse-case-specificdatatypessuchasVC:VirtualMachineorVC:HostSystem.ThesetypesareintroducedbytheirpluginsinvRO.Otherpluginscanintroducenewtypes;thereisalsoapossibilitytocreatedynamictypestobuildadatamodelforasyetunknownthird-partysystems.

CreatingacustomJavaplugincaneitherdothisorbyusingtheDynamicTypesplugin,whichwillautogenerateacustomvROpluginbasedonanythird-partyAPIcalls.

Besidesthat,variablescaneitherbeasingleitemoranarrayofthosethings.ItisimportanttodeclaretherighttypesinceotherwisevROwillerrorout.Anarraycannotbeassignedtoasingleitemvariable,viceversamightbepossible,butneedsadaptercodeinJavaScript.

Ingeneral,alltheseparameterscanbeassignedtoworkflowelementsforfurtherprocessing.InputparameterscanonlyassignontheINtabofaworkflowelement;outputparameterscanonlybeassignedontheOUTtab.AttributescanbeassignedontheINortheOUTtabofanelement.

Inputs

Iftheworkflowneedsinformationpriortorunning,thesearedeclaredasinputs.Inputscanalsobeoptionaltoprovideadditionalfunctionality.AworkflowwhichwillmigrateaVMtoaselecthostwillhavebasicallytwoinputs:

VMtomigrateDestinationhostsystem

TherecouldalsobeoptionalinputssuchaschangingtheVMDKformatwhilemigratingortheoverallcriticalitytousewhilemigratingtheVM.Buttorunatleastthesetwoinputsmustbeselectedbytheuser.

Ifaninputreflectsaplugintypevariable,theselectioncanbebasedonbrowsingtheknownvROenvironment.InthecaseoftheVM,itwillallowtheusertobrowsethroughvCenterandselecttheVMbyclickingonit.Thiscomestrueforthehostsystemaswell.

Anicefunctionwiththismethodisthattheworkflowwillbasicallynotallowanyfalseentries.AVMcannotbeselectedasaninputforthehostsystem.ThisisaveryimportantfactatvRO,thevariabletypecanbecriticaltoasuccessfulworkflow.

Attributes

Attributesareaformofglobalvariables,activeforstoringvaluesduringtheworkflowruns.Sameasforinputs,theywillhavedifferenttypes,butgenerally,theyareusedtostoredynamicinformation,asitmightbeneededwhiletheworkflowisrunning.Theycanbeseenastheshort-termmemorytoholdsuchthingsasarrays,text,oreventype-basedinformation.

Tostoreandforwardinformation,workflowelementscanreadattributes(INtab)orstoreinformationintoattributes(OUTtab).Ifanelementisconfiguredtostoreinformationintoanattribute,everythingwhichhasbeenstoredbeforeinthisattributewillbeoverwritten.Tomakesureinformationstaysvalidthroughouttheendoftheworkflow,individualattributesneedtobeused.

Outputs

Outputparametersareimportanttoactuallyreturnaresultbasedonanactionwithinaworkflow.Someautomationtasksneedtoproduceoutputs.Anexamplecouldbeaworkflowwhichmightwaitforacertaineventtoconclude.Itwouldproduceanoutputtotellwhoeverissuedtherunwhatstatusthateventmightbecurrentlyin.Anotherexamplecouldbeaworkflowwhichgeneratesalistofitemsbasedonfiltercriteria.Theoutputparameterwouldbeanarraycontainingthatlist.Also,theoutputwillbeavailableeventhoughtheworkflowhasfinished(hencethename)andcanbeusedforotherworkflows.Mostly,thistechniqueisusedforworkflowscallingsubworkflows.Tounderstandtheoutcome,itisrecommendedthatthesesubworkflowscomebackwithanoutputwhichcanthenbeusedintheoriginalworkflowcallingthesub.

Configurations

Configurationsarebasicallypresetinputsforaworkflowtorun.Theybecomehandyifthereareacoupleofworkflowsusingsimilarinputseachtimetheyrun.Aconfigurationcanbeusedtostorethatinformationcentrally.

Also,configurationsexistoutsideofworkflows,whichmeansthatinputsforworkflowscanbelinkedtothecontentofconfigurations.Forexample,let'sassumeane-mailaddressstaysthesameforallworkflowstonotifyanadministrator.Inthiscase,thiswouldbeaninputvariablewithtypestring.Topreventputtingthatineachandeveryworkflow,aconfigurationcanbecreatedtoholdthatdata.Eachworkflowcanthenbelinkedwithitse-mail-inputparameterbasedonthisconfiguration.

Ifatanytimethee-mailaddressneedstobechanged,onlytheconfigurationneedstobealteredtoholdthenewe-mail.Alltheworkflowswillautomaticallyusethenewvalue.Thisisaveryimportantfeatureifmultipleworkflowsmightusethesamedata.Itcanbeahugetime-saverandalsoreducescomplexityandeffortalotwhenworkingwithmultipleworkflowsinsemi-complexandcomplexenvironments.

Workflowelements

Workflowscontainmultipledifferentelements.Alloftheseelementshaveadifferentfunctionaswellasdifferentrequirements.Themosthelpfulelementsarethefollowing:

ActionelementsScriptabletask(Custom)decisionWorkflowelementSwitch

Therearemuchmorewhichwillhelptocreateameaningfulworkflow,thosearetheonesmaybeusedmostoftenandthereforeinterestingtodigdeeperinto.

Actionelements

vROcomeswithmanypresetandpreprogrammedactions.Theycanbeseenapreconfiguredscriptsperformingadistinctaction.Eachpluginmaybringitsownactionstomakethecreationofautomationtaskseasier.

However,itisalsopossibletocreateyourownactionsinvROtobeusedwithcustomworkflows.Ifathird-partyAPIdoesnotcomewithapluginbutacertainfunctionalitymightbeusedfrequently,thiscanbecomeveryhandy.Similartoconfigurations,actionsareonlylinkedwithworkflowsasanelement.Therefore,ifthecodeoftheactionchangesandtheversionnumberofithasbeenincreased,theupdatesarepickedupbyalltheworkflowsusingtheaction.

Thisisanotherreasonwhyanactionmightbebetterasacoupleofscriptedtasksrepeatingcodeinaworkflow.Workflowswithactionswillbefarsimplertomaintainandmanage.

Updatesforvendor-createdpluginscanalsoeasilybeintroducedusingactions.Theworkflowswillpickupthenewversionjustbyaccessingthelatestactionelement.

Tocreateyourownactionitems,vROhasitsownmenuandfolderstructureforit.ItcanbefoundundertheActionsmenuitem(vROneedstobeintheDesignview).Theiconlookslikeagearwithaplaysymbolinit.

Withinthismenu,afoldercanbegeneratedinreverseDNSstandardsubdomain.company.function.Forinstance,acertaininternalfunctionforacme.localmightbecalledlocal.acme.aircon.

Withinthisfolder,allactionsformanagingacme'sairconditionmightbecreated.Theactionelements(actions)arewritteninJavaScript.Ifanyoutcomedatashouldbeprovidedbytheaction,thereturn<value>;commandneedstobeusedtooutputvariablecontent.

Scriptabletask

Ascriptabletaskisusedinaworkflowtoaccomplishthingswhichcannotbecoveredbyanyoftheotherworkflowelements.Itisimportanttofirstsearchforwhatneedstobedoneinthe

librarytobesurethatascriptedtaskisneeded.

Scriptedtasksarethemoststaticbitsinaworkflow.Theycanonlybechangediftheentireworkflowisedited,whichmakestheworkflowmoredifficulttomanage.Onlyverystraightforwardandsimplethingsshouldbecoveredinscriptedtasks.

TheyuseJavaScriptasascriptinglanguageandalsotheINandOUTtabstoreadorwriteintovROvariables(inputs,outputs,orattributes).Mostly,theymaybeusedtosearcharraysforspecificdataandthenpassitonintooneoftheworkflowvariables.

Sometimestheyneedtobecreatedsinceaspecificoperationisnotcoveredanyactionsorworkflowelement.TheycanbeusedtoaccessAPIsthroughaplugin-providedscriptingclass(forexample,vcPlugin)toaccomplishthesetasks.Ifascriptedtaskiscreated,vROwillofferrichanddetailedhelpforallavailableplugin-basedandJavaScript-basedcommands.Thishelpscreencanbebrowsedwhileeditingthecodeinthesamewindow.

Decision

Thiselementisusedmuchlikeanif-statementinascript.Basedonacriterionoractionelement,itcaneitherfollowupthetruebranchorthefalsebranch.Thetermtrueorfalsebranchisusedtoidentifywhichwaytofollow.Literally,aworkflowcancontinuesuccessfullyeventhoughthefalsebranchistakenbythedecision.Thathighlydependsonthedesignoftheworkflowandwhatneedstobeaccomplishedusingthedecision.Therearethreetypesofdecisionelements:

DecisionDecisionactivityCustomdecision

Thebasicdecisiontakesaworkflowvariable(booleantype)asinputand,basedonitsoutput,itwilleithercontinuethesuccessbranch(true)orthefailurebranch(false).Thecontentofthevariablehastobepre-setatsomestageintheworkflow(orasaninput).

Thedecisionactivityisbasedonato-be-selectedactionelement.Theactionelementmustreturntrueorfalseinorderforthedecisiontoworkproperly.Itfollowsupthebranchesbasedonthesameprincipleasthenormaldecision.

ThecustomdecisionoffersatabcalledScriptinginwhichJavaScriptcanbeusedtoformthedecision.However,itshouldnotuseextensivescriptingtoreturntrueorfalse.OftenthisisusedtowriteanifstatementandalsoworkwithprovidedvROvariables.However,adecisionhasnoOUTtab,thereforealteredinformationcannotwritebackintoavariable.Ifmorescriptingisrequired,itisrecommendedtousethesimpledecisionanduseascriptedtaskforthecomplexJavaScriptelements.

Workflowelement

Thisisusedtocallotherworkflowsinthecurrentworkflow.Itjustneedstobedraggedintothe

executionlineandthenaworkflowtocallcanbesearchedfor.IfthisworkflowrequiresadditionalINparameters,vROhasafunctiontoautomaticallyputthemintotheparentworkflowasrequirements.Ifthisisthecase,ablackbarwillappear,askingtoaddtheactivitiesparametersasinput/outputtothecurrentworkflow.Onthefar-rightside,therewillbeabuttonlabeledSetup.Itcanbeusedtocontrolthenameofthevariables.Ifnonamesareapplied,theoriginalnamesfromtheselectedsubworkflowwillbeused.Ifthecalledworkflowhasanoutparameter,thiscanbeusedforfurtherprocessingintheoriginalworkflow.

Callingworkflowscanbeveryhandyifmultiplecomplextasksneedtobeaccomplished.Insteadofcreatingonebigandcomplexworkflow,thetaskcanbebrokenupintosmallerbitsandthereforeeachcanbeaccomplishedbyasingleworkflow.Inordertobringthebigpicturebacktogether,amasterworkflowcanbeusedtokeeptrackandcallallthesubworkflowstoaccomplishthetask.

Thistechniquemayalsobeusedifabiggerteamisworkingonautomationandnotallmembershavethesameskillsandfunctions.Theycanaddtheirworkasself-containedworkflowsforotherswhomightrequiretheiroutputtofulfilltheirtargets.

Ifoneisfamiliarwithanobject-basedprogramminglanguage,thisisasimilarapproach.Thesubworkflowscallabasicallytheirownobjectswiththeirowndescriptors,inputs,andoutputs.

Switch

Thiselementisusedtoswitchbetweendifferentworkflowbranchesbasedonvariablecontent.Itcanbeseenasacasestatement.Basedontheselectvariable,itdeliversaneasy-to-configurestatement.Itcandovariousdifferentcomparisonsbasedonthevariabletype.IfthevariabletobecheckedisfromtypeVC:VirtualMachine,thecomparisoncanbetheVMname,whetherthevariableisemptyornot,thepowerstate,theguestOS,andsoon.

Thismeansitbasicallyunderstandsthevariabletypeanddeliversanumberofcheckswhichcanbeperformedonthevariable.Basedontheirsuccess(trueorfalse),adistinctbranchwillbechosentocontinuetheworkflow.

Workflowcreation101WorkflowsinvROtypicallyliveinafolderstructureundertheworkflowstab.Tocreateanewworkflow,itisrecommendedtocreateafolderfirst,maybewiththenameofacertainprojectorthedescriptionoftheworkflowtypesitmayhold.Mostvendorsjustusetheproductnameasthefoldernameandthendosubfolderstodistinguishdifferentfunctionalities.

Oncethelocationisset,theworkflowitselfcanbecreatedinthefolderbyright-clickingonitandselectingNewworkflow.

CreatingtheworkflowBeforestartingtocreatetheworkflow,itspurposeshouldbeclear.Let'screateonebasedonasimpleexample.Let'sassumeabackupsystemisbackingupVMsbasedonwhatfoldertheyarelocatedin.Also,thefolderisaplaceholderfortheappliedretentionpolicy.ThisisaprovenpracticeandmanybackuptoolscouldactuallysupportsuchasetupwiththeirvCenterintegrationusingVADP.Also,thisworkflowmightbetriggeredbyvRealizeAutomationbasedonauser'schoice.

Therearethreefolders:

1month:VMsinthisfolderwillbeavailableforupto1monthaftertheirdeletion3month:VMsinthisfolderwillbeavailableforupto3monthsaftertheirdeletion1year:VMsinthisfolderwillbeavailableforupto1yearaftertheirdeletion

WhenauserinvRealizeAutomationisorderingaVM,theblueprintwillofferaparameterwheretheretentionpoliciescanbechosen.TheyareidenticaltothefoldersinvCenter.TheparameterscanbehandedoverbyvRAtovRObyusingso-calledcustomproperties.ThesepropertiesareprovidedbyvROwhenusingaworkflowsubscriptiontocallavROworkflow.TheseconceptshavebeendiscussedinChapter5,VMwarevRealizeAutomation.

Theworkflowshouldhaveoneinput:thevRApropertiescontainingtheVMnameasastringandthefoldernameasastring.Basedonthatinput,itshouldsimplymovetheVMintothegivenfolderinvCenter:

1. Tocreatetheworkflow,theorchestratorclientneedstobesettotheDesignmode.Undertheworkflowtab,thefolder,whichshouldcontaincanbeselected/createdbyexpandingtheLibraryfolder.

2. Right-clickonthefolderandselectNewworkflow.3. ProvideameaningfulworkflownamesuchasVMBackupmover.4. Theorchestratorclientwillnowopenthenewworkflowineditingmode.Thecanvaswill

beshownwheretheworkflowcanbeconstructed:

Ontheleft-handsideofthepane,alltheselectableworkflowelementsareshown.Ontheright-handside,thecanvasisshownwheretheoverallflowandstructureoftheworkflowcanbeconstructed.Elementscanbesimplyaddedbydraggingthemonthebluearrowpointingfromthestarttotheendworkflowelement.

5. DragtheiconforActionelementintothecanvas.Intheappearingsearchbox,lookforthegetAllVmsactionelement.ThiswillgatherallVMsintheconnectedvCenterserver.

6. Hoverovertheactionelementandclickonthepencilicontoedititsmetadata.Intheappearingwindow,clickontheOUTtab.TheActionitemhasayetunbindactionResultvariable.Itneedstobeboundtoanewlycreatedattributeintheworkflowinordertobeuseableforotherelementsinit.

7. AclickunderSourceparameteronnotsetwillopenanothersmallerwindow.Inthiswindow,anattributecanbecreateddynamicallytostoretheoutputoftheactionResult.

8. AclickonCreateparameter/attributeinworkflowwillopenawindowcalledCreateparameterwhereanameneedstobeprovided.Adescriptioncanbeadded,suchasContainsallvCenterVMs.Thetypeandarraysettingswillbepreselectedbasedontheactionelementsoutputsettings.IntheCreatesection,CreateworkflowATTRIBUTEwiththesamenameshouldbeselected.OnceOKhasbeenclicked,thesystemwillbindandcreateanewattributewiththeprovidedname:

GetthepropertiesfromtheserviceinvRA.Thisisdoneinmultiplesteps,fornow,thesearethestepsinvROtomakesurethedatafromvRAcanbeprocessed:

1. Draganddropascriptabletaskintotheworkflow.

2. Clickonthepencilicontostarteditingit.3. ClickontheInfotabtoprovideameaningfulnamesuchasProcessVMProperties.4. ClickontheINtabtodefineaninputvariable.Theprocedureissimilarasfortheaction

elementsoutput.Therearethreeicons:alinewithtwodots,twolineswithtwodots,andanX.

5. Clickonthelinewithtwodots(firsticon)toaddavariable.6. ClickonCreateparameter/attributeinworkflow.7. Enteranamesuchasmachineandselecttypestring.8. IntheCreatesection,makesureCreateworkflowINPUTPARAMETERwiththesame

nameisselected.9. ClickOKtosaveandproceed:

10. ClickontheOUTtabtodefinetheattributesthescriptabletaskwillstoreitsdateinto:1. ClickontheBindtoworkflowattributeicon(far-lefticon,linewithtwodots).2. ClickonCreateparameter/attributeinworkflow.3. ProvideavariablewiththenameparsedMachinewiththetypeany.4. SelectCreateworkflowATTRIBUTEwiththesamename.5. Repeatthesestepsuntilenteringtheattributename,createonecalled

retentionPolicywithtypestring.

Attributesarecase-sensitive;itisimportanttorespectthecaseanduseexactlythespellinginallscriptabletasks.Otherwise,theattributeswillnotberecognizedbyvRO.

11. ClickontheScriptingtabtoaddthefollowingJavaScript:

//GetthepropertiesfromvRA

varparsedMachine=JSON.parse(machine);

retentionPolicy=parsedMachine["properties"]["Backup"];

System.log("Foundbackupproperty:"+retentionPolicy+"onVMname

"+parsedMachine["name"]");

Thecodewillparsetheinput(machine)intoaJavaScriptObjectNotation(JSON)object(parsedMachine).ThiswillbeeasiertoaccessthanastringoranXML.ThiswillonlyworkifthecodeisJSON-compatible;vRAofferspropertiesinJSONformat,sothisworkswellwiththismethod.

Afterthat,theretentionpolicy(retentionPolicy)willbeparsedoutoftheJSONobjectwhichwillbethetargetfoldername.ThebracketsareusedtonavigatethroughtheJSONobjectandfindtherightidentifiertowriteintothevariable.Sincethenameofthefolderisastring,thevariableretentionPolicyisoftypestring.AJSONobjecttypeisnotdefinedinvRO,thereforetheparsedMachineisstoredastypeany.

ThelastlineistologtheoutputfordebugginginvRO.12. CreateanotherscriptabletaskandnameitPreparefolderobject:

1. BindtheretentionPolicyasanINparameterontheINtab.ClickontheBindtoworkflowparameter/attributeiconatthefarleft.

2. SelecttheretentionPolicyattributefromthelist.3. ClickontheOUTtabandclickontheBindtoworkflowparameter/attributeicon.4. ClickontheCreateparameter/attributeinworkflowlink.5. Enterameaningfulnamesuchasfolder.6. Selectastype:VC:VmFolderandCreateworkflowATTRIBUTEwiththesame

name.7. ClickOKtobindthenewattributetothescriptabletask.

13. ClickonScriptingtoaddthefollowingcode:

Varfolders=VcPlugin.getAllVmFolders();

for(iinfolders)

if(folders[i].name==retentionPolicy)

folder=folders[i];

System.log("Foundfolder:"+folder)

ThiscodewillreadallavailablefoldersinvCenter.Sincethereisnoactionelementtoaccomplishthis,theVcPluginscriptingclasswasused.ThecommandprovidesanoutputasVC:Folderinformofanarray.Thisarrayisdefinedinthefirstline.Thenextlinewillcreateaforlooptoaccessalliterationsofthearray(allfolders).Foreachfolder,itwillcheckwhetherthenamefitsthenameofthechosenretentionpolicyattribute.Oncethisisaccomplished,thefolderatthispositiongetswrittenintothefoldersattributeforfurtherprocessing.

Thelastlineisforloggingtheoutputinordertoeasierdebugthecode.

14. CreateanotherscriptabletaskandnameitPrepareVMobject:1. BindallVMsandparsedMachineasanINparameterontheINtab.ClickontheBindtoworkflowparameter/attributeiconatthefarleft.

2. SelecttheallVMsattributefromthelist.3. RepeatthisstepsfortheparsedMachineattribute.4. ClickontheOUTtabandclickontheBindtoworkflowparameter/attributeicon.5. ClickontheCreateparameter/attributeinworkflowlink.6. Enterameaningfulnamesuchasvm.7. Selectastype:VC:VirtualMachineandCreateworkflowATTRIBUTEwiththe

samename.8. ClickOKtobindthenewattributetothescriptabletask.

15. ClickonScriptingtoaddthefollowingcode:

//identifythevmtomove

for(iinallVMs)

if(allVMs[i].name==parsedMachine["name"])

vm=allVMs[i]

System.log("FoundVM:"+vm.name)

ThisshortscriptwillloopthroughallfoundVMstoidentifytheonevRAhascreated.ThenameoftheVMwillbeinthepropertiesvRAsendswhencallingtheworkflow.TheforloopwillprocessallVMsandcomparetheirnametothenameinthevRAproperties.TheifclausewillidentifytherightpositionintheallVMsarrayandassignittothevmattribute.NowthisisnolongertextbutaVMtypeattributeholdingallneededinformationtomanipulateavirtualmachine.

Finally,thelogwillbepreparedtooutputthefoundVM'snamefordebuggingpurposes.16. CreateasubworkflowbydraggingintheWorkflowelementintothecanvasontheblue

line.17. Inthesearchbar,searchforMovevirtualmachinetofolderandselectthisworkflowonce

found.18. Clickonthepencilicontoedittheworkflow.19. ClickontheINtabandaddvmaswellasthefoldervariablebyusingtheBindtoworkflow

parameter/attributeicon.20. ClickOKandthenclose.TheworkflowisnowreadyformovingVMsintospecified

foldersbasedonauser'sselectioninvRA.

SincethereisanalreadyrunningandprovenworkflowtomoveaVMintoafolder,thisworkflowiscalledbythejustcreatedone.

Oncealliscreated,theworkflowshouldhavethefollowingattributesundertheGeneraltab:

folder

allVMs

retentionPolicy

parsedMachine

UndertheInputtabthefollowinginputsarelisted:

machine

ThetabcalledOutputswillbeemptyforthisworkflow.

Onceeverythinglookslikeitshould,theworkflowcanbesavedbyclickingonSave"atthefarrightbottomcorneroftheclient.

vROsavesworkflowsandautomaticallyaddsversionnumberstothem.Itishighlyrecommendedtoalwaysincreasetheversionnumberifsomethingshavebeenchanged.Iftheversionnumberwouldnotchange(forcedoverwrite),allotherworkflowscallingthechangedonewouldstillworkwiththeolddata-hencetheversionthatremainedthesamecan'ttellthefilesapart.Therefore,itishighlyrecommendedandbestpracticethateachchangetoaworkflowalsoincreasestheversionnumberofthatworkflow.

IntegratingtheworkflowintovRAAworkfloweventsubscriptioncanbeaddedtoacertainstatusofarequest.Forinstance,theycanberuneverytimetheVMisdeployedorupandrunning.Therecanbetriggerandtargetsdefined;targetsareusuallyworkflows,triggerscanbebasedonpropertycontentorothervariables.WorkflowsubscriptionshavealreadybeencoveredinChapter5,VMwarevRealizeAutomation.

InordertomaketheworkflowworktogetherwithvRA,thefollowingstepshavetobedoneinthevRAportal:

1. OpenthevRAportalandlogonwithanadministrativeuser.2. ClickontheAdministrationtaskandthenonPropertyDictionary.3. Clickonthe+Newbuttontoaddanewpropertydefinition:

1. ProvideameaningfulnamesuchasBackup.2. Providealabel(theuserwillonlyseethelabel)suchasBackupretention.3. SelectStringattheDatatypefield.4. SetRequiredtoNo(backupisnice,butnotrequired).5. Ontheright-handside,selectDropdownatDisplayadvice.6. AttheValuesarea,selectthePredefinedvaluesradiobutton.7. AtPredefinedvalues,usethegreenplussigntoaddallthreefoldernames.Thevalues

ofthesepropertiesshouldbeidenticaltothenamesofthefoldersinvCenter.Thisincludesuppercase/lowercasenames!

8. ClickOKtostorethenewproperty:

Oncethisiscompleted,apropertygroupshouldalsobecreatedforeasierassignmentofanumberofpropertiestoablueprint.TocreateapropertiesgroupinvRA,followthesesteps:

1. ClickonPropertyGroupswhilestillintheAdministration|PropertyDictionarymenu.2. Clickonthe+Newbuttontocreateanewgroup.3. Provideameaningfulname,suchasacompanynameandanidentifierforthegroup's

content.4. Selectthedesiredvisibility(alltenantsoronlythetenantcurrentlymanaged).5. UnderProperties,clickthe+Newbutton.Intheappearingrow,clickthedrop-downarrow

toselectthepreviouslycreatedBackupproperties.6. BeforeclickingOKtoaddtheline,theShowinRequesttickboxshouldbeselectedforthe

lineentry.7. ByclickingOK,thesystemwillstoreanewpropertiesgroupwiththeBackuppropertyasa

member.

Afterthepropertiesandpropertygrouphavebeensuccessfullycreated,aneventsubscriptionneedstobeconfigured.ThisisalsodoneinthevRAAdministrationtab.ThefollowingstepswilladdaworkflowsubscriptiontomoveaVMaftercreationtoauser-definedfolder(theBackupcreationworkflow):

1. ClickonAdministrationtonavigatetoEvents.2. ClickonSubscriptionsandthenclickthe+Newbutton.

3. SelectMachineprovisioningundertheEventTopictabandclickNext.4. SelectRunbasedonconditionsandchosethefollowingoptions:

1. ExpandDatausingtheplussignnexttoit.2. ExpandLifecyclestateusingtheplussignnexttoit.3. SelectLifecyclestatename.4. SelectEqualsinthenextbox.5. Clickonthedownarrowinthelastbox,leaveConstantselected,atthenesteddrop-

downboxinthebox,searchforWPSMasterWorkflow32.MachineProvisioned.6. ClickNext.

5. IntheWorkflowtab,opentheLibraryfolderandbrowsetotheworkflowearliercreatedtoselectit.

6. ClickNext,controlthesummaryscreenandclickFinishtostorethenewlyaddedeventsubscription.

7. Intheoverview,selecttheneweventsubscription(clickontheline)andclickonPublish,otherwisethesubscriptionwillnotbeuseableinanyblueprints.

Addingthepropertiestotheblueprint

Afterallthepropertieshavebeencreatedsuccessfully,theyhavetobeaddedtotheblueprintinordertotakeeffect.Thefollowingstepswilladdtheproperties:

1. LogontovRAwebinterfacewithanadministrativeuserorablueprintdesigneruserrole.2. SelecttheWindowsblueprintcreatedpreviouslyinChapter5,VMwarevRealizeAutomation.

3. ClickonEditinthetoprowtoedittheblueprint.4. ClickontheWindowsVMinthedesigncanvas.5. Intheconfigurationmenuonthefarright,clickonthePropertiestab.6. Atthepropertiesgroup,clickonthe+Addbuttonandselectthepreviouslycreated

propertiesgroup.7. SelecttheCustomPropertiestabandclickthe+Newbutton.8. EnterthefollowingtextunderName:

Extensibility.Lifecycle.Properties.VMPSMasterWorkflow32.MachineProvisioned.

Beverycarefulwhenwritingthatsincethewholetermiscase-sensitive.9. AttheValuecolumn,enterbackup*.

SincetheMachineProvisionedpropertyforwardsalotofdataforthevirtualmachine,itissimplertofilterfortheBackupproperty.Thisiswhatthisentrywilldo.InsteadofcreatingacomplexfilteronalotofdatainvRO,thefilteriscreatedatthesourceandmakeseverythingmoreefficient.

10. ClickFinishtosavethechangesintheworkflow:

NoweverythingissetforavRAtovROworkflowintegrationbasedoneventsubscriptions.IfanewVMisrequestedinvRA,adrop-downfieldwillappeartoselectthebackupretentionpolicy.

Basedontheselectedpolicy,theworkflowwillmovetheVMinthepresetfolder.ThisisdoneimmediatelyaftertheVMfinishesprovisioning.ThecompletedworkflowrunscanbecontrolledinvROincludingvariablecontentandlogoutput.

ThiscanbedoneinthevROclientbyexpandingthearrownexttotheworkflow.Byclickingonaworkflowrun,allthecollectedinformationwillbeshownintheclientwindow:

Thisisagoodfunctiontoprovewhethertheworkflowisrunningcorrectlyandallthefunctionsareworkingasexpected.vROwouldalsolistscriptingerrorsorparsingerrorsifany.Inthiscase,theworkflowrunwillbemarkedasfailedusingaredXinsteadofagreencheckmark(successful).

ExternalservicesAnotherusecaseforvROisthecreationofso-calledexternalservicesorXaaSasVMwarecallsit.InvRA,XaaSmeansbasicallyanythingwhichcanbeautomatedandisorderableasaservice.

ByusingvROasaplatform,aworkflowcanbeaneasy-to-createbutyetpowerfulassettoprovidethird-partyfunctionalities.Also,thereareplentyofvROplugins,whichbringtheirownworkflowsforspecificvendorproducts.ByleveragingtheXaaSfeature,itismucheasiertoincludethosevendorsandtheirproductsintothevRAportal.Thismeansthatalsotheirofferingscanbeorderableasservicesbyagivenenduser.

AcoupleofthingsareveryhelpfulwhenusingtheXaaSfeatureofvRAwithvRO:

AnitemisonlyshowninvRAiftheworkflowhasanoutputparameterwhichvRAcanunderstand.ActionsonXaaSservicescanbedefinedseparatelyinvRAandassignedtotheservice.TheseactionsareworkflowsontheirowninvRO.Ifanitemshouldbedestroyedaftertheserviceisdeleted,itneedstousevRA'sdisposalfeature.TheinputmaskoftheXaaSworkflowisbasicallytakenfromtheinputsinvRO.However,themaskcanbeeditedinvRAtobemoreconsumer-friendlyifrequired.IfnooutputvariablesuitsvRA,acustomsetofresourcescanbedefinedinordertostillassignanXaaSservicetotheitemstab.vROneedstounderstandthedatatypeinordertoforwardittovRA.Toaccomplishthis,vROhasafeaturecalleddynamictypes.ThesecanbeusedtocreateanintegrationpluginwhichisthenparsingagivenAPItocreateanobject/relationconstruct.ThiscanthenbeusedtoadvertisefunctionalitybacktovRA.

ProbablyvROisusedforthird-partyintegrationtoafairextent.ButalsotocreatenewservicesandmakethemorderablethroughvRealizeAutomation,vROcanbeusedquiteeasilyandstraightforwardly.Notalwaysdotheseworkflowshavetobecreatedbytheenduser;someofthemareincludedintheavailablevROplugins.TocreateanaddausertoAD"service,allnecessaryworkflowsandactionsarealreadyinstalledinvROgiventheADpluginisactivated.ThiscanbeaneasyandstraightforwardwaytoimplementadditionalandhelpfulservicesintovRA.

ConnectingvROtovCenterOncethatiscompleted,thevROservicecanalsoberegisteredtovCentertorunvROworkflowsrightoutofvCenterusingtheright-clickmenu.TorunworkflowsusingtheVMwareAPIandtoenabletheright-clickcallfeature,vROhastoberegisteredwithvCenter.Actually,runningaworkflowinvROdoesthis:

1. UseabrowserandputintheaddressoftheVROserver.2. ClickeitheronStartOrchestratorClientoronDownloadOrchestratorClient.3. Ifyouhavedownloadedtheclient,uncompressitandopentheOrchestratorClientJava

executable.4. LogonwithanadministrativevCenteruser(sinceitislinkedtoSSOvSphereadminwork).5. MakesuretheorchestratormodeiseitherinRunorinDesign,otherwisetheworkflow

viewwillnotbeavailable.Therunmodeischangedusingthedrop-downfieldrightnexttothevRealizeOrchestratorlogo.

6. Inthetop-leftcorner,locatetheworkflowsicon(bluesquarewithwhiterhombusinit).7. ExpandtheLibraryfolderandlocateasubfoldercalledvCenter.8. ExpandtheConfigurationfolderundervCenter.9. Right-clickontheworkflowAddavCenterServerInstanceandclickonStart

workflow....10. PutinallthenecessaryvCenterinformation,selectYesonthequestiontoorchestratethis

instance.11. Onthesecondscreen,itisrecommendedtoshareasessionforalluserstovCenter.This

meansselectingNoonthefirstquestion.12. PutinthevCenterusertoconnectwith.Remember,iftheuserdoesnothaveallprivileges,

alsothevROworkflowswillhavelimitedprivileges.13. HitSubmitandvROregisterswithvCenter:

ItisalsopossibletopassanindividualusertovCentertoruntheworkflow.However,thismeanstheuserrunningtheworkflowmusthaveallprivilegesassignedtocompleteallworkflowsteps-otherwisethiswillfail.Typically,oneuserisrunningtheworkflowslikeaproxyforallothers.

Afterthishasbeensuccessfullyaccomplished,vROneedstoregisteritsextensionwithvCenterinordertoconnectproperly.Thisisalsodonebyrunningaconfigurationworkflow:

1. LocatetheworkflownamedRegistervCenterOrchestratorasavCenterextensionworkflowinthevCenter,configurationdirectory.

2. Right-clickonitandselectStartworkflow....3. ClickonNotsettobrowsetothevCenterinstancetoregisterwith.4. Leavetheadvertisingaddressfieldblank.5. TheworkflowwillnowregisterthevROextensionwithvCenter,thisisnecessarytousethe

vCentervROpluginwhichenablesadminstoattachworkflowstovCenterobjectsandrunthemdirectlybyusingaright-clickmenu.

ToprovewhethertheextensionhasbeensuccessfullyregisteredwithvCenter,itisthebestandmostefficientwaytochecktheextensionmanager.ThiscanbeaccomplishedbestbybrowsingthevCenterManagedObjectBrowser(MOB)orManagedObjectReference(MoRef)APIdescriptor:

1. OpenabrowserandputinthefollowingvCenteraddress:https://my.vcenter.local/mob.

2. PutinthevCenteradmincredentialstoopentheMOBpage.3. ClickonContent.4. FindandclickontheExtentionManagerlinkinthelist(exactspellingincludingupper-and

lowercase).5. IntheextensionList,locatethelinkcalledextensionList["com.vmware.vco"].6. Ifthislinkexists,thevROserverissuccessfullyregisteredasanextensiontovCenterWeb

Client:

vCOistheoldname(vCenterOrchestrator).However,itcanstillbefoundatmanyreferencesinvCenterandalsoinvROitself.VMwarerenamedtheproductin2013tovRealizeOrchestratorinordertocreateaunifiedproductfamilybrandforallorchestrationandautomationproducts.Iftipsforworkflowsareneeded,itisstillrecommendedtousealso"vCO"inGoogleinordertomaximizethesearchresults.

Ifallofthiscompletedsuccessfully,vROshouldberegisteredwithvCenteranditsworkflowsshouldalsobebrowseablebyvCenterserver.

UndervCenter,itisavailablebyclickingonthevRealizeOrchestratoricon.UndervROhome,itshouldshowupasconnected(Summarytab).NowvROworkflowscanbeaddedtovCenterandcanberunonso-calledobject-basedconditions.Forinstance,onecouldcreateaworkflowwhichisaddinganewhosttoacluster.Theworkflowcanbeonlyrunontheclusterobject.

AllthiscanbeconfiguredusingtheManagementtab.Ofcourse,theworkflowshavetobealreadypresentinvROinordertobeattachedtoobjectsinvCenter.

vROcontextactionsinvCentervCenterandvROmakeapowerfulconnection.Basedonthis,VMwarehasdecidedtomakeiteveneasiertorunvROworkflowsonvCenterobjectsbyintroducingtheso-calledcontextaction.Withthisfunctionality,administratorscandefineasingleworkfloworasetofworkflowswhichcanrunonaselectvCenterobject.RegisteringthevROextensioninvCenterwillenablethisobjectlinkage.Also,vCenterwilldocumentanddisplayallworkflowrunsundertasks,whichmakesthemeasiertomonitor.

Findingandenablingcontextactions

ThisconfigurationisdoneinvCenterWebClient,whichwillbeusedtomanageandenablethecontextactions.LookingfortheorangeorchestratoriconcaneasilyidentifythismenuinvCenter.ThisiconcanbefoundeitherintheHomescreenintheInventoriessectionorbyclickingonthehomeicon(top-leftcornernexttovSphereWebClienttext)andselectingthemenudirectly.

Onceinthemenu,thecontextactioncanbedefinedbyselectingvROHomedirectlyundervRealizeOrchestratorintheleft-handsidemenu.Toaddorchangeanaction,theManagetabneedstobeselected.

Enablingacontext-basedworkflow

Toenableacontext-basedworkflow,performthefollowingsteps:

1. InthevROHomescreen,selecttheManagetab.2. Clickonthegreenplusicontoaddacontext-basedworkflow.3. IntheAddnewworkflowwizardontheleft-handside,expandthevROServerstoselecta

workflow(treeview).4. BrowsetothevCenterfolderandopenVirtualMachineManagement/Moveand

Migrate.5. SelectMassmigrateVirtualMachineswithvMotion.6. ClickAddtomakesuretheworkflowappearsunderSelectedworkflowsinthetopsection

ofthewizard.7. Ontheright-handside,selecthost,whichistheobjectwheretheworkflowshouldbe

applied.8. ClickOKtoassigntheworkflowascontextaction:

Oncethesestepsarecompleted,theworkflowcanbeexecutedbyright-clickingonanyhostintheenvironment.TherewillbeamenuoptioncalledAllvRealizeOrchestratorActionsandtheassignedworkflowwillappearinthismenu.Sincethisisacontext-basedaction,itwillnotappearifaoneissuesaright-clickonaVMoracluster:

ItisnotnecessarytosetthisupforvRealizeAutomation,butitisaverygoodoptiontointroducedailymanagementautomationtasksintovCenter.GiventhatvROisconfiguredtouseaproxyuserforallworkflows,alsoadmins,whichmighthaveminorprivileges,couldruncontrolledautomationtasksusingthisoption.Also,allworkflowswillappearinvCenter'stasksoverview,whichalsosimplifiesmonitoringtheexitstateofanyrunworkflow.

SummaryThischaptertouchedonthebasicdatamodelaswellasvariabletypesofvRealizeOrchestrator.AlthoughallthisisonlyscratchingthesurfaceofvRO,itgaveadeepinsightintohowworkflowsarecreatedaswellashowtheycouldbelinkedwithvRAinordertoenablepowerfulandrichthird-partyintegrationpoints.ThisisprobablyoneofthevRO'sstrongestcapabilities.

Also,thescriptingcomponentsbasedonJavaScriptwherediscussed.Giventhewell-implementedhelpforJavaScriptandallscriptingclasses,itshouldbepossibletogetuptospeedonJavaScriptafteralittlewarm-upphase.

Inthenextchapter,thefocuswillbeonthecreationofarichservicecatalog.TheservicecatalogisthemostimportantfunctionalityoftheSDDC.Theserviceshavetobeeasytouseaswellasvaluableandusefultotheendusersbasedontheirbusinesscase.ThechapterwillalsodiscusshowservicesandservicecatalogswillbecreatedandmaintainedinvRA.Butnotonlywillthecatalogitselfbeunderdiscussion,alsothecontentandserviceswhichcanbeaddedwillbeexplored.

Chapter7.ServiceCatalogCreationTheservicecatalogisthecentralelementofeachcloudenvironment.Basedontheusecasesidentifieditwillprovidetheneededfunctionalitytoempowerthebusinessandspeedupdeployment.Thiswillenhancethetimetomarketsignificantlyandenablethewholecompanytobeabletoreacttomarkettrendsfaster.

Buttoenableallthesebenefits,itisimportanttounderstandthatthiscanonlybeaccomplishediftheservicesofferedinthecatalogarevalidandneededbytheendusers.

Thischapterwilldiscusstheservicecatalogcreation,differenttypesofservicecatalogs,aswellasdetailedexamplesofsimpleandcomplexservicedesigns.

Also,itwillcoverindetailhowservicecatalogsarecreatedinvRAandhowtheycanbeassignedtoaspecificbusinessgrouportenant,butalsobeavailableacrossdifferenttenants.Thelateroptionisnecessaryifsomeverybasicservicesmightbeworthsharing.AnexampleforsuchservicecatalogscanbeasimpleOSdeployservice.Eventhougheachtenantmightbeadifferentcompanyordivision,theywillallneedsomeformofWindowsorLinuxdeployment.SosharingaservicecatalogacrosstwoormoretenantsforthisbasicservicecanbeusefulinordertolowerthemaintenanceandoperationeffortfortheSDDC.

ServicedefinitionandclassesServicecatalogcreationinvRADesignexamplesusingvRABestpracticesandgoodpracticeforservicecatalogcreation

ServicecatalogsThisbasicallyreflectstheshopfrontendofvRA.Servicecatalogsarecategoriesandcontaintheirvariousservices.vRAdoesnotlimitthenumberofservicecatalogs,northeirnameorfunctioninanymatter.TherecanbenumerousServicecatalogsbecreated.Allthenamesarebasicallyfreeformtext,however,therearesomebestpracticesandstandardswhichmaymakesensetofollow,sinceallcloudproviderwillhavesimilarnamingandfunctionality.

InChapter5,VMwarevRealizeAutomationthethreemostusedcategorieshavebeenbrieflydiscussed,thosearebasicallyIaaS,PaaSaswellasXaaS.ThelattercategoryisaVMwareintroducedtermanddescribesAnythingasaService.

BesidestheasaServiceending,thereareendlesspossibilities.Therearealsoothercategoriesinthemarketsuchas:

SoftwareasaService(SaaS)TheseareofferingslikeGmail,Salesforce,Office365

BackupasaService(BaaS)StorageasaService(STaaS)DatabaseasaService(DBaaS)

Thisoftenmeanseithertwothings(either-or-both)InstallingaDBondemandandmakingitavailableCreatinganinstance/DBonanalreadyrunningDB(orDBcluster)

DesktopasaService(DaaS)OfteninconjunctionwithacloudportalwhereausercanorderanewdesktopondemandMostlyreferredtoandusedinVirtualDesktopInfrastructureenvironments

NetworkasaService(NaaS)High-PerformanceComputingasaService(HPCaaS)

ThislistisjustafractionofpossibleasaServicecategories.Eachtopicmightbeaseparateservicecatalog.Theideabehindthatabbreviationswasinitiallytointroduceacommonlanguageandstandardtoorientto.However,thereisnorequirednamingorcontentofaservicecatalog.Sometimesserviceswillalsobuilduponeachother.

AgoodexampleforthatistheSaaSmodelwhichmightbestackedontopofothercategories:

DefiningacatalogThecatalogdefinitionisbasedonvariousdifferentfactors.Itscontentshouldbeeasilyguessedbyitsname.Also,thecontentshouldbesharingcharacteristics,whichwillenabletoeasilyidentifyitaspartofadistinctservicecatalog.

Hereareafewexamplesofservicecatalogsandtheirpossiblecontainedservice:

IaaS:NormallythisisacatalogprovidingonlyOSinstallswithnofurthersoftwareinstallationorothercustomization.ThiscatalogmayofferaquickwaytodeployanOS(withIP,domainjoin,securityhardening,andsoon)butnothingmorethanthat.

Typicalservicesare:

Windows(differentversions)Linux(differentversions)Baremetalresources(installWindows/Linuxonabladeorrackserver).

TypicallyanIaaSservicecatalogisthefirsttostartwithsinceitdeliversafundamentalfunctionalityofeverySDDC.ItcaneasilydeployaVMcontaininganOSofchoiceincludingtheintegrationintothethirdpartymanagementframework.AlthoughthereiscurrentlyabighypeforDevOpsandCloudNativeAppsthiscanalreadybeahugetimesaver.

Directoryservices:ThiscancontainadditionalservicewhichmayonlyrefertoADorLDAPactions.SinceanSDDCcandomorethanjustprovisioning,thismightenableausertorequestanewuser,changeorresetpasswords,lockordeleteanexistinguser.Thismightbeusefulinbiggerenvironmentstospeeduptheonboardingofnewemployees.Servicesmightbe:

Create/change/deleteanADuserBlockanADuserResetADuserpassword

ACMEbusinessapplications:ThiscanbeamixofaPaaSandSaaScatalogandonlyreflectingrequiredandnecessaryservicetoenableacertainbranchofthebusiness.Sincethisisacompletecustomcategory,thereisnopredefinedcontent.Asmentionedthecontentneedstobeeasytoidentifyandshouldmakesenseinthecatalogscontext.Examplescouldbe:

Create/manageaCustomerResourceManagement(CRM)applicationDeployproductionwebserver/farm(LAMPstack:Linux-Apache-MySQL-PHP)Otherrequiredinternalbusinesssystems

MultiplecatalogsDefiningonecatalogmightbeeasyandstraightforward,whenitcomestomultiplecatalogsthereareafewdesignbestpracticestofollow.Thesewillnothaveafunctionalinfluence,butthesuccessoftheSDDCliesinitsuseradoption.Creatingcomplexanddifficulttooperateportals(fornontechnicalusers)willleadtolessadoption.Iftheportalispopulatingservicestraightfromthebusinessunits.

Catalogs:Aslessaspossibleasmanyasrequired

ThisisafamousbestpracticeforvirtualswitchesinvSphere.Thesameprinciplecomestrueforservicecatalogs/servicesinvRA.Iftherearetoomanyservicecatalogscreatedwithtoomanyservicescontainedtheusermightendupratherconfusedthanenabled.Thebestruletofollowhereiskeepitassimpleaspossible.Evenifthissoundslikeanalreadyknownruleofthumb,keepcheckingyourdesignagainstit.Oftencomplexservicecatalogcreationscanbeavoidedbycreatingmultipurposeblueprintsorcatalogitems.

AnexampleistheIaaSservicecatalog,VMsorBareMetaldeploymentswillcontainanOSandarefullyorpartiallyintegratedintotheecosystemafterdeployment.TheremightbenoneedtocreateaservicecatalogforeachOSfamily(WindowsorLinux).Also,theremightonlybetwoblueprintsneededtosatisfytherequirementsoftheusers/LOBs/adminsrequestingthisservice.

Providebasiccatalogsaswellasspecificcatalogs

AbasiccatalogcanbeIaaS,giventhatonecompanyhasmanydifferentdepartments,butallneedtofollowthesameITprocesses,itmightmakesensetohaveauniversalIaaScatalog,relevantforallbusinessgroups.

Foraprovider,thesituationissimilar.Basically,everycustomerneedstodeployeitherWindowsorLinuxVMstogetstarted.Soauniversalservicecatalog,providingthisfunctionality,shouldbeavailable.

Byintroducingaservicecatalogsharedacrosstenants,alotofmaintenanceeffortcanbesaved.Thistiesbackintothefirststatementaswellaslessaspossible.

Ontheotherhand,theremightbeapplicationservicesorspecialXaaSofferings,whichareonlyvalidforonedepartment,orevenagroupinadepartment.Thereforethisgroupscanbeentitledseparatelytoaservicecatalogtoensurethatnooneelsecanaccessthesecatalogs.

Anexampleforthatcanbesuperusers,whomighthavethepermissiontoresetanotheraccountspasswordusingtheself-serviceportal.First,onlytheseusersshouldbeentitledtosuchakindofservicecatalog.Second,thesemightbeveryspecialoperationsperdivision,soalsothecatalogandcontentmightbedifferentfromotherdepartments/tenants.

Chooseadescriptiveandshortname

Itisalsogoodtonamethecatalogaccordingtoitsfunctionalitiesandservicesitcontains.Thisislikethedepartmentinagrocerymarket,ButcherandMeatwillcontainexactlythis,whileBakeryandCakeswillcontaindifferentobjectsforthecustomers.

Thisshouldbeoneofthekeyprincipleswhencreatingcatalogs.IaaSshouldcontainallIaaSrelevantservices,butnothingelse.Ifthisismixedwithsomeapplicationinstallationservice,itmightbecomeverydifficultfortheusertofindtherightcatalog.

Itisagoodtricktoimaginebeingauserandclickingthroughtheavailablecatalogs.Ifthereissomethingunclear,arethinkofthecatalogdesignmightbeuseful.Today'susersareveryusedtothatconcept,giventhatAmazonwillalwaysdisplayBlu-raysbyclickingonthisrespectcategory.ThesameuserexpectationswillbepresentforaninternalSDDC.IfsomeoneclicksonIaaS,thecatalogshouldcontainonlyinfrastructurerelatedservices.

Outcome-orientedversustechnology-oriented

Aperfectself-serviceportaldeliversoutcome-oriented,insteadoftechnology-orientedservices.ThisisoftendifficultforverytechnicalfocusedspecialistssincetheretheworldisallabouttheOS,theapplicationthemiddleware,andsoon.

However,forabusinessuser,itisallaboutgettingthesupportforthebusiness,whichisneeded.Sotheuglytruthis:TheydonotcaretheslightestabouttheunderlyingOS,theyalsoprobablydonotcareabouttheDBversionorifitisusingJavaorPHPtodisplayanycontent.Forabusinessuser,allthatcountsistheoutcome.Inthiscase,areadytouseapplicationsupportingthemwiththeirrequirements.

Knowyouraudience

Therefore,theservicecatalogshouldbealsocreatedwiththeendusergroupinmind.Foramoretechsavvyaudience,anIaaScatalogmightbefine.

Inthiscase,itcouldprobablysimplybenamedIaaSandcouldcontaintimeslike:

LAMPStack(Linux+MySQL+Apache+PHPisusuallycalledLAMP).Windowsserver2012R2CentOS7.1

Foradministratorsoramoretechnology-focusedaudiencesuchasoperators,possiblyalltheyreallyneedisanOSorabitofsoftwaredeployedonanOStofulfilltheirrequirements.Inthiscase,suchacatalogwouldbefine,theaudiencewillexpectthis.MostoftheSDDCprojectsarerunandusedbyatech-savvyaudience,sooftentheserviceslooklikethis.

Foramorebusiness-orientedaudience,theservicecatalogmightlooktotallydifferent.Allthetoolswillstillbecontainedintheblueprint,butthistimetherequestorismoreinterestedintheoutcome,whichisthefinalservicetobeused.

AsillyexamplecouldbedeployingWordPress.Theusermightnotbeinterestedintheversionof

WordPressnorintheOSortheuseddatabase.Theimportantdeliveryistheapplicationitselfandthatitisfullyupanduseableafterithasbeenrequested.Anotherexampleistheappstoreofamobiledevice.Noneoftheusersasksthemselves:AretheyrunningaSolariswebfarmtosupportAngryBird?

Alltheycareistheoutcome,whichistheapprunningontheirdevicefulfillingitspurpose.

Basedonthat,acatalogforbusinessorientedusersalsoneedstoservetheirneedsandmeettheirexpectations.Theywillexpectapplicationslike:

ExternalconsumerportalenvironmentBusinessapplicationXYZCustomerorderportalextension

Thetitleoftheserviceblueprintsshouldrevealitsoutcome/purpose.Ifthebusinessneedstoextendtheconsumerportalenvironment,theymightlookforaservicetoordertodoso.IftheywanttodeployapplicationXYZitmighthelptonametheserviceexactlylikethewantedapplication.

ServicecatalogcreationinvRAThispartofthechapterwilldescribeindetailhowtocreateandmanageaservicecataloginvRealizeAutomation.Basedonthepreviousdescriptionsitwillcreateasamplecatalogandexplainhowtopopulateitwithservice.Also,multimachineandPaaSservicewillbedescribedinmoredetails.

Firststep:CreatingthecatalogInvRealizeAutomation,theservicecatalogcreationisdoneundertheAdministrationtab.Thistabisonlyvisibleforeitheraserviceadministrator,tenantadministratororforthevRAsystemadministrator.Tostartwiththecatalogcreation,itisimportanttohaveauserwiththerelevantprivilegesforit.

1. OpenvRealizeAutomationinabrowser,logonwithaprivilegeduserandclickontheAdministrationtab.

2. Intheright-handmenuselectCatalogManagement.Thiswillopenanothermenuwherefourpossibleselectionsarepresented:

Services:ThismenucontainstheactualcatalogsorcategorynamesinvRA.Inhere,newcategoriescanbecreated.Also,alltheitemsofexistingservicescanbemanagedusingthisentrypoint.CatalogItems:Thisshowsalistofpossiblecatalogitems,alsocalledblueprints.Notallblueprintsinherecanbepublishedtoaservice.Exceptions,whichcan'tbepublishedtoaservice,istheso-calledsoftwareservice.ThesearepackagestobeusedinablueprinttoinstallandconfiguresoftwaredirectlyontoaVM.Actions:Theseareelementswhichcanbeentitledtoaservicecatalogitemtoexecutespecificfunctions.Therearemanagementandmaintenanceactionslikepowercycleadeployment/VM.Buttherearealsodestroyorreprovisionactions,whichcanbeassigned.

3. ToaddanewserviceclickonthebuttonlabeledwithNew.Thiswillopenanentrymaskwherethenewservicecanbedescribed:1. ProvideavalidservicenamesuchasBusinessApplications.2. Provideanoptionaldescription.3. Aniconcanbechosentorepresenttheservice.Ifthereisafamiliariconavailable

whichisalreadyusedandknownitishighlyrecommendedtoreusetheseicons.4. Theservicestatus,thiscanbeActive,InactiveorDeleted.Aservicecanbesetto

inactiveinordertoprovidemaintenanceortochangeitscontent.Also,ifaserviceis

notneededanylongeritcanbesettoDeleted.Thiswillmaketheserviceunavailabletoanyusers,butitwillstillremainintheservicemenu.

5. Also,operationalhourscanbeprovided.Ifthisisafullyautomatedservice,thatmightnotbeuseful.However,ifitrequiresmanualintervention,operationalhourscantellauseratwhichtimetherequestisgoingtobeprocessed.

6. Owner:Theowner/manager/administratoroftheserver.ItistypicallyamanagerialrolewhoalsoownsservicesinvRA.

7. SupportTeam:Thatcanbeateamofoperationaladminsordesignersresponsibleforsupportingtheblueprintsaswellastheinstalledcomponents.

8. TheChangeWindowwillbeatimeframewherethecatalogisbeingmaintainedandupdated.Itcanbepredefinedandisbeingdisplayedinaninfoboxforthecatalogusers.Withinachangewindow,ausercannotordercatalogitems.

4. IfallinformationiscorrectclickOKtocreatetheservice.Itwillthenappearinthelistofservices.Aslongastherearenoitemsentitledtothisservice,itwillnotshowupintheuser'scatalog.

Secondstep:PublishingcatalogitemsInChapter5,VMwarevRealizeAutomation,thecreationofablueprintwasdescribedinsomedetail.Attheendofthechapter,italsocoveredbrieflyhowtodeployablueprinttoanalreadycreatedcatalog.Basically,allpublishedblueprintswillshowupaspotentialcatalogitems.Thefollowingstepswilldescribehowtoaddablueprinttoaservice.

1. WhilestillintheadministrationmenuwithCatalogManagementselectedclickonCatalogItemsintheleft-handsidemenupane.

2. Selecteitheralineofacatalogitemorclickonitsnametoconfigureit.3. Intheopenedconfigurationscreen,providethefollowingdetails:

Icon:sameprincipleaswiththeservicecatalog.Status:ItcaneitherbeActiveorInactive.Catalogitemscanbesettoinactivewhiledevelopersmightaddsomeworkortestanewconfiguration.Ifsettoinactive,itwilldisappearfromtheuser'sservicecataloguntilitissettoactiveagain.Quota:Thiscanlimitthenumberofdeploymentsperuserorgroup.Typicallyquotasarealsosetatthereservationlevel.Ifthereisaneedforaquota,itisrecommendedtosetitatonelevel.

TherearemanyparametersinvRA,whichcanbesetondifferentaccesslevels.Sometimesitiswisetosetitatthelowestlevel(individual)-sometimesitisrequiredtosetitatahigherlevel,toensureeverydeploymentfollowsthesamerules.However,beawarethatsettingdifferentparametersforthesameconfigurationisalsopossibleinvRA.Thesystemwilltrytojointhesesettingstoavoidconflicts.

4. Attheverybottom,theServicecanbeselected.Thiswillthenaddthecatalogitemtotheselectservice.Also,oncetheservicecontainsitemsitwillappeareventuallyinauserscatalogoverview.However,beforeausercanseeacatalogtochoosefrom,thisneedstobeentitledtotheuserorthegroup.

5. NewandnoteworthywillmarkanewservicecatalogitemforusersandmakeitappearontheirhomescreeninvRA.

6. ClickOKtosaveandaddtheitemtotheselectedcatalog.

7. Oncetheservicehasbeencreatedanditemshavebeenpublishedtotheserviceitistimeforthenextsteptomakeallavailabletoaselectbusinessgroup(ormultiplebusinessgroups).

Thirdstep:EntitlingaserviceInvRA,serviceneedstobeentitledtoabusinessgroupinordertobevisiblefortheusersofthisbusinessgrouportenant.Anentitlementcontainsmorethanjustthemappingofservicetoauser.Itcanalsobeusedtodefinetherequiredapprovalpoliciesforaservice,aswellastheavailableactionsausercouldperformonapublishedresourceoutofthisservicecatalog.

Toaddoreditanentitlementfollowthesesteps:

1. WhilestillintheadministrationmenuwithCatalogManagmentselectedclickonEntitlementsintheleft-handsidemenupane.

2. EitherchooseanexistingoneorclickonthebuttonlabeledNewatthetopofthelisttocreateanewentitlement.

Entitlementsareboundtoabusinessgroup.Whileaservicecanbepartofmanydifferententitlementssimultaneously,anentitlementisalwayssettoonesinglebusinessgroups.However,thesamebusinessgroupcanhavemultipledifferententitlements.Thiscanbeusedtoprovideusersofonebusinessgroupdifferentserviceswithdifferentsecurityaccessprofiles.

3. Startprovidingadescriptivenameandadescription.4. Entitlementscanhaveanexpirationdate.Ifthisisset,theentitlementwillchangeitsstate

fromactivetoinactiveautomatically.Ifanentitlementisinactive,theuseraccesstocontainedservicesisrevoked.

5. SetthestatustoActive.

Anentitlementcanhavethreestatevalues:Active:Theentitlementisuseableanduserscanrequestitscontainedservices.Inactive:Theentitlementisnotusable,userscan'trequestitscontainedservices.Theentitlementwasonceactivebeforeitwassettoinactiveeitherbyauseroranexpirationdate.Draft:Theentitlementisindraftstate.Userscannotrequestservicesusedinthisentitlement.Theentitlementwasneveractivebefore.Onceanentitlementhasbeensettoactiveitcannotbesetbackintothedraftstatus.

6. Selectthebusinessgroup,whichshouldbeaddedtotheentitlement.Thisselectioncannotbechangedafterward.

7. Ontherightsideofthismenu,theusersofthebusinessgroupcanbeadded.Usethesearchfieldtolookforspecificusersorgroups.Also,beawarethatonlyuserswhoaremembersoftheselectbusinessgroupshouldbeadded.

8. Oncetheusersandthebusinessgroupareset,clickonNextattherightbottomcornerofthescreen.

9. ThisopenstheItemsandApprovalstabwheretheservicesorspecificserviceitemscanbeaddedtotheentitlement.

10. UnderEntitledServiceschosetheservices,whichshouldbepartofthisentitlement.Also,anappropriateapprovalpolicycanbechosenfortheentireservice.Ifaseparateapprovalpolicyisrequiredforadistinctitem,usetheplussignatEntitledItemstoaddtheitemandchoseadifferentapprovalpolicy.

Ifonlytheserviceisselected,theselectapprovalpolicyisrelevantforallitsitems.Ifspecialitemsrequireadditionalapprovalpolicies,theycanbeaddedattheEntitledItemssections.Ifanyitemisadded,itwillover-ruletheservicesApprovalPolicysetting.Oftenusersdouble-entitleandchosetheservicepluschoseallitsitems.Inthiscase,ifnoapprovalpolicyisselectattheitems,theapprovalpolicyselectedattheentitledservicewillnotbeusedfortheadditionallyselecteditems.

11. TheEntitledActionssectionatthefarrightcanalsoaddadditionalapprovalpoliciesforseparateactions.Thismightbenecessaryforthedestroyaction,inordertopreventauserfromaccidentlydeletingadeployment.Butalsootheractionscanbeconfiguredwithanapproval.ThisdependsontheusecaseandhowtheSDDCisoperated.

12. OnceallissetclickonFinishtosavetheentitlement.Ifallsettingsarecorrect,theusersfortheselectusergroupshouldnowbeabletoorderservicesusingtheservicecatalogundertheirCatalogtab.

13. Thisisthefinalresult,theusercanseethecatalognamedBusinessApplicationsandcanorderaservice.Inthiscase,itisnotreallyabusinessapplication,itismoreIaaSonly.Inordertochangethat,thenextsectionwilldescribehowtosetupanexampleLAMPstackwhichreflectsabasicDBwebserverapplicationstack.

MultimachineblueprintdesignexampleCreatingablueprintforasingleVMcontainingjusttheOSisonething.ButtherealvaluecomeswithblueprintscontainingmultipleVMsandalsopreinstallingacompleteapplicationlandscape,allondemand.Thesearethehigh-valueservicesinacatalogsincetheusercanrequestanoutcome,areadytouseapplication.Typicallyfullyintegratedintotheenvironment.

However,thesearealsothecomplexdesignsandconfigurations.Theyneedmultiplenetworks(possiblyalsoNSX),alsotheyrequireusersettableparameterswhichmightbeprovidedfromonesoftwaretooltoanother.Ifthereisaclient-serverconnectioninvolvedlikeinaDB-Appserverrelationship,theIPorhostnameneedstobeconfiguredintheapplicationVM,otherwise,itcan'taccesstheDB.UsersandsoftwareconfigsneedtobesetaswellasOSsecuritysettingsneedtobechanged.

Beforeavalidmultimachineblueprintdesignmightbestarted,itisimportanttounderstandalltheimportantbasicsofvRealizeautomationblueprinting:

HowtousetemplatesHowtouseworkflowsubscriptions(ifany)HowtousenetworkintegrationHowtoworkwithproperties.

Allthoseaspectshavebeendiscussedintheformerchapterstoprovidethisvalidbackgroundforamultimachineblueprintcreation.ThissectionwillnowgointothedetailsanddiscusshowtobuildabasicLAMPstackwithaworkingAPPtoDBconnection.Itwillbeanexamplesetupbutprovidesallthenecessarystepsrequiredtodesignarealapplicationwithaclient-serverrelationship.

SoftwarecomponentsvRAsoftwarecanbeorganizedintoso-calledsoftwarecomponents.Theybasicallyrepresentsoftwarecomponentsuseableinblueprints.Typically,thesoftwareisinstalledusingindustrystandardscripts.Also,thesoftwaremightbedownloadedfromacentralrepositoryinsteadofcopiedontoanyofthevRealizecomponents.

vRAallowstomanagethreecategories,alsocalledContainer,ofsoftwarecomponents:

Machine:ThistypecanbeinstalledontopofVMs.Itshouldbeusedforbasesoftware,whichdoesnotrequireanyothersoftwaretobeinstalledprioritsinstallation.AnexampleintheLinuxworldisApache(httpd),MySQL,PostgreDB,orotherstandalonecomponents.SoftwareComponent:Thismeansthatthiscomponentcanonlybeinstalledontopofothersoftwarecomponents.Itcannotnativelyrunonanakedsystemwithoutanyothersoftwarecomponentinstalled.BasicexamplesforthismightbePHP(makesmoresenseifhttpdisalreadyinstalled),SQLscriptstosetupaDB,JavaprogramswhichrequireJavatobeinstalled,andsoon.SpecificComponent:Thisisaspecialcontainer.Inthiscase,onecanchooseanindividualsoftwarecomponent.Thenewcomponentcanthenonlybeinstalledontopofthatspecificcomponent.Anexampleforthismightbe:

APHPscripttosetup.phppages.ItmakessensetoletthisonlyinstallifPHPisinstalledfirst(notjustanysoftwarecomponent)AspecificSQLScriptforMySQLorPostgreSQLAnytoolwhichspecificallyrequiresothernamedcomponents

Besidesthisthreecontainerversions,aSoftwareComponentalsocontainsProperties.Thesecanbeeitherusersettableduringtherequest,orstaticinordertostandardizetheinstallation.Theuseofthis,propertiesinasmartwaywillreducetheamountofmaintenanceasoftwarecomponentneeds.Agoodexampleisvariablevalues,forinstance,ifacertainusernameisusedforaccessingtheDBandtheuserchangesovertime.InsteadofchangingtheActionsalladesignerneedstochangeisthePropertiesandthat'sit.Muchlikescriptvariablesusedinhugebatchscripts.Insteadofsearchingthewholescriptfordata,allwhichneedstochangeisthevariableatthebeginning.

However,thesepropertiesalsohaveasecondmuchmoreimportantrole.Theycanalsoreceiveinformationfromothercomponents,likeanIPAddressfromanotherVMintheblueprint,orastringlikeausernameorapassword.Thisiscalledparameterbinding.Itwillbeusedinmultimachineblueprintstoconveyinformationfromonecomponenttotheother.

Finally,SoftwareComponenthasActions.Thesearebasicallyscriptingblock.Eachcomponentwillhavefourdifferenttypes:

Install:UsedtodotheprimaryinstallofthecomponentConfigure:UsedasconfiguringthecomponentafterthefirstinstallStart:Bringstheapplicationupforthefirsttime.

Uninstall:Removestheapplicationfromthesystem

Whileitdoesmakesensetofollowthisguide,itisnotrequired.AsoftwarecomponentcanalsohaveonlyaninstallActionset,withouttheotherthreeandeitherwork.However,ithastohaveatleasttheInstalltypeset.

Toactuallyinstallandsetupthesoftware,scriptsareused.vRAsupportsthethreeindustrystandardsforWindowsandLinux:Bash,CMD,andPowerShell.

However,vRAwillnotbeawarewherethecomponentisbeingusedandusingbashforinstallingawindowscomponentwillobviouslyfail.Thescriptinglanguagehastobeavailableonthetargetsystem.However,vRAwillpreventdesignersfromusingCMDorPowerShellitemsonLinuxsystemsandviceversa.

Thesupportofthisstandardsisactuallygoodnews.Sincealotoforganizationsmighthavealreadyusedscriptingtosomeextenttoautomatetheirsoftwaredeployment,thesescriptscannowbereusedfortheSDDC.

ThescriptswillberunusingtheGuestagent,thisagentshouldbeinstalledoneveryWindowsandLinuxtemplateanditshouldbeabletoreachtheDEM(IaaSserver).

TheIaaSserverreachisveryimportantwhendeployingatemplateinanexternalnetwork.IftheIaaSservercannotreachtheVM/itsGuestagent,thesoftwarecomponentcannotbeinstalled.

AtrickmightbetoputtheVMinaninstallationnetworkandmoveitaftertheinstallwassuccessful.AnotheristomakesurethattheDEMworkercanbereachedfromallVMnetworksthroughsecurerouting.ButthiscanbetrickyinaDMZenvironment.TheGuestandtheIaaSserveruseport443(SSL)tocommunicatewitheachother.

SampleapplicationdesignBasedonallthisinformationasampleapplicationdesigncanbecreated.ThescenarioisasimpleLAMPstackbasedonCentOS.ItwillhavetwoVMs,oneinadifferentnetworkthantheother.However,theVMscanreacheachotherthroughsecurerouting.

OneVMwillbeaMySQLDBserverwithadatabaseschemetobeinstalledcontainingtheinstallationtimestamp.TheotherVMwillbeaweb/appserverwithApacheandPHPinstalled.It

willrunaPHPscript,whichwillquerytheDBserveranddisplaytheinstallationtimestampfromtheDBserver,aswellasitscurrenttime.

TheapplicationwillbecreatedforanexampleorganizationcalledFlexibleSoftwareToolsIndustries.ThisorganizationwillbecalledFSTIndustriesfromnowon.

Whilethismightsoundsupersimple,itwillrequirealotoftechniquesusedformuchmorecomplexdeployments.Themaindifferenceinthisscenarioistheeasyscriptsandthelightsetup.Butallthestepswillbesimilarforotherapplications.

Definingthecomponents

Tostartwiththeapplicationallthesoftwarecomponentshavetobedesignedandcreated.Inordertocreatethesoftwarecomponentsfollowthesesteps.

Apachewebserver

ThefirstsoftwarecomponenttocreateisApache.Sincethiscomponentwillnotneedanyparametertoinstallsuccessfully,itisratherquicktodefine.

1. OpenvRealizeAutomationinabrowser,logonwithaprivilegeduserandclickontheDesigntab.

2. Intheleft-handsidemenuclickonSoftwareComponents.1. PutinApacheasname,theIDwillbecreatedautomatically.2. Provideavaliddescriptionsuchas:InstallsApacheonaRedHatbasedLinux

machine.

ItishelpfultodisclosetheOStype.Sinceallworksusingscripts,theremightbedifferencesinLinuxdistributions.ARedHat-orientedscriptwillnotworkonUbuntuandviceversa.

3. Choseacontainer.Inthiscase,thecontainershouldbeofthetypeMachine.4. ClickNextatthebottomrightcornertogettothePropertiesscreen.

ThisapplicationisinstallingplainApache(httpd)ontopofLinux.Forthistask,nopropertieswillbeneeded.

5. ClickNextatthebottomrightcornertoaccesstheActionsscreen.6. AttheInstallstage,selectBashandclickonClickheretoedit.

1. IntheEditorwindow,putinthefollowingbashscript:

#!/bin/bash

Log=/tmp/httpd-install.log

#Installtheserverbits

/bin/echo/echo"StartInstallationofhttpd">>$Log2>&1

/usr/bin/yum-yinstallhttpd>>$Log2>&1

#Marktheservertostartintheselectrunlevels

echo"Settingtherunlevel...">>$Log2>&1

/sbin/chkconfig--levels235httpdon>>$Log2>&1

echo"Apacheinstallationiscompletenow.">>$Log2>&1

/sbin/servicehttpdstart

ThisrequiresafunctionalYUMservertobereachable,eitherthroughtheinternetorfromalocalrepository.Typically,organizationsdohavelocalYUMrepositoryserverstomanagertheirCentOS/RedHatfarm.

2. SincethisisjustasmallLinuxpackage,thestartcommandwillbeusedwithintheinstallscript.

7. ClickonOKandthenonNexttocontinuetotheReadytocompletescreen.8. ReviewtheinformationandclickFinishtocreatethesoftwarecomponent.9. Inthelistoverview,selectthelineofthenewApachecomponentandclickonPublishinthe

headrow.Otherwise,thecomponentcan'tbeselectedwithinablueprint.10. Ifallthatwassuccessful,thenewsoftwarecomponentwillbeavailable.

PHPwebcomponent

ThenextsoftwarecomponenttocreateisPHP.ThiswillrequireApachetobepresentinordertoworkproperly,sothecontainersettingwillbecomemuchmorerelevantforPHP.

1. RepeatallstepsfromtheApachecomponentforPHPuntilstep3.2. ForContainerclickthedropdownandselectApache.

PHPcannowonlyinstalledifApacheisalsousedwithintheVM.3. ClickNexttogettothepropertiesscreen.

Nopropertiesarerequiredforthiscomponent.4. ClickNextatthebottomrightcornertoaccesstheActionsscreen.5. AttheInstallstage,selectBashandclickonClickheretoedit.

IntheEditorwindow,putinthefollowingBashscript:

#!/bin/bash

Log=/tmp/php-install.log

#Installthephpbits

/bin/echo"StartInstallationofphp">>$Log2>&1

/usr/bin/yum-yinstallphp-mysqlphp-develphp-gdphp-pecl-

memcache

php-pspell

php-snmpphp-xmlrpcphp-xml>>$Log2>&1

echo"PhPinstallationiscompletenow.">>$Log2>&1

6. AttheConfigurestage,selectBashandclickonClickheretoedit.

#!/bin/bash

Log=/tmp/php-config.log

#Configthephpbits

/bin/echo"RestartWebserver">>$Log2>&1

/sbin/servicehttpdrestart>>$Log2>&1

echo"PhPconfigurationiscompletenow.">>$Log2>&1

7. Beginningfromstep7asdescribedintheApacheinstall,completethoseforthiscomponenttoo.Don'tforgettopublish!

MySQLwebcomponent

ThenextsoftwarecomponenttocreateisMySQL.Thiswillrequirenoothercomponentstobepresentinordertoworkproperly,sothecontainersettingwillbeMachineagain.ItisrecommendedtouseMySQLasnameandgivethesamedescriptionaswiththeformercomponents.

1. RepeatallstepsfromtheApachecomponentforMySQLuntilstep6.2. AttheInstallstage,selectBashandclickonClickheretoedit.

IntheEditorwindow,putinthefollowingbashscript:

#!/bin/bash

#Updatethesystempriortoperforminstallation

Log=/tmp/mysql-install.log

echo"Startupdate">$Log2>&1

#Installtheserverbits

/bin/echo"StartInstallationofmysql">>$Log2>&1

/usr/bin/yum-yinstallmysql-server>>$Log2>&1

#Marktheservertostartintheselectrunlevels

/sbin/chkconfig--levels235mysqldon>>$Log2>&1

echo"MySQLinstallationiscompletenow.">>$Log2>&1

/sbin/servicemysqldstart

SincethisissimilartotheApacheinstall,thestartcommandwillbeusedwithintheinstallscript.

3. Beginningfromstep7asdescribedintheApacheinstall,completeallthoseforthiscomponenttoo.Don'tforgettopublish!

FSTIndustrieswebcomponent

ThenextsoftwarecomponenttocreateistheFSTIndustrieswebcomponent.ThiswillrequirePHPtobepresentinordertoworkproperly,sothecontainersettingwillbePHPagain.ItisrecommendedtouseFSTIndustries_WebComponentasnameandgivethesamedescriptionaswiththeformercomponents.Thiscomponentwillinstall/createa.phpscripttoaccesstheDBandquerythetablecontainingthetimestamp:

2. Intheleft-handside,menuclicksonSoftwareComponents.

1. PutinFSTIndustries_WebComponentasname,theIDwillbecreatedautomatically.2. Provideavaliddescriptionsuchas:InstallsonaRedHatbasedLinux

machinewithPHPalreadypresent.

3. Chooseacontainer.Inthiscase,thecontainermustbeofthetypePHP.4. ClickNextatthebottomrightcornertogettothePropertiesscreen.

Thiscomponentrequirespropertiestorun.InordertoquerytheDBacoupleofvariablesneedtobepresent:1. ClickonNewandcreateapropertycalledDB_UsernamewithatypeofString.

OverrideandRequiredshouldbeticked.2. ClickonNewandcreateapropertycalledDB_AddresswithatypeofString.

OverrideandRequiredshouldbeticked.3. ClickonNewandcreateapropertycalledDB_PasswordwithatypeofSecureString.

Encrypted,Override,andRequiredshouldbeticked.4. ClickonNewandcreateapropertycalledDB_NamewithatypeofString.Override

andRequiredshouldbeticked.5. Donotputvaluesinthesevariables.

#!/bin/bash

#CreatethephpFileondemand

touch/var/www/html/index.php

FILE=/var/www/html/index.php

cat>$FILE<<-EOM

\$dbhost="$DB_Address";

\$dbuser="$DB_Username";

\$dbpass="$DB_Password";

\$dbname="$DB_Name";

\$conn=mysql_connect(\$dbhost,\$dbuser,\$dbpass);

if(!\$conn){

die('Couldnotconnect:'.mysql_error());

\$sql='SELECT*FROMFST_Install';

@mysql_select_db($DB_Name)ordie("Unabletoselect

database");

\$retval=mysql_query(\$sql,\$conn);

if(!\$retval){

die('Couldnotgetdata:'.mysql_error());

while(\$row=mysql_fetch_array(\$retval,MYSQL_NUM)){

echo"ID:{\$row[0]}<br>".

"Data:{\$row[1]}<br>".

"SetupTimestamp:{\$row[2]}<br>".

"--------------------------------<br>";

mysql_free_result(\$retval);

echo"Fetcheddatasuccessfully\\n";

echo"\\nCurrenttime:".date('ljS\\ofFYh:i:sA');

mysql_close(\$conn);

#!/bin/bash

#Turnofffirewalltoenablewebserveraccess

echo"ConfiguringfirewalltoallowHTTPDaccess"

#SetSELinuxtoallowhttpddbconnects

echo"SettingSELinuxtoallowDBconnects"

/usr/sbin/setsebool-Phttpd_can_network_connect_db=1

Thisisfortest/demopurposesonly.Inaproductionenvironment,itisstronglyrecommendedtosettherightfirewallruleusingiptablescommand!

8. Beginningfromstep7asdescribedintheApacheinstallcompleteallthoseforthiscomponenttoo.Don'tforgettopublish!

FSTIndustriesDBcomponent

ThenextsoftwarecomponenttocreateistheFSTIndustriesDBcomponent.ThiswillrequireMySQLtobepresentinordertoworkproperly,sothecontainersettingwillbeMySQL.ItisrecommendedtouseFSTIndustries_DBComponentasnameandgivethesamedescriptionaswiththeformercomponents.Thiscomponentwillinstall/createaSQLscripttocreateaDBandatablecontainingtheinstallationtimestampinformation:

2. Intheleft-handsidemenuclickonSoftwareComponents.1. PutinFSTIndustries_DBComponentasname,theIDwillbecreatedautomatically.2. Provideavaliddescriptionsuchas:InstallsonaRedHatbasedLinuxmachinewith

PHPalreadypresent.

3. Chooseacontainer.Inthiscase,thecontainermustbeofthetypeMySQL.4. ClickNextatthebottomrightcornertogettothePropertiesscreen.

Thiscomponentrequirespropertiestorun.InordertoquerytheDBacoupleofvariables

needtobepresent:1. ClickonNewandcreateapropertycalledDB_UsernamewithatypeofString.

OverrideandRequiredshouldbeticked.2. ClickonNewandcreateapropertycalledDB_PasswordwithatypeofSecureString.

Encrypted,Override,andRequiredshouldbeticked.3. ClickonNewandcreateapropertycalledDB_NamewithatypeofString.Override

andRequiredshouldbeticked.4. Inthiscase,defaultvaluescanbeputinsuchas:dbadmin(USER),dbadmin(PWD),

FST_DB(DBName).

Itisnotrecommendedtousethesamepasswordastheusernameinaproductionenvironment,thisisjustfortestpurposes!

#!/bin/bash

Log=/tmp/FST-configure.log

MYSQL=/usr/bin/mysql

/bin/echo"CreatingDBwiththename$DB_Namewithuser

$DB_Username

accessingit">>$Log2>&1

$MYSQL-uroot-e"CREATEDATABASEIFNOTEXISTS$DB_Name;"

#$MYSQL-uroot-e"CREATEUSER'$DB_Username'@'%'IDENTIFIEDBY

'$DB_Password';"

$MYSQL-uroot-e"GRANTALLON$DB_Name.*TO'$DB_Username'@'%'

IDENTIFIEDBY'$DB_Password';"

$MYSQL-uroot-e"FLUSHPRIVILEGES;"

#createthesqlcontentfile

/bin/touch/tmp/sqlcommand.sql

T1=/tmp/sqlcommand.sql

/bin/cat>$T1<<-EOM

use$DB_Name;

CREATETABLEFST_Install(idINTNOTNULLAUTO_INCREMENTPRIMARY

dataVARCHAR(100),created_atTIMESTAMP(8));

INSERTINTOFST_Install(data)

VALUES('Thetimeofcreationis:')

/bin/echo"CreatingTimestamptableusingsqlfilestoredad$T1"

$Log2>&1

$MYSQL-uroot<$T1

/bin/echo"FinishedconfiguringFST$DB_Namewith$DB_Username

accessingit"

>>$Log2>&1

#/bin/rm$T1

#!/bin/bash

#Turnoffiptablesforappserveraccess

Thisisfortest/demopurposesonly.Inaproductionenvironment,itisstronglyrecommendedtosettherightfirewallruleusingiptablescommand!

8. Beginningfromstep7asdescribedintheApacheinstallcompleteallthoseforthiscomponenttoo.Don'tforgettopublish!

IfallthecomponentsaredefinedtheSoftwareComponentsscreenshouldlooklikethis:

Definingtheblueprint

Afterallthecomponentsarecreatedanddefined,themulti-machineblueprintcanbecreated.ThisisdonesimilartotheblueprintcreationdescribedinChapter5,VMwarevRealizeAutomation,underCreatetheIaaSblueprint.

FollowthesamestepsasintheIaaSexample.Theonlydifferenceisthatthisblueprintwillhavetwovirtualmachines.Also,itwillrequiretwodifferentnetworks.Thesenetworksshouldhaveanetworkprofileattachedandshouldbepreset.

Onceallthisisdone,thesoftwarecomponentsneedbeincludedintheblueprint.Thesearethestepsrequiredtocompletethis:

1. Inthedesigncanvas,selectSoftwareComponents.Thiswillbringupthelistofdefinedandpublishedcomponentstobeinstalled.

2. DraganddropApacheonthewebserverVM.MakesuretonametheVMsaccordinglytobeabletodistinguishbetweenDB_ServerandWEB_Server.

3. DraganddropPHPontopofApache(itwillnotworkonothercomponents,giventhecontainertypeisApache).

4. DraganddropFSTIndustrieswebcomponentontopofPHP.5. AssignMySQLtothedatabaseserver.6. Finally,chosetheFSTDBcomponentanddropitontopofMySQLontheDBserver.7. Thereisonlyoneminorsteplefttocompletetheblueprint.Somehowthewebservershould

beawareoftheIPandaccessrightsoftheDBserver.Thisiswherethepropertybindingkicksin.

8. WhencreatingtheFSTcomponents,propertieshavebeencreated.TheDBcomponenthasusername,DBname,andpasswordwithpresetvalues.Thesewillshowupasdefaultvaluesonceauserorderstheservice.TheWEBcomponenthasthesamepropertieswithoutdefaultvalues.

9. InvRAthereisafunctioncalledbindinginordertogetinformationfromonecomponentpropertyandlinkittoapropertyofanother.

Inordertoactivatethebindingforthewebcomponent,clickonthecomponentinthecanvas.Atthecomponentoverview,clickonthePropertiestab.

Thiswillbringupthelistofthepreviouslydefinedproperties.NexttotheValuecolumnthereisacolumncalledBinding.

1. SelecttheUsernamelineandthenclickontheEditbutton.2. Inthevalue,fieldusethedownarrowkeytogetalistofavailablecomponents.3. SelecttheFSTDBcomponent.4. Usethe~sinetoaccessthepropertiesoftheselectedcomponent.5. SelectDB_UsernameandclickOK.6. RepeatthisfortheDB_PasswordandDB_Nameline.7. AttheDB_Addressline,select_resource~DB_Server~ip_address.Thiswilladdthenew

IPaddressfromthecreatedDBserverasvalueintothepropertyfortheFSTwebcomponent.

8. Afterall,componentsaresettotheappropriateserverVM.Usetherelationshiphandle(littledoticonatthetopleftoftheVM)todrawitfromthewebServertotheDBserver.ThatwillensurethattheDBserverissetuppriortothewebserver.

9. Ifallthiswassuccessfultheblueprintcanbepublishedtoacataloglikedescribedearlierinthischapter.TheusercannowrequestthisapplicationandevensetDBname,DBadmin,andDBpassword.

Thisisthescreenauserwillseewhenorderingthisservice.OncetheuserclicksSubmitthesystemwillsetupthetwoVMsusingtheVMtemplatesandinstallallthesoftwarecomponentsusingthescriptsprovided.Theapplicationwillcomeupandrunning,justwaitingfortheusertoexploreit.

SummaryThischapterdescribedthebasiccatalogdesignaswellasthedifferentcatalogtypes.Thebusinesscaseandtheexpectationsaremaindriversforfillingacatalogwiththerightservices.Also,thedifferencebetweentechnology-focusedandoutcomefocusedcatalogshasbeendescribed.ThemainpartwasalsotodescribehowtosetupandcreateanoutcomefocusedblueprintinvRAwhichwillprovideafullyrunningserviceondemand.

Inthenextchapter,thefocuswillbeonnetworkvirtualization.ThisisahugetopicinanSDDCsinceitcanenhanceflexibilityandsecurityaspectsofadatacenter.Nevertheless,itwillalsoincreasecomplexitysinceitaddsanotherlayertotakecareof.ThechapterwilldiscussNSXbasicsanddescribeitsmainfunctionsandfeatures.Furthermore,itwilldescribehowtoincludeNSXnetworksinblueprintsandhowtocreateondemandnetworkswhileprovisioningVMresources.

Chapter8.NetworkVirtualizationusingNSXThischapterwillfocusonthenetworkvirtualizationtechnologiesavailablefortheVMwareSDDC.Networkvirtualizationisanewtopicthathasbecomeimportantfortheagileandflexibledatacenter.Whendeployingservices,thenetworkpartisoftencrucialsincetherearevarioussecurityrequirementsthatneedtobemetwithanapplication.Also,theremightbepre-existingnetworkrequirementsthatneedtobefulfilledwhenportingtheapplicationtotheenvironment.Finally,itwillharmtheoverallagilityifthewholeOSdeploymentandstoragedeploymentcanbedoneautomatically,butthenetworkpartmightactuallyrequirehumaninteraction.Atrueend-to-endautomationisnotquitepossiblewithoutnetworkvirtualization.Ifitisnotinplace,itmaycausedelaysandevenroadblocksinSDDCprojects.

Thischapterwillrequirebasicnetworkknowledgesincesomemediumtoadvancednetworkconfigurationwillbediscussedinhere.Itwillnotprovidebasictrainingaboutnetworktechniques.ItishighlyrecommendedtobefamiliarwiththemostcommonnetworktermsandfunctionsbeforeintroducingNSXintoadatacenter.Also,VMwareoffersowncertificationsandtrainingsforNSXinordertobeabletodeployandmanageit.ItishighlyrecommendedtotakesuchaclassbeforestartingwithanNSXproductiondeployment.

Furthermore,thechapterwilldiscusnetworkvirtualizationprinciplesanditsmainusecases.Also,itwillexplainhowavirtualizednetworkworksandwhatbenefitsithastoofferfortheSDDC.Furthermore,therewillbeexampleconfigurationstoexplainhowtocombineNSXwithvRealizeandcreateon-demandblueprintsusingsomeofNSX'sadvancedfeaturestocreateyetcomplexbuteasytoorderblueprints,providingadvancednetworksecurityandavailability.

However,thisisabasicintroductiontoNSXanditscapabilities.Therearesomeadvancedfunctionalitiessuchassecurityprofiles,securitytags,andtheintegrationofthird-partyvendorsdirectlyintoNSX,whichwouldbesimplytoomuchtocoverinthischapter.Formoreinformationaboutthesefunctionalities,pleasemakesuretovisitVMware'swebsitefortheadvancedNSXdocumentation.

Thefollowingtopicswillbediscussedingreaterdetail:

Networkvirtualization101NSXfunctionsandprinciplesTerminologyandbestpracticesBasicNSXinstallationandconfigurationConnectingNSXwithvRealizeAutomationUsingNSXinvRealizeblueprintsUsingvRAfornetworkcreationon-demand

NetworkVirtualization101Maybe,networkvirtualizationisthenewestmemberinthedatacentervirtualizationfamily.Aftercomputevirtualization(VMwarevSphere)andstoragevirtualization(fromvariousstoragevendorssuchasIBM,HitachiDataSystemsandDataCoretonameafew)itisaddingadditionalfunctionsandfeaturestothenetworksegment.NSXenablessimilarthingsfornetworkingasESX/vSpherehasenabledforcompute.Itcreatesanabstractionlayerthatenablesvariousnetworkfunctionstorunontopofanyphysicalswitchhardware/vendor.Thisisahighlydisruptivetechnology,whichchangestheentirenetworkingsector.JustasmuchascomputevirtualizationoncewaswhenVMwareintroduceditintheearly2000s.

Theimagedisplaysacomparisonbetweencomputevirtualizationandnetworkvirtualization.Althoughtheseconceptsarequitedifferent,theysharesomecommonsense,whichmightbebeneficialtohighlighttounderstandthetechnology.

Bothconceptsintroducedifferentlayersofabstraction.Atthebottom,thereisthephysicalinfrastructure,whichbecomesinterchangeableduetovirtualization.VMware'svSpherecanrunonvirtuallyanysupportedhardware.NSXcanrunonanyvendor'sphysicalnetworkswitches.

Theabstractionlayeristhesoftwarecomponent.ForcomputethatiswhatvSphereis,fornetworkthisiswhatNSXdelivers.

Inthecomputeworld,thecontainerlayeriswhereVMsarecreatedtoactasvirtualinfrastructureforoperationsystems.IntheNSXworld,thiswouldbeVXLANtoactasvirtualinfrastructureforvirtualnetworks.So,VXLANcanbeseenasthecontainerforthevirtualnetworkscreated.Itisalsoreferredtoastheoverlaynetwork.

TheworkloadlayerisincomputeabovethecontainerandisthespacewheretheOSandapplicationsrung.Inthevirtualnetworkworld,thisistheadvancedfunctionalityNSXbringstothetablesuchasmicrosegmentation,advancedaccesscontrol,andotherfeaturesonlyavailableinnetworkvirtualization.Itisanotherlayerofgranularitytocontrolnetworkflowandsecurityaspects.

Infactitmightbeabitsimplistictocompareitdirectlytocomputevirtualization,butitsbasicdeliverablestendtobesimilar:

Decoupleadvancedfunctionalityfromhardwarevendors.Comparison:VMcanrunonanyhypervisoronanysupportedvendorshardware.

Movenetworkconfigurationsbetweennetworkdevicesseamlesslyandtransparent.Comparison:AVMcanbevMotionedfromonesupportedservervendortotheother(giventhearchitectureissimilar).

Makeamigrationeasybybridgingvirtualtophysicalnetworks.Comparison:AphysicalservercanbevirtualizedbyusingP2V(physicaltovirtual)converter.

Additionalfunctions,onlypossibleonvirtualnetworks(VMsecuritypolicies,VM-to-VMfirewallrules,VM-to-VMroutingandaccess,highavailability,andsoon).

Comparison:VMCloning,vMotion,Snapshots,HA,andsoon.FunctionsthathavebeenintroducedbyvSphereandhaveenhancedthewaytorunserversandapplicationeversince.

Abigadvantageisalsomicrosegmentation,whichisawaytosecuretwoworkloadseveniftheyresideinthesamenetworkwithinthesamesubnet.

Comparison:ManyVMscanrunonthesameESXihost,buttheyaretrulyisolatedfromeachother.

Thislistisbyfarnotcompleteandshouldhelptounderstandthebasicofferingscomparedwithcomputevirtualization.Naturally,therearefeaturesprovidedbynetworkvirtualization,whichlackacomputecounterpart.

Besidestheniceandnewfeaturesnetworkvirtualizationadds,itisactuallyrequiredtobuildatrulyautomatedandagiledatacenter.Withoutnetworkvirtualization,thingscangetsocomplexthattheyareprettyhardtohandle.So,itismorethanjustanicetohave,itcanbearequirementforasuccessfulSDDC.Beforewecanexplorewhynetworkvirtualizationissuchagamechanger,itmightbeworthrecappingtraditionalnetworking.

CurrentnetworkinginfrastructuresFirstofall,itisimportanttobasicallyunderstandhownetworkingworkstoday.Thereisabasicmodeltodistinguishdifferenttraffictypesandtheirfunctionalities.ThismodeliscalledtheOSI7layermodelandexplainsthevariousdifferentprotocolsandtraffictypesusedinnetworking.Sinceafairshareofthischapterwillmentiontheselayers,itisworthwhilerecappingwhateachlayerstandsforinnetworking:

Layer Protocoldataunit Function/examples

Layer1 Bit Physicalconnection,Cable/NIC/DSL/ISDN

Layer2 Frame TransmissionlayersMAC,LLTP,L2TP,PPP,MPLS,andsoon

Layer3 Packet MultinodenetworkstructureIPv4,IPv6,ICMP,IPSec,CLNP,

andDDP

Layer4

SegmentTCP/datagramUDP TransmissionofsegmentsTCP,UDP,andNBF

Layer5 Data SessionmanagementRPC,SCP,andPAP

Layer6 Data Presentation/Translationbetweennetworkandapplication

S/MIME,TLS

Layer7 Data High-levelAPIsHTTP,HTTPS,NFS,FTP,Telnet,SMTP,

SSH,andsoon

Networkadminsoftenrefertotheselayerswhenitcomestocertainfunctionalities.Ifnotalreadyfamiliar,itisrecommendedtoreadmoreabouttheOSImodelthoughtobetterunderstandhownetworkingworksandwhatthedifferentlayersprovide.

Typically,adatacentertodayhasoneofthetwopossiblenetworkarchitecturesapplied:

CentralL2designusinganetworkcoreswitchesthatrouteallnetworktrafficthroughtheentiredatacenter(typically2HA-enabledcoreswitches)

Thismeansthatallnetworksandtrafficareroutedthroughthecoreswitch,makingitthemostimportantcomponentintheentireorganization.Ifthecoreswitchgoesdownforsomereasontheentirecompanywillbecutofthenetworkandpossiblyanyexternalaccessaswell.

However,italsomeansthatnetworkscanbestretchedacrossmanydifferentswitchesandendpoints.StretchedL2networkingisusedtohavethesameIPsubnetintwodifferentdatacenters,toenableapplicationstorunoneithersidewithoutre-IPingthem.InEurope,thisflexibilitybecamealmoststandardforthelastyearswhenitcametoVMwaredeploymentsusing

sharedstoragebetweentwodatacenters(StorageMetroCluster).ToenableVMstoroamfreelybetweenthesetwosides,theIPsegmenthastobethesame.AnIPchangeafteravMotionwouldbreakmostoftheapplications,makingthebenefitofvMotiondisappear.

Thisiswhy,mostorganizationsstartedtocreatehugeL2networkinstallations.However,suchanL2installationhasnotonlybenefits,buttherearealsodrawbacksandrisks,especiallywithlargeL2architectures,makingthenetworksomewhatweakandfragile.

Oneofthemostdangerousthingsispossiblyabroadcaststormaffectingmoreandmorenetworksthroughthecoreswitch.Broadcaststormscanhappenduetovariousreasons,therearetechnologiesinplacewhichshouldpreventthemfromhappening,butsometimes,itisassimpleasawrongcommandonthewrongCLIandthenetworkgoesallblack.SinceanL2installationissharingallconnectsthroughacoreswitch,abroadcaststormaffectingthecoreswitchcanbringdownanentirenetworkofanorganization.

VLAN:Networkvirtualizationknownforalmost30yearsVirtuallogicalareanetwork(VLAN)andhasbeenintroducedin1984.Itisamethodtoseparateaphysicalnetwork/switchinmultiplevirtualnetworks.EachVLANisseparatedfromeachotherthroughso-calledVLANIDs(alsocalledtags),whichuniquelyidentifythesegment.Thereare4096VLANtagsavailable.However,VLAN0isreservedandisusedassimpleprioritytagwhileVLAN4095isusedasawildcardVLANsearch/address.InVMwarevSphere,VLAN4095isusedasatrunkallVLANIDsoption.Giventhesereservations,total4094VLANscanbeused.

Althoughthissoundsalotinthefirstplace,itmightbeeasytoreachitslimitsifappliedataproviderscaleorinbigorganizations.Giventhattheycanhavehundredsofcustomers/departments,andeachcanhavehundreds(oreventhousands)ofVLANs,thislimitwillbereachedfast.

VLANsarebasicallyjustvirtualnetworkcontainersandareabletocarryanynetworksubnets.TheycanalsobeusedformultiplesubnetshavingthesameVLANtag,makingitpossibletodivideaVLANinsmallersegments.However,allthisrequiresextensiveroutingandalsolimitsthenumberofdevicesasegment/VLANcansupport.

Sinceanetworksegmentalwaysneedstohaveabroadcastaddressaswellasanetworkaddress,thesetwoaddressescan'tbeusedforclients.Ifanetworkisseparatedinmultiplesegments,eachsegmentrequirestwoaddressesforthesefunctions,limitingtheoverallusableaddresses.

Example:

Subnetmask:255.255.255.0orreferredtoas/24

Networkaddress:192.168.0.0

Networkbroadcast:192.168.0.255

Thismeansthat254addressescanbeusedforthisnetwork.Ifthenetworkwouldbesplitinfoursegments,thenumberofusableaddresseswoulddecreasebyeightinsteadoftwoaddresses:

Subnetmask Networkaddress Networkbroadcast

255.255.255.192or/26 192.168.0.0 192.168.0.63

192.168.0.64 192.168.0.127

192.168.0.128 192.168.0.191

192.168.0.192 192.168.0.255

Intheprecedingtable,only62addressesareusablepersubnetmakingtotal248addressesavailable.ThismeansusingthesubnetmethodtosplitnetworkscanbecomefairlycomplexandreducestheamountofusableIPaddressespernetworkdrastically.

TraditionalroutingandsecurityAnotherbigtopicinnetworkingisobviouslyroutingandthesecurityaspect(firewalls,packetinspection,andsoon).

Eachdeployedworkloadwillrequiresomeroutestoreachotherservicesaswellaspossiblesecuritysettingslikefirewallrulestoenablecommunicationintoprotectedareas.AgoodexampleforsuchaconfigurationisaLAMPstack.ThewebserverwillrequireaccesstotheDBserverinordertodisplayinformation.Normally,theDBserverwillbelocatedsomewherewithintheinternaldatacenternetworks.AwebservertypicallyislocatedinaDMZoutsideoftheinternalorganizationalnetwork.Thecommunicationbetweenbothserverswillhappenthroughafirewall.ButtomakethatworkarulehastobeaddedforeachwebservercommunicatingwithitsDBpendant.Thismeansthateachpairwillhavetheirownfirewallrules,andthisisjustasimpleexample,tobecreatedbasedontheirIPaddressandtheportsusedtocommunicate.

Mostorganizationshavealreadysomanyfirewallrulesthatitisnearlyimpossibletotidythemup.Also,oftenrulesdonotgetdeletedsincetheriskofbreakingsomeimportantapplicationsismuchhigherthanthebenefitacleanrulestablewouldprovide.

Inanautomatedenvironment,wherealsoapplicationdeploymentsareplanned,itisrequiredthatthesetasksbealsocompletedoncetheservicehasbeendeployed.

ModernnetworkapproachSincecomplexityinadatacenterhasincreasedandalsotheamountofserversorVMshasincreased,therequirementstoadatacenternetworkhavechangedtremendously.

Theservervirtualizationhaschangedthewaynetworkingandsecurityneedstowork.SinceVMscanmigratefromonephysicalhosttoanother,thenetworkhastoprovidethisfunctionalityaswellinordertopreventre-IPingofVMs.Also,firewallsandsecurityrulesneedtobeconfigureddynamicallyorIPbasedinordertosupportthisbehavior.Staticport-basedrulesorsecuritysolutionsdidnolongerworkforthevirtualenvironment.

ThenewSDDCcapabilitiescreatenewrequirementstonetworkingandsecurity.Giventhatservicesandserverswillnotbecreatedondemandandalsodeletedondemandthenetworkhastogrowandshrinkwiththem.PreprovisioningofVLANsisanoption,butrequireshugepoolsofVLANswaitingtobeusedinthefuture.ThismightworkforVLANsandIPsegments,butfirewallrulescanhardlybepresetandassignedasneeded.Newservicesmaybedeployedondemand,butthenITsecuritykicksinandthewholeprocessmightslowdownsinceahandoverhappenstomanuallycreateDMZandsecurityrulesfornewservices.

Also,asdescribedearlierinthischapter,abigL2networkhasitsdownsidesaswell,forexample,abroadcaststorm,acoreswitchoutage,andsoon.Allthiscanaffecttheconnectivityandbythisalsotheproductioncapabilityofanorganization.Abignetworkingoutagecanbeseenasproductionoutageendangeringthewholebusinessofanorganization.

L3Networking-thenewarchitecture

Comparedwithlayertwonetworks,thenewfavoritedesignisalayerthreeleaf,spinearchitecture.Eachaccesszone(singleormultipleracks)willhaveitsownL3domainandconnectstoaleaf.Theseleavesthenconnectuptomultiplespinestogetconnectivitytotheotherleaves.Thismeansthatthereisnocoreswitchanymorewhereallthetrafficgoesthrough.

ThereareacoupleofbenefitsinL3networkarchitectures:

Itwillpreventglobalbroadcaststorms,sinceeachaccesszonehasitsownbroadcastdomain/can'tbroadcastacrossallleaves(giventhereisnobroadcast/multicastrouting).Itisenhancingthenetworkavailabilitywhileeasingtheconfigurationneededsincegrowingthenetworkdoesnotrequireareconfigurationofthecoreswitch.Maintenancegetseasiersinceeachleafconnectstomultiplespines,thosecanputofflineforpatchingandthenetworkstaysstillonline.Ifacoreswitchneedstobeupdated,itgeneratesrisksincethereisonlyoneothercoreleft;ifthiscorefailsthenetworkgoesdark.Securityisenhancedsinceeachaccesspodisrequiredtopassarouterorevenfirewalltoconnecttoanotheraccesspod(optionalbutpracticaltoconnectleaves).EachaccesspodhasitsownL2netsegment,whichisnotstretchedtoother,leavesor

accesszones(asshowninthepictureusingexemplarynetworkaddresses).TheL2bridgeisattheleaflevel,whereastheL2bridgeinacoreswitchingenvironmentistypicallyatthespinelevel.

However,thedownsideofthisnetworkingdesignisthatifaVMwouldnowtravelfromoneracktoanother,oroneaccesspodtoanother,ithastochangeitsIPaddresssincethisrepresentsanotherL2segment.Thisiswhy,thissetupisfairlycomplexwithtraditionalVLAN-basednetworking.IteliminatesthefreedomofroamingVMsbetweenracks(accesspods)orevensites.

Networkvirtualizationfortherescue

Thisiswherenetworkvirtualizationcomesintoplay.GiventhatthephysicalL3/L2architectureprovidesallthesebenefitsbutalsointroducestheaccesspoddilemma,networkvirtualizationcanaddmanymoretothisdesign:

On-demandnetworkcreationNetworksspreadacrossaccesspodsStretchednetworksacrosssitesNetworkswithinaccesspods(nonorth-southtraffic)On-demandsecurityrulesVM-to-VMcommunicationlimitswithinsamenetwork(microsegmentation)

Justtonameafew,asetupwithanL3/L2networkdesignplusnetworkvirtualizationwouldlooksomewhatsimilartothefollowingpicture.

Inthiscase,thephysicalL2domainisstillperaccesspod,butvirtualnetworkscanbespreadacrosseachpods.ThisworkssincenetworkvirtualizationlikeNSXusesaso-calledtransportzone.Thistransportlayerusespacketencapsulationtoputanewheaderaroundanetworkpacketandsendittoitsdestination.ThedestinationwillbeaVTEPofaNSX(VXLAN)-enabledESXihost.ThisisthekeyfunctionalityofNSXandenablesgreatflexibilityincreatingnetworks.EvennetworkswiththesameIPsubnetcanbecreatedandconnectedtodifferentvirtualroutersyetexistentonthesameESXihostorinthesameaccesspod.

Thegraphicshowsseveralvirtualnetworkseitherspanningallpodsorjustexistentwithinasinglepod.However,withNSX,allthesenetworkscanhaveexternalaccesstothephysicalnetworkortoeachotherovertheintegratedvirtualrouterexistentoneveryESXihost.Thisopens

aworldofpossibilitiestonotonlyputVMsintovirtualnetworksandprovidethemjustenoughaccesstofunctionbutalsoenhancetheoverallsecurity.

Also,configurationsaswellasthesetupcanbeeasilybackedupandrestoredonanyphysicalnetwork;sinceallofthisisvirtual,itisabsolutelyindependentfromthevendoraswellastheunderlyinghardware.

Anotherbenefitofnetworkvirtualizationisthedecreaseofnorth-southtrafficforroutednetworks.Inatraditionalnetworkwithacoreswitch,ESXihostshavetosendthetrafficthroughanexternalrouterifoneVMwantstocommunicatewithanotherVMinanothersubnetonthesamehost.ThepacketshavetopassthroughtheESXinetworkinterfacethroughtherouter,backintotheESXiandtotheotherVM.Thisaddsalotofso-callednorth-southtraffic.

Thisreferstonetworktraffic,whichleavesapodnorthboundandreturnssouthboundinordertoreachanetworkclientcontainedinthesamepodbutinadifferentnetwork.

Besidesnorth-southtraffic,thereisalsoeast-westtraffic,whichiseverythingwhichstayswithinapod.IfaVMtalkstoanotherVMinthesamenetworksubnetbutonadifferentESXihost.Thetwohostswillcommunicatedirectlywitheachotherwithoutsendingthetrafficthrougharouter.IftheseVMsareonthesamehost,thenetworkpacketsarenotevenleavingtheESXihoststhroughthevirtualNIC.Thisdecreasestheloadonmoreexpensivenetworkhardwaresuchasswitchesandingeneralreducestheoverallnetworktrafficsprawl.ThefollowingpictureshowsexampleshowNSXwilldramaticallyreducetheamountofnorth-southtrafficandhelptoenhancenetworktrafficaswellasoverallnetworkperformancebyreducingtheamountofneededhops.

NSXterminologyNSXcomeswithitsownterminology.Itmightbegoodtogetfamiliarwiththesetermsinadvancetobetterunderstandtheirmeaningandfunctionalityifreferencedlaterinthischapter.

TheVXLANIEEEstandardisusedasthetransportnetworkforallvirtualnetworkscreatedinNSX.InNSX,itisalsoreferredtoastransportzone.ItcarriesthenetworkpacketscontainingthevirtualnetworkinformationfromoneNSX-enabledESXihosttoanotherusingthespeciallycreatedkernelportinESXi.TheVXLANencapsulationisshowninthefollowingimage:

Theaddedinformationisthefollowing:

VXLAN-specificcontentlikeVXLANNetworkIdentifier(VNI).OuterUDPandIPheader(comingfromtheencapsulatinghost).Fullouterethernetheadercontainingallinformationfromthesendinghosttothereceivinghost.ThereceivinghostiseitherdeterminedduetomulticastrequestsorbytheVTEPtable.IntotalaVXLANencapsulationaddsanother50bytestoadefaultnetworkpacket.Giventhis,theMTUdefaulthastobechangedfrom1500toatleast1550orhigher.ThisMTUchangeisamustsincethenetworkframeswillbelargerthaninatraditionalLAN.ThisneedstobeconfirmedwiththephysicalswitchconfigurationaswellsinceotherwisetheywilldroptheselargerframesiftheydonotfittheirsetMTU.

Generally,itisthebestpracticetoenablejumboframesfortheVTEPsandthetransportzone.ItisextremelyimportanttoensurethatthephysicalswitchescanhandlethehigherMTUsize;otherwise,NSXwillnotwork!

AnEdgeistypicallyagatewayintoanothernetwork.MostofthetimetheEDGEisthegatewayfromthevirtualnetworksinaphysical,externalnetwork.Itcanbeseenastheaccesspointintoandoutofthevirtualworld.TherearefollowingtwotypesofEDGEdevicesavailableinNSX:

TheDistributedLogicalRouter(DLR)inNSXisarouterthatisinstalledoneachparticipatingESXihost.ItwilltakecareofroutingtrafficofVMsbetweenvirtualnetworkseveninsideanESXiorbetweendifferentESXihosts.AlthoughitisalsoaVMdeployedintheEDGEcluster,itsyncsitsconfigwithallparticipatingESXihosts.TheEDGEServiceGateway(ESG)istypicallytheconnectionbetweenthephysicalandthevirtualnetworkingworld.AnESGisnormallyconnectedtoaDLRtoenableittorouteoutsideofNSX.However,italsooffersotherfunctionssuchasaloadbalancer,NAT(SourceNATandDestinationNAT),aswellasVPNconnections.

LogicalSwitches

ALogicalSwitchinNSXisavirtualnetworkwhereVMscanbeconnected.Logicalswitchesarealsooftenreferredtoasvirtualwire.

InvSphere,theywillshowupasportgroupswithuniqueIDnames(numbercombination).However,NSXmanagesandmaintainsthesevSphereportgroups.AdminsshouldnottemperwiththemoutsideofNSX.

EachswitchgetsasegmentIDasidentifier(similartoVLANtagsintraditionalnetworking).Thesegmentrangecanbecustomized;themaximumnumberofsegments(switches)is16,777,216.

Virtualtunnelendpoint(VTEP)andrepresentsbasicallyoneoftheESXikernelportsinthetransportzoneexchangingNSXtraffic.TheVTEPlearnswhichVMsitsonwhichESXihostand

createsaforwardingtable.InordertofindtheVMsNSXusesoneofthethreemethodstoaskwhereVMsare:

UNICAST:EachESXihostwithaVMwantingtotalktoanotherVMaskseachotherhostinatransportzoneifthepeerknowsthisotherVM.ThistypicallygeneratesalotoftrafficuntiltheVTEPlearnswhereVMsare(iftheymove,theprocedurebeginsagain).TheNSXcontrollersareusedtocoordinatethisandtomaintaintheVTEPtable.AbenefitofthismethodisthatARPsuppressioncanbeenabled.MULTICAST:EachESXihostwithaVMwantingtotalktoanotherVMsendsamulticasttoallhostsinatransportzone.IfoneoftheotherESXihostsrunstherequestedVMitsimplyrespondstothemulticastrequest.ThisdoesnotrequireanNSXcontroller.However,thenetworkneedstosupportmulticastaswellasmulticastroutingneedstobeenabled.ThisistypicallymoreeffortaswellasmorecomplextophysicallyconfigurethantheUNICASTmethod.HYBRID:Thisisthebestofbothworlds.ItusestheNSXcontrollerstobuildandmaintainaVTEPtableandworkswithARPsuppression.Sinceitcanmakeuseofthecontrollers,multicastroutingisnotrequired,whichmakesthephysicalswitchconfigurationmucheasier.All,whichisrequired,isanigmpquerieraddressandmulticastIPaddresses.Ifthepeerhostisnotinthesamemulticastdomain(can'tbereachedwithoutrouting),NSXwillrevertbacktounicastandthecontrollerwilladdthediscoveredconnectiontotheVTEPtable.

NSXcontroller

ThisisoneofthreeVMs(threearerequiredasaminimum)toruncontrolcommandsandsyncconfigurationsbetweenandwithESXihosts.ThecontrollersalsomaintaintheVTEPtable(inUNICASTorHYBRIDmode)/BUMtraffic.Thecontrollerswillalwaysdeployinacontrollercluster.

TheNSXcontrollersneedtodoLayer2communication.Ifspreadacrossclusternodesindifferentracks,thishastobetakenintoaccount.TolearnmoreabouttheVTEPtable,BUMtraffic,andARPsuppression,youcanvisittheVMwareblogaboutadvancedNSXfunctionalitiesathttp://blogs.vmware.com/vsphere/2013/05/vxlan-series-how-vtep-learns-and-creates-forwarding-table-part-5.html.

NSXsetupandpreparationToconnectNSXtovRAandworkwithitintheSDDC,itneedstobesetupandinstalledfirst.ThispartgivesanoverviewaboutbasicconsiderationsandtaskstosuccessfullyinstallNSXinavSphereenvironment.ItisstronglyrecommendedtochecktherequiredsettingsforHYBRID(Multicastneedstobeenabledontheswitches,anigmpquerierneedstobesetup,andsoon)withthenetworkingdepartment.Ifthesesettingsareincorrect,NSXmightnotworkcorrectly.Ifthesesettingsareunclearorimpossibletoconfigure,UNICASTmodeneedstobeused.

VMwaredemandsthatcertifiedconsultantsfromeitherapartnerorVMware'sPSOmustinstallNSXinaproductionenvironment.Theinstallationmethodprovidedinthischapterwillwork,butmaynotbebestpracticeforeveryenvironment.Also,beforeinstallingNSX,adesignneedstobecreatedwithassumptions,risks,andconstraintstomakesurethatitfitsthepurpose.

ESXiprerequisitesforVXLAN/NSXBeforeNSXcanbeinstalledintheenvironment,somestepshavetobeconcludedinordertocomplywithallprerequisites.Firstofall,thetransportzonerequiresitsownVLANincludinganIPaddressschemefortheVTEPkernelports.ItisimportanttohavetheseIPaddressesbeforetheNSXinstallationsincethosearerequiredtocompletethesetupandmakeeachESXihostworkwithNSX.

TheVTEPscanbeinaVLANusingatraditionalL2network.However,theycanalsobeindifferentnetworksasinanL3setup.Whatevermethodischosen,allVTEPsarerequiredtoreacheachothereitheroverroutednetworksorwithintheL2network.

ThenumberofIPaddressesobviouslydependsonthenumberofhosts.ButthereisalsothechancetohavemultipleVTEPsperhostforhighavailabilityandloadbalancingreasons.BasedonthenumberofESXihostsandthenumberofVTEPstouse,itcanquicklyexceedatypical/24network.ItisrecommendedtoplanaheadsincethisisnoteasilychangeableafterNSXhasbeendeployed.

Forexample,128ESXihostswith2VTEPswillrequire256IPaddresses.AclassCnetwitha/24netmaskwillprovideonly254addresses.InordertosatisfytherequirementabiggernetworksegmentneedstobeusedforprovidingtheVTEPIPs.

Inthiscase,a/23classCnetwillberequired,providing510IPaddressesintotal.

NetworkprerequisitesforNSXAVLANhastobepreparedinordertoputtheVTEPsintoit.However,itisnotrequiredtocreateaVDSportgroup,thiswillbedonebyNSXoncethetransportzonegetssetup.Also,NSXdoesrequirethevirtualdistributedswitchtobeavailable.IfthevSphereLicensingdoesnotcovertheuseoftheVDS,theNSXlicenseautomaticallywill.

OncetheVLANIDispreparedandalsotheVLANisconfiguredonallphysicalswitchesinordertoenablesuccessfulcommunicationbetweenalltheESXihosts(VTEPs),theNSXsetupcanbegin.

Step1:InstallingNSXmanagerTheNSXmanagercomesasOVAandcansimplybedeployedinavCentermanagementcluster.AsdescribedinChapter4,SDDCDesignConsiderations,itisagoodpracticetohaveaseparateNSXEDGEclusterready.ThisisimportantwhenitcomestotheNSXnetworkingcomponentdeployment.However,insmallormediumenvironments,thosecomponentscanalsobedeployedinthepayloadclustertomaximizeefficiency.

TheEDGEclustertypicallycontainsESGsandDLRs.AlsotheNSXcontrollercanrunintheEDGEcluster.Itisimportanttounderstandthatallnetworktraffictonon-NSXnetworks(externalnetworks)willflowthroughtheseedgedevices/ESXihosts.ThismeansthatthehostsintheEDGEclusteraremainlyforwardingandreceivingnetworktraffic.

IMPORTANT:ItispossibletohavemultipleEDGEclustersandaddthemovertime.Also,theuseofvMotionforESGsispossibleaslongastheyareonaLayer2network.ItisnotpossibletomigrateESGsonLayer3fromoneEDGEclustertotheotherusingvMotion.Inthiscase,anymigrationofanESGwillcausedowntimeforallitsconnectedvirtualnetworks.Also,thisisamanualtaskandisnotrecommended.

OncetheNSXmanagerisdeployed,itneedstoberegisteredwithvCenterinordertoenableNSX.ThisregistrationisdoneusingtheNSXmanagerwebinterface:

1. LoginusingadminandtheprovidedpasswordduringtheOVAdeploy.2. ClickonManagevCenterRegistration.3. AtvCenterserverclickonEdittoentertheconnectiondetailsandthecredentials.Itis

importanttoconsiderusinganNSXadminaccountwiththecorrectrolesassigned.Also,makesurethatitspasswordisnotexpiring!

ItisimportanttoconfigureNTPandtheDNSnetworksettingsfortheNSXmanagerappliance.Especially,theNTPconfigurationisveryimportantinordertoensurethatallconnectedcomponentsarehavingthesamedateandtime.Otherwiseerrorsmayoccurandthecommunicationbetweencomponentsmightbedisrupted.

4. OnceNTP,theDNSsettings,thecertificates(ifrequired),andthebackuphasbeenset/changed,therestoftheconfigurationwillbedoneusingthevCenterclient.

ThebackupsettingrequiresaTFTPserverinordertosavetheconfigurationautomaticallytothisshare.ItishighlyrecommendedtouseandconfiguretheNSXBackupservice!

Step2:SettingupthecomponentsIfthemanagerisinstalledcorrectlyandtheregistrationwithvCenterwassuccessful,therequiredcomponentscanbeinstalledbyusingthevCenterwebclient.

ThereisnoNSXintegrationinthelegacyC-Sharpclient(desktopclient).TheonlywaytoconfigureNSXisusingthewebclient,besidesitsAPI.

ToconfigureNSX,openthevCenterwebclientusingaprivilegedadministrativeuserandnavigatetotheNetworking&Securityitemonthehomescreen:

OncetheNetworking&Securityscreenopens,clickonInstallationintheleft-handmenupaneandperformthefollowingtasks.

PreparetheESXihosts1. MakesurethattheHostPreparationtabisselected.2. ForeachclusterwhereNSXisneeded,selectInstallintheInstallationStatuscolumn.3. Oncetheinstallationiscompleted,theNSXversionnumberisdisplayedintheInstallation

StatuscolumnandtheFirewallcolumndisplaysenabled.Agreencheckmarkwillalsobeshown.

IfvSphereautodeployisused,thisinstallationmethodwillnotwork.InordertoenableNSXwithautodeploy,itisrequiredtoincludetheesx-vxlan.vib,andtheesx-vsip.vibareincludedintheautodeployESXiimage.ThesevibscanbeobtainedfromtheNSXmanagerdirectly.Tolearnmorehowtoconfigureautodeployanddownloadthevibs,visitthefollowingVMwareKBarticleathttp://kb.vmware.com/kb/2092871.

4. Oncetheimagehasbeenrepackagedwiththesecomponents,theESXihostshavetoberebootedstartingfromthenewimages.

DeploytheNSXcontrollernodes

ThenextstepistodeploytheNSXcontrollernodes.Toperformtheirinstallation,followthesesteps:

1. InthevSpherewebclientstillunderNetwork&Security,makesurethatInstallationisstillselectedontheleft-handpanemenu.

2. MakesurethattheManagementtabisselected.3. AttheNSXControllernodesmenulocatedatthebottom,clickontheplusbuttontoadda

newcontroller.4. Provideallnecessaryinformationinordertodeploythefirstcontroller:

1. Chooseavaliddatacenter.2. ChoosetheEDGEormanagementcluster.3. Provideadatastore(adedicatedEDGEdatastoreisnotneeded,butrecommended).4. Provideahost,makesurethateachcontrollerisdeployedonadifferenthost.5. ProvideaVMfolder(chooseDiscoveredvirtualmachineorcreateaseparateEDGE

folderifdesired).6. Chooseaportgrouptoconnectthecontrollerto.Itisimportantthatthecontrollerneeds

tobetoreachtheNSXmanager.ThismightbeeitherthrougharoutednetworkorthecontrollerislocatedinthesamenetworksegmentastheNSXmanager(recommended).

7. SelectanIP-Pooltoprovideandaddresstothecontroller.Ifnopoolhasbeencreated,thewizardallowstocreateapoolwithoutleavingthewindow.

5. Repeatstep3untilthreeNSXcontrollershavebeendeployed.RemembertochoosethreedifferentESXihoststodeploythecontrollersonto.

DefiningthesegmentID

Afterthehostshavebeenpreparedandthecontrollershavebeensetup,thesegmentIDneedstobedefined.Asdescribedearlier,eachlogicalNSXswitchgetsitsownsegmentID.So,thesegmentrangewilldescribehowmanyLogicalSwitcheswillbepossible.TosetupthesegmentIDrange,performthefollowingsteps:

1. InthevSpherewebclientstillunderNetwork&SecuritymakesureInstallationisstillselectedonthe-lefthandpanemenu.

2. MakesurethattheLogicalNetworkPreparationtabisselected.3. SelecttheSegmentIDbuttonandclickonEdit.4. Inthewindow,provideasegmentIDandamulticastaddressrangeifMULTICASTor

HYBRIDmodeisused.1. ProvideavalidsegmentIDpool,forexample,5000-10000.2. CheckEnableMulticastaddressingandprovidevalidmulticastaddresses,for

example,239.40.0.0-239.41.255.255.

5. ClickonOKtosavethesegmentIDandmulticastaddresses.

Configuringthetransportparameters

InordertosendtrafficacrossESXihostsanddifferentL3networksegments,atransportzonehastobeconfigured.Inordertodothat,followthesesteps:

1. InthevSpherewebclientstillunderNetwork&Security,makesurethatinstallationisstillselectedontheleft-handpanemenu.

2. MakesurethattheHostPreparationtabisselected.3. ForeachclusterwhereNSXisneeded,clickonConfigureintheVXLANcolumn.4. Intheconfigurationwindow,selecttheswitchtowhichtheclustershouldbemapped.5. EnterthetransportVLANID(asdescribedinthepreparationsection).6. EnteravalidMTU,atleast1550orhigher,fortheVDS.7. IntheVMKNicIPAddressing,theIPpoolforthemanagementandEdgeclusterneedstobe

defined/selected.8. TheIPPoolcanbecreatedwithinthiswizardtobeselectedfortheIPaddresses.Theseare

theVTEPIPs,asdiscussedearlierinthischapter.EnsurethatthereisenoughIPsavailableforalldesiredVMKNics.

9. EdittheVTEPnumber.Ifthisissetto2,therewillbetwoVTEPsperESXihostinstalled(forredundancyandscalability).

10. ClickonOKtosavethechanges.

Afterthat,theVMKNics(VTEPS)willbeconfiguredandgettheIPsassignedasdefinedintheIPpool.

ItisrecommendedtoconsiderNICteaminginordertoenhancetheresiliencyaswellastheperformanceoftheVTEPs.Makesurethattherightteamingpolicyisselectedinordertofulfilltheserequirements.

Setupthetransportzone1. InthevSpherewebclientstillunderNetwork&Security,makesurethatInstallationisstill

selectedontheleft-handpanemenu.2. MakesurethattheLogicalNetworkPreparationtabisselected.3. ClickonTransportZonesandthenclickontheplusbutton.4. Providethefollowinginformationintheconfigurationwindow:

1. Zonename,forexample,MyOrgTransport.2. Meaningfuldescription.

3. Replicationmode(MULTICAST,UNICAST,orHYBIRD),forexample,Hybrid.4. Selectallparticipatingclusterforthattransportzone.

5. ClickonOKtosavetheconfiguration.6. Afterthetransportzonehasbeenconfigured,NSXisreadyforpayloadtrafficandtocreate

virtualwires.

Step3:Virtualnetworking101IfallthesettingsfromsteptwohavebeenappliedsuccessfullyNSXisreadytobeconfiguredfortheSDDC.Thebasicsofthisconfigurationare:

SettingupaLogicalSwitchSettingupaDistributedLogicalRouterSettingupanEdgeServiceGateway

EachLogicalSwitchcanbeseenasanetworkoratleastasegmentofanetwork.VMsconnectedtothesamelogicalswitchcancommunicatewitheachotherwithoutanyroutingrequired(exceptthereisasecuritypolicyconfigured).

IfVMsrunondifferentLogicalSwitcheswithdifferentIPaddresssettings,aDistributedLogicalRouterisrequiredinordertolettheVMscommunicatetoeachother.TheLogicalrouterconnectsdifferentLogicalSwitcheswitheachotherinordertoenableadvancednetworkcommunication.

Ifanexternalaccesstothenetworkisrequired,anEDGEalsoreferredtoasESG,willprovidethisfunctionality.ItbasicallyhasaconnectiontotheexternalnetworkaswellasaconnectiontothevirtualwiresusingtheDistributedLogicalRouter.Thisway,itcanbeconfiguredwhichvirtualnetworkscanaccessthephysicalnetworksusingtheDistributedLogicalRouteraswellastheESGasagateway.

Thefollowingimageisanexampleofthisconfigurationandshouldhelpforabetterunderstandingoftheconfiguration:

TheApplicationLogicalSwitchandtheDatabaseLogicalSwitchwillbeinternalLinktypesconfiguredattheDLR.WhiletheEdgeServiceGatewaywillbeauplinktypeconfiguredattheDLR.Thisenablesaccessforbothvirtualwirestotheexternalphysicalnetwork.

AddaLogicalSwitch

BeforewecanaddadvancednetworkfunctionssuchasarouterandaESGweneedtohavelogicalswitchespresent.FollowthesestepstoaddalogicalswitchtotheNSXenvironment:

1. InthevSpherewebclientstillunderNetwork&Security,makesurethatLogicalSwitchesisselectedontheleft-handpanemenu.

2. ClickontheplusbuttontoaddanewLogicalSwitch.3. Providethefollowinginformationinthecreationwizard:

1. Switchname,forexample,Application.2. Meaningfuldescription,forexample,Switchfortheapplicationserver

environment.3. SelectatransportzonebyclickingonChange.4. Selectanappropriatereplicationmode(bestpracticeistoselectthesameasforthe

transportzone).5. EnableIPDiscoveryand/orMACLearning.MACLearningwillintroduceARP

suppression.

4. ClickonOKtocreatethelogicalswitch.

Repeatthisstepuntilalldesiredlogicalswitcheshavebeencreated.Itisagoodtesttostartwithtwo,sincethenthedistributedlogicalroutercanbetestedaswelltovalidateitsfunctionality.

Also,itmightbenecessarytocreatethetransportswitchfromtheDLRtotheESG.Thisisaspecialvirtualwire,whichwillonlybevalidforESGandDLRinterfaces.

AddaDistributedLogicalRouter

Inordertoroutebetweenthevirtualwires,adistributedlogicalrouterisnecessary.ThisisanEDGEdevicewhichwillhaveinterfacesinalllogicalswitcheswhereroutingisdesired.Thesearethestepstoaddadistributedlogicalrouter:

1. InthevSpherewebclientstillunderNetwork&Security,makesurethatNSXEdgesisselectedontheleft-handpanemenu.

2. ClickontheplusbuttontoaddanewLogicalSwitch.3. SelectLogical(Distributed)Routerandprovidethefollowinginformation:

1. Aname,forexample,Example-DLR.2. Ameaningfuldescription.3. DeployEdgeAppliance(leavedefault.AnEdgeapplianceisneededfordynamic

routing.Withoutit,theDLRisonlycapableofstaticrouting).4. SelectEnableforHighAvailabilityifrequired.5. ClickonNexttocontinue.

4. Provideavalidusername(leavedefault)andanadminpassword.MakesurethatSSHaccessischecked.

5. Selectthedatacentertodeployto.IfHAhasbeenselected,chooseCompact,Large,X-Large,orQuardLarge.UnderNSXEdgeAppliance,clickontheplusicontoaddtheESG.Providethefollowinginformation:1. Clustertodeployto(selectEDGECluster).2. Datastoretochoose.3. Optional:Hosttodeployto.

4. Optional:vSphereFoldertoputtheDRLinto.

6. AttheConfigureinterfacesofthisNSXEdge,addthelogicalswitches,whichneedstobeconnected(routed):1. Clickontheplussigntoaddaninterface.2. Provideaname,forexample,Application_IFfortheApplicationLogicalSwitch.3. AtConnectedTo,clickonchangeandselecttheApplicationlogicalswitch(the

switchcreatedinthepriorstep).4. AtTypeselectInternal.5. UnderConfiguresubnets,clickontheplussignandprovideaLIFIPandSubnet

prefixlength,forexample,172.16.10.1and24.ThiswillbethevirtualgatewayIPfortheApplicationnetwork.

7. Atthefifthstep,choosethevNICforthedefaultgatewayandprovidethedefaultgatewayIPaddress.

8. Attheready-to-completestep,reviewthesettings.Ifalllookscorrect,clickonFinishtocreatetheDLR.

AddaEDGEservicesGateway

Oncethatcompletedsuccessfully,thefirstDLRshouldbeappearingunderNSXEdges.ThenextstepmightbetocreateanESGgatewayforexternalaccess.ThisissimilartotheDLRconfiguration.However,inordertoconnecttheDLRtotheESG,thetransportvirtualwireisrequired(nottobeconfusedwiththetransportzone!).

FollowthesestepstoaddanESGandconnectaDLRtoit:

1. FollowallthesamestepsasdescribedintheAddaDistributedLogicalRoutersectionuntilstep3.SelectEdgeServicesGateway.

2. Followsteps4-6fromtheAddaDistributedLogicalRoutersection.3. ClickontheplussigntoconfigureEDGEinterfaces.

1. Provideavalidname,forexample,Transport_IF.2. AtTypeselectInternal.3. UnderConnectToclickonChangetoselecttheTransportLogicalSwitch(orsimilar

namecreatedfortheESGtoDLRtransportnet).4. ProvideavalidIPaddressandsubnetprefixinthetransportnetwork,for

example,192.168.0.2and29.5. LeavethedefaultsandclickonOK.

4. Addanuplinktotheexternalnetwork.ThismeanstheESGneedstoconnecttoaVLAN-backedvSphereportgroup.Also,anIPaddressshouldbeavailableinthephysicalnetworktoconnectto(twoifHAisrequired).1. Followstep3,provideavalidname(includetheportgroupname,for

example,Uplink-IF-VLAN100.2. AtTypeselectuplink.3. UnderConnectToclickonChangetoselecttheVLAN-backedphysical/external

portgrouptoconnectto.ClickonDistributedPortgroupinordertoseethose.

4. ProvideavalidIPaddressandsubnetprefixintheselectednetwork.5. LeavethedefaultsandclickonOKtosavetheconfiguration.

5. FinishthestepsasdescribedintheAddaDistributedLogicalRoutersection.6. NowtheESGhasbeendeployedsuccessfullyandshouldbeconnectedtotheDLR.All

LogicalswitchesconnectedtothesameDLRwillnowbeabletomakeuseoftheservicesoftheESGsuchasLoadBalancing,NATing(SourceandDestinationNAT),thestaticVPNfunctionalityandmanymore.

7. ThisconcludesthebasicNSXsetup.Itisnowreadyforworkloadstousethevirtualwires.Also,withthisbasicsetup,vRAcanbeconnectedtoNSXtomakeuseofadvancednetworking.

Dynamicroutingbetweenvirtualandphysical

Inordertobeabletoperformdynamicrouting,NSXsupportsvariousprotocolssuchasOSPForBGP.Inordertohaveafullyfunctionaldynamicrouting,itisrequiredtoconfigurethosecorrectlyandcorrelatethemwiththeexternalvirtualgateways.Otherwise,eachandeveryroutefromNSXtophysicalandviceversahadtobeaddedstatically.Sincethisisnotpractical,thedynamicroutingprotocolsareamusttoconfigurecorrectly.

SinceprofoundroutingknowledgeisrequiredtoconfigureOSPForBGP,thischapterwillnotgointodetailsabouttheseconfigurationsteps.However,ifmoreinformationregardingtheseconfigurationsarerequired,pleaserefertoVMware'sNSXinstallationandconfigurationguidesunderhttp://www.vmware.com.

ConnectingvRealizeAutomationSinceNSXisinstalledandconfiguredforbasicfunctionality,vRAcanbeconnectedtotheNSXmanagerinordertomakeusageofsomeadvancedNSXfunctionalities.

InordertoconnectvRAtoNSX,itisrequiredtologonusingauserwiththetenantadministratorroleactive.

IftheintegratedvROisused,nothingelseisrequired.IftheexternalvROisused,makesurethatallnecessarypluginsareinstalled,suchastheNSXpluginforvRA.Otherwise,theconnectionwillnotwork.

FollowthesestepsinordertoenableNSXforvRA:

1. LogintothevRAportalusingthetenantadministratorrole.2. ClickonInfrastructureandthenonEndpoints.3. HoveroverthevCenterendpointandselectEdit.Intheconfigurationwindow,addthe

followinginformation.1. SelectSpecifymanagerfornetworkandsecurityplatform.2. PutintheNSXmanageraddress,forexample,https://nsx.example.com.3. ProvidevalidNSXcredentials,ifnotalreadyexistentusetheNewicontocreatethose.

4. ClickonOKtosavethechanges.5. Oncethathasbeencompleted,verifythattheNSXdatacollectionisworking.Inordertodo

that,hoveroverthevCenterendpointagainandselectComputeResources.6. IntheComputeResourcesoverview,hoverovertheappropriateresourcesandselectData

Collection.LookforNetworkandSecurityInventoryandmakesurethattheStatusstates:Succeeded.Itcantakeacoupleofminutesuntilthestatusisdisplayed.ClickonRequestnowtorunanewcollectiontaskifnecessary.

NetworkreservationsOncevRAissuccessfullyconnectedtoNSX,someconfigurationchangeneedstobedoneunderReservations.UnderAdvancedsettings,thetransportzoneneedstobesetaswellaspossiblesecuritygroupsandroutedgateways(acreatedDLR).

Inordertodothis,followthesesteps:

1. LogintothevRAportalusingthetenantadministratorrole.2. ClickonInfrastructureandthenonReservations.3. SelecttheNetworktabandcheckthefollowingsettings.

1. UnderAdvancedSettingsandTransportzone,makesurethatthepreviouslycreatedNSXtransportzoneisselected.

2. AtSecuritygroups,selectpossiblesecuritygroupstouseifany.3. AtRoutedgateways,makesuretoselectanyDLRtoinclude,atleasttheone

previouslycreated.

4. ClickonOKtosavethechanges.

Ifallthissucceededsuccessfullythesystemisreadytocreatenetworkprofilescontainingthenewfunctionsandfeatures.

SettingupNSXnetworkprofilesWithNSXanewformofnetworkprofilescanbeused.ThenamingofthoseprofilesinvRAisunfortunatelysomewhatconfusing.Hereisashortdescriptionofthethreetypesofprofilestobeused.

Theexternalprofile

Underthisname,allnetworkswithapre-existingportgrouporvirtualwirearereferredto.ForvRA,everything,whichhasbeenpreprovisioned,isanexternalnetwork.TheLogicalSwitchescreatedearlierinthischaptercanbeaddedtovRAbydefininganetworkprofileofthistypeandaddingittotheNSXportgroupunderreservations.ThisprofilewillbeusedtoaddVMstoalreadydefinednetworkssuchasinternalDBnetworksorapplication-specificnetworks.

TheNATprofile

ThiscreatesaNATnetworkondemandusinganNSXEDGEtodefinetheNATrules.TheNATcanbecreatedasone-to-oneorone-to-many.Thisissetwiththeprofileandwillthenbevalidforanyblueprintusingthisprofile.ThiswillbeusedtoaddVMsintoaNATprofileondemand.

Theroutedprofile

Thisisthemostconfusingtypeatfirstglancesinceitsfunctionisnotself-explanatorysuchaswiththeothertwo.Theroutedprofilewillcreateaseparatevirtualwirebasedontheaddedinformation.VMsusingthisprofilewillbeputintothatvirtualwire,whichthenisconnectedtoaDLRtoaccessNSXexternalnetworks.Thecreationofthisnetworkhappensondemand.However,eachVMwillcreateitsownvirtualwire.Thismeansthattwoservicesrequestedwiththeroutedprofilesetwillnotlandinthesamenetwork.

Tocreatethesenetworks,theroutedprofilehasadifferentsetupmaskaskingforasubnetmaskandarangesubnetmask.Thesubnetmaskwilldefinethesizeofthecreatedpool.Therangesubnetmaskwilldefinethesizeofthesegmentswithinthepool.Hereisanexampleofsubnetmaskandrangesubnetmask:

Subnetmask:255.255.192.0Rangesubnetmask:255.255.255.240BaseIP:172.30.50.0

Thismeansthatthisprofilewillgeneratearound3306IPsin224networkswith15IPseach.TheIPswillstartwith172.30.50.1andendwith172.30.63.254.

Thismeansthatitcanbeusedinblueprintstofitupto15VMNICsinoneoftheseondemandnetworksconnectedtoaDLR.Thenetworkwillbecreatedwiththeservicedeploymentanddeletedwhentheservicegetsdestroyed.ItisalsopossibletocreatelargernetworksinordertofitmoreVMsintoit.ThatisallamatteroftheSubnetmaskandtheRangesubnetmask.

Inthiscase,theusedsubnetisa/18andtheusedrangetosplititisa/28.Butitcanalsobeacombinationofa/18anda/24resultinginfewernetworkswithmorespaceforVMs.

SuchasetupcanbeusedtocreateDMZnetworksondemand,ortocratelabnetworksfortobedeployedrightwiththeservice/blueprint.

UsingNSXnetworkprofilesinblueprintInordertouseNSXnetworkprofilesinblueprints,allrequiredisdraganddroppingthenetworktype(nat,routed,andexternal)intotheblueprintdesignerandselectingtherightnetworkprofiletouse.

Also,atthecreationorthesettingstaboftheblueprintundertheNSXtab,thetransportzonehastobeselectedinordertouseNSXwithintheblueprint.ThatisallrequiredafterNSXhasbeensetupproperlyandvRAhasbeenconnectedcorrectly.

SummaryThischapterdescribedbasicnetworkprinciplesandcomparedtraditionalnetworkingapproacheswiththenewSDNapproach.Also,ittouchedNSXbasicsaswellasdescriptionshowNSXworksandwhatnetworkvirtualizationcandelivertoaSDDC.Furthermore,ittouchedthebasicinstallationandconfigurationtogetquicklyupandrunningwiththefirstvirtualnetworkincludingroutingandaccesstotheexternalphysicalnetworkthroughaDLRandESG.

Inthenextchapter,thefocuswillbeonDevOpsanditspossibilitiesandopportunities.ItwillstartwithadefinitionwhatDevOpstypicallymeansandwhatusecaseswillbefulfilledbyaDevOpsplatform.Also,itwilldiscusspossibleinstallationsfittingintheSDDCandpossibilitiesfordevelopersandcompaniesusingthisnewapproachindevelopingandrunningapplications.

Chapter9.DevOpsConsiderationsThischapterwilldiscussgeneralDevOpstopicssuchaswhatcanbeunderstoodasDevOpsandwhythismightbeagamechangerinapplicationdevelopmentandrunningbusinesses.ItwilldescribethebasicfunctionsandfundamentsinregardtoDevOpsaswellasitsradicalnewapproachestodevelopingandoperatingnewapplications.

Itwillrequiresomefamiliaritywiththebasicsofsoftwaredevelopmentaswellassomebasicsinregardtopubliccloudofferingsandknowledgeaboutsoftwarecontainers.

Basedonthesepoints,thechapterwillalsohighlightintegrationpointsbetweenanSDDCforlegacyapplications(allnon-cloud-nativeapps)andaDevOps-readyinfrastructure.ItwillhighlighthowthesetwodifferentapproachescancoexistandwhatahybridSDDCunlocksintermsofoptionsandpossibilitiesfromabusinessaswellasatechnologyperspective.

Thefollowingtopicsarecoveredingreaterdetailinthischapter:

WhatisDevOpsRadicalnewITapproachWheredoesDevOpsapplybest(benefitsandrisks)Containers:Virtualization2.0PaaSaspartofDevOpsPossibilitiestoconnectDevOpswithvRAExamplesforjointservicesandblueprints

WhatisDevOpsThetermDevOpsisanartificiallycreatedwordandjoinsdevelopmentandoperationstogetherinoneterm.InatraditionalITenvironment,twoormoredifferentteamsperformthosetwodisciplines.Oneteamisresponsiblefordevelopingtheapplicationsandtheirpatchesandfixes.Theoperationsdepartmentistypicallyresponsibleforrunningtheapplicationandprovidingtherequiredenvironment(physicalorvirtualinfrastructure,networks,storage,andsoon).

Typically,suchenvironmentsareVMswithsomekindofOSinstalledandthenecessaryadditiontosupporttheapplication.IncaseofJava,theywouldhavetherequiredbinariesready,sothedevelopercanstartusingtheenvironmenttoruntheJavacode.

Althoughthisisworkingforyears,itisaverystaticapproachandcanleadtosomehandoverissuesbetweentheteams.AnITadminmightnotknowtheapplicationingreaterdetailandthereforecanonlyfollowthedeveloper'srequirementsininstallingneededsoftwareontheOS.

Ontheotherhand,developerssometimescarelessaboutthehardware,OS,drivers,orneededsoftwarepackages.Theyarefullyengagedinmakingtheapplicationsuperior.Thismightsometimesinvolvefurthertestingwithdifferentsoftwarecomponentsintheenvironment.Sometimes,theyalsojustrequireacoupleofhundredsystemstorealizeanartificialloadtestortocheckwhethertheapplicationdoesscaleasexpected(ifscalingisanoption).

Allthisrequiresthetwoteamstoworkseamlesslytogether-thedevelopersneedtoarticulatetheirneedsloudandclearandtheoperationteamneedstofollowthisrequirementsandneedtoprovideastablebutyetflexibleandagileenvironment.

Also,theenvironmentneedstofollowinternalITregulationsandprocessinordertobereadyforthedatacentersproductionenvironment.

AgilitymeetspoliciesBecausetheoperationsdepartmentofanyorganizationalsoneedstofollowtheirpoliciesandregulationstorunservicesinadatacenter,themixbetweenDevOpssuchasagilityandmeetingpoliciesandregulationsoftencreatestensionbetweentheteams.

BecausethedeveloperssometimesfeelthepressureofthebusinessmuchmorethantheIToperationsteams,theytendtopushforuntestedandundocumentedchangesinthedatacentertorunandtesttheirlatestcode.

Becausetheoperationsteamdealswiththepressureofthesecurityandregulationsdepartmentmuchmorethanthedevelopers,theytendtopushbackonuntestedorunstructuredinstallationapproachesforthesakeofthedatacentersecurityandresiliency.

Naturally,thesetwointerestsneedtocollidebecauseitishardtofollowallregulationsandprovideextensivetesting,butalsodeliveragilityandflexibilityforbleedingedgeapplicationsnobodyhascreatedbefore.

Also,supportandtroubleshootingplaysabigroleinmodernorganizations.Ifthemostimportantapplication(fromabusinessperspective)suddenlyquitsworking,thetwoteamsneedtoworktogetheronasolution.Insomeorganization,thatmightworkquitewell;inotherorganizations,theoperationsteamstartfiddlingwiththeirinternalissuesandthedevelopersstartcheckingtheirapplications.Oftenthereislittletonocommunicationbetweentheteams,whichcanleadtolongerfixingtimes.Also,fingerpointingwillhappenfastinsuchanenvironment,tryingtoidentifytheotherpartyastherootcauseoftheissueandthelongfixingtimes.Surely,everyonehasfoundhimselfinsuchasituationonceinhisorherITlife.

However,thebusinesscouldnotcarelessifithassomethingtodowiththedevelopersorsomethingwiththeoperationsteam.Alltheywantisgettingbacktoworkasquicklyaspossibletominimizethefinancialimpactoftheoutage.

AlltheseexamplesdescribewhyDevOpswasbroughttolive.Itisamixbetweenoperationsanddevelopmentandprovidesaplatformthatisreadyforboth.

HowdoesDevOpsworkBasically,theideaistohaveaready-to-runplatform,whichisavailabletodevelopersthroughanAPIorevenconnectedintotheircodingtools.ThedevelopmentteamisnotrequiredtosyncwiththeoperationsteamoncreatingOSinstances(orVMs)anymorebecausetheplatformprovidesaself-serviceinterfaceforprogram/applicationdeployments.

Withasimplecommandorclickondeploy,developerscaninstalltheirapplicationsintothisenvironment.Also,updatingisassimplebecausetheywillbeabletoredeployorupdaterightoutoftheircodingtools.

TheclueofDevOpsisthattheyarealsoresponsibleforrunningthecodeinsidethisplatform(operations).Ifanewversionisready,theywilltakecareofeitherredeployorupdatetherunningcode.Incaseofanoutage,theywillworkthroughthedeployedapplicationandcheckallnecessaryfixroutinesfortheapplicationthemselves.Ifitturnsouttobetheplatform,theycansimplyredeploytheapplicationtoadifferentplatforminordertoquicklyfixtheissue.

Fortheoperationsdepartment,itisanenhancementtoo.Alltheyhavetoprovideistheplatformforthedevelopers.Theplatformcanhaveitsownpoliciesandregulations.ItdoesnotrequiretheinstallationofsingleserversorOSestowork.AlltheoperationsunitneedstotakecareofisthattheinfrastructureservicesareconnectedsuchasDNS,authentication,securityaswellasotherITbasics,andworkfortheentireplatform.Thisplatformcanbeinstalledinasupported(bypoliciesandregulations)environmentandprovidetheadvanceddeveloperfunctionsbysoftwareabstraction.

DevOpsistheapproachtoprovideagility,speed,andflexibilitybutinacontrolledandsupportedmanner.OneofthebiggestsupporterandproviderintheDevOpsspaceisAmazonWebServices.Basically,two-thirdsoftheEC2offeringsaretargetedtowardDevOpsanddevelopers.Also,oneofthebiggeststrengthisthatitissuperquicktosetupanenvironmentendgettingthefirstdeploymentgoing.Everyonecantryitthemselvesjustwithacreditcardand10minutestospare.

Whatarecontainers

TheDevOpsmovementhasalsointroducedanewoldplayerinthedatacenter,containers.ContainersarefundamentallydifferentfromVMs,andtheyservemorethepurposeofamicroservicearchitecture.InsteadofinstallingeverythingthatanapplicationrequiresinaVM,allthesecomponentscouldbecontainersonacontainerhost.

ThebestknowncompanyprovidingacontainerframeworkisprobablyDocker.However,albeitDockerisafairlyyoungcompany,containertechnologyitselfiswell-knownsinceacoupleofyears.ContainersarebasedontheLxCextensionintheLinuxkernel,whichhasbeenaroundsinceitwasdevelopedin2008.However,Dockercreatedaveryeasy-to-useandlightweightframeworkaroundLxC,whichmadeitmuchsimplertouseandadoptit.Withthesenewcapabilities,itnowcanbeeasilyusedasaneasy-to-controlandflexiblewayofapplicationdelivery.Thisisthemainfocusofcontainers;theyareaboutflexibleandagileapplicationdelivery.Theunderlyingarchitectureisfromlessinterest;itisallabouttheapplicationsandthecapabilitytodeliverandrebuildondemand.ThisapproachissomewhatcontrarytothetraditionalIT,wherealotofenergygoesintotheinstallationofanOSandtheautomationofapplicationdeployment.

ContainersarenotVMs

AbroadmisbeliefisthatacontainerandaVMaresomewhatsimilar.Thatisbyfarnotthecase;bothtechnologiesintroduceuniqueadvantagesandchallenges.However,virtualizationhasbecomecommodity,soitisonlynaturaltocompareittothenewadditionssuchascontainers.ThefollowingtableshowssomeofthemaindifferencesbetweencontainersandVMs:

VirtualMachine Container

Permanentvirtualdisk Stateless

SeparateOSperVM OSsharedbycontainerhost

CompleteEthernetstack Port-basedcommunication-networksharedwithcontainerhost

Allapplications,monolithicandLegacy

CloudNativeorthird-platformapps.Notsuitableforlegacyapps

RequireguestOSandapppatching Nopatchingrequired-destroyandrebuild(respin)

VMwarealsointroducedtheirentryinthecontainermovementbyannouncingtwodifferentproductstoleveragecontainersonvSphere:

vSphereIntegratedContainers(vIC)

ProjectPhoton

vICisshakingupthedefinitionbetweenacontainerandaVMquiteheavilysinceVMwareintroducedamicrocontainerOStoruninaVM.ThiscreatestinyVMsforeachsinglecontainertorunonavSpherehost.TheadvantageofthistechniqueisthattheycanuseallvSpherefamilyfeaturesandfunctionstorunthisenvironment.ThisenablesnotonlyNSXtoworkwithcontainersforenhancedsecurity,butalsovRealizeOperationstodoadvancedmonitoring.SincethebaseisaVM,VMwarecanintegratethisfairlywellintotheexistingecosystemoftheSDDC.InthelatestvRealizeAutomationversion,thereisevenanintegrationintotheportaltoorder(vSphereIntegrated)containersrightoutoftheportal.

ProjectPhotonisdifferentthough.ItisanopensourceprojectwhichoffersphotonOS,acontainerruntimeplatform.ByleveragingVMwaretechnologies,itcanbeusedtobringupcontainerhostsusingthecommandline.Furthermore,italsooffersadvancedsecurityfunctionalitiessuchasauthorizingcontainerstorunonlyonalsoauthorizedhosts.ItsfunctionisveryclosetoacontainerhostandusestheVMwareecosystemtoprovideadditionalvalueinsecurity,reliability,andavailability.Furthermore,itintegrateswellwithdifferentcontainerframeworks,suchasDocker,rkt,andGardenfromPivotal.

Containersareaflexiblewaytosharesinglehostresourcesformicroservices.ThismeansthatacontainerhostisalwaystheOSbaseforallthecontainersithouses.Inahypervisor,theOSisalwaysuniquetotheVM.ThehypervisorpatchlevelwillnotaffecttheVMOSorviceversa.Therefore,aVMismoreisolatedthanacontainer.Onacontainerhost,theOSpatchandsecuritylevelwillalsoalwaysaffectthecontaineritself.

Theprecedingimageshowsthemaindifferencesbetweenthosetwoarchitectures.ThecontainershavetheabilitytoaccessthehardwareofthehostdirectlyduetothefactthattheOSresourcesaresharedamongallofthem.Therefore,theOS(Linux)willdispatchanyaccesstotheunderlyinghardwaresuchasnetworkcardsandSANcontrollers(ifpresent).

Inahypervisor,thehardwareismadeavailablethroughvirtualizationoroftenparavirtualizationofthecomponent.NetworkisavirtualNICdriver;storageisavirtualSCSIdriver;andsoon.

Containerhost:Virtualorphysical

Thereiscurrentlyadebatewheretoruncontainersbest.Somepeoplesaythathardwareistheperfectchoice.SincecontainerswillusetheunderlyingOSandtheincludedOSabstractionstoaccessthephysicalworld,thereisonlylittleimpacttoperformance.ThenativeOSdriverscanbeused.Also,sincecontainersarestateless,theydonotrequireastatefullfailoverincasesomethinggoeswrong.Alltheyneedisanothercontainerhostwheretheygetaccesstotheirdata(ifany).

Buttherearealsochallengeswiththisapproach.Thesecurityandmonitoringframeworkforcontainersisdifferentthanforvirtualenvironments.Allthiswouldhavetoberecreatedfor

containerhosts.Also,themaintenanceofthehostsisdisruptive.Sincethecontainercannotbemigratedwhiletheyarerunning(likeVMs)maintenanceonthecontainerhostalwaysmeansthatthecontainersneedtoberestartedonadifferentcontainerhost.

Toruncontainerhostsontopofahypervisor(inVMs)willhavetheadvantagethatitcanbeeasilyandquicklydone.Soifthecontainermovementinanorganizationismoreorlessfromscientificnature,virtualizationistheeasychoicesinceacontainerhostcanbeeasilydeployedasaVM.

Containerhostsontopofahypervisorwillalsohavebenefitswhenitcomestoenterpriserequirementslikeuninterruptedmanagement.Inthiscase,containerhostscouldbeevacuatedusingvMotionwithoutanyinterruption.ThissavestimeandeffortalsoinaDevOpsenvironment.OtherfunctionalitieslikeHAwillhelptomakeacontainerhostquicklyavailableafterahardwareoutage.

However,thisalsomeansthattheslightoverheadofthehypervisorplustheoverheadofthecontainerframeworkmightaffectthecontainerperformanceinaway.Unfortunately,therearenorealnumberstoputagainst.Typically,aVMwarevSphereoverheadisintheone-digitrangedependentontheapplication.TheDockerorLxCoverheadisalsoverylow,butcanbeaffectedbythenumberofcontainerstorunandthesettingsused(reservationofresources).

LikeinotherSDDCdecisions,thisdecisionshouldbetakenbasedontheintendeduseofcontainers.Ifthereisawell-establishedvSphereenvironmentwhereallthemonitoringandalotofautomationisalreadyworking,itmightbetherightthingtodeploythecontainerhostontopofthehypervisor.

DevOpsandShadowIT

GiventheagilityandflexibilityplatformslikeAmazonprovide,somedevelopersgetfrustratedwiththeirinternalITsincetheycannotdeliversuchanoffering.Thisiswhy,insomeorganizationsdevelopersturntowardproviderslikeAmazontoruntheirDevOpsenvironmentthere.Asdescribedearlier,thesetupisquickandeasy,andalldevelopersreallywantisdevelopingtheircodequickeranddeployingtheirassets/artifactsfaster.

TheproblemisthattheytendtobypassITcompletelyfromthatprocess,whichalsomeansbypassingregulationsanddatasecuritypolicies.Ifanorganizationisidentifiedtoputcustomerdataprotectedbyprivacylawsonthepubliccloud,feescanbeashighasmillionsofdollars,nottospeakfromtheimagedamagethiscouldcause.

OtherrisksarethatthepublicenvironmentisnotasprotectedastheinternalIT,whichmightmakeiteasierforhackerstostealprotecteddataonthoseenvironments.

Ingeneral,suchabypassiscalledShadowITsinceitcreatesasecondaryITenvironmentnotnecessarilyfollowinganypoliciesorrulesandregulations.Sometimes,theseShadowITprojectsareevenforcedbythebusinesstogetsomeresultsquickerasusual.

Besidestheregulatoryissuesandpotentialsecurityflaws,shadowITcanalsohaveanegativeimpactonanorganizationsbudget.Althoughtheinitialstartmightbeeasyandcheap,thereisatippingpointwhereitbecomesquiteexpensivetoruneverythingonanexternalcloud.Also,ifitbecomesnecessarytomigratedatabackfromthepubliccloudintotheowndatacenter,itmightbeaverycostlyoperation.Manyprovidersdohaveadditionalchargesinplaceifdataisleavingtheirpremises(download).

Thisiswhy,amodernorganizationcannotignorethepossibleneedforaDevOpsenvironmentsincethismightleadtoShadowIT.Inordertoprovidedevelopersthespeedandagilityofsuchanenvironment,itispossibletocombineitwiththeSDDCtoenablethebestofbothworlds.Suchahybridsetupwouldbeabletosupportlegacyapplicationsaswellasthenewestgenerationofapplications,createdusingDevOpsprincipals(alsoreferredtoasCloudNativeApplicationsorCNA).

RadicalnewITapproachDevOpsisaradicalanddisruptivewayofdoingIT.Itfocusesonapplicationsandittendstoignorehardwarebeneaththeapp.ThissoundsharshcomparedtotheclassicITapproachwhereserversandtheOSisinfocusinordertoprovideagood,secure,andscalableenvironmentfortheapplications.

InDevOps,applicationsbecomestatelesssincetheystorethedataelsewhere;thatmightbeanobject-basedstorageoraNAS/SANmountintothecontainer.Thismeansthecontainercanspinupwhereveritneedstobe,giventhatitcanaccessitsdata.Thereisnomeansinpatchingcontainers-justthecontainerdefinition(thepackage)willbeupdated.Todeploythispatchtheoldcontainerwillbedestroyedandanewcontainerwillbestartedwiththeupdatedservice/applicationcode.

Also,containersinDevOpsarenotaplacetoinstallanentirelegacyapp.Ideally,theyhousejustpartsofanappso-calledmicroservices.Thesemicroservicescanbeusedtoformanappmodularly.Thiscanbeimaginedasfollows:

IfanapplicationrequiresaPHPcomponentandaJavacomponentandawebservercomponent,allthesecanbetheirowncontainer.Theycanthenbeworkingtogetherinprovidingtheservicestotheapplication(theJavacomponent).Ifthereisaneedforasecondorathirdwebserver,developerscanjuststartanewhttpcontainerandincludeit.Also,iftheJavaappneedstostoredata,developerscaneithermountavolumeintheJavacontainerordirectlyaccessobject-basedstoragethroughhttpscalls.

ThisapproachiswaydifferentfromaclassicapplicationtoservermodeleveryoneinIThasbeenusedtountiltoday.Therefore,itchangestheentirewayofprovidinganenvironment.However,italsochangestheentirewayforprocesses,monitoring,security,andsoon.Itisatrulydisruptiveandinnovativeapproachinrunningservicesandapplications.

Also,sincecontainersarenotboundtohardware,theycanrunvirtuallyeverywhere.Thedevelopmentcanhappenonapubliccloudwhereitischeapandquicktospinupnewcontainersandalsomasstestathousandinstancesjustforoneday.Afterthatiscompletedthewholeconfig

canbeportedtoaninternaldatacenterwheretheapplicationthanrunsinproduction.

Newversionsofitcanbecreatedbycloningtheproductioncontainersandintroducingchangeinanisolatedenvironment;oncethatiscompletedthechangescanbebroughtintoproductionjustbyredeployingtheupdatedcontainerdefinitions.

Nowonderdevelopersloveallthesefeaturessincetheymaketheirdailylifesomucheasier.Nomoreticketstogetserver,nomorerequestsforaVMneededonlytoputtheircodeon.

CattleversuspetsThereisaveryfamousanalogyfortraditionalITandthenewapproachwithDevOps.Itgoeslikethis:Traditionalserversarelikepets:Whentheyareill,webringthemtothedoctor,wecareaboutthemindividuallyandmakesuretheygetalltheyneedtoliveahappylife.

DevOpsislikecattle:Itisahugeherd;theindividualwillnotreceiveanyspecialtreatment.Evenifonecowisill,theherdcanstillmoveon.Onecaresabouttheentireherdandnotabouttheindividualcow.

DevOpsandespeciallycontainersareseenlikeaherd.Ifonecontainerhasaproblem,itwillnotberepairedinthecontainer.Thedeveloperwillsimplyspinupanotherversionofittoseeifitisfixed.Ifrequired,fixesareappliedtothecontainerdefinitiononly.

Althoughthataddsalotofflexibilitytothedevelopmentanddeploymentlifecycle,itmightalsointroducetensionbetweenthetraditionalITandthenewDevOpsteams.IntraditionalIT,issuesgetanalyzedbyopeningaticket,lookingfortherootcausetopreventapossiblereoccurrenceandthenfinallyfixingtheproblem.

SinceaDevOpsenvironmentismeantformassivescale,thisprocedurewouldnotbesimple.Ifonehasthousandsofcontainersrunning,itisvirtuallyimpossibletocheckeverysingleincidentandtrytofindarootcause.However,containersdoalsointroducenewchallengestotheITteam.

Changingtheorganizationalculture

ADevOpsapproachisnotjustanothertoolinIToranotherwayofdoingapplicationdevelopment.Itintroducesaculturalchangewithinanorganization.Fromthebusinessallthewaytothedevelopers,DevOpswillchangethewaytheyareworkingwitheachother.Itismeantasanagilewayofdevelopingandrunningbusinessrelevantapplications.Forthattofunctionmanyestablishedbusinessprocessesarerequiredtoberevisitedandrewritten.Traditionalprocessesandstructureswillnolongerworkorberelevant.MuchlikeinanSDDCenvironment,whereoldprocesseshavetoberefreshedandadoptedtothenewautomation,inDevOpsentirely,newprocesseshavetobeestablished.Thiscanstartwithsimplethingslikemonitoring.

Containerscan'tbemonitoredlikeastandardvirtualinfrastructure.Theyneedtheirownmonitoringframeworkandprocesses.Whetheritbeperformanceorerrormonitoring,thereareacoupleoftoolsalreadyavailableinthemarket.However,manyofthemaretargetingaspecificcontainerframework.Thismeansthattherightmonitoringsolutionhastobeappliedtoaspecificcontainerframework.Ifthecontainerframeworkchanges,themonitoringhastochangeaswell(oronehastohavemultiplemonitoringinstances,onepereachcontainerframeworktheyuse).

Also,performancemonitoringneedstobeultimatelydecoupledfromtheunderlyinghardware.Sinceacontainercanrunvirtuallyanywhere,itisirrelevantiftheunderlyinghardwarecanbemonitored;ultimately,itisthecontainerperformanceontheplatformthatneedstobemonitored.

Thisalsointroducesnewinsightsfordevelopers,sincethehardwarehasbecomesointerchangeable,theycannotblameaspecificOS,driver,orhardwareimplementationifanapplicationisnotperformingasintended.Sinceitcanbeeasilydeployedondifferentenvironments,theperformanceoftheapplicationitselfismuchmoretransparentthanintraditionalenvironments.Thisaddspressuretosomedeveloperteamssinceitnowdependsonhowtheyusethecontainertechnologytoperformwell.DiscussionssuchasaddmoreRAMormoreCPUtomakeitfastermightbesoonobsolete.

Ontheotherhand,theinfrastructurebecomessupertransparentaswell.Ifanapplicationdoesnotperformlocally,butrunsfineonthecloud,theunderlyinginfrastructureisnowidentifiedasbottleneck.Therefore,thelocalITneedstoreactandimprovetheenvironmenttoperformasexpected.

However,besidesallthisbenefits,DevOpsisaculturalchangeinanorganization,whichrequiresalldepartmentstoultimatelyworktogether.ITgetsclosertothedevelopers.Thedeveloperswillneedtospendsometimewithsecurityconsiderations.Andfinally,thebusinesswillspendmoretimeinordertomakesurethattheircasesandrequirementsareclearfortothedevelopers.Thiswillhelpcreatingtheapplicationsquicker,anditwillalsoenhancetheteamworkofeachdepartmentinanorganization.

IfsomeonetriestoenableDevOpsandonlytalkstothedevelopers,itmightfailorcreateaShadowITwithsecurityrisks.Ifthebusinessisnotinvolvedindecisions,thebusinessimpactindoingDevOpsmightbenotasbigasexpectedandtheorganizationmightfailtocompete.IfITisnotinvolvedandcan'tdelivertherequestedenvironmentorintegration,developersandthebusinesswillgoelsewherelookingforanalternative.

PaaSaspartofDevOpsPaaSisthemostconfusingterminanSDDCsincedifferentpeoplerefertoitfordifferentdescriptionsanddifferentpartsoftheSDDC.Basically,itcanbebrokendownintothefollowingtwomajormeanings:

InstallingoneormultipleVMsandputtingsoftwareontopofit,readyforconsumption.Providingaplatformreadyfordeveloperstodeployapplicationsinto.Thisplatformwillprovideseveralspacesortenantssuchasdevelopment,qualityassurance,andproduction.Allthedeveloperwillneedisanaccessanditsapplicationtoupload.

ThischapterisaboutDevOps,andthistermisnotsetinstoneandcandescribedifferentimplementationsorfunctionalityofSDDCservices.ThefirstpartdiscussedcontainersascornerstoneofDevOps.Often,thisisalsothefirstthoughtofanydeveloperwhenitcomestoapplicationdeliveryautomation.However,thereareotherimplementationsavailable,whichwilldeliverevenmoreflexibilityandeaseofusethananakedcontainerhost.

Forcontainers,onehastobeveryLinuxsavvy.EvenifadistributionlikeDockerisused,itdoesnotworkwithouttheLinuxbashcommandlineoratleastagoodunderstandingofLinuxandhowitworks.ContainerframeworkssuchasDockerSwarmorMesospheretrytoprovideamanagementinstanceacrossmanycontainerhoststomakeadistributionofcontainersorapplicationpossible.Thisnormallyaddsacloud-scale-likeabilitytocontainerframeworks.However,thisisstillverycontainerfocused.Tomanagedifferentstagesorcreatedifferentfolders/zonesortenantstheseframeworksareclunkytouse.

Thisiswhythereareotherimplementations,leveragingthecontainertechnologybuthidingallitscomplexityfromtheuser(thedeveloper)plusaddingotherfunctionalitieslikemultitenancyandstagingofapplications.

TheCloudFoundryframeworkCloudFoundryisaframeworkdevelopedbyacompanynamedPivotal.PivotalwaspartofVMwareforawhilebeforeithasbeenspunoffintoitsownorganization.ItstillispartoftheEMC(DellTechnologies)familyoforganizations.Itprovidesaframeworkforrapidandeasyapplicationdevelopment.

Theframeworkisbasedoncontainersaswell,butitsfeaturesareready-to-useCLIfor

developersaswellasbuilt-inmultitenancyandso-calledstages.Stagesareusefulformodelingthecycleofapplicationdevelopment.Eachapplicationwillbeinadevelopmentstage,afterthatitmightenterthequalityassurancestage.Finally,itmightgetintotheproductionstageonceallothertestshavepassed.

TheDropletExecutionAgent(DEA)ofcloudfoundryhandlesthestagingprocess.Also,itperformsthefollowingkeyactions:

Managingthewardencontainers:Thisrunsapplicationsinthecontainers.Stageapplications:OnceanewapplicationoranupdatedversionispushedtoCloudFoundry,theCloudControllerselectsDEAfromapooltostagetheapplication.DEAusesanappropriatebuiltpacktocreateadroplet.Rundroplets:ManagedbyaDEA,itreflectsthelifecycleofanapplication.TheCloudControllercaninstructDEAtostartorstoporadroplet.Also,aDEAcanmonitorthestateofastartedapplicationforbroadcastingit.

TolearnmoreaboutCloudFoundryvisitdocs.cloudfoundry.organdreadthroughthedocumentation.Thereisalotofusefulinformationinthesedocuments,whichcangetanydeveloperupandrunningwithCloudFoundryquitequickandeasy.

However,anapplicationmighthavemanymorestages;thisisreallyjustanexample.Thismightbearelicfromtheolddays,butDevOpsdoesnotmeanthatsoftwaredoesn'tneedtobetestedorapprovedanymore.Itmeansthatthecyclebetweenthesestagesisashortandasautomatedaspossible.

Besidesthat,itoffersmanyotherfeatureslikeready-to-useservicesusingthebuilt-inservicebroker.Theseservicescannowbesimplyconsumedbythepushedapplications.ThismeansthatadeveloperdoesnotneedtoaskforDBtobedeployedanymore;theycansimplyusewhatCloudFoundryhastooffer.AndtherearecertainlymoreservicesavailablethanjustdatabasesorNoSQL.

CloudFoundrycanalsointegratewithobjectstorageandmakeitavailablethroughtheservicebroker.Giventhatadeveloperdoesnothavetobotherwithallthesethings,alltheydoispushtheirapplicationintotheplatformandconnectittotheprovidedservices.Thiscanbeseenasagiantplatform,readyforanymodernapplication.Insteadofcreatingafarmtohostallrequiredservicesbyvariousapplications,CloudFoundrycandynamicallyreacttowhateverthedevelopersneed.

CloudFoundryhaseasy-to-usetoolsandacompletecommand-lineinterfacetomigrateanapplicationbetweenallthesethree(ormore)stages.Eachstagecanhaveitsowndataservice(eitherDBordatastorage)aswellasitsownnetworkandsecuritypolicies.Thismakesiteasyfordeveloperstoensurethattheapplicationgetstherightsecurity-levelbasedontheselectedstage.

CloudFoundryandtheSDDC

TheframeworkcanrunonmanypubliccloudsaswellasonthevSpherehypervisordirectly.Itislightweightandrelativelyeasytosetup.Onceupandrunningitcanbeusedtoimmediatelyservenewapplications.

Givenallthisdescriptions,itsoundslikeitsupersedesthetraditionalSDDCwithitsframework,containers,andstages.However,whilethismightbetrueforcloud-nativeapps,legacyaswellasbigmonolithicapplicationswillstillneedatraditionalenvironment.

Therefore,itispossibletocombinebothworldsandprovidethebestpossiblesolution.DeveloperscanusethePaaSframework;vRealizeAutomationcanbeusedtoprovisionsupportiveCloudFoundryservicessuchasDBsorotherneededapplications.Also,ifdevelopersrequireanyadditionalservice,whichisnotyetexistent,thiscouldbeprovisionedusingacombinationofCloudFoundrycommandlineaswellasvRealizeAutomationRESTAPI.

AnexampleforthismightbeaMSSQLDBserver,whichisnotincludedinCloudFoundry.ThisSQLservicecouldbeavailableasablueprintinvRA,anddeveloperscantriggeritsdeploymentonceitisneededforagivenspaceorstage.

Toaccomplishthis,itispossibletoconnectCloudFoundrywiththevRARESTAPI.Thisconnectioncanbeanewservice/appwithinCloudFoundrywhichtriggersthedeployment.ThedeveloperwouldnotneedtologintothevRAportal,theycanstayinCloudFoundryandstillusetheirdevelopmenttoolsetortheCloudFoundrycommandline.Thiscreatesanicebridgebetweentheenterpriseorlegacyworldandthenewcloudnativeappsapproach.However,VMwarehasalsosomethingtoofferwhenitcomestoanautomatedapplicationdevelopment.

vRealizeCodeStream:DevOpswithoutcontainersThisisVMware'sapproachtomakeDevOpsreadyfortheenterpriseusingasmartanddeveloper-orientedportalnamedvRealizeCodeStream.Itismeantforappdevelopmentinahighlyautomatedenvironment.ThismightbethebridgebetweentheSDDCanditsautomateddeliveryofservices,aswellastherequirementsandneedstoday'sdeveloperhave.Thetrickisthatitcanachievethiswithoutacontainerframework,byleveragingtheexistingenvironment.

vRealizeCodeStreamneedsvRealizeAutomationtobeinstalledupon.So,itisanadd-ontoanexistingVMwareSDDCenvironment.Also,itintegrateswithmanyapplicationdevelopmentframeworksgiventhatitcomesprepackedwiththeJForgArtifactory.

Usingthis,itispossibletocreatecustomrepositoriescontainingcodeorscriptartifactsforautomatedprovisioning.Fortherepositoryservice,thereisalsoanAPI,whichcouldbeusedusingmanydevelopmenttools.Thisenablesadevelopertoupdateartifactsrightoutoftheirdevelopmenttoolofchoice.Furthermore,itmeansthatapipelinecanautomaticallyalwaysusethemostrecentartifactoutofthatrepository.

SincetherepositoryandvRCSitselfsupportso-calledparameters,anartifactorcodecanhaveadistinctnumber;oncethisnumberiscalleduponexecution,onlytheartifactmatchingthatpropertywillbeprocessed.

Allaboutthepipeline

InvRealizeCodeStream,itispossibletocreateaso-calledpipeline.Thepipelinedescribesanapplicationdevelopmentlifecycle.SimilarasinCloudFoundry,itispossibletocreatestages.Butinsteadofmanuallymovingandapplicationfromonestagetoanother,itispossibletoachievethisbyusingautomatedandprogrammableguards.

Thismeansthatifanapplicationpassesadefinedtestinagivenstage,itwilladvanceautomaticallytothenextstage.ThiscanbedefinedbasedonvariousdifferentconditionsfromatestperformedbyJenkinsoveraworkflowoutputuptoamanualapproval.

Thisautomatesthewayofqualityassuranceofanapplicationinanenvironment.Insteadofrunningallthistestsmanuallyandthenmovingaservicetothenextstageoncesuccessful,asimplecheckcanperformthisnowautomatically.

Eachstagecancontainvariousdifferentobjects.ItcandeployaVMbasedonavRAblueprint,itcaninstallanapplicationfromtherepository(JFrogArtifactory).ItcanevenintegratewithJenkinsorotherprogrammer'stoolsandestablishadirectdevelopmentlinktothedeployedenvironment.Then,adevelopercandefinethecriteriaofthegatekeepertolimitifandwhenanapplicationcanreachthenextstage.

Typically,anapprovalissettomoveanapplicationfromtheQAstageintotheproductionstage.Thisapprovalcanbeaccomplishedusingthebuilt-invRAapprovalfunctionalities.OncetheQA

wassuccessful,theappmayentertheapprovalstate.Iftheapprovalisgranted,itwillautomaticallymergeintoproduction,nohumaninterventionrequired.

Theprecedingimageshowsthedifferentstages.Thebluearrowsrepresentthegatekeepers.Onceallcriteriaaremet,theapplicationcanmigrateautomaticallytothenextstage.Theshownpipelineworksasfollows:

Stage0:ThetestenvironmentdeploysanewVM,installstheapp,configuresitandrunssometestsanddeployments.Thisisrepeatedasoftenasnecessarytodeveloptheactualapp.Stage1:ThereisalreadyaVMrunning(therunningsystem)theappgetsreinstalled,configured,andQAtestswillruntoensurethatthedevelopmentsfromStage0arestable.Stage2:Thismightbetheproductionstage.Theappgetsreinstalled(likearespinwithcontainers)andconfigured.Nowitisfinallyrunning,nomoretestsarenecessary.

Althoughthisisaverybasicexample,itshowshowpowerfulthismethodofapplicationdevelopmentcanbe.Ofcourse,itisalsopossibletomodelmorecomplexapplicationpipelinesinordertoautomatethem.Thereisnolimitonhowmanystagescanbeused,albeititmightget

verymessyiftherearetensorhundredsofstagesinapipeline.

However,thesystemdoesmorethanonlyautomatingthedeployment.Eachpipelinerunisloggedandcanbereviewed.Eachstagewillhaveastatusforeachstep.Thisisintendedtomaketroubleshootingaseasyandstraightforwardaspossible.Adevelopercanevengetoutputfromthedifferentactionallthewayuptobashscriptingoutput.

Thisismeantforanyapplicationdevelopmentprocesstogetfullyautomated.ItcreatesabridgebetweenthenewDevOpsworldandthelegacyapplications,whichmightnotyetarereadytorunincontainers.Giventhisapproach,anyapplicationcanbemadeDevOps-ready.

However,asdescribedearlier,eachpipelinecreatesitsowndevelopmentenvironmentbydeployingVMsorinstallingadditionalsoftwareonalreadyrunningVMs.ThismeansthatitultimatelyisdeployingacoupleofVMsperdevelopmentorQArun.Iftherearemanydevelopersactivelyusingthistodeploytheirveryownapplicationdevelopmentenvironment,thismightputheavyloadonthecloudportalaswellasthevirtualinfrastructurebeneathit.ItisimportanttounderstandthatfactorinordertodesigntheunderlyingvSphereinfrastructuresincetheCodeStreamrequirementmightbetotallydifferentfromtheenterpriseSDDCrequirements.

vRealizeCodeStreamintegration

vRealizeCodeStreamdoesnotonlyuseVMwarevSphereasanendpoint,itcanalsobeintegratedwithmanyotherservicesaswellasotherDevOpsframeworksinordertoautomatethebuildandprovisioningworkflow.

AsdescribedintheCloudFoundrysection,thereistheconceptofstages(orspaces),butthereisnogateautomationavailableasinCodeStream.However,itmightstillmakesensetouseCloudFoundryasaplatformfordevelopers.Inordertoachievethebestofbothworlds,vRCScanintegratewithCloudFoundry.

Thisisdonethroughtheso-calledPlug-InInstances.Theycanberegisteredwithvariousendpoints.AsofvRealizeCodeStreamversion2.1,theendpointsare:

AJenkinsServerendpointThisenablesanyJenkinstestorjobtoruninthepipeline.ItcanalsoinvokeaJenkinsbuildjobduringthemodeling/executionofthereleasepipeline.vRealizeAutomationServerendpointThispluginsenablesthemodelinganddeploymentofvRAresourceswithinapipeline.MultiplevRealizeinstancescanbeprovisionedinasinglepipelineusingthisplugin.vRealizeOrchestrator

Workflowforacustomtask:ThisenablestheconnectiontovRealizeOrchestratorworkflowtorunwithinthepipeline.Alsoconfigurationaswellaspassingonvaluesforparameterswillbepossible.Serverendpoint:ThistriggersanyworkflowsonanexternalvROfromwithinthereleasepipeline.Workflowforagatingrule:ThiscantriggeravROworkflowtoactasagatingruleinordertoautomatethereleasetoanewstage.

MicrosoftTeamFoundationServer

ThisenablestheconnectiontoaTeamFoundationServerinordertomanagebuildprojects.CloudFoundryServerendpoint

ThisisusedtodeployandmanagelifecycleofanapplicationintoCloudFoundry.BambooServerendpoint

ThisisusedtoruntestsandotherplansaswellascustomautomationandscriptsinBamboo.Thiscanalsoinvokeabuildplanduringthemodelingandexecutethisplanwithinthereleasepipeline.BugzillaServerendpoint

ThisgeneratesorupdatestasksinBugzillafromwithinthereleasepipeline.JIRAServerendpoint

ThisgeneratesandupdatesGIRAtasksorissuesoutofareleasepipeline.

Giventhisrichintegration,itshouldbepossibletousevRealizeCodeStreaminavarietyofdevelopmentenvironments.WiththepluginforCloudFoundry,itisevenpossibletoautomatethereleasemanagementanduseCloudFoundryasnativePaaSoffering.

AlsovRealizeOrchestratorwillbeamightytoolforreleaseautomation.SincevROisalsofeaturingarichpluginavailabilityandarchitecture,itwillbeeasytomodelseveraldifferenteasyandcomplexgatekeeperrules.

TheJenkinsandBamboointegrationmightbethemostinterestingoneforthedevelopers.Thesetoolsareoftenusedforcodingandthecreationofartifacts.Theabilitytodirectlyconnectapipelineanddeploymenttoolistremendouslyenhancingthedeploymentspeed.

WhiletheJIRAandBugzillaintegrationismore,targetingcontinuousimprovementandprojectmanagement.

OneintegrationthathasnotbeenmentionedyetistheintegrationinSocialcast.Socialcastisacommunicationtooloftenusedforcompanyinternalpurposes.IthasfeaturessimilartoFacebookandcanbeseenasacompanyinternalsocialmediaplatform.

vRealizeCodeStreamhastheabilitytopostupdatesfromagivenpipelinerightintoaSocialcastgroup.Whilethismightsoundabitawkwardinthefirstplace,itactuallycanprovidealotofvalue.Basically,itisaneasywaytomakepipelineexecutionstransparentforabroaderusergroup.Thisisawayofsharingprogressinaneasyandstraightforwardway.

vRealizeCodeStreamfromVMwarefortheSDDCismeanttojoiningtwodifferentworlds:TheworldofDevOpswiththeworldofenterpriseIT.

Byprovidingsmartandeasyintegrations,itcanbeseenasabridgebetweenthesetwodifferent

worldsandtheoptiontotrulybeabletofulfillthedeveloperneedsaswellastheenterpriseITrequirements.

SDDCandDevOps:AmixedworldTheSDDCisperhapsoneofthebiggestenablerforDevOpsaswellasforrunninglegacyapplicationsmoreagileanddynamic.However,formostorganizations,theSDDCisawayofrunninganddeployingtheirwell-establishedandoftenstillrequiredlegacyapplications.

GivenallthechangesaDevOpsenvironmentintroduces,itwillcollidewithestablishedandrequiredpoliciesandprocessesinanenterpriseenvironment.TheclassicapproacheswillnotworksincetheypossiblyslowdownDevOpsoperationsandalsocreateunnecessaryoverheadtosuchanenvironment.

AnexampleforthiswillbeanIPAMandCMDBsolution.Giventheshortandtemporarylifeofadevelopmentenvironment,itmightnotbenecessarytotrackthehostnameandIPaddressfromalltheVMsintheenvironment.Also,itmightnotberequiredtoaddallOSandsoftwareconfigurationitemstotheCMDBsincetheycanchangeonaday-by-daybasis.Therefore,alltheseprocesseshavetobeignored;otherwise,theenvironmentmightbecometooslowfordeveloperssothattheyhaveagaintocomeupwithadifferentsolution.

DevOpsrequirementsForpurecontainerenvironmentsuchasCloudFoundryorDockerSwarm,thisisevenmoretrue.ItmakesnosensetoregisteracontainerhostinaCMDBorlogitsIPaddressusingIPAM.Thecontainerswillcommunicatewitheachotherusingnetworkports.Also,containersaretemporaryandstateless,thereisnoneedtotracktheirstatusinaCMDB.ThepureapproachtomakeallthisworktogetherwithlegacyprocessesandtasksinanyorganizationmightaswellkilltheDevOpsapproach.

However,ITILdoesnotbecomeirrelevantjustbecauseofDevOps.Butitisnecessarytoadoptittothisnewworld.Changesinaproductionenvironmentshouldstillbeannounced,approved,anddocumented.Giventhatsomeofthesecontainersrunoncontainerhostsinproduction,theycouldbetreatedasiftheywerevSpherehostsinacluster.Itmaybeimpossibletoknowexactlyonwhichhostthecontainerruns,butmaybeitmakessensetotrackonwhichswarm/clusterthecontainertendstorun.

Theresourcesshouldbeeasilyavailableandflexibleinitsdeployment.Althoughthecontainerhostisrunningonphysicaloronvirtualservers,thereshouldbeenoughflexibilityavailableinordertoquicklyaddresourcestoagivenswarmorcluster.

InaCloudFoundryworldorPaaSworld,thereshouldbeoptionsinordertoquicklyonboardnewservicesinordertomakethemavailablethroughtheservicebroker.Ifittakesseveralweeksinordertoestablishanewservice,thiswillruinthewholecaseofhavingtheplatformavailablefordevelopers.

Besidesthetechnologyaspect,DevOpswillalwaysintroduceachangeinthewayofrunningthecurrentITenvironment.ItisliterallyimpossibletooperatethesenewenvironmentsifalltheboundariesarestilltobemettointegrateintothelegacyprocessescomingfromadifferenteraofIT.

EnterpriserequirementsInearlierchaptersofthisbook,enterpriserequirementoflegacyapplicationshavealreadybeendiscussedbriefly.AnenterpriseapplicationmightneedtofollowstrictITILrulesinordertobeintegratedinanexistingdatacenter.TheresometimesneedstobeanIPAMinplaceaswellasaCMDBinordertostoretheconfigurationandsetupofalltheseapplications.Alsoaticketingsystemmightberequiredinordertokeeptrackofpossibleincidentsandproblemsintheenvironment.

Withtheuseofautomation,thesetaskscanbecompletedwithouthumanintervention,whiletheapplicationisbeingdeployed.Aticketcanbeopenedandloggedrightoutofthecloudportal.Giventhattheseapplicationsarequitestatic,itmakessensetoautomatethedataexchangebetweenCMDB,IPAM,andaticketingsystem.Theapplicationisprobablygoingtostaticallyrunforalongerperiodsothedatawillstayrelevantaswell.

Onceanapplicationisgoingtobearchivedordeleted,alsothedatacanbeautomaticallyupdatedtomarktheapplicationasarchivedintheCMDBandreleasetheIPaddressagaininIPAM.ThisautomationmakessurethatnoresourcesarewastedandthatIPaddressescouldbereusedoncetheiroriginalownerhasdisappearedfromthedatacenter.

Albeitthisispossible,thereareorganizationshavingrulesthatIPaddressesandespeciallyhostnamesmustnotbereusedwithnewservices.Thisisnormallydonetopreventerrorsbasedonhostname/IPconfusion.

TheremightbestillcolleaguesthinkingthatagivenIPorhostnameispartofadistinctservice.Iftheservicebehindthehostname/IPisanewone,thismightleadtosevereerrorscausedbyhumaninteraction.

LegacyandDevOps:CoexistenceinoneenvironmentGivenallthedifferencesbetweenDevOpsandthelegacyworld,onemightthinkitisimportanttocreateaseparatedenvironmentforeachtype.

Thisistypicallynotrecommended.Separateenvironmentsleadtoislandsolutionswithinadatacenter.Eachislandneedstobemanagedandcontrolledseparately.Theyneedtobemonitoredandrunbyadifferentteamorthesameteam.However,givenalltheefforttoseparatetwoenvironmentswithinadatacenter,itmightnotbeefficientoragiletodothiswithaDevOpsinstallation.

AlsotheintegrationfromDevelopmenttoOperationsmightbedifficultiftheproductionenvironmentissomewhatseparatedfromthedevelopment(rememberthestages).Therefore,separatingenvironmentsisnotagoodoptionsinceitcanactuallyleadtoaslowerdeploymentinsteadofspeedingupdevelopmentanddeploymenttimes.

Asdescribedintheearliersections,thereisacoexistencewithvRealizeAutomationpossible.ItisnotonlypossiblebutshouldbeachievedinordertominimizeeffortinrunningtheenvironmentandenablingtheDevOpsteamtoreallyusewhattheSDDChastooffer.

Eveniftherearealotofthingspossiblewithcontainers,therearealwayssomeapplicationsthatcan'tbeeasilystuffedintothisnewwayofrunningsoftware.Theremightberequirementsforon-demandDBcreation,forobject-basedstorage,fore-mailconnectivity,orforotherlegacyservices.TheseservicescanbedeployedandautomatedusingthetraditionalSDDCmethodslikedeployinganapplicationontopofaVMorusingautomationtoregistertheseservicestoaservicebroker.

Also,theSDDCisempoweringDevOps.Itismoreasymbioticrelationshipthanacompetitiveone.ThereareseveralthingsthatmightnotbeaseasilypossibleinaDevOpsinstallationifthereisnoSDDCrunningsidebyside.

UseDevOpsprinciplestomanagetheSDDCBesidesthepuredevelopersviewofDevOpstorunapplicationintheSDDC,thereisanotherpointofviewworthwhiletocover.TheSDDCitselfconsistsofblueprints,whichwilldeployservices.Theseblueprintsarebasicallysoftwareoratleastcodedefinitionsofinfrastructure.Inaproductionenvironment,itisverycommontohaveadevelopmentSDDCandaproductionSDDC.OncenewservicespassalltestandqualityassurancecriteriainthedevelopmentSDDC,theycanbetransformedtotheproductionenvironment.However,thistaskhadtobedonemanuallyinthepastorbytheuseofcomplexcommand-linetoolswithouttheabilitytoversioncontrolorrollbackincaseofanerror.

ThisisquiteclosetowhatdevelopersdoinsoftwareandwhyDevOpsissopopular.Theysimplywanttobeabletoquicklyreapplyanupdatedversionoftheirsoftware.Thesameprinciplecomestrueforblueprints;itwouldbeveryhandytodevelopasimpleblueprintandthenputitinproduction,butfullyautomatedwiththepressofabutton.

ThisiswherethevRealizeCodeStreamManagementPackforITDevOpscomesintoplay.ThiswasformallyknownasprojectHoudinibyVMwareanddoesapplyDevOpsprinciplestomanagingblueprints.

ItisbasedonvRealizeCodeStreamandisavailableasanadd-onservicecataloginvRealizeAutomation.ThetargetaudienceisblueprintdesignersandSDDCadminswhowanttodevelopservicesinonevRAinstanceandthensimplytransformtheseintotheproductionvRAinstance,onceready.

ItsVersion2.1.1supportsthefollowingblueprinttypes:

IaaSblueprints(vSphereonlyatthemoment)ASDblueprintsandactionsvROworkflowsandactionsXaaSblueprints

Furthermore,itallowstheteamstoselectablueprintincludingallitsdependenciesandconfigurationsandtransformsiteithertoanothertenantoreventoanothervRAinstance.Itwillresolvealldependenciesandensurethatthesearealsoinstalledandreadyinthetargetsystem.Additionally,itcanruntestsofthatblueprintifdesiredbytherequestor.Onceallthatiscompletedsuccessfully,theblueprintwillbeavailableatthenewvRAinstanceortenant.

Thebigadvantageisthatalltheseoperationsarestoredinaversioncontrolledcentraldatabase.Soeachupdateorchangecaneasilybetrackedandalsoberolledbackifnecessary.Thisisahugeadvantagesinceiteasespublishingnewservicesandtremendouslyreducesrisksintheeventoffailures.

TheseinfrastructureasacodepackagescanalsobemanagedandwillappearundertheItemstabinvRealizeAutomation.Alloftheseareabletobedeployedtodifferenttenants,vRA

instances(includingvRO),orevenvRAinstancesindifferentdatacenters.

ThisisaverypowerfulwaytoapplytheDevOpsprincipletoinfrastructureandleverageitsfullagilityinordertocreate,test,anddeployservicewithintheSDDC.ThepluginisavailablethroughVMwarefreeofcharge,butrequiresvRealizeCodeStreamtobeconfiguredandinstalled.

SobesidestheapplicationDevOpsapproach,itshoulddefinitelyconsideredtoalsorunaninfrastructureDevOpsapproachusingthesetechnologiesinordertohavethesameefficiencyandagilitywhenitcomestothedevelopmentofnewSDDCservices.

SummaryThischapterdescribedDevOpsingeneral.ItspurposeandwhatdifferencesitmightbringtoanSDDC.ThegeneralmeaningandpurposeofDevOpswasdiscussedinordertounderstandthatthiswayofcreatingapplicationsrequiresdifferentapproaches.Italsolistedseveralapproachestoruncloud-nativeapplicationsandlistedwaystofurtherautomatetheirreleaseandtests.Also,itlistedtoolstointegrateinvRAinordertobeabletoprovidethebestofbothworldsforDevOpsaswellfortheclassiclegacyITapplication.Finally,ithighlightedawayofapplyingtheDevOpsprincipletotheSDDCservicedevelopment,inordertoleverageitsagilityandflexibilityforthecreationanddistributionofinfrastructureblueprints.

Inthenextchapter,thefocuswillbeoncapacitymanagementinanSDDC.ItwillhighlightwhyitisimportanttodopredictivecapacityplanningaswellaswhichtoolintheVMwarefamilycanbeusedtofurtherprovidethisfunctionality.Also,itwillhighlighthowtooperatevRealizeOperationsManagerandcreateso-calleddashboardsinordertoprovideaquickcapacityoverviewoftheSDDCenvironment.

Chapter10.CapacityManagementwithvRealizeOperationsThischapterwilldiveintocapacitymanagementfortheSDDC.Sincerequeststhroughthecloudportalnowdrivesthedeploymentandconsumptionofservices,usersexpectthatthereareelasticornearlylimitlessresourcesavailable.Similartoapubliccloudprovider,whereresourcesarevirtuallyendlessandalwaysavailable.Thebigcloudproviderstypicallyhaveapredictiveanalyticsmodeltounderstandwhenifandhowtheyneedtoprovideadditionalresourcestobacktheusersdemand.

Typicallyforacloudprovider,thisisaccomplishedcompletelytransparentinthebackground.Itistheirdesiretokeeptheillusionoflimitlessandendlessresourcesalivefortheircustomers.Intheend,thisiswhatalotofcustomersarelookingfor:quickandeasyonboarding.Nowaitingtimeuntilsomephysicalinstallationisgoingtobefinished.

ThisimpliesthatcapacitymanagementinahighlyautomatedenvironmentliketheSDDCisaveryimportanttopic.Beinginformedabouttheresourceconsumptionisnottheonlyimportantaspect;thecapacityplanningshouldalsobetieddirectlyintotheordermanagementprocess.Whiletheideaofasystemself-orderingitsresourcessoundsalittlebitfrighteninginthefirstplace,thisisactuallyhowthebigprovidersaredoingit.Theyhavepredictivealgorithmstoinformthemthatbasedonthecurrentusagetheywillneedxamountofserversinthenextxweeks.Thisallowsanordertobeplacedtohavetheserversshippedandupandrunningbeforethedemandactuallycatchesupwiththeavailableresources.

Now,arguablycloudproviderwillhaveadifferentbusinessmodelthananorganization,whichisonlyrunningitsownIT.However,capacityplanningisalsocrucialforthisenvironment.Ifeverauserwillbehinderedtoprovisionaservicebecausetherearesimplynotenoughresources,thiswillharmthetrustandreputationintothelocalITdepartment.Itcouldharmtherelationshipsobadly,thatusersmightactuallyconsiderprovisioningtheirservicesexternallyinsteadofinternally.

Inthispart,thefollowingtopicswillbecovered:

WhycapacitymonitoringneedstochangeinanSDDCvRealizeOperationsManagercapacitymanagementprinciplesOverviewofreportsanddashboardsforcapacitymanagementHowtocreateprojectstopredictfuturecapacitySetupofexamplereportsanddashboardsforcapacitymonitoringinanSDDC

CapacitymonitoringintheSDDCMostorganizationsdoaverybasicbutwell-establishedformofcapacityplanning.Typicallyresourcesaretiedtoprojectsortoabiggerdatacenterinitiative.Groupsparticipatingthatinitiativemayprovideabudgetandgrowthplan.Theseplansareusedtobuyrequiredhardware,whichwillbeavailablefortheentireprojecttimephase.Sometimes,ifmoreresourcesarerequiredasexpected,therewillbeadditionalserversshippedtofulfillthisdemandduringtheprojectruntime.Allthisrequiresaproperplanningandabigamountofhumaninteraction.Alsoitrequiresbeingawareofwhatisgoingoninthedatacenterandagoodamountofpreplanning.

TraditionalmonitoringandcapacityplanningtoolsmightnotbeabletodealwiththedifferentrequirementsaSDDCintroduces.Furthermore,usinglegacycapacityplanningtoolsmightincreasetheoverheadfortheworkforceandinworstcasesmaybeevenlimitthewaytheSDDCcanbeconsumed.

SincetheSDDCenvironmentitselfisconstantlychangingduetotheautomateddeploymentofworkloads,thetoolstoactuallykeeptrackofthesechangesshouldbeabletoautomaticallyadapttotheseenvironmentalchanges.

Thelegacyprojectapproachdoesonlypartiallyworkhere,sincetheremightbeusersorgroupswhosimplygotaresourcepooltodeployinto.Sometimeseventheteamsthemselvesdonotknowhowmuchcapacitytheymightneed.However,theycantracktheirconsumptionintheportalwatchingtheirresourcepoolfillingup.Butalltheseresourceshavetocomefromapowerfulandwell-managedbackend.Andthisbackendneedstobeconstantlycheckedforpossiblecapacityconstraints.

Onesolutionforthiscouldbetohavedozensofemptyserversrunningincasetheirresourcesareneeded.Butthisobviouslyisaveryexpensivewayofprovidingresourcesondemand.Sincealltheseserverswouldneedtobepreinstalledandpreconfigured,butintheend,iftheyarenotneeded,donotprovideanyvalue.

Theotheroptionistohaveanautomatedresourcedemandmanagementduetocapacitymonitoring.Inordertodothis,itisimportanttouseasystem,whichcanprovidealsopredictiveanalysis.Thisisneededtogetacapacityalertbeforetheenduserisaffected.Thesystemneedstobeabletopickupatrend,interpolatethattrendandthenprovideaforecastwhenthedemandwillbehigherthanthebackingresources.Ideallyitprovidesanalertwaybeforethatpointinordertopreparetheinfrastructureteamtoreplenishhardwareupfront.

Thisapproachissimilartowhatmoderncarmanufacturersaredoingtoday.Insteadofhavingallpartsalwaysavailableinabigwarehouse,theycalculatewithtransporttimesandincludethetruckshavingthepartsintheirpreordersystem.Thelogisticdepartmenttakescarethatthescheduleismetandthatpartsarriveexactlyastheyareneeded.Thiswaytheycansignificantlyreducetheirwarehousecostandbeflexibleintheirmanufacturingprocess.

AnSDDCworksquitesimilarlikethisexample.VMsorfurthermoreservicesaredeployedondemand,therecanbedayswheremoreofthemareneededanddayswherelessofthemaredeployed.However,thebackingresourcesneedtobeavailableastheservicesrequirethem.Thisimpliesthatinafullyautomateddeploymentenvironmentalsotheresourceorderingandinstallationprocessesneedtobeautomated.

Thismeansthatitwouldnotonlybehelpfulbutrequiredifthesystemisabletoreorderwithoutanyhumanintervention.Obviouslyanapprovalwillmakesenseforthisautomation.

Inordertoaccomplishthat,itisnotonlyrequiredtohaveacapacitymonitoringinplacewhichcanpredictdemandandcreatetrustworthyforecasts,itisalsorequiredtochangetheestablishedorderingprocessinanorganization.

SoaSDDCrequiresadifferentapproachtocapacitymonitoringthanatraditionaldatacenter.Itneedsapowerfulforecastandpredictiontool.Basedonthatforecastitwillalsorequireachangedorderingprocess.Insteadofmodelingresourcesinaproject,theyarenoworderedbasedondemandpredictionsandactualresourceconsumption.

vRealizeOperationsManagervRealizeOperationsManagerisoftenreferredtoasVMware'smonitoringsolution.Butitprovideswaymorethanjustsimpleresourcemonitoring.Notonlythatithasfullcapacitymanagementcapabilities,itisalsoisalearningsystem,whichcanself-adapttoachangingenvironment.ThismakesittheperfectsolutionfortheSDDC,sinceitcanautomaticallypickupchangesinanenvironment.AdditionallyitcanalsolearnthestandardbehaviorofVMsandservices.Thisenablesthetooltorecognizeachangeinthebehaviorandtriggeranalertbasedonthatbehavior.

Traditionalcapacitymanagementtoolsmightonlybeabletoworkwiththresholds.Whilethissoundsperfectlyacceptableinthefirstplace,itcanintroduceissuesinadynamicenvironmentsuchastheSDDC.Sincethevaluesconstantlychangeitwillbeveryhardtosetvalidthresholdsforacapacitymanagementtooltokickin.Also,athresholdneedstobewellthoughtthrough,giventhatthesupplymanagementchainneedstimetoorderanddelivertherequiredresources.

vRealizeOperationsManagerissolvingthisdilemmabyusingacompletelydifferentapproach.Itdoesnotnecessarilylookforfixedvaluesitlooksforusagepatternsandcreatesestimatedgrowthrates.Thisisapowerfulwayofmonitoringcapacity,sinceitcanalsosolvethesecaseswheretraditionalsystemsmighthavetroubles.

Forexample:InaSDDCenvironment,theremightbeanewbusinessprojectcomingup.AgivendepartmentmaybestartstoaddtensorhundredsofVMs.vRealizeOperationswillpickupthisbehavioralchangeandwillissueacapacityalertifnecessary.Thealertwilltelltheoperationsteamthatifthistrendcontinues,theyhavetoaddmoreresourcesinXamountofdays.

Atraditionalcapacity-planningtoolmightbetriggeredat90%resourceusageandsendanalert,butthatmightbetolateinordertoguaranteethatthereisnoresourceconstraint.Thefollowingworkflowpresentsatypicalorderworkflowuntilthegearisavailableinthedatacenter:

Orderisprocessedandsenttothevendor/partnerAfter3-6weekstheresourcesisarrivingtheorganizationAfter2-3weeksthekitisreadytobeconfiguredinthedatacenterAfter1-2weekstheresourceswillbecompletelyconfiguredandreadytobeused

Thatmeansthatthecapacityheadsupneedstobeatleast10weeksahead,shortest6weeksaheadoftheactualrequirementsforthoseresources.OtherwiseuserswillexperienceshortcomingsandpossibledegradedperformancewhileusingtheSDDC.Thismayleadtolessadoptionorevenforceuserstolookforalternativewaysofrunningtheirworkflows.

NeverunderestimatetheimportanceofcapacityplanningandsupplychainmanagementinordertokeeptheSDDCfunctionalandresourcesavailable.Anynotabledisruptionintheservicemightdiminishtheusabilityfortheend-userswhichmayleadtolossoftrustintheservice.

vROps6.3deploymentworkflowThedeploymentofthetoolisverystraightforward.ItisprovidedasavAPPandtosuccessfullydeployitallanadministratorhastodoisfollowthenecessaryonscreenmenu.Version6.3hasmajorimprovementsovertheolderversionsandcomesasasingleVM,insteadoftwoVMsinavAPP.ThisreducestheoverallcomplexityofvROpsandmakesiteasytoinstall.

ThefirstthingtodoafterasuccessfuldeploymentistoconnectittovCenter.Thisisdoneintheso-calledSolutionsmenu:

1. OpenvROpsinawebbrowserbypointingittohttps://vrops.example.local.2. Logonwiththegivenadmin(localusers)nameandthepasswordprovidedduringthevROps

installation.3. ClickontheAdministrationiconlocatedatthetoprowofthelefthandcolumn.Theiconhas

alittlegearsymbol.4. ClickonSolutionsintheleft-handcolumn5. SelecttheVMwarevSpheresolutioninthetableandclickontheConfigureiconinthe

Solutionsarea.6. IntheManageSolution-VMwarevSpherewindow,enterthefollowingdetails:

DisplayName:vCenterDescription:vROPsmonitoredvCentervCenterServer:vcenter.example.localCredentials:1. Clicktheplusicontoaddcredentials.2. Enteracredentialnameforexample,vCenter.3. EnteravalidvCenterusername.4. Providethepasswordfortheselecteduser.5. ClickOKtosetthecredentials.

7. ClickontheTestConnectionbuttonandwaitforapositivefeedback8. ClickonSaveSettingstostoretheconfiguredconfigurationforthesolutionsadapter.

vROpscanalsobeinstalledinHAmodewithmorethanoneinstance.Thissetupisalsocontrolledduringtheinitialinstallation.However,itrequiresmoreresourcesandsomepreconfigurationtaskstomakethatrunning.TolearnmoreaboutthisexpertsetuppleaserefertothevROpsinstallationguideathttps://pubs.vmware.com/vrealizeoperationsmanager-63/index.jsp.

AftervROpsissetupandthevCenterlinkisestablisheditisreadyforbeingusedforanalyticsandcapacitymonitoringatthevCenterlevel.

TherearemanymoresolutionadaptersavailableforvROpstoconnectitalsotothenon-VMwareworld.Itcanbeconnectedtovariousstoragevendors,SANswitchesaswellasnetworkinggear.ButalsoexoticusecasessuchastemperaturesensorsorpowerconsumptioncanbemonitoredandforecastedwithvROps(ifasolutionproviderispresent,orcouldbecustomized).Thismightnotbenecessaryforcapacitymanagement,butforadvanceddatacenteranalyticsthatmight

becomeveryhandy.

Afterallconsideredsolutionshavebeensetupitwillstartcollectingdata.Thetoolneedsawhiletogetmeaningfuldatatoprovidetrendsanddetectpatternsinthedatacenter.Usuallythistimeisabouttwotothreeweeks.SoifvROpsisnotshowinganyusabledataattheseconddayaftertheinstallation,bepatientandwaituntilthereisenoughdataavailableforvaluableoutput.

Also,theguessesandtrendswillgetbetterovertime,sincethetoolcanlearnfromlong-termpatternsaswell.

CapacitymonitoringTostartwiththecapacitymonitoringitmightbehelpfultounderstandthegeneralstructureofvROpsandhowitisorganized.Pleasebeawarethatthisstructurediffersbetweenthebasic/standardsystemandtheadvanced/enterprisesystem.ThedescribedlayoutreferstotheadvancedandenterpriseversionofvRealizeOperations.

Firstofall,ifauserwhohasadminprivilegesassignedaccessesvROpsusingawebbrowser,itwilldisplaytheenvironmentaloverviewscreen.Thistypicallyincludesallsolutionadaptersandalldata.Ittriestofocuseverythingwhatisgoingonintheenvironmentononesimpledashboard.

Thisoverviewcontainsthreemajorbadges:

Health:Thisismainlyusedformonitoringandanalyticspurposes.Risk:Thiswillprovideaforecastofpotentialissues,thesewillincludecapacityconstraints.However,thedataisalwaysanestimatebasedonthecollectedrawdataandtrendforecasts.Efficiency:Thisisbasicallyshowinghowefficientresourcesarebeingused.IfEfficiencyislowitisagoodindicationthatresourcesareoverprovisionedthismeansaVMmighthasmoreRAMorCPUconfiguredthanitactuallyneeds,verycommon.Thisisusedforcapacitycontrolandmonitoringpurposesaswell.Badefficiencyrateswillaffectcapacityaswell(wastedresources).

Unfortunatelythesevaluesareshownforallgathereddata.Whilethissoundshandyinthefirstplace,itmeansthatalotofvalueswillactuallydeludeindividualcapacityissues.Thefollowing

diagramdescribesthisdilemma:

Thedarkredlinedisplaystheindividualriskvalueforeachcluster.BylookingatthediagramitisprettyclearthatClusterCmighthaveanissueofsomesort.Theotherclustersaredoingwellsofar.WhatvRealizeOperationsisnowdoingiscalculatingtheentireriskofthedatacenter,includingallclusters.Thiswillleadtoalossofdetailsfortheindividualrisk.Thelighterbluelineshowstheoverallriskcalculatedforthedatacenter.Giventhatallotherclustersaredoingjustfine,theoverallriskisquitelow,notreallyalarming.

Sothegeneraloverviewincludingallmetricsanddatacannotbeseenastheultimatedatacenterrisk/healthorefficiencydisplay.Itismoreahintandtriestoprovideaslightinsightthatoveralleverythingisdoingwell.

Ifthisviewcontainssevereriskvalues(orangeorred)somethingseriousmighthavehappenedintheentiredatacenter.Giventhehighleveloverview,thingsneedtobeseverelybadtohaveabiginfluenceinthatview.Sointhatcaseitishelpfultoidentifythattheremightbeaglobalissuegoingoninthedatacenter.

TheruleofthumbforvRealizeOperationsis:Donotjudgetheenvironmentbasedonthe10,000feetoverviewgivenwhenloggingontothesystem.

InearlierversionsofvRealizeOperationsManager,thesebadgesdidalsoshownumbers.Sothehealthvaluecouldbe98,risk8(lowerisbetter),andefficiency95.However,VMwaredecidedtoremovethisnumberscores,sincetheyconfusedalotofpeopleandthecapacityplanningteamhadtoanswerquestionslike:

Whyisourefficiencyonly95andnot100?Whydowehaveariskof8;istheresomethingwrong?Doesahealthof98meanthat2fractionsofourenvironmenthaveproblems?

Whilethenumberswherejustdisplayedtobackthecolors(100-80green,80-60orange,60-45yellow,45-0red)theyhadnothingtodowithactuallydisplayingproblems.Ascoreof8riskmightjustmeanthatsomesystemsarepotentiallyexceedingtheirassignedresources,butnotthatthereisactuallyarealissue.

However,togetthisproblemsolvedVMwareappliedasimplefixtoallnewvROpsManagers:Nomorenumbersinbadges.

OverprovisioningandresourceallocationBesidestheoverviewdashboard,thesystemcomeswithhundredsofdetailedviewsandreports,whichcanbeusedtogetagoodunderstandingaboutresourcedemandandresourceavailability.Togetstarted,itisrecommendedtolookatanindividualgroupofitemstoexaminetheircapacityneeds.However,ultimatelythesystemshouldsendawarningpro-actively.Basedonthiswarningitthanmightmakesensetoexaminethementionedresourcescloser.Resourcewarningsandrelatedactionswillbediscussedlaterinthischapter.

InordertobeingabletounderstandwhatvROpsisdisplayingitisimportanttobeawareofhowvirtualresourcemanagementandprovisioningworksinvSphere.Thefollowingexampleisbasedonanextremelyoverprovisioneddatastore:

Itholds10VMDKsEachthinprovisionedwith500GBConsumedspaceis0.5TB

InvSphere,onespeaksofoverprovisioningifmoreresourcesareallocated(provisioned)thanactuallyavailable.WhilethisiscommonpracticeforCPUsandevenmemoryvirtualization,fordiskspaceitneedssomeextraeffort.IftheCPUormemoryresourceisconstraint,theVMmightoperateslower.Ifdiskspaceissuddenlynolongeravailable,mostOSesstopoperatingatall.ThereforediskspaceisamorecriticalresourcethanCPUormemory.

Thesetupintheprecedingimageisveryrisky.Someapplicationshavehighresourcerequirementsbutthantheyeventuallyneverusealltheallocatedresources.However,thereisnoguaranteethatanapplication/VMwillnotstartusingallitsallocatedresources.

Someprominentexamplesforunforeseenuseofresourcesarequitetrivial:

OSupdatescanconsumealotofdiskspaceApplicationbasedbackup(forexample,databasedumps)Applicationupdates

Softwaremaintenance(newinstalls)

Insomeenvironmentsthismighttakeawhile,butbepreparedthatthedatabaseadminmaybebesidestomorrowtomovefromasimpletoafullbackuppatternforsomereason.Orjustthetheadditionaldatabasedumpaccordingwiththebackup,sincethereisenoughdiskspaceleftintheOS,right...?

Normally,vSpheredoesallowsettingalimitonoverprovisioning.ThiswouldthanpreventputtingtomanyVMDKsontoadatastore.Theselimitsaretypicallysetinpercentageofthedatastore'scapacity.Soifadatastorehas2TB,alimitcanbesetto150%,whichmeansthatitwillallowanallocationof3TBoranoverprovisioningof50%.

Inthiscase,suchalimithasnotbeenset.ThedatastorehappilysupportseverysingleVMDKaslongasthereisenoughphysicalspaceleft.However,theoverprovisioningisa5TBona2TBdatastore.Thismeanstheresourceis250%overprovisioned.

AsmentionedinChapter3,VMwarevSphere:TheSDDCFoundation,vSpherewillhavesomespecialabilitiestoprotectVMsfromstoppingtooperateduetooutofstorageissuesbyusingstorageDRSoutofspaceavoidancemoves(ifconfiguredandenabled).However,thisfunctionneedsotheravailableresourcetobouncetheVMsoffto.Thiseitherrequiresattachedemptydatastore,whichwillharmtheefficiency,oranintelligentprocesstoaddresourcesbasedonthegrowingdemand.Giventhis,isimportanttounderstandthatwiththeover-allocation,thereisoneimportantmetrictolookafter:resourcedemand.

DemandiscreatediftheVMsstarttotouchmoreandmoreoftheirallocatedresources.Thismeanstheyeventuallystarttophysically(wellvirtuallyactually)consumetheallocatedspace.Andfromthisdemandatrendcanbecalculated.

vRealizeOperationsManagerwillcloselymonitortheallocationandthedemandandprovideinsightsandatrendforboth.Whilecapacitytrendmightnotchangesoquickly,thedemandcanchangeveryquickly.

ThefollowingscreenshotshowsanexampleviewinvRealizeOperationshowsuchadatastorewouldlooklike.TheviewisprovidedattheCapacityRemainingtabonaselectvSpherecluster:

vRealizeOperationshasalreadyhighlightedtheareaslimitingtheclusterscapacity.InthiscaseitistheDiskSpace:

Thetotalcapacitysays6.41TB(including70%overcommit)Thesystemdetectedthatalready5.57TB(96.89%)hasbeenallocatedtoVMsThephysicalavailablestoragespaceis4TB

vROpswillnotonlyhighlightthevalues,itwillalsosende-mailalertnotificationstomakesurethatthisstatusisnotmissedbyanybody.However,bylookingonthedemandgraph,itshowsthatthedemandhasbeenprettyflatforthelast30days.

Also,theDemandrowshowsallthediskdetails:

TotalCapacity:3.91TBUsableCapacity:3.51TB(includesHAbuffer)CapacityRemaining:1.95TBRecommendedSize:1.73TBAverageDemand:1.56TB

SoinrealitytheVMsonlyconsume1.56TBfrom3.91TB,whichmeansthatroughly45%oftheavailabledatastorespaceisutilizedbyalltheseVMs.However,theVMscouldconsumeallthewayupto6.41TB,whichis2.41TBmorethanavailable.

Theriskofthisdisasteroccurringcancurrentlybeseenatthedemandchart.Itisflatforthelast30days.SeemsthatthisisoneofthecaseswherealotofresourceshavebeenprovidedtotheVMs,buttheapplicationsdonotneedallthosecurrently.

However,ifthedemandrises,immediateactionisrequiredtopreventanydisruptiontotheapplications/VMs.

Ontheotherhand,thisisaveryefficientwaytomakeuseofresources;risky,butefficient.

ThishasbeensetupinalabenvironmentandisNOTrecommendedforproductionbyanymeans.Theriskofsuchasetupwillalwaysbewaytohighnomatterhowhightheefficiencybenefitmightbe.

NavigatingvRealizeOperationsManagervRealizeOperationsManagerisaverymightytoolforboth,capacityplanningaswellasdatacenteranalytics.Thereforeithasaveryrichuserinterfacefullofdataandobjectstoinspect.ThecapacityplannerwillproperlyneeddifferentmenusanddashboardsthanthevSphereadministratororthedatacenteranalyst.Thissectionshouldprovideanoverviewofusefulfunctionsforcapacityplanningandwheretofindtheminthetool.

Capacityremaining

Thishasbeendiscussedearlier,thecapacityremainingdashboardisavailableforvSphereresourceslikehosts,clustersanddatacenters.Togettothisviewfollowthefollowingsteps:

1. OpenvRealizeOperationsManagerwebUIinyourbrowser.2. InthehomescreenclickonEnvironmentintheleft-handpane.3. Attheupdatedview,clickonvSphereHostsandClusters.4. ExpandvSphereWorld|expandthevCenter|expandthedatacentertofinallyclickonto

thedesiredclustertoview.5. InthemaindashboardclickonAnalysis.6. SelecttheCapacityRemainingdashboardintheAnalysistab.

Thiswillprovideadetailedoverviewoftheclusteranditsresourcesasshowninthefollowinggraphic:

Likeintheformerexample,thisoverviewprovidesaquickaneasywaytocheckthecapacitydemandsandrisksfortheselectedobject.Inthiscase,itisapayloadclusterprovidingresourcesfortheSDDC.Thereisalsoaverybasicscenariobasedwhat-ifanalysisavailableattheWhatWillFittopsection.ItshowssomerectangleswithVMcountsinthem.Thenumbersarebasedonaworkloadprofile.Eachrectanglesymbolizesaseparateworkloadprofiles.However,defaultswillneverreallyfitallcustomerssoitisalsopossibletocreatecustomVMprofilesbasedonactualworkloads(VMs)runningintheenvironment.

OneoftheseprofileshasbeencreatedandiscalledSDDCVM.ThisisnotjustsomeCPU,memory,anddiskspaceprofile.Ittakesalltheworkloaddata(includingdemand,performancebehavior,andsoon)andstoresit.Thanitcomparesitwiththecapacityremaininginthecluster.GiventhatitisusingtherealdatafromtheactualdeployedVMs,itisfarmoreaccuratethanthedefaultprofiles.

Tocreateoneoftheseprofiles,followthesesteps:

1. Clickontherectanglewiththeplussign.2. Intheconfigurationwindowprovideavalidprofilenameanddescription.

3. ClickEnablethisprofileforallPoliciesifdesired.4. IntheMetricssectiondecideforafiltermode.EitherAllocationorDemandorboth.5. NowclickonPopulatemetricsfrom....6. AtExistingVirtualMachineselectaVMtoactasastandard.TrytoselectaVM

configurationdescribingthemostusedblueprintoftheSDDCenvironment.7. ClickOKtosavetheprofileconfiguration.

Theprofileisnowavailable,howeveritmighttakealittlewhileuntilitshowsanumberofVMs.

IfAllocationhasbeenselected,thenumberofVMswillbecalculatedbasedontheirallocatedresources.

IfDemandhasbeenselected,thenumberofVMswillshowhowmanyofthemwillfitbasedontheirresourcedemand.Inotherwords,basedontheircurrentlyusedresources.

Ifbothisselected,thesystemtakesbothconsiderationsintoaccountandtrytogivethebestprediction

Asoftodaytheseprofilescannotbeeditedaftertheyareadded.Ifyouneedtochangetheprofile(forexample,fromAllocationtoDemand)itneedstobedeletedandrecreatedfromscratch.

TheseprofilesareagoodwaytoensurethattheresourcesareavailablegiventhespecificSDDCVMconfiguration.Thiswillriseaccuracyandthereforemakesiteasiertoreacttopossibleresourceconstraints.

RightnexttotheCapacityRemainingdashboardthereisalsoaTimeRemainingdashboard,whichwillbasicallyinterpolatethetimeremaininguntiltheresourcewillbe100%used.Ifthisvalueisbiggerthanoneyear,itwillsimplystate>1yr.

Theresourcesinthetablecanbeexpandedbyclickingontheirdownarrow.IncaseofDemand,adiagramwilldisplaycurrentandfuture(interpolated)demand.Basedonthatfuturedemandtheremainingtimewillbecalculated.

Theprecedingimageshowsagrowingmemorydemand.Basedonthelast12weeksthesystemdetectsanongoingtrend.Thistrendwillbeaddedtotheforecast.Givenallthismetricsthesystemcanpredictwhenthecurrentresourceswillnolongerbeabletoservethedemand.ThecurrentresourcescalledUsableCapacityareshowninthegraphicaspurpleline.Theredareaisthecurrentandfuturedemand.Whentheredareaandthepurplelineiscrossingthismarksthetimetoaddresourcestofulfillfurtherdemand.Inthiscasethispointisfurtheraheadthanayear,soitisnotshowninthegraph.

Theseconditionscanchangeveryquickly.IfauserdeploysmultipleVMsintothisclusterthememorydemandwillchange.Thiswillleadtoarecalculationofthetimeremainingestimate.Thereforealertscanbedefinedbasedontimeremainingnotifications.Ifthismightdropto3monthforexample,analertcouldbesendtotheprocurementdepartmentinordertomakethemawareoftheupcomingresourceconstraint.

Eventuallythealertcouldautomaticallytriggerapurchasingmanagementsystemtoorderadditionalresources.Thefinancialdepartmentwillonlybeinvolvedtoapprovetheorder.Inthiscasesystemwouldbeeconfiguredasself-healing(orselforderinginthiscase)tosolveindividualissues.

Whilemostorganizationswillnotliketheideaofmachinesorderingmachines,itcouldstillbedonebutwithasimpleapprovalchain.ThiswouldbeanopportunitytoaddaXaaSservicetovRealizeAutomation,whichtriggersaserverordering.ThisservicerequestcouldthanbetriggeredbyvRealizeOperations.

UnfortunatelythisfunctionalitydoesnotcomeincludedinvRealizeOperations,butthereisafreealertplugin,whichcantriggerRESTcalls.TheseRESTcallscanbeusedtolaunchthevRARESTAPIandrequesttheservice.

PleasebeawarethatVMwaredoesnotofficiallysupportthepluginforthecustomRESTactionforvRealizeOperations.

CapacityplanningSofarthemonitoringandpredictionofusedcapacityhasbeendiscussedinthischapter.Butthereisalsoaplanningaspecttopreventloworriskyresourcesituations.vROpswillalsoallowforthiscapacityplanningtaskswithanextratabcalledProjects.

Atthebeginningofthischapter,itwasexplainedthatresourceswhereoftenaddedorboughtbasedonprojectsandthatthisisnolongeraccurateforanSDDC.Thisstatementwasreferringtolargeprojectsrequiringalsohardwareresourcestobebought.Basedonthisprojectsentireareasofdatacentermighthavebeenfilledwithservers,storageandcompute.

InanSDDC,projectsarestillrelevantandeventuallywillevenincreasepopularitysincetheycanbemuchquickerberealized.Thisisalsoreferredtoastimetomarketorsometimes,timetovalue.SincetheSDDCisofferinginfiniteresourcesondemandwithasimplemouseclick,itistheidealplatformforanyproject.

Inreality,thisillusionisonlypossibleifthereisaverygoodcapacityplanningandmonitoring.Themonitoringaspectshavebeendiscussedsofarandaregoodtokeepanoverviewabouttherunningenvironmentandpredictanyfuturepotentialconstraints.Theplanningisneededtopreventanyconstraintsintroducedinaveryshortamountoftime.

ThefollowingexamplemighthelptobetterunderstandwhatprojectsareforinvRealizeOperationsManagerandhowtheycanbeusedtogetherwithvRealizeAutomation.

Adevelopmentteamdecidestheyneed:

10databaseVMs25applicationserverVMs100webserverVMs

Thosearerequiredinordertotestforaspecificapplicationscenario.InordertoquicklygetallthisdeployedtheSDDCistheperfectstartingpoint.Sotheywillgoaheadandrequest135VMstobedeployedinaveryshortamountoftime.TheseVMswillcomewithdifferentprofilesanddifferentrequirements.

TomakesuretheSDDCisnotblindlydoinganything,whichhasbeenrequested,approvalshavebeenintroduced.InChapter5,VMwarevRealizeAutomation,theseapprovalsarediscussedingreaterdetail.Fromacapacityplanningperspective,approvalsareinterestingtopreventsprawlandtomakesurethatthesystemcanhandletheintroducedloadwellenough.

Besidesthecostandregulatorynatureofapprovals,theyarealsoneededinordertomaintaintheSDDCresilientandresponsive.ImaginewhatwouldhappenifauserwouldorderasmanyVMstobringtheSDDCsresourcesdown.Alluserswouldbeaffected.Thisisanotherreasonwhy

approvalsshouldbetakenseriouslyinordertoprotectSDDCfunctionalityandguaranteeflawlessoperation.

Additionally,beingawareofsuchmassiveVMprovisioningrequestswillmakeiteasiertoorderresourcesevenbeforethevROpstimeremainingmonitoringfeaturemighttriggerawarning.

ProjectsinvRealizeOperationsManagerLetsassumethedevelopersfilledintheirrequesttovRealizeAutomationandthisisnowsendforapprovaltotheSDDCoperationsteam.Thisteamisalsoresponsiblefortheresourcemanagementandavailability.AssoonastheapprovalcomesintheycanusethedetailsoftherequesttomodelthedataintovROpstoseeifthecapacitywillbesufficientforsuchaproject.

Forthisusecase,vROpshasitsownfunctionalitycalledprojects.Tomodelsuchaproject,followthesesteps:

1. OpenvRealizeOperationsManagerwebUIinyourbrowserby.2. InthehomescreenclickonEnvironmentintheleft-handpane.3. Attheupdatedview,clickonvSphereHostsandClusters.4. ExpandvSphereWorld|expandthevCenter|expandthedatacentertofinallyclickonto

thedesiredclustertoview.5. InthemaindashboardclickonProjects.

Atthelowerhalfofthisdashboard,therewillbeatableshowingallcurrentlyconfiguredprojects(ifany).Ifnoprojectshavebeenconfigured,thistablewillbecompletelyempty.

Tocreateanewproject,followthesesteps:

1. Clickontheplussigninthelowerhalfofthedashboard.2. Provideavalidname,description,andselectPlanned-nobadgesaffected.

Projectscanalsoberetro-modeled.ThisiswhatStatusCommitted-badgesaffectedinthecreationwizardstandsfor.

3. ClickonScenariosatthebottomleftofthescreentobringuptheprojectmodeler.4. Makesurethecorrectobjectisselected,intheexampleitwillbeanSDDCcluster.Butit

canbedifferentvirtualobjectssuchasdatastores,hostsorevenVMs.5. IntheAddDemandsectiondragaddVirtualMachineintheScenariosarea(rightnextto

theleftcolumn)6. Nowtheprojectparameters(VMparameters)canbecreated,fillinallnecessarymetrics.It

isimportanttotrytobeasaccurateaspossible,sincethepredictionwillonlybeasgoodastheprovideddata.

7. Intheconfigurationarea(righttotheScenariosarea)provideallknownparameterstomodeltheanticipatedVMresourcedemand.Makesuretofillinconsumedversusprovisionedcorrectly.Forthedatabasesitisasaveassumptionthatmemoryconsumedequalsmemoryallocated.Forthewebservers,thememoryallocationmightbe4GBbutthesystemmightonlyconsume3GB.Itisrecommendedtomakeaneducatedguesshere.Buttrytostaybalancedbetweentocarefulandtorisky(with4GBRAMallocated,2.5GBisprobablyconsumed).

8. ClickSavetostoretheprojectdata.

OncetheprojectissaveitwillnowappearintheProjectstabundertheprojecttable.Asseenintheimage,therearesomeshortcomingswithresourcesforthisproject.Especiallydiskspaceisaproblem.The135VMsconsumewaymoredatastorespacethancurrentlyassignedtothiscluster.

Luckily,thismightbeaneasyfixifthereisstillenoughphysicalstoragespaceavailable.ThesolutionwouldbetoadddatastorestotheclusterinordertomakeroomforallthisnewVMscreated.

However,thegraphautomaticallyshowsthemostconstraintresource,butitisworthwhilecheckingalsotheotherresourceslikememoryorCPUtoseehowtheyfitintothecurrentenvironment.CPUormemoryissuesaremuchmoredifficulttosolve,sincethatliterallymeansthathostseitherneedtobeaddedtoacluster,ortheirmemoryorCPUsneedtobeupgraded(thatisveryrare,typicallyorganizationsaddhostsinsteadofupgradingthem).

IntheimageCPUdemandisnotconfigured.ThatisbecauseCPUdemand(actualMhzorGhztheVMneedstorun)isquiteimpossibletopredict.Ifvalueswouldbeenteredhere(suchas1.5Ghz)vROpswillcalculatethatasfixedvaluetheVMalwaysneeds.ThiscanleadtoaCPUconstraintinfographic,whichwouldonlybetrueifalltheVMswouldhaveexactlyasmuchCPUdemandasputintotheproject.Sothissettingandmodelshouldbetakenwithagrainofsalt.

Thisisaquickandeasywaytoidentifypossibleconstraintsandreactinatimelymanortoresolvethem.IntheexampletheteamcanadddiskstotheclusterandgivetherequestfromtheQAteamago.vRAwillautomaticallyprovisiontheVMsonthenewlyavailableresourcesandalltheteamsarehappy.

Ideallythisisallcompletedinaveryshortamountoftime.GiventheeasymodelingcapabilitiesofvRealizeOperations,suchcalculationscanbedoneliterallyinnotime.

Iftheprojectisthanrealized(theVMsaredeployed)itispossibletosetacreatedprojectfromPlannedtoCommitted.Thiswillthanaffectthehealth,risk,andefficiencybadges.Alsotheprojectcanbemonitorediftheforecastandtheactualresourcedemandpossiblymatch.

ReportsinvRealizeOperationsManagerBesidestheprojectstohelppro-activelyplanforcapacity,thereisalsoareportsfunctionality,whichwillcreatecustomreportsandsendthemasPDForCSVattachmentviae-mail.ThereareacoupleofpresetreportsinvROps,butitisalsopossibletocreatecustomreportstocontainexactlytheamountofinformationrequiredtoberelevantforthereceiver.

Reportscustomizationincludesanorganizationalbrandingandlogos.ThemostcommonusecaseistosendthosetotheheadofoperationsoreventotheCIOleveltoprovidesomelevelofinsightintothedatacenter.

TheyareespeciallyniceifthecapacityplanningteamisnotabletoaccessvROpsonaregularlybase.Reportscanbescheduledonaregularbasis(daily,weekly,monthly,andsoon).

Definingareportisquitesimple:

1. OpenvRealizeOperationsManagerwebUIinyourbrowserby.2. InthehomescreenclickonContent(iconlookslikealittlenotebook)intheleft-handpane.3. ClickonReports.4. ClickontheplussignunderReportTemplates.5. Provideameaningfulnametothereport.6. ClickonViewsandDashboardstoconfigurethecontentofthereport.7. BrowsforrequiredViewsoraddevencontentfromadashboardintothereport.8. MakesureCSVandPDFisselectedunderFormats.9. Oncethecomposingiscompleted,clickonSave.10. NowthenewreportcanberunandthaninspectedinvROps.

Oncethecustomcreatedreportisavailable,itwillshowupintheReportTemplatestable.

Inordertorunthereportinstantly,clicktheRunTemplateiconatthattopofthereportstable(ithasalittlegreenplayicon).OncethereportwasexecutedsuccessfullyitcanbeaccessedbyclickingonGeneratedreports(1).

AtthisoverviewthereportwillbeselectabletodownloadinPDForCSVformat.

Reportscanalsobescheduledrepeatedexecution.Whilestillinthereportsscreen(Content)dothefollowing:

1. Selectthedesiredreporttoschedule.2. ClickthelittlegeariconatthetopofthereportstableandselectSchedulereport...fromthe

dropdownmenu.3. IntheSelectanObjectscreen,selecttheobjectthereportshouldrunon(forexample,a

SDDCcluster)andclickNexttocontinue.4. IntheDefineSchedulewindow,selectthepreferredweekday,recurrence,timeandtime

zone.5. AtthePublishingarea,makesuretoenteracorrecte-mailaddresstosendthereportto(or

mailinglist).

Inordertosendane-mail,vROpshastobeconfiguredtouseanexternalwebserver.

6. ClickFinishandthereportisscheduledforexecution.

ViewsinvRealizeOperationsManagerViewsarenotonlyavailabletobeputintoreportstheycanalsobeshownindashboards.Dashboardsareaquickwaytodisplayallrelevantmetricsforacertaintopic.Also,theycandisplayamixofavailablemetricsanddata.However,hismetricsdatatodisplayneedstobeavailableasaView.

ViewsarethesmallerbuildingblocksofvROpsinformationdisplay.Asdescribedearliertheycanbeputintoareportlikelittlemodulestodisplaydesiredinformation.vROpscomeswithanumberofprecreatedviewsbutthereisalsothepossibilitytocreatecustomviewsonresources,yetnotalreadypresent.

Designingacustomviewisassimpleascreatingacustomreport:

1. IntheContentscreenclickViews.2. Clickontheplussignintheviewstabletoaddaview.3. Provideameaningfulnametotheview.4. ClickonPresentationatthebottomofthewizardandselectaformofpresentationforthe

view,forexample,Trend.5. ClickonSubjectstocontinue.Pickanobjecttogetmetricsfrom,forexample,Cluster

ComputeResource.6. ClickonDatatoselectthedatatobeincluded.ItshowsalistofallvROpsmetrics.For

example,DiskSpaceEffectiveDemand%andDiskSpaceCapacityRemaining%.Makesurethatthesearenotalreadyexistentinapresetview.

7. ClickonVisibilitytoconfigurewheretheviewcanbeused.Ifdesired,itcanbeaddedtofurtheranalysistoinfluencethedisplayedsections.

8. TofinishtheconfigurationclickonSave.

ThisnewViewcannowbeusedindashboardsandreports.Thereisalwaysapossibilitytoreedittheviewifthedataisnotshownasintended.

ViewsdoaddalotofflexibilitytovRealizeOperations.BasicallytheycanbeseenasLegobricksaddingcustomcapabilitiestofiteveryorganizationsneeds.Especiallywhenitcomestocapacitymanagement,someofthisdataisnotexistentintheprecreatedviews.Thisisanicewaytoaddthisdataandevencreateownreportsorcapacitydashboardstodisplaythesemetrics.

SummaryThischapterdescribedcapacitymanagementintheSDDC.ItwastalkingaboutusefultechniquestostayontopoftheunpredictablenatureoftheSDDCdemand.Italsodiscussedsomeresourcemanagementbasics,whicharenecessarytogainabetterunderstandingofvRealizeOperationsMangerdisplayedgraphics.Finallyitdiscussedsomepro-activetaskslikecapacityplanning.Thelastsectiondiscussedhowtousereportsandviewsinordertocreatecustomdataproviders.Alsoschedulingaspectsofreportswherediscussedinordertoensurethatdatacanbeproactivelysenttoacapacitymanagementteam.

Inthenextchapter,thefocuswillbeontroubleshootingandmonitoringoftheSDDC.Itwillintroduceconceptsbasedonbestpracticesandexperiencetoavoidworst-casescenarios.AlsoitwilldiscussvRealizeOperationsfromananalyticsstandpointtodetectanomaliesandreportthose.Furthermoretheuseofactionsattachedtoalarmsisdiscussed.Finallyitwillalsodiscusstheimportanceofacentrallogmanagementsystem,inordertobeabletoquicklyidentifyproblemsacrosstheboundariesofmultiplehardwareandsoftwaresystems.ItwillshowhowtoconfigurevRealizeLogInsightandprovidespracticalexamplesonloganalysisanddashboards.

Chapter11.TroubleshootingandMonitoringThischapterwilldiscusstroubleshootingandmonitoringtechniquesinanSDDCenvironment.First,itisimportanttonotethattheSDDCitselfisacomplexenvironment,whichhidesthiscomplexityfromtheuser.Thisisdonethroughauserportalwithyeteasy-to-requestservices.Althoughthisisperfectfortheenduser,itcanbecomequicklyverydifficulttotroubleshootforoperatorsoradministrators.AnSDDCismorethanjusttheVMwarecomponentssuchastheportal,thehypervisors,andthevirtualnetworking.Itisalsousingtheorchestratorforthird-partyintegrationtoexternaltools.Apowerfulandyeteasy-to-consumemonitoringneedstobeinplaceforalloftheseprocessesandtriggers.

Ifaservicedeploymentisfailing,itisimportanttoquicklyidentifytherootcausetofixit.Thebestcaseisthatitcanbefoundwiththeerrormessagethedeploymentgenerates.Theworstcaserequiresamonitoringsystemthatisabletocorrelateactionstoidentifyasinglethreadoflogsperdeployment.Thatsoundsverycomplex,butthischapterwillshowhowallofthisispossibleintheSDDC.

Besidesmonitoringthedeploymentprocessofservices,itisalsoimportanttomonitorthehealthofthedeployedsystemsaswell.ThiscreatesnewchallengesforalegacymonitoringsystemsincetheusecaseftherequestedserviceorVMisunknown.Thismeansthemonitoringsystemneedstounderstandhowthedeployedserveroperatesinordertodetectanyfailureorproblem.Asimplethreshold-basedmonitoringsystemwillnotbeabletodeliverthisfunctionality.Infact,themonitoringsystemitselfhastohavesomeintelligenceinordertounderstandtheservicebehaviorandwhentheserviceisactuallyfailing.Thissoundslikefictionforservermonitoring,butitistheoperationaltruthfortheSDDC.Themonitoringneedstobeasagileandflexibleastheplatformitself.Yet,theloginformationmanagementandloghandlingneedstobelossless.Also,itneedstogatherallmessagesfromallusedsystemsintheentireSDDCevenifthosesystemsareexternaltothecoreSDDCapplications.SuchsystemsareIPAddressManagement(IPAM),ConfigurationManagementDatabase(CMDB),applicationinstallationservice,andsoon.

EverythingthatispartofthedeploymentorlifecycleprocessinanSDDCneedstobemonitored.Allthisinformationneedstobesearchableandprocessableinaquickandeasywayinordertofindpossibleproblemsbeforetheyimpacttheproductionenvironment.Allthiswillbecoveredinthischapterincludingthefollowingpoints:

MonitoringconceptsfortheSDDCAdvancedanalyticsandmonitoringMessageloggingandtherecommendedlogconfigurationLoganalysisandwhyitisimportantFeedbackmonitoringdatatovRealizeautomationTroubleshootingexamplesintheSDDCSDDCself-healingcapabilities

MonitoringandanalyticsintheSDDCAsdiscussedatthebeginningofthischapter,theSDDCintroducessomechallenges,whichcannotbeeasilyovercomewithtraditionalmonitoringsystems.ThisbecomesclearifonelooksatthetraditionalversustheSDDCwayofdeployingservicesandworkloads.

Inthetraditionaldatacenter,workloadsareoftendeployedinformofprojects.Theyhaveadistinctfunction(webserver,applicationserver,database,andsoon)aswellasforeseeableworkloadprofile.Basedonthis,themonitoringadmincansetasetofthresholdstomakesurethattheworkloadisworkingwithinitsexpectedrange.Normally,thesethresholdsareCPUusage,memoryusage,swapping,diskspace,andsoon.

Amonitoringsystemisawareofthenewserverandisassociatingallthesethresholdstotheserver.Ifoneofthesevaluesareviolated,itwillsendawarningoranalarmtothemonitoringteamortheadministrator.Thishasbeenusedforyearsinthedatacenterandisawell-knownandprovenpractice.

However,overthepastyears,thedatacentercomplexityhasbeenincreasedandalsotheusecaseofserversisnotasclearanymoreasbefore.Thistrendhasbeenintroducedbyvirtualization.CreatingaVMissoeasy,itmayisnotattachedtoaprojectanymore.MaybeadeveloperjustrealizedthatoneadditionalVMisneededfortestingtheircode.ThecreationisquickandeasyandalltheinfrastructureteamneedstoknowistheCPUcount,thememory,andthedisksize.Givenallthatflexibility,itisdifficulttomodeleachandeveryVMinamonitoringsystem,sothesystemsstartedtoapplydefaultvaluestotheservices.Now,themonitoringwasnotadjustedtotheserverworkloadanymore,itwasmorecreatedwithaonefitsallideainthebackground.Examplesforthesedefaultthresholdsare:

80%CPUusage=Warning,90%=Alert80%memoryusage=Alert85%diskusage=Warning,95%=Alert80%netusage=Warning,95%=Alert

ThisisaneasyprofiletoapplytoallVMs,butitisalsoonethatmaycreatealotoffalsepositivesinanenvironment.

TheriskoffalsepositivesTherearetwoworst-casescenarioswhenitcomestomonitoringasystem:

NotpickingupanerrorleadingtoanoutageReportingalotoffalsepositives

Thefirstproblemcanbeaddressedbyhavinganautodiscoveryacrossallsystemsinadatacentertoensurethatallareregisteredwiththemonitoringserver.Furthermore,itcanbehandledbyapplyingadefaultprofile(thresholds)toallthesesystems.

Thesecondproblemissomewhatmorecomplextoaddressandisdefinitelyasdangerousasmissingarealoutage.Falsepositivesareactuallymonitoringalarmsorwarnings,whichgottriggered,butthereisn'tactuallyanissuewiththeVM.Anexampleforthiscouldbe,anapplicationserverisrunningat95%CPUspeed,whichtriggerstheCPUalert.Butactually,itisrequiredthattheapplicationserverrunsatthisspeedinordertofulfillitstasksuccessfully.AdefaultmonitoringprofilemightreporttheCPUascriticaltoanadmin.Iftheprofileisnotchangedthismighthappentimeandtimeagain.Thesefalsealarmsmightleadtoanignorebehaviorofthemonitoringadminandarealissuecanactuallybemissed.

Sincetheremightbeacoupleofhundred(oreventhousand)systemsinthedatacenter,thesefalsepositivealarmscanalsobeacoupleofhundredsperday.Inallthisfalsealarmnoise,anactualalarmmightnotbeseenandthereforemayleadtoamajoroutageintheproductionenvironment.Tofixthisnoiseproblem,alarmsbasedonwrongortolowthresholdscanbehandledbythemonitoringadmin.Iftheyseethathappenfrequently,theycanadoptthethresholdtoonlyreportonhigher,forexample,CPUloadsandtheproblemseemssolved.

Thesilentfalsepositivesarefarmoredangerousandarealsoquiteimpossibleforthemonitoringadmintodetect.Imaginethatallservicesarereportedasgood(green)implyingeveryserviceseemstobeOK.Wouldanybodysay:Hey,thatlooksodd,let'schecktheactualconditionofallthisgreenservices.No,sincethatiswhatmonitoringstandsfor.Ifallisgood,allisgreen.Ifsomethingiswrong,itturnsyelloworred.

Thisistheotherdilemmaoffalsepositives,theycanalsohappensilently.Giventhis,afaultyservicemightbereportedasgreen.Imaginethattheapplicationserversuddenlydropsto1%CPUusage.ThemonitoringsystemwillinterpretthisasgoodbasedonthefactthatCPUusageiswaybelow95%.However,theapplicationservermightbeindeeptroublesinceitactuallystoppedworking.Maybethewebserverisdownornotgettinganyrequests,orthesoftwareintheapplicationserverhascrashed.However,allthiswillbeunseenbythemonitoringteamsincethefalsepositivewillreportitasgreen.

Thisispossiblythemostdangerousconditionsinceitwillautomaticallyleadtothefirstworst-casescenario:amissederrorcondition,possiblyleadingtoaproductionoutage.

SointheSDDC,itshouldbeapriorityforanymonitoringsystemtopreventfalsepositives.Not

onlytokeeptheservicequalityhigh,butalsotokeepandincreasethetrustusershaveintheplatform.Therefore,adifferentbreedofmonitoringsystemisrequired,anintelligentone,whichisabletolearnandunderstandthedefaultbehaviorofaworkflow.Also,itwouldbeimportanttofindrelationsbetweenworkloadsandalsodifferentinfrastructuretypes.Thisabilitycouldhelpinquicklyidentifyingnoisyneighborissuesorotherpossiblesideeffects.

ManagementversuspayloadmonitoringIneveryautomateddatacenter,therearetwokindsofmonitoringnecessary.Managementmonitoringisensuringthatthecloudsuiteofsystemsisrunningandthatnoissuesareimpactinganyuser.Thiskindofmonitoringmaybedonebytheteamrunningthecloudinfrastructureandmaybepartoftheiroperationalprocedures.

Payloadmonitoringistakingplaceafteraservicehasbeendeployedandismorearoundperformanceandgeneralhealthtopics.Typically,usersexpectthattheycanalsogetaneasyreportonthehealthoftheirdeployedservices.Theseservicesbringdifferentrequirementsandneedtobeprocesseddifferently.Also,normallytheworkloadisunknownbeforedeployment.Thismeansthatitishardtopredictanyusefulwarningoralarmthresholds.

Managementmonitoring

However,thiskindofmonitoringneedsfarmorethanlookingatCPUormemorythresholds.Ithastomonitoreachtaskorprocessinthesystemtoensurethateverythingworksseamlesslytogether.Ifthereisahangingtaskblockingadeployment,itisimportanttoquicklyfindandresolvetherootcause.Thesearetoughrequirementstoanymonitoringsystemsintheindustry.SincetherearesomanymovingpiecesintheSDDC,itisthemissionofthemonitoringtooltokeeptheoverviewofalloftheseelements.Inordertodothis,actuallyseveralsystemsarerequired.Notonlyadynamicmonitoringsystembutalsoaverypowerfullogmanagementandanalyticsengineisrequiredtohandlethistaskwell.

ItisimportanttohighlightthattheworkloadsinthepayloadclusterwillhavedifferentmonitoringrequirementsthantheSDDCcomponents.IntheSDDC,itiskeytotrackallprocessesanddetectanyglitches.Forthepayload,itisimportanttoidentifythebehaviorandreportifitchangesdrastically.

WhentheSDDCisbuiltanddesigned,itisnecessarytoalsodesignthemonitoringsettingswithit.ThismeansthatallcomponentsintheSDDCshouldbeabletoreporttoacentralmonitoringsystem,whichcandetectandanalyzethedataefficiently.Furthermore,specificconditionssuchasworkflowmonitoringorthethird-partyintegrationmightbesetaswell.Inthiscase,theservices,servers,andprocessesarewell-knownandalsotheirfunctionshouldbeknownbythemonitoringteaminordertosupervisethem.

So,besidestheplanningfortheservices,thecreationoftheapprovalsortheimplementationofthethird-partysoftware,theconfigurationofthemonitoringsystemisequallyimportant.Therefore,anSDDCdesignshouldalsoalwayscontainamonitoringdesign.

Itisveryimportanttoimplementthisthoughtfullyandineverydetail.

DetectingerrorsinanSDDC,tightlyintegratedinthedatacentermightbealengthyandcumbersomeprocess.Unfortunately,thereisoneresource,whichisneveravailableduringanissue,whichistime.

FirstandforemostallthemanagementsystemsinanSDDCshouldbeconfiguredtosendalltheirdatatothemonitoringorlogmanagementsystem.Thisincludesalsoallthephysicaldevicessuchasnetworkswitches,rackservers/blades,chassis,storagesystems,andFCswitches,practically,everyhardwarecomponenttheSDDCisusing.

Besidesthephysicalresources,alsoallthevirtualresourcesneedtobeconfiguredtosendtheirlogandmonitoringdata.Thislistincludesthefollowing:

AllvSpherehosts(ESXi)SyslogtargetvCenter/VCSAOSlogsandtasksvRealizeAutomationDEMworkers,IaaSserver,agents,andsoonvRealizeOrchestratorIncludingworkloadandsystemlogs,workloaddebugs,andrunningstatesNSXSysLogforward,messages,andsoonAllincludedthird-partysoftware(IPAM,CMDB,andsoon)

ItisimportanttoensurethatallpartsoftheSDDCareconsistentlyandentirelymonitored.Ifonesystemisnotpartofthismonitoring,itmaymakeaquickerroranalysisimpossible.

Hereisanexamplewhyitissoimportanttohaveallthisinplaceforthemanagementenvironment:

AusertriestologontotheportalandgetstheerrormessageAnerroroccurred:12005-contactyouradministrator.Now,theadminteamneedstofindoutwhaterror12005mightactuallybe?TheyputintheerrornumberandthecorrespondinglogontimeoftheuserinthepreconfiguredlogmanagementsystemtosearchalllogsatthisdatefromallsystemsintheSDDC.

AfterthesearchcamebacktheyfoundthatthereisacorrelatingerrormessageinthelogindicatingthattheloadbalancerforthevRAportalisnotcomingbackcorrectly.Anothercolleaguelogsontheloadbalancerandaffirmsthatitisnotworkingasitshould.

ItturnsoutthattheyneedtoreconfiguretheloadbalancerandrebootthetwovRAIaaSwebservers.Afterthishasbeencompleted,theerrordisappearedandtheusercanloginagain.

Thewholeanalysistooklessthan10minutesandthefixtookanother10minutes.Sofromabadlogintoafullyrunningsysteminonly20minutes.

AllthiswouldbeimpossibleifthelogfromtheloadbalancerortheIaaSmessageswouldn'tbeeasilysearchable.InanSDDCenvironment,noadmincanaffordtologontodifferentsystemstolookthroughlogfiles.Thismethodcan'tscale,anditisalsoquiteimpossibletocorrelatethedifferentlogfilestoaneventatagiventime.Itispossible,butnotinashortamountoftime.

Payloadmonitoring

Surveillanceofrandom,dynamicpayloadservicesisadifferenttasktoaccomplishforaclassicmonitoringsystem.Asdescribedearlier,aclassicmonitoringsystemrequiresquiteagoodunderstandingoftheapplicationfromthemonitoringadmin.IntheSDDC,theownermightnottellthemonitoringadminwhatexactlyisinstalledonarequestedVM.Itcanbeawebserver,itcanbeaMySQLDB,orevenacontainerframework.Thefactis,theteammonitoringtheSDDCmightnotknowwhatthedeployedVMsarebeingusedfor.

Besidesthisfact,thepayloadmonitoringismostlyaboutperformanceandresiliency.Aservicerequestorwilldefiantlysleepbetteriftheycanlookatthestatusoftheirserveratanygiventime.Nottocheckforanoutage,buttochecktheperformanceoftheserviceandifitisstillacceptable.Besidesthat,thesystemshouldbeabletoforeseeunforeseeableissues,suchasaVMfilesystemrunningfull.Ideally,everythingworkswithoutevertouchingasingleVM.SincetheSDDCisallaboutautomation,newservicesneedtoberegisteredautomaticallywiththemonitoringsystem.

Thisisclearlyprovingthechallengesofoldermonitoringsystems.Asimplethresholdsettingwillleadtofalsepositivesortomissedissuesandproblems.Therefore,itisrecommendedtouseasmartmonitoringsystem,whichsupportstheserequirements.

However,payloadmonitoringcanalsogetcomplexwithouttheSDDC.Therearedifferenttechniquestomonitordifferentservices.ADBservermightrequireanagentwhichisabletolookintothedatabaseandcheckifallseemsvalidandworking.Sameisforamailserverorotherspecialapplicationservers.Itisimportanttodistinguishapplicationmonitoringfrominfrastructuremonitoring.

Applicationmonitoringwilloftenrequireadeepviewintotheinstalledservice.TherearespecialagentswhichcouldmonitorhowjavaworksontheOSorwhatprocessesarerunningorifadistinctprocessisstillalive.Obviously,thesemonitoringfeatureswillrequireanOSagenttobeinstalled.Thiscouldbedonebypreparingtheblueprintimagesothattheagentisalwaysdeployed.However,itisimportantthattheusedmonitoringsystemdoessupportsuchapre-installedagent.

SomemonitoringsystemsrequiretoregistertheagentwithauniqueID.Iftheagentispre-installedontheblueprint,thisIDmightbethesameforalldeployedservices.Insuchacaseitisrecommendedtoinstalltheagentasapost-deploymentaction,wheterusingasoftwaredeploymenttoolorvRAApplicationAutomation.

Also,thesethingsmightbetrickytosetasthresholds,thereforetheyrequirealsoanintelligentwaytorecognizeerrorsoratleastabnormalbehaviorofthesoftware.

Payloadmonitoringbecomesquitecomplexifaserviceconsistsoutofmultipledifferentapplications.Theservicemightbeacompany'swebpage,butthedifferentapplicationscanbewebservers,applicationserversnandDBservers.Thewholeservicemightnotsuffermuchifoneofthewebserverorapplicationserverscutout,butiftheDBisnotreachable,theexternalwebsitemightnotworkproperlyanymore.Obviously,thiskindofmonitoringneedsalwaysanunderstandingfortheserviceandwhatsystemsworkwitheachother.Itisquitecomplextomodelinatraditionalmonitoringsystem,butcouldstillbedoneifthismonitoringsystemwouldletanadminsetKPIsinsteadofthresholds.

KPIsversusthresholds

Mostapplicationsinadatacenterarepartofabiggersystem.Thissystemnormallyisaservicethatdeliversspecificfunctionstoendusers.Thiscanbeawebsite,amailserver,anactivedirectory,acontentresourcemanagementsystemoranyotherbusinessrelevantservice.

MostoftenmonitoringinITreferstotheinfrastructure(health,resiliency,performance,andsoon).Sometimes,itincludestheapplications(processes,runningservices/daemons,respondingtoqueries,andsoon).Bydoingthis,typicallythresholdsareusedtoqualifytheresponsetothenformasimpletrafficlightindicator(green/yellow/red).

However,thisisveryhardtobedoneforanentireservice.Ifmultipleserversandapplicationsformaservice,whenandhowistheserviceaffectedbyaserverorapplicationoutage?Thisisaquestionthatcan'teasilybeansweredbyaddingthresholdstoallservice-relevantinstances.

Tounderstandtheimpact,theissuetypeaswellasthesystemwheretheissueoccursmightberelevant.

Thescenarioshownintheprecedingimageshowsasimplifiedversionofacompanywebsiteservice.Oneoftheapplicationserversandtwoofthewebserversaredown.

ShouldITbeworriedifthewebservicestillworks?Isthisalreadyaworstcasescenarioandtheserviceisnotfunctioningproperlyanymore?

Thesesimplequestionsarequitecomplextoanswer.TheanswercanonlybegiveniftheKeyPerformanceIndicator(KPI)ofthisserviceisknown.KPIscanbedifferentthingsandarealsooftenusedbythebusinesstodescribeaperformanceofaproduct(sellability,andsoon).However,KPIsbecomemoreandmoreimportantformonitoringsystemsaswell.

Now,tomodeltheKPIforthewebserver,itisimportanttounderstandwhatitssolepurposeis.Inthiscase,itisquitesimple,thatis,displayingthecompany'swebsite.SotheKPIforthisparticularservicecouldbethequeryresponsetimeofthewebsite.

Onemightthink-Sohowisthatdifferenttoathreshold?Well,athresholdisasinglefiltervaluesetonametric.AKPIisabaselineindicatorforahealthyservicebasedonvariousdifferentfactors.Inthiscase,theKPIisnotonlybasedonthehealthofalltheinfrastructureservices,itincludesalsothenetworkinfrastructureaswellasotherfactors.

GiventhatallthisdifferentfactorsaremodeledintotheKPI,theITdepartment(withthehelpofthemonitoringsystem)canfinallyjudgeifanoutageliketheonedescribedinthepicturebeforeisaffectingthewebsite.Ofcourse,theoutageneedstobefixed,butifeveronehasbeeninadatacenterwhenredalertistriggeredknowsthatthisisoneoftheworstworkingconditions.So,theKPIhelpstotriggertherightalarmandreportsthetrueriskeasiertoanystakeholder.

Therefore,themonitoringsystemoftheSDDCshouldalsobecapableofdigestingKPIsormultiplesystemsmonitoring;inshort,itshouldsupportservicemonitoring.

DespitethefactthatvROpsdoessupportKPIsforservices,itisnotreplacinganITSMtool,whichwillperformfullservice-levelagreement(SLA)orservice-levelmanagement(SLM)checks.Thesecanbemuchmorecomplexandincludemorethan"just"thetechnicalaspects.So,ITSMtoolswillbestillrelevantintheSDDCwhenitcomestoSLAandSLMchecksforthedeployedworkload.

vRealizeOperationsManagerIntheVMwaresuiteofproductsnecessaryforaSoftwareDefinedDataCenter,thesetoolsareactuallyamust.vRealizeOperationsiscoveredinChapter10,CapacityManagementwithvRealizeOperationswhenitcametocapacitymonitoring.Butactually,itcandeliversomuchmoreincludingperformanceanalytic,anomalydetectionaswellasrelationalmappingofitems.ItisalsocapableofmodelingKPIs,anditcreatessupermetrics(metricsconsistentoutofmanyotherstodeliverasinglebaseline)Tocompletethesetofsupportingtools,vRealizeLogInsightforlogmanagementandanalyticsmakesaperfectadd-ontothemonitoringtoolset.Itcanhandleaveryhighamountoflogsandmakethemsearchableinaquickandeasyway.Itfeaturesthecreationofcustomlogdashboardsaswellasniceprecreatedvendoradapters.

AnalyticsusingvRealizeOperationsManagerEventhoughthisentirechapterisaboutmonitoring,vRealizeOperationsManagerisactuallyabrilliantanalyticstool.Besidesclassicalmonitoringelements,itmakestheanalysisofanissueveryeasy.Infact,itcanevenunderstandsimpleissuesandproposearesolutionautomatically.Beforewediveintotheworldofanalytics,metrics,andmonitoringAI,itmightbegoodtounderstandhowvRealizeOperationsManagerisworking.

ExploringvRealizeOperationsManageranomalies

vROpsdoesreportonso-calledanomalies.Thesereflectanybehavioralchangeofamonitoredasset.Tounderstandthatthenewmetricsaredifferentthantheoldmeasureddata,itusespowerfulalgorithmstobuildastandardbehavior.Thisstandardbehaviorisdisplayedaslightgrayareainmetricsgraphs.

ThepictureshowsagraphwherevROpshasbeenabletodefineadefaultbehavior.Inthiscase,itistheCPUusageinpercentage.

Thelearnedbehaviorisdisplayedinthegraphaslightgrayarea,everythingwhichstaysinthisareaisseenasnormal.Additionally,thereisaboxexplainingwhatthelearneddefaultsare.Thedouble-endedarrowhasbeeneditedinthepicturetomarkthatarea.

AnychangeoftheCPUusagehigherorlowerthanthisareaisseenasananomaly.Theseanomaliescanbealsoseeninthegraphinformoflittleorangedots.EachdotmarksapointintimewhenthelearneddefaultbehaviorwasviolatedbyaCPUmetricsspike.

Ananomalydoesnotalwaysmeanthereisanerror,butitmeansthatsomethingforcedtheservicetochangethelearnedbehavior.SincevROpscan'tknowifthischangeisgoodorbad,itisreportingitasananomaly.However,noteverysingleanomalygetsreported,sincethatmightagainleadtomonitoringnoiseandpossibleignorancebytheadmins.

Eachdayaservicerunsinadatacentermightbeslightlydifferent.Muchlikenoteverydayisthe

sameintheoffice,adatacenterwillhavesomevariance.Maybethereismoretrafficonthenetwork,maybetestsareinfluencingthestorageperformance.Factis,aVMcannotbehaveexactlythesameeachandeveryday.vROpsdoestakethatintoaccountandisusingitsownalgorithmstomeasureitsowncreatedanomaliescountperservice.ItcanbeseenbylookingattheSelf-TotalAnomaliesgraphfromthemonitoredobject.

Nowthisgraphhasaredtopline,whichiscallednoiseline.ThisnoiselineiscalculatedbyvROpsandmarksthemaximumnumberofanomaliesbeforetheygetreported.Thenoiselineisspecifictoeachandeverymonitoredasset.Ifitisverydynamic,thenoiselinemightbehigher.Ifitismoreorlessstatic,itwillbelowerlikeinthisexample.

Thisisaverysmartwayofpreventingfalsepositives.Thenoiselinecanbeseenasabarriertopreventrandomalertingwheneversomethingisdifferentthanthedaybefore.Also,ifasystemsbehaviorischangingonpurposeandthischangeispermanent,vROpscanlearnthataswellandtakesitautomaticallyintoaccount.Itwillimmediatelyreporttheanomalyandthechangedstateoftheservice.Ifthesystemkeepsitsnewbehavior,iteventuallywillbelearnedagainasthenewbaselinebehavior.

ThissystemcouldbeseenasifvROpssetsautomaticallyKPIsforitsmonitoredentities.Andinmanywaysthatistrue,albeitamanualsetKPIshouldalwaysreflectabusinessrelevance.Inthecaseofthewebsite,thisistheresponsivenessthatisdirectlyaffectinghowtheorganizationisseenbytheaudiencevisitingthewebsite.Ifonevisitsawebsiteofacompanyandtheexperienceisallslow,whacky,andunpleasant,thecompanymighthavebeenperceivedbythispersoninthesameway.Therefore,theresponsivenessofacompany'swebsitemighthaveadirectrelationtotheoverallbusiness.

However,inmanyways,anomaliesinvROpsaretreatedlikeKPIs.Theysharethefollowingsameprinciples:

ManyfactorsarereducedtoonebaselineNoteverymetricchangeaffectstheoverallbaselineIftheoverallbaselineisaffected,thereisprobablysomethinggoingwrong

Thealgorithmtodetectthebehaviorisverypowerfulandcanalsohandlemorecomplex

situations.Infact,vROpsusessevendifferentarithmeticformulastolearnthebehaviorofasystem.Theeighthoneisusedtobenchmarkthebest-calculatedbehaviorfromtheothersevenoperations.

Anexamplehowallthisworksmightbeapaychecksystem,whichneeds90%ofitsCPUresourceseveryendofthemonth,buttheother3weeksofthemonthitneedslessthan10%ofitsCPUresources.

Overtime,vROpswilllearnthatthisbehaviorisalwaysrepeated.Therefore,itbecomestheexpectedbehaviorofthissystem.Ifthispatternsomehowchanges,vROpswilldetectananomaly.Let'sassumethatitisthefourthweekofthemonthandtheCPUisstillonly10%used.Inthiscase,vROpswilldetectananomalyandwillnotifythesystemadministrators.Infact,thischangemightaffectthesysteminmanywayssothatmoreandmoreanomaliesgetdetected,andvROPstheneventuallytriggeranalerttoreportthediminishedhealthofthemonitoredservice.

ThisisoneofthemanyusefulfunctionsofvROps,whichhelpstomonitoranunknownenvironment.Iftheanomalycountriseshigherthanthenoiseline,vROpswilldisplaythehealthoftheserviceasdegraded.Thelogicbehindthisisthatevenifitisaverydynamicsystem,iftheanomaliesrisetoacertainlevelvROPsassumesthatsomethingmighthasgonewronganddegradesthehealthscoreautomatically.

Badgesandwhattheydescribe

TheBadgesofvROpsarebrieflydescribedinChapter10,CapacityManagementwithvRealizeOperationsofthisbook.Inthisdescription,theirpurposesweresolelybrokendownfromacapacityperspective.Fromamonitoringandperformanceperspective,thesebadgesareimportantaswell;whichiswhy,thischapterfeaturesamoredetaileddescriptionofwhattheyareandhowtoreadthem.

Asdiscussedearlier,vROpscreatesthreebadges,whicharealwayspresentatthesummarypageofanyselectedobject.Healthisprobablythemostinterestingonefromaperformanceandresiliencyperspective,followedfromRiskandthenfinallyEfficiency.Chapter10,CapacityManagementwithvRealizeOperationshascoveredefficiencytoquiteanextentalready.

TheHealthbadgeandhowtoreadit

Theintentionofthisbadgeistogiveaquickandrelevantoverviewoftheselectedobjects'healthscore.Thisscoreiscalculatednotonlyfromthenumberofanomaliesbutalsofromeventualalertsandwarningsoccurredsofar.Itsummarizesmanymetricstoonesinglebadgeandwillonlyshowacolorindicator.ThevaluewhenthecoloractuallychangesisuserstableandisstoredintheappliedvROpspolicy.

Asdescribedearlier,thisindicatortriestodisplayinasmartwaythehealthofanobjectbyanalyzingmorethanonlythresholdsandinfrastructuremetrics.Ifthebadgeisgreenthatmeansthatnothingsuspiciousishappeningbasedonthelearnedbehaviorpatternoftheselectedobject.

Ifthebadgeturnsyellow,vROpsmighthasdetectedanomaliescrossingthenoiselineorothereventsaffectingtheoverallhealthoftheobject.Theseothereventscanalsobeindicatorsknownfromtraditionalmonitoringlikefilesystemspace.ForVMs,vROpscanreadthesevaluesautomaticallyandwithouttheinstallationofanagent.Itwillwarntheuserthattheguestfilesystemmightrunoutofspaceshortly.

Ifthebadgeturnsred,someseriousissuesmightaffecttheselectedobjects.Itisclearthattheanomaliesarewayhigherthanthenoiseline.Also,maybeotherfactorsmayaffecttheoverallbehavioroftheobjectinoneortheotherway.Suchconditionscanhappenifthereisanoisyneighborproblemoccurring.AnoisyneighbordescribesaVMthatisusingitsresourcessoheavythatothersiblings(VMsonthesamelayer/datastore,host,andsoon)arenegativelyaffected(byitsnoise).

ThisoftenaffectsstoragesincesomeVMstendtoissuethousandsofIOs,whichleavesothersnoroomfortheirexecution.ThiscanaffectthehealthofallsiblingsaswellasthehealthofthenoisyVMitself.Inthiscase,vROpscannotonlyreportthehealthandthemostlikelyusecaseoftheproblem,itwillalsoidentifyallVMsinvolvedandevencorrelatethedatastore.Somorethanoneobject'shealthbadgewillbeaffected.ItwillshowalltheVMsasaffectedplusthedatastore,plusthevSpherehostattachedtothatstore.Thisrelationalmappingshouldhelptheadministratortoperformquickcorrectiveactionstoresolvethisissue.

Allthishappenswithoutanyactivethresholdconfiguration.ThisiswhatasmartmonitoringandanalyticstoolneedstodeliverinanSDDC.

TheRiskbadgeandhowtoreadit

Rightnexttothehealthbadge,theRiskbadgeisshowninthesummarypage.Likethehealthindicator,itscolors/statechangescanbesetinthevROpspolicy.Thisbadgetriestolookintothefutureandprovideanindicationhowlikelyitisthatissuesmightoccur.Thisindicationisagainbasedonarithmeticalgorithmstoforeseethelikelyfutureoftheobject.Toaccomplishthistask,itworkswithforecastsbasedontrendsandtheanalyzedbehavior.Althoughthissoundslikemagicinthefirstplace,itcanbeexplainedonasimpleexample.Ifwepickupthecaseofthefillingguestfilesystemagain,vROpswillpicknoticethatthefilesystemisfillingupatasteadyrateperweek.Basedonthis,itcancalculatethedatewhenthefilesystemisgoingtobefull.Ifthetrendcontinues,theriskofafullguestfilesystemis100%atthisdate.This,amongothermetrics,willaffecttheRiskbadgefortheVM,anditwillalsogiveanexplanationhowtoreducetheRisk.

TheRiskisaninterestingparameterforcapacitymanagementANDmonitoringofthesystem.ItismaybesimpleonaVMobject,butbecomesverypowerfulwhenusedonaclusterobjectorevenanentiredatacenter.Butbeware,themoreobjectsthesebadgesgathertogether,thelesserthedetailswillaffectthescore.SinceafillingupVMfilesystemmightnotaffectanentirevSphereclusteratanystage.

Wheneverariskisaffectinganobject,vROpsiscalculatingthescoreforthisbadge.Thehigher

therisk,thehigherthenumber,sotheriskbadgeisonebadgewhereascoreof0isperfectandascoreof100isworstcase.Eventhoughthebadgesdonotshowthescoresanymore,forthisbadgetheruleis,thelowerthebetter(green).

TheEfficiencybadgeandhowtoreadit

ThisispossiblythemostdiscussedfunctionofvROpssinceithasbeenintroduced.Thisbadgeistryingtogiveanoverviewofusedresources.InsteadofsimplyreportingwhichVMisusinghowmuchCPUormemoryitwillalsogivehintsonimprovingtheirconfiguration.Thisiscalledreducingwaste.AresourcethatisconfiguredforaVMandstaysunusedisseenaswasted.Theproblemisthateventhoughvirtualizationhassomeverysmartwaysofsharingresources,falseconfiguredresourceswillalwaysaffecttheentiresystem.TherearealotofbooksdiscussingtheimportanceofthoughtfullyandcorrectlyconfiguredVMs.TheefficiencybadgetriestoidentifybadresourceconfigurationsbasedontheVMsusageofitsresources.

AnexamplemightbeaVMwithfourvCPUsconfiguredand16GBofRAM.BasedonitslearningoftheVMbehavior,vROpsmightnoticethatthreeCPUsand12GBofRAMareneverused(reallynever,notevenall3weeks).ThesystemratestheefficiencyforthisVMdown.Ofcourse,thisisasimplifiedexample,andtherearemanyotherfactorsthanonlydiskCPUandmemoryusage.

Althoughallthissoundsverylogical,thereareunfortunatelymanyfactorsaffectingaVMsconfiguration.Somemaybeperformancerelevant,butothersmayberequirementsforaninstalledsoftware.SoftwarevendorsstartedtosetrequirementsforOSconfigurationssinceages;thisistrueforVMstoo.Oftentheserequirementsaresettosatisfyawiderangeofperformancecases.Thevendorswanttopreventthattheirsoftwaremightbeperformingbadlyinstresssituations.Therefore,thesesettingscansometimesbequitehigh.Evenifthetoolisnoteventouchingatenthofthesetresources,theycannotbereducedsincethosearerequiredtosupportthesoftware.

Besidesthat,thebehaviorofpreallocatingresourceshavebeenadoptedbyusersaswell.Wanttobepreparedforanygivensituation-theremightbeamomentwherealltheseresourcesarerequiredandtheneveryonewillbehappythattheyareavailable.AlthoughvROpscandisplaythatthiseventmightnothaveoccurredinayear'speriod,thereisstillthepossibilitythatitmighthittheVMinthefollowingyear.

Besidesthesetwofactors,thereisalsoathirdfactorthatshouldnotbeunderestimated,cost.Ifachargeback/showbackmodelisinplace,itmightalsoaccountauserorbusinessgroupforusedresources.IftheychoosetoburntheirmoneyonVMsneverusingtheirresourcesbutcouldjustincase-sobeit.Thisisaverycommonbeliefintheindustry.Theuserpaysforit,sowhychangeit.

Well,theproblemwithallthisisthatmisconfiguredresourcesarenotonlyawasteofresourcesandmoney,buttheycanalsoaffecttheoverallsystemperformance.ThevSpherehypervisorhastodealwithalltheseconfigurationsinthebestpossibleway.ThememoryschedulerneedstodecidewhichVMmightgetaccesstosharedmemoryfromanotherVM.TheCPUschedulerneeds

toplaceallvCPUsofaVMperfectlyononeNUMAnode(ifpossible).Thingslikerelaxedco-stoppingmightnotsavethescheduleralwaysfromdoingthisforallallocatedvCPUsforaVM,nomatterifonlyoneofthemisused.

Inthephysicalworld,thereisasimpleruleofthumbforresources-Addmore,getmore.Unfortunately,inthevirtualworld,thiscouldleadto-Addmore,getless.Becauseofalltheseimplicationsandproblems,introducedbytheresourcewaste.ThisiswhyvROpstriestolimittheseconfigurationstoanecessaryminimum.Itactstotheprinciple-aslessaspossible,asmuchasneeded.TheAdminteamneedstoreconfigurethepointedoutVMsanddecideifthesewastedresourcecanbeofabetteruseforotherservicesinthedatacenter.

Thisiswhy,theefficiencybadgeisalwaysdiscussedandsometimesignored.However,trytoactassmartaspossiblewiththeprovidedinformation.Intheend,itmightleadtoawin-winsituation.

Evenwiththebudgetexample,theremightbeawin-win.Ifresourcesarefreedup,moreVMscanbedeployed,resourcesareusedmoreefficiently,whichleadstoahigherVMdensitythatwillincreaseVMpayments.Fororganizationswherethecosthasonlyashowbackfunction,thismightmeanthattheycanrunevenmoreserviceswiththesamebudget.

Thebadgeitselfwillrevealitsfindingsbyshowingalistofresourcesaffected,includingsomeexampleshowtoreconfigurethem.Ittriestobeasintelligentaspossiblewiththeserecommendationsbasedontheactualresourcedemandofthemonitoredservice.

ServicehealthinformationinvRealizeAutomationIfauserrequestsaserviceintheSDDC,itmightbebeneficialfortheusertoseeifthedeployedresourceishealthy.Besidesthetechnicalbenefit,italsohasapsychologicaleffect.

Theusergetsastatusrightnexttotheoptionsforthatservice.

Toprovidethisservice,vRAcanconnecttovROpsasametricsprovider.ThisneedstobeconfiguredinvRAusingthefollowingsteps:

1. LogontovRealizeautomationwiththesystemadministratorrole.2. SelecttheAdministrationtab.3. SelecttheReclamationmenuattheleft-handside.4. SelecttheMetricsProvidermenuattheleft-handsideasametricsprovider.5. ClickonvRealizeOperationsManagerendpoint.6. ProvidethecredentialtovROps.Theuserdoesonlyneedtohaveread-onlyprivileges.Itis

recommendedtocreateaseparateuserforthisaction.7. ClickonSavetostorethisconfiguration.

Fromnowon,allVMsdeployedwilldisplaytheSDDChealthbadgeintheVMsoverviewpage.Thebadgewillnotshowanynumbers,itwillonlybegreen,yellow,orred.

Theotherusecaseofthissettingistoidentifyunderutilizedmachinesinatenantandsendreclamationrequeststotheusers.ThiscanbedonebythevRealizeautomationtenantadmin.ThefunctioncanbefoundintheReclamationmenuunderTenantMachines.Inthisview,vRAwillgetalistofmachinesfromvROpswhereresourcescanbereclaimed.

LogmanagementintheSDDCAlthoughvROpsisaperfecttooltoanalyzeandmonitoranyworkload,ithasitslimits.Bydefault,itisnotconfiguredasalogreceiverorasyslogserverofanytype.Asdescribedearlier,logsareanimportantpartfortroubleshootingandrootcauseanalysis.NotonlyforthecorecomponentsbutalsoforallthesubasksandworkloadsrequiredbytheSDDCtorunsmoothly.Manycompaniesdohavealreadysyslogserversrunningsincetheyhavebeenaroundforyears.Thetypicalsyslogserverisaglobaltargetforallotherserverstosendtheirlogsto.Thereasontodothisistospeeduptheprocessofanalyzinganerrorsincetheadmindoesnothavetoconnecttoeachaffectedsystemtoseeitslogs.

MillionsoflogentriesAlthoughthissoundsgreatintheory,therealityissomewhatdifferent.Systemscancreateahugeamountoflogsperday.Multiplesystemsloggingtoonesingleserverwillquicklyproducemillionsorevenbillionsofloggedevents.Forthepooradmin,itisliterallyimpossibletolookthroughalltheseeventsinordertomakesenseofthecode.Additionally,maybeitismorethanonesystemtheadminneedstolookthroughinordertomakesenseoutofthelogs.Maybeitis10systemlogstheadminneedstoworkthroughandsearchforeventshappenedataspecificpointintime.

Allthisisquitedifficulttobeachievedwithastandardsyslogserver,whosesolepurposeisoftenjusttostorethelogsinsteadofmakingthemeasilysearchable.Also,logcontentcomesinvariousdifferentformsandformatsforthehumanbeing.Mindthatitisquitedifficulttoquicklyadjusttodifferentlogformatsandcorrelatethemtootherlogsfromthesameperiodoftime.

ThisisanexampleofanerrorintheSDDCandhowitmightbetrackedusingatraditionalsyslogserver:

AVMdeploymentfailsataspecificstate,theVMiscreatedinvCenterandalsotheOSseemstobeabletostart,butthenthedeploymentstopsandtheVMgetsdeletedbyvRA.

DeletingaVMifoneormoredeploymentstepsfailisthedefaultbehaviorofvRA.Afunctionlikethismakessurethatifsomethinghasgonewrong,noleftoverskeepspaceonthesystem.

AllinformationtheSDDCadministerhasisthetimeofthedeploymentandanerrormessagebythesystemsaying:Couldnotfinishdeployingresource,contactyoursystemadministrator.

Now,theSDDCissendingalllogstoacentralsyslogserver.Theadmintriestoreadthroughthelogsofthisspecificpointintime.However,albeitallLinuxsystemssendtheirlogstothisserver,thewindowssystemsdonot.SohehastoexaminethelogsfromthewindowscomponentsoftheSDDC(DEM,IaaSserver,andsoon)separately.

Sincetheircloudenvironmentisquitelargeandtheyaredoingaround5-10deploymentsperhourthereisalsoalotofnoiseinthelogsfromallotherdeployments.

Inordertoanalyzetheerror,theadminmighthavetoreadthrough200MBoflogdata.Thataremoreorless3.2millioncharacterstoreadthroughandlookfortheerror.NottomentiontheextraefforttogointotheWindowsVMsandreadthroughtheireventsaswell.Iftheadmincanreadsuperfast(around250wordsperminutes),itmightstilltakemorethan34hourstoreadthroughallthatlogs.

Thisshowsthattraditionallogviewingandreadinginacloudenvironmentdoesnotscale.Theadminneedsasystemtosupporthiminlookingthroughallthatlogsandsearchingfortheright

entries.Otherwise,atroubleshootingorrootcauseanalysismaytakeseveraldaysifnotweekstocomplete.

GiventhattheSDDCisallaboutperformance,agility,andefficiency,suchatroubleshootingshouldnottakelongerthanacoupleofhoursoraday.Buthowcanthatbeachievedgivenallthischallengesandthehugeamountoflogs?

LogmanagementfromthebigdataperspectiveCurrently,alotofITtalkblogsandarticlesarearoundbigdata.Typically,theexamplesforbigdataarearoundpersonalizedadvertisement.Theymightpickupthekindofgoodsacustomerbuysandbasedonthatanalgorithmtriestocalculatewhatthisparticularcustomermightbeinterestedinadditionally.

Also,everybodywhoisusingAmazonknowsthefeaturewheretheonlinestoresuggestsotherthingsonemightbeinterestedin.Or,thingsotherbuyersofthecurrentarticleboughtaswell.Allthesefunctionsarebasedonmassiveamountsofdata,simplifiedandthencalculatedtoprovidethesesuggestionsfortheenduser.

GiventhechallengesinanSDDC,logcollectionisalsoproducingmassiveamountsofdata.Althoughherethedataanalystspeaksofstructureddatasincelogfilesfollowasimilarscheme:Time/Date|Machine|Severity|Message.

Thereisalwayssomedelimiterbetweenthesesections,andthereisalwaysatimeandadatestampineachmessage.Theotherfieldsmayvary,butthemostlogsaresimilarinthewaytheyaredisplayed.

ThefollowingexamplesshowdifferentlogsfromdifferentsystemswithinanSDDC:

Oct2100:33:05vrovco:c1416a88-1b18-4aaa-ae59-3e8ac27ac5f0prio:INFO

thread:WorkflowExecutorPool-Thread-36context:

token:4028e58a55a0a3bf0157e424d2be1eedanctoken:wf:Auto_CleanUp_DataStores

wfid:a88ae19f-f92a-4f9d-993b-e8650e8d0831user:admin@demo.local

cat:WorkflowHandlermsg:Endofworkflow'LogTest'

(4028e58a55a0a3bf0157e424d2be1eed),state:completed

Thecomputerattemptedtovalidatethecredentialsforanaccount.

AuthenticationPackage:MICROSOFT_AUTHENTICATION_PACKAGE_V1_0

LogonAccount:VCENTER$

SourceWorkstation:VCENTER

ErrorCode:0x0Enterlogexampleshere

Althoughhumansmayhavedifficultiestoquicklybeabletoreaddifferentlogformatsfromdifferentsystems,acomputermostlydoesnothavethese.Thisisactuallythesweetspotofbigdata:readingthroughmillionsofbytesofdata.Thebigdataapproachismostlyusedforunstructureddatasuchase-mail,socialmedia,allsortsoftextevents,andpapers.

However,thesameprinciplescanbeusedforstructureddatalikelogsaswell.Sincethecoreusecaseofbigdataistofilterreasonabledatafromthenoiseandmakeitaccessibletotheenduser.ThesamebenefitmightapplytologmanagementintheSDDCaswell:Displayaspecificpointintimeandlookforapossibleerrorinmillionsoflinesandmultiplelogs.ThisiswaytheSDDCneedsalogmanagementtoolwiththesecapabilitiesinordertoenablequicktroubleshootingandrootcauseanalysis.

vRealizeLogInsightVMwarehassuchatool,anditisalsoincludedinmostofthevCloudSuiteeditions.ThistoolisoftenunderestimatedandcanbeseenasaverysmartmemberintheVMwareproductfamily.Itcanbedeployedinacoupleofminutes,anditsconfigurationisveryeasyandstreamlined.Infact,allonehastodoisdeployanOVFintotheenvironment,provideacoupleofgigabytesforthelogstorageandthetoolstartsworkingimmediately.

Therearepluginsavailablefordifferentvendorsandusecases,butitcanalsobeusedwithoutanyvendorpluginsatall.Itisverysimilartoasyslogserversinceallsystemsshouldsendtheirlogstologinsight.Butatthesametime,itcomeswithaverypowerfullogsearchandindexenginetomakeitpossibletosearchthroughlogsinsecondsforspecificeventsoroccurrences.

Inordertogetalllogsandeventsintothiscapabletool,itcomeswithready-to-useLinuxandWindowsagents.TheLinuxagentisnotarequirement,butcomeswithnicefeaturessuchascustomizableloglocationstoforwardtovRLI.Thisisespeciallyhelpfulifapplication-specificlogsonaLinuxhostshallbesenttoLogInsightaswell.

IntheWindowsworld,theagentisnecessarytosendalltheWindowsEventstoLogInsightinordertoprocessthemaswell.TheagentisquitelightweightandsmallandcanbedownloadedfromthedeployedLogInsightinstancedirectly.TheonlyconfigurationduringtheinstallationoftheagentisthehostnameoftheLogInsightservertosendthedatato.

SDDCcomponentstoaddtovRealizeLogInsight

BeforeconfiguringthelogreportsortheagentsinvRLI,itisimportanttoensurethattherightnumberoflogsisarrivingandavailabletoanalyze.IntheSDDC,itisveryimportanttomakesurethatalloperationalimportantcomponentsforareloggingintothissystem.Themoredataisavailable,themorecompletethetroubleshootingresultsget.Also,donotonlythinkaboutOSlogs,maybethereareotherlogsandmessagesrelevantaswellinordertoidentifypotentialissues.

YoumusthaveVMwareSDDCcomponentsforwardinglogstovRLI:

vRealizeAutomationappliancesyslogforwardingcanbeconfiguredintheapplianceadminmenu.ThereisalsoaseparatesettingforvRLI(agentcomespreinstalledbyVMware).IaaSandDEMworker(andagents).TheAgentforWindowsneedstobeinstalledinordertologintoLogInsight.ThereisavRAcontentbackavailablewithpresetagentconfigurationsforthesecomponentsaswell.vRealizeOrchestrator,likeinthevRealizeAutomationappliance,thiscanbeconfiguredintheadministratorportaloftheorchestratorappliance(externalvROaswellasintegratedvROwithvRA).ThereisaLogInsightcontentpackavailableforvROaswell.NSXManagerandcomponents(DLR,ESG,Controller,andsoon)needtoforwardalltheirlogstologinsight.ThereisanNSXcontentpackavailableaswell.MS-SQLserverholdingvRAcomponentsDBtheagentforWindowshastobeinstalledon

theDBhostrunningtheMS-SQLDB.ThereisacontentpackavailableforMS-SQLinordertochoosetherightDBinstancetogetlogsfrom.vRealizeBusinessApplianceSyslogforwardingcanbeconfiguredintheapplianceadminmenu.ThereisalsoaseparatesettingforvRLI(agentcomespreinstalledbyVMware).vRealizeOperationsManagerapplianceSyslogforwardingisconfigurableintheapplianceadministrationinterface.

Besidesthesecomplements,syslogforwardingortheWindowsAgentshouldalsobeinstalledonallotherSystemstheSDDCisintegratingtoorinteractingwith.Forexample,ifthereisanexternalIPAMused,itisamustthatlogsfromthissystemsareavailableinLogInsightaswell.Otherwise,itcannotbedetectediftheremightbeanerrorinthesesystemssincethelogsmaynotexist.

MostofthissystemsforwardtheirlogsinoverttobeabletodetectanerrororissuehappeningintheOSofthecomponent.However,thevRADEMandIaaSwebservercomponentsaswellasvRealizeOrchestratorhavemorethanjustOSlogstooffer.

SincealotofIaaSautomationrunsthroughthevRAWindowscomponents,itisimportanttoalsogetthelogsoftheseautomationtasksintovRLI.ThisisveryhelpfulifaVMdeploymentmightfailatthevRAlayer,anditisunclearwhatishappening.ThesecomponentlogstypicallyincludecommunicationeventstovRAaswellascommunicationtothedeployedVM.

However,theyalsoincludevRAtaskssuchasresourcecollectionrunsandmore.TohaveacompleteoverviewaboutwhatisgoingoninsightofvRAitisimportanttohavetheseeventsaswellavailable.

vRealizeOrchestratorisalsoaspecialcandidateforlogmonitoring.Ofcourse,itisimportanttobeawareoftheOSoforchestratorandifeverythingisOK,butthestatusoftheworkflowsisfarmoreinterestingthanthis.AsdescribedinChapter6,vRealizeOrchestrator,vROisaveryuniversaltoolwhenitcomestotheintegrationoftheSDDCintothedatacenterenvironment.Itcanbeusedtoinstructandautomateexternalsystemsinordertomaintainrequiredprocesseswhenaserviceisdeployed.However,thisintegrationiscrucialtothefunctionalityoftheSDDC.IfanexternalIPAMsystemisrequired,buttheworkflowsomehowfailstoreserveandacquireanIPaddress,theVMcannotbedeployed.Inordertofindoutwhatisgoingwrong,theworkflowoutputaswellasthelogsfromtheIPAMsystemaremosthelpful.

Inversion7.xofvRA,VMwarehasaverygoodintegrationofvROintoLotInsight.ItautomaticallyforwardstheIDandoutputofallrunningworkflows.Thisfeaturemakesiteasyforanadministratortogetaholisticviewovertheentireorchestrationsystem.Giventhis,LogInsightcanbeusedtofiltervROworkflowoutputstofindapossibleerrorduringanyservicedeploymenttask.

ThisisnotonlyhelpfulfortroubleshootinganySDDCproblems,butitbecomesaverynicefeaturetohaveifaservicedesignerrunsserverallworkflowstotestanewdeployment.InsteadofcheckingalloftheiroutputsinvRO,thiscannowalsobedoneinvRLI.Furthermore,thedesignercouldcreateaseparateviewtomonitorexactlytheworkflowrunsinrealtimewhilethetestingisongoing.

HowtoanalyzelogsusingvRLI

Onceallthelogdataisflowingin,itisreadytobeanalyzed.Thetoolitselfcanbeusedfortwomainfunctions:Pro-activeanalyticsandreactivetroubleshooting.

MostsyslogtoolsareusedforReactivetroubleshootinginordertoidentifyerrorandwhytheyhappened.Thiscanbeduetoanalertfromamonitoringsystemorduetoareportedoutage.TodoananalysisoflogdatainvRealizeLogInsight,itofferstheso-calledInteractiveAnalyticsView.

UsingtheInteractiveAnalyticsView

Thisviewshowsallincominglogsfortheselectedperiodoftime.Theperiodcanbe5minutesallthewayupto7daysorevenalltime.Also,acustomperiodcanbechosenbasedonadateandtime.Italsohasabargraphicsontoptoshowthenumberofeventscominginatagivenpointoftime(perminute,5minutes,20minutes,andsoon).

Usingthisanalysisviewisverysimilartousingawebsearchengine.Inasense,thisisexactly

whatitis,apowerfulsearchengineforyourlogs.

Inthemainsearchwindow,thereareacoupleoffunctions,whichareimportantforquickersearchresults:

UnderthesearchbarisabuttonnamedAddFilter.Usethistofurtherfilterthesearchamongspecificevents,hosts,messages,andsoon.Notethatmorethanonefiltercanbeappliedtoasearchquery.Attherightendofthesearchbaristhetimeselector.Itisimportanttobeawareoftheselecttimeframe.Sometimes,itisgoodtodouble-checkthissinceitmayonlyshowthelast5minutes.

Theareatodisplaythelogsalsohasalottooffer.Itisnotonlyshowingtheentries,itcanbeusedtobuildaninteractiveanalysisoflogsinordertofindthingsevenquicker:

Selecttexttolookforandchoose:ContainsorDoesnotcontainthiswillautomaticallycreateanewsearchwithanappliedfilterontheselectedtext.Selecttextinalogandchoose:ExtractfieldThiswillopenadialogattheleft-handsideofthewindownamedFields.Here,anamecanbegivenaswellasotherparameterslikeacustomregularexpression.Also,iftheuserhasprivilegestodoso,itcanbechosentowhomthefieldisavailable:MeOnlyorAllUsers.Ontheleftsidetoeacheventisalittlegearsymbol.Thisallowstolookforeventslikethis(ornegateit),oritcanenablehighlightingifthesameeventoccurredinthesearch.Also,itcanbeusedtosetatimerangefortheshownevent.Thevieweventincontextmodedisplaysthecontinuousstreamoflogsfromthesourcewheretheeventcamefrom.

BesidesallthatLogInsightisalsoextractingfieldsfromlogmessagesautomaticallyanddisplayingthemasbluelinksunderneatheachevent.Thesefieldscanbeextendedbytheearlierdescribedextractfieldmethod.However,analgorithmfromloginsightisguessingfieldnamesbasedonlogcontenttomakethesearcheveneasier.

Fieldsareaverypowerfulfunctionofloginsightsincetheycannotonlybeseenandhighlightedinthelogdisplayview,theycanalsobeusedasfiltersinthesearchbar.Sowheneveranewfieldisidentifiedorcreated,itwillbeavailableasafiltertosearchthroughallthelogs.Thismakescreatingacomplexsearchquiteeasyandstraightforward.

Creatingandusingdashboards

BesidestheInteractiveAnalyticsView,vRealizeLogInsightalsooffersdashboards.Thesedashboardscancomefromplugins,whichcanbedownloadedandinstalledforvariousvendorsforfree,ortheycanbeself-created.

Toaccessthecustomdashboards,openLogInsightandclickontheDashboardsbuttonatthetop-left.Then,chooseoneentryfromtheCustomDashboardssection.

Therearetwotypesofcustomdashboards:MyDashborads(onlyavailableforoneuser)andSharedDashboards,whichareavailabletootherusers.

Dashboardscanbecreatedoutofaninteractiveanalytics.Theyarebasedonqueriesofspecificeventsandshowtheiroutcomeinagraphicalmanner.Anexampleforthiscouldbelookingforspecificerrors.Thedashboardcouldcontainagraphicaboutallerrorevents.

TocreateadashboardinvRealizeLogInsight,completethefollowingsteps:

1. LogontovRealizeLogInsight.2. ClickonInteractiveAnalysistogettothelogsearchview.3. Buildthequeryuntilthedesiredresultisdisplayed(addfilter,searchforspecificoutcomes,

andsoon).4. Nexttothesearchbar,clickontheAddDashboardbutton.5. Provideavalidnameandadashboardtoincludethechartin.6. ClickonAddtosave.

Oncethequeryisavailableasachartonthedashboard,itcanfurtherbeedited.Thelookandthestyleofthedashboardcanbechanged.Itcanbeabarchartoranareaorjustaline.Also,theinteractiveanalysisonwhichthechartisbasedcanbechangedanytime.

Theentiredashboardcanbeusedinpresentationmode.Inthismode,LogInsightwillautomaticallyupdatethechartcontentsofallchartsbasedontheselecteddatatimerange.Notethatthisdoesnotworkwithacustomtimerange.

Thismodecanbeusedtoputtheupdateonamonitoringscreeninanoperationscentertoseeifanythingsuspiciousmightbegoingoninthedatacenter.

Thepro-activeanalyticsfeatures

Besidestheinteractiveanalytics,LogInsightalsohasapro-activecomponent.Ifsomeeventsarewaytooimportanttomissthemhappening,itoffersanalertfunctionalitybasedonacreatedsearch.

1. Thesetupworksquitesimilarlikethedashboardcreation.Allauserneedstodoisbuildthequerywithallfiltersapplied.InsteadofclickingontheAddDashboardbutton,thereisaCreatealertfromquerybuttonrightnexttoit.

2. ThisoptionenablesLogInsighttosendoutalertnotificationstoane-mailaccount,butalsotovRealizeOperationsManagerinordertologananomaly.InthecaseofvROpsalerts,thedefaultobject(wherethealertshouldoccur)canbechosenaswellasthecriticality.

InordertoletvRealizeLogInsight,sendalertstovRealizeOperationsManager,thosetwotoolshavetobeconnectedtogether.ThiscanbedoneintheAdministrationviewofLogInsightunderIntegration.ThehostnameandauserforvROpsarerequiredtointegrateLogInsight.Withthis,vROpswillalsobeabletodirectausertoaloginsightquerybasedonvROpsobjects.

SummaryInthischapter,themonitoringandanalyticsmethodsfortheSDDChavebeendiscussed.ItwasnotonlyexplainedhowtousethetoolsetfromVMware,butalsothattherearenewconceptsrequiredinordertoidentifyissuesbeforetheyharmtheenvironment.Themissionofalltheseconceptsandtoolsistolimittheimpactontheuser.Inaperfectworld,therewillbenone,thesemethodsandtoolswillsupporttheoperationsteamsofanSDDCtoachievethisdifficultgoal.

Thenextchapterwilldiscusstheneedforcontinuousserviceimprovement.AlotofprocedureshavebeenchangedinordertomaketheSDDCrunproperly,butthisisjustthebeginning.AnagileandhealthySDDCisalwayschanging;therefore,itisimportanttorevisitchangesfromtimetotimeinordertomakesurethattheyarestillrelevant.ThischapterwilldiscusshowtoconsistentlyandcontinuouslyimprovetheservicequalityinordertostayrelevantfortheSDDCuser.

Chapter12.ContinuousImprovementThischapterwilldiscussthecontinuousimprovementprocess,whichisrequiredinordertokeepthesoftware-defineddatacenter(SDDC)working.InChapter2,IdentifyAutomationandStandardizationOpportunitiesofthisbook,theprincipleofautomationandstandardizationwasdiscussed.Also,thebusinessprocessesinanorganization,whichneedtobeadoptedinordertosupportthedifferentrequirementsoftheSDDC.TherequiredchangestomaketheSDDCrunsuccessfullyarenotstatic,though.TheyneedtobeasflexibleandagileastheSDDCitself.

TherearerumorsthatInformationTechnologyInfrastructureLibrary(ITIL)isnolongerneededintheSDDCsincethisisnowperformingallthesetasksrequiringdocumentationandcontrol.Butactually,theSDDCisanoutcomeofITIL.Itistheautomatedwayofrunningadatacenter,whichforcesorganizationstostandardizeandtoautomateasmuchaspossible.TheservicecatalogiswhatITILcalledthelibraryandoffersreadytodeployversionsofapplicationsoroperatingsystems.TheintegrationintotheCMDBorIPAMisanothercommonfactbetweenITILandtheSDDC.

Basedonthis,itisalsoagoodideatobeawareofanimportantprincipleintheITILframework:ContinualServiceImprovement.

Thiswillbecapturedinthischapter,includingthesepoints:

RevisitestablishedservicesReviewautomationprocessandservicetemplatesRecheckbusinessrequirementsandreapplythosetothesolutionEnhanceservicequalityanddelivery

ContinualServiceImprovementTheITILdescribesstandardprocessesoccurringinmostorganizations.Actually,anSDDCisawayofautomatingITILandenforcestandardizationandrepeatableactionsacrosstheentiredatacenter.OftenITILisreducedtoaspecifictoolsetoractionwithinthedatacenter,forexample,ticketingsystems.Butthatisonlyasmallfractionofwhatitdoes.ItbasicallytriestoprovideaframeworktostandardizeandstreamlinethedeliveryofITservices.Furthermore,italsoprovidesoptionstopredefineservicessotheycanbedeliveredmultipletimesinasimilarformat.

Besidesthat,italsoregulateswhatachangeisandwhattheactionsareinordertomakechanges.DatacentersacrosstheglobehavemadegreatuseofthesesuggestionsinordertostreamlinetheirITtasksandmakesurethatmaintenancecanbepredicted.Also,thiskindofdocumentedchangesisnecessaryinordertopreventanyunforeseenconsequenceswhenitcomestoincorporatepatchesandupdates.

However,beforetheSDDCallthishadtobedonewithadditionaltoolsandoftenintroducedalotofextraworkfortheadministratorortheoperator.Ticketshadtobefiledandsendbackandforthbeforeeventhefirstactioncouldbedone.Also,somepeoplethoughtthateverysuggestioninITILissetinstoneandneedstobeexactlyexecutedasdescribedintheframeworkwithineverydatacenter.TheideaofITILwasnevertobeabibleforITdeployments.Theideawastobeacollectionofgoodpracticestofollow.Itwasintendedtobeaframework,notahow-toguide.Thatmeansthatitholdssuggestionsonhowthingsmightworkout,butintheend,everyonehastofindouthowtoadoptthesesuggestionstotheirowndatacenterandprocesses.

OncetheSDDCisupandrunningandallthetoolsareworkinginperfectunisontheymarkthenewstandard.Togettothisstate,alotofprocesseshaveeitherbeenadoptedorcompleterecreatedinordertoenableautomatedservicedeployment.Processes,whichmighthavebeenintroducedlongbeforetheSDDCandhavebeenincludedbecausetherewasnotimetochangeorquestionthem.

ContinualServiceImprovementisdoingexactlythis:askingifacertainwayofdoingthingsisstilltherightwaytodoit.WhilethisisoneofthemainITILprinciples,itisoneoftheleastusedinorganizations.However,itbecomesverypracticalinanSDDC.

Thegraphicexplainshowtheprincipleworks.ThismodelhasoriginallybeendevelopedbyW.EdwardsDemingandiscalledTheDemingCycle:

Plan:ThisisthedesignphaseoftheSDDC.Butitcanalsobeseenasthedesignphaseforanewblueprintorserviceoraprojectphaseforanenhancement.Do:Thistypicallydescribestheimplementationphase.Basically,thisiswherethedesignbecomesreality.EitherbycreatinganSDDCenvironmentorbyconfiguringanewblueprinttobedeployedautomatically.Check:Aftertheimplementationiscompletedsuccessfullythisphaseisneededforquality

assurance.Itwillproveifthedesignandtheconfigurationmatchaswellasiftheintendedqualitytargetwasmet.Also,thisphaseensuresthatthedesignsolutionissolvingthebusinesscaseasintended.Act:Thisistheimprovementmodule.Ifanydeviationsareidentifiedinthecheckphase,thosearegoingtobecorrectedintheactphase.Itismakingsurethatchangescanbeimplementedintothewholeprocessbasedontheotherthreeoptionsofthismethod.

Thismodelhasbeenintroducedinordertopreventacyclerollingbackdownthehillafterimplementation.ItsacronymisCSI,whichstandsforacontinuousimprovementoftheofferedsolution.Itrequiresthatateamisworkingonthatschedules,butintheend,itwillensurethattheSDDCrunsflawlessly.

Theprecedingimageshowstheconstantcycleofimprovementsinaservice.Thesearethesixsteps:

1. Thebusinesscaseshouldalwaysbethedriverfortheprocessorproject.Itisimportanttounderstandtherequirementsandprovidethenecessaryresourcesortechnologiestofulfillthem.

2. Beforeanychangeisintroduceditisimpossibletounderstandallstrengthsandweaknesses.Inordertobeabletodoeffectivechange,thisstepshouldnotbeunderestimated.

3. Thisphasepicksuptherequirementfromstep2andagreeswithwhatshouldbedelivered.

Theremightalsobenewerfindingsbroughtintointhisstep,tofurtherimprovetheservicequality.

4. Thisisthephasewheretheprocessesandtoolsmayneedtobechangedinordertogettothedesiredstate.Itislikeaplanningphaseinaproject.Thisisoneofthekeyphasestounderstandwhatchangesarerequiredtotheprocesses.

5. BycheckingtheKPIsandperformanceindicatorsthisstepwillpointoutifthegoalhasbeenachievedornot.Thisisanimportant(QAQualityAssurance(QA)stepandcheck,notonlysinglecomponentsbuttheentireimplementation.

6. Thefinalstepensuresthatthereisconstantchange.Bygettingallresultsfromtheformerstepsitensuresthatthesestepsarecompletedasoftenaspossibleinordertodeliverthedesiredandrequiredoutcome.

Thereasonwhyitisimportanttofollowthisprinciplecanbedescribedwithasimpleexample:

InSteve'sorganization,itisrequiredtofileaticketbeforeaservicecanbedeployed.Therequestorgetsaticketnumberandthisnumberenablesthetrackingoftheentireprocess.NowtheITdepartmentannouncedthattheywillhaveaself-serviceportal,whichenablesStevetoorderservicesondemandusingtheportal.Steveisquitehappybecausetheanotherprocesswasclunkyandslow.

Ashelogsontotheportalandrequeststhefirstserviceheisdisappointed.TherequestformintheportalaskshimabouttheticketID.HenowneedstocreateatickettodeployaserviceandthengototheportaltoputintheticketIDtorequesttheservicewhichthengetsdeployedautomatically.ThisisquiteaneffortforSteveandheisnotveryhappywiththeprocess.Whilehegetshisrequestedservicesfasterasbefore,healsohastofilloutmoreformsandbureaucracyhasslightlyincreasedtogetservicesdelivered.

Inthiscase,theITorganizationfromStevehassimplyadoptedtheoldmodeltotheSDDC.Whilethisisaneasywaytoincludeaservicewithoutchangingittoomuch,itmightnotmakesenseforanautomatedenvironment.Thesolution,inthiscase,couldbethatthesystemiscreatingtheticketautomaticallywhenauserisrequestingaservice.Theauto-generatedticketIDcanthenbefeedintotheoriginalsystemandstillbeusedtotrackthedeployment.

However,thisisexactlywhatismeantbythecontinuousimprovementcycle.Ultimately,itisquestionableiftheoldprocessisstillneeded.Intheexample,allrequestsarestoredinthecloudportal.Theportalcouldbequeriedforrequestedinformationanditalsoknowsthestateoftherequest(successful,failed,inprogress,andsoon).SotheITdepartmentcouldevolvetheprocessovertimetomakeiteasierfortheendusersaswellasforthemselves.

Byrevisitingthepurposeandquestioningifitisstillneeded,theITentersthecheckphase.Thenextphasewouldbetoplanthechangesandincludethemintothesystem.Thiswouldbethefirstofmanyimprovementsbroughtintothesystem.Butthereforethefeedbackfromtheusersaswellasacriticalviewonpresentprocessesisrequired.

Also,changingprocessesarenormallynotdoablebyonedepartment.TypicallymultipledepartmentsareinfluencedwhenitcomestoITprocesses.Thereforeitishelpfultosyncwithallpartiesanddecidewhatthebestwayforwardcouldlooklike.InChapter1,TheSoftware-DefinedDataCenter,ofthisbook,theSDDCcenterofexcellence(CoE)wasexplained.Itisavirtualteamconsistentofmultipledatacenterdivisionswithdifferentrolesinordertorunthenewautomationenvironment.

ThesameteamneedstoworkonthecontinuousimprovementandhastoworkwithotherteamsintheorganizationinordertoensurethatprocessesaroundthedeploymentandintegrationcanbebroughtuptospeedtomatchthenewwayofrunningIT.

TechnicalassuranceBesidestheprocesses,itisalsonecessarytoquestiontheusedtechnicaldeliverymethods.Areallservicesdeliveredusingstateofthearttechnologiesinordertoachieveagilityandflexibility?

Sometimes,inordertogettheSDDCdonequicker,thesedeliverymethodsarecompromisesbetweentheoldandthenewworld.Theproblemwiththisassumptionis,thatiftheusersaccepttheSDDCandwhatithastooffer,theywillmoreandmorerelyonitsdeploymentquality.Ifnowthesedeploymentmodescan'tkeeppacewiththeuser'sdemand,theyneedtochangeagaintofulfillthenewrequirements.

Goodexamplesforbadcompromisesare:

TheVMinstallationmethodisstillusedasifitwasaphysicalserver(PXEboot).Thebackup/restoreisstilldoneasifitwasaphysicalserver(OSclient,andsoon).TheIPaddressmanagementisdonemanuallybyaddingittoaworksheet.EachVMgetsastaticIPbasedonaspecificpatternandusecase,noautomatedIPpools.NormallythesecompromisesaredonetomaketheinitialdeploymentoftheSDDCfaster.ButthereisahighriskthattheyarenotfastenoughchangedinordertokeepupwiththeexpectationsoftheSDDCusers.Oncethebusinessisusedtothequickerdeploymentstheywillstarttoexpandtheiruseoftheportal.Inmanycases,datacenterautomationwillincreasethenumberofdeployedservices.Thismeans,thatiftherearecompromisesinplace,whichwilllimitthisefficiencydramatically,thiswillberecognizedoncetheSDDCisbeginningtogrowmoreandmoreimportantforthebusiness.Inordertopreventadisruptiontotheservice,whichmightdiminishthetrustoftheusers,itisrecommendedtoimprovecompromisedintegrationsassoonaspossible.

Reviewingblueprints

TheblueprintsarekeycomponentsintheSDDC.Theirfeasibilityneedstobecheckedfromtimetotimeinordertoensuretheyarestillrelevant.

Ifadeploymentfromthetemplateischosen,thereareacoupleofgoodpracticesinordertoensurethesetemplatesstayasuptodateaspossible:

UpdatethetemplateOSonceperquartertothemostrecentpatchlevel.ThispreventslongwaitingtimesafterdeploymentiftheOSneedstodownloadandinstallatonofpatches.Ensurethateventuallyincludedsoftware(AV,backup,andsoon)isuptodate.Thiscanbedonewhilethetemplateiscontinuouslypatched.Ifsoftwarepackagesareincluded,checkperiodicallyiftheinstallmethodisstillvalidforthemostrecentversion.ThisisespeciallyimportantformostWindowsinstallationsusingPowerShell.IfXaaSblueprintsareused,periodicallycheckiftheworkflowinvROisuptodateandifthecounterpart(thethird-partyitcontrols)isstillacceptingthesamecommands.

Ifaworkflowsubscriptionisused,thesameprincipleasforXaaSapplies.Also,ensurethatifanythird-partyintegratedtoolisupdatedalltheworkflowsrelyingonthattoolarequalitycheckedasquicklyaspossible.Besidestheupdatesandensuringthatthesubscribedneededworkflowsarestillworkingitisalsoimportanttoreviewthepurposeoftheentireblueprint.Maybeitisnolongerrequiredinthisform.AnexamplecouldbethattheserviceshavechangedandinsteadofinstallingsingleVMsnow,everyoneisdeployingentireapplicationenvironments.Therefore,asingleOStemplatemightnotberelevantanymore.OrthetechnologyhasmadaleapandtheOSversionisnolongerneeded.ThereforetheblueprintneedstopointtoanewerOSversion.AllthesetasksarepartofthecontinuousimprovementofthetechnicalbaselayersintheSDDC.Iftherewouldbenoimprovementtheenvironmentmightbecomeoutdatedquitequicklyandwouldlooseitsrelevancetothebusiness.

Reviewingautomationandintegration

Automation,standardization,andintegrationarethebaserequirementsforanSDDC.Chapter2,IdentifyAutomationandStandardizationOpportunities,ismostlyconcentratingonidentifyingopportunitiestoautomateandstandardizeinordertomakethewholeinstallationandintegrationoftheSDDCpossibleatall.However,itisalsoimportanttorevisittheseautomationtasksfromtimetotimetomakesuretheystillservetheirpurposeandworkreasonably.

AlotofvSpherefunctionscanprovideawidespectrumofautomation.AcoupleofthesehavebeendiscussedinChapter3,VMwarevSphere:TheSDDCFoundation.Itiswisetonotduplicateanautomationprinciple,whichmightbealreadypresentinvSphereorvCenter.However,vSphereversionswillchangeeveryyear.Evenifonlytheversioneverysecondyearcontainsmajorchanges,itisworthcheckingifanyofthecustomautomationmethodscannowbedonebyvSphere.

ThesideeffectofthisprocedureisthatallintroducedvSpherefeaturesare100%maintainedbyVMware.FromnowonVMwarehastotakecarethatthealgorithmdoesnotbreakduetoanupdateorupgradeofthehost.Thislowerstheeffortfortheoperationsteamandincreasestheagilityandefficiency.Althoughmanypeoplemighthavebeenputalotofworkintheautomationofcertaintasks,itishighlyrecommendedtodropthecustomautomationinfavoroftheindustrializedonecomingwithVMware'sproducts.

TherearesomeprominentexamplesofautomationtasksbakedintovSphereovertime:

vSphereDistributedResourceScheduler(DRS):MovesaVMbasedonitsresourcedemandtodifferenthostsinordertofulfillthose.Thishappensautomaticallybyaspecialscheduler,whichmonitorsthedemandintheclusterandprovidesrecommendations.StorageDRS:Automaticallymigrationofworkloadsbetweendatastoresbasedoncriterialikeperformanceorspaceleft(outofspaceavoidancemove).StoragePolicyBasedManagement(SPBM):InsteadofmatchingdatastorespernamepoliciescanbecreatedtofittherightdatastoretotherequirementsoftheVM.ThetechnologyisbasedonVMware'sVASAadapter,whichisconstantlyimprovedtodeliver

evenmoreinsightstotheunderlyingstorage.vSphereHighAvailability(HA):ItbeganwithaverysimpleVMrestartprocedureandhasnowevolvedintoapowerfulHAtoolset.NotonlycanHArestartVMsfromafailedhost,itcanalsomonitortheVMheartbeat(basedontheVMtools)andrestartaVMifithasenteredabluescreenorkernelpanic.ThereareevenapplicationspecificHAadaptersinordertorestartaprocesswithinaVM.Autodeploy:WhileitisoneofthemostcomplextoolsofVMwareitprovidesgreatefficiencyandagilitywhenitcomestothebiggerscaleinstallationofESXihosts.AllitneedsisaPXEenvironmentandvSphereHostProfilestowork.OnceanewhostisstarteditcanbeautomaticallycomeupwiththerightvSphereversionandcanbebroughtintotherightcluster.

WhiletheSDDCmightbealreadybuiltbasedonthisvSpherefeaturesandfunctions,itisrecommendedtostayuptodatewithVMware'slatestadditionsandenhancements.MaybethereisavSpherefeaturereplacingacomplexbutrequiredautomation.Inthiscase,itshouldberevisitedifnotthevSphere-integratedautomationisabetterchoiceforthepreviouslyoutlinedreasons.

Butitisnotonlythehypervisor,whichshouldbeperiodicallychecked.Theothertaskswhereautomationwasappliedonarenecessarytorevisitaswell.Anexampleforthisisachangedbusinesscase(oranadd-on)whichmayrequirenotthesameamountofautomation/integrationoracompletelynewapproachinordertobesuccessful.

DevOpsisoneofthecandidatesclashingwithmostofthetraditionaldatacenterintegrations.However,sincethismightbeachangethebusinessisaskingfortheSDDChastobeimprovedinordertosupportthisusecaseaswell.

ButwhatdividesDevOpsfromstandardITworkloads?

TheideaofDevOpsistobefast,agileandefficient.Theremightbe3to5differentapplicationversionsperweek.Also,theymightusecontainersoratleastacontainerframeworktoworkproperly.AsdescribedinChapter9,DevOpsConsiderations,itisfundamentallydifferentfromrunningtraditionalIT.

Also,allisabouttheapplication.TheinstallationandtheOSprovidingtheresourcesaresecondaryanddefinitely,donotconcernthedeveloperinanymeans.Infact,frameworkslikeCloudFoundationrunaproprietaryOSasVMsonahypervisor.Ontopofthat,theyusecontainerstohousetheapplicationandbeingabletoactasquickandflexibleasneeded.

IPAMintegrationisquiteuselessforaDevOpsenvironment.Also,itdoesnotneedaCMDBandwouldcertainlynotworkwellwiththisprinciple.Thesetwo(automated)integrationsareirrelevanttothisusecaseoftheSDDC;thereforetheyshouldeithernotbeadoptedorchangedinawaytosupportDevOps.

WhileDevOpsisaprominentexampletheremightalsobeenterpriseITchangeswhichmight

forcetheteamtochangeorevencompletelyrecreatetheautomationprocesses.SincethebusinessandtheITareconstantlymoving,soistheintegrationeffortinanSDDC.

RevisitingthebusinesscaseAstheimplementationoftheSDDCmighthavetakenquitesometimeitisimportanttorevisitthebusinesscaseandseeifitstillfits.Thebusinessmighthavechangeditsdemandsandthereforethedatacenterautomationmightalsoneedachangeoranupdate.Theinitiallycreatedservicemightstillberelevant,buttheremightbenewservicesrequiredtoserveothercases.ThereforeitiswisetokeepthebusinessclosetotheITinordertobeawareofactualrequirements.

InthenewSDDCenvironment,theintroductionofnewservicesshouldbesimplerasinthenon-automateddatacenter.However,thatdoesnotmeanthatthisworkswithoutplanninganddesigning.Theremightbeadominoeffectifasingleblueprintischangedaffectingalsoothersystems.

Suchachangemightbetheintroductionofanewservice,whichincludestheautomatedinstallationofallcomponents.Itmightbeabusinesssystem,whichcanbeorderedondemandandiscompletelydeployedbytheSDDC.Alltherequestorhastodoisconnecttothesystemandstartworkingafterithasbeendeployed.Inordertoaccomplishthis,anumberoftasksneedtoworkflawlesslytogether.ThebasiswillbeavailableintheSDDC.Thereneedtobevariousothertasksdoneinordertoenableafull-serviceinstallation.Thesoftwareinstallationmightbedoneusingeitherapre-existingtoolorvRealizeAutomationApplicationServices.Toformthisdecisionallfactorsshouldbetakenintoaccount.Anexistingtoolmightbeusedbecauseitalreadyhashundredsofapplicationsreadytobeinstalled.vRAmightbeusedbecauseitcanalsodoallthenicheinstallationsatraditionaltoolmightcannot.Maybeamixofbothtoolsisneededtodeploytheapplicationasquickestaspossible.

Thewholeideaofaservicecatalogthoughistobeflexibleandagile.Itneedstoreflecttheactualrequirementsanddesiresofthecustomerusingtheportal.

SincethebusinessnowhasalotofinfluenceontheITdesign,itisrecommendedtohaveadirectcontactwiththebusinesstolearnabouttheirrequirementsandplansaccordingly.Thisshouldnotbeoftechnicalnature,buttounderstandwhattheyareplanningandwhattheymightneedtobesuccessfulwiththeirprojects.

TheprincipleoftheITAmbassador(intheprecedingimage)ismaybeclosetoaninternalITsalesperson.ThismightbeagoodpracticetodrivethecontinuousimprovementthroughthenewdemandsandexpectationsthebusinesshastowardstheIT.Also,itmightstrengthentherelationshipbetweenthosetwodepartments.SincetheSDDCcapabilitiesaredesignedtohelpthebusinessinsucceedingintheirdailyworktherelationshipbetweenthesepartiesisveryimportant.AhealthyrelationshipwillleadtoagoodteamworkandmakeagoodSDDCan

outstandingSDDC.IfthetrustcanbebuiltthatwiththehelpoftheITdepartmentthereisnowchallengethebusinesscan'ttacklethatwouldbeawin-winfortheentireorganization.

Thereforeitmightbeagoodapproachtohavesuchafunctionandtoreviewthebusinesscaseandtheexpectedfunctionalityatbestonceaquarterbutatleasteveryhalfyear.

ITILintheSDDCThecreationofanSDDCisfarmorethanonlytheconfigurationofaviewsoftwaretools.ItbeginswithfindingtherightteamfortheSDDCoperations.Thisteamhastobeinter-disciplinaryintermsoftechnologytoensurethatallaspectsoftheSDDCcanworkflawlesslytogether.Oncesuchateamisbuilt,ithastoidentifytasksandprocessestoeitherautomateorsubstitutewithnewerwaysofcompletingITrequest.ThisisnotaneasytasktocompletebutnecessarysinceitwillensurethatfurtherchangesandrequirementscanbeeasierfulfilledbytheSDDC.

MatchingtherequirementstothesolutionAfterallofthishasbeenoutlinedthesolutionhastobedesignedinordertofulfilltherequirements.Thiswillbethelaterfoundationfortheconfigurationandinstallationandshallincorporateallfeaturesandcapabilitiesthesolutionneedstoofferafteritiscompleted.Comparedtootherdesigns,whichmayonlyincludeasinglecomponent,thisoneneedstoincludeallnecessarytoolsandeventheintegrationautomationpiecesfortheentireSDDC.

Afterthedesignissetandthedecisionshavebeendocumentedonintegration,allthedifferenttoolshavetobeconfiguredinordertoformthefoundationfortheservicedeployment.Amongsttheportalandtheorchestrationsystem,theremightbenetworkvirtualizationinthemix.Thisenhancesthespeedandflexibilitywhendeployingcomplexservicestappingmultiplenetworks.However,giventhiscapability,itwillbepossibletoautomaticallydeployentirelabsorthemostcomplexservicesusingdifferentnetworksforapplication,databaseorwebfrontendcomponents.

TobefuturereadytheSDDCshouldalsobereadyforDevOpsanditschangedrequirementstowardsatraditionaldatacenter.Ifthebusinessrequiresamuchquickerapplicationdevelopmentcycle,thereisnochancetoachievethiswithtraditionalapproaches.However,theagilityandautomationofthesystemwillalsobereadytohandleDevOpsrequirements.Thiswillultimatelyhelpthebusinesstostayrelevantandcompetitive.

Finally,themonitoringandanalysisnotonlyfortheinternalplatformcomponentsbutalsothedeployedservicesneedtoberethought.ThereforeVMwarehaspowerfultools,whichcanadapttonewsituationsquicklyandlearnthebehaviorofentireapplicationsinordertolookforanomalies.

Thisisasmartwaytodetecterrors,evenwhentherearenothresholdsdefined.InachangingandquicklyadoptingSDDCatraditionalmonitoringcannotkeeppace.Therefore,intelligenttoolsneedtobeused,whichcanadoptandlearnthedatacenterbehaviorstounderstandwhatisnormalandwhatiscritical.AllthisdefinestheSDDC,butitdoesnotmeanthatthisissetandforget.

ApplyingcontinuousserviceimprovementtotheSDDCTocreateanSDDCwithallitsautomationandintegrationprocessesmeansthatthesecan'tstaystaticforever.Iftheseprinciplesareincorporatedthoughtfullyitwillleadtoasmoothrunningdatacenter,whichdeliversexactlytheservicesrequiredtoitsendusers.Thebuiltteamsrunningthisnewdatacenterwillbeusedtothiscontinuousimprovementprocedureandthereforechangescanbeintroducedmuchquickerthanintheoldstaticdatacenterdays.

SincealltheautomationandintegrationtasksintheSDDCarecreatedwithagilityandefficiencyinmind,itshouldalsobepossibletochangethoseinordertofurtherimprovethesetwomajorcharacteristicsoftheSDDC.

Keepinmindthatthisisaflexibleandagileenvironment.Thereforeitneedstobemanagedandoperatedinthesameway.

TheseprinciplesareolderthanSDDC,buttodaytheyareeasiertofollowthanever.Inthetimetheyhavebeencreateditwasquitecomplextoautomateeventheslightestdeploymentinadatacenter.Today,withthepoweroforchestrationandnetworkvirtualizationitismuchsimplertoautomate,thereforetheseprinciplesshouldbeconsideredineverydatacenter,butespeciallyintheSDDC.

SummaryThischapterwasexplainingtheneedtorevisitdesigns,processes,andservicesinordertomakesurethattheyarestillrelevantforthebusiness.Also,itdiscussedbasicprinciplesofITILandhowitmatchestotheSDDCarchitectureanddesign.Itdiscussedmethodsandwaystokeepthecontinuousserviceimprovementupandalsotocreateanactiveandongoingdialogwiththelinesofbusiness.Further,itdescribedtheneedtorevisitthecreatedautomationtasksaswellastheblueprintsandservices.SincethereisconstantchangeintheITandintheeconomicsthesedaysithighlightedtheimportanceofembracingthatchangeandgrowtheSDDCwithit.

building vmware software-defined data...

Documents

using vmware vrealize orchestrator plug-ins - vrealize...

installing and configuring vmware vrealize orchestrator ·...

vmware vrealize orchestrator 설치, 구성 및...

services client for developing a web vmware vrealize ... ·...

orchestrator plug-ins using vmware vrealize · using vmware...

developing with vmware vrealize orchestrator · exception...

vmware vrealize orchestrator 8.0 load balancing guide...

lenovo networking plug-in for vmware vrealize...

using the horizon vrealize orchestrator plug-in - · pdf...

installing and configuring vmware vrealize orchestrator...

orchestrator migrar vrealize · migrar la configuración de...

using vrealize code stream - docs.vmware.com a jenkins...

installing and configuring vmware vrealize orchestrator...

using the vmware vrealize orchestrator client - vrealize...

hitachi storage connector for vmware vrealize...

n orchestrator 7 - vmwareopenstack through vrealize...

vmware vrealize orchestrator emc vipr controller plug-in...

vrealize orchestrator load balancing - vmware...april 2016...

vmware vrealize orchestrator cookbook - sample chapter

vrealize automation load balancing - vmware · different...