presentation v mware v-cloud director technical overview

1 © Copyright 2010 EMC Corporation. All rights reserved.

VMware vCloud Director Technical Overview Nathan Wheat, VMware Senior Systems Engineer


VMware Accelerating the Journey to Cloud

Cloud Computing is an approach to computing that leverages the efficient pooling

of on-demand, self-managed virtual infrastructure, consumed as a service.

Pooling

From machines to highly

elastic resource pools, with on-

demand capacity

Zero-Touch Infrastructure

Policy-driven automation of

provisioning, deployment and

management

Self-Service

Easy access with policy-

based provisioning and

deployment

Control

Application-aware

infrastructure with built-in

availability, scalability, security

and performance guarantees

Open & Interoperable

Application mobility between

clouds, based on open

standards

Leverage Existing

Investments

Benefits of cloud computing to

existing applications and

datacenters

Efficiency thru Utilization

and Automation Agility with Control Freedom of Choice


Agenda

VMware Cloud Components and Licensing

VMware Cloud Architecture

Deploying a VMware Cloud

Cloud use cases


VMware Cloud Components

VMware vSphere and vCenter Servers

VMware vCloud Director

VMware vShield for VMware vCloud Director

Chargeback Server


VMware vSphere and vCenter Server Clusters and Resource Pools

– Provide cloud compute

– DRS is a requirement for the cluster

Shared storage

vMotion compatible or EVC enabled

Datastores

– Provide cloud storage

– Abstract away underlying storage type

Portgroups

– Provide cloud networking

– Abstract away underlying networking infrastructure

– vSwitch, vNetwork Distributed Switch or Nexus 1000V

FC Storage

vNetwork Distributed Switch

vSphere Cluster/Resource Pool

iSCSI Storage NFS Storage

vCenter Server

ESXi/ESX hosts



Define standard infrastructure tiers called Virtual Datacenters

– Pool virtualized infrastructure resources across multiple vCenter Servers

Define standard collections of VMs called vApps

Create Organizations and manage users with RBAC

Provide UI for users to self provision vApps into Virtual Datacenters

Provide secure multi-tenancy using vShield Edge


VMware vShield for VMware vCloud Director

VMware vShield Edge provides end point security • Available for download with vSphere Enterprise and Enterprise Plus.

One vShield Manager required per vCenter Server • Provides network edge security

• Provides firewall, NAT, port forwarding, IP masquerading and DHCP functionality (enforces multi-tenancy)

• Edge appliances deployed and managed by VMware vCloud Director on vSphere.

• Separate client not required.

• Does not require separate database

Licensing • Free but requires license key during configuration

• Upgradable to vShield Edge 1.0 (full version which includes site-to-site VPN and load balancer)


Agenda




Cloud use cases


Gold” vDC

Physical

Group

Resources

into

“Service

Tiers” with

Specific

costs

Resource

Groupings:

Provider vDC

Org Resource

Allocation

Org: Finance

Access Control

vDCs

Catalogs

Provisioning Policies

Org: Sales

Access Control

vDCs

Catalogs

Provisioning Policies

Host

Network

SAN

vSphere

Resource Pool

Datastore

Port Group


Gold

Silver

From vSphere to Cloud Infrastructure


Agenda




Cloud use cases



Setting up Management Cluster

Setting up Cloud resources • Provider VDC

• External Networks

• Network Pools

Setting up Organizations • Setting up Users, roles and privileges

• Setting up Policies

Setting up Organizational Resources • Organization VDC

• Organization Networks

Setting up Catalogs of vApps and Media


Install and protect components

Create a Management Cluster

– Verify DNS, AD, NTP availability and redundancy

– Install vCloud Director Server on a Management Cluster

vCloud Director Server

• load balancer (if using >1 cell)

Oracle Database

vShield Manager virtual appliance

Chargeback Server

Chargeback SQL Server

– Protect using HA, DRS and SRM.

– Backup Management VMs via storage level backups or vDR.

– Backup the Databases

– Use VUM to patch hosts

Management cluster

ESXi/ESX Servers




Setting up Cloud resources • vCenter Servers

• Provider VDC


• Network Pools







VMware vCloud Director web portal

Provides a convenient web based portal for

– Cloud administrators to deploy and manage cloud resources

– End users to use cloud resources

Web based – works with any standard browser

Rich Flash based UI experience


Cloud Personas

Cloud Administrator • Deploy and manage cloud infrastructure

• Add vCenter Servers

• Create Provider VDCs, External Networks and Network Pools

• Create Organizations

• Create Organization VDCs and Organization Networks

Organization Administrator • Organization user and roles management

• Creating catalogs

• Managing organization policies leases, quotas and limits

• Setting up org specific SMTP settings and org specific domain to join

End Users • Use vApps from catalogs

• Create vApp networks


Add vCenter Servers

VMware vCloud Director supports multiple vCenter Servers

vCenter Servers provide

– Compute via Clusters and Resource Pools

– Storage via Datastores

– Networks via portgroups and vNetwork Distributed Switches

Requires vCenter user with admin credentials

Requires vShield Manager connected to vCenter Server


Create Provider Virtual Data Centers (VDC)

Combine compute and storage into standard offerings

– Created by Cloud administrator

To create Provider VDC – Select a Resource Pool/Cluster

– Select datastores that you wish to attach to the Provider VDC.

Max of 256 datastores per Provider VDC

Choose from across inventory of vCenter Servers

VMware vCloud Director prepares each host in the cluster by installing an agent. Host does not require reboot.


Examples of Provider VDCs

Use Provider VDCs to offer tiered compute and storage • Fast, medium, slow compute and storage

• Silver (SATA), Gold (FC), Platinum (EFD), Unobtainium (aggregate) storage

• Nehalem based clusters, AMD based clusters

Create a Provider VDC per tier of compute and storage you wish to offer to users


Create External Networks

Provide external network connectivity to cloud workloads

“External” to (organizations in) the cloud

External networks can be isolated at Layer 2 by VLANs or physical separation

Portgroup on a vDS (Nexus 1000V supported)

Shared resource providing cloud workloads access to network resources

– E.g. Corporate network, Test and dev network, Production network, Internet.


Create Network Pools

Provide “Internal” network connectivity to cloud workloads

– Internal to organizations

– Internal to vApps

Pools of isolated Layer-2 networks

– Empower users to self-provision networks

– Networks are provisioned on vDS

– Portgroup-backed network pools supported on Nexus 1000V (see next slide)


Types of Network Pools

Portgroup-backed • Create isolated portgroups in vSphere manually or with automation

• Attach a collection of them to VMware vCloud Director

VLAN-backed • VMware vCloud Director will automatically create portgroups as needed, and use a

range of VLANs to isolate them

VMware vCloud Director Network Isolation-backed • Proprietary network isolation technology

Network Pool Building Blocks

VLAN Backed + VLAN tags

VCDNI + one VLAN for transport

Portgroup backed or portgroups vSwitch vNetwork Distributed Switch






Setting up Cloud resources • Adding vCenter Servers

• Provider VDC


• Network Pools







Create Organizations

Unit of tenancy

Isolate groups or users or lines of business from each other

– E.g. Finance and IT

– created by Cloud administrator

Users on boarded to organizations

Each organization has a unique URL in the VMware vCloud Director system


Authentication and RBAC 3 Ways to Manage Users

– Local Users Simplest. User auth stored in DB

– One LDAP server for entire cloud

E.g. corporate Active Directory

Organizations = OUs

– LDAP server per-organization

Users & Groups assigned Roles

– Roles = collection of rights

– Create new or edit existing roles


Leases, Quotas and Limits

Exercise control via leases, quotas and limits

Set by Organization administrator

– Lease – Length of time that a user can use a vApp in a VDC

Runtime and storage lease

– Quotas

Running VM Quota

Stored VM Quota

– Limits

Heavy operations

• Per user

• Per Org

Simultaneous connection per VM





• Provider VDC


• Network Pools







Create Organization VDCs

Allocate resources to organizations using Organization VDCs

Org VDCs are allocated from Provider VDCs

– Can be as large as a Provider VDC

– All Organization VDCs in a Provider VDC are the same tier of service

– Each organization VDC represents a tier of service

SLA

Cost

vApps run in Org VDCs

Premium

Provider VDC Commodity

Provider VDC

Org 1

Premium

Organization

VDC Org 2 Premium Organization

VDC

Org 1 Org 2

Premium

Provider VDC

Other

Provider VDC


Org VDC Allocation Models

Pay as you go • No upfront resource allocation

• Org VDC allocated resources only as users create vApps

• Can set compute limits to cap usage

• Can guarantee only a % of organization VDC resources to cap usage

Reservation Pool • Org VDC allocated a “container” set of resources

• 100% of container guaranteed

• Organizations use advanced vSphere resource management controls such as Shares and Reservations to manage over commitment of their resources between their workloads

Allocation Pool • Org VDC allocated a “container” set of resources

• Organizations have very simple model of resources and advanced resource management controls such as Shares and Reservations are managed by the cloud operator

Actual

Guarantee

Overcommit

range

Actual

Guarantee


Create Organization Networks

Provide connectivity to workloads running inside an organization

Network Features

Internal Connectivity to vApps within the organization. No external connectivity

External Routed Connectivity to vApps and services on a shared external network. vShield Edge device is deployed outside

the organization to provide NAT and firewall services for vApps inside the organization

External Direct Connect Connectivity to vApps and services on a shared external network. vApps get IP addresses on the external

network. No NAT or firewall exists between the organization vApps and other vApps on the External

Network





• Provider VDC


• Network Pools







Catalogs Catalogs are collections of vApps and

media created & owned by Organizations

– Shared – Select users or entire organizations can use catalog

– Published – All organizations in the cloud can access and use catalog

Examples:

– Infrastructure as a Service Catalogs

Empty Small, medium and large VMs/vApps.

Pre-installed Windows & Linux VMs

OS Media files (ISO, floppy images)

– App catalogs

Corp standard Database servers, application servers

If post deploy configurations are needed, guest customization in VCD can run custom scripts

Linux Templates

Windows Templates

Engineering vApps Basic Media

Catalog

IT - Oracle vApps Premium

Media Catalog


vApps

Container of one or more VMs

– Package up multi-tier applications into vApps

– Operate on VMs as one unit

– Select boot order of VMs, start delays and stop delays

– Set runtime and storage leases

Can be created from scratch

– Building blocks templates in the catalog

Can be imported from outside the cloud

Availability = 99.99% Security = High Performance = msec

SLA Definitions

vApp

App

OS

App

OS

App

OS

Uses the OVF standard

– Captures meta data about the VMs

– Allows import and export between clouds in standard format


Remote Console

Launches a new window allowing users to interact with the VMs in the vApp

Allows power and suspend operations

Connect local CD ROM and floppy devices, CD iso images from file shares.

Alternatively, users can connect via remote protocols like ssh and RDP to their VMs


The complete picture

Provider

VDC

Organization

VDC vApp

vCenter

Server 1

vCenter

Server 2

vCenter

Server n


Clusters,

datastores,

portgroups

Clusters,

datastores,

portgroups

Clusters,

datastores,

portgroups

Cloud compute cluster

Cloud management cluster

with management VMs

Provider VDCs

Organization VDCs

vApps and templates

vShield

Edge

Network

Pool External

Networks

External Networks

Network Pools

Organization Networks and

vApp Networks


Agenda




Cloud use cases


Elastic and Seasonal Workloads

Elastic workloads • Scale up and down based on load easily by adding or removing

• ESXi/ESX Servers to Provider VDC

• Datastores to Provider VDCs

• vCenter Servers

• VMware vCloud Director cells

• E.g. Monte Carlo simulations

Seasonal Workloads • Avoid having to purchase and maintain capacity through out the year for workloads

that are seasonal

• E.g. Tax season workloads, end of quarter accounting workloads

• Scale up resources during the season and scale down resources in the off season.


Multi-tenancy and Organization Isolation

Use VMware vCloud Director to provide complete Organization isolation on a shared cloud infrastructure

– E.g. Organizations storing Consumer data

Secure LOBs that store consumer data using vShield Edge

Provide edge security isolating the Organizations containing customer data from other organizations

Multi-tenant UI with Role based access control

– E.g. R&D org isolation

– Drive cost down by sharing physical infrastructure

Org 2 Secure vApp Org 1 vApp

Organization VDC

Organization

secured by

vShield Edge


Product/Solution Demo, Training and Support

Demo use case • Maintain a catalog of demos

• Systems Engineers can deploy demo vApps quickly with short deployment and storage leases for demo purposes

Training and remote education use cases • Training administrator maintains course offerings in vApps

• Easily on-board students and associate roles and permissions

• Students can deploy course offerings into their cloud without IT intervention

Customer support and troubleshooting use cases • Quickly spin up vApps to test customer configurations with minimal IT intervention

• Each vApp has short deployment and storage lease to save on resources

• Fence vApps to deploy multiple copies of vApps on shared networks


Driving agility and efficiency in a secure and evolutionary way

Increase business agility by empowering users to self-deploy services with the click of a button

Maintain security and control over multi-tenant environments with user controls and VMware vShield

Reduce costs by efficiently delivering resources to internal organizations as secure virtual datacenters

Leverage existing investments and open standards to ensure interoperability and application portability between clouds


Call to Action

• Get educated and experienced! – Download the software and 60-day evaluation licenses

– Follow the Evaluator’s Guides to learn about features

– Pursue training opportunities when available

• Encourage customers to be “cloud ready” – VMware vCloud Director and the Private Cloud runs best on Enterprise Plus with

features such as the vDS, I/O Controls, DRS, and vShield

– Leverage customers’ excitement for the cloud as an opportunity to progress to Enterprise Plus, push continued virtualisation of tier-1 applications, and promote management products such as Capacity IQ.

• Start customers on “The Journey to the Cloud” – Identify specific customers looking to develop virtualization maturity, vision and scale.

– Begin discussions around process and business operations to support IT-as-a-Service models


Want more?

• Upcoming vmLIVE sessions

• Partner Central

• vmware.com – vCloud Director - http://www.vmware.com/products/vcloud-director/

– vShield - http://www.vmware.com/products/vshield/

– vCenter - http://www.vmware.com/products/vcenter/

– 60-day evaluations - http://www.vmware.com/tryvmware.html

– Evaluator’s Guides

• vForum 2010 – Sydney, Australia – 26-27 October 2010

http://www.vmware.com/products/vcloud-director/



http://www.vmware.com/products/vshield/

http://www.vmware.com/products/vcenter/

http://www.vmware.com/tryvmware.html

presentation v mware v-cloud director technical overview

Technology