Vcloud NE VMUG Presentation

Building Your Cloud with VMware
Deep Dive
Copyright 2010 VMware, Inc. All rights reserved. This product is protected by U.S. and international copyright and intellectual property laws. VMware products are covered by one or more patents listed at http://www.vmware.com/go/patents.
2009 VMware Inc. All rights reserved
Introduction
Chris Colotti
Consulting Architect, VMware Global Cloud CoE VCDX #37, vCAP-DCD, VCP Blog: www.ChrisColotti.us Twitter: @CColotti
Paul Lembo
Cloud Architect, VMware VCP, ITILv3 Blog: www.lemblog.com Twitter: @FPFL
Agenda
Why Cloud Computing How to Work with VMware vCloud
vCloud Eco-System Allocation Models Networking Public/Hybrid VMware vCloud Dos and Donts Q and A
Copyright 2011 VMware, Inc. All rights reserved. This product is protected by U.S. and international copyright and intellectual property laws. VMware products are covered by one or more patents listed at http://www.vmware.com/go/patents. VMware is a registered trademark or trademark of VMware, Inc. in the United States and/or other jurisdictions. All other marks and names mentioned herein may be trademarks of their respective companies.
Confidential
Why Cloud Computing?
Virtualization was about the Data Center
Cloud is about the Users
Virtualization and Cloud Computing

Cloud Computing Key Characteristics Secured multitenancy On-demand resources Self-service portal and service catalog Resource tiering and chargeback Key Benefits Economies of scale Elastic resources and more efficient utilization Line of business agility and operational expenditure (OPEX) savings Financial cost transparency
Virtualization Key Characteristics Server consolidation and containment Resource pooling Virtualized workloads Key Benefits Capital expenditure (CAPEX) savings Higher utilization Flexibility
Why Not Just Virtualization?
Challenges in a Virtualized Environment

Multitenancy support How to securely segment resources by user
organization
Controlling VM sprawl Pricing resources to shape user behavior Self-service provisioning Avoiding the IT provisioning bottleneck
Can different organizations compete for the same resources? Can VMs from different organizations see each other?
Administrator
Users
Can we have a defined catalog of VMs
How do you accurately charge users for their resources to

discourage the notion that VMs are free resources?
for user self-provisioning while ensuring some level of control?
Why Cloud Computing?
Extending vSphere with Cloud Computing Benefits

Multitenancy support Control access and visibility to resources Self-service portal for user provisioning through catalogs Resource allocation models integrated with chargeback Economies of scale with elastic resources under your control
Resources and access secured along organizational boundaries Add capacity seamlessly and reclaim unused resources via leases
Web Portal
Catalog
Self-service portal for users

Users
Role-based security Catalogs of predefined VMs VMs assigned with allocation/cost model
and quotas
Chargeback reports aligned to resource allocation

models to shape user behavior
How to Work with VMware vCloud

vCloud Eco-System
vCloud is Comprised of Many Different Products

Core Components Additional Components
VMware vSphere
vCenter Server ESX Update Manager
VMware vCenter Chargeback

Show-back
VMware vCloud Director VMware vShield

Manger Edge
VMware vCenter Orchestrator VMware Service Manager VMware vCloud Connector

Server Nodes
VMware vCenter Operations

Manager
Database Servers
Oracle/MS-SQL
3rd Party Add-ins
10
Eco-System Logical Representation
Service Manager
11
Eco-System Physical Representation
12
Change in the way we Manage things
vSphere was traditionally the management layer

Did not matter if vCenter was down for maintenance before
With vCloud Director vCenter is more Application Layer

Much of the eco-system interfaces with vCenter
vSphere administrators may not be vCloud Administrators

vSphere lockdowns (Dos and Donts)
Orchestration and customization may be important

Approvals and other workflows
High availability of all components involved

vCenter Heartbeat Database Log Shipping FT on vShield Manager
13
Possibly New or Deeper Skillsets
vSphere / ESX
Still a foundation and needs care and feeding
Deeper Storage Skills

Storage design for vCloud
Deeper Networking & Firewall skills

vShield Edge, routing, NAT
Scripting (PowerCLI) Workflows / Automation

vCenter Orchestrator
Capacity Planning Then - ESX, vCenter and some Scripting Now Total IAAS Management
14
Eco-System in Practice - One vCloud, Two Buildings
Two On-Campus Datacenters 2 vCloud Director Cells per building (4 Total Cells)
Single NFS mount in Building A F5 GTM Load Balancer
1 vCenter Server per building (2 Total)

Protected with vCenter Heartbeat 1 Update Manager server per building 1 Cluster per vCenter
vShield Manager per building

Protected use VMware Fault Tolerance
Database Servers per building vCenter Orchestrator Server per building Published Master Catalogs
15
Eco-System in Practice - One vCloud, Two Buildings
16

Allocation Models
17
Allocation Models Change Consumption Habits

.
Unblur the virtualization era line between choice and cost.

18
Confidential
What are Allocation Models?

Definition Allocation Models define how resources are allocated to an organization Allocation is actually the creation of a resource pool subordinate to the provider vDC object (cluster or resource) in vSphere Usage Allocation Models are chosen and set on a per Org vDC basis Type and settings dictate how resources are taken out of the Provider vDC backing the Org vDC All reservation settings, such as guarantee percentage, will commit them and take from the available pool Not understanding how these are configured can cause some challenges
19
Confidential
What are the different Allocation Models?

Resource Allocation Models for Organization vDCs
Allocated sub-resources of a provider vDC Allocation uses a model, each of which can set limits on number of VMs
Allocation Model Definition
No upfront resource allocation in the org vDC Resources are reserved as users create vApps Can set a percentage of resources to be reserved vCPU rating can be adjusted Allocated pool of resources with a percentage reserved Cloud admin controls ability to overcommit resources Users cannot modify VM reservations and limits Resources can be shared between org VDCs Allocated pool of resources with 100% reserved Users can adjust VM reservations and limits No sharing of resources with other org VDCs Similar to allocation pool, with reservation = 100%
20 Confidential
Actual Guarantee Pool expands to accommodate resources reserved on demand
Pay As You Go
vApp vApp
Partially reserved pool of resources Overcommit Range Guarantee Actual
Allocation Pool (Virtual container)
Fully reserved pool of resources
Reservation Pool (Physical container)
Design Considerations (vCAT 2.0)
Provider vDC Should Map to Cluster Level Minimizes Resource Pool Nesting Prevents Sibling Rivalry Models affect Resource Pools and VMs differently Pay as you Go: Sets limit on all Virtual Machines Reservation Pool: Sets limit=reservation on Resource Pool Allocation Pool: Sets Limits and % Reservation on Resource Pool
as well as on all Virtual Machines MEMORY only Allocation Model = Organization vDC When defining an Org vDC you are selecting the allocation model Pay As You Go Defaults Change Them! .25Ghz 100% Memory reservation
21
Confidential
Allocation Model Impact on vCenter Resource Pools

Attribute Allocation Model Org vDC CPU Speed Org vDC CPU Allocation Org vDC CPU Guarantee % Org vDC Memory Allocation Org vDC Memory Guarantee % Notes Resource Pool Configuration for each Allocation Model Pay-As-You-Go
No configuration change Not Configurable
Allocation Pool
Not Configurable Resource Pool CPU Limit = vDC CPU Allocation Resource Pool CPU Reservation = vDC CPU Guarantee % x vDC CPU Allocation Resource Pool Memory Limit = vDC Memory Allocation Resource Pool Memory Reservation = vDC Memory Guarantee % x vDC Memory Allocation No Expandable Reservations for CPU & Memory is not Unlimited.
Reservation Pool
Not Configurable Resource Pool CPU Limit & Reservation = vDC CPU Allocation Not Configurable
Resource Pool CPU Reservation = Sum of all VM CPU Reservations Not Configurable
Resource Pool Memory Limit & Reservation = vDC Memory Allocation Not Configurable
Resource Pool Memory Reservation = Sum of all VM Memory Reservations Resource Pool CPU & Memory has Expandable Reservations and is Unlimited
No Expandable Reservations for CPU & Memory is not Unlimited.
22
Allocation Model Impact on VM Configuration

Attribute Allocation Model Org vDC CPU Speed Org vDC CPU Allocation Org vDC CPU Guarantee % Org vDC Memory Allocation Org vDC Memory Guarantee % Virtual Machine Configuration for each Allocation Model Pay-As-You-Go
Virtual Machine CPU Limit = vDC CPU Speed x No. Virtual Machine vCPUs Not Configurable
Allocation Pool
Not Configurable
Reservation Pool
Not Configurable
No Virtual Machine CPU Reservation or Limit No Virtual Machine CPU Reservation Virtual Machine Memory Limit = Virtual Machine Memory Allocation Virtual Machine Memory Reservation = vDC Memory Guarantee % x Virtual Machine Memory Allocation
No Virtual Machine CPU Reservation or Limit Not Configurable
Virtual Machine CPU Reservation = vDC CPU Guarantee % x Virtual Machine CPU Limit Not Configurable
No Virtual machine Memory Reservation or Limit Not Configurable
Virtual Machine Memory Reservation = vDC Memory Guarantee % x Virtual Machine Memory Allocation Virtual Machine Memory Limit = Virtual Machine Memory Allocation
23

Networking Models
24
Why we need Cloud Networks Today 1982 1992
1972
2012
430,000 a day
25
Confidential
Networking Layers
3 Different Layers of Networking
External Organization vApp

Managed at two layers: Consumers & Providers An External Network is a network that is outside of VMware vCloud Director. This is set up by the Cloud Admin/Provider An Organization Network is contained within an organization. This is also set up by the Provider vApp Network is a contained within a vApp. This is set up by Consumers
Note: Both organization networks and vApp networks are entirely within VMware vCloud Director-managed infrastructure.
Confidential
26
Layers: External Networks

a.k.a Provided Network
Network that is external to VMware vCloud Director Created in vSphere/vCenter environment and consumed by VMware vCloud
Director to provide external connectivity to Organizations
Mapped to a portgroup at the VMware vSphere layer

vSS or vDS
The portgroup is attached to VMware vCloud Director as an External Network

Use cases
Internet access Network endpoints

IP based storage Backup servers
Set up by Cloud Admins
Backend network infrastructure to the datacenters

Internal IT Infrastructure Second Datacenter
27
Confidential
Layers: Organization Networks

Contained within an organization Allows vApps within the organization to communicate with each other or outside the organization Can be connected to External Networks as: Public (External Org Direct) Bridged connection to an External Network Others outside the organization can see Private Routed (External Org NAT-Routed) Connected to an External Network through a vShield Edge Can be configured for NAT & Firewall or left unconnected to external Set up by Cloud Admins Private Internal (Internal Org) No External connectivity Backed By Network Pools
28
Confidential
Layers: vApp Networks

Contained within a vApp
Inherently Private Internal

Allows VMs in a vApp to communicate with each other Or ...by connecting them to Org Networks, other vApps Can be connected to Org Networks as Public (Direct) Bridged connection to a organization network Private Routed Connected to a organization network through a vShield Edge Can be configured for NAT & Firewall Set up by Consumers Backed by a Network Pool
29
Confidential
Network Pools: Overview

A set of pre-configured network resources that can be used for Organization and vApp Networks Use to facilitate VM to VM communication Three Types of Network Pools in VMware vCloud Director: Portgroup-backed
Reference pre-created portgroups
These have to be created in vSphere manually or through orchestration
Do not have to be VLAN isolated (but recommended for L2 isolation) Attach a collection of them to VMware vCloud Director
VLAN-backed
Exactly like portgroup-backed but VMware vCloud Director will automatically create
the portgroups as needed, and use a range of VLANs to isolate them.
vCloud Network Isolation-backed (vCD-NI)

VMware proprietary network isolation technology
30
Confidential
Network Pools: Portgroup-backed

Requires
Preconfigured portgroups at the vSphere layer Assign meaningful names so its obvious what is being mapped If using vSS portgroups, they must exist on all ESX/ESXi hosts in the cluster
How it works
System administrator manually creates the portgroups When creating the network pool, you are given a list of unused portgroups that
exist in the cluster Advantages
Works with all types of vSwitches

Disadvantages Requires manual work or orchestration to create all of the portgroups
Portgroups needs to be keep in sync on a vSS To ensure isolation portgroups rely on VLANs for L2 isolation
31
Confidential
Network Pools: VLAN-backed

Requires A vDS thats connected to all ESX/ESXi hosts in your cluster A range of unused VLANs How it works vCD admin creates the network pool and chooses an Organization vDS to attach it to,
then provides a range of valid VLANs, for example, 10 15
When an isolated network is needed, vCD will automatically create a portgroup on the
vDS and assign it one of the unused VLAN numbers
Many isolated portgroups can coexist on the same vDS because they are isolated by the
VLAN tag
Advantages Isolated networks Best network performance Disadvantages Requires VLANs to exist in the physical network hardware (physical switches) VLANs are limited and may not be available at all Not compatible with Cisco Nexus 1000V
Use portgroup-backed network pool of portgroups that happen to have VLAN tags
Confidential
32
Network Pools: vCloud Network Isolation-backed

Requires A vDS thats connected to all ESX/ESXi hosts in your cluster How it works: vCD creates an overlay transport network for each isolated network to carry encapsulated
traffic
Each overlay network is assigned a Network ID number Encapsulation contains source and destination MAC addresses of ESX/ESXi hosts where VM
endpoints reside as well as the Network ID
ESX/ESXi host strips the vCD-NI packet to expose the VM source and destination MAC
addressed packet that is delivered to the destination VM
Advantages: Does not have to use VLANs (can optionally set a VLAN ID for the transport network; leaving
blank defaults to 0)
Disadvantages: Small performance overhead due to encapsulation (dvFilter) runs at around 1% CPU utilization Added MAC header require an increase in MTU same as in MPLS networks vCD-NI is for layer 2 adjacency and not for routed networks vCD-NI is only for VMs and cannot be accessed by physical hosts
33
Confidential
Putting it Together: vCloud Networking Options Examples
External Network (set up by system admin)
Organization
6
External Organization Network (set up by system admin) vApp
5
External Organization Network
vApp network
vApp network
3 7
vApp network
(set up by org admin/vApp author, internal to vApp) Internal Organization network (set up by system admin)
34
Confidential
Customer Networking Use Case Requirements

Catalog Items need to have static IPs that cannot be changed (Static IP Pools will NOT be Used) Multiple levels of Testing are required (Org Isolation) Developers need their own isolated space Ideal for vApp Networking 1:1 NATs will be required for external systems to access VMs Web Services HP-UX Databases Code Repository Multiple External VLANs will be needed per Org At least 4 Organizations initially will be needed
35
Customer Master Org Networking Use Case

External Org Network Dedicated VLAN (Routable) 10.x.x.x (TBD)
10.x.x.254 Manual 1:1 NAT Example 10.x.x.16 = 172.1.2.16 10.x.x.17 = 172.1.2.17 10.x.x.18 = 172.1.2.18 10.x.x.19 = 172.1.2.19
172.1.2.254/22
NAT Routed Org Network 172.1.2.0/22 vApps sharing the same Subnet and Segment for End-to-End
VM .16 VM .18 VM .19
VM .17
Component 1
Component 2
36
36
Confidential
Customer Functional Testing Org Networking Use Case

External Org Network Dedicated VLAN (Routable) 10.y.y.y (TBD)
10.y.y.254 Manual 1:1 NAT Example 10.y.y.16 = 172.1.2.16 10.y.y.17 = 172.1.2.17 10.y.y.18 = 172.1.2.18 10.y.y.19 = 172.1.2.19
172.1.2.254/22
VM .16 VM .18 VM .19
VM .17
Component 1
Component 2
37
37
Confidential
Customer End to End Testing Org Networking Use Case

External Org Network Dedicated VLAN (Routable) 10.z.z.z (TBD)
10.z.z.254 Manual 1:1 NAT Example 10.z.z.16 = 172.1.2.16 10.z.z.17 = 172.1.2.17 10.z.z.18 = 172.1.2.18 10.z.z.19 = 172.1.2.19
172.1.2.254/22
VM .16 VM .18 VM .19
VM .17
Component 1
Component 2
38
38
Confidential
Customer Individual Developer Org Networking Use Case

External Org Network Dedicated VLAN (Routable) 10.a.a.a (TBD)
vApp Network 172.1.2.0/22 VM VM .16 .17 Component 1 (Developer 1)
vApps deployed from catalog are NOT customized and are identical copies
vApp Network 172.1.2.0/22 VM VM .18 .19 Component 2 (Developer 1)
vApp Network 172.1.2.0/22 vApps isolated on Direct connected vApp networks with dynamically created 1:1 NAT VM VM .16 .17 Component 1 (Developer 2)
39
39
Confidential
Use Case Design Outcome

Every Organization will need a dedicated External VLAN Developer Org will use vApp Networks for Isolation All other Organizations will use NAT Routed Org Networks vApp Catalogs would be building block based Base OS Catalog (Single VM vApps)
oWindows and Linux
Golden Image Catalog (Single VM vApps)

oStandard Web Server oStandard App Server oStandard DB Server
Components Catalog (Multi-VM vApps)
40
40
Confidential
Public and Hybrid Cloud
41
The future of Cloud is unwritten. You will write it.
We give you choice. Be their Guide.
42
Experiment with the Providers
Search for public providers

vcloud.vmware.com vCloud Express Generally Shared vCloud Datacenter Generally Dedicated
Move workloads between clouds

VMware vCloud Connector Move between vSphere and vCloud Build locally then push to cloud
Maintain provider based catalogs of your vApps Single API between public and private
vCloud Providers are using the vCloud API
43
VMware vCloud Dos and Donts
44
Just Some Interesting Stuff

Do. Dont.
Change the PAYG Defaults Disable DRS in vCenter under vCloud Point Provider vDCs to Cluster level Manage VM objects in vCenter i.e. change VM settings (NIC) Allow access to hosts only in vCenter Dont make too many clones of
Use vCenter Roles
Always install VMware tools,

needed for customization
clones Microsoft Activation Limit
Remove any vCenter objects

i.e. Hosts, VMs, portgroups
Get PSO for vCloud Designs

Terrance Donovan Peter Stryzsinski
Follow Chris on Twitter and

visit my blog
45
Call Paul or Chris if you break

something, call GSS
Questions
46

Vcloud NE VMUG Presentation

Uploaded by

Document Information

Original Title

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

Vcloud NE VMUG Presentation

Uploaded by

Copyright:

Available Formats

Building Your Cloud with VMware

Why Cloud Computing?

Virtualization was about the Data Center

Cloud is about the Users

Virtualization and Cloud Computing

Why Not Just Virtualization?

Challenges in a Virtualized Environment

Can we have a defined catalog of VMs

How do you accurately charge users for their resources to

for user self-provisioning while ensuring some level of control?

Why Cloud Computing?

Extending vSphere with Cloud Computing Benefits

Self-service portal for users

Chargeback reports aligned to resource allocation

How to Work with VMware vCloud

vCloud is Comprised of Many Different Products

VMware vCenter Chargeback

VMware vCloud Director VMware vShield

VMware vCenter Orchestrator VMware Service Manager VMware vCloud Connector

VMware vCenter Operations

3rd Party Add-ins

Eco-System Logical Representation

Eco-System Physical Representation

Change in the way we Manage things

vSphere was traditionally the management layer

With vCloud Director vCenter is more Application Layer

vSphere administrators may not be vCloud Administrators

Orchestration and customization may be important

High availability of all components involved

Possibly New or Deeper Skillsets

Deeper Storage Skills

Deeper Networking & Firewall skills

Scripting (PowerCLI) Workflows / Automation

Eco-System in Practice - One vCloud, Two Buildings

1 vCenter Server per building (2 Total)

vShield Manager per building

Eco-System in Practice - One vCloud, Two Buildings

How to Work with VMware vCloud

Allocation Models Change Consumption Habits

Unblur the virtualization era line between choice and cost.

What are Allocation Models?

What are the different Allocation Models?

Partially reserved pool of resources Overcommit Range Guarantee Actual

Allocation Pool (Virtual container)

Fully reserved pool of resources

Reservation Pool (Physical container)

Design Considerations (vCAT 2.0)

Allocation Model Impact on vCenter Resource Pools

No Expandable Reservations for CPU & Memory is not Unlimited.

Allocation Model Impact on VM Configuration

No Virtual Machine CPU Reservation or Limit Not Configurable

No Virtual machine Memory Reservation or Limit Not Configurable

How to Work with VMware vCloud

Why we need Cloud Networks Today 1982 1992

External Organization vApp

Layers: External Networks

Mapped to a portgroup at the VMware vSphere layer

The portgroup is attached to VMware vCloud Director as an External Network

Internet access Network endpoints

Set up by Cloud Admins

Backend network infrastructure to the datacenters

Layers: Organization Networks

Layers: vApp Networks