VMware vCloud Director Technisch Overzicht
-
Upload
arjan-hendriks -
Category
Technology
-
view
32 -
download
6
description
Transcript of VMware vCloud Director Technisch Overzicht
VMware vCloud Directory Technisch Overzicht
Introductie ICT-Partners
VMware Accelerating the Journey to Cloud
Cloud Computing is an approach to computing that leverages the efficient pooling of on-demand, self-managed virtual infrastructure, consumed as a service.
Pooling From machines to highly elastic resource pools, with on-demand capacity
Zero-Touch InfrastructurePolicy-driven automation of provisioning, deployment and management
Self-ServiceEasy access with policy-based provisioning and deployment
ControlApplication-aware infrastructure with built-in availability, scalability, security and performance guarantees
Open & InteroperableApplication mobility between clouds, based on open standards
Leverage Existing InvestmentsBenefits of cloud computing to existing applications and datacenters
Efficiency thru Utilization and Automation Agility with Control Freedom of Choice
Agenda
VMware Cloud Componenten en Licenties
VMware Cloud Architectuur
Deploying een VMware Cloud
Cloud use cases
Cloud Automation
Agenda
VMware Cloud Componenten en Licenties
VMware Cloud Architectuur
Deploying een VMware Cloud
Cloud use cases
Cloud Automation
VMware Cloud Componenten VMware vSphere and vCenter Servers VMware vCloud Director vShield for VMware Cloud Director Chargeback Server
VMware vSphere en vCenter Server
Clusters en Resource Pools Provide cloud compute DRS is a requirement for the
cluster Shared storage vMotion compatible or EVC
enabled
Datastores Provide cloud storage Abstract away underlying storage
type Portgroups
Provide cloud networking Abstract away underlying
networking infrastructure vSwitch, vNetwork Distributed
Switch or Nexus 1000VFC Storage
vNetwork Distributed Switch
vSphere Cluster/Resource Pool
iSCSI Storage NFS Storage
vCenter Server
ESXi/ESX hosts
VMware vCloud Director
Define standard infrastructure tiers called Virtual Datacenters
Pool virtualized infrastructure resources across multiple vCenter Servers
Define standard collections of VMs called vApps
Create Organizations and manage users with RBAC
Provide UI for users to self provision vApps into Virtual Datacenters
Provide secure multi-tenancy using vShield Edge
VMware vCloud Director Installation and Licensing
Installs on RHEL 5 U4 or higher 64-bit machine
VMware vCloud Director supports VMware vSphere Editions
VMware vSphere Enterprise* VMware vSphere Enterprise Plus
VMware vCenter Server Editions VMware vCenter Server 4.0 Standard
Minimum requirements vSphere and vCenter Server versions 4.0
U2 and 4.1.
VMware vCloud Director licensed by concurrent powered-on VMs managed by VCD
vCenter ServerVMware vCloud
Director
*vSphere Enterprise will not support VLAN backed Network Pools and VMware vCloud Director Network Isolation (VCDNI) backed Network Pools
Oracle Database
Oracle 10g/11g Standard or Enterprise database Oracle Express is not supported
Will work for small test/dev, POC type deployments See Express database memory and storage restrictions on Oracle website
Database can be run physical or in a virtual machine Ensure that the database is backed up and replicated
Consult with your favorite DBA Sizing requirement guidelines
Database size VMs Users Orgs
173 MB 7943 4096 3854
343 MB 12793 4918 3951
443 MB 16443 11450 5022
VMware vShield for VMware vCloud Director
VMware vShield Edge provides end point security Available for download with vSphere Enterprise and Enterprise Plus.
One vShield Manager required per vCenter Server Provides network edge security Provides firewall, NAT, port forwarding, IP masquerading and DHCP functionality
(enforces multi-tenancy) Edge appliances deployed and managed by VMware vCloud Director on vSphere.
Separate client not required. Does not require separate database
Licensing Free but requires license key during configuration Upgradable to vShield Edge 1.0 (full version which includes site-to-site VPN and load
balancer)
VMware Chargeback Manager 1.5
Associate costs and bill for VMware vCloud Director usage
Uses vCloud data collectors to collect billable events from VMware vCloud Director database
Uses vCenter data collectors to collect usage data for vCenter Servers providing resources
Database SQL Server 2005 and 2008 Oracle 10g/11g Ent. or Std.
Built-in load balancer Create new Chargeback servers to
scale with the cloud Licensed per VM
Agenda
VMware Cloud Componenten en Licenties
VMware Cloud Architectuur
Deploying een VMware Cloud
Cloud use cases
Cloud Automation
VMware Cloud Architecture
Agenda
VMware Cloud Componenten en Licenties
VMware Cloud Architectuur
Deploying een VMware Cloud
Cloud use cases
Cloud Automation
Deploying een VMware Cloud
Setting up Management Cluster Setting up Cloud resources
Provider VDC External Networks Network Pools
Setting up Organizations Setting up Users, roles and privileges Setting up Policies
Setting up Organizational Resources Organization VDC Organization Networks
Setting up Catalogs of vApps and Media Setting up Chargeback
Install and protect VMware Cloud components
Create a Management Cluster Verify DNS, AD, NTP availability and
redundancy Install vCloud Director Server on a
Management Cluster vCloud Director Server
o load balancer (if using >1 cell)
Oracle Database vShield Manager virtual appliance Chargeback Server Chargeback SQL Server
Protect using HA, DRS and SRM. Backup Management VMs via storage
level backups or vDR. Backup the Databases Use VUM to patch hosts
Management cluster
ESXi/ESX Servers
Deploying een VMware Cloud
Setting up Management Cluster Setting up Cloud resources
Provider VDC External Networks Network Pools
Setting up Organizations Setting up Users, roles and privileges Setting up Policies
Setting up Organizational Resources Organization VDC Organization Networks
Setting up Catalogs of vApps and Media Setting up Chargeback
VMware vCloud Director web portal
Provides a convenient web based portal for
Cloud administrators to deploy and manage cloud resources
End users to use cloud resources Web based – works with any
standard browser Rich Flash based UI experience
Cloud Personas Cloud Administrator
Deploy and manage cloud infrastructure Add vCenter Servers Create Provider VDCs, External Networks and Network Pools Create Organizations Create Organization VDCs and Organization Networks
Organization Administrator Organization user and roles management Creating catalogs Managing organization policies leases, quotas and limits Setting up org specific SMTP settings and org specific domain to join
End Users Use vApps from catalogs Create vApp networks
Add vCenter Servers
VMware vCloud Director supports multiple vCenter Servers
vCenter Servers provide Compute via Clusters and
Resource Pools Storage via Datastores Networks via portgroups and
vNetwork Distributed Switches Requires vCenter user with admin
credentials Requires vShield Manager
connected to vCenter Server
Create Provider Virtual Data Centers (VDC)
Combine compute and storage into standard offerings
Created by Cloud administrator To create Provider VDC
Select a Resource Pool/Cluster Select datastores that you wish to
attach to the Provider VDC. Max of 256 datastores per
Provider VDC
Choose from across inventory of vCenter Servers
VMware vCloud Director prepares each host in the cluster by installing an agent. Host does not require reboot.
Examples of Provider VDCs
Use Provider VDCs to offer tiered compute and storage Fast, medium, slow compute and storage Silver (SATA), Gold (FC), Platinum (EFD), Unobtainium (aggregate) storage Nehalem based clusters, AMD based clusters
Create a Provider VDC per tier of compute and storage you wish to offer to users
Create External Networks
Provide external network connectivity to cloud workloads
“External” to (organizations in) the cloud
External networks can be isolated at Layer 2 by VLANs or physical separation
Portgroup on a vDS (Nexus 1000V supported)
Shared resource providing cloud workloads access to network resources
E.g. Corporate network, Test and dev network, Production network, Internet.
Create Network Pools
Provide “Internal” network connectivity to cloud workloads
Internal to organizations Internal to vApps
Pools of isolated Layer-2 networks Empower users to self-provision
networks Networks are provisioned on vDS portgroup backed network pools
supported on Nexus 1000V (see next slide)
Types of Network Pools
Portgroup-backed Create isolated portgroups in vSphere manually or with automation Attach a collection of them to VMware vCloud Director
VLAN-backed VMware vCloud Director will automatically create portgroups as needed, and use a
range of VLANs to isolate them VMware vCloud Director Network Isolation-backed
Proprietary network isolation technology
Network Pool Building Blocks
VLAN Backed + VLAN tags
VCDNI + one VLAN for transport
Portgroup backed or portgroups vSwitchvNetwork Distributed Switch
vNetwork Distributed Switch
vNetwork Distributed Switch
Deploying een VMware Cloud
Setting up Management Cluster Setting up Cloud resources
Provider VDC External Networks Network Pools
Setting up Organizations Setting up Users, roles and privileges Setting up Policies
Setting up Organizational Resources Organization VDC Organization Networks
Setting up Catalogs of vApps and Media Setting up Chargeback
Create Organizations Unit of tenancy Isolate groups or users or lines of
business from each other E.g. Finance and IT created by Cloud administrator
Users on boarded to organizations Each organization has a unique URL in
the VMware vCloud Director system
Authentication and RBAC
3 Ways to Manage Users Local Users
Simplest. User auth stored in DB
One LDAP server for entire cloud E.g. corporate Active Directory Organizations = OUs
LDAP server per-organization
Users & Groups assigned Roles Roles = collection of rights Create new or edit existing roles
Leases, Quotas and Limits
Exercise control via leases, quotas and limits
Set by Organization administrator Lease – Length of time that a user
can use a vApp in a VDC Runtime and storage lease
Quotas Running VM Quota Stored VM Quota
Limits Heavy operations
o Per user o Per Org
Simultaneous connection per VM
Deploying een VMware Cloud
Setting up Management Cluster Setting up Cloud resources
Provider VDC External Networks Network Pools
Setting up Organizations Setting up Users, roles and privileges Setting up Policies
Setting up Organizational Resources Organization VDC Organization Networks
Setting up Catalogs of vApps and Media Setting up Chargeback
Create Organization VDCs Allocate resources to organizations
using Organization VDCs Org VDCs are allocated from
Provider VDCs Can be as large as a Provider VDC All Organization VDCs in a
Provider VDC are the same tier of service
Each organization VDC represents a tier of service
SLA Cost
vApps run in Org VDCs
Premium Provider VDC
Commodity Provider VDC
Org 1 Premium Organization VDC
Org 2 Premium Organization VDC
Org 1 Org 2
Premium Provider VDC
Other Provider VDC
Organization VDCs
Cloud Administrator allocates portions of Provider VDCs to organizations
Select organization Select the Provider VDC Select the Allocation Model
Pay-As-You-Go Reservation Pool Allocation Pool
Select how much you wish to allocate
CPU, memory and storage shares
Select Thin Provisioning Select Network Pools for vApps to
use
Org VDC Allocation Models Pay as you go
No upfront resource allocation Org VDC allocated resources only as users create vApps Can set compute limits to cap usage Can guarantee only a % of organization VDC resources to cap usage
Reservation Pool Org VDC allocated a “container” set of resources 100% of container guaranteed Organizations use advanced vSphere resource management
controls such as Shares and Reservations to manage over commitment of their resources between their
workloads Allocation Pool
Org VDC allocated a “container” set of resources Organizations have very simple model of resources and
advanced resource management controls such as Shares and Reservations are managed by the cloud operator
Actual
Guarantee
Overcommit range
Actual
Guarantee
Create Organization Networks Provide connectivity to workloads running inside an organizationNetwork Features
Internal Connectivity to vApps within the organization. No external connectivity
External Routed Connectivity to vApps and services on a shared external network. vShield Edge device is deployed outside the organization to provide NAT and firewall services for vApps inside the organization
External Direct Connect Connectivity to vApps and services on a shared external network. vApps get IP addresses on the external network. No NAT or firewall exists between the organization vApps and other vApps on the External Network
Gold” vDC
Physical
Group Resources
into
“Service Tiers” with
Specific costs
Resource Groupings:
Provider vDC
Org Resource Allocation
Org: Finance
Access Control
vDCs
Catalogs
Provisioning Policies
Org: Sales
Access Control
vDCs
Catalogs
Provisioning Policies
Host
Network
SAN
vSphere
Resource Pool
Datastore
Port Group
VMware vCloud Director
Gold
Silver
From vSphere to Cloud Infrastructure
Deploying een VMware Cloud
Setting up Management Cluster Setting up Cloud resources
Provider VDC External Networks Network Pools
Setting up Organizations Setting up Users, roles and privileges Setting up Policies
Setting up Organizational Resources Organization VDC Organization Networks
Setting up Catalogs of vApps and Media Setting up Chargeback
Catalogs
Catalogs are collections of vApps and media created & owned by Organizations
Can be shared (to the org) & published (to the whole cloud)
Examples: Infrastructure as a Service Catalogs
Empty Small, medium and large VMs/vApps. Pre-installed Windows & Linux VMs OS Media files (ISO, floppy images)
App catalogs Corp standard Database servers, application servers If post deploy configurations are needed, guest
customization in VCD can run custom scripts
Linux Templates
Windows Templates
Engineering vAppsBasic Media
Catalog
IT - Oracle vApps Premium Media Catalog
Create Catalogs
Standardize infrastructure and application offerings via Catalogs
Organizations can create their own catalogs
Create multiple catalogs per organization
Catalogs can be Shared – Select users or entire
organizations can use catalog Published – All organizations in
the cloud can access and use catalog
vApps
Container of one or more VMs Package up multi-tier applications
into vApps Operate on VMs as one unit Select boot order of VMs, start
delays and stop delays Set runtime and storage leases
Can be created from scratch Building blocks templates in the
catalog Can be imported from outside the
cloud
Availability = 99.99%
Security = High
Performance = msec
SLA Definitions
vApp
App
OS
App
OS
App
OS
Uses the OVF standard Captures meta data about the
VMs Allows import and export
between clouds in standard format
Import vApp templates and media into catalogs
Import vApps (.ovf) from local file system
VMware vCloud Director uses image transfer service to copy vApp from local file system to vSphere
Requires NFS share mounted to all VMware vCloud Director servers
Import powered off VMs from attached vCenter Servers
No import of vApps from vCenter Server. VMs only.
Export your vSphere vApps to ovf and import from local filesystem
Organization administrators cannot import VMs from vSphere
Deploying een VMware Cloud
Setting up Management Cluster Setting up Cloud resources
Provider VDC External Networks Network Pools
Setting up Organizations Setting up Users, roles and privileges Setting up Policies
Setting up Organizational Resources Organization VDC Organization Networks
Setting up Catalogs of vApps and Media Setting up Chargeback
Chargeback
Manage cloud organizations and workloads via hierarchies
Attach cost models Generate usage and billing reports
Connecting Chargeback to the Cloud
Install Chargeback data collectors for
vCenter Server VMware vCloud Director vShield Manager
Add Cloud vCenter Server to Chargeback Server
Setting up Hierarchies
Chargeback automatically creates hierarchies for organizations created in VMware vCloud Director
Under each organization, four top level folders are created
Allocation Pool Reservation Pool Pay-As-You-Go Networks
Any changes made to Organization VDCs will be reflected in Chargeback heirarchy
Cost Models
Chargeback ships with a set of cost models pre-defined for each VMware vCloud Director resource allocation model
vCloud Allocation Pool
vCloud Reservation Pool
vCloud Pay-As-You-Go
vCloud Networking
Reports
Generate reports by selecting objects in Chargeback hierarchy
Organization level usage and cost report
VM level usage and cost report Network and bandwidth usage
and cost report
Infrastructure-as-a-Service (IaaS)
Access vApps from Home screen Browse catalogs Copy to “My Cloud” Access VM consoles from within
browser
Access vApps from Home screen
User logs in to organization User role definies the capabilities
available in the UI Simple UI allowing the following
user operations Quick access to all vApps owned
by the user Click the Thumbnail to launch the
Remote console Quick access to Catalog via “Add
Cloud Computer System” link
Remote Console
Launches a new window allowing users to interact with the VMs in the vApp
Allows power and suspend operations
Connect local CD ROM and floppy devices, CD iso images from file shares.
Alternatively, users can connect via remote protocols like ssh and RDP to their VMs
Browse catalog and deploy vApps
Copy vApps from the Organization catalog (self-service)
Select Organization VDC Connect the vApps to one or more
networks Create vApp networks Connect to organization networks
Customize the VMs while deploying Requires sysprep files to be
available on VMware vCloud Director server
Search for catalog items and deploy to org VDC
Search catalog items based on Name Description Catalog VDC Owner Date Created
Network connections for vApp
Networking Connect the vApp to
External Network
Organization Networks
Create a new vApp Network on the fly
Requires Network Pool available to the
organization
Connect vApp Network to Org Network
o NAT or firewall
o VMware vCloud Director deploys a vShield Edge VM to
provide NAT and firewall services
Shared Catalogs
Setup catalogs to be shared by users in the organization
Sharing needs to be setup by Org admin
Dev and Test users work on a shared set of vApps
Build systems, Source control systems, Toolchains
Users need permissions to upload vApps into the catalog for sharing
vApp owner role
Network Fencing Requires available Network Pool attached to
the Organization VDC Deploys a vShield Edge VM into the Org VDC
Creates a portgroup on the vNetwork Distributed Switch (vDS)
Attaches the vShield Edge VM and the vApp VMs to the portgroup
Fenced vApp can span multiple hosts Deploy multiple copies of the vApp on the
same Org/External network without modifying hostname or IP address
Each VM keep original hostname/IP information inside the fence
Each VM assigned a new IP outside the fence
The complete picture
Provider VDC Organization VDC
vApp
vCenter Server 1
vCenter Server 2
vCenter Server n
VMware vCloud Director
Clusters, datastores, portgroups
Clusters, datastores, portgroups
Clusters, datastores, portgroups
Cloud compute cluster
Cloud management cluster with management VMs
Provider VDCs
Organization VDCs
vApps and templates
vShield Edge
Network Pool
External Networks
External Networks
Network Pools
Organization Networks and vApp Networks
BCDR with VMware vCloud Director
Backup and recovery is fully supported in conjunction with vCloud Director VMware recommends VADP-based backup solutions for backing up your
environment VMware Data Recovery is currently not compatible with vCloud Director
due to an identified bug
VMware SRM is currently not compatible with vCloud Director Classic disaster recovery (DR) solutions are fully supported with vCloud
Director
Agenda
VMware Cloud Componenten en Licenties
VMware Cloud Architectuur
Deploying een VMware Cloud
Cloud use cases
Cloud Automation
Elastic and Seasonal Workloads
Elastic workloads Scale up and down based on load easily by adding or removing
ESXi/ESX Servers to Provider VDC Datastores to Provider VDCs vCenter Servers VMware vCloud Director cells
E.g. Monte Carlo simulations Seasonal Workloads
Avoid having to purchase and maintain capacity through out the year for workloads that are seasonal
E.g. Tax season workloads, end of quarter accounting workloads Scale up resources during the season and scale down resources in the off season.
Multi-tenancy and Organization Isolation
Use VMware vCloud Director to provide complete Organization isolation on a shared cloud infrastructure
E.g. Organizations storing Consumer data
Secure LOBs that store consumer data using vShield Edge
Provide edge security isolating the Organizations containing customer data from other organizations
Multi-tenant UI with Role based access control
E.g. R&D org isolation Drive cost down by sharing
physical infrastructure
Org 2 Secure vApp
Org 1 vApp
Organization VDC
Organization secured by vShield Edge
Customer Support and Troubleshooting
Quickly spin up vApps to test customer configurations with minimal IT intervention Each vApp has short deployment and storage lease to save on resources Fence vApps to deploy multiple copies of vApps on shared networks Support Engineers can create vApp Networks on the fly without IT invervention
and deploy vApps to ensure network isolation
Product/Solution Demo and Training
Demo use case Maintain a catalog of demos Systems Engineers can deploy demo vApps quickly with short deployment and storage
leases for demo purposes Training and remote education use cases
Training administrator maintains course offerings in vApps Easily on-board students and associate roles and permissions Students can deploy course offerings into their cloud without IT intervention
Agenda
VMware Cloud Componenten en Licenties
VMware Cloud Architectuur
Deploying een VMware Cloud
Cloud use cases
Cloud Automation
vCloud API
RESTful Designed for web infrastructure Extensible, Modular
Released in “Open” form Version 0.9 currently public
Spans vCenter Instances Operate across multiple vCenter
Servers 100% Virtual VIM API Unchanged With OVF standard, unlocks ability
to move vApps across clouds (Hybrid cloud use case)
vApp Upload/Download
vApp Operations
Platform as a Service Enablement
Task Mgmt
Catalog Mgmt
Inventory Listing
2 Logical APIs for VMware vCloud Director
1: VMware vCloud Director “Admin API”
Automate VCD Management
Attach virtual/physical resources
Manage organizations, users, etc.
RESTful for loose couplingto existing systems
2: vCloud API
Standard way to consume vCloud Resources
Orchestration + VMware Cloud
FinancialSystems
End Users
Redwood Portal
OrchestrationEngine
Datastores
vCenter Chargeback
VMware vCloud IaaS
VMware vSphere
Hosts
ApprovalSystems
AssetSystems
CMDB
….
User Portal + vCloud API
vCloud API
Physical Config
1. User WorkflowInitiation
2. User Resource Interaction
vSphere API
VCD Portal
Driving agility and efficiency in a secure and evolutionary way
Increase business agility by empowering users to self-deploy services with the click of a button
Maintain security and control over multi-tenant environments with user controls and VMware vShield
Reduce costs by efficiently delivering resources to internal organizations as secure virtual datacenters
Leverage existing investments and open standards to ensure interoperability and application portability between clouds
Backup
Responsibilities delegated to Organization Administrator
Responsibilities of the org admin Organization user and roles
management Creating catalogs Managing leases, quotas and
limits for vApps deployed by the org
Setting up org specific SMTP settings
Specifying org specific domain join for vApps deployed by the org
User roles and previliges
Users only get access to resources that are associated with their organizations
The system comes with built-in roles that range from “root” to “view-only” users
Custom roles can be defined by those with the rights from a set of over 50 rights
If a user has multiple roles he/she gets the union of rights
Organization (tenant) specific policies can conditionally be delegated to the tenant without compromising overall cloud policies