This document is posted to help you gain knowledge. Please leave a comment to let me know what you think about it! Share it to your friends and learn new things together.
§ Why Cloud Computing § How to Work with VMware vCloud • vCloud Eco-System • Allocation Models • Networking • Public/Hybrid
§ VMware vCloud Do’s and Don’ts § Q and A
Confidential 3
4
Why Cloud Computing?
5
Virtualization was about the Data Center
Cloud is about the Users
6
Virtualization and Cloud Computing
Virtualization
Key Characteristics Key Benefits
• Server consolidation and containment • Resource pooling
• Virtualized workloads
• Capital expenditure (CAPEX) savings • Higher utilization
• Flexibility
Cloud Computing
Key Characteristics Key Benefits
• Secured multitenancy • On-demand resources
• Self-service portal and service catalog
• Resource tiering and chargeback
• Economies of scale • Elastic resources and more efficient utilization
• Line of business agility and operational expenditure (OPEX) savings
• Financial cost transparency
7
Why Not Just Virtualization?
§ Challenges in a Virtualized Environment • Multitenancy support – How to securely segment resources by user
organization
• Controlling VM sprawl – Pricing resources to shape user behavior • Self-service provisioning – Avoiding the IT provisioning bottleneck
• How do you accurately “charge” users for their resources to discourage the notion that VMs are “free” resources?
• Can different organizations compete for the same resources?
• Can VMs from different organizations see each other?
Administrator
Users
• Can we have a defined catalog of VMs for user self-provisioning while ensuring some level of control?
8
Why Cloud Computing?
§ Extending vSphere with Cloud Computing Benefits • Multitenancy support – Control access and visibility to resources • Self-service portal for user provisioning through catalogs
• Resource allocation models integrated with chargeback • Economies of scale with elastic resources under your control
Catalog Web Portal
Users
• Self-service portal for users
• Role-based security
• Catalogs of predefined VMs
• VMs assigned with allocation/cost model and quotas
• Resources and access secured along organizational boundaries
• Add capacity seamlessly and reclaim unused resources via leases
• Chargeback reports aligned to resource allocation models to shape user behavior
9
How to Work with VMware vCloud vCloud Eco-System
10
“vCloud” is Comprised of Many Different Products
§ VMware vSphere • vCenter Server • ESX
• Update Manager
§ VMware vCloud Director § VMware vShield • Manger
• Edge
§ Database Servers • Oracle/MS-SQL
§ VMware vCenter Chargeback • “Show-back”
§ VMware vCenter Orchestrator § VMware Service Manager § VMware vCloud Connector • Server
• Nodes
§ VMware vCenter Operations Manager
§ 3rd Party Add-ins
“Core” Components “Additional” Components
11
Eco-System Logical Representation
Service Manager
12
Eco-System Physical Representation
13
Change in the way we Manage things
§ vSphere was traditionally the management layer • Did not matter if vCenter was down for maintenance before
§ With vCloud Director vCenter is more “Application” Layer • Much of the eco-system interfaces with vCenter
§ vSphere administrators may not be vCloud Administrators • vSphere lockdowns (Do’s and Dont’s)
§ Orchestration and customization may be important • Approvals and other workflows
§ High availability of all components involved • vCenter Heartbeat
• Database Log Shipping • FT on vShield Manager
14
Possibly New or Deeper Skillsets
§ vSphere / ESX • Still a foundation and needs care and feeding
§ Deeper Storage Skills • Storage design for vCloud
Resource Allocation Models for Organization vDCs • Allocated sub-resources of a provider vDC • Allocation uses a model, each of which can set limits on number of VMs
Allocation Model Definition
Pay As You Go
• No upfront resource allocation in the org vDC • Resources are reserved as users create vApps • Can set a percentage of resources to be reserved • vCPU rating can be adjusted
Allocation Pool (“Virtual container”)
• Allocated pool of resources with a percentage reserved • Cloud admin controls ability to overcommit resources • Users cannot modify VM reservations and limits • Resources can be shared between org VDCs
Reservation Pool (“Physical container”)
• Allocated pool of resources with 100% reserved • Users can adjust VM reservations and limits • No sharing of resources with other org VDCs • Similar to allocation pool, with reservation = 100%
Guarantee
Actual
Actual
Guarantee
Overcommit Range
Fully reserved pool of resources
Pool expands to accommodate resources reserved on demand
• Provider vDC Should Map to Cluster Level • Minimizes Resource Pool Nesting • Prevents “Sibling Rivalry”
• Models affect Resource Pools and VM’s differently • Pay as you Go: Sets limit on all Virtual Machines • Reservation Pool: Sets limit=reservation on Resource Pool • Allocation Pool: Sets Limits and % Reservation on Resource Pool
as well as on all Virtual Machines MEMORY only • Allocation Model = Organization vDC
• When defining an Org vDC you are selecting the allocation model • Pay As You Go Defaults – Change Them!
• .25Ghz • 100% Memory reservation
21 Confidential
22
Allocation Model Impact on vCenter Resource Pools
Attribute Resource Pool Configuration for each Allocation Model
Allocation Model Pay-As-You-Go Allocation Pool Reservation Pool
Org vDC CPU Speed
No configuration change Not Configurable Not Configurable
Org vDC CPU Allocation
Not Configurable Resource Pool CPU Limit = vDC CPU Allocation
Resource Pool CPU Limit & Reservation = vDC CPU Allocation
Org vDC CPU Guarantee %
Resource Pool CPU Reservation = Sum of all VM CPU Reservations
Resource Pool CPU Reservation = vDC CPU Guarantee % x vDC CPU Allocation
Not Configurable
Org vDC Memory Allocation
Not Configurable Resource Pool Memory Limit = vDC Memory Allocation
Resource Pool Memory Limit & Reservation = vDC Memory Allocation
Org vDC Memory Guarantee %
Resource Pool Memory Reservation = Sum of all VM Memory Reservations
Resource Pool Memory Reservation = vDC Memory Guarantee % x vDC Memory Allocation
Not Configurable
Notes Resource Pool CPU & Memory has Expandable Reservations and is Unlimited
No Expandable Reservations for CPU & Memory is not Unlimited.
No Expandable Reservations for CPU & Memory is not Unlimited.
23
Allocation Model Impact on VM Configuration
Attribute Virtual Machine Configuration for each Allocation Model
Allocation Model Pay-As-You-Go Allocation Pool Reservation Pool
Org vDC CPU Speed
Virtual Machine CPU Limit = vDC CPU Speed x No. Virtual Machine vCPUs
Not Configurable Not Configurable
Org vDC CPU Allocation
Not Configurable No Virtual Machine CPU Reservation or Limit
No Virtual Machine CPU Reservation or Limit
Org vDC CPU Guarantee %
Virtual Machine CPU Reservation = vDC CPU Guarantee % x Virtual Machine CPU Limit
Contained within an organization Allows vApps within the organization to communicate with each other or outside the organization Can be connected to External Networks as:
• Public (External Org Direct) • Bridged connection to an External Network • Others outside the organization can see
• Private Routed (External Org NAT-Routed) • Connected to an External Network through a vShield Edge • Can be configured for NAT & Firewall
…or left unconnected to external • Private Internal (Internal Org)
Requires • Preconfigured portgroups at the vSphere layer • Assign meaningful names so its obvious what is being mapped • If using vSS portgroups, they must exist on all ESX/ESXi hosts in the cluster
How it works • System administrator manually creates the portgroups • When creating the network pool, you are given a list of unused portgroups that
exist in the cluster Advantages • Works with all types of vSwitches
Disadvantages • Requires manual work or orchestration to create all of the portgroups • Portgroups needs to be keep in sync on a vSS • To ensure isolation portgroups rely on VLANs for L2 isolation
Requires • A vDS that’s connected to all ESX/ESXi hosts in your cluster • A range of unused VLANs
How it works • vCD admin creates the network pool and chooses an “Organization” vDS to attach it to,
then provides a range of valid VLANs, for example, 10 – 15 • When an isolated network is needed, vCD will automatically create a portgroup on the
vDS and assign it one of the unused VLAN numbers • Many isolated portgroups can coexist on the same vDS because they are isolated by the
VLAN tag
Advantages • Isolated networks • Best network performance
Disadvantages • Requires VLANs to exist in the physical network hardware (physical switches) • VLANs are limited and may not be available at all • Not compatible with Cisco Nexus 1000V
• Use portgroup-backed network pool of portgroups that happen to have VLAN tags
Requires • A vDS that’s connected to all ESX/ESXi hosts in your cluster
How it works: • vCD creates an overlay “transport” network for each isolated network to carry encapsulated
traffic • Each overlay network is assigned a Network ID number • Encapsulation contains source and destination MAC addresses of ESX/ESXi hosts where VM
endpoints reside as well as the Network ID • ESX/ESXi host strips the vCD-NI packet to expose the VM source and destination MAC
addressed packet that is delivered to the destination VM
Advantages: • Does not have to use VLANs (can optionally set a VLAN ID for the transport network; leaving
blank defaults to 0)
Disadvantages: • Small performance overhead due to encapsulation (dvFilter) runs at around 1% CPU utilization • Added MAC header require an increase in MTU same as in MPLS networks • vCD-NI is for layer 2 adjacency and not for routed networks • vCD-NI is only for VMs and cannot be accessed by physical hosts
vApps isolated on Direct connected vApp networks with dynamically created 1:1 NAT
VM .16
VM .17
Component 1 (Developer 1)
vApp Network 172.1.2.0/22
VM .18
VM .19
Component 2 (Developer 1)
vApp Network 172.1.2.0/22
vApps deployed from catalog are NOT customized and are identical copies
VM .16
VM .17
Component 1 (Developer 2)
vApp Network 172.1.2.0/22
40
§ Every Organization will need a dedicated External VLAN § Developer Org will use vApp Networks for Isolation § All other Organizations will use NAT Routed Org Networks § vApp Catalogs would be building block based • Base OS Catalog (Single VM vApps) o Windows and Linux
• “Golden” Image Catalog (Single VM vApps) o Standard Web Server o Standard App Server
o Standard DB Server • Components Catalog (Multi-VM vApps)
Confidential 40
Use Case Design Outcome
41
Public and Hybrid Cloud
42
The future of Cloud is unwritten. You will write it.
We give you choice.
Be their Guide.
43
Experiment with the Providers
§ Search for public providers • vcloud.vmware.com • vCloud Express – Generally Shared
• vCloud Datacenter – Generally Dedicated
§ Move workloads between clouds • VMware vCloud Connector
• Move between vSphere and vCloud
• Build locally then push to cloud
§ Maintain provider based catalogs of your vApps § Single API between public and private • vCloud Providers are using the vCloud API
44
VMware vCloud Do’s and Don’ts
45
Just Some Interesting Stuff
Do…. § Change the PAYG Defaults § Point Provider vDC’s to Cluster
level § Allow access to hosts only in
vCenter • Use vCenter Roles
§ Always install VMware tools, needed for customization
§ Get PSO for vCloud Designs • Terrance Donovan
• Peter Stryzsinski
§ Follow Chris on Twitter and visit my blog
Don’t…. § Disable DRS in vCenter under
vCloud § Manage VM objects in vCenter • i.e. change VM settings (NIC)
§ Don’t make too many clones of clones • Microsoft Activation Limit
§ Remove any vCenter objects • i.e. Hosts, VMs, portgroups