Mike Brown Senior SDDC Integration Architect, VMware, Inc. VCDX4/5/6-DCV, VCIX6-NV @vMikeBrown PBO1721BE #VMworld #PBO1721BE VMware Validated Design for Software-Defined Data Center: Technical Deep Dive VMworld 2017 Content: Not for publication or distribution
43
Embed
VMware Validated Design for Software-Defined Data Center ......management cluster to provide east/west routing across all regions. Using the UDLR reduces the hop count between nodes
This document is posted to help you gain knowledge. Please leave a comment to let me know what you think about it! Share it to your friends and learn new things together.
Transcript
Mike BrownSenior SDDC Integration Architect, VMware, Inc.VCDX4/5/6-DCV, VCIX6-NV
@vMikeBrown
PBO1721BE
#VMworld #PBO1721BE
VMware Validated Design for Software-Defined Data Center:Technical Deep Dive
VMworld 2017 Content: Not fo
r publication or distri
bution
• This presentation may contain product features that are currently under development.
• This overview of new technology represents no commitment from VMware to deliver these features in any generally available product.
• Features are subject to change, and must not be included in contracts, purchase orders, or sales agreements of any kind.
• Technical feasibility and market demand will affect final delivery.
• Pricing and packaging for any new technologies or features discussed or presented have not been determined.
Disclaimer
2#PBO1721BE CONFIDENTIAL
VMworld 2017 Content: Not fo
r publication or distri
bution
Building the Cloud is Often
the Bottleneck
3
VMworld 2017 Content: Not fo
r publication or distri
bution
VMware Validated DesignsPrescriptive Blueprints with Comprehensive Deployment and Operational Practices
✓Broad Use Cases
ComprehensiveDocumentation
Proven & RobustStandardized
Designs
4
VMworld 2017 Content: Not fo
r publication or distri
bution
VMware Validated Designs
5
A History Lesson
1.0
2.0
3.0
3.0.2
4.0
4.1
February 2016▪ 12mo of Engineering▪ Release to PSO
and Partners
September 2016
▪ 2mo of Engineering
▪ Dual Region with DR
▪ Two Pod Architecture
July 2016
▪ 3.5mo of Engineering
▪ Smaller scope.(i.e. Dual Region + DR)
November 2016
▪ 1.5mo of Engineering
▪ Added M-Seg Use Case
▪ Added IT Automating IT Guide
March 2017
▪ 1.5mo of Engineering.
▪ Major Product Updates
▪ Added ROBO
August 2017
▪ 4mo of Engineering• Minor Product Updates• Consolidated Pod
Option
#PBO1721BE CONFIDENTIAL
VMworld 2017 Content: Not fo
r publication or distri
bution
Design Objectives
Overall Objective SDDC capable of automated provisioning of workloads
Type of Deployment Greenfield and Brownfield
Cloud Type Private Cloud
Regions and Disaster Recovery Dual-region SDDC that Supports Disaster Recovery
▪ Guidance for an SDDC whose management components are designed to operate in the event of
planned migration or disaster recovery.
▪ Guidance for an SDDC that supports two regions for both management and tenant workloads.
▪ Operations guidance for disaster recovery and planned migration
Pods Two Pod
▪ Management Pod – Runs the management stack.
▪ Shared Edge and Compute Pod – Runs tenant workloads, and services for north-south plus east-
west routing.
One Pod
▪ Consolidated Pod – Runs the management stack, tenant workloads, and services for north-south
plus east-west routing.
Max Number of VM ▪ 10,000 Running VMs (Two Pod) / 1,500 (One Pod)
▪ 150 VM deployments/hour (Two Pod) / 60 (One Pod)
Design ObjectivesVMware Validated Design for SDDC
Design Objectives
Overall Availability 99%
= 3.65 days downtime/year
= 1.7 hours downtime/week
Planned downtime expected for upgrades, patching, on-going maintenance.
Authentication, Authorization, and
Access Control
▪ Use of Microsoft Active Directory as a central user repository
▪ Use of service accounts with minimum required authentication and Access Control List
configuration.
▪ Use of basic tenant accounts.
Certificate Signing Certificates are signed by an external certificate authority (CA) that consists of a root and intermediate
authority layers
Hardening Tenant workload traffic can be separated from the management traffic.
The design uses a distributed firewall to protect all management applications. To secure the SDDC, only
other management solutions and approved administration IP addresses can directly communicate with
individual components.
#PBO1721BE CONFIDENTIAL 6
VMworld 2017 Content: Not fo
r publication or distri
bution
Design Decisions
7
290+ in VMware Validated Design for SDDC
Reduces risk by providinga baseline of standardization.
Ensures the design meets the design objectives.
Reinforces standardization with justification and
implications.Easy to follow checklist form.
#PBO1721BE CONFIDENTIAL
VMworld 2017 Content: Not fo
r publication or distri
bution
Example Design DecisionsVMware Validated Design for SDDC
Using vSAN? Visit vsanreadynode.vmware.com #PBO1721BE CONFIDENTIAL
VMworld 2017 Content: Not fo
r publication or distri
bution
Network Transport Services
▪ The VMware Validated Designs supports both L2 and L3 transport services.
▪ For a scalable and vendor-neutral data center network, use an L3 transport.
▪ When deciding to use L2 or L3, consider the following:
▪ The NSX ECMP Edge devices establish L3 routing adjacency with the first upstream L3 device to provide equal cost routing for management and workload virtual machine traffic.
▪ The investment you have today in your current physical network infrastructure.
▪ All design documentation is provided for an L3 transport. You must appropriately adjustthe design deployment and day-two operations guidance under the context of an L2 transport.
Minimal Design Requirements
▪ One 10 GbE port on each ToR for host uplinks.
▪ Host uplinks are not configured in an ether-channel (LAG/vPC)
▪ Layer 3 device that supports BGP
▪ IGMP support required by vSAN and NSX Hybrid Mode
20
VMware Validated Design for SDDC
#PBO1721BE CONFIDENTIAL
VMworld 2017 Content: Not fo
r publication or distri
bution
Example: L3 Leaf-and-Spine Topology
21
VMware Validated Design for SDDC
#PBO1721BE CONFIDENTIAL
VMworld 2017 Content: Not fo
r publication or distri
bution
Example: L3 Leaf-and-Spine Topology
22
VMware Validated Design for SDDC
Design for Workload Requirements
Compute Only Pods and Clusters May Span Racks
Management and Shared Edge/Compute Pods and ClustersMay Span Racks if L2 Network Transport is Used. Peer with Upstream L3.
Homogenous Nodes within the Pod
May Be Heterogeneous Pod to Pod
#PBO1721BE CONFIDENTIAL
VMworld 2017 Content: Not fo
r publication or distri
bution
vSphere Clusters
23
VMware Validated Design for SDDC
ESXi ESXi ESXi ESXi
Management Distributed Switch
Universal Management Transport Zone in Hybrid Mode
Any Supported Storage
plus NFS
VTEP VTEP VTEP VTEP VTEP VTEP VTEP VTEP
ESXi ESXi ESXi ESXi
Compute Distributed Switch
Any Supported Storage
VTEP VTEP VTEP VTEP VTEP VTEP VTEP VTEP
ESXi ESXi ESXi ESXi
Compute n Distributed Switch
Any Supported Storage
VTEP VTEP VTEP VTEP VTEP VTEP VTEP VTEP
Universal Compute Transport Zone in Hybrid Mode
plus NFS
Management ClusterMinimum 4 Nodes | vSphere HA and DRS Enabled
Management StackManaged by Management Stack vCenter Server
Compute StackManaged by Compute Stack vCenter Server
Management Pod Shared Edge and Compute Pod Compute Pod n
plus NFS
#PBO1721BE CONFIDENTIAL
VMworld 2017 Content: Not fo
r publication or distri
bution
Distributed Switches
24
VMware Validated Design for SDDC
#PBO1721BE CONFIDENTIAL
VMworld 2017 Content: Not fo
r publication or distri
bution
Storage
25
VMware Validated Design for SDDC
Primary Storage
VMware vSAN is Recommended
for Management Pod
Any Supported Storage
for Shared Edge and Compute Pod
Any Supported Storage
for Compute Only Pod(s)
Secondary Storage
NFS for Backups
NFS for Log Archives
NFS for Content Library and Templates
#PBO1721BE CONFIDENTIAL
VMworld 2017 Content: Not fo
r publication or distri
bution
vSAN Optional for Management Pod Primary Storage
▪ Previous releases required vSAN as primary storage in the management pod. This requirement has been relaxed inthe 4.1 release.
▪ All functional testing and validation of the design is done using vSAN.
▪ Although the VMware Validated Designs highly recommend the use of vSAN, in particular for the management pods, any supported storage solution may be used.
▪ If a storage solution other than vSAN is selected:
▪ You must appropriately adjust the design deployment and day-two operations guidance under the context of vSAN.
▪ The storage design must match or exceed the capacity and performance capabilities of the vSAN configuration in the design.