Learn how vCloud Hybrid Service (vCHS) can facilitate your adoption of cloud with virtualized networking and affordable, resilient capacity. Kelser vCloud experts will also talk about extending vCHS into your existing IT investments.
8. Move to cloud at YOUR pace
NOT all-or-nothing
Maintain control over specific/proprietary data in your
private cloud
Move less sensitive data/applications to the cloud
YOU control it and get the best of both worlds!
You can have logical (network/resource) isolation from
your peers OR have physical isolation – your choice.
9. Let’s wipe out some FUD:
◦ Fear: vCHS has an ISO/IEC 27001 certified information
security management system.
◦ Uncertainty: You don’t have to move everything. Just
move what you’re comfortable with. If you aren’t happy,
move it back.
◦ Doubt: VMware’s vCHS runs on “the infrastructure you
already know and trust”. Cloud is definitely here and here
to stay.
10. Virtual Private Cloud
◦ Logically Isolated
◦ Starts at:
20GB vRAM
5 GHz CPU
2TB Disk
Internet Bandwidth: 10 Mbps allocated / 50 Mbps burst / 2 public IPs
~ $1,200 / month **
Monthly Term (3 / 12 month commitments)
Dedicated Cloud
◦ Physically Isolated
◦ Starts at:
120GB vRAM
30 GHz CPU
6TB Disk
Internet Bandwidth: 50 Mbps allocated / 1Gbps burst / 3 public IPs
~ $12,000 / month **
Annual Term
** Figures are approximate / budgetary for discussion purposes only. Subscription pricing may vary depending on
different options, term commitments, and final GA vCHS pricing **
11. Move test/dev environments, to save cost and increase
reliability. Good way to “test” the cloud.
Private
Public
Hybrid
Test / Dev
12. Create your own hosted Exchange environment, to keep
the flexibility you like and improve availability. Or,
extend your existing Exchange environment (2010+
DAG)!
Private
Public
Hybrid
13. Have your stateless web farm in the cloud and your
databases on-premise
Private
Public
Hybrid
14. Give legacy systems a more permanent home
Private
Public
Hybrid
The “really old
application that no
one uses but we
need to keep
forever, just in
case”
15. Burst for temporary environments or times of the year.
Private
Public
Hybrid
17. DCE = Data Center Extension
o “Stretch Deploy” VMs from existing vSphere networks to the
vCHS Cloud!
o VPN with Layer 2 bridge capability
Private
Public
Hybrid
18. “Runs on the infrastructure you already know and trust”
Applications function the same way they did, on your
on-premise virtual farm
Manage your private cloud and public cloud from one
console
One number for support, directly to the people who
essentially invented virtualization, as we know it today.
19. We understand:
◦ YOU
◦ On-premise Cloud
◦ Public Cloud
◦ The “glue” or “plumbing” that connects this all together
Kelser actively participated in the Early Access program,
working closely with the vCHS technical team to iron-out
the exciting DCE offering, making it actually work “as
advertised”.
22. A vApp is a logical container around a pool of VMs
providing logical and network separation.
Every VM in vCHS is contained within a vApp
Each vApp can have a single VM or multiple VMs
Each vApp can have its own networking policies
23.
24. vShield Edge: Virtualized Network “swiss army knife”
◦ New Name: vCNS
◦ Features:
NAT (DNAT and SNAT)
Load Balancer
DHCP
VPN
IPSec (point-to-point)
SSL VPN-Plus
◦ The Edge device between your
on-premise vSphere/vCloud
infrastructure and vCHS
vShield Edge
25. On this screen, you see Kelser’s Edge Gateway, in vCHS. An Edge Gateway
can have up to 10 interfaces. This is deployed for you by vCHS:
26. We have 2 routed
networks (each consumes
an interface on the Edge
Gateway)
We have 1 isolated
network (does NOT
consume an interface on
the Edge Gateway)
27. Let’s look at my Exchange vApp:
You can see that the
172-16-100-0 network
is outside the vApp
and that the vApp has
an uplink connected.
The two VMs are
connected to the vApp
network, which is
connected to the VDC
Org network.
28. This example shows a vApp with a vShield Edge and then
uplinked to an org VDC.
Why would you want
this? Well, perhaps you
are a service provider
and want to firewall
your customers from
each other.
Or perhaps you need to
preserve an IP space,
such as the case with
DCE.
29. Once vCloud Connector, vCloud Server, and vCNS Edge are loaded,
you can simply right-click on a workload (server) and move it and
its network identity to vCHS!
DCE creates a VPN tunnel between your vCNS Edge and vCHS
Edge
The VPN supports layer 2 traffic
You can move a VM, with its existing IP information / network
configuration, to vCHS
Simple right-click and “Stretch Deploy”
Let’s try it out!
30. There is a L2 VPN Link
between the Edge
Gateway at Kelser and
the Edge Gateway
below the Routed
network, for the DCE
vApp.
Since the Edge
Gateways are listening
for broadcasts on
172.16.55.0 and know
what’s on the other
side, they proxy
broadcasts and
answer arp requests
for traffic on either side
of the VPN.
31. You can see this VM is
“still at home”. It’s on the
172.16.55.0/24 network,
physically at Kelser.
I can ping it’s gateway (a
Cisco 3750X stack) and a
VM that I’ve already
stretch deployed.
I could also ping it from
my lab workstation. This
just shows it’s up/running
“at home”.
32. To initiate the Stretch
Deploy, I’ll shut that
VM down and then
locate it in the vCloud
Connector plugin, in
vSphere.
You can see that the
vCloud Connector
“sees” both my
vSphere Private
Cloud and the vCHS
Public Cloud.
33. I’ll right-click on the
VM I want to move to
vCHS and click
“Stretch Deploy”.
It will then open a
wizard to guide me
through the rest.
34. First, I’ll select my
target.
“Strechted_k-d-rds” is
a vApp that was
created from a VM I
already deployed, so
we’ll just re-use that.
35. Since I already
Stretch Deployed one
VM, these fields are
greyed out and
populated with the
values that
correspond with that
vApp.
36. I don’t need a
proxy, so I’ll leave
this how it is and
click “Next”.
37. I’ll just let it power
on, when it gets
there and click
“Next”.
40. You can see the
tasks completed.
This took about an
hour, to upload the
VM to VMware’s
datacenter and then
deploy it to my VDC.
41. Let’s check out the network,
now that it’s been moved.
It retained its IP information
(first of all).
You can see it still has the
172.16.55.1 gateway (still
back to the core switch,
physically at Kelser) and it
can reach it.
You can see that this VM
can still ping VM’s back
home and receives replies.
42. There is a L2 VPN Link
between the Edge
Gateway at Kelser and
the Edge Gateway
below the Routed
network, for the DCE
vApp.
Since the Edge
Gateways are listening
for broadcasts on
172.16.55.0 and know
what’s on the other
side, they proxy
broadcasts and
answer arp requests
for traffic on either side
of the VPN.
43. Hybrid means YOU consume cloud at YOUR pace
VMware vCloud Hybrid Service was designed, built, and is
supported by the company that invented virtualization, as we
know it
Your applications already run on vSphere; vCHS is the same
vSphere you and your applications already know.
VMware vCloud Hybrid Service has many networking options,
to securely connect you to the cloud, almost anyway you
could imagine (including L2 VPN)
Kelser was an active participant in the vCHS Early Access
program and understands how the “plumbing” works and
how to get it working for you.
44.
45. Matthew Kozloski
Senior Virtualization Engineer
O: 860.610.2214 | F: 860.291.9088
mkozloski@kelsercorp.com
www.kelsercorp.com
111 Roberts St, Suite D
East Hartford, CT 06108