9. Characteristics of IaaS Clouds
Standardization. Construct virtual data
centers by pooling compute, storage, and
networking resources together
Offers self-service. Construct Service
Catalogs, application architectures can be
deployed by non-technical people or by
automated triggers such as ticketing
systems
Secure multi-tenancy, ability to run
multiple organisations on the same platform
Report consumption, permit charge or
show back of what has been consumed
and allow for different cost models
Programmatic control via open APIs,
ability to automate tasks and ensure
mobility or resources between clouds
10. To make this possible, cloud requires new resource abstractions
VMware vCloud Director
Organization: Marketing Organization: Finance
Users & Policies Organization VDCs Catalogs Users & Policies Organization VDCs Catalogs
Provider Virtual Datacenters
(Bronze)
(Silver)
(Gold)
VMware vCenter Server
Resource Pools Datastores Port Groups
VMware vSphere
Secure Private Cloud
10
11. VMware vSphere and vCenter Server
Clusters and Resource Pools vCenter Server
• Provide cloud compute
• DRS is a requirement for the cluster vSphere Cluster/Resource Pool
o Shared storage
o vMotion compatible or EVC enabled
Datastores vNetwork Distributed Switch
• Provide cloud storage
• Abstract away underlying storage
type
Portgroups ESXi/ESX hosts
• Provide cloud networking
• Abstract away underlying
networking infrastructure
• vSwitch, vNetwork Distributed FC Storage
iSCSI Storage NFS Storage
Switch or Nexus 1000V
11
12. VMware vCloud Director
Define standard infrastructure
tiers called Virtual Datacenters
• Pool virtualized infrastructure
resources across multiple vCenter
Servers
Define standard collections of
VMs called vApps
Create Organizations and
manage users with RBAC
Provide UI for users to self
provision vApps into Virtual
Datacenters
Provide secure multi-tenancy
using vShield Edge
12
13. vApp
Container of one or more VMs, VMware
vShield
Networking & security
appliances vApp
• Package up multi-tier application App App App
architectures OS OS OS
• Upload vApp to a service catalog for
vApp Networks
easy one-click redeployment
• Select boot order of VMs, start
delays and stop delays
• Set policies for vApp, storage lease
Uses the OVF standard
• Captures meta data about the VMs
• Allows import and export between
clouds in standard format
13
14. Fast Provisioning using Linked Clones For Improved Agility
Overview
• Provisions new VMs from a template
without replicating the entire image
• Instead, links the images (clones) so that
common elements are stored only once
vmdk vmdk vmdk
Benefits
• Dramatically speeds up provisioning time
Template from >2 minutes to <5 seconds
vmdk
• Reduces storage footprint (and cost) by
over 60%
14
15. Networking & Security : Introducing vShield Products
Securing the Private Cloud End to End: from the Edge to the Endpoint
vShield App and
vShield Edge vShield Endpoint
Zones
Secure the edge of Create segmentation between Offload anti-virus processing
the virtual datacenter enclaves or silos of workloads
vShield Manager
DMZ Application 1 Application 2 Centralized Management
15
16. Provide Choice in Resource Consumption Models
With Vmware Chargeback we have
set 3 “out of the box” consumption
models
Allocated Pool – “Bill for the
virtual container”
Reservation Pool – “Bill for
the physical container”
Pay-Per-vApp – Purchase
VMs of specified sizes
and contents
16
17. Open standards make the hybrid cloud possible
Provisioning and Control of the Application
vApp
Private Public
Cloud Clouds
17 Confidential
18. Consumption Visibility
Show back or Charge back to
consumers
• vCloud Director resources like
broadband network traffic, public IP
addresses, DHCP, NAT can be
metered and billed
Setup leases to assure
resource reclamation
VMware vSphere
18
21. vSM Cloud Provisioning
Enhance provisioning and cloud self-service for
vCloud Director
Standardize and automate service delivery of hybrid Clouds
Ensure policy compliance in higher governance environments
21 Confidential
22. vCloud Director and VMware Service Manager
VMware Service
Capabilities vCloud Director Manager –
Cloud Provisioning
Accelerates end user time-to-market by enabling intelligent virtual
machine provisioning across VMware vSphere® clusters with on-
demand access..
Ensures secure isolation and enforce control with policy-based user
controls and VMware vShield™ security technologies.
Uses open standards for interoperability and application portability
between clouds
Consolidates infrastructure and delivers resources as configurable,
easy-to-manage virtual datacenters.
Provides vCloud Director services in a service catalog for easiest
end-user consumption
Standardizes and automates services from request, approvals,
provisioning, changes, to notification
Provides tracking and reporting for higher governance environments
22 Confidential
24. Major considerations.
Users
• Who can do what with which resources?
What controls/policies should be in place?
• Who needs to authorise what?
Services
• What does your catalog need to look like?
Technical considerations
• Storage, CPU, RAM, Networks
24 Confidential
25. Where are you now?
What percentage are you virtualised?
• Do you want t got further?
What is our infrastructure costing?
• Can you achieve savings within current estate?
What barriers are stopping you maximising the potential?
• People, Budget
25 Confidential
26. Where do you want to go?
Public/Private/Hybrid?
• Where to go and what goes where?
26 Confidential
28. Cloud Director architecture … the basics
vCD Portal “Build your Own tool/portal”
3rd party portals
vSphere Client (Plug-in) (i.e. iWave ITO)
vCloud APIs
vCD
Cell(s)
vSphere
Client
Resource Pod
vCenter vCenter vCenter
ESX ESX ESX ESX ESX ESX
28 Confidential
29. VMware vCloud Director Installation and Licensing
Installs on RHEL 5 U4 or higher
64-bit machine
VMware vCloud Director
supports
• VMware vSphere Editions
VMware vCloud
• VMware vSphere Enterprise* vCenter Server Director
• VMware vSphere Enterprise Plus
• VMware vCenter Server Editions
• VMware vCenter Server Standard
• Minimum requirements
• vSphere and vCenter Server versions
4.0 U2 and 4.1.
VMware vCloud Director licensed by concurrent
powered-on VMs managed by VCD
*vSphere Enterprise will not support VLAN backed Network Pools and VMware vCloud Director Network Isolation (VCDNI) backed Network Pools
29 Confidential
30. Network Fencing
Allows developers to provision Layer-2
isolated networks in seconds…
Deploy multiple copies of the vApp on
the same Org/External network without
modifying hostname or IP address
• Each VM keep original hostname/IP
information inside the fence
• Each VM assigned a new IP outside the fence
30 Confidential
31. vShield Edge – simplifying complex virtual networking
Provides virtual routing between physical and virtual networks
Brings firewalling/NATing „inside‟ the virtual environment
Provides more flexibility, without the need to always go to external
physical firewalls, but centrally managed
Extremely useful for test/dev environments
VCD-Network Isolation reduces the need for VLANs in crowded
datacentres
Enables secure multi-tenancy for Service Providers
31 Confidential
32. vShield Edge networking
vApp
vApp network
Tenant A
Secure routed network
Tenant A Tenant A
DMZ routed network Tenant A Secure direct network
DMZ direct network Physical
Secure network
Physical
DMZ network
Internet
32 Confidential
33. Connecting the Clouds
Cloud Service
Private Cloud Providers
Traditional
vSphere/vCenter
33 Confidential
35. Five Tuple Firewalls
Create complex firewall rules
for enhanced security
• Firewall rules now can be
configured for <source address,
source port, protocol, destination
port, destination address>
• Support for ICMP protocol in
addition to tcp and udp
35 Confidential
37. Chargeback and Billing in VMware Cloud Director
• vCloud Service Director itself does NOT do billing or chargeback
• There is NO billing information or metering information presented in the
interface
• All chargeback is done through vCenter Chargeback
Availability
vCenter Chargeback
vCenter Self-Service • Monitor and charge for vCloud
Chargeback Cloud resources
• Deliver targeted multi-tenant
reports
• Integrate with 3rd-party billing
3rd-Party Billing
37 Confidential
39. vCenter Chargeback
Chargeback awareness and metering for vCD
• Organizations
• Virtual Datacenters (VDCs)
• vApps, templates, media file storage
Support for vCSD Resource Allocation Models
• Pay as you go – pay for each vApp deployed
• Reservation Pool – pay for a guaranteed set of resources
• Allocation Pool – aka burst charging, pay for a guaranteed set of
resources, can use more than guaranteed but that
gets charged at a premium rate
Applicable Charges
• Count of public IP addresses
• Broadband traffic (Tx/Rx), per public IP
• CPU, Memory, Storage (base and premium, templates and media file storage)
• Fixed monthly charges for a vApp
39 Confidential
40. VMware Service Manager Cloud Provisioning
Utilizes the VMware Service
Manager and vCloud Director
Connector
Provides additional functionality
to vCloud Director:
• Customized Customer Entry Portal
• Configurable and Extendable Request
Forms
• Change Request Management for
Owned Items
• Flexible Workflows
• Plug into vCO to kick off 3rd party
workflows
40 Confidential
41. Standardize and Automate Service Delivery of Hybrid Clouds
The automation engine helps Cloud providers standardize
and deliver Cloud infrastructure.
Electronic
approval Error
process notification,
if any
Request Successful
initiated by service
end-user deployment
Policy-based Provisioning Database
logic in vCloud update
Director
41 Confidential
42. Enhanced Provisioning Automation with vCO
VSM includes a connector to vCenter Orchestrator (vCO)
Introducing vCO in the Provisioning Process can enhance service
automation by providing advanced technical orchestration
capabilities
While VSM acts as the „Traffic Cop‟ enforcing
the service oriented workflow
vCloud
Director Oracle EM
VMware
Service
Manager 3rd Party
vCO Systems
vCloud vCenter
Director
42 Confidential
49. Introducing vFabric Data Director
Do for Databases what vSphere
does for Servers
• Extends vSphere benefits to Databases
• Drastic Cost Savings for Databases
• CAPEX
• OPEX
• Consolidates Thousands of Databases &
Simplifies Management
Built on and Integrated with
vSphere 5.0
49 Confidential
50. Path to PaaS
Infrastructure-as-a- IaaS + Database-as-a- Platform-as-a-Service
Service (IaaS) Service (PaaS)
• Centralized management of • Centralized management of • Centralized applications
Compute, Storage, and Databases development framework
Network resources • Self-service database optimized for the cloud
• Self-service management of operations • Integrates automation
Infrastructure resources • Leverages IaaS provided by IaaS and
• Dependent on Virtualization architecture DBaaS
vSphere + vCloud Director vFabric Data Director Cloud Foundry
50 Confidential
51. vFabric Data Director
• Powers database-as-a-service
across private and public App App App App App App App App
vClouds
vFabric Data Director
• Self-service database Graphical User Interface/API
virtualization platform for
Self-service IT Control vSphere-Optimized
traditional and new databases
• First database enabled is
PostgreSQL database with
optimization for vSphere
• Oracle support in 2012 VMware vSphere 5
• MS SQL support in 2013
• Will integrate with vCD
51 Confidential
52. Backup/Restore: Built-in Policies
DBA‟s have limited time to enable, monitor, and test backup and
recovery policies for all databases.
Solution: Built-In Backup Policies
• Fully integrated backup & restore process (backup templates)
• Automated scheduled backups
• Policy driven backup retention
• Self-service manual backups
• Database remains on line during
backup
• Dual backup techniques integrated
into single policy
• External Backups
• Resilient external backups
• Snapshots with Database Consistency
• Faster to take and restore
52 Confidential
53. Backup/Restore - Point-in-Time Recovery
Database recovery is cumbersome and error prone
Solution: Fully automated point-in-time recovery
• Comprehensive view of database backups
• Point in time recover with a few clicks
53 Confidential
54. Innovative Database Cloning
The average production database has 6 clones (dev, qa) and each
clone takes days to create.
Solution: Innovative Database Cloning
• Automation and flexibility
• Choice of what to clone
• Data and schema
• Schema only
• Choice of clone point
• Backup (include PITR)
• Current state of database
• Choice of destination database
configuration
• Copy parent database configuration
• Specify destination database configuration
54 Confidential
55. Innovative Database Cloning
• Full Database Clone
• Complete physical copy of parent
• Isolation between parent and clone
• Linked Database Clone Production
• Clone created from parent snapshot “House of Brick has always
• Clone in minutes regardless of database size found that VMware outshines
Full DB Clone
• Delta disk to track change from parent the competition when it comes
Staging
to the tools supporting their
• Application transparent
cloud infrastructure. With
• Great of diagnostic scenarios
vFabric Data Director, even
Linked DB Clones
routine operations such as
database cloning are now
automated and are as easy as
one simple click.”
Dev QA Perf
- David Woodward, COO,
House of Brick
55 Confidential
57. Flexible Database Templates
Database provisioning and configuration requires sophisticated DBA with
limited time.
Solution: Flexible Database Templates
• Customize templates for database
configuration and backup
• Robust role-based access control which
templates users can access
• Search and browse templates
• Fast provisioning
Benefits
• Enforce IT standards and control
• Ease of use
• Ensure reliability and repeatability
57 Confidential
58. Monitoring – Manage by exception
Dashboards
• Database performance
• Resource utilization
• Capacity planning
• System health, etc.
End to End Monitoring
• System, Organization, Database Group, Database
Alarms and Notifications
• Out-of-the-Box alarms
• Custom alarms and thresholds
58 Confidential
59. vFabric AppDirector
AppDirector automates application deployments on hybrid clouds,
specifically on VCD 1.5
Applications
Custom or Packaged
App binaries, config
.war, .jar, .tar, .zip etc
Application Stack Middleware, OS
App servers, messaging, web
servers, databases, operating
systems, load balancers, etc
vCloud Director 1.5
59 Confidential
60. Proliferation of Middleware, OS 2
A forward-looking large enterprise
load balancer load balancer
appserver appserver appserver worker
messaging database cache
Infrastructure teams
Application teams
Middleware, OS – Standardization, Collaboration, Policy-based enforcement?
Application Infrastructure teams
1. Too many combinations of OS, middleware, scripts
2. Post deployment compliance headaches
3. Environment readiness for middleware adding to deployment time
60 Confidential
6
61. What are key goals for AppDirector
1 Simplicity
• Automated deployment on cloud
• Intuitive graphical user interface
2 Cloud Ready
• Model-once, deploy anywhere (portability)
• Standardization of middleware, OS
• Open and Extensible
3 Active App Management
• Integrated Application Performance Management for dynamic remediation of apps
61 Confidential
62. vFabric AppDirector
load load
1 balancer balancer
2
appserv appserv appserv
worker
er er er
messaging database cache
Open architecture for model-driven, Standardization of heterogeneous
orchestrated provisioning on any IaaS cloud middleware, packaged apps, OS
3 4
Best-practice application blueprints for Collaborative, integrated application
deployment patterns management
62 Confidential
63. vFabric AppDirector – “Model-driven” cloud-ready App provisioning
Application Blueprint Logical Application Topology with
Application Binaries Application Policies, Configurations
Pre-instrumented with App Monitoring
Application Stack - (Middleware, OS)
Architect
Deployment Deployment Deployment Collection of deployment settings
Profile Profile Profile Makes blueprints portable across clouds
(dev) (test) (prod)
App Dev, QA,
Release Standardized configurations of
OS, Middleware
Automated Deployment Plans with Orchestration
Catalog
Deployment Environments
Dev Org VDC Test Org VDC Prod Org VDC
Middleware Admin
Cloud Admin
63 Confidential
64. Model Application Blueprint
Use canvas to create
deployment topology
Standardized templates Standardized scripted
64 from catalog Confidential services from catalog
65. Select Deployment Environment, Cloud Templates, Networks
Steps in deployment profile
Based on logical names used for templates and NICs in the blueprint, system picks cloud
65 templates and networks on the selected deployment environment
Confidential
Editor's Notes
VMware customers can leverage existing vSphere investments to build and operate their cloud infrastructures. We are going to start with what you know and love and build new abstractions on top to deliver cloud in your infrastructureThe compute resources for VMware vCloud Director come from vSphere clusters and Resource Pools. You can build your cloud on any hardware that is on the vSphere HCL. VMware vCloud Director requires DRS which makes shared storage a requirement for all hosts in the cluster. Since DRS is a requirement, hosts need to be vMotion compatible or EVC needs to be enabled on the cluster.The storage resources for VMware vCloud Director come from datastores attached to the clusters. vSphere abstracts away underlying storage away via datastores. You can build your cloud using any storage array that is on the vSphere HCL. The networking resources for VMware vCloud Director come from portgroups created either on standard vSwitches, vNetwork Distributed Switches or Nexus 1000V switches.You leverage existing investments in hardware, software and people to build and operate your cloud environment.
Notes are WIP:There are two main drivers for cloud computingCost Agility and Time to MarketBy building cloud infrastructures using VMware vCloud Director customers can realize cost savings and improve IT departments can improve time to market. So what is VMware vCloud Director?VMware vCloud Director is a layer of software that interacts with multiple vCenter Servers and enables IT departments to pool resources together across vCenter Servers and define standardized tiers of services called Virtul Datacenters. This helps break down infrastructure silos and drives sharing of infrastructure.Using VCD, IT departments can define Organizations and on-board users that can share the underlying cloud infrastucture in a secure multi-tenant fashion. IT can then create standardized collections of VMs called vApps and set policies on how users can use vApps.Users can login into VMware vCloud Director and self-provision vApp workloads which IT has setup already. This effectively removes IT involvement each time users require infrastructure enabling agility and faster time to market for applications.VMware vCloud Director also ships with the vCloud API which allow cloud administrators and users to interact with the cloud infrastructure in a programmatic way. In addition, the free vCenter Orchestrator product allows you to write workflows to automate creation of cloud infrastructure. The increased pooling and sharing of resources, self-provisioning and increased automation deliver greater cost savings in your IT infrastructure, agility and faster time to market for applications. And since VMware vCloud Director builds of top of VMware vSphere, you can deliver cloud benefits for today’s applications and for applications developed in the future.
In vCloud Director 1.0, VM provisioning operations resulted in the creation of full clones, delivered to users within minutes through a simple web portal. With the enablement of linked clones in vCloud Director 1.5, users no longer have to wait for a full copy each time they deploy a vApp. vCloud Director “links” clones together so that common elements are stored only once. This improves agility in the cloud by reducing provisioning time, from minutes down to seconds, and reducing the cost of storage by up to 10x.
The common mis-perception is that cloud computing implies an “external” cloud, based on public cloud services, e.g. Amazon. The fact is that cloud computing is how you approach IT, it is “a way of doing computing”, not a destination. Ultimately, most enterprises will benefit from adopting cloud computing within their own datacenters, building “private clouds”, and getting there in an evolutionary way through their existing virtualization journey. VMware not only arms enterprises to build the private cloud, but is the vendor that supplies cloud infrastructure to the broadest set of public cloud providers as well. It is VMware’s intent to make “Hyrbrid Clouds” a reality, through a common platform built around vSphere, with common management and security models to give the enterprise the confidence they need, in an environment that provides on-demand application portability.
When multiple users wish to deploy copies of a vApp template without making changes (customization) or if a single user wishes to deploy multiple copies of the same vApp template w/o customization, users can leverage the Network Fencing technology. This is very useful in the test/dev scenario, where say a developer wishes to send some dev code to a few testers and have them quickly test out the changes. This really speeds up dev/test times, since developers and testers can deploy the same vApp w/o hostname or IP changes on a shared network w/o conflicts.VCD makes this happen by deploying a vShield Edge VM into the Organization VDC. Essentially each VM in the vApp gets a unique external IP on the shared network that its connected to while it keeps its original IP and hostname. The vShield Edge VM does NAT’ing from internal to external IP.
The common mis-perception is that cloud computing implies an “external” cloud, based on public cloud services, e.g. Amazon. The fact is that cloud computing is how you approach IT, it is “a way of doing computing”, not a destination. Ultimately, most enterprises will benefit from adopting cloud computing within their own datacenters, building “private clouds”, and getting there in an evolutionary way through their existing virtualization journey. VMware not only arms enterprises to build the private cloud, but is the vendor that supplies cloud infrastructure to the broadest set of public cloud providers as well. It is VMware’s intent to make “Hyrbrid Clouds” a reality, through a common platform built around vSphere, with common management and security models to give the enterprise the confidence they need, in an environment that provides on-demand application portability.
Reservation: pre-paid guarantee for a fixed set of resources, fixed limit (even if you don't create any VMs, you get the same cost)Allocation: in addition to what you’re guaranteed, you can use more resources than what you’re given, at a premium rate (burst charging) -- will have separate cost model in CBMPay as you go: don't reserve resources upfront, unlimited resources, pay for each vApp you deploy. In Chargeback, you can set this up so that you pay a flat fee per vApp (e.g. gold/silver/bronze templates each with different flat fee), or pay by vApp configuration (e.g. number of VCPUs, memory size, storage), or pay by usage (e.g. CPU GHz consumed).Q: Can you charge differently when vApp is powered on vs off?A: Yes in KaveriQ: For thin provisioned disks, do you have the option to report and charge based on fully-allocated disk size instead?A: Yes in Kaveri, when using thin provisioning, you can choose to charge based on the fully-allocated disk size instead.