9. Characteristics of IaaS Clouds
Standardization. Construct virtual data
centers by pooling compute, storage, and
networking resources together
Offers self-service. Construct Service
Catalogs, application architectures can be
deployed by non-technical people or by
automated triggers such as ticketing
systems
Secure multi-tenancy, ability to run
multiple organisations on the same platform
Report consumption, permit charge or
show back of what has been consumed and
allow for different cost models
Programmatic control via open APIs,
ability to automate tasks and ensure
mobility or resources between clouds
10. To make this possible, cloud requires new resource abstractions
VMware vCloud Director
Organization: Marketing Organization: Finance
Users & Policies Organization VDCs Catalogs Users & Policies Organization VDCs Catalogs
Provider Virtual Datacenters
(Bronze)
(Silver)
(Gold)
VMware vCenter Server
Resource Pools Datastores Port Groups
VMware vSphere
Secure Private Cloud
10
11. VMware vSphere and vCenter Server
§ Clusters and Resource Pools vCenter Server
• Provide cloud compute
• DRS is a requirement for the cluster vSphere Cluster/Resource Pool
o Shared storage
o vMotion compatible or EVC enabled
§ Datastores vNetwork Distributed Switch
• Provide cloud storage
• Abstract away underlying storage
type
§ Portgroups ESXi/ESX hosts
• Provide cloud networking
• Abstract away underlying
networking infrastructure
• vSwitch, vNetwork Distributed FC Storage
iSCSI Storage NFS Storage
Switch or Nexus 1000V
11
12. VMware vCloud Director
§ Define standard infrastructure
tiers called Virtual Datacenters
• Pool virtualized infrastructure
resources across multiple vCenter
Servers
§ Define standard collections of
VMs called vApps
§ Create Organizations and
manage users with RBAC
§ Provide UI for users to self
provision vApps into Virtual
Datacenters
§ Provide secure multi-tenancy
using vShield Edge
12
13. vApp
§ Container of one or more VMs, VMware
vShield
Networking & security
appliances vApp
App App App
• Package up multi-tier application
architectures OS OS OS
vApp Networks
• Upload vApp to a service catalog for
easy one-click redeployment
• Select boot order of VMs, start
delays and stop delays
• Set policies for vApp, storage lease
§ Uses the OVF standard
• Captures meta data about the VMs
• Allows import and export between
clouds in standard format
13
14. Fast Provisioning using Linked Clones For Improved Agility
Overview
• Provisions new VMs from a template
without replicating the entire image
• Instead, links the images (clones) so that
common elements are stored only once
vmdk vmdk vmdk
Benefits
• Dramatically speeds up provisioning time
Template from >2 minutes to <5 seconds
vmdk
• Reduces storage footprint (and cost) by
over 60%
14
15. Networking & Security : Introducing vShield Products
Securing the Private Cloud End to End: from the Edge to the Endpoint
vShield App and
vShield Edge vShield Endpoint
Zones
Secure the edge of Create segmentation between Offload anti-virus processing
the virtual datacenter enclaves or silos of workloads
vShield Manager
DMZ Application 1 Application 2 Centralized Management
15
16. Provide Choice in Resource Consumption Models
§ With Vmware Chargeback we have
set 3 “out of the box” consumption
models
§ Allocated Pool – “Bill for the
virtual container”
§ Reservation Pool – “Bill for
the physical container”
§ Pay-Per-vApp – Purchase
VMs of specified sizes
and contents
16
17. Open standards make the hybrid cloud possible
Provisioning and Control of the Application
vApp
Private Public
Cloud Clouds
17 Confidential
18. Consumption Visibility
§ Show back or Charge back to
consumers
• vCloud Director resources like
broadband network traffic, public IP
addresses, DHCP, NAT can be
metered and billed
§ Setup leases to assure
resource reclamation
VMware vSphere
18
21. vSM Cloud Provisioning
§ Enhance provisioning and cloud self-service for
vCloud Director
§ Standardize and automate service delivery of hybrid Clouds
§ Ensure policy compliance in higher governance environments
21 Confidential
22. vCloud Director and VMware Service Manager
VMware Service
Capabilities vCloud Director Manager –
Cloud Provisioning
Accelerates end user time-to-market by enabling intelligent virtual
machine provisioning across VMware vSphere® clusters with on-
demand access..
Ensures secure isolation and enforce control with policy-based user
controls and VMware vShield™ security technologies.
Uses open standards for interoperability and application portability
between clouds
Consolidates infrastructure and delivers resources as configurable,
easy-to-manage virtual datacenters.
Provides vCloud Director services in a service catalog for easiest
end-user consumption
Standardizes and automates services from request, approvals,
provisioning, changes, to notification
Provides tracking and reporting for higher governance environments
22 Confidential
24. Major considerations.
§ Users
• Who can do what with which resources?
§ What controls/policies should be in place?
• Who needs to authorise what?
§ Services
• What does your catalog need to look like?
§ Technical considerations
• Storage, CPU, RAM, Networks
24 Confidential
25. Where are you now?
§ What percentage are you virtualised?
• Do you want t got further?
§ What is our infrastructure costing?
• Can you achieve savings within current estate?
§ What barriers are stopping you maximising the potential?
• People, Budget
25 Confidential
26. Where do you want to go?
§ Public/Private/Hybrid?
• Where to go and what goes where?
26 Confidential
28. Cloud Director architecture … the basics
vCD Portal “Build your Own tool/portal”
3rd party portals
vSphere Client (Plug-in) (i.e. iWave ITO)
vCloud APIs
vCD
Cell(s)
vSphere
Client
Resource Pod
vCenter
vCenter
vCenter
ESX
ESX
ESX
ESX
ESX
ESX
28 Confidential
29. VMware vCloud Director Installation and Licensing
§ Installs on RHEL 5 U4 or higher
64-bit machine
§ VMware vCloud Director
supports
• VMware vSphere Editions
VMware vCloud
• VMware vSphere Enterprise* vCenter Server Director
• VMware vSphere Enterprise Plus
• VMware vCenter Server Editions
• VMware vCenter Server Standard
• Minimum requirements
• vSphere and vCenter Server versions
4.0 U2 and 4.1.
VMware vCloud Director licensed by concurrent
powered-on VMs managed by VCD
*vSphere Enterprise will not support VLAN backed Network Pools and VMware vCloud Director Network Isolation (VCDNI) backed Network Pools
29 Confidential
30. Network Fencing
§ Allows developers to provision Layer-2
isolated networks in seconds…
§ Deploy multiple copies of the vApp on
the same Org/External network without
modifying hostname or IP address
• Each VM keep original hostname/IP
information inside the fence
• Each VM assigned a new IP outside the fence
30 Confidential
31. vShield Edge – simplifying complex virtual networking
§ Provides virtual routing between physical and virtual networks
§ Brings firewalling/NATing ‘inside’ the virtual environment
§ Provides more flexibility, without the need to always go to external
physical firewalls, but centrally managed
§ Extremely useful for test/dev environments
§ VCD-Network Isolation reduces the need for VLANs in crowded
datacentres
§ Enables secure multi-tenancy for Service Providers
31 Confidential
32. vShield Edge networking
vApp
vApp network
Tenant A
Secure routed network
Tenant A Tenant A
DMZ routed network Tenant A Secure direct network
DMZ direct network Physical
Secure network
Physical
DMZ network
Internet
32 Confidential
33. Connecting the Clouds
Cloud Service
Private Cloud Providers
Traditional
vSphere/vCenter
33 Confidential
35. Five Tuple Firewalls
§ Create complex firewall rules
for enhanced security
• Firewall rules now can be
configured for <source address,
source port, protocol, destination
port, destination address>
• Support for ICMP protocol in
addition to tcp and udp
35 Confidential
37. Chargeback and Billing in VMware Cloud Director
• vCloud Service Director itself does NOT do billing or chargeback
• There is NO billing information or metering information presented in the
interface
• All chargeback is done through vCenter Chargeback
Availability
vCenter Chargeback
vCenter Self-Service • Monitor and charge for vCloud
Chargeback Cloud resources
• Deliver targeted multi-tenant
reports
• Integrate with 3rd-party billing
3rd-Party Billing
37 Confidential
39. vCenter Chargeback
§ Chargeback awareness and metering for vCD
• Organizations
• Virtual Datacenters (VDCs)
• vApps, templates, media file storage
§ Support for vCSD Resource Allocation Models
• Pay as you go – pay for each vApp deployed
• Reservation Pool – pay for a guaranteed set of resources
• Allocation Pool – aka burst charging, pay for a guaranteed set of
resources, can use more than guaranteed but that
gets charged at a premium rate
§ Applicable Charges
• Count of public IP addresses
• Broadband traffic (Tx/Rx), per public IP
• CPU, Memory, Storage (base and premium, templates and media file storage)
• Fixed monthly charges for a vApp
39 Confidential
40. VMware Service Manager Cloud Provisioning
§ Utilizes the VMware Service
Manager and vCloud Director
Connector
§ Provides additional functionality to
vCloud Director:
• Customized Customer Entry Portal
• Configurable and Extendable Request
Forms
• Change Request Management for
Owned Items
• Flexible Workflows
• Plug into vCO to kick off 3rd party
workflows
40 Confidential
41. Standardize and Automate Service Delivery of Hybrid Clouds
The automation engine helps Cloud providers standardize
and deliver Cloud infrastructure.
Electronic
approval Error
process notification,
if any
Request Successful
initiated by service
end-user deployment
Policy-based Provisioning Database
logic in vCloud update
Director
41 Confidential
42. Enhanced Provisioning Automation with vCO
§ VSM includes a connector to vCenter Orchestrator (vCO)
§ Introducing vCO in the Provisioning Process can enhance service
automation by providing advanced technical orchestration
capabilities
§ While VSM acts as the ‘Traffic Cop’ enforcing
the service oriented workflow
vCloud
Director Oracle EM
VMware
Service
Manager 3rd Party
vCO Systems
vCloud vCenter
Director
42 Confidential
49. Introducing vFabric Data Director
§ Do for Databases what vSphere
does for Servers
• Extends vSphere benefits to Databases
• Drastic Cost Savings for Databases
• CAPEX
• OPEX
• Consolidates Thousands of Databases &
Simplifies Management
§ Built on and Integrated with
vSphere 5.0
49 Confidential
50. Path to PaaS
Infrastructure-as-a- IaaS + Database-as-a- Platform-as-a-Service
Service (IaaS) Service (PaaS)
• Centralized management of • Centralized management of • Centralized applications
Compute, Storage, and Databases development framework
Network resources • Self-service database optimized for the cloud
• Self-service management of operations • Integrates automation
Infrastructure resources • Leverages IaaS architecture provided by IaaS and
• Dependent on Virtualization DBaaS
vSphere + vCloud Director vFabric Data Director Cloud Foundry
50 Confidential
51. vFabric Data Director
• Powers database-as-a-service
across private and public App App App App App App App App
vClouds
vFabric Data Director
Graphical User Interface/API
• Self-service database
virtualization platform for
Self-service IT Control vSphere-Optimized
traditional and new databases
• First database enabled is
PostgreSQL database with
optimization for vSphere
• Oracle support in 2012 VMware vSphere 5
• MS SQL support in 2013
• Will integrate with vCD
51 Confidential
52. Backup/Restore: Built-in Policies
§ DBA’s have limited time to enable, monitor, and test backup and
recovery policies for all databases.
§ Solution: Built-In Backup Policies
• Fully integrated backup & restore process (backup templates)
• Automated scheduled backups
• Policy driven backup retention
• Self-service manual backups
• Database remains on line during
backup
• Dual backup techniques integrated
into single policy
• External Backups
• Resilient external backups
• Snapshots with Database Consistency
• Faster to take and restore
52 Confidential
53. Backup/Restore - Point-in-Time Recovery
§ Database recovery is cumbersome and error prone
§ Solution: Fully automated point-in-time recovery
• Comprehensive view of database backups
• Point in time recover with a few clicks
53 Confidential
54. Innovative Database Cloning
§ The average production database has 6 clones (dev, qa) and each
clone takes days to create.
§ Solution: Innovative Database Cloning
• Automation and flexibility
• Choice of what to clone
• Data and schema
• Schema only
• Choice of clone point
• Backup (include PITR)
• Current state of database
• Choice of destination database
configuration
• Copy parent database configuration
• Specify destination database configuration
54 Confidential
55. Innovative Database Cloning
• Full Database Clone
• Complete physical copy of parent
• Isolation between parent and clone
• Linked Database Clone Production
• Clone created from parent snapshot “House of Brick has always
• Clone in minutes regardless of database size found that VMware outshines
Full DB Clone
• Delta disk to track change from parent the competition when it comes to
Staging
the tools supporting their cloud
• Application transparent
infrastructure. With vFabric
• Great of diagnostic scenarios
Data Director, even routine
Linked DB Clones
operations such as database
cloning are now automated and
are as easy as one simple click.”
Dev
- David Woodward, COO,
QA Perf
House of Brick
55 Confidential
57. Flexible Database Templates
§ Database provisioning and configuration requires sophisticated DBA with
limited time.
§ Solution: Flexible Database Templates
• Customize templates for database
configuration and backup
• Robust role-based access control which
templates users can access
• Search and browse templates
• Fast provisioning
§ Benefits
• Enforce IT standards and control
• Ease of use
• Ensure reliability and repeatability
57 Confidential
58. Monitoring – Manage by exception
§ Dashboards
• Database performance
• Resource utilization
• Capacity planning
• System health, etc.
§ End to End Monitoring
• System, Organization, Database Group, Database
§ Alarms and Notifications
• Out-of-the-Box alarms
• Custom alarms and thresholds
58 Confidential
59. vFabric AppDirector
§ AppDirector automates application deployments on hybrid clouds,
specifically on VCD 1.5
Applications
Custom
or
Packaged
App
binaries,
config
.war,
.jar,
.tar,
.zip
etc
Application Stack Middleware,
OS
App
servers,
messaging,
web
servers,
databases,
opera7ng
systems,
load
balancers,
etc
vCloud Director 1.5
59 Confidential
60. Proliferation of Middleware, OS 2
A forward-looking large enterprise
load balancer load balancer
appserver appserver appserver worker
messaging database cache
Infrastructure teams
Application teams
Middleware, OS – Standardization, Collaboration, Policy-based enforcement?
Application Infrastructure teams
1. Too many combinations of OS, middleware, scripts
2. Post deployment compliance headaches
3. Environment readiness for middleware adding to deployment time
60 Confidential
6
61. What are key goals for AppDirector
§
1 Simplicity
• Automated deployment on cloud
• Intuitive graphical user interface
2 Cloud Ready
§
• Model-once, deploy anywhere (portability)
• Standardization of middleware, OS
• Open and Extensible
§
3 Active App Management
• Integrated Application Performance Management for dynamic remediation of apps
61 Confidential
62. vFabric AppDirector
load load
1 balancer balancer
2
appserv appserv appserv
worker
er er er
messaging database cache
Open architecture for model-driven, Standardization of heterogeneous
orchestrated provisioning on any IaaS cloud middleware, packaged apps, OS
3 4
Best-practice application blueprints for Collaborative, integrated application
deployment patterns management
62 Confidential
63. vFabric AppDirector – “Model-driven” cloud-ready App provisioning
Application Blueprint Logical Application Topology with
Application Binaries
Application Policies, Configurations
Pre-instrumented with App Monitoring
Application Stack - (Middleware, OS)
Architect
Deployment Deployment Deployment Collection of deployment settings
Profile Profile Profile Makes blueprints portable across clouds
(dev) (test) (prod)
App Dev, QA,
Release Standardized configurations of
OS, Middleware
Automated Deployment Plans with Orchestration
Catalog
Deployment Environments
Dev Org VDC Test Org VDC Prod Org VDC
Middleware Admin
Cloud Admin
63 Confidential
64. Model Application Blueprint
Use canvas to create
deployment topology
Standardized templates Standardized scripted
64 from catalog Confidential services from catalog
65. Select Deployment Environment, Cloud Templates, Networks
Steps in deployment profile
Based on logical names used for templates and NICs in the blueprint, system picks cloud
65 templates and networks on the selected deployment environment
Confidential