VMware vCloud Director - Magirus
VMware vCloud Director - Magirus
VMware vCloud Director - Magirus
Create successful ePaper yourself
Turn your PDF publications into a flip-book with our unique Google optimized e-Paper software.
<strong>VMware</strong> <strong>vCloud</strong> <strong>Director</strong><br />
Henrik Andersson, <strong>vCloud</strong> & Security SME<br />
Systems Engineer, <strong>VMware</strong><br />
handersson@vmware.com<br />
Confidential<br />
© 2009 <strong>VMware</strong> Inc. All rights reserved
<strong>VMware</strong> Accelerating the Journey to Cloud<br />
Cloud Computing is an approach to computing that leverages the efficient pooling<br />
of on-demand, self-managed virtual infrastructure, consumed as a service.<br />
Efficiency thru Utilization<br />
and Automation<br />
Pooling<br />
From machines to highly<br />
elastic resource pools, with ondemand<br />
capacity<br />
Zero-Touch Infrastructure<br />
Policy-driven automation of<br />
provisioning, deployment and<br />
management<br />
Self-Service<br />
Easy access with policy-<br />
based provisioning and<br />
deployment<br />
Control<br />
Application-aware<br />
infrastructure with built-in<br />
availability, scalability, security<br />
and performance guarantees<br />
2 Confidential<br />
Agility with Control Freedom of Choice<br />
Open & Interoperable<br />
Application mobility between<br />
clouds, based on open<br />
standards<br />
Leverage Existing<br />
Investments<br />
Benefits of cloud computing to<br />
existing applications and<br />
datacenters
From vSphere to Cloud Infrastructure<br />
<strong>VMware</strong> <strong>vCloud</strong> <strong>Director</strong><br />
Organization: Marketing Organization: Finance<br />
Users & Policies Organization VDCs Catalogs<br />
Users & Policies<br />
(Gold)<br />
<strong>VMware</strong> vCenter Server<br />
<strong>VMware</strong> vSphere<br />
Secure Private Cloud<br />
3 Confidential<br />
(Silver)<br />
Provider Virtual Datacenters<br />
Organization VDCs Catalogs<br />
Resource Pools Datastores Port Groups<br />
(Bronze)
� <strong>VMware</strong> Cloud Components and Licensing<br />
� <strong>VMware</strong> Cloud Architecture<br />
� Deploying a <strong>VMware</strong> Cloud<br />
4 Confidential
<strong>VMware</strong> Cloud Components<br />
� <strong>VMware</strong> vSphere and vCenter Servers<br />
� <strong>VMware</strong> <strong>vCloud</strong> <strong>Director</strong><br />
� vShield for <strong>VMware</strong> Cloud <strong>Director</strong><br />
5 Confidential
<strong>VMware</strong> <strong>vCloud</strong> <strong>Director</strong><br />
� Define standard infrastructure<br />
tiers called Virtual Datacenters<br />
• Pool virtualized infrastructure<br />
resources across multiple vCenter<br />
Servers<br />
� Define standard collections of<br />
VMs called vApps<br />
� Create Organizations and<br />
manage users with RBAC<br />
� Provide UI for users to self<br />
provision vApps into Virtual<br />
Datacenters<br />
� Provide secure multi-tenancy<br />
using vShield Edge<br />
7 Confidential
<strong>vCloud</strong> <strong>Director</strong> Requirements<br />
� RHEL 5 U4 or U5 (64-bit)<br />
� <strong>VMware</strong> <strong>vCloud</strong> <strong>Director</strong> supports<br />
• <strong>VMware</strong> vSphere Editions<br />
• <strong>VMware</strong> vSphere Enterprise*<br />
• <strong>VMware</strong> vSphere Enterprise Plus<br />
• <strong>VMware</strong> vCenter Server Editions<br />
• <strong>VMware</strong> vCenter Server 4.0 Standard<br />
� Oracle 10g/11g Standard or Enterprise database<br />
� <strong>VMware</strong> vShield for <strong>VMware</strong> <strong>vCloud</strong> <strong>Director</strong><br />
• <strong>VMware</strong> vShield Edge provides perimeter security<br />
• Provides firewall, NAT, port forwarding, IP masquerading and DHCP<br />
functionality (enforces multi-tenancy)<br />
• Does NOT include VPN and Web Load Balancing capabilities<br />
*vSphere Enterprise will not support VLAN backed Network Pools and <strong>VMware</strong> <strong>vCloud</strong> <strong>Director</strong> Network Isolation (VCDNI) backed Network Pools<br />
8 Confidential
� <strong>VMware</strong> Cloud Components and Licensing<br />
� <strong>VMware</strong> Cloud Architecture<br />
� Deploying a <strong>VMware</strong> Cloud<br />
9 Confidential
<strong>VMware</strong> Cloud Architecture<br />
10 Confidential
� <strong>VMware</strong> Cloud Components and Licensing<br />
� <strong>VMware</strong> Cloud Architecture<br />
� Deploying a <strong>VMware</strong> Cloud<br />
11 Confidential
Deploying a <strong>VMware</strong> Cloud<br />
� Setting up Management Cluster<br />
� Setting up Cloud resources<br />
• Provider VDC<br />
• External Networks<br />
• Network Pools<br />
� Setting up Organizations<br />
• Setting up Users, roles and previliges<br />
• Setting up Policies<br />
� Setting up Organizational Resources<br />
• Organization VDC<br />
• Organization Networks<br />
� Setting up Catalogs of vApps and Media<br />
12 Confidential
Install and protect <strong>VMware</strong> Cloud components<br />
� Create a Management Cluster<br />
• Verify DNS, AD, NTP availability<br />
and redundancy<br />
• Install <strong>vCloud</strong> <strong>Director</strong> Server on a<br />
Management Cluster<br />
• <strong>vCloud</strong> <strong>Director</strong> Server<br />
• load balancer (if using >1 cell)<br />
• Oracle Database<br />
• vShield Manager virtual appliance<br />
• Chargeback Server<br />
• Chargeback SQL Server<br />
• Protect using HA, DRS and SRM.<br />
• Backup Management VMs via<br />
storage level backups or vDR.<br />
• Backup the Databases<br />
• Use VUM to patch hosts<br />
13 Confidential<br />
Management cluster<br />
ESXi/ESX Servers
Deploying a <strong>VMware</strong> Cloud<br />
� Setting up Management Cluster<br />
� Setting up Cloud resources<br />
• vCenter Servers<br />
• Provider VDC<br />
• External Networks<br />
• Network Pools<br />
� Setting up Organizations<br />
• Setting up Users, roles and previliges<br />
• Setting up Policies<br />
� Setting up Organizational Resources<br />
• Organization VDC<br />
• Organization Networks<br />
� Setting up Catalogs of vApps and Media<br />
14 Confidential
<strong>VMware</strong> <strong>vCloud</strong> <strong>Director</strong> web portal<br />
� Provides a convenient web<br />
based portal for<br />
• Cloud administrators to deploy and<br />
manage cloud resources<br />
• End users to use cloud resources<br />
� Web based – works with any<br />
standard browser<br />
� Rich Flash based UI<br />
experience<br />
15 Confidential
vCenter Servers<br />
� <strong>VMware</strong> <strong>vCloud</strong> <strong>Director</strong><br />
supports up to 10 vCenter<br />
Servers<br />
� vCenter Servers provide<br />
• Compute via Clusters and<br />
Resource Pools<br />
• Storage via Datastores<br />
• Networks via portgroups and<br />
vNetwork Distributed Switches<br />
� Requires vCenter user with<br />
admin credentials<br />
� Requires vShield Manager<br />
connected to vCenter Server<br />
17 Confidential
Provider VDCs<br />
� Use Provider VDCs to offer tiered compute and storage<br />
• Fast, medium, slow compute and storage<br />
• Silver (SATA), Gold (FC), Platinum (EFD), Unobtainium (aggregate) storage<br />
• Nehalem based clusters, AMD based clusters<br />
� Create a Provider VDC per tier of compute and storage you wish to<br />
offer to users<br />
19 Confidential
External Networks<br />
� Provide external network<br />
connectivity to cloud<br />
workloads<br />
� “External” to (organizations in)<br />
the cloud<br />
� External networks can be<br />
isolated at Layer 2 by VLANs<br />
or physical separation<br />
� Portgroup on a vDS (Nexus<br />
1000V supported)<br />
� Shared resource providing<br />
cloud workloads access to<br />
network resources<br />
• E.g. Corporate network, Test and<br />
dev network, Production network,<br />
Internet.<br />
20 Confidential
Network Pools<br />
� Provides connectivity between ESX hosts for Organizational Networks<br />
� Portgroup-backed<br />
• Create isolated portgroups in vSphere manually or with automation<br />
• Attach a collection of them to <strong>VMware</strong> <strong>vCloud</strong> <strong>Director</strong><br />
� VLAN-backed<br />
• <strong>VMware</strong> <strong>vCloud</strong> <strong>Director</strong> will automatically create portgroups as needed, and use a<br />
range of VLANs to isolate them<br />
� <strong>VMware</strong> <strong>vCloud</strong> <strong>Director</strong> Network Isolation-backed<br />
• Proprietary network isolation technology<br />
Network Pool Building Blocks<br />
VLAN Backed + VLAN tags<br />
vNetwork Distributed Switch<br />
VCDNI + one VLAN for transport<br />
vNetwork Distributed Switch<br />
Portgroup backed or portgroups<br />
vNetwork Distributed Switch vSwitch<br />
21 Confidential
Deploying a <strong>VMware</strong> Cloud<br />
� Setting up Management Cluster<br />
� Setting up Cloud resources<br />
• Adding vCenter Servers<br />
• Provider VDC<br />
• External Networks<br />
• Network Pools<br />
� Setting up Organizations<br />
• Setting up Users, roles and previliges<br />
• Setting up Policies<br />
� Setting up Organizational Resources<br />
• Organization VDC<br />
• Organization Networks<br />
� Setting up Catalogs of vApps and Media<br />
22 Confidential
Organizations<br />
� Unit of tenancy<br />
� Isolate groups or users or lines of<br />
business from each other<br />
• E.g. Finance & IT (Private Cloud)<br />
or<br />
Pepsi & Coca Cola (Public Cloud)<br />
• created by Cloud administrator<br />
� Users connect to organizations<br />
� Each organization has a unique URL in<br />
the <strong>VMware</strong> <strong>vCloud</strong> <strong>Director</strong> system<br />
23 Confidential
Authentication and RBAC<br />
� 3 Ways to Manage Users<br />
• Local Users<br />
• Simplest. User auth stored in DB<br />
• One LDAP server for entire<br />
cloud<br />
• E.g. corporate Active <strong>Director</strong>y<br />
• Organizations = OUs<br />
• LDAP server per-organization<br />
� Users & Groups assigned<br />
Roles<br />
• Roles = collection of rights<br />
• Create new or edit existing roles<br />
24 Confidential
Deploying a <strong>VMware</strong> Cloud<br />
� Setting up Management Cluster<br />
� Setting up Cloud resources<br />
• Adding vCenter Servers<br />
• Provider VDC<br />
• External Networks<br />
• Network Pools<br />
� Setting up Organizations<br />
• Setting up Users, roles and previliges<br />
• Setting up Policies<br />
� Setting up Organizational Resources<br />
• Organization VDC<br />
• Organization Networks<br />
� Setting up Catalogs of vApps and Media<br />
� Setting up Chargeback<br />
26 Confidential
Organization VDCs<br />
� Cloud Administrator allocates<br />
portions of Provider VDCs to<br />
organizations<br />
• Select organization<br />
• Select the Provider VDC<br />
• Select the Allocation Model<br />
• Pay-As-You-Go<br />
• Reservation Pool<br />
• Allocation Pool<br />
• Select how much you wish to<br />
allocate<br />
• CPU, memory and storage shares<br />
• Select Thin Provisioning<br />
• Select Network Pools for vApps to<br />
use<br />
27 Confidential
Create Organization Networks<br />
� Provide connectivity to workloads running inside an organization<br />
Network Features<br />
Internal Connectivity to vApps within the organization. No external connectivity<br />
External Routed Connectivity to vApps and services on a shared external network. vShield Edge device is deployed outside<br />
the organization to provide NAT and firewall services for vApps inside the organization<br />
External Direct Connect Connectivity to vApps and services on a shared external network. vApps get IP addresses on the external<br />
network. No NAT or firewall exists between the organization vApps and other vApps on the External<br />
Network<br />
28 Confidential
Deploying a <strong>VMware</strong> Cloud<br />
� Setting up Management Cluster<br />
� Setting up Cloud resources<br />
• Adding vCenter Servers<br />
• Provider VDC<br />
• External Networks<br />
• Network Pools<br />
� Setting up Organizations<br />
• Setting up Users, roles and previliges<br />
• Setting up Policies<br />
� Setting up Organizational Resources<br />
• Organization VDC<br />
• Organization Networks<br />
� Setting up Catalogs of vApps and Media<br />
29 Confidential
Catalogs<br />
� Catalogs are collections of vApps and<br />
media created & owned by Organizations<br />
• Can be shared (to the org) & published (to the<br />
whole cloud)<br />
� Examples:<br />
• Infrastructure as a Service Catalogs<br />
• Empty Small, medium and large VMs/vApps.<br />
• Pre-installed Windows & Linux VMs<br />
• OS Media files (ISO, floppy images)<br />
• App catalogs<br />
• Corp standard Database servers, application servers<br />
• If post deploy configurations are needed, guest customization<br />
in VCD can run custom scripts<br />
30 Confidential<br />
Linux Templates<br />
Windows Templates<br />
Engineering vApps<br />
Basic Media<br />
Catalog<br />
IT - Oracle vApps Premium<br />
Media Catalog
vApps<br />
� Container of one or more VMs<br />
• Package up multi-tier applications<br />
into vApps<br />
• Operate on VMs as one unit<br />
• Select boot order of VMs, start<br />
delays and stop delays<br />
• Set runtime and storage leases<br />
� Can be created from scratch<br />
• Building blocks templates in the<br />
catalog<br />
� Can be imported from outside<br />
the cloud<br />
31 Confidential<br />
Availability =<br />
99.99%<br />
Security = High<br />
Performance =<br />
msec<br />
SLA Definitions<br />
App<br />
OS<br />
vApp<br />
App<br />
OS<br />
� Uses the OVF standard<br />
App<br />
• Captures meta data about the VMs<br />
OS<br />
• Allows import and export between<br />
clouds in standard format
Q&A<br />
32 Confidential
Appendix<br />
33 Confidential
Infrastructure-as-a-Service (IaaS)<br />
� Access vApps from Home<br />
screen<br />
� Browse catalogs<br />
� Copy to “My Cloud”<br />
� Access VM consoles from<br />
within browser<br />
34 Confidential
Access vApps from Home screen<br />
� User logs in to organization<br />
� User role definies the<br />
capabilities available in the UI<br />
� Simple UI allowing the<br />
following user operations<br />
• Quick access to all vApps owned<br />
by the user<br />
• Click the Thumbnail to launch the<br />
Remote console<br />
• Quick access to Catalog via “Add<br />
Cloud Computer System” link<br />
35 Confidential
Remote Console<br />
� Launches a new window<br />
allowing users to interact with<br />
the VMs in the vApp<br />
� Allows power and suspend<br />
operations<br />
� Connect local CD ROM and<br />
floppy devices, CD iso images<br />
from file shares.<br />
� Alternatively, users can<br />
connect via remote protocols<br />
like ssh and RDP to their VMs<br />
36 Confidential
Browse catalog and deploy vApps<br />
� Copy vApps from the<br />
Organization catalog (selfservice)<br />
� Select Organization VDC<br />
� Connect the vApps to one or<br />
more networks<br />
• Create vApp networks<br />
• Connect to organization networks<br />
� Customize the VMs while<br />
deploying<br />
• Requires sysprep files to be<br />
available on <strong>VMware</strong> <strong>vCloud</strong><br />
<strong>Director</strong> server<br />
37 Confidential
Search for catalog items and deploy to org VDC<br />
� Search catalog items based on<br />
• Name<br />
• Description<br />
• Catalog<br />
• VDC<br />
• Owner<br />
• Date Created<br />
38 Confidential
Network connections for vApp<br />
� Networking<br />
� Connect the vApp to<br />
� External Network<br />
� Organization Networks<br />
� Create a new vApp Network on the fly<br />
� Requires Network Pool available to<br />
the organization<br />
� Connect vApp Network to Org<br />
Network<br />
� NAT or firewall<br />
� <strong>VMware</strong> <strong>vCloud</strong> <strong>Director</strong> deploys<br />
a vShield Edge VM to provide<br />
NAT and firewall services<br />
39 Confidential
Shared Catalogs<br />
� Setup catalogs to be shared by<br />
users in the organization<br />
• Sharing needs to be setup by Org<br />
admin<br />
� Dev and Test users work on a<br />
shared set of vApps<br />
• Build systems, Source control<br />
systems, Toolchains<br />
� Users need permissions to<br />
upload vApps into the catalog<br />
for sharing<br />
• vApp owner role<br />
40 Confidential
Network Fencing<br />
� Requires available Network Pool<br />
attached to the Organization VDC<br />
� Deploys a vShield Edge VM into the Org<br />
VDC<br />
• Creates a portgroup on the vNetwork<br />
Distributed Switch (vDS)<br />
• Attaches the vShield Edge VM and the vApp<br />
VMs to the portgroup<br />
� Fenced vApp can span multiple hosts<br />
� Deploy multiple copies of the vApp on<br />
the same Org/External network without<br />
modifying hostname or IP address<br />
• Each VM keep original hostname/IP<br />
information inside the fence<br />
• Each VM assigned a new IP outside the fence<br />
41 Confidential
The Complete Picture<br />
42 Confidential
The complete picture<br />
Provider<br />
VDC<br />
External<br />
Networks<br />
vCenter<br />
Server 1<br />
Clusters,<br />
datastores,<br />
portgroups<br />
Organization<br />
VDC<br />
vCenter<br />
Server 2<br />
vApp<br />
Network<br />
Pool<br />
External Networks<br />
<strong>VMware</strong> <strong>vCloud</strong> <strong>Director</strong><br />
Network Pools<br />
vCenter<br />
Server n<br />
Clusters,<br />
Clusters,<br />
datastores,<br />
datastores,<br />
portgroups Organization Networks portgroups and<br />
vApp Networks<br />
43 Confidential<br />
Cloud compute cluster<br />
Provider VDCs<br />
Organization VDCs<br />
vShield<br />
Edge<br />
vApps and templates<br />
Cloud management cluster<br />
with management VMs