VMware vCloud Director - Magirus

VMware vCloud Director
Henrik Andersson, vCloud & Security SME
Systems Engineer, VMware
handersson@vmware.com
Confidential
© 2009 VMware Inc. All rights reserved

VMware Accelerating the Journey to Cloud
Cloud Computing is an approach to computing that leverages the efficient pooling
of on-demand, self-managed virtual infrastructure, consumed as a service.
Efficiency thru Utilization
and Automation
Pooling
From machines to highly
elastic resource pools, with ondemand
capacity
Zero-Touch Infrastructure
Policy-driven automation of
provisioning, deployment and
management
Self-Service
Easy access with policy-
based provisioning and
deployment
Control
Application-aware
infrastructure with built-in
availability, scalability, security
and performance guarantees
2 Confidential
Agility with Control Freedom of Choice
Open & Interoperable
Application mobility between
clouds, based on open
standards
Leverage Existing
Investments
Benefits of cloud computing to
existing applications and
datacenters

From vSphere to Cloud Infrastructure
VMware vCloud Director
Organization: Marketing Organization: Finance
Users & Policies Organization VDCs Catalogs
Users & Policies
(Gold)
VMware vCenter Server
VMware vSphere
Secure Private Cloud
3 Confidential
(Silver)
Provider Virtual Datacenters
Organization VDCs Catalogs
Resource Pools Datastores Port Groups
(Bronze)

� VMware Cloud Components and Licensing
� VMware Cloud Architecture
� Deploying a VMware Cloud
4 Confidential

VMware Cloud Components
� VMware vSphere and vCenter Servers
� VMware vCloud Director
� vShield for VMware Cloud Director
5 Confidential

VMware vCloud Director
� Define standard infrastructure
tiers called Virtual Datacenters
• Pool virtualized infrastructure
resources across multiple vCenter
Servers
� Define standard collections of
VMs called vApps
� Create Organizations and
manage users with RBAC
� Provide UI for users to self
provision vApps into Virtual
Datacenters
� Provide secure multi-tenancy
using vShield Edge
7 Confidential

vCloud Director Requirements
� RHEL 5 U4 or U5 (64-bit)
� VMware vCloud Director supports
• VMware vSphere Editions
• VMware vSphere Enterprise*
• VMware vSphere Enterprise Plus
• VMware vCenter Server Editions
• VMware vCenter Server 4.0 Standard
� Oracle 10g/11g Standard or Enterprise database
� VMware vShield for VMware vCloud Director
• VMware vShield Edge provides perimeter security
• Provides firewall, NAT, port forwarding, IP masquerading and DHCP
functionality (enforces multi-tenancy)
• Does NOT include VPN and Web Load Balancing capabilities
*vSphere Enterprise will not support VLAN backed Network Pools and VMware vCloud Director Network Isolation (VCDNI) backed Network Pools
8 Confidential

� VMware Cloud Components and Licensing
� VMware Cloud Architecture
� Deploying a VMware Cloud
9 Confidential

VMware Cloud Architecture
10 Confidential

� VMware Cloud Components and Licensing
� VMware Cloud Architecture
� Deploying a VMware Cloud
11 Confidential

Deploying a VMware Cloud
� Setting up Management Cluster
� Setting up Cloud resources
• Provider VDC
• External Networks
• Network Pools
� Setting up Organizations
• Setting up Users, roles and previliges
• Setting up Policies
� Setting up Organizational Resources
• Organization VDC
• Organization Networks
� Setting up Catalogs of vApps and Media
12 Confidential

Install and protect VMware Cloud components
� Create a Management Cluster
• Verify DNS, AD, NTP availability
and redundancy
• Install vCloud Director Server on a
Management Cluster
• vCloud Director Server
• load balancer (if using >1 cell)
• Oracle Database
• vShield Manager virtual appliance
• Chargeback Server
• Chargeback SQL Server
• Protect using HA, DRS and SRM.
• Backup Management VMs via
storage level backups or vDR.
• Backup the Databases
• Use VUM to patch hosts
13 Confidential
Management cluster
ESXi/ESX Servers

Deploying a VMware Cloud
� Setting up Management Cluster
� Setting up Cloud resources
• vCenter Servers
• Provider VDC
• External Networks
• Network Pools
� Setting up Organizations
• Setting up Users, roles and previliges
• Setting up Policies
� Setting up Organizational Resources
• Organization VDC
• Organization Networks
� Setting up Catalogs of vApps and Media
14 Confidential

VMware vCloud Director web portal
� Provides a convenient web
based portal for
• Cloud administrators to deploy and
manage cloud resources
• End users to use cloud resources
� Web based – works with any
standard browser
� Rich Flash based UI
experience
15 Confidential

vCenter Servers
� VMware vCloud Director
supports up to 10 vCenter
Servers
� vCenter Servers provide
• Compute via Clusters and
Resource Pools
• Storage via Datastores
• Networks via portgroups and
vNetwork Distributed Switches
� Requires vCenter user with
admin credentials
� Requires vShield Manager
connected to vCenter Server
17 Confidential

Provider VDCs
� Use Provider VDCs to offer tiered compute and storage
• Fast, medium, slow compute and storage
• Silver (SATA), Gold (FC), Platinum (EFD), Unobtainium (aggregate) storage
• Nehalem based clusters, AMD based clusters
� Create a Provider VDC per tier of compute and storage you wish to
offer to users
19 Confidential

External Networks
� Provide external network
connectivity to cloud
workloads
� “External” to (organizations in)
the cloud
� External networks can be
isolated at Layer 2 by VLANs
or physical separation
� Portgroup on a vDS (Nexus
1000V supported)
� Shared resource providing
cloud workloads access to
network resources
• E.g. Corporate network, Test and
dev network, Production network,
Internet.
20 Confidential

Network Pools
� Provides connectivity between ESX hosts for Organizational Networks
� Portgroup-backed
• Create isolated portgroups in vSphere manually or with automation
• Attach a collection of them to VMware vCloud Director
� VLAN-backed
• VMware vCloud Director will automatically create portgroups as needed, and use a
range of VLANs to isolate them
� VMware vCloud Director Network Isolation-backed
• Proprietary network isolation technology
Network Pool Building Blocks
VLAN Backed + VLAN tags
vNetwork Distributed Switch
VCDNI + one VLAN for transport
vNetwork Distributed Switch
Portgroup backed or portgroups
vNetwork Distributed Switch vSwitch
21 Confidential

Deploying a VMware Cloud
� Setting up Management Cluster
� Setting up Cloud resources
• Adding vCenter Servers
• Provider VDC
• External Networks
• Network Pools
� Setting up Organizations
• Setting up Users, roles and previliges
• Setting up Policies
� Setting up Organizational Resources
• Organization VDC
• Organization Networks
� Setting up Catalogs of vApps and Media
22 Confidential

Organizations
� Unit of tenancy
� Isolate groups or users or lines of
business from each other
• E.g. Finance & IT (Private Cloud)
or
Pepsi & Coca Cola (Public Cloud)
• created by Cloud administrator
� Users connect to organizations
� Each organization has a unique URL in
the VMware vCloud Director system
23 Confidential

Authentication and RBAC
� 3 Ways to Manage Users
• Local Users
• Simplest. User auth stored in DB
• One LDAP server for entire
cloud
• E.g. corporate Active Directory
• Organizations = OUs
• LDAP server per-organization
� Users & Groups assigned
Roles
• Roles = collection of rights
• Create new or edit existing roles
24 Confidential

Deploying a VMware Cloud
� Setting up Management Cluster
� Setting up Cloud resources
• Adding vCenter Servers
• Provider VDC
• External Networks
• Network Pools
� Setting up Organizations
• Setting up Users, roles and previliges
• Setting up Policies
� Setting up Organizational Resources
• Organization VDC
• Organization Networks
� Setting up Catalogs of vApps and Media
� Setting up Chargeback
26 Confidential

Organization VDCs
� Cloud Administrator allocates
portions of Provider VDCs to
organizations
• Select organization
• Select the Provider VDC
• Select the Allocation Model
• Pay-As-You-Go
• Reservation Pool
• Allocation Pool
• Select how much you wish to
allocate
• CPU, memory and storage shares
• Select Thin Provisioning
• Select Network Pools for vApps to
use
27 Confidential

Create Organization Networks
� Provide connectivity to workloads running inside an organization
Network Features
Internal Connectivity to vApps within the organization. No external connectivity
External Routed Connectivity to vApps and services on a shared external network. vShield Edge device is deployed outside
the organization to provide NAT and firewall services for vApps inside the organization
External Direct Connect Connectivity to vApps and services on a shared external network. vApps get IP addresses on the external
network. No NAT or firewall exists between the organization vApps and other vApps on the External
Network
28 Confidential

Deploying a VMware Cloud
� Setting up Management Cluster
� Setting up Cloud resources
• Adding vCenter Servers
• Provider VDC
• External Networks
• Network Pools
� Setting up Organizations
• Setting up Users, roles and previliges
• Setting up Policies
� Setting up Organizational Resources
• Organization VDC
• Organization Networks
� Setting up Catalogs of vApps and Media
29 Confidential

Catalogs
� Catalogs are collections of vApps and
media created & owned by Organizations
• Can be shared (to the org) & published (to the
whole cloud)
� Examples:
• Infrastructure as a Service Catalogs
• Empty Small, medium and large VMs/vApps.
• Pre-installed Windows & Linux VMs
• OS Media files (ISO, floppy images)
• App catalogs
• Corp standard Database servers, application servers
• If post deploy configurations are needed, guest customization
in VCD can run custom scripts
30 Confidential
Linux Templates
Windows Templates
Engineering vApps
Basic Media
Catalog
IT - Oracle vApps Premium
Media Catalog

vApps
� Container of one or more VMs
• Package up multi-tier applications
into vApps
• Operate on VMs as one unit
• Select boot order of VMs, start
delays and stop delays
• Set runtime and storage leases
� Can be created from scratch
• Building blocks templates in the
catalog
� Can be imported from outside
the cloud
31 Confidential
Availability =
99.99%
Security = High
Performance =
msec
SLA Definitions
App
OS
vApp
App
OS
� Uses the OVF standard
App
• Captures meta data about the VMs
OS
• Allows import and export between
clouds in standard format

Q&A
32 Confidential

Appendix
33 Confidential

Infrastructure-as-a-Service (IaaS)
� Access vApps from Home
screen
� Browse catalogs
� Copy to “My Cloud”
� Access VM consoles from
within browser
34 Confidential

Access vApps from Home screen
� User logs in to organization
� User role definies the
capabilities available in the UI
� Simple UI allowing the
following user operations
• Quick access to all vApps owned
by the user
• Click the Thumbnail to launch the
Remote console
• Quick access to Catalog via “Add
Cloud Computer System” link
35 Confidential

Remote Console
� Launches a new window
allowing users to interact with
the VMs in the vApp
� Allows power and suspend
operations
� Connect local CD ROM and
floppy devices, CD iso images
from file shares.
� Alternatively, users can
connect via remote protocols
like ssh and RDP to their VMs
36 Confidential

Browse catalog and deploy vApps
� Copy vApps from the
Organization catalog (selfservice)
� Select Organization VDC
� Connect the vApps to one or
more networks
• Create vApp networks
• Connect to organization networks
� Customize the VMs while
deploying
• Requires sysprep files to be
available on VMware vCloud
Director server
37 Confidential

Search for catalog items and deploy to org VDC
� Search catalog items based on
• Name
• Description
• Catalog
• VDC
• Owner
• Date Created
38 Confidential

Network connections for vApp
� Networking
� Connect the vApp to
� External Network
� Organization Networks
� Create a new vApp Network on the fly
� Requires Network Pool available to
the organization
� Connect vApp Network to Org
Network
� NAT or firewall
� VMware vCloud Director deploys
a vShield Edge VM to provide
NAT and firewall services
39 Confidential

Shared Catalogs
� Setup catalogs to be shared by
users in the organization
• Sharing needs to be setup by Org
admin
� Dev and Test users work on a
shared set of vApps
• Build systems, Source control
systems, Toolchains
� Users need permissions to
upload vApps into the catalog
for sharing
• vApp owner role
40 Confidential

Network Fencing
� Requires available Network Pool
attached to the Organization VDC
� Deploys a vShield Edge VM into the Org
VDC
• Creates a portgroup on the vNetwork
Distributed Switch (vDS)
• Attaches the vShield Edge VM and the vApp
VMs to the portgroup
� Fenced vApp can span multiple hosts
� Deploy multiple copies of the vApp on
the same Org/External network without
modifying hostname or IP address
• Each VM keep original hostname/IP
information inside the fence
• Each VM assigned a new IP outside the fence
41 Confidential

The Complete Picture
42 Confidential

The complete picture
Provider
VDC
External
Networks
vCenter
Server 1
Clusters,
datastores,
portgroups
Organization
VDC
vCenter
Server 2
vApp
Network
Pool
External Networks
VMware vCloud Director
Network Pools
vCenter
Server n
Clusters,
Clusters,
datastores,
datastores,
portgroups Organization Networks portgroups and
vApp Networks
43 Confidential
Cloud compute cluster
Provider VDCs
Organization VDCs
vShield
Edge
vApps and templates
Cloud management cluster
with management VMs