vmug - vcloud air deep dive · vmug - vcloud air deep dive. 2 agenda 1 overview of vcloud air 2...
TRANSCRIPT
© 2014 VMware Inc. All rights reserved.
VMUG - vCloud Air Deep Dive
2
Agenda
1 Overview of vCloud Air
2 Advanced Networking Capabilities
3 Use Cases
4 Overview of Disaster Recovery Service
5 Questions
VMware vCloud AirTechnical Overview
VMware vCloud® Air™ is a secure public cloud operated by VMware, built on the
trusted foundation of vSphere.
The service supports both existing workloads as well as new application development,
giving IT a common platform to seamlessly extend their data center to the cloud
leveraging the same tools and processes they use today.
vCloud Air Offerings
vCloud Air Core Services
Service ClassConsumption
Model
Shared or
Dedicated
Environment
Infrastructure Subscription Dedicated
Infrastructure Subscription Multi-Tenant
Infrastructure Pay-as-you-Go Multi-Tenant
Recovery Subscription Multi-Tenant
vCloud Air Subscription Services
Logically Isolated
Guaranteed Resource
Allocation
6
Virtual Private Cloud
Physically Isolated
Your Own Private Cloud
Instance
Dedicated Cloud
Base Resources:
20GB vRAM
10GHz vCPU
Starts at:
2 TB
10 Mbps allocated
50 Mbps burstable
2 Public IPs
Base Resources:
120GB vRAM
30GHz vCPU
Starts at:
6 TB
50 Mbps allocated
1 Gbps burstable
3 Public IPs
Logically Isolated
Business Continuity
Solution
Disaster Recovery
Base Resources:
20GB vRAM
10GHz vCPU
Starts at:
1 TB
10 Mbps allocated
50 Mbps burstable
2 Public IPs
6
Term Lengths:
1m, 3m, 12m, 24m, 36m subscriptions
Virtual Private Cloud: Subscription vs. OnDemand
Subscription OnDemand
Shared Compute Resources Shared Compute Resources
Fixed Size (Subscription) Shrink and Extend OnDemand
vCloud Air Locations
8
vCloud Government Service
vCloud Air
Europe UK
Europe Germany
US Gov Arizona
US Northern California
US Nevada
US Texas
US New Jersey
US Virginia
US Gov VirginiaJapan West
Australia
Challenges of Realizing a True Hybrid Cloud
9
Diverse set of platforms and incompatibility, raise costs and complexity
CUSTOM
HOSTINGMANAGED
SERVICE
CO-LOCATION
SERVICE
CUSTOMER’S
DATA CENTER
IaaS
Data Center Options Public Cloud Service
Diverse set of standards Incompatible platform
Inelastic consumption
Heterogeneous tools
Complex networking
No authentication
No common governance
No common security model
True Hybrid Cloud
10
Leverage the economics of IaaS. Run your data center like an IaaS.
Data Center Options
Elastic Consumption Model
Common Management
Seamless Networking
Common Authentication
Common Governance, Billing
Common Security Model
Public Cloud Service
Common Platform
CUSTOM
HOSTING
MANAGED
SERVICE
CO-LOCATION
SERVICE
CUSTOMER’S
DATA CENTER
vAPP vAPP
Run Any OS, Any App, Any Platform
• Run legacy existing apps and net-new apps on-
premises and in the cloud
• Run industry-specific software supported on
vSphere
Benefits
• Runs the largest number of guest operating
systems:• Multiple generations of Windows/Linux
• Both 32- and 64-bit
• Workload agnostic approach with broad range of
ISV support
Overview
COMPUTE
Hybrid Connectivity into vCloud Air
• Multiple options for securely accessing vCloud Air
from your on-premises data center
• No added cost for high bandwidth VPN endpoint
• Integrate with large set of Network Service
Providers for high bandwidth private connections
Benefits
• Over the Internet:
• HTTPS or IPsec VPN
• Over Direct Connect:
• Private Line or Cross Connect
Overview
vCLOUD AIR
WWW
Direct Connect
ON-PREMISES
HTTPS / IPsec VPN
Network Virtualization in vCloud Air
• Mirror on-premises networking policies and avoid
reconfiguring applications
• All software-defined for rapid changing app &
security needs
• Safeguard security and support advanced policies
Benefits
• Available services include:
• Firewall, NAT routing, DHCP, load balancer
• Create routed and isolated networks, static routes
• Designed with Active/Standby High Availability
OverviewWWW
vCLOUD AIR
DMZ
Test/Dev Network
EDGE GATEWAY
Isolated Network
Virtual
Appliance
Simple Migration of vSphere Workloads into the Cloud
CustomerData Center
• Flexibility to move apps on- or off-premises as
desired; no location lock-in
• No reformatting of virtual machines required
• Manage all environments through a unified view
Benefits
• OVF Import using built-in Java applet
• vCloud Connector for transferring workloads and
catalog synchronization
• Offline Data Transfer with vCloud Connector for
large data transfers
OverviewOVF
vCloud Connector: Migration of Workloads Across Hybrid Clouds
vSphere Client
OFF-PREMISESON-PREMISES
Control Plane
Private
vCloud
vSphere
vCC UI Plugin
vCloud Air
vCloud Air
Network
Content
LibraryvCC Server
Node
Node
Node
Node
Client
Data Plane
vCloud Air vSphere Client Plug-in:Single Pane of Glass Management Across Hybrid Clouds
• Manage hybrid cloud from a “single pane of
glass”
• Maximize your existing investments and
processes
• Leverage existing skillsets and retain the same
teams and to manage both on-prem and off-prem
Benefits
• Free plug-in for vSphere Web Client
• View and administer vCloud Air services
• Manage inventory of virtual data centers,
gateways and networks
• Create and manage virtual machines
Overview
HYBRID MANAGEMENT
Cloud Automation for Multi-Cloud Infrastructure
vRealize Automation
Self - Service
Linux WindowsCloud Providers
PHYSICAL VIRTUAL CLOUD
IaaS PaaS DaaS XaaS
Policy-Based Governance with Automated Delivery
vSphereOther
HypervisorVCLOUD AIR
HYBRID MANAGEMENT
Advanced Networking Capabilities
Current Edge Gateway Capabilities in vCloud Air
vCloud Air
NSX EDGE GATEWAY
(vCloud Air Network)(vCloud Air Network)
• Stateful Inspection Firewall
• Network Address Translations (NAT)
• DHCP
• Site to Site VPN (IPSec)
• Static Routing
• Load Balancer L4/L7
• 9 Interfaces
NETWORKING
New NSX Edge Gateway Capabilities in vCloud Air
vCloud Air
NSX EDGE GATEWAY
(vCloud Air Network)(vCloud Air Network)
• Stateful Inspection Firewall
• Network Address Translations (NAT)
• DHCP
• Site to Site VPN (IPSec)
• Static Routing
• Dynamic Routing OSPF, BGP
• Load Balancer L4/L7
• SSL Certificate Offloading
• SSL VPN (Client to Server)
• 200 Sub-Interfaces
• Distributed Firewall
NETWORKING
Direct Connect – Private Line
NSP Termination Point
Existing NSP Connections
vCloud Air Connection Point
“Meet Me Room” (MMR)“Main Distribution Frame” (MDF)
Customer A
Customer C
Customer B
Layer 2 VLAN
Untagged Layer 2
connection
(1G, 10G)
NETWORKING
Direct Connect – Cross Connect
NSP Termination Point
Customer A
Customer B
Layer 2 VLAN
vCloud Air Connection Point
Customer Rack
Untagged Layer 2
connection
(1G, 10G)
Customer C
NETWORKING
Reasons to Deploy Direct ConnectGOOD FOR:
• Hybrid applications that require large amounts of data transfer like Big Data
and/or Oracle/SAP apps
• Video and voice applications that are sensitive to variable latency
• Applications where data in transit must be secure to meet either compliance
or regulatory standards
• Multimedia or gaming applications that require GPU processing
• Applications that require special networking hardware like IDS/IPS, load
balancers
• Applications that require encryption at rest or other unique storage features
High Throughput
Low Latency
Security
Custom Compute
Custom Network
Custom Storage
Reason:
Default Router
Data Center Extension using NSX
Internet Internet
VLAN 11VLAN 10
vNIC
Trunk VLAN 10-11
UplinkNSX Edge Gateway
(192.168.5.0/24) (10.10.10.0/24)
(10.10.10.0/24)(192.168.5.0/24)
vCloud Air
Client
vCLOUD AIRON-PREMISES VLAN BACKED NETWORK
NETWORKING
Use Cases & Case Studies
Five Starting Points
27
Development
Operations
Improve app dev
productivity and
quality
Extend Existing
Applications
100% compatible,
same security,
high availability
Web and
Mobile Apps
Accelerate web
and mobile app
development
Disaster
Recovery
Simple, low cost
failover and
recovery
vCloud Air
Development /
Testing
100% compatible,
lower cost, broad
OS support
ON-PREMISES
SHAREPOINT DB
ACTIVE DIRECTORY
Corp Network
IPSEC VPN
vCLOUD AIR
Private Local
Active Directory
SharePoint Web
EDGE GATEWAY
VPN ENDPOINT
INTERNET
Example: Distributed Hybrid SharePoint Application
SharePoint App
SHAREPOINT DB
NETWORKING
ON-PREMISES
VIRTUALMACHINE
VIRTUALMACHINE
VIRTUALMACHINE
Private Network
(192.168.110.0/24)
IGW IDS IPS
Existing Security Policies & Appliances
DIRECT CONNECT (1 Gbps)
vCLOUD AIR
10.1.1.x/2410.1.1.x/24
DMZ Network
(192.168.52.0/24)
Private Network
(192.168.50.0/24)
EDGE GATEWAYEDGE GATEWAY
INTERNET
Firewall
Example: Routed Hybrid Security with Direct Connect NETWORKING
Example: Mobile Back End leveraging Direct Connect
Customer Data Center vCloud Air
Direct Connect
Internet
Example: Global load Balancing with 3rd Party
31
Virtual Private Cloud (West) Virtual Private Cloud (East)
Pool Servers
192.168.205.11
192.168.205.12
192.168.205.13
EDGE GATEWAY
Pool Servers
192.168.109.11
192.168.109.12
192.168.109.13
EDGE GATEWAY
Internet
Traffic Director
Dedicated IaaS vDC LV
Example: TM Lab Global Site Based Logical Architecture
On Premises in WDC
corp.vmtm.org
Cloud to Cloud VPN
Cloud to Cloud VPN
Clo
ud t
o C
loud V
PN
DaaS Secure Tunnel
IPSec VPN
IPSec VPN
IPSec VPN
vCloud Air-DR
Replication
Cloud to Cloud VPN
Dedicated DaaS vDC LV
vmtm.orgDedicated
CloudLas Vegas
DedicatedCloudDaaS
Virtual PrivateCloud
Las Vegas vDCDaaS Provider
Disaster RecoveryCloudTexas
Virtual Private CloudSterling
Disaster Recovery Use Case
vCloud Air Disaster Recovery
1Dependent on available bandwidth
• Warm standby capacity on vCloud Air
• Self-service protection, failover and failback workflows per VM
• 15 min1 – 24 hr. recovery point objective (RPO)
• Initial data seeding by shipping a disk
• Includes:
• 7-day run time per DR test
• 30 days of recovered VM run time
Simple and secure asynchronous replication and failover for vSphere
What is it?
34
SITE A(PRIMARY)
vCLOUD AIR , SITE B(RECOVERY)
DR Instance
Disaster Recovery Add-On Options
Standard Storage, Support, Bandwidth
Compute (subscription)
Compute (one time)
IP Address
Offline Data Transfer
Direct Connect
Example: Disaster Recovery to the Cloud
IPSEC VPN
EDGE GATEWAY
VPC OnDemand(Virgina)
vCloud Air Disaster Recovery(Virgina)
Test Network
Corp/Recovery
Network
EDGE GATEWAY
On-Premises Data Center(San Francisco)
PROTECTED WORKLOADS
Domain Network
IPSEC VPN Endpoint
AD DNS
AD DNS
Domain Network
IPSEC VPN
Corp Network
REPLICATION
vCloud Air
Q&A
THANK YOU!
CONFIDENTIAL38
Next Steps and Resources
Learn more about vCloud Air
http://vcloud.vmware.com
http://vcloud.vmware.com/Tutorials
Experience vCloud Air Hands-On
http://www.vmware.com/go/testdrive
Keep up with the Latest Activity
http://blogs.vmware.com/vcloud
vCloud Air Customer Stories
http://vcloud.vmware.com/uses/our_customers