vCloud Suite Architecture Overview and Use Cases vCloud Suite 5.8 This document supports the version of each product listed and supports all subsequent versions until the document is replaced by a new edition. To check for more recent editions of this document, see http://www.vmware.com/support/pubs.
vCloud Suite Architecture Overview and Use Cases You can find the most up-to-date technical documentation on the VMware Web site at: http://www.vmware.com/support/ The VMware Web site also provides the latest product updates. If you have comments about this documentation, submit your feedback to: docfeedback@vmware.com Copyright © 2014 VMware, Inc. All rights reserved. Copyright and trademark information. VMware, Inc. 3401 Hillview Ave. Palo Alto, CA 94304 www.vmware.com 2 VMware, Inc.
Contents About this book 5 1 Introduction to vCloud Suite 7 List of vCloud Suite Components 7 2 Architecture Overview 11 Conceptual Design of a vCloud Suite Environment 13 vCloud Suite Components in the Management Cluster 15 Software-Defined Data Center Core Infrastructure 16 Delivering an Infrastructure Service 22 Delivering Platform as a Service 25 3 Deploying vCloud Suite 27 Install vCloud Suite Components 27 Update vCloud Suite Components 29 External Dependencies for Deploying vCloud Suite 30 Sys
vCloud Suite Architecture Overview and Use Cases 4 VMware, Inc.
About this book The vCloud Suite Architecture Overview and Use Cases publication provides information about the design and ® capabilities of cloud environments based on VMware vCloud Suite. vCloud Suite is a collection of interoperable VMware products. vCloud Suite Architecture Overview and Use Cases provides a listing of components, high-level design guidelines for vCloud Suite deployment and operation, as well as example use cases.
vCloud Suite Architecture Overview and Use Cases 6 VMware, Inc.
1 Introduction to vCloud Suite vCloud Suite lets you build and operate software-defined data centers based on vSphere. vCloud Suite contains components that must be integrated to deliver IT as a service. You download, install, and configure vCloud Suite components separately. When deployed and configured, the interoperable components enable the software-defined data center (SDDC), where resources are virtualized and available as a service.
vCloud Suite Architecture Overview and Use Cases Table 1‑1. Components of vCloud Suite 5.8 and their versions (Continued) 8 Product name Version Description vCloud Networking and Security 5.5.3 Provides a security suite for vSphere. vCloud Networking and Security (formerly vShield) is a critical security component for protecting virtualized datacenters from attacks and misuse to help you achieve your compliancemandated goals. vCloud Director 5.5.
Chapter 1 Introduction to vCloud Suite Table 1‑1. Components of vCloud Suite 5.8 and their versions (Continued) Product name Version Description vSphere Big Data Extensions 2.0 Simplifies running Big Data workloads on the vSphere platform. vSphere App HA 1.1 Provides high availability for the applications that are running on the virtual machines in your environment. vCenter Support Assistant 5.5.1.1 Provides proactive support, by collecting support bundles on a regular basis. VMware, Inc.
vCloud Suite Architecture Overview and Use Cases 10 VMware, Inc.
Architecture Overview 2 To enable the full set of vCloud Suite features, you must perform a series of installation and configuration operations. The software-defined data center provides different types of capabilities, with more complex features building on top of underlying infrastructure. Delivering the full operational capabilities of vCloud Suite to your organization or clients is a structured process.
vCloud Suite Architecture Overview and Use Cases Figure 2‑1.
Chapter 2 Architecture Overview n Conceptual Design of a vCloud Suite Environment on page 13 To start deploying vCloud Suite, you need a small number of physical hosts. Distribute your hosts into three types of clusters, in order to establish the foundation of a deployment that can later scale to tens of thousands of VMs. n vCloud Suite Components in the Management Cluster on page 15 The number of vCloud Suite components in the management cluster increases as you add capabilities.
vCloud Suite Architecture Overview and Use Cases Figure 2‑2.
Chapter 2 Architecture Overview You can create new edge and payload clusters, scale up, or scale out, as the data center grows in size. NOTE You can choose to combine the management and Edge clusters into a single entity. However, the model with three types of clusters provides the best basis for scaling your environment. vCloud Suite Components in the Management Cluster The number of vCloud Suite components in the management cluster increases as you add capabilities.
vCloud Suite Architecture Overview and Use Cases Software-Defined Data Center Core Infrastructure The core of vCloud Suite environments consists of vSphere and the associated monitoring and orchestration products, such asvCenter Operations Manager and vCenter Orchestrator. The software-defined data center infrastructure layer includes the core virtualization, monitoring, and orchestration sub-layers.
Chapter 2 Architecture Overview ESXi and vCenter Server Design Considerations Design decisions for the virtualization component of the software-defined data center must address the deployment and support specifics of ESXi and vCenter Server. Consider the following design decisions when planning the deployment of ESXi hosts. ESXi n Use a tool such as VMware Capacity Planner to analyze the the performance and use of existing servers.
vCloud Suite Architecture Overview and Use Cases Figure 2‑5.
Chapter 2 Architecture Overview Monitoring as an Element of vCloud Suite Core Infrastructure Monitoring is a required element of a software-defined data center. The monitoring element provides capabilities for performance and capacity management of related infrastructure components, including requirements, specifications, management, and their relationships. VMware monitoring components in vCenter Operations Manager Suite include the following products: Table 2‑1.
vCloud Suite Architecture Overview and Use Cases Figure 2‑6.
Chapter 2 Architecture Overview Orchestration as an Element of vCloud Suite Core Infrastructure The software-defined data center requires orchestration capability. In vCloud Suite, you can use vCenter Orchestrator to orchestrate processes by using workflows. The orchestration layer of the software-defined data center provides the ability to build macro-like workflows that automate manual processes and is instrumental when delivering repeatable operations.
vCloud Suite Architecture Overview and Use Cases Table 2‑2. Components of vCloud Suite orchestration (Continued) Component Description vCenter Orchestrator configuration interface The Web-based interface where you configure the appliance database, SSL certificate, license, and so on. vCenter Orchestrator designer interface The Web-based interface where your create and customize workflows. vCenter Server plug-in An Orchestrator plug-in that lets you manage multiple vCenter Server instances.
Chapter 2 Architecture Overview Table 2‑3.
vCloud Suite Architecture Overview and Use Cases Conceptual Design of an IaaS Environment In a vCloud Suite environment that is configured to deliver infrastructure as a service, tenants have access to compute, network, and storage resources that have been preconfigured for them by the provider. Figure 2‑9.
Chapter 2 Architecture Overview Tenants Tenant can represent business units in a company that subscribe to cloud services from a service provider. Each tenant has its own dedicated configuration. Some system-level configuration is shared across tenants. The networks in the example diagram are routed by using vShield Edge instances, which in turn connect to internal and external networks.
vCloud Suite Architecture Overview and Use Cases 26 VMware, Inc.
Deploying vCloud Suite 3 To leverage the capabilities of vCloud Suite, you must install its components separately and ensure that the required prerequisites and configuration requirements are met. This book provides high-level design recommendations and deployment sequences. For installation instructions and in-depth discussions of individual vCloud Suite components, see the documentation for those products.
vCloud Suite Architecture Overview and Use Cases Procedure 1 Install ESXi. If you install vCenter Server on a physical machine, you can install vCenter Server first. See Installing ESXi. 2 Install vCenter Server. See Installing vCenter Server. 3 Install vCloud Networking and Security. See vShield Installation and Upgrade Guide.
Chapter 3 Deploying vCloud Suite Update vCloud Suite Components Updating vCloud Suite components to newer versions requires you to perform separate update procedures. Follow the recommended update order to ensure that vCloud Suite updates complete without problems. You should perform the update operations according to the recommeded sequence. Some of the products in the sequence are bundled in groups. You can install the products that belong to a specific group in any order.
vCloud Suite Architecture Overview and Use Cases 7 Update ESXi. See Upgrading Your Hosts. You should update VMware tools on your VMs after the ESXi update. 8 Update the following components: Product Installation instructions vShield Edge vShield Installation and Upgrade Guide vShield App vShield Installation and Upgrade Guide vShield Endpoint vShield Installation and Upgrade Guide You have updated vCloud Suite components.
Chapter 3 Deploying vCloud Suite System Requirements of vCloud Suite Components The software and hardware requirement for vCloud Suite depend on the set of components that you have deployed. Information for each product or feature is available in the individual product documentation sets. Documentation resources Table 3‑2. List of system requirements documentation for vCloud Suite 5.
vCloud Suite Architecture Overview and Use Cases n Securing Standard Switch Ports on page 36 As with physical network adapters, a virtual network adapter can send frames that appear to be from a different machine or impersonate another machine so that it can receive network frames intended for that machine. Also, like physical network adapters, a virtual network adapter can be configured so that it receives frames targeted for other machines.
Chapter 3 Deploying vCloud Suite Figure 3‑1. Virtual Machine Isolation Virtual Machine app app app app app Operating System Virtual Machine Resources CPU memory disk network and video cards SCSI controller mouse CD/DVD keyboard Because the VMkernel mediates the physical resources and all physical hardware access takes place through the VMkernel, virtual machines cannot circumvent this level of isolation.
vCloud Suite Architecture Overview and Use Cases Resource reservations and limits protect virtual machines from performance degradation that would result if another virtual machine consumed excessive shared hardware resources. For example, if one of the virtual machines on a host is incapacitated by a denial-of-service (DoS) attack, a resource limit on that machine prevents the attack from taking up so much of the hardware resources that the other virtual machines are also affected.
Chapter 3 Deploying vCloud Suite n For efficiency, private virtual machine Ethernet networks or virtual networks can be configured. With virtual networks, a host-based firewall is installed on a virtual machine at the head of the virtual network. This serves as a protective buffer between the physical network adapter and the remaining virtual machines in the virtual network. n Installing a host-based firewall on virtual machines at the head of virtual networks is a good security practice.
vCloud Suite Architecture Overview and Use Cases Figure 3‑3.
Chapter 3 Deploying vCloud Suite The security profile determines how strongly the protection is enforced against impersonation and interception attacks on virtual machines. To correctly use the settings in the security profile, one must understand the basics of how virtual network adapters control transmissions and how attacks are staged at this level. Each virtual network adapter has its own MAC address assigned when the adapter is created. This address is called the initial MAC address.
vCloud Suite Architecture Overview and Use Cases Securing ESXi and the ESX Management Interfaces Security of the ESXi management interface is critical to protect against unauthorized intrusion and misuse. If a host is compromised in certain ways, the virtual machines it interacts with might also be compromised. To minimize the risk of an attack through the management interface, ESXi is protected with a firewall.
Chapter 3 Deploying vCloud Suite Securing vCenter Server Systems Securing vCenter Server includes ensuring security of the host where vCenter Server is running, following best practices for assigning privileges and roles, and verifying the integrity of the clients that connect to vCenter Server.
vCloud Suite Architecture Overview and Use Cases ESXi 5.5 is not integrated with vCenter Single Sign-On, and ESXi users cannot be created with the vSphere Web Client. ESXi users must be created and administered with the vSphere Client. vCenter Server is not aware of users that are local to ESXi. In addition, ESXi is not aware of vCenter Server users.
Chapter 3 Deploying vCloud Suite Licensing The components of a vCloud Suite edition are activated by using a single licence. You can perform the activation of all components by using the vSphere Web Client or the licensing interfaces of individual products. vCloud Suite Licensing Model VMware vCloud Suite 5.8 combines multiple components into a single product to cover the complete set of cloud infrastructure capabilities.
vCloud Suite Architecture Overview and Use Cases Table 3‑3. vCloud Suite 5.8 components that require a license (Continued) Components Description VMware vCenter Site Recovery Manager Provides business continuity and disaster recovery capabilities that help you plan, test, and perform recovery of virtual machines between one site (the protected site) and another site (the recovery site).
Chapter 3 Deploying vCloud Suite Procedure 1 From the vSphere Web Client navigator home, select Administration, and under Licensing select Licenses . 2 On the License Keys tab, click Add License Keys . 3 Type the vCloud Suite license key and click Next. You can copy and paste the license key from My VMware. 4 Click Finish. What to do next Assign the vCloud Suite license key to the suite components that integrate with the vSphere Web Client.
vCloud Suite Architecture Overview and Use Cases 2 Select Manage vSphere Licenses. 3 In the Add License Keys page, type or paste the vCloud Suite license key, and type an optional label for the key. 4 Click Add License Keys. 5 Review the details for the license key, click Next on the remaining pages of the wizard, and click Finish. The vCloud Suite license key is added to the license inventory of vCenter Server.
Chapter 3 Deploying vCloud Suite 3 Click Next. 4 On the Assign Licenses page, select Solutions. 5 Select the components of vCenter Operations Management Suite that you want to run as part of vCloud Suite. 6 From the Product pane, select the vCloud Suite license key. 7 On the Remove License Keys page, click Next. 8 Click Finish to save your changes.
vCloud Suite Architecture Overview and Use Cases 4 On the Assign Licenses page, select Solutions. 5 Select vCenter Site Recovery Manager. 6 From the Product pane, select the vCloud Suite license key. 7 On the Remove License Keys page, click Next. 8 Click Finish to save your changes. Activating vCloud Suite Components by Using Their Own Licensing Interfaces You must assign the vCloud Suite license to all suite components.
Chapter 3 Deploying vCloud Suite Procedure 1 Assign the License Key in the vCloud Automation Center Appliance on page 47 You must assign the license key in the vCloud Automation Center Appliance to activate the product. 2 Assign the License Key for Infrastructure as a Service on page 47 You must assign the license key for Infrastructure as a Service to enable IaaS capabilities. Without a license, you cannot configure infrastructure endpoints or other features.
vCloud Suite Architecture Overview and Use Cases n When replacing a vCloud Suite or standalone vCloud Automation Center license, the new license must be of the same level or higher. For example, a license for vCloud Automation Center Advanced Edition can only be replaced by another license for vCloud Automation Center Advanced Edition or Enterprise Edition. A license for vCloud Automation Center Enterprise Edition can only be replaced by another license for vCloud Automation Center Enterprise Edition.
Chapter 3 Deploying vCloud Suite View the License Usage for vCloud Suite in the vSphere Web Client You can use the license reporting function in the vSphere Web Client to track the license usage for vCloud Suite. vCenter Server takes snapshots of the license usage every hour. A license usage snapshot contains data about the current license assignments and usage.
vCloud Suite Architecture Overview and Use Cases 4 From the Time period drop-down menu, select a preconfigured or a custom time period. 5 Click Export. 6 Save the report on your local system. Export a License Usage Report for vCloud Suite in the vSphere Web Client In the vSphere Web Client, you can export a report of the license usage for vCloud Suite for a time period and vCenter Server system. The report is exported in a CSV file that you can later open with third-party applications.
4 vCloud Suite Use Cases Scenarios in this chapter instruct you how to achieve realistic user goals by using vCloud Suite. This chapter includes the following topics: n “Disaster Recovery to Cloud,” on page 51 n “Infrastructure Provisioning,” on page 57 Disaster Recovery to Cloud As a system administrator, you can configure cloud failover for virtual machines, so that you can guarantee that important workloads keep running even when your on-site data center experiences problems.
vCloud Suite Architecture Overview and Use Cases The following example objects are used in the scenario: Table 4‑2. Sample Environment Details 52 Object Description ACME Corp VM 1 A Linux virtual machine that runs one of your mission critical applications . ACME Corp VM 2 A Windows virtual machine that runs another of your mission-critical applications. VMware, Inc.
Chapter 4 vCloud Suite Use Cases Figure 4‑1. Disaster recovery to cloud workflow Start Purchase a vCloud Air – DR to Cloud subscription. Download and deploy the vSphere Replication 5.8 appliance Configure your connection to vCloud Air Replicate virtual machines Test Select type of recovery Failover Test recovery Recovery to vCloud Air Clean up test recovery End To verify your setup, you can perform test recoveries before an actual recovery is required. Test recoveries are not enabled by default.
vCloud Suite Architecture Overview and Use Cases n Verify that you have sufficient privileges to perform administrative operations in the vSphere Web Client. n Verify that you have valid licenses for all products in your environment. n Verify that you have vCloud Air credentials for the Disaster Recovery to Cloud service.
Chapter 4 vCloud Suite Use Cases What to do next Configure the connection to vCloud Air. Configure Network Connection to vCloud Air You have deployed the vSphere Replication appliance in your on-premise environment. The next step of preparing your environment for DR2C is to set up a connection to vCloud Air. vSphere Replication replicates the virtual machines from your on-premise data center to vCloud Air by using a secure connection over the Internet.
vCloud Suite Architecture Overview and Use Cases Replicate Virtual Machines to the Cloud In the vSphere Web Client, you can select your mission-critical virtual machines for replication to vCloud Air. When you configure replication, you set a recovery point objective (RPO) to determine the period of time between replication operations. For example, an RPO of 1 hour aims to ensure that a virtual machine loses no more than 1 hour of data during the recovery.
Chapter 4 vCloud Suite Use Cases In a production environment, you should verify that you tested the recovery before recovering the virtual machine to the cloud. Procedure 1 Log in to the vCloud Air Web console. 2 On the Dashboard tab, click the virtual data center that is enabled for disaster recovery. 3 Click the Virtual Machine tab. The table of virtual machines appears. 4 Select the virtual machines ACME Corp VM 1 and ACME Corp VM 2 to recover. 5 From the menu, click Recovery.
vCloud Suite Architecture Overview and Use Cases Figure 4‑2. Workload Provisioning Workflow Start Request VM from blueprint Approval and provisioning to vSphere Manage and customize VM Manage workload snapshots Retire VM End Table 4‑3. Environment Details vCloud Suite component Description vSphere endpoint vCloud Automation Center can deploy workloads to a vSphere environment that administrators configured for use in ACME Corp.
Chapter 4 vCloud Suite Use Cases Table 4‑4. vCloud Suite Components Required for the Infrastructure Service vCloud Suite component Description ESXi VMware bare-metal hypervisor that lets you run a virtualized environment. vCenter Server Provides management capabilities in a browser-based interface, and integration points for other vCloud Suite components. vCenter Orchestrator Enables you to create workflows that automate activities in the data center.
vCloud Suite Architecture Overview and Use Cases Request a Virtual Machine Workload A new instance of a virtual machine that runs an inventory management application is required at ACME Corp. As an administrator for the tenant group that is responsible for inventory management, you can use the vCloud Suite Infrastructure as a Service capability to deploy and manage the workload. In this scenario, the infrastructure service is preconfigured for your organization.
Chapter 4 vCloud Suite Use Cases Provision the Workload After you request the workload, you can provision the workload when you receive an approval. Procedure 1 In the vCloud Automation Center portal, click Request to monitor status. The workload request changes status several times during deployment. When it is finished, the request shows the status Successful.
vCloud Suite Architecture Overview and Use Cases Manage Workload Snapshots You deployed and configured the workload. You can create snapshots of your running workloads from the self-service portal. Procedure 1 In the vCloud Automation Center portal, click Items and click Machines. 2 Click InventoryMgr-000 and click Snapshots. 3 Click New Snapshot. 4 Click Snapshot the machine's memory and click OK. 5 Wait for the snapshot creation to complete, and click Close.
Index A activate vCloud Suite components 44 add the vCloud Suite license 42 assign license 46 assign license key 44 assign licenses 42 assign vCloud Suite license vCenter Operations Management Suite 44 vCenter Site Recovery Manager 45 assign vCloud Suite License, vCloud Networking and Security 45 B business continuity 51, 56 C common services 39 conceptual design 13 D isolation, virtual machines 32 L license, usage 49 license capacity, processor 42 license key add 43 assign 43, 46 license usage CPU us
vCloud Suite Architecture Overview and Use Cases system requirements 31 V vCenter Server and security 39 vCenter Server systems 39 vCenter Single Sign-On 39 vCloud Suite components 41 licensing 41, 42 vSphere Web Client 42 vCloud Suite components activate 43, 44, 46, 47 add license key 43 assign license 43, 44, 46 custom licensing interface 46 license management function 43, 44 license vCloud Director 46 vCloud Automation Center 46, 47 vCloud Suite installation 27 vCloud Suite license, adding 42 vCloud Su
