VMWARE vCLOUD
SaaS
Software as a Services (Email and Web
Based Applications)
PaaS
Platform as a Service (Web hosting, Blog
sites, Java Engines)
IaaS
Infrastructure as a Service (Windows,
Linux, Mac OS)
IaaS
Relatives
DaaS
Desktop
as a Service
DRaaS
Disaster
Recovery as a Service
vCLOUD DEPLOYMENT MODLES
Private
Local site data center
Community
Data center for a group of companies
having common usage
Hybrid
Private and public as a single resource
using (vCloud Connector)
Public
Public/internet data center
vCloud
Challenges
Elasticity Efficiency
Availability Management
Solution to the vCloud Challenges
vSphere
vCloud
Director
vCloud
Connector
vCloud
Network and Security (vCNS)
vCloud Automation Center vCenter
Site Recover Manager
vCenter Operations Manager vFabric
Suite
vCenter Chargeback vFabric Hyperic
Components of VMware vCloud
- vCloud Director
- vCloud Automation Center
- vSphere
- vCloud Networking and Security
- vCenter Operations Manager
- vCenter Chargeback
- vFabric Hyperic
- vFabric Suite
- vCloud Connector
- vCenter
Site Recovery Manager
1. vCloud Director
vCloud Director orchestrates the
provisioning of software-defined data center services as complete virtual data
centers that are ready in minutes.
It serves as a central command for your
cloud operations
Multi-Tenancy Support
Virtual Data Centers
Resource Pools and Controls
Storage and Networking Support
Linked Clones
Snapshots
Self Service Portal
Service Catalog
vCloud API Stack
Multi-tenancy
Support multi-tenant (user) access to the owned
isolated part the same cloud
Virtual Data Centers (vDC)
vApps treat customers as organizations
Class of services
Hardware choice
Cost choice
Resource Pools and Controls
To control organizations access to their
acquired virtual data centers
It only control cpu and memory
Storage and Networking Support
To control storage and networking for
customers.
Clones
A clone is a copy of an existing virtual machine. The existing virtual machine is called the parent of the clone.
Full Clone
A full clone is an independent copy of a virtual machine that shares nothing with the parent virtual machine after the cloning operation.
Linked Clones
A linked clone is a copy of a virtual machine that shares virtual disks with the parent virtual machine in an ongoing manner.
Snapshots
Allow to capture the running state of a
vm to undo if something goes wrong after applying patching. it cannot be replacement of backup.
Self Service portal
A web portal to access and manage vApps,
vDCs and Organizations
Service Catalog
Menus called service catalogs in vCloud
Director
vCloud API Stack
Programmatic access to resources
2. vCloud Automation Center
Policy based provisioning and life cycle
management tool for workloads in heterogeneous environment
Automation Center do for Clouds
Self-service portal for end-user requests
Policy-based provisioning and governance
Lifecycle managmenet for workloads
Automation of workflows and tasks
Intelligent Resource Governor
3. vSphere
VMware vSphere is VMware's cloud computing virtualization operating system. VMware vSphere, known in many circles as "ESXi".
4. vCloud Networking and Security
Provide virtual networking (virtual
switchs) and security
5. vCenter Operations Manager
It provides comprehensive visibility and insights into the performance, capacity and health of your infrastructure.
Performance
Capacity
Configuration
Monitoring
Compliance
Cost
- Health describes the current behavior of the
environment and any problems that need to be addressed immediately.
Health is composed of workload, anomalies and faults. Workload is a
measure of how hard the VM is working relative to the resources it wants
and what it is entitled to using. Anomalies is an expression of the
number of metrics trending above or below normal which is a leading
indicator of upcoming performance problems, and faults is the number of
“hard” thresholds that have been crossed when there is an availability
issue or a hardware failure has occurred.
- Risk describes the potential for future problems.
Risk combines scores for time and capacity remaining before resources
are exhausted. Risk also includes a new metric for stress which shows
patterns of chronic strain. For example, during certain times of the
week, there is more demand for resources in one cluster while other
clusters are at or below capacity. You can use this information to
optimize VM placement or to pre-allocated resources ahead of time.
- Efficiency is a new super metric to describe
optimal utilization of resources. Efficiency includes scores of
reclaimable waste, such as idle, over- and under-provisioned VMs, and VM
density. VM density shows current consolidation ratio vs maximum
possible ratio without performance degradation.
6. vCenter Chargeback
Chargeback provides visibility into virtual machine costs and lets you create customize cost models and metrics to suite to organization needs.
7. vFabric Hyperic (vCenter Hyperic)
Provides deep application monitoring,
using auto discovery hyperic continuously update the inventory of hardware,
software and services in infrastructure
It monitors operating systems, middleware and applications running in physical, virtual and cloud environment
Support multiple OS
Support 85+ existing application
technologies
Custom plugins for other applications via APIs
Per-application remediation
Reduce down time
SLAs
Root cause determination
8. vFabric Suite
Application development and deployment
tools for a virtual or clouds PaaS environment
9. vCloud Connector
Single interface for overseeing multiple
public and private clouds allowing you to move your workload including Vms,
vApps and template between private and public clouds.
• Copying
a vApp from vSphere to a vCloud
• Copying
a vApp from a private vCloud to a public vCloud
• Copying
a vApp from a vCenter to another vCenter.
• Even
in environments not running vCloud Director, vCloud Director can still be used
to copy and move vApps.
• As
long as both vCenter Servers are added as clouds in vCloud Director, you can
freely move workloads between them
10. vCenter Site Recovery Manager
vCenter SRM is a disaster recovery offering that provides automated orchestration and nondisruptive testing for virtualized applications
Automate failover of VMs
Non-disruptive testing
VMware View Pod
A VMware View pod integrates five
2,000-user building blocks into a View Manager installation that you can manage
as one entity.
A pod is a unit of organization
determined by VMware View scalability limits.
Pod Diagram for 10,000 View
Desktops shows how all the components can be integrated into one manageable
entity.
The network core load balances
incoming requests across View Connection Server instances. Support for a
redundancy and failover mechanism, usually at the network level, prevents the
load balancer from becoming a single point of failure. For example, the Virtual
Router Redundancy Protocol (VRRP) communicates with the load balancer to add
redundancy and failover capability.
If
a View Connection Server instance fails or becomes unresponsive during an
active session, users do not lose data. Desktop states are preserved in the
virtual machine desktop so that users can connect to a different View
Connection Server instance and their desktop session resumes from where it was
when the failure occurred.
vCloud Networking and Security
VMware
vCloud® Networking and Security™ provides basic networking and security
functionality for virtualized compute environments, built using the VMware
vCloud® Suite.
It
provides a broad range of services delivered through virtual appliances, such
as a virtual firewall, virtual private network (VPN), load balancing, NAT, DHCP
and VXLAN-extended networks. With vCloud Networking and Security, enterprises
can virtualize business critical applications with confidence, secure VMware®
Horizon View™ deployments and build secure and agile vCloud Suite based private
clouds.
vCloud Networking and Security virtual-appliance
The Edge Gateway appliance establishes a perimeter gateway for network traffic to enter and leave a virtual data center. It provides a wide range of services, including a highly available stateful inspection firewall, IPsec site-to-site VPN, a server-load balancer, NAT, and network services such as static routing, DHCP and domain name system (DNS).
A second type of virtual appliance, App Firewall, provides protection directly in front of one or more specific workloads (e.g., virtual machines).
Firewall
Stateful inspection firewall that can be applied either at the perimeter of the virtual data center or at the virtual network interface card (vNIC) level directly in front of specific workloads.
VPN
Industry-standard IPsec and SSL VPN capabilities that securely extend the virtual data center. Site-to-site VPN support links virtual data centers and enables hybrid cloud computing at low cost.
Load balancer
A virtual-appliance–based load balancer to scale application delivery without the need for dedicated hardware. Placed at the edge of the virtual data center, the
load balancer supports Web-, SSL- and TCP-based scale-out for high-volume applications.
NAT
vCloud Networking and Security Edge incorporates a flexible NAT engine that can map network and port addresses using a familiar configuration model. Administrators can deploy protected zones, also known as “demilitarized zones” (DMZs), without needing to manually change addresses for servers and applications. Application-layer gateways for common protocols enable applications to function in NAT environments.
Virtual extensible LAN (VXLAN): is a network encapsulation mechanism that enables virtual machines to be deployed on any physical host, regardless of the host’s network configuration. It solves the problems of mobility and scalability in two ways:
It
uses MAC in UDP encapsulation, which allows the virtual machine to communicate
using an overlay network that spans across multiple physical networks. It
decouples the virtual machine from the underlying network thereby allowing the
virtual machine to move across the network without reconfiguring the network.
VXLAN
uses a 24-bit identifier, which means that a single network can support up to
16 million LAN segments. This number is much higher than the 4,094 (limit
imposed by the IEEE 802.1Q VLAN specification.
Provider vDC
A Provider vDC is a collection of
compute, memory, and storage resources from one vCenter. A Provider vDC
provides resources to organization vDCs.
A Provider vDC is represented as a
VMWProviderVdc element in the extension view and a ProviderVdc element in the admin view. A system administrator
can create a VMWProviderVdc or modify it to add or remove datastores,
storage profiles, and resource pools, or change other properties such as its
description. A system administrator cannot change the primary resource pool or
vCenter server that was specified when the Provider vDC was created.
Prerequisites
Verify that you are logged in to
the vCloud API as a system administrator
Choose a vCenter server to supply
a resource pool and storage profiles to this Provider vDC
Organization vDC
An
organization vDC is to allocate resources to an organization. An organization
vDC is partitioned from a provider vDC. A single organization can have multiple
organization vDCs.
Prerequisites
You
must have a provider vDC before you can allocate resources to an organization.
VMware vCloud Hybrid Service
VMware vCloud
Hybrid Service is available in two service options, giving you the flexibility
and scalability you need to meet your organization’s requirements.
A dedicated cloud provides you with a
physically isolated infrastructure, giving you your own private cloud instance
and the most control over your resources.
A virtual private cloud provides you with
logically isolated infrastructure, with fully private networking and resource
pools.
vShield
VMware vShield is a
suite of security virtual appliances built for VMware vCenter Server
integration. vShield is a critical security component for protecting
virtualized datacenters from attacks and misuse helping you achieve your
compliance-mandated goals.
vShield includes
virtual appliances and services essential for protecting virtual machines.
vShield can be configured through a web-based user interface, a vSphere Client
plug-in, a command line interface (CLI), and REST API.
vCenter Server
includes vShield Manager. The following vShield packages each require a
license:
·
vShield Manager
·
vShield App
·
vShield Edge
·
vShield Endpoint
·
vShield Data Security
One vShield Manager
manages multiple vShield App, vShield Edge, vShield Endpoint, and vShield Data
Security instances.
vShield
Manager
The
vShield Manager is the centralized network
management component of vShield, and is installed as a virtual appliance on any
ESX™ host in your vCenter Server environment.
A vShield Manager can run on a different ESX host from your vShield agents.
Using
the vShield Manager user interface or vSphere Client plug-in, administrators
install, configure, and maintain vShield components. The vShield Manager user
interface leverages the VMware Infrastructure SDK to display a copy of the
vSphere Client inventory panel, and includes the Hosts & Clusters and
Networks views
Failure Impact
Infrastructure
availability yes, service availability no. vShield Edge devices will continue
to run without the management control, but no addition edge appliances or
modifications to existing can occur until the service comes back online
vShield App
vShield App is a hypervisor-based firewall that
protects applications in the virtual datacenter from network based attacks. Organizations gain visibility
and control over network communications between virtual machines. You can
create access control policies based on logical constructs such as VMware
vCenter containers and vShield security groups—not just physical constructs
such as IP addresses. In addition, flexible IP addressing offers the ability to
use the same IP address in multiple tenant zones to simplify provisioning
The Flow Monitoring
feature displays network activity between virtual machines at the application
protocol level. You can use this information to audit network traffic, define
and refine firewall policies, and identify botnets.
vShield
Edge
vShield Edge appliances are self-contained environments
that are stateless in nature. There is a “health check” API call you can make
to a vShield Edge appliance to determine if it is functioning correctly. If the API returns
negative, then you should initiate a reboot of the vShield Edge device. At the
time of reboot, configuration information will be updated from the vShield
Manager and the vShield Edge device will continue to function properly.
vShield Endpoint
vShield
Endpoint offloads antivirus and
anti-malware agent processing to a dedicated secure virtual appliance delivered
by VMware partners. Since the secure
virtual appliance (unlike a guest virtual machine) doesn't go offline, it can
continuously update antivirus signatures thereby giving uninterrupted
protection to the virtual machines on the host. Also, new virtual machines (or
existing virtual machines that went offline) are immediately protected with the
most current antivirus signatures when they come online.
vShield
Endpoint installs as a hypervisor module and security virtual appliance from a
third-party antivirus vendor (VMware partners) on an ESX host. The hypervisor
scans guest virtual machines from the outside, removing the need for agents in
every virtual machine. This makes vShield Endpoint efficient in avoiding resource
bottlenecks while optimizing memory use.
vShield Data Security
vShield Data Security
provides visibility into sensitive
data stored within your organization's virtualized and cloud environments. Based on the violations
reported by vShield Data Security, you can ensure that sensitive data is
adequately protected and assess compliance with regulations around the world.
vShield Zones
Verify that you are
logged in to the vCloud API as a system administrator.
VMware vShield Zones
is a security virtual appliance that provides visibility and enforcement of
network activity within a VMware vSphere™ deployment to comply with corporate security
policies and industry regulations such as PCI or Sarbanes-Oxley.
Central Management of Logical
Zone Boundaries and Segmentation
• Leverage existing
virtual infrastructure containers hosts, virtual switches, VLANs as logical
trust or organizational zones
• Define policies to
bridge, firewall, or isolate network traffic between zone boundaries
• Manage and deploy
policies across entire VMware vCenter Server deployment
• Integrate with
VMware vCenter Server and automatically deploy on existing virtual networks
• Scan and discover
existing applications running on virtual machines to identify application
protocols
Network Enforcement and Flow
Monitoring
• Classify traffic by
network or application protocol (e.g. HTTP, RDP, and SNMP)
• Performantly filter
traffic with stateful packet inspection (SPI)
• Track dynamic port
connections for protocols such as FTP
• Track network
connections across VMware VMotion migration events.
• Easily convert
observed network flows into precise network enforcement rules.
• Monitor both
allowed and disallowed activity
Management and Reporting
• Access the
Web-based vShield Manager interface remotely from any Web browser
• Configure
administrators to be common with VMware vCenter Server or distinct for
separation of duties and roles
• View activity
hierarchically at individual virtual machine or aggregate levels and generate
graphical or tabular reports
• Retain log data for
archival and compliance purposes
• Export events and
data using syslog format
vCloud
Organizations
A vCloud contains one or more organizations. Each
organization represents a collection of end consumers, groups, and computing
resources.
Users authenticate at the organization level, using
credentials established by an organization administrator locally within vCloud
Director or LDAP.
Administrative
Organization
A vCloud requires at least one organization. As a best
practice, the first organization to be created should be an administrative
organization.
Administrative organization will own a master catalog
of vApp templates that are published and shared with all other (standard)
organizations.
Make sure that when you create the administrative
organization you set it up to allow publishing of catalogs.
Standard
Organizations
Create an organization for each tenant of the vCloud
as necessary. Each of the standard organizations should be created with the
following considerations:
• Cannot
publish global catalogs
• Use
system defaults for SMTP
• Use
system defaults for notification settings
• Use leases, quotas, and limits meeting the provider’s
requirements