mgt1799be full-stack automation: streamlining, … automation: streamlining, delivering and managing...

Kim Ranyard

Steffen Moen

Jad El-Zein

MGT1799BE

#VMworld #MGT1799BE

Full-Stack Automation: Streamlining, Delivering and Managing App-Centric IT

VMworld 2017 Content: Not fo

r publication or distri

bution

• This presentation may contain product features that are currently under development.

• This overview of new technology represents no commitment from VMware to deliver these features in any generally available product.

• Features are subject to change, and must not be included in contracts, purchase orders, or sales agreements of any kind.

• Technical feasibility and market demand will affect final delivery.

• Pricing and packaging for any new technologies or features discussed or presented have not been determined.

Disclaimer

2



bution

Agenda

1 Introduction

2 vRealize Automation Overview

3 Application-Centric Networking and Security

4 Application-Centric Storage

5 Automate the Ecosystem

6 Beyond OOTB

3



bution

VMware ESX and, eventually, VirtualCenterenabled the RIGHT-CLICK -> DEPLOYmethodology of machine provisioning

Provisioning a new machine went from 4-5 weeks (or more) to < 5mins

Today – thanks largely to incredible advancements in technology – most enterprises

deliver [traditional] applications in…That was 15 years ago…

3-4 weeks :-(



bution

Why Is Automation a Thing?

5



bution

Web App DB

6

Rapid and Repeatable Service DeploymentsAutomating Networking, Policy and Security for IT, Developers and Research

AutomationIT Automating IT | Self-Service Infrastructure

VMVM

VMVM

APP

VMVM

VMVM

APPVMVM

VMVM

APP

VMVM

VMVM

APPVMVM

VMVM

APP

VMVM

VMVM

APPVMVM

VMVM

APP

VMVM

VMVM

APP

BLUEPRINTVMworld 2017 Content: Not fo


bution

Cloud Management Is Fundamental to the SDDCvRA Defines, Delivers, and Governs the SDDC

7

Any Device Business Mobility: Applications | Devices | Content

Any Application Traditional | Cloud Native

Any Cloud Software-Defined Datacenter (SDDC)

Cloud Management Platform

Compute Networking

& SecurityStorage Hybrid Cloud

Virtual / Cloud Infrastructure

vRealize Automation

DevOps

Extensibility

Release Automation

IaaSApp-

CentricXaaS

Self-Service

GUI CLI API

Cloud Providers



bution

Automation Accelerates Services Delivery

8

> 2-3 Days

Wait WorkWaitWait

Blueprint

✓ Speed

▪ Days to minutes

✓ Stability

▪ Consistent

▪ Repeatable

✓ Control

▪ Aligns with Business

Processes

Task timeWait time

Infrastructure

Verification

Build VMs – New

or Clone

Get IP

Install, Setup, Configure Load Balancer Entries /

Firewall Changes

Web Server Configuration

1- 2 days 3- 5 days 3 – 5 days

1 – 2 days 4 – 7 days 2 – 3 days 2 – 5 days

Developer

Request

External Interface & Integration

IT Processes

Ticket

Minutes



bution

App Store Experience

Service category

Custom Service

IaaS and XaaS

Services

vRA’s Unified Service Catalog IaaS | Apps | XaaS Custom Services

9

Custom Service

Categories



bution

Unified Service Delivery – Converged Blueprint Designer

10

• Common Authoring for all Machine Types

• Incorporate On-Demand Networking and Security

• Incorporate external (XaaS) custom services



bution

Optimized Placement Using vR Ops AnalyticsIntelligent Workload Placement (WLP)

11

Supports vRealize Operations 6.6+

• Utilize analytics data in

vRealize Operations to

optimize the placement of

workloads

• vRA: Enable Workload

Placement Policy (WLP) in

Infrastructure tab.

• vR Ops: Create/Edit

Monitoring

Policy per workload

requirements



bution

Repeatable

deployments of

customer environments

to help diagnose

technical issues

Consistent policy

Automated deployment

of NAT topology with

connected VMs

Full automation

Complete VMware stack

with vRealize

Automation, NSX and

vSphere

Full VMware

SDDC

Each deployment is

completely self

contained

Isolation between

environments

Provide advanced

networking topologies

as part of the vRealize

Automation Catalog to

cloud users

Multi-Machine

Topology

Benefits of Automating Networking & SecurityReduce Time, Reduce Errors, Increase Visibility



bution

13

App-Centric Networking & SecuritySegmentation | Tenancy

Critical Segmentation of Workloads• Production | Development

• Tenant | Shared Services

Automated Access to Shared Services

• Security group and application policy set for

access to shared IT services

SDDC Automation

• Security and Performance policy model

to simplify and automate

• Leveraged tagging to classify

workloads into use case groups

• Overlay networking

Production Tenant X

Development DMZ

Data Center 1

Data Center 2

VM

VM

VM

VM

VM

VM

VM

VM

VM

VM

VM

VM

VM

VM

VM

VM

VM

VM

VM VM VM

VM VM

VM

VM

VM

VM

VM

VM

VM

VM

VM

VM

VM

VM

VM

VM

VM

VM

VM

VM

VM VM VM

VM VM VM

VM+



bution

vRealize Automation + NSX

14

• Unified Service Design and Delivery

• App-Centric Networking and Security

• Incorporate External Services

• Achieve greater control and visibility

• Reduce wait times for siloed IT services

• Manage Infrastructure as Code

• Lifecycle Manage Everything

• Standardized and repeatable processConverged

Blueprint

Cloud

Consumers

Cloud Admin

Applications

Extensibility

Security

Networking

Unified Service

Catalog

Network ProfilesSecurity Groups Security Policies

Network Admin Security Admin

On-Demand Load Balancer

AVAILABILITY SECURITYCONNECTIVITY

Security TagsOn-Demand

Networks

Benefits



bution

NSX Automation Use Cases

15

Automation for IT & Developers

Network Admins

Security Admins

Developers

Virtual Network Infrastructure

Physical Network Infrastructure

Application Workloads

vRealize AutomationVMworld 2017 Content: Not fo


bution

Application-centric Network And Security Services

16

Deployed & Managed in the Application Context

Support for Multi-tier Apps on Multiple

Networks or Single Flat Network

App-specific Networking Configuration

Connectivity

App-specific Security Policies

Security

Dynamic App Availability Configuration

Availability

App-specific Networking Performance

Performance

Web

App

Database VMworld 2017 Content: Not fo


bution

vRA + NSX – Cloud Operational Model

• Network Admin defines:

– Initial network configuration in NSX

– External Networks and Network Profiles in vRA

• Security Admin defines in NSX:

– Distributed Firewall Rules

– Security Groups / Policies / Tags

• Cloud architect builds Blueprints:

– Blueprints include NSX Networks, Security components, Load Balancers, VMs and Apps

• Cloud Architect publishes Blueprints

• Cloud Consumer deploy applications:

– End-to-end provisioning: networks, NAT rules, security and LB configured at deployment

20

Network Admin

Security Admin

Cloud

Architect

Cloud

Consumer

Network ProfilesExternal Networks

Security Groups Security PoliciesSecurity Tags

Converged

Blueprints

NSX Load Balancer

1

2

Service Catalog

Publish

34

5

Defines

Defines

Builds

Deploys

6 N

Applications

…

One T

ime

Recurr

ing



bution

Managing NAT Port Forwarding Rules

Manage (edit) NSX On-Demand NAT Port Forwarding Rules as a Day 2 Action

• Rules can be added, removed, modified

• Order can be changed

• Entitle Actions as needed

NSX On-Demand NAT | Day 2 Actions

7.3



bution

Granular Load Balancer Controls

• Granular controls built in to the Converged Blueprint Designer

• Edit existing Virtual Servers including:

• LB Algorithm

• Persistence

• Health Monitors

• Transparent Mode

• Port

• …

NSX On-Demand Load Balancer | Day 1-2 Edits

7.3



bution

Managing NSX Security Groups and Tags

New Day 2 Actions to manage security services after provisioning

• View active NSX Security Groups and Tags

• Add Existing NSX Security Groups or Tagsto a running application

• Disassociate NSX Security Groups and Tags from applications

Security Day 2 Actions

7.3



bution

DEMO [APP-CENTRIC NETWORKS]

24



bution

App-Centric Storage Policy Controls

25

vRA SPBM Plugin 2.x

• Set desired storage policies at

request time

• Dynamically retrieves storage

policy list from vCenter

• Setting or change storage

policies for either VM home or

VM disks

• Automatically move objects to

compliant datastores when

changing storage policies

• Leverages the Event Broker

Service



bution

vRA SPBM Integration

26

SPBM Selection at Request Time

SPBM Selection

• Enable option to select

storage tier at request

time

• Drop-down to select

available SPBM Policy



bution

SPBM Day-2 Actions

27

Invoking a Policy Change

Day-2 Actions

• Change Storage Policies

post-provisioning

• Action is Entitled and visible

per entitlement policy



bution

App

Generation 2.5

Emerging

Market Majority

• Mixed Application

Types

• VMs and Containers

• Emerging DevOps

Discipline

• Cross Cloud The

New Norm

28

Three Types of App Environments

App

Generation 2.0

• Client Server Apps

• VMs Only

• Little DevOps

• Mostly Private Cloud

Diminishing

Market Presence

App

Generation 3.0

• Cloud Native Apps

• Containers

• Maturing DevOps

• Mostly Public Cloud

Market

Vanguard



bution

There Are Many Challenges

29

Monitoring NetworkingSecurity

Production Environment

ComplianceVMworld 2017 Content: Not fo


bution

vRA Container Management with

30* Requires vRA Ent Licensing

New Capabilities in vRA 7.3:

Docker Volume SupportCreate and update persistent volumesDeploy applications with persistent

volumes

vSphere Integrated Containers Support for vSphere Integrated Containers

User ExperienceUser Interface Improvements



bution

vRA Container Management in Action

31

Self-Service Provisioning for Container Applications and Container Hosts

Design Traditional, Container or Hybrid (VM + Container) Applications

Discovery and Management of Container Hosts and Containers



bution

vRA + Azure Public Cloud Unified Design Canvas

• Azure Endpoint with subscription and Active Directory users information

• Reservations and integration with governance model

• Blueprint creation with Azure VMs, storage disks, and nics

• Azure Networking Support

– Subnets

– Load balancers



bution

vRA + AWS EC2

33

Unified Design Canvas

• Build, provision, and management EC2-based services

• Supports all EC2 Instance types

• Blueprint creation with Azure VMs, storage disks, and nics

• EC2 Networking Options

– VPC’s

– Security Policies



bution

Manage VMware Cloud on AWSManaged Endpoint

Manage vCenter in VMware Cloud on AWS

• Treated as a traditional vSphere / vCenter Endpoint

• Build an IaaS Fabric using VMware Cloud SDDC Resources

• Leverage Reservation Policies for machine placement



bution

vRA ServiceNow integration Catalog Sync

35

• Entitled vRA catalog items are visible in ServiceNow catalog

• Items are synced per configurable schedule

• Currently only vSphere machines are supported



bution

External IPAM Vendor FrameworkFramework support for On-demand Routed Networks

• Integrate with external IPAM

(Infoblox)

• Deploy machines with an

external network IP address

automatically assigned from

IPAM

• Added support for NSX On-

demand Routed networks

• Vendor-provided plugin



bution

Beyond OOTBEcosystem Integration



bution

Adapt and Extend vRealize Automation

38

Call external tools and applications

during the delivery process

Create custom day-2 actions

Automate any IT service

New Employee Onboarding

Ad user to ADSetup emailConfigure access to file shares and apps

Request

vRealize Automation

Event Broker Service

XaaS Service Designer

Plu

gg

ab

le F

ram

ew

ork

3rd party

management

systems

• CMDB

• IPAM / DNS /

DHCP

• Load Balancers /

Networking

• Service Desk

• Monitoring

Systems

• Storage

Management

• Databases

• Web Services

vR

ea

lize

Orc

he

stra

torVMworld 2017 Content: N

ot for publicatio

n or distribution

vRA Property DictionaryCustomized UI | Dynamic Request Options UI control improvements are

done with property actions

• Support for key/value pairs for

list items in drop down list

• Support for regular expression

input for text field

New UI controls available

OOTB for pulling information

from external systems

• Dropdown list from power

shell script

• Dropdown list from database



bution

Event Broker Subscriptions

• Enable OTB extensibility

for IaaS and Application

Services dynamically by

leveraging the Event

Broker Service (EBS)

• Invoke workflows based

on a policy-based trigger

configured for a specific

“interesting” event

Enable OOTB extensibility for IaaS and App Services

“Invoke vRO Workflow to integrate with a custom service based on the NAME of a blueprint, Custom Property Value, Requestor ID, or machine and platform type….GO!”



bution

XaaS Delivers Anything as a Service

• Leverage existing or custom vRO worflows to quickly build new catalog services.

• XaaS Forms Designer provides UI-based service authoring.

• Instantly transform any workflow into an entitled, governed, and lifecycle management service in the vRA Catalog

• Incorporate complete XaaS Blueprints into a broader CBP design

• Create custom XaaS Day2 Actions

41



bution

vRealize Orchestrator

• Included with VMware vRealize Automation and as standalone appliance to enable automation and orchestration

• Makes IT operations faster and less error-prone by facilitating the automation of IT processes

• Facilitates the development of workflows

• Provides a graphical integrated development environment (IDE)

• Enables workflows to be exported and imported through packages

• Provides a workflow engine

• Offers multiple ways to run workflows

42

Integrate | Automate | Orchestrate



bution

DEMO [EXTENSIBILITY USE CASE]

43



bution

vRealize Cloud Client

• CLI-based and easy to learn / use

• Works on Windows and Linux

• Use locally or invoke remotely

• Interacts with vRA API

• Provides access to most vRA functions programmatically

44

Create a layer of abstraction between the vRA functionality and the end consumer to

increase the ease of which users are able to run automated actions against vRA



bution

Infrastructure as CodeExport | Import | Share

id: Wordpress.4.3.1

name: Wordpress 4.3.1

components:

LB:

type: Infrastructure.Machine.vSphere

data:

machine:

cpu: {max: 4, default: 2}

memory: 1024

wpApache:

type: Software.wpApache_1

data:

host: '${_resource~LB~machine}’

…

wpMySQLDB:

type: Software.wpMySQLDB_1

data:

db_port: 3306

WebApp:

type: data:wpMySQL_Config_1

db_port: ${MySQL~db_port}

db_username: ${DB_Setup~db_username}

…

45

Interoperable



bution

An API Evolution

• HATEOAS (Hypermedia as the Engine of Application State) links available for “dynamic” POST requests, provides a JSON object which is suitable for use as a payload to the corresponding POST request.

• Each response body includes URIs for logical next steps, e.g., perform operations on a machine, submit request for a catalog item, get details of an item in a list, add new object into a list

46



bution

vRealize Suite Lifecycle Manager Comes with the latest vRealize Suite 2017



bution

Introducing vRealize Suite Lifecycle Manager

48

vRealize Suite

Inst all

Upgrade

Pat ching

Configurat ion

Management

Healt h

Monit or ing

vReal ize Suit e Lifecycle Manager

Streamline and simplify the deployment and on-going management of the

vRealize product portfolio throughout its life cycle.

The Best Way to Manage Your vRealize Suite

• Accelerate time-to-value: Simplify deployment and

upgrade with automated pre-checks and validation.

• Minimize on-going management: Automate config

and drift management with health monitoring.

• Enable best practices: Enforce alignment with

VMware recommended reference architectures

and validated designs.



bution

Instant Benefit of Faster Deployment, Easier to Manage

49

At least 30% faster to deploy and configure!

✓ Certification generation

✓ Automated entitlement check

✓ Automated SDDC compatibility check

Reduce Context Switches

✓ Pre-defined deployment configuration

✓ VVD-defined solution-based installation

✓ Upfront user input collection

Reduce User Inputs

✓ Resume and retry

✓ Point-in-time snapshot

Recover From Failures

Accelerate

Time-to-Value

✓ vIDM integration for Single Sign On

✓ Export/Import configuration

capabilities for easy replication

Optimize Installation* Based on VMware Quality Engineering deployment of large greenfield HA environment which supports up to 50,000 VMs. Customer benefit may be much greater as installation times without LCM can vary significantly (based on VMware experience and customer research)



bution



bution

mgt1799be full-stack automation: streamlining, … automation: streamlining, delivering and managing...

Documents