mgt2875bu manage, govern and extend vmware …...network virtualization capabilities • support for...

MGT2875BU

#VMworld #MGT2875BU

Manage, Govern and Extend VMware Cloud on AWS with vRealize Automation

Jad El-Zein | @virtualjad

Brian Graf | @vbriangraf

VMworld 2017 Content: Not fo

r publication or distri

bution

• This presentation may contain product features that are currently under development.

• This overview of new technology represents no commitment from VMware to deliver these features in any generally available product.

• Features are subject to change, and must not be included in contracts, purchase orders, or sales agreements of any kind.

• Technical feasibility and market demand will affect final delivery.

• Pricing and packaging for any new technologies or features discussed or presented have not been determined.

Disclaimer

CONFIDENTIAL 2



bution

Jad El-Zein | @virtualjad

Brian Graf | @vbriangraf

MGT2875BU

#VMworld #MGT2875BU

Manage, Govern and Extend VMware Cloud on AWS with vRealize Automation



bution

• This presentation may contain product features that are currently under development.

• This overview of new technology represents no commitment from VMware to deliver these features in any generally available product.

• Features are subject to change, and must not be included in contracts, purchase orders, or sales agreements of any kind.

• Technical feasibility and market demand will affect final delivery.

• Pricing and packaging for any new technologies or features discussed or presented have not been determined.

Disclaimer

4



bution

Introductions

5

Jad El-Zein

• Principal Architect in

Cloud Management

Business Unit (CMBU)

• 8 years VMware

• Spend most of my time

on vRA and how the

world is a better place

because of it.

• I try to blog at

virtualjad.com

Brian Graf

• Senior Technical Marketing Manager –VMware Cloud on AWS

• Co-Author ’PowerCLIReference 2nd Edition’

• Product Manager of DRS & HA features in vSphere 6.5

• Blog: brianjgraf.com



bution

Agenda

6

1 Introduction

2 Overview: VMware Cloud on AWS

3 vRealize Automation on the Scene

4 Tips & Tricks | Things to Know

5 Summary | Q&AVMworld 2017 Content: N

ot for publicatio

n or distribution

Introducing two powerfulforces coming together

• Leading compute, storage and

network virtualization

capabilities

• Support for a broad range of

workloads

• De-facto standard for the

enterprise DC

• Flexible consumption

economics

• Broadest set of cloud services

• Global scale and reach



bution

VMware Cloud on AWS

8

Rich VMware SDDC

delivered as a cloud

service on AWS

VMware SDDC technologies you know and trust, delivered

as a service on the world's most popular public cloud

Consistency and

familiarity of VMware

technologies

Easy workload

portability and hybrid

capabilities

AWS

Direct access to the

power of native AWS

services

Existing and new

apps with Containers

and VMs

STRATEGY AND VISION



bution

Powerful use-cases that align with your cloud strategy

9

Customer can decide strategically across on-premises data center and cloud

Maintain and expand

Regional capacity

DR and backup

Maintain

Expand

Consolidate and migrate

Data center consolidation

Application migration

Consolidate

Migrate

Workload flexibility

Test and development

Cyclic capacity

Flex

…as needed



bution

AWS Global Infrastructure

VMware Cloud on AWS

10

VMware vSphere-based service, running on the AWS Cloud

AWS Global InfrastructureCustomer Datacenter

vSphere vSAN NSX

Amazon

EC2

Amazon

S3

Amazon

RDS

AWS Direct

Connect

AWS IAMAWS IoT

…

…

…

…

vCentervCenter

• ESXi on Dedicated Hardware

• Support for VMs and Containers

• vSAN on Flash and EBS Storage

• Replication and DR Orchestration

• NSX Spanning on-premises and cloud

• Advanced Networking & Security Services

vRealize, vAPI, PowerCLI… </>

Operational Management VMware Cloud™ on AWSPowered by VMware Cloud Foundation

AWS Native Services



bution

But, bringing them together is hard…

Demand for technologies that

simplify infrastructure is high

Complicated integration

Vendor lock-in

Point solutions

Hyper-ConvergedInfrastructure

NetworkVirtualization

InfrastructureAs-a-Service

Public Clouds

ContainerizedApps

EnterpriseInitiatives

© 2016 VMware Inc. All rights reserved



bution

A Common Approach to Private, Public, Hybrid Cloud

12

Modern Datacenter Integrated Public Cloud

Cloud Management

Automation Operations Costing

Cloud Infrastructure

Compute StorageNetworkVMworld 2017 Content: N

ot for publicatio

n or distribution

Cloud Management Is Fundamental to the SDDC

13

vRA Defines, Delivers, and Governs the SDDC

Any Device Business Mobility: Applications | Devices | Content

Any Application Traditional | Cloud Native

Any Cloud Software-Defined Datacenter (SDDC)

Cloud Management Platform

Compute Networking

& SecurityStorage Hybrid Cloud

Virtual / Cloud Infrastructure

vRealize Automation

DevOps

Extensibility

Release Automation

IaaSApp-

CentricXaaS

Self-Service

GUI CLI API



bution

http://www.google.com/url?sa=i&rct=j&q=&esrc=s&source=images&cd=&cad=rja&uact=8&ved=0CAcQjRxqFQoTCLGA6oC18sgCFVTmYwodR78Ixw&url=http://www.cloudlinktech.com/choose-your-cloud/vmware-vcloud-air/&psig=AFQjCNEBLDp57UGA_4bogYo5KEXl7Hp2xA&ust=1446576892270830

App Store Experience

Service category

AWS Service x

IaaS and XaaS

Services

Unified Service Catalog Multi-Cloud IaaS | App Stacks | XaaS Custom Services

14

Custom Service

Categories



bution

Unified Service Delivery

15

Converged Blueprint Designer

• Common authoring for all cloud platforms

• Design and incorporate software components

• Incorporate On-Demand Networking and Security

• Integrate externaland custom services from the XaaS library



bution

Extending Public Cloud with vRA

16

Deliver Public Cloud Services to the Enterprise

CLOUD X CLOUD X

• Federated Authentication

• Governance & Approvals

• Service Entitlements

• Catalog Based Self-Service

• LifeCycle Management



bution

vRealize Automation: The On-Ramp

17

1) Seamlessly Discover, Govern and

Manage new SDDC resources

2) Build a Federated SDDC Fabric

3) Abstract organizational change

and complexity

4) Enhance and Extend VMC with

vRA’s vast extensibility platform

5) Incorporate native AWS services,

align with machine lifecycles



bution

18

1) Seamlessly Discover,

Govern and Manage new

SDDC resources

Adding a remote VMC vCenter Endpoint is as straight forward as adding any vCenter:1. Install Endpoint Agent2. Configure Endpoint in IaaS3. Add & Allocate Resources to IaaS Fabric

2) Build a Federated

SDDC Fabric

Remote VMC resources can be added to the existing Fabric to extend available resources without downtime. Reservations are used to sub-allocate resources to Business Groups.

3) Abstract organizational

change and complexity

No matter what you call it, VMware Cloud on AWS requires customers to adopt Public Cloud services. vRA and VMC together help mitigate perceived risk by extending existing business process to the public cloud using controls, governance, ecosystem integrations, etc.



bution

19

4) Enhance and Extend

VMC with vRA’s vast

extensibility platform

Leverage existing enterprise tools and services, or employ new ones, regardless of platform. vRA is used to abstract physical boundaries to enable seamless consumption and integration of VMC resources.

5) Incorporate native AWS

services, align with

machine lifecycles

Gain the benefits of native AWS services by incorporating them into application designs – use software authoring, XaaS, Event Broker or other extensibility to logically bind IaaS with AWS service per machine’s lifecycle.



bution

L3 VPN Hybrid Cloud Connectivity

On-PremGateway

Existing VMs and Management on-premises

VPN Connectivity using NSX ESG(Route selected networks or all traffic

to on-premises over VPN tunnel)

Customer DC

Software Defined Data Center (SDDC)

AW

S N

etw

ork

ing

On-Prem Mgmt

On-Prem

Workloads

Management

Network

Management GW

(NAT, FW, VPN)

VMware Cloud

on AWS

Compute GW

(NAT, FW, VPN, DHCP)

192.168.20.0/24192.168.10.0/24

DLR

Management Traffic

Compute Traffic

InternetInternet GW

IPSec VPN – L3 - Compute



bution

Remote Endpoint Connectivity

21

• Connect to remote vCenter using internal FQDN/IP (over VPN tunnel)

• Optional: change FQDN DNS resolution in Management Gateway to Private IP

• Note on VMRC - Firewall rules and local DNS resolution to ESXi hostsrequired for VMRC functionalityVMworld 2017 Content: N

ot for publicatio

n or distribution

Elastic DRS Integration

vSAN Cluster

CPU

Memory

Storage

vSAN Cluster

CPU

Memory

Storage

vSAN Cluster

CPU

Memory

Storage

CLUSTER OPERATING WITHIN TARGET THRESHOLDS1.

THRESHOLD EXCEEDEDPROVISION ADDITIONAL HOST2.

CLUSTER RETURNS TO TARGET THRESHOLD3.



bution

Automated Cluster Remediation

HOST FAILS, OR PROBLEM IDENTIFIED

NEW HOST ADDED TO CLUSTER.DATA FROM PROBLEM HOST REBUILT, AND/OR MIGRATED

PREVIOUS HOST EVACUATED FROM CLUSTER, FULLY REPLACED BY NEW HOST

1.

2.

3.

vSAN Cluster

vSAN Cluster

vSAN ClusterVMworld 2017 Content: Not fo


bution

Elastic Fabric

• As VMC resources scale (e.g. adding a host), vRA will discover and automatically add the host resources during the daily data collection.

• Manually invoking a data collection makes resources available to the fabric immediately.

24

[Host] Resource Management



bution

Template Management

• Use vCenter Content Library to automatically synchronize user-content across cloud instances

– OVA, ISO Images, Scripts

• Helps with Image profiles

25

vCenter Content Library

** while vRA currently does not support OVA deployment…you

never know what Santa will bring you this year ☺



bution

Image Profiles

• Use Image Profiles (vRA 7.3+) to streamline provisioning across private / public clouds.

• Ensure backing image (template or vm/snapshot) are similar for a consistent experience.

• Image Profiles can also be used to support provisioning across multiple VMC vCenter Endpoints.

26

Hybrid Image Profiles



bution

Restrictive Access Model

▪ No root ESXi access

▪ No VIB installations

Customer

VMware

▪ No VDS configuration access

▪ No direct management VM access



bution

vCenter Folder Placement

• Specify the remote provisioning [vCenter] Folder by using the VMware.VirtualCenter.Folder custom property

• Configure at BG or Blueprint, or use Property Dictionary to allow user selection (e.g. drop-down) at request time

28

Using Custom Properties to customize [remote] vCenter folder placement



bution

Reservation Resources

29

• Remote resource usage is dependent on Endpoint creds.

• Default cloudaminaccount provisions to:

– WorkloadDatastore

– Compute-ResourcePool



bution

Things to Know

• vRA Endpoint Agent communicates with remote vCenter Endpoint over 443 – create a firewall policy to allow inbound traffic from all vRA nodes.

• Use vCenter Endpoint’s internal address (over VPN)

• TLS 1.2 Required – vCenter managing VMware Cloud on AWS does not support TLS 1.0. Ensure TLS 1.0 is disabled on the vRA IaaS nodes prior to adding VMC endpoint.

• Application Authoring requires direct communications (e.g. VPN) between VMC and vRA environment.

• NSX On-Demand Networking and Security is not currently supported (coming soon).

• VMRC Firewall rules and local DNS required to allow access to remote hosts – use local hosts file on vRA server(s) or create DNS records locally.

• vSphere Proxy Agent placement

30

Heads Up…



bution

Planning for VMware Cloud on AWS

31



bution

How much VMware Cloud on AWS do I need?

• Run a quick VMware Cloud on AWS Assessment with vRBC

• Create a scenario

– Migrate Applications

– Retire full datacenters

– HW refresh for Hosts & Clusters

– Pick and chose VMs

32

vRealize Business for Cloud

Create a new Migration Scenario

Choose Applications

Choose Clusters, Hosts, VMs



bution

DEMO [VMC Integration]

33



bution



bution

mgt2875bu manage, govern and extend vmware …...network virtualization capabilities • support for...

Documents