MGT1799BE Full-Stack Automation: Streamlining, … Automation: Streamlining, Delivering and Managing...
Transcript of MGT1799BE Full-Stack Automation: Streamlining, … Automation: Streamlining, Delivering and Managing...
Kim Ranyard
Steffen Moen
Jad El-Zein
MGT1799BE
#VMworld #MGT1799BE
Full-Stack Automation: Streamlining, Delivering and Managing App-Centric IT
VMworld 2017 Content: Not fo
r publication or distri
bution
• This presentation may contain product features that are currently under development.
• This overview of new technology represents no commitment from VMware to deliver these features in any generally available product.
• Features are subject to change, and must not be included in contracts, purchase orders, or sales agreements of any kind.
• Technical feasibility and market demand will affect final delivery.
• Pricing and packaging for any new technologies or features discussed or presented have not been determined.
Disclaimer
2
VMworld 2017 Content: Not fo
r publication or distri
bution
Agenda
1 Introduction
2 vRealize Automation Overview
3 Application-Centric Networking and Security
4 Application-Centric Storage
5 Automate the Ecosystem
6 Beyond OOTB
3
VMworld 2017 Content: Not fo
r publication or distri
bution
VMware ESX and, eventually, VirtualCenterenabled the RIGHT-CLICK -> DEPLOYmethodology of machine provisioning
Provisioning a new machine went from 4-5 weeks (or more) to < 5mins
Today – thanks largely to incredible advancements in technology – most enterprises
deliver [traditional] applications in…That was 15 years ago…
3-4 weeks :-(
VMworld 2017 Content: Not fo
r publication or distri
bution
Web App DB
6
Rapid and Repeatable Service DeploymentsAutomating Networking, Policy and Security for IT, Developers and Research
AutomationIT Automating IT | Self-Service Infrastructure
VMVM
VMVM
APP
VMVM
VMVM
APPVMVM
VMVM
APP
VMVM
VMVM
APPVMVM
VMVM
APP
VMVM
VMVM
APPVMVM
VMVM
APP
VMVM
VMVM
APP
BLUEPRINTVMworld 2017 Content: Not fo
r publication or distri
bution
Cloud Management Is Fundamental to the SDDCvRA Defines, Delivers, and Governs the SDDC
7
Any Device Business Mobility: Applications | Devices | Content
Any Application Traditional | Cloud Native
Any Cloud Software-Defined Datacenter (SDDC)
Cloud Management Platform
Compute Networking
& SecurityStorage Hybrid Cloud
Virtual / Cloud Infrastructure
vRealize Automation
DevOps
Extensibility
Release Automation
IaaSApp-
CentricXaaS
Self-Service
GUI CLI API
Cloud Providers
VMworld 2017 Content: Not fo
r publication or distri
bution
Automation Accelerates Services Delivery
8
> 2-3 Days
Wait WorkWaitWait
Blueprint
✓ Speed
▪ Days to minutes
✓ Stability
▪ Consistent
▪ Repeatable
✓ Control
▪ Aligns with Business
Processes
Task timeWait time
Infrastructure
Verification
Build VMs – New
or Clone
Get IP
Install, Setup, Configure Load Balancer Entries /
Firewall Changes
Web Server Configuration
1- 2 days 3- 5 days 3 – 5 days
1 – 2 days 4 – 7 days 2 – 3 days 2 – 5 days
Developer
Request
External Interface & Integration
IT Processes
Ticket
Minutes
VMworld 2017 Content: Not fo
r publication or distri
bution
App Store Experience
Service category
Custom Service
IaaS and XaaS
Services
vRA’s Unified Service Catalog IaaS | Apps | XaaS Custom Services
9
Custom Service
Categories
VMworld 2017 Content: Not fo
r publication or distri
bution
Unified Service Delivery – Converged Blueprint Designer
10
• Common Authoring for all Machine Types
• Incorporate On-Demand Networking and Security
• Incorporate external (XaaS) custom services
VMworld 2017 Content: Not fo
r publication or distri
bution
Optimized Placement Using vR Ops AnalyticsIntelligent Workload Placement (WLP)
11
Supports vRealize Operations 6.6+
• Utilize analytics data in
vRealize Operations to
optimize the placement of
workloads
• vRA: Enable Workload
Placement Policy (WLP) in
Infrastructure tab.
• vR Ops: Create/Edit
Monitoring
Policy per workload
requirements
VMworld 2017 Content: Not fo
r publication or distri
bution
Repeatable
deployments of
customer environments
to help diagnose
technical issues
Consistent policy
Automated deployment
of NAT topology with
connected VMs
Full automation
Complete VMware stack
with vRealize
Automation, NSX and
vSphere
Full VMware
SDDC
Each deployment is
completely self
contained
Isolation between
environments
Provide advanced
networking topologies
as part of the vRealize
Automation Catalog to
cloud users
Multi-Machine
Topology
Benefits of Automating Networking & SecurityReduce Time, Reduce Errors, Increase Visibility
VMworld 2017 Content: Not fo
r publication or distri
bution
13
App-Centric Networking & SecuritySegmentation | Tenancy
Critical Segmentation of Workloads• Production | Development
• Tenant | Shared Services
Automated Access to Shared Services
• Security group and application policy set for
access to shared IT services
SDDC Automation
• Security and Performance policy model
to simplify and automate
• Leveraged tagging to classify
workloads into use case groups
• Overlay networking
Production Tenant X
Development DMZ
Data Center 1
Data Center 2
VM
VM
VM
VM
VM
VM
VM
VM
VM
VM
VM
VM
VM
VM
VM
VM
VM
VM
VM VM VM
VM VM
VM
VM
VM
VM
VM
VM
VM
VM
VM
VM
VM
VM
VM
VM
VM
VM
VM
VM
VM VM VM
VM VM VM
VM+
VMworld 2017 Content: Not fo
r publication or distri
bution
vRealize Automation + NSX
14
• Unified Service Design and Delivery
• App-Centric Networking and Security
• Incorporate External Services
• Achieve greater control and visibility
• Reduce wait times for siloed IT services
• Manage Infrastructure as Code
• Lifecycle Manage Everything
• Standardized and repeatable processConverged
Blueprint
Cloud
Consumers
Cloud Admin
Applications
Extensibility
Security
Networking
Unified Service
Catalog
Network ProfilesSecurity Groups Security Policies
Network Admin Security Admin
On-Demand Load Balancer
AVAILABILITY SECURITYCONNECTIVITY
Security TagsOn-Demand
Networks
Benefits
VMworld 2017 Content: Not fo
r publication or distri
bution
NSX Automation Use Cases
15
Automation for IT & Developers
Network Admins
Security Admins
Developers
Virtual Network Infrastructure
Physical Network Infrastructure
Application Workloads
vRealize AutomationVMworld 2017 Content: Not fo
r publication or distri
bution
Application-centric Network And Security Services
16
Deployed & Managed in the Application Context
Support for Multi-tier Apps on Multiple
Networks or Single Flat Network
App-specific Networking Configuration
Connectivity
App-specific Security Policies
Security
Dynamic App Availability Configuration
Availability
App-specific Networking Performance
Performance
Web
App
Database VMworld 2017 Content: Not fo
r publication or distri
bution
vRA + NSX – Cloud Operational Model
• Network Admin defines:
– Initial network configuration in NSX
– External Networks and Network Profiles in vRA
• Security Admin defines in NSX:
– Distributed Firewall Rules
– Security Groups / Policies / Tags
• Cloud architect builds Blueprints:
– Blueprints include NSX Networks, Security components, Load Balancers, VMs and Apps
• Cloud Architect publishes Blueprints
• Cloud Consumer deploy applications:
– End-to-end provisioning: networks, NAT rules, security and LB configured at deployment
20
Network Admin
Security Admin
Cloud
Architect
Cloud
Consumer
Network ProfilesExternal Networks
Security Groups Security PoliciesSecurity Tags
Converged
Blueprints
NSX Load Balancer
1
2
Service Catalog
Publish
34
5
Defines
Defines
Builds
Deploys
6 N
Applications
…
One T
ime
Recurr
ing
VMworld 2017 Content: Not fo
r publication or distri
bution
Managing NAT Port Forwarding Rules
Manage (edit) NSX On-Demand NAT Port Forwarding Rules as a Day 2 Action
• Rules can be added, removed, modified
• Order can be changed
• Entitle Actions as needed
NSX On-Demand NAT | Day 2 Actions
7.3
VMworld 2017 Content: Not fo
r publication or distri
bution
Granular Load Balancer Controls
• Granular controls built in to the Converged Blueprint Designer
• Edit existing Virtual Servers including:
• LB Algorithm
• Persistence
• Health Monitors
• Transparent Mode
• Port
• …
NSX On-Demand Load Balancer | Day 1-2 Edits
7.3
VMworld 2017 Content: Not fo
r publication or distri
bution
Managing NSX Security Groups and Tags
New Day 2 Actions to manage security services after provisioning
• View active NSX Security Groups and Tags
• Add Existing NSX Security Groups or Tagsto a running application
• Disassociate NSX Security Groups and Tags from applications
Security Day 2 Actions
7.3
VMworld 2017 Content: Not fo
r publication or distri
bution
App-Centric Storage Policy Controls
25
vRA SPBM Plugin 2.x
• Set desired storage policies at
request time
• Dynamically retrieves storage
policy list from vCenter
• Setting or change storage
policies for either VM home or
VM disks
• Automatically move objects to
compliant datastores when
changing storage policies
• Leverages the Event Broker
Service
VMworld 2017 Content: Not fo
r publication or distri
bution
vRA SPBM Integration
26
SPBM Selection at Request Time
SPBM Selection
• Enable option to select
storage tier at request
time
• Drop-down to select
available SPBM Policy
VMworld 2017 Content: Not fo
r publication or distri
bution
SPBM Day-2 Actions
27
Invoking a Policy Change
Day-2 Actions
• Change Storage Policies
post-provisioning
• Action is Entitled and visible
per entitlement policy
VMworld 2017 Content: Not fo
r publication or distri
bution
App
Generation 2.5
Emerging
Market Majority
• Mixed Application
Types
• VMs and Containers
• Emerging DevOps
Discipline
• Cross Cloud The
New Norm
28
Three Types of App Environments
App
Generation 2.0
• Client Server Apps
• VMs Only
• Little DevOps
• Mostly Private Cloud
Diminishing
Market Presence
App
Generation 3.0
• Cloud Native Apps
• Containers
• Maturing DevOps
• Mostly Public Cloud
Market
Vanguard
VMworld 2017 Content: Not fo
r publication or distri
bution
There Are Many Challenges
29
Monitoring NetworkingSecurity
Production Environment
ComplianceVMworld 2017 Content: Not fo
r publication or distri
bution
vRA Container Management with
30* Requires vRA Ent Licensing
New Capabilities in vRA 7.3:
Docker Volume SupportCreate and update persistent volumesDeploy applications with persistent
volumes
vSphere Integrated Containers Support for vSphere Integrated Containers
User ExperienceUser Interface Improvements
VMworld 2017 Content: Not fo
r publication or distri
bution
vRA Container Management in Action
31
Self-Service Provisioning for Container Applications and Container Hosts
Design Traditional, Container or Hybrid (VM + Container) Applications
Discovery and Management of Container Hosts and Containers
VMworld 2017 Content: Not fo
r publication or distri
bution
vRA + Azure Public Cloud Unified Design Canvas
• Azure Endpoint with subscription and Active Directory users information
• Reservations and integration with governance model
• Blueprint creation with Azure VMs, storage disks, and nics
• Azure Networking Support
– Subnets
– Load balancers
VMworld 2017 Content: Not fo
r publication or distri
bution
vRA + AWS EC2
33
Unified Design Canvas
• Build, provision, and management EC2-based services
• Supports all EC2 Instance types
• Blueprint creation with Azure VMs, storage disks, and nics
• EC2 Networking Options
– VPC’s
– Security Policies
VMworld 2017 Content: Not fo
r publication or distri
bution
Manage VMware Cloud on AWSManaged Endpoint
Manage vCenter in VMware Cloud on AWS
• Treated as a traditional vSphere / vCenter Endpoint
• Build an IaaS Fabric using VMware Cloud SDDC Resources
• Leverage Reservation Policies for machine placement
VMworld 2017 Content: Not fo
r publication or distri
bution
vRA ServiceNow integration Catalog Sync
35
• Entitled vRA catalog items are visible in ServiceNow catalog
• Items are synced per configurable schedule
• Currently only vSphere machines are supported
VMworld 2017 Content: Not fo
r publication or distri
bution
External IPAM Vendor FrameworkFramework support for On-demand Routed Networks
• Integrate with external IPAM
(Infoblox)
• Deploy machines with an
external network IP address
automatically assigned from
IPAM
• Added support for NSX On-
demand Routed networks
• Vendor-provided plugin
VMworld 2017 Content: Not fo
r publication or distri
bution
Adapt and Extend vRealize Automation
38
Call external tools and applications
during the delivery process
Create custom day-2 actions
Automate any IT service
New Employee Onboarding
Ad user to ADSetup emailConfigure access to file shares and apps
Request
vRealize Automation
Event Broker Service
XaaS Service Designer
Plu
gg
ab
le F
ram
ew
ork
3rd party
management
systems
• CMDB
• IPAM / DNS /
DHCP
• Load Balancers /
Networking
• Service Desk
• Monitoring
Systems
• Storage
Management
• Databases
• Web Services
vR
ea
lize
Orc
he
stra
torVMworld 2017 Content: N
ot for publicatio
n or distribution
vRA Property DictionaryCustomized UI | Dynamic Request Options UI control improvements are
done with property actions
• Support for key/value pairs for
list items in drop down list
• Support for regular expression
input for text field
New UI controls available
OOTB for pulling information
from external systems
• Dropdown list from power
shell script
• Dropdown list from database
VMworld 2017 Content: Not fo
r publication or distri
bution
Event Broker Subscriptions
• Enable OTB extensibility
for IaaS and Application
Services dynamically by
leveraging the Event
Broker Service (EBS)
• Invoke workflows based
on a policy-based trigger
configured for a specific
“interesting” event
Enable OOTB extensibility for IaaS and App Services
“Invoke vRO Workflow to integrate with a custom service based on the NAME of a blueprint, Custom Property Value, Requestor ID, or machine and platform type….GO!”
VMworld 2017 Content: Not fo
r publication or distri
bution
XaaS Delivers Anything as a Service
• Leverage existing or custom vRO worflows to quickly build new catalog services.
• XaaS Forms Designer provides UI-based service authoring.
• Instantly transform any workflow into an entitled, governed, and lifecycle management service in the vRA Catalog
• Incorporate complete XaaS Blueprints into a broader CBP design
• Create custom XaaS Day2 Actions
41
VMworld 2017 Content: Not fo
r publication or distri
bution
vRealize Orchestrator
• Included with VMware vRealize Automation and as standalone appliance to enable automation and orchestration
• Makes IT operations faster and less error-prone by facilitating the automation of IT processes
• Facilitates the development of workflows
• Provides a graphical integrated development environment (IDE)
• Enables workflows to be exported and imported through packages
• Provides a workflow engine
• Offers multiple ways to run workflows
42
Integrate | Automate | Orchestrate
VMworld 2017 Content: Not fo
r publication or distri
bution
vRealize Cloud Client
• CLI-based and easy to learn / use
• Works on Windows and Linux
• Use locally or invoke remotely
• Interacts with vRA API
• Provides access to most vRA functions programmatically
44
Create a layer of abstraction between the vRA functionality and the end consumer to
increase the ease of which users are able to run automated actions against vRA
VMworld 2017 Content: Not fo
r publication or distri
bution
Infrastructure as CodeExport | Import | Share
id: Wordpress.4.3.1
name: Wordpress 4.3.1
components:
LB:
type: Infrastructure.Machine.vSphere
data:
machine:
cpu: {max: 4, default: 2}
memory: 1024
wpApache:
type: Software.wpApache_1
data:
host: '${_resource~LB~machine}’
…
wpMySQLDB:
type: Software.wpMySQLDB_1
data:
db_port: 3306
WebApp:
type: data:wpMySQL_Config_1
db_port: ${MySQL~db_port}
db_username: ${DB_Setup~db_username}
…
45
Interoperable
VMworld 2017 Content: Not fo
r publication or distri
bution
An API Evolution
• HATEOAS (Hypermedia as the Engine of Application State) links available for “dynamic” POST requests, provides a JSON object which is suitable for use as a payload to the corresponding POST request.
• Each response body includes URIs for logical next steps, e.g., perform operations on a machine, submit request for a catalog item, get details of an item in a list, add new object into a list
46
VMworld 2017 Content: Not fo
r publication or distri
bution
vRealize Suite Lifecycle Manager Comes with the latest vRealize Suite 2017
VMworld 2017 Content: Not fo
r publication or distri
bution
Introducing vRealize Suite Lifecycle Manager
48
vRealize Suite
Inst all
Upgrade
Pat ching
Configurat ion
Management
Healt h
Monit or ing
vReal ize Suit e Lifecycle Manager
Streamline and simplify the deployment and on-going management of the
vRealize product portfolio throughout its life cycle.
The Best Way to Manage Your vRealize Suite
• Accelerate time-to-value: Simplify deployment and
upgrade with automated pre-checks and validation.
• Minimize on-going management: Automate config
and drift management with health monitoring.
• Enable best practices: Enforce alignment with
VMware recommended reference architectures
and validated designs.
VMworld 2017 Content: Not fo
r publication or distri
bution
Instant Benefit of Faster Deployment, Easier to Manage
49
At least 30% faster to deploy and configure!
✓ Certification generation
✓ Automated entitlement check
✓ Automated SDDC compatibility check
Reduce Context Switches
✓ Pre-defined deployment configuration
✓ VVD-defined solution-based installation
✓ Upfront user input collection
Reduce User Inputs
✓ Resume and retry
✓ Point-in-time snapshot
Recover From Failures
Accelerate
Time-to-Value
✓ vIDM integration for Single Sign On
✓ Export/Import configuration
capabilities for easy replication
Optimize Installation* Based on VMware Quality Engineering deployment of large greenfield HA environment which supports up to 50,000 VMs. Customer benefit may be much greater as installation times without LCM can vary significantly (based on VMware experience and customer research)
VMworld 2017 Content: Not fo
r publication or distri
bution