PBO2631BE A Base Design for Everyone’s Data Center: The ... · Senior SDDC Integration Architect...

Gary BlakeSenior SDDC Integration Architect

garyjblake

PBO2631BE

#VMworld #PB02631BE

A Base Design for Everyone’s Data Center: The Consolidated VMware Validated Design (VVD)

VMworld 2017 Content: Not fo

r publication or distri

bution

#PB02631BE CONFIDENTIAL

• This presentation may contain product features that are currently under development.

• This overview of new technology represents no commitment from VMware to deliver these features in any generally available product.

• Features are subject to change, and must not be included in contracts, purchase orders, or sales agreements of any kind.

• Technical feasibility and market demand will affect final delivery.

• Pricing and packaging for any new technologies or features discussed or presented have not been determined.

Disclaimer

2



bution


Software-Defined Data Center Momentum

vSphere 6.x Adoption

vSANRamp

New Horizons -vSphere Integrated Containers / Photon

NSX Going Mainstream

vRealizeExpanding Reach

3



bution


Building the Cloud is Often

the Bottleneck



bution


But, bringing them together is hard…

Demand for technologies that

simplify infrastructure is high

Complicated integration

Vendor lock-in

Point solutions

Hyper-ConvergedInfrastructure

NetworkVirtualization

InfrastructureAs-a-Service

Public Clouds

ContainerizedApps

DatacenterTrends



bution


Approaches to Implement the Software-Defined Data Center

Custom

Do It Yourself

▪ Design a custom architecture with in-house knowledge

▪ Manually deploy and maintain multiple individual software components

Build Your Own with

VMware Validated Designs

▪ The VMware Validated Designs provide standardized architecture

designs with extensively tested interoperability of the software

components

▪ Manually deploy individual software components following the VVD

guidelines and best practices to deploy and operate the SDDC

Automated with

VMware Cloud Foundation

▪ A VMware Cloud Foundation system is an integrated SDDC platform with

built-in automation for bring-up, configuration and patching/upgrading of the

stack

▪ Automatically implement an SDDC with a validated architecture that reflects

with VMware best practices by deploying VMware Cloud Foundation



bution


Permutation Control

7

t=0t=Later

Uncontrolled

Validated Design

Cloud Foundation

Greater Risk

Greater Risk

Less RiskBest possible

Less Risk



bution


VMware Validated DesignsPrescriptive Blueprints with Comprehensive Deployment and Operational Practices

✓Broad Use Cases

ComprehensiveDocumentation

Proven & RobustStandardized

Designs VMworld 2017 Content: Not fo


bution


VMware Validated Designs

9

A History Lesson

1.0

2.0

3.0

3.0.2

4.0

4.1

February 2016▪ 12mo of Engineering▪ Release to PSO

and Partners

September 2016

▪ 2mo of Engineering

▪ Dual Region with DR

▪ Two Pod Architecture

July 2016

▪ 3.5mo of Engineering

▪ Smaller scope.(i.e. Dual Region + DR)

November 2016

▪ 1.5mo of Engineering

▪ Added M-Seg Use Case

▪ Added IT Automating IT Guide

March 2017

▪ 1.5mo of Engineering.

▪ Major Product Updates

▪ Added ROBO

August 2017

▪ 4mo of Engineering• Minor Product Updates• Consolidated Pod

Option



bution


Design Objectives

Overall Objective SDDC capable of automated provisioning of workloads

Type of Deployment Greenfield and Brownfield

Cloud Type Private Cloud

Regions and Disaster Recovery Dual-region SDDC that Supports Disaster Recovery

▪ Guidance for an SDDC whose management components are designed to operate in the event of

planned migration or disaster recovery.

▪ Guidance for an SDDC that supports two regions for both management and tenant workloads.

▪ Operations guidance for disaster recovery and planned migration

Pods Two Pod

▪ Management Pod – Runs the management stack.

▪ Shared Edge and Compute Pod – Runs tenant workloads, and services for north-south plus east-

west routing.

One Pod

▪ Consolidated Pod – Runs the management stack, tenant workloads, and services for north-south

plus east-west routing.

Max Number of VM ▪ 10,000 Running VMs

▪ 150 VM deployments/hour

Design ObjectivesVMware Validated Design for SDDC

Design Objectives

Overall Availability 99%

= 3.65 days downtime/year

= 1.7 hours downtime/week

Planned downtime expected for upgrades, patching, on-going maintenance.

Authentication, Authorization, and

Access Control

▪ Use of Microsoft Active Directory as a central user repository

▪ Use of service accounts with minimum required authentication and Access Control List

configuration.

▪ Use of basic tenant accounts.

Certificate Signing Certificates are signed by an external certificate authority (CA) that consists of a root and intermediate

authority layers

Hardening Tenant workload traffic can be separated from the management traffic.

The design uses a distributed firewall to protect all management applications. To secure the SDDC, only

other management solutions and approved administration IP addresses can directly communicate with

individual components.



bution


Design Decisions

11

290+ in VMware Validated Design for SDDC

Reduces risk by providinga baseline of standardization.

Ensures the design meets the design objectives.

Reinforces standardization with justification and

implications.Easy to follow checklist form.



bution


Example Design DecisionsVMware Validated Design for SDDC

NSX Design > Routing Design > Routing Model Design Decisions (4.1)

Decision ID Design Decision Design Justification Design Implication

SDDC-VI-SDN-017 Deploy NSX Edge Services Gateways

in an ECMP configuration for

north/south routing in both

management and shared edge and

compute clusters.

The NSX ESG is the recommended

device for managing north/south

traffic. Using ECMP provides multiple

paths in and out of the SDDC. This

results in faster failover times than

deploying Edge service gateways in

HA mode.

ECMP requires 2 VLANS for uplinks

which adds an additional VLAN over

traditional HA ESG configurations.

SDDC-VI-SDN-018 Deploy a single NSX UDLR for the

management cluster to provide

east/west routing across all regions.

Using the UDLR reduces the hop

count between nodes attached to it to

1. This reduces latency and improves

performance.

UDLRs are limited to 1,000 logical

interfaces. When that limit is reached,

a new UDLR must be deployed.

SDDC-VI-SDN-019 Deploy a single NSX UDLR for the

shared edge and compute, and

compute clusters to provide east/west

routing across all regions for

workloads that require mobility across

regions.

Using the UDLR reduces the hop

count between nodes attached to it to

1. This reduces latency and improves

performance.

UDLRs are limited to 1,000 logical

interfaces. When that limit is reached

a new UDLR must be deployed.



bution


Software ComponentsVMware Validated Design for SDDC

VMware vRealize Automation

VMware

NSX

VMware

vRealize Operations

VMware

vSAN

VMware vSphere APIs for

Data Protection (VADP)

VMware

vSphere

VMware

vRealize Log Insight

VMware vRealize Business for Cloud VMware Site Recovery Manager



bution


How do we Create and Validate?

14

Compliance

and Security

Scale Testing

VMware

Validated

Designs

Interoperability

Measurement and

Optimization



bution


vRealize Business 7.3for Cloud

vRealize Automation 7.3vSphere 6.5 U1

vSAN 6.6.1

Site Recovery Manager 6.5.1 vRealize Log Insight 4.5and Content Packs

vRealize Operations 6.6.1and Management Packs

NSX 6.3.3

Bill of MaterialsVMware Validated Design for SDDC 4.1

For a complete list refer to the release notes.



bution



Product Group and Edition Product 4.0 4.1

VMware vSphere Enterprise Plus ESXi 6.5.0 a 6.5.0 Update 1

vSphere Data Protection 6.1.3 6.1.4

Update Manager 6.5.0 a 6.5.0 Update 1

VMware vCenter Server Standard vCenter Server 6.5.0 a 6.5.0 Update 1

VMware vSAN Standard or higher vSAN 6.5 a 6.6.1

VMware NSX Enterprise NSX 6.3 6.3.3

VMware vRealize Operations Advanced or higher vRealize Operations Manager 6.4 6.6.1

Management Pack for NSX for vSphere 3.5 3.5.1

Management Pack for Storage Devices 6.0.5 6.0.5



bution


Product Group Product 4.0 4.1

VMware vRealize Log Insight vRealize Log Insight 4.0 4.5

Content Pack for NSX for vSphere 3.5 3.6

Content Pack for Linux - 1.0

Content Pack for vRealize Automation 7 1.0 1.5

Content Pack for vRealize Orchestrator 7.0.1+ 2.0 2.0

Content Pack for Microsoft SQL Server 3.0 3.0

VMware vRealize Automation Advanced or higher vRealize Automation 7.2 7.3

vRealize Orchestrator 7.2 7.3

vRealize Orchestrator Plug-in for NSX 1.0.4 1.0.4

VMware vRealize Business for Cloud Standard vRealize Business for Cloud 7.2 7.3

VMware Site Recovery Manager Enterprise Site Recovery Manager 6.5 6.5.1




bution


Environmental and External Systems Requirements

18

VMware Validated Design for SDDC

Active Directory

Certificate Authority

DNS and NTP

SMTP Relay

SFTP

Rack Space

Power

Cooling



bution


Dual-Region Deployment ReadyVMware Validated Design for SDDC

Characteristics & Restrictions

▪ Regional Distance is Rather Large

▪ A Region May Be Treated as an SDDC

▪ Multiple Regions are Not Treated as a Single SDDC

Workload Placement Closer to Customer

▪ Northern California and Southern California

▪ US East Coast and US West Coast

▪ US Region and EU Region

Common Uses

▪ Disaster Recovery: One region can be the primary site

and another region can be the recovery site.

▪ Data Privacy: Address laws & restrictions in some

countries by keeping tenant data within a region in the

same country.

San Francisco, CAPrimary Region

Los Angeles, CASecondary Region



bution


Availability ZonesVMware Validated Design for SDDC

AVAILABILIITY ZONE

AVAILABILIITY ZONE Characteristics

• “Islands” of infrastructure for physical isolation or

building-level redundancy and high-availability.

• Positioned within “metro” distance to allow

synchronous storage replication. (~50km/30mi with low single-digit latency and large bandwidth)

• Allows the SDDC equipment across the availability

zone to operate in an active/active manner as a single

virtual data center or region.

• Isolated enough from each other to stop the

propagation of failure or outage across their

boundaries.

Early Access Preview

• Guidance for vSAN Stretched Clusters

within a region.



bution


Use Cases – Focus on What Runs in the SDDCVMware Validated Designs

Remote Office /

Branch OfficeMicro-Segmentation IT Automating IT

Cloud Native

Applications

Compliance

Capable Solutions

Virtual Desktop /

Digital Workspace

Intelligent

Operations

Business Critical

ApplicationsVMworld 2017 Content: N

ot for publicatio

n or distribution


Architecture OverviewVMware Validated Design for SDDC – Consolidated SDDC

Main components:

• Physical Layer

• Virtual Infrastructure Layer

• Cloud Management Layer

• Service Management

• Business Continuity

• Security



bution

#PB02631BE CONFIDENTIAL 23

StandardizedElevation

Leaf-and-SpineNetwork

Out-of-BandManagement

FunctionalRoles

PodsVMware Validated Design for SDDC



bution


High-Level Deployment Architecture Objectives

24


Two-Pod / Standard Architecture One-Pod / Consolidated Architecture

Minimum Hosts 8 4

Management VMs420 GB vRAM,

2TB VSAN, 6 TB NFS50% - 70% less

RecoverabilityDual Region

(and Availability Zones in Tech Preview)Single Region (DR to cloud)

Scale (VMs) 1,000 to 10,000 100 to 2,500

Churn Medium (up to 150/hr) Low (up to 50/hr)

Availability 99% 95%

ModularityFoundation Cloud Operations Cloud Management

+ Use Cases, Solutions, ROBO optionsFoundation Cloud Operations Cloud Management

Expansion options Additional Compute Pods (Up to 32 Hosts Each)Expand Pod to 32 Hosts,

or Grow to 2-Pod (with downtime)



bution


Licensing Options

25


Two-Pod / Standard Architecture One-Pod / Consolidated Architecture

Individual

vSphere Enterprise +

vCenter Sever Standard

* vSAN Standard

NSX for vSphere Enterprise

vRealize Operations Advanced


vRealize Automation Advanced

vRealize Business for Cloud Standard

Site Recovery Manager Enterprise (dual region)

vSphere Enterprise +

vCenter Server Standard

* vSAN Standard

NSX for vSphere Advanced

vRealize Operations Advanced


vRealize Automation Advanced

vRealize Business for Cloud Standard

Bundling

vCloud Suite with vRealize Suite Advanced

* vSAN Standard

NSX for vSphere Enterprise

Site Recovery Manager Enterprise (dual region)

vCloud Suite with vRealize Suite Advanced

* vSAN Standard

NSX for vSphere Advanced

* Preferred storage option



bution


Pod Types

26


Consolidated Pod. The consolidated pod runs the following services:

• Virtual machines to manage the SDDC such as vCenter Server, NSX

manager, vRealize Automation, vRealize Log Insight, vRealize

Operations Manager and vSphere Data Protection.

• Required NSX services to enable north-south routing between the

SDDC and the external network, and east-west routing inside the

SDDC.

• Virtual machines running business applications supporting varying

Service Level Agreements (SLAs).

• Should have a minimum of 4 ESXi hosts

Storage Pod. Storage pods provide secondary storage using NFS, iSCSI

or Fibre Channel.



bution


Layer 3 or Layer 3 Transport

27


Example Layer 2 Transport Example Layer 3 Transport



bution


Virtual Infrastructure Architecture

28


• The virtual infrastructure is the foundation of an

operational SDDC

• The virtual infrastructure layer consists primarily of

the physical hosts' hypervisors and the control of

these hypervisors.



bution


Consolidated Cluster Design

29


• The management virtual machines, NSX controllers and edges, and

tenant workloads run on the ESXi hosts in the consolidated cluster.

• The consolidated cluster design requires a minimum of 4 hosts:

• Three hosts are used to provide n+1 redundancy for the vSAN

cluster.

• The fourth host is used to guarantee n+1 for vSAN redundancy

during maintenance operations.

• You can add ESXi hosts to the cluster as needed.

• NSX deploys 3 Controllers with anti-affinity rules. the forth host is

used to guarantee controller distribution across 3 hosts during

maintenance operation.

• ESXi hosts are limited to 200 virtual machines when using vSAN.



bution


Logical and Physical Design of vRealize Operations Manager

30


In the consolidated SDDC, you deploy a vRealize

Operations Manager configuration that consists of the

following entities.

• 1-node (medium-size) vRealize Operations Manager

analytics cluster. This topology provides the ability to

add high availability, scale-out capacity up to sixteen

nodes, and failover.

• 1 standard remote collector node. The remote

collectors communicate directly with the vRealize

Operations Manager analytics cluster. The design

uses remote collectors whose role is to ease

scalability by performing the data collection for

localized applications and periodically sending

collected data to the analytics cluster.



bution


Logical Design and Data Sources of vRealize Log Insight

31


• In the Consolidated SDDC, deploy

a single vRealize Log Insight

instance that consists of a single

master node.

• This configuration allows for the

required functionality and the log

ingestion rates generated from the

management components



bution


vRealize Automation Infrastructure as a Service Design

32


• The Cloud Management Platform (CMP), of

which vRealize Automation is a central

component, enables a usage model that

includes interaction between users, the CMP

itself, the supporting infrastructure, and the

provisioning infrastructure.

• vRealize Automation supports deployments

with a single tenant or multiple tenants.

• This design deploys a single tenant containing

two business groups.

• The first business group is designated for

production workloads provisioning.

• The second business group is designated

for development workloads provisioning.



bution


Summary – Consolidated Management and WorkloadVMware Validated Design for SDDC

▪ Consolidates Management, Edge, and Workload into a single pod.

▪ Requires only a minimum of 4 ESXi hosts

▪ All functional testing and validation of the design is done using vSAN.

▪ Any supported storage may be used. Adjust the operations guidance.

▪ Network Transport

▪ Supports both L2 and L3 transport services.

▪ Scalable and vendor-neutral network, use an L3 transport.

▪ Ready for Scale

▪ Expandable to a 32 ESXi host pod.

▪ SDDC solutions easily scale – deployed w/ native or NSX load balancing in place.

▪ Transitions to Two-Pod Distributed Management and Workload (Standard)

▪ Downtime Required

▪ Single Region and Single Availability Zone

▪ License Flexibility for NSX (No Universal Objects)

External

Connection

WAN/LAN



bution


Additional ResourcesVMware Validated Design for SDDC 4.1

Resource URL

Product Page vmware.com/go/vvd

Download vmware.com/go/vvd-sddc

Poster vmware.com/go/vvd-sddc-poster

Community vmware.com/go/vvd-community

Videos and Demos vmware.com/go/vvd-videos

Certified Partner Architectures vmware.com/go/vvd-cpa

Twitter @VMwareSDDC

… and more! vmwa.re/vvd



bution

http://vmware.com/go/vvd

http://vmware.com/go/vvd-sddc

http://vmware.com/go/vvd-sddc-poster

http://vmware.com/go/vvd-community

http://vmware.com/go/vvd-community

http://vmware.com/go/vvd-cpa

http://twitter.com/VMwareSDDC

http://vmwa.re/vvd

© 2017 VMware Inc. All rights reserved. | Slide 35

Access the Documentationvmware.com/go/vvd-docs

Get StartedVMware Validated Design for SDDC

Professional Servicesvmware.com/go/services

Certified Partner Architecturesvmware.com/go/vvd-cpa



bution



bution

PBO2631BE A Base Design for Everyone’s Data Center: The ... · Senior SDDC Integration Architect...

Documents

Transcript of PBO2631BE A Base Design for Everyone’s Data Center: The ... · Senior SDDC Integration Architect...