PBO2631BE A Base Design for Everyone’s Data Center: The ... · Senior SDDC Integration Architect...
Transcript of PBO2631BE A Base Design for Everyone’s Data Center: The ... · Senior SDDC Integration Architect...
Gary BlakeSenior SDDC Integration Architect
garyjblake
PBO2631BE
#VMworld #PB02631BE
A Base Design for Everyone’s Data Center: The Consolidated VMware Validated Design (VVD)
VMworld 2017 Content: Not fo
r publication or distri
bution
#PB02631BE CONFIDENTIAL
• This presentation may contain product features that are currently under development.
• This overview of new technology represents no commitment from VMware to deliver these features in any generally available product.
• Features are subject to change, and must not be included in contracts, purchase orders, or sales agreements of any kind.
• Technical feasibility and market demand will affect final delivery.
• Pricing and packaging for any new technologies or features discussed or presented have not been determined.
Disclaimer
2
VMworld 2017 Content: Not fo
r publication or distri
bution
#PB02631BE CONFIDENTIAL
Software-Defined Data Center Momentum
vSphere 6.x Adoption
vSANRamp
New Horizons -vSphere Integrated Containers / Photon
NSX Going Mainstream
vRealizeExpanding Reach
3
VMworld 2017 Content: Not fo
r publication or distri
bution
#PB02631BE CONFIDENTIAL
Building the Cloud is Often
the Bottleneck
VMworld 2017 Content: Not fo
r publication or distri
bution
#PB02631BE CONFIDENTIAL
But, bringing them together is hard…
Demand for technologies that
simplify infrastructure is high
Complicated integration
Vendor lock-in
Point solutions
Hyper-ConvergedInfrastructure
NetworkVirtualization
InfrastructureAs-a-Service
Public Clouds
ContainerizedApps
DatacenterTrends
VMworld 2017 Content: Not fo
r publication or distri
bution
#PB02631BE CONFIDENTIAL
Approaches to Implement the Software-Defined Data Center
Custom
Do It Yourself
▪ Design a custom architecture with in-house knowledge
▪ Manually deploy and maintain multiple individual software components
Build Your Own with
VMware Validated Designs
▪ The VMware Validated Designs provide standardized architecture
designs with extensively tested interoperability of the software
components
▪ Manually deploy individual software components following the VVD
guidelines and best practices to deploy and operate the SDDC
Automated with
VMware Cloud Foundation
▪ A VMware Cloud Foundation system is an integrated SDDC platform with
built-in automation for bring-up, configuration and patching/upgrading of the
stack
▪ Automatically implement an SDDC with a validated architecture that reflects
with VMware best practices by deploying VMware Cloud Foundation
VMworld 2017 Content: Not fo
r publication or distri
bution
#PB02631BE CONFIDENTIAL
Permutation Control
7
t=0t=Later
Uncontrolled
Validated Design
Cloud Foundation
Greater Risk
Greater Risk
Less RiskBest possible
Less Risk
VMworld 2017 Content: Not fo
r publication or distri
bution
#PB02631BE CONFIDENTIAL
VMware Validated DesignsPrescriptive Blueprints with Comprehensive Deployment and Operational Practices
✓Broad Use Cases
ComprehensiveDocumentation
Proven & RobustStandardized
Designs VMworld 2017 Content: Not fo
r publication or distri
bution
#PB02631BE CONFIDENTIAL
VMware Validated Designs
9
A History Lesson
1.0
2.0
3.0
3.0.2
4.0
4.1
February 2016▪ 12mo of Engineering▪ Release to PSO
and Partners
September 2016
▪ 2mo of Engineering
▪ Dual Region with DR
▪ Two Pod Architecture
July 2016
▪ 3.5mo of Engineering
▪ Smaller scope.(i.e. Dual Region + DR)
November 2016
▪ 1.5mo of Engineering
▪ Added M-Seg Use Case
▪ Added IT Automating IT Guide
March 2017
▪ 1.5mo of Engineering.
▪ Major Product Updates
▪ Added ROBO
August 2017
▪ 4mo of Engineering• Minor Product Updates• Consolidated Pod
Option
VMworld 2017 Content: Not fo
r publication or distri
bution
#PB02631BE CONFIDENTIAL
Design Objectives
Overall Objective SDDC capable of automated provisioning of workloads
Type of Deployment Greenfield and Brownfield
Cloud Type Private Cloud
Regions and Disaster Recovery Dual-region SDDC that Supports Disaster Recovery
▪ Guidance for an SDDC whose management components are designed to operate in the event of
planned migration or disaster recovery.
▪ Guidance for an SDDC that supports two regions for both management and tenant workloads.
▪ Operations guidance for disaster recovery and planned migration
Pods Two Pod
▪ Management Pod – Runs the management stack.
▪ Shared Edge and Compute Pod – Runs tenant workloads, and services for north-south plus east-
west routing.
One Pod
▪ Consolidated Pod – Runs the management stack, tenant workloads, and services for north-south
plus east-west routing.
Max Number of VM ▪ 10,000 Running VMs
▪ 150 VM deployments/hour
Design ObjectivesVMware Validated Design for SDDC
Design Objectives
Overall Availability 99%
= 3.65 days downtime/year
= 1.7 hours downtime/week
Planned downtime expected for upgrades, patching, on-going maintenance.
Authentication, Authorization, and
Access Control
▪ Use of Microsoft Active Directory as a central user repository
▪ Use of service accounts with minimum required authentication and Access Control List
configuration.
▪ Use of basic tenant accounts.
Certificate Signing Certificates are signed by an external certificate authority (CA) that consists of a root and intermediate
authority layers
Hardening Tenant workload traffic can be separated from the management traffic.
The design uses a distributed firewall to protect all management applications. To secure the SDDC, only
other management solutions and approved administration IP addresses can directly communicate with
individual components.
VMworld 2017 Content: Not fo
r publication or distri
bution
#PB02631BE CONFIDENTIAL
Design Decisions
11
290+ in VMware Validated Design for SDDC
Reduces risk by providinga baseline of standardization.
Ensures the design meets the design objectives.
Reinforces standardization with justification and
implications.Easy to follow checklist form.
VMworld 2017 Content: Not fo
r publication or distri
bution
#PB02631BE CONFIDENTIAL
Example Design DecisionsVMware Validated Design for SDDC
NSX Design > Routing Design > Routing Model Design Decisions (4.1)
Decision ID Design Decision Design Justification Design Implication
SDDC-VI-SDN-017 Deploy NSX Edge Services Gateways
in an ECMP configuration for
north/south routing in both
management and shared edge and
compute clusters.
The NSX ESG is the recommended
device for managing north/south
traffic. Using ECMP provides multiple
paths in and out of the SDDC. This
results in faster failover times than
deploying Edge service gateways in
HA mode.
ECMP requires 2 VLANS for uplinks
which adds an additional VLAN over
traditional HA ESG configurations.
SDDC-VI-SDN-018 Deploy a single NSX UDLR for the
management cluster to provide
east/west routing across all regions.
Using the UDLR reduces the hop
count between nodes attached to it to
1. This reduces latency and improves
performance.
UDLRs are limited to 1,000 logical
interfaces. When that limit is reached,
a new UDLR must be deployed.
SDDC-VI-SDN-019 Deploy a single NSX UDLR for the
shared edge and compute, and
compute clusters to provide east/west
routing across all regions for
workloads that require mobility across
regions.
Using the UDLR reduces the hop
count between nodes attached to it to
1. This reduces latency and improves
performance.
UDLRs are limited to 1,000 logical
interfaces. When that limit is reached
a new UDLR must be deployed.
VMworld 2017 Content: Not fo
r publication or distri
bution
#PB02631BE CONFIDENTIAL
Software ComponentsVMware Validated Design for SDDC
VMware vRealize Automation
VMware
NSX
VMware
vRealize Operations
VMware
vSAN
VMware vSphere APIs for
Data Protection (VADP)
VMware
vSphere
VMware
vRealize Log Insight
VMware vRealize Business for Cloud VMware Site Recovery Manager
VMworld 2017 Content: Not fo
r publication or distri
bution
#PB02631BE CONFIDENTIAL
How do we Create and Validate?
14
Compliance
and Security
Scale Testing
VMware
Validated
Designs
Interoperability
Measurement and
Optimization
VMworld 2017 Content: Not fo
r publication or distri
bution
#PB02631BE CONFIDENTIAL
vRealize Business 7.3for Cloud
vRealize Automation 7.3vSphere 6.5 U1
vSAN 6.6.1
Site Recovery Manager 6.5.1 vRealize Log Insight 4.5and Content Packs
vRealize Operations 6.6.1and Management Packs
NSX 6.3.3
Bill of MaterialsVMware Validated Design for SDDC 4.1
For a complete list refer to the release notes.
VMworld 2017 Content: Not fo
r publication or distri
bution
#PB02631BE CONFIDENTIAL
Bill of MaterialsVMware Validated Design for SDDC 4.1
Product Group and Edition Product 4.0 4.1
VMware vSphere Enterprise Plus ESXi 6.5.0 a 6.5.0 Update 1
vSphere Data Protection 6.1.3 6.1.4
Update Manager 6.5.0 a 6.5.0 Update 1
VMware vCenter Server Standard vCenter Server 6.5.0 a 6.5.0 Update 1
VMware vSAN Standard or higher vSAN 6.5 a 6.6.1
VMware NSX Enterprise NSX 6.3 6.3.3
VMware vRealize Operations Advanced or higher vRealize Operations Manager 6.4 6.6.1
Management Pack for NSX for vSphere 3.5 3.5.1
Management Pack for Storage Devices 6.0.5 6.0.5
VMworld 2017 Content: Not fo
r publication or distri
bution
#PB02631BE CONFIDENTIAL
Product Group Product 4.0 4.1
VMware vRealize Log Insight vRealize Log Insight 4.0 4.5
Content Pack for NSX for vSphere 3.5 3.6
Content Pack for Linux - 1.0
Content Pack for vRealize Automation 7 1.0 1.5
Content Pack for vRealize Orchestrator 7.0.1+ 2.0 2.0
Content Pack for Microsoft SQL Server 3.0 3.0
VMware vRealize Automation Advanced or higher vRealize Automation 7.2 7.3
vRealize Orchestrator 7.2 7.3
vRealize Orchestrator Plug-in for NSX 1.0.4 1.0.4
VMware vRealize Business for Cloud Standard vRealize Business for Cloud 7.2 7.3
VMware Site Recovery Manager Enterprise Site Recovery Manager 6.5 6.5.1
Bill of MaterialsVMware Validated Design for SDDC 4.1
VMworld 2017 Content: Not fo
r publication or distri
bution
#PB02631BE CONFIDENTIAL
Environmental and External Systems Requirements
18
VMware Validated Design for SDDC
Active Directory
Certificate Authority
DNS and NTP
SMTP Relay
SFTP
Rack Space
Power
Cooling
VMworld 2017 Content: Not fo
r publication or distri
bution
#PB02631BE CONFIDENTIAL
Dual-Region Deployment ReadyVMware Validated Design for SDDC
Characteristics & Restrictions
▪ Regional Distance is Rather Large
▪ A Region May Be Treated as an SDDC
▪ Multiple Regions are Not Treated as a Single SDDC
Workload Placement Closer to Customer
▪ Northern California and Southern California
▪ US East Coast and US West Coast
▪ US Region and EU Region
Common Uses
▪ Disaster Recovery: One region can be the primary site
and another region can be the recovery site.
▪ Data Privacy: Address laws & restrictions in some
countries by keeping tenant data within a region in the
same country.
San Francisco, CAPrimary Region
Los Angeles, CASecondary Region
VMworld 2017 Content: Not fo
r publication or distri
bution
#PB02631BE CONFIDENTIAL
Availability ZonesVMware Validated Design for SDDC
AVAILABILIITY ZONE
AVAILABILIITY ZONE Characteristics
• “Islands” of infrastructure for physical isolation or
building-level redundancy and high-availability.
• Positioned within “metro” distance to allow
synchronous storage replication. (~50km/30mi with low single-digit latency and large bandwidth)
• Allows the SDDC equipment across the availability
zone to operate in an active/active manner as a single
virtual data center or region.
• Isolated enough from each other to stop the
propagation of failure or outage across their
boundaries.
Early Access Preview
• Guidance for vSAN Stretched Clusters
within a region.
VMworld 2017 Content: Not fo
r publication or distri
bution
#PB02631BE CONFIDENTIAL
Use Cases – Focus on What Runs in the SDDCVMware Validated Designs
Remote Office /
Branch OfficeMicro-Segmentation IT Automating IT
Cloud Native
Applications
Compliance
Capable Solutions
Virtual Desktop /
Digital Workspace
Intelligent
Operations
Business Critical
ApplicationsVMworld 2017 Content: N
ot for publicatio
n or distribution
#PB02631BE CONFIDENTIAL
Architecture OverviewVMware Validated Design for SDDC – Consolidated SDDC
Main components:
• Physical Layer
• Virtual Infrastructure Layer
• Cloud Management Layer
• Service Management
• Business Continuity
• Security
VMworld 2017 Content: Not fo
r publication or distri
bution
#PB02631BE CONFIDENTIAL 23
StandardizedElevation
Leaf-and-SpineNetwork
Out-of-BandManagement
FunctionalRoles
PodsVMware Validated Design for SDDC
VMworld 2017 Content: Not fo
r publication or distri
bution
#PB02631BE CONFIDENTIAL
High-Level Deployment Architecture Objectives
24
VMware Validated Design for SDDC
Two-Pod / Standard Architecture One-Pod / Consolidated Architecture
Minimum Hosts 8 4
Management VMs420 GB vRAM,
2TB VSAN, 6 TB NFS50% - 70% less
RecoverabilityDual Region
(and Availability Zones in Tech Preview)Single Region (DR to cloud)
Scale (VMs) 1,000 to 10,000 100 to 2,500
Churn Medium (up to 150/hr) Low (up to 50/hr)
Availability 99% 95%
ModularityFoundation Cloud Operations Cloud Management
+ Use Cases, Solutions, ROBO optionsFoundation Cloud Operations Cloud Management
Expansion options Additional Compute Pods (Up to 32 Hosts Each)Expand Pod to 32 Hosts,
or Grow to 2-Pod (with downtime)
VMworld 2017 Content: Not fo
r publication or distri
bution
#PB02631BE CONFIDENTIAL
Licensing Options
25
VMware Validated Design for SDDC
Two-Pod / Standard Architecture One-Pod / Consolidated Architecture
Individual
vSphere Enterprise +
vCenter Sever Standard
* vSAN Standard
NSX for vSphere Enterprise
vRealize Operations Advanced
vRealize Log Insight
vRealize Automation Advanced
vRealize Business for Cloud Standard
Site Recovery Manager Enterprise (dual region)
vSphere Enterprise +
vCenter Server Standard
* vSAN Standard
NSX for vSphere Advanced
vRealize Operations Advanced
vRealize Log Insight
vRealize Automation Advanced
vRealize Business for Cloud Standard
Bundling
vCloud Suite with vRealize Suite Advanced
* vSAN Standard
NSX for vSphere Enterprise
Site Recovery Manager Enterprise (dual region)
vCloud Suite with vRealize Suite Advanced
* vSAN Standard
NSX for vSphere Advanced
* Preferred storage option
VMworld 2017 Content: Not fo
r publication or distri
bution
#PB02631BE CONFIDENTIAL
Pod Types
26
VMware Validated Design for SDDC
Consolidated Pod. The consolidated pod runs the following services:
• Virtual machines to manage the SDDC such as vCenter Server, NSX
manager, vRealize Automation, vRealize Log Insight, vRealize
Operations Manager and vSphere Data Protection.
• Required NSX services to enable north-south routing between the
SDDC and the external network, and east-west routing inside the
SDDC.
• Virtual machines running business applications supporting varying
Service Level Agreements (SLAs).
• Should have a minimum of 4 ESXi hosts
Storage Pod. Storage pods provide secondary storage using NFS, iSCSI
or Fibre Channel.
VMworld 2017 Content: Not fo
r publication or distri
bution
#PB02631BE CONFIDENTIAL
Layer 3 or Layer 3 Transport
27
VMware Validated Design for SDDC
Example Layer 2 Transport Example Layer 3 Transport
VMworld 2017 Content: Not fo
r publication or distri
bution
#PB02631BE CONFIDENTIAL
Virtual Infrastructure Architecture
28
VMware Validated Design for SDDC
• The virtual infrastructure is the foundation of an
operational SDDC
• The virtual infrastructure layer consists primarily of
the physical hosts' hypervisors and the control of
these hypervisors.
VMworld 2017 Content: Not fo
r publication or distri
bution
#PB02631BE CONFIDENTIAL
Consolidated Cluster Design
29
VMware Validated Design for SDDC
• The management virtual machines, NSX controllers and edges, and
tenant workloads run on the ESXi hosts in the consolidated cluster.
• The consolidated cluster design requires a minimum of 4 hosts:
• Three hosts are used to provide n+1 redundancy for the vSAN
cluster.
• The fourth host is used to guarantee n+1 for vSAN redundancy
during maintenance operations.
• You can add ESXi hosts to the cluster as needed.
• NSX deploys 3 Controllers with anti-affinity rules. the forth host is
used to guarantee controller distribution across 3 hosts during
maintenance operation.
• ESXi hosts are limited to 200 virtual machines when using vSAN.
VMworld 2017 Content: Not fo
r publication or distri
bution
#PB02631BE CONFIDENTIAL
Logical and Physical Design of vRealize Operations Manager
30
VMware Validated Design for SDDC
In the consolidated SDDC, you deploy a vRealize
Operations Manager configuration that consists of the
following entities.
• 1-node (medium-size) vRealize Operations Manager
analytics cluster. This topology provides the ability to
add high availability, scale-out capacity up to sixteen
nodes, and failover.
• 1 standard remote collector node. The remote
collectors communicate directly with the vRealize
Operations Manager analytics cluster. The design
uses remote collectors whose role is to ease
scalability by performing the data collection for
localized applications and periodically sending
collected data to the analytics cluster.
VMworld 2017 Content: Not fo
r publication or distri
bution
#PB02631BE CONFIDENTIAL
Logical Design and Data Sources of vRealize Log Insight
31
VMware Validated Design for SDDC
• In the Consolidated SDDC, deploy
a single vRealize Log Insight
instance that consists of a single
master node.
• This configuration allows for the
required functionality and the log
ingestion rates generated from the
management components
VMworld 2017 Content: Not fo
r publication or distri
bution
#PB02631BE CONFIDENTIAL
vRealize Automation Infrastructure as a Service Design
32
VMware Validated Design for SDDC
• The Cloud Management Platform (CMP), of
which vRealize Automation is a central
component, enables a usage model that
includes interaction between users, the CMP
itself, the supporting infrastructure, and the
provisioning infrastructure.
• vRealize Automation supports deployments
with a single tenant or multiple tenants.
• This design deploys a single tenant containing
two business groups.
• The first business group is designated for
production workloads provisioning.
• The second business group is designated
for development workloads provisioning.
VMworld 2017 Content: Not fo
r publication or distri
bution
#PB02631BE CONFIDENTIAL
Summary – Consolidated Management and WorkloadVMware Validated Design for SDDC
▪ Consolidates Management, Edge, and Workload into a single pod.
▪ Requires only a minimum of 4 ESXi hosts
▪ All functional testing and validation of the design is done using vSAN.
▪ Any supported storage may be used. Adjust the operations guidance.
▪ Network Transport
▪ Supports both L2 and L3 transport services.
▪ Scalable and vendor-neutral network, use an L3 transport.
▪ Ready for Scale
▪ Expandable to a 32 ESXi host pod.
▪ SDDC solutions easily scale – deployed w/ native or NSX load balancing in place.
▪ Transitions to Two-Pod Distributed Management and Workload (Standard)
▪ Downtime Required
▪ Single Region and Single Availability Zone
▪ License Flexibility for NSX (No Universal Objects)
External
Connection
WAN/LAN
VMworld 2017 Content: Not fo
r publication or distri
bution
#PB02631BE CONFIDENTIAL
Additional ResourcesVMware Validated Design for SDDC 4.1
Resource URL
Product Page vmware.com/go/vvd
Download vmware.com/go/vvd-sddc
Poster vmware.com/go/vvd-sddc-poster
Community vmware.com/go/vvd-community
Videos and Demos vmware.com/go/vvd-videos
Certified Partner Architectures vmware.com/go/vvd-cpa
Twitter @VMwareSDDC
… and more! vmwa.re/vvd
VMworld 2017 Content: Not fo
r publication or distri
bution
© 2017 VMware Inc. All rights reserved. | Slide 35
Access the Documentationvmware.com/go/vvd-docs
Get StartedVMware Validated Design for SDDC
Professional Servicesvmware.com/go/services
Certified Partner Architecturesvmware.com/go/vvd-cpa
VMworld 2017 Content: Not fo
r publication or distri
bution
VMworld 2017 Content: Not fo
r publication or distri
bution
VMworld 2017 Content: Not fo
r publication or distri
bution