VMware Backup & Replication VMware vSphere | VMware vCenter.
Splunkfor* VMware - .conf20 | Splunk€¦ · Integrated*Insights*Into*Your*VMware*Environment* 15...
Transcript of Splunkfor* VMware - .conf20 | Splunk€¦ · Integrated*Insights*Into*Your*VMware*Environment* 15...
Copyright © 2014 Splunk Inc.
Splunk for VMware Architecture & Design
Michael Donnelly, Sr. Sales Engineer
Disclaimer
2
During the course of this presentaEon, we may make forward looking statements regarding future events or the expected performance of the company. We cauEon you that such statements reflect our current expectaEons and
esEmates based on factors currently known to us and that actual events or results could differ materially. For important factors that may cause actual results to differ from those contained in our forward-‐looking statements,
please review our filings with the SEC. The forward-‐looking statements made in the this presentaEon are being made as of the Eme and date of its live presentaEon. If reviewed aQer its live presentaEon, this presentaEon may not contain current or accurate informaEon. We do not assume any obligaEon to update any forward looking statements we may make. In addiEon, any informaEon about our roadmap outlines our general product direcEon and is subject to change at any Eme without noEce. It is for informaEonal purposes only and shall not, be incorporated into any contract or other commitment. Splunk undertakes no obligaEon either to develop the features or funcEonality described or to
include any such feature or funcEonality in a future release.
Splunk for VirtualizaEon Prep quesEons for today’s discussion: Your Physical VMware environment: – ESXi servers, vCenter servers – Storage soluEons Eed to VMware – Network devices What are the problems you are hoping to solve? Which groups are affected? Are you familiar with Splunk already? What do you use Splunk for today?
3
Splunk Enterprise 6
4
Alerts Messages Metrics Changes Scripts ConfiguraEons Log Files
Indexes Any Data from Any Source
Databases Networks Servers Virtual Machines
Smartphones and Devices
Custom ApplicaEons Security
Tickets
Web Server Sensors
Splunk Enterprise 6
5
IT users Data Analysts
Security Analysts
Business Users
Databases Networks Servers Web Services
Smartphones and Devices
Custom ApplicaEons Security
Any Machine Data
VMware Admins
App Developers
Industry Leading Placorm for Machine Data
6
Any Machine Data Opera9onal Intelligence
HA Indexes and Storage
Search and Inves9ga9on
Proac9ve Monitoring
Opera9onal Visibility
Real-‐9me Business Insights
Commodity Servers
Online Services Web
Services
Servers Security GPS
LocaEon
Storage Desktops
Networks
Packaged ApplicaEons
Custom ApplicaEons Messaging
Telecoms Online
Shopping Cart
Web Clickstreams
Databases
Energy Meters
Call Detail Records
Smartphones and Devices
RFID
OpEmal VirtualizaEon
At Splunk, we know that our customers want to maximize the usability of their investment into their virtualized environments. In order to get the best return on your Virtualiza@on investments, you need to u@lize your available resources op@mally. To do this, one must know which servers are overtaxed, which are underu@lized. One must be proac@ve about the known and hidden risks that are oCen present when virtualizing the environment. 7
Key Benefits
8
Reduce MTTR
Eliminate silos – gain visibility into virtualizaEon health in relaEon to applicaEons,
storage, operaEng systems, networks and other
infrastructure components
Maximize ROI
Improve infrastructure uElizaEon efficiencies and
avoid over-‐provisioning with granular insights into resource consumpEon
Reduce Costs
Reclaim and reuse unused resources aQer they are no longer needed avoiding a virtual sprawl with detailed analysis on your virtual
assets
“ I now have built-‐in visibility into latencies caused by my storage and
impact to the applicaEon performance”
“I can see how my workloads are using my vCPUs and RAM, thus avoiding high CPU wait Emes and opEmized resource uElizaEon.”
“We’ve recycled inacEve and abandoned VMs and avoided capital
expenditure.”
Virtual Datacenter Point SoluEons Too much complexity, too limle visibility
Performance data and summaries are not enough • VM tools keep summarized metrics, make it hard to idenEfy specific problems • VM Tools look at performance, but ignore log events
VMware environment data alone isn’t enough • Solving end-‐user or applicaEon-‐level problems requires visibility across technology Eers, including OS and ApplicaEon data
Point soluEons offer only one piece of the puzzle • Maintaining OperaEonal Health includes other dependencies: Storage, Network, DNS, DHCP, Firewall, Routers, etc.
• Maintaining mulEple point soluEons: increased costs, correlaEons by hand
9
10
Typical Splunk Deployment
SAN & NAS
Splunk Environment
Network Infrastructure
AcEve Directory
Virtual Servers: Web, middleware, apps
CriEcal Infrastructure
Servers Networking
11
vCenter Server
ESXi Hosts
Your Physical VMware Environment
VMware environment
SAN & NAS
Splunk Environment
Network Infrastructure
AcEve Directory
Virtual Servers: Web, middleware, apps
CriEcal Infrastructure
Servers Networking
12
vCenter Server
ESXi Hosts
Your Actual Physical VMware Environment
VMware environment
SAN & NAS
Splunk Environment
Network Infrastructure
AcEve Directory
Virtual Servers: Web, middleware, apps
CriEcal Infrastructure
Servers Networking
13
vCenter Server
ESXi Hosts
Your Full VMware Environment
VMware environment
SAN & NAS
Splunk Environment
Network Infrastructure
AcEve Directory
Virtual Servers: Web, middleware, apps
CriEcal Infrastructure
Servers Networking
Demo
14
Integrated Insights Into Your VMware Environment
15
Proac9ve Monitoring
Comprehensive Analy9cs
End-‐to-‐end Visibility
APP
OS
VMware vSphere
Physical Layer
Servers Storage Network Devices
VMware vCenter Server(VC)
APP
OS VM VM
Report
Correlate
Monitor
Explore
Real-‐@me ac@onable insights into problem spots and health issues
Real-‐@me and historical insights into performance, security, capacity, forecas@ng, outlier detec@on and change tracking
Scalable big data solu@on for holis@c visibility across all technology @ers
16
vCenter Server
ESXi Hosts
Splunk for VMware Architecture
Physical VMware environment
Splunk DCN
SAN & NAS
Splunk Environment
Network Infrastructure
Performance (API)
AcEve Directory
CriEcal Infrastructure
Servers Networking
vCenter Logs
ESXi logs
THANK YOU Thank You
Deployment Details
19
vCenter Server
ESXi Hosts
Splunk for VMware – Required ConnecEvity
Physical VMware environment
SAN & NAS
Splunk Environment
API: TCP 443
Networking
TCP 8089 & 8008
TCP 9997
vCenter Logs: TCP 9997
Syslog: TCP 1514 UDP 514
TCP 9997
DCN
Syslog Server
TCP 443
Deployment notes
• All of the ports menEoned in the previous slide are the default ports; Splunk can be adapted to use alternates.
• If you’re using search head pooling – there are addiEonal details covered in the installaEon guide. You must use a dedicated search head (not pooled) to act as the Data CollecEon Scheduler.
• During installaEon, the DCN will be configured either by SSH or remote console access; addiEonal configuraEon is done via the Splunk web UI on TCP port 8000. Ensure that access by SSH/8000 or by CLI via console will be possible.
20