VMware Cross-Cloud Architecture E-Book

VMware Cross-Cloud Architecture

Copyright © 2018 Packt Publishing

All rights reserved. No part of this book may be reproduced, stored in a retrieval system, or transmitted in any form or by any means, without the prior written permission of the publisher, except in the case of brief quotations embedded in critical articles or reviews.

Every effort has been made in the preparation of this book to ensure the accuracy of the information presented. However, the information contained in this book is sold without warranty, either express or implied. Neither the author, nor Packt Publishing or its dealers and distributors, will be held liable for any damages caused or alleged to have been caused directly or indirectly by this book.

Packt Publishing has endeavored to provide trademark information about all of the companies and products mentioned in this book by the appropriate use of capitals. However, Packt Publishing cannot guarantee the accuracy of this information.

Commissioning Editor: Vijin BorichaAcquisition Editor:Namrata PatilContent Development Editor:Amrita NoronhaTechnical Editor:Nilesh SawakhandeCopy Editor: Safis EditingProject Coordinator:Shweta H BirwatkarProofreader: Safis EditingIndexer:Tejal Daruwale SoniGraphics:Jisha ChirayilProduction Coordinator:Aparna Bhagat

First published: March 2018

Production reference: 1280318

Published by Packt Publishing Ltd. Livery Place 35 Livery Street Birmingham B3 2PB, UK.

ISBN 978-1-78728-343-5

www.packtpub.com

Mapt is an online digital library that gives you full access to over 5,000 books and videos, as well as industry leading tools to help you plan your personal development and advance your career. For more information, please visit our website.

Why subscribe?

Spend less time learning and more time coding with practical eBooks and Videos from over 4,000 industry professionals

Improve your learning with Skill Plans built especially for you

Get a free eBook or video every month

Mapt is fully searchable

Copy and paste, print, and bookmark content

PacktPub.com

Did you know that Packt offers eBook versions of every book published, with PDF and ePub files available? You can upgrade to the eBook version at www.PacktPub.com and as a print book customer, you are entitled to a discount on the eBook copy. Get in touch with us at [email protected] for more details.

At www.PacktPub.com, you can also read a collection of free technical articles, sign up for a range of free newsletters, and receive exclusive discounts and offers on Packt books and eBooks.

Contributors

About the author

Ajit Pratap Kundan is an infrastructure software consultant with 18 years' experience, having has worked with Novell, Redington, PCS, and Innodata. Currently, he is a technical consultant at VMware, Delhi and provides productive solutions for Federal Government clients, espousing the benefits of hybrid cloud with cross-cloud services. He has a graduate degree in electronics engineering from Pune University with experience in Lotus, Tivoli, PlateSpin, IDM, SUSE Linux, Sentinel, and all of the VMware products. He is an ITIL, CCNA, Lotus, SUSE, Red Hat, and VMware-certified professional.

About the reviewer

Daniel Jonathan Valik is an industry expert in unified communications and collaboration technologies, cloud computing, and Platform as a Service (PaaS). He has worked for large software companies and start-ups in Europe, Asia (APAC), and the US. He is the founder of Hanako Consulting LLC—a strategy, product marketing, and management consulting company. He has strong expertise in areas such as IoT, DevOps, Automation, Microservices, Containerization, Virtualization, Cloud-Native Applications, Artificial Intelligence, and Contact Center Technologies.

Packt is searching for authors like you

If you're interested in becoming an author for Packt, please visit authors.packtpub.com and apply today. We have worked with thousands of developers and tech professionals, just like you, to help them share their insight with the global tech community. You can make a general application, apply for a specific hot topic that we are recruiting an author for, or submit your own idea.

Table of Contents

Title Page

Copyright and Credits

VMware Cross-Cloud Architecture

Packt Upsell

Why subscribe?

PacktPub.com

Contributors

About the author

About the reviewer

Packt is searching for authors like you

Preface

Who this book is for

What this book covers

To get the most out of this book

Download the color images

Conventions used

Get in touch

Reviews

The Freedom with Cross-Cloud Architecture

Scaling your business with Cross-Cloud Architecture

Top IT drivers for integrating public clouds

Cloud challenges and solutions

Challenge 1 – connection and security with full compliance and control

Challenge 2 – managing/integrating across clouds

VMware Cross-Cloud Architecture

Secure connectivity across clouds

The backbone of a private cloud

Extending services to public clouds

Multi-cloud/mixed cloud use cases

Cloud solutions supporting business objectives

Modernizing your data center

VMware hybrid clouds

VMware – a partner for every cloud

VMware vCloud Air

AWS hybrid cloud

IBM Cloud for VMware solutions

Solution features

Reference architecture

IBM Cloud for VMware solutions

Conceptual view

Logical view

Deployment view

Summary

Implementing Service Architecture for Cross-Cloud Services

Architecture overview

Seamless integration of software-defined services

Automating IT infrastructure

Policy-based resource containers

Automating manual and repetitive tasks

Unified Management Console

Scalability and performance

Workload domains

Management workload domain

Workload domains

VDI workload domains

Hardware architecture – rack architecture

Rack hardware

Rack sizing

Rack wiring

Storage architecture (software-defined storage)

vSAN storage policies

Network architecture (network virtualization or software-defined network)

Logical network design

VMware Cloud Foundation software design

SDDC Manager

Physical Resource Manager

Logical Resource Manager

LRM Controller

LRM logical resources and LRM services

Hardware Management Service (HMS)

Lifecycle management

vSphere products

NSX

vRealize products

vRealize Operations Manager

vRealize Log Insight

vRealize Automation, VMware vRealize Business, and VMware vRealize Orchestrator

Summary

Transforming a Data Center from Silos to Software-Defined Services

Need for VMware in data center transformation

Business requirements of customers

Interoperability and integration

Logical design

Orchestrator topology choice

Orchestrator server mode choice

vRealize Orchestrator SDDC cluster choice

Integrated architecture design model for private and public clouds

Private cloud integrated architecture design with network and security

Integrated architecture design for virtual machines and applications

Consumption model of network services components

Components and processes for logical switching

vRealize Automation with logical switching consumption overview

Introduction to DevOps and its benefits

Building, deploying, and running services in an innovative way

SDDC object life cycle

vRealize code stream functionality

Automating application release without manual intervention

Advantages of DevOps

Summary

Designing a Mixed Cloud Model with VMware

Core elements of VMware's Cross-Cloud Architecture

Cross-Cloud Services

Choosing suitable applications to move in the cloud

VMware Cloud on AWS

Components/technologies used in VMware-AWS partnerships

Migrating your existing applications to AWS

Application migration phases with supporting tools

Migration assessment

Schema conversion

Conversion of embedded SQL and application code

Data migration

Testing converted code

Data replication

Deployment to AWS and Go-Live

Post-deployment monitoring

Managing AWS with vCenter

Managing administrators on the management portal

Steps for adding an administrator

Steps for removing an administrator

VPCs and subnets management

Steps for creating a VPC and subnets

Steps for deleting a VPC

Security groups management

Steps for creating a security group

Steps for deleting a security group

Environment management in AWS

Steps for creating an environment

Steps for deleting an environment

User permissions management

VM migration to Amazon EC2 with AWS Connector for vCenter

The VM import authorization process

Virtual machine migration process

Backing up the instance

Migrated EC2 instance export process

Troubleshooting migration

Validation of the certificates

VMware Cross-Cloud Model with IBM Cloud

Prerequisites

Components/services used in this architecture

VMware Cloud services architecture on SoftLayer

Physical infrastructure

Physical operational model

Logical operational model

Cluster (compute, storage, and network) architecture

Compute clusters

Management cluster

Edge cluster

Storage cluster

Physical network provided by SoftLayer

Simplicity

Scalability

High bandwidth

Fault-tolerant transport

Physical storage

vSAN

Network File System (NFS)

Storage virtualization

VMware SDS is vSAN

Virtual Machine Disks (VMDK)

Virtual infrastructure

Compute virtualization

Provisioning

Resource scheduling

Availability

Performance

Network virtualization

Network virtualization components

Distributed virtual switches

Network I/O control details

Network virtualization services

Infrastructure management

Compute management

Storage management

Network management

Common services

Identity and access services

DNS

NTP services

Simple Mail Transfer Protocol (SMTP) services

Certificate Authority (CA) services

Cloud management services

Service catalogue

Self-service portal

Infrastructure and process orchestration

Software orchestration

Operational services

Backup and restore

Disaster recovery

Monitoring

Log consolidation and analysis

Patching

Business services

Business management

IT financials

IT benchmarking

Cloud-based approaches for Disaster Recovery as a Service (DRaaS) solutions

Summary

Implementing Service Redundancy Across All Layers

vSphere virtualization software

VMware vCenter Management Server

vCenter main components

Environment preparation

Certificate for the vSphere Web Client and the Log Browser

Verify that the environment is working properly

Comparison of the vCenter deployment topologies

vSphere HA/redundancy features

vSphere HA

vSphere vMotion details

EVC feature details

vSphere DRS feature details

VMware vSphere Distributed Power Management

Resource pools feature details

vSphere Fault Tolerance

Relevance of vSphere Fault Tolerance for vCenter HA

VM Component Protection (VMCP)

vSphere Metro Storage Cluster (vMSC)

vSphere Replication

vCenter Watchdog

vCenter database clustering

Memory reservations

Maximizing memory performance

CPU and memory shares, reservations, and limits

Virtual machine disks

Multiple virtual disks

Virtual disk location

Swap file location

Virtual SCSI HBA type

Virtual NICs

Virtual GPUs

VMware vSphere Flash Read Cache

Guest operating system considerations

VMware Tools

Templates

Templates and multiple sites

Snapshot management

Virtual machine security considerations

Encryption and security certificates

Monitoring and management design practices

Time synchronization

Syslog logging

Performance monitoring

Virtual machine backup and restore

VM-to-VM affinity rules

Backup and recovery - embedded deployment model

Backup and recovery - external deployment model

Migration architecture design

Migration process flow

Migration scheduling

Migration execution

Migration validation

Customer business objectives

Migrated virtual machine framework

Responsibility matrix

Design risks

IaaS migration portal logical design

VMware CMP physical design

VMware Converter Linux migration process

VMware Converter agent

 Network/security changes

Port requirements

Operational readiness for migration

Pre-migration activities

P2V migration options

Hot clone - full outage

Hot clone – post-synchronisation

V2V migration options

V2V conversion

V2V requirements

CMP migration process

Timing estimate (P2V/V2V timing)

Post-migration activities

Summary

Designing Software-Defined Storage Services

Software-defined storage overview

Purpose and applicability to the SDDC solution

Business requirements

Requirements and dependencies

Architecture overview

Conceptual design

Logical design

Virtual SAN (vSAN)

vSAN design workflow

Design parameters/considerations for vSAN

Hardware considerations

Comparing hybrid and all-flash designs

SSDs

Magnetic hard disk drives

I/O controllers

Host memory requirements

Host CPU overhead

Hardware design decisions

Network design

vSAN network port group

Network speed requirements

Type of virtual switch

Jumbo frames

VLANs

Multicast requirements

Networking failover, load balancing, and teaming considerations

Network design decisions

vSAN cluster and datastore design

vSAN disk format

Disk groups

Failures to tolerate policy

Fault domains

Hosts per cluster

Deduplication, compression, and RAID 5/RAID 6 erasure coding

Datastore sizing

Virtual SAN TCO and Sizing Calculator

vSAN cluster and datastore design decisions

vSAN design assumptions

vSAN policy design

Application demand assessment

Policy design decisions

vSAN monitoring design

General monitoring practices

Virtual SAN Health Check Plug-in

Virtual SAN Observer

vRealize Operations Manager monitoring

Monitoring design

Scalability limits of vSAN

Product documentation and tools

VMware product documentation

Supporting documentation

Tools

Summary

VMware Cloud Assess, Design, and Deploy Services

VMware Cloud (SDDC) assessment, design, and deploy service solution overview

Virtualization conceptual design

Logical design

Virtualization logical design

Cloud tenant design

Comparison of single tenant and multi-tenant deployments

Single tenant deployment

Multitenant deployment

Cloud automation IaaS design

vSphere infrastructure

Infrastructure source endpoints

vRealize Operations Manager

Application architecture overview

vRealize Infrastructure Navigator

Application architecture overview

Security

Authentication

Communication

Licensing

vRealize Hyperic

Application architecture overview

vRealize Log Insight

Application architecture overview

Deployment architecture

Scalability

Security and authentication

Communication

Integration with different cloud components

vSphere integration

vRealize Operations Manager integration

VMware vRealize Business Manager

Conceptual design

vRealize Business Standard architecture

Data collection service

Data Transformation Service

FactsRepo inventory service

Server

Reference database

External interfaces

vRealize Business Standard appliance role

Supported product integrations

VMware vSphere

VMware vCloud Director

VMware vRealize Business Advanced and Enterprise

VMware vRealize Operations Manager

VMware vRealize Automation

Integrating vRealize Business with public clouds

Solution logical design

Service orientation principle

VMware vRealize Operations Manager

Business scenario

Interoperability requirements

Integration with vRealize Operations Manager

Integration between vRealize Operations Manager and vRealize Automation

Business objective

Integration requirements

Credentials

Firewall rules

Specific configuration with specific objects to be created and consumed

Application release automation with Zero Touch Deployment

Summary

Transforming Your Network Architecture

Assumptions, risks, constraints, and use cases

Design guidelines

Networking and distributed firewalling best practices

Network virtualization

NSX for vSphere components

NSX for vSphere platform

NSX Manager

Distributed firewall

Service composer

NSX for vSphere system requirements

Micro-segmentation conceptual design

Network virtualization logical design

NSX for vSphere component placement

High Availability of NSX for vSphere components

Scalability of NSX for vSphere Components

Firewall logical design

Distributed firewall

Security groups and policies

NSX Manager design

Network virtualization platform management

Consumption layer

NSX for vSphere logging environment

NSX for vSphere management layer

NSX for vSphere deployed components

Distributed firewall logs

Distributed firewall monitoring

Backup and recovery – backing up the NSX Manager data

Backing up the vSphere Distributed Switch

Monitoring and troubleshooting

Flow monitoring

Activity monitoring

vSphere Distributed Switch monitoring

Port mirroring

vSphere Distributed Switch alerts

vSphere Distributed Switch network health check

SNMP

NetFlow/Internet Protocol Flow Information Export (IPFIX)

Performance and scalability

Scalability considerations

VXLAN

MTU on the transport network

NSX Controller

IGMP usage

Hybrid mode

Brownfield migration

Migration inside the same hardware infrastructure

Migration to a new hardware infrastructure

NSX for vSphere port and protocol requirements

Reference documents

Summary

Dealing with Data Sovereignty

Security

Securing ESXi hosts

Lockdown mode

Securing vCenter Server

Encryption and security certificates

Virtual network security considerations

Network firewalls and vCenter Server

Securing virtual machines with vLANs

Securing virtual switch ports

Securing iSCSI storage connectivity

Securing NFS storage connectivity

Virtual machine security considerations

Security design decisions

Micro-segmentation – how to define security on east-west traffic

PAN security – integrating NSX with Palo Alto

Application modeling for micro-segmentation – protecting your apps from east-west traffic in a data center

VMware vRealize Configuration Manager architecture design

Backup and restore

General use cases of customers

vRealize Configuration Manager logical architecture overview

VCM platform

Summary

Designing Effective Compliance Regulations to Fix Violations

Best practices to follow for compliance regulations

Data collection

Data analysis

Report generation and data integration

Standard use cases

Network virtualization

NSX Edge Gateway Firewall and Trust Groups

VMware vCloud Hybrid Manager

Phase 1 – Planning

Phase 2 – Kickoff

Phase 3 – Solution overview

Phase 4 – Assess

Phase 5 – Design

Conceptual design

Logical design

VMware vRealize Configuration Manager platform

vRealize Configuration Manager guest OS compliance

Summary

Lower TCO and Greater ROI with Maximum Agility

Operational readiness for the cloud

Phase 1 – Cost Center

Phase 2 – Service Provider

Phase 3 – Business Partner

Contrasting approaches to building a private cloud

VMware Cloud Foundation

VMware Cloud Foundation infrastructure management

A traditional 3-tier architecture-based private cloud

Cost comparison methodology and approach

Hardware and software cost analysis

Cost comparison results - upfront costs for hardware, software, and support

Comparing the key technical capabilities and business benefits

Integrated provisioning and life-cycle management

Support experience

Comparison of the key technical and business value attributes

OpEx costs savings analysis

Virtualization First Policy

Summary

VMware Pricing and Licensing for a Cross-Cloud Model

Transforming a data center with Cloud Foundation

VMware pricing and licensing in AWS Cloud

Summary

The Economics of Cross-Cloud Services

Total cost of ownership with cost categories

Summary

Other Books You May Enjoy

Leave a review - let other readers know what you think

Preface

VMware Cross-Cloud Architecture is the most trusted platform, not only for new applications, but also for existing legacy applications. This book will introduce you to tried and tested cloud design and deployment methodologies to help you achieve your business objectives and overcome all of the challenges faced by traditional data centers. Cloud Foundation and vRealize Suite will help you to set up and integrate private clouds with public clouds such as AWS and IBM Soft Layer.

Who this book is for

This book is intended for those planning, designing, and implementing the virtualization components of the SDDC foundational infrastructure. The intended audience is core technical teams, including those responsible for product development, servers, storage, networking, security, and backup and recovery. It is assumed that the reader has knowledge of and familiarity with virtualization concepts and related topics (including storage and networking).

What this book covers

Chapter 1, The Freedom with Cross-Cloud Architecture, introduces different types of clouds, where we will learn about all of the cloud benefits that can help you to overcome traditional or multi-cloud challenges with Cross Cloud Architecture.

Chapter 2, Implementing Service Architecture for Cross-Cloud Services, makes use of VMware Cloud Foundation deployment to achieve a unified software-defined data center (SDDC) platform for the hybrid cloud, that is based on VMware compute, storage, and network virtualization, a natively integrated software stack that can be used on-premises for private cloud deployment or run as a service from the public cloud with consistent, simple operations by integrating it with VMware vRealize Suite, VMware Horizon, and VMware Integrated OpenStack to deliver a comprehensive SDDC platform.

Chapter 3, Transforming a Data Center from Silos to Software-Defined Services, explains how to host applications in the cloud world to provide administrators with flexibility and best control along with business values from Cross Cloud Architecture.

Chapter 4, Designing a Mixed Cloud Model with VMware, combines a best-in-class private cloud with leading public clouds, all powered by the ever-reliable and most flexible hybrid cloud platform offered by VMware.

Chapter 5, Implementing Service Redundancy Across All Layers, talks about different vCenter Server deployment topologies with redundant operations, and all of the High availability functionalities of vSphere, such as vMotion, and different Fault Tolerance options comparing  their strengths and weaknesses.

Chapter 6, Designing Software-Defined Storage Services, discusses how to design and scale a software defined storage service and deep dives into reference deployment scenarios of VMware vSAN.

Chapter 7, VMware Cloud Assess, Design, and Deploy Service, discusses the technical analysis of all VMware Cloud components (including their design and configuration) in detail and also helps you to design correctly with best practices to follow for specific use cases and the  orchestration of all cloud components.

Chapter 8, Transforming Your Network Architecture, provides examples of creating, provisioning, and managing networks in a software-defined way using the underlying physical network as a simple packet‐forwarding backplane, and also explains how to migrate from legacy network architectures to new network virtualization techniques.

Chapter 9, Dealing with Data Sovereignty, explains sovereignty compliance strategies and how to use an encryption solution to secure data at all stages of the cloud journey. This chapter also shows you how to ensure that data backup and secondary data centers for data recovery/disaster recovery purposes remain local.

Chapter 10, Designing Effective Compliance Regulations to Fix Violations, explains design compliance regulations for multiple purposes by aligning line of business divisions with the best technology, such as VMware, to be compliant in this versatile market. Security and compliance must be a shared responsibility between IT and its cloud service provider.

Chapter 11, Lower TCO and Greater ROI with Maximum Agility, explains that, in order to achieve the goal of cloud, we need to extend virtualization techniques across the entire data center to lower the capital and operational expenditure, achieving maximum ROI.

Chapter 12, VMware Pricing and Licensing for a Cross-Cloud Model, discusses VMware Cloud Foundation pricing and licensing as well as other VMware Cloud component licensing models.

Chapter 13, The Economics of Cross-Cloud Services, explains a cost analysis of different cost categories and compares competitive existing solutions on the market.

To get the most out of this book

This book is intended for administrators with different levels of server, storage, and networking experience:

All administrators can learn network design and storage scaling to manage and monitor hosts in the vSphere environment.

Experienced VMware administrators can learn about private/hybrid cloud design and deployment in different scenarios. They can customize their designs as per customer requirements.

Download the color images

We also provide a PDF file that has color images of the screenshots/diagrams used in this book. You can download it here: http://www.packtpub.com/sites/default/files/downloads/VMwareCrossCloudArchitecture_ColorImages.pdf.

Conventions used

There are a number of text conventions used throughout this book.

CodeInText: Indicates code words in text, database table names, folder names, filenames, file extensions, pathnames, dummy URLs, user input, and Twitter handles. Here is an example: "Open Services.msc from the run command."

Bold: Indicates a new term, an important word, or words that you see onscreen. For example, words in menus or dialog boxes appear in the text like this. Here is an example: "The syslog service can be configured on ESXi using host profiles, the VMware vSphere command line interface, or the Advanced Configuration options in the vSphere Web Client"

Get in touch

Feedback from our readers is always welcome.

General feedback: Email [email protected] and mention the book title in the subject of your message. If you have questions about any aspect of this book, please email us at [email protected].

Errata: Although we have taken every care to ensure the accuracy of our content, mistakes do happen. If you have found a mistake in this book, we would be grateful if you would report this to us. Please visit www.packtpub.com/submit-errata, selecting your book, clicking on the Errata Submission Form link, and entering the details.

Piracy: If you come across any illegal copies of our works in any form on the Internet, we would be grateful if you would provide us with the location address or website name. Please contact us at [email protected] with a link to the material.

If you are interested in becoming an author: If there is a topic that you have expertise in and you are interested in either writing or contributing to a book, please visit authors.packtpub.com.

Reviews

Please leave a review. Once you have read and used this book, why not leave a review on the site that you purchased it from? Potential readers can then see and use your unbiased opinion to make purchase decisions, we at Packt can understand what you think about our products, and our authors can see your feedback on their book. Thank you!

For more information about Packt, please visit packtpub.com.

The Freedom with Cross-Cloud Architecture

This chapter briefs you on cloud service architectures. The chapter includes the following sections:

Cloud benefits and challenges

VMware solutions to overcome different cloud challenges

VMware Cross-Cloud Architecture

Overview of private, public, and hybrid clouds

Overview of vCloud Air, AWS, and the IBM Cloud

Readers will be able to design elastic IT infra capabilities and set up a basic application hosting and DevOps environment with VMware components after going through this book. You will be able to install and configure all the building blocks to get the benefits of VMware SDDC components in an on-premises private cloud, a public cloud such as IBM or AWS, or a mix of both—a hybrid cloud.

Scaling your business with Cross-Cloud Architecture

Digital transformation is taking place in each and every market segment, including financial services, healthcare, retail, education, and government. The world is being redefined by software and data, creating new priorities for every business, and new imperatives for every IT organization. IT has to be agile enough to drive growth and extend the capabilities and services that they deliver to lines of business (LOBs). IT organizations have to transform their legacy setup and extend their IT environments to public clouds to boost innovation, agility, and cost savings.

IT is playing a key role in business growth. IT organizations work as strategic partners, and business leaders are seeking better alignment with their technical teams as they evaluate go-to-market strategies and important decisions, such as mergers and acquisitions.

Organizations expect their technical teams to support them with a modern IT environment that helps them accelerate innovation and agility, so they can compete with new services and applications that will help them to grow their business rapidly. IT organizations are expected to help keep costs in line. To address these expectations, IT teams are embracing public cloud solutions.

Top IT drivers for integrating public clouds

IT leaders cite three primary drivers for integrating public clouds:

Disruptive approach

: In today's disrupted, accelerated, app-centric marketplace, speeding up time-to-market is critical; LOBs and developers see public clouds as the fastest option for meeting their IT platform requirements.

CapEx pressures

: IT teams are under considerable pressure to take advantage of potential cost savings. They are replacing on-premises infrastructures with public cloud-based hosting models or services, to increase capacity while reducing operational efforts and costs. According to a Gartner research director,

"Customers are saving 14 percent of their budgets because of public cloud adoption, which subsequently grow public cloud businesses

.

"

A cloud-first strategy

: Most senior leadership mandates a cloud-first strategy to drive reduced time to value by leveraging shared infrastructure and paying only for the resources consumed. Many enterprises are already using hybrid clouds; some mix of private and public clouds, for greater flexibility and resilience.

Businesses are strongly embracing the cloud for every challenge. Enterprises recognize the value of public cloud flexibility and agility, but still must address key challenges to integrate hybrid cloud solutions into their operations.

Cloud challenges and solutions

We have cloud options, such as a private cloud, different service provider options, and large public clouds. The best solution is possible without adding cost and complexity. The VMware Cross-Cloud Architecture helps you to choose the cloud that fulfills your business objective.

Challenge 1 – connection and security with full compliance and control

We have to manage incompatibility between different cloud models or service providers, otherwise it will create new silos and create overhead. You must avoid these silos and get a unified console to fulfill the requirements of the business objective. IT organizations are looking for ways to take advantage of the flexibility and agility that various clouds offer, even though many mission-critical and data-sensitive apps are currently running on-premises. We need to take a close look at how we can migrate applications running on-premises or in a private cloud to the public cloud, without adding any cost to their existing investments. We have to utilize the application design, SDLC processes, and maintain security and compliance best practices.

Solution: VMware overcomes this issue by extending a network to public clouds through a network virtualization technique. It interacts with public clouds and services in a secure manner by applying all governance regulatory compliance. You can maintain all on-premises network policies, even extending your applications across multiple clouds. You have all the freedom to host/publish your applications anywhere and anytime with end-to-end control and compliance.

Challenge 2 – managing/integrating across clouds

We want to host our applications and manage resources in various clouds. As organizations invest in multiple clouds, they are also creating more complex, siloed environments that don't have common management tools or enterprise-class security across their cloud infrastructure. They may even build new teams to own and operate these different silos, reducing efficiency and driving up costs. Customers are looking for a solution that can help them to manage mixed clouds from a single console.

Solution: VMware will give you the holistic view from a single console of the entire infrastructure, and also management tools to monitor and manage resources, applications, and operations across different clouds. This approach prevents you from experiencing cloud vendor lock-in, monitoring operations, and managing specific service-level agreements (SLAs). You have holistic management and your end users can connect to public clouds with confidence. A single unified management layer with automated processes delivers a fully customized cloud management platform, which gears up service delivery, enhances operations, and delivers end-user choice with control and compliance, across heterogeneous, multi-cloud environments.

VMware Cross-Cloud Architecture

The VMware Cross-Cloud Architecture provides freedom for end users and control from a service provider perspective, helping a customer to make hybrid cloud decisions, when running, managing, connecting, and securing all of their applications across any cloud in a common operating environment.

The Cross-Cloud Architecture enables uniform deployment models, security policies, visibility, and governance for all applications running on-premises and off, irrespective of the underlying cloud or hypervisor.

The following architecture consists of SDDC-based VMware Cloud Foundation with a hyper-converged software solution, a set of VMware Cross-Cloud Services, and the vRealize cloud management platform:

Secure connectivity across clouds

Now the question is, how can we manage and monitor resources across mixed clouds with seamless control and compliant connectivity? The answer is VMware Cross-Cloud Services, which is a set of services that will give users a common operating platform to monitor, manage, govern, and secure applications running across private and public clouds. VMware Cross-Cloud Services will provide visibility of cloud resource consumption and map it to its costs, provide dynamic on-demand networks and security policies, and automate the process of deployment (Green Field or Brown Field deployments) and migration of applications and data (new or legacy) across both VMware-based and heterogeneous clouds.

The following figure depicts multi-cloud environment operations:

A single self service provisioning portal is good enough to monitor operations and manage resources of all of the customer's workloads/applications across private and public clouds.

The different customer LOBs will be able to get their specific data on demand in their customized format at any time, such as costing of specific apps or managing certain SLAs to meet business objectives.

Our goal is to provide all services across any cloud so users can consume these services without having any concern or doubts in mind.

We can achieve this by extending the same network virtualization concept that is already used in a customer's private clouds to a public cloud. Customers want to enable uniform and encrypted logical networks across all clouds, wherever their applications get hosted.

Cross-Cloud services will give unified cloud-network management, while a customer's LOBs can use public clouds as per their business demand.

Customers will get tools to secure their data and applications, as well as control their costs, by enabling developers and the business to innovate across any cloud infrastructure that fits their requirements.

The backbone of a private cloud

Customers used to say that their LOBs wanted IT resources on demand, as per their business objective. Their LOBs don't want to be dependent on the IT team, and want to consume IT services as per their need without any constraint on time and location. They want to provision apps to their end users on any device, at any time, and from any location. To achieve this, they need agile IT infrastructure that can provision them IT resources on demand from anywhere, anytime, and on any device.

For example, an Oracle database needs to be 100% available 24*7*365 days. Customers have to deliver more applications with the same resources without exceeding its TCO and at the same time, maintain the end user's demands by fulfilling all compliance parameters.

To build a robust private cloud while considering all the preceding parameters, we have to consider the following three mechanisms, which will provide customers with a resilient and flexible platform to run their businesses:

Virtualize all components of IT

: Customers already know the benefits of compute virtualization. VMware can extend the same concept to storage and network for optimal utilization of hardware, based on the SDDC concept.

Automate IT

: Virtualizing every component will drastically reduce your CapEx but you need to automate the process to reduce the Opex cost. A self service provisioning portal will help you to provision infrastructure as a service to different LOBs and this will reduce the dependency of LOBs on the IT team. It will speed up IT service delivery, which enables users to meet time to market demand and admin to monitor and manage for these services.

Support heterogenous environment

: Today's digital business world demands collaboration between LOBs, developers, IT Infra teams, and support for digital business transformation and innovation. VMware has a private cloud solution with open APIs, to use OpenStack (VMware Integrated OpenStack APIs) and developers can reap the benefits of containers.

We can build a private cloud integrated with all the required hardware components in a single/multiple engineered box by using the hyper-converged infrastructure (HCI) concept (http://view.ceros.com/vm-ware/vmware-hci/p/1). It has seamless, integrated, unified management, virtualized storage, network, and compute. Customers can build HCI solutions with VMware hyper-converged software (vSphere and vSAN) on any x86 (Intel/AMD processors) server or, they can buy a fully integrated solution with all the required hardware and software from any VMware partner, such as DELL, HP, Cisco, Fijitshu, Hitachi, Nutanix, Lenovo, and so on.

VMware Cloud Foundation plus the hyper-converged concept gives you SDDC in a box, which simplifies the installation, update, and software life cycle management of a private cloud, as well as reducing Opex. It brings together compute, storage, and network virtualization, enabling customers to effectively leverage virtualization technologies for efficiency, availability, performance, and scale.

It is also integrated with the vRealize cloud management platform and VMware SDDC Manager software, which helps customers to automate the deployment, configuration, and day-to-day management of a cloud across different environments. Developers get more options to innovate in the private cloud infrastructure and administrators get a single operating platform to manage private and hybrid clouds.

Extending services to public clouds

Customers can extend their VMware private clouds smoothly to vSphere-based public clouds, such as the VMware vCloud Air public cloud service, in two ways:

The following diagram explains the common operating service platform:

The customer wants an instant way to build a disaster recovery solution or set up a test and dev environment. vCloud Air (also available from the vCloud Air Network of cloud providers) acts as a self-service virtual machine (VM) vending machine. It lowers the cost per application and utilizes existing investments with 100% compatibility, common management tools, and zero rewrites. It will also help customers with seamless app portability, which reduces time, risk, and cost. The following figure depicts minimizing risk while reducing cost and time to market:

Sometimes, customers want to build a private cloud in a public cloud environment and leverage the complete VMware SDDC stack, including full management and control.

The VMware Cloud Foundation, with leading cloud service providers (IBM Cloud, Amazon Web Services, and vCloud Air), can deliver the full SDDC stack in a managed hybrid-cloud environment as-a-service (EaaS) option.

These options help customers with more choice and flexibility in how they build, run, and manage a private cloud and move, or extend to a public cloud. Customers can leverage their investment in technologies and in their skill sets, so they can deploy any, or all of these options using existing skills, processes, and tools.

Multi-cloud/mixed cloud use cases

A combination of public cloud services with a private cloud provides you the best possible robust and elastic cloud strategy. You get all the freedom and flexibility with no cloud vendor lock-in. You can retrieve more values with continuous innovation. VMware has transformed data centers, with freedom and control over hardware, and now VMware will provide you the same freedom and control over cloud options.

The following image shows that any app can be accessed any time, on any device in the VMware Cross-Cloud Services model:

Cloud solutions supporting business objectives

The VMware Cross-Cloud Architecture and Cross-Cloud Services give customers all the options to set up their IT infra, as per their business model in different locations. It will give the customers all kinds of private, public, and hybrid cloud solutions to optimize their IT cost, as well as align with their specific business objectives.

Modernizing your data center

Customers have to adopt new applications to align with the always-changing business requirements, and they can only achieve this by leveraging cloud-native technologies available on different platforms/clouds.

Customers can avoid operational issues by integrating these new applications with existing IT operations. They can also move these existing applications to on-premises or public clouds. These applications with cloud services can be redesigned/developed to adopt new IT models. VMware solutions help customers benefit from public clouds by migrating existing applications to the public cloud.

The Cross-Cloud Architecture helps customers to build, run, connect, and secure apps across any cloud, and work in a common operating platform. Customers can build common platforms for future applications and digital business roadmaps, and avoid the bottlenecks of different cloud silos.

Customers will get more choices and interoperability with VMware Cross-Cloud Architecture and Cross-Cloud Services, in how to build, run, and manage their applications in various kinds of cloud models from different vendors. Customers have the full freedom to deploy a solution based on an SDDC-based private cloud to a VMware hybrid cloud, whichever fits with their strategy to achieve their specific business goals.

VMware hybrid clouds

VMware hybrid clouds enable customers to run their existing legacy applications and new cloud-ready applications from a common platform and get the best of both worlds. Customers can scale, consolidate, and migrate infrastructure on demand by taking advantage of existing tools, processes, and skill sets. They can extend their on-premises infrastructure to a public cloud in a different location, or can set up disaster recovery sites in different regions. It will help in data center consolidation and application migration by improving dynamic capacity capabilities for new application development.

It supports applications by providing business agility, resilience, scalability, and any choice of public cloud provider, such as VMware vCloud Air and vCloud Air network partners or, IBM Cloud and Amazon Web Services (AWS) by extending their on-premises data centers. IT teams can run any application anywhere, with complete application portability thanks to the VMware Hybrid Cloud. They can maintain operational consistency by employing a common management experience and networking constructs to maximize use of existing skill sets and tools.

Organizations seeking to reduce CapEx investment can replace on-premises data center infrastructure with VMware Cloud Foundation, a complete SDDC infrastructure platform, delivered as a service through VMware vCloudAir, VMware Cloud Foundation on IBM, and VMware Cloud on AWS. They can also take advantage of global scale and reach, with a presence in over 100 countries, vCloud Air, and 4,000+ vCloud Air network partners, including IBM and AWS.

Organizations are also exploring advanced management and automation for cloud brokering and integrating DevOps practices across multiple clouds. As needs change, they need an easy exit strategy for moving applications and virtual machines from any public cloud at any point, without vendor lock-in. VMware provides different options to customers to connect securely and manage multiple clouds with on-premises solutions or SaaS-based services.

IT organizations can take advantage of VMware's cloud management platform (VMware vRealize Suite) with advanced networking capabilities from VMware NSX together to manage different private and public clouds.

Customers can build and run applications, migrate them across multiple clouds, securely connect all clouds, and manage all workloads across networks. Advanced operations management features help to get a single unified console of the health, performance, and capacity management of virtual machines across clouds plus policy-based governance. For organizations in heavily regulated industries such as financial services and healthcare, VMware helps ensure compliance by monitoring the status of workloads, detecting drift, and automating remediation.

With cost an ever-growing issue, IT teams can also leverage VMware solutions to see and control the cost of cloud services.

VMware will help IT teams to manage any application or workload running on any cloud using Cross-Cloud Services (SaaS-based management and network services).

These planned service offerings include the on-boarding of existing cloud services and users, cloud service costing and reporting, centralized identity, access and operations management, networking, micro-segmentation, and encryption.

VMware – a partner for every cloud

It's a multi-cloud world, but it takes an integrated approach for organizations to achieve their digital transformation goals. Teaming up with VMware and standardizing on SDDC solutions that support both private and public clouds increases enterprise flexibility, security, and choice while rapidly reducing cost and risk.

Over the last two decades, VMware has been the leader in virtualization, and has held the top spot in Gartner's Magic/Leaders Quadrant for x86 Server Virtualization Infrastructure for more then seven consecutive years. VMware is positioned furthest in capability to execute and future roadmap vision in Gartner's latest report.

Customers can build a private cloud without any risk, which can extend seamlessly to compatible public clouds and run any application on any cloud.

We have to be very cautious when choosing a hybrid cloud provider compared to private or public cloud solutions. We have additional challenges such as integration, interoperability, and common operating environments in deciding a hybrid cloud provider over a public or private cloud.

We choose a private or public cloud based on customer applications and business objectives. We have to know the feasibility of applications while considering a hybrid cloud solution.

We are going to make use of a hybrid cloud for extending resources/services such as DR services from a private data center to a public cloud. We try to maintain uniform security, SLAs, and management as much as possible, so it is close to a private cloud, and achieve a common operating environment.

VMware vCloud Air

VMware's vSphere is one of the first tried and tested cloud operating platforms. vSphere hypervisor is rock solid in its performance and reliability to become a first choice for most of the cloud providers. VMware vCloud Air is a vendor agnostic public cloud platform running Microsoft, Linux, and vSphere supported operating systems and applications as per customer choice. It provides a consistent and certified platform suited to most operating systems, along with most of the applications running on x86 (32–64 bit) platforms (Intel/AMD). VMware uses the same vCloud software for both the private and public cloud deployments, along with all required APIs to keep seamless integration and management of resources.

VMware also helps in software defined networking (SDN) concepts and brings that exposure to the hybrid cloud through NSX and virtualizing both network and security components to achieve micro-segmentation.

Customers can get a hybrid cloud from VMware vCloud Air, as well as from vCloud Air partners who are certified to run VMware's vCloud Air services from different regions. Customers can optimize cost with various options to leverage VMware vCloud Air services.

AWS hybrid cloud

AWS doesn't have the privilege of providing a hybrid cloud service as compared to the other cloud providers. AWS helps customers run/host applications in their public cloud data center and utilize AWS in a hybrid environment to run their DR or extended services.

AWS is more focused on public cloud offerings and does not offer its cloud management software offsite to achieve common operating environments for both worlds. AWS leverages a direct connect service that bridges the customer's data center with a virtual private cloud (VPC) resource to get a hybrid solution. AWS has the best of the best resources and expertise to manage the hosted side of a hybrid cloud, but they don't have a roadmap for on-premises private clouds, although they are one of the best public cloud providers. Direct connect is a specific connection from a VMware or Microsoft private cloud, but is not a universal connector to integrate with other cloud providers.

The AWS GovCloud program is a hybrid cloud offering that uses AWS for on-site private clouds for the US government. AWS doesn't have this option for private customers.

AWS customers need a solution for private cloud management, and have a dependency on third-party offerings which increases Opex.

IBM Cloud for VMware solutions

IBM Cloud for VMware Solutions help customers to improve the cost per application, reduce Opex, and have the agility to extend applications/services to the IBM Cloud. You can benefit from both cloud models by expanding or migrating workloads/services using secure and seamless networking capabilities that work in heterogeneous environments, powered by VMware NSX. IBM Bluemix bare metal servers on IBM Cloud will provide you with all these services by maintaining full control and compliance.

IBM Cloud gives access to the VMware solution by managing resources as you are doing your data center. You can consume VMware software based on a pay-as-you-use model. IBM Cloud for VMware can help you with uniform management and regulatory governance for your hybrid cloud setup with a common networking and security operating model.

Solution features

The features listed are as follows:

Uniform management

: Self service provisioning portal, seamless access, and monitors and manages a hybrid cloud with the VMware tools and skill sets you already have

Pay-as-you-go-model

: Cost-effective CPU-based pricing of VMware software and pricing is per resource consumption

Global data centers

: IBM Cloud data centers have a footprint across North America, Europe, and Asia so you can get cloud resources in most of the places you require them

Network virtualization

: IBM Cloud data centers are built with robust networking infrastructure and virtualization software having the best bandwidth pipe and connectivity, which enables your applications to have the highest speed and reliability

Reference architecture

IBM Cloud for VMware Solutions is based on Cloud Foundation technology and it helps with deployment, migration, and management of these SDDC components in the IBM public cloud. You can partially deploy SDDC now to the IBM Cloud in an automated way rather than doing it manually. Deployment and configuration, which used to take several weeks, can be possible within a few hours.

This easy and simple deployment helps you to focus on other innovative works rather than putting your man hours and money into building your own environment. As you are able to create different setups on demand within a few hours, you have options to build both hybrid cloud solutions, expanding your private cloud and the IBM public cloud, as well as cloud-native solutions in the IBM public cloud. You will get disaster recovery or high-availability capabilities for your applications with the multi-cloud deployment model. The following image shows the versatile Hybrid Cloud platform:

The VMware components in IBM Cloudware are:

VMware Cloud Foundation on IBM Cloud

The Cloud Foundation will automate your VMware software deployment. The VMware SDDC solution combines IBM Bluemix infrastructure with vSphere, .Virtual SAN, NSX, and SDDC Manager for a seamless hybrid cloud setup. You are able to use the same management tool to manage this setup without re-investing in resources or skill set.

VMware vCenter Server on IBM Cloud

vCenter Server on IBM Cloud helps you in on-demand, automated deployments with integrated backup, which combines IBM Bluemix bare metal servers with vSphere and vCenter solution to create, deploy, and manage your virtual machines with scale up or scale out architecture as per customer requirements.

IBM Bluemix Infrastructure with VMware software

You can optimize, expand or migrate your virtual machines to high-performance, global cloud resources. You can customize your deployment in a cloud infrastructure to extend your footprint around the world on demand, and manage it all with a management control that you are already familiar with.

Cloud Professional Services

The Cloud Professional Services team helps you to plan, design, deploy, and configure VMware solutions on bare metal servers. They will help with integration, virtual machine migration, or application portability.

IBM Cloud's data centers have a presence across North America, Europe, and Asia, which helps you to scale globally and also retain complete control and automation of your operations, both on-premises and in the public cloud.

IBM Cloud for VMware solutions

We will discuss high-level architecture of cloud deployment. The basic factors to start with cloud architecture and its deployment strategy are as follows:

Cloud interfaces and formats must follow industry standards

Information is needed to perform specific functions

End-to-end monitoring of all resource usage by both the cloud consumer and provider

Guarantee of reliability, availability, security, and performance

Availability should be guaranteed at each and every layer

Compliant identity separation to avoid leakage of data to other customers

Full visibility and control

Enhance productivity and rapid growth with transformation of IT setup

Guaranteed data protection with full compliance and regulations

Minimize manual operations with automated operations

Conceptual view

The conceptual view has three key roles—the Service Provider, Consumer, and the Cloud Broker, as depicted here:

The cloud provider role is the most critical among all three of them. We can't define scale for a cloud infrastructure and its specific requirements easily. You have to plan and design cloud deployment and consider all SLAs while maintaining all regulatory governance and compliance.

Cloud providers manage the costs of all factors including the cost of space, building, cooling, utilities, and rack spaces. They have to define TCO/ROI per application for specific periods of time.

Logical view

Access layers comprise two functionalities: interfaces and network, as shown here. The cloud has different interfaces to interact with the underlying services and its management capabilities. The access layer has end-user facing interfaces along with operator defined capabilities. The following figure shows natively stack with compute, storage and network pools:

You can get the management capabilities for all types of services from a common cloud management layer. You get a holistic view and end-to-end visibility of the infrastructure through a unified management layer. The management layer is capable of supporting build time and runtime services.

Deployment view

Cloud deployment depends on the scale of deployment and the type of services. Private cloud implementations are very different compared to large scale public cloud infrastructures that support hundreds of customers.

Most public cloud deployments are big in scale and need to design mission critical infrastructure to achieve performance, availability, security, flexibility, and SLA goals.

Summary

We have learnt about VMware SDDC technology-based cloud offerings in this chapter. SDDC systems lower costs while dramatically improving ease of use. Companies can deploy on-premises, private cloud infrastructure that has the ease of use and scalability of a public cloud, with guaranteed quality of service. Cross-Cloud solutions help you to deliver the only unified SDDC platform for the hybrid cloud (AWS, IBM, and vCloud Air), with customized and well-designed on-premises cloud service deployment options.

Through an investment in VMware Cloud Foundation, companies can be assured that their data center infrastructure can be easily consumed, managed, upgraded, and enhanced to provide the best private cloud along with public cloud offerings, such as AWS and IBM, at the lowest cost. Using a modular, scale-out approach means infrastructure is added in hours, not days, and businesses can be assured that infrastructure scales linearly without any added complexity.

Choice is key: any app on any cloud at any time. Customers need a choice of where to run workloads. We shouldn't be forced into a single public cloud provider. We can choose the public cloud (such as AWS, IBM, vCloud Air, across the world) and not end up with applications trapped somewhere.

This book helps you understand why bimodal IT isn't necessarily the best path forward for the long term. We get the outcomes promised by bimodal IT without worrying about the inefficiencies that this model can introduce. Our users are far ahead of where they were a few years ago. Our infrastructure environment must reflect this fact by enabling user self service and automation, both of which are supported in an enterprise cloud scenario.

In the next chapter, we will discuss cloud services architecture and its different components, such as workload domains, racks, storage, networks, and VMware Cloud Foundation Software Design in detail.

Implementing Service Architecture for Cross-Cloud Services

This chapter will brief you on VMware Cloud Foundation Deployment to get a unified software-defined data center (SDDC) platform for the hybrid cloud. Based on VMware compute, storage, and network virtualization, this deployment delivers a natively integrated software stack that can be used on-premises for private cloud deployment, or run as a service from the public cloud with consistent and simple operations. It can be further integrated with VMware vRealize Suite, VMware Horizon, and VMware Integrated OpenStack to deliver a comprehensive SDDC platform.

This chapter covers the following topics:

Architecture overview

Workload domain logical architecture

Rack architecture

Storage architecture

Network architecture

VMware Cloud Foundation software design

Architecture overview

VMware Cloud Foundation is the unified SDDC platform for the private and public cloud. Cloud Foundation brings together compute, storage, and network virtualization into a closely integrated stack that can be deployed on-premises or run as a service from the public cloud.

The service architecture focuses on deploying it in an on-premises configuration and also as an extension to the public cloud. The Cloud Foundation architecture is shown in the following figure:

Cloud Foundation adds several unique capabilities in addition to the core features and capabilities provided by vSphere, vSAN, NSX, and cloud management components.

Seamless integration of software-defined services

Cloud Foundation helps you to get a tightly integrated software-defined data center solution comprising of the compute, storage, and network virtualization components such as VMware vSphere, VMware vSAN, and VMware NSX, respectively, in addition to the SDDC Manager for lifecycle management automation to bring up the hardware at the initial stage. Customers have various options to upgrade individual components to higher editions or deploy and use their existing licenses.

Automating IT infrastructure

Cloud Foundation automates the installation of the entire VMware software components as the rack is installed and powered-on, and the networking is enabled. SDDC Manager leverages its knowledge of the hardware details and user-provided configuration details (such as DNS, IP address pool, and so on) to initialize the rack. This way, it saves a lot of time and prevents manual errors and repeated tasks. These activities include provisioning of workloads, automated provisioning of networks, allocation of resources based on service needs, and provisioning of end points. It helps the customer start production and the provisioning of resources for end users.

Policy-based resource containers

You can create logical entities, such as workload domains, for creating resource pools across compute, storage, and networking components. A workload domain is a customized policy-based logical entity with defined availability and performance parameters with compute, storage, and network in a single, consumable entity. You will get the required capacity with defined policies for performance, availability, and security with each logical entity. As an example, it is possible to create one logical entity for test workloads that require balanced performance and low availability, while for production workloads, which need high availability and high performance, a different entity will be defined.

SDDC Manager provides automation through its deployment workflow to map the workload domain policies into the underlying pool of hardware resources (compute, storage, and network). These logical entities (workload domains) help you follow the best practices to achieve customer operational objectives.

A logical entity (workload domain) can be customized with in definite time duration as part of the customer's time bound business objective.

Automating manual and repetitive tasks

Data center component upgrades and patch management are typically manual and repetitive tasks that are prone to configuration and implementation errors. Validation testing and dependency checking of software and hardware firmware maintains interoperability among components when one component is patched or upgraded and requires extensive testing and downtime. Customers take the difficult decision to deploy new patches before they are fully tested or defer new patches, which slows down the roll-out of new features, security, and bug fixes. Both situations increase risks for the customers.

SDDC Manager automates upgrades and patch management for the SDDC software components, which improves reliability and consistency of the IT infrastructure.

Lifecycle management is designed to be non-disruptive and helps the customer to maximize uptime for their IT services.

Unified Management Console