VMware vcloud Air. Enterprise IT Hybrid Data Center TECHNICAL MARKETING DOCUMENTATION

Similar documents
Advanced Architecture Design for Cloud-Based Disaster Recovery WHITE PAPER

What s New with VMware vcloud Director 8.0

VMware vcloud Director Infrastructure Resiliency Case Study

VMware vrealize Suite and vcloud Suite

VMware vcloud Air Key Concepts

VMware vshield Edge Design Guide

Monitoring Hybrid Cloud Applications in VMware vcloud Air

HARNESSING THE HYBRID CLOUD TO DRIVE GREATER BUSINESS AGILITY

How to Use a Tomcat Stack on vcloud to Develop Optimized Web Applications. A VMware Cloud Evaluation Reference Document

REVISED 6 NOVEMBER 2018 COMPONENT DESIGN: VMWARE IDENTITY MANAGER ARCHITECTURE

What s New in VMware vcloud Automation Center 5.1

What s New in VMware vsphere Availability

ARCHITECTURAL OVERVIEW REVISED 6 NOVEMBER 2018

VMware vcloud Architecture Toolkit Hybrid VMware vcloud Use Case

VMware vcloud Air Accelerator Service

Installing and Configuring vcloud Connector

Cloud Pod Architecture with VMware Horizon 6.1

VMware vcloud Networking and Security Overview

Installing and Configuring vcloud Connector

WHITE PAPER SEPTEMBER 2017 VCLOUD DIRECTOR 9.0. What s New

vcloud Air - Virtual Private Cloud OnDemand Networking Guide

Storage Considerations for VMware vcloud Director. VMware vcloud Director Version 1.0

VMWARE HORIZON CLOUD WITH VMWARE IDENTITY MANAGER QUICK START GUIDE WHITE PAPER MARCH 2018

10 QUESTIONS, 10 ANSWERS. Get to know VMware Cloud on AWS The Best-in-Class Hybrid Cloud Service

Dedicated Hosted Cloud with vcloud Director

1V0-602.exam. Number: 1V0-602 Passing Score: 800 Time Limit: 120 min. Vmware 1V VMware Certified Associate 6 Hybrid Cloud Fundamentals

What s New in VMware vcloud Director 8.20

Customer Onboarding with VMware NSX L2VPN Service for VMware Cloud Providers

REVISED 6 NOVEMBER 2018 COMPONENT DESIGN: UNIFIED ACCESS GATEWAY ARCHITECTURE

VMware vcloud Air User's Guide

vshield Administration Guide

TECHNICAL WHITE PAPER - MAY 2017 MULTI DATA CENTER POOLING WITH NSX WHITE PAPER

CONFIDENTLY INTEGRATE VMWARE CLOUD ON AWS WITH INTELLIGENT OPERATIONS

VMWARE MICRO-SEGMENTATION AND SECURITY DEPLOY SERVICE

VMWARE CLOUD FOUNDATION: INTEGRATED HYBRID CLOUD PLATFORM WHITE PAPER NOVEMBER 2017

VMWARE PIVOTAL CONTAINER SERVICE

Certified Reference Design for VMware Cloud Providers

VMWARE CLOUD FOUNDATION: THE SIMPLEST PATH TO THE HYBRID CLOUD WHITE PAPER AUGUST 2018

VMware vcloud Director for Service Providers

VMware vcloud Service Definition for a Public Cloud. Version 1.6

Configuring Single Sign-on from the VMware Identity Manager Service to Vizru

VVD for Cloud Providers: Scale and Performance Guidelines. October 2018

PROVIDING SECURE ACCESS TO VMWARE HORIZON 7 AND VMWARE IDENTITY MANAGER WITH THE VMWARE UNIFIED ACCESS GATEWAY REVISED 2 MAY 2018

CLOUD PROVIDER POD. for VMware. Release Notes. VMware Cloud Provider Pod January 2019 Check for additions and updates to these release notes

What s New in VMware vsphere Flash Read Cache TECHNICAL MARKETING DOCUMENTATION

vcloud Director User's Guide

vcloud Director User's Guide

3 Ways Businesses Use Network Virtualization. A Faster Path to Improved Security, Automated IT, and App Continuity

What s New in VMware vsphere 5.1 Platform

SOLUTION BRIEF Enterprise WAN Agility, Simplicity and Performance with Software-Defined WAN

A: SETTING UP VMware Horizon

Configuring Single Sign-on from the VMware Identity Manager Service to Trumba

VMware Workspace ONE Quick Configuration Guide. VMware AirWatch 9.1

PERFORMANCE CHARACTERIZATION OF MICROSOFT SQL SERVER USING VMWARE CLOUD ON AWS PERFORMANCE STUDY JULY 2018

VMWARE HORIZON CLOUD SERVICE HOSTED INFRASTRUCTURE ONBOARDING SERVICE SILVER

VMware AppCatalyst Technical Preview June 2015 TECHNICAL WHITE PAPER

Achieving Digital Transformation: FOUR MUST-HAVES FOR A MODERN VIRTUALIZATION PLATFORM WHITE PAPER

Recommended Configuration Maximums

vcloud Director User's Guide 04 OCT 2018 vcloud Director 9.5

vrealize Production Test Upgrade Assessment Guide

Recommended Configuration Maximums

STREAMLINING THE DELIVERY, PROTECTION AND MANAGEMENT OF VIRTUAL DESKTOPS. VMware Workstation and Fusion. A White Paper for IT Professionals

TECHNICAL WHITE PAPER AUGUST 2017 REVIEWER S GUIDE FOR VIEW IN VMWARE HORIZON 7: INSTALLATION AND CONFIGURATION. VMware Horizon 7 version 7.

vcloud Director User's Guide

DISASTER RECOVERY- AS-A-SERVICE FOR VMWARE CLOUD PROVIDER PARTNERS WHITE PAPER - OCTOBER 2017

IBM Cloud for VMware Solutions NSX Edge Services Gateway Solution Architecture

vcloud Air - Dedicated Disaster Recovery User's Guide

VMware Cloud Operations Management Technology Consulting Services

Deploying VMware Identity Manager in the DMZ. SEPT 2018 VMware Identity Manager 3.3

vcloud Air - Virtual Private Cloud OnDemand User's Guide

CLOUD PROVIDER POD RELEASE NOTES

VMware Cloud Provider Pod Designer User Guide. October 2018 Cloud Provider Pod 1.0

SECURE, FLEXIBLE ON-PREMISE STORAGE WITH EMC SYNCPLICITY AND EMC ISILON

CLOUD PROVIDER POD RELEASE NOTES

vcloud Director User's Guide

Mobile Secure Desktop Implementation with Pivot3 HOW-TO GUIDE

Cloud Provider Pod Designer User Guide. November 2018 Cloud Provider Pod 1.0.1

MODERNIZE INFRASTRUCTURE

REVIEWERS GUIDE NOVEMBER 2017 REVIEWER S GUIDE FOR CLOUD-BASED VMWARE WORKSPACE ONE: MOBILE SINGLE SIGN-ON. VMware Workspace ONE

Configuring Single Sign-on from the VMware Identity Manager Service to Exterro E-Discovery

Recommended Configuration Maximums. NSX for vsphere Updated on August 08, 2018

Deploying VMware Identity Manager in the DMZ. JULY 2018 VMware Identity Manager 3.2

WHITE PAPER SEPTEMBER VMWARE vsphere AND vsphere WITH OPERATIONS MANAGEMENT. Licensing, Pricing and Packaging

8 TIPS FOR A SUCCESSFUL UPGRADE TO vsphere 6.5. Stay in the Know with These Expert Suggestions

Director and Certificate Authority Issuance

Configuring Single Sign-on from the VMware Identity Manager Service to Bonusly

VMware vsphere 5.0 Evaluation Guide

NETWORKING AND ACTIVE DIRECTORY CONSIDERATIONS ON MICROSOFT AZURE FOR USE WITH VMWARE HORIZON CLOUD SERVICE. VMware Horizon Cloud Service

App Gateway Deployment Guide

No One Can Help You Succeed with VMware Like VMware

Table of Contents HOL-HBD-1301

Solution Brief: VMware vcloud Director and Cisco Nexus 1000V

TECHNICAL WHITE PAPER DECEMBER 2017 VMWARE HORIZON CLOUD SERVICE ON MICROSOFT AZURE SECURITY CONSIDERATIONS. White Paper

Redefining Networking with Network Virtualization

Introducing VMware Validated Designs for Software-Defined Data Center

Introducing VMware Validated Designs for Software-Defined Data Center

HOW MIDSIZE ORGANIZATIONS CAN MEET COMPLIANCE REQUIREMENTS AND ENHANCE CYBERSECURITY WITH MICRO-SEGMENTATION WHITE PAPER FEBRUARY 2018

Branch Office Desktop

Configuring Single Sign-on from the VMware Identity Manager Service to Collibra

vcloud Director Tenant Portal Guide vcloud Director 8.20

Transcription:

TECHNICAL MARKETING DOCUMENTATION October 2014

Table of Contents Purpose and Overview.... 3 1.1 Background............................................................... 3 1.2 Target Audience........................................................... 3 Design of the Outsourced Data Center........................................... 3 2.1 Deploy vcloud Networks................................................... 4 2.1.1 Configure Firewall and NAT Rules.................................... 5 2.2 Connect Networks to On-Premises Data Center.............................. 6 2.3 Deploy Directory and DNS Services......................................... 7 2.4 Migrate Templates and Virtual Machines..................................... 8 Conclusion.................................................................... 9 About the Author... 9 Technical White paper / 2

Purpose and Overview VMware vcloud Air has been developed with a vast number of use cases in mind. The purpose of this paper is to provide an example of the enterprise IT/outsourced data center in the form of a case study. This use case forms the foundation for subsequent solution briefs. By understanding this foundational building block, users will be better prepared to fully grasp the concepts described in other solution briefs. This study focuses primarily on the need for organizations to leverage public cloud resources for enterprise IT use. When enterprise IT has access to public cloud resources, it can react to business requests more rapidly while still maintaining the level of control that today s enterprises demand. The focus of this case study is on describing the basic foundation of the outsourced data center as it relates to modern enterprise IT operations. 1.1 Background Enterprise IT customers are approaching a crossroads where on-premises capacity is becoming limited. In addition, the speed of the business is in many cases outpacing the speed at which IT can deliver the necessary infrastructure. Previously, IT teams have been required to design, procure, install, configure and manage an increasing number of discrete infrastructures to satisfy the business s needs. This process takes time to complete and can slow down the progress of business itself. Even the seemingly simple task of adding capacity to existing VMware vsphere infrastructure often must go through a long internal vetting and approval process. vcloud Air provides IT organizations with quick and easy access to compute, memory and storage resources by adding capacity derived from VMware vcloud Suite to their on-premises data center. By having infrastructure as a service (IaaS) based on VMware technology readily available, IT organizations can quickly deploy new workloads and migrate existing ones to vcloud Air without having to modify components at the application layer. However, to make a functional outsourced data center and hybrid cloud, the following key considerations must be addressed before this process of deployment and migration of new and existing workloads begins: Establishing and configuring cloud networks Connecting on-premises vsphere to vcloud Air Deploying supporting infrastructure Migrating templates and media After these four basic issues have been properly addressed, users can view their outsourced data center as ready to accept workloads. This document aims to improve users understanding of these considerations so they are fully prepared to embrace the cloud at their own pace in this new era of IT as a service. 1.2 Target Audience This document is intended for vsphere architects as well as administrators. Although this will not be an in-depth, step-by-step walk-through on how to configure the concepts discussed, both groups will gain a better understanding of how various aspects of an outsourced data center might work and can therefore adapt these concepts to their own environments. Because the requirements of each subscriber can greatly differ, we will not address the following specific topics in detail in this case study: Compliance Licensing Third-party tools Design of the Outsourced Data Center Understanding how to design an outsourced data center is relatively simple. In most cases, it should be viewed and treated like any other data center the IT department controls. Instead of a physical, brick-and-mortar computing environment, this design, with respect to what is exposed to the end users and administrators, is different because it is entirely software defined. By providing subscription-based access to vcloud Air, VMware has eliminated the need to build, manage and update the actual infrastructure. Users can design and configure the core services Technical White paper / 3

they need, and then start deploying workloads immediately. This enables IT organizations to focus on meeting business needs instead of on managing the underlying infrastructure itself. It is assumed that users already have decided to subscribe to one or both of the following two currently available compute options: Virtual Private Cloud Dedicated Cloud 2.1 Deploy vcloud Networks With both compute service options, every customer is given access to a VMware vcloud Networking and Security Edge gateway. In the case of vcloud Air Dedicated Cloud, users can choose to deploy additional vcloud Networking and Security Edge gateways. Each deployed gateway delivers as many as nine interfaces that can be used to define vcloud Air networks. All of these networks share the following attributes that can and should be unique to each network. Not all of them must be configured according to the use case presented, but they are all made available as part of each offering. NAT and firewall Both of these are enabled by default, with no firewall rules defined and all traffic denied as the default rule. A vcloud Networking and Security Edge gateway IP address This is the address that will be assigned to the vcloud Networking and Security Edge gateway interface where the network is routed. Domain Name System (DNS) server configuration vcloud Networking and Security Edge gateway can provide DNS, but an alternate server can be specified. Static IP pool range This is a pool of NAT IP addresses that will be consumed when deploying virtual machines. DHCP Load balancing IPsec virtual private network (VPN) NOTE: vcloud Networking and Security Edge gateways support 10 interfaces, but one interface is used for external access when a public IP is assigned to it. Subscribers are given public IP addresses as part of the subscription service with both offerings, and additional IP addresses can be added at any time through the service interface. Figure 1 is a logical diagram showing various networks as well as example IP addresses. Figure 1. Figure 1. Various Networks and IP Addresses Technical White paper / 4

2.1.1 Configure Firewall and NAT Rules After the basic network segments have been decided on, it is important to create some firewall rules. Previously, it was noted that by default there are no rules configured. As mentioned, subscribers are also given a number of public IP addresses they can use with both offerings. That number, by default, depends on the service type but can be expanded at any time. The following are examples of rules that might be necessary to create, using the networks shown in the diagram as reference: Rule Source Destination Allow All Outbound Internal:Any External:Any Allow Private to Desktop 192.168.50.0/24:Any 192.168.51.0/24:Any Allow Desktop to Private 192.168.51.0/24:Any 192.168.50.0/24:Any NOTE: All virtual machines on a vcloud Networking and Security Edge gateway segment use the vcloud Networking and Security Edge gateway as their default gateway. The preceding rules enable all segments to get direct Internet access but also enable the private segment to communicate to the desktop network. The DMZ is denied access to both. For machines to get direct access to the Internet, one or more source NAT (SNAT) rules also must be defined. Type Original IP Original Port Translated IP Translated Port SNAT 192.168.50.0/24 Any 74.204.180.41 Any SNAT 192.168.51.0/24 Any 74.204.180.41 Any SNAT 192.168.52.0/24 Any 74.204.180.41 Any Figure 2. Source NAT Rules Defined Technical White paper / 5

2.2 Connect Networks to On-Premises Data Center The new vcloud Air networks described can access the Internet. In the case of two networks, desktop and private, they can also now communicate with each other through the vcloud Networking and Security Edge gateway via the previously defined firewall rules. This is useful, but they as of yet have no connection back to the on-premises data center. To bridge these networks, we provide the following three options to connect vcloud Air to the on-premises data center: IPsec VPN Direct connect Data center extension/stretch deploy NOTE: Although an MPLS-based direct connection has been announced, this connectivity option will be discussed in a follow-up document. In addition, data center extension is currently available and will be discussed in another document. For the purposes of this case study, we will focus on IPsec VPN. vcloud Air Edge gateways can work with any number of IPsec-compliant devices on premises. Figure 3 is an example of a configured IPsec VPN in vcloud Air. (Refer here for more information about configuring IPsec VPN.) Figure 3. Configured IPsec VPN in vcloud Air Technical White paper / 6

After configuration, the IPsec tunnel will be established. However, firewall rules must still be defined to allow traffic to pass. As mentioned previously, by default there are no rules defined. For this use case, the private network in vcloud Air must allow traffic to the corporate network on premises and vice versa. Therefore, the rules in the vcloud Networking and Security Edge gateway might resemble the following: Rule Source Destination Allow Private to OnPrem 192.168.50.0/24:Any 192.168.110.0/24:Any Allow onprem to Private 192.168.110.0/24:Any 192.168.50.0/24:Any At this point, traffic can flow successfully between the networks. This configuration provides the most basic connectivity through the IPsec VPN tunnel between the two networks without any port restrictions. NOTE: If browser or Web traffic is required to route through an on-premises proxy, a local Web browser can be configured to do so. Direct Internet routing also can be forced back through on-premises gateways by defining the next hop via a static route in the vcloud Air vcloud Networking and Security Edge gateway and removing the appropriate firewall and SNAT rules. The advanced networking capabilities of the vcloud Networking and Security Edge gateway are flexible enough to create the chosen solution, based on a wide variety of requirements. In some cases, experimentation with the various options and capabilities might be necessary. Figure 4. Hybrid Network Connectivity Through IPsec VPN Tunnel 2.3 Deploy Directory and DNS Services At this point, we have a functional virtual data center inside vcloud Air that is connected to an on-premises data center. Firewall rules and a VPN connection have been created and configured, but a potential missing component is a Microsoft Active Directory or other directory service, as well as some basic infrastructure services such as DNS. For this case study, it is assumed that deployed workloads will be net new and Microsoft Windows based; therefore, this environment should be treated as a new Active Directory site. A Windows template from the global catalog can be chosen and configured to meet the required specifications for a domain controller, or a custom template can be uploaded and deployed. Technical White paper / 7

At a minimum, the following operations should be completed or taken into consideration: Deploy redundant virtual domain controllers. Join an existing corporate, secondary, or tertiary domain. Configure a new Active Directory site. Add vcloud networks to Active Directory Sites and Services and assign to the new site. Edit vcloud network settings to use the new domain controllers for DNS instead of the vcloud Networking and Security Edge gateway. Previously when the vcloud networks were configured, the DNS was set to use the vcloud Networking and Security Edge gateway itself. Now that Active Directory and DNS are deployed in the cloud, changing this to represent the local servers, as shown in Figure 5, is advised. This will enable new virtual machines deployed in the cloud to reflect the updated settings without the need to reconfigure this for each new virtual machine upon deployment. Figure 3. Configured IPsec VPN in vcloud Air If DHCP is configured on the vcloud Networking and Security Edge gateway for any network segment, changing this option on each vcloud network applies to all DHCP requests handled by this edge gateway. 2.4 Migrate Templates and Virtual Machines At this point, a decision can be made to identify the templates that can be migrated from the on-premises vsphere environment to the vcloud Air private catalog. Leveraging VMware vcloud Connector makes the manual migration process easy, but it might be worthwhile to leverage the catalog sync feature to automate the synchronization and migration of templates between this catalog, other VMware infrastructure based clouds and the on-premises data center. vcloud Connector also can easily migrate existing virtual machines to vcloud Air with minimal changes, if any, to the guest operating system. If it is required to maintain the existing IP and MAC addresses of a virtual machine, the data center extension feature can be employed for this purpose. In most cases, however, an application can survive an IP and MAC address change. Technical White paper / 8

VMware vcloud Connector documentation can be referred to for more information on specific features and setup instructions for the vcloud Connector server and nodes. vcloud Air provides a node that is preconfigured, eliminating the need to manually deploy and configure one in this environment. To securely communicate with the nodes in each cloud, the vcloud Connector server must be deployed on premises with access to the Internet. NOTE: Although it is not discussed here, each individual organization must understand and comply with Windows server license portability. Due to the nature of Windows License Mobility conditions, the ability of organizations to bring their own licenses is currently available only in the vcloud Air Dedicated Cloud offering of vcloud Air. Conclusion Providing the basic networking and infrastructure services that a physical data center typically requires is the foundation of building an outsourced data center. The remarkable difference between configuring these software-defined infrastructure and services versus the traditional model is that it can be done in hours with rather than in months or days using conventional means. Further, new levels of business and IT agility can be achieved due to the decoupling of the infrastructure layer from the application. After these tasks have been completed, the pool of resources can be rapidly and reliably leveraged to deploy new and migrate existing workloads with ease. About the Author Chris Colotti is a Principle Technical Marketing Architect with the vcloud Air team. Chris has more than 10 years of experience in working with IT hardware and software solutions. He holds a bachelor of science degree in information systems from Daniel Webster College. Prior to coming to VMware, he served a Fortune 1000 company in southern New Hampshire as a systems architect and administrator, designing VMware solutions to support new application deployments. At VMware, in the role of consulting architect, Chris has guided partners as well as customers in establishing a VMware practice and consulted on multiple customer projects ranging from data center migrations to long-term residency architecture support. Currently, Chris is working on the newest vcloud Air solutions and architectures for vsphere customers wanting to migrate to. Chris is also a VMware Certified Design Expert, (VCDX #37). Technical White paper / 9

VMware, Inc. 3401 Hillview Avenue Palo Alto CA 94304 USA Tel 877-486-9273 Fax 650-427-5001 www.vmware.com Copyright 2014 VMware, Inc. All rights reserved. This product is protected by U.S. and international copyright and intellectual property laws. VMware products are covered by one or more patents listed at http://www.vmware.com/go/patents. VMware is a registered trademark or trademark of VMware, Inc. in the United States and/or other jurisdictions. All other marks and names mentioned herein may be trademarks of their respective companies. Item No: VMW-TWP-vCLOUD-AIR-SB-USLET-102 10/14

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback