LHC2384BU VMware Cloud on AWS A Technical Deep Dive Ray Budavari @rbudavari Frank Denneman - @frankdenneman #VMworld #LHC2384BU
Disclaimer This presentation may contain product features that are currently under development. This overview of new technology represents no commitment from VMware to deliver these features in any generally available product. Features are subject to change, and must not be included in contracts, purchase orders, or sales agreements of any kind. Technical feasibility and market demand will affect final delivery. Pricing and packaging for any new technologies or features discussed or presented have not been determined. 2
Speaker Introduction Who Ray Budavari Senior Staff Technical Product Manager Networking and Security Business Unit Frank Denneman Senior Staff Architect Cloud Platform Business Unit 3
Session Agenda 1 Why VMware Cloud on AWS 2 Compute and Storage 3 Networking and Security 4 Q&A 4
Why VMware Cloud on AWS? Leading compute, storage and network virtualization capabilities Support for a broad range of workloads De-facto standard for the enterprise DC Flexible consumption economics Broadest set of cloud services Global scale and reach Jointly engineered solution delivers the best of VMware and AWS for customers 5
STRATEGY AND VISION VMware Cloud on AWS service overview Operational Management vcenter vrealize Suite, ISV ecosystem VMware Cloud on AWS vcenter vsphere vsan NSX Native AWS Services VMworld 2017 Content: Not for Service Highlights VMware SDDC running on AWS bare metal Sold, operated and supported by VMware publication Support for all VM types On-demand capacity & flexible consumption Operational consistency with on-premises SDDC Workload portability and hybrid operations Global AWS footprint, reach, availability Customer Data Center AWS Global Infrastructure AWS Global Infrastructure Direct access to native AWS services 6
STRATEGY AND VISION Leverage AWS Global Footprint AWS GovCloud (2) US west Oregon (3) N. California (3) 2 3 3 2 3 5 Canada (2) US east N. Virginia (5) Ohio (3) 3 South America São Paulo (3) Europe Ireland (3) Frankfurt (2) London (2) 3 2 2 * * * 2 2 Asia Pacific Singapore (2) Sydney (3) Tokyo (3) Seoul (2) Mumbai (2) 2 2 2 3 3 # Region and number of availability zones * New region Paris, Ningxia, Stockholm 7
STRATEGY AND VISION Key Use Cases for VMware Cloud on AWS Maintain and expand Consolidate and migrate Expand Maintain Regional capacity DR and backup Consolidate Migrate Workload flexibility as needed Flex Data center consolidation Test and development Application migration Cyclic capacity Customer can decide strategically across on-premises data center and cloud 8
Infrastructure Overview
Consume Cloud Resources
What workload can you run in Cloud?
Host Compute Configuration in Detail Dual socket CPU host configuration Intel Xeon E5-2686 v4 18 Cores per socket at 2.3 GHz 72 Logical processors per host Hyper-Threading enabled 82.8 GHz per host 512 GB memory per host Manufacturer: Amazon 12
Initial Availability Compute Cluster Configuration CORES 144 4 NODE CLUSTER 2048 TO TO CORES 576 16 NODE CLUSTER 8192 GB GB
vsphere DRS Configuration VMware VC NSX VM VM VM VM Managed by VMware vsan Cluster Customer Administrator (Cloud Admin) Managed by Customer VM DRS Enabled Migration threshold = 3 DPM = Disabled Resource Pools created to isolate MGMT from Customer VMs Affinity Rules available in Future Release
vsphere DRS Configuration
Coupling AWS Elasticity with vsphere Infrastructure software
Technical Preview
Automatic Cluster Configuration 1. HOST IS ADDED vsan Cluster 2. AUTOMATIC NETWORK 3. CONFIGURATION vsan Cluster Management Network VMworld 2017 Content: Not for vmotion Network vsan Network VXLAN Network vsan DATASTORE CAPACITY INCREASE publication vsan Cluster
Elastic DRS Integration CLUSTER OPERATING WITHIN 1. TARGET THRESHOLDS CPU Memory Storage vsan Cluster THRESHOLD EXCEEDED 2.PROVISION ADDITIONAL HOST CPU Memory Storage vsan Cluster CLUSTER RETURNS TO 3.TARGET THRESHOLD CPU Memory Storage vsan Cluster
Automated Cluster Remediation 1. HOST FAILS, OR PROBLEM IDENTIFIED vsan Cluster 2. NEW HOST ADDED TO CLUSTER. DATA FROM PROBLEM HOST REBUILT, AND/OR MIGRATED vsan Cluster VMworld 2017 Content: Not for publication 3. PREVIOUS HOST EVACUATED FROM CLUSTER, FULLY REPLACED BY NEW HOST vsan Cluster
HA Cluster Configuration Host failure remediation is the responsibility of VMware. As HA settings impact consolidation ratio, the following settings are used to provide excellent service while minimizing overhead: Host Monitoring Enabled Admission Control Policy: Percentage Based Host Failures Tolerate: 1 VM & App Monitoring Enabled Host Isolation Response: Power off and Restart VMs
Cluster Configuration at Initial Availability vsphere Cluster VSAN Availability Zone VM VM VM VM vsphere SDDC MGMT VMs AWS Region NSX Availability Zone V M V M V M Restricted to one AWS Region and AZ Automatically detects failed hardware Auto remediation HA allows automatic recovery from HA events Provision new host and eject failed node without customer intervention AWS Global Infrastructure
Cluster Configuration in Future Release vsphere Cluster VM VM Availability Zone VM VM AWS Region vsan Cluster SDDC V V Availability Zone M M V M Multi AZ availability (Active-Active) vsan stretched across multiple AZs Synchronous write replication across AZs RPO = 0, RTO = HA Restart Per-VM Storage Policy First time infrastructure level AZ resilience! No need for refactoring traditional applications AWS Global Infrastructure
Storage Configuration
Initial Availability vsan Host & Cluster Configuration NVMe DEVICES NVMe DEVICES 32 4 NODE CLUSTER 40 TO TO 128 16 NODE CLUSTER 160 TB RAW CAPACITY TB RAW CAPACITY
vsan Architecture ESXi Host (x4) ESXi Host ESXi Host vsan Disk Group ESXi vsan Host Disk Group vsan Node Configuration 2 Disk Groups 2 devices write-caching tier (3.4 TB) 6 devices capacity tier (10.2 TB) Storage Policy Configuration Health Service is enabled * RAID 1, 5 and 6 available * vsan Encryption is disabled at Initial Availability * User configurable policy settings
Networking and Security Configuration VMworld 2017 Content: Not for publication
VMware Cloud on AWS IS BUILT A R O U N D N S X VMworld 2017 Content: Not for publication LHC2013BU NSX and VMware Cloud on AWS: Deep Dive LHC2105BU NSX and VMware Cloud on AWS: The Path to Hybrid Cloud
NSX in VMware Cloud on AWS Introduction All VM networking in VMware Cloud on AWS is provided by NSX Provides compatibility with NSX and vsphere products used onpremises vsphere and NSX have been optimized to work in AWS environment VMworld Delivered using an as a service cloud model 2017 Content: Not for publication
AWS Networks are Used to Provide External Connectivity VPC Networking Services as a Transport Enables VMkernel networking Internet Gateway Enables N-S connectivity All services are provided by NSX Customer VPC Access Optimized access from VMC to connected VPCs AWS Direct Connect (Future Release) Dedicated, high performance connection to on-premises
VMware Cloud on AWS Simplified mode consumption VMC Web Portal vsphere Web Client Cloud Networking Admin VI Admin Manages Manages Setup initial networks and admin access to vcenter Server Provide inbound access to workloads Control Firewall access to workloads Establish VPN connectivity Prescriptive network topology only Deploy VMs Attach VMs to networks Create new networks IP Addressing for VMs Consumes Cloud Network Admin Managed Services
VMware Cloud on AWS Network Overview Management Pool vcenter Server, NSX Manager, NSX Controllers Services provided by NSX Edge Gateway (MGW) Firewall and VPN for Security Default Deny Policy NAT for Public VC Access Compute Pool NSX Edge Gateway & Distributed Logical Router (CGW) Prescriptive network topology NSX Logical Switches for workload VMs Default Network provided, but customer created networks are supported DHCP Relay/Server Automated routing configuration Firewall and VPN for security Default Deny Policy NAT for VM Internet Access Connection to Customer VPC VPN MGW Managed by VMware Internet VC NSX VM VM VM VM Managed by Customer vsan Cluster VM VPN DLR CGW
L3 VPN Hybrid Cloud Connectivity On-Prem Workloads Customer DC On-Prem Management Management Traffic Compute Traffic On-Prem Gateway Internet Software Defined Data Center (SDDC) Management GW (NAT, FW, VPN) Internet GW IPSec VPN L3 - Compute Compute GW (NAT, FW, VPN, DHCP) DLR VMware Cloud on AWS Management Network Existing VMs and Management on-premises 192.168.10.0/24 192.168.20.0/24 VPN Connectivity using NSX ESG (Route selected networks or all traffic to on-premises over VPN tunnel)
L3 VPN Connectivity Details IPsec VPN enables secure access to VMware Cloud on AWS workloads from on-premises Provides choice of remote gateway: VMware Cloud on AWS leverages NSX Edge for VPN Validation with all common VPN devices Joint whitepapers will be published with VMware Partners VMC on AWS Internet / WAN VPN 34
Optimized connectivity to Native AWS services VPC route table 192.168.0.0 192.168.1.0 192.168.2.0 Customer VPC VPC Endpoints Amazon S3 VPC subnets EC2 Instances Internet GW Optimized Traffic Flow AWS Networking East-West Connection Software Defined Data Center (SDDC) Internet GW Provider Network Compute Gateway ENI from Customer VPC DLR VMware Cloud on AWS VNI 5000 VNI 5001 NSX route table Distributed Router 172.16.0.0 172.16.1.0 172.16.2.0 EC2 Instances, Private AWS services or VPC Endpoints in customers existing VPCs Direct Connectivity from VMC to Customer VPCs (without VPC Peering) 35
VMC and AWS Services VMware Cloud on AWS provides access to native AWS services Connected VPC access Provides higher bandwidth connectivity to selected AWS Services Requires an existing customer VPC Optimized access to EC2 instances and S3 are supported at Initial Availability Additional services will be added in future releases Public Access to AWS Services is also available via the Internet Provides a base level of capability High Performance as VMC runs on the same AWS infrastructure Bandwidth limits for IGW apply Access to AWS Services Amazon EC2 AWS IoT Amazon S3 AWS Direct Connect Amazon RDS AWS IAM 36
VMware Cloud on AWS Networking User Experience NSX is front and center in VMware Cloud on AWS Portal Network Dashboard provides a view of NSX components and connectivity 37
VMware Cloud on AWS Networking User Experience Simplified mode provides basic networking and security functionality Firewall VPN Logical NAT Public IPs 38
VMware Cloud on AWS Networking User Experience Logical Networks are managed within vcenter Server Uses a new HTML5 plugin specifically for VMware Cloud on AWS Enables the following: Create & Delete NSX Logical Switches Provide a Default Gateway Optionally enable DHCP All remaining steps are automated VMworld 2017 Content: Not for publication
VMware Cloud on AWS is an Extension of a Powerful & Mature Production Operational Model and Ecosystem VMworld 2017 Content: Not for publication
Questions
Ray Budavari @rbudavari Frank Denneman - @frankdenneman
Cluster Compute 36 CPU Cores + 512 GB CPU CPU 36 CPU Cores + 512 GB CPU CPU 36 CPU Cores + 512 GB CPU 144 CPU Cores + 2048 GB Memory Default Cluster size: 4 ESXi Hosts CPU 36 CPU Cores + 512 GB CPU CPU 44