PBO2631BE A Base Design for Everyone s Data Center: The Consolidated VMware Validated Design (VVD) Gary Blake Senior SDDC Integration Architect garyjblake #VMworld #PB02631BE
Disclaimer This presentation may contain product features that are currently under development. This overview of new technology represents no commitment from VMware to deliver these features in any generally available product. Features are subject to change, and must not be included in contracts, purchase orders, or sales agreements of any kind. Technical feasibility and market demand will affect final delivery. Pricing and packaging for any new technologies or features discussed or presented have not been determined. 2
Software-Defined Data Center Momentum vsphere 6.x Adoption NSX Going Mainstream vsan Ramp vrealize Expanding Reach New Horizons - vsphere Integrated Containers / Photon 3
Building the Cloud is Often the Bottleneck
Network Virtualization Hyper-Converged Infrastructure Infrastructure As-a-Service Datacenter Trends Public Clouds Containerized Apps Demand for technologies that simplify infrastructure is high But, bringing them together is hard Point solutions Complicated integration Vendor lock-in
Approaches to Implement the Software-Defined Data Center Automated with VMware Cloud Foundation Build Your Own with VMware Validated Designs Custom Do It Yourself A VMware Cloud Foundation system is an integrated SDDC platform with built-in automation for bring-up, configuration and patching/upgrading of the stack Automatically implement an SDDC with a validated architecture that reflects with VMware best practices by deploying VMware Cloud Foundation The VMware Validated Designs provide standardized architecture designs with extensively tested interoperability of the software components Manually deploy individual software components following the VVD guidelines and best practices to deploy and operate the SDDC Design a custom architecture with in-house knowledge Manually deploy and maintain multiple individual software components
Permutation Control Uncontrolled Validated Design Cloud Foundation Greater Risk Less Risk Best possible Less Risk Greater Risk or distribution t=0 t=later 7
VMware Validated Designs Prescriptive Blueprints with Comprehensive Deployment and Operational Practices Standardized Designs Proven & Robust Broad Use Cases Comprehensive Documentation
1.0 VMware Validated Designs A History Lesson February 2016 12mo of Engineering Release to PSO and Partners 2.0 3.0 July 2016 3.5mo of Engineering Smaller scope. (i.e. Dual Region + DR) September 2016 2mo of Engineering Dual Region with DR Two Pod Architecture 3.0.2 4.0 November 2016 1.5mo of Engineering Added M-Seg Use Case Added IT Automating IT Guide March 2017 1.5mo of Engineering. Major Product Updates Added ROBO 4.1 August 2017 4mo of Engineering Minor Product Updates Consolidated Pod Option 9
Design Objectives VMware Validated Design for SDDC Design Objectives Overall Availability Objective 99% SDDC capable of automated provisioning of workloads Type of Deployment Cloud Type Greenfield and Brownfield = 3.65 days downtime/year = Private 1.7 hours Cloud downtime/week Regions and Disaster Recovery Dual-region SDDC that Supports Disaster Recovery Planned Guidance downtime for an expected SDDC whose for upgrades, management patching, components on-going are maintenance. designed to operate in the event of Authentication, Authorization, and Use planned of Microsoft migration Active or disaster Directory recovery. as a central user repository Access Control Use Guidance of service for an accounts SDDC that with supports minimum two required regions authentication for both management and Access and Control tenant List workloads. configuration. Operations guidance for disaster recovery and planned migration Pods Two Use Podof basic tenant accounts. Certificate Signing Certificates Management are signed Pod by Runs an external the management certificate authority stack. (CA) that consists of a root and intermediate authority Shared layers Edge and Compute Pod Runs tenant workloads, and services for north-south plus eastwest routing. Hardening Tenant One Pod workload traffic can be separated from the management traffic. Consolidated Pod Runs the management stack, tenant workloads, and services for north-south The plus design east-west uses a distributed routing. firewall to protect all management applications. To secure the SDDC, only other management solutions and approved administration IP addresses can directly communicate with Max Number of VM individual 10,000 components. Running VMs 150 VM deployments/hour
Design Decisions 290+ in VMware Validated Design for SDDC Ensures the design meets the design objectives. Reinforces standardization with justification and implications. Reduces risk by providing a baseline of standardization. Easy to follow checklist form. 11
Example Design Decisions VMware Validated Design for SDDC Decision ID Design Decision Design Justification Design Implication SDDC-VI-SDN-017 SDDC-VI-SDN-018 SDDC-VI-SDN-019 Deploy NSX Edge Services Gateways in an ECMP configuration for north/south routing in both management and shared edge and compute clusters. Deploy a single NSX UDLR for the management cluster to provide east/west routing across all regions. Deploy a single NSX UDLR for the shared edge and compute, and compute clusters to provide east/west routing across all regions for workloads that require mobility across regions. NSX Design > Routing Design > Routing Model Design Decisions (4.1) The NSX ESG is the recommended device for managing north/south traffic. Using ECMP provides multiple paths in and out of the SDDC. This results in faster failover times than deploying Edge service gateways in HA mode. Using the UDLR reduces the hop count between nodes attached to it to 1. This reduces latency and improves performance. Using the UDLR reduces the hop count between nodes attached to it to 1. This reduces latency and improves performance. ECMP requires 2 VLANS for uplinks which adds an additional VLAN over traditional HA ESG configurations. UDLRs are limited to 1,000 logical interfaces. When that limit is reached, a new UDLR must be deployed. UDLRs are limited to 1,000 logical interfaces. When that limit is reached a new UDLR must be deployed.
Software Components VMware Validated Design for SDDC VMware vrealize Automation VMware vsphere VMware vrealize Log Insight VMware vrealize Business for Cloud VMware vsan VMware vrealize Operations VMware Site Recovery Manager VMware NSX VMware vsphere APIs for Data Protection (VADP)
How do we Create and Validate? Compliance and Security VMworld 2017 Interoperability VMware Validated Designs Measurement and Optimization Content: Not for publication Scale Testing 14
Bill of Materials VMware Validated Design for SDDC 4.1 vsphere 6.5 U1 vsan 6.6.1 NSX 6.3.3 vrealize Automation 7.3 vrealize Business 7.3 for Cloud vrealize Operations 6.6.1 and Management Packs Site Recovery Manager 6.5.1 vrealize Log Insight 4.5 and Content Packs For a complete list refer to the release notes.
Bill of Materials VMware Validated Design for SDDC 4.1 Product Group and Edition Product 4.0 4.1 VMware vsphere Enterprise Plus ESXi 6.5.0 a 6.5.0 Update 1 vsphere Data Protection 6.1.3 6.1.4 Update Manager 6.5.0 a 6.5.0 Update 1 VMware vcenter Server Standard vcenter Server 6.5.0 a 6.5.0 Update 1 VMware vsan Standard or higher vsan 6.5 a 6.6.1 VMware NSX Enterprise NSX 6.3 6.3.3 VMware vrealize Operations Advanced or higher vrealize Operations Manager 6.4 6.6.1 Management Pack for NSX for vsphere 3.5 3.5.1 Management Pack for Storage Devices 6.0.5 6.0.5
Bill of Materials VMware Validated Design for SDDC 4.1 Product Group Product 4.0 4.1 VMware vrealize Log Insight vrealize Log Insight 4.0 4.5 Content Pack for NSX for vsphere 3.5 3.6 Content Pack for Linux - 1.0 Content Pack for vrealize Automation 7 1.0 1.5 Content Pack for vrealize Orchestrator 7.0.1+ 2.0 2.0 Content Pack for Microsoft SQL Server 3.0 3.0 VMware vrealize Automation Advanced or higher vrealize Automation 7.2 7.3 vrealize Orchestrator 7.2 7.3 vrealize Orchestrator Plug-in for NSX 1.0.4 1.0.4 VMware vrealize Business for Cloud Standard vrealize Business for Cloud 7.2 7.3 VMware Site Recovery Manager Enterprise Site Recovery Manager 6.5 6.5.1
Environmental and External Systems Requirements VMware Validated Design for SDDC Rack Space Power Cooling Active Directory Certificate Authority DNS and NTP SMTP Relay SFTP 18
Dual-Region Deployment Ready VMware Validated Design for SDDC Los Angeles, CA Secondary Region San Francisco, CA Primary Region VMworld 2017 Characteristics & Restrictions Regional Distance is Rather Large A Region May Be Treated as an SDDC Multiple Regions are Not Treated as a Single SDDC Workload Placement Closer to Customer Northern California and Southern California US East Coast and US West Coast US Region and EU Region Content: Not for publication Common Uses Disaster Recovery: One region can be the primary site and another region can be the recovery site. Data Privacy: Address laws & restrictions in some countries by keeping tenant data within a region in the same country.
Availability Zones VMware Validated Design for SDDC AVAILABILIITY ZONE AVAILABILIITY ZONE Characteristics Islands of infrastructure for physical isolation or building-level redundancy and high-availability. Positioned within metro distance to allow synchronous storage replication. (~50km/30mi with low single-digit latency and large bandwidth) Allows the SDDC equipment across the availability zone to operate in an active/active manner as a single virtual data center or region. Isolated enough from each other to stop the propagation of failure or outage across their boundaries. Early Access Preview Guidance for vsan Stretched Clusters within a region.
Use Cases Focus on What Runs in the SDDC VMware Validated Designs Remote Office / Branch Office Cloud Native Applications Micro-Segmentation Compliance Capable Solutions IT Automating IT Virtual Desktop / Digital Workspace Intelligent Operations Business Critical Applications
Architecture Overview VMware Validated Design for SDDC Consolidated SDDC VMworld 2017 Content: Not for Main components: Physical Layer Virtual Infrastructure Layer Cloud Management Layer Service Management Business Continuity Security publication
Pods VMware Validated Design for SDDC Standardized Elevation Leaf-and-Spine Network Out-of-Band Management Functional Roles 23
High-Level Deployment Architecture Objectives VMware Validated Design for SDDC Two-Pod / Standard Architecture One-Pod / Consolidated Architecture Minimum Hosts 8 4 Management VMs Recoverability 420 GB vram, 2TB VSAN, 6 TB NFS Dual Region (and Availability Zones in Tech Preview) 50% - 70% less Single Region (DR to cloud) Scale (VMs) 1,000 to 10,000 100 to 2,500 Churn Medium (up to 150/hr) Low (up to 50/hr) VMworld 2017 Content: Not for publication Availability 99% 95% Modularity Expansion options Foundation Cloud Operations Cloud Management + Use Cases, Solutions, ROBO options Additional Compute Pods (Up to 32 Hosts Each) Foundation Cloud Operations Cloud Management Expand Pod to 32 Hosts, or Grow to 2-Pod (with downtime) 24
Licensing Options VMware Validated Design for SDDC Individual Bundling Two-Pod / Standard Architecture vsphere Enterprise + vcenter Sever Standard * vsan Standard NSX for vsphere Enterprise vrealize Operations Advanced vrealize Log Insight vrealize Automation Advanced vrealize Business for Cloud Standard Site Recovery Manager Enterprise (dual region) vcloud Suite with vrealize Suite Advanced * vsan Standard NSX for vsphere Enterprise Site Recovery Manager Enterprise (dual region) One-Pod / Consolidated Architecture vsphere Enterprise + vcenter Server Standard * vsan Standard NSX for vsphere Advanced vrealize Operations Advanced vrealize Log Insight vrealize Automation Advanced vrealize Business for Cloud Standard vcloud Suite with vrealize Suite Advanced * vsan Standard NSX for vsphere Advanced * Preferred storage option 25
Pod Types VMware Validated Design for SDDC Consolidated Pod. The consolidated pod runs the following services: Virtual machines to manage the SDDC such as vcenter Server, NSX manager, vrealize Automation, vrealize Log Insight, vrealize Operations Manager and vsphere Data Protection. Required NSX services to enable north-south routing between the SDDC and the external network, and east-west routing inside the SDDC. Virtual machines running business applications supporting varying Service Level Agreements (SLAs). Should have a minimum of 4 ESXi hosts Storage Pod. Storage pods provide secondary storage using NFS, iscsi or Fibre Channel. 26
Layer 3 or Layer 3 Transport VMware Validated Design for SDDC Example Layer 2 Transport Example Layer 3 Transport 27
Virtual Infrastructure Architecture VMware Validated Design for SDDC VMworld 2017 The virtual infrastructure is the foundation of an operational SDDC The virtual infrastructure layer consists primarily of the physical hosts' hypervisors and the control of these hypervisors. Content: Not for publication 28
Consolidated Cluster Design VMware Validated Design for SDDC The management virtual machines, NSX controllers and edges, and tenant workloads run on the ESXi hosts in the consolidated cluster. The consolidated cluster design requires a minimum of 4 hosts: Three hosts are used to provide n+1 redundancy for the vsan cluster. The fourth host is used to guarantee n+1 for vsan redundancy during maintenance operations. You can add ESXi hosts to the cluster as needed. NSX deploys 3 Controllers with anti-affinity rules. the forth host is used to guarantee controller distribution across 3 hosts during maintenance operation. ESXi hosts are limited to 200 virtual machines when using vsan. 29
Logical and Physical Design of vrealize Operations Manager VMware Validated Design for SDDC VMworld 2017 In the consolidated SDDC, you deploy a vrealize Operations Manager configuration that consists of the following entities. 1-node (medium-size) vrealize Operations Manager analytics cluster. This topology provides the ability to add high availability, scale-out capacity up to sixteen nodes, and failover. Content: Not for publication 1 standard remote collector node. The remote collectors communicate directly with the vrealize Operations Manager analytics cluster. The design uses remote collectors whose role is to ease scalability by performing the data collection for localized applications and periodically sending collected data to the analytics cluster. 30
Logical Design and Data Sources of vrealize Log Insight VMware Validated Design for SDDC VMworld 2017 Content: Not for In the Consolidated SDDC, deploy a single vrealize Log Insight instance that consists of a single master node. publication This configuration allows for the required functionality and the log ingestion rates generated from the management components 31
vrealize Automation Infrastructure as a Service Design VMware Validated Design for SDDC VMworld 2017 The Cloud Management Platform (CMP), of which vrealize Automation is a central component, enables a usage model that includes interaction between users, the CMP itself, the supporting infrastructure, and the provisioning infrastructure. vrealize Automation supports deployments with a single tenant or multiple tenants. Content: Not for publication This design deploys a single tenant containing two business groups. The first business group is designated for production workloads provisioning. The second business group is designated for development workloads provisioning. 32
WAN/LAN Summary Consolidated Management and Workload VMware Validated Design for SDDC External Connection Consolidates Management, Edge, and Workload into a single pod. Requires only a minimum of 4 ESXi hosts All functional testing and validation of the design is done using vsan. Any supported storage may be used. Adjust the operations guidance. Network Transport Supports both L2 and L3 transport services. Scalable and vendor-neutral network, use an L3 transport. Ready for Scale Expandable to a 32 ESXi host pod. SDDC solutions easily scale deployed w/ native or NSX load balancing in place. Transitions to Two-Pod Distributed Management and Workload (Standard) Downtime Required Single Region and Single Availability Zone License Flexibility for NSX (No Universal Objects)
Additional Resources VMware Validated Design for SDDC 4.1 Resource Product Page Download Poster Community Videos and Demos Certified Partner Architectures Twitter and more! URL vmware.com/go/vvd vmware.com/go/vvd-sddc vmware.com/go/vvd-sddc-poster vmware.com/go/vvd-community vmware.com/go/vvd-videos vmware.com/go/vvd-cpa @VMwareSDDC vmwa.re/vvd
Get Started VMware Validated Design for SDDC Access the Documentation vmware.com/go/vvd-docs Professional Services vmware.com/go/services Certified Partner Architectures vmware.com/go/vvd-cpa 2017 VMware Inc. All rights reserved. Slide 35