MGT1799BE Full-Stack Automation: Streamlining, Delivering and Managing App- Centric IT Kim Ranyard Steffen Moen Jad El-Zein #world #MGT1799BE world 2017 Content: Not for publication
Disclaimer This presentation may contain product features that are currently under development. This overview of new technology represents no commitment from ware to deliver these features in any generally available product. Features are subject to change, and must not be included in contracts, purchase orders, or sales agreements of any kind. Technical feasibility and market demand will affect final delivery. Pricing and packaging for any new technologies or features discussed or presented have not been determined. world 2017 Content: Not for publication 2
Agenda 1 Introduction 2 vrealize Automation Overview 3 Application-Centric Networking and Security 4 Application-Centric Storage 5 Automate the Ecosystem 6 Beyond OOTB world 2017 Content: Not for publication 3
ware Today ESX thanks and, eventually, largely to incredible VirtualCenter Provisioning a new machine went from advancements enabled the RIGHT-CLICK -> DEPLOY 4-5 That in weeks was 3-4 technology (or 15 weeks most enterprises more) :-( years to ago < 5mins methodology deliver [traditional] of machine applications provisioning in world 2017 Content: Not for publication
Why Is Automation a Thing? world 2017 Content: Not for publication 5
Web App DB BLUEPRINT Automation IT Automating IT Self-Service Infrastructure Rapid and Repeatable Service Deployments Automating Networking, Policy and Security for IT, Developers and Research APP APP APP APP APP APP APP APP world 2017 Content: Not for publication 6
Cloud Management Is Fundamental to the SDDC vra Defines, Delivers, and Governs the SDDC Any Device Any Application Any Cloud Cloud Management Platform Virtual / Cloud Infrastructure Compute Business Mobility: Applications Devices Content Networking & Security Traditional Cloud Native Software-Defined Datacenter (SDDC) vrealize Automation IaaS Self-Service GUI CLI API App- Centric Storage XaaS Hybrid Cloud DevOps Release Automation Extensibility world 2017 Content: Not for publication Cloud Providers 7
Automation Accelerates Services Delivery Developer Request Wait IT Processes Ticket Wait Infrastructure Verification Install, Setup, Configure Load Balancer Entries / Firewall Changes > 2-3 Days Build s New or Clone Web Server Configuration Wait Blueprint Get IP 1-2 days 3-5 days 3 5 days Minutes Work External Interface & Integration Speed Days to minutes Stability Consistent Repeatable world 2017 Content: Not for publication Control Aligns with Business Processes 1 2 days 4 7 days 2 3 days 2 5 days Wait time Task time 8
vra s Unified Service Catalog IaaS Apps XaaS Custom Services Service category App Store Experience world 2017 Content: Not for publication Custom Service Categories Custom Service IaaS and XaaS Services 9
Unified Service Delivery Converged Blueprint Designer Common Authoring for all Machine Types Incorporate On-Demand Networking and Security Incorporate external (XaaS) custom services world 2017 Content: Not for publication 10
Optimized Placement Using vr Ops Analytics Intelligent Workload Placement (WLP) world 2017 Content: Not for Utilize analytics data in vrealize Operations to optimize the placement of workloads publication vra: Enable Workload Placement Policy (WLP) in Infrastructure tab. vr Ops: Create/Edit Monitoring Policy per workload requirements Supports vrealize Operations 6.6+ 11
Benefits of Automating Networking & Security Reduce Time, Reduce Errors, Increase Visibility Multi-Machine Topology Provide advanced networking topologies as part of the vrealize Automation Catalog to cloud users Full automation Automated deployment of NAT topology with connected s Consistent policy Repeatable deployments of customer environments to help diagnose technical issues Isolation between environments Each deployment is completely self contained Full ware SDDC world 2017 Content: Not for publication Complete ware stack with vrealize Automation, NSX and vsphere
+ Data Center 1 Data Center 2 App-Centric Networking & Security Segmentation Tenancy Critical Segmentation of Workloads Production Development Tenant Shared Services Automated Access to Shared Services Security group and application policy set for access to shared IT services SDDC Automation Security and Performance policy model to simplify and automate Leveraged tagging to classify workloads into use case groups world 2017 Content: Not for publication Overlay networking Production Development Tenant X DMZ 13
vrealize Automation + NSX Cloud Consumers Cloud Admin Security Networking CONNECTIVITY Unified Service Catalog Converged Blueprint AVAILABILITY Applications Extensibility SECURITY Benefits Unified Service Design and Delivery App-Centric Networking and Security Incorporate External Services Achieve greater control and visibility Reduce wait times for siloed IT services Manage Infrastructure as Code Lifecycle Manage Everything Standardized and repeatable process world 2017 Content: Not for publication On-Demand Networks Network Profiles On-Demand Load Balancer Security Tags Security Groups Security Policies Network Admin Security Admin 14
NSX Automation Use Cases Automation for IT & Developers Network Admins Security Admins world vrealize Automation Application Workloads Virtual Network Infrastructure 2017 Content: Not for publication Developers Physical Network Infrastructure 15
Application-centric Network And Security Services Deployed & Managed in the Application Context Web App Database Connectivity Security Availability App-specific Networking Configuration App-specific Security Policies Dynamic App Availability Configuration world 2017 Content: Not for publication Support for Multi-tier Apps on Multiple Networks or Single Flat Network Performance App-specific Networking Performance 16
vra + NSX Cloud Operational Model One Time Recurring Network Admin Security Admin Cloud Architect Cloud Consumer 1 Defines 2 Defines 3 5 Builds Deploys External Networks Security Tags Converged Blueprints Network Profiles Security Groups Publish 4 6 N Applications NSX Load Balancer Security Policies Service Catalog Network Admin defines: Initial network configuration in NSX External Networks and Network Profiles in vra Security Admin defines in NSX: Distributed Firewall Rules Security Groups / Policies / Tags Cloud architect builds Blueprints: Blueprints include NSX Networks, Security components, Load Balancers, s and Apps Cloud Architect publishes Blueprints world 2017 Content: Not for publication Cloud Consumer deploy applications: End-to-end provisioning: networks, NAT rules, security and LB configured at deployment 20
7.3 Managing NAT Port Forwarding Rules NSX On-Demand NAT Day 2 Actions world 2017 Content: Not for Manage (edit) NSX On- Demand NAT Port Forwarding Rules as a Day 2 Action Rules can be added, removed, modified publication Order can be changed Entitle Actions as needed
7.3 Granular Load Balancer Controls NSX On-Demand Load Balancer Day 1-2 Edits world 2017 Content: Not for Granular controls built in to the Converged Blueprint Designer Edit existing Virtual Servers including: LB Algorithm Persistence publication Health Monitors Transparent Mode Port
7.3 Managing NSX Security Groups and Tags Security Day 2 Actions world 2017 Content: Not for New Day 2 Actions to manage security services after provisioning View active NSX Security Groups and Tags Add Existing NSX Security Groups or Tags to a running application publication Disassociate NSX Security Groups and Tags from applications
DEMO [APP-CENTRIC NETWORKS] world 2017 Content: Not for publication 24
App-Centric Storage Policy Controls vra SPBM Plugin 2.x world 2017 Content: Not for Set desired storage policies at request time Dynamically retrieves storage policy list from vcenter publication Setting or change storage policies for either home or disks Automatically move objects to compliant datastores when changing storage policies Leverages the Event Broker Service 25
vra SPBM Integration SPBM Selection at Request Time world 2017 Content: Not for SPBM Selection Enable option to select storage tier at request time publication Drop-down to select available SPBM Policy 26
SPBM Day-2 Actions Invoking a Policy Change world 2017 Content: Not for Day-2 Actions Change Storage Policies post-provisioning Action is Entitled and visible per entitlement policy publication 27
Three Types of App Environments App Generation 2.0 Diminishing Market Presence Client Server Apps s Only Little DevOps Mostly Private Cloud App Generation 3.0 2.5 Emerging Market Market Vanguard Majority Mixed Cloud Application Native Apps Types Containers s Maturing and Containers DevOps Emerging Mostly Public DevOps Cloud Discipline Cross Cloud The New Norm world 2017 Content: Not for publication 28
There Are Many Challenges Security Monitoring Networking Compliance world 2017 Content: Not for publication Production Environment 29
vra Container Management with world 2017 Content: Not for New Capabilities in vra 7.3: Docker Volume Support Create and update persistent volumes Deploy applications with persistent volumes publication vsphere Integrated Containers Support for vsphere Integrated Containers User Experience User Interface Improvements * Requires vra Ent Licensing 30
vra Container Management in Action world 2017 Content: Not for Self-Service Provisioning for Container Applications and Container Hosts Design Traditional, Container or Hybrid ( + Container) Applications publication Discovery and Management of Container Hosts and Containers 31
vra + Azure Public Cloud Unified Design Canvas world 2017 Content: Not for Azure Endpoint with subscription and Active Directory users information Reservations and integration with governance model Blueprint creation with Azure s, storage disks, and nics publication Azure Networking Support Subnets Load balancers
vra + AWS EC2 Unified Design Canvas world 2017 Content: Not for Build, provision, and management EC2-based services Supports all EC2 Instance types Blueprint creation with Azure s, storage disks, and nics publication EC2 Networking Options VPC s Security Policies 33
Manage ware Cloud on AWS Managed Endpoint world 2017 Content: Not for Manage vcenter in ware Cloud on AWS Treated as a traditional vsphere / vcenter Endpoint Build an IaaS Fabric using ware Cloud SDDC Resources publication Leverage Reservation Policies for machine placement
vra ServiceNow integration Catalog Sync world 2017 Content: Not for Entitled vra catalog items are visible in ServiceNow catalog Items are synced per configurable schedule Currently only vsphere machines are supported publication 35
External IPAM Vendor Framework Framework support for On-demand Routed Networks world 2017 Content: Not for Integrate with external IPAM (Infoblox) Deploy machines with an external network IP address automatically assigned from IPAM publication Added support for NSX Ondemand Routed networks Vendor-provided plugin
Beyond OOTB Ecosystem Integration world 2017 Content: Not for publication
Adapt and Extend vrealize Automation Call external tools and applications during the delivery process Create custom day-2 actions Automate any IT service New Employee Onboarding Ad user to AD Setup email Configure access to file shares and apps Request vrealize Automation Event Broker Service XaaS Service Designer Pluggable Framework vrealize Orchestrator 3 rd party management systems CMDB IPAM / DNS / DHCP Load Balancers / Networking Service Desk Monitoring Systems Storage Management Databases Web Services world 2017 Content: Not for publication 38
vra Property Dictionary Customized UI Dynamic Request Options world 2017 Content: Not for UI control improvements are done with property actions Support for key/value pairs for list items in drop down list Support for regular expression input for text field publication New UI controls available OOTB for pulling information from external systems Dropdown list from power shell script Dropdown list from database
Event Broker Subscriptions Enable OOTB extensibility for IaaS and App Services world 2017 Content: Not for Enable OTB extensibility for IaaS and Application Services dynamically by leveraging the Event Broker Service (EBS) Invoke workflows based on a policy-based trigger configured for a specific interesting event publication Invoke vro Workflow to integrate with a custom service based on the NAME of a blueprint, Custom Property Value, Requestor ID, or machine and platform type.go!
XaaS Delivers Anything as a Service world 2017 Content: Not for Leverage existing or custom vro worflows to quickly build new catalog services. XaaS Forms Designer provides UI-based service authoring. Instantly transform any workflow into an entitled, governed, and lifecycle management service in the vra Catalog publication Incorporate complete XaaS Blueprints into a broader CBP design Create custom XaaS Day2 Actions 41
vrealize Orchestrator Integrate Automate Orchestrate Included with ware vrealize Automation and as standalone appliance to enable automation and orchestration Makes IT operations faster and less error-prone by facilitating the automation of IT processes Facilitates the development of workflows Provides a graphical integrated development environment (IDE) Enables workflows to be exported and imported through packages world 2017 Provides a workflow engine Offers multiple ways to run workflows Content: Not for publication 42
DEMO [EXTENSIBILITY USE CASE] world 2017 Content: Not for publication 43
vrealize Cloud Client world 2017 Content: Not for Create a layer of abstraction between the vra functionality and the end consumer to increase the ease of which users are able to run automated actions against vra CLI-based and easy to learn / use Works on Windows and Linux Use locally or invoke remotely publication Interacts with vra API Provides access to most vra functions programmatically 44
Infrastructure as Code Export Import Share Interoperable world 2017 Content: Not for id: Wordpress.4.3.1 name: Wordpress 4.3.1 components: LB: type: Infrastructure.Machine.vSphere data: machine: cpu: {max: 4, default: 2} memory: 1024 publication wpapache: type: Software.wpApache_1 data: host: '${_resource~lb~machine} wpmysqldb: type: Software.wpMySQLDB_1 data: db_port: 3306 WebApp: type: data:wpmysql_config_1 db_port: ${MySQL~db_port} db_username: ${DB_Setup~db_username} 45
An API Evolution HATEOAS (Hypermedia as the Engine of Application State) links available for dynamic POST requests, provides a JSON object which is suitable for use as a payload to the corresponding POST request. Each response body includes URIs for logical next steps, e.g., perform operations on a machine, submit request for a catalog item, get details of an item in a list, add new object into a list world 2017 Content: Not for publication 46
vrealize Suite Lifecycle Manager Comes with the latest vrealize Suite 2017 world 2017 Content: Not for publication
Introducing vrealize Suite Lifecycle Manager The Best Way to Manage Your vrealize Suite Streamline and simplify the deployment and on-going management of the vrealize product portfolio throughout its life cycle. vrealize Suit e Lifecycle Manag er Inst all Upgrade vrealize Suit e Pat ching Health Monit oring Configurat ion Management Accelerate time-to-value: Simplify deployment and upgrade with automated pre-checks and validation. Minimize on-going management: Automate config world 2017 Content: Not for publication and drift management with health monitoring. Enable best practices: Enforce alignment with ware recommended reference architectures and validated designs. 48
Instant Benefit of Faster Deployment, Easier to Manage Accelerate Time-to-Value At least 30% faster to deploy and configure! world 2017 Reduce Context Switches Certification generation Automated entitlement check Automated SDDC compatibility check Reduce User Inputs Pre-defined deployment configuration VVD-defined solution-based installation Upfront user input collection Content: Not for publication Recover From Failures Resume and retry Point-in-time snapshot * Based on ware Quality Engineering deployment of large greenfield HA environment which supports up to 50,000 s. Customer benefit may be much greater as installation times without LCM can vary significantly (based on ware experience and customer research) Optimize Installation vidm integration for Single Sign On Export/Import configuration capabilities for easy replication 49
world 2017 Content: Not for publication
world 2017 Content: Not for publication