Professional Documents
Culture Documents
CONFIDENTIAL 3
Speaker Introduction
Who
Simon Genzer
Product Line Manager, vCloud Air Network
Cambridge, MA
Tina Lam
Product Line Manager, vCloud Air Network
Palo Alto, CA
Why
vCloud Director is a platform that enables
Service Providers to offer a wide range
of tenant services
CONFIDENTIAL 4
Session Agenda
2 Use Cases
3 Current State
4 Vision
5 Demo
CONFIDENTIAL 5
Introducing vCloud Director
VMware vCloud Air Network Cloud Solution Portfolio
Solution Delivery Models Extend and Adapt across Portfolio for Efficient, Agile Solution Lifecycles
Cloud
Management Automation Orchestration Operations
Solutions
Common
SDDC Platform Networking Compute Storage
CONFIDENTIAL 7
VMware vCloud Air Network Cloud Solution Portfolio
Solution Delivery Models Extend and Adapt across Portfolio for Efficient, Agile Solution Lifecycles
VMware
New VMware
and Partner End User Computing Disaster Recovery Service Partner Solutions
Solutions
Solutions
Solution
Delivery Managed Hosting Dedicated Private Cloud Multi-Tenant Cloud
Model
Cloud
Management Automation Orchestration Operations
Solutions
Common
Networking Compute Storage
SDDC Platform
CONFIDENTIAL 8
VMware vCloud Air Network Cloud Solution Portfolio
Solution Delivery Models Extend and Adapt across Portfolio for Efficient, Agile Solution Lifecycles
VMware
and Partner
Solutions
VMware NSX
Common
SDDC Platform Networking VMware vSphere
Compute Storage
VMware VSAN
CONFIDENTIAL 9
vCloud Director for Service Providers
Strong Multi-Tenancy
Tenant A Tenant B Tenant C
Capacity Management
vCloud Director for Service Providers
Open Platform
NSX NSX
SDDC Stack vCenter vCenter
ESXi
Storage
Network
CONFIDENTIAL 10
vCloud Director – Key Capabilities
Service Provider Tenant A Tenant B Tenant C
Strong
Multi- Tenant
Service Tenancy
Provider UI/API
UI/API
vCloud Director for Organization
Catalog
Service Providers
Global
Catalog
Interop with
3rd Party SDDC Stack
Solutions
Role-Based
Access
Consumption Control
Models
Interop with Identity
VMware Federation
SDDC
Stack
CONFIDENTIAL 11
Service Provider Use Cases
Use Case: Multitenant IaaS Cloud
• Tenants self-provision
Org VDC Org VDC Org VDC Org VDC Org VDC
compute, storage and network
resources through Tenant UI
vCloud Director for Service Providers Portal or Tenant API
• Service Provider manages
Provider VDC Provider VDC Provider VDC
(Gold) (Silver) (Bronze) infrastructure through vCenter
and vCloud Director
management UI and APIs
• Multiple vCenter clusters
ESXi Cluster ESXi Cluster ESXi Cluster ESXi Cluster provide differentiated levels of
CPU: 2x Intel® CPU: 2x Intel® CPU: 2x Intel® CPU: 2x Intel®
Compute service
Xeon® @ 3.00GHz Xeon® @ 3.00GHz Xeon® @ 3.00GHz Xeon® @ 3.00GHz
• Multiple datastores can be
RAM: 256GB RAM: 256GB RAM: 256GB RAM: 256GB configured to provide different
levels of service using storage
vSAN Datastore vSAN Datastore vSAN Datastore NFS Datastore profiles
vSAN Model: All Flash vSAN Model: All Flash vSAN Model: Hybrid Model: HDD
HDD Disks: 3x200GB Disks: 1x200GB 25% Flash, 75% HDD Disks: 5x200GB
Flash Disks: 1x200GB # of FTT: 2 Disks: 1x200GB
# of FTT: 2 Disk Stripes: 2 # of FTT: 1
Disk Stripes: 2 ….. Disk Stripes: 1
…..
CONFIDENTIAL 13
Use Case: Hybrid Cloud
• For managed service, service
providers deploy edge
Tenant/Enterprise Service gateways and provision IPsec /
Provider L2VPN tunnels in Org VDC
• For IaaS, tenants self provision
the edge gateway and IPsec /
L2VPN tunnels
• L2VPN tunnel allows network
extension between on-prem
9 and Service Provider cloud
Organization
Tenant vDC • Hybrid cloud model allows for
Edge
Edge
Gateway cloud bursting, cloud migration
Gateway
IPsec / IPsec / VM VM
and disaster recovery as a
VM VM L2VPN
L2VPN service
Client Server
VM VM
VM VM
CONFIDENTIAL 14
Use Case: Micro-Segmentation
VM
CONFIDENTIAL 17
vCloud Director 8.10: Affinity Settings
Tenants Tenants
F E AT U R E S
UI/API UI/API
• VM to VM Affinity, Anti-affinity rules for VMs placement
CATALOGS Affinity Rule/ CATALOGS
in hosts. Accessible through API and UI.
Adv VM settings
• Available to SP admin and tenant admin
BENEFITS
Place VM in resource VM Placement
pool/host/cluster Extension • Drive Cost Efficiencies
Custom control over VM placement and provisioning
CONFIDENTIAL 19
vCloud Director Future
HTML5 UI
F E AT U R E S
• Modern HTML5 UI
• First workflows would be tenant-facing Networking
configuration (NSX-vCloud Director integration)
BENEFITS
BENEFITS
23
Multi-Tenant Networking with NSX
F E AT U R E S
• Multi-tenant API access to NSX
• Tenant can self-manage NSX advanced edge features such
as dynamic routing, IPsec VPN, L2VPN SSL VPN and load
balancer
• Tenant can manage and configure NSX Distributed Firewall
for micro-segmentation
• North-bound multi-tenant NSX API for service providers and
tenants
BENEFITS
24
Advanced Networking Features for Tenant Self Provisioning
Edge Gateway Features vCD 8.10 vCD 8.20 (Planning)
Firewall
DHCP
NAT
Static Routing
Dynamic Routing
(OSPF, BGP, route redistribution, graceful restart)
IPsec VPN
L2VPN
SSL VPN Basic
Certificates
Load Balancer Basic
DFW Features vCD 8.10 vCD 8.20 (Planning)
Distributed Firewall
Grouping Objects IP / MAC sets
CONFIDENTIAL 25
Multi-tenant NSX API
• All advanced networking features will be available using NSX API
• VCD will act as proxy for the NSX managers and maintain tenant
boundary
• For example, to retrieve OSPF config on the edge gateway (per
the access privilege of the user)
NSX API
https://NSX-IP-Address/api/4.0/edges/edgeId/routing/config/ospf
vCD API
https://VCD-IP-Address/network/edges/edgeId/routing/config/ospf
• Provisioning of the edge, and other vCD functions will continue to Consistent Networking APIs for
use the existing vCD API. On-Prem and Cloud
26
Networking Services as Discrete Rights
• Each network service maps to an individual right
• Provider / Tenant admins assign rights to roles and
then roles to users
• Service Provider can control and enforce access to
advanced NSX networking services such as SSL
VPN and Load Balancer
A New “Configure Gateway Services”
• Allow SPs to package networking services as a la section
carte offering or as bundles Configure FW
Configure IPsec VPN
Configure OSPF
.....
27
Organization Constrained Rights and Roles
Rights (A,B,C) Rights (B,C,D) • Providers assign rights specific to each org
• Org admins create roles private to each Org VDC
ProviderAdmin
• Org admins assign rights to those roles constrained
by rights of each org
• Default roles Org admins, vApp authors and vApp
users are still available to be assigned to each Org
Org Admin Org Admin
• APIs in Sunglow. UI in future release.
28
Demo !
Demo – Tenant Self-Provision OSPF routing
1. Log into vCloud Director as system admin
2. Log into vCloud Director as tenant org admin
3. Access the HTML5 UI edge gateway services
4. Configure OSPF from UI
5. Verify network connectivity
6. Retrieve OSPF configuration through multi-tenant NSXAPI
CONFIDENTIAL 30
Demo Topology
External Network: 192.168.200.0/24
OSPF Area 30
VNic0
192.168.200.9
EdgeGateway_Coke OSPF enabled router
Router ID Router ID
192.168.200.3 192.168.200.8
VNic1
Coke_VM_Network
172.20.0.0/16 172.30.0.0/16
172.20.0.30 172.30.0.101
VM VM
Coke_vm1
Coke_OrgVDC_local
31
Questions?
CONFIDENTIAL 32
We value your
feedback.
Please take the brief survey…
33
Thank You!
vmware.com/go/SalesBriefcase
vmware.com/go/SalesBriefcase
CONFIDENTIAL 37
NSX and vCloud Director Use Cases
• NSX functionality can be consumed out-of-band from vCD to enable provider-side use cases
Micro-segmentation of provider • Securely provide network based services to tenants • NSX Distributed Firewall
managed networks e.g., Backup, Monitoring, Patching • SpoofGuard
CONFIDENTIAL 39
vCloud Director and vCenter Concepts
vCloud Director Managed Entities
Organization,
Organization VDC
vApp Organization/Tenant vApps, VMs
Allocation Models
Org VDC Org VDC Org VDC Allocations, guarantees
vCenter Server
Managed Entities
Resource Pools
VM
Compute clusters
Resource Resource Resource Resource Datastores
Pool Pool Pool Pool NSX VMs
Manager Limits, reservations
ESXi Cluster ESXi Cluster
NSX Native
Native DR
Networking Backup
Services
Services Services
Native Services
CONFIDENTIAL 42
Construct for Multi-Tenancy at Network Level
SP Network/External Network
Tenant External Network VXLAN 1000
Tenant External Network VXLAN 1001
Tenant A Tenant B
Routed Routed
DMZ DMZ
Zone Zone
Test/Dev Finance
43
NSX and vCloud Director Use Cases
• NSX functionality can be consumed out-of-band from vCD to enable provider-side use cases
• Enables providers to deliver value added services to their cloud consumers
• Does not require direct product integration
• Can be automated for rapid provisioning or even self-service
Use Case Benefit NSX Components
Gateway Virtualization • Virtualize network functions on commodity x86 hardware NSX Edge Gateway
• Common interface and vendor across all services VXLAN
L2VPN & L2 Bridging • Cloud Bursting NSX Edge Gateway
• Cloud Migration NSX L2 Bridging
• Network Extension
• Disaster Recovery as as Service
Micro-segmentation of provider • Securely provide network based services to tenants, eg: NSX Distributed Firewall
managed networks - Backup SpoofGuard
- Monitoring
- Patching
Guest/Network Introspection • Agentless guest and network based services from NSX NSX Service Composer
NSX Partners Services Partners, eg: Partner Ecosystem
- Anti Virus
- IDS/IPS CONFIDENTIAL 44