You are on page 1of 44

Partner Exchange at

Building and Enabling a Hybrid Cloud with vCloud


Director - A Perspective for Service Providers
Simon Genzer, Tina Lam

© 2016 VMware Inc. All rights reserved.


Disclaimer
• This presentation may contain product features that are currently under development.
• This overview of new technology represents no commitment from VMware to deliver these
features in any generally available product.
• Features are subject to change, and must not be included in contracts, purchase orders, or
sales agreements of any kind.
• Technical feasibility and market demand will affect final delivery.
• Pricing and packaging for any new technologies or features discussed or presented have not
been determined.

CONFIDENTIAL 3
Speaker Introduction
Who
Simon Genzer
Product Line Manager, vCloud Air Network
Cambridge, MA

Tina Lam
Product Line Manager, vCloud Air Network
Palo Alto, CA

Why
vCloud Director is a platform that enables
Service Providers to offer a wide range
of tenant services

CONFIDENTIAL 4
Session Agenda

1 Introducing vCloud Director

2 Use Cases

3 Current State

4 Vision

5 Demo

CONFIDENTIAL 5
Introducing vCloud Director
VMware vCloud Air Network Cloud Solution Portfolio
Solution Delivery Models Extend and Adapt across Portfolio for Efficient, Agile Solution Lifecycles

VMware New VMware


and Partner End User Computing Disaster Recovery Service Partner Solutions
Solutions
Solutions

Cloud
Management Automation Orchestration Operations
Solutions

Common
SDDC Platform Networking Compute Storage

CONFIDENTIAL 7
VMware vCloud Air Network Cloud Solution Portfolio
Solution Delivery Models Extend and Adapt across Portfolio for Efficient, Agile Solution Lifecycles

VMware
New VMware
and Partner End User Computing Disaster Recovery Service Partner Solutions
Solutions
Solutions

Solution
Delivery Managed Hosting Dedicated Private Cloud Multi-Tenant Cloud
Model

Cloud
Management Automation Orchestration Operations
Solutions

Common
Networking Compute Storage
SDDC Platform

CONFIDENTIAL 8
VMware vCloud Air Network Cloud Solution Portfolio
Solution Delivery Models Extend and Adapt across Portfolio for Efficient, Agile Solution Lifecycles

VMware
and Partner
Solutions

Solution Managed Hosting Dedicated Private Cloud Multi-Tenant Cloud


Delivery
Model

Cloud vRealize Automation vCloud Director


Management Automation
vRealize Operations Orchestration
vRealize Operations Operations
vRealize Operations
Solutions
vRealize Log Insight vRealize Log Insight vRealize Log Insight

VMware NSX
Common
SDDC Platform Networking VMware vSphere
Compute Storage
VMware VSAN

CONFIDENTIAL 9
vCloud Director for Service Providers
Strong Multi-Tenancy
Tenant A Tenant B Tenant C

Capacity Management
vCloud Director for Service Providers

Open Platform
NSX NSX
SDDC Stack vCenter vCenter

Virtual SAN Virtual SAN

ESXi
Storage

Network

CONFIDENTIAL 10
vCloud Director – Key Capabilities
Service Provider Tenant A Tenant B Tenant C

Strong
Multi- Tenant
Service Tenancy
Provider UI/API
UI/API
vCloud Director for Organization
Catalog
Service Providers
Global
Catalog
Interop with
3rd Party SDDC Stack
Solutions
Role-Based
Access
Consumption Control
Models
Interop with Identity
VMware Federation
SDDC
Stack

CONFIDENTIAL 11
Service Provider Use Cases
Use Case: Multitenant IaaS Cloud
• Tenants self-provision
Org VDC Org VDC Org VDC Org VDC Org VDC
compute, storage and network
resources through Tenant UI
vCloud Director for Service Providers Portal or Tenant API
• Service Provider manages
Provider VDC Provider VDC Provider VDC
(Gold) (Silver) (Bronze) infrastructure through vCenter
and vCloud Director
management UI and APIs
• Multiple vCenter clusters
ESXi Cluster ESXi Cluster ESXi Cluster ESXi Cluster provide differentiated levels of
CPU: 2x Intel® CPU: 2x Intel® CPU: 2x Intel® CPU: 2x Intel®
Compute service
Xeon® @ 3.00GHz Xeon® @ 3.00GHz Xeon® @ 3.00GHz Xeon® @ 3.00GHz
• Multiple datastores can be
RAM: 256GB RAM: 256GB RAM: 256GB RAM: 256GB configured to provide different
levels of service using storage
vSAN Datastore vSAN Datastore vSAN Datastore NFS Datastore profiles
vSAN Model: All Flash vSAN Model: All Flash vSAN Model: Hybrid Model: HDD
HDD Disks: 3x200GB Disks: 1x200GB 25% Flash, 75% HDD Disks: 5x200GB
Flash Disks: 1x200GB # of FTT: 2 Disks: 1x200GB
# of FTT: 2 Disk Stripes: 2 # of FTT: 1
Disk Stripes: 2 ….. Disk Stripes: 1
…..
CONFIDENTIAL 13
Use Case: Hybrid Cloud
• For managed service, service
providers deploy edge
Tenant/Enterprise Service gateways and provision IPsec /
Provider L2VPN tunnels in Org VDC
• For IaaS, tenants self provision
the edge gateway and IPsec /
L2VPN tunnels
• L2VPN tunnel allows network
extension between on-prem
9 and Service Provider cloud
Organization
Tenant vDC • Hybrid cloud model allows for
Edge
Edge
Gateway cloud bursting, cloud migration
Gateway
IPsec / IPsec / VM VM
and disaster recovery as a
VM VM L2VPN
L2VPN service
Client Server

VM VM
VM VM

CONFIDENTIAL 14
Use Case: Micro-Segmentation
VM

Control Center • Layered security approach:


Edge firewall secures north-
south traffic in and out of the
Finance
VDC while distributed firewall
inspects the east-west traffic
HR
within VDC.
• Distributed firewall allows the
Tenant security policies to be aligned
Edge Firewall with the functional group of
Organization
VDC VMs independent of placement
WEB App Distributed DB of VMs
Firewall
• Tenant can self-provision the
firewall per their own security
V V V V V V V V practice.
M M M M M M M M
*Tenant self-provision
distributed firewall in future
release
CONFIDENTIAL 15
vCloud Director Current State
vCloud Director 8.10: User Interface

Tenants Tenants Tenants


F E AT U R E S

UI/API UI/API UI/API • vCloud Director UI revised to include feature parity


with API changes in previous releases
CATALOGS CATALOGS CATALOGS
• Disk level storage profiles, tenant throttling, VDC
limits, self service VDC templates in vCloud Director
UI

Virtual Data Center 1 Virtual Data Center 2 Virtual Data Center3


BENEFITS

• Drive Cost Efficiencies


 No custom code required to consume capabilities
and faster PoC cycles

VCENTER SERVER 1 VCENTER SERVER 2 VCENTER SERVER N • Improve Customer Experience


 Allows consistent user experience for customers

CONFIDENTIAL 17
vCloud Director 8.10: Affinity Settings

Tenants Tenants
F E AT U R E S

UI/API UI/API
• VM to VM Affinity, Anti-affinity rules for VMs placement
CATALOGS Affinity Rule/ CATALOGS
in hosts. Accessible through API and UI.
Adv VM settings
• Available to SP admin and tenant admin

Virtual Data Center 1 Virtual Data Center3 BENEFITS


• Ability to control VM-VM placement on ESXi hosts.
• Affinity may provide lower latency and better
performance and CPU utilization for some types of
VMWARE VMWARE VMWARE
workloads.
VCENTER SERVER 1 VCENTER SERVER 2 VCENTER SERVER N
• Anti-affinity helps with redundancy to limit impact of
host –specific failures.
• API and UI support for creating and managing affinity,
anti-affinity rules
CONFIDENTIAL 18
vCloud Director 8.10: Object Extensibility
F E AT U R E S
Invoke • Custom rules and constraints for VM placement
Extension (e.g., Datastore > X TB available capacity)
• VM placement directives
(e.g., VM must be placed on resource pool/host/cluster
VM Provisioning XYZ)
Provision VM
Extension
• Custom VM provisioning

BENEFITS
Place VM in resource VM Placement
pool/host/cluster Extension • Drive Cost Efficiencies
 Custom control over VM placement and provisioning

• Improve Customer Experience


 Ability to integrate VM lifecycle workflows into external
systems

CONFIDENTIAL 19
vCloud Director Future
HTML5 UI
F E AT U R E S

• First step for an unified presentation layer across dedicated


& multi-tenant clouds

• Modern HTML5 UI
• First workflows would be tenant-facing Networking
configuration (NSX-vCloud Director integration)

BENEFITS

• Improved look and feel and user experience

• Simplified user-experience for tenants starting from


Networking configuration

• Broad compatibility with browsers; remove dependency on


Flex
21
vCloud Director - vCenter Consistency
F E AT U R E S

• VM as a managed entity in vCloud Director (vApp optional)


Manage
vCloud Director • Enable Providers to perform vCenter operations such as
Organizations
VM power on/off, resource pool changes, host IP changes
, Apps, VMs
without impacting vCloud Director tenant operations

• Enable VM migrations in vCenter, maintain vCloud Director


Manage consistency
hosts, • Enable adding new vCenter instances into vCloud Director
vCenter vCenter clusters,
datastores,
VMs
BENEFITS

• Harmonized managed entities across vCenter, vCloud


Director

• Seamless consistent management across vCenter/vCloud


Clusters, Hosts, Resource Pools, Workloads Director

• Consolidate multiple vCenter based clouds under a vCloud


Director management control plane
22
Seamless Upgrades
F E AT U R E S
• Support upgrade to latest vCloud Director release from all
active previous vCD releases, eliminate need for multi-step
upgrades

• Consistent interop across vCAN stack

• Tooling to automate and validate vCD upgrades (including


validation of compatibility with vCenter and NSX versions)

BENEFITS

• Reduced Service Provider Opex

• Reduce vCD upgrade downtime, complexity and impact on


service providers’ business and customers

23
Multi-Tenant Networking with NSX
F E AT U R E S
• Multi-tenant API access to NSX
• Tenant can self-manage NSX advanced edge features such
as dynamic routing, IPsec VPN, L2VPN SSL VPN and load
balancer
• Tenant can manage and configure NSX Distributed Firewall
for micro-segmentation
• North-bound multi-tenant NSX API for service providers and
tenants
BENEFITS

• Service Providers can offer and monetize self-service


consumption of NSX services by tenants

• Deliver NSX services as a fully integrated component in


vCloud Director

• Tenants consume multi-tenant NSX services on the SP


cloud with API compatibility with their on-premise Clouds

24
Advanced Networking Features for Tenant Self Provisioning
Edge Gateway Features vCD 8.10 vCD 8.20 (Planning)
Firewall  
DHCP  
NAT  
Static Routing  
Dynamic Routing 
(OSPF, BGP, route redistribution, graceful restart)
IPsec VPN  
L2VPN 
SSL VPN Basic
Certificates 
Load Balancer Basic 
DFW Features vCD 8.10 vCD 8.20 (Planning)
Distributed Firewall 
Grouping Objects IP / MAC sets
CONFIDENTIAL 25
Multi-tenant NSX API
• All advanced networking features will be available using NSX API
• VCD will act as proxy for the NSX managers and maintain tenant
boundary
• For example, to retrieve OSPF config on the edge gateway (per
the access privilege of the user)
NSX API
https://NSX-IP-Address/api/4.0/edges/edgeId/routing/config/ospf
vCD API
https://VCD-IP-Address/network/edges/edgeId/routing/config/ospf

vCD proxies for all Sunglow NetworkingArchitecture


NSX managers Same URI as NSX API

• Provisioning of the edge, and other vCD functions will continue to Consistent Networking APIs for
use the existing vCD API. On-Prem and Cloud

26
Networking Services as Discrete Rights
• Each network service maps to an individual right
• Provider / Tenant admins assign rights to roles and
then roles to users
• Service Provider can control and enforce access to
advanced NSX networking services such as SSL
VPN and Load Balancer
A New “Configure Gateway Services”
• Allow SPs to package networking services as a la section
carte offering or as bundles Configure FW
Configure IPsec VPN
Configure OSPF
.....

27
Organization Constrained Rights and Roles

Rights (A,B,C) Rights (B,C,D) • Providers assign rights specific to each org
• Org admins create roles private to each Org VDC
ProviderAdmin
• Org admins assign rights to those roles constrained
by rights of each org
• Default roles Org admins, vApp authors and vApp
users are still available to be assigned to each Org
Org Admin Org Admin
• APIs in Sunglow. UI in future release.

Network DB App FW Web App Use case examples


Admin Admin User Admin Designer Developer
• Only a network admin of an organization can create,
edit or delete any networking functions
Tenant 1 Tenant 2
• Only a security admin can create, edit or delete any
firewall policies

28
Demo !
Demo – Tenant Self-Provision OSPF routing
1. Log into vCloud Director as system admin
2. Log into vCloud Director as tenant org admin
3. Access the HTML5 UI edge gateway services
4. Configure OSPF from UI
5. Verify network connectivity
6. Retrieve OSPF configuration through multi-tenant NSXAPI

CONFIDENTIAL 30
Demo Topology
External Network: 192.168.200.0/24
OSPF Area 30
VNic0
192.168.200.9
EdgeGateway_Coke OSPF enabled router
Router ID Router ID
192.168.200.3 192.168.200.8
VNic1

Coke_VM_Network

172.20.0.0/16 172.30.0.0/16

172.20.0.30 172.30.0.101

VM VM
Coke_vm1

Coke_OrgVDC_local

31
Questions?

CONFIDENTIAL 32
We value your
feedback.
Please take the brief survey…

33
Thank You!
vmware.com/go/SalesBriefcase

vmware.com/go/SalesBriefcase

CONFIDENTIAL 37
NSX and vCloud Director Use Cases
• NSX functionality can be consumed out-of-band from vCD to enable provider-side use cases

• Enables providers to deliver value-added services to their cloud consumers

• Does not require direct product integration

• Can be automated for rapid provisioning or even self-service

Use Case Benefit NSX Components


• Virtualize network functions on commodity x86 hardware • NSX Edge Gateway
Gateway Virtualization
• Common interface and vendor across all services • VXLAN
• Cloud Bursting
• Cloud Migration • NSX Edge Gateway
L2VPN & L2 Bridging
• Network Extension • NSX L2 Bridging
• Disaster Recovery as as Service

Micro-segmentation of provider • Securely provide network based services to tenants • NSX Distributed Firewall
managed networks e.g., Backup, Monitoring, Patching • SpoofGuard

• Agentless guest and network based services from NSX


Guest / Network Introspection • NSX Service Composer
Partners
NSX Partners Services • Partner Ecosystem
e.g., Anti Virus and IDS/IPS
Consumption Models
Pay-As-You-Go Model Reservation Pool Allocation Pool
Provides the illusion of an The compute resources A pool of allocated
unlimited resource pool. R allocated to the resources for which
esources are committed o organization virtual data a certain percentage
nly when vApps are creat center are completely of compute
ed in the organization virt reserved and dedicated. resources is
ual data center. Workload guaranteed.
s can consume all availabl
e resources in cluster.

Target Consumption Target Consumption Target Consumption


Scenario: Scenario: Scenario:

On-Demand Cloud, Dedicated Cloud Virtual Private Cloud


bursty workloads; irregular
workload demands

CONFIDENTIAL 39
vCloud Director and vCenter Concepts
vCloud Director Managed Entities
Organization,
Organization VDC
vApp Organization/Tenant vApps, VMs
Allocation Models
Org VDC Org VDC Org VDC Allocations, guarantees

Provider VDC Provider VDC


(Gold) (Bronze)

vCenter Server
Managed Entities
Resource Pools
VM
Compute clusters
Resource Resource Resource Resource Datastores
Pool Pool Pool Pool NSX VMs
Manager Limits, reservations
ESXi Cluster ESXi Cluster

Datastore Datastore Datastore


CONFIDENTIAL 40
vCloud Director as an Extensible Platform

Native Tenant Portal 3rd Party UI Portal

DR Service provided by 3rd Anti-virus services provided by 3rd


Party ISV party ISV

vCloud Director for Service


Backup Service Provided by Providers
3rd Party ISV Networking Services Provided by 3rd
party ISV

NSX Native
Native DR
Networking Backup
Services
Services Services

Native Services

Services Provided by 3rd Party


ISV 41
Automation and Orchestration
vRealize Automation

vRealize Orchestrator - Multi-cloud management portal


Manage vCD
Endpoint Invoke vCD - Blueprints, service catalog
Operations - Geared toward enterprise use
cases
- vCloud Director Endpoint
- vRealize Orchestrator workflows
vCloud Director for Service Providers

Provider VDC Provider VDC


vCenter Cluster vCenter Cluster

Resource Resource Resource Resource


Pool Pool Pool Pool

CONFIDENTIAL 42
Construct for Multi-Tenancy at Network Level

Internet Service Provider Network


Infrastructure

SP Network/External Network
Tenant External Network VXLAN 1000
Tenant External Network VXLAN 1001

Tenant A Edge Tenant B Edge

Tenant A Tenant B
Routed Routed
DMZ DMZ
Zone Zone
Test/Dev Finance

192.168.0.x DB NW 192.168.0.x DB NW 192.168.0.x DB NW


/Internal Zone /Internal Zone /Internal Zone
192.168.1.x App NW / 192.168.1.x App NW / 192.168.1.x App NW /
Internal Zone Internal Zone Internal Zone

43
NSX and vCloud Director Use Cases
• NSX functionality can be consumed out-of-band from vCD to enable provider-side use cases
• Enables providers to deliver value added services to their cloud consumers
• Does not require direct product integration
• Can be automated for rapid provisioning or even self-service
Use Case Benefit NSX Components
Gateway Virtualization • Virtualize network functions on commodity x86 hardware NSX Edge Gateway
• Common interface and vendor across all services VXLAN
L2VPN & L2 Bridging • Cloud Bursting NSX Edge Gateway
• Cloud Migration NSX L2 Bridging
• Network Extension
• Disaster Recovery as as Service
Micro-segmentation of provider • Securely provide network based services to tenants, eg: NSX Distributed Firewall
managed networks - Backup SpoofGuard
- Monitoring
- Patching
Guest/Network Introspection • Agentless guest and network based services from NSX NSX Service Composer
NSX Partners Services Partners, eg: Partner Ecosystem
- Anti Virus
- IDS/IPS CONFIDENTIAL 44

You might also like