VMware vCloud Air
Chris Romano Principal Systems Engineer CTO Ambassador vCloud Air cromano@vmware.com twitter: @virtualirishman
Chris Romano Tom King Principal Systems Engineer vCloud Air Specialist [email protected] [email protected] twitter: @virtualirishman
© 2014 VMware Inc. All rights reserved. Agenda
1 vCloud Air Service Overview
2 VMware vCloud Air™Disaster Recovery
3 vCloud Air Connectivity
4 Recent Announcements
5 Use Cases Architectures
6 Summary \ Q&A
2 Common Business Drivers for Hybrid Cloud
• On-premises capacity limitations • Limited IT staff and budget • Lack of in-house IT cloud experience • Seasonal or unpredictable usage patterns • New Applications • Legacy Applications • Rapid application development requirements • Additional geographic locations VMware’s Differentiation
HYBRIDITY hy·brid·i·ty [hahy-brid-i-tee] The extension of on-premises infrastructure to the cloud that enables application and data mobility while retaining control via existing people, processes, tooling, and automation vCloud Air What is it? vCloud Air Enables You to Modernize, Extend, and Secure Your Applications
MODERNIZE Build, Enhance & Transform Your Apps
EXTEND Existing & New Apps Common Management One Support Call
SECURE On Prem Data Advanced Networking Svcs Center High Availability Public Cloud Disaster Recovery
The ready-to-run public cloud built on vSphere. Any Application. No Changes. Reasons to Choose vCloud Air
Compatibility with on 2 Application portability – the premises vSphere 1 ability to move workloads off environment premises into the cloud and back again
No new training or tools Single Support Call – required - standardized on whether on-premises or VMware and vSphere so off-premises nothing new to learn 4 3
VMware INTERNAL and CONFIDENTIAL 7 Cloud Provider vs. Customer Responsibilities
Customer
Service Provider
Security vCloud Air Offerings
VMware vCloud® Air™ is a secure public cloud operated by VMware, built on the trusted foundation of vSphere. The service supports both existing workloads as well as new application development, giving IT a common platform to seamlessly extend their data center to the cloud leveraging the same tools and processes they use today.
9 vCloud Air IaaS Service Offerings
Dedicated Cloud Virtual Private Cloud Disaster Recovery Physically Isolated Logically Isolated Logically Isolated Your Own Private Cloud Business Continuity Public Cloud IaaS Instance Solution
Base Resources: Base Resources: Base Resources: Compute* . 240GB vRAM . 20GB vRAM . 20GB vRAM . 35GHz vCPU . 10GHz vCPU . 10GHz vCPU
Starts at: Starts at: Starts at: Storage* . 6 TB . 2 TB . 1 TB
. 50 Mbps allocated . 10 Mbps allocated . 10 Mbps allocated Network . 1 Gbps burstable . 50 Mbps burstable . 50 Mbps burstable . 3 Public IPs . 2 Public IPs . 2 IPs, Failovers
* All configurations may not be available in all regions 10 10 vCloud Air Value Add Options
Included at No Extra Charge Options
Load • Direct Connect*: A private, direct, high- Firewalls VPNs throughput path between two endpoints. Balancers • Data Protection*: Agentless, policy- driven data protection service for virtual workloads. Redundancy Disk I/O DHCP, NAT + HA • Offline Data Transfer: Enables data to be exported securely from one cloud to another. • OS & Application Catalog: Purchased through the VMware Marketplace, OS and application licenses can be purchased.
VMware vCloud Air * - coming to OnDemand Soon
VMware INTERNAL and CONFIDENTIAL 11 vCloud Air A complete set of public cloud services
vCloud Air Data Centers
Desktop Services Application Services Horizon AirWatch
Application and Data Services
DevOps Mobile PaaS Database
Storage and Availability
Infrastructure Disaster Recovery Disaster
Core Compute Services Services
Dedicated Cloud Virtual Private Cloud
Management Services
Customer Networking Services Data Center
13 Hybrid Service Delivery Components
VMware vCloud Hybrid Service
Web Console vCloud API Bring Your Own Tools
Application Catalogs Bring Your Own VMs
OS Catalogs Bring Your Own Licenses
Compute Storage Networking & Security
Infrastructure Management
Infrastructure Hardware & Facilities
Customer Components
14 vCloud Air Locations
Europe UK Europe Germany US Northern California US New Jersey US Virginia US Nevada Japan West US Gov Virginia US Gov Arizona US Texas
vCloud Air Australia vCloud Government Service
15 vCloud Air Compliance Certifications Standards and certifications we have achieved Hybrid Service Government Service
ISO 27001:2013 FedRAMP Provisional Authority to Operate SOC 1 Type 2 (SSAE 16) SOC 2 Type 1 SOC 2 Type 2 Supports US International Traffic in SOC 3 Arms Regulations (ITAR) CAIQ posted to CSA STAR Registry Federal Information Processing Standard (FIPS) 140-2 G-Cloud 6 Supplier
Federal Information Security HIPAA and HITECH Management Act Security Rule
FBI CJIS Security Policy 16 Compliance Need Help with Your Cloud? It’s One Support Call
VMware Global Support Services
vSphere & vCloud vCloud Air One support number. One My VMware account.
CONFIDENTIAL 17 VMware vCloud® Air™ Disaster Recovery vCloud Air – Disaster Recovery as a Service
What is it? Simple and secure asynchronous replication and failover for vSphere
• Warm standby capacity on vCloud Air SITE A vCLOUD AIR , SITE B (PRIMARY) • Self-service protection, failover and failback (RECOVERY) workflows per VM • 15 min1 – 24 hr. recovery point objective (RPO) • Initial data seeding by shipping a disk • Includes: • 7-day run time per DR test • 30 days of recovered VM run time DR Instance
1Dependent on available bandwidth
VMware INTERNAL and CONFIDENTIAL 19 Disaster Recovery
Overview
• Warm standby capacity on vCloud Air powered by vSphere Replication SITE A vCLOUD AIR , SITE B (PRIMARY) (RECOVERY) • Self-service protection and failover; directly integrated with vSphere Web Client • 15 min – 24 hr RPO VM WebSocket (SSL) • Initial seeding by disk (with minimal downtime) Encryption VM • Fully encrypted replication traffic
Benefits
• Relieves you of heavy capital expenditures to support a DR plan • Simple to deploy and easy to use and scale up as needed Disaster Recovery Add-On Options
VMware vCloud Air Standard Storage, Support Disaster Recovery Compute (subscription) Compute (one time) Bandwidth IP Address Offline Data Transfer Direct Connect
21 Failback using vSphere Replication
Replicate TO and FROM the Cloud SITE A vCLOUD AIR , SITE B (PRIMARY) 1. Replicate Virtual Machines (RECOVERY) from On-Premises 2. Fail over to the Cloud FAILOVER
3. Replicate from the Cloud FAILBACK
4. Fail back to On-Premises DR vSphere Replication Instance 5. Same vSphere Replication Workflows for reverse replication
22 Feature - Highlights Multiple point in time recovery snapshots
4:15am
8:00am
8:15am 8:30am 8:45am 9:00am Choose from up to 24 recovery snapshots based on your RPO settings.
23 Feature - Highlights vRealize Orchestrator plug-in for vCloud Air
vCLOUD AIR , SITE B SITE A (RECOVERY) (PRIMARY)
FAILOVER
FAILBACK
vRealize Orchestrator Plugin Customize automation DR Instance tasks, then quickly access and launch workflows as needed
24 vCloud Air Connectivity How do you move a workload? How do you consume a workload? Simple Migration of vSphere Workloads into the Cloud
Overview OVF • OVF Import using built-in Java applet • vCloud Connector for transferring workloads and catalog synchronization • Offline Data Transfer with vCloud Connector for large data transfers
Customer Data Center Benefits
• Flexibility to move apps on- or off-premises as desired; no location lock-in • No reformatting of virtual machines required • Manage all environments through a unified view vCloud Connector: Migration of Workloads Across Hybrid Clouds
vSphere Client Client vCC UI Plugin
Content vCC Server Control Plane Library
vCloud Air Node Node vSphere Network Data Plane Private Node Node vCloud Air vCloud
ON-PREMISES OFF-PREMISES Hybrid Connectivity into vCloud Air
Overview WWW • Over the Internet: HTTPS / IPsec VPN • HTTPS or IPsec VPN • Over Direct Connect: Direct Connect • Private Line or Cross Connect
Benefits
• Multiple options for securely accessing vCloud Air from your on-premises data center
ON-PREMISES vCLOUD AIR • No added cost for high bandwidth VPN endpoint • Integrate with large set of Network Service Providers for high bandwidth private connections Direct Connect – Private Line NETWORKING
Existing NSP “Meet Me Room” (MMR) Connections “Main Distribution Frame” (MDF)
Untagged Layer 2 Customer A connection (1G, 10G) Layer 2 VLAN
Customer B
Customer C
NSP Termination vCloud Air Point Connection Point Network Virtualization in vCloud Air
WWW Overview
• Available services include: EDGE GATEWAY • Firewall, NAT routing, DHCP, load balancer
Test/Dev Network • Create routed and isolated networks, static routes • Designed with Active/Standby High Availability
Virtual Appliance
Isolated Network Benefits
DMZ • Mirror on-premises networking policies and avoid reconfiguring applications • All software-defined for rapid changing app & security needs • Safeguard security and support advanced policies vCLOUD AIR Latest and Greatest vCloud Air: VMworld Launch Announcements
• Orchestration & automation powered by SRM Air Enhanced Disaster • Multi-VM recovery plans and reduced RTO with automation Recovery • OnDemand packaging – pay for what you use
• Petabyte scale storage for backup, file storage, and other unstructured data use cases vCloud Air Object • Generate real-time intelligence from custom metadata Storage • Highly durable and available
• Granular network security and trust groups Advanced Networking • Dynamic routing • Expanded network interfaces to emulate complex on-prem networks Services
• Unified management from vSphere Web Client • Stretch multiple Layer 2 segments over one WAN connection Hybrid Cloud Manager • Enhanced low-downtime workload migration
32 Object Storage Services vCloud Air Object Storage powered by Google Cloud Platform
Overview
• Petabyte scale storage for backup, shared file storage, web 2.0 or other unstructured data use cases • Generate real-time intelligence from custom metadata • Highly durable and available • Eliminates the need for data protection with built in redundancy and versioning • Supports global access use cases by providing easy access from any device, anywhere, anytime
Benefits
Key differentiators: • Very large object support (up to 5TB) • Data Locality / Data Center Location preferences
34 Overview of Advanced Networking Services
Overview
• Trust groups that enable a Zero Trust Security Model • Dynamic routing, supporting BGP and OSPF • Expanded network scalability, from 10 to 200 network segments per virtual data center • High Capacity point-to-site VPN (SSL) and Enhanced load- balancing (HTTPS)
Benefits
• Improve default security configuration, quarantine security compromises from spreading, enable portable security in cloud • Ensure continuity and portability in cloud-hosted app deployments • Simplify network management and reduce admin costs • Move apps “as-is” and streamline deployment
36 Current Edge Gateway Capabilities in vCloud Air
NETWORKING
• Stateful Inspection Firewall • Network Address Translations (NAT) NSX EDGE GATEWAY • DHCP • Site to Site VPN (IPSec) • Static Routing • Load Balancer L4/L7 • 9 Interfaces
(vCloud Air Network) (vCloud Air Network)
vCloud Air New NSX Edge Gateway Capabilities in vCloud Air
NETWORKING
• Stateful Inspection Firewall • Network Address Translations (NAT) NSX EDGE GATEWAY • DHCP • Site to Site VPN (IPSec) • Static Routing • Dynamic Routing OSPF, BGP • Load Balancer L4/L7 • SSL Certificate Offloading • SSL VPN (Client to Server) • 200 Sub-Interfaces • Distributed Firewall (vCloud Air Network) (vCloud Air Network)
vCloud Air vCloud Air Hybrid Cloud Manager
Overview Hybrid Cloud • Offers seamless on-prem and cloud resource integration, control, and migration capabilities for vCloud Air workloads from within vSphere
Benefits
• Enhanced bi-directional workload portability with reduced downtime and accelerated migration • Securely extend and integrate your data center with Extension vCloud Air using stretch layer two connectivity • Advanced hybrid management feature for vSphere users that enables advanced visibility and control of vCloud Air environments Compatibility Portability Control • Leading-edge secure encryption Network Extension
Overview
• Stretch multiple Layer 2 segments to single Edge over single WAN connection (Direct Connect or VPN) • Seamlessly move VMs and keep same IP and MAC • Egress path optimization; no traffic tromboning • Integrate on/off-prem networks into single network
Benefits Customer Data Center • Extend DC to the cloud; integrate resources • Enable existing apps to work with the cloud; no need to redesign even if VMs moved off-prem • Enable true cloud-bursting and hybrid applications • No need for NSX on-prem to stretch networks
40 Data Center Extension using HCM
NETWORKING
Internet Internet
Uplink NSX Edge Gateway
Default Router vCloud Air Client
vNIC Trunk VLAN 10-11 (192.168.5.0/24) (10.10.10.0/24)
(192.168.5.0/24) (10.10.10.0/24) VLAN 10 VLAN 11
ON-PREMISES VLAN BACKED NETWORK vCLOUD AIR Use Cases Architectures Example: Distributed Hybrid SharePoint Application
INTERNET
IPSEC VPN
EDGE GATEWAY VPN ENDPOINT
SharePoint Web
Private Local Active Directory Corp Network
SharePoint App
SHAREPOINT SHAREPOINT ACTIVE DB DB DIRECTORY
ON-PREMISES vCLOUD AIR Example: Exchange High Level Design
EDGE GATEWA Y EDGE GATEWAY Direct Connect (MPLS/VPLS)
“Client Access” Network “Mailbox” Network
“DAG” Network
New Exchange 74.204.180.42 (Backups) Dedicated Cloud at vCHS DC
Current Exchange Network
Mail Infrastructure On-Premise Data Center
CONFIDENTIAL Example: Routed Hybrid Security with Direct Connect
DIRECT CONNECT (1 Gbps)
INTERNET 10.1.1.x/24 10.1.1.x/24
EDGE GATEWAY EDGE GATEWAY
Private Network IGW IDS IPS (192.168.50.0/24) Firewall Existing Security Policies & Appliances
DMZ Network Private Network (192.168.52.0/24) (192.168.110.0/24)
VIRTUAL VIRTUAL VIRTUAL MACHINE MACHINE MACHINE
ON-PREMISES vCLOUD AIR Example: Object Store
IPSEC VPN vCLOUD
Corp Network VPN ENDPOINT
EMC
(Twin Strata) AIR Cloud Array
WINDOWS ACTIVE SERVER 2012 DIRECTORY
Corp Network NFS/CIFS
GOOGLE CLOUD CLOUD GOOGLE STORAGE
WINDOWS Windows File ACTIVE SERVER 2003 Server DIRECTORY
ON-PREMISES Example: Global load Balancing with 3rd Party
Traffic Director
Internet EDGE GATEWAY EDGE GATEWAY
Pool Servers Pool Servers 192.168.109.11 192.168.205.11 192.168.109.12 192.168.205.12 192.168.109.13 192.168.205.13
Virtual Private Cloud (West) Virtual Private Cloud (East)
47 Q&A THANK YOU!
CONFIDENTIAL49