VMM Networking Poster


Published on

Published in: Technology
  • Be the first to comment

  • Be the first to like this

No Downloads
Total views
On SlideShare
From Embeds
Number of Embeds
Embeds 0
No embeds

No notes for slide

VMM Networking Poster

  1. 1. NETWORKING IN VIRTUAL MACHINE MANAGERLOGICAL VIEWVM Networks(Virtual Machine Networks)What you can do:How VMM does it:VLAN-based configurationEXTENSIBILITY OPTIONSNETWORK OBJECT MODELTenant VM network hidesthe details of the fabricfrom the tenant.You can continue to use familiarvirtual local area network (VLAN)technology for network isolation.No isolationYou can get direct access tothe logical network with aVM network. Appropriatefor a host management orshared Internet networks.Logical NetworksNetworking Level How VMM networking can be usedThe logical network models therouting configuration of yourphysical network.Logical SwitchPlanning your VMM networksThe logical switchmodels the virtual switchconfiguration withinyour Hyper-V hosts.VMM provides many options when you plan to connect your virtual machines to a physical network.You can use these options on their own or in a mixed environment, depending on your needs.• VLAN-based configuration – You can use familiar virtual local area network (VLAN) technologyfor network isolation. You can manage those networks as they are, using VMM to simplify themanagement process.• No isolation – You can get direct access to the logical network with a VM network. This is thesimplest configuration, where the VM network is the same as the logical network on which it isconfigured. This configuration is appropriate for a network through which you will manage a host.• Network virtualization – You can support multiple tenants (also called clients or customers) withtheir own networks, isolated from the networks of others. With this isolation, your tenants can useany IP addresses that they want for their virtual machines, regardless of the IP addresses that areused on other VM networks. Also, you can allow your tenants to configure some aspects of theirown networks, based on limits that you specify. Network virtualization abstracts the physicaladdress space and presents a virtual address space to the tenant.• Use external networks – You can use a vendor network-management console that allows youto configure settings on your forwarding extension, for example, settings for logical networks,network sites, and VM networks. VMM will import those settings.• No virtual networking – Networks that don’t require access by VMs do not use VM networks.For example, storage networks.VLAN Isolated Internet Provider NetworkVirtualSwitchSwitch ExtensionsVirtual SwitchForwarding ExtensionsPhysical FabricLogical Networks andLogical SwitchesVM NetworksFabric administrators can maintain network hardware (such asnetwork adapters and switches) without requiring other administra-tors or users to understand it. Fabric administrators can maintain astable physical network configuration while still being able toprovide flexibility to others who need specific IP address spaces fortheir virtual machines.Fabric administrators can create logical networks and logicalswitches as an underlying configuration that is straightforward tomaintain and is not visible to tenant administrators or users.Tenant administrators can create VM networks easily, making iteasy to respond when users need additional or different IP addressspaces. (Tenant administrators can also control resource usagethrough user role quotas.)Self-service users can create virtual machines and connect them tothe VM networks without having to involve tenant administrators.Understanding the modelThe network object model for virtual network, fabric network, service template, cloud network,and logical switch objects in VMM shows the relationships between the networking objectswithin each. This can be especially useful if you are learning about configuring VMM throughWindows PowerShell scripts, which directly reflect the network object models.With these diagrams you can see how changes to one object affect another.Forwarding extensions control where the packets go ina virtual switch and can provide enhanced security,bandwidth control, and optimizations.RDMACapable AdaptersSecurity Settings Bandwidth Control Network Optimizations Virtual Network ObjectsVirtual Network Adapter – A virtualized adapter that connects a virtual machineto a network.Virtual Machine Network (VM Network) – A network used by virtual machinesthat exists as a layer on top of a logical network.VM Network Gateway – A server or device that connects a VM network withother networks.VPN Connection – A connection that appears to be part of a private network butencompasses links across a public network.IP Address Pool – A set of static IP addresses that VMM can automatically assignas needed.Fabric Network ObjectsLogical Network – A named grouping of IP subnets and virtual local areanetworks (VLANs).Network Gateway – A server or device that connects one network with othernetworks.Logical Network Definition (Network Site) – IP subnet and VLAN informationthat defines a part of a logical network.IP Subnet - VLAN – IP subnets, VLANs, or IP subnet/VLAN pairs.MAC Address Pool – A set of media access control (MAC) addresses that VMMcan automatically assign as needed.Load Balancer – A device or software element that distributes incoming requestsamong multiple systems.Host Group – A grou ping of managed host systems in VMM.Service Template ObjectsComputer Tier Template (Virtual Machine Template) –A set of specifications for deploying a virtual machine as atier within a service.Service Template – A set of specifications for deployingmultiple virtual machines that work together.Virtual IP (VIP) Template – A set of load-balancer-related configuration settings for a specific type of net-twork trafficLoad Balancer Template (Virtual Machine Template) –A set of specifications for deploying a virtual machine as aload balancer within a service.Networking for Clouds ObjectsUser Role – A role within VMM that defines whichobjects users can manage and which managementoperations they can perform.Port Classification – A name that identifies a typeof port profile for virtual network adapters.Cloud (Private) – A grouping of virtual machinehosts and networking, storage, and library resourcesthat is assigned to users to deploy services.Logical Switch ObjectsNative Uplink Port Profile (Native Port Profile for Uplinks) – A list oflogical networks that are available to a physical network adapter.Extension Uplink Port Profile (Extension Port Profile for Uplinks) –A list of logical networks that are available to a physical network adapter, andthat come from a forwarding extension.Virtual Switch Extension Manager – Software through which a VMMmanagement server connects to a vendor network-management database .Logical Switch – A container for port settings and extensions that can beapplied to network adapters.Extension Port Profile for Virtual Network Adapters – A collection ofcapabilities that come from an extension and that can be applied to a virtualnetwork adapter.Native Port Profile for Virtual Network Adapters – A collection of capabili-ties that can be applied to a virtual network adapter.Physical Network Adapter – An adapter in a computer that connects thecomputer to a network.Virtual Switch – A virtual version of a physical network switch.Extending Virtual Machine ManagerVirtual Machine Manager in System Center 2012 SP1 provides multipleextensibility options:• You can use a vendor network-management console and the VMMmanagement server together by adding a virtual switch extensionmanager to your configuration.• You can connect a VM network to other networks by configuring theVM network with a gateway.• You can load-balance requests to the virtual machines that make up aVMM service tier by adding a load balancer to VMM.SP1External Network StorageTenant NetworkVirtual Machine NetworkingNetwork Site(Logical Network Definition)Internet - All TenantsVarious SubnetsHyper-V Network Virtualization FilterVLANS within a connected logical networkfor network virtualization have routesconfigured in the physical network.Isolation method forexternal networks isnot visible to VMM.Use external networksYou can use a vendor network-management console that allowsyou to configure settings onyour forwarding extension. VMMwill import those settingsNo virtual networkingNetworks that don’trequire access by VMs donot use VM networks.Tenant 510.0.1.0/24Network virtualizationYou can support multiple tenants(also called clients or customers) withtheir own networks, isolated from thenetworks of others.Tenant 310.0.1.0/24Tenant 410.0.1.0/24VLAN 510.0.1.0/24VLAN 1510.0.1.0/24VLAN 25 VLAN 30 VLAN 35B10.0.1.0/24 VLAN 10Virtual Network ObjectsService Template ObjectsCloudNetwork ObjectsLogicalSwitch ObjectsFabric Network ObjectsVirtualNetworkAdapterLoadBalancerVirtual MachineNetwork(VM Network)VM NetworkGateway(VMNetwork)VPNConnectionNetworkGatewayPhysicalNetwork AdapterVirtual MachineIP SubnetIP Address PoolMACAddress PoolIP Subnet – VLAN IP Address PoolHostGroupLogical NetworkDefinition(Network Site)Virtual NetworkAdapterVirtualSwitchPhysical NetworkAdapterSet of PortProfiles for VirtualNetwork AdaptersNative Port Profilefor VirtualNetwork AdaptersUplink PortProfile SetNative UplinkPort ProfileExtension PortProfile for VirtualNetwork AdaptersVirtual switchextensionmanagerExternal UplinkPort ProfileLogical Network Definition(Network Site)VM Network(Back End)Virtual NetworkAdapterServicetemplateVM Network(Front End)Virtual IPTemplateComputer TierTemplateLoad BalancerTemplateLoadBalancerUserRolePortClassificationCloud(Private)LogicalNetworkVirtual IPtemplateLoadBalancerVLAN 0Policy databaseTop of RackSwitchPhysicalnetwork adapterPhysicalnetwork adapterVM1Capture ExtensionHyper-V HostFiltering Extension VMM AgentVendorVMM PluginVendor NetworkMangement ConsoleVMM ServerRoot PartitionForwarding ExtensionVM2 VMUVirtual Switch ExtensibilityCONFIGURATION STEPSSteps used by a Fabric AdministratorConfiguring networking in VMMThese steps show how the fabric administrator canconfigure network resources and work with a tenantadministrator to make those resources available toself-service users. The self-service users can createand configure their own virtual machines and virtualmachine networks (VM networks), without needingknowledge of the underlying physical resources.DeterminenetworkrequirementsChooseisolationmethod thatmeetsrequirementsConfigureinfrastructureand hardwarebased on designInstall VMM1: PlanInstall extensionproviders if neededAdd virtual switchextension managers3: PrerequisitesCreate uplink portprofiles (if not usingforwarding extension)Create virtualport profilesPrecreate classifica-tions if neededOptional: Createlogical switchAdd host7: Configure Host(if not logical switch)Assign networksites to hostphysical NIC orcreate logicalswitchCreate virtualswitchAdd devices• Networkvirtualizationgateway• Load balancerCreate cloudAssign logicalnetwork to cloud8: Expose Networkingto UsersAssign loadbalancer andVIP templatesAssign portclassifications tocloudCreate User roles• Select “AuthorVMNetwork”revocable action• Assign quotaSteps used by any user or AdministratorCreate templates or VMsFor each virtual NIC:• Select VM network• Select port classification10: Create WorkloadsDeploy templateAfter intelligent placement,if desired:• Choose subnet• Choose IP address pool• Enter IP addressCreate host vNICsif neededRemove existing switchfrom physical NICAdd Logical Switch5: Add Host toLogical SwitchSelect uplinkadapters, assignport profileCheckcomplianceRemediate6: MaintainDatacenterSelect extensionsif neededAdd uplinkport profiles4: Create LogicalSwitchSelect portprofiles forclassificationsCan be done at alater time.Create logicalnetworksCreate networksites for logicalnetworksCreate IPaddress PoolsCreate VM networksfor fabric networksAre you using alogical switch?2: Define FabricYesNoSteps used by a Fabric Administrator or a Tenant AdministratorSelect logicalnetworkIf fabric administrator:• Select ExternalnetworkIf tenant administrator:• Network is chosenautomaticallyFor all users:• Define VM subnets• Create IP address pools• Select routing optionsIf fabric administrator:• Select network site• Select Subnet-VLANIf Tenant Administrator:• Network site andsubnet - VLAN arechosen automatically9: Create VM NetworksIsolation typeoffered by logicalnetwork?© 2013 Microsoft Corporation. All rights reserved.To send feedback about this documentation,please write to us at sc2012docs@microsoft.com.VPN Gateway—Hybrid CloudFabrikam Datacenternetwork – VM Network 1“Contoso Hosted”VM1IP address: address: address: VPNGateway“Fabrikam”Any VPN Gateway“Contoso”Active DirectoryIP address: address: Corp NetworkIP address: subnet 1“Contoso Finance” subnet 2“Contoso Marketing” virtual subnet(hidden) RouterEvery Hyper-V host has a router built-inthat routes packets betweenvirtual subnets in a VM network automatically. The NVGRE VPN Gateway adds or removesNVGRE encapsulation and routes to aphysical network or encapsulates it in aVPN packet to send to a remote location.Network Virtualization usingGeneric Routing Encapsulation(NVGRE) is a packet format.“DB” virtual machine“Web”Dynamic IP 1“Web”Dynamic IP 2“Web”Dynamic IP 3“Web”Dynamic IP 4“App” virtual machineLoad BalancerVirtual IPUser chooses the virtual IPtemplate to use whencreating a service instance.VMM 2012 uses a load balancerprovider to create virtual IPsin the load balancer.Service Template – Designed inthe Service Template DesignerService Template Instance –Used after service template deploymentLoad Balancing“DB” Tier“App” Tier“Web” TierVirtual IP addresstemplateIP PoolContains dynamicIP address rangeand virtual IPaddress rangeService networkcan use networkvirtualizationBack EndFront EndFront End3rd PartyComponentsSystem CenterVMMHardwareA10.0.1.0/24172.16.1.1, PortClassificationVLAN ExternalNetwork virtualizationService NetworkBack EndLogicalSwitchLogicalNetwork