Every one of our customers has existing applications, running in existing datacenters, that represents significant investments and ongoing value. The first thing we are doing with these customers, is helping them stand-up a Private Cloud, to get the most efficiency and agility out of their existing assets. And this can be done in a pragmatic, evolutionary way. We have over 250,000 customers worldwide that are already on this path, because they are leveraging vSphere to virtualize the entire fabric of the datacenter, including CPU & memory, storage, and networking. And because they are using vSphere, they get built-in high-availability, and automated, dynamic resource scheduling to give them the cloud attributes of elastic, pooled capacity. <click>With virtualization in place, the independent silos are broken down, enabling us to automate many of the mundane, repetitive administration tasks with our vCenter management suite, further decreasing opex in the datacenter.
Another attractive benefit of cloud computing is the notion of on-demand, self-service, which contributes to increased customer satisfaction and business agility. This notion is just as important in the Private Cloud, but needs to be done in a way that conforms to IT security policies.<click>Businesses are made-up of multiple organizations, such as our example here with both Marketing and Finance. Each organization has members, or users, with respective security policies, as defined in corporate identity management systems. <click>With vCloud Director, IT organizations can define catalogs of pre-defined IT services, that can be accessed through a self-service portal, and deployed to pre-configured logical datacenters, or Virtual Datacenters as we refer to them, that represent committed SLA’s to the organization. And with our Chargeback module, IT can set-up pay-for-use models for each organization, dependent on their virtual datacenter and actual usage parameters.
These steps are what transform existing datacenters, into cost-effective, flexible Private Cloud environments. That is the focus of VMware’s Cloud Infrastructure solutions, covering all aspects of infrastructure, including security and management.
The real value in cloud computing is when all boundaries are flexible, to enable cross-cloud federation and coordination. This is what gives customers maximum choice and flexibility in how to streamline costs and improve agility. Our belief is that cloud computing implies a ubiquitous model for interoperability between multiple clouds, both within and outside the enterprise. We refer to this as Open Cloud Computing, which we are fully committed to.<click>This is why VMware is working with so many public cloud service providers, as part of our vCloud program, to create compatible cloud environments for application mobility.<click>In particular, we are working with a handful of service providers to create a secure, enterprise-class cloud service, that uses a common service-level management model based on vCloud Director, and a common security model based on vShield, to extend the trust boundary of the enterprise into these public cloud services, and enable the safe, secure mobility of application workloads between the environments. <click>This class of service is referred to as the VMware vCloud Datacenter Service, and ensures a common platform, management model, and security model, to create the ultimate secure hybrid cloud environment. With vCloud, open cloud computing moves from being a technology discussion, to a business decision!
In this new model, the IT organization becomes a cloud service provider for the business, achieving the benefits of cloud computing without sacrificing security or control. Users experience unprecedented responsiveness and agility, and IT management can reduce costs through increased consolidation, task automation, and simplified administration.VMware vCloud Director enables IT organizations to deliver resources to internal organizations as virtual datacenters. By logically pooling compute, storage, and networking capacity into virtual datacenters, IT organizations can manage resources more efficiently with complete abstraction between consumption and delivery of IT services.
All icons separated out.
TRADITIONAL: physical devices statically placed at boundariesWhat are boundaries in new world?2 changes -> move into Software AND move into virtual fabricBIG MOVE FROM securing virtualized infrastructure to virtualizing security infrastructure
Pull it together – from static to dynamicProtection stays in place as VDCs morphWhat’s more – security eats from same poolAll about ensuring efficient protection that follows logical view of world
Pull it together – from static to dynamicProtection stays in place as VDCs morphWhat’s more – security eats from same poolAll about ensuring efficient protection that follows logical view of world
Efficiency through ConsolidationThe initial desire to run business critical apps on VI is typically driven by consolidation. ERP systems, Exchange, databases, etc, frequently consume large pools of servers which are overprovisioned like your typical x86 systems, and usually span not just production but test, dev and training. These applications are ideal candidates for consolidation, typically enabling consolidation ratios of 5XX or more.Guarantee App Quality of Service.With VMware, applications can scale dynamically to ensure service levels under variable load.In addition, VMware provides built-in HA and DR to ensure availability without complexity of app-specific clustering.Accelerate App LifecycleApplications can de developed, tested, and deployed faster with VMware. Vmware enables apps to be provisioned on-demand, in a matter of minutes, whether in the labs or in production.
Key pointThe dynamic nature of a cloud infrastructure fabric requires management to execute management responsibilities in different ways, using different IT Management methods. Virtualization drives new patterns of architectures, redefining the boundaries between IT components and resources and operational processes, leading to significant changes in the way different components of the IT stack are managed and configured, secured and delivered, across a heterogeneous computing platform plane.The table describes a number of key IT Management disciplines for a private cloud infrastructure. It sets out how traditional IT Management approaches approach these disciplines against the requirements for a (private) cloud infrastructure. The comparison by discipline emphasizes how new innovative technologies drive a new paradigm, the Cloud Era, and how this will change the way IT is managed. Current/traditional management solutions lack mature capabilities, tools and processes to manage highly dynamic infrastructure fabric computing for cloud computing (aggregation and dis-aggregation of related pooled resources). Deploying traditional server, network and storage systems is slio’d , labor intensive and complex. Life cycles and deployments are often one-off configurations, glued to specific application and departmental roles. Application stay rooted/bound to the configuration, forming multiple silos. Optimization is often a ‘guessing game’ of IT capacity planning, while the mobility and distribution of application is a manual-intensive process, when practiced at all. Virtualization focuses on the speed of processes of deployments and utilizes dynamic pooled/shared resources more efficiently, increased levels of automation, OS intelligence and management tools. Through VMware’s vast experience with its most advanced customers, VMware has developed an approach to guide the path to the ultimate goal: IT as a Service through a cloud architecture.
But, security in the private cloud is one thingWhat if I want to extend my security model to the public cloudThat’s what’s so cool about EDGE… extend logical datacenter across sitesConnect the two with VPNPublic cloud apps can use directory, interact on trusted netBut how can I be sure public clouds implement all of these security capabilitiesHappy to introduce new program focused on this
And we're committed to that open and interoperable. So examples are things like OVF, Open Virtualization Format, of which VMware was a key driver behind in getting that established through the Distributed Management Taskforce as a key standard. This standard really is the first standard for portable Cloud workloads and we continue to add to the standards environment with things like our vCloud API where we're trying to drive through that same organization the standards around how to manage at a service level across multiple Clouds. So we are committed to open and interoperable.VMware is committed to open & interoperable, even above and beyond the work we are doing with vCloud Service Provider Partners. VMware is actively leading the charge to standardize interoperability between cloud computing environments, working through the Distributed Management Task Force: OVF – Open Virtualization Format – to provide portability of virtual appliances across clouds and virtualization platformsvCloud API – to standardize programmatic access to cloud resources.
If cloud is about reducing complexity in the datacenter, cutting costs, and increasing agility, no other vendor has ever successfully delivered on all three of these in such a profound way as VMware.” No other vendor has delivered as much impact as VMware. VMware has already delivered reduced complexity, cost, and agilitySo who do you really believe can deliver this with cloud? The big 4? What have they given you? Have you automated your way to a cloud over the past 10 years? What’s new?
Transcript of "Merlin Glynn (@virtualMerlin) - Building an Enterprise Hybrid Cloud with the VMware vCloud Solution"
Building an Enterprise Hybrid Cloud with the VMware vCloud Solution<br />Merlin Glynn, Cloud Architect , VMware APO<br />VMworld 2011 DTC Talk<br />
VMware vCloud Initiative<br />Evolving Virtualized Datacenters to a Cloud Infrastructure<br />
Evolve Your Existing Datacenter to a Private Cloud<br /><ul><li> Leverage virtualization to transform physical silos into elastic, virtual capacity
VMware vCloud Initiative<br />VMware Delivers This Today with vCloud<br />
VMware Offers a Secure Hybrid Cloud for Enterprises<br />The VMware vCloud Solution<br />Private Cloud<br />Public Cloud<br />Co-Branded vCloud Services<br />Cloud ConsumptionvCloud<br />vCloud Datacenter Security & performance <br />for enterprises<br />Portability<br />Operations and ManagementvCenter<br />Cross-Cloud StandardsvCloud APIOpen Virtualization Format<br />vCloud Express Rapid credit-card payment <br />for developers<br />Security and CompliancevShield<br />Cross-Cloud ManagementvCloud Connector<br />vCloud Powered Broad array of VMware-compatible clouds for any business need<br />VirtualizationvSphere<br />
The Solution is for IT to Become a Cloud Service Provider<br />IT becomes a service provider, enabling true business agility<br />Achieve the economics and agility of cloud computing without sacrificing security or control<br />Users are given an alternative to commodity public clouds, eliminating the need for unauthorized deployments<br />Self-ServicePortals<br />Catalogs<br />Virtual Data Centers<br />
Architecting and Managing a Cloud Infrastructure<br />Logical Constructs<br />
The end<br />Thank you!<br />Confidential<br />
Delivering and Managing a Cloud Infrastructure<br />Deep Dive Module<br />
In this Layer, CIOs are Facing Public Cost Benchmarks…<br />Public Rate Cards Lead to Tough Questions About Internal IT Costs<br />Pushing IT to Benchmark Their Own IT Organization…<br />
Virtualization is the Foundation of Cloud, and It’s Proliferating<br />“Virtualization is a modernization catalyst and unlocks cloud computing.” ―Gartner<br />VM Cross Over<br />More VMs were deployed than physicalservers starting 2 years ago<br />VMware is alone in the Leaders Quadrantfor x86 Server Virtualization<br />17.5<br />15.0<br />12.5<br />10.0<br />7.5<br />5.0<br />2.5<br />Millions<br />2012<br />2005<br />2006<br />2007<br />2008<br />2009<br />2010<br />2011<br />2013<br />Physical Hosts Virtual Machines<br />Gartner, Inc. Magic Quadrant for x86 Server Virtualization Infrastructure, Thomas J. Bittman, Philip Dawson, George J. Weiss, 26 May 2010. This Magic Quadrant graphic was published by Gartner, Inc. as part of a larger research note and should be evaluated in the context of the entire report. The Gartner report is available upon request from VMware. The Magic Quadrant is copyrighted 2010 by Gartner, Inc. and is reused with permission. The Magic Quadrant is a graphical representation of a marketplace at and for a specific time period. It depicts Gartner's analysis of how certain vendors measure against criteria for that marketplace, as defined by Gartner. Gartner does not endorse any vendor, product or service depicted in the Magic Quadrant, and does not advise technology users to select only those vendors placed in the "Leaders" quadrant. The Magic Quadrant is intended solely as a research tool, and is not meant to be a specific guide to action. Gartner disclaims all warranties, express or implied, with respect to this research, including any warranties of merchantability or fitness for a particular purpose. <br />
IT Can Define Multiple Consumption Models<br />Capacity-As-You-Go <br />“Pay-Per-VM” model<br />No upfront resource allocation<br />Org VDC allocated resources only as users create vApps<br />IT can set compute limits to cap usage<br />Reservation pools<br />Guaranteed container<br />100% of container guaranteed<br />Organization given resource management capabilities (shares and reservations)<br />Allocation Pools<br />Resources allocated, but not guaranteed<br />Similar to the “airline seat” model<br />IT can over-provision<br />
Only VMware Offers Defense in Depth for Your Cloud Infrastructure<br />Virtualizes common network services such as NAT and DHCP<br />vShield Endpoint protects the individual VM with offloaded anti-virus<br />vShield App protects the applications with multi-VM trust zones<br />vShield Edge protects the virtual data centers with port-level stateful firewalls<br />
VDC Gold<br />VDC Silver<br />Security Profiles Remain Intact in the Dynamic Cloud Environment<br />
VDC Gold<br />VDC Silver<br />vCenter Configuration Manager <br />Continuous Compliance<br />Assessment & enforcement<br />Policies built from Out-of-the-box compliance templates<br />SOX, HIPAA, FISMA, DISA, GLBA, ISO 27002, NIST, PCI DSS, NERC, CIS, FERC<br />Harden the hypervisor configsfor ESX, network, storage, etc.<br />Harden the hypervisor guest<br />Harden the Guest OS<br />Build Golden Image / Standards<br />VMware Provides Continuous Compliance Within and Across Clouds<br />
The US Government Trusts Their vCloud Deployment with vShield<br />Solution with vCloud & vShield<br />Customer Need<br /><ul><li>Create adaptive trust zones on the same shared infrastructure to control access to
Restrict inbound and outbound traffic to the trust zones
Restrict access to applications in a trust zone to View users in the subgroup within the zone
Automatically move infected VMs to a remediation zone</li></ul>Build and maintain a secure network that isolates highly sensitive scientific applications from the rest of the environment without creating “airgaps”<br />Business Benefits<br />.<br />Scientific Apps<br />Shared Svrs<br />Business Apps<br />View Users<br />View Users<br />View Users<br /><ul><li>Reduced provisioning time from 30 days to 30 minutes
Lower Capex & Opex by replacing hardware appliances with virtual appliances</li></li></ul><li>Secure Multi-tenancy and VDCs Allow BUs to Share infrastructure<br />Secure Multi-tenancy with vShield<br />Virtual networking technologies segregate network traffic<br />Policy-based management eliminates “noisy neighbor” concerns<br />Enables shared infrastructure<br />Formerly silo’d infrastructures (either separate clusters or entire datacenters) can be migrated to virtual data centers and share the<br />No airgapped pods/silos<br />Eliminates the need for physical separation for security or compliance<br />Maximizes consolidation ratio<br />HealthcareInfrastructure<br />Aerospace Infrastructure<br />Consumer Infrastructure<br />HealthcareOrganization<br />AerospaceOrganization<br />Consumer Organization<br />HealthcareVDC<br />AerospaceVDC<br />Consumer VDC<br />
Networking and Storage Are Easier to Configure & Provision<br />New Model of IT—Intelligent Policies<br />Old Model of IT—Manual Configuration<br />IT needs to allocate storage manually for each VM request <br />IT needs to manually configure port groups for each VM request<br />Multiple touches, multiple people involved<br />Intelligent placement of VMs ensures balanced load & highest resource utilization<br />VDCs & network pools allow cluster-wide policies that are vMotion neutral<br />Fenced networks can be provisioned across hosts without any manual IT configuration <br />Virtual Datacenter n (Silver)<br />Virtual Datacenter 1 (Gold)<br />VMwarevShield<br />RequestTicket<br />vSphere Admin<br />
And It’s Easy to Manage withVMware’s Cloud-aware Management<br />VMware Virtualization & Cloud Management<br />From the leader in virtualization & cloud infrastructure – specifically for dynamic data centers – to simplify how IT is managed.<br />Zero-TouchAutomation<br /><ul><li>Optimizes operational efficiency with built-in automation
Native management designed-in, at each architectural layer
Embedded expertise helps you make smarter use of virtual infrastructure</li></ul>Policy-DrivenServiceAssurance<br /><ul><li>Controls dynamic environments to assure compliance & performance
Enables application mobility across clouds</li></li></ul><li>In Each Discipline, VMware Transforms Datacenter Management<br />
Extensions, Notifications, and APIs Enable Third-Party Integrations<br />Easily orchestrate vCloud actions<br />vCloud API<br />vCenter Orchestrator Plug-in<br />VMware Service Manager Plug-in<br />Extensions, notifications, and JMX Interfaces can be monitored using existing monitoring systems<br />Existing systems are supported<br />In-Guest agents are fully supported<br />Existing IT request systems, approval management systems can be configured to use the vCloud API<br />VM Request<br />Policy<br />
Bridging the Clouds With the Only Hybrid Cloud<br />Deep Dive Module<br />
A Host of Features Including Site-to-Site VPN Makes This a Reality<br />VDC Gold<br />VDC Silver<br />VDC Bronze<br />Secure VPN<br />Secure Private Cloud<br />vCloud Datacenter<br />
The Leading Public Clouds AllPartner with VMware<br />4,000+ vCloudIaaS Partners<br />App CloudPaaS Partners<br />Source: Gartner (December 2010) <br />
VMware Offers Two Co-Branded Public Cloud Services<br />vCloud Datacenter Services<br />vCloud Express<br />Rapid signup with credit card billing<br />Utility “pay as you go” pricing<br />Lowest cost with high QoS<br />Interoperability across providers<br />Guaranteed quality of service<br />Certified adherence to ref. architecture<br />Secure and compliant<br />Workload mobility across providers<br />vCloudDatacenterCertifiedService<br />Common security<br />Private Cloud<br />Public Cloud<br />vShield<br />vShield<br />Commonmanagement <br />vCloud Director<br />vCloud Director<br />Common platform<br />vSphere<br />vSphere<br />
VMware Leverages Cross-Cloud Standards for Workload Mobility<br />vCloudAPI: First Cloud API Submitted to Open Industry Standards<br />APIs: Programmatic Access to Resources<br />OVF<br />PrivateCloud<br />PublicClouds<br />OVF: First Industry Standard Cloud Workload<br />
Cross Cloud Management Makes Hybrid Cloud Real<br />vCloud Connector<br />Connect, visualize andoperate on multiple clouds<br />Visualize resources across hybrid clouds inside the vSphere Client <br />See VMs, vApps and templates across vSphere and private and public vClouds<br />Delivered as a vSphere Client Plugin<br />Copy & operate on resources across clouds<br />Copy resources between vSphere and vClouds<br />Perform power operations on workloads<br />Access console of vApps running in vClouds<br />Deliver enterprise level security<br />Data managed by onsite server<br />Security scope set by vSphere Client<br />Colt vCloud<br />vSphere<br />BluelockvCloud<br />PrivateCloud<br />VerizonvCloud<br />
Cross Cloud Management Makes Hybrid Cloud Real<br />NDA UNTIL VMWORLD<br />Web portal to manage content<br />vCloud.vmware.com<br />Provides an operating portal across clouds<br />Provides sample content (OS images, virtual appliances) <br />Federation across clouds<br />vCloud Connector – visualize, copy and operate on resources across vSphereand private / public vClouds<br />vApp Publisher – federate content between clouds efficiently and reliably by scheduling background transfers<br />Hybrid architecture<br />Data stored and managed by onsite server<br />Cloud-based vCloud.vmware.com facilitates innovation<br />UI is a mashup of online service and onsite servers<br />Project Discovery<br />Federate and synchronize content between clouds<br />End Users<br />Colt vCloud<br />InternalvSphere(s)<br />BluelockvCloud<br />InternalvCloud(s)<br />ContentCloud<br />
Intercontinental Hotels Built a Hybrid Cloud to Offer Global Access<br />InterContinental Hotels Group<br />More than 4,500 hotel properties, 650,000 guest rooms in more than 100 countries/ territories worldwide<br />Business Drivers<br />Need for elasticity<br />Use of current IT configurations<br />Ability to charge back applications<br />Cost effective; no CapEx<br />Solution Offering<br />Membership rewards program<br />Exported vApp and uploaded into Verizon CaaS enabled by vCloud Datacenter<br />Used vCD to manage and configure application for use<br />
VMware has the expertise and services to build clouds<br />Experienced team has built the best clouds in the industry<br />Technical Services Cloud Practice in conjunction with VMware Professional Services (PSO) and partners<br />Professional Service Offerings<br />vCloud Jumpstart <br />vCloud Accelerator Service<br />Custom vCloud Engagements<br />Reference architecture <br />Certified and enforced with vCloud Datacenter Service PartnersPublicly available on vmware.com<br />Best Practice Whitepapers<br />Technical whitepapers written by the experts who built the top public and private clouds<br />vCenter Chargeback<br />vCloud API<br />vCloud API<br />vCD Portal<br />vCenter Chargeback Web Interface<br />End Users<br />vCD Database<br />vCenter Chargeback Database<br />VMware vCloud Director<br />VMware vCloud Director<br />vCenter Chargeback Server<br />LDAP<br />vCenter Database<br />vCenter Server<br />VMware vCloudDirector SecurityHardening Guide<br />VMware vCloud Director 1.0 Performance and Best Practices<br />Architectinga vCloudVersion 1.0<br />vShield Manager w/ Edge<br />Networks<br />vShield Manager and vShield Edge Virtual Appliances<br />TECHNICAL WHITE PAPER<br />TECHNICAL WHITE PAPER<br />TECHNICAL WHITE PAPER<br />vCenter Chargeback Collectors (vCenter, vCD, vSE)<br />ESX/ESXi Hosts<br />Datastores<br />VMware vSphere 4 Enterprise Plus<br />
Appendix<br />Customer Case Study Library<br />
Five primary use cases resonate strongly with customers<br />Each Implementedby VMwareCustomers<br />Shared Infrastructure for Multiple LOBs<br />(Multiple LOBs, datacenter consolidation, etc)<br />Rapid Deployment <br />(Lab, Demo, Test, etc)<br />Private / Hybrid<br />Evolving The Business Model<br />(Offering Products as a Service)<br />Global Access<br />(Bring Apps Close to Users for performance, etc)<br />Public / Hybrid<br />Temporary or Elastic Capacity(Seasonal, projects, batch processing, DR/failover, etc)<br />
1. GE, CMU, and others are evolving to a shared infrastructure<br />Customer Example<br />Major multinational conglomerate<br />Currently two shared IT providers, and most businesses running on physically isolated environments<br />Enable on-demand proof-of-concepts (POCs)<br />Solution Offering<br />Isolated Virtual Data Centers<br />Distributed Resource Schedule<br />Business Benefits<br />CapEx and OpEx Savings<br />Maximizes utilization of hardware (increased VM density)<br />Simplified management<br />HealthcareInfrastructure<br />Aerospace Infrastructure<br />Consumer Infrastructure<br />HealthcareOrganization<br />AerospaceOrganization<br />Consumer Organization<br />HealthcareVDC<br />AerospaceVDC<br />Consumer VDC<br />
2. Sabre Holdings enables rapid sales-led POCs in the cloud<br />Customer Example<br />Airline solution provider <br />Non-technical sales force, currently uses PPT slides, but now sales deploys product demos on-the-fly<br />Solution Offering<br />Easy-to-use self-service portal<br />Pre-built images stored in catalog<br />RBAC and user-policies<br />Isolated deployment environment<br />Business Benefits<br />Increased Revenue<br />Shorter sales cycle<br />Higher deal win-rate<br />Before<br />Gottahave it!<br />???<br />After<br />
3. Sabre Holdings is changing their business model<br />Customer Example<br />Airline solution provider <br />Moved from hosting physical hardware at customer to centralized hosting from their cloud<br />Solution Offering<br />Isolated Virtual Data Centers<br />Self-Service Access<br />vShield Security Technologies<br />vCenter Chargeback integration<br />Business Benefits<br />Higher customer satisfaction<br />Simplified Control of Application<br />Lower cost operating model<br />Before<br />After<br />
VMware vCloud Director<br />3. Similarly, LANL is changing evolving their business model<br />Customer Example<br />Government research institution<br />Pre-approves access to VDC to cut through red-tape and gives research teams direct access to infrastructure resources<br />Solution Offering<br />vShield Security and Isolation<br />Virtual Data Centers<br />RBAC and user policies<br />Business Benefits<br />Reduced processing time and overhead<br />Increased application pool of research requests<br />Research teams<br />(End Users)<br />Research Institution<br />(Cloud Admin)<br />
4. IHG uses public clouds to provide global access to apps<br />InterContinental Hotels Group<br />More than 4,500 hotel properties, 650,000 guest rooms in more than 100 countries/ territories worldwide<br />Business Drivers<br />Need for elasticity<br />Use of current IT configurations<br />Ability to charge back applications<br />Cost effective; no CapEx<br />Solution Offering:<br />Membership rewards program<br />Exported vApp and uploaded into Verizon CaaS enabled by vCloud Datacenter<br />Used vCD to manage and configure application for use<br />
8.0<br />5. Customers leverage vCDC for temporary or elastic capacity<br />Customer Example<br />Major multinational conglomerate<br />Partnering with vCloud partner to offload peak workloads into the public cloud<br />Vision around DR to the cloud<br />Solution Offering<br />Open API and file formats (OVF)<br />Abstraction from underlying hw<br />Public cloud solution partners<br />Business Benefits<br />Application mobility<br />Flexibility for the future (no lock in)<br />Reduce hardware expenditure for peak demand (procure for average)<br />Resource Needs<br />8<br />8<br />8<br />8<br />8<br />0<br />0<br />0<br />0<br />0<br />4<br />0<br />3<br />0<br />Wk2<br />Wk 1<br />Wk7<br />Wk6<br />Wk5<br />Wk4<br />Wk3<br />Needs<br />Cloud<br />Owned<br />8<br />7<br />7<br />3<br />2<br />2<br />5<br />5<br />0<br />0<br />4<br />1<br />3<br />0<br />Wk7<br />Wk6<br />Wk5<br />Wk4<br />Wk3<br />Wk2<br />Wk 1<br />