Token Exchange (SAML 2.0) between solutions § When you access an SSO enabled solution the solution will request an extension to SAML 2.0 Token TTL § First component to touch (regardless or install/upgrade) § Design before implementing!! vCloud Director vCenter vCO vCenter Single Sign On (SSO) § Authentication Services for the vSphere Platform § A component of vCenter Server § vCenter Single Sign-On creates an authentication domain where users are trusted to access available resources (vCenter etc) • no longer log into vCenter directly § Multiple identity sources (Active Directory, OpenLDAP etc)
Client vCenter SSO VCO Log Browser VSM VCD * SRM VCOPS VDP Others Partners 2013 2014 * VCD is partially integrated with SSO, only provider side logins can be integrated with SSO
§ Improved architecture • Multi-master • Built-in replication • Site awareness • Multi Tenant § Database • There is no Database! § Installation • One simplified deployment model • Select vCenter Single Sign-On for the first or an additional vCenter Server § Diagnostics • Full suite of diagnostic / Troubleshooting tools vCenter Server vCenter Server vCenter Server vCenter Server vCenter Server vCenter Server Web Client Inventory Svc vCenter Single Sign-On 5.5 Web Client Inventory Svc Web Client Inventory Svc SSO Site 1 SSO Site 2
Single Sign-On 5.1 deployment models • Fully Maintained via Upgrade • Basic • Single Sign-On High Availability • Single Sign-On Multisite New recommendations with vSphere 5.5 • Better use of new technology • Single virtual machine for all vCenter components** • Distributed virtual machines add complexity • Availability • Backup & Restore • Easily migrate to new recommendations during upgrade ** Enterprise customers with 6 or more local vCenter servers can use a centralized instance
Host or VM SSO Server (Primary) Load Balancer Host or VM SSO Server (HABackup) Host or VM Load Balancer Host or VM SSO Server SSO HA Now supports ac2ve / ac2ve • No loss of admin service • vCenter restarts possible More than two instances supported Requires: • Third Party Network Load Balancer • Upda2ng of cer2ficates • Reregistra2on of solu2ons vSphere 5.1 vSphere 5.5
Svc Web Client Inventory Svc Web Client Inventory Svc Local Databases vCenter Server vCenter Server vCenter Server vCenter Server Inventory Svc vCenter Server vCenter Server New York Los Angeles Miami Multi Site SSO Server Multi Site SSO Server Primary SSO Server Web Client Inventory Svc Web Client Inventory Svc Web Client Inventory Svc vCenter Server vCenter Server vCenter Server vCenter Server Inventory Svc vCenter Server vCenter Server New York Los Angeles Miami SSO Server SSO Server SSO Server Automa2c Replica2on Iden2ty Sources SSO Users/Groups/Policies Solu2ons NOTE: When Upgrading/Deploying, only one first server selec2on is required to setup authen2ca2on domain otherwise you will have mul2ple duplicate vsphere.local domains
Server Host or VM vCenter Server SSO Server Web Client Inventory Svc Use Simple Installer Installs / Upgrades core components with a single virtual machine 1. vCenter Single Sign-On 2. vSphere Web Client 3. vCenter Inventory Service 4. vCenter Server § No change to architecture § All services are local • Reduced complexity § Supports 1-1000 Hosts / 1-10,000 Virtual Machines
Each site is independent § Does not provide a single pane of glass view § SSO automated replication § SSO Users & Groups § SSO Policies § Identity sources § Site awareness § Linked Mode § Maintains single pane of glass § Replicates Licenses, permissions and roles § Availability § vSphere HA § vCenter Heartbeat vCenter Server vCenter Server New York vCenter Server vCenter Server Miami vCenter Server vCenter Server Web Client Inventory Svc SSO Server – vsphere.local Los Angeles Web Client Inventory Svc Web Client Inventory Svc SSO Site 1 SSO Site 2 SSO Site 3 Single SSO Authen2ca2on Domain
Design Recommendations A Datacenter with more than 5 vCenter Servers § Centralized SSO authentication • Same Physical location § Single Centralized vSphere Web Client § Availability (Required) • vSphere HA • vCenter Heartbeat • Network Load Balancer 15 vCenter Server 2 vCenter Server 5.5 Inventory Svc SSO Server 5.5 Web Client 5.5 Database Server VCDB1,VCDB2,VCDB3 vCenter Server 3 vCenter Server 5.5 Inventory Svc vCenter Server 1 vCenter Server 5.1 Inventory Svc Backwards compa2ble to vCenter Server 5.1 to support staged upgrades
of VMFS heap meant that there were concerns when accessing above 30TB of open files from a single ESXi host. § ESXi 5.0p5 & 5.1U1 introduced a larger heap size to deal with this. § vSphere 5.5 introduces a much improved heap eviction process, meaning that there is no need for the larger heap size, which consumes memory. § vSphere 5.5 with a maximum of 256MB of heap allows ESXi hosts to access all address space of a 64TB VMFS. § Theoretically possible to have a VM with 3720TB (60 VMDKs) / 7440TB (120 VMDKs)
support for 16Gb FC HBA with vSphere 5.0 • 16Gb HBA had to be throttled to work at 8Gb • vSphere 5.1 introduced support for 16Gb FC HBAs running at 16Gb • No 16GB end-to-end support for FC in vSphere 5.1 • Full bandwidth required multiple 8Gb FC array ports 16Gb 8Gb
MSCS Node B Microsoft Windows 2012 Clustering supported Round Robin Path Policy Supported Round Robin Path Policy Supported FCoE & iSCSI protocols supported
software-defined flash storage tier solution. • Aggregates local flash devices to provide a clustered flash resource for VM and vSphere hosts consumption (Virtual Flash Host Swap Cache) • Leverages local flash devices as a cache • Integrated with vCenter, HA, DRS, vMotion • Scale-Out Storage Capability: 32 nodes SSD SSD SSD SSD vSphere Flash Read Cache Infrastructure vSphere Flash Read Cache vSphere Flash Read Cache vSphere Flash Read Cache vSphere SSD Flash as a New Storage Tier in vSphere
high-speed memory that can be either a reserved section of main memory or a storage device. • Supports Write Through Cache Mode • Improve virtual machines performance by leveraging local flash devices • Ability to virtualize suitable business critical applications Write Commit Ack 3 2 Write Through 1 Cache
5.5 • Central point of management • vSphere Web Client • 1 vSphere Hosts minimum • Running ESXi version 5.5 or later • Maximum of 32 nodes in a cluster • Virtual Machines Hardware • Virtual Machine Version 10 • vSphere 5.5 or later • User Privileges: • Host.Config.Storage • Host.Config.AdvancedConfig (for vFC configuration)
hypervisor to cluster compute and storage • Pools locally attached SSDs and HDDs to create shared distributed storage • Based on scale-out architecture with built-in SSD read/write caching • Leverages VM-centric storage policy-based management for automation and self-tuning • Managed directly from vCenter Server ……………. vSphere VSAN VMware vCenter Server Hard disks SSD Hard disks SSD Hard disks SSD Hard disks SSD Clustered VSAN Datastore
Disk Stripes per Object - The number of HDDs across which each replica of a storage object is striped. Max value: 12 Flash Read Cache Reservation (%) - Flash capacity reserved as read cache for the storage object. Max value: 100% Number of Failures to Tolerate - Defines the number of host, disk or network failures a storage object can tolerate. Max value: 3 Force Provisioning - The object will be provisioned even if the storage policy can not be satisfied. Object space reservation (%) - Percentage of the logical size of the storage object that will be reserved (thick provisioned) upon VM provisioning. Max value: 100%
write storms • Seamless granular scaling from POC to deployment without huge upfront investments • Support high VDI density • Rapid storage provisioning and complete automation • Ideal price/performance • Minimizes data center footprint • Integrated with vSphere Replication and VMware SRM • Reduces cost of storage • Minimizes data center footprint VMware Virtual SAN - Use Cases Virtual Desktop (VDI) Tier 2 / Tier 3 Test and Dev DR Target Site A Site B