Ryan Johnson Staff Technical Marketing Architect, VMware, Inc. VCIX6-DCV, VCIX6-NV, VCAP6.5-DVC, VCAP7/6-CMA, VCP7-CMA, VCP6*-* @tenthirtyam Forbes Guthrie Product Line Manager, VMware, Inc. VCAP-DCD, VCAP-DCA, VCP6-NV, VCP2,3,4,5,6-DCV @forbesguthrie PBO2631BU #VMworld #PBO2631BU A Base Design for Everyone’s Data Center: The Consolidated VMware Validated Design (VVD)
• This presentation may contain product features that are currently under development. • This overview of new technology represents no commitment from VMware to deliver these features in any generally available product. • Features are subject to change, and must not be included in contracts, purchase orders, or sales agreements of any kind. • Technical feasibility and market demand will affect final delivery. • Pricing and packaging for any new technologies or features discussed or presented have not been determined. Disclaimer 2
Design Decisions 5 290+ in VMware Validated Design for SDDC Reduces risk by providing a baseline of standardization. Ensures the design meets the design objectives. Reinforces standardization with justification and implications. Easy to follow checklist form.
Example Design Decisions VMware Validated Design for SDDC NSX Design > Routing Design > Routing Model Design Decisions (4.1) Decision ID Design Decision Design Justification Design Implication SDDC-VI-SDN-017 Deploy NSX Edge Services Gateways in an ECMP configuration for north/south routing in both management and shared edge and compute clusters. The NSX ESG is the recommended device for managing north/south traffic. Using ECMP provides multiple paths in and out of the SDDC. This results in faster failover times than deploying Edge service gateways in HA mode. ECMP requires 2 VLANS for uplinks which adds an additional VLAN over traditional HA ESG configurations. SDDC-VI-SDN-018 Deploy a single NSX UDLR for the management cluster to provide east/west routing across all regions. Using the UDLR reduces the hop count between nodes attached to it to 1. This reduces latency and improves performance. UDLRs are limited to 1,000 logical interfaces. When that limit is reached, a new UDLR must be deployed. SDDC-VI-SDN-019 Deploy a single NSX UDLR for the shared edge and compute, and compute clusters to provide east/west routing across all regions for workloads that require mobility across regions. Using the UDLR reduces the hop count between nodes attached to it to 1. This reduces latency and improves performance. UDLRs are limited to 1,000 logical interfaces. When that limit is reached a new UDLR must be deployed.
VMware Validated Designs 7 A History Lesson 1.0 2.0 3.0 3.0.2 4.0 4.1 February 2016 § 12mo of Engineering § Release to PSO and Partners September 2016 § 2mo of Engineering § Dual Region with DR § Two Pod Architecture July 2016 § 3.5mo of Engineering § Smaller scope. (i.e. Dual Region + DR) November 2016 § 1.5mo of Engineering § Added M-Seg Use Case § Added IT Automating IT Guide March 2017 § 1.5mo of Engineering. § Major Product Updates § Added ROBO August 2017 § 4mo of Engineering • Minor Product Updates • Consolidated Pod Option
vRealize Business 7.3 for Cloud vRealize Automation 7.3 vSphere 6.5 U1 vSAN 6.6.1 Site Recovery Manager 6.5.1 vRealize Log Insight 4.5 and Content Packs vRealize Operations 6.6.1 and Management Packs NSX 6.3.3 Bill of Materials VMware Validated Design for SDDC 4.1 For a complete list refer to the release notes.
Environmental and External Systems Requirements 12 VMware Validated Design for SDDC Active Directory Certificate Authority DNS and NTP SMTP Relay SFTP Rack Space Power Cooling
Regions in VVD VMware Validated Design for SDDC Characteristics & Restrictions § Regional Distance is Rather Large § A Region May Be Treated as an SDDC § Multiple Regions are Not Treated as a Single SDDC Workload Placement Closer to Customer § Northern California and Southern California § US East Coast and US West Coast § US Region and EU Region Common Uses § Disaster Recovery: One region can be the primary site and another region can be the recovery site. § Data Privacy: Address laws & restrictions in some countries by keeping tenant data within a region in the same country. San Francisco, CA Primary Region Los Angeles, CA Secondary Region
Availability Zones in a VVD VMware Validated Design for SDDC AVAILABILIITY ZONE AVAILABILIITY ZONE Characteristics • “Islands” of infrastructure for physical isolation or building-level redundancy and high-availability. • Positioned within “metro” distance to allow synchronous storage replication. (~50km/30mi with low single-digit latency and large bandwidth) • Allows the SDDC equipment across the availability zone to operate in an active/active manner as a single virtual data center or region. • Isolated enough from each other to stop the propagation of failure or outage across their boundaries.
High-Level Deployment Architecture Objectives 17 VMware Validated Design for SDDC Standard Architecture (Two-Pod) Consolidated Architecture (One-Pod) Minimum Hosts 8 4 Management VMs 420 GB vRAM, 2TB VSAN, 6 TB NFS 50% - 70% less Recoverability Dual Region (and Availability Zones in Tech Preview) Single Region (future option DR to cloud) Validated Scale (VMs) Up to 10,000 Up to 1,500 Churn Medium (up to 150/hr) Low (up to 50/hr) Availability 99% 95% Modularity Foundation Cloud Operations Cloud Management + Use Cases, Solutions, ROBO options Foundation Cloud Operations Cloud Management Expansion options Additional Compute Pods (Up to 32 Hosts Each) Expand Pod to 32 Hosts, or Grow to 2-Pod (with downtime)
Licensing Options 18 VMware Validated Design for SDDC Standard Architecture (Two-Pod) Consolidated Architecture (One-Pod) Individual vSphere Enterprise + vCenter Sever Standard * vSAN Standard NSX for vSphere Enterprise vRealize Operations Advanced vRealize Log Insight vRealize Automation Advanced vRealize Business for Cloud Standard Site Recovery Manager Enterprise (dual region) vSphere Enterprise + vCenter Server Standard * vSAN Standard NSX for vSphere Advanced vRealize Operations Advanced vRealize Log Insight vRealize Automation Advanced vRealize Business for Cloud Standard Bundling vCloud Suite with vRealize Suite Advanced * vSAN Standard NSX for vSphere Enterprise Site Recovery Manager Enterprise (dual region) vCloud Suite with vRealize Suite Advanced * vSAN Standard NSX for vSphere Advanced * Preferred storage option
Pod Types 20 VMware Validated Design for SDDC Consolidated Pod. The consolidated pod runs the following services: • Virtual machines to manage the SDDC such as vCenter Server, NSX manager, vRealize Automation, vRealize Log Insight, vRealize Operations Manager and vSphere Data Protection. • Required NSX services to enable north-south routing between the SDDC and the external network, and east-west routing inside the SDDC. • Virtual machines running business applications supporting varying Service Level Agreements (SLAs). • Should have a minimum of 4 ESXi hosts Storage Pod. Storage pods provide secondary storage using NFS, iSCSI or Fibre Channel.
Virtual Infrastructure Architecture 23 VMware Validated Design for SDDC • The virtual infrastructure is the foundation of an operational SDDC • The virtual infrastructure layer consists primarily of the physical hosts' hypervisors and the control of these hypervisors.
Consolidated Cluster Design 24 VMware Validated Design for SDDC • The management virtual machines, NSX controllers and edges, and tenant workloads run on the ESXi hosts in the consolidated cluster. • The consolidated cluster design requires a minimum of 4 hosts: • Three hosts are used to provide n+1 redundancy for the vSAN cluster. • The fourth host is used to guarantee n+1 for vSAN redundancy during maintenance operations. • You can add ESXi hosts to the cluster as needed. • NSX deploys 3 Controllers with anti-affinity rules. the forth host is used to guarantee controller distribution across 3 hosts during maintenance operation. • ESXi hosts are limited to 200 virtual machines when using vSAN.
Logical and Physical Design of vRealize Operations Manager 25 VMware Validated Design for SDDC In the consolidated SDDC, you deploy a vRealize Operations Manager configuration that consists of the following entities. • 1-node (medium-size) vRealize Operations Manager analytics cluster. This topology provides the ability to add high availability, scale-out capacity up to sixteen nodes, and failover. • 1 standard remote collector node. The remote collectors communicate directly with the vRealize Operations Manager analytics cluster. The design uses remote collectors whose role is to ease scalability by performing the data collection for localized applications and periodically sending collected data to the analytics cluster.
Logical Design and Data Sources of vRealize Log Insight 26 VMware Validated Design for SDDC • In the Consolidated SDDC, deploy a single vRealize Log Insight instance that consists of a single master node. • This configuration allows for the required functionality and the log ingestion rates generated from the management components
vRealize Automation Infrastructure as a Service Design 27 VMware Validated Design for SDDC • The Cloud Management Platform (CMP), of which vRealize Automation is a central component, enables a usage model that includes interaction between users, the CMP itself, the supporting infrastructure, and the provisioning infrastructure. • vRealize Automation supports deployments with a single tenant or multiple tenants. • This design deploys a single tenant containing two business groups. • The first business group is designated for production workloads provisioning. • The second business group is designated for development workloads provisioning.
Application Virtual Networks – vRealize Automation Example VMware Validated Design for SDDC User Traffic Network Traffic Pool ID vra-iaas-mgr-443 DNS CNAME vra01ims01.rainpole.local Virtual Server (VIP) 192.168.11.59 Algorithm Round-Robin Session Persistence None Health /VMPSProvision = ProvisionService Pool ID vra-iaas-web-443 DNS CNAME vra01iws01.rainpole.local Virtual Server (VIP) 192.168.11.56 Algorithm Round-Robin Session Persistence Source IP – 1800 Seconds Expiration Health /wapi/api/status/web = REGISTERED Pool ID vra-svr-443 vra-svr-8443 vra-vro-8283 DNS CNAME vra01svr01.rainpole.local vra01svr01.rainpole.local vra01svr01.rainpole.local Virtual Server (VIP) 192.168.11.53 192.168.11.53 192.168.11.53 Algorithm Round-Robin Round-Robin Round-Robin Session Persistence Source IP – 1800 Seconds Expiration Source IP – 1800 Seconds Expiration Source IP – 1800 Seconds Expiration Health /vcac/services/api/health = 204 /vcac/services/api/health = 204 /vco-controlcenter/docs
Summary – Consolidated Management and Workload VMware Validated Design for SDDC § Consolidates Management, Edge, and Workload into a single pod. § Requires only a minimum of 4 ESXi hosts § All functional testing and validation of the design is done using vSAN. § Any supported storage may be used. Adjust the operations guidance. § Network Transport § Supports both L2 and L3 transport services. § Scalable and vendor-neutral network, use an L3 transport. § Ready for Scale § Expandable to a 32 ESXi host pod. § SDDC solutions easily scale – deployed w/ native or NSX load balancing in place. § Transitions to Two-Pod Distributed Management and Workload (Standard) § Downtime Required § Single Region and Single Availability Zone § License Flexibility for NSX (No Universal Objects) External Connection WAN/LAN
tenthirtyam
yutaro527
oracle4engineer
aramaki
soachr
you
6onoda
blue_goheimochi
motok1
aiji42
miura55
ganota
miyakemito
chrislema
swwweet
denniskardys
hannesfritz
malarkey
colly
nonsquared
paigeccino
panda_program
soudai
brad_frost
pauljervisheath