vRA and NSX in a Dutch multi-tenant Cloud solution

Transcript

1. KPN CloudNL VMware vRA and NSX in a Dutch multi-tenant

   Cloud solution Albert W. Alberts, VMware CTAB May 17 2018 in Berlin

2. Who am I … • KPN since Jan. 1999: –

   HetNet (ISP), VoIP, Comet (backend deployment), Bewaarplicht (email logging), Cloud DevOps, CloudNL VMware, ApiMarketplace (Apigee) • Architect (with a software focus) • KPN patents & pending • MeetUp organization: – devNetNoord, – domoticaGrunn, – ManageIQ Albert W. Alberts Private Home automation (soft- & hardware), Bramble Swimming, Waterpolo, Cycling, Travelling Contact [email protected] @a_w_alberts www.linkedin.com/in/albertalberts

3. KPN CloudNL VMware • 1 Product Owner • 3 OPS

   • 3 DEV • 1 Test • ½ Architect The Team: who and how?
4. None

5. CloudNL characteristics: • Services delivered by KPN in Dutch datacenters;

   • Platform managed from within the Netherlands under Dutch law; • Cloud Compliance Framework assurance (CCF).

6. Cloud characteristics: • Self-service management • Create own infra •

   Manage own infra • Scalable • Pay per use

7. CloudNL Microsoft, based on Microsoft WAP technology

8. CloudNL VMware, based on VMware technology • vRealize Automation; •

   vRealize Orchestration; • NSX; • vCenter & vSphere.

9. Virtual Machines Networking Backup CloudNL VMware Focus op Infrastructuur (IaaS)

10. Virtual Machines Networking Backup CloudNL VMware vRealize suite vRealize Automation

    vRealize Orchestration

11. vRealize Automation vRealize Orchestration Compute resources Networking resources Storage resources

    CloudNL VMware Portal ReST API What does the customer get? Interfaces

12. vRealize Automation vRealize Orchestration Compute resources Networking resources Storage resources

    CloudNL VMware Portal ReST API What does the customer get? Interfaces Go Ruby Python C#

13. vRealize Automation vRealize Orchestration Virtual Machines Networking Backup Compute resources

    Networking resources Storage resources CloudNL VMware Portal API What does the customer get? Interfaces

14. Tenant A Tenant A private IP private IP NSX Edge

    pair public IP public IP Tenant ESG Tenant ESG Perimeter ESG Perimeter ESG default GW Perimeter ESG Perimeter ESG Distributed Logical Router Tenant A ESG Tenant A ESG Distributed Logical Router VM VM VM VM VM VM VM VM transport network default GW default GW default GW transport network public network, without NAT(ting) private network, with sNAT(ting) Internet Aalsmeer (CCA) Apeldoorn (APD) What does the customer get? Default network setup: front-end & back-end

15. Tenant ESG Distributed Logical Router Tenant B ESG transport network

    Tenant A Tenant ESG Distributed Logical Router Tenant B ESG transport network Tenant A private IP public IP Perimeter ESG default GW Perimeter ESG VM VM VM VM default GW transport network Internet Tenant ESG Tenant A ESG Distributed Logical Router Aalsmeer (CCA) Apeldoorn (APD) private IP public IP Perimeter ESG default GW Perimeter ESG VM VM VM VM default GW transport network Tenant ESG Tenant A ESG Distributed Logical Router Wat does the customer get? Multitenancy, separation at the pESG

16. vRealize Automation vRealize Orchestration Virtual Machines Networking Backup Compute resources

    Networking resources Storage resources CloudNL VMware Portal API How does the customer get it? Interfaces

17. vRealize Automation vRealize Orchestration Compute resources Networking resources Storage resources

    CloudNL VMware Portal How does the customer get it? Order / Request API

18. vRealize Automation vRealize Orchestration Compute resources Networking resources Storage resources

    How does the customer get it? Order / Request flow Portal € Billing

19. vRealize Orchestration Compute resources Networking resources Storage resources How does

    the customer get it? Order / Request flow € Billing vRealize Automation Portal

20. vRealize Orchestrator workflow Create a simple NSX Load Balancer

21. NSX Load Balancers: “simple” vs advanced Quick and easy vs

    Lot’s of options “simple” Load Balancer: one catalog item with multiple tabs Advanced Load Balancer: multiple catalog items with dependencies

22. “Load Balancer” NSX Load Balancer: “simple” vs advanced Guided vs

    Reusable Building blocks Load Balancer Host Load Balancer Certificate Load Balancer Application Profile Load Balancer Load Balancer Health Monitor Load Balancer Application Rule Load Balancer Pool Load Balancer Pool Members Application Profile Health Check Certificates “simple” Load Balancer: one catalog item with multiple tabs General Advanced Load Balancer: multiple catalog items with dependencies tab Catalog item

23. Structure of an advanced NSX Load Balancer Creation order Load

    Balancer Host Load Balancer Certificate Load Balancer Application Profile Load Balancer (service) Load Balancer Health Monitor Load Balancer Application Rule Load Balancer Pool creation order

24. Tenant AWAlberts Tenant AWAlberts private IP private IP NSX Edge

    pair public IP public IP Tenant ESG Tenant ESG Perimeter ESG Perimeter ESG default GW Perimeter ESG Perimeter ESG Distributed Logical Router Tenant ESG AWAlberts Tenant ESG AWAlberts Distributed Logical Router VM VM transport network default GW default GW default GW transport network Internet Aalsmeer (CCA) Apeldoorn (APD) Demo_01 Demo_02 Create an Internet-Facing Load Balancer Create an Internet-Facing Load Balancer with two VMs in the back-end

25. Tenant AWAlberts private IP public IP Tenant ESG Perimeter ESG

    default GW Perimeter ESG Distributed Logical Router Tenant ESG AWAlberts VM VM default GW transport network Internet Aalsmeer (CCA) Load Balancer Create NSX Load Balancer, with two nodes public IP Portal vRA, vRO Create an Internet-Facing Load Balancer Create an Internet-Facing Load Balancer with two VMs in the back-end Demo_01 Demo_02

26. Tenant AWAlberts private IP public IP Tenant ESG Perimeter ESG

    default GW Perimeter ESG Distributed Logical Router Tenant ESG AWAlberts VM VM default GW transport network Internet Aalsmeer (CCA) Create NSX Load Balancer, with two nodes public IP Create an Internet-Facing Load Balancer Create an Internet-Facing Load Balancer with two VMs in the back-end Demo_01 Demo_02 Load Balancer Portal vRA, vRO Application Profile Health Check Certificates General Load Balancer Load Balancer Host Load Balancer Pool Health Monitor Application Profile

27. Tenant AWAlberts private IP public IP Tenant ESG Perimeter ESG

    default GW Perimeter ESG Distributed Logical Router Tenant ESG AWAlberts VM VM default GW transport network Internet Aalsmeer (CCA) Load Balancer public IP: 145.128.67.82:3333 while true; do curl 145.128.67.82:3333 sleep 1 done Portal vRA, vRO Create an Internet-Facing Load Balancer Create an Internet-Facing Load Balancer with two VMs in the back-end Demo_01 Demo_02 VMs listening on port 3333

28. Demo Create an Internet Facing Load Balancer with two VMs

    in the back-end [2:53]

29. Tenant AWAlberts Tenant AWAlberts private IP private IP NSX Edge

    pair public IP public IP Tenant ESG Tenant ESG Perimeter ESG Perimeter ESG default GW Perimeter ESG Perimeter ESG Distributed Logical Router Tenant ESG AWAlberts Tenant ESG AWAlberts Distributed Logical Router VM VM transport network default GW default GW default GW transport network Internet Aalsmeer (CCA) Apeldoorn (APD) Create an advanced Internet-Facing Load Balancer Create an Internet-Facing Load Balancer with two VMs in the back-end Demo_01 Demo_02

30. Tenant AWAlberts private IP public IP Tenant ESG Perimeter ESG

    default GW Perimeter ESG Distributed Logical Router Tenant ESG AWAlberts VM VM default GW transport network Internet Aalsmeer (CCA) Adv. Load Balancer Create NSX Load Balancer, with same two nodes public IP Portal vRA, vRO Create an advanced Internet-Facing Load Balancer Create an Internet-Facing Load Balancer with two VMs in the back-end Demo_01 Demo_02

31. Tenant AWAlberts private IP public IP Tenant ESG Perimeter ESG

    default GW Perimeter ESG Distributed Logical Router Tenant ESG AWAlberts VM VM default GW transport network Internet Aalsmeer (CCA) Create NSX Load Balancer, with same two nodes public IP Create an advanced Internet-Facing Load Balancer Create an Internet-Facing Load Balancer with two VMs in the back-end Demo_01 Demo_02 Adv. Load Balancer Portal vRA, vRO Load Balancer Application Rule Health Monitor Application Profile Load Balancer Pool Load Balancer Application Rule Health Monitor Application Profile Load Balancer Pool Load Balancer Host

32. Tenant AWAlberts VMs listening on port 3000 public IP Tenant

    ESG Perimeter ESG default GW Perimeter ESG Distributed Logical Router Tenant ESG AWAlberts VM VM default GW transport network Internet Aalsmeer (CCA) Adv. Load Balancer public IP: 145.128.67.85:2222 while true; do curl 145.128.67.85:2222 sleep 1 done Portal vRA, vRO Demo: Create an Internet-Facing Load Balancer Create an Internet-Facing Load Balancer with two VMs in the back-end Demo_01 Demo_02 Application rules: - whitelist, - redirect HTTP to HTTPs

33. NSX Load Balancer Advanced Load Balancer Load Balancer Host Load

    Balancer Certificate Load Balancer Application Profile Load Balancer (Service) Load Balancer Health Monitor Load Balancer Application Rule Load Balancer Pool 01:07 01:15 01:49 01:26 02:12

34. Demo Create an advanced Internet Facing Load Balancer with two

    VMs in the back-end a sample application rule and port redirecting ~15 min. reduced to 2:37

35. Questions now or later ...

36. Thank you for your attention! and there is always more

    to do …

37. var http = require('http'); http.createServer(function (req, res) { res.writeHead(200, {'Content-Type':

    'text/plain'}); res.end(‘Hello, my name is DEMO_01. I\’m the numero UNO!\n’); }).listen(3333, “[node IP-address]”); console.log('Server running at http://[node IP-address]:3333/‘); Webserver with node.js, load balancer node index.js

38. #!/bin/bash # This script runs until you stop it with

    Ctrl-C while true; do curl [load balancer IP-address]:3333 sleep 1 done Bash script calling the load balancer IP-address load-balancer-test.sh