IT Galaxy 2019 Cloud Automation Services - IT Galaxy | 29 ......Titel van de presentatie Verhoog uw...
Transcript of IT Galaxy 2019 Cloud Automation Services - IT Galaxy | 29 ......Titel van de presentatie Verhoog uw...
Titel van de presentatieVerhoog uw flexibiliteit metCloud Automation Services
Stefan Verhoef
1. Waarom Digitale Transformatie, DevOps en wat betekent dit?
2. Wat kan vRealize Automation Cloud hierin betekenen
3. Hoe zit het nu met de connectiviteit en security van mijn applicaties?
4. Hoe werkt Cloud Assembly
5. Hoe werkt NSX-T
6. Voorbeeld Architectuur
7. Wat biedt vRealize Automation Cloud icm NSX-T
Agenda
Titel van de presentatieWaarom DigitaleTransformatie en DevOps?
Digitale Transformatie
Waarom DevOps?
Wat kunnen organisaties hiervoor inzetten
Titel van de presentatieWat kan vRealize Automation Cloudhierin betekenen
Cloud management platform
Infrastructure as Code
Enable DevOps
Multi-cloud
</>
ExtensiblePolicy-based governance
Modern architecture Easy install
Quick time-to-value
Public CloudData CenterEdgeManaged Data
Center
vRealize Automation Cloud
Cloud AssemblyTM
VMwareCode StreamTM
VMwareService BrokerTM
VMware
Lease
Resource
Cost
Power schedule Approval
Naming
Tagging
Notification
Catalog Items
START
STOP
SCALE OUT
Cloud Assembly
Azure ARM*
AWS CFT K8s*
+GOVERNANCE POLICIES
DEV PRODSTAGE
DEPLOY DEPLOYDEPLOY
TASK … TASK … TASK …
VMware Marketplace
Brownfield Greenfield
DIY
vRO* Pivotal*
* Indicate Templates and Services that are Coming Soon
vRealize Automation Cloud
ON-PREM SAAS
CHOICE
SaaS Milestones
On-Premise Releases vRA 7.6 vRA 8.0
2019H1 H2
APR 2019 JULY 2019 JULY 2020
H22020
OCT 2019 JAN 2020 APR 2020
H1
vRA 8.x vRA 8….
MIGRATION FROM vRA 7.5, 7.6
MIGRATION FROM vRA 7.5, 7.6
OCT 2020
MIGRATION ASSESSMENT SERVICE
On-premises or cloud
…PODS
K8s CLUSTER
…K8s Nodes (VMs)
v R e a l i z e A u t o m a t i o n 8
Virtual appliances common to all vRealize products
VMware vRealize Suite Lifecycle Manager
VMware Identity Manager
INGRESS CONTROLLER
Kubernetes-based virtual appliance
Titel van de presentatieHoe werkt Cloud Assembly ?
VCPP / VMC PUBLIC CLOUDSDDC (VCF) EDGE
Project Admin
Project Users
PROJECTS
ORGANIZATION
Cloud Admin
Content sharing
NamingpolicyLease policy
Taggingpolicy
POLICIES & GOVERNANCE
CONTENT
Blueprints Images Configuration
PROVISIONED RESOURCES
CLOUD ZONES & PROFILES
D E P L O Y M E N T S
Datacenter / Cluster Region / AZ Cloud region
Approval policy
Resourcepolicy
*
Cloud zones are dynamically determined. Infra profiles
provide abstraction
Deployments are associated with projects
Deployment enable lifecycle & day 2 actions
Blueprints are in the context of a project
* Roadmap
Entitlement
vRA – Organization & Projects
vRAC – Flavor Mappings
vRAC – Image Mappings
Tenant
PRJ1 PRJ2
2. SET UP PROJECTS
1. SET UP CLOUD ACCOUNTS, ZONES & PROFILES
Private Cloud (VCF)
Public cloud
VMware partners
(VMC)
Versioned Blueprints
Blueprints & images from VMware Marketplace
4. START WITH A BLUEPRINT FROM MARKETPLACE
5. BUILD YOUR BLUEPRINT USING RICH LIBRARY OF SERVICES
3. IMPORT EXISTING AWS/AZURE/VSPHERE WORKLOADS
7. ITERATE
6. DEPLOY BLUEPRINTS WITH POLICIES & AUTOMATIC MONITORING
Cloud Assembly
Windows Server 2016
MICROSOFTWindows Server 2016 Datacenter
EditionVMDK
Redhat Enterprise Linux 7
IBM
Redhat Enterprise Linux 7
VMDK
Ubuntu Bionic Linux
CANONICALUbuntu Bionic Linux (18.04 LTS)
VMDK
SUSE Linux Enterprise Server
15
SUSESUSE Linux Enterprise Server 15
VMDK
REQUEST REQUESTREQUESTREQUEST
NSX Network
VMWARE
Create a network in SDDC
CLOUD ASSEMBLY
NSX Load balancer
VMWARE
Redhat Enterprise Linux 7
CLOUD ASSEMBLY
NSX Security group
VMWARE
Ubuntu Bionic Linux (18.04 LTS)
CLOUD ASSEMBLY
Serverless app model
AWSSUSE Linux Enterprise Server 15
AWS CFT
REQUEST REQUESTREQUESTREQUEST
Cloud Assembly Blueprints
NSX Networking, Security Admin
constructs
AWS CloudFormation
templates
vRO workflows (XaaS)
ABX Actions (XaaS)
”Out of the box” catalogus
Titel van de presentatieHoe zit het nu met de connectiviteiten security van mijn applicaties?
EDGE
CLOUD
DATA CENTER
ENTERPRISE INNOVATION IS DEMANDING AN INCLUSIVE APPROACH TO NETWORKING, SECURITY, AUTOMATION
SaaS
PaaS IaaS
Your Network is Everywhere, In Software, for the App
Virtual Cloud Network
Vis
ion
SecurityMicro-segmentation
Multi-cloud NetworkingConsistent Policy, Disaster Recovery, Workload
Mobility
AutomationIT Automation, Cloud-native Automation,
Streamline Operations
Cloud-nativeContainer Networking, Micro-seg’ for Microservices, End-to-End Visibility
WAN and BranchBranch Transformation, WAN Management,
Optimize Cloud Access
Solu
tion
NSX SD-WANNSX Data Center NSX Cloud NSX Hybrid Connect VMware AppDefense
Prod
uct
NSX Key Highlights
Titel van de presentatieHoe werkt NSX-T ?
Data Plane
ESXi hostN-VDS
KVM hostN-VDS
NSX EdgeBare MetalServer
NSX
LinuxVM
NSX
WindowsVM
NSX
NSXCloudGW NAT
Private Cloud
Public CloudVMware Cloud on AWS
Management / Control Plane
VMs Containers
NSX Manager Cluster
GUI/REST/CMP
Cloud Service Manager
NSX Container Plugin
vCenter(s)
NSX-T Datacenter Components
Transport node versus Edge transport node
Types of data plane components, referred to as transport nodes, include:• Hypervisor transport nodes:
- Act as forwarding plane for VM traffic- Provide support for ESXi and KVM hypervisors
• Bare metal transport nodes: Include Linux-based workloads running on bare metal servers without an hypervisor
• NSX Edge cluster:- Contains edge transport nodes (VM or bare metal)- Provides stateful and gateway services
Every Transport Node includes:• Local Control Plane (LCP) agent• Management Plane Agent (MPA)
Local NSX Virtual Distributed Switch (N-VDS), component for data plane forwarding
• Switching, Routing, Distributed Firewall• Overlay encapsulation/decapsulation
N-VDS is based on:• ESXi vSwitch for ESXi• Open vSwitch (OVS) for KVM
ESXi host can be added as Standalone Host or vCenter Server managed.
Add KVM hosts as standalone host only.
NSX Controller Cluster
ESXi TN
Transport Nodes
NSX Manager Cluster
LCPMPA
N-VDS
ESXi vSwitch
KVM TN
LCPMPA
N-VDSOpen vSwitch
NSX Agent
N-VDS
Tier-0Logical Router
FysiekeRouter
Tier-1Logical Router
Tier-1Logical Router
RouterLink (100.64.0.0/31)
Uplink
Downlink
Tenant-1 Tenant-2
Tier-0 Logical Router
• Verbindt met fysieke network
• Handmatige configuratie bij fysiekekoppeling
Tier-1 Logical Router
• Role per tenant, eerste hop router
• Aansturing via CMP
Voordelen
• Tier-1 automatisch gekoppeld met fysieke network, via Tier-0.
• Geen wijzigingen in fysieke network voor nieuwe tenants
• Separate controle voor Intra enTenant beheer
• Isolatie van Tenants
Logical Router – Multi Tiering
Routing
Firewall
GedistribueerdeServices
Load Balancing
Connectivity to physical
(L2+L3)
Edge FirewallVPN DHCP
NAT
GecentraliseerdeServices
MetaDataProxy
MetaDataProxy
NSX-T – Services: Gedistribueerd versus Gecentraliseerd
Titel van de presentatieVoorbeeld architectuur
vRealize Automation Cloud | Cloud Assembly | Service Broker | Code Stream
vSphere NSX-T Ansible
Cloud Proxy
vRO
GitHub
on-premises
public cloud
Voorbeeld architectuur
Provide resourcesCloud Account
Storage
Compute
Cloud Account
vSphere
Machines
VolumesNSX-T
Networks
Provide Resources
Tags versus Constraints
• Tags are written back to provisioned resources when theyare created in the cloud infrastructure and containkey/value pairs.
These commonly include:• Technical Tags (Name, App ID, App Role, Cluster, Env,
Version)• Business Tags (Owner, Cost Center, BU, Customer,
Project)• Security (confidentiality, Compliance)
• Constraint tags identify how placement should be selectedfor provisioning.
These commonly include:• Env (Prod, Test, Dev),• Storage (Gold, Silver, Bronze, PCI, SSD),• Network type (dmz, dhcp, internal, public)
Cloud zones
Joining point of users/groups to resource consumption:• Cloud Zones• Blueprints• Kubernetes (PKS)
Governance and User Access Construct
Project level costingvisibility
Projects
Project
Users
Cloud Zone(instance limit)
CustomProperties
Custom Naming
Blueprint DeploymentDeploymentDeployment
Create a Project
Blueprint creëren – drag-’n-drop
Blueprint creëren – code only
Titel van de presentatieWat biedt vRealize Automation Cloud icm NSX-T?
Confidential │ ©2019 VMware, Inc. 39
NAT
Load Balancing
DHCP
Routing
Distributed Firewall
Blueprint
Cloud Assembly
Cloud zonesNetwork profile
Resource Management
NSX-T Services vRealize Automation Cloud On Demand ApplicationDelivery
VM VM
VM
VM VM VM
Web
App
Db
Service Broker
vRealize Automation Cloud gekoppeld met NSX-T
Titel van de presentatieVragen?
Dank voor uw aandacht