Titel van de presentatieVerhoog uw flexibiliteit metCloud Automation Services

Stefan Verhoef

Stefan VerhoefSDDC Consultant

sve@pqr.nl

stefan-verhoef-9048218

@stefan_verhoef

1. Waarom Digitale Transformatie, DevOps en wat betekent dit?

2. Wat kan vRealize Automation Cloud hierin betekenen

3. Hoe zit het nu met de connectiviteit en security van mijn applicaties?

4. Hoe werkt Cloud Assembly

5. Hoe werkt NSX-T

6. Voorbeeld Architectuur

7. Wat biedt vRealize Automation Cloud icm NSX-T

Agenda

Titel van de presentatieWaarom DigitaleTransformatie en DevOps?

Digitale Transformatie

Waarom DevOps?

Wat kunnen organisaties hiervoor inzetten

Titel van de presentatieWat kan vRealize Automation Cloudhierin betekenen

Cloud management platform

Infrastructure as Code

Enable DevOps

Multi-cloud

</>

ExtensiblePolicy-based governance

Modern architecture Easy install

Quick time-to-value

Public CloudData CenterEdgeManaged Data

Center

vRealize Automation Cloud

Cloud AssemblyTM

VMwareCode StreamTM

VMwareService BrokerTM

VMware

Lease

Resource

Cost

Power schedule Approval

Naming

Tagging

Notification

Catalog Items

START

STOP

SCALE OUT

Cloud Assembly

Azure ARM*

AWS CFT K8s*

+GOVERNANCE POLICIES

DEV PRODSTAGE

DEPLOY DEPLOYDEPLOY

TASK … TASK … TASK …

VMware Marketplace

Brownfield Greenfield

DIY

vRO* Pivotal*

* Indicate Templates and Services that are Coming Soon

vRealize Automation Cloud

ON-PREM SAAS

CHOICE

SaaS Milestones

On-Premise Releases vRA 7.6 vRA 8.0

2019H1 H2

APR 2019 JULY 2019 JULY 2020

H22020

OCT 2019 JAN 2020 APR 2020

H1

vRA 8.x vRA 8….

MIGRATION FROM vRA 7.5, 7.6

MIGRATION FROM vRA 7.5, 7.6

OCT 2020

MIGRATION ASSESSMENT SERVICE

On-premises or cloud

…PODS

K8s CLUSTER

…K8s Nodes (VMs)

v R e a l i z e A u t o m a t i o n 8

Virtual appliances common to all vRealize products

VMware vRealize Suite Lifecycle Manager

VMware Identity Manager

INGRESS CONTROLLER

Kubernetes-based virtual appliance

Titel van de presentatieHoe werkt Cloud Assembly ?

VCPP / VMC PUBLIC CLOUDSDDC (VCF) EDGE

Project Admin

Project Users

PROJECTS

ORGANIZATION

Cloud Admin

Content sharing

NamingpolicyLease policy

Taggingpolicy

POLICIES & GOVERNANCE

CONTENT

Blueprints Images Configuration

PROVISIONED RESOURCES

CLOUD ZONES & PROFILES

D E P L O Y M E N T S

Datacenter / Cluster Region / AZ Cloud region

Approval policy

Resourcepolicy

*

Cloud zones are dynamically determined. Infra profiles

provide abstraction

Deployments are associated with projects

Deployment enable lifecycle & day 2 actions

Blueprints are in the context of a project

* Roadmap

Entitlement

vRA – Organization & Projects

vRAC – Flavor Mappings

vRAC – Image Mappings

Tenant

PRJ1 PRJ2

2. SET UP PROJECTS

1. SET UP CLOUD ACCOUNTS, ZONES & PROFILES

Private Cloud (VCF)

Public cloud

VMware partners

(VMC)

Versioned Blueprints

Blueprints & images from VMware Marketplace

4. START WITH A BLUEPRINT FROM MARKETPLACE

5. BUILD YOUR BLUEPRINT USING RICH LIBRARY OF SERVICES

3. IMPORT EXISTING AWS/AZURE/VSPHERE WORKLOADS

7. ITERATE

6. DEPLOY BLUEPRINTS WITH POLICIES & AUTOMATIC MONITORING

Cloud Assembly

Windows Server 2016

MICROSOFTWindows Server 2016 Datacenter

EditionVMDK

Redhat Enterprise Linux 7

IBM

Redhat Enterprise Linux 7

VMDK

Ubuntu Bionic Linux

CANONICALUbuntu Bionic Linux (18.04 LTS)

VMDK

SUSE Linux Enterprise Server

15

SUSESUSE Linux Enterprise Server 15

VMDK

REQUEST REQUESTREQUESTREQUEST

NSX Network

VMWARE

Create a network in SDDC

CLOUD ASSEMBLY

NSX Load balancer

VMWARE

Redhat Enterprise Linux 7

CLOUD ASSEMBLY

NSX Security group

VMWARE

Ubuntu Bionic Linux (18.04 LTS)

CLOUD ASSEMBLY

Serverless app model

AWSSUSE Linux Enterprise Server 15

AWS CFT

REQUEST REQUESTREQUESTREQUEST

Cloud Assembly Blueprints

NSX Networking, Security Admin

constructs

AWS CloudFormation

templates

vRO workflows (XaaS)

ABX Actions (XaaS)

”Out of the box” catalogus

Titel van de presentatieHoe zit het nu met de connectiviteiten security van mijn applicaties?

EDGE

CLOUD

DATA CENTER

ENTERPRISE INNOVATION IS DEMANDING AN INCLUSIVE APPROACH TO NETWORKING, SECURITY, AUTOMATION

SaaS

PaaS IaaS

Your Network is Everywhere, In Software, for the App

Virtual Cloud Network

Vis

ion

SecurityMicro-segmentation

Multi-cloud NetworkingConsistent Policy, Disaster Recovery, Workload

Mobility

AutomationIT Automation, Cloud-native Automation,

Streamline Operations

Cloud-nativeContainer Networking, Micro-seg’ for Microservices, End-to-End Visibility

WAN and BranchBranch Transformation, WAN Management,

Optimize Cloud Access

Solu

tion

NSX SD-WANNSX Data Center NSX Cloud NSX Hybrid Connect VMware AppDefense

Prod

uct

NSX Key Highlights

Titel van de presentatieHoe werkt NSX-T ?

Data Plane

ESXi hostN-VDS

KVM hostN-VDS

NSX EdgeBare MetalServer

NSX

LinuxVM

NSX

WindowsVM

NSX

NSXCloudGW NAT

Private Cloud

Public CloudVMware Cloud on AWS

Management / Control Plane

VMs Containers

NSX Manager Cluster

GUI/REST/CMP

Cloud Service Manager

NSX Container Plugin

vCenter(s)

NSX-T Datacenter Components

Transport node versus Edge transport node

Types of data plane components, referred to as transport nodes, include:• Hypervisor transport nodes:

- Act as forwarding plane for VM traffic- Provide support for ESXi and KVM hypervisors

• Bare metal transport nodes: Include Linux-based workloads running on bare metal servers without an hypervisor

• NSX Edge cluster:- Contains edge transport nodes (VM or bare metal)- Provides stateful and gateway services

Every Transport Node includes:• Local Control Plane (LCP) agent• Management Plane Agent (MPA)

Local NSX Virtual Distributed Switch (N-VDS), component for data plane forwarding

• Switching, Routing, Distributed Firewall• Overlay encapsulation/decapsulation

N-VDS is based on:• ESXi vSwitch for ESXi• Open vSwitch (OVS) for KVM

ESXi host can be added as Standalone Host or vCenter Server managed.

Add KVM hosts as standalone host only.

NSX Controller Cluster

ESXi TN

Transport Nodes

NSX Manager Cluster

LCPMPA

N-VDS

ESXi vSwitch

KVM TN

LCPMPA

N-VDSOpen vSwitch

NSX Agent

N-VDS

Tier-0Logical Router

FysiekeRouter

Tier-1Logical Router

Tier-1Logical Router

RouterLink (100.64.0.0/31)

Uplink

Downlink

Tenant-1 Tenant-2

Tier-0 Logical Router

• Verbindt met fysieke network

• Handmatige configuratie bij fysiekekoppeling

Tier-1 Logical Router

• Role per tenant, eerste hop router

• Aansturing via CMP

Voordelen

• Tier-1 automatisch gekoppeld met fysieke network, via Tier-0.

• Geen wijzigingen in fysieke network voor nieuwe tenants

• Separate controle voor Intra enTenant beheer

• Isolatie van Tenants

Logical Router – Multi Tiering

Routing

Firewall

GedistribueerdeServices

Load Balancing

Connectivity to physical

(L2+L3)

Edge FirewallVPN DHCP

NAT

GecentraliseerdeServices

MetaDataProxy

MetaDataProxy

NSX-T – Services: Gedistribueerd versus Gecentraliseerd

Titel van de presentatieVoorbeeld architectuur

vRealize Automation Cloud | Cloud Assembly | Service Broker | Code Stream

vSphere NSX-T Ansible

Cloud Proxy

vRO

GitHub

on-premises

public cloud

Voorbeeld architectuur

Provide resourcesCloud Account

Storage

Compute

Cloud Account

vSphere

Machines

VolumesNSX-T

Networks

Provide Resources

Tags versus Constraints

• Tags are written back to provisioned resources when theyare created in the cloud infrastructure and containkey/value pairs.

These commonly include:• Technical Tags (Name, App ID, App Role, Cluster, Env,

Version)• Business Tags (Owner, Cost Center, BU, Customer,

Project)• Security (confidentiality, Compliance)

• Constraint tags identify how placement should be selectedfor provisioning.

These commonly include:• Env (Prod, Test, Dev),• Storage (Gold, Silver, Bronze, PCI, SSD),• Network type (dmz, dhcp, internal, public)

Cloud zones

Joining point of users/groups to resource consumption:• Cloud Zones• Blueprints• Kubernetes (PKS)

Governance and User Access Construct

Project level costingvisibility

Projects

Project

Users

Cloud Zone(instance limit)

CustomProperties

Custom Naming

Blueprint DeploymentDeploymentDeployment

Create a Project

Blueprint creëren – drag-’n-drop

Blueprint creëren – code only

Titel van de presentatieWat biedt vRealize Automation Cloud icm NSX-T?

Confidential │ ©2019 VMware, Inc. 39

NAT

Load Balancing

DHCP

Routing

Distributed Firewall

Blueprint

Cloud Assembly

Cloud zonesNetwork profile

Resource Management

NSX-T Services vRealize Automation Cloud On Demand ApplicationDelivery

VM VM

VM

VM VM VM

Web

App

Db

Service Broker

vRealize Automation Cloud gekoppeld met NSX-T

Titel van de presentatieVragen?

Dank voor uw aandacht