VMware vCloud Architecture Toolkit (vCAT)

John Arrasjid—John Arrasjid is a Principal Architect at VMware, Inc., where he started in 2003. John is part of the Global Technology Solutions team, is a VMware Ambassador, and is part of the Field Office of the CTO. John was awarded the vExpert 2012 designation, given to the top VMware evangelists in the industry, for his work on vCAT and the VCDX program. As lead architect and chief product owner of vCAT, John has led the development and release of vCAT since 2011. In his 10 years at VMware, John has co-authored four other books; VCDX Boot Camp, Cloud Computing with vCloud Director, Foundation for Cloud Computing with vSphere 4, and Deploying the VMware Infrastructure. John regularly presents at VMworld, VMware Partner Exchange, VMware vForum, USENIX LISA, and other industry conferences. His VCDX Boot Camp has been taught to more than 800 individuals since 2008. John holds a bachelor of science in computer science from SUNY at Buffalo and holds VCDX, ITIL Foundations, and CSPO certifications. He is a founding member of the Elastic Sky band, developer of the original vmsnap/vmres tool, and developer of several consulting engagements for security, business continuity, and performance. Find John on Twitter at @vcdx001.   Matthew Wood—Matthew Wood is an independent technical writer. Matthew has been a senior technical writer, editor, and manager for VMware Technical Services, and he was the lead editor for the vCAT project from 2010 until 2013. Matthew works with architects and consultants to produce IP for services kits and solutions kits related to all aspects of VMware technology. He also has written original documentation for the VMware Services Software Solutions group to support tools such as VMware HealthAnalyzer and Migration Manager. Matthew has 38 years of experience working with technology companies, focusing especially on UNIX, virtualization, and applications that support enterprise IT environments.   Wade Holmes—Wade Holmes is a Staff Solutions Architect at VMware, Inc., and holds VCDX, CISSP, CCSK, and CSPO certifications. He has more than 16 years of experience planning, teaching, and presenting on the architecture, design, and implementation of complex computing environments of all scopes and sizes. Wade has presented and taught at conferences such as VMworld, SXSW, USENIX LISA, and VMware User Group meetings. Wade was awarded the vExpert 2012 designation, given to the top VMware evangelists in the industry. He holds a bachelor’s degree in information technology and a master’s degree in information assurance. Find him on Twitter at @wholmes; he also maintains a blog at www.vwade.com.   Joe Sarabia—Joe Sarabia is a Cloud Architect at VMware, Inc., and holds industry certifications that include VCAP-DCD, VCAP-DCA, MCSE, NCDA, ITIL, and CSPO. Joe has had various roles in the information technology field. He initially focused on operational roles in areas of organizations that consumed services from the business. About 10 years ago, Joe’s role pivoted to architecting and providing services on behalf of the business for business units and end users to consume. He has spent the last several years of his career as one of the leading hybrid cloud and SDDC architects in the industry, focusing on delivering business value to the globe’s largest organizations through complex software systems. Joe has particularly established himself as a thought leader in the areas of component integration and end user portal experience. Find him on Twitter at @joesarabia.   Rohan Kalra—Rohan Kalra is a Business Solutions Architect who brings more than 14 years of IT service management consulting experience, including global operations process re-engineering for Fortune 500 clients (EMC, Kellogg’s, Banco Santander, Goldman Sachs, Ricoh, and more). Rohan led the creation and release of operational readiness related IP assets available through VMware’s professional services, partner channels, and Accelerate Strategy teams. Formerly an executive technology adviser at Accenture, he led the development of operational readiness and governance components of its next-generation infrastructure solution blueprint, focused on cloud computing and delivery of IT as a Service. Rohan holds ITIL and CSPO certifications. Find him on Twitter at @kalrarohan.   Rupen Sheth—Rupen Sheth is a Senior Solutions Engineering Manager on the Global Services team at VMware, Inc., where he is responsible for monetizing and scaling the Software Defined Data Center (SDDC) portfolio of solutions and services. Rupen holds VCDX, ITIL, CSPO, and TOGAF certifications. He has extensive experience in delivering enterprise business and virtualization/cloud solutions through the effective application of information technology, process management, and coordination and management of multidisciplinary teams. Rupen started as a consultant at VMware and now leads a team of solution architects responsible for SDDC solutions and services kits that are used by VMware field and partners worldwide. Rupen has presented and taught at VMworld, VMware Partner Exchange, and USENIX conferences. Find him on Twitter at @rupensheth.   Ian Perez-Ponce—As Senior Product Manager for VMware’s vCloud Hybrid Service, Ian is responsible for service-creation and monetization efforts for the company’s Infrastructure as a Service (IaaS) cloud solutions portfolio. With more than 14 years of service provider and information technology experience, Ian helps define VMware’s premium hybrid cloud service strategy and oversees the development of the vCloud Service Provider partner ecosystem. Find him on Twitter at @iperezponce.   Christophe Decanini—Christophe Decanini is a Consulting Architect at VMware, Inc., where he started in 2007; currently, he is the technical lead for cloud orchestration. Based in Gland, Switzerland, Christophe is a global resource supporting customers in their orchestration and automation needs. He has presented orchestration solutions at conferences such as VMworld and is the main contributor on the www.vcoteam. info blog and in the official VMware Orchestrator community. Christophe was awarded the vExpert designation in 2011, given to the top VMware evangelists in the industry. He has 18 years of experience in IT automation and holds a bachelor’s degree in computer science. Find him on Twitter at @vCOTeam.   Burke Azbill—Burke Azbill has been working in IT since the mid-1990s and for VMware since 2007. He has been an active member of the VMworld Hands On Labs and a leading contributor to the vCenter Orchestrator community with both his own blog (www.vcoteam.info) and his contributions to the Official VMware Orchestrator blog and the community in the VMware forums. Burke was awarded the vExpert designation in 2011 and 2012, given to the top VMware evangelists in the industry. His industry certifications include MCP+I, MCSE, MCSD, CNE, CCA, LPIC-1, and VCP. Find him on Twitter at @TechnicalValues.   Michael Haines—Michael Haines is a Senior Cloud Networking and Security Architect and Engineer for the Global Services Engineering team at VMware, Inc. He leads the security architecture and development of VMware’s cloud solutions for service providers, enterprise customers, and partners throughout Europe and Asia Pacific. Michael is responsible for providing deep technical expertise and interfacing directly with Engineering and Product Management to support and develop current and future vCloud products and initiatives. He is also involved in prototyping vCloud solutions and frequently presents on VMware’s vCloud vision. This includes presentations at VMworld, where he also acts as one of the Security Lab captains. Michael is the co-author of the following publications: Cloud Computing with VMware vCloud Director, LDAP in the Solaris Operating Environment: Deploying Secure Directory Services, and Deploying LDAP in the Enterprise: Sun BluePrints Publications. Find him on Twitter at @michaelahaines.   Dave Richey—Dave Richey holds a degree from Harvard and has developed software training materials for more than a decade, including a full curriculum for Mac programmers. He draws on his experience in software development and technical management to edit technical documentation at VMware, Inc., in the fields of virtualization and cloud computing.   Ben Lin—Ben is a Staff Systems Engineer for the Networking and Security Business Unit (NSBU) at VMware, Inc. He holds VCDX3/4/5 certifications and actively participates in VCDX panels and development activities. Ben graduated from the University of California, Berkeley with a bachelor of science in electrical engineering and computer science. Ben co-authored the book Cloud Computing with VMware vCloud Director and was closely involved with cloud designs and deployments since the inception of vCloud Director. He is also co-author of VCDX Boot Camp. He regularly presents at conferences such as VMworld, VMworld Europe, Partner Exchange, USENIX LISA, USENIX HotCloud, and vForum. Find him on Twitter at @blin23.   Christopher Knowles—Chris Knowles is a Staff Architect within the Global Center of Excellence (CoE) at VMware, where he works on hybrid cloud and Software Defined Datacenter architecture and integration. Within the CoE, Chris translates complex business requirements into real-world highly integrated infrastructure solutions. Chris leads the VMware LiVefire program, which enables VMware specialists and industry partners to deliver these advanced solutions in the field. When not balancing work and life with his wife, Erin, and two boys, Evan and Spencer, Chris is a regular speaker at VMworld and other industry events. Find him on Twitter at @sugeknowles.   Thomas Kraus—Thomas Kraus works as a Solution Architect in the VMware Networking and Security Business Unit (NSBU) at VMware, Inc., where he helps VMware’s largest customers rationalize, understand, and deploy network virtualization and Software Defined Datacenters. Thomas is primarily focused on the architecture, troubleshooting, and optimization of complex cloud environments, with a focus on automation and integration. In addition to being a VCDX, his relevant certifications are RHCE and NetApp SVAP. Find him on Twitter at @tkrausjr.   David Hill—David Hill is an experienced entrepreneur, IT consultant, and architect who has worked in the IT industry for more than 16 years on projects across the public sector and financial institutions. David joined VMware in 2010 and is a Senior Solutions Architect in the Professional Services Engineering (PSE) team. There he develops cutting-edge technology best practices, design guidelines, and intellectual property for the company and partners. David holds VCP 3/4/5 and VCAP-DCD4 certifications. David is the author and owner of the cloud technical blog www.virtual-blog.com. Find him on Twitter at @davehill99.

1 Introduction 1

1.1 Overview . . . . . . 1

1.2 Using the vCAT Documentation Set . . . 2

  1.2.1 Recommended Reading Order . . . 5

1.3 Cloud Computing and VMware vCloud . . . 5

  1.3.1 VMware vCloud Requirements. . . 6

  1.3.2 VMware Alignment to Standards . . . 6

  1.3.3 vCloud Definitions . . . . 7

  1.3.4 Solution Area to Technology Mapping . . 8

1.4 Journey to a Mature vCloud Implementation . . 11

  1.4.1 Stage 1: Standardize . . . . 12

  1.4.2 Stage 2: Service Broker . . . . 13

  1.4.3 Stage 3: Strategic Differentiator . . . 14

2 Service Definitions 15

2.1 Introduction . . . . . 15

  2.1.1 Audience . . . . . 16

  2.1.2 Deployment Model . . . . 16

  2.1.3 Service Model . . . . . 17

  2.1.4 Technology Mapping . . . . 18

  2.1.5 Service Characteristics . . . . 18

  2.1.6 Service Development Approach . . . 20

  2.1.7 Concepts and Terminology . . . 21

2.2 Service Definition Considerations . . . 22

  2.2.1 Service Objectives . . . . 22

  2.2.2 Use Cases . . . . . 23

  2.2.3 User Roles . . . . . 25

  2.2.4 Metering and Service Reporting . . . 26

  2.2.5 Security and Compliance . . . . 26

  2.2.6 Capacity Distribution and Allocation Models . . 29

  2.2.7 Applications Catalog . . . . 30

  2.2.8 Interoperability . . . . 31

  2.2.9 Service-Level Agreement . . . . 31

2.3 Service Offering Examples . . . . 32

  2.3.1 Service Offering—Basic . . . . 34

  2.3.2 Service Offering—Committed . . . 37

  2.3.3 Service Offering—Dedicated . . . 40

3 Architecting a VMware vCloud 45

3.1 Overview . . . . . . 45

  3.1.1 Audience . . . . . 46

  3.1.2 Scope . . . . . 46

  3.1.3 Chapter Topics . . . . 46

3.2 vCloud Architecture . . . . . 47

  3.2.1 Technology Mapping . . . . 47

  3.2.2 vCloud Suite Components . . . 48

  3.2.3 vCloud Infrastructure Logical Design . . . 50

3.3 vCloud Management Architecture . . . 52

  3.3.1 Management Cluster. . . . 53

  3.3.2 Compute Layer . . . . 55

  3.3.3 Network Layer . . . . . 56

  3.3.4 Storage Layer . . . . . 56

  3.3.5 vCenter Linked Mode . . . . 57

  3.3.6 Cell Load Balancing . . . . 57

  3.3.7 vCenter Operations Manager . . . 58

3.4 Resource Group Architecture . . . . 58

  3.4.1 Compute Resources . . . . 59

  3.4.2 Network Resources. . . . 60

  3.4.3 Storage Resources . . . . 63

  3.4.4 vCloud Resource Sizing . . . . 69

3.5 vCloud Resource Design . . . . 72

  3.5.1 vCloud Director Constructs . . . 72

  3.5.2 Organizations. . . . . 74

  3.5.3 Provider Virtual Datacenter . . . 76

  3.5.4 Organization Virtual Datacenters . . . 78

  3.5.5 vCloud Networking . . . . 87

  3.5.6 Networking—Public vCloud Example . . 102

  3.5.7 Networking—Private vCloud Example . . 104

  3.5.8 vApp . . . . . 106

  3.5.9 Snapshots . . . . . 108

  3.5.10 Storage Independent of Virtual Machines . . 111

  3.5.11 vApp Load Balancing . . . . 113

3.6 vCloud Metering . . . . . 117

  3.6.1 vCenter Chargeback Manager . . . 117

  3.6.2 Maximums . . . . . 120

  3.6.3 Cost Calculation. . . . 120

    3.7 Orchestration and Extension . . . . 122

  3.7.1 vCloud API . . . . . 122

  3.7.2 Cloud Provisioning with vFabric Application Director . 123

  3.7.3 vCloud Messages . . . . 127

  3.7.4 vCenter Orchestrator . . . . 128

  3.7.5 vCenter Orchestrator Examples . . . 135

3.8 Multisite Considerations . . . . 137

  3.8.1 Multisite Availability Considerations . . 139

  3.8.2 Distributed Cloud Deployments Use Cases . . 139

  3.8.3 Multisite Terminology . . . . 141

  3.8.4 Deployment Options . . . . 142

  3.8.5 Supportability Considerations for Single-Site Deployments . . . . . 145

  3.8.6 Multisite Supportability Considerations . . 146

3.9 Hybrid vCloud Considerations . . . . 147

  3.9.1 vCloud Connector . . . . 148

3.10 References . . . . . 154

4 Operating a VMware vCloud 157

4.1 Overview . . . . . . 157

  4.1.1 Audience . . . . . 158

  4.1.2 Scope . . . . . 158

4.2 Cloud Computing . . . . . 158

  4.2.1 vCloud Operations Framework . . . 159

4.3 Process Maturity for vCloud Operations . . . 161

  4.3.1 Traditional versus Maturity Models Specific to VMware . 161

  4.3.2 Process Maturity Scale Specific to VMware . . 162

  4.3.3 Evolution of vCloud Operations . . . 163

4.4 Changing Role of Information Technology Organizations . 166

  4.4.1 IT and Business Relationship . . . 166

  4.4.2 Rethink IT . . . . . 167

4.5 Organizing for vCloud Operations . . . 167

  4.5.1 Organizational Overview . . . . 167

  4.5.2 vCloud Infrastructure Operations . . . 169

  4.5.3 vCloud Tenant Operations . . . 175

  4.5.4 Evolution of Organizational Structure for vCloud . 180

4.6 vCloud Business and Consumer Control . . . 182

  4.6.1 Introduction to IT Business Management . . 182

4.7 vCloud Service Control . . . . 185

  4.7.1 vCloud Service Governance and Lifecycle Management . 185

  4.7.2 vCloud Service Design and Development Management . 195

    4.8 vCloud Operations Control . . . . 200

  4.8.1 Provisioning Management . . . 200

  4.8.2 Capacity Management . . . . 204

  4.8.3 Performance Management . . . 209

  4.8.4 Event, Incident, and Problem Management . . 217

  4.8.5 Configuration and Compliance Management . . 223

  4.8.6 Orchestration Management . . . 228

  4.8.7 Availability Management . . . 231

  4.8.8 Continuity Management . . . . 232

  4.8.9 Access and Security Management . . . 236

    4.9 vCloud Infrastructure Control . . . . 239

  4.9.1 Monitoring . . . . . 240

5 Consuming a VMware vCloud 243

5.1 Overview . . . . . . 243

  5.1.1 Audience . . . . . 244

  5.1.2 Scope . . . . . 244

5.2 vCloud Consumption Approach . . . . 244

  5.2.1 vCloud Consumer Resources . . . 244

  5.2.2 vCloud Consumer Resource Capacity . . 246

5.3 Choosing a vCloud Consumption Model . . . 247

  5.3.1 Consuming vCloud Services . . . 247

  5.3.2 vCloud Director Allocation Models . . . 247

5.4 Organization Catalogs . . . . 249

  5.4.1 Understanding Catalogs . . . . 250

  5.4.2 Populating a Catalog . . . . 252

  5.4.3 Working with Catalogs . . . . 255

5.5 Creating and Managing vApps . . . . 259

  5.5.1 Migrating Workloads to a vCloud . . . 259

  5.5.2 Using vCloud Workloads . . . 264

  5.5.3 Directory Services in vCloud . . . 273

  5.5.4 vApp Deployment Readiness . . . 276

  5.5.5 Updating vApps . . . . 293

  5.5.6 Establishing Service Levels . . . 297

5.6 Consuming vCloud with the API . . . 299

  5.6.1 Characteristics of the API . . . 299

  5.6.2 API Functions. . . . . 300

  5.6.3 What’s New in the vCloud 5.1 API . . . 300

  5.6.4 vCloud SDK . . . . . 301

5.7 Consuming vCloud with vFabric Application Director . . 301

5.8 References . . . . . 303

6 Implementation Examples 305

6.1 Overview . . . . . . 305

  6.1.1 Implementation Examples Structure . . . 305

  6.1.2 vCloud Suite Components . . . 306

6.2 vCloud Cell Design Examples . . . . 308

  6.2.1 Load-Balanced Cell Configuration . . . 308

  6.2.2 Secure Certificates . . . . 314

6.3 Organization Virtual Datacenter Examples . . . 324

     6.3.1 Pay As You Go Allocation Model . . . 325

  6.3.2 Reservation Pool Model. . . . 328

  6.3.3 Allocation Pool Model . . . . 331

  6.3.4 Service Provider Performance Offerings . . 334

6.4 Networking Examples . . . . 338

  6.4.1 vApp Load Balancing with vCloud Networking and Security Edge. . . . . 338

  6.4.2 Static Routing . . . . 345

  6.4.3 vCloud Networking and Security Edge Gateway Setup . 350

  6.4.4 Public vCloud External Network . . . 361

  6.4.5 VXLAN Implementation . . . . 364

  6.4.6 VXLAN ORG Network for Disaster Recovery . . 371

  6.4.7 VCDNI-Backed Organization Network . . 388

  6.4.8 VLAN ORG Network . . . . 393

6.5 Storage Design Examples . . . . 397

  6.5.1 vApp Snapshot . . . . 397

  6.5.2 Storage DRS with vCloud Director . . . 402

6.6 Catalog Design Example . . . . 410

  6.6.1 vCloud Public Catalog . . . . 410

6.7 vCloud Security Examples . . . . 416

  6.7.1 Single Sign-On (SSO)—Provider . . . 416

  6.7.2 Single Sign-On (SSO): Consumer . . . 423

  6.7.3 Implementing Signed Certificates from a Certificate Authority . . . . . 433

6.8 vCloud Integration Examples . . . . 434

  6.8.1 vCenter Operations Manager . . . 434

  6.8.2 AMQP Messages . . . . 464

  6.8.3 AMQP Blocking Tasks . . . . 469

7 Workflow Examples 479

7.1 Overview . . . . . . 479

  7.1.1 Audience . . . . . 479

  7.1.2 Scope . . . . . 480

  7.1.3 Launching Workflows . . . . 480

7.2 Triggering Workflows with vCloud Notifications . . 482

  7.2.1 Prerequisites . . . . . 483

  7.2.2 Workflow Folders . . . . 483

  7.2.3 Workflow: Create a vCloud Director Notification Subscription . . . . . 483

  7.2.4 Workflow: Create a vCloud Director Notification Policy. 487

  7.2.5 Process Notifications and Trigger Workflows . . 488

  7.2.6 Triggered Workflow Examples . . . 490

7.3 Automated Import of Virtual Machines to vCloud Director . 494

     7.3.1 Prerequisites . . . . . 494

  7.3.2 Usage . . . . . 495

  7.3.3 Workflow Folders . . . . 495

  7.3.4 Choose Virtual Machines to Import . . . 495

  7.3.5 Workflow: Import VMs to VDC . . . 497

  7.3.6 Workflow: Import a VM with Remapping Networks . 499

  7.3.7 Create vCloud Director Networks Workflows . . 502

  7.3.8 Workflow: Create External Networks and Organization VDC Networks from VMs List . . . . 503

  7.3.9 Workflow: Add External Network and Org VDC Network . 505

7.4 vCloud vApp Provisioning . . . . 506

  7.4.1 Prerequisites . . . . . 507

  7.4.2 Usage . . . . . 508

  7.4.3 Workflow Folders . . . . 508

  7.4.4 Workflow Inputs and Outputs . . . 508

  7.4.5 Workflow Overview . . . . 509

7.5 Additional Resources . . . . . 513

8 Software Tools 515

8.1 Overview . . . . . . 515

  8.1.1 Audience . . . . . 515

  8.1.2 Scope . . . . . 516

8.2 VMware vCloud Director Server Resource Kit . . 516

  8.2.1 vCloud Director Audit . . . . 516

  8.2.2 vCloud Provisioner . . . . 519

  8.2.3 CloudCleaner . . . . . 522

8.3 Services Automation Tools . . . . 534

  8.3.1 Assessments and Capacity Planner . . . 534

  8.3.2 VMware vSphere Health Check Service and HealthAnalyzer Tool . . . . 538

8.3.3 VMware vCloud Migration Service and Migration Manager Tool . . . . . 540

9 Cloud Bursting 547

9.1 Overview . . . . . . 547

  9.1.1 The Autoscaling Process . . . . 547

  9.1.2 Open-Loop and Closed-Loop Implementation Models . 548

9.2 Sensing (Monitoring) the Service State . . . 551

  9.2.1 Monitoring Approaches . . . . 551

9.3 Orchestration (Infrastructure Scaling) . . . 556

  9.3.1 Scaling Localization . . . . 556

  9.3.2 Scaling Orchestration . . . . 561

Appendix A Availability Considerations 565

Appendix B Security 573

Appendix C vCloud Suite Disaster Recovery 595

Appendix D vCloud Director Upgrade Considerations 601

Appendix E vCloud Director Cell Monitoring 611

Appendix F Compliance Considerations 619

Appendix G Capacity Planning 629

Appendix H Capacity Management 637

Appendix I Integrating with Existing Enterprise System Management 647

Appendix J Business Continuity 655

Appendix K Upgrade Checklists 661

Appendix L Custom Workflow Development Guidelines 665

9780321912022, TOC, 7/11/2013