© 2014 VMware Inc. All rights reserved.

VMUG - vCloud Air Deep Dive

2

Agenda

1 Overview of vCloud Air

2 Advanced Networking Capabilities

3 Use Cases

4 Overview of Disaster Recovery Service

5 Questions

VMware vCloud AirTechnical Overview

VMware vCloud® Air™ is a secure public cloud operated by VMware, built on the

trusted foundation of vSphere.

The service supports both existing workloads as well as new application development,

giving IT a common platform to seamlessly extend their data center to the cloud

leveraging the same tools and processes they use today.

vCloud Air Offerings

vCloud Air Core Services

Service ClassConsumption

Model

Shared or

Dedicated

Environment

Infrastructure Subscription Dedicated

Infrastructure Subscription Multi-Tenant

Infrastructure Pay-as-you-Go Multi-Tenant

Recovery Subscription Multi-Tenant

vCloud Air Subscription Services

Logically Isolated

Guaranteed Resource

Allocation

6

Virtual Private Cloud

Physically Isolated

Your Own Private Cloud

Instance

Dedicated Cloud

Base Resources:

20GB vRAM

10GHz vCPU

Starts at:

2 TB

10 Mbps allocated

50 Mbps burstable

2 Public IPs

Base Resources:

120GB vRAM

30GHz vCPU

Starts at:

6 TB

50 Mbps allocated

1 Gbps burstable

3 Public IPs

Logically Isolated

Business Continuity

Solution

Disaster Recovery

Base Resources:

20GB vRAM

10GHz vCPU

Starts at:

1 TB

10 Mbps allocated

50 Mbps burstable

2 Public IPs

6

Term Lengths:

1m, 3m, 12m, 24m, 36m subscriptions

Virtual Private Cloud: Subscription vs. OnDemand

Subscription OnDemand

Shared Compute Resources Shared Compute Resources

Fixed Size (Subscription) Shrink and Extend OnDemand

vCloud Air Locations

8

vCloud Government Service

vCloud Air

Europe UK

Europe Germany

US Gov Arizona

US Northern California

US Nevada

US Texas

US New Jersey

US Virginia

US Gov VirginiaJapan West

Australia

Challenges of Realizing a True Hybrid Cloud

9

Diverse set of platforms and incompatibility, raise costs and complexity

CUSTOM

HOSTINGMANAGED

SERVICE

CO-LOCATION

SERVICE

CUSTOMER’S

DATA CENTER

IaaS

Data Center Options Public Cloud Service

Diverse set of standards Incompatible platform

Inelastic consumption

Heterogeneous tools

Complex networking

No authentication

No common governance

No common security model

True Hybrid Cloud

10

Leverage the economics of IaaS. Run your data center like an IaaS.

Data Center Options

Elastic Consumption Model

Common Management

Seamless Networking

Common Authentication

Common Governance, Billing

Common Security Model

Public Cloud Service

Common Platform

CUSTOM

HOSTING

MANAGED

SERVICE

CO-LOCATION

SERVICE

CUSTOMER’S

DATA CENTER

vAPP vAPP

Run Any OS, Any App, Any Platform

• Run legacy existing apps and net-new apps on-

premises and in the cloud

• Run industry-specific software supported on

vSphere

Benefits

• Runs the largest number of guest operating

systems:• Multiple generations of Windows/Linux

• Both 32- and 64-bit

• Workload agnostic approach with broad range of

ISV support

Overview

COMPUTE

Hybrid Connectivity into vCloud Air

• Multiple options for securely accessing vCloud Air

from your on-premises data center

• No added cost for high bandwidth VPN endpoint

• Integrate with large set of Network Service

Providers for high bandwidth private connections

Benefits

• Over the Internet:

• HTTPS or IPsec VPN

• Over Direct Connect:

• Private Line or Cross Connect

Overview

vCLOUD AIR

WWW

Direct Connect

ON-PREMISES

HTTPS / IPsec VPN

Network Virtualization in vCloud Air

• Mirror on-premises networking policies and avoid

reconfiguring applications

• All software-defined for rapid changing app &

security needs

• Safeguard security and support advanced policies

Benefits

• Available services include:

• Firewall, NAT routing, DHCP, load balancer

• Create routed and isolated networks, static routes

• Designed with Active/Standby High Availability

OverviewWWW

vCLOUD AIR

DMZ

Test/Dev Network

EDGE GATEWAY

Isolated Network

Virtual

Appliance

Simple Migration of vSphere Workloads into the Cloud

CustomerData Center

• Flexibility to move apps on- or off-premises as

desired; no location lock-in

• No reformatting of virtual machines required

• Manage all environments through a unified view

Benefits

• OVF Import using built-in Java applet

• vCloud Connector for transferring workloads and

catalog synchronization

• Offline Data Transfer with vCloud Connector for

large data transfers

OverviewOVF

vCloud Connector: Migration of Workloads Across Hybrid Clouds

vSphere Client

OFF-PREMISESON-PREMISES

Control Plane

Private

vCloud

vSphere

vCC UI Plugin

vCloud Air

vCloud Air

Network

Content

LibraryvCC Server

Node

Node

Node

Node

Client

Data Plane

vCloud Air vSphere Client Plug-in:Single Pane of Glass Management Across Hybrid Clouds

• Manage hybrid cloud from a “single pane of

glass”

• Maximize your existing investments and

processes

• Leverage existing skillsets and retain the same

teams and to manage both on-prem and off-prem

Benefits

• Free plug-in for vSphere Web Client

• View and administer vCloud Air services

• Manage inventory of virtual data centers,

gateways and networks

• Create and manage virtual machines

Overview

HYBRID MANAGEMENT

Cloud Automation for Multi-Cloud Infrastructure

vRealize Automation

Self - Service

Linux WindowsCloud Providers

PHYSICAL VIRTUAL CLOUD

IaaS PaaS DaaS XaaS

Policy-Based Governance with Automated Delivery

vSphereOther

HypervisorVCLOUD AIR

HYBRID MANAGEMENT

Advanced Networking Capabilities

Current Edge Gateway Capabilities in vCloud Air

vCloud Air

NSX EDGE GATEWAY

(vCloud Air Network)(vCloud Air Network)

• Stateful Inspection Firewall

• Network Address Translations (NAT)

• DHCP

• Site to Site VPN (IPSec)

• Static Routing

• Load Balancer L4/L7

• 9 Interfaces

NETWORKING

New NSX Edge Gateway Capabilities in vCloud Air

vCloud Air

NSX EDGE GATEWAY

(vCloud Air Network)(vCloud Air Network)

• Stateful Inspection Firewall

• Network Address Translations (NAT)

• DHCP

• Site to Site VPN (IPSec)

• Static Routing

• Dynamic Routing OSPF, BGP

• Load Balancer L4/L7

• SSL Certificate Offloading

• SSL VPN (Client to Server)

• 200 Sub-Interfaces

• Distributed Firewall

NETWORKING

Direct Connect – Private Line

NSP Termination Point

Existing NSP Connections

vCloud Air Connection Point

“Meet Me Room” (MMR)“Main Distribution Frame” (MDF)

Customer A

Customer C

Customer B

Layer 2 VLAN

Untagged Layer 2

connection

(1G, 10G)

NETWORKING

Direct Connect – Cross Connect

NSP Termination Point

Customer A

Customer B

Layer 2 VLAN

vCloud Air Connection Point

Customer Rack

Untagged Layer 2

connection

(1G, 10G)

Customer C

NETWORKING

Reasons to Deploy Direct ConnectGOOD FOR:

• Hybrid applications that require large amounts of data transfer like Big Data

and/or Oracle/SAP apps

• Video and voice applications that are sensitive to variable latency

• Applications where data in transit must be secure to meet either compliance

or regulatory standards

• Multimedia or gaming applications that require GPU processing

• Applications that require special networking hardware like IDS/IPS, load

balancers

• Applications that require encryption at rest or other unique storage features

High Throughput

Low Latency

Security

Custom Compute

Custom Network

Custom Storage

Reason:

Default Router

Data Center Extension using NSX

Internet Internet

VLAN 11VLAN 10

vNIC

Trunk VLAN 10-11

UplinkNSX Edge Gateway

(192.168.5.0/24) (10.10.10.0/24)

(10.10.10.0/24)(192.168.5.0/24)

vCloud Air

Client

vCLOUD AIRON-PREMISES VLAN BACKED NETWORK

NETWORKING

Use Cases & Case Studies

Five Starting Points

27

Development

Operations

Improve app dev

productivity and

quality

Extend Existing

Applications

100% compatible,

same security,

high availability

Web and

Mobile Apps

Accelerate web

and mobile app

development

Disaster

Recovery

Simple, low cost

failover and

recovery

vCloud Air

Development /

Testing

100% compatible,

lower cost, broad

OS support

ON-PREMISES

SHAREPOINT DB

ACTIVE DIRECTORY

Corp Network

IPSEC VPN

vCLOUD AIR

Private Local

Active Directory

SharePoint Web

EDGE GATEWAY

VPN ENDPOINT

INTERNET

Example: Distributed Hybrid SharePoint Application

SharePoint App

SHAREPOINT DB

NETWORKING

ON-PREMISES

VIRTUALMACHINE

VIRTUALMACHINE

VIRTUALMACHINE

Private Network

(192.168.110.0/24)

IGW IDS IPS

Existing Security Policies & Appliances

DIRECT CONNECT (1 Gbps)

vCLOUD AIR

10.1.1.x/2410.1.1.x/24

DMZ Network

(192.168.52.0/24)

Private Network

(192.168.50.0/24)

EDGE GATEWAYEDGE GATEWAY

INTERNET

Firewall

Example: Routed Hybrid Security with Direct Connect NETWORKING

Example: Mobile Back End leveraging Direct Connect

Customer Data Center vCloud Air

Direct Connect

Internet

Example: Global load Balancing with 3rd Party

31

Virtual Private Cloud (West) Virtual Private Cloud (East)

Pool Servers

192.168.205.11

192.168.205.12

192.168.205.13

EDGE GATEWAY

Pool Servers

192.168.109.11

192.168.109.12

192.168.109.13

EDGE GATEWAY

Internet

Traffic Director

Dedicated IaaS vDC LV

Example: TM Lab Global Site Based Logical Architecture

On Premises in WDC

corp.vmtm.org

Cloud to Cloud VPN

Cloud to Cloud VPN

Clo

ud t

o C

loud V

PN

DaaS Secure Tunnel

IPSec VPN

IPSec VPN

IPSec VPN

vCloud Air-DR

Replication

Cloud to Cloud VPN

Dedicated DaaS vDC LV

vmtm.orgDedicated

CloudLas Vegas

DedicatedCloudDaaS

Virtual PrivateCloud

Las Vegas vDCDaaS Provider

Disaster RecoveryCloudTexas

Virtual Private CloudSterling

Disaster Recovery Use Case

vCloud Air Disaster Recovery

1Dependent on available bandwidth

• Warm standby capacity on vCloud Air

• Self-service protection, failover and failback workflows per VM

• 15 min1 – 24 hr. recovery point objective (RPO)

• Initial data seeding by shipping a disk

• Includes:

• 7-day run time per DR test

• 30 days of recovered VM run time

Simple and secure asynchronous replication and failover for vSphere

What is it?

34

SITE A(PRIMARY)

vCLOUD AIR , SITE B(RECOVERY)

DR Instance

Disaster Recovery Add-On Options

Standard Storage, Support, Bandwidth

Compute (subscription)

Compute (one time)

IP Address

Offline Data Transfer

Direct Connect

Example: Disaster Recovery to the Cloud

IPSEC VPN

EDGE GATEWAY

VPC OnDemand(Virgina)

vCloud Air Disaster Recovery(Virgina)

Test Network

Corp/Recovery

Network

EDGE GATEWAY

On-Premises Data Center(San Francisco)

PROTECTED WORKLOADS

Domain Network

IPSEC VPN Endpoint

AD DNS

AD DNS

Domain Network

IPSEC VPN

Corp Network

REPLICATION

vCloud Air

Q&A

THANK YOU!

CONFIDENTIAL38

Next Steps and Resources

Learn more about vCloud Air

http://vcloud.vmware.com

http://vcloud.vmware.com/Tutorials

Experience vCloud Air Hands-On

http://www.vmware.com/go/testdrive

Keep up with the Latest Activity

http://blogs.vmware.com/vcloud

vCloud Air Customer Stories

http://vcloud.vmware.com/uses/our_customers