vMATechCon
2019 #vmatechcon2019
vRealize Automation CloudNetworking met NSX-T
Stefan Verhoef & Viktor van den Berg
vMATechCon
2019 #vmatechcon2019
Stefan VerhoefStefan VerhoefSDDC Consultant @ PQRVCIX-CMA, VCP-NV, VCP-DCV
vMATechCon
2019 #vmatechcon2019
Viktor van den BergViktor van den BergSolutions Engineer @ VMware NLVCDX-DCV, VCIX-CMA, VCIX-NV
@[email protected]://www.viktorious.nl
vMATechCon
2019 #vmatechcon2019
Agenda
• vRealize Automation Cloud• NSX-T• Architectuur• Scenario’s – demo!
• Existing• App Secure• Routed• Routed w/ Micro Segmentation• Load Balancer
vMATechCon
2019 #vmatechcon2019
vRealize Automation Cloud
vMATechCon
2019 #vmatechcon2019
vRealize Automation Cloud
Cloud management platform
Infrastructure as CodeEnable DevOps
Multi-cloud
</>
ExtensiblePolicy-based governance
Modern architecture Easy install
Quick time-to-value
Public CloudData CenterEdge Managed Data Center
vMATechCon
2019 #vmatechcon2019
Cloud AssemblyTM
VMwareCode StreamTM
VMwareService BrokerTM
VMware
Lease
Resource
Cost
Power schedule Approval
Naming
Tagging
Notification
Catalog Items
START
STOP
SCALE OUT
Cloud Assembly
Azure ARM*AWS CFT K8s*
+GOVERNANCE POLICIES
DEV PRODSTAGE
DEPLOY DEPLOYDEPLOY
TASK … TASK … TASK …
VMware Marketplace
Brownfield Greenfield
DIY
vRO* Pivotal*
* Indicate Templates and Services that are Coming Soon
vRealize Automation Cloud
vMATechCon
2019 #vmatechcon2019
On-premises of cloud
ON-PREM SAAS
CHOICE
SaaS Milestones
On-Premise Releases vRA 7.6 vRA 8.0
2019H1 H2
APR 2019 JULY 2019 JULY 2020
H22020
OCT 2019 JAN 2020 APR 2020
H1
vRA 8.x vRA 8….
MIGRATION FROM vRA 7.5, 7.6
MIGRATION FROM vRA 7.5, 7.6
OCT 2020
MIGRATION ASSESSMENT SERVICE
vMATechCon
2019 #vmatechcon2019
Kubernetes-based virtual appliance
…PODS
K8s CLUSTER
…K8s Nodes (VMs)
v R e a l i z e A u t o m a t i o n 8
Virtual appliances common to all vRealize products
VMware vRealize Suite Lifecycle Manager
VMware Identity Manager
INGRESS CONTROLLER
vMATechCon
2019 #vmatechcon2019
“Out of the box” catalogus
Windows Server 2016
MICROSOFT
Windows Server 2016 Datacenter Edition
VMDK
Redhat Enterprise Linux 7IBM
Redhat Enterprise Linux 7
VMDK
Ubuntu Bionic Linux
CANONICAL
Ubuntu Bionic Linux (18.04 LTS)
VMDK
SUSE Linux Enterprise Server 15
SUSE
SUSE Linux Enterprise Server 15
VMDK
REQUEST REQUESTREQUESTREQUEST
NSX Network
VMWARE
Create a network in SDDC
CLOUD ASSEMBLY
NSX Load balancer
VMWARE
Redhat Enterprise Linux 7
CLOUD ASSEMBLY
NSX Security group
VMWARE
Ubuntu Bionic Linux (18.04 LTS)
CLOUD ASSEMBLY
Serverless app model
AWS
SUSE Linux Enterprise Server 15
AWS CFT
REQUEST REQUESTREQUESTREQUEST
Cloud Assembly Blueprints
NSX Networking, Security Admin constructs
AWS CloudFormation templates
vRO workflows (XaaS)
ABX Actions (XaaS)
vMATechCon
2019 #vmatechcon2019
vRA - Organization & Projects
VCPP / VMC
PUBLIC CLOUD
SDDC (VCF)
EDGE
Project Admin
Project Users
PROJECTS
ORGANIZATION
Cloud Admin
Content sharing
Namingpolicy
Lease policy
Taggingpolicy
POLICIES & GOVERNANCE
CONTENT
Blueprints Images Configuration
PROVISIONED RESOURCES
CLOUD ZONES & PROFILES
D E P L O Y M E N T S
Datacenter / Cluster
Region / AZ Cloud region
GOVERN
ACCESS
Approval policy
Resourcepolicy
*
Cloud zones are dynamically determined. Infra profiles provide abstraction
Deployments are associated with projects
Deployment enable lifecycle & day 2 actions
Blueprints are in the context of a project
MANAGE
BUILD
* Roadmap
Entitlement
vMATechCon
2019 #vmatechcon2019
Tenant
PRJ1 PRJ2
2. SET UP PROJECTS
1. SET UP CLOUD ACCOUNTS, ZONES & PROFILES
Private Cloud (VCF)
Public cloud
VMware partners (VMC)
Versioned Blueprints
Blueprints & images from VMware Marketplace
4. START WITH A BLUEPRINT FROM MARKETPLACE
5. BUILD YOUR BLUEPRINT USING RICH LIBRARY OF SERVICES
3. IMPORT EXISTING AWS/AZURE/VSPHERE WORKLOADS
7. ITERATE
6. DEPLOY BLUEPRINTS WITH POLICIES & AUTOMATIC MONITORING
Cloud Assembly
vMATechCon
2019 #vmatechcon2019
Architectuur Overview
vRealize Automation Cloud | Cloud Assembly | Service Broker | Code Stream
vSphere NSX-T Ansible
Cloud Proxy
vRO
GitHub
on-premises
public cloud
vMATechCon
2019 #vmatechcon2019
Introductie NSX-T
vMATechCon
2019 #vmatechcon2019
Your Network is Everywhere, In Software, for the AppEDGE
CLOUD
DATA CENTER
ENTERPRISE INNOVATION IS DEMANDING AN INCLUSIVE APPROACH TO NETWORKING, SECURITY, AUTOMATION
SaaS
PaaS IaaS
vMATechCon
2019 #vmatechcon2019
NSX Key Highlights
Virtual Cloud Network
Vis
ion
SecurityMicro-segmentation
Multi-cloud NetworkingConsistent Policy, Disaster Recovery,
Workload Mobility
AutomationIT Automation, Cloud-native
Automation, Streamline Operations
Cloud-nativeContainer Networking, Micro-seg’ for Microservices, End-to-End Visibility
WAN and BranchBranch Transformation, WAN
Management, Optimize Cloud Access
Solu
tion
NSX SD-WANNSX Data Center NSX Cloud NSX Hybrid Connect
VMware AppDefense
Pro
duc
t
vMATechCon
2019 #vmatechcon2019
NSX-T Datacenter Components
Data Plane
ESXi hostN-VDS
KVM hostN-VDS
NSX EdgeBare MetalServer
NSX
LinuxVMNSX
WindowsVMNSX
NSXCloudGW NAT
Private Cloud
Public CloudVMware Cloud on AWS
Management / Control Plane
VMs Containers
NSX Manager Cluster
GUI/REST/CMP
Cloud Service Manager
NSX Container Plugin
vCenter(s)
vMATechCon
2019 #vmatechcon2019
Types of data plane components, referred to as transport nodes, include:• Hypervisor transport nodes:
- Act as forwarding plane for VM traffic- Provide support for ESXi and KVM
hypervisors
• Bare metal transport nodes: Include Linux-based workloads running on bare metal servers without an hypervisor
• NSX Edge cluster:- Contains edge transport nodes (VM or bare metal)- Provides stateful and gateway services
Transport node versus Edge transport node
vMATechCon
2019 #vmatechcon2019
N-VDSEvery Transport Node includes:
• Local Control Plane (LCP) agent• Management Plane Agent (MPA)
Local NSX Virtual Distributed Switch (N-VDS), component for data plane forwarding
• Switching, Routing, Distributed Firewall• Overlay encapsulation/decapsulation
N-VDS is based on:• ESXi vSwitch for ESXi• Open vSwitch (OVS) for KVM
ESXi host can be added as Standalone Host or vCenter Server managed.
Add KVM hosts as standalone host only.
NSX Controller Cluster
ESXi TN
Transport Nodes
NSX Manager Cluster
LCPMPA
N-VDS
ESXi vSwitch
KVM TN
LCPMPA
N-VDSOpen vSwitch
NSX Agent
vMATechCon
2019 #vmatechcon2019
NSX Multi Tier Routing
• Tenant Isolation• Separate control for Infra and Tenant
admin• Eliminates dependency on physical
infrastructure when a new tenant is provisioned
• Role- Connects to physical infra• Manual Management
Tier-0 Logical Router
Benefit
Tier-0Logical Router
Physical Router
Tier-1Logical Router
Tier-1Logical Router
Tier-1 Logical Router• Role- Per tenant first hop router• Cloud Management Platform (CMP) driven
ManagementRouterLink
(100.64.0.0/31)
Uplink
Downlink
Tenant-1 Tenant-2
vMATechCon
2019 #vmatechcon2019
Architectuur vRAC/NSX-T
vMATechCon
2019 #vmatechcon2019
Architectuur Overview
vRealize Automation Cloud | Cloud Assembly | Service Broker | Code Stream
vSphere NSX-T Ansible
Cloud Proxy
GitHub
on-premises
public cloud
vMATechCon
2019 #vmatechcon2019
Provide resources
Cloud Account
Storage
Compute
Cloud Account
vSphere
Machines
VolumesNSX-T
Networks
vMATechCon
2019 #vmatechcon2019
Tags versus Constraints
• Tags are written back to provisioned resources whenthey are created in the cloud infrastructure and containkey/value pairs. These commonly include:• Technical Tags (Name, App ID, App Role, Cluster,
Env, Version)• Business Tags (Owner, Cost Center, BU, Customer,
Project)• Security (confidentiality, Compliance)
• Constraint tags identify how placement should beselected for provisioning.
These commonly include:• Env (Prod, Test, Dev),• Storage (Gold, Silver, Bronze, PCI, SSD),• Network type (dmz, dhcp, internal, public)
vMATechCon
2019 #vmatechcon2019
Cloud Zones
vMATechCon
2019 #vmatechcon2019
ProjectsJoining point of users/groups toresource consumption:• Cloud Zones• Blueprints• Kubernetes (PKS)
Governance and User Access Construct
Project level costingvisibility
vMATechCon
2019 #vmatechcon2019
Create a project
Project
Users
Cloud Zone(instance limit)
Custom Properties
Custom Naming
Blueprint DeploymentDeployment
Deployment
vMATechCon
2019 #vmatechcon2019
vRealize Automation & NSX-T
De combinatie vRA en NSX-T biedt:• Consumptie van NSX-T (L2) segmenten;• Deployment van routed netwerken;• Deployment van NAT netwerken;• Deployment van Load Balancers;• Integratie met NSX-T security groups;• Deployment van security groups.
vMATechCon
2019 #vmatechcon2019
Network Profile & Cloud.NSX.Network
Property Type
name string
constraints array
constraints.tag string
description string
networkCidr string
networkType string
id string
domain string
gateway string
dns array
netmask string
dnsSearchDomains string
ExistingPublicPrivateOutboundRouted
vMATechCon
2019 #vmatechcon2019
Cloud.NSX.LoadBalancerProperty Type
name string
routes array
routes.port array
routes.protocol string
routes.instancePort string
routes.instanceProtocol string
routes.healthCheckConfiguration object
routes.healthCheckConfiguration.port string
routes.healthCheckConfiguration.urlPath string
routes.healthCheckConfiguration.protocol string
routes.healthCheckConfiguration.timeoutSeconds integer
routes.healthCheckConfiguration.intervalSeconds integer
routes.healthCheckConfiguration.healthyThreshold integer
routes.healthCheckConfiguration.unhealthyThreshold integer
network string
instances array
internetFacing boolean
id string
vMATechCon
2019 #vmatechcon2019
Network Architecture
192.168.178.0/24.1
LAN
Internet
TIER0-01
172.16.210.0/24
.2
BGP AS 65010
.1 BGP AS 65000
EdgeRouter
vMATechCon
2019 #vmatechcon2019
Existing Network
192.168.178.0/24.1
LAN
Internet
Existing01
DHCP
192.168.210.0/24
TIER0-01
172.16.210.0/24
.2
BGP AS 65010
.1 BGP AS 65000
EdgeRouter
vMATechCon
2019 #vmatechcon2019
Existing Network
vMATechCon
2019 #vmatechcon2019
Existing Network “App Secure”
vMATechCon
2019 #vmatechcon2019
Existing Network “App Secure”
vMATechCon
2019 #vmatechcon2019
Routed Network
vMATechCon
2019 #vmatechcon2019
Routed Network
vMATechCon
2019 #vmatechcon2019
Routed Network w/ Micro Segmentation
192.168.178.0/24.1
LAN
Internet
TIER1-01
100.64.x.y/31 routerlink
.1
.0
routed01172.16.212.0/28
TIER0-01
172.16.210.0/24
.2
BGP AS 65010
.1 BGP AS 65000
EdgeRouter
vMATechCon
2019 #vmatechcon2019
Routed Network w/ Micro Segmentation
192.168.178.0/24.1
LAN
Internet
TIER1-01
100.64.x.y/31 routerlink
.1
.0
routed01172.16.212.0/28
TIER0-01
172.16.210.0/24
.2
BGP AS 65010
.1 BGP AS 65000
EdgeRouter
vMATechCon
2019 #vmatechcon2019
Routed Network w/ Micro Segmentation
192.168.178.0/24.1
LAN
Internet
TIER1-01
100.64.x.y/31 routerlink
.1
.0
routed01172.16.212.0/28
TIER0-01
172.16.210.0/24
.2
BGP AS 65010
.1 BGP AS 65000
EdgeRouter
vMATechCon
2019 #vmatechcon2019
Load Balancer
vMATechCon
2019 #vmatechcon2019
Load Balancer
vMATechCon
2019 #vmatechcon2019
Samenvattend
• vRealize Automation Cloud • NSX-T• Architectuur van vRAC / NSX-T• Demo time!
• https://github.com/viktoriousss/CloudAssembly
vMATechCon
2019 #vmatechcon201944
Experience day - vRealize Automation (Cloud)
• One day event, medio Nov/Dec
• VMware Utrecht
• 10-12 attendees per session
• Interested?• Contact Dimitri / Erik• [email protected] / [email protected]
vMATechCon
2019 #vmatechcon2019