Are you Ready for vCloud?

8/14/2013© 2010 Copyright Kelser Corporation – All Rights

Reserved1

8/14/2013© 2010 Copyright Kelser Corporation – All Rights

Reserved2

vSphere Hybrid Cloud Service(vCHS)

Matt KozloskiKelser Corporation

Agenda Overview of hybrid cloud Why VMware? Why Kelser? Technical Overview Demo Q&A

Hybrid CloudA common infrastructure that is made up of more

than one specific cloud.

PrivatePublic

Hybrid

Hybrid Cloud: Why Now?

Internet bandwidth is [finally] capable and affordable.

Source: www.akamai.com/stateoftheinternet

Hybrid Cloud: Why [not] Now?

Source: www.akamai.com/stateoftheinternet

Hybrid Cloud: Benefits Move to cloud at YOUR pace

NOT all-or-nothing

Maintain control over specific/proprietary data in your private cloud

Move less sensitive data/applications to the cloud

YOU control it and get the best of both worlds!

You can have logical (network/resource) isolation from your peers OR have physical isolation – your choice.

Hybrid Cloud: FUD Let’s wipe out some FUD:

◦ Fear: vCHS has an ISO/IEC 27001 certified information security management system.

◦ Uncertainty: You don’t have to move everything. Just move what you’re comfortable with. If you aren’t happy, move it back.

◦ Doubt: VMware’s vCHS runs on “the infrastructure you already know and trust”. Cloud is definitely here and here to stay.

vCHS Offerings Virtual Private Cloud

◦ Logically Isolated◦ Starts at:

20GB vRAM 5 GHz CPU 2TB Disk Internet Bandwidth: 10 Mbps allocated / 50 Mbps burst / 2 public IPs ~ $1,200 / month ** Monthly Term (3 / 12 month commitments)

Dedicated Cloud◦ Physically Isolated◦ Starts at:

120GB vRAM 30 GHz CPU 6TB Disk Internet Bandwidth: 50 Mbps allocated / 1Gbps burst / 3 public IPs ~ $12,000 / month ** Annual Term

** Figures are approximate / budgetary for discussion purposes only. Subscription pricing may vary depending on different options, term commitments, and final GA vCHS pricing **

Hybrid Cloud: Use-Case Examples

Move test/dev environments, to save cost and increase reliability. Good way to “test” the cloud.

Private

Public

Hybrid

Test / Dev


Create your own hosted Exchange environment, to keep the flexibility you like and improve availability. Or, extend your existing Exchange environment (2010+ DAG)!

PrivatePublic

Hybrid


Have your stateless web farm in the cloud and your databases on-premise

Private

Public

Hybrid


Give legacy systems a more permanent home

Private

Public

Hybrid

The “really old application that no one uses but we need to keep forever, just in

case”


Burst for temporary environments or times of the year.

Private

Public

Hybrid


Securely backup/replicate for business continuity

Private

Public

Hybrid


DCE = Data Center Extensiono “Stretch Deploy” VMs from existing vSphere networks to

the vCHS Cloud!o VPN with Layer 2 bridge capability

PrivatePublic

Hybrid

Why VMware? “Runs on the infrastructure you already know and

trust”

Applications function the same way they did, on your on-premise virtual farm

Manage your private cloud and public cloud from one console

One number for support, directly to the people who essentially invented virtualization, as we know it today.

Why Kelser? We understand:

◦ YOU◦ On-premise Cloud◦ Public Cloud◦ The “glue” or “plumbing” that connects this all

together

Kelser actively participated in the Early Access program, working closely with the vCHS technical

team to iron-out the exciting DCE offering, making it actually work “as advertised”.

Technical Overview

vCloud Hybrid Service

The Big Picture

vApps and VMs A vApp is a logical container around a pool of VMs

providing logical and network separation.

Every VM in vCHS is contained within a vApp

Each vApp can have a single VM or multiple VMs

Each vApp can have its own networking policies

Kelser’s VDC:

Virtualized Network vShield Edge: Virtualized Network “swiss army

knife”◦ New Name: vCNS◦ Features:

NAT (DNAT and SNAT)

Load Balancer

DHCP

VPN IPSec (point-to-point)

SSL VPN-Plus

◦ The Edge device between your on-premise vSphere/vCloud infrastructure and vCHS

vShield Edge

Kelser’s VDC Edge Gateway

On this screen, you see Kelser’s Edge Gateway, in vCHS. An Edge Gateway can have up to 10 interfaces. This is deployed for you by vCHS:

Kelser’s VDC Networks

We have 2 routed networks (each consumes an interface on the Edge Gateway)

We have 1 isolated network (does NOT consume an interface on the Edge Gateway)

VDC Network + vAppLet’s look at my Exchange vApp:

You can see that the 172-16-100-0 network is outside the vApp and that the vApp has an uplink connected.

The two VMs are connected to the vApp network, which is connected to the VDC Org network.

VDC Network + Edge + vApp

This example shows a vApp with a vShield Edge and then uplinked to an org VDC.

Why would you want this? Well, perhaps you are a service provider and want to firewall your customers from each other.

Or perhaps you need to preserve an IP space, such as the case with DCE.

DCE – Datacenter Extensionaka “Stretch Deploy”

Once vCloud Connector, vCloud Server, and vCNS Edge are loaded, you can simply right-click on a workload (server) and move it and its network identity to vCHS!

DCE creates a VPN tunnel between your vCNS Edge and vCHS Edge

The VPN supports layer 2 traffic You can move a VM, with its existing IP information /

network configuration, to vCHS Simple right-click and “Stretch Deploy”

Let’s try it out!

DCE – DiagramThere is a L2 VPN Link between the Edge Gateway at Kelser and the Edge Gateway below the Routed network, for the DCE vApp.

Since the Edge Gateways are listening for broadcasts on 172.16.55.0 and know what’s on the other side, they proxy broadcasts and answer arp requests for traffic on either side of the VPN.

DCE – Stretch Deploy

You can see this VM is “still at home”. It’s on the 172.16.55.0/24 network, physically at Kelser.

I can ping it’s gateway (a Cisco 3750X stack) and a VM that I’ve already stretch deployed.

I could also ping it from my lab workstation. This just shows it’s up/running “at home”.

DCE – Stretch DeployTo initiate the Stretch Deploy, I’ll shut that VM down and then locate it in the vCloud Connector plugin, in vSphere.

You can see that the vCloud Connector “sees” both my vSphere Private Cloud and the vCHS Public Cloud.

DCE – Stretch DeployI’ll right-click on the VM I want to move to vCHS and click “Stretch Deploy”.

It will then open a wizard to guide me through the rest.


First, I’ll select my target.

“Strechted_k-d-rds” is a vApp that was created from a VM I already deployed, so we’ll just re-use that.


Since I already Stretch Deployed one VM, these fields are greyed out and populated with the values that correspond with that vApp.


I don’t need a proxy, so I’ll leave this how it is and click “Next”.


I’ll just let it power on, when it gets there and click “Next”.


Summary looks OK, so I’ll click “Finish” to complete the wizard.

DCE – Stretch DeployLooking good! You can see this kicked off, as a task on the right.

DCE – Stretch DeployYou can see the tasks completed. This took about an hour, to upload the VM to VMware’s datacenter and then deploy it to my VDC.

DCE – Stretch DeployLet’s check out the network, now that it’s been moved.

It retained its IP information (first of all).

You can see it still has the 172.16.55.1 gateway (still back to the core switch, physically at Kelser) and it can reach it.

You can see that this VM can still ping VM’s back home and receives replies.

DCE – DiagramThere is a L2 VPN Link between the Edge Gateway at Kelser and the Edge Gateway below the Routed network, for the DCE vApp.

Since the Edge Gateways are listening for broadcasts on 172.16.55.0 and know what’s on the other side, they proxy broadcasts and answer arp requests for traffic on either side of the VPN.

Hybrid means YOU consume cloud at YOUR pace VMware vCloud Hybrid Service was designed, built,

and is supported by the company that invented virtualization, as we know it

Your applications already run on vSphere; vCHS is the same vSphere you and your applications already know.

VMware vCloud Hybrid Service has many networking options, to securely connect you to the cloud, almost anyway you could imagine (including L2 VPN)

Kelser was an active participant in the vCHS Early Access program and understands how the “plumbing” works and how to get it working for you.

Conclusion

Check out: vcloud.vmware.com

Thanks!

Matthew Kozloski Senior Virtualization Engineer O: 860.610.2214 | F: 860.291.9088

[email protected]

www.kelsercorp.com

111 Roberts St, Suite D

East Hartford, CT 06108

Technology

Are you Ready for vCloud?