Posted by Brian on Nov 17, 2011 in Cloud, Orchestrator, vCloud, VMware | 0 comments
In working on several Cloud related projects one of the items that sticks out to me is the need for deeper automation within the vCloud Director product. I understand this is still just version 1.5, but with how hard VMware is pushing the “Your Cloud” journey. I think that some parts are just not ready for what some companies need to do in the way of automation.
If self-service is suppose to be such a big part of Cloud, then the need for automation is going to play a big part. Not everything can be accomplished from creating templates and using customization to change the identity of the new VM. In server virtualization this worked great and saved time for most IT shops. But there were still manual processes that some shops needed to do. This breaks the idea of self-service IT, if a user still relies on someone to execute a manual process to have a VM or application provisioned from vCloud.
I guess what this mostly deals with is private cloud. Many IT shops are trying to automate the creation of as many servers and platforms as possible, to reduce their work load in provisioning new servers. But there are still some manual processes that need to take place and I think that being able to tie vCenter Orchestrator more tightly with vCloud Director could go a long way in help this issue.
Other cloud software companies such as DynamicOps are already doing this type of thing. By making the workflow or automation part of their offerings built into the same admin console. This allows for tight integration and opens up the options for what you are allowed to automate.
If you listen to rumors and in dark alleys you might hear that this type of integration is coming from VMware in a future release. Nobody knows if it will be the next release or even when that will happen.
Brian is a Technical Architect for a VMware partner and owner of this website. He is active in the VMware community and is helps lead the Chicago VMUG group. This blog Virtualize Tips was started to document and remember things that I come across while working with tech.
Mail | Web | Twitter | LinkedIn | More Posts (169)
Posted by Brian on Feb 23, 2011 in Blade Servers, Cloud, Hardware, HP, HP | 1 comment
With all the talk about converged infrastructure and stacks these days especially in the virtualization space I was really glad that I got to do this interview. There has been a lot written about its competitors but the HP BladeSystem Matrix was still kind of a mystery to anyone that had not had HP in to talk about it. I was lucky enough to spend some time talking with a couple of members from the HP BladeSystem Matrix team. These guys were very helpful in explaining what Matrix is and answered all of my crazy questions.
What I hope everyone gets from this is a better understanding of what BladeSystem Matrix has to offer if you’re looking at these types of converged offerings. Also highlight some of the features that are unique to the HP stack. In interest of being totally open I am also an employee of HP but my current work responsibilities have nothing to do with BladeSystem Matrix. Now that all that is out of the way let’s get started with the good stuff.
VT: Can you give me your elevator pitch?
HP: Matrix is the foundation for a private cloud solution managing both physical and virtual infrastructure. Matrix allows you to rapidly provision infrastructure via a self service portal. In addition, it offers the ongoing life-cycle management including capacity planning and disaster recovery. You can buy Matrix with a single SKU that includes hardware, software and services. The solution is all tested and certified by HP to work together.
VT: Who benefits from this solution?
HP: Customers who need to be able to address fast change and achieve a competitive advantage through time to market. Typical customers for Matrix are large Enterprises and Service Providers who have invested already in virtualization and shared infrastructure and want to take the next step to cloud computing. I think that these target customers are common to all converged infrastructure offerings.
VT: What hardware makes up a BladeSystem Matrix?
HP: BladeSystem Matrix all begins with something called a starter kit. This kit includes the following items, Central Management Server on a ProLiant DL360, HP C7000 Blade Chassis w/Virtual Connect networking and Insight Management software for managing Matrix. For the storage you have multiple options – you can use your existing Fiber Channel SAN storage if it’s supported or you can use HP storage, e.g. 3PAR or HP EVA 4400 array. iSCSI storage is supported as well for VM data stores. There is also something called an Expansion kit which is a C7000 Blade chassis, Insight Management software licenses and HP Services needed to integrate the expansion kit into your existing Matrix environment. It should be noted that Matrix supports both ProLiant and Integrity blades.
VT: What are HP Cloud Maps and how do they relate to BladeSystem Matrix?
HP: These Cloud Maps help customers to get started quickly with Matrix – they jump start the creation of a customized self-service portal. Cloud Maps include white papers and templates for hardware or software configurations that can be imported into BladeSystem Matrix that can save days or weeks of design time. A Cloud Map can also provide workflows and scripts designed to expedite the installation.
VT: What does the CMS or Central Management Server do?
HP: The CMS server is a physical server that is running the management software that controls, automates and monitors your BladeSystem Matrix. If you have a DR site with a Matrix you would need a CMS server there to control the environment. It’s also possible to setup the CMS in a HA or Highly Available configuration to prevent a single failure point for Matrix management. Lastly for large environments that exceed the maximums of a single CMS you can now stand up secondary CMS servers that will still allow you to manage everything from one admin console.
VT: Can I use existing HP gear with a Matrix install?
HP: If you purchase a new HP BladeSystem Matrix you can use it to also manage any qualifying HP hardware that you already own. HP has created something called the Matrix Conversion Services to assist with integrating your existing HP infrastructure with BladeSystem Matrix. This program is new and will evolve to allow customers to accomplish these integrations.
VT: Can I use arrays from other vendors?
HP: You can use Storage Arrays from other vendors as long as they are able to meet a list of criteria – for example the storage vendor needs to be certified with Virtual Connect. More details can be found in the Matrix compatibility chart.
VT: What software is used for Matrix?
HP: The software for Matrix is called the Matrix Operating Environment, which includes the whole Insight Management stack including Insight Foundation and Insight Control. With Insight Foundation you get the controls to install, configure, and monitor physical servers. With Insight Control you get all the essential server management including server deployment and power management. The real magic happens with the additional Matrix Operating Environment software (aka Insight Dynamics). It provides a service design tool, infrastructure provisioning with a self-service portal, capacity planning, and recovery management
VT: Does it come configured and who does the setup work?
HP: Some factory configuration is done then remaining work is done onsite by HP Services. The install and configure period can take from a few days to 2 weeks depending on the level of complexity.
VT: Explain how it is managed?
HP: There are two separate consoles that control a BladeSystem Matrix. The first would be the admin console used by your support team to configure and control the environment. The second would be the Self Service portal site. This allows for IT consumers to request and provision resources from the Matrix environment.
VT: What types of automation and provisioning can Matrix do?
HP: One example would be in the creation of templates. You can create templates in the Matrix software or use ones already created, for example on your VMware vCenter server. If you use an existing template that might be created with only one OS partition you can use the Matrix template process to provision the VM and add on additional disks and features not present in the base template.
VT: How is support handled for Matrix customers?
HP: There is a dedicated team to contact for Matrix support issues. Matrix is treated as a single solution, with all calls coming in through a central team. This team is cross trained in the various aspects that make up Matrix and they will escalate to product specific engineers if needed.
VT: Can you explain fail over P2V and then back to V2P for DR?
HP: This feature allows for a physical server to be recovered at the DR site on a physical or virtual machine. To make this HP spoke about creating what is known as a “portable image” What this meant was that the logical server was created in a way that it would be able to be deployed on either another physical blade, or as a VM within a virtual machine host. . I asked about if there was any type of conversion process that takes place and there is not. The engineer talked about the creation of the portable image which to me meant that you need to include both OS drivers for the physical hardware and the virtual hardware. This way when the imaged was moved to the other platform the physical OS or the hypervisor-based OS would find all of the devices. The last piece would be the network settings and these are preserved with an application called PINT so that when new network cards are installed your settings will remain.
VT: How does it integrate with VMware?
HP: The HP tool set for BladeSystem Matrix offers many integration points with VMware vSphere. A short list of the functions would include provisioning VM’s, change in power state, activate/deactivate, add servers to group, and add disks to a VM or group of VM’s. Along with those features Matrix monitors status and performance, capacity & workload analysis and Disaster Recovery integration.
VT: What separates Matrix from other converged stacks?
HP: A big selling point is that HP BladeSystem Matrix is integrated and engineered holistically by one company, while still allowing for heterogeneous components in areas such as networking and storage. Also at this time BladeSystem Matrix is the only solution that is capable of managing both physical and virtual servers with the same tools and allow movement between physical and virtual resources. Something that Matrix offers that others do not is integrated automated Disaster Recovery. Lastly Matrix supports both VMware and Microsoft Hyper-V, as well as Integrity Blades, for virtualization.
VT: What SAN protocols are supported today?
HP: As of today BladeSystem Matrix supports Fiber Channel as the preferred method of connecting to storage. In addition, Matrix does support FCOE and iSCSI for VM data stores.
VT: What is storage provisioning manager?
HP: This was explained as enhanced volume provisioning management, allowing more proactive maintenance of the pools of storage available for provisioning of an environment. Where this seem to tie for me was using it to publish or tag which volumes are available for provisioning. For example you could label a volume as boot disk and others as data disks. Then when creating your templates for provisioning the system will know which volumes are available for boot, as well as which volumes are available as data volumes during OS install, so that you provide better management of the storage you’ll utilize during provisioning.
VT: How many customers or units sold so far?
HP: I had to try but was only told that HP does not release any numbers or revenues for products. BladeSystem Matrix is made up of components that have been offered for many years by HP, and includes multi-million unit sales of components such as BladeSystem servers and Virtual Connect.
VT: How will software and firmware updates be handled?
HP: There are update bundles that are created for BladeSystem Matrix. At this time these updates must be performed by an HP Services person. These updates can be done in person or remotely.
VT: How does the SAN fabric interact with BladeSystem Matrix?
HP: In the current version of Matrix you will need to pre-create volumes and your server zoning ahead of any provisioning.
VT: What is Insight Virtualization Manager?
HP: Also known as VSE Virtualization Manager that is part of Insight Dynamics. With VSE you can move a logical server from the existing blade it’s running on to another blade. The VSE application will move the server profile to the new blade and restart the server once the move is complete and your operating system will start up. The VSE interface will offer recommendations for target blades that match your requirements. There are a few reasons for such a move that would include upgrades and maintenance. Video demo of moving a blade server to another blade. Video Link
Brian is a Technical Architect for a VMware partner and owner of this website. He is active in the VMware community and is helps lead the Chicago VMUG group. This blog Virtualize Tips was started to document and remember things that I come across while working with tech.
Mail | Web | Twitter | LinkedIn | More Posts (169)
Posted by Brian on Sep 7, 2010 in Cloud, vCloud, VMware, VMworld | 0 comments
During the Tuesday Keynote presentation at VMworld 2010 several executives from VMware covered the upcoming View 4.5 release. As they dove deper into the features and showcased the product. They announced a new previously unheard of application being called Project Horizon. Now to me Project Horizon seems like the Web 2.0 version of Citrix Dazzle. If your not familiar with Dazzle its kind of an App store for checking in and out published Citrix applications. As it was demo’d during the speech Project Horizon is going to allow users to have a single sign-on experience for locally installed apps and Saas applications. (SaaS = Software as a Service) These types of apps are becoming common place among users everyday and if IT departments want to be able to provide them in a secure fashion Project Horizon will have a stake in this from VMware’s perspective.
See some details from the PR released from VMware.
At VMworld 2010 in San Francisco, VMware will preview a cloud-based management service — codenamed Project Horizon — that will securely extend enterprise identities into the cloud and provide new methods for provisioning and managing applications and data based on the user, not the device or underlying operating system.
Project Horizon will establish a user’s “Cloud Identity,” securely extending on-premise directory services between private and public clouds and enabling customers to take advantage of the flexibility and new services in the public cloud while maintaining the security and control from their private clouds.
“A cohesive desktop strategy should provide secure, direct access to many types of applications, including SaaS and legacy and mobile applications, regardless of device type or location,” said Mark Bowker, senior analyst, Enterprise Strategy Group. “Project Horizon is an example of how VMware has the potential to help dramatically transform desktop and application delivery services, maintain IT control, and ensure a productive, personalized experience for the end user.”
Brian is a Technical Architect for a VMware partner and owner of this website. He is active in the VMware community and is helps lead the Chicago VMUG group. This blog Virtualize Tips was started to document and remember things that I come across while working with tech.
Mail | Web | Twitter | LinkedIn | More Posts (169)
Posted by Brian on Aug 31, 2010 in Cloud, vCloud, VMware, VMworld, vSphere | 0 comments
So your head is probably spinning this week with all of the news coming out of VMworld 2010. I know it’s only day 2 and each evening my head was pounding after absorbing so much new information. Today was day 2 and the information fountain was turned up all the way with the Keynote speak, there was several new products announced. In this post I am covering vCloud Datacenter service and what it has to offer to your Service Catalog.
To break this down in simple terms. I see this as the public version of vCloud that provides you the ability to link up your internal private cloud build on vCloud Director. This service allows you to provision app’s and VM’s out in the public space when you need to. Maybe its because you are out of space on your private cloud or that you just want something out there for other reasons. The vCloud Datacenter services gives you the interoperability that you want with ease of use and VMware is promising the security that Corporations are demanding. This will all be provided by vCloud Director and the new vShield product family.
Here some of what VMware has to say about vCloud Datacenter services.
Built to predefined specifications and based on secure VMware cloud infrastructure technology, vCloud Datacenter Services provide multilevel, auditable security through SAS 70 Type II or ISO 27001 compliance. vCloud Datacenter Services also provide best-in-class virtual firewall capabilities, Layer 2 isolation, role-based access control and the ability to integrate with Active Directory. Access to end user activity logs keeps you in control and allows you to calibrate user access levels for enhanced end user security.
Because vCloud Datacenter Services are built upon the same, globally consistent foundation as your internal datacenter or private cloud, VMware vCloud Director and VMware vSphere, internal virtualized applications can be easily moved to a vCloud Datacenter Services without re-architecting or refactoring. Rather than being locked into a proprietary cloud platform as you may be with other providers, you can choose the vCloud Service Provider that best meets your needs and manage, move and operate your applications as if they were on site.
Link to vCloud Datacenter services at VMware
Here are some of the differences between what vCloud Datacenter Service has to offer compared to public clouds.
|
vCloud Datacenter Services
|
Other public clouds
|
| COMPATIBILITY AND ADMINISTRATION |
|
|
| Use existing internal VMs or vApps in the cloud |
Yes
|
No
|
| Familiar VMware infrastructure |
Yes
|
No
|
| Authenticate users against enterprise directory |
Yes
|
No
|
| Multi-user, role-based access control |
Yes
|
No – one user per account
|
| Identical GUI for internal and external clouds |
Yes
|
No
|
| Move applications between virtual data centers |
Yes
|
No
|
| PERFORMANCE |
|
|
| Predictable performance from resource allocation (committed VDC and dedicated VDC) |
Yes
|
No – depends on other tenants’ use
|
| Storage performance |
5x
|
1x
|
| NETWORKING AND SECURITY |
|
|
| Firewall per vApp and per organization |
Yes
|
No – per VM
|
| Full virtual layer 2 networking |
Yes
|
No – L3 only
|
| Auditable security with all logs provided |
Yes
|
No
|
| Optional physical segregation of resources |
Yes
|
No
|
Brian is a Technical Architect for a VMware partner and owner of this website. He is active in the VMware community and is helps lead the Chicago VMUG group. This blog Virtualize Tips was started to document and remember things that I come across while working with tech.
Mail | Web | Twitter | LinkedIn | More Posts (169)
Posted by Brian on Aug 31, 2010 in Cloud, vCloud, VMware, VMworld, vShield, vSphere | 0 comments
Today at VMworld 2010 VMware announces the new family of vShield products. The new products to this family are vShield Endpoint, vShield App and vShield Edge. Each product has been designed for a few core functions that are helping to facilitate and secure the IT as a Service model that VMware is promoting with its new vCloud Director solution. These security related products are going to secure, make management easier and help move down the patch to a cloud infrastructure.
I will try and provide some more details about each product below gathering any details that are available as of today. In the image below are some of the concerns that VMware is address based on what Enterprises have been telling them.
vShield Endpoint – vShield Endpoint provides on-host antivirus and malware protection that reduces performance latency and eliminates the need to maintain individual security agents in each and every virtual machine, helping to simplify security administration while minimizing the risk of malware infections. Datasheet
vShield App -VMware vShield App protects applications in the virtual datacenter from network-based threats. vShield App gives organizations the ability to create and manage business-relevant policies that adapt to dynamic cloud environments. It also provides deep visibility into network communications between virtual machines and granular enforcement through security groups. Datasheet
vShield Edge – vShield Edge is a network gateway solution that protects the edges of the virtual datacenter with DCHP, network address translation (NAT), firewalling, load balancing, site-to-site VPN, port group isolation and other capabilities that help organizations maintain proper segmentation between different organizational units. Datasheet
vShield Manager – Included with all vShield products, vShield Manager provides a central point of control for managing, deploying, reporting, logging and integrating third-party security services. Working in conjunction with vCenter Server, vShield Manager also enables role-based access control and administrative delegation as part of a unified framework for managing virtualization security.
vShield Zones – VMware vShield Zones, included with vSphere, provides basic protection from network-based threats in virtual datacenters, with application firewalling and policy management based on administrator-defined zones, using basic traffic information such as the source IP address, the destination port, and so on.
Here is a quote from a VMware product release.
Enterprise Partner Extranets – vShield lets enterprises extend their networks and application resources to branch offices, home offices and business partner sites through site-to-site VPN services that offer simplified provisioning, streamline administrative tasks and improve scalability. All traffic between sites is encrypted using IPsec to maintain the confidentiality and integrity of all site-to-site communications.
vShield Product Family Brochure
Brian is a Technical Architect for a VMware partner and owner of this website. He is active in the VMware community and is helps lead the Chicago VMUG group. This blog Virtualize Tips was started to document and remember things that I come across while working with tech.
Mail | Web | Twitter | LinkedIn | More Posts (169)
Posted by Brian on Aug 31, 2010 in Cloud, vCloud, VMworld, vSphere | 2 comments
You can now hear the sigh of relief as many bound by NDA to keep silent about Project Redwood. This morning brings the news of the official announcement from VMware about vCloud Director or vCD. This is the new VMware Cloud Infrastructure solution that will allow Corporations and Service Providers to build clouds and ITaaS ( IT as a Service ) consumption models. Below is a quote from the VMware press release about vCloud Director.
VMware vCloud(TM) Director: A new model for delivering and consuming
infrastructure services
VMware vCloud Director changes the way IT
delivers infrastructure services and the way users access and consume
them. By extending the resource pooling capabilities of VMware
vSphere, VMware vCloud Director enables IT to create "virtual data
centers" (VDCs) -- logical pools of compute, network and storage
resources with defined management policies, SLAs and pricing. IT
organizations can offer these VDCs -- along with catalogs of other
infrastructure and application services such as virtual appliances,
VMs, and OS images -- to users through fully automated self-service
access.
So what is vCloud Director
To put it in the simplest terms it’s a layer that sits on top of vCenter server and abstracts all the resources that vCenter has under it’s control. You then combine all of these resources into large pools for your Customers or Tenants to consume. Also vCloud Director provides the Customer a Self Service portal to use.
So what exactly are the resources that vCloud Director abstracts from vCenter server? Below is a list of the resources and the vSphere term to bring it all together.
- Compute resources = vSphere Clusters and Resource Pools
- Network resources = dvSwitches and portgroups
- Storage = Datastores ( VMFS and NFS )
These resources are then presented to you via the Self Service Portal of vCD. As an administrator you can use the vCloud Director Portal to split up and assign resources to Customers, Department or some other business division. These call also be referred to as an Organization, this sounds a lot like Lab Manager. The vCloud Director product was designed to work with both Enterprise and Service Provider clouds. The resources are divided up and assigned to a Virtual Datacenter or vDC. There are two types of vDC’s available withing vCloud Director.
- Provider Virtual Datacenter ( Provider vDC )
- Organization Virtual Datacenter ( org vDC )
The Provider Virtual Datacenter is the base for compute resources. When creating a Provider Virtual Datacenter you will need to select a resource pool. Nex you will need to associate at least one datastore with the Provider vDC, this might be all LUNs masked to your cluster. Duncan from Yellow Bricks layed out the following theory
Some of my colleagues described the Provider vDC as the object where you specify the SLA and I guess that explains the concept a bit more. So for instance you could have a Gold Provider vDC with 15K FC disks and N+2 redundancy for HA while your Silver Provider vDC just offers N+1 redundancy and runs on SATA disk… everything is possible.
Now that a Provider vDC was created you can create an Org vDC and associate the Org vDC to a vCD Organization. Its possible that an Organization can have multiple Org vDCs associated to it. For example it’s possible to have 3 Org vDCs owned by a single Organization across two Provider vDCs. Those provider vDCs could each have a different SLA.
So in my thought vCloud Director does seem be Lab Manager on steroids which is a phrase that I’ve heard before. Many of these ideas do seem to be based off of the Organizations, configurations and networking that Lab Manager was using.
Pricing and Availability
VMware vCloud Director is currently available and is licensed per VM starting at $150 per VM.
Build Secure, Multi-Tenant Clouds – VMware vCloud Director lets administrators group users by policy, such as a business unit, division or subsidiary. Each group has isolated virtual resources, independent LDAP-authentication, specific policy controls and unique catalogs. To ensure security and compliance in a cloud environment where multiple organizations share infrastructure resources, VMware vCloud Director includes VMware vShield perimeter protection, port-level firewall, and NAT and DHCP services.
vCloud Director Links
Download link for vCloud Director
vCloud Director Install and Configuration guide
vCloud Director User Guide
vCloud Director Administrators guide
Brian is a Technical Architect for a VMware partner and owner of this website. He is active in the VMware community and is helps lead the Chicago VMUG group. This blog Virtualize Tips was started to document and remember things that I come across while working with tech.
Mail | Web | Twitter | LinkedIn | More Posts (169)
