lhc2384bu vmware cloud on aws a technical deep dive · pdf filevmware cloud on aws – a...
TRANSCRIPT
LHC2384BU
#VMworld #LHC2384BU
VMware Cloud on AWS –A Technical Deep Dive
Ray Budavari – @rbudavariFrank Denneman - @frankdenneman
VMworld 2017 Content: Not fo
r publication or distri
bution
• This presentation may contain product features that are currently under development.
• This overview of new technology represents no commitment from VMware to deliver these features in any generally available product.
• Features are subject to change, and must not be included in contracts, purchase orders, or sales agreements of any kind.
• Technical feasibility and market demand will affect final delivery.
• Pricing and packaging for any new technologies or features discussed or presented have not been determined.
Disclaimer
2
VMworld 2017 Content: Not fo
r publication or distri
bution
• Ray Budavari
Senior Staff Technical Product Manager
Networking and Security Business Unit
• Frank Denneman
Senior Staff Architect
Cloud Platform Business Unit
Speaker Introduction
3
Who
VMworld 2017 Content: Not fo
r publication or distri
bution
Session Agenda
1 Why VMware Cloud on AWS
2 Compute and Storage
3 Networking and Security
4 Q&A
4
VMworld 2017 Content: Not fo
r publication or distri
bution
Why VMware Cloud on AWS ?
5
Leading compute, storage and
network virtualization capabilities
Support for a broad range of
workloads
De-facto standard for the
enterprise DC
Flexible consumption economics
Broadest set of cloud services
Global scale and reach
Jointly engineered solution delivers the best of VMware and AWS for customers
VMworld 2017 Content: Not fo
r publication or distri
bution
VMware Cloud on AWS – service overview
6
AWS Global Infrastructure
VMware Cloud™ on AWS
AWS Global InfrastructureCustomer Data
Center
vSphere vSAN NSX
Operational
ManagementNative AWS
Services
vRealize Suite, ISV ecosystem
vCentervCenter
• VMware SDDC running on AWS bare metal
• Sold, operated and supported by VMware
• Support for all VM types
• On-demand capacity & flexible consumption
• Operational consistency with on-premises
SDDC
• Workload portability and hybrid operations
• Global AWS footprint, reach, availability
• Direct access to native AWS services
Service Highlights
STRATEGY AND VISION
VMworld 2017 Content: Not fo
r publication or distri
bution
Leverage AWS Global Footprint
7
3
US west
Oregon (3)
N. California (3)
2
3
AWS
GovCloud (2)
US east
N. Virginia (5)
Ohio (3)
3
2
5
Canada (2)
3
South America
São Paulo (3)
Europe
Ireland (3)
Frankfurt (2)
London (2)
23
2
2
Asia Pacific
Singapore (2)
Sydney (3)
Tokyo (3)
Seoul (2)
Mumbai (2)
2
22 3
3
2*
* *
New region
Paris, Ningxia, Stockholm*# Region and number of
availability zones
STRATEGY AND VISION
VMworld 2017 Content: Not fo
r publication or distri
bution
Key Use Cases for VMware Cloud on AWS
8
Customer can decide strategically across on-premises data center and cloud
Maintain and expand
Regional capacity
DR and backup
Maintain
Expand
Consolidate and migrate
Data center consolidation
Application migration
Consolidate
Migrate
Workload flexibility
Test and development
Cyclic capacity
Flex
…as needed
STRATEGY AND VISION
VMworld 2017 Content: Not fo
r publication or distri
bution
Infrastructure Overview
VMworld 2017 Content: Not fo
r publication or distri
bution
Consume Cloud Resources
VMworld 2017 Content: Not fo
r publication or distri
bution
What workload can you run in
Cloud?VMworld 2017 Content: N
ot for publicatio
n or distribution
Host Compute Configuration in Detail
12
▪ Dual socket CPU host configuration
▪ Intel Xeon E5-2686 v4
▪ 18 Cores per socket at 2.3 GHz
▪ 72 Logical processors per host
▪ Hyper-Threading enabled
▪ 82.8 GHz per host
▪ 512 GB memory per host
▪ Manufacturer: Amazon
VMworld 2017 Content: Not fo
r publication or distri
bution
Initial Availability Compute Cluster Configuration
576144
81922048
TO
TO
CORES
GB
CORES
GB
16 NODE CLUSTER4 NODE CLUSTER
VMworld 2017 Content: Not fo
r publication or distri
bution
vSphere DRS Configuration
▪ DRS Enabled
▪ Migration threshold = 3
▪ DPM = Disabled
▪ Resource Pools created to isolate
MGMT from Customer VMs
▪ Affinity Rules available in Future
Release
Customer Administrator(Cloud Admin)
VMware
vSAN Cluster
Managed by VMware
Managed by Customer
VC NSX … VM VM VMVM VM
VMworld 2017 Content: Not fo
r publication or distri
bution
vSphere DRS Configuration
VMworld 2017 Content: Not fo
r publication or distri
bution
Coupling AWS Elasticity with
vSphere Infrastructure softwareVMworld 2017 Content: N
ot for publicatio
n or distribution
Technical Preview
VMworld 2017 Content: Not fo
r publication or distri
bution
Automatic Cluster Configuration
vSAN Cluster
HOST IS ADDED1. AUTOMATIC NETWORK CONFIGURATION2. 3.
vSAN Cluster
Management Network
vMotion Network
vSAN Network
VXLAN Network
vSAN Cluster
vSAN DATASTORE CAPACITY INCREASE
VMworld 2017 Content: Not fo
r publication or distri
bution
Elastic DRS Integration
vSAN Cluster
CPU
Memory
Storage
vSAN Cluster
CPU
Memory
Storage
vSAN Cluster
CPU
Memory
Storage
CLUSTER OPERATING WITHIN TARGET THRESHOLDS1.
THRESHOLD EXCEEDEDPROVISION ADDITIONAL HOST2.
CLUSTER RETURNS TO TARGET THRESHOLD3.
VMworld 2017 Content: Not fo
r publication or distri
bution
Automated Cluster Remediation
HOST FAILS, OR PROBLEM IDENTIFIED
NEW HOST ADDED TO CLUSTER.DATA FROM PROBLEM HOST REBUILT, AND/OR MIGRATED
PREVIOUS HOST EVACUATED FROM CLUSTER, FULLY REPLACED BY NEW HOST
1.
2.
3.
vSAN Cluster
vSAN Cluster
vSAN ClusterVMworld 2017 Content: Not fo
r publication or distri
bution
HA Cluster Configuration
▪ Host failure remediation is the responsibility of VMware.
▪ As HA settings impact consolidation ratio, the following settings are used to provide
excellent service while minimizing overhead:
▪ Host Monitoring Enabled
▪ Admission Control Policy: Percentage Based
▪ Host Failures Tolerate: 1
▪ VM & App Monitoring Enabled
▪ Host Isolation Response: Power off and Restart VMs
VMworld 2017 Content: Not fo
r publication or distri
bution
Cluster Configuration at Initial Availability
AWS Global Infrastructure
AWS Region
vSphereVSAN NSX
vS
phere
Clu
ste
r
VM VM VM
SDDC
VM
MGMT VMs
Availability Zone
VM
VM
VM
Availability Zone
▪ Restricted to one AWS Region and AZ
▪ Automatically detects failed hardware
▪ Auto remediation HA allows automatic
recovery from HA events
▪ Provision new host and eject failed node
without customer interventionVMworld 2017 Content: Not fo
r publication or distri
bution
Cluster Configuration in Future Release
AWS Global Infrastructure
AWS Region
vS
phere
Clu
ste
r
VM VM VMVM
SDDC
Availability ZoneVM
VM
VMAvailability Zone
vSAN Cluster
▪ Multi AZ availability (Active-Active)
▪ vSAN stretched across multiple AZs
▪ Synchronous write replication across AZs
▪ RPO = 0, RTO = HA Restart
▪ Per-VM Storage Policy
▪ First time infrastructure level AZ resilience! No
need for refactoring traditional applicationsVMworld 2017 Content: N
ot for publicatio
n or distribution
Storage Configuration
VMworld 2017 Content: Not fo
r publication or distri
bution
Initial Availability vSAN Host & Cluster Configuration
12832
16040
TO
TO
NVMe DEVICES
TB RAW CAPACITY
NVMe DEVICES
TB RAW CAPACITY
16 NODE CLUSTER4 NODE CLUSTER
VMworld 2017 Content: Not fo
r publication or distri
bution
ESXi HostESXi Host
ESXi Host
vSAN Architecture
ESXi Host (x4)
vSAN Disk Group vSAN Disk Group
vSAN Node Configuration
▪ 2 Disk Groups
▪ 2 devices write-caching tier (3.4 TB)
▪ 6 devices capacity tier (10.2 TB)
Storage Policy Configuration
▪ Health Service is enabled *
▪ RAID 1, 5 and 6 available *
▪ vSAN Encryption is disabled at Initial
Availability
* User configurable policy settings
VMworld 2017 Content: Not fo
r publication or distri
bution
Networking and Security Configuration
VMworld 2017 Content: Not fo
r publication or distri
bution
VMware Cloud onAWS IS BUILTA R O U N D N S X
LHC2013BU – NSX and VMware Cloud on AWS: Deep Dive
LHC2105BU – NSX and VMware Cloud on AWS: The Path to Hybrid Cloud
VMworld 2017 Content: Not fo
r publication or distri
bution
NSX in VMware Cloud on AWS – Introduction
▪ All VM networking in VMware Cloud on AWS is provided by NSX
▪ Provides compatibility with NSX and vSphere products used on-premises
▪ vSphere and NSX have been optimized to work in AWS environment
▪ Delivered using an ‘as a service’ cloud model
VMworld 2017 Content: Not fo
r publication or distri
bution
AWS Networks are Used to Provide External Connectivity
▪ VPC Networking
▪ Services as a Transport
▪ Enables VMkernel networking
▪ Internet Gateway
▪ Enables N-S connectivity
▪ All services are provided by NSX
▪ Customer VPC Access
▪ Optimized access from VMC to connected VPCs
▪ AWS Direct Connect (Future Release)
▪ Dedicated, high performance connection to on-premises
VMworld 2017 Content: Not fo
r publication or distri
bution
Cloud Networking Admin
▪ Setup initial networks and admin access to
vCenter Server
▪ Provide inbound access to workloads
▪ Control Firewall access to workloads
▪ Establish VPN connectivity
▪ Prescriptive network topology only
Manages
VI AdminManages
▪ Deploy VMs
▪ Attach VMs to networks
▪ Create new networks
▪ IP Addressing for VMs
Consumes Cloud
Network Admin
Managed Services
VMC Web Portal
vSphere
Web Client
VMware Cloud on AWS – Simplified mode consumption
VMworld 2017 Content: Not fo
r publication or distri
bution
VMware Cloud on AWS – Network Overview
Management Pool▪ vCenter Server, NSX Manager, NSX Controllers
▪ Services provided by NSX Edge Gateway (MGW)
▪ Firewall and VPN for Security▪ Default Deny Policy
▪ NAT for Public VC Access
Compute Pool
▪ NSX Edge Gateway & Distributed LogicalRouter (CGW)
▪ Prescriptive network topology
▪ NSX Logical Switches for workload VMs
▪ Default Network provided, but customer
created networks are supported
▪ DHCP Relay/Server
▪ Automated routing configuration
▪ Firewall and VPN for security
▪ Default Deny Policy
▪ NAT for VM Internet Access
▪ Connection to Customer VPC
MGW
CGW
Internet
vSAN Cluster
Managed by
VMwareManaged by Customer
VC NSX … VM VM VMVM VM
VPN VPN
DLRVMworld 2017 Content: N
ot for publicatio
n or distribution
L3 VPN Hybrid Cloud Connectivity
On-PremGateway
Existing VMs and Management on-premises
VPN Connectivity using NSX ESG(Route selected networks or all traffic
to on-premises over VPN tunnel)
Customer DC
Software Defined Data Center (SDDC)
On-Prem Management
On-Prem
Workloads
Management
Network
Management GW
(NAT, FW, VPN)
VMware Cloud
on AWS
Compute GW
(NAT, FW, VPN, DHCP)
192.168.20.0/24192.168.10.0/24
DLR
Management Traffic
Compute Traffic
InternetInternet GW
IPSec VPN – L3 - Compute
VMworld 2017 Content: Not fo
r publication or distri
bution
L3 VPN Connectivity Details
34
▪ IPsec VPN enables secure access to VMware Cloud on AWS workloads from on-premises
• Provides choice of remote gateway:
• VMware Cloud on AWS leverages NSX Edge for VPN
▪ Validation with all common VPN devices
▪ Joint whitepapers will be published with VMware Partners
Internet / WAN
VMC on AWS
VPN
VMworld 2017 Content: Not fo
r publication or distri
bution
Optimized connectivity to Native AWS services
Compute Gateway
EC2 Instances, Private AWS services
or VPC Endpoints in customers existing VPCs
Direct Connectivity from VMC to Customer VPCs(without VPC Peering)
Customer VPC
Optimized Traffic Flow
AWS Networking
Provider Network
VMware Cloud
on AWS
VPC Endpoints
VPC subnets
Amazon
S3 Distributed Router
VNI 5001
VNI 5000
DLR
EC2 Instances
35
ENI fromCustomer VPC
VPC route
table
NSX route
table
Software Defined Data Center (SDDC)
Internet GWInternet GW
East-WestConnection
192.168.0.0
192.168.1.0
192.168.2.0
172.16.0.0
172.16.1.0
172.16.2.0
VMworld 2017 Content: Not fo
r publication or distri
bution
VMC and AWS Services
▪ VMware Cloud on AWS provides access to native AWSservices
▪ Connected VPC access
▪ Provides higher bandwidth connectivity to selected AWS Services
▪ Requires an existing customer VPC
▪ Optimized access to EC2 instances and S3 are supportedat Initial Availability
▪ Additional services will be added in future releases
▪ Public Access to AWS Services is also available via the Internet
▪ Provides a base level of capability
▪ High Performance as VMC runs on the same AWS infrastructure
▪ Bandwidth limits for IGW apply
36
Access to AWS Services
Amazon
EC2
Amazon
S3
Amazon
RDS
AWS Direct
Connect
AWS IAMAWS IoT
…
…
…
…
VMworld 2017 Content: Not fo
r publication or distri
bution
▪ NSX is front and center in VMware Cloud on AWS Portal
▪ Network Dashboard provides a view of NSX components and connectivity
VMware Cloud on AWS – Networking User Experience
37
VMworld 2017 Content: Not fo
r publication or distri
bution
Simplified mode provides basic networking and security functionality
VMware Cloud on AWS – Networking User Experience
38
– Firewall – VPN – Logical – NAT – Public IPs
VMworld 2017 Content: Not fo
r publication or distri
bution
VMware Cloud on AWS – Networking User Experience
▪ Logical Networks are managed within vCenter Server
▪ Uses a new HTML5 plugin specifically for VMware Cloud on AWS
▪ Enables the following:
▪ Create & DeleteNSX Logical Switches
▪ Provide a Default Gateway
▪ Optionally enable DHCP
▪ All remaining steps are automated
VMworld 2017 Content: Not fo
r publication or distri
bution
VMware Cloud on AWS is an Extension of a Powerful & MatureProduction Operational Model and Ecosystem
VMworld 2017 Content: Not fo
r publication or distri
bution
Questions
VMworld 2017 Content: Not fo
r publication or distri
bution
• Ray Budavari – @rbudavari
• Frank Denneman - @frankdenneman
VMworld 2017 Content: Not fo
r publication or distri
bution
VMworld 2017 Content: Not fo
r publication or distri
bution
Cluster Compute
44
CPU CPU
36 CPU Cores + 512 GB
CPU CPU
36 CPU Cores + 512 GB
CPU CPU
36 CPU Cores + 512 GB
CPU CPU
36 CPU Cores + 512 GB
144 CPU Cores + 2048 GB Memory
Default Cluster size: 4 ESXi Hosts
VMworld 2017 Content: Not fo
r publication or distri
bution