3. What If?
The same principles that transformed
a single layer of the data center…
Abstract.
Pool.
Automate.
and delivered unprecedented
value for customers…
were applied to
the entire data center?
www.varrow.com
4. Software-Defined
Data Center
The ideal architecture for private,
hybrid and public clouds.
All infrastructure is virtualized
and delivered as a service, and
the control of this data center is
entirely automated by software.
www.varrow.com
5. VMware’s SDDC Architecture
Software-Defined Data Center
Management and Automation
Compute
Abstract.
Network and
Security
Pool.
Storage and
Availability
Automate.
www.varrow.com
6. Software-Defined Data Center Solves IT Pain Points
VMware’s Software-Defined Data Center
Delivers Transformational Levels of:
Control
Traditional IT pain points
Inefficiency
Reduce IT capex by 75%
and opex by 56%*
Cloud Service
Provider
Economics
Agility
Choice
New IT pain points
Downtime
Reduce downtime
for tier 1 applications by
36%*
Cloud on
Your Terms
Inflexibility
Increase IT productivity
by 67%*
Apps at
Business Speed
Fear of Lock-In
Support for over 500 ISV
solutions and 80
operating systems
Any App
Anywhere
* Claims being validated by the Taneja Group (final numbers expected August, 2013).
www.varrow.com
8. SDDC On-Premises Network and Security Products
Management and Automation
vCloud
Automation Center
vCenter Operations
Management Suite
IT Business
Management Suite
vCenter Server and vCloud Director
Compute
Network / Security
Storage / Availability
vCloud
Networking and Security
vCenter
Site Recovery Manager
NSX
Virtual SAN
vSphere
www.varrow.com
9. Why Network Virtualization
Solution: Virtualize the A Barrier to
Physical Network: Network
Software Defined Data Center
VDC
•
•
•
•
•
Programmatic slow
Provisioning is provisioning
Place any is limited
Placementworkload anywhere
Move any limited
Mobility is workload anywhere
Decoupled from hardware
Hardware dependent
Operationally intensive
efficient
SOFTWARE-DEFINED
DATACENTER SERVICES
Network Virtualization Abstraction Layer
Compute Virtualization Abstraction Layer
Physical
Infrastructure
www.varrow.com
10. VMware NSX – The Platform for Network
Virtualization
Networking in Software
• Logical Switching– Layer 2 over Layer 3, decoupled
from the physical network
• Logical Routing– Routing between virtual networks
without exiting the software container
• Logical Firewall – Distributed Firewall, Kernel
Integrated, High Performance
• Logical Load Balancer – GSLB in software
• Logical VPN – Site-to-Site & Remote Access VPN in
software
• NSX API – RESTful API for integration into any Cloud
Management Platform
• Partner Eco-System
www.varrow.com
11. vCloud Networking and Security (vCNS) – Networking and
Security Capabilities of the vCloud Suite
How it works
• Edge virtual appliance providing integrated
gateways services, such as Firewall, Load Balancing,
NAT, VPN
• App vNIC level firewall
• VXLAN extended networks
• Integration with vCenter and vCloud Director
Benefits
• Simplified packaging, only available in vCloud Suites
• Improve workload mobility and compute
utilization across clusters
• Cost savings from the use of virtual appliance for
L4-L7 services instead of purpose built hardware.
• Meet compliance goals with ability to isolate critical
applications in a shared infrastructure
www.varrow.com
12. Networking and Security: Key Takeaways
1
Removes the last barrier to SDDC
2
Transforms the network operational model
3
Increases business speed, reduces IT costs and enables choice
www.varrow.com
14. SDDC On-Premises Storage and
Availability Products
Management and Automation
vCloud
Automation Center
vCenter Operations
Management Suite
IT Business
Management Suite
vCenter Server and vCloud Director
Compute
Network / Security
Storage / Availability
vCloud
Networking and Security
vCenter
Site Recovery Manager
NSX
Virtual SAN
vSphere
www.varrow.com
15. Several Storage Trends Are Enabling A
New Approach To Storage
Increasingly
Powerful
Servers
www.varrow.com
16. VMware Approach to Software-Defined Storage
Software-Defined Storage
Policy-based Storage Management
VM-centric policies for placement,
protection, and performance
Virtualized Data Services
VM-centric snapshots, clones,
replication, backup, etc.
Hypervisor Storage Abstraction
Heterogeneous storage consumed as
datastores and VMDKs
Release Plans
SSD
SAN/NAS
• VMware Virsto
• vSphere Flash Read Cache
• Virtual Volumes
HDD
DAS
• VSAN - Public Beta in Q3 2013. GA with
vSphere 5.5 U1 in H1 2014
• Virsto - available since Q1 2013
• Flash Read Cache - GA with vSphere 5.5
• Virtual Volumes - 2014+
VMware Virtual SAN
www.varrow.com
17. VMware Virtual SAN: Software Defined Storage
With Unparalleled Efficiency & Agility
Overview
•
VMware vCenter Server
•
vSphere
•
VSAN
•
…………….
SSD
Hard
disks
SSD
Hard
disks
SSD
Hard
disks
SSD
Hard
disks
Virtual SAN abstracts and pools solid
state drives and hard disks from multiple
servers to create shared storage
Redefines the hypervisor to cluster
compute and storage
Policy based management for self-tuning
VM-centric storage
Scale-out architecture with built-in SSD
caching
Benefits
•
Radically simple storage designed for virtual
machines
Clustered
VSAN Datastore
•
Fast, resilient, dynamic
•
Up to 50% lower TCO for comparable
performance
www.varrow.com
18. VMware VSAN – Initial Use Cases
Virtual Desktop
(VDI)
VSAN
High Performance
No Bottlenecks
Tier2/3
Test & Dev
Fast Provisioning
Low Cost
VSAN
vSphere
vSphere
Big Data
Scale-Out
High Bandwidth
Site A
DR Target
ROBO
Site B
VSAN
vSphere
Reduced
hardware at
remote site
VSAN
vSphere
www.varrow.com
19. VMware Improves Business Continuity At All Levels
Local Site
vSphere
Failover Site
vSphere
Local Availability
vSphere
vSphere
New
in 2013
Improved
in 2013
• vSphere HA, vSphere App HA
• vSphere Fault Tolerance
• vSphere vMotion and Storage vMotion
Data Protection
• vSphere Data Protection, vSphere
Data Protection Advanced
vSphere
Disaster Recovery
• vSphere Replication
• vCenter Site Recovery Manager
• DR to the Cloud services based on SRM
Improved
in 2013
• vSphere APIs for Data Protection
www.varrow.com
20. Software-Defined Storage and Availability:
Key Takeaways
1
Virtual SAN clusters server disks to create radically simple shared storage designed for virtual
machines –it’s fast, resilient and dynamic with significantly lower TCO.
2
SRM automates DR for all apps making it predictable and reliable. Forrester
confirms that SRM reduce cost of DR by up to 50%
3
vSphere Data Protection Advanced is VMware’s solution for backing up vSphere
environments. It is the simplest, most efficient solution to protect VM data
www.varrow.com
21. SDDC On-Premises Compute Products
Management and Automation
vCloud
Automation Center
vCenter Operations
Management Suite
IT Business
Management Suite
vCenter Server and vCloud Director
Compute
Network / Security
Storage / Availability
vCloud
Networking and Security
vCenter
Site Recovery Manager
NSX
Virtual SAN
vSphere
www.varrow.com
22. vSphere Performance and Scale
Overview
• Low latency application configuration
• 2x Increase in Configuration Maximums
• Up to 64 TB VMDKs
Benefits
• Low latency application optimization –
tune vSphere
• Support for even the largest business
critical applications
www.varrow.com
23. vSphere App HA
Overview
• Detect and recover from application or
OS failure
VMware HA
App
Restart
3
2
APP
OS
vSphere
APP
1
OS
• Supports most common packaged
applications (Exchange, SQL, Oracle,
SharePoint, etc.)
• vCloud Extensibility – APIs to Ecosystem
Benefits
• Simpler management from vCenter Server
• Tier 1 application protection at scale
• Lower TCO than traditional application specific
cluster availability solutions
www.varrow.com
24. vSphere Flash Read Cache: Server-based Flash
to Accelerate VM Performance
Overview
• Virtualized flash resource managed just
like CPU and memory
• Per-VM hypervisor-based read caching
using server flash
vSphere
• Compatible with vMotion, DRS & HA
New
Flash Pool
CPU Pool
Accelerate
performance
Memory Pool
Benefits
• Accelerates performance for mission
critical applications by up to 5-10x
• Enables efficient use of server flash in
virtual environments
• Fully transparent read-caching – no host
agents or application changes
SAN/NAS
www.varrow.com
25. vSphere Replication
Overview
Site A (Primary)
• Virtual machine level replication by the vSphere
host
vSphere
• New Support for:
• Multiple Point-In-Time Copies
• Multiple Replication Appliances per
vSphere
Replication
Site B (Recovery)
vCenter Server
• Storage vMotion
Benefits
• Low cost/efficient replication
vSphere
• More granular recovery options
• DR scalability and flexibility across BCAs
• Integration with SRM enables automated DR
process
www.varrow.com
26. Site Recovery Manager Delivers Cost Effective,
Predictable DR
Overview
Architecture
Site A (Primary)
VMware
vCenter Server
Site Recovery
Manager
VMware vSphere
Site B (Recovery)
VMware
vCenter Server
Site Recovery
Manager
SRM simplifies DR management by automating the testing and
orchestration of centralized recovery plans:
Creation and management of recovery plans from vCenter Server
Single-click automated failover and failback
Automated, non-disruptive recovery plan testing
Support for broad range of replication solutions:
VMware vSphere
vSphere Replication
Array-based replication from all major vendors
Planned data center migration
Benefits
Servers
Servers
50% lower TCO for DR
Setup recovery plans in minutes, not weeks
What’s new with SRM 5.5
Automate DR orchestration and replace manual processes
• Multi-point in time recovery with vSphere Replication
Test as frequently as needed
• Support for Storage vMotion and Storage DRS
Ensure predictable Recovery Time Objectives (RTO) as low as 30
• Integration with Virtual SAN
minutes
Application and hardware agnostic. Protect any application without
the need for point solutions
www.varrow.com
27. vSphere Data Protection is VMware’s Backup & Recovery for
vSphere
Overview
Architecture
VDP provides proven, efficient and simple backup and recovery for small and
midsize vSphere environments
From
vSphere Data Protection (included with vSphere at no cost)
Deployed as a virtual appliance
Powered by
VDP
Agent-less, image-level backup to disk
Integrated with the vSphere platform
vSphere Data Protection Advanced (additional purchase)
All VDP capabilities plus:
Agent-based, application-awareness for Exchange and SQL
VMware vSphere
4x greater scalability
Easy upgrade from VDP
Benefits
What’s new with VDP 5.5
Data deduplicated
• Direct to host recovery (no dependency on vCenter
Server)
• Individual .vmdk backup and restore
• Detachable/re-mountable backup storage
Built for vSphere, based on EMC Avamar technology
4x more storage-efficient
6x faster recovery
Fast and easy deployment
Managed directly from the vSphere Web Client
Designed for the vSphere admin
www.varrow.com
29. VMware vCHS – Cloud Hybrid Service
Two Key Challenges
Growing chasm between Business and IT
due to lack of agility
Lack of trust for business-critical
workloads in the public cloud
Line of Business
IT Team
Requires speed, agility and
the ability to innovate
Focused on maintaining
reliable, secure infrastructure
With the Same Solution
Common platform that spans private and public cloud, linking them together seamlessly.
www.varrow.com
30. Vmware vCHS – Cloud Hybrid Service
IaaS cloud owned and operated by VMware based on VMware software
Existing & New Apps
VMware vSphere &
vCloud Suite
VMware vCloud
Hybrid Service
Seamless Networking
Common management
Your Data Center
One Support call
Software-Defined
Data Center
Any Application… No Changes
www.varrow.com
31. Vmware vCHS – Cloud Hybrid Service
VMware vCloud
Hybrid Service
Web Console
vCloud API
Application Catalogs
OS Catalogs
Compute
Bring Your Own Tools
Bring Your Own VMs
Bring Your Own Licenses
Storage
Networking & Security
Infrastructure Management
Infrastructure Hardware & Facilities
Customer
www.varrow.com
Components
33. Completely Consistent With Your Datacenter
Your Data Center
vCloud Hybrid Service
vCloud APIs
Cloud Catalog
Primary
Virtual Machine Format (OVF)
US East Region
Hypervisor
Firewall & IP Addresses
Regional Office
Layer 2 Network
Regional Office
US West Region
Data Center Extensions that Integrate Seamlessly
www.varrow.com
34. What Workloads are Right for vCloud Hybrid Service?
Email & Collaboration
Exchange, SharePoint, Lotus Notes,
Social Media, VDI
Custom / Line-of-Business
SAP, Oracle, Microsoft, Data
Analytics, Business Intelligence
Web & eCommerce
3-Tier Web Apps, Mobile Application
Development, Content Delivery
Solutions
Business Continuity
Disaster Recovery
Remote Hot Site / Secondary
Backup Site
www.varrow.com
35. Several IaaS Options in the Market
Other Openstack-based
Public Clouds
TRUE HYBRID CLOUD
COMPETING CLOUDS
www.varrow.com
36. vCloud Hybrid Service: A Better Hybrid Cloud
VMware vSphere &
vCloud Suite
Existing & New Apps
VMware vCloud
Hybrid Service
Seamless Networking
Common management
Your Data Center
One Support call
Software-Defined
Data Center
Any Application… No Changes
www.varrow.com
37. vCloud Hybrid Service Key Differentiators
The Fastest
Path to Cloud
Extend
Beyond Your
Current Data
Center
Drive Down
Risk and Cost
of Ownership
Broadest OS
Support
The Same
Platform Used
On-Premises
Common
Management
Tools
Application
Neutral
Seamless
Network
Integration
Security,
Reliability,
Performance
Supports
Existing &
New Apps
Advanced
Networking
Leverage
Existing Tools &
Skills
www.varrow.com
38. vCloud Hybrid Service: Running the Most Operating Systems
Microsoft Azure
Windows Server 2008 R2
Windows Server 2012
SQL Server 2012
CentOS 6
SLES11
Ubuntu 12
OpenSUSE 12
Amazon Web Services EC2
Windows Server 2003 (32/64)
Windows Server 2008 (32/64)
Windows Server 2012
RHEL 5 (32/64)
RHEL 6 (32/64)
SLES11 (32/64)
Debian Squeeze 6 (32/64)
FreeBSD 9
CentOS 6 (32/64)
Ubuntu 10 (32/64)
Ubuntu 11 (32/64)
Ubuntu 12 (32/64)
Amazon Linux (32/64)
SLES 10 (32/64)
OpenSolaris 2008.11 (32/64)
OpenSolaris 2009.06 (32/64)
Oracle Linux 5 (32/64)
Oracle Linux 4 – 32 only
VMware vCloud Hybrid Service
Total: 7
Total: 33
MS-DOS 6.22
Windows 3.1
Windows 95
Windows 98
Windows NT
Windows XP (32/64)
Windows Vista (32/64)
Windows 7 (32/64)
Windows 8 (32/64)
Windows 2000
WinServer 2003 (32/64)
WinServer 2008 (32/64)
WinServer 2012
RHEL 2.1
RHEL 3 (32/64)
RHEL 4 (32/64)
RHEL 5 (32/64)
RHEL 6 (32/64)
SLES 8
SLES 9 (32/64)
SLES 10 (32/64)
SLES 11 (32/64)
SLED 10 (32/64)
SLED 11 (32/64)
Debian 4 (32/64)
Debian 5 (32/64)
Debian 6 (32/64)
CentOS 4 (32/64)
CentOS 5 (32/64)
CentOS 6 (32/64)
Oracle Linux 4 (32/64)
Oracle Linux 5 (32/64)
Oracle Linux 6 (32/64)
Asianux 3 (32/64)
Asianux 4 (32/64)
Ubuntu 8 (32/64)
Ubuntu 9 (32/64)
Ubuntu 10 (32/64)
Ubuntu 11 (32/64)
Ubuntu 12 (32/64)
FreeBSD 6 (32/64)
FreeBSD 7 (32/64)
FreeBSD 8 (32/64)
FreeBSD 9 (32/64)
Solaris 10 (32/64)
Solaris 11
IBM OS/2 Warp 4
NetWare 5
NetWare 6
eComStation 1
eComStation 2
SCO UnixWare 7
SCO OpenServer 5
Total: 90
Data collected Apr 8, 2013
Support both legacy and new apps in the same cloud
www.varrow.com
39. Comparison of Hybrid Cloud Capabilities: The Same Platform
vCloud Hybrid Service
VM Format
Consistency
VM Migration
Between On- and
Off-Premises
Maintains VM
Resiliency
VMware vSphere
and OVF
migration
Seamless offline
Supports
continued use of
vSphere HA
AWS
No on-premise
version of AWS
Only Windows
Server 2003 &
2008; No Linux
support
EC2
infrastructure is
not inherently
resilient
MS Azure
Rackspace OpenStack
~
☐
VHDX must
convert down to
VHD
~
☐
Linux VMs
require add’l
packaging;
Configuration
only thru API
Azure not
inherently
resilient
~ hypervisor
☐ Not if different
portable
Only images are
OpenStack
infrastructure
not inherently
resilient
Only VMware provides complete compatibility between onand off-premises workloads
www.varrow.com
40. Networking & Security Integration is Unique to VMware
Your Data Center
vCloud Hybrid Service
The Same
Security Policies
Primary
Integrated L4-7
services for
Firewall/NAT,
IPSec VPN, Load
Balancers, VXLAN
gateways
US East Region
The Same
Networking
Topology
Regional Office
One click layer 2
extensions
US West Region
Full softwaredefined networks at
layer 2 and layer 3
Regional Office
Data Center Extensions that Integrate Seamlessly
www.varrow.com
41. Comparison of Hybrid Cloud Capabilities: Network
Integration
Only VMware takes the guesswork out of networking and
security in the cloud
www.varrow.com
42. Comparison of Hybrid Cloud Capabilities: Network Integration
vCloud Hybrid Service
Networking &
Security Portability
Advanced
Networking
Extends the Layer 2
across different Layer
3 networks
VMs can retain
IP/MAC address,
firewall/NAT rules
Layer 2 Network
Extension
Nine routable IP
spaces available;
Intuitive design
replicates traditional
networking
AWS
Nothing
comparable;
Elastic IP uses
Layer 3 addressing
All networking
settings must be
recreated
Proprietary
networking forces
steeper learning
curve, lack of IT
control
Rackspace
OpenStack
MS Azure
Not available;
Uses separate
Layer 3 networks
Must be recreated
via SDK, API, or
PowerShell
Networking not
consistent, must
use PowerShell to
design
Not available
Must be
recreated
~
☐
Some
capabilities
delivered via
Nicira
Only VMware takes the guesswork out of networking
and security in the cloud
www.varrow.com
43. Support for Advanced Networking Topologies
Your Data Center
vCloud Hybrid Service
10.25.132.x
10.25.132.x
DMZ
IPSec or SSL VPN
vCloud Hybrid Service Networking:
•
•
•
Nine routable IP spaces
Intuitive design replicates traditional networks
Customizable to support production applications
www.varrow.com
44. AWS “Hybrid Cloud” Falls Short in Comparison
Your Data Center
VM Import/Export
Limited to Windows
Server 2003 and
2008 instances; No
Linux support!
Regional Office
•
Replaces traditional
network concepts with
proprietary tools
(Elastic IP, Security
Groups)
Security &
Networking
•
Steeper learning curve
to replicate production
networks
Re-created from
scratch in both
directions
Primary
•
Limits IT control over
network topology
Regional Office
Workloads must be re-architected for AWS…
www.varrow.com
…and are then locked in
45. Use the Same Management Tools On- and Off-Premises
vCAC
PORTAL
DEVICES
CUSTOM
PORTALS
APPLICATIONS
vCloud Automation Center
Security
Service Tiers
Policies
Service Blueprint
vCloud Director
vCloud Connector
vCloud
Networking
and Security
vCenter
Site Recovery
Manager
vSphere
VMware vCloud Suite
vCloud Hybrid Service is seamless for both IT and end users
www.varrow.com
46. Complete Compatibility to Your Virtualized x86 Workloads
On-premise: 480,000+ VMware customers around the world
• 84% use vMotion in production
• 77% use HA in production
• 60% use DRS in production
IaaS Offerings:
vCloud Hybrid
Service
AWS
MS Azure
Rackspace
Openstack
Live Migration of VMs
HA (auto restart)
DRS (auto balancing)
Source: Comprehensive survey of VMware customers in Q1 2011
Keep the apps and app development processes you have
www.varrow.com
47. What Happens When a Host Fails?
Competing Clouds – No Recovery
vCloud Hybrid Service – Auto Recovery
Failed VMs
Resource Pool
vSphere
vSphere
Hypervisor
Hypervisor
Hypervisor
Operating Server
•
vSphere
Failed Server
Operating Server
Operating Server
Failed Server
Operating Server
Every vCloud Hybrid Service deployment
provides built-in HA capacity:
– Automatically recovers VMs if host
fails
– Automatically recovers VMs that fail
– Minimizes downtime from regular
host maintenance and patching
•
Developing “design for failure” apps can
come with additional costs:
– Increased software development
time
– New expertise required
– Not always feasible
www.varrow.com
48. vCloud Hybrid Service Features – At no additional charge...
Dedicated Cloud
Virtual Private Cloud
Firewalls
VPNs
Load Balancers
Disk I/O
Redundancy +
HA
DHCP, NAT
• Included at no additional cost for all customers
• Services do not consume resources from subscribed capacity pools
• Networking and security components are configurable within the service
administration portal
www.varrow.com
49. Varrow VCare Technologies
Supported
•
•
•
•
•
•
EMC Storage
EMC Data Protection
VMware vSphere
VMware vCHS
VMware View
VMware SRM
• Citrix XenApp, XenDesktop
and Netscaler
• Cisco UCS and Nexus
• Cisco Network & Security
• Microsoft Exchange, Active
Directory, and SQL
www.varrow.com
50. What VCare Program is Right for You?
Standard
Reactive Support
• 8x5 incident
reactive support
• 24x7 basic ping
monitoring and
notification
• VCare response
time SLAs
• Manufacturer
escalations
• Available on all
Varrow supported
technologies
•
•
•
•
•
•
•
•
Professional
Managed Support
24x7 incident
proactive support
Full SNMP+ device
monitoring
VCare response
time SLAs
Discount on prepaid
service hours
Annual VChecks
Quarterly service
reviews
Monthly service
reports
Available on all
Varrow supported
technologies
Enterprise
Managed Services
• All benefits from
VCare Professional
plus...
• Unlimited 24x7
proactive support
• Operational run
book development
• Configuration,
change, and
capacity
management
• Patching and code
updates
• Uptime SLAs
• Available on EMC
backup and storage
products
www.varrow.com
The adoption of server virtualization over the past decade has resulted in a completely new operational model for provisioning and managing applications workloads in the data center. The ability to be dynamic, to treat physical compute (hosts) as a pool of CPU, memory and storage capacity that can be consumed and repurposed on demand, transformed the server market landscape and saved businesses billions of dollars. However, the network to which these now dynamic workloads are connected has not kept pace. The network operational model is the same as it has been for 25 years, designed in a time when workloads were static and ran directly on physical servers. This antiquated operational model is broken and is now a barrier to achieving the full benefits of virtualization: Legacy physical networks are complex, hardware dependant and require vendor specific expertise Network provisioning is a slow and manual process, taking days or weeks to provision even simple network topologies. Legacy VLANs make networking operationally intensive, requiring significant manual configuration and maintenance Workload placement and mobility is limited by physical network constraints and topology Security is bolted-on and creates chokepoints and hairpinning firewall rule tables are complex. In a dynamic datacenter environments, every time new firewall rules are needed, firewall rule table must be updated, a process that can take weeks. Network services such as load balancing are provided by costly purpose-built hardware appliances and cannot scale with the business requirements.<Click>The solution to address the challenges of the legacy network is to virtualize the network.Vmware did a great job of virtualizing a server and now we are doing the same for the network. What if you could programmatically provision any network to allow you to place any workload anywhere which then could be moved anywhere which is then independent of any physical hardware and provides you operationally efficiently where now you can deploy any of the complex applications within minutes. That is the goal of network virtualization. <click through to build the slide out. 8 clicks> Network virtualization layer abstracts physical network constructs and greatly simplifies the provisioning and consumption of networking moving forward. In addition, security services are built in, do not require purpose-built hardware, and can scale with the network
Introducing VMware NSX.NSX is the network virtualization platform that delivers the entire networking and security model in software, decoupled from traditional networking hardware. The VMware NSX platform brings together the best of Nicira NVP and VMware vCloud Network and Security (vCNS) into one unified platform. It can be deployed on top of any physical IP network fabric, resident with any compute hypervisor, connecting to any external network, and consumed by any cloud management platform.Let’s dig deeper and understand how it work.Like server virtualization, the NSX approach allows data center operators to treat their physical network as a pool of transport capacity that can be consumed and repurposed on demand. Like a virtual machine is a software container which presents logical CPU, memory and storage to an application, a virtual network is a software container that presents logical network components to connected workloads – logical switches, logical routers, logical firewalls, logical load balancers, logical VPNs and more. Virtual networks are programmatically created, provisioned and managed, utilizing the underlying physical network as a simple packet forwarding backplane. Network services are programmatically distributed to each VM, independent of the underlying network hardware or topology, so workloads can be dynamically added or moved without any human intervention and all of the network and security services attached to the VM move with it, anywhere in the data center of between multiple data centers.<Click>NSX works by firstCompletely decoupling virtual networks from physical network hardwareThe network virtualization layer works as an overlay above any physical network hardware and works with any server hypervisor platform. This means that the only requirement from a physical network is that it provide IP transport. There is no dependence on the underlying hardware or hypervisor deployed.2. NSX then, faithfully reproduces the physical network model in the virtual network space, so that workloads see no difference.Itreproduces the entire networking environment, L2, L3 , L4-7 network services, in software within the virtual network. The workloads that are connected to the software network, see the network model as if they are connected to the physical network. Not only that, NSX provides a distributed logical architecture for L2-7 services including, logical switch, router, firewall and load balancer, enabling the network and security services to move and scale with the VMs. In addition, the distributed firewall with identity context provides line rate performance. NSX also includes a global server load balancer with SSL termination. And it also provides gateway capability allowing seamless connection to legacy VLANs and physical workloads.3. NSX Automation is from both a cloud operations and network operations perspective.NSX offers a way to automate the consumption of services and their mapping to Virtual Machines using logical policy, greatly improving operations. Customers can assign policies to groups of VMs and as more VMs are added to the group, the policy is automatically applied to the VM. Customers can build advanced workflows automating their network provisioning and security/compliance workflows such as n-tier application provisioning including L2, load balancing VIPs and Firewall rules. 4. Finally NSX offers a platform to insert other vendor services. As VMs vMotion from host to host, partner services maintain connection state and protection for those VMs. Partners can also take advantage of policy based deployment described above. Partners services can be applied selectively based on regulations such as PCI or HIIPA or on specific applicationsBy virtualizing the underlying physical network, NSX delivers a completely new operational model for networking that breaks through current physical network barriers and allows data center operators to achieve orders of magnitude better agility and economics. Benefits include: Innovation speed & business velocity: Complex multi-tier network topologies to be created and provisioned programmatically in seconds. Some customers reduced network provisioning time from days to seconds Dramatic cost savings. OPEX savings exceed CAPEX saving, contributing to an overall steady state IT expense reduction. In fact, a large financial services company estimates combined OPEX and CAPEX results in 75% reduction in overall IT expenses NSX provides the operational model of a VM for the network. The ability to programmatically create, provision, snapshot, delete, restore complex, multi-tier networks all in software The deployments is Non-disruptive and existing applications work unmodified.<click>NSX will GA in Q3 of 2013
VMware continues to offer vCloud Networking and Security product as part of the vCloud Suites. In 2013, this product is no longer offered standalone, it is only available bundled with vCloud suites. vCloud Networking and Security, bundled with the vCloud Suite is a completely separate product from VMware NSX. vCloud Networking and Security provides fundamental networking a security features for virtualized compute environments.Now let’s take a look at the components that make up vCloud Networking and Security.Edge virtual appliance delivers an operationally efficient, simple and cost-effective security services gateway to secure the perimeter of virtual datacenters and provide integrated services such as loadbalancing, VPN, NAT etc.App: is used to isolate and protect workloads based on trust levels, so that customers can protect critical applications in the virtual datacenterData Security: adds to App functionality and provides Sensitive Data Discovery across virtualized resources, enabling IT organizations to quickly assess the state of compliance with regulations from across the world. VXLAN – VXLAN works by creating Layer 2 logical networks that are encapsulated in standard Layer 3 IP packets. A "Segment ID" in every frame differentiates the VXLAN logical networks from each other without any need for VLAN tags. This allows large numbers of isolated Layer 2 VXLAN networks to co-exist on a common Layer 3 infrastructure. Note that VXLAN requires multicast in physical networks to be turned on. VXLAN technology allows compute resources to be pooled across contiguous clusters and then segment this pool into logical networks attached to applications.vShield Manager: integrates with vCenter and vCloud Director for seamless management of all virtual datacenter resources.Benefits:By including vCNS in vCloud suite, VMware has bundled the foundational networking and security functionality for virtualized environments in a single SKU.vCNS enables customers to pools compute resources across clusters and improve server utilization and improve Workload mobility. Customers realize cost savings by use of virtual appliances instead of purpose built hardware for services such as perimeter firewall, load balancer, VPN.App firewall helps customers isolate critical applications on shared infrastructure and meet their compliance goals
But the world is changing. Let’s take a look at the major trends that are enabling a whole new approach to storage. There are 3 major trends happening today:Severs are becoming increasingly powerful with multi-core CPUs and denser memory Server side flash and disks are becoming more affordable and reliable openingvSphere has become the default platform to run application and with its privileged position in the stack it has unique visibility into the needs to applications and the capabilities of underlying hardware
Software-defined storage delivers three key aspects of storage purely as software:Automated storage consumption through policiesVirtualized hardware-agnostic data servicesHypervisor storage abstraction on heterogeneous hardware
Virtual SAN clusters server disks to create radically simple shared storage designed for virtual machines. Virtual SAN automates storage provisioning and management with a self-tuning VM-centric approach. It enables two-click storage provisioning and automatically maintains the storage capacity, performance and availability required for individual VMs. By enabling a scale-out architecture with built-in read/write SSD caching, it delivers high performance, resiliency against multiple hardware failures and dynamic scalability. It reduces both capital and operating expenditures to deliver upto 50% lower TCO.
VSAN can be deployed in a wide range of use cases. The most significant ones that we see initially are: VDI, T/D or tier 2 environments, DR thanks to the integration with SRM and VR, ROBO, Big Data
VMware provides a suite of Business Continuity solutions to offer holistic BCDR protection to all applications running on the vSphere platform. These solutions provide simple, cost-effective protection with a common solution for all your applications. The VMware BCDR solutions includes: Local availability products to protect applications against downtime of individual hosts. This includes vSphere HA and FT for unplanned downtime, as well as vMotion and Storage vMotion for planned downtime. Data protection solutions to back up entire VMs, including OS, application binaries, and application data, in a simple, non-disruptive manner. This includes vSphere Data Protection, an entirely new backup and recovery solution designed for vSphere, replacing vSphere Data Recovery and designed for smaller deployments, and the Storage APIs for Data Protection that enable third party backup vendors to integrate directly with vCenter and vSphere.Disaster Recovery - vSphere Replication is an exciting addition to the vSphere platform providing cost-efficient and simple way to manage replication. vCenter Site Recovery Manager leverages vSphere and vSphere Replication to protect applications against site failures and to streamline planned migrations.
vSphere App HA is a new feature that complements the functionality of vSphere HA to detect and recover from application failure. App HA improves application uptime through policy-based,application-level monitoring and automated remediation with multiple recovery options, e.g. restart the application service or restart the virtual machine.App HA eliminates the need for application-specific clustering solutions, therefore reducing the complexity involved in managing infrastructure silos, as well as cost associated with the solutions. vSphere App HA leverages VMware vFabric™ Hyperic® to deliver uniform monitoring and support for the most commonly used, off-the-shelf applications.
vSphere Flash Read Cache isvSphere feature that virtualizes server side flash providing a high performance read cache layer that dramatically lowers application latency. The caching is fully transparent to the VM without requiring any guest agents. vSphere Flash Read Cache enables allocation of flash resources at a per-VMDK granularity providing vMotion consistent read caching and integration with DRS for initial placement
vSphere Replication is the only true hypervisor-based replication solution for vSphere, enabling simpler management directly from vCenter Server with virtual machine granularity. It natively integrates with SRM for customers that want to full automated DR orchestration. vSphere Replication provides robust asynchronous replication with flexible Recovery Point Objectives (RPO) that can get as low as 15min. Because it operates at the individual virtual machine disk (VMDK) level, it enablesreplication that is storage agnostic. Customers can save not only on replication software, but also on storage infrastructure by using lower end, heterogeneous arrays across sites, including Direct Attached Storage.What’s new: Multiple point-in-time snapshots enable to retain historical points in time of replication and to recover from previous “last-known-good state” Multiple replication appliances per vCenter Server enables open topologies that can now be broadened to encompass inter-datacenter replication and intra-datacenter replication Support for Storage vMotion and Storage DRS enables to move VMs within the protected (primary) site
All of the hybrid cloud scenarios require a high level of consistency between clouds.If we start with what your data center looks like today, you have built infrastructure based on investments in enterprise hardware and software – servers, storage, networking and security, virtualization and management. Most of you have virtualized with VMware and some of you have started building catalogs of gold templates and vApps for your virtual environment. Some of you have also written some automation scripts with the vCloud API.vCloud Hybrid Service is designed to replicate your data center. It is built on the same stack that you are currently using and that makes it simple for you to treat vCHS as a natural extension to your current data center.Only VMware has provided a solution that maintains the same storage format (VMDK), allows you to extend your existing Layer 2 network, consistently copies your firewall and NAT rules, while also synchronizing those templates. Furthermore, as the service is built on vSphere and vCloud Director, you can expect your VMs to behave the same. You can even reuse your vCloud API automation scripts.This is complete compatibility across the entire stack which enables all of the hybrid cloud use cases mentioned earlier.
The possibilities for using vCloud Hybrid Service is everything from the low hanging fruit applications such as email, collaboration systems, and web applications to complex custom line-of-business applications. Regardless of the type of application you’re looking to run, using the Hybrid Service capacity as an initial testing and integration testing environment is common. Once initial application and workload testing is done, feel confident that you can move workloads into production in the same environment since our service was designed and architected to provide production-level service and support.
When customers are evaluating a cloud service provider, the 3 platforms that are often mentioned include Amazon Web Services, Rackspace Cloud Servers (built on Openstack technology), and Microsoft Windows Azure. In terms of cloud market share, Amazon is the clear leader with an estimated 60-70% market share. That is followed by Rackspace in the #2 spot. Windows Azure has the weight of Microsoft behind them.VMware vCloud Hybrid Service is something quite different than all these 3 platforms. We looked at these other services and found their shortcomings. Then, we went and built a new service that solves the problems that these clouds cannot – we have a service that can bridge the gap between on-premises and off-premises to deliver a true hybrid cloud.So why vCHS is different? How does vCHS stand against these other vendors that have been providing services longer than we have? How do you position our differentiators?
VMware is uniquely positioned to offer the best hybrid cloud because it is built on the same stack being used in the majority of data centers today. With 480,000 customers running vSphere and many of them with VMware-first policies, there are approximately 36 million virtual machines out there running on VMware technology. vCloud Hybrid Service is a seamless extension of a customer’s data center – with seamless networking, common management, and ability to support both existing and new applications.But what exactly are those differentiators? How is this different than what AWS, Azure, or Rackspace can do?
The three pillars to differentiation are:vCloud Hybrid Service is the fastest path to cloudVMware is delivering a true hybrid cloud with this service that is a natural extension to customers’ existing data centersAnd vCHS is the most pragmatic approach to cloud which drives down the risk and cost of going to the cloudThe first point is about our ability to support more workloads in a cloud environment than any other service out there – In other words, vCHS is the best public cloud.The second point is about delivering on the promise of hybrid cloud that goes far above what other services can do – In other words vCHS and VMware deliver the best hybrid cloud.The last point is about how we make it easy and painless for companies to adopt vCHS, removing the barriers that often hold companies back.
To summarize, VMware is delivering the best hybrid cloud in the market. First, it is able to support the 36 million VMs that are deployed on VMware today. vCloud Hybrid Service is a completely consistent and compatible environment to vSphere on premises. Customers don’t need to do any conversions when they move workloads, meaning there is no need to redesign anything.Where competitors falls short:AWS: There is no “on-premises” version of AWS. That means an AWS hybrid cloud requires workloads that are mainly built on vSphere must be completely converted to run on AWS (and vice versa). This is challenging because AWS is built on a version of the Xen hypervisor. To make AWS more “hybrid” friendly, AWS created the VM import/export tool which is a way to convert vSphere VMs to run on AWS. The problem is this tool only works with Windows 2003 and Windows 2008 VMs… It doesn’t support older Windows or Windows 2012 VMs and it doesn’t support Linux VMs. Another major problem is that a VM that was built in a vSphere environment typically relies on the infrastructure to be resilient (via vSphere HA). The EC2 infrastructure is not inherently resilient meaning these same applications will need to be redesigned to make them work well in an AWS environment.Azure: Microsoft recently added Azure Infrastructure Services to meet the needs of users who were looking for an IaaS solution. This was not the original intent of Azure which was really designed to be a PaaS solution. Azure is the closest to being able to match VMware’s hybrid capabilities, but there are still some important limitations. For example, if a customer is running the most current version of Hyper-V on-premise, that means they are running Windows Server 2012 and the storage format for VMs in this generation are VHDX files. However, Azure doesn’t support VHDX. So the customer must downgrade the file to VHD first. Also, when migrating a Hyper-V VM to Azure, there are several extra steps that must be taken – especially if it is a Linux VM. With Linux VMs, an additional package must be inserted to make it “Azure-aware”. And while Hyper-V supports failover clustering and HA, Azure does not. So again, the VM must be redesigned to make it work well in an Azure environment.Rackspace Cloud Servers is based on OpenStack Nova technology. Currently, it is running the Folsom release of Openstack on KVM. While the Openstack technology can be used to build clouds on-premise, adoption is still in its early phase. Also, if a company runs their on-premise Openstack environment on Xen or vSphere or Hyper-V, then the VMs deployed on-premise will not be consistent with Rackspace Cloud Servers. To solve some of these compatibility issues, Rackspace also provides a Private Cloud edition of their Cloud Servers. While that helps resolve the platform compatibility issue, the Openstack community has not solved the VM migration problem. Right now, only image templates can be shared across openstack-based clouds. There is no capability to move an instance between clouds. And once again, there is no resiliency built into the Rackspace architecture.
Seamless Network Integration is a critical strength for VMware that builds on both our vCloud Networking & Security (formerly vShield) technology, VXLAN network virtualization, and vCloud Connector. VMware is the only vendor that has made networking between on- and off-premises completely seamless with these unique capabilities:For example, with VMware you can take your existing Layer 2 network from your on-premises data center and extend that to vCloud Hybrid Service. That means VMs that reside on vCloud Hybrid Service can use the exact same Layer 2 domain even though it sits in a different Layer 3 network.In addition, you can take a vApp template – a group of VMs that are working together - with all of the intra-VM communication settings, and simply copy and paste this into vCHS while maintaining all of the internal networks. You don’t have to redesign these. You can also maintain the same IP and MAC addresses for a VM when you migrate them between clouds. Finally, you can maintain all of the Firewall rules that you’ve designed for your internal network and simply migrate those into vCHS as well – making your deployments in vCHS more secure and less prone to human error that comes from having to recreate security rules.
Second, VMware delivers unparalleled network integration between on-premise data centers and vCHS. These capabilities make it easier to extend into the cloud:Extending Layer 2 networks across different Layer 3 networks: A customer can take a Layer 2 domain they are using in their data center and extend that into vCHS. That way, VMs deployed in vCHS appear to be in the same Layer 2 network as those on-premise. One example where this becomes important is deploying a distributed Sharepoint environment. Without this capability, a separate Domain/AD set up is required.With vCloud Connector and vCloud Networking & Security (requires vCD 5.1), a virtual machine can be migrated (offline) from an on-premise data center into vCHS without need to change the IP and MAC addresses. Going back to the Sharepoint example, this means that a web server can simply be moved over to vCHS without having to reset all the authentication and networking rules.Also with vCloud Connector and vCloud Networking & Security, the firewall and NAT rules that you’ve defined on-premise can be seamlessly migrated into the vCHS. This actually can improve security because you are less susceptible to human error.Where competitors falls short:AWS – AWS relies on “Elastic IP” which is a Layer 3 construct that is specific to AWS only. It is a static IP tied to AWS instances, although they are different and not interchangeable between “EC2-classic” versus “EC2 VPCs”. Because of this reliance on Elastic IP, when a customer migrates VMs into AWS, they have to completely re-architect the networking to make these VMs work. Think for example if you have a 5-VM application (1 DB, 2 App Servers, 2 Web Servers). With AWS, you have to move each VM and then reconnect all of the networking rules between them. The same is true for any security firewall/NAT settings. They are all completely redesigned.Azure – Azure VMs carry over some virtual networking capabilities introduced recently in Hyper-V. The interesting scenario is when you want an Azure VM talk to an Azure Cloud Service (part of the original PaaS platform). Since these environments are completely unique platforms, the only way to do so is to route the traffic through an external network. In terms of controlling the network settings, there is very little accessible in the Azure UI. All networking design and set up must be replicated manually via PowerShell or scripts. That is true for both networking and security.Rackspace Cloud Servers – Quantum came out of incubation is the network virtualization solution for OpenStack. Rackspace has rolled out Quantum as part of “Cloud Networks” – it uses Open vSwitch and Nicira NVP (which is now part of VMware). While Cloud Networks does improve the ability to create networks via software, and it has the capability to do the Layer 3 stretching we are talking about, it is not supported with Cloud Networks today. Even with NVP, though, Rackspace does not have a solution that allows the network and security settings of on-premise VMs be carried into Rackspace Cloud Servers. * Side note on security settings: When lines of business and developers go straight to cloud (and bypass IT) there is no way to know if they are following company security policies. Now, when you add in a layer of self-design, the chances for human error causing serious GRC problems increases dramatically. With vCloud Hybrid Service, companies can leverage the security settings that have been well-defined and managed with internal workloads and copy them into the cloud. Less room for error, easier to maintain GRC.
VMware delivers unparalleled network integration between on-premise data centers and vCHS. These capabilities make it easier to extend into the cloud:-Extending Layer 2 networks across different Layer 3 networks: A customer can take a Layer 2 domain they are using in their data center and extend that into vCHS. One example where this becomes important is deploying a distributed Sharepoint environment where the SQL database remains on premise and the web front end is in vCHS. Now both parts of the application are within the same domain even though they are in separate environments. That also means less work maintaining a DNS server to keep track of where things are pointing.-With vCloud Connector and vCloud Networking & Security (requires vCD 5.1), a virtual machine can be migrated (while powered off) from an on-premise data center into vCHS without the need to change the IP and MAC addresses and the firewall and NAT rules. That means everything a team has already defined on-premise can be seamlessly migrated into the vCHS. This actually can improve security because you are less susceptible to human error.-vCHS networking is both powerful and intuitive. Each Edge Gateway device is also extremely flexible and can support up to 9 different routable IP spaces. Yet the entire networking architecture for vCHS is a virtual implementation of traditional physical networking. That makes it far more intuitive for users - there's nothing new to learn. And by providing RBAC, vCHS can separate the policy implementation (IT designs the network gateways) from the infrastructure consumption (AppDev just attaches a VM to one of the network gateways provided by IT). See note below.Where competitors falls short:•AWS – AWS relies on “Elastic IP” which is a proprietary Layer 3 construct that is specific to AWS only. Because of this reliance on Elastic IP, when a customer migrates VMs into AWS, they have to completely re-architect the networking to make these VMs work. Think for example if you have a 5-VM application (1 DB, 2 App Servers, 2 Web Servers). With AWS, you have to convert each VM (already a painful process) and then reconnect all of the networking rules between them using proprietary constructs that do not exist elsewhere. The same is true for any security firewall/NAT settings which must be completely redesigned using Security Groups. And since all of this is controlled locally, the app developer must become the networking and security expert.•Azure – Azure VMs carry over some virtual networking capabilities introduced recently in Hyper-V. The interesting scenario is when you want an Azure VM talk to an Azure Cloud Service (part of the original PaaS platform). Since these environments are completely unique platforms, the only way to do so is to route the traffic through an external network. In terms of controlling the network settings, there is very little accessible in the Azure UI. All networking design and set up must be replicated manually via PowerShell or scripts. That is true for both networking and security.•Rackspace Cloud Servers – Quantum came out of incubation is the network virtualization solution for OpenStack. Rackspace has rolled out Quantum as part of “Cloud Networks” – it uses Open vSwitch and Nicira NVP (which is now part of VMware). While Cloud Networks does improve the ability to create networks via software, and it has the capability to do the Layer 3 stretching we are talking about, it is not supported with Cloud Networks today. Even with NVP, though, Rackspace does not have a solution that allows the network and security settings of on-premise VMs be carried into Rackspace Cloud Servers.* Side note on security settings: When lines of business and developers go straight to cloud (and bypass IT) there is no way to know if they are following company security policies. Now, when you add in a layer of self-design, the chances for human error causing serious GRC problems increases dramatically. With vCloud Hybrid Service, companies can leverage the security settings that have been well-defined and managed with internal workloads and copy them into the cloud. Less room for error, easier to maintain GRC.
When you compare that to what AWS calls a Hybrid Cloud, the differences are clear.AWS often highlights its VM Import/Export tool as being a great way to move vSphere VMs into AWS (and AWS AMIs back onto vSphere). However, what they don’t often show you are the complexities of this process and the limitations of the tool. For one, the tool only works for Windows Server 2003 and 2008 instances. It does not support Windows Server 2012 nor does it support any Linux VM. But even when it is importing a Windows-based VM, it is not a simple offline migration like it is with vCHS. That is because AWS is built on a proprietary Xen-based hypervisor and format called AMI. A vSphere VM is based on a completely different technology and format (OVF) and the conversion from OVF to AMI requires a lot of scripting and preparation.Even after a VM has been converted (which can take a very long time depending on the size of the VM), the networking and security must be completely redesigned using AWS constructs like Elastic IP. Now consider how complex this would be with a a multi-VM application (like a vApp).
Part of what customers are looking for in a hybrid cloud is also the ability to manage both on- and off-premises environments using the same tools. With vCHS, companies can use the tools they’re already using. The vCloud Connector plug-in for vSphere allows an admin to manage and migrate VMs through vCenter. And with integration to vCloud Automation Center, a company can present a single portal to the end users while maintaining access to an internal private cloud, vCloud Hybrid Service, and other platforms including AWS and Azure.The integration with vCAC allows a company to define policies that automatically provision applications into one of the platforms based on needs. The beauty of vCHS is that it is practically invisible to the end user.
Today, there are more than 480,000 customers running VMware internally. That means there are millions of applications that have been tested and vetted to run on VMware. Now, when we last surveyed customers 2 years ago, we saw that a large majority of these customers were using VMware vMotion, High Availability, and DRS in production. That means most customers have come to rely and trust the VMware technology for their applications and have learned to tune their applications to run well on VMware; They have come to expect a certain level of security, reliability, and performance.Now when you compare the technology in most public clouds, many of these basic features are not supported. If the cloud does not support these features, the applications that have been running well in a VMware virtualization environment no longer have the same behavior. Consider for example what happens when a host becomes offline…either due to planned & unplanned downtime. For an application built on-premises in a VMware environment, the line of business application owners are probably accustomed to a certain level of availability and performance that comes from enabling vSphere HA and DRS. All of these things that applications have relied on are no longer available in these other clouds. That makes it difficult to support existing applications in these clouds.This goes back to the core architecture of these competing clouds…
vCHS is built on a different model where the underlying infrastructure is responsible for availability. In fact, each cloud in vCHS is provided a built-in failover node specifically for the automatic recovery of failed hosts and VMs. The main advantage of this model is that it can support any virtualized application. But this extra node also provides another benefit to customers – with an extra node, regular host maintenance and patch updating can occur without forcing to bring down all the VMs – they can be migrated one-by-one to the spare capacity, minimizing maintenance downtime.By being built on vSphere, customers are also less likely to have applications impacted by performance issues. That is because vCHS supports DRS and Storage vMotion – features that enable the rebalancing of a customer’s environment based on current demands.
For both services, Firewalls, VPNs, Load Balancers, Disk I/O, Redundancy & HA, DHCP & NAT are included. We do not charge for these and they are “free” to the customer. This is unlike some of our competitors who charge for each of these individually.