VMware vCloud Director Technical Overview
Bruce Pellegrino, Senior Systems Engineer
Confidential
© 2009 VMware Inc. All rights reserved
A New Era in IT Management
IT Service
Management
Cloud
Management
Systems
Management
Job
Scheduling
Mainframe
Distributed
Computing
Web
Cloud
Cloud is an inflection point that will transform the
delivery and management of IT services
2
Confidential
VMware Accelerating the Journey to Cloud
Cloud Computing is an approach to computing that leverages the efficient pooling
of on-demand, self-managed virtual infrastructure, consumed as a service.
Efficiency thru Utilization
and Automation
3
Agility with Control
Freedom of Choice
Pooling
From machines to highly
elastic resource pools, with ondemand capacity
Self-Service
Easy access with policybased provisioning and
deployment
Open & Interoperable
Application mobility between
clouds, based on open
standards
Zero-Touch Infrastructure
Policy-driven automation of
provisioning, deployment and
management
Control
Application-aware
infrastructure with built-in
availability, scalability, security
and performance guarantees
Leverage Existing
Investments
Benefits of cloud computing to
existing applications and
datacenters
Confidential
Customers Expect Us To Lead The Way!
Tackling the Operational Challenges of Managing a Growing Virtualized Environment
COST EFFICIENCY
Get the Most Out
of Your
Infrastructure
IT Production
Manage hypervisors, VMs
and dev/test environments
• P2V
• Inventory Mgmt
• Patching
 Server & infrastructure
consolidation
4
Confidential
Customers Expect Us To Lead The Way!
Tackling the Operational Challenges of Managing a Growing Virtualized Environment
COST EFFICIENCY
QUALITY OF SERVICE
IT Production
Business Production
Achieve
Unprecedented
Reliability
 Business-critical
applications in
production
5
Confidential
Manage large, dynamic,
shared infrastructure




Performance Mgmt
Capacity Mgmt
Compliance & Config
Business Continuity
Customers Expect Us To Lead The Way!
Tackling the Operational Challenges of Managing a Growing Virtualized Environment
COST EFFICIENCY
QUALITY OF SERVICE
BUSINESS AGILITY
IT Production
Business Production
IT as a Service
Evolve to IT as a
Service
via Cloud Computing
Architecture
 Self-service IT
Deliver self-service & manage
service levels across clouds
 Self-Service
 Financial Mgmt
 Chargeback
6
Confidential
VMware Solutions for IT as a Service
End User Computing
Management
Security
Compliance
• Secure
• Manageable
Cloud Application Platform
• Open
Cloud Infrastructure
and Management
7
Confidential
Management
Security
Compliance
Management
Security
Compliance
Virtualization & Cloud Management: VMware Approach
End-User Computing Management
Management
End User Computing
• Secure
Cloud
• Manageable
Application
Platform
• Provision & deploy desktops rapidly
Security
End User
Computing
• Manage
workstation images simply
• Deliver virtualized applications to desktop
Compliance
IT Business
Management
• Orchestrate
Application Management
cloud processes
• Encapsulate applications into containers with vApps
Management
• Assure application portability & performance
Platform
•Cloud
Establish Application
service contracts with
infrastructure
• Open
- simple &
Security lightweight
• Manage private
Compliance
cloud requests
• Meter and
allocate costs
Infrastructure & Operations Management
Cloud
Infrastructure
and Management
• Create a zero-touch, compliant infrastructure
Management
Cloud •Infrastructure
Build automation into platform
Security
• Deliver self-service through policy-driven control
and Management
Compliance
VMware Management Solutions
8
Confidential
Virtualization & Cloud Management: VMware Solution Areas
End-User Computing Management
End User Computing
Administration
Deployment
Updating
IT Business
Management
Request
Fulfillment
Application Management
Discovery &
Mapping
Application
Performance
vApp
Packaging
Asset
Management
Cloud Applications
Chargeback
Service Desk
Infrastructure & Operations Management
Public/Private/Hybrid Cloud
Virtualized Infrastructure
• vCloud
VMwareDirector
Cloud Director
• vSphere
9
Availability &
Performance
Business
Continuity
Configuration
Capacity
Provisioning
Compliance &
Security
VMware Management Solutions
Confidential





10
VMware Cloud Components and Licensing
VMware Cloud Architecture
Deploying a VMware Cloud
Cloud use cases
Cloud Automation
Confidential
VMware Cloud Components




11
VMware vSphere and vCenter Servers
VMware vCloud Director
vShield vShield for VMware Cloud Director
Chargeback Server
Confidential
VMware vSphere and vCenter Server
 Clusters and Resource Pools
vCenter Server
• Provide cloud compute
• DRS is a requirement for the cluster
vSphere Cluster/Resource Pool
• Shared storage
• vMotion compatible or EVC enabled
 Datastores
vNetwork Distributed Switch
• Provide cloud storage
• Abstract away underlying storage
type
 Portgroups
ESXi/ESX hosts
• Provide cloud networking
• Abstract away underlying
networking infrastructure
FC Storage
• vSwitch, vNetwork Distributed
Switch or Nexus 1000V
12
Confidential
iSCSI Storage
NFS Storage
VMware vCloud Director
 Define standard infrastructure
tiers called Virtual Datacenters
• Pool virtualized infrastructure
resources across multiple vCenter
Servers
 Define standard collections of
VMs called vApps
 Create Organizations and
manage users with RBAC
 Provide UI for users to self
provision vApps into Virtual
Datacenters
 Provide secure multi-tenancy
using vShield Edge
13
Confidential
VMware vCloud Director Installation and Licensing
 Installs on RHEL 5 U4 or higher
64-bit machine
 VMware vCloud Director
supports
• VMware vSphere Editions
• VMware vSphere Enterprise*
• VMware vSphere Enterprise Plus
vCenter Server
VMware vCloud
Director
• VMware vCenter Server Editions
• VMware vCenter Server 4.0 Standard
• Minimum requirements
• vSphere and vCenter Server versions
4.0 U2 and 4.1.
VMware vCloud Director licensed by concurrent
powered-on VMs managed by VCD
*vSphere Enterprise will not support VLAN backed Network Pools and VMware vCloud Director Network Isolation (VCDNI) backed Network Pools
14
Confidential
Oracle Database
 Oracle 10g/11g Standard or Enterprise database
• Oracle Express is not supported
• Will work for small test/dev, POC type deployments
• See Express database memory and storage restrictions on Oracle website
 Database can be run physical or in a virtual machine
 Ensure that the database is backed up and replicated
• Consult with your favorite DBA
 Sizing requirement guidelines
15
Database size
VMs
Users
Orgs
173 MB
7943
4096
3854
343 MB
12793
4918
3951
443 MB
16443
11450
5022
Confidential
VMware vShield for VMware vCloud Director
 VMware vShield Edge provides end point security
• Available for download with vSphere Enterprise and Enterprise Plus.
 One vShield Manager required per vCenter Server
• Provides network edge security
• Provides firewall, NAT, port forwarding, IP masquerading and DHCP
functionality (enforces multi-tenancy)
• Edge appliances deployed and managed by VMware vCloud Director on
vSphere.
• Separate client not required.
• Does not require separate database
 Licensing
• Free but requires license key during configuration
• Upgradable to vShield Edge 1.0 (full version which includes site-to-site VPN
and load balancer)
16
Confidential
VMware Chargeback Manager 1.5
 Associate costs and bill for
VMware vCloud Director usage
• Uses vCloud data collectors to
collect billable events from VMware
vCloud Director database
• Uses vCenter data collectors to
collect usage data for vCenter
Servers providing resources
 Database
• SQL Server 2005 and 2008
• Oracle 10g/11g Ent. or Std.
 Built-in load balancer
• Create new Chargeback servers to
scale with the cloud
 Licensed per VM
17
Confidential





18
VMware Cloud Components and Licensing
VMware Cloud Architecture
Deploying a VMware Cloud
Cloud use cases
Cloud Automation
Confidential
VMware Cloud Architecture
19
Confidential





20
VMware Cloud Components and Licensing
VMware Cloud Architecture
Deploying a VMware Cloud
Cloud use cases
Cloud Automation
Confidential
Deploying a VMware Cloud
 Setting up Management Cluster
 Setting up Cloud resources
• Provider VDC
• External Networks
• Network Pools
 Setting up Organizations
• Setting up Users, roles and previliges
• Setting up Policies
 Setting up Organizational Resources
• Organization VDC
• Organization Networks
 Setting up Catalogs of vApps and Media
 Setting up Chargeback
21
Confidential
Install and protect VMware Cloud components
 Create a Management Cluster
• Verify DNS, AD, NTP availability
and redundancy
• Install vCloud Director Server on a
Management Cluster
• vCloud Director Server
• load balancer (if using >1 cell)
• Oracle Database
• vShield Manager virtual appliance
• Chargeback Server
• Chargeback SQL Server
• Protect using HA, DRS and SRM.
Management cluster
• Backup Management VMs via
storage level backups or vDR.
• Backup the Databases
ESXi/ESX Servers
• Use VUM to patch hosts
22
Confidential
Deploying a VMware Cloud
 Setting up Management Cluster
 Setting up Cloud resources
• vCenter Servers
• Provider VDC
• External Networks
• Network Pools
 Setting up Organizations
• Setting up Users, roles and previliges
• Setting up Policies
 Setting up Organizational Resources
• Organization VDC
• Organization Networks
 Setting up Catalogs of vApps and Media
 Setting up Chargeback
23
Confidential
VMware vCloud Director web portal
 Provides a convenient web
based portal for
• Cloud administrators to deploy and
manage cloud resources
• End users to use cloud resources
 Web based – works with any
standard browser
 Rich Flash based UI
experience
24
Confidential
Cloud Personas
 Cloud Administrator
• Deploy and manage cloud infrastructure
• Add vCenter Servers
• Create Provider VDCs, External Networks and Network Pools
• Create Organizations
• Create Organization VDCs and Organization Networks
 Organization Administrator
• Organization user and roles management
• Creating catalogs
• Managing organization policies leases, quotas and limits
• Setting up org specific SMTP settings and org specific domain to join
 End Users
• Use vApps from catalogs
• Create vApp networks
25
Confidential
Add vCenter Servers
 VMware vCloud Director
supports multiple vCenter
Servers
 vCenter Servers provide
• Compute via Clusters and
Resource Pools
• Storage via Datastores
• Networks via portgroups and
vNetwork Distributed Switches
 Requires vCenter user with
admin credentials
 Requires vShield Manager
connected to vCenter Server
26
Confidential
Create Provider Virtual Data Centers (VDC)
 Combine compute and storage
into standard offerings
• Created by Cloud administrator
 To create Provider VDC
• Select a Resource Pool/Cluster
• Select datastores that you wish to
attach to the Provider VDC.
• Max of 256 datastores per Provider VDC
 Choose from across inventory
of vCenter Servers
 VMware vCloud Director
prepares each host in the
cluster by installing an agent.
Host does not require reboot.
27
Confidential
Examples of Provider VDCs
 Use Provider VDCs to offer tiered compute and storage
• Fast, medium, slow compute and storage
• Silver (SATA), Gold (FC), Platinum (EFD), Unobtainium (aggregate) storage
• Nehalem based clusters, AMD based clusters
 Create a Provider VDC per tier of compute and storage you wish to
offer to users
28
Confidential
Create External Networks
 Provide external network
connectivity to cloud
workloads
 “External” to (organizations in)
the cloud
 External networks can be
isolated at Layer 2 by VLANs
or physical separation
 Portgroup on a vDS (Nexus
1000V supported)
 Shared resource providing
cloud workloads access to
network resources
• E.g. Corporate network, Test and
dev network, Production network,
Internet.
29
Confidential
Create Network Pools
 Provide “Internal” network
connectivity to cloud
workloads
• Internal to organizations
• Internal to vApps
 Pools of isolated Layer-2
networks
• Empower users to self-provision
networks
• Networks are provisioned on vDS
• portgroup backed network pools
supported on Nexus 1000V (see
next slide)
30
Confidential
Types of Network Pools
 Portgroup-backed
• Create isolated portgroups in vSphere manually or with automation
• Attach a collection of them to VMware vCloud Director
 VLAN-backed
• VMware vCloud Director will automatically create portgroups as needed,
and use a range of VLANs to isolate them
 VMware vCloud Director Network Isolation-backed
• Proprietary network isolation technology
Network Pool
31
Building Blocks
VLAN Backed
vNetwork Distributed Switch
+ VLAN tags
VCDNI
vNetwork Distributed Switch
+ one VLAN for transport
Portgroup backed
vNetwork Distributed Switch
Confidential
or
vSwitch
portgroups
Deploying a VMware Cloud
 Setting up Management Cluster
 Setting up Cloud resources
• Adding vCenter Servers
• Provider VDC
• External Networks
• Network Pools
 Setting up Organizations
• Setting up Users, roles and previliges
• Setting up Policies
 Setting up Organizational Resources
• Organization VDC
• Organization Networks
 Setting up Catalogs of vApps and Media
 Setting up Chargeback
32
Confidential
Create Organizations
 Unit of tenancy
 Isolate groups or users or lines of
business from each other
• E.g. Finance and IT
• created by Cloud administrator
 Users on boarded to organizations
 Each organization has a unique URL in
the VMware vCloud Director system
33
Confidential
Authentication and RBAC
 3 Ways to Manage Users
• Local Users
• Simplest. User auth stored in DB
• One LDAP server for entire
cloud
• E.g. corporate Active Directory
• Organizations = OUs
• LDAP server per-organization
 Users & Groups assigned
Roles
• Roles = collection of rights
• Create new or edit existing roles
34
Confidential
Leases, Quotas and Limits
 Exercise control via leases,
quotas and limits
 Set by Organization
administrator
• Lease – Length of time that a user
can use a vApp in a VDC
• Runtime and storage lease
• Quotas
• Running VM Quota
• Stored VM Quota
• Limits
• Heavy operations
• Per user
• Per Org
• Simultaneous connection per VM
35
Confidential
Deploying a VMware Cloud
 Setting up Management Cluster
 Setting up Cloud resources
• Adding vCenter Servers
• Provider VDC
• External Networks
• Network Pools
 Setting up Organizations
• Setting up Users, roles and previliges
• Setting up Policies
 Setting up Organizational Resources
• Organization VDC
• Organization Networks
 Setting up Catalogs of vApps and Media
 Setting up Chargeback
36
Confidential
Create Organization VDCs
 Allocate resources to
Org 1
organizations using
Organization VDCs
Org 2
 Org VDCs are allocated from
Provider VDCs
• Can be as large as a Provider VDC
• All Organization VDCs in a Provider
VDC are the same tier of service
Org 1
Premium
Organization
VDC
Org 2 Premium Organization
VDC
Premium
Provider VDC
• Each organization VDC represents
a tier of service
• SLA
• Cost
 vApps run in Org VDCs
Commodity
Provider VDC
37
Confidential
Premium
Provider VDC
Other
Provider VDC
Organization VDCs
 Cloud Administrator allocates
portions of Provider VDCs to
organizations
• Select organization
• Select the Provider VDC
• Select the Allocation Model
• Pay-As-You-Go
• Reservation Pool
• Allocation Pool
• Select how much you wish to
allocate
• CPU, memory and storage shares
• Select Thin Provisioning
• Select Network Pools for vApps to
use
38
Confidential
Org VDC Allocation Models
 Pay as you go
• No upfront resource allocation
• Org VDC allocated resources only as users create vApps
• Can set compute limits to cap usage
• Can guarantee only a % of organization VDC resources to cap usage
 Reservation Pool
Guarantee
• Org VDC allocated a “container” set of resources
• 100% of container guaranteed
• Organizations use advanced vSphere resource management
Actual
controls such as Shares and Reservations to manage over commitment of
their resources between their workloads
 Allocation Pool
Overcommit
range
• Org VDC allocated a “container” set of resources
Guarantee
• Organizations have very simple model of resources and
advanced resource management controls such as Shares and
Reservations are managed by the cloud operator
39
Confidential
Actual
Create Organization Networks
 Provide connectivity to workloads running inside an organization
Network
Features
Internal
Connectivity to vApps within the organization. No external connectivity
External Routed
Connectivity to vApps and services on a shared external network. vShield Edge device is deployed outside
the organization to provide NAT and firewall services for vApps inside the organization
External Direct Connect
Connectivity to vApps and services on a shared external network. vApps get IP addresses on the external
network. No NAT or firewall exists between the organization vApps and other vApps on the External
Network
40
Confidential
From vSphere to Cloud Infrastructure
Physical
Resource
Groupings:
Provider vDC
vSphere
Org Resource
Allocation
Org: Finance
Provisioning Policies
Access Control
vDCs
Host
Resource Pool
Group
Resources
into
SAN
Datastore
Catalogs
Gold”
vDC
Gold
“Service
Tiers” with
Specific
costs
Org: Sales
Provisioning Policies
Access Control
vDCs
Silver
Network
Catalogs
Port Group
VMware vCloud Director
41
Confidential
Deploying a VMware Cloud
 Setting up Management Cluster
 Setting up Cloud resources
• Adding vCenter Servers
• Provider VDC
• External Networks
• Network Pools
 Setting up Organizations
• Setting up Users, roles and previliges
• Setting up Policies
 Setting up Organizational Resources
• Organization VDC
• Organization Networks
 Setting up Catalogs of vApps and Media
 Setting up Chargeback
42
Confidential
Catalogs
 Catalogs are collections of vApps and
Linux Templates
media created & owned by Organizations
Windows Templates
• Can be shared (to the org) & published (to the
whole cloud)
Engineering vApps
IT - Oracle vApps
 Examples:
• Infrastructure as a Service Catalogs
• Empty Small, medium and large VMs/vApps.
• Pre-installed Windows & Linux VMs
• OS Media files (ISO, floppy images)
• App catalogs
• Corp standard Database servers, application servers
• If post deploy configurations are needed, guest customization
in VCD can run custom scripts
43
Confidential
Basic Media
Catalog
Premium
Media Catalog
Create Catalogs
 Standardize infrastructure and
application offerings via
Catalogs
• Organizations can create their own
catalogs
• Create multiple catalogs per
organization
 Catalogs can be
• Shared – Select users or entire
organizations can use catalog
• Published – All organizations in the
cloud can access and use catalog
44
Confidential
vApps
 Container of one or more VMs
• Package up multi-tier applications
into vApps
• Operate on VMs as one unit
• Select boot order of VMs, start
delays and stop delays
• Set runtime and storage leases
Availability =
99.99%
App
App
App
OS
OS
OS
Security = High
Performance =
msec
vApp
SLA Definitions
 Can be created from scratch
• Building blocks templates in the
catalog
 Can be imported from outside
 Uses the OVF standard
• Captures meta data about the VMs
the cloud
• Allows import and export between
clouds in standard format
45
Confidential
Import vApp templates and media into catalogs
 Import vApps (.ovf) from local
file system
• VMware vCloud Director uses
image transfer service to copy vApp
from local file system to vSphere
• Requires NFS share mounted to all
VMware vCloud Director servers
 Import powered off VMs from
attached vCenter Servers
• No import of vApps from vCenter
Server. VMs only.
• Export your vSphere vApps to ovf
and import from local filesystem
• Organization administrators cannot
import VMs from vSphere
46
Confidential
Deploying a VMware Cloud
 Setting up Management Cluster
 Setting up Cloud resources
• Adding vCenter Servers
• Provider VDC
• External Networks
• Network Pools
 Setting up Organizations
• Setting up Users, roles and previliges
• Setting up Policies
 Setting up Organizational Resources
• Organization VDC
• Organization Networks
 Setting up Catalogs of vApps and Media
 Setting up Chargeback
47
Confidential
Chargeback
 Manage cloud organizations
and workloads via heirarchies
 Attach cost models
 Generate usage and billing
reports
48
Confidential
Connecting Chargeback to the Cloud
 Install Chargeback data
collectors for
• vCenter Server
• VMware vCloud Director
• vShield Manager
 Add Cloud vCenter Server to
Chargeback Server
49
Confidential
Setting up Heirarchies
 Chargeback automatically
creates heirarchies for
organizations created in
VMware vCloud Director
 Under each organization, four
top level folders are created
• Allocation Pool
• Reservation Pool
• Pay-As-You-Go
• Networks
 Any changes made to
Organization VDCs will be
reflected in Chargeback
heirarchy
50
Confidential
Cost Models
 Chargeback ships with a set of
cost models pre-defined for each
VMware vCloud Director
resource allocation model
 vCloud Allocation Pool
 vCloud Reservation Pool
 vCloud Pay-As-You-Go
 vCloud Networking
51
Confidential
Reports
 Generate reports by selecting
objects in Chargeback
heirarchy
• Organization level usage and cost
report
• VM level usage and cost report
• Network and bandwidth usage and
cost report
52
Confidential
Infrastructure-as-a-Service (IaaS)
 Access vApps from Home
screen
 Browse catalogs
 Copy to “My Cloud”
 Access VM consoles from
within browser
53
Confidential
Access vApps from Home screen
 User logs in to organization
 User role definies the
capabilities available in the UI
 Simple UI allowing the
following user operations
• Quick access to all vApps owned
by the user
• Click the Thumbnail to launch the
Remote console
• Quick access to Catalog via “Add
Cloud Computer System” link
54
Confidential
Remote Console
 Launches a new window
allowing users to interact with
the VMs in the vApp
 Allows power and suspend
operations
 Connect local CD ROM and
floppy devices, CD iso images
from file shares.
 Alternatively, users can
connect via remote protocols
like ssh and RDP to their VMs
55
Confidential
Browse catalog and deploy vApps
 Copy vApps from the
Organization catalog (selfservice)
 Select Organization VDC
 Connect the vApps to one or
more networks
• Create vApp networks
• Connect to organization networks
 Customize the VMs while
deploying
• Requires sysprep files to be
available on VMware vCloud
Director server
56
Confidential
Search for catalog items and deploy to org VDC
 Search catalog items based on
• Name
• Description
• Catalog
• VDC
• Owner
• Date Created
57
Confidential
Network connections for vApp
 Networking
 Connect the vApp to
 External Network
 Organization Networks
 Create a new vApp Network on the fly
 Requires Network Pool available to
the organization
 Connect vApp Network to Org
Network
 NAT or firewall
 VMware vCloud Director deploys
a vShield Edge VM to provide
NAT and firewall services
58
Confidential
Shared Catalogs
 Setup catalogs to be shared by
users in the organization
• Sharing needs to be setup by Org
admin
 Dev and Test users work on a
shared set of vApps
• Build systems, Source control
systems, Toolchains
 Users need permissions to
upload vApps into the catalog
for sharing
• vApp owner role
59
Confidential
Network Fencing
 Requires available Network Pool
attached to the Organization VDC
 Deploys a vShield Edge VM into the Org
VDC
• Creates a portgroup on the vNetwork
Distributed Switch (vDS)
• Attaches the vShield Edge VM and the vApp
VMs to the portgroup
 Fenced vApp can span multiple hosts
 Deploy multiple copies of the vApp on
the same Org/External network without
modifying hostname or IP address
• Each VM keep original hostname/IP
information inside the fence
• Each VM assigned a new IP outside the fence
60
Confidential
The complete picture
Organization
VDC
Provider
VDC
vApp
Cloud compute cluster
Network
Pool
External
Networks
Provider VDCs
Organization VDCs
External Networks
VMware vCloud Director
Network Pools
vCenter
Server 1
Clusters,
datastores,
portgroups
61
vCenter
Server 2
vShield
Edge
vCenter
Server n
vApps and templates
Clusters,
Clusters,
datastores,
datastores,
Organization Networks
and
portgroups
portgroups
vApp Networks
Confidential
Cloud management cluster
with management VMs
BCDR with VMware vCloud Director
 Backup and recovery is fully supported in conjunction
with vCloud Director
• VMware recommends VADP-based backup solutions for backing up your
environment
• VMware Data Recovery is currently not compatible with vCloud Director
due to an identified bug
 VMware SRM is currently not compatible with vCloud
Director
• Classic disaster recovery (DR) solutions are fully supported with vCloud
Director
62
Confidential





63
VMware Cloud Components and Licensing
VMware Cloud Architecture
Deploying a VMware Cloud
Cloud use cases
Cloud Automation
Confidential
Elastic and Seasonal Workloads
 Elastic workloads
• Scale up and down based on load easily by adding or removing
•
•
•
•
ESXi/ESX Servers to Provider VDC
Datastores to Provider VDCs
vCenter Servers
VMware vCloud Director cells
• E.g. Monte Carlo simulations
 Seasonal Workloads
• Avoid having to purchase and maintain capacity through out the year for
workloads that are seasonal
• E.g. Tax season workloads, end of quarter accounting workloads
• Scale up resources during the season and scale down resources in the off
season.
64
Confidential
Multi-tenancy and Organization Isolation
 Use VMware vCloud Director to
provide complete Organization
isolation on a shared cloud
infrastructure
• E.g. Organizations storing
Consumer data
• Secure LOBs that store consumer
Organization VDC
Org 1 vApp
Org 2 Secure vApp
data using vShield Edge
• Provide edge security isolating the
Organizations containing customer
data from other organizations
• Multi-tenant UI with Role based
access control
• E.g. R&D org isolation
• Drive cost down by sharing physical
infrastructure
65
Confidential
Organization
secured by
vShield Edge
Customer Support and Troubleshooting
 Quickly spin up vApps to test customer configurations with
minimal IT intervention
 Each vApp has short deployment and storage lease to save on
resources
 Fence vApps to deploy multiple copies of vApps on shared
networks
 Support Engineers can create vApp Networks on the fly without IT
invervention and deploy vApps to ensure network isolation
66
Confidential
Product/Solution Demo and Training
 Demo use case
• Maintain a catalog of demos
• Systems Engineers can deploy demo vApps quickly with short deployment and
storage leases for demo purposes
 Training and remote education use cases
• Training administrator maintains course offerings in vApps
• Easily on-board students and associate roles and permissions
• Students can deploy course offerings into their cloud without IT intervention
67
Confidential





68
VMware Cloud Components and Licensing
VMware Cloud Architecture
Deploying a VMware Cloud
Cloud use cases
Cloud Automation
Confidential
vCloud API
 RESTful
• Designed for web infrastructure
• Extensible, Modular
 Released in “Open” form
• Version 0.9 currently public
 Spans vCenter Instances
• Operate across multiple vCenter
Servers
 100% Virtual
 VIM API Unchanged
 With OVF standard, unlocks
ability to move vApps across
clouds (Hybrid cloud use case)
69
Confidential
2 Logical APIs for VMware vCloud Director
2: vCloud API
• Standard way to consume
vCloud Resources
1: VMware vCloud Director “Admin
API”
• Automate VCD Management
• Attach virtual/physical
resources
• Manage organizations,
users, etc.
• RESTful for loose coupling
to existing systems
70
Confidential
Orchestration + VMware Cloud
Orchestration
Engine
User Portal + vCloud API
1. User Workflow
Initiation
End Users
2. User Resource
Interaction
VMware vCloud IaaS
Financial
Systems
vCloud API
Redwood
VCD
Portal
vCenter
Chargeback
Portal
Approval
Systems
Asset
Systems
vSphere API
CMDB
Physical Config
….
71
Hosts
Datastores
VMware vSphere
Confidential
Driving agility and efficiency in a secure and evolutionary way
 Increase business agility by
empowering users to self-deploy services
with the click of a button
 Maintain security and control over
multi-tenant environments with user
controls and VMware vShield
 Reduce costs by efficiently delivering
resources to internal organizations as
secure virtual datacenters
 Leverage existing investments and
open standards to ensure interoperability
and application portability between clouds
72
Confidential
Backup
Confidential
© 2009 VMware Inc. All rights reserved
Responsibilities delegated to Organization Administrator
 Responsibilities of the org
admin
• Organization user and roles
management
• Creating catalogs
• Managing leases, quotas and limits
for vApps deployed by the org
• Setting up org specific SMTP
settings
• Specifying org specific domain join
for vApps deployed by the org
74
Confidential
User roles and previliges
 Users only get access to
resources that are associated
with their organizations
 The system comes with built-in
roles that range from “root” to
“view-only” users
 Custom roles can be defined
by those with the rights from a
set of over 50 rights
 If a user has multiple roles
he/she gets the union of rights
 Organization (tenant) specific
policies can conditionally be
delegated to the tenant without
compromising overall cloud
policies
75
Confidential