Friday, July 22, 2016

VMware Validated Design for SDDC 2.0 – Now Available!!

Posted originally on the VMware Consulting blog:


Recently I have been involved in a rather cool project inside VMware, aimed at validating and integrating all the different VMware products. The most interesting customer cases I see are related to this work because oftentimes products work independently without issuebut together can create unique problems.

To be honest, it is really difficult to solve some of the problems when integrating many products together. Whether we are talking about integrating a ticketing system, building a custom dashboard for vRealize Operations Manager, or even building a validation/integration plan for Virtual SAN to add to existing processes, there is always the question, “What would the experts recommend?”

The goal of this project is to provide a reference design for our products, called a VMware Validated Design. The design is a construct that:
  • Is built by expert architects who have many years of experience with the products as well as the integrations   
  • Allow repeatable deployment of the end solution, which has been tested to scale
  • Integrates with the development cycle, so if there is an issue with the integration and scale testing, it can be identified quickly and fixed by the developers before the products are released.

All in all, this has been an amazing project that I’ve been excited to work on, and I am happy to be able to finally talk about it publicly!

Introducing the VMware Validated Design for SDDC 2.0

The first of these designs—under development for some time—is the VMware Validated Design for SDDC (Software-Defined Data Center). The first release was not available to the public and only internal to VMware, but on July 21, 2016, version 2.0 was released and is now available to everyone! This design builds not only the foundation for a solid SDDC infrastructure platform using VMware vSphere, Virtual SAN, and VMware NSX, but it builds on that foundation using the vRealize product suite (vRealize Operations Manager, vRealize Log Insight, vRealize Orchestrator, and vRealize Automation).

The VMware Validated Design for SDDC outcome requires a system that enables an IT organization to automate the provisioning of common, repeatable requests and to respond to business needs with more agility and predictability. Traditionally, this has been referred to as Infrastructure-as-a-Service (IaaS); however, the VMware Validated Design for SDDC extends the typical IAAS solution to include a broader and more complete IT solution.

The architecture is based on a number of layers and modules, which allows interchangeable components to be part of the end solution or outcome, such as the SDDC. If a particular component design does not fit the business or technical requirements for whatever reason, it should be able to be swapped out for another similar component. The VMware Validated Design for SDDC is one way of putting an architecture together that has been rigorously tested to ensure stability, scalability, and compatibility. Ultimately, however, the system is designed to ensure the desired outcome will be achieved.

The conceptual design is shown in the following diagram:

As you can see, the design brings a lot more than just implementation details. It includes many common “day two” operational tasks such as management and monitoring functions, business continuity, and security.

To simplify such a complex design, it has been broken up into:
  • A high-level Architecture Design
  • A Detailed Design with all the design decisions included
  • Implementation guidance.

Let’s take an in-depth look.

Virtualized Infrastructure

The SDDC virtual infrastructure consists of a single region, which can be expanded. Each region includes a management pod, an edge pod, and a compute pod.

This is a standard design practice and has been tested in many customer environments. The purpose of each pod is as follows.

Management Pod

Management pods run the virtual machines that manage the SDDC. These virtual machines host vCenter Server, NSX Manager, NSX Controller, vRealize Operations, vRealize Log Insight, vRealize Automation, Site Recovery Manager, and other shared management components. All management, monitoring, and infrastructure services are provisioned to a vCenter Server High Availability cluster, which provides high availability for these critical services. Permissions on the management cluster limit access to administrators only. This protects the virtual machines running the management, monitoring, and infrastructure services.

Edge Pod

Edge pods provide these main functions:

  • Support on-ramp and off-ramp connectivity to physical networks
  • Connect with VLANs in the physical world
  • Optionally host centralized physical services
Edge pods connect the virtual networks (overlay networks) provided by NSX for vSphere and the external networks. Using edge pods reduces costs and scales well as demands for external connectivity change.

Compute Pod

Compute pods host the SDDC tenant virtual machines (sometimes referred to as workloads or payloads). An SDDC can mix different types of compute pods and provide separate compute pools for different types of SLAs. 

Software-Defined? Yes, please! (Virtual SAN and VMware NSX Included) 

As a part of the above design, you can see that it is truly software defined with both VMware NSX and Virtual SAN parts of the design. I am not going to lie, I am passionate about Virtual SAN as I have been working with it for some time and, to be frank, it is amazing. Here are some details about the design for Virtual SAN and NSX pieces that are included in the design:

Virtual SAN

Virtual SAN is a new technology compared to vSphere. Over the releases, some amazing features have been added, and it is included here due to the benefits it gives to the operational structure. The shared storage design selects the appropriate storage device for each type of cluster:
  • Management clusters use Virtual SAN for primary storage and NFS for secondary storage.
  • Edge clusters use Virtual SAN storage.
  • Compute clusters can use FC/FCoE, iSCSI, NFS, or Virtual SAN storage. At this stage, this design gives no specific guidance for the compute cluster.
This allows for flexibility rather than a blanket solution for each cluster. The following depicts the logical design:

VMware NSX

The VMware Validated Design for SDDC implements software-defined networking by using VMware NSX for vSphere. What I like a lot about NSX is that in much the same way server virtualization revolutionized how Virtual Machines are managed, it is doing the same thing for virtual networks..

This results in a transformative approach to networking that not only enables data center managers to achieve orders of magnitude better agility and economics, but also supports a vastly simplified operational model for the underlying physical network. NSX for vSphere is a non-disruptive solution because it can be deployed on any IP network, including existing traditional networking models and next-generation fabric architectures, from any vendor.

The design looks like the following:

From my experience, when administrators provision workloads, network management is one of the most time-consuming tasks. Most of the time spent provisioning networks is consumed configuring individual components in the physical infrastructure and verifying that network changes do not affect other devices that are using the same networking infrastructure.

The need to pre-provision and configure networks is a major constraint to cloud deployments where speed, agility, and flexibility are critical requirements. Pre-provisioned physical networks allow for the rapid creation of virtual networks and faster deployment times of workloads utilizing the virtual network. This works well as long as the physical network you need is already available on the host where the workload is to be deployed. However, if the network is not available on a given host, you must find a host with the available network and spare capacity to run your workload in your environment.

Getting around this bottleneck requires a decoupling of virtual networks from their physical counterparts. This, in turn, requires that you programmatically recreate all physical networking attributes required by workloads in the virtualized environment. You can provision networks more rapidly because network virtualization supports the creation of virtual networks without modification of the physical network infrastructure. 

The Cloud

Of course, no SDDC is complete without a cloud platform. vRealize Automation is definitely a part of the design. It is a big piece, so I wanted to show the conceptual design of the architecture here because it provides a high-level overview of the components, user types, and operations in workload provisioning.

For anyone who is unfamiliar with it, the Cloud Management Platform consists of the following design element and components.

Design Element
Design Components
·       Cloud administrators: Tenant, group, fabric, infrastructure, service, and other administrators as defined by business policies and organizational structure. 
·       Cloud (or tenant) users: Users within an organization who can provision virtual machines and directly perform operations on them at the operating system level.
Tools and supporting infrastructure
Building blocks that provide the foundation of the cloud:
·       VM templates and blueprints: VM templates are used to author the blueprints that tenants (end users) use to provision their cloud workloads.
Provisioning infrastructure
On-premises and off-premises resources, which together form a hybrid cloud:
·       Internal Virtual Resources: Supported hypervisors and associated management tools
·       External Cloud Resources: Supported cloud providers and associated APIs
Cloud management portal
A portal that provides self-service capabilities for users to administer, provision and manage workloads:
·       vRealize Automation portal, Admin access: The default root tenant portal URL used to set up and administer tenants and global configuration options.
·       vRealize Automation portal, Tenant access: Refers to a subtenant and is accessed using an appended tenant identifier.

The advantage here is that it has been tried, tested, and loaded into the validated design to ensure issues are correctly identified and fixed before the platform is deployed.

Monitoring and Operational Procedures

Finally, having new monitoring and operational procedures in place is becoming a hard requirement for many businesses. The VMware Validated Design for SDDC includes a great design for both vRealize Operations Manager as well as vRealize Log Insight. In addition, it goes into all the different practices to back up, restore, and operate the actual cloud that has been built. It doesn’t go as far as a formal operational transformation for the business, but it does a great job showing many standard practices that can be used as a basis for defining what you, as a business owner, need in order to operate the cloud.

The following illustrates part of the design showing how vRealize Operations Manager contains functional elements that collaborate for data analysis and storage, and support creating clusters of nodes with different roles: 

Overall, this is a really powerful platform that will revolutionize the way you see the environment.

Download It Now!

Of course there is much more to the design than just the few pieces I have mentioned, but I encourage you to look here for more details. To download documentation, visit: If you are interested, VMware Professional Services are also available to help with the installation and configuration of VMware Validated Design as well.

I look forward to future updates that further expand this design (including use cases that allow for granular customization of the design), and also for other designs that address different IT outcomes. Look for those being released, as well.

I hope this helps you during your architectural design discussions and has demonstrated that the integration story is not only possible, but can make your experience deploying an SDDC much easier.

Look for me and other folks on the VMware Professional Services Engineering team as well as the Integrated Systems Business Unit at VMworld, as well as other customer events such as vMUGs and vForums. We are happy to answer any questions you may have about the VMware Validated Designs!

No comments:

Post a Comment