Home > Blogs > Virtualize Business Critical Applications

vRealize Automation 7 converged blueprints

vRealize Automation 7 feature a new Blueprint format. A converged blueprint can have one to many components including:

  • Machines : vCenter, vCloud Air, vCloud Director, Amazon, KVM, Openstack, Citrix Xen, HyperV, SCVMM
  • Network & Security: Security Group, Load balancer, NAT, Routed networks.
  • Software (Install, configure, start, uninstall) : Scripts to setup the OS or to install and configure applications
  • XaaS : Workflows (I.E virtual machine customization, guest operations)

Combining these allow designing complex applications.

For example using the vRealize Automation design canvas you can put together a multiple instance machine to deploy cluster nodes with an XaaS components to create shared disks and software components to install and configure the Operating System, and application layers.

vRAblueprintClustered application in vRealize Automation 7 design canvas

All these components are bound together via data bindings that will determine the parameters flow and deployment order.

While you can design your application from scratch being able to leverage community blueprint will save you a lot of time learning from other community members designs, and application scripts.

VMware Sample Exchange is a VMware and community content repository. From this site you can download sample code, automation scripts, Orchestration workflows and also vRealize Automation 7 application Blueprints. You can also create your own content and upload it to sample exchange to share it with the community.

At the moment there are about a dozen application blueprints available with new ones uploaded in a regular basis.

A blueprint is a YAML formatted file packaged within a zip file that can be downloaded with your browser. For importing it in vRealize Automation VMware provides a command line tool called vRealize CloudClient.

There is also a more convenient way to import Sample Exchange blueprints directly from the vRealize Automation service catalog with using a workflow I have released on the vRealize Orchestrator community.

importFromSampleExchangeRequesting to import a blueprint from Sample Exchange

With all these new capabilities integrated in vRealize Automation 7 you have the ability to design, publish and exchange advanced application blueprints.

To know more about designing a vRealize 7 application blueprint you can check this video.

Top Ten things to consider when moving Business Critical Applications (BCA) to the Cloud (Part 3 of 3)

In the first part we looked at public, private and Hybrid Cloud and their characteristics. In this part we will look at the common characteristics of business critical applications. In the second part , we looked at how some of these characteristics relate to the different types of Cloud infrastructure. In this final part we will look at he lifecycle of a business critical application in the cloud and the conclusion. Continue reading

Demo – Dynamically Enforcing Security on a Hot Cloned SQL Server with VMware NSX

VMware NSX is a software defined solution that brings the power of virtualization to network and security.VMware NSX

There are many great papers about NSX in general: for example here & here and many others, the purpose of this demo is not to dive into everything that NSX does, Instead I have focused on one capability in particular and that is the intelligent grouping of NSX Service Composer with the Distributed Firewall (DFW) and how to utilize it to make life easier for SQL DBAs and security admins, its doesn’t have to be only SQL Server, it can be any other database or application for that matter but for this demo I am focusing on SQL Server.

First, a bit of background: The NSX Service Composer allows us to create groups called “Security groups”. These Security groups can have a dynamic membership criteria that can be based on multiple factors: It can be part of the computer name of a VM, its guest OS name, the VM name, AD membership or a tag (tags are especially cool as they can be set automatically by 3rd party tools like antivirus and IPSs, but that is for a different demo)

These Security groups are than placed inside the Distributed Firewall (DFW) rules which allows us to manage thousands of entities with just a few rules and without the need to add these entities to the Security Group manually.

In the demo I have created an environment that is set with 0 trust policy, that means that everything is secured and every packet between the VMs is inspected, the inspection is done on the VMs vNIC level in an east-west micro segmentation way. That means that if a certain traffic is not defined in the DFW it is not allowed to go through.

This is something that wasn’t really possible to do before NSX

Our production app database is an SQL database and in the demo the DBA wants to hot-clone it aside for testing purposes, but obviously the cloned SQL Server needs to have some network traffic allowed to pass to it, yet it needs to be secured from everything else.

Instead of having the traditional testing FW zone with its own physical servers, I created the rules that apply to a test DBs in the DFW, created a dynamic membership Security Group, and nested that group in the rules. Now, any database server that I will clone which corresponds to the criteria will be automatically placed in the rules.  What’s really nice about this is that no traffic is going northbound to the perimeter FW because the packet inspection is done on the vNIC of the VMs (and only relevant rules to it are set on it) , no additional calls to security admins to configure the FW are needed after the first configuration has been made. This is a huge time saver , much more efficient in terms of resources (physical servers are now shared between zones) and a much more secure environment than having only a perimeter FW.

As usual any comment or feedback is welcome

Cheers,

Niran

 

Top Ten things to consider when moving Business Critical Applications (BCA) to the Cloud (Part 2 of 3)

In the first part we looked at public, private and Hybrid Cloud and their characteristics. In this part we will look at the common characteristics of business critical applications. We will also look at how some of these characteristics relate to the different types of Cloud infrastructure.

Common Characteristics of Business Critical Applications (BCA):

Business critical applications typically have very stringent SLAs and have a direct impact on the business. These are the crown jewels of the business that need to be managed with utmost care to avoid loss of productivity, data and potential revenue. These are the major factors can have a direct impact on these applications such as the following:

Continue reading

Top Ten things to consider when moving Business Critical Applications (BCA) to the Cloud (Part 1 of 3)

The cloud transformation is now for real. Customers have a stated long-term goal of running a majority of their applications in the cloud. Gartner predicts that public cloud services to grow by 16.5% in 2016. The highest growth area is cloud infrastructure, which is projected to grow at 38.4% in 2016. Today’s CIOs understand that a clear cloud strategy is a critical component of managing their information technology needs.

While developers have adapted to the cloud and its benefits, traditional enterprise business critical applications are not very prevalent in the cloud. Until recently most of these applications had not even been virtualized. Just in the past two to three years a majority of these enterprise applications have been virtualized. What are the unique characteristics of these applications that need to be considered for cloudification? In this three part blog series, we will analyze the top ten BCA requirements and how different types of cloud infrastructures satisfy them. In part 1 we will look at the different types of cloud infrastructures and their characteristics. Continue reading

Updated: Microsoft SQL Server on vSphere Best Practices Guide

Microsoft SQL server is the most virtualized enterprise mission critical application today. In recent years it has become a mainstream effort among VMware customers to virtualize critical databases to allow better agility and scale while increasing availability and operational efficiency.

This guide, now named “Architecting Microsoft SQL Server on VMware vSphere – Best Practices Guide” to reflect its focus on architecture and configurations of vSphere as well as SQL server for maximizing the benefits of virtualizing SQL server, is aimed at providing VMware customers and partners guidance on how to achieve best performance and efficiency with the latest versions of Microsoft SQL server and VMware vSphere.

In this guide there are also references to other VMware and third-party documents which we encourage the reader to consult for better understanding of the topics discussed.

Click here to download the guide.

Updated for vSphere 6 – SAP on VMware Best Practices guide

SAP production support for vSphere 6 was available from the latter half of last year – see http://scn.sap.com/docs/DOC-27384 . The best practices guide has been updated with the latest vSphere 6 information to help you with virtualizing SAP. Some of the new content includes:

  • Estimating SAPS of virtual machines and how this is aligned with ESXi scheduling behavior.
  • Updated analysis of high availability options for SAP in the virtual environment. This includes the use of VMware Fault Tolerance for SAP Central Services installed in a multi-vCPU virtual machine.
  • A section where all the best practices are summarized and categorized by different topics (CPU, memory, high availability etc.). For those already familiar with the vSphere concepts and use cases just skip to this section.

Certain topics like HANA and Business Objects have separate papers dedicated to them – these are referenced and the content is not repeated in this document.

The paper is available for download here.

New paper on Virtualizing SAP on vSphere on All Flash Storage

SAP HANA is the preferred database for all future SAP applications. Columnar databases and the in memory capabilities of SAP HANA make it an excellent platform for all SAP applications. Virtualized SAP HANA (SAP HANA) provides significant advantages over Physical HANA implementations by providing flexibility and agility in operating a HANA environment

SAP HANA environments have a large memory footprint with the majority of data in memory. The changes to the memory are constantly being replicated to disk and there can be significant disk activity on the system in spurts. In addition when the system is restarted or there is any high availability event there is a massive requirement for data that needs to be quickly loaded into memory from disk. Due to these reasons, there is a requirement in HANA to have a highly performant IO subsystem. All Flash Storage can be a great asset if used as shared storage for virtualized HANA implementations as they can provide excellent IO performance. This paper looks at the benefits of using virtualization that is backed by All Flash storage for SAP HANA.

Continue reading

Now Updated: Microsoft Exchange Server on VMware vSphere Best Practices Guide

Microsoft Exchange Server is one of the mission critical applications most commonly virtualized on the vSphere platform. As customers become more comfortable and familiar with virtualization in general and the VMware vSphere virtualization platform in particular, they become more confident, enough to virtualize their Exchange Server environments. To help customers achieve success as they begin to virtualize their Microsoft Exchange Server infrastructure, VMware provides guidance and recommendations for designing, configuring and managing the infrastructure.

The Microsoft Exchange Server on VMware vSphere Best Practices Guide contains VMware’s official prescriptive guidance and recommended practices for successfully running Microsoft Exchange Server on the VMware vSphere platform. Continue reading

Completely Disable Time Synchronization for your VM

Some administrative practices, like a bad habit, have more lives than the proverbial cat – they tend to stay around forever. It is, therefore, very comforting when one finds a problematic administrative practice that has not just been universally abandoned by administrators, but is also on the top of any junior administrator’s “configurations sure to get you dis-invited from the next user group meetup” list.

Take the case of the old practice of synchronizing a virtual machine’s clock with its host’s clock in a vSphere environment. That used to be “the thing to do” way back when. It was actually the default configuration option on the ESX platform in those days. Until everyone got wiser and the message went out to every admin far and wide that such configurations was no longer kosher. Even VMware got religious and stopped making that option the default behavior. Continue reading