Home > Blogs > VMware vCloud Blog > Tag Archives: VMware vCloud

Tag Archives: VMware vCloud

Optimizing VMware vCloud Automation Center Integration with vCloud Hybrid Service

The recently released vCloud Automation Center (vCAC) version 6 is a leap forward in the area of heterogeneous cloud provisioning.  In addition to cross-platform cloud provisioning, vCAC also enables a true Hybrid Cloud approach by integrating off-premises infrastructure back into the data center and allowing users to provision workloads to the cloud in exactly the same way they provision to their existing private data center.

When your off premises and on-premises infrastructure platform both support the exact same workloads without the need for porting, re-building or conversion, you can realize the benefits of a true hybrid cloud infrastructure.  For VMware vSphere® customers, there is no better extension of your data center to the cloud than vCloud Hybrid Service.

Because the templates and underlying components used to stamp blueprints are the same with vCloud Hybrid Service as they are in your private data center, users experience a seamless hybrid approach to modern cloud infrastructure.

Achieving tight integration between vCloud Hybrid Service and vCAC during the early stages of this hybrid cloud journey requires some understanding and careful planning to achieve maximum ROI and minimize the time to realize the benefits of hybrid cloud.

This is not an exhaustive list, but these are some important points to consider when integrating vCAC to vCloud Hybrid Service: vCloud Hybrid Service

  • Out of the box support for vCloud Hybrid Service via vCloud Director (vCD)
    • Both vCAC 5.2 and 6.0 fully support vCloud Hybrid Service vCD endpoints without any modification to the vCAC installation or underlying configuration
    • vCAC uses vCloud Hybrid Service’s vCD Organization URLs as Endpoints
    • vCD URLs can be found within the vCloud Hybrid Service Portal (click the ‘vCloud Director API URL’ button within any Virtual Data Center to expose the URL you need to enter into vCAC)
  • vCAC + vCloud Hybrid Service Extension
    • Certain user rights are required in vCloud Hybrid Service to support all operations. Supported user roles include Account Administrator, Infrastructure Administrator, Network Administrator
    • Consider using a Service Account for regional teams to reduce account management overhead and security risk footprint (although this may reduce activity visibility/accountability)
  • Not every Public Template in vCloud Hybrid Service will work as expected with vCAC
    • Some templates have unbound NICs, and they will fail to deploy properly with vCAC
    • Consider using corporate templates (which can be easily migrated using vCloud Connector) to achieve “known good” shared configurations
  • No Empty vApps
    • Virtual Appliances or vApps are logical groups of Virtual Machines (VMs) in a self-contained package that includes intra-VM networking configuration. vApps must contain at least one VM to function properly. If you receive errors during ‘Discovery’, ensure that there are no ‘empty’ vApps in the vCloud Hybrid Service Virtual Data Center you are connecting to.
  • Changes in Storage Profile
    • If vCloud Hybrid Service renames a storage profile, blueprints relying on the original profile will fail to deploy, citing a missing resource.  While this isn’t expected to happen regularly, additions or modifications to the existing platform, including storage profile labels, may occur as we add or improve existing features of the service.
  • Other issues?
    • Capacity: If you are unable to deploy / provision a VM using vCAC, verify there are sufficient resources (RAM, CPU, Storage) available in the destination cloud.
    • Latency: Consider using a vCloud Hybrid Service data center location that is closer to your on-premises data center for minimal latency.  Otherwise, vCloud Hybrid Service offers a Direct Connect option that can provide a high throughput, low latency private dedicated link between your data center and vCloud Hybrid Service.

With these suggestions in mind, the integration of vCAC with vCloud Hybrid Service shines as a new and modern way of provisioning applications across clouds.  VMware vCAC provides a self-service model that reduces the ‘time-to-live-VM’ and pain points of the procurement process, transforming traditional requests and the associated manual steps required into an automated ‘IT-as-a-Service’ workflow that keeps everyone focused on what matters most to them.  IT administrators stay in control of their cloud deployments and infrastructure requests by pre-defining policies for workload deployment, and application developers and users get infrastructure provisioned rapidly without all the red tape.

When used together, vCAC and vCloud Hybrid Service enable companies to fully realize the advantages of Hybrid Cloud while allowing them to adopt public cloud infrastructure at the right pace to meet their requirements.

Why Hybrid Cloud is Good for IT – Forrester Weighs In

Everyone knows that a strong IT team is essential to an organization’s success. With a highly organized, secure, and flexible IT infrastructure, organizations can easily adapt to changing needs while maintaining the same data management principles. But how can you scale your organization’s internal systems without having to reconfigure existing structures? The answer may lie in the hybrid cloud.

When it comes to managing data in the cloud, developers and infrastructure and operations professionals have slightly different needs. Developers, for example, look for solutions that offer both speed and agility. They want to get access to resources quickly, use them when they need them and only pay for them while they’re using them. They also want the agility that comes from having a broad set of development tools and application components so they can focus on coding and not doing infrastructure configuration.

Meanwhile, Infrastructure and Operations professionals look for control and efficiency in the cloud. They want to use the cloud to make more efficient use of infrastructure that they have, while also allowing them to maintain the same security and corporate compliance that they have in their internal data center.

So where do organizations start on their hybrid cloud journey?

According to Dave Bartoletti, Senior Analyst at Forrester, a successful move to the hybrid cloud is about building a certain level of trust throughout your organization. Development teams need to trust that you’re going to give them access to the public cloud tools they need to work quickly and efficiently. Similarly, you need to trust that you can secure, control and apply corporate governance to your public cloud solution in the same way that you would your internal data center.

IT need not shy away from the hybrid cloud. The cloud can help boost communication and cooperation between various IT teams, while helping make everyone’s work much easier. Infrastructure and operations professionals can connect with developers to build secure applications, find the appropriate tools to use to meet corporate standards, and determine what type of infrastructure to deploy to once an application is built.

By taking advantage of the public cloud’s elastic resources, IT organizations can simply extend the reach of their existing data center resources according to business demand, instead of spending weeks or even months waiting to provision new infrastructure on-site. The hybrid cloud is a great opportunity for IT teams to concentrate on important tasks: creating dynamic applications, adding value to the business, and delivering resources faster to business units that need them.

Watch Dave Bartoletti as he further discusses the positive relationship between IT and hybrid cloud:

Earlier last week at VMworld Barcelona, we made two exciting announcements around the vCloud Hybrid Service. First, we announced new integrations between the vCloud Hybrid Service and VMware cloud management solutions, including a new plug-in that will allow IT teams to manage vCloud Hybrid Service from the same place they manage vSphere. Second, we announced the vCloud Hybrid Service Marketplace, where users can discover, download, and buy applications and virtual appliances to run on the vCloud Hybrid Service. Because that’s what hybrid cloud is all about – having access to all the tools and resources you need to make your job both easier and more efficient.

For more information about making the move to the vCloud Hybrid Service, visit vCloud.VMware.com.

For future updates, follow us on Twitter and Facebook at @vCloud and Facebook.com/VMwarevCloud.

[INFO] vCloud Director Fast Provisioned Catalog Virtual Machines

By: Chris Colotti, Consulting Architect, VMware Global Center of Excellence

This is a repost from Chris' personal blog, ChrisColotti.us.

A while back I was messing around with Fast Provisioning in vCloud Director and I noticed something I wanted to dig a little deeper into.  My Co-Worker Cormac Hogan (@VMwarestorage) also wrote a little about this as well which does a great job showing the linked clone aspect.  Also William Lam (@lamw) wrote up some nice scripts to find the linked chains.  However, it took me up until now to get my home lab back into a clean state to test things a little differently specifically with how these interact with the vCloud Director Catalogs.  The premise of what I am looking at is a very simple setup, but could change some operational ideas about how and when you enable Fast Provisioning, which is a great, and handy thing to have in test and development environment.  However, you need to understand a little about how they work before you check the box to enable them.

FP_OptionThere is a couple of things you need to know first about vCloud Director Fast Provisioning.

  1. It is Enabled on a PER organization vDC level so it is either on or off.
  2. ONLY System Administrators can consolidate Fast Provisioned virtual machines, Organization Administrators cannot
  3. Once disabled existing machines will remain fast provisioned

The real key that I wanted to look at here was deploying items back and forth from the catalog with the feature enabled.  So what I setup was pretty basic.

  • Master Organization with a published catalog and Fast Provisioning DISABLED
  • Customer organization with local catalogs and Fast Provisioning ENABLED
  • Both Organization vDC’s are Pay-As-You-Go for reference
  • The template is CentOS 6.2 minimal exported/imported from vCenter.

The rest of this post will be various operations in certain orders to see what happens with and without fast provisioning enabled on a consumer organization.

The Shadow Virtual Machine

In some cases, in order for fast provisioning to work it will use the concept of a Shadow VM on each datastore where a linked clone will live, but in many cases it may not get created for some time.  This VMware KB has a lot of good information, and a couple of key points taken from it are as follows:

  • The source template virtual machines are called primary virtual machines
  • Shadow virtual machines are created on demand
  • Subsequent copies to the same datastore are fast
  • Org Admin/User only sees the ‘source’ virtual machine. Shadow virtual machines are an implementation detail that are only visible to vCloud Director administrators.
  • Shadow virtual machines stored in System vDC
  • Shadow virtual machines disk space billed to the service provider

Shadow virtual Machines are only created once a clone needs to be placed on a storage volume different from where the original one is located.  Until that needs to happen everything else is done on the same storage.

Initial vApp Template Import Into the Catalogs

The first thing I wanted to see was taking an OVF, and importing to each catalog to see what happens.  Obviously on the Master organization the catalog item will be imported as a thick copy, but I was not 100% sure on the Fast Provisioned vDC.  Interestingly, From what I saw both vApp templates were brought in as full copies into the catalog by the initial import from OVF.

However I actually tested COPYING the vApp template from the Master Catalog to the Org’s local catalog.  In this case the copy was actually a linked clone.  It created the initial snapshot and then made the local Org’s catalog version a linked clone to the original just as if it was deployed to the cloud itself.  I found this interesting as it leads me to something we will discuss later about updating and re-adding items to the catalog.

The Use Case

What we see is a pretty common use case for why I am testing this.  It has also been asked how does someone deal with patching and updates once these catalog’s are linked together.  The consumer wants to deploy the Guest Operating System from the provider’s published catalog, customize it, and save a copy to their local organization catalog.  The consumer’s organization is enabled for Fast Provisioning, but they may want to ensure their local catalog chain does not link back to the master catalog.

Deploying from vCloud Director Shared and Local Catalogs

Where this gets really interesting is on the deployment of each version of the vApp Catalog item.  Now we are going to only work off the Master Shared Catalog since that’s what most people would do.  The first time a deploy operation of a vApp Template to a Fast Provisioned vDC is requested, the original virtual machine is put into snapshot mode.  This means the actual virtual machine that is the catalog vApp in the master organization is now in snapshot mode indefinitely.  If there happens to be a Shadow VM required, that would be created, then a snapshot taken.  At this point forward anything deployed from that catalog virtual machine will be deployed from the base snapshot.

Now that we have a deployed vApp as a linked clone, we can update it, patch it, add new applications to it, whatever we want to treat it like a normal virtual machine.  Let’s say we want to save this to our LOCAL catalog at this point.  When we make that copy to the local catalog, we will get a full copy however there is a catch.  The full copy appears to be a full copy of the deployed virtual machine’s Delta Disk as you can see in the info below.  As we can see below the VMDK is still pointing back to the original catalog base disk.

Let’s take this one step further, and now deploy a vApp from this new local catalog virtual machine.  What we see here is that the newly deployed virtual machine from the local catalog is also linked back to the original master VMDK.  This means that as this consumer edits, saves, and re-deploys they are always saving Delta files and referencing back to the original disk.

Catalog Fast Provision Flow

Master Catalog VM (Orange)

VM_orange
First Consumer VM (Green):

VM_green
Consumer Local Catalog VM (Green):

CatalogVM_green
Consumer Re-Deployed Catalog VM (Purple):

CatalogVM_purple

Something to Consider – Break The Chain

Based on now knowing how some of this works, you want to decide how you to handle fast provisioned Org vDC’s since once they are enabled you can see how everything from that point on will be based on linked clones.  Something many providers and consumer organizations alike may want to do is break the link chain of their local catalog so they are always deploying from a full copy within their local organization catalog.

This can in fact be done with a few steps.  Remember in the beginning when I stated that only a System Administrator can consolidate?  That comes into play here, as once a vApp is checked into the local catalog a system admin OR something with system administrator credentials, like vCenter Orchestrator or other scripting method, can consolidate the virtual machines in the consumer’s local catalogs.  Below you can see the vCloud Director interface option on the virtual machine in the consumer’s catalog.  Using a service to do this for you would certainly be a better way to go.

VApp_consolidate

This will break the chain so that only the deployed virtual machines will have a link to the local catalog VMDK only instead of back to the master catalog’s VMDK.  This would isolate the local consumer’s deployed virtual machines and catalog chains from the Master Catalog.  However, this process will still exist anytime a virtual machine is deployed for updates then placed back into the catalog in the fashion described above.  The advantage to this is that the consumer’s can all deploy in this fashion and in THeory the provider can have nothing linked to their original templates allowing them to patch them and replace them as they need:

  • Start with the provided templates
  • Customize them
  • Add them to their catalog
  • Consolidate to break the chain
  • Remove the linked customized vApp

To accomplish this of course you need some custom intervention and have your consumer’s deploying via custom tools that interface with things like vCenter Orchestrator.  Either way it can be done such that the original virtual machines have no links to them and the consumer’s all have the links to their own local copies.  Figuring out all the hooks to leverage the API’s to make this happen…..well….that’s for you to figure out.

It should be noted that vCloud Director is smart enough to know that if you delete the item from the catalog and there are virtual machines linked to it, the base disks will remain on storage.  They will not be removed from storage until all linked VMDK’s are eventually removed.  So you can deploy, patch, and remove a catalog virtual machine from vCloud Director, and the linked ones will still function.

Chris is a Consulting Architect with the VMware vCloud Delivery Services team with over 10 years of experience working with IT hardware and software solutions. He holds a Bachelor of Science Degree in Information Systems from the Daniel Webster College. Prior to VMware he served a Fortune 1000 company in southern NH as a Systems Architect/Administrator, architecting VMware solutions to support new application deployments. At VMware, in the roles of a Consultant and now Consulting Architect, Chris has guided partners as well as customers in establishing a VMware practice and consulted on multiple customer projects ranging from datacenter migrations to long-term residency architecture support. Currently, Chris is working on the newest VMware vCloud solutions and architectures for enterprise-wide private cloud deployments.

Announcing VMware vCloud® Director 1.5 at Bluelock

by Jake Robinson, Senior Systems Engineer, VCP and 2011 VMware vExpert

Bluelock has completed the upgrade from VMware vCloud® Director 1.0 to 1.5 in its public cloud infrastructure. The upgrade to vCloud Director 1.5 is a result of the strong partnership and close alignment of Bluelock and VMware cloud strategies. Timing of this upgrade also represents Bluelock’s dedication to testing and QA for the new features within vCloud Director 1.5.

vCloud Director 1.5 Features and Benefits

VMware vCloud Director 1.5 offers a number of exciting new benefits for Bluelock clients. This upgrade further improves the economics and agility of the cloud with the security and control of enterprise IT infrastructure. A few notable features of vCloud Director 1.5 include:

  • User Interface Improvements – The vCloud Director web UI continues to mature and provide superior control and visualization of your Virtual Datacenters.
  • Firewall improvements – The firewalls in vCloud, powered by VMware vShield®, now offer sourced-based firewall rules, providing increased granularity and control of security in the cloud.
  • Self-Service VPN – vCloud Director 1.5 introduces the ability to self-provision IPSEC VPN tunnels from your virtual datacenters to the IPSEC VPN device of your choice. In addition, vCloud to vCloud VPNs are automatic, meaning less setup time and complexity.
  • vCloud API 1.5 – There are a number of enhancements in the API, including a new query service, which improves both speed and efficiency of applications utilizing the API. The API also introduces the ability to utilize PowerCLI 5.0.1 and the vCenter Orchestrator™ vCloud 1.5 plugin to automate and integrate your Virtual Datacenter.

Bluelock Portfolio Supports vCloud API 1.5

Bluelock Portfolio has been upgraded to take advantage of the new vCloud API 1.5 as well. Bluelock Portfolio is the first cloud-aware decision support tool. Built alongside vCloud Director, Bluelock Portfolio provides powerful resource and cost analysis tools for your Virtual Datacenters at Bluelock.

About Bluelock

Bluelock is an award-winning provider of cloud hosting solutions for the enterprise. Hosted in the public cloud, Bluelock Virtual Datacenters help companies get started quickly and deal with the unknown, while delivering the freedom to change their minds as IT needs evolve. With multiple SAS-70 Type II datacenters, Bluelock’s VMware vCloud Datacenter Service provides world-class SLAs, guaranteeing enterprise level uptime. Bluelock prides itself in its engagement model driven by greater control, price visibility and personal service relationships. A long-term VMware service provider with a shared vision for cloud computing, Bluelock was one of the first certified VMware vCloud Datacenter service providers.

Learn more about Bluelock’s upgrade to vCloud Director 1.5 in the video below:

 

Visit our website for more on the Bluelock Portfolio and additional features, or call 888-402-2583 (BLUE).

The Important Role of Virtualization in Securing the Cloud

According to David Hunter, CTO of platform security at VMware, “Security in the cloud is better as a result of virtualization,” making the cloud “even more secure than your physical datacenter.

How does virtualization achieve this? Because virtualization consolidates multiple physical components so that they can be managed in one place, it mitigates the complexity of monitoring these components across both internal and external infrastructure. For example, through virtualization, IT teams can standardize VM images and create back up versions of critical VMs more frequently than in the past, simplifying recovery.

By virtualizing your company’s infrastructure, IT admins can also create trust zones around information, applications and endpoints that can be adapted to follow workloads through the cloud. Automated policies can then assess risk and immediately initiate remediation with security problems arise.

In short, virtualization enables organizations to have greater control and better visibility into their infrastructure, simplifying security management for the cloud.

Furthermore, according to a recent report by Enterprise Strategy Group, many virtualization, cloud computing, and security vendors are integrating solutions and building virtualization intelligence into security technology, in order to “bake” security into virtualization and cloud computing technology. This effort will ultimately make virtualization and cloud computing solutions even more secure than legacy technologies.

With VMware vShield, VMware uses virtualization technology to address the important concerns for security and compliance in the cloud. The latest edition of vShield, vShield 5, allows customers to leverage virtualization technology to simplify their datacenter security, deploy a security model that scales for the cloud, and assess and automate compliance requirements. VMware’s network of partners also gives customers the flexibility for fast and dynamic reconfiguration of resources across datacenters.

For more information on security in the cloud, download our recent whitepaper with CSO, and be sure to follow @vCloud and @VMwareSP on Twitter for future updates.  

Introducing VMware vCloud Connector 1.5: Reliable Workload Transfer Between Private and Public Hybrid Clouds

Earlier this year we introduced vCloud Connector 1.0 – a free product that users could download directly from the VMware website. Among other things, vCloud Connector 1.0 allowed vSphere Administrators to use their familiar vSphere client as a singepane-of-glass view across hybrid clouds and copy virtual machines, vApps, or VM templates between vSphere and vCloud Director-based private and public clouds.

We recently ran a public beta of vCloud Connector 1.5, featuring enhancements that allow users to move their workloads more reliably than ever.   

Here’s what’s new in vCloud Connector 1.5:

  • More Reliable Transfer of Workloads: Transfer virtual machines and templates between clouds more reliably and efficiently with features like multi-part transfer, built-in compression and checkpoint restart.
  • Single Pane of Glass, Now through Web UI: Continue to view VMs and templates across multiple clouds and perform basic operations such as power and console access within the vSphere client (also accessible through Web-based UI of vcloud.vmware.com).
  • Support for latest version of vSphere (5.0) and vCloud Director (1.5)
  • Internationalization ready: i18N Level 1: vCC can run on non-English OS and handle non-English text.
  • Additional Enhancements: Search for VMs by name within a single cloud, management of server and node architecture, and Management of vCC Server and Node, including updates.

In a nutshell, VMware vCloud Connector 1.5 makes hybrid cloud management easy. Built upon VMware vSphere and vCloud APIs, vCloud Connector 1.5 allows customers to connect VMware vSphere or VMware vCloud Director-based private and public clouds and manage them under a single interface. Through vCloud Connector’s single pane of glass UI, you can view, copy and operate workloads, including VMs, vApps and templates, across internal datacenter and private or public clouds and save 4-6 hours when conducting an average transfer operation for your Web servers.

Furthermore, with vCloud Connecter 1.5, companies can have the freedom to move from one vCloud service provider to another, or from their private vCloud environments to public clouds and back.

Join the vCloud Connector 1.5 Public Beta Program (VMware login required) to test the latest software, with improvements around reliability of workload transfer and support for vcloud.vmware.com. While support for the public beta has officially ended, the beta bits and beta-vcloud.vmware.com will continue to be available until the general availability of the product.

We encourage those who have tried vCloud Connector 1.0 to test out the new features and enhancements available through the vCloud Connector 1.5 release. For questions, feel free to email vcc-beta@vmware.com. We’d love to hear your feedback as well, so for any comments or questions, tweet at us via @vCloud.