Just in time and right before everyone is off on a long 4th of July weekend here in the good old U.S. of A, I wanted to share a integration demo that I've been holding for some time now. Hopefully everyone can see the fireworks delivered by the demo as well.
In this demonstration we're showcasing the advanced IAAS features and deep integration of vSphere with Virtual SAN, and NSX using Openstack as the Cloud Management Portal for a multi tenant IAAS platform. To prove our point here, this is not just some isolated lab environment, this is a real environment running today and its leveraging currently available technologies.
The environment utilized in this demonstration is actually the NSBU internal cloud which has over 200 environment as a mix of KVM and vSphere. Virtual SAN is used for all vSphere data stores and NSX is used for all tenant connectivity with OpenStack providing a scalable and secure multi-tenant, multi-hypervisor environment.
This demonstration showcases the agility and flexibility of the integration capabilities of vSphere, NSX and Virtual SAN. In the demonstration we rapidly standup of a two tier ‘application’ and demonstrate the connectivity between all elements of the virtual machines providing the applications.
When complete, all instances, networks and routers are decommissioned and the tenant is returned to an ‘empty state’. The whole process takes less than 10 minutes (as can be seen in the instance uptime section in the horizon UI).
- L2 Connectivity between instances on the web tier network is via overlay, between KVM and vSphere hypervisors and without any modification to the physical network. VLANs are not consumed by logical networks.
- Tenants are securely separated, although not demonstrated, two different tenants can created two separate logical networks and routers event with the same subnet range and not impact each other. Networks and routers created by the tenant are dedicated to the tenant.
- Connectivity via provider networks automatically implies NAT (overload) is occurring at the tenant router to allow tenants to use any IP scheme they wish without impacting other tenants. While not shown, 'floating ip’s’ can also be assigned to individual instances which provide 1:1 NAT capabilities for ‘publishing’ applications.
- While not shown, security features of NSX exposed through openstack allow tenants to create security groups that can restrict traffic inbound, outbound (to or from the outside world) and also east west, not only between different networks, but also between instances on the same network.
- Virtual SAN provides a scalable method of growing storage with compute requirements and is a natural fit for an openstack platform. Also not shown is that Virtual SAN is the backing for 'Cinder Volumes’, which is tenant dedicated persistent storage, and also can (is not in our environment due to KVM hypervisors in use though ) be used as a glance image repository for an all vSphere environment.
- NSX provides a flexible, scalable and performant virtual networking layer allowing a multi tenanted environment to scale with simple and repeatable physical network and compute design principles, without the limitations of typical multi tenant network environments such as routing, overlapping IPs, VLAN consumption and more.
I want to thank Nick Bradford, Solutions Architect from the NSBU for his contribution to this article and demonstration. Nick you rock!!!!
For future updates, be sure to follow me on Twitter: @PunchingClouds