Home > Blogs > Rethink IT > Tag Archives: vCloud Director

Tag Archives: vCloud Director

vCloud Connector 2.0 now available

I’m pleased to announce that vCloud Connector 2.0 is now available for download! vCloud Connector (vCC) allows you to view, copy and manage VMs across vSphere, vCloud Director and any of the 180+ vCloud Powered and vCloud Datacenter IaaS cloud providers listed at vcloud.vmware.com. For more details on what’s in 2.0, see my earlier blog post.

There are two versions: vCloud Connector Core is a free download for anyone with vSphere, and vCloud Connector Advanced is free for anyone with the vCloud Suite. Here’s a summary of the differences:

vCloud Connector 2.0 Features Core Advanced
View, copy, move VMs and templates Yes Yes
User interface improvements Yes Yes
Transfer speed and reliability improvements Yes Yes
Cross-cloud search for VM or template by name Yes Yes
Automatic catalog synchronization across clouds No Yes
Migrate VM while maintaining IP and MAC addresses No Yes

vCloud Connector supports vSphere and vCloud Director 4.x and 5.x. It’s available from the “Drivers And Tools” tab of vSphere 5.1 and vCloud Director 5.1, or by following this link: vmware.com/go/downloadvcc

[This blog post was edited on Jan 9 2013 to correct an error — VXLAN is not required to migrate a VM while maintaining IP and MAC addresses.]

The future of cloud, part 2: Harris trusted enterprise cloud

Today at VMworld, Harris Corporation announced their Trusted Enterprise Cloud as a VMware vCloud® Powered service offering for federal and enterprise customers based on best of breed technologies, including VMware vCloud® Director. Perhaps the most interesting part of this is the strong differentiation that Harris has built into its cloud infrastructure that makes it a particularly good fit for this customer base. 

There are echoes here of NYSE Euronext’s capital markets approach – both are far from “generic” or “commodity” cloud services. They are clouds specifically designed and operated to solve mission-critical customer needs. Harris is way out in front of some recent announcements that are nothing more than “same old cloud, new building”, marketed as “Now for government use.” You’ve heard of “CloudWashing” – maybe the term for this is “GovCloudWashing?”

So what’s the secret sauce? Harris set out to comprehensively answer the question “What makes a cloud trusted?” There are three components to this – the physical and logical integrity of the cloud itself, the methods and procedures to operate it, and the people who run the cloud. There’s a lot of meat to this, and Chuck Hollis’ blog goes into more detail – I want to focus on Harris’ innovation in the cloud infrastructure layer.

All of the Trusted Cloud hardware components are positively verified to be as the manufacturer intended, with tracking from the source. There’s no room for (say) buying the cheapest “white box” server board of unknown origin in a trusted cloud, because that can compromise the integrity of the overall system. If you think this is far-fetched, consider that everything from NAS arrays to iPods have arrived in the hands of customers pre-loaded with malicious code in the past few years. Then there’s the growing market in counterfeit networking, storage and server spares (by May 2010, US authorities had made more than 700 seizures of counterfeit Cisco gear — more than 94,000 network devices in total). 

Secondly, Harris has developed an innovative white-listing approach to verify the integrity of code and configurations that run on the cloud. Traditional anti-virus systems use black-listing – known malicious code is identified through signatures and blocked. The challenge has been the deliberately massive proliferation of malicious code variants, and techniques like code mutation designed to defeat signatures. White listing is the reverse – only known good code and configurations (those with a signature on the “white list”) are allowed. By definition, malicious code, regardless of how it mutates or disguises itself, cannot run because it doesn’t have a valid signature.

The challenge with white-listing is ensuring you have 100% of the required signatures to allow the system to run, given the sheer number of variations of bona fide code and configurations. Through its acquisition of SignaCert in 2010, Harris has assembled a database of code and configuration signatures for over 3 billion software objects from more than 2,000 vendors. Harris has four patents on this technology and has embedded it in their Trusted Enterprise Cloud service.

This is another strike against the “cloud monoculture” viewpoint: to be relevant to a particular market segment, a cloud must deliver more than on-demand VMs; it must also solve key infrastructure challenges that distract organizations from their marketplace or mission. For many, including Federal government agencies, assuring a secure cloud platform is a great example of something that Trusted Enterprise Cloud solves effectively, and is what distinguishes it from “same basic cloud, shiny new label” offerings.

 

Virtual Data Centers — The Goldilocks of Enterprise Cloud Computing

It’s no surprise that just about every customer likes the on-demand, rapid scale nature of cloud computing.

More interestingly, we also heard from enterprises with public cloud experience that this was a double-edged sword. Dynamic and on-demand can also mean unpredictable and hard to control. As one customer explained to me, “We have no idea what the credit card bill is going to be at the end of the month, and we have a finite budget”. In other words, dynamic is great if your budget is dynamic too – which isn’t the nature of budgets and finance folk. And this was for one application. Just imagine a situation where an IT department is providing raw compute to many different business units, and wants to delegate administration to them but also stick to a budget.

Fundamentally, the tension between on-demand infrastructure and predictable costs isn’t going to go away anytime soon. But I do believe that the concept of virtual data centers can provide a “Goldilocks” middle ground solution. Within vCloud Datacenter Services from VMware’s partners, enterprises can subscribe to committed VDCs of a given size. The cost of that VDC is fixed and predictable — related to the amount of resources that are now committed. This puts a control boundary on costs, and your service provider can tell you exactly what that will be – so you get predictable spending against your budget.

Within that VDC, you and your user population can run, start and stop as many VMs as you like – truly dynamic self-service. End-users can never run up a massive bill through over-consumption, because they can never consume more resources than the VDC provides (and vCloud Director offers automated policy controls to clean up forgotten VMs). If it turns out you need a bigger or smaller VDC, you open a ticket with your service provider to make that change. So you haven’t had to give up on-demand compute infrastructure, either.

Perhaps not surprisingly, when “cloudy” types gather over drinks this is a source of vigorous debate. Can opening a ticket really be on-demand? Frankly, I don’t think there will ever be agreement on that, but it does provide a useful middle ground: on-demand self-service for VMs within the boundaries of a virtual data center, which can itself be scaled up or down quicker than you can fill out a PO for a new server. It’s something a geek Goldilocks would love—and understand.

Getting rid of noisy neighbors: Enterprise class cloud performance and predictability

If you’ve ever lived in a multitenant building like a condo or apartment complex (or flats, as they’re called where I grew up in England), then you know all about the problem of noisy neighbors. One reason many enterprises are leery of public clouds is the same issue: in some multitenant infrastructures, the bad behavior of other tenants can affect the performance of your systems. In fact, it’s more insidious than that: when you’re buying a virtual server instance in an infrastructure cloud, you may not actually get what you pay for due to other tenants stealing physical server resources.

This typically happens because the hypervisor used to virtualize the service makes each VM think it has exclusive access to the physical server hardware, yet places few limitations on how those resources can be consumed. So a VM generating a lot of network traffic gets as much as it can use – at the expense of other VMs from other tenants of the service. The same goes for other types of I/O, especially storage. If you are unlucky enough to have your VM land on the same physical server as one of these noisy neighbor VMs from another tenant, then you won’t get the virtual machine instance you paid for.

If this weren’t bad enough, another consequence is complete lack of predictability – you have no idea what the performance of a given VM will be, since that depends on the other tenants of the service. Some of my cloudy colleagues spent time with IT teams who were running tests to guess the physical server size of their cloud service provider, so they could buy virtual server instances of the same size – guaranteeing that they wouldn’t have any noisy neighbors. It’s a bit like renting an entire building in the apartment complex to make sure you can get a good night’s sleep.

Ensuring that the resource consumption of one VM doesn’t affect others that happen to be located on the same physical server is a key function of vSphere. Any VMware virtualized service is capable of delivering this capability, and in vCloud Datacenter we took it a step further by defining two virtual data center (VDC) classes that offer guaranteed server resources for your VMs. The Committed VDC allows you to subscribe to a set of compute, memory and storage resources that are guaranteed to be available for your virtual machines, even though the underlying hardware is shared with other tenants.

The service also offers the Dedicated VDC, which provides physically separate hardware – ideal for meeting security or regulatory requirements where physically sharing isn’t an option. This is also sometimes known as virtual private cloud. The difference is the ease of mobility between VDCs within the service – you can quickly move VMs between VDCs as requirements change. One less thing to lose sleep over, and you don’t need to buy out the building to do it.

The Enterprise Hybrid Cloud, Delivered

We’re excited about announcing vCloud Datacenter Services at VMworld 2010 because they're the first examples of a globally consistent enterprise-class hybrid clouds. Let me explain what that means and why it’s important.

In a nutshell, vCloud Datacenter Services — offered globally by leading service providers — marry the dynamic, on-demand nature of public cloud services with the compatibility, security and control that enterprise computing requires. A hybrid cloud is defined as two or more clouds that offer data and application portability.

We did a great deal of research with our customers – talking to those who were considering external clouds into their computing environment. We learned a lot from these conversations and I’ll be writing about them in a series of future posts.

Agility

There was a consistency to what we heard: enterprises of all sizes that loved the promise of the dynamic, on-demand nature of public clouds  – the ability to get computing capacity quickly, with no up-front investment and few restrictions in the types of operating systems and software that could be deployed.

Some of you were finding it a bit uncomfortable, in fact, because there was now an external yardstick for the price of on-demand, commodity computing and storage capacity — which drove focus and learning around the benefits that cloud computing might bring to your organizations. This led to another critical insight: access to on-demand computing as a commodity was not enough by itself.

Portability and compatibility

Why? The first challenge is both economic and technical: we learned that a lot of pilot cloud projects were brand new applications, largely because it was technically difficult to take an existing application and make it work in an external cloud. Existing systems are what an organization depends upon, and in economic terms they represent sunk cost. So the extra cost of re-writing or porting an existing system to work in a shiny new cloud environment is often a non-starter.

At the same time, you were very conscious that the majority of IT dollars go into keeping the lights on for existing systems – so the cloud’s ability to reduce some of those costs or avoid new ones (e.g. a datacenter build out) was attractive.

As a result, a key feature of all vCloud Datacenter services is VMware-certified compatibility and portability: you can take existing virtualized applications and move them to the a public cloud provider of their choice with little or no rework.

Much as I wish there was no rework at all, some systems have assumptions about the operating environment baked into them – such as IP address ranges  – which means there is some work to remove those assumptions. But, with systems that don’t have that kind of restriction – and there are lots of those – there is no need to wait for an internal cloud deployment. You can start getting cloud computing benefits right away using the virtualization technology you’re already familiar with: VMware.

Security

Another important area that we heard about time and again was security. Consequently, security is a key part of vCloud Datacenter services. There are three parts to this: the security of the cloud infrastructure itself, the applications running in the cloud, and the access and authentication rights for cloud users within your organization.

You told us it wasn’t enough that the infrastructure and apps are protected; security teams and auditors need to be able to verify and document it too. To deliver on that, vCloud Datacenter service infrastructure has to meet a strict set of physical and logical security controls, with all logs available for inspection by third party auditors. We developed a control set derived from ISO 27001 and consistent with SAS70 Type II for that purpose, which our service provider partners implement.

We also took advantage of the new vShield Edge and vCloud Director “follow the app” virtual security, which provides a full stateful firewall (again, the logs are available for audit), virtual Layer 2 networking, and full Layer 2 network isolation. As a result, security policy and implementation automatically follow the app, regardless of where it lands physically. (There will be more on this in another blog post.)You also get full role-based access control, authenticated against your own enterprise directory so that you have the kind of access and authorization security you’re used to.

In short, we think the enterprise cloud is about three things: agility for computing services, portability of  existing virtualized applications, and security – not just the protection you expect, but also the transparency required to pass audit.

I’ll be writing more about our experiences working with customers who are building enterprise cloud environments in future blog posts.  In the meantime you’ll find more details on vmware.com