When looking for service providers for hosted infrastructure, some customers require dedicated infrastructure for their workloads. Whether the customer is looking for additional separation for security or more predictable performance of hosted workloads, service providers will need tools that enable them to provide dedicated hardware service for customers while reducing their operational overhead. In some scenarios, providers will implement managed vSphere environments for customers to satisfy this type of request and then manage the individual vSphere environments manually or with custom automation and orchestration tools. However, it is also possible to leverage vCloud Director to provide dedicated hardware per customer while also providing a central management platform for service providers to manage multiple tenants. In this post, we will explore how this can be accomplished with ‘out of the box’ functionality in vCloud Director.
vCloud Director Allocation Models
vCloud Director has three different allocation models
- Pay as You Go (PAYG) Model – commitment of resources only when users create vApps within the Organization Virtual Datacenter.
- Allocation Pool Allocation Model – a percentage of the resources that have been allocated from the Provider Virtual Datacenter are committed to the Organization Virtual Datacenter
- Reservation Pool Allocation Model – Full commitment of allocated resources are provided to the Organization Virtual Datacenter.
For the use case discussed in the post, the most suitable allocation models are the Reservation Pool Allocation Model and the Pay as you Go Allocation model. Both can be used to provide dedicated compute and storage resources for each Tenant while providing centralized management of Tenant organizations catalogs and related components. The Reservation Pool Model can be used when the service provider maintains a fixed host count per customer. The Pay as you Go allocation model is best used to reduce service provider overhead when tenants are expected to request manual scale out and scale in of compute resources (ESXi hosts) in the cluster.
Dedicated Hosted Cloud with Reservation Pool Allocation
Using the Reservation Pool Allocation model, VMware Cloud Providers can provide per tenant separation of compute resources. The following diagram shows a conceptual overview of this model.
In this model, each tenant will be mapped to a single Provider Virtual Datacenter that is mapped to a single vSphere cluster which is dedicated to tenant. The compute and storage resources of the cluster are dedicated on a per tenant basis. While the External Network can be shared across tenants for outbound network traffic, all network communication inside each tenant’s organization VDC is isolated via VXLAN tunnels provided by NSX.
Dedicated Hosted Cloud Logical Overview
From a cloud component standpoint, the VMware Cloud Provider Cloud Management layer will consist of one vCloud Director instance, paired with one or more Resource Groups. A Resource Group is a logical grouping of a vCenter – NSX Manager pair and the underlying connected vSphere clusters. An initial deployment would typically consist of one Resource Group with additional Resource Clusters added to the Resource Group as tenants are onboarded to the cloud.
Due to the designation of one cluster per PVDC to one OrgVDC, if a customer requires multiple tiers of compute, it will be necessary to provide this via a separate cluster presented to different PVDC and then to separate Organization VDC. Initial cluster host sizing depends on the client’s compute requirements, but it is beneficial to standardize on cluster sizing across customers when possible for manageability.
This use case could also support a design in which one tenant requires dedicated resources for different business units within the company.
Each vCenter deployed for use with vCloud Director will require an associated NSX Manager as well as NSX Controllers that will be deployed into an Edge/Shared cluster within the Resource Group. This cluster can be used solely for NSX controllers or can be leveraged by the Service Provider for other functions such as testing or cloud operation workloads as well as the for the location of Public Catalogs for consumption by tenants. If this cluster is shared, Resource Pools should be implemented, one for the NSX Controllers and a second (or more) for backing the Provider VDC consumed by the service provider Organization in vCloud Director. It is also important to configure Anti-affinity rules for NSX Controllers to ensure that controllers run on separate hosts in the cluster.
While service levels of compute performance are fixed in this model, service providers can present different storage tiers to tenants via Storage Profiles based on the storage policies configured in the underlying vCenter.
When planning for the scalability of this use case, it is important to consider the additional components or objects that are included in the solution. The first step is reviewing the respective maximum guides for vCloud Director, vSphere and NSX. While these documents reference maximum configurations for different components and features, it is important to remember that all maximums in one product or feature could limit the maximums in another product of feature. For example, vCloud Director 9.0 currently supports up to 20 vCenters per instance and 25,000 powered on VMs. However, if an implementation requires more than 25000 VMs, it would be necessary to either limit the vCloud Director to one instance of vCenter or, split the tenant VM workloads across several vCenters. The key point is to make sure that the necessary configuration maximums are evaluated for all key components to determine the scalability impacts on the deployment. For more details on configuration maximums, please consult the VMware vCloud Director Configuration Maximums, VMware vSphere Configurations Maximums and VMware NSX Configuration Maximum guides.
In this post, we looked at an example of how VMware Cloud service providers can use vCloud Director to offer dedicated compute and storage management to customers. By using vCloud Director as the CMP, service providers have a solution that allows centralized management of resources and catalog offerings while maintaining physically separate compute resources.