VMware Cloud on Dell EMC, known as “Project Dimension” before launching earlier this year at Dell Technologies World, is an on-premises SDDC-as-a-Service that is based on the latest VMware Cloud infrastructure software and Dell EMC VxRail hardware. Now that VMware Cloud on Dell EMC is no longer in beta, we can take a closer look at the underlying technology. Let’s start with the various networking elements found in each fully managed rack.
Data center networking is a specialized skill, but for those with prior experience managing VMware vSphere deployments, the architecture behind VMware Cloud on Dell EMC is straightforward. The design is highly prescriptive, a necessity that allows for determinism in system deployment and support, while avoiding impediments to scale.
During the ordering process, customers will be prompted for several IP subnets in CIDR notation. These networks will be incorporated into the SDDC configuration during bring up, before shipment to the final destination. This workflow greatly simplifies the “day 1” experience, which merely requires that a Dell EMC technician connect network and power cables on site – nothing is racked or configured at the customer location.
The following image depicts the stage of the ordering experience where customers are asked to provide management network information:
The subnets that a customer selects for the following tasks will be from the private IP blocks defined in RFC 1918, and must not overlap with other networks in use by that customer. Not all of them need to be routable within the enterprise network – see the descriptions below for specifics.
Let’s start in the cloud and work our way down.
Org Cloud Management Network
When a customer initially subscribes to VMware Cloud services, a parent organization (Org) must first be created for that customer. Multiple individuals can be invited to join a customer organization and they can be granted different roles and permissions depending on their responsibilities. A single organization may be subscribed to a variety of VMware Cloud services, such as VMware Cloud on AWS or VMware Cloud on Dell EMC. Customers can deploy multiple instances of these services and the organization is used to keep tabs on the entire collection.
For each customer organization, a dedicated AWS Virtual Private Cloud (VPC) is created to keep SDDC management traffic segregated from other customers. This cloud-based backend is used for automated lifecycle management and monitoring, as well as any troubleshooting activities that must be performed by VMware site reliability engineers.
This subnet does not need to be routable from other networks in the enterprise, but it must still be unique because the instances running in this VPC must connect to each on-prem SDDC. Therefore, this subnet must not overlap or conflict with other management networks related to any of the customer SDDCs.
There is just one Org Cloud Management Network per organization, and it must be a /24 subnet.
VeloCloud SD-WAN IP Address
In order to securely connect to and manage each VMware Cloud on Dell EMC deployment, an encrypted tunnel is established by using the VeloCloud SD-WAN network. This is a simple and reliable approach that does not require complex firewall configuration settings or deep enterprise networking skills. The other end of this tunnel is terminated in the customer VPC mentioned above, enabling the cloud-based lifecycle management and monitoring of each rack.
A pair of VeloCloud devices are part of the rack architecture. One of the unique attributes behind VeloCloud HA is that the devices share a single external IP address and they are deployed in a highly available cluster configuration, without the need for an additional external-facing IP address for each individual unit. This is part of the design and enabled by the direct connection between the active and standby devices. Although this address can be obtained through DHCP, we anticipate most customers will prefer to have more strict control that a static IP address offers.
Customers must provide just a single IP address from an existing network, and that IP must be allowed to initiate a connection to the Internet on two ports, TCP 443 and UDP 2426, to establish a tunnel from the VeloCloud HA cluster to secure VeloCloud gateways on the Internet.
Out-of-Band Management Network
If the need arises, VMware engineers can perform low-level troubleshooting and other diagnostics by connecting directly to the management ports of the various networking devices as well as to the iDRAC ports on the VxRail systems. This traffic flows through the secure VeloCloud tunnel, described earlier, to the dedicated physical management switch that is part of each rack.
Customers do not have access to this network, so this subnet does not need to be routable to and from the enterprise. However, the CIDR block does need to be unique so that it does not conflict with other current or future management networks. The size of this subnet must be /26.
SDDC Management Network
The management network that is most familiar to vSphere administrators is called the “SDDC Management Network” in VMware Cloud on Dell EMC and is used for elements such as the VMware ESXi management interfaces, vCenter Server, and other related virtual appliances. This network should be routable to other select networks in the data center in order to be able to access existing customer SDDCs in the future. This connectivity will enable various management and migration use cases.
The SDDC Management Network must be a /24 CIDR block and network administrators should restrict access via ACLs and firewalls, as applicable.
Takeaways
VMware Cloud on Dell EMC is an innovative new offering that provides cloud-like agility for on-prem SDDC infrastructure. VMware automates the monitoring and lifecycle management, allowing customers to focus on the apps that differentiate their businesses.
In order for VMware to manage and operate at scale, secure and reliable networking is fundamental. This is enabled by a prescriptive and proven architecture that is built and configured by Dell EMC before delivery to the customer site. Customers are asked to allocate several subnets during the ordering process that will be used for different types of management traffic.
For more information on VMware Cloud on Dell EMC, visit the product page, see us at VMworld, or talk to your account team.
