VMware vCloud Suite - 5.8 Architecture Overview and Use Cases

vCloud Suite Architecture Overview and

Use Cases

vCloud Suite 5.8

This document supports the version of each product listed and
supports all subsequent versions until the document is
replaced by a new edition. To check for more recent editions
of this document, see http://www.vmware.com/support/pubs.

EN-001564-00

vCloud Suite Architecture Overview and Use Cases

You can find the most up-to-date technical documentation on the VMware Web site at:

http://www.vmware.com/support/

The VMware Web site also provides the latest product updates.

If you have comments about this documentation, submit your feedback to:

docfeedback@vmware.com

Copyright © 2014 VMware, Inc. All rights reserved. Copyright and trademark information.

VMware, Inc.

3401 Hillview Ave.
Palo Alto, CA 94304
www.vmware.com

2 VMware, Inc.

Contents

About this book 5

Introduction to vCloud Suite 7

1

List of vCloud Suite Components 7

Architecture Overview 11

2

Conceptual Design of a vCloud Suite Environment 13

vCloud Suite Components in the Management Cluster 15

Software-Defined Data Center Core Infrastructure 16

Delivering an Infrastructure Service 22

Delivering Platform as a Service 25

Deploying vCloud Suite 27

3

Install vCloud Suite Components 27

Update vCloud Suite Components 29

External Dependencies for Deploying vCloud Suite 30

System Requirements of vCloud Suite Components 31

Security Considerations 31

Licensing 41

vCloud Suite Use Cases 51

4

Disaster Recovery to Cloud 51

Infrastructure Provisioning 57

Index 63

VMware, Inc. 3

vCloud Suite Architecture Overview and Use Cases

4 VMware, Inc.

About this book

The vCloud Suite Architecture Overview and Use Cases publication provides information about the design and
capabilities of cloud environments based on VMware vCloud® Suite.

vCloud Suite is a collection of interoperable VMware products. vCloud Suite Architecture Overview and Use
Cases provides a listing of components, high-level design guidelines for vCloud Suite deployment and
operation, as well as example use cases.

The provided architecture overview is based on concepts from the practical approach used by the VMware
Professional Services organization.

vCloud Suite Architecture Overview does not include detailed installation and configuration instructions for
individual components. You can find that information in the dedicated documentation sets for individual
VMware products.

Intended Audience

This information is intended for IT professionals and business decision makers with prior knowledge of
virtualization and data center operations, who want to understand the capabilities of vCloud Suite and learn
about recommended deployment models and example use cases.

VMware Technical Publications Glossary

VMware Technical Publications provides a glossary of terms that might be unfamiliar to you. For definitions
of terms as they are used in VMware technical documentation, go to

http://www.vmware.com/support/pubs.

VMware, Inc.

5

vCloud Suite Architecture Overview and Use Cases

6 VMware, Inc.

Introduction to vCloud Suite 1

vCloud Suite lets you build and operate software-defined data centers based on vSphere. vCloud Suite
contains components that must be integrated to deliver IT as a service.

You download, install, and configure vCloud Suite components separately. When deployed and configured,
the interoperable components enable the software-defined data center (SDDC), where resources are
virtualized and available as a service. Control of the data center is fully automated by software, and
hardware configuration is maintained through software systems. vCloud Suite makes it possible for
workloads to run in private, public, or hybrid clouds.

Individual products in vCloud Suite are delivered as either installation packages for Windows or Linux­based virtual appliances that you can deploy on ESXi hosts.

You can extend your vCloud Suite by using VMware vCloud Air as a second site in your datacenter
environment. Use vCloud Suite together with with the vCloud Air to satisfy business needs such as business
continuity and burst capacity.

vCloud Suite can serve the needs of different organizations, from SMBs to large enterprises and
organizations in the public sector.

List of vCloud Suite Components

A vCloud Suite edition contains individual products with different versions. To ensure interoperability, you
should verify that the components of your vCloud Suite environment are the correct versions.

vCenter Server is required for building the core inrastructure of the software-defined data center.

Table 1‑1. Components of vCloud Suite 5.8 and their versions

Product name Version Description

ESXi 5.5 Update 2 Provides bare-metal virtualization of

servers so you can consolidate your
applications on less hardware.

vCenter Server 5.5 Update 2 Provides a centralized platform for

managing vSphere environments.

vCenter Orchestrator 5.5.2 Provides the capability to create

workflows that automate activities
such as provisioning virtual machine,
performing scheduled maintenance,
initiating backups, and many others.

vCenter Update Manager 5.5 Update 2 Provides centralized, automated patch

and version management for vSphere
and offers support for ESXi hosts,
virtual machines, and virtual
appliances.

VMware, Inc. 7

vCloud Suite Architecture Overview and Use Cases

Table 1‑1. Components of vCloud Suite 5.8 and their versions (Continued)

Product name Version Description

vCloud Networking and Security 5.5.3 Provides a security suite for vSphere.

vCloud Director 5.5.2 Provides the ability to build secure,

vCloud Automation Center 6.1 Provides functionality for deploying

vCloud Automation Center
Application Service

vCenter Operations Manager 5.8.3 Provides comprehensive visibility and

vCenter Configuration Manager 5.7.2 Provides automation of configuration

vCenter Hyperic 5.8.2 Provides monitoring of operating

vCenter Infrastructure Navigator 5.8.2 Provides automated discovery of

vSphere Replication 5.8 Provides replication, at the individual

vCenter Site Recovery Manager 5.8 Provides disaster recovery capability

vSphere Data Protection 5.8 Provides advanced data protection

vCloud Networking and Security
(formerly vShield) is a critical security
component for protecting virtualized
datacenters from attacks and misuse to
help you achieve your compliance­mandated goals.

multi-tenant clouds by pooling virtual
infrastructure resources into virtual
datacenters.

and provisioning of business-relevant
cloud services across private and
public clouds, physical infrastructure,
hypervisors, and public cloud
providers.

vCloud Automation Center Enterprise
includes
vCloud Automation Center
Application Service.

6.1 Provides automated application
provisioning in the cloud including
deploying and configuring the
application's components and
dependent middleware platform
services on infrastructure clouds.

insights into the performance, capacity
and health of your infrastructure.

and compliance management across
your virtual, physical and cloud
environments, assessing them for
operational and security compliance.

systems, middleware and applications
running in physical, virtual, and cloud
environments.

application services, visualizes
relationships, and maps dependencies
of applications on virtualized
compute, storage and network
resources.

virtual machine disk level, between
datastores hosted on any storage.

that lets you perform automated
orchestration and nondisruptive
testing for virtualized applications.

with backup and recovery to disk via
VMware vSphere with Operations
Management Data Protection features.

8 VMware, Inc.

Chapter 1 Introduction to vCloud Suite

Table 1‑1. Components of vCloud Suite 5.8 and their versions (Continued)

Product name Version Description

vSphere Big Data Extensions 2.0 Simplifies running Big Data workloads

on the vSphere platform.

vSphere App HA 1.1 Provides high availability for the

applications that are running on the
virtual machines in your environment.

vCenter Support Assistant 5.5.1.1 Provides proactive support, by

collecting support bundles on a
regular basis.

VMware, Inc. 9

vCloud Suite Architecture Overview and Use Cases

10 VMware, Inc.

Architecture Overview 2

To enable the full set of vCloud Suite features, you must perform a series of installation and configuration
operations. The software-defined data center provides different types of capabilities, with more complex
features building on top of underlying infrastructure.

Delivering the full operational capabilities of vCloud Suite to your organization or clients is a structured
process. In a large organization, it might involve cycles of assessment, design, deployment, knowledge
transfer, and solution validation. Depending on your organization, you should plan for an extended process
that involves different roles.

Not every environment needs the full scope of vCloud Suite capabilities at a given time. Start by deploying
the datacenter core infrastructure, because it enables you to add capabilities as your organization requires
them. Each of the software-defined data center layers might require you to plan and perform a separate
deployment process.

VMware, Inc.

11

Self-service application

development

Application blueprinting

Application deployment

standardization

Infrastructure Service

Self-service user portal

Low administration

overhead

Management

Monitoring with performance

and capacity

Orchestration

Virtualization of physical compute, storage, and network assets

Catalogs and

standard templates

Software-defined Data Center Core Infrastructure

Application Platform Service

vCloud Suite Architecture Overview and Use Cases

Figure 2‑1. Layers of the Software-Defined Data Center

SDDC Core
Infrastructure

Infrastructure Service

Application Platform
Service

You can enhance your vCloud Suite environment by integrating additional products and services by
VMware, in order to enable capabilities such as disaster recovery to cloud, software-defined storage, and
software-defined networking. For information about implementing failover protection for virtual machines
in vCloud Air, see “Disaster Recovery to Cloud,” on page 51.

The basis of the vCloud Suite deployment is the resource abstraction layer.
By using VMware software, you can virtualize compute, network, and
storage resources in your data center and abstract them from the underlying
hardware. ESXi and vCenter Server enable you to establish a robust
virtualized environment into which all other solutions integrate. The
resource abstraction layer provides the foundation for the integration of
orchestration and monitoring solutions by VMware. Additional processes
and technologies build on top of the infrastructure to enable infrastructure as
a service and platform as a service.

Infrastructure services introduce fast, self-service provisioning of virtual
machines to physical, virtualized, or hybrid clouds. The IaaS layer is
represented mainly by vCloud Automation Center, which provides service
provisioning, catalog management, policy based management ,and
authorization.

The application platform service enables end-to-end deployment and
configuration of applications, along with their dependencies, to a target
deployment infrastructure.

12 VMware, Inc.

Chapter 2 Architecture Overview

Conceptual Design of a vCloud Suite Environment on page 13

n

To start deploying vCloud Suite, you need a small number of physical hosts. Distribute your hosts into
three types of clusters, in order to establish the foundation of a deployment that can later scale to tens
of thousands of VMs.

vCloud Suite Components in the Management Cluster on page 15

n

The number of vCloud Suite components in the management cluster increases as you add capabilities.
A management cluster can contain a minimal set of products, and you expand it as needed.

Software-Defined Data Center Core Infrastructure on page 16

n

The core of vCloud Suite environments consists of vSphere and the associated monitoring and
orchestration products, such asvCenter Operations Manager and vCenter Orchestrator.

Delivering an Infrastructure Service on page 22

n

The ability to deliver infrastructure as a service represents the technological and organizational
transformation from traditional data center operations to cloud. The infrastructure service lets you
model and provision VMs and services across private, public, or hybrid cloud infrastructure.

Delivering Platform as a Service on page 25

n

Platform-as-a-Service (PaaS) lets you model and provision applications across private, public, and
hybrid cloud infrastructures.

Conceptual Design of a vCloud Suite Environment

To start deploying vCloud Suite, you need a small number of physical hosts. Distribute your hosts into three
types of clusters, in order to establish the foundation of a deployment that can later scale to tens of
thousands of VMs.

Management, Edge, and payload clusters run the entire vCloud Suite infrastructure, in addition to customer
workloads.

Deploying and leveraging vCloud Suite is a process that involves both technological transformation and
operational transformation. As new technologies are deployed in the data center, your organization must
also implement appropriate processes and assign the necessary roles.

In the diagram below, technological capabilities in color appear over organizational constructs in grayscale.

VMware, Inc. 13

Organization

Operations

Provider

IT Business

Control

Service

Control

Operations

Control

Infrastructure

Control

Orchestration

Virtualization Management

Management cluster

Edge cluster Payload cluster

● Start with three hosts

● Start with three hosts

● Start with three hosts

● Start with two clusters

Load balancer

Tenant

Portal

IaaS, PaaS, ITaaS Engine

Portal

Performance

and

capacity

management

vCloud Suite Architecture Overview and Use Cases

Figure 2‑2. Conceptual Design of a vCloud Suite environment

Management cluster

Edge cluster

Payload cluster

The hosts in the management cluster run all management components
required to support the software-defined data center. A single management
cluster is required within a physical location. ESXi hosts running in the
management cluster can be manually installed and configured to boot using
local hard drives.

A management cluster provides resource isolation. Production applications,
test applications, and other types of applications cannot use the cluster
resources reserved for management, monitoring, and infrastructure services.
Resource isolation helps management and infrastructure services to operate
at their best possible performance level. A separate cluster can satisfy an
organization's policy to have physical isolation between management and
production hardware.

The Edge cluster supports network devices that provide interconnectivity
between environments. It provides protected capacity by which internal data
center networks connect via gateways to external networks. Networking
edge services and network traffic management take place in the cluster. All
external facing network connectivity terminates in this cluster.

The ESXi hosts in the edge cluster are managed by a dedicated
vCenter Server instance paired with VMware vCloud Networking and
Security. Payload clusters that require access to external networks are
managed by the same vCenter Server instance. As the platform scales, you
should deploy additional Edge clusters to service specific groups of payload
clusters.

This specialized cluster will likely be small and can be made up of older, less
capable server systems when compared to the management and payload
clusters.

The payload cluster supports the delivery of all consumer workloads. The
cluster remains empty until a consumer of the environment begins to
populate it with virtual machines. You can scale up by adding more payload
clusters.

14 VMware, Inc.

You can create new edge and payload clusters, scale up, or scale out, as the data center grows in size.

NOTE You can choose to combine the management and Edge clusters into a single entity. However, the
model with three types of clusters provides the best basis for scaling your environment.

vCloud Suite Components in the Management Cluster

The number of vCloud Suite components in the management cluster increases as you add capabilities. A
management cluster can contain a minimal set of products, and you expand it as needed.

Typically, you deploy more vCloud Suite components in the management cluster than you do in other types
of clusters.

Figure 2‑3. VMware products in the management cluster

Chapter 2 Architecture Overview

Minimal set of
components

Extended set of
components

VMware, Inc. 15

An example set of VMware products required for the management cluster
always includes a vCenter Server instance. vCenter Orchestrator is a
vCloud Suite component that you should deploy at early stage, in order to
prepare the environment for IaaS and PaaS capabilities.

As the complexity of the environment increases, you install and configure
additional products. vCenter Operations Manager and related products
provide advanced monitoring features. vCloud Automation Center is the key
element of your IaaS solution. A vCenter Site Recovery Manager instance
provides replication to a secondary site.

Virtualization

Orchestration Monitoring

SDDC

Infrastructure

Ready

vCloud Suite Architecture Overview and Use Cases

Software-Defined Data Center Core Infrastructure

The core of vCloud Suite environments consists of vSphere and the associated monitoring and orchestration
products, such asvCenter Operations Manager and vCenter Orchestrator.

The software-defined data center infrastructure layer includes the core virtualization, monitoring, and
orchestration sub-layers. The infrastructure enables consolidation and pooling of physical resources, in
addition to providing orchestration and monitoring capabilities, while reducing the costs associated with
operating an on-premise data center.

Once the SDDC infrastructure is in place, you can extend it to provide Infrastructure as a Service (IaaS) and
Platform as a Service (PaaS) offerings to consumers of IT resources inside or outside the organization. IaaS
and PaaS complete the SDDC platform, and provide further opportunities for extending capabilities. With
IaaS and PaaS, you increase the agility of IT and developer operations.

Figure 2‑4. The stages of building the software-defined data center infrastructure

Virtualization and Management as an Element of vCloud Suite Infrastructure on page 16

n

VMware products provide the virtualization and management capabilities required for the
vCloud Suite foundation. You should consider the design choices that are available to you.

Monitoring as an Element of vCloud Suite Core Infrastructure on page 19

n

Monitoring is a required element of a software-defined data center. The monitoring element provides
capabilities for performance and capacity management of related infrastructure components,
including requirements, specifications, management, and their relationships.

Orchestration as an Element of vCloud Suite Core Infrastructure on page 21

n

The software-defined data center requires orchestration capability. In vCloud Suite, you can use
vCenter Orchestrator to orchestrate processes by using workflows.

Virtualization and Management as an Element of vCloud Suite Infrastructure

VMware products provide the virtualization and management capabilities required for the vCloud Suite
foundation. You should consider the design choices that are available to you.

Virtualization and management components are the core of the software-defined data center. For
organizations of all sizes, they reduce costs and increase agility. Establishing a robust foundation for your
datacenter requires you to install and configure vCenter Server and ESXi, as well as supporting components.

ESXi and vCenter Server Design Considerations on page 17

n

Design decisions for the virtualization component of the software-defined data center must address
the deployment and support specifics of ESXi and vCenter Server.

Network Design Considerations on page 17

n

As virtualization and cloud computing become more popular in the data center, a shift in the
traditional three-tier networking model is taking place. The traditional core-aggregate-access model is
being replaced by the leaf and spine design.

Shared Storage Design Considerations on page 18

n

A proper storage design provides the basis for a virtual data center that performs well.

16 VMware, Inc.

Chapter 2 Architecture Overview

ESXi and vCenter Server Design Considerations

Design decisions for the virtualization component of the software-defined data center must address the
deployment and support specifics of ESXi and vCenter Server.

Consider the following design decisions when planning the deployment of ESXi hosts.

ESXi

Use a tool such as VMware Capacity Planner to analyze the the performance and use of existing servers.

n

Use supported server platforms that are listed in the VMware Compatibility Guide at

n

http://www.vmware.com/resources/compatibility.

Verify that your servers meet the minimum required system requirements for running ESXi.

n

To eliminate variability and achieve a manageable and supportable infrastructure, standardize the

n

physical configuration of the ESXi hosts.

You can deploy ESXi hosts either manually or by using VMware Auto Deploy. One valid approach is to

n

deploy the management cluster manually, and implement Auto Deploy as your environment grows.

vCenter Server

You can deploy vCenter Server as a Linux-based virtual appliance or in a 64-bit Windows virtual

n

machine.

NOTE vCenter Server on Windows scales up to support up to 10,000 powered-on virtual machines. The
vCenter Server Virtual Appliance is an alternative choice that comes pre-configured and enables faster
deployment method along with reduced Microsoft licensing costs. When using an external Oracle
database, the vCenter Server Virtual Appliance can support a maxium of 3,000 virtual machines.

Provide sufficient virtual system resources for vCenter Server.

n

Deploy the vSphere Web Client and the vSphere Client for user interfaces to the environment. Deploy

n

the VMware vSphere Command-Line Interface, VMware vSphere PowerCLI, or VMware vSphere
Management Assistant for command-line and scripting management.

Network Design Considerations

As virtualization and cloud computing become more popular in the data center, a shift in the traditional
three-tier networking model is taking place. The traditional core-aggregate-access model is being replaced
by the leaf and spine design.

The network must be designed to meet the diverse needs of many different entities in an organization.

n

These entities include applications, services, storage, administrators, and users.

The network design should improve availability. Availability is typically achieved by providing

n

network redundancy

The network design should provide an acceptable level of security. Security can be achieved through

n

controlled access where required and isolation where necessary.

Simplify the network architecture by using a leaf and spine design.

n

Configure common port group names across hosts to support virtual machine migration and failover.

n

Separate the network for key services from one another to achieve greater security and better

n

performance.

Network isolation is often recommended as a best practice in the data center. In a vCloud Suite
environment, you might have several key VLANs, spanning two or more physical clusters.

VMware, Inc. 17

Management cluster

Edge cluster

Payload cluster

VLAN ESXi/DHCP Helper

VLAN IP Storage

VLAN vMotion

VLAN Fault Tolerance

VLAN Management Server

VLAN Fault Tolerance

VLAN Transport/VXLAN VLAN Transport/VXLAN

VLAN Internet

VLAN DMZ

VLAN vMotion VLAN vMotion

VLAN IP Storage VLAN IP Storage

VLAN ESXi/DHCP Helper VLAN ESXi/DHCP Helper

Internet/DMZ

Sample ESXi host Sample ESXi host Sample ESXi host

vCloud Suite Architecture Overview and Use Cases

Figure 2‑5. Network isolation in the software-defined data center

ESXi/DHCP Helper

The helper network is used for PXE booting ESXi images by using Auto
Deploy.

IP Storage

Network storage traffic over Ethernet should be isolated for performance
and security reasons.

vMotion

vMotion traffic is not encrypted by default. Isolate the vMotion traffic to
increase security while migrating the state of virtual machines and the
contents of virtual disks between hosts.

Fault Tolerance

Management Server

Shared Storage Design Considerations

FT logging traffic should use a dedicated VLAN.

Management traffic between vCenter Server and ESXi hosts.

A proper storage design provides the basis for a virtual data center that performs well.

The storage design must be optimized to meet the diverse needs of applications, services,

n

administrators, and users.

Tiers of storage have different performance, capacity, and availability characteristics.

n

Designing different storage tiers is cost efficient, given that not every application requires expensive,

n

high-performance, highly available storage.

n

Fibre Channel, NFS, and iSCSI are mature and viable options to support virtual machine needs.

18 VMware, Inc.

Chapter 2 Architecture Overview

Monitoring as an Element of vCloud Suite Core Infrastructure

Monitoring is a required element of a software-defined data center. The monitoring element provides
capabilities for performance and capacity management of related infrastructure components, including
requirements, specifications, management, and their relationships.

VMware monitoring components in vCenter Operations Manager Suite include the following products:

Table 2‑1. Monitoring products in vCloud Suite

Monitoring component Description

vCenter Operations Manager Provides comprehensive visibility and insights into the

performance, capacity and health of your infrastructure.

vCenter Infrastructure Navigator Automatically discovers application services, visualizes

relationships and maps dependencies of applications on
virtualized compute, storage and network resources.

vCenter Hyperic Monitors application health and is fundamental to the

operation of VMware AppHA.

A subset of the products can be deployed without damaging the integrity of the solution.

vCenter Operations Manager is distributed as virtual appliance that you can deploy on ESXi hosts. You
need to configure the virtual appliance and register it with a vCenter Server system. For an in-depth
discussion of vCenter Operations Manager and related products, see

https://www.vmware.com/support/pubs/vmware-vcops-suite-pubs.html.

VMware, Inc. 19

vCenter

vCenter Operations vApp

UI VM

Admin

WebApp

Custom

WebApp

vSphere
WebApp

Capacity Analytics

Postgres

DB

Postgres

DB

FSDB

DB

ActiveMQ

Collector

Analytics VM

Performa nce Analytics

VPN

Hyperic

Log Insight

Network

Complia nce

Storage

Adapters enabled

Management Cluster

Edge Cluster

Payload Clusters

vCenter

vCenter Adapter

vCloud Suite Architecture Overview and Use Cases

Figure 2‑6. Monitoring with vCenter Operations Manager

The vCenter Operations Manager vApp contains two virtual machines. One of the virtual machines runs the
analytics engine, and the other runs the user interface component. Plug-ins enable you to add additional
functionality, according to the needs of your environment. You can use and configure vCenter Operations
Manager by using the Web-based interface.

20 VMware, Inc.