VMware and AWS Together - VMware Cloud on AWS
- 1. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Paul Bockelman, AWS Principal Solutions Architect (WWPS) April 18, 2017 VMware and AWS Together VMware Cloud on AWS ENT307
- 2. What to expect from the session • Why hybrid IT? • Product overview of VMware Cloud on AWS • Technical overview – review key enabling technologies • Technical drilldown - how this thing works • Illustrated use cases for an integrated VMware/AWS ecosystem
- 3. Revisiting the NIST Cloud deployment models… Private cloud The cloud infrastructure is: • operated solely for an organization. • It may be managed by the organization or a third party and… • may exist on- premises or off- premises. Community cloud The cloud infrastructure is: • shared by several organizations and supports a specific community that has shared concerns (e.g., mission, security requirements, policy, and compliance considerations). • It may be managed by the organizations or a third party and… • may exist on- premises or off- premises. Public cloud The cloud infrastructure is: • made available to the general public or a large industry group and… • is owned by an organization selling cloud services. Hybrid cloud The cloud infrastructure is: • a composition of two or more clouds (private, community, or public) that remain unique entities but are bound together by standardized or proprietary technology that enables data and application portability (e.g., cloud bursting for load balancing between clouds). The NIST Definition of Cloud Computing Authors: Peter Mell and Tim Grance - Version 15, 10-7-09 https://www.nist.gov/sites/default/files/documents/itl/cloud/cloud-def-v15.pdf
- 4. What do customers really want for hybrid IT? Run workloads on-premises Run workloads in the cloud Tight integration between on- premises and the cloud Without buying new hardware
- 5. VMware Cloud on AWS removes these barriers and enables faster hybrid cloud adoption Common challenges with hybrid cloud adoption Incongruent Networks Operational Inconsistency Need to Learn New Skillsets & Tools Multiple Monitoring & Control Mechanisms Multiple Virtual Machine Formats
- 7. VMware Cloud on AWS: Overview vRealize Suite, PowerCLI VMware Cloud on AWS AWS Global InfrastructureCustomer data center Management (vCenter Server) vCenter Server Single pane of glass and API across on-premises and cloud Access to all AWS services Amazon EC2 Amazon S3 Amazon RDS AWS Direct Connect AWS IAMAmazon Redshift … … … … AWS CloudFormation, CLI, SDK AWS Global Infrastructure Technical Preview
- 8. VMware Cloud on AWS: AWS view VMware operated, supported, and maintained Gateway … Fully configured VMware software stack running on state-of-the-art infrastructure provisioned on- demand in minutes Latest software • VCSA, ESXi, NSX, VSAN, H5 client Dynamic capacity • DRS/HA compute cluster (Intel x86) • VSAN storage cluster (SSD) • NSX network virtualization (10 Gbps+) Flexible topology • Standalone cloud cluster • Hybrid connectivity to on-premises • Cloud-to-cloud connectivity Overview NSX Manager … … … ESXi ESXi ESXi …ESXi …ESXi …ESXi VMware Cloud on AWS Single tenant (dedicated) bare metal Amazon EC2 hardware vCenter Server Technical Preview
- 9. AWS Global Infrastructure VMware Cloud on AWS: AWS integration Access to all native AWS services Amazon EC2 Amazon S3 Amazon RDS AWS Direct Connect IAMAWS IoT … … … … VMware Cloud on AWS Technical Preview
- 10. VMware Cloud on AWS: Ops and Support The fully configured VMware Cloud software stack will be provisioned, operated, and maintained directly by VMware. Overview Provisioning • Automated account creation and environment provisioning by using the API • Automated interconnection created between VMware and AWS customer accounts Operations • Support provided by VMware directly • AWS infrastructure (for VMC) support managed by VMware • Ongoing infrastructure monitoring Maintenance • Ongoing stack maintenance managed directly by VMware • Upgrade implementation and execution Technical Preview
- 11. Common scenarios and use cases There are multiple reasons and/or scenarios for why a VMware and/or AWS customer would consider VMware Cloud on AWS. Scenario 1: Maintain and expand ExpandMaintain Geo expansion Disaster recovery, backup, and continuity of operations Scenario 2: Consolidate and migrate MigrateConsolidate Data center consolidation Application migration Scenario 3: Workload flexibility Prod, dev, test, lab, and training Burst capacity Flex as needed Technical Preview
- 12. VMware Cloud on AWS: Account Structure • VMware Cloud VPC account - A new AWS solution account is created for each customer - Is owned, operated, and paid directly by VMware - Each solution account is single tenant for all ESXi hosts - Solution account is linked to a VMware Master-Payor account • AWS customer VPC account - Is owned, operated, and paid directly by the customer - VMware Cloud endpoints are automatically deployed into the customer VPC with customer consent - Has full access to VMware Cloud endpoints within the VPC - Has full access to the entire catalog of native AWS services within the AWS Region of deployment Technical Preview
- 13. VMware Cloud on AWS: Access model • VMC is delivered ‘As a Service’ with the following operational model: - AWS manages the physical resources - VMware manages the hypervisor and management components (includes monitoring, patching, upgrades, etc.) - Customer manages their VMs (and networks) • Customer access is via vCenter and VMC portal with some restrictions - No root ESXi access - No vSphere Distributed Switch (VDS) configuration access - No direct management of VM/NSX Edge access Technical Preview
- 14. VMware Cloud on AWS: Simplified mode • Auto-deploy and provision the VMC infrastructure resources via predefined VMC Portal workflows • Setup of initial networks and admin access granted to vCenter • Deploy a prescriptive network topology • Establish pre-defined VPN connectivity • Provide inbound access to workload VMs • Control Firewall access to workload VMs • Consume pre-created VMC network services • Deploy workload VMs • Attach workload VMs to networks • Create new networks • Manage IP addressing for workload VMs vSphere (H5) Web Client VI Admin Cloud Networking Admin VMC Web Portal Technical Preview
- 15. VMware Cloud on AWS: Advanced mode • Provision network and security for Custom Data Center(s) • Define and establish VPN connectivity with on premise location(s) • Define Security Groups and Policies for workload VMs • Add, modify, and/or delete network topologies • Advanced NSX use cases: Distributed firewall(s), load balancing, routing, etc. • Deploy workload VMs • Attach workload VMs to networks created by NSX admins • Create new networks • Manage IP addressing for workload VMs vSphere (H5) Web Client and/or vSphere API VI Admin / Cloud Admin NSX Manager via Full NSX UI Networking Admin Technical Preview
- 17. Compute: vSphere on “bare-metal” Compute - 36 PCPUs (72 vCPUs) - 512GB RAM - 8 x 2TB NVMe local SSD - Dedicated Host vSphere Features - vSphere HA - vMotion - DRS - Elastic DRS Storage - ESXi boot-from-EBS - 16TB NVMe-backed local raw storage Networking - 10 Gbps+ - VMware Cloud Private Endpoints vSphere Amazon EC2 Based on the I3 Instance family Technical Preview
- 18. • Industry leading private storage virtualization platform • Flash SSD on bare-metal hosts • Fully featured ü Deduplication ü Compression ü Erasure coding Storage Capabilities Storage: VSAN Disk Group 1 Disk Group 2 Write buffer Capacity Tier ESXi-01 VSAN VSAN Technical Preview
- 19. Networking: NSX Network Virtualization Platform for VMware • Industry leading private SDDC network virtualization platform • 10 Gbps+ NICs on bare-metal • Fully featured advanced networking and security services - Switching (logical layer2 networks over layer3 routing domains) - Routing - Firewalling - Load balancing - VPN NSX Technical Preview Overlay Network VM1 192.168.1.10 192.168.1.11 VXLAN 5001 VM2VM3 10.1.50.10 10.1.50.11 VM4 VXLAN 5002 10.1.50.1192.168.1.1 10.1.50.1192.168.1.1 Overlay Network Underlay Network 10.20.30.40 10.20.30.41VTEP VTEP VMware ESXi VMware ESXi
- 21. Existing customer environment Customer Data Center vSphere Environment Non-vSphere Environment ESXi Deploy a standalone NSX Edge appliance into your existing vSphere environment to extend the VMware Cloud on AWS environment to your premises. VMware Endpoints Technical Preview
- 22. Provision VMware Cloud VPC Customer Data Center vSphere Environment Non-vSphere Environment ESXi ESXi Amazon EC2 The full VMware Cloud on AWS stack will be auto-provisioned and configured at launch into a single tenant AWS account (owned and operated by VMware). VMware Endpoints VMware Cloud VPC Technical Preview
- 23. Provision or designate a target customer-owned VPC Customer Data Center Customer VPC VPC subnet VPC subnet vSphere Environment VMware Endpoints Non-vSphere Environment ESXi VMware Cloud VPC ESXi Amazon EC2 A customer-owned AWS account is created and/or assigned to interoperate with the VMware Cloud on AWS VPC. Technical Preview
- 24. Connect data center to customer-owned VPC Customer Data Center vSphere Environment Non-vSphere Environment ESXi Customer VPC VPC subnet VPC subnet AWS Direct Connect Private VIF VMware Cloud VPC ESXi Amazon EC2 Private connectivity is established from the customer data center to the customer– owned VPC (multiple options) VMware Endpoints Technical Preview
- 25. Connect data center to VMware-owned VPC Customer Data Center vSphere Environment Non-vSphere Environment ESXi Customer VPC VPC subnet VPC subnet AWS Direct Connect Private VIF VMware Cloud VPC ESXi Amazon EC2 Create a secondary transit path for a separate VLAN (and Hosted Private VIFs) from the customer data center to the VMware Cloud on AWS VPC for vMotion and cluster management traffic VMware Endpoints vMotion and Cluster Management Hosted Private VIF(s) Technical Preview
- 26. Link VMware Cloud VPC and customer VPC Customer VPC Customer Data Center AWS Direct Connect VMware Cloud Endpoints VPC subnet VPC subnet VPC subnet vSphere Environment Non-vSphere Environment ESXi VMware Cloud VPC ESXi Amazon EC2 Link the VMware Cloud VPC and the Customer VPC using private VPC endpoints VMware Endpoints vMotion and Cluster Management Hosted Private VIF(s) Private VIF Technical Preview
- 27. Deploy and consume native AWS services Customer VPC VMware Cloud VPC Customer Data Center AWS Direct Connect VMware Cloud Endpoints VPC subnet VPC subnet VPC subnet Private Managed AWS ServicesCustomer Instances vSphere Environment Non-vSphere Environment ESXi ESXi Amazon EC2 Internet Public VIF Regional AWS Services AWS Lambda Amazon S3 Amazon CloudFront Etc… VMware Endpoints vMotion and Cluster Management Hosted Private VIF(s) Private VIF Technical Preview
- 29. Operating in the hybrid ecosystem: Examples • Use X-vMotion to migrate a virtual machine from a customer data center to VMware Cloud on AWS • Copy an object from a virtual machine in VMware Cloud to an Amazon S3 bucket • Connect a virtual machine in VMware Cloud to an Amazon Redshift cluster • Connect web server hosted on a virtual machine in VMware Cloud using public Internet access Technical Preview
- 30. Operating in the hybrid ecosystem: X-vMotion Customer VPC Customer Data Center AWS Direct Connect VMware Cloud Endpoints VPC subnet VPC subnet VPC subnet Private Managed AWS ServicesCustomer Instances vSphere Environment Non-vSphere Environment ESXi Internet Private VIF Public VIF VMware Cloud VPC ESXi Amazon EC2 vMotion from site to VMware Cloud Regional AWS Services AWS Lambda Amazon S3 Amazon CloudFront Etc… VMware Endpoints vMotion and Cluster Management Hosted Private VIF(s) Technical Preview
- 31. Operating in the hybrid ecosystem: Amazon S3 Customer VPC Customer Data Center AWS Direct Connect VMware Cloud Endpoints VPC subnet VPC subnet VPC subnet Private Managed AWS ServicesCustomer Instances vSphere Environment Non-vSphere Environment ESXi Internet Private VIF Public VIF VMware Cloud VPC ESXi Amazon EC2 Copy an object from virtual machine to S3Regional AWS Services AWS Lambda Amazon S3 Amazon CloudFront Etc… VMware Endpoints vMotion and Cluster Management Hosted Private VIF(s) Technical Preview
- 32. Operating in the hybrid ecosystem: Amazon Redshift Customer VPC Customer Data Center AWS Direct Connect VMware Cloud Endpoints VPC subnet VPC subnet VPC subnet Private Managed AWS ServicesCustomer Instances vSphere Environment Non-vSphere Environment ESXi Internet Private VIF Public VIF VMware Cloud VPC ESXi Amazon EC2 Connect virtual machine to Amazon RedshiftRegional AWS Services AWS Lambda Amazon S3 CloudFront Etc… VMware Endpoints vMotion and Cluster Management Hosted Private VIF(s) Technical Preview
- 33. Operating in the hybrid ecosystem: VM internet access Customer VPC Customer Data Center AWS Direct Connect VMware Cloud Endpoints VPC subnet VPC subnet VPC subnet Private Managed AWS ServicesCustomer Instances vSphere Environment Non-vSphere Environment ESXi Internet Private VIF Public VIF VMware Cloud VPC ESXi Amazon EC2 Connect to a virtual machine from the Internet Assign Elastic IP Configure NAT Regional AWS Services AWS Lambda Amazon S3 Amazon CloudFront Etc… VMware Endpoints vMotion and Cluster Management Hosted Private VIF(s) Technical Preview
- 34. Security and governance • VMware Cloud transit endpoints rest within the customer-owned VPC • Customers maintain access security control of the transit path using standard AWS security practices (security groups, NACL, flow logs, and so on) • vMotion traffic is encrypted (new in 6.5) • VM-level encryption (new in 6.5) • Audit-quality logging (new in 6.5) • Fully managed offering delivered by VMware • VMware manages the infrastructure patching and upgrades of the VMware Cloud environment Technical Preview
- 36. Stay up to Date! http://aws.amazon.com/vmware Quarterly Newsletter
- 37. Thank you!