VMware Management & Automation TechCon - Stefan Verhoef& … › wp-content › uploads › 2019 › 10 › v... · 2019-10-03 · VMware partners (VMC) Versioned Blueprints Blueprints

vMATechCon

2019 #vmatechcon2019

vRealize Automation CloudNetworking met NSX-T

Stefan Verhoef & Viktor van den Berg

vMATechCon


Stefan VerhoefStefan VerhoefSDDC Consultant @ PQRVCIX-CMA, VCP-NV, VCP-DCV

@[email protected]

vMATechCon


Viktor van den BergViktor van den BergSolutions Engineer @ VMware NLVCDX-DCV, VCIX-CMA, VCIX-NV

@[email protected]://www.viktorious.nl

vMATechCon


Agenda

• vRealize Automation Cloud• NSX-T• Architectuur• Scenario’s – demo!

• Existing• App Secure• Routed• Routed w/ Micro Segmentation• Load Balancer

vMATechCon


vRealize Automation Cloud

vMATechCon



Cloud management platform

Infrastructure as CodeEnable DevOps

Multi-cloud

</>

ExtensiblePolicy-based governance

Modern architecture Easy install

Quick time-to-value

Public CloudData CenterEdge Managed Data Center

vMATechCon


Cloud AssemblyTM

VMwareCode StreamTM

VMwareService BrokerTM

VMware

Lease

Resource

Cost

Power schedule Approval

Naming

Tagging

Notification

Catalog Items

START

STOP

SCALE OUT

Cloud Assembly

Azure ARM*AWS CFT K8s*

+GOVERNANCE POLICIES

DEV PRODSTAGE

DEPLOY DEPLOYDEPLOY

TASK … TASK … TASK …

VMware Marketplace

Brownfield Greenfield

DIY

vRO* Pivotal*

* Indicate Templates and Services that are Coming Soon


vMATechCon


On-premises of cloud

ON-PREM SAAS

CHOICE

SaaS Milestones

On-Premise Releases vRA 7.6 vRA 8.0

2019H1 H2

APR 2019 JULY 2019 JULY 2020

H22020

OCT 2019 JAN 2020 APR 2020

H1

vRA 8.x vRA 8….

MIGRATION FROM vRA 7.5, 7.6

MIGRATION FROM vRA 7.5, 7.6

OCT 2020

MIGRATION ASSESSMENT SERVICE

vMATechCon


Kubernetes-based virtual appliance

…PODS

K8s CLUSTER

…K8s Nodes (VMs)

v R e a l i z e A u t o m a t i o n 8

Virtual appliances common to all vRealize products

VMware vRealize Suite Lifecycle Manager

VMware Identity Manager

INGRESS CONTROLLER

vMATechCon


“Out of the box” catalogus

Windows Server 2016

MICROSOFT

Windows Server 2016 Datacenter Edition

VMDK

Redhat Enterprise Linux 7IBM

Redhat Enterprise Linux 7

VMDK

Ubuntu Bionic Linux

CANONICAL

Ubuntu Bionic Linux (18.04 LTS)

VMDK

SUSE Linux Enterprise Server 15

SUSE


VMDK

REQUEST REQUESTREQUESTREQUEST

NSX Network

VMWARE

Create a network in SDDC

CLOUD ASSEMBLY

NSX Load balancer

VMWARE

Redhat Enterprise Linux 7

CLOUD ASSEMBLY

NSX Security group

VMWARE

Ubuntu Bionic Linux (18.04 LTS)

CLOUD ASSEMBLY

Serverless app model

AWS


AWS CFT

REQUEST REQUESTREQUESTREQUEST

Cloud Assembly Blueprints

NSX Networking, Security Admin constructs

AWS CloudFormation templates

vRO workflows (XaaS)

ABX Actions (XaaS)

vMATechCon


vRA - Organization & Projects

VCPP / VMC

PUBLIC CLOUD

SDDC (VCF)

EDGE

Project Admin

Project Users

PROJECTS

ORGANIZATION

Cloud Admin

Content sharing

Namingpolicy

Lease policy

Taggingpolicy

POLICIES & GOVERNANCE

CONTENT

Blueprints Images Configuration

PROVISIONED RESOURCES

CLOUD ZONES & PROFILES

D E P L O Y M E N T S

Datacenter / Cluster

Region / AZ Cloud region

GOVERN

ACCESS

Approval policy

Resourcepolicy

*

Cloud zones are dynamically determined. Infra profiles provide abstraction

Deployments are associated with projects

Deployment enable lifecycle & day 2 actions

Blueprints are in the context of a project

MANAGE

BUILD

* Roadmap

Entitlement

vMATechCon


Tenant

PRJ1 PRJ2

2. SET UP PROJECTS

1. SET UP CLOUD ACCOUNTS, ZONES & PROFILES

Private Cloud (VCF)

Public cloud

VMware partners (VMC)

Versioned Blueprints

Blueprints & images from VMware Marketplace

4. START WITH A BLUEPRINT FROM MARKETPLACE

5. BUILD YOUR BLUEPRINT USING RICH LIBRARY OF SERVICES

3. IMPORT EXISTING AWS/AZURE/VSPHERE WORKLOADS

7. ITERATE

6. DEPLOY BLUEPRINTS WITH POLICIES & AUTOMATIC MONITORING

Cloud Assembly

vMATechCon


Architectuur Overview

vRealize Automation Cloud | Cloud Assembly | Service Broker | Code Stream

vSphere NSX-T Ansible

Cloud Proxy

vRO

GitHub

on-premises

public cloud

vMATechCon


Introductie NSX-T

vMATechCon


Your Network is Everywhere, In Software, for the AppEDGE

CLOUD

DATA CENTER

ENTERPRISE INNOVATION IS DEMANDING AN INCLUSIVE APPROACH TO NETWORKING, SECURITY, AUTOMATION

SaaS

PaaS IaaS

vMATechCon


NSX Key Highlights

Virtual Cloud Network

Vis

ion

SecurityMicro-segmentation

Multi-cloud NetworkingConsistent Policy, Disaster Recovery,

Workload Mobility

AutomationIT Automation, Cloud-native

Automation, Streamline Operations

Cloud-nativeContainer Networking, Micro-seg’ for Microservices, End-to-End Visibility

WAN and BranchBranch Transformation, WAN

Management, Optimize Cloud Access

Solu

tion

NSX SD-WANNSX Data Center NSX Cloud NSX Hybrid Connect

VMware AppDefense

Pro

duc

t

vMATechCon


NSX-T Datacenter Components

Data Plane

ESXi hostN-VDS

KVM hostN-VDS

NSX EdgeBare MetalServer

NSX

LinuxVMNSX

WindowsVMNSX

NSXCloudGW NAT

Private Cloud

Public CloudVMware Cloud on AWS

Management / Control Plane

VMs Containers

NSX Manager Cluster

GUI/REST/CMP

Cloud Service Manager

NSX Container Plugin

vCenter(s)

vMATechCon


Types of data plane components, referred to as transport nodes, include:• Hypervisor transport nodes:

- Act as forwarding plane for VM traffic- Provide support for ESXi and KVM

hypervisors

• Bare metal transport nodes: Include Linux-based workloads running on bare metal servers without an hypervisor

• NSX Edge cluster:- Contains edge transport nodes (VM or bare metal)- Provides stateful and gateway services

Transport node versus Edge transport node

vMATechCon


N-VDSEvery Transport Node includes:

• Local Control Plane (LCP) agent• Management Plane Agent (MPA)

Local NSX Virtual Distributed Switch (N-VDS), component for data plane forwarding

• Switching, Routing, Distributed Firewall• Overlay encapsulation/decapsulation

N-VDS is based on:• ESXi vSwitch for ESXi• Open vSwitch (OVS) for KVM

ESXi host can be added as Standalone Host or vCenter Server managed.

Add KVM hosts as standalone host only.

NSX Controller Cluster

ESXi TN

Transport Nodes

NSX Manager Cluster

LCPMPA

N-VDS

ESXi vSwitch

KVM TN

LCPMPA

N-VDSOpen vSwitch

NSX Agent

vMATechCon


NSX Multi Tier Routing

• Tenant Isolation• Separate control for Infra and Tenant

admin• Eliminates dependency on physical

infrastructure when a new tenant is provisioned

• Role- Connects to physical infra• Manual Management

Tier-0 Logical Router

Benefit

Tier-0Logical Router

Physical Router



Tier-1 Logical Router• Role- Per tenant first hop router• Cloud Management Platform (CMP) driven

ManagementRouterLink

(100.64.0.0/31)

Uplink

Downlink

Tenant-1 Tenant-2

vMATechCon


Architectuur vRAC/NSX-T

vMATechCon


Architectuur Overview

vRealize Automation Cloud | Cloud Assembly | Service Broker | Code Stream

vSphere NSX-T Ansible

Cloud Proxy

GitHub

on-premises

public cloud

vMATechCon


Provide resources

Cloud Account

Storage

Compute

Cloud Account

vSphere

Machines

VolumesNSX-T

Networks

vMATechCon


Tags versus Constraints

• Tags are written back to provisioned resources whenthey are created in the cloud infrastructure and containkey/value pairs. These commonly include:• Technical Tags (Name, App ID, App Role, Cluster,

Env, Version)• Business Tags (Owner, Cost Center, BU, Customer,

Project)• Security (confidentiality, Compliance)

• Constraint tags identify how placement should beselected for provisioning.

These commonly include:• Env (Prod, Test, Dev),• Storage (Gold, Silver, Bronze, PCI, SSD),• Network type (dmz, dhcp, internal, public)

vMATechCon


Cloud Zones

vMATechCon


ProjectsJoining point of users/groups toresource consumption:• Cloud Zones• Blueprints• Kubernetes (PKS)

Governance and User Access Construct

Project level costingvisibility

vMATechCon


Create a project

Project

Users

Cloud Zone(instance limit)

Custom Properties

Custom Naming

Blueprint DeploymentDeployment

Deployment

vMATechCon


vRealize Automation & NSX-T

De combinatie vRA en NSX-T biedt:• Consumptie van NSX-T (L2) segmenten;• Deployment van routed netwerken;• Deployment van NAT netwerken;• Deployment van Load Balancers;• Integratie met NSX-T security groups;• Deployment van security groups.

vMATechCon


Network Profile & Cloud.NSX.Network

Property Type

name string

constraints array

constraints.tag string

description string

networkCidr string

networkType string

id string

domain string

gateway string

dns array

netmask string

dnsSearchDomains string

ExistingPublicPrivateOutboundRouted

vMATechCon


Cloud.NSX.LoadBalancerProperty Type

name string

routes array

routes.port array

routes.protocol string

routes.instancePort string

routes.instanceProtocol string

routes.healthCheckConfiguration object

routes.healthCheckConfiguration.port string

routes.healthCheckConfiguration.urlPath string

routes.healthCheckConfiguration.protocol string

routes.healthCheckConfiguration.timeoutSeconds integer

routes.healthCheckConfiguration.intervalSeconds integer

routes.healthCheckConfiguration.healthyThreshold integer

routes.healthCheckConfiguration.unhealthyThreshold integer

network string

instances array

internetFacing boolean

id string

vMATechCon


Network Architecture

192.168.178.0/24.1

LAN

Internet

TIER0-01

172.16.210.0/24

.2

BGP AS 65010

.1 BGP AS 65000

EdgeRouter

vMATechCon


Existing Network

192.168.178.0/24.1

LAN

Internet

Existing01

DHCP

192.168.210.0/24

TIER0-01

172.16.210.0/24

.2

BGP AS 65010

.1 BGP AS 65000

EdgeRouter

vMATechCon


Existing Network

vMATechCon


Existing Network “App Secure”

vMATechCon


Existing Network “App Secure”

vMATechCon


Routed Network

vMATechCon


Routed Network

vMATechCon


Routed Network w/ Micro Segmentation

192.168.178.0/24.1

LAN

Internet

TIER1-01

100.64.x.y/31 routerlink

.1

.0

routed01172.16.212.0/28

TIER0-01

172.16.210.0/24

.2

BGP AS 65010

.1 BGP AS 65000

EdgeRouter

vMATechCon



192.168.178.0/24.1

LAN

Internet

TIER1-01


.1

.0

routed01172.16.212.0/28

TIER0-01

172.16.210.0/24

.2

BGP AS 65010

.1 BGP AS 65000

EdgeRouter

vMATechCon



192.168.178.0/24.1

LAN

Internet

TIER1-01


.1

.0

routed01172.16.212.0/28

TIER0-01

172.16.210.0/24

.2

BGP AS 65010

.1 BGP AS 65000

EdgeRouter

vMATechCon


Load Balancer

vMATechCon


Load Balancer

vMATechCon


Samenvattend

• vRealize Automation Cloud • NSX-T• Architectuur van vRAC / NSX-T• Demo time!

• https://github.com/viktoriousss/CloudAssembly

https://github.com/viktoriousss/CloudAssembly

vMATechCon


Experience day - vRealize Automation (Cloud)

• One day event, medio Nov/Dec

• VMware Utrecht

• 10-12 attendees per session

• Interested?• Contact Dimitri / Erik• [email protected] / [email protected]

mailto:[email protected]

mailto:[email protected]

vMATechCon


Documents

VMware Management & Automation TechCon - Stefan Verhoef& … › wp-content › uploads › 2019 › 10 › v... · 2019-10-03 · VMware partners (VMC) Versioned Blueprints Blueprints