As a fan of virtualization technology, the annual vmworld Conference has to be concerned, because at the annual vmworld conference, VMWare will launch many very promising virtualization products. This year is also the case, at the vmworld August 30 conference in 2010, VMWare officially released vcloud ctor, a management product for building an enterprise's internal cloud computing center. This product can effectively improve the O & M methods of the entire IT department, this article will introduce it to the business-centric model, that is, "it as a service.
Introduction
Vcloud Director (Director) is based on Vmware vsphere virtualization capabilities and extends the resource pool feature of VMware vcenter to enable it departments to create virtual data centers (VDCs) it is a resource pool composed of computing, network, and storage resources, as well as predefined management policies, service level agreements, and pricing mechanisms, it also provides users with VDC-based computing resources and can deploy applications on them. In terms of user experience, unlike VMware vcenter, which is also a management software, director does not select traditional clients on the user interface, but Web UI Based on Adobe Flex Ria technology, with this web UI, users can create and manage the cloud by clicking the mouse or entering a small amount of keyboard, network settings, application deployment, and other time-consuming and tedious operations. It is also based on the open ovf protocol and provides vcloud APIs using rest technology.
In addition to the basic features mentioned above, ctor also integrates the latest VMware vcenter chargeback version 1.5 for billing of computing resources. In terms of security, Director also integrates VMware vshield technology to enhance the security of the cloud computing center. In addition, VMWare has launched the VMware vcloud data center service related to ctor. With this service, Director users can leverage the extensive ecosystem of VMware technical partners and service providers, by introducing secure and compatible public clouds, you can expand data center capabilities and manage public clouds as easily as you manage private clouds. With this hybrid model, users can gain the benefits of cloud computing without reducing security or control, and provide comprehensive support for critical enterprise compliance and security.
Figure 1. Architecture of vcloud ctor
Create VDC and organization
Since either a private cloud or a public cloud, they are likely to face various types of customers or diverse scenarios, therefore, vcloud ctor does not allocate all IT resources to one cloud or user, but is designed to support resource isolation and multi-tenant mechanisms. For this purpose, vcloud Director introduces two core concepts: one is the previously mentioned VDC used to isolate resources, and the other is used to support multi-tenant organization )".
VDC is a set of computing and storage resources for cloud computing. In terms of usage, the Administrator first adds some vcenter servers to ctor, in this way, the computing resources managed by these vcenter servers can be published and combined into a huge resource pool. Then, the administrator can create a VDC, and add some or all computing and storage resources in the resource pool to the newly created VDC according to your own ideas or rules. For example, the administrator can follow the performance, allocate computing and storage resources with excellent performance to the VDC named "tier1", and classify those hardware resources that are very poor in performance into a VDC named "tier2. At the same time, the administrator can set cost and SLA parameters for each VDC.
The Administrator combines multiple user groups into the same organization through rules (Policies). For example, all employees belonging to the financial department are classified into the financial department, in addition, each organization has its own exclusive virtual resources and directories (Catalog), an independent LDAP authentication system, and specific rule management. Through the organization feature, multiple organizations can share the same infrastructure, and Director generates different URLs for each organization to log on to each organization, administrators can create users and groups of their subordinates, and set parameters such as lease, quota, and limit for each organization. In addition, users in the Organization can perform authentication in three ways: one is to use the Director local database, and the other is to use the Active Directory or LDAP server that matches the Director; the third is to use the organization-specific Active Directory or LDAP server.
Next, we will introduce the relationship between the VDC and the Organization. First, the VDC is divided into two categories by scale: provider level and organization level. In use, the Administrator first creates multiple provider VDC, such as gold VDC and silver VDC in. Then, the Administrator creates a new organization VDC for the organization based on the provider VDC, for example, org 1 gold VDC in. At the same time, it should be noted that a organization VDC can be as large as its provider VDC, and an organization can have multiple organization VDC.
Figure 2. Relationship between VDC and organization
In addition, provider VDC can be created on it in three ways: one is to use it on demand, only when you deploy a virtual machine on organization VDC, it will consume the resources of the relevant provider VDC. The second is the reservation pool mechanism. When the Organization VDC is created, the provider VDC will allocate certain resources, the organization controls advanced resource management configurations such as shared values and reservations. The third is the allocation pool mechanism, this mechanism is the same as the previous reserved pool mechanism. provider VDC allocates certain resources to organization VDC, however, advanced resource management configurations such as shared and reserved values are set by the administrator of provider VDC.
Network Design
In terms of network, ctor has two main mechanisms: the external network mechanism and the network pools mechanism.
In director, the external network mechanism provides the deployed virtual machines with the ability to link networks outside the organization (including networks or the Internet belonging to other organizations) to the deployed virtual machines, an external network is a portgroup used to transmit external virtual machine traffic. This portgroup isolates the network by using a VLAN tag. In terms of usage, the Administrator will first create an external network. The parameters that need to be filled in include the subnet mask of the network, the default gateway, the preferred and alternative DNS addresses, the DNS prefix, and the static IP address pool, then, associate the external network with the relevant virtual machine.
A network pool is a series of isolated network segments of Layer 2. The network pool is the cornerstone for creating an organization and a virtual machine network. It is mainly used for communication between virtual machines in an organization, it also ensures that the network can be automatically used and deployed in the cloud. In terms of usage, each time a user deploys a virtual machine, it consumes an IP address of the corresponding network pool. In terms of implementation, the network pool is mainly supported by three technologies: VLAN-based, and Director dire's network isolation technology vcdni (VMware vcloud ctor network isolation technology ); the third is to use portgroup.
Directory management
In director, a directory is mainly used to store containers of various resources. A directory belongs to an organization and is created by the administrator of the Organization, you can also set the sharing settings for this directory as needed. Vapp is a virtual device based on the ovf format. You can deploy a vapp to quickly build an application that contains multiple virtual machines; the second is some images and media such as ISO and floppy, which can be used to install the operating system on the virtual machine or transmit data to the virtual machine.
Security
In terms of security, traditional enterprise security relies on proxies, dedicated hardware, and hardware-related vulnerable configurations. Because the cloud environment has dynamic characteristics, applications and services can be moved everywhere and adopt a shared infrastructure, it is necessary to adopt a new security model. Therefore, ctor integrates vshield security technology specifically for the virtual environment and cloud environment, and three new products were launched at vmworld this year, including VMWare vshield edge, VMWare vshield app, and VMWare vshield endpoint, which can Virtualize security and edge services including firewalls, virtual private network (VPN), and Server Load balancer, it frees them from the limitations of physical infrastructure and provides a single, adaptive, and programmable security infrastructure. This helps solve problems such as the complexity of traditional models and the lack of flexibility to provide IT teams with better visibility and control. If used together with Vmware Partner solutions, VMWare vshield will be able to provide a more secure VMware virtualization environment and cloud environment than the traditional physical deployment mode, with only a small portion of the cost.
Billing
In terms of billing, Director did not re-invent the wheel, but used the latest version of VMware vcenter chargeback. First, we will introduce chargeback, which is mainly used for accurate cost calculation, analysis, and reporting to achieve cost transparency and responsibility implementation, this allows you to map it costs with business units, cost centers, or external customers to better understand the resource costs, this not only allows the business owner and IT staff to understand the actual virtual infrastructure costs required to support business services, but also the ways in which resource utilization can be optimized, to reduce overall IT infrastructure spending. In addition, the integration with chargeback enables director to charge the usage of various cloud resources, such as storage resources, network resources, and resources consumed by vshield services, in addition, different reports can be generated for different organizations.
VMware vcloud Data Center Service
First, although public cloud services provide an alternative solution to deliver computing power in a self-help, pay-as-you-go model, however, many unfavorable factors still limit the widespread adoption of public cloud services within the enterprise, such as security issues, uncertain service level agreements, lack of regulatory compliance, and concerns about vendor lock. VMware vcloud data center services provide a new way for enterprises to extend their data centers to external clouds while maintaining security, regulatory compliance, and service quality. VMware vcloud data center services are provided by several world-leading service providers, including Bluelock, Colt, SingTel, terremark, and Verizon. It adopts a globally unified infrastructure and management and security model, enables enterprise customers to migrate workloads between their internal virtualized infrastructure and external clouds.
Second, in terms of compliance and security, VMware vcloud Data Center Service delivers vmware-certified compatibility, portability, auditable security control, SAS-70-Type-II or ISO-27001 certifications, stateful firewall and two-layer network-isolated virtual application security, based role access control and LDAP directory verification.
In general, director is a basic IAAs cloud by integrating multiple vcenter server-based resource pools. Although director does not support the same functions as professional IAAs Clouds such as Amazon EC2, director does not support security and billing, coupled with the unified architecture of VMware's original virtualization software in the enterprise data center, we can foresee that this product is very suitable for enterprise users who have already invested in VMware technology and want to experience the superiority of cloud computing. Also, through the introduction of Director, we should be able to have a deep understanding of the basic structure of an IAAs cloud.
References:
- VMware vcloud director. http://www.vmware.com/products/vcloud-director/
- VMware vcloud ctor evaluator's Guide. http://www.vmware.com/resources/techresources/10140
- VMware vcloud Director admin guide. http://www.vmware.com/pdf/vcd_10_admin_guide.pdf
- VMware expands cloud infrastructure strategy to drive it as a service-http://product.ccidnet.com/art/18767/20100903/2176135_1.html
- VMware vcloud datacenter service. http://www.vmware.com/solutions/cloud-computing/public-cloud/vcloud-datacenter-services.html
- VMware vcenter chargeback 1.5 release notes. http://www.vmware.com/support/vcbm/doc/vcbm_1_5_release_notes.html
- Catalogs in VMware vcloud director. http://kb.vmware.com/selfservice/microsites/search.do? Language = en_us & cmd = displaykc & externalid = 1026324