The journey to cloud computing

Jan Tiri, CISSP - Systems Engineer, VMware Inc.

2011 VMware Inc. All rights reserved

2010 Milestone: Virtualization is Now De Facto Model

VM Cross Over
17,500,000

Physical Servers

15,000,000

Virtual machines

12,500,000

10,000,000

7,500,000

5,000,000

2,500,000

2005

2006

2007

2008

2009

2010

2011

2012

2013

We are past a virtual tipping point!

Source: IDC
2

The Rise of a New Era in IT

Cloud
Web

PC / Client-Server
Mainframe

Cloud Computing will transform the delivery of IT services

3

Virtualization & Cloud Management: VMware Approach

End-User Computing Management

End User Computing

Provision & deploy desktops rapidly Manage workstation images simply Deliver virtualized applications to desktop

IT Business Management
Application Management Encapsulate applications into containers with vApps
Cloud Applications

Assure application portability & performance Establish service contracts with infrastructure

Govern cloud provisioning processes Track cloud software license usage Standardize cloud partitions

Infrastructure & Operations Management

Public/Private/Hybrid Cloud Virtualized Infrastructure

Create a zero-touch, compliant infrastructure Build automation into platform Deliver self-service through policy-driven control

VMware Cloud Director vSphere

VMware Management Solutions

vApp the virtual application

APP
Business apps consist of multiple
VMs and form a vAPP

vAPPs are treated as the

management container

vAPP

The application portability is the key

INFO

VM

+
Description of VM properties

OVF VM

Virtual Machine

OVF Virtual Machine

The Open Virtualization Format (OVF) is an industries standard, to ensure cross platform VM portability
6

Abstraction + Pooling = Reduced Complexity

Traditional View Exchange
Operating System
Virtualization

Virtual Infrastructure

File/Print
Operating System
Virtualization

Virtual Infrastructure

OS

OS

CPU Pool Memory Pool

SAP ERP
Operating System
Virtualization

Oracle CRM
Operating System
Virtualization

Storage Pool

OS

OS

Interconnect Pool

Abstraction + Pooling = Reduced Complexity

Exchange
Operating System

File/Print
Operating System

Virtual Infrastructure

CPU Pool Memory Pool

Data Protection Security Failure Protection Site Evacuation

SAP ERP
Operating System

Oracle CRM
Operating System

Storage Pool

Interconnect Pool

Changing the way services are added

Core App

Availability Core App

Data Protection

Operating System
Application Owners IT Department

Virtualization

Availability services

Dynamic Computing Vmotion

HyperVisor HyperVisor

Greater Availability HA (High Availability)

10

Availability services

Vmotion stateful (live) migration of VMs

virtual data center

DRS automated migration (load balancing)

+ intelligent auto-placement of new VMs

VM

Storage Vmotion stateful migration of vms storage - i/o, maintenance, new storage
11

Availability services

Fault Tolerance
HA still available for lower tier apps

virtual data center

Identify VMs you want for fault tolerance and start the service

A shadow VM is created and takes over if host failure occurs

12

Availability services

X
virtual data center
13

virtual data center

Storage Replication

Data Protection Services

No Backup Agents in OS

Backup / Restore functionality

VMware ESX / ESXi

14

Changing the way services are added

Core App

Operating System
Application Owners
Availability

Data Protection

Security

IT Department

Virtualization

15

Traditional vs vShield
SECURITY SECURITY SECURITY

Host based Security

APP DATA

APP DATA

APP

DATA

OS

OS

OS

Introspect Processor, Memory, Network, File Access

VMware vSphere + vShield

Network based Security

16

Leveraging Virtualization for Better-than-Physical Security

Issues
AV storms can cause 100%
saturation in shared compute (CPU) and SAN/NAS (storage I/O) environments
SVM VM VM VM

Traditional agents are resource

intensive - not optimized for high utilization, efficient clouds Up to 6 GB on VMware View desktops

APP
AV

APP OS
Kernel

APP OS
Kernel

OS
Hardened

OS
Kernel

BIOS

BIOS

BIOS

Opportunities
Leverage hypervisor to offload AV
functions from agents into a dedicated security VM

Introspection

VMware vSphere

Deploy security in a more agile,

service-driven manner to both private and public cloud environments

17

Efficient resource consumption

Scan server approach means

no agent footprint less memory and management
overhead

Lower CPU and IO load

18

VMware vShield App

Application Protection for Network Based Threats

Hypervisor-level firewall Inbound, outbound connection control applied at vNIC level Elastic security groups - stretch as virtual machines migrate to new hosts Robust flow monitoring Policy Management Simple and business-relevant policies Managed through UI or REST APIs Logging and auditing based on industry standard syslog format
19

Automated Cloud VDC Perimeter Security with vShield Edge

APP APP DMZ

DMZ

DB

DB

Production VDC
vShield Edge vShield Edge

Development VDC

Virtual Distributed Switch vSphere vSphere vSphere vSphere

INTERNET

20

vShield Portfolio overview

Securing the Private Cloud End to End: from the Edge to the Endpoint
vShield Edge
Edge

vShield App and Zones

Security Zone

vShield Endpoint
Endpoint = VM

Secure the edge of the virtual datacenter

Create segmentation between enclaves or silos of workloads

Offload anti-virus processing

vShield Manager
Endpoint = VM
DMZ Application 1 Application 2

Centralized Management

21

Changing the way services are added

Core App

Operating System
Application Owners
Flexible Size
Availability

Data Protection

Security

IT Department

Virtualization

22

Flexible Resources

Hot Add
CPU Memory Disk Networking
VMware ESXi & ESX

23

Flexible and Controlled Resources

Resource Pools

CPU Control

Memory Control

Storage IO Control

Network IO Control

24

The Hybrid Cloud

Private Cloud

VMware = Enterprise Hybrid Cloud

Public Cloud Service Provider

25

Cross cloud management makes hybrid cloud real

vCloud Connector Connect, visualize and operate on multiple clouds

Visualize resources across hybrid

clouds inside the vSphere Client
See VMs, vApps and templates across
vSphere and private and public vClouds

Delivered as a vSphere Client Plugin

Copy & operate on resources

across clouds
Copy resources between vSphere and
vClouds

Perform power operations on workloads

Access console of vApps running in
vClouds

Deliver enterprise level security

Data managed by onsite server Security scope set by vSphere Client
26

VMware Solutions for IT as a Service

Secure Private Cloud

vCloud Powered Public Clouds

Independent Public Clouds

End-User Computing
View Thin App Zimbra SaaS Applications
Other SaaS Providers

Application Access

Cloud Application Platform

Spring vFabric vFabric Hyperic

vmForce
Oher PaaS Partners

Google App Engine

Other cloud infrastructure providers

Application Portability

Cloud Infrastructure and Management

vCenter vShield vCloud Director

vCloud Datacenter vCloud Express

Application Mobility VMware vSphere: Foundation for Cloud Computing

27

vSphere 4.1 Editions Enterprise/Commercial

I/O Control

= New feature with 4.1 release = Existing feature moving down edition = Edition specific feature = Carry-over feature
vAAI Multipathing* DRS / DPM Storage VMotion vSPC vShield Zones Data Recovery vSPC vShield Zones Data Recovery

vAAI Host Profiles Distributed Switch* Multipathing* DRS / DPM Storage VMotion vSPC vShield Zones Data Recovery

Fault Tolerance
Hot Add High Availability VMotion Thin Provisioning High Availability VMotion Thin Provisioning

Fault Tolerance
Hot Add devices High Availability VMotion Thin Provisioning

Fault Tolerance
Hot Add devices High Availability VMotion Thin Provisioning

Update Manager
VCB / vStorage APIs VC Agent 4-way vSMP
6 Physical Cores / CPU 256 GB Physical Memory

Update Manager
VCB / vStorage APIs VC Agent 4-way vSMP
12 Physical Cores / CPU 256 GB Physical Memory

Update Manager
VCB / vStorage APIs VC Agent 4-way vSMP
6 Physical Cores / CPU 256 GB Physical Memory

Update Manager
VCB / vStorage APIs VC Agent 8-way vSMP
12 Physical Cores / CPU No License Memory Limit

STANDARD
28

ADVANCED

ENTERPRISE

ENTERPRISE +

vSphere 4.1 Editions SMB

= New feature with 4.1 release = Existing feature moving down edition = Edition specific feature = Carry-over feature

VMotion Data Recovery High Availability Thin Provisioning Update Manager VCB / vStorage APIs Converter vSphere Client Single Server ESXi HYPERVISOR VC Agent 4-way vSMP Thin Provisioning Update Manager VCB / vStorage APIs VC Agent 4-way vSMP

3 Hosts/ 6 Procs 6 physical cores

ESSENTIALS

3 Hosts / 6 Procs 6 physical cores ESSENTIALS PLUS

29