Google Cloud Archives - Page 4 of 5

Application Modernization and Multi-Cloud Portability with VMware Tanzu

Mar 22, 2021 | AWS, Azure, Carbon Black, Cloud Native Apps, Edge Computing, ESXi, Google Cloud, HCX, Networking, NSX, project pacific, Tanzu, VMC, VMware Cloud, VMware Cloud Foundation, vSAN, vSphere

It was 2019 when VMware announced Tanzu and Project Pacific. A lot has happened since then and almost everyone is talking about application modernization nowadays. With my strong IT infrastructure background, I had to learn a lot of new things to survive initial conversations with application owners, developers and software architects. And in the same time VMware’s Kubernetes offering grew and became very complex – not only for customers, but for everyone I believe. 🙂

I already wrote about VMware’s vision with Tanzu: To put a consistent “Kubernetes grid” over any cloud

This is the simple message and value hidden behind the much larger topics when discussing application modernization and application/data portability across clouds.

The goal of this article is to give you a better understanding about the real value of VMware Tanzu and to explain that it’s less about Kubernetes and the Kubernetes integration with vSphere.

Application Modernization

Before we can talk about the modernization of applications or the different migration approaches like:

Retain – Optimize and retain existing apps, as-is
Rehost/Migration (lift & shift) – Move an application to the public cloud without making any changes
Replatform (lift and reshape) – Put apps in containers and run in Kubernetes. Move apps to the public cloud
Rebuild and Refactor – Rewrite apps using cloud native technologies
Retire – Retire traditional apps and convert to new SaaS apps

…we need to have a look at the palette of our applications:

Web Apps – Apache Tomcat, Nginx, Java
SQL Databases – MySQL, Oracle DB, PostgreSQL
NoSQL Databases – MongoDB, Cassandra, Prometheus, Couchbase, Redis
Big Data – Splunk, Elasticsearch, ELK stack, Greenplum, Kafka, Hadoop

In an app modernization discussion, we very quickly start to classify applications as microservices or monoliths. From an infrastructure point of view you look at apps differently and call them “stateless” (web apps) or “stateful” (SQL, NoSQL, Big Data) apps.

And with Kubernetes we are trying to overcome the challenges, which come with the stateful applications related to app modernization:

What does modernization really mean?
How do I define “modernization”?
What is the benefit by modernizing applications?
What are the tools? What are my options?

What has changed? Why is everyone talking about modernization? Why are we talking so much about Kubernetes and cloud native? Why now?

To understand the benefits (and challenges) of app modernization, we can start looking at the definition from IBM for a “modern app”:

“Application modernization is the process of taking existing legacy applications and modernizing their platform infrastructure, internal architecture, and/or features. Much of the discussion around application modernization today is focused on monolithic, on-premises applications—typically updated and maintained using waterfall development processes—and how those applications can be brought into cloud architecture and release patterns, namely microservices“

Modern applications are collections of microservices, which are light, fault tolerant and small. Microservices can run in containers deployed on a private or public cloud.

Which means, that a modern application is something that can adapt to any environment and perform equally well.

Note: App modernization can also mean, that you must move your application from .NET Framework to .NET Core.

I have a customer, that is just getting started with the app modernization topic and has hundreds of Windows applications based on the .NET Framework. Porting an existing .NET app to .NET Core requires some work, but is the general recommendation for the future. This would also give you the option to run your .NET Core apps on Windows, Linux and macOS (and not only on Windows).

A modern application is something than can run on bare-metal, VMs, public cloud and containers, and that easily integrates with any component of your infrastructure. It must be something, that is elastic. Something, that can grow and shrink depending on the load and usage. Since it is something that needs to be able to adapt, it must be agile and therefore portable.

Cloud Native Architectures and Modern Designs

If I ask my VMware colleagues from our so-called MAPBU (Modern Application Platform Business Unit) how customers can achieve application portability, the answer is always: “Cloud Native!”

Many organizations and people see cloud native as going to Kubernetes. But cloud native is so much more than the provisioning and orchestration of containers with Kubernetes. It’s a about collaboration, DevOps, internal processes and supply chains, observability/self-healing, continuous delivery/deployment and cloud infrastructure.

There are so many definitions around “cloud native”, that Kamal Arora from Amazon Web Services and others wrote the book “Cloud Native Architecture“, which describes a maturity model. This model helps you to understand, that cloud native is more a journey than only restrictive definition.

Cloud Native Maturity Model

The adoption of cloud services and applying an application-centric design are very important, but the book also mentions that security and scalability rely on automation. And this for example could bring the requirement for Infrastructure as Code (IaC).

In the past, virtualization – moving from bare-metal to vSphere – didn’t force organizations to modernize their applications. The application didn’t need to change and VMware abstracted and emulated the bare-metal server. So, the transition (P2V) of an application was very smooth and not complicated.

And this is what has changed today. We have new architectures, new technologies and new clouds running with different technology stacks. We have Kubernetes as framework, which requires applications to be redesigned for these platforms.

That is the reason why enterprises have to modernize their applications.

One of the “five R’s” mentioned above is the lift and shift approach. If you don’t want or need to modernize some of your applications, but move to the public cloud in an easy, fast and cost efficient way, have a look at VMware’ hybrid cloud extension (HCX).

In this article I focus more on the replatform and refactor approaches in a multi-cloud world.

Kubernetize and productize your applications

Assuming that you also define Kubernetes as the standard to orchestrate your containers where your microservices are running in, usually the next decision would be about the Kubernetes “product” (on-prem, OpenShift, public cloud).

Looking at the current CNCF Cloud Native Landscape, we can count over 50 storage vendors and over 20 networks vendors providing cloud native storage and networking solutions for containers and Kubernetes.

Talking to my customers, most of them mention the storage and network integration as one of their big challenges with Kubernetes. Their concern is about performance, resiliency, different storage and network patterns, automation, data protection/replication, scalability and cloud portability.

Why do organizations need portability?

There are many use cases and requirements that portability (infrastructure independence) becomes relevant. Maybe it’s about a hardware refresh or data center evacuation, to avoid vendor/cloud lock-in, not enough performance with the current infrastructure or it could be about dev/test environments, where resources are deployed and consumed on-demand.

Multi-Cloud Application Portability with VMware Tanzu

To explore the value of Tanzu, I would like to start by setting the scene with the following customer use case:

On-premises: VMware vSphere infrastructure, no containerization yet, only legacy applications
Azure: Using Azure Kubernetes Service (AKS) and Azure Native Services
AWS: Using Amazon Elastic Kubernetes Services (EKS) and AWS Native Services

In this case the customer is following a cloud-appropriate approach to define which cloud is the right landing zone for their applications. They decided to develop new applications in the public cloud and use the native services from Azure and AWS. The customers still has hundreds of legacy applications (monoliths) on-premises and didn’t decide yet, if they want to follow a “lift and shift and then modernize” approach to migrate a number applications to the public cloud.

Multi-Cloud App Portability

But some of their application owners already gave the feedback, that their applications are not allowed to be hosted in the public cloud, have to stay on-premises and need to be modernized locally.

At the same time the IT architecture team receives the feedback from other application owners, that the journey to the public cloud is great on paper, but brings huge operational challenges with it. So, IT operations asks the architecture team if they can do something about that problem.

Both cloud operations for Azure and AWS teams deliver a different quality of their services, changes and deployments take longer with one of their public clouds, they have problems with overlapping networks, different storage performance characteristics and APIs.

Another challenge is the role-based access to the different clouds, Kubernetes clusters and APIs. There is no central log aggregation and no observability (intelligent monitoring & alerting). Traffic distribution and load balancing are also other items on this list.

Because of the feedback from operations to architecture, IT engineering received the task to define a multi-cloud strategy, that solves this operational complexity.

Notes: These are the regular multi-cloud challenges, where clouds are the new silos and enterprises have different teams with different expertise using different management and security tools.

This is the time when VMware’s multi-cloud approach Tanzu become very interesting for such customers.

Consistent Infrastructure and Management

The first discussion point here would be the infrastructure. It’s important, that the different private and public clouds are not handled and seen as silos. VMware’s approach is to connect all the clouds with the same underlying technology stack based on VMware Cloud Foundation.

Beside the fact, that lift and shift migrations would be very easy now, this approach brings two very important advantages for the containerized workloads and the cloud infrastructure in general. It solves the challenge with the huge storage and networking ecosystem available for Kubernetes workloads by using vSAN and NSX Data Center in any of the existing clouds. Storage and networking and security are now integrated and consistent.

For existing workloads running natively in public clouds, customers can use NSX Cloud, which uses the same management plane and control plane as NSX Data Center. That’s another major step forward.

Using consistent infrastructure enables customers for consistent operations and automation.

Consistent Application Platform and Developer Experience

Looking at organization’s application and container platforms, achieving consistent infrastructure is not required, but obviously very helpful in terms of operational and cost efficiency.

To provide a consistent developer experience and to abstract the underlying application or Kubernetes platform, you would follow the same VMware approach as always: to put a layer on top.

Here the solution is called Tanzu Kubernetes Grid (TKG), that provides a consistent, upstream-compatible implementation of Kubernetes, that is tested, signed and supported by VMware.

A Tanzu Kubernetes cluster is an opinionated installation of Kubernetes open-source software that is built and supported by VMware. In all the offerings, you provision and use Tanzu Kubernetes clusters in a declarative manner that is familiar to Kubernetes operators and developers. The different Tanzu Kubernetes Grid offerings provision and manage Tanzu Kubernetes clusters on different platforms, in ways that are designed to be as similar as possible, but that are subtly different.

VMware Tanzu Kubernetes Grid (TKG aka TKGm)

Tanzu Kubernetes Grid can be deployed across software-defined datacenters (SDDC) and public cloud environments, including vSphere, Microsoft Azure, and Amazon EC2. I would assume, that the Google Cloud is a roadmap item.

TKG allows you to run Kubernetes with consistency and makes it available to your developers as a utility, just like the electricity grid. TKG provides the services such as networking, authentication, ingress control, and logging that a production Kubernetes environment requires.

This TKG version is also known as TKGm for “TKG multi-cloud”.

VMware Tanzu Kubernetes Grid Service (TKGS aka vSphere with Tanzu)

TKGS is the option vSphere admins want to hear about first, because it allows you to turn a vSphere cluster to a platform running Kubernetes workloads in dedicated resources pools. TKGS is the thing that was known as “Project Pacific” in the past.

Once enabled on a vSphere cluster, vSphere with Tanzu creates a Kubernetes control plane directly in the hypervisor layer. You can then run Kubernetes containers by deploying vSphere Pods, or you can create upstream Kubernetes clusters through the VMware Tanzu Kubernetes Grid Service and run your applications inside these clusters.

VMware Tanzu Mission Control (TMC)

In our use case before, we have AKS and EKS for running Kubernetes clusters in the public cloud.

The VMware solution for multi-cluster Kubernetes management across clouds is called Tanzu Mission Control, which is a centralized management platform for the consistency and security the IT engineering team was looking for.

Available through VMware Cloud Services as SaaS offering, TMC provides IT operators with a single control point to provide their developers self-service access to Kubernetes clusters.

TMC also provides cluster lifecycle management for TKG clusters across environment such as vSphere, AWS and Azure.

It allows you to bring the clusters you already have in the public clouds or other environments (with Rancher or OpenShift for example) under one roof via the attachment of conformant Kubernetes clusters.

Not only do you gain global visibility across clusters, teams and clouds, but you also get centralized authentication and authorization, consistent policy management and data protection functionalities.

VMware Tanzu Observability by Wavefront (TO)

Tanzu Observability extends the basic observability provided by TMC with enterprise-grade observability and analytics.

Wavefront by VMware helps Tanzu operators, DevOps teams, and developers get metrics-driven insights into the real-time performance of their custom code, Tanzu platform and its underlying components. Wavefront proactively detects and alerts on production issues and improves agility in code releases.

TO is also a SaaS-based platform, that can handle the high-scale requirements of cloud native applications.

VMware Tanzu Service Mesh (TSM)

Tanzu Service Mesh, formerly known as NSX Service Mesh, provides consistent connectivity and security for microservices across all clouds and Kubernetes clusters. TSM can be installed in TKG clusters and third-party Kubernetes-conformant clusters.

Organizations that are using or looking at the popular Calico cloud native networking option for their Kubernetes ecosystem often consider an integration with Istio (Service Mesh) to connect services and to secure the communication between these services.

The combination of Calico and Istio can be replaced by TSM, which is built on VMware NSX for networking and that uses an Istio data plane abstraction. This version of Istio is signed and supported by VMware and is the same as the upstream version. TSM brings enterprise-grade support for Istio and a simplified installation process.

One of the primary constructs of Tanzu Service Mesh is the concept of a Global Namespace (GNS). GNS allows developers using Tanzu Service Mesh, regardless of where they are, to connect application services without having to specify (or even know) any underlying infrastructure details, as all of that is done automatically. With the power of this abstraction, your application microservices can “live” anywhere, in any cloud, allowing you to make placement decisions based on application and organizational requirements—not infrastructure constraints.

Note: On the 18th of March 2021 VMware announced the acquisition of Mesh7 and the integration of Mesh7’s contextual API behavior security solution with Tanzu Service Mesh to simplify DevSecOps.

Tanzu Editions

The VMware Tanzu portfolio comes with three different editions: Basic, Standard, Advanced

Tanzu Basic enables the straightforward implementation of Kubernetes in vSphere so that vSphere admins can leverage familiar tools used for managing VMs when managing clusters = TKGS

Tanzu Standard provides multi-cloud support, enabling Kubernetes deployment across on-premises, public cloud, and edge environments. In addition, Tanzu Standard includes a centralized multi-cluster SaaS control plane for a more consistent and efficient operation of clusters across environments = TKGS + TKGm + TMC

Tanzu Advanced builds on Tanzu Standard to simplify and secure the container lifecycle, enabling teams to accelerate the delivery of modern apps at scale across clouds. It adds a comprehensive global control plane with observability and service mesh, consolidated Kubernetes ingress services, data services, container catalog, and automated container builds = TKG (TKGS & TKGm) + TMC + TO + TSM + MUCH MORE

Tanzu Data Services

Another topic to reduce dependencies and avoid vendor lock-in would be Tanzu Data Services – a separate part of the Tanzu portfolio with on-demand caching (Tanzu Gemfire), messaging (Tanzu RabbitMQ) and database software (Tanzu SQL & Tanzu Greenplum) products.

Bringing all together

As always, I’m trying to summarize and simplify things where needed and I hope it helped you to better understand the value and capabilities of VMware Tanzu.

There are so many more products available in the Tanzu portfolio, that help you to build, run, manage, connect and protect your applications. In case you are interested to read more about VMware Tanzu, the have a look at my article 10 Things You Didn’t Know About VMware Tanzu.

If you would like to know more about application and cloud transformation make sure to attend the 45 minute VMware event on March 31 (Americas) or April 1 (EMEA/APJ)!

Data Center as a Service based on VMware Cloud Foundation

Feb 16, 2021 | AWS, Azure, Cloud Native Apps, Edge Computing, ESXi, Google Cloud, HCX, IoT, NSX, Tanzu, VMware Cloud, VMware Cloud Foundation, vSAN, vSphere

IT organizations are looking for consistent operations, which is enabled by consistent infrastructure. Public cloud providers like AWS and Microsoft offer an extension of their cloud infrastructure and native services to the private cloud and edge, which is also known as Data Center as a Service.

Amazon Web Services (AWS) provides a fully managed service with AWS Outposts, that offers AWS infrastructure, AWS services, APIs and their tools to any data center or on-premises facility.

Microsoft has Azure Stack is even working on a new Azure Stack hybrid cloud solution that is codenamed “Fiji” to provide the ability to run Azure as a managed local cloud.

What do these offerings have in common or why would customers choose one (or even both) of these hybrid cloud options?

They bring the public cloud operation model to the private cloud or edge in form of one or more racks and servers provided as a fully managed service.

AWS Outposts (generally available since December 2019) and Azure Stack Fiji (in development) provide the following:

Extension of the public cloud services to the private cloud and edge
Consistent infrastructure with consistent operations
Local processing of data (e.g., analytics at the data source)
Local data residency (governance and security)
Low latency access to on-premises systems
Local migrations and modernization of applications with local system interdependencies
Build, run and manage on-premises applications using existing and familiar services and tools
Modernize applications on-prem resp. at the edge
Prescriptive infrastructure and vendor managed lifecycle and maintenance (racks and servers)
Creation of different physical pools and clusters depending on your compute and storage needs (different form factors)
Same licensing and pricing options on-premises (like in the public cloud)

The pretty new AWS Outposts or the future Azure Stack Fiji solution are also called “Local Cloud as a Service” (LCaaS) or “Data Center as a Service” and meant to be consumed and delivered in the on-prem data center or at the edge. It’s about bringing the public cloud to your data center or edge location.

The next phase of cloud transformations is about the “edge” of an enterprise cloud and we know today that private and hybrid cloud strategies are critical for the implementation of IT infrastructure and the operation of it.

If you come from VMware’s standpoint, then it’s not about extending the public cloud to the local data centers. It’s about extending your VMware-based private cloud to the edge or the public cloud.

This article focuses on the local (private) cloud as a service options from VMware, not the public cloud offerings.

In case you would like to know more about VMware’s multi-cloud strategy, which is about running the VMware Cloud Foundation stack on top of a public cloud like AWS, Azure or Google, please check some of my recent posts.

Features and Technologies

Before I describe the different VMware LCaaS offerings based on VMware Cloud Foundation, let me show and explain the different features and technologies my customers ask about when they plan to build a private cloud with public cloud characteristics in mind.

I work with customers from different verticals like

finance
fast-moving consumer goods
manufacturing
transportation (travel)

which are hosting IT infrastructure in multiple data centers all over the world including hundreds of smaller locations. My customers belong to different vertical markets, but are looking for the same features and technologies when it comes to edge computing and delivering a managed cloud on-premises.

Compute and Storage. They are looking for pre-validated and standardized configuration offerings to meet their (application) needs. Most of them describe hardware blueprints with t-shirts sizes (small, medium, large). These different servers or instances provide different options and attributes, which should provide enough CPU, RAM, storage and networking capacity based on their needs. Usually you’ll find terms like “general purpose”, “compute optimized” or “memory optimized” node types or instances.

Networking. Most of my customers look for the possibility to extend their current network (aka elastic or cloud-scale networking) to any other cloud. They prefer a way to use the existing network and security policies and to provide software-defined networking (SDN) services like routing, firewalling and IDS/IPS, load balancing – also known as virtualized network functions (VNF). Service providers are also looking at network function virtualization (NFV), which includes emerging technologies like 5G and IoT. As cloud native or containerized applications become more important, service providers also discuss containerized network functions (CNF).

Services. Applications consist of one or many (micro-)services. All my conversations are application-centric and focus on the different application components. Most of my discussions are about containers, databases and video/data analytics at the edge.

Security. Customers, that are running workloads in the public cloud, are familiar with the shared responsibility model. The difference between public cloud and local cloud as a service offering is the physical security (racks, servers, network transits, data center access etc.).

Scalability and Elasticity. IT providers want to provide the simplicity and agility on-prem as their customers (the business) would expect it from a public cloud provider. Scalability is about a planned level of capacity that can grow or shrink as needed.

Resource Pooling and Sharing. Larger enterprises and service providers are interested in creating dedicated workload domains and resource clusters, but also look for a way to provide infrastructure multi-tenancy.

The challenge for today’s IT teams is, that edge locations are not often well defined. And these IT teams need an efficient way to manage different infrastructure sizes (can range from 2 nodes up to 16 or 24 nodes), for sometimes up to 400 edge locations.

Rethinking Private Clouds

Organizations have two choices when it comes to the deployment of a private cloud extension to the edge. They could continue using the current approach, which includes the design, deployment and operation of their own private cloud. Another pretty new option would be the subscription of a predefined “Data Center as a Service” offering.

Enterprises need to develop and implement a cloud strategy to support the existing workloads, which are still mostly running on VMware vSphere, and build something, which is vendor and cloud-agnostic. Something, that provides a (public) cloud exit strategy at the same time.

If you decide to go for AWS Outposts or the coming Azure Stack Fiji solution, which for sure are great options, how would you migrate or evacuate workloads to another cloud and technology stack?

VMware Cloud on Dell EMC

At VMworld 2019 VMware announced the general availability of VMware Cloud on Dell EMC (VMC on Dell EMC). In 2018 introduced as “Project Dimension”, the idea behind this concept was to deliver a (public) cloud experience to customers on-premises. Give customers the best of two worlds:

The simplicity, flexibility and cost model of the public cloud with the security and control of your private cloud infrastructure.

VMware Cloud on Dell EMC

Initially, Project Dimension was focused primarily on edge use cases and was not optimized for larger data centers.

Note: This has changed with the introduction of the 2nd generation of VMC on Dell EMC in May 2020 to support different density and performance use cases.

VMC on Dell EMC is a VMware-managed service offering with these components:

A software-defined data center based von VMware Cloud Foundation (VCF) running on Dell EMC VxRail
- ESXi, vSAN, NSX, vCenter Server
- HCX Advanced
Dell servers, management & ToR switches, racks, UPS
- Standby VxRail node for expansion (unlicensed)
- Option for half or full-height rack
Multiple cluster support in a single rack
- Clusters start with a minimum of 3 nodes (not 4 as you would expect from a regular VCF deployment)
VMware SD-WAN (formerly known as VeloCloud) appliances for remote management purposes only at the moment
Customer self-service provisioning through cloud.vmware.com
Maintenance, patching and upgrades of the SDDC performed by VMware
Maintenance, patching and upgrades of the Dell hardware performed by VMware (Dell provides firmware, drivers and BIOS updates)
1- or 3-year term subscription commitment (like with VMC on AWS)

There is no “one size fits all” when it comes to hosting workloads at the edge and in your data centers. VMC on Dell EMC provides also different hardware node types, which should match with your defined t-shirt sizes (blueprints).

VMC on Dell EMC HW Node Types

If we talk about at a small edge location with a maximum of 5 server nodes, you would go for a half-height rack. The full-height rack can host up to 24 nodes (8 clusters). Currently, the largest instance type would be a good match for high density, storage hungry workloads such as VDI deployments, databases or video analytics.

As HCX is part of the offering, you have the right tool and license included to migrate workloads between vSphere-based private and public clouds.

The following is a list of some VMworld 2020 breakout sessions presented by subject matter experts and focused on VMware Cloud on Dell EMC:

HCP1831: Building a successful VDI solution with VMware Cloud on Dell EMC – Andrew Nielsen, Sr. Director, Workload and Technical Marketing, VMware

HCP1802: Extend Hybrid Cloud to the Edge and Data Center with VMware Cloud on Dell EMC – Varun Chhabra, VP Product Marketing, Dell

HCP1834: Second-Generation VMware Cloud on Dell EMC, Explained by Product Experts – Neeraj Patalay, Product Manager, VMware

VMware Cloud Foundation and HPE Synergy with HPE GreenLake

At VMworld 2019 VMware announced that VMware Cloud Foundation will be offered in HPE’s GreenLake program running on HPE Synergy composable infrastructure (Hybrid Cloud as a Service). This gives VMware customers the opportunity to build a fully managed private cloud with the public cloud benefits in an on-premises environment.

HPE’s vision is built on a single platform that can span across multiple clouds and GreenLake brings the cloud consumption model to joint HPE and VMware customers.

Today, this solution is fully supported and sold by HPE. In case you want to know more, have a look at the VMworld 2020 session Simplify IT with HPE GreenLake Cloud Services and VMware from Erik Vogel, Global VP, Customer Experience, HPE GreenLake, Hewlett Packard Enterprise.

VMC on AWS Outposts

If you are an AWS customer and look for a consistent hybrid cloud experience, then you would consider AWS Outposts.

There is also VMware variant of AWS Outposts available for customers, who already run their on-premises workloads on VMware vSphere or in a cloud vSphere-based environment running on top of the AWS global infrastructure (called VMC on AWS).

VMware Cloud on AWS Outposts is a on-premises as-a-service offering based on VMware Cloud Foundation. It integrates VMware’s software-defined data center software, including vSphere, vSAN and
NSX. Ths Cloud Foundation stack runs on dedicated elastic Amazon EC2 bare-metal infrastructure, delivered on-premises with optimized access to local and remote AWS services.

VMC on AWS Outposts

Key capabilities and use cases:

Use familiar VMware tools and skillsets
No need to rewrite applications while migrating workloads
Direct access to local and native AWS services
Service is sold, operated and supported by VMware
VMware as the single point of primary contact for support needs, supplemented by AWS for hardware shipping, installation and configuration
Host-level HA with automated failover to VMware Cloud on AWS
Resilient applications required to work in the event of WAN link downtime
Application modernization with access to local and native AWS services
1- or 3-year term subscription commitment
42U AWS Outposts rack, fully assembled and installed by AWS (including ToR switches)
Minimum cluster size of 3 nodes (plus 1 dark node)
Current cluster maximum of 16 nodes

Currently, VMware is running a VMware Cloud on AWS Outposts Beta program, that lets you try the pre-release software on AWS Outposts infrastructure. An early access program should start in the first half of 2021, which can be considered as a customer paid proof of concept intended for new workloads only (no migrations).

VMware on Azure Stack

To date there are no plans communicated by Microsoft or VMware to make Azure VMware Solution, the vSphere-based cloud offering running on top of Azure, available on-premises on the current or future Azure Stack family.

VMware on Google Anthos

To date there are no plans communicated by Google or VMware to make Google Cloud VMware Engine, the vSphere-based cloud offering running on top of the Google Cloud Platform (GCP), available on-premises.

The only known supported combination of a Google Cloud offering running VMware on-premises is Google Anthos (Google Kubernetes Engine on-prem).

Multi-Cloud Application Portability

Multi-cloud is now the dominant cloud strategy and many of my customers are maintaining a vSphere-based cloud on-premises and use at least two of the big three public clouds (AWS, Azure, Google).

Following a cloud-appropriate approach, customers are inspecting each application and decide which cloud (private or public) would be the best to run this application on. VMware gives customers the option to run the Cloud Foundation technology stack in any cloud, which doesn’t mean, that customers at the same time are not going cloud-native and still add AWS and Azure to the mix.

How can I achieve application portability in a multi-cloud environment when the underlying platform and technology formats differ from each other?

This is a question I hear a lot. Kubernetes is seen as THE container orchestration tool, which at the same time can abstract multiple public clouds and the complexity that comes with them.

A lot of people also believe that Kubernetes is enough to provide application portability and figure out later, that they have to use different Kubernetes APIs and management consoles for every cloud and Kubernetes (e.g., Rancher, Azure, AWS, Google, RedHat OpenShift etc.) flavor they work with.

That’s the moment we have to talk about VMware Tanzu and how it can simplify things for you.

The Tanzu portfolio provides the next generation the building blocks and steps for modernizing your existing workloads while providing capabilities of Kubernetes. Additionally, Tanzu also has broad support for containerization across the entire application lifecycle.

Tanzu gives you the possibility to build, run, manage, connect and protect applications and to achieve multi-cloud application portability with a consistent platform over any cloud – the so-called “Kubernetes grid”.

Note: I’m not talking about the product “Tanzu Kubernetes Grid” here!

I’m talking about the philosophy to put a virtual application service layer over your multi-cloud architecture, which provides a consistent application platform.

Tanzu Mission Control is a product under the Tanzu umbrella that provides central management and governance of containers and clusters across data centers, public clouds, and edge.

Conclusion

Enterprises must be able to extend the value of their cloud investments to the edge of the organization.

The edge is just one piece of a bigger picture and customers are looking for a hybrid cloud approach in a multi-cloud world.

Solutions like VMware Cloud on Dell EMC or running VCF on HPE Synergy with HPE Greenlake are only the first steps towards innovation in the private cloud and to bring the cost and operation model from the public cloud to the enterprises on-premises.

IT organizations are rather looking for ways to consume services in the future and care less about building the infrastructure or services by themselves.

The two most important differentiators for selecting an as-a-service infrastructure solution provider will be the provider’s ability to enable easy/consistent connectivity and the provider’s established software partner portfolio.

In cases where IT organizations want to host a self-managed data center or local cloud, you can expect, that VMware is going to provide a new and appropriate licensing model for it.

Multi-Tenancy on VMware Cloud Foundation with vRealize Automation and Cloud Director

Nov 30, 2020 | AWS, Azure, Cloud Director, Google Cloud, NSX, Tanzu, VCPP, VMC, VMware Cloud, VMware Cloud Foundation, vSAN, vSphere

In my article VMware Cloud Foundation And The Cloud Management Platform Simply Explained I wrote about why customers need a VMware Cloud Foundation technology stack and what a VMware cloud management platform is.

One of the reasons and one of the essential characteristics of a cloud computing model I mentioned is resource pooling.

By the National Institute of Standards and Technology (NIST) resource pooling is defined with the following words:

The provider’s computing resources are pooled to serve multiple
consumers using a multi-tenant model, with different physical and virtual
resources dynamically assigned and reassigned according to consumer demand.
There is a sense of location independence in that the customer generally has no
control or knowledge over the exact location of the provided resources but may be
able to specify location at a higher level of abstraction (e.g., country, state, or
data center).

This time I would like to focus on multi-tenancy and how you can achieve that on top of VMware Cloud Foundation (VCF) with Cloud Director (formerly known as vCloud Director) and vRealize Automation, which both could be part of a VMware cloud management platform (CMP).

Multi-Tenancy

There are many understandings around about multi-tenancy and different people have different definitions for it.

If we start from the top of an IT infrastructure, we will have application or software multi-tenancy with a single instance of an application serving multiple tenants. And in the past even running on the same virtual or physical server. In this case the multi-tenancy feature is built into the software, which is commonly accessed by a group of users with specific permissions. Each tenant gets a dedicated or isolated share of this application instance.

Coming from the bottom of the data center, multi-tenancy describes the isolation of resources (compute, storage) and networks to deliver applications. The best example here are (cloud) services providers.

Their goal is to create and provide virtual data centers (VDC) or a virtual private cloud (VPC) on top of the same physical data center infrastructure – for different tenants aka customers. Normally, the right VMware solution for this requirement and service providers would be Cloud Director, but this is maybe not completely true anymore with the release of vRealize Automation 8.x.

To make it easier for all of us, I’ll call Cloud Director and vCloud Director “vCD” from now on.

VMware Cloud Director (formerly vCloud Director)

Cloud Director is a product exclusively for cloud service providers via the VMware Cloud Provider Program (VCPP). Originally released in 2010, it enables service providers (SPs) to provision SDDC (Software-Defined Data Center) services as complete virtual data centers. vCD also keeps resources from different tenants isolated from each other.

Within vCD a unit of tenancy is called Organization VDC (OrgVDC). It is defined as a set of dedicated compute (CPU, RAM), storage and network resources. A tenant can be bound to a single OrgVDC or can be composed of multiple Organization VDCs. This is typically known as Infrastructure as a Service (IaaS).

A provider virtual data center (PVDC) is a grouping of compute, storage, and network resources from a single vCenter Server instance. Multiple organizations/tenants can share provider virtual data center resources.

Cloud Director Resource Abstraction

A lot of customers and VCPP partners have now started to offer their cloud services (IaaS, PaaS, SaaS etc.) based on VMware Cloud Foundation. For private and hybrid cloud scenarios, but also in the public cloud as a managed cloud service (VMware Cloud on AWS, Azure VMware Solution, Google Cloud VMware Engine, Alibaba Cloud VMware Solution and more).

Important: I assume that you are familiar with VCF, its core components (ESXi, vSAN, NSX, SDDC Manager) and architecture models (standard as the preferred).

Cloud Director components are currently not part of the VCF lifecycle automation, but it is a roadmap item!

Cloud Director Resource Hosting Models

vCD offers multiple hosting models:

In the shared hosting model, multiple tenant workloads run all together on the same
resource groups without any performance assurance
In the reserved hosting model, performance of workloads is assured by resource
reservation.
In the physical hosting model, hardware is dedicated to a single tenant and performance
is assured by the allocated hardware

Tenant Using Shared Hosting on VCF Workload Domain

In this use case a tenant is using shared hosting backed by a VMware Cloud Foundation workload domain. A workload domain, which is mapped to a provider VDC.

vCD VCF Shared

Tenant Using Shared Hosting and Reserved Hosting on Multiple VCF Workload Domains

This use case describes the example of customer using shared and reserved hosting backed by multiple VCD workload domains. Here each cluster has a single resource pool mapped to a single PVDC.

vCD VCF Shared Reserved

Tenant Using Physical Hosting and Central Point of Management (CPOM)

The last example shows a single customer using physical hosting. You will notice that there is also a vSphere with
Kubernetes workload domain. VMware Cloud Foundation automates the installation of vSphere with Kubernetes (Tanzu) which makes it incredibly easy to deploy and manage.

You can see that there is an “SDDC” box on top of the Kubernetes Cluster vCenter, which is attached to
the “SDDC Proxy” entity. vCD can act as an HTTP/S proxy server between tenants and the
underlying vSphere environment in VMware Cloud Foundation. An SDDC proxy is an
access point to a component from an SDDC, for example, a vCenter Server instance, an ESXi host, or
an NSX Manager instance.

The vCD becomes the central point of management (CPOM) in this case and the customer gets a complete dedicated SDDC with vCenter access.

vCD VCF Physical CPOM

Note: Since vCD 9.7 it is possible to present for example a vCenter Server instance securely to a tenant’s organization using the Cloud Director user interface. This is how you could build your own VMC-on-AWS-like cloud offering!

Cloud Director CPOM

All 3 Tenants Together

Finally, we put it all together. In the first use case we can see that different customers are sharing resources from a
single PVDC. We can also see that resources from a single vCenter can be split across different provider virtual datacenters and that we can mix and match multi-tenants workload domains and workload domains offering dedicated private cloud all together.

vCD VCF All Together

Cloud Director Service and VMware Cloud on AWS

If you don’t want to extend or operate your own data center or cloud infrastructure anymore and provide a managed service to multiple customer, there are still options for you available backed by VMware Cloud Foundation as well.

Since October 2020 you have Cloud Director Service globally available, which delivers multi-tenancy to VMware Cloud on AWS for managed service providers (MSP).

VMware sees not only new, but also existing VCPP partners moving towards a mixed-asset portfolio, where their cloud management platform consists of a VCPP and MSP (VMware SaaS offerings) contract. This allows them for example to run vCD on-premises for their current customers and the onboarding of new tenants would happen in the public cloud with CDS and VMC on AWS.

vCD CDS Mixed Mode

Enterprise Multi-Tenancy with vRealize Automation

With the release of vRealize Automation 8.1 (vRA) VMware offered support for dedicated infrastructure multi-tenancy, created and managed through vRealize Suite Lifecycle Manager. This means vRealize Automation enables customers or IT providers to set up multiple tenants or organizations within each deployment.

Providers can set up multiple tenant organizations and allocate infrastructure. Each tenant manages its own projects (team structures), resources and deployments.

Enabling tenancy creates a new Provider (default) organization. The Provider Admin will create new tenants, add tenant admins, setup directory synchronization, and add users. Tenant admins can also control directory synchronization for their tenant and will grant users access to services within their tenant. Additionally, tenant admins will configure Policies, Governance, Cloud Zones, Profiles, access to content and provisioned resources; within their tenant. A single shared SDDC or separate SDDCs can be used among tenants depending on available resources.

vRealize Automation 8.1 Multi-Tenancy

With vRealize Automation 8.2, provider administrators got the ability to share infrastructure by creating and assigning Virtual Private Zones (VPZ) to tenant organizations.

Think of VPZs as a kind of container of infrastructure capacity and services which can be defined and allocated to a Tenant. You can add unique or shared cloud accounts, with associated compute, flavors, images, storage, networking, and tags to each VPZ. Each component offers the same configuration options you would see for a standalone configuration.

vRealize Automation 8.2 Multi-Tenancy

vRealize Automation and VMware Cloud Foundation

With the pretty new multi-tenancy and VPZ capability a new consumption model on top of VCF can be built. You (provider) would map the Cloud Zones (compute resources on vSphere (or AWS for example)) to a VCF workload domain.

The provider sets these cloud zones up for their customers and provides dedicated or shared infrastructure backed by Cloud Foundation workload domains.

This combination would allow you to build an enterprise VPC construct (like AWS for example), a logically isolated section of your provider cloud.

vRealize Automation and VMware Cloud Foundation

SDDC Manager Integration and VMware Cloud Foundation (VCF) Cloud Account

Since the vRA 8.2 release customers are also able to configure a SDDC Manager integration and on-board workload domains as VMware Cloud Foundation cloud accounts into the VMware Cloud Assembly service.

VMware Cloud Director or vRealize Automation?

You wonder if vRealize Automation could replace existing vCD installations? Or if both cloud management platforms can do the same?

I can assure you, that you can provide a self-service provisioning experience with both solutions and that you can provide any technology or cloud service “as a service”. Both have in common to be backed by Cloud Foundation, have some form of integration (vRA) and can be built by a VMware Validated Design (VVD).

vCD is known to be a service provider solution, where vRA is more common in enterprise environments. VMware has VCPP partners, that use Cloud Director for their external customers and vRealize Automation for their internal IT and customers.

If you are looking for a “cloud broker” and Infrastructure as Code (IaC), because you also want to provision workloads on AWS, Azure or GCP as well, then vRealize Automation is the better solution since vCD doesn’t offer this deep integration and these deployment options yet.

Depending on your multi-tenant needs and if you for example only have chosen vCD in the past, because of the OrgVDC and resource pooling feature, vRealize Automation would be enough and could replace vCD in this case.

It is also very important to understand how your current customer onboarding process and operational model look like:

How do you want to create a new tenant?
How do you want to onboard/migrate existing customer workloads to your provider infrastructure?
Do you need versioning of deployments or templates?
Do customers require access to the virtual infrastructure (e.g. vCenter or OrgVDC) or do you just provide SaaS or PaaS?
Do customers need a VPN or hybrid cloud extension into your provider cloud?
How would you onboard non-vSphere customers (Hyper-V, KVM) to your vSphere-based cloud?
Does your customer rely on other clouds like AWS or Azure?
How do you do billing for your vSphere-based cloud or multi-cloud environment?
What is your Kubernetes/container strategy?
And 100 other things 😉

There are so many factors and criteria to talk about, which would influence such a decision. There is no right or wrong answer to the question, if it should be VMware Cloud Director or vRealize Automation. Use what makes sense.

Which could also be a combination of both.

VMware Cloud Foundation And The Cloud Management Platform Simply Explained

Nov 3, 2020 | AWS, Azure, Google Cloud, HCX, NSX, VMware Cloud, VMware Cloud Foundation, vSAN, vSphere

I think that it is pretty clear what VMware Cloud Foundation (VCF) is and what it does. And it is also clear to a lot of people how where you could use VCF. But very few organizations and customers know why they should or could use Cloud Foundation and what its purpose is. This article will give you a better understanding about the “hidden” value that VMware Cloud Foundation has to offer.

My last contributions focused on VMware’s multi-cloud strategy and how they provide consistency in any layer of their vision:

Consistent employee experience for the digital workspace with Workspace ONE
Consistent automation and operations with the vRealize Suite and VMware Cloud Services
Consistent developer experience with the Tanzu Kubernetes Grid over any cloud
Consistent security with the intrinsic security vision
Consistent infrastructure for VMs and containers with VMware Cloud Foundation (unified platform for both workloads)

VMware Strategy

The VMware messaging is clear. By deploying consistent infrastructure across clouds, customers gain consistent operations and intrinsic security in hybrid or multi-cloud operating models. The net result is, that the intricacies of infrastructure fade, allowing IT to focus more on deploying applications and providing secure access to those applications and data from any device.

The question is now, what are the building blocks and how can you fulfill this strategy? And why is VMware Cloud Foundation really so important?

Cloud Computing

To answer these questions we have to start with the basics and look at the NIST definition of cloud computing first:

Cloud computing is a model for enabling convenient, on-demand network access to a shared
pool of configurable computing resources (e.g., networks, servers, storage, applications, and
services) that can be rapidly provisioned and released with minimal management effort or
service provider interaction. This cloud model promotes availability and is composed of five
essential characteristics, three service models, and four deployment models.

Data Center Cloud Computing

Let’s start with the three service models and the capabilities each is aiming to provide:

Software as a Service (SaaS). Centrally hosted software, which is licensed on a subscription basis. They are also known as web-based or hosted software. The consumer of this service does not manage or control the underlying cloud infrastructure (servers, network, storage, operating system)
Platform as a Service (PaaS). This application platform allows the consumer to build, run and manage applications without the complex building of the application infrastructure to launch the applications. Like with SaaS, the consumer doesn’t manage or control the underlying cloud infrastructure, but has the control over the deployed applications.
Infrastructure as a Service (IaaS). IaaS provides the customer fundamental resources like compute, storage and network where they are able to deploy and run software in virtual machines or containers. The consumer doesn’t manage the underlying infrastructure, but manages the virtual machines including the operating systems and applications.

Deployment Models

There are four cloud computing deployment models defined today and mostly we talk only about three (I excluded the community cloud) of them. Let’s consult the VMware glossary for each definition.

Private Cloud. Private cloud is an on-demand cloud deployment model where cloud computing services and infrastructure are hosted privately, often within a company’s own data center using proprietary resources and are not shared with other organizations. The company usually oversees the management, maintenance, and operation of the private cloud. A private cloud offers an enterprise more control and better security than a public cloud, but managing it requires a higher level of IT expertise.
Public Cloud. Public cloud is an IT model where on-demand computing services and infrastructure are managed by a third-party provider and shared with multiple organizations using the public Internet. Public cloud service providers may offer cloud-based services such as infrastructure as a service, platform as a service, or software as a service to users for either a monthly or pay-per-use fee, eliminating the need for users to host these services on site in their own data center.
Hybrid Cloud. Hybrid cloud describes the use of both private cloud and public cloud platforms, which can work together on-premises and off-site to provide a flexible mix of cloud computing services. Integrating both platforms can be challenging, but ideally, an effective hybrid cloud extends consistent infrastructure and consistent operations to utilize a single operating model that can manage multiple application types deployed in multiple environments.

Hybrid Cloud Model

Multi-Cloud is a term for the use of more than one public cloud service provider for virtual data storage or computing power resources, with or without any existing private cloud and on-premises infrastructure. A multi-cloud strategy not only provides more flexibility for which cloud services an enterprise chooses to use, it also reduces dependence on just one cloud vendor. Multi-Cloud service providers may host three main types of services IaaS, PaaS and SaaS.

With IaaS, the cloud provider hosts servers, storage and networking hardware with accompanying services, including backup, security and load balancing. PaaS adds operating systems and middleware to their IaaS offering, and SaaS includes applications so that nothing is hosted on a customer’s site. Cloud providers may also offer these services independently.

Note: It is very important to understand which cloud computing deployment is the right one for your organization and which services your IT needs to offer to your internal or external customers.

Essential Characteristics

If you look at the five essential cloud computing characteristics from the NIST (National Institute of Standards and Technology), you’ll find attributes which you would also consider as natural requirements for any public cloud (e.g. Azure, Google Cloud Platform, Amazon Web Services):

On-demand self-service. A consumer can unilaterally provision computing capabilities,
such as server time and network storage, as needed automatically without
requiring human interaction with each service’s provider.
Broad Network Access. Capabilities are available over the network and accessed through
standard mechanisms that promote use by heterogeneous thin or thick client
platforms (e.g. PCs, laptops, smartphones, tablets).
Resource Pooling. The provider’s computing resources are pooled to serve multiple
consumers using a multi-tenant model, with different physical and virtual
resources dynamically assigned and reassigned according to consumer demand.
There is a sense of location independence in that the customer generally has no
control or knowledge over the exact location of the provided resources but may be
able to specify location at a higher level of abstraction (e.g., country, state, or
data center).
Scalability and Elasticity. Capabilities can be rapidly and elastically provisioned, in some cases
automatically, to quickly scale out and rapidly released to quickly scale in. To the
consumer, the capabilities available for provisioning often appear to be unlimited
and can be purchased in any quantity at any time.
Measure Service. Cloud systems automatically control and optimize resource use by
leveraging a metering capability at some level of abstraction appropriate to the
type of service (e.g., storage, processing, bandwidth, and active user accounts).
Resource usage can be monitored, controlled, and reported providing
transparency for both the provider and consumer of the utilized service.

And besides the five essentials, you look for security, flexibility and reliability. With all these properties in mind, you would follow the same approach today, if you build a new data center or have to modernize your current cloud infrastructure. A digital foundation, or a platform, which can adopt to any changes and serve as expected.

5 Characteristics of Cloud Computing

This is why VMware has built VMware Cloud Foundation! This is why we need VCF, which is the core of VMware’s multi-cloud strategy.

To be able to meet the above characteristics/criteria, you need a set of software-defined components for compute, storage, networking, security and cloud management in private and public environments – also called the software-defined data center (SDDC). VCF makes operating the data center fundamentally simpler by bringing the ease and automation of the public cloud in-house by deploying a standardized and validated architecture with built in lifecycle management and automation capabilities for the entire cloud stack.

As automation is already integrated and part from the beginning, and not something you would integrate later, you are going to be able to adopt to changes and have already one of the elements in place to achieve the needed security requirements. Automation is key to provide security through the whole stack.

In short, Cloud Foundation gives you the possibility and the right tools to build your private cloud based on public cloud characteristics and also an easy path towards a hybrid cloud architecture. Consider VCF as VMware’s cloud operating system, which enables a hybrid cloud based on a common and compatible platform that stretches from on-premises to any public cloud. Or from public cloud to another public cloud.

Note: VMware Cloud Foundation can also be consumed as a service (aka SDDC as a service) through their partners like Google, Amazon Web Services, Microsoft and many more.

Why Hybrid or Multi-Cloud?

A hybrid cloud with a consistent infrastructure approach enables organizations to use the same tools, policies and teams to manage the cloud infrastructure, which hosts the virtual machines and containers.

Companies want to have the flexibility to deploy and manage new and old applications in the right cloud. They are looking for an architecture, which allows them to migrate on-premises workloads to the public cloud and modernize these applications (partially or completely) with the cloud provider’s native services.

Customers have changed their perception from cloud-first to a cloud-appropriate strategy where they choose the right cloud for each specific application. And to avoid a vendor lock-in, you suddenly see two or three additional public clouds joining the cloud architecture, which by definition now is a multi-cloud environment.

Now you have a mix of a VMware-based cloud with AWS, Azure and GCP for example. It is possible to build new applications in one of the VMware “SDDC as a service” (e.g. VMware Cloud on AWS, Azure VMware Solution, Google Cloud VMware Engine) offerings, but customers also want deploy and use cloud-native service offerings.

Multi-Cloud Reality

How you deal with this challenge with the different architectures, operational inconsistencies, varying skill sets or your people, different management and security controls and incompatible technology formats?

Well, the first answer could be, that your IT needs to be able to treat all clouds and applications consistently and run the VCF stack ideally in any (private or public) cloud.

But this is not where I want to head to. There is something else, which we need to transform in this multi-cloud environment.

We only have consistent infrastructure with consistent operations, because of VMware Cloud Foundation, so far.

How does your deployment and automation model for your virtual machines and containers look like now?
How would you automate the provisioning these workloads and needed application components?

With your current tool set you have to talk four “languages” via the graphical management console or API (application programming interface).

In an international organization, where people come from different countries and talk different languages, we usually agree to English as corporate language. VMware is following the same approach in this case and puts an abstraction layer above the clouds and expose the APIs.

VMware Cloud-Agnostic CMP

This helps to manage the different objects and workloads you have deployed in any cloud. You don’t have to use your cloud accounts anymore and can define a consistent and centralized team and permission structure as well.

On top of this cloud-agnostic API you can provide all means for a self-service catalog, use programmable provisioning and provide the operations (e.g. cost or log management) and visibility (powered by artificial intelligence where needed) tool set (e.g. application and networks) to build, run, manage, connect and protect your applications.

Your applications, which are part of the different main services (IaaS, PaaS, SaaS) and most probably many other services (like DaaS, DBaaS, FaaS, DRaaS, CaaS, Backup as a Services, MongoDB as Service etc.) you are going to offer to your internal consumers or customers, are deployed via this cloud abstraction layer.

VMware CMP and Services

This abstraction layer forms the VMware cloud management platform (CMP), which consists of the vRealize Suite and VMware Cloud Services. This CMP also provides you with the necessary interfaces and integration options to other existing backend services or tools like a ticketing system, change management database (CMDB), IP address management (IPAM) and so on.

In short this means, that the VMware cloud operation model treats each private or public cloud as a landing zone.

VMware Cloud Foundation Is More About Business Value

Yes, Cloud Foundation is a very technical topic and most people see it only like that. But the hidden and real value are the ones nobody sees or talk about. The business values and the fact, that you can operate your private cloud with the ease like a public cloud provider and that you can follow the same principles for any cloud delivery model.

On-Demand self-service is offered through the lifecycle management capabilities VCF has included in combination with the cloud-agnostic API from VMware’s cloud management platform.

Broad network access starts with VMware’s digital workspace offerings and ends in the data center, at the edge or any cloud with their cloud-scale networking portfolio, which includes software-defined networking (SDN), software-defined WAN (SD-WAN) and software-defined application delivery controller (SD-ADC).

Multi-tenancy and resource pooling can only be achieved with automation and security. Two items which are naturally integrated into Cloud Foundation. The SDDC management component of VCF also gives you the technical capability to create your regions and availability zones. Something a public cloud providers let’s you choose as well.

Rapid elasticity is provided with the hardware-agnostic (for the physical servers in your data centers) approach VMware offers to their customers. Besides that, all cloud computing components are software-defined, which can run on-premises, at the edge or in any public cloud, which allows you to quickly scale out and scale in according to your needs.

Service usage and resource usage (compute, storage, network) are automatically controlled and optimized by leveraging some level of abstraction of all different clouds. Resource usage can be monitored and reported in a transparent way for the service provider and the consumer.

VMware Multi-Cloud Services

In addition to that, VMware provides their customers the choice to consume the VMware operation tools on-premises or as a SaaS offering, which is then hosted in the cloud. With perpetual and subscription licenses you can define your own pay-per-use or pay-as-you-go pricing options and if you want to move from a CAPEX to a OPEX cost model. The same will be true somewhen for VCF and VCF in the public cloud as well. A single universal license which allows you to run the different components and tools everywhere.

Customers need the flexibility to build the applications in any environment, matching the needs of the application and the best infrastructure. They need to manage and operate different environments as one, as efficiently as possible, with common models of security and governance.

Customers need to shift workloads seamlessly between cloud providers (also known as cross-cloud workload mobility) without the cost, complexity or risk of rewriting applications, rebuilding process or retraining IT resources.

And that’s my simple explanation of VMware Cloud Foundation and why it so important and the core of the VMware (Multi-Cloud) strategy.

Let me know what you think! 🙂

A big thank you to my colleagues Christian Dudler, Gavin Egli and Danny Stettler who reviewed my content and illustrations.

Update January 2022: If you would like to get a basic technical understand of VMware Cloud Foundation, have a look at VMware Cloud Foundation – A Technical Overview

Google Cloud VMware Engine (GCVE)

Sep 17, 2020 | Citrix, Google Cloud, HCX, Horizon, NSX, VCPP, VMware Cloud, VMware Cloud Foundation, vSAN, vSphere

In June 2020 VMware and Google made the announcement that Google Cloud VMware Engine (GCVE) is generally available. Almost exactly one year ago, the market received the information that VMware’s Cloud Foundation (vSphere, vSAN and NSX) stack will come to Google Cloud.

With this milestone VMware is now present on top of all the so-called “big three” hyperscalers.

GCVE has the same goals like the other similar offerings like VMware Cloud on AWS or Azure VMware Solution and belongs to the VMware multi-cloud strategy – to seamlessly migrate and run applications in the public cloud. In this case in Google Cloud! Run your applications in the public cloud exactly the same way as you already do now withh your on-premises VMware environment. With the very important addition, that you have high speed access to Google Cloud services like Cloud SQL, Cloud Storage, big data or AI/ML services.

To be able to run VMware workloads on top of the Google Cloud global infrastructure, Google acquired CloudSimple (with which they partnered with already) last November 2019.

At the moment of writing, the VMware hybrid cloud experience on Google Cloud is sold, operated and supported by Google and their partners.

Many customers are already looking at this very interesting offer, which is going to be available in more regions until the end of 2020. But there are also already a few customers using the joint offering. Google just published a customer reference story about the “Deutsche Börse Group”, a large and international financial organization, which extended their on-premises environment to Google Cloud with Google Cloud VMware Engine. One of the reasons why Deutsche Börse went for this vSphere-based cloud approach, was, to keep migrations to the cloud easy. I expect we can hear more about this success story at VMworld 2020.

Cloud Migration and Workload Mobility

A lot of customers underestimate the amount of work, time and costs involved in refactoring or re-platforming applications and the overall challenges when it comes to migrations from on-prem to the cloud. To build this secure hybrid cloud extension with GCVE, you’ll need VMware HCX, which is included in the GCVE offering.

There are different options available to connect both worlds:

GCVE Connectivity Options

VPN Gateway for point-to-point connections, used for the secure admin access to vCenter. Useful for the initial setup of the GCVE environment.
Cloud VPN for site-to-site connections, a secure layer 3 connection over the internet. This is one of the lower cost options for use cases, that don’t require high bandwidth.
Dedicated Cloud Interconnect with a direct traffic flow to Google with 10Gbps or 100Gbps circuits with 50Mbps to 50 Gbps connection capacities. This direct connection is required for HCX and the preferable connectivity option for customers requiring high speed and low latency.
Partner (Cloud) Interconnect is another option of a Cloud Interconnect, where your traffic flows through one of the supported service providers (e.g. Colt, Equinix, BT, e-shelter, Verizon, InterCloud, Interxion, Megaport)

Note: One unique feature of GCVE is the ability to route between different GCVE environments in the same region, without the need for additional configuration.

Use Cases

These use cases, if you made yourself already familiar with a hybrid cloud approach, shouldn’t be new to you.

Data Center extension or retirement. You can scale the data center capacity in the cloud on-demand, if you for example don’t want to invest anymore in your on-premises environment. In case you just refreshed your current hardware, another use case would be the extension of your on-premises vSphere cloud to Google Cloud.

Disaster Recovery and data protection. Here we’ll find different scenarios like recovery (replication) or backup/archive (data protection) use cases. You can also still use your existing 3rd party tools from Zerto or Veeam to replace or complement existing DR locations and leverage the Cloud Storage service. You can also use your GCVE private clouds as a disaster recovery (DR) site for your on-premises workloads. This DR solution would be based on VMware Site Recovery Manager (SRM) which can be also used together with HCX.

Cloud migrations or consolidation. If you want to start with a lift & shift approach to migrate specific applications to the cloud, then GCVE is definitely right for you. Maybe you want to refresh your current infrastructure and need to relocate or migrate your workloads in an easy and secure way? Another perfect scenario would be the consolidation of different vSphere-based clouds.

Application modernization. Re-architecting or refactoring applications is not that easy. Most customers start with a partial approach to modernize their applications and leverage cloud-native services (e.g. databases, AI/ML engines).

Interesting: Did you know that Google’s on-prem GKE (Google Anthos) is running on vSphere?

VMware Horizon on VMware Engine

The advantages of a public cloud like Google Cloud are the “endless” capacity, agility and high-bandwidth connections. These items are very important for a virtual desktop infrastructure (VDI) and specially during disaster scenarios, when onboardings have to happen fast or if you look for on-demand growth.

Another regular example could be a merger & acquisition use case, where we the main infrastructure doesn’t have the necessary physical resources to onboard to new company and their employees.

Because something like this has always happen as easy and fast as possible. Running virtual desktops in Google Cloud VMware Engine can help in such situations. Together with VMware Horizon, organizations could install a VDI environment in GCVE and connect it to their Horizon on-premises infrastructure using the Cloud Pod Architecture (CPA).

Note: When migrating applications to the cloud (GCVE), it is a best practice to keep the virtual desktop close to the application, which is a general use case we see when talking about application locality.

Horizon Global Pod GCVE

With the release of Horizon 2006 (aka Horizon 8) it is also possible to choose “Google Cloud” as deployment option during the connection server installation.

$C:\\Users\\mrebmann\\OneDrive - VMware, Inc\\cloud13\\2020 - Google Cloud VMware Engine\\Horizon on GCVE.png$

In case you need a load balancer (for your Horizon components and in general) for your on-premises environment and the public cloud, have a look at NSX Advanced Load Balancer.

GCVE Node Specs

When planning your GCVE resource needs, be aware of the following specifications and limits:

CPU: Intel Xeon Gold 6240 (Cascade Lake) 2.6 GHz (x2), 36 Cores, 72 Hyper-Threads

Memory: 768 GB

Storage (vSAN): 2 × 1.6 TB (3.2 TB) NVMe (Cache), 6 × 3.2 TB (19.2 TB) NVMe (Data)

Number of nodes required to create a private cloud: 3 (up to 64 hosts per private cloud)

Number of nodes allowed in a cluster on a private cloud: 16

3rd party tools compatibility: Yes, you can use existing tools (elevated privileges allow you to install 3rd party software)

Interesting facts: It only takes about a half hour to spin up your private cloud with three nodes! The addition of a new node takes approximately 15 minutes.

GCVE Elevated Privileges

Software License and Versions

Please find the current software versions and licenses below used for the GCVE offering (purchased with a 1- or 3- year commitment). The listed software versions are fixed and all updates are managed by Google. Google is responsible for the lifecycle management of the VMware software, which includes ESXi, vCenter and NSX.

Component	Version	License
vCenter	6.7 U3	vCenter Standard
ESXi	6.7 U3	Enterprise Plus
vSAN	6.7 U3	Enterprise
NSX Data Center (NSX-T)	2.5.1	Advanced
HCX	3.5.3	Advanced

Shared Responsibilities

Google Cloud VMware Engine is coming with all components you need to securely run VMware natively in a dedicated private cloud. Google takes care of the infrastructure (service) and their native service integrations. As a customer you only need to take care of your virtual machines or containers with your applications and data. Besides that, you also need to make sure that your configurations, policies, network portgroups, authentication and capacity management are properly configured.

GCVE Shared Responsibilities

If you want to know and learn more about Google Cloud VMware Engine, have a look at the following resources:

Multi-Cloud Load Balancing and Autoscaling with NSX Advanced Load Balancer (formerly Avi Networks)

Sep 14, 2020 | AWS, Azure, Google Cloud, Horizon, Networking, NSX, VMC, VMware Cloud, VMware Cloud Foundation

Do you want to build your private cloud like a hyperscaler is doing it? You know that VMware Cloud Foundation is becoming the new vSphere, but still wonder how you can implement software-defined load balancing (LB) or application services and features like autoscaling or predictive scaling? Then this article about multi-cloud load balancing and autoscaling with NSX Advanced Load Balancer aka Avi Networks is for you!

My Experience with a Legacy ADC

A few years ago, I was working on the customer side for an insurance company in Switzerland as a Citrix System Engineer. My daily tasks included the maintenance and operation of the Citrix environment, which included physical and virtual Citrix NetScaler Application Delivery Controller (ADC) appliances. The networking team owned a few hardware-based appliances (NetScaler SDX) with integrated virtualization capability (XenServer as hypervisor) to host multiple virtual NetScaler (VPX) instances.

The networking team had their dedicated NetScaler VPX instances (for LDAP and HTTP load balancing mostly) and deployed my appliances after I filed a change request. Today, you would call this multi-tenancy. For a Citrix architecture it was best practices to have one high availability (HA) pair for the internal and one HA pair for the external (DMZ) network access. An HA pair was running in a active/passive mode and I had to maintain the same setup for the test environment as well.

Since my virtual VPX appliances were hosted on the physical SDX appliance, I always relied on the network engineers when I needed more resources (CPU, RAM, SSL, throughput) allocated to my virtual instances. Before I could upgrade to a specific firmware version, I also had to wait until they upgraded the physical NetScaler appliances and approved my change request. This meant, we had to plan changes and maintenance windows together and had to cross fingers, that their upgrade went well, so that we then could upgrade all our appliances after.

NetScaler SDX

It was also possible to download a VPX appliance, which could run on top of VMware vSphere. To be more independent, I decided to install four new VPX appliances (for the production and test environment) on vSphere and migrated the configuration from the appliances running on the physical SDX appliance.

Another experience I had with load balancers was when I started to work for Citrix as a consultant in Central Europe and had to perform a migration of physical NetScaler MPX appliances, which had no integrated virtualization capability. I believe I had two sites with each two of these powerful MPX appliances for tens of thousands of users. Beside the regular load balancing configuration for some of the Citrix components, I also had to configure Global Server Load Balancing (GSLB) in active/passive mode for the two sites.

NetScaler GSLB Active Passive

There were so many more features available (e.g., Web Application Firewall, Content Switching, Caching, Intrusion Detection), but I never used anything else than the NetScaler Universal Gateway for the remote access to the virtual desktop infrastructure (VDI), load balancing, HTTP to HTTPS redirections and GSLB. In all scenarios I had an HA pair where one instance was idling and doing nothing. And the active unit was in average not utilized more than 15-20%. It was common to install/buy too large or powerful instances/licenses, because you wanted to be on the safe side and have enough capacity to terminate all your SSL sessions and so on.

It (load balancing) was about distributing network traffic across multiple servers by spreading the requests and workload evenly, and to add some intelligence (health monitoring) in case an application server or a service would fail or become unavailable for any reason. If one more application server was needed, I ordered a new Windows Server, installed and configured the Citrix components and added the necessary load balancing configuration on the NetScaler. These were all manual tasks.

This was my personal experience from 2017. Since then, applications became more complex and distributed. The analysts and the market are focusing on containerized and portable apps that are running in multiple clouds. The prediction is also that the future is multi-cloud.

Multiple Clouds vs. Multi-Cloud

There are different definitions and understandings out there what multi-cloud means. In my understanding, using a private cloud, the AWS cloud, Microsoft Office 365 and Azure is a typical setup with multiple clouds. There are simple scenarios where you migrate workloads from a private to a public cloud; or having applications with services hosted on the private and on the public cloud. The latter would be an example of a hybrid cloud architecture.

There are various reasons for why services and resources (workloads) are distributed on multiple clouds (on-prem, Azure, AWS, GCP etc.):

Avoid dependence on one cloud provider only
Consume different specific services that are not provided elsewhere
Optimize costs for different workloads and services
React to price changes by the providers

That is why we are seeing also the trend to break up big legacy applications (monoliths) in smaller pieces (segments), which is a best practice and design principle today. The goal is to move to a loosely coupled and more service-oriented architecture. This provides greater agility, more flexibility and easier scalability with less inter-dependencies.

A segmented application is much easier to run in different clouds (think about portability). Running one application over multiple clouds is in my understanding the right definition of multi-cloud.

Multiple Clouds versus Multi-Cloud

Let’s assume that most probably all the four reasons above apply to larger enterprises. If we take another angle, we can define some business and technical requirements for multi-cloud:

Application or services need to be cloud vendor-agnostic
Provide or abstract control and management interfaces of multiple clouds
Support application portability (relocation between clouds)
Combine IaaS and other services from different clouds
Possibility to deploy components of applications in multiple clouds
(Cloud) Broker service needed
Policy and governance over multiple clouds
Network connectivity for migration scenarios with partially modernized applications
Automated procedures for deployments
Application monitoring over different clouds
Cost management
Lifecycle management of deployed applications in multiple clouds
Self-adaption and auto scaling features
Large team with various expertise needed

How can you deliver and manage different applications services like load balancing, web application firewalling, analytics, automation and security over multiple clouds?

Another important question would be, how you want to manage the workload deployment on the various clouds. But cloud management or a cloud management platform is something for another article. 🙂

The requirements for the developers, IT operations and the business are very complex and it’s a long list (see above).

It is important, that you understand, based on the requirements for multi-cloud, that it is mandatory to implement a modern solution for your modern application architectures. Enterprises have become more application-centric and everyone is talking about continuous integration, continuous delivery and DevOps practices to automate operation and deployment tasks. A modern solution implicits a software-defined approach. Otherwise you won’t be able to be agile, adapt to changes and meet future requirements.

My past experience with Citrix’ NetScaler (Citrix ADC) is a typical example that “virtualized” and “software-defined” are not the same thing. And this is very important if we want to have a future-ready solution. If we look at VMware’s software-defined data center (SDDC), it includes virtual compute (hypervisor), but software-defined storage and networking as well. Part of the software-defined networking portfolio is “NSX Advanced Load Balancer“, the software-defined application services platform, which was also known as “Avi Networks” before VMware bought them in June 2019.

Unlike a virtualized load-balancing appliance, a software-defined
application services platform separates the data and control planes
to deliver application services beyond load balancing, real-time
application analytics, security and monitoring, predictive autoscaling,
and end-to-end automation for Transport (Layer 4) to
Application (Layer 7) layer services. The platform supports multicloud
environments and provides software-defined application
services with infrastructure-agnostic deployments on bare metal
servers, virtual machines (VMs), and containers, in on-premises
data centers and private/public clouds.

Auto scaling became famous with AWS as it monitors your applications and automatically adjusts capacity to maintain availability and performance at the lowest possible costs. It automatically adds or removes application servers (e.g. EC2 instances), load balancers, applies the right network configuration and so on.

Can you achieve the same for your on-premises infrastructure with VMware? Yes.

Is there even a solution which can serve both worlds – on-prem and cloud? Yes.

And what about predictive scaling with real-time insights? Yes.

NSX Advanced Load Balancer (NSX ALB)

Why did VMware buy Avi? Because it follows the same architecture principles like NSX: A distributed platform with a separate control and data plane built on software-defined principles for any cloud.

Avi High Level Architecture

Traditional ADCs or load balancers are mostly configured in active/standby pairs, no matter if physical or virtual. Typically you would see around 15% utilization on the active node, while the secondary standby node is just idling and doing nothing. Each pair is its own island of static capacity which shares the management, control and data plane.

You have to decide where to place the virtual IP (VIP) and how much you want to overprovision the physical or virtual appliances, because there is no capacity pooling available. This leads to operational complexity, especially when you have hundreds of such HA pairs running in different clouds. Therefore, legacy and virtualized ADCs are not the ideal choice for a multi-cloud architecture. Let’s check NSX ALB’s architecture:

Control Plane – This is the brain (single point of management) of the whole platform that can be spun up in your on-prem environment or in the cloud (also available as a managed SaaS offering), typically as a three-node cluster. Within this cluster, all configuration is done. This also where the policies reside and the decisions are made. It is the controller’s duty to place virtual services on Service Engines to load balance new applications.

The control plane comprises the three pillars that deliver the key capabilities of the Avi platform:

Multi-Cloud – Consistent experience for any cloud, no lock-in
Intelligence – The machine learning based analytics engine enables application performance monitoring, troubleshooting, and operational insights (gathered by the SEs)
Automation – Elastic and predictive auto scaling & self-service without over-provisioning through a complete set of REST APIs

Data Plane – The Service Engines (SEs) handle all data plane operations by receiving and executing instructions from the controller. The SEs perform load balancing and all client- and server-facing network interactions. It collects real-time application telemetry from application traffic flows.

As already mentioned, NSX ALB can be deployed in multiple cloud environments like VMware vCenter, Amazon Web Services, Microsoft Azure, Google Cloud Platform, Oracle Cloud, IBM Cloud, VMC on AWS, Nutanix, OpenStack or bare-metal.

Use Cases

Most customers deploy Avi because of:

Load Balancer refresh
Multi-Cloud initiatives
Security including WAF, DDoS attack mitigation, achieving compliance (GDPR, PCI, HIPAA)
Container ingress (integrates via REST APIs with K8s ecosystems like Tanzu Kubernetes Grid, AKS, EKS, GKE, OpenShift)

Advanced Kubernetes Ingress Controller Avi Networks

Virtual Desktop Infrastructure (Citrix, VMware Horizon)

Consistent Application Services Platform (Features)

Avi/NSX ALB is an enterpise-grade solution. So, everything you would expect from a traditional ADC (e.g. F5); layer 4 to layer 7 services, SSL, DDoS, WAF etc. is built-in without the need for a special license or edition. There is no NSX license requirement even the product name would suggest it. It can be deployed as a standalone load balancer or as an integrated solution with other VMware products (e.g., VCF, vRA/vRO, Horizon, Tanzu etc.).

Avi Networks Features

Below is a list with the core features:

Enterprise-class load balancing – SSL termination, default gateway, GSLB, DNS, and other L4-L7 services
Multi-cloud load balancing – Intelligent traffic routing across multiple sites and across private or public clouds
Application performance monitoring – Monitor performance and record and replay network events like a Network DVR
Predictive auto scaling – Application and load balancer scaling based on real-time traffic patterns
Self-service – For app developers with REST APIs to build services into applications
Cloud connectors – VMware Cloud on AWS, SDN/NFV controllers, OpenStack, AWS, GCP, Azure, Linux Server Cloud, OpenShift/Kubernetes
Distributed application security fabric – Granular app insights from distributed service proxies to secure web apps in real time
SSO / Client Authentication – SAML 2.0 authentication for back-end HTTP applications
Automation and programmability – REST API based solution for accelerated application delivery; extending automation from networking to developers
Application Analytics – Real-time telemetry from a distributed load balancing fabric that delivers millions of data points in real time

Load Balancing for VMware Horizon

NSX ALB can be configured for load balancing in VMware Horizon deployments, where you place Service Engines in front of Unified Access Gateways (UAG) or Connection Servers (CS) as required.

Avi Horizon High Level Architecture

For a multi-site architecture you can also configure GSLB if needed. With GSLB, access to resources is controlled with DNS queries and health checking.

Note: If you are using the Horizon Universal Broker, the cloud-based brokering service, there is no need for GSLB, because the Universal Broker can orchestrate connections from a higher level based on different policies.

Automation

With NSX Advanced Load Balancer there are two parts when we talk about automation. One part is about infrastructure automation, where the controller talks to the ecosystem like a vCenter, AWS or Azure to orchestrate the Service Engine. So, when you configure a new VIP, the controller would talk to vCenter to spin up a VM, puts it in the right portgroup, connects the front and the back-end, downloads the policy and Service Engine, and starts receiving traffic.

The second piece of automation focuses more on the operational automation which is through the REST API. But, on top of that you can also run Ansible playbooks, Terraform templates, use Go and Python SDKs, have integrations with Splunk or other tools like vRealize Automation. These are the built-in automation capabilities of Avi.

Avi Networks Automation