Current vSphere Subscription Licensing Options

Current vSphere Subscription Licensing Options

VMware is giving their customers more and more the option to move towards a subscription-based licensing model. In general, companies are moving away from the large pay-up-front deals and replace them with recurring subscriptions. Vendors like VMware are making a lot of investments to provide the structures, processes and capabilities to offer subscription licenses (and SaaS services).Ā Organizations see the benefits of subscription licenses and this blog describes the current options if you want to move your vSphere perpetual licenses towards vSphere subscription.

vSphere Advantage – vSphere Subscription Service

Since December 2021, VMware offers vSphere Advantage in limited regions (aka Initial Availability).

vSphere Advantage gives you the flexibility to manage and operate your on-premises vSphere infrastructure while leveraging several VMware Cloud capabilities:

  • Transition from vSphere perpetual to vSphere subscription-based consumption for your vSphere deployments
  • Complete view of the globally distributed on-premises vSphere inventory
  • VMware-managed vCenter Servers (aka Project Arctic, not GA yet)

From a centralized VMware Cloud Console you can monitor events, alerts, capacity utilization, and the security posture of your vSphere infrastructure.

vSphere Advantage VMware Cloud Console

It is also possible now for you to plan and upgrade your existing vSphere licensing keys and replace them with vSphere Advantage, which enables you to make use of keyless entitlements. This keyless entitlement makes it very easy for customers to stay compliant all the time and to understand the current subscription usage.

vSphere Advantage VMware Cloud Console VMs

To start using vSphere Advantage, you must enable communication between your on-premises vCenter Server and VMware Cloud by using a vCenter Cloud Gateway. This requires an outbound connection (443, HTTPS) only, no VPN is needed.

 

Current vCenter Server Requirements:

  • The vCenter Server version must be 7.0 Update 3a and later
  • Configure the vCenter Server with a backup and restore mechanism
  • Dedicate at least three ESXi hosts for the vCenter Server. (Recommended)
  • The vCenter Server must be self-managed. It must manage its own ESXi hosts and virtual machines

Unsupported vCenter Configurations:

  • Ensure that the vCenter Server is not configured in High Availability mode
  • If the vCenter Server is configured in Enhanced Linked Mode (ELM), unlink it from ELM. See Repoint a vCenter Server Node to a New Domain. ELM is no longer required because with vSphere Advantage you can monitor your entire vSphere inventory in a single pane of glass.
  • Ensure that the vCenter Server is not configured with NSX for vSphere, vRealize Operations Manager, Site Recovery Manager, vCloud Suite, or vSAN.

Project Arctic – VMware-Managed vCenter (Roadmap)

VMware introduced Project Arctic at VMworld 2021. Now it’s called vSphere Advantage. While a hybrid cloud operating model for vSphere becomes default now, it’s not yet possible to let VMware manage your vCenter Servers. We can expect that this capability will be shipped and made generally available somewhen in 2022.

VMware Edge Compute Stack

Edge Compute Stack (ECS) is a purpose-built stack that is available in three different editions (information based on initial availability from VMworld 2021):

VMware Edge Comput Stack Editions

As you can see, each VMware Edge Compute Stack edition has the vSphere Enterprise+ (hypervisor) included. Software-defined storage with vSAN is optional, but Tanzu for running containers is always part of each edition.

Note: The Edge Compute Stack includes vSphere subscription licenses.

Other Options

If you are running the VMware Cloud Foundation (VCF) stack and look for a managed service offering, which includes subscription-based licensing, have a look at the following alternatives:

As you can see, you can start small with vSphere Advantage and grow big with VMware Cloud Universal as the final destination.

VMware Cloud on AWS – The Power of VMware and AWS

VMware Cloud on AWS – The Power of VMware and AWS

VMware Cloud on AWS (VMC on AWS) brings VMware’s software-defined data center (SDDC) stack to the AWS cloud. By using the same vSphere-based virtualization/cloud technology on-premises and in the public cloud, you can create a true hybrid cloud architecture, that enables you to get consistent operations by using consistent infrastructure.

VMC on AWS Overview

This solution comes with optimized access to the AWS services and is delivered, sold and supported by VMware, AWS and their partner networks.

As you can see above, VMC on AWS comes with the same VMware tools and integrates the VMware Cloud Foundation stack (vSphere for compute, vSAN for storage, NSX for networking) along with vCenter for management.

VMware Cloud on AWS runs on dedicated Amazon EC2 bare-metal infrastructure.

Instance Types

VMware Cloud on AWS comes with two different host configurations, which both require a minimum of two hosts per cluster.

VMC on AWS Instances

For identifying the right host types for specific use cases, check out the VMware Cloud on AWS sizer.

Note: 99.9% SLA for non-stretched clusters, 99.99% for stretched clusters

Single Host Starter Configuration

VMC on AWS allows you to deploy a starter configuration with a single host only (not available with i3en.metal hosts).

This small SDDC configuration allows customers to get their first experiences with this hybrid cloud offering during a 60-day time period. Such a setup is only appropriate for test and development or proof of concept use cases. You can run production workloads on this small VMC on AWS environment if you scale up to the minimum of two hosts before the 60-day period ends, otherwise your evaluation ends with you losing data.

Note: Not all features of the standard VMC service offering are available in this limited setting. The VMC on AWS service level offering also does not apply to this one-node offering.

Included VMware Software

The following software is included in single host and production configurations:

Single Hosts (non-production environments) Production (minimum 2 hosts)

Includes

  • VMware SDDC software: vSphere, vSAN, NSX-T, vCenter Server
  • VMware HCX
  • Dedicated Amazon EC2 Bare Metal Instances
  • VMware Global Support

Purchase separately

  • VMware Site Recovery
  • VMware Cloud Disaster Recovery
  • VMware vRealize Automation Cloud
  • VMware vRealize Operations Cloud
  • VMware vRealize Log Insight Cloud
  • VMware vRealize Network Insight Cloud
  • VMware Tanzu Standard

Not supported

  • Lifecycle management by VMware (updates, patches and upgrades)
  • High Availability (HA) and Stretched Clusters
  • Service Level Agreement (SLA)

Includes

  • VMware SDDC software: vSphere, vSAN, NSX-T, vCenter Server
  • VMware HCX
  • VMware Tanzu Services: TKG Service + TMC Essentials
  • Dedicated Amazon EC2 Bare Metal Instances
  • VMware Global Support
  • Lifecycle management by VMware (updates, patches and upgrades)
  • Support for High Availability (HA) and Stretched Clusters
  • Service Level Agreement (SLA)

Purchase separately

  • VMware Site Recovery
  • VMware Cloud Disaster Recovery
  • VMware NSX Advanced Firewall
  • VMware vRealize Automation Cloud
  • VMware vRealize Operations Cloud
  • VMware vRealize Log Insight Cloud
  • VMware vRealize Network Insight Cloud
  • VMware Tanzu Standard

VMware Cloud on AWS Outposts

If you want to get the agility and innovation of (VMware) Cloud in your own data center, delivered as a service, then VMC on AWS Outposts is for you.

VMC on AWS Outposts is a fully managed on-premises as-a-service offering, that stretches VMC on AWS to your data center or edge location. You’ll get dedicated Amazon Nitro-based EC2 bare-metal instances delivered on-premises with VMware Cloud Foundation running on top.

VMC on AWS Outposts

What’s included in the offering?

  • AWS Outposts 42u rack (we can also expect a half-rack offering in the future)
    • 3-8 hosts configurations based on i3en.metal
    • Dark host capacity included (for remediation, EDRS, scale-out and lifecycle management purposes)
    • Installed by AWS
  • AWS managed dedicated Nitro-based i3en.metal EC2 instance with local SSD storage
  • VMware managed SDDC software – vSphere, vSAN, NSX-T, vCenter Server
  • VMware HCX
  • VMware Cloud Console
  • Support by VMware SREs
  • Supply chain, shipment logistics and onsite installation by AWS
  • Ongoing hardware monitoring with break/fix support.

Use Cases

VMware Cloud on AWS Outposts is made for multiple use cases:

  • Data/App Locality
  • Low latency
  • Local data processing
  • Data sovereignty/compliance
  • Infrastructure modernization
  • Branche Office or large edge modernization

But this offering and VMC on AWS in general come with multiple other use cases which help orgnaizations to fulfill their cloud strategy.

App Modernization

VMware Cloud on AWS provides an infrastructure platform option for customers to modernize their existing enterprise applications on and enables them to run their enterprise workloads of today and tomorrow. With VMware Cloud on AWS, customers can run, monitor, and manage their Kubernetes clusters and virtual machines – all on the same infrastructure. VMware Tanzu Kubernetes Grid provides a consistent, upstream-compatible distribution of Kubernetes, that is tested, signed, and supported by VMware. Tanzu Kubernetes Grid is central to many of the offerings in the VMware Tanzu portfolio.

Solution Brief

Cloud Migration / Data Center Extension

VMC on AWS can help customers to expand to new locations. Maybe it’s an unplanned project or there are temporary or seasonal capacity needs. Some customers are also using such an offering to build a flexible test, lab or training environment in the public cloud.

Solution Brief

Cloud VDI

Adopt a robust, feature-rich cloud platform for virtual desktops and applications that can be used to deliver complete VDI infrastructure from the cloud. Or you can extend an existing on-premises VDI environment for desktop bursting, protection or proximity to applications running in AWS. Optimize infrastructure costs with flexible, consumption-based billing while paying only for what you use.

Solution Brief

Disaster Recovery

Another typical use case is disaster recovery. Customers are looking for an offsite approach with which they can prepare themselves for different kind of scenarios with “warm standby” or “active/active” configurations. There are different architectural options and also different solutions from VMware available, e.g.:

Hybrid Cloud Extension (HCX)

How can you bridge the gap between on-premises data centers and VMC on AWS to enable application migrations or workload mobility? HCX creates an encrypted, high-throughput, WAN-optimized, load-balanced, traffic-engineered hybrid interconnect automates the creation of network extensions.

In short: VMware HCX can interconnect different vSphere-based clouds and with that you achieve a fabric for workload mobility by using vMotion over different clouds. It even preserves existing network connections!

Imagine how much easier and faster application migrations can be done now.

Let’s see if there is a future, that customers need full workload mobility where regular migrations from and to different clouds can be done. Maybe there is a customer, who migrates workloads today from on-prem to VMC on AWS, tomorrow to Azure VMware Solution, the next week to Google Cloud VMware Engine, and in the end back to an on-premises data center where another fully managed service like VMC on Dell EMC is deployed. šŸ˜€

VMware Cloud on AWS with Tanzu Services

It was mentioned above already, VMware Cloud on AWS includes “Tanzu Kubernetes Service” and “Tanzu Mission Control Essentials”.

VMware Cloud with Tanzu Services has been introduced at VMworld 2021 as the “Easy path to enterprise-grade Kubernetes on a fully managed, multi-cloud ready IaaS and CaaS platform”:

VMware Cloud with Tanzu Services

 

This was also when Tanzu Services became available for VMC on AWS with the following capabilities:

  • Managed Tanzu Kubernetes Grid Service: Provision Tanzu Kubernetes clusters within a few minutes using a simple, fast, and self-service experience in the VMware Cloud console. The underlying SDDC infrastructure and capacity required for Kubernetes workloads is fully managed by VMware. Use vCenter Server for managing Kubernetes workloads by deploying Kubernetes clusters, provisioning role-based access and allocating capacity for Developer teams. Manage multiple TKG clusters as namespaces with observability, troubleshooting and resiliency in vCenter Server.
  • Built in support for Tanzu Mission Control Essentials: Attach upstream compliant Kubernetes clusters including Amazon EKS and Tanzu Kubernetes Grid clusters. Manage lifecycle for Tanzu Kubernetes Grid clusters and centralize platform operations for Kubernetes clusters using the Kubernetes management plane offered by Tanzu Mission Control. Tanzu Mission Control provides a global visibility across clusters and clouds and increases security and governance by automating operational tasks such as access and security management at scale.

VMware Cloud with Tanzu Services

Take a look at the VMware Tanzu Mission Control Feature Comparison Chart to better understand the feature set of TMC Essentials.

Did you know that the Tanzu Mission Control Standard Package is included with TMC Essentials?

As of November 2021, new clusters registered with TMC will have the Carvel package manager (the kapp-controller), deployed within the cluster. The “Catalog” page in the Tanzu Mission Control console allows you to view packages available from the Tanzu Standard repository (and your own custom Carvel package repositories) and install them in your Kubernetes clusters.

Tanzu Mission Control Packages

Application Transformer for VMware Tanzu for VMC on AWS

VMware announced the tech preview for Application Transformer for VMware Tanzu for VMware Cloud on AWS in September 2021.

Application Transformer for VMware Tanzu is a tool that aids organizations in discovering application types, visualizing application topology, choosing a modernization approach based on scores, and containerizing and migrating suitable legacy applications to enhance business outcomes. As an agentless tool, Application Transformer for Tanzu utilizes the VMware vCenter API to introspect VMs across an entire vSphere or VMware Cloud on AWS-based data center.

Application Transformer can help you to convert virtual machines and application components to OCI-compliant container images, that then can be deployed into the Tanzu Kubernetes stack.

There are several ways how customers get access to Application Transformer for VMware Tanzu:

Good news for everyone is that Application Transformer for VMware Tanzu became generally available in February 2022. With this, VMware Cloud on AWS customers also have limited access to this offering from now on. The access is through integration with VMware Cloud console. If customers desire full access to Application Transformer, they need to buy Tanzu Standard, Tanzu Advanced, Tanzu for Kubernetes Operations, or App Navigator.

Features & Roadmap

VMware provides a lot of information about the features and roadmap of VMware Cloud on AWS.

VMC on AWS FAQ

There is a large collection of FAQs available than can be found here.

A Universal License and Technology to Build a Flexible Multi-Cloud

A Universal License and Technology to Build a Flexible Multi-Cloud

In November 2020 I wrote an article called “VMware Cloud Foundation And The Cloud Management Platform Simply Explained“. That piece was focused on the “why” and “when” VMware Cloud Foundation (VCF) makes sense for your organization. It also includes business values and hints that VCF is more than just about technology. Cloud Foundation is one of the most important drivers and THE enabler for to fulfill VMware’s multi-cloud strategy.

If you are not familiar enough with VMware’s multi-cloud strategy, then please have a look at my article “VMware Multi-Cloud and Hyperscale Computing” first.

To summarize the two above mentioned articles, one can say, that VMware Cloud Foundation is a software-defined data center (SDDC) that can run in any cloud. In “any cloud” means that VCF can also be consumed as a service through other cloud provider partners like:

Additionally, Cloud Foundation and the whole SDDC can be consumed as a managed offering called DCaaS or LCaaS (Data Center / Local Cloud as a service).

Let’s say a customer is convinced that a “VCF everywhere” approach is right for them and starts building up private and public clouds based on VMware’s technologies. This means that VMware Cloud Foundation now runs in their private and public cloud.

Note: This doesn’t mean that the customer cannot use native public cloud workloads and services anymore. They can simply co-exist.

The customer is at a point now where they have achieved a consistent infrastructure. What’s up next? The next logical step is to use the same automation, management and security consoles to achieve consistent operations.

A traditional VMware customer goes for the vRealize Suite now, because they would need vRealize Automation (vRA) for automation and vRealize Operations (vROps) to monitor the infrastructure.

The next topic in this customer’s journey would be application modernization, which includes topics containerization and Kubernetes. VMware’s answer for this is the Tanzu portfolio. For the sake of this example let’s go with “Tanzu Standard”, which is one of four editions available in the Tanzu portfolio (aka VMware Tanzu).

VMware Cloud Foundation

Let’s have a look at the customer’s bill of materials so far:

  • VMware Cloud Foundation on-premises (vSphere, vSAN, NSX)
  • VMware Cloud on AWS)
  • VMware Cloud on Dell EMC (locally managed VCF service for special edge use cases)
  • vRealize Automation
  • vRealize Operations
  • Tanzu Standard (includes Tanzu Kubernetes Grid and Tanzu Mission Control)

Looking at this list above, we see that their infrastructure is equipped with three different VMware Cloud Foundation flavours (on-prem, hyperscaler managed, locally managed) complemented by products of the vRealize Suite and the Tanzu portfolio.

This infrastructure with its different technologies, components and licenses has been built up over the past few years. But organizations are nowadays asking for more flexibility than ever. By flexibility I mean license portability and a subscription model.

VMware Cloud Universal

On 31st March 2021 VMware introduced VMware Cloud Universal (VMCU). VMCU is the answer to make the customer’s life easier, because it gives you the choice and flexibility in which clouds you want to run your infrastructure and consume VMware Cloud offerings as needed. It even allows you to convert existing on-premises VCF licenses to a VCF-subscription license.

The VMCU program includes the following technologies and licenses:

  • VMware Cloud Foundation Subscription
  • VMware Cloud on AWS
  • Google Cloud VMware Engine
  • VMware Cloud on Dell EMC
  • vRealize Cloud Universal Enterprise Plus
  • Tanzu Standard Edition
  • VMware Success 360 (S360 is required with VMCU)

VMware Cloud Console

As Kit Kolbert, CTO VMware, said, “the idea is that VMware Cloud is everywhere that you want your applications to be”.

The VMware Cloud Console gives you view into all those different locations. You can quickly see what’s going on with a specific site or cloud landing zone, what its overall utilization looks like or if issues occur.

The Cloud Console has a seamless integration with vROps, which also helps you regarding capacity forecasting and (future) requirements (e.g., do I have enough capacity to meet my future demand?).

VMware Cloud Console

In short, it’s the central multi-cloud console to manage your global VMware Cloud environment.

vRealize Cloud Universal

What is part of vRealize Cloud Universal (vRCU) Enterprise Plus? vRCU is a SaaS management suite that combines on-premises and SaaS capabilities for automation, operations, log analytics and network visibility into a single offering. In other words, you get to decide where you want to deploy your management and operations tools. vRealize Cloud Universal comes in four editions and in VMCU you have the vRCU Enterprise Plus edition included with the following components:

vRealize Cloud Universal Editions

    Note: While vRCU standard, advanced and enterprise are sold as standalone editions today, the enterprise plus edition is only sold with VMCU (and as add-on to VMC on AWS).

    vRealize AI Cloud

    Have you ever heard of Project Magna? It is something that was announced at VMworld 2019, that provides adaptive optimization and a self-tuning engine for your data center. It was Pat Gelsinger who envisioned a so-called “self-driving data center”. Intelligence-driven data center might haven been a better term since Project Magna leverages artificial intelligence by using reinforcement learning, which combs through your data and runs thousands of scenarios that searches for the best regard output based on trial and error on the Magna SaaS analytics engine.

    The first instantiation began with vSAN (today also known as vRAI Cloud vSAN Optimizer), where Magna will collect data, learn from it, and make decisions that will automatically self-tune your infrastructure to drive greater performance and efficiencies.

    Today, this SaaS service is called vRealize AI Cloud.

    vRealize AI Cloud vSAN vRealize AI (vRAI) learns about your operating environments, application demands and adapts to changing dynamics, ensuring optimization per stated KPI. vRAI Cloud is only available on vRealize Operations Cloud via the vRealize Cloud Universal subscription.

    VMware Skyline

    VMware Skyline as a support service that automatically collects, aggregates, and analyzes product usage data, which proactively identifies potential problems and helps the VMware support engineers to improve the resolution time. Skyline is included in vRealize Cloud Universal because it just makes sense. A lot of customers have asked for unifying the self-service experience between Skyline and vRealize Operations Cloud. And many customers are using Skyline and vROps side by side today.

    Users can now be proactive and perform troubleshooting in a single SaaS workflow. This means customers save more time by automating Skyline proactive remediations in vROps Cloud. But Skyline supports vSphere, vSAN, NSX, vRA, VCF and VMware Horizon as well.

    VMware Cloud Universal Use Cases

    As already mentioned, VMCU makes very much sense if you are building a hybrid or multi-cloud architecture with a consistent (VMware) infrastructure. VMCU, vRCU and the Tanzu portfolio help you to create a unified control plane for your cloud infrastructure.

    Other use cases could be cloud migration or cloud bursting scenarios. If we switch back to the fictive customer before, we could use VMCU to convert existing VCF licenses to VCF-S (subscription) licenses, which in the end allow you to build a VMware-based Cloud on top of AWS (other public cloud providers are coming very soon!) for example.

    Another good example is to achieve the same service and operating model on-prem as in the public cloud: a fully managed consumable infrastructure. Meaning, to move from a self-built and self-managed VCF infrastructure to something like VMC on Dell EMC.

    How can I get VMCU?

    There is no monthly subscription model and VMware only supports one-year or three-year terms. Customers will need to sign an Enterprise License Agreement (ELA) and purchase VMCU SPP credits.

    Note: SPP credits purchased out of the program are not allowed to be used within the VMCU program!

    After purchasing the VMCU SPP credits and VMware Cloud onboarding and organization setup, you can select the infrastructure offerings to consume your SPP credits. This can be done via the VMware Cloud Console.

    Summary

    I hope this article was useful to get a better understanding about VMware Cloud Universal. It might seem a little bit complex, but that’s not true. VMCU makes your life easier and helps you to build and license a globally distributed cloud infrastructure based on VMware technology.

    VCF Subscription

     

     

     

    Application Modernization and Multi-Cloud Portability with VMware Tanzu

    Application Modernization and Multi-Cloud Portability with VMware Tanzu

    It was 2019 when VMware announced Tanzu and Project Pacific. A lot has happened since then and almost everyone is talking about application modernization nowadays. With my strong IT infrastructure background, I had to learn a lot of new things to survive initial conversations with application owners, developers and software architects. And in the same time VMware’s Kubernetes offering grew and became very complex – not only for customers, but for everyone I believe. šŸ™‚

    I already wrote about VMware’s vision with Tanzu: To put a consistent “Kubernetes grid” over any cloud

    This is the simple message and value hidden behind the much larger topics when discussing application modernization and application/data portability across clouds.

    The goal of this article is to give you a better understanding about the real value of VMware Tanzu and to explain that it’s less about Kubernetes and the Kubernetes integration with vSphere.

    Application Modernization

    Before we can talk about the modernization of applications or the different migration approaches like:

    • Retain – Optimize and retain existing apps, as-is
    • Rehost/Migration (lift & shift) – Move an application to the public cloud without making any changes
    • Replatform (lift and reshape) – Put apps in containers and run in Kubernetes. Move apps to the public cloud
    • Rebuild and Refactor – Rewrite apps using cloud native technologies
    • Retire – Retire traditional apps and convert to new SaaS apps

    …we need to have a look at the palette of our applications:

    • Web Apps – Apache Tomcat, Nginx, Java
    • SQL Databases – MySQL, Oracle DB, PostgreSQL
    • NoSQL Databases – MongoDB, Cassandra, Prometheus, Couchbase, Redis
    • Big Data – Splunk, Elasticsearch, ELK stack, Greenplum, Kafka, Hadoop

    In an app modernization discussion, we very quickly start to classify applications as microservices or monoliths. From an infrastructure point of view you look at apps differently and call them “stateless” (web apps) or “stateful” (SQL, NoSQL, Big Data) apps.

    And with Kubernetes we are trying to overcome the challenges, which come with the stateful applications related to app modernization:

    • What does modernization really mean?
    • How do I define “modernization”?
    • What is the benefit by modernizing applications?
    • What are the tools? What are my options?

    What has changed? Why is everyone talking about modernization? Why are we talking so much about Kubernetes and cloud native? Why now?

    To understand the benefits (and challenges) of app modernization, we can start looking at the definition from IBM for a “modern app”:

    “Application modernization is the process of taking existing legacy applications and modernizing their platform infrastructure, internal architecture, and/or features. Much of the discussion around application modernization today is focused on monolithic, on-premises applicationsā€”typically updated and maintained using waterfall development processesā€”and how those applications can be brought into cloud architecture and release patterns, namely microservices

    Modern applications are collections of microservices, which are light, fault tolerant and small. Microservices can run in containers deployed on a private or public cloud.

    Which means, that a modern application is something that can adapt to any environment and perform equally well.

    Note: App modernization can also mean, that you must move your application from .NET Framework to .NET Core.

    I have a customer, that is just getting started with the app modernization topic and has hundreds of Windows applications based on the .NET Framework. Porting an existing .NET app to .NET Core requires some work, but is the general recommendation for the future. This would also give you the option to run your .NET Core apps on Windows, Linux and macOS (and not only on Windows).

    A modern application is something than can run on bare-metal, VMs, public cloud and containers, and that easily integrates with any component of your infrastructure. It must be something, that is elastic. Something, that can grow and shrink depending on the load and usage. Since it is something that needs to be able to adapt, it must be agile and therefore portable.

    Cloud Native Architectures and Modern Designs

    If I ask my VMware colleagues from our so-called MAPBU (Modern Application Platform Business Unit) how customers can achieve application portability, the answer is always: “Cloud Native!”

    Many organizations and people see cloud native as going to Kubernetes. But cloud native is so much more than the provisioning and orchestration of containers with Kubernetes. It’s a about collaboration, DevOps, internal processes and supply chains, observability/self-healing, continuous delivery/deployment and cloud infrastructure.

    There are so many definitions around “cloud native”, that Kamal Arora from Amazon Web Services and others wrote the book “Cloud Native Architecture“, which describes a maturity model. This model helps you to understand, that cloud native is more a journey than only restrictive definition.

    Cloud Native Maturity Model

    The adoption of cloud services and applying an application-centric design are very important, but the book also mentions that security and scalability rely on automation. And this for example could bring the requirement for Infrastructure as Code (IaC).

    In the past, virtualization – moving from bare-metal to vSphere – didn’t force organizations to modernize their applications. The application didn’t need to change and VMware abstracted and emulated the bare-metal server. So, the transition (P2V) of an application was very smooth and not complicated.

    And this is what has changed today. We have new architectures, new technologies and new clouds running with different technology stacks. We have Kubernetes as framework, which requires applications to be redesigned for these platforms.

    That is the reason why enterprises have to modernize their applications.

    One of the “five R’s” mentioned above is the lift and shift approach. If you don’t want or need to modernize some of your applications, but move to the public cloud in an easy, fast and cost efficient way, have a look at VMware’ hybrid cloud extensionĀ (HCX).

    In this article I focus more on the replatform and refactor approaches in a multi-cloud world.

    Kubernetize and productize your applications

    Assuming that you also define Kubernetes as the standard to orchestrate your containers where your microservices are running in, usually the next decision would be about the Kubernetes “product” (on-prem, OpenShift, public cloud).

    Looking at the current CNCF Cloud Native Landscape, we can count over 50 storage vendors and over 20 networks vendors providing cloud native storage and networking solutions for containers and Kubernetes.

    Talking to my customers, most of them mention the storage and network integration as one of their big challenges with Kubernetes. Their concern is about performance, resiliency, different storage and network patterns, automation, data protection/replication, scalability and cloud portability.

    Why do organizations need portability?

    There are many use cases and requirements that portability (infrastructure independence) becomes relevant. Maybe it’s about a hardware refresh or data center evacuation, to avoid vendor/cloud lock-in, not enough performance with the current infrastructure or it could be about dev/test environments, where resources are deployed and consumed on-demand.

    Multi-Cloud Application Portability with VMware Tanzu

    To explore the value of Tanzu, I would like to start by setting the scene with the following customer use case:

    In this case the customer is following a cloud-appropriate approach to define which cloud is the right landing zone for their applications. They decided to develop new applications in the public cloud and use the native services from Azure and AWS. The customers still has hundreds of legacy applications (monoliths) on-premises and didn’t decide yet, if they want to follow a “lift and shift and then modernize” approach to migrate a number applications to the public cloud.

    Multi-Cloud App Portability

    But some of their application owners already gave the feedback, that their applications are not allowed to be hosted in the public cloud, have to stay on-premises and need to be modernized locally.

    At the same time the IT architecture team receives the feedback from other application owners, that the journey to the public cloud is great on paper, but brings huge operational challenges with it. So, IT operations asks the architecture team if they can do something about that problem.

    Both cloud operations for Azure and AWS teams deliver a different quality of their services, changes and deployments take longer with one of their public clouds, they have problems with overlapping networks, different storage performance characteristics and APIs.

    Another challenge is the role-based access to the different clouds, Kubernetes clusters and APIs. There is no central log aggregation and no observability (intelligent monitoring & alerting). Traffic distribution and load balancing are also other items on this list.

    Because of the feedback from operations to architecture, IT engineering received the task to define a multi-cloud strategy, that solves this operational complexity.

    Notes: These are the regular multi-cloud challenges, where clouds are the new silos and enterprises have different teams with different expertise using different management and security tools.

    This is the time when VMware’s multi-cloud approach Tanzu become very interesting for such customers.

    Consistent Infrastructure and Management

    The first discussion point here would be the infrastructure. It’s important, that the different private and public clouds are not handled and seen as silos. VMware’s approach is to connect all the clouds with the same underlying technology stack based on VMware Cloud Foundation.

    Beside the fact, that lift and shift migrations would be very easy now, this approach brings two very important advantages for the containerized workloads and the cloud infrastructure in general. It solves the challenge with the huge storage and networking ecosystem available for Kubernetes workloads by using vSAN and NSX Data Center in any of the existing clouds. Storage and networking and security are now integrated and consistent.

    For existing workloads running natively in public clouds, customers can use NSX Cloud, which uses the same management plane and control plane as NSX Data Center. That’s another major step forward.

    Using consistent infrastructure enables customers for consistent operations and automation.

    Consistent Application Platform and Developer Experience

    Looking at organization’s application and container platforms, achieving consistent infrastructure is not required, but obviously very helpful in terms of operational and cost efficiency.

    To provide a consistent developer experience and to abstract the underlying application or Kubernetes platform, you would follow the same VMware approach as always: to put a layer on top.

    Here the solution is called Tanzu Kubernetes Grid (TKG), that provides a consistent, upstream-compatible implementation of Kubernetes, that is tested, signed and supported by VMware.

    A Tanzu Kubernetes cluster is an opinionated installation of Kubernetes open-source software that is built and supported by VMware. In all the offerings, you provision and use Tanzu Kubernetes clusters in a declarative manner that is familiar to Kubernetes operators and developers. The different Tanzu Kubernetes Grid offerings provision and manage Tanzu Kubernetes clusters on different platforms, in ways that are designed to be as similar as possible, but that are subtly different.

    VMware Tanzu Kubernetes Grid (TKG aka TKGm)

    Tanzu Kubernetes Grid can be deployed across software-defined datacenters (SDDC) and public cloud environments, including vSphere, Microsoft Azure, and Amazon EC2. I would assume, that the Google Cloud is a roadmap item.

    TKG allows you to run Kubernetes with consistency and makes it available to your developers as a utility, just like the electricity grid. TKG provides the services such as networking, authentication, ingress control, and logging that a production Kubernetes environment requires.

    This TKG version is also known as TKGm for “TKG multi-cloud”.

    VMware Tanzu Kubernetes Grid Service (TKGS aka vSphere with Tanzu)

    TKGS is the option vSphere admins want to hear about first, because it allows you to turn a vSphere cluster to a platform running Kubernetes workloads in dedicated resources pools. TKGS is the thing that was known as “Project Pacific” in the past.

    Once enabled on a vSphere cluster, vSphere with Tanzu creates a Kubernetes control plane directly in the hypervisor layer. You can then run Kubernetes containers by deploying vSphere Pods, or you can create upstream Kubernetes clusters through the VMware Tanzu Kubernetes Grid Service and run your applications inside these clusters.

    VMware Tanzu Mission Control (TMC)

    In our use case before, we have AKS and EKS for running Kubernetes clusters in the public cloud.

    The VMware solution for multi-cluster Kubernetes management across clouds is called Tanzu Mission Control, which is a centralized management platform for the consistency and security the IT engineering team was looking for.

    Available through VMware Cloud Services as SaaS offering, TMC provides IT operators with a single control point to provide their developers self-service access to Kubernetes clusters.

    TMC also provides cluster lifecycle management for TKG clusters across environment such as vSphere, AWS and Azure.

    It allows you to bring the clusters you already have in the public clouds or other environments (with Rancher or OpenShift for example) under one roof via the attachment of conformant Kubernetes clusters.

    Not only do you gain global visibility across clusters, teams and clouds, but you also get centralized authentication and authorization, consistent policy management and data protection functionalities.

    VMware Tanzu Observability by Wavefront (TO)

    Tanzu Observability extends the basic observability provided by TMC with enterprise-grade observability and analytics.

    Wavefront by VMware helps Tanzu operators, DevOps teams, and developers get metrics-driven insights into the real-time performance of their custom code, Tanzu platform and its underlying components. Wavefront proactively detects and alerts on production issues and improves agility in code releases.

    TO is also a SaaS-based platform, that can handle the high-scale requirements of cloud native applications.

    VMware Tanzu Service Mesh (TSM)

    Tanzu Service Mesh, formerly known as NSX Service Mesh, provides consistent connectivity and security for microservices across all clouds and Kubernetes clusters. TSM can be installed in TKG clusters and third-party Kubernetes-conformant clusters.

    Organizations that are using or looking at the popular Calico cloud native networking option for their Kubernetes ecosystem often consider an integration with Istio (Service Mesh) to connect services and to secure the communication between these services.

    The combination of Calico and Istio can be replaced by TSM, which is built on VMware NSX for networking and that uses an Istio data plane abstraction. This version of Istio is signed and supported by VMware and is the same as the upstream version. TSM brings enterprise-grade support for Istio and a simplified installation process.

    One of the primary constructs of Tanzu Service Mesh is the concept of a Global Namespace (GNS). GNS allows developers using Tanzu Service Mesh, regardless of where they are, to connect application services without having to specify (or even know) any underlying infrastructure details, as all of that is done automatically. With the power of this abstraction, your application microservices can ā€œliveā€ anywhere, in any cloud, allowing you to make placement decisions based on application and organizational requirementsā€”not infrastructure constraints.

    Note: On the 18th of March 2021 VMware announced the acquisition of Mesh7 and the integration of Mesh7ā€™s contextual API behavior security solution with Tanzu Service Mesh to simplify DevSecOps.

    Tanzu Editions

    The VMware Tanzu portfolio comes with three different editions: Basic, Standard, Advanced

    Tanzu Basic enables the straightforward implementation of Kubernetes in vSphere so that vSphere admins can leverage familiar tools used for managing VMs when managing clusters = TKGS

    Tanzu Standard provides multi-cloud support, enabling Kubernetes deployment across on-premises, public cloud, and edge environments. In addition, Tanzu Standard includes a centralized multi-cluster SaaS control plane for a more consistent and efficient operation of clusters across environments = TKGS + TKGm + TMC

    Tanzu Advanced builds on Tanzu Standard to simplify and secure the container lifecycle, enabling teams to accelerate the delivery of modern apps at scale across clouds. It adds a comprehensive global control plane with observability and service mesh, consolidated Kubernetes ingress services, data services, container catalog, and automated container builds = TKG (TKGS & TKGm) + TMC + TO + TSM + MUCH MORE

    Tanzu Data Services

    Another topic to reduce dependencies and avoid vendor lock-in would be Tanzu Data Services – a separate part of the Tanzu portfolio with on-demand caching (Tanzu Gemfire), messaging (Tanzu RabbitMQ) and database software (Tanzu SQL & Tanzu Greenplum) products.

    Bringing all together

    As always, I’m trying to summarize and simplify things where needed and I hope it helped you to better understand the value and capabilities of VMware Tanzu.

    There are so many more products available in the Tanzu portfolio, that help you to build, run, manage, connect and protect your applications. In case you are interested to read more about VMware Tanzu, the have a look at my article 10 Things You Didnā€™t Know About VMware Tanzu.

    If you would like to know more about application and cloud transformation make sure to attend the 45 minute VMware event on March 31 (Americas) or April 1 (EMEA/APJ)!

    Multi-Tenancy on VMware Cloud Foundation with vRealize Automation and Cloud Director

    Multi-Tenancy on VMware Cloud Foundation with vRealize Automation and Cloud Director

    In my articleĀ VMware Cloud Foundation And The Cloud Management Platform Simply Explained I wrote about why customers need a VMware Cloud Foundation technology stack and what a VMware cloud management platform is.

    One of the reasons and one of the essential characteristics of a cloud computing model I mentioned is resource pooling.

    By the National Institute of Standards and Technology (NIST) resource pooling is defined with the following words:

    The providerā€™s computing resources are pooled to serve multiple
    consumers using a multi-tenant model, with different physical and virtual
    resources dynamically assigned and reassigned according to consumer demand.
    There is a sense of location independence in that the customer generally has no
    control or knowledge over the exact location of the provided resources but may be
    able to specify location at a higher level of abstraction (e.g., country, state, or
    data center).

    This time I would like to focus on multi-tenancy and how you can achieve that on top of VMware Cloud Foundation (VCF) with Cloud Director (formerly known as vCloud Director) and vRealize Automation, which both could be part of a VMware cloud management platform (CMP).

    Multi-Tenancy

    There are many understandings around about multi-tenancy and different people have different definitions for it.

    If we start from the top of an IT infrastructure, we will have application or software multi-tenancy with a single instance of an application serving multiple tenants. And in the past even running on the same virtual or physical server. In this case the multi-tenancy feature is built into the software, which is commonly accessed by a group of users with specific permissions. Each tenant gets a dedicated or isolated share of this application instance.

    Coming from the bottom of the data center, multi-tenancy describes the isolation of resources (compute, storage) and networks to deliver applications. The best example here are (cloud) services providers.

    Their goal is to create and provide virtual data centers (VDC) or a virtual private cloud (VPC) on top of the same physical data center infrastructure – for different tenants aka customers. Normally, the right VMware solution for this requirement and service providers would be Cloud Director, but this is maybe not completely true anymore with the release of vRealize Automation 8.x.Ā 

    To make it easier for all of us, I’ll call Cloud Director and vCloud Director “vCD” from now on.

    VMware Cloud Director (formerly vCloud Director)

    Cloud Director is a product exclusively for cloud service providers via the VMware Cloud Provider Program (VCPP). Originally released in 2010, it enables service providers (SPs) to provision SDDC (Software-Defined Data Center) services as complete virtual data centers. vCD also keeps resources from different tenants isolated from each other.

    Within vCD a unit of tenancy is called Organization VDC (OrgVDC). It is defined as a set of dedicated compute (CPU, RAM), storage and network resources. A tenant can be bound to a single OrgVDC or can be composed of multiple Organization VDCs. This is typically known as Infrastructure as a Service (IaaS).

    A provider virtual data center (PVDC) is a grouping of compute, storage, and network resources from a single vCenter Server instance.Ā Multiple organizations/tenants can share provider virtual data center resources.

    Cloud Director Resource Abstraction

    A lot of customers and VCPP partners have now started to offer their cloud services (IaaS, PaaS, SaaS etc.) based on VMware Cloud Foundation. For private and hybrid cloud scenarios, but also in the public cloud as a managed cloud service (VMware Cloud on AWS, Azure VMware Solution, Google Cloud VMware Engine, Alibaba Cloud VMware Solution and more).

    Important: I assume that you are familiar with VCF, its core components (ESXi, vSAN, NSX, SDDC Manager) and architecture models (standard as the preferred).

    Cloud Director components are currently not part of the VCF lifecycle automation, but it is a roadmap item!

    Cloud Director Resource Hosting Models

    vCD offers multiple hosting models:

    • In the shared hosting model, multiple tenant workloads run all together on the same
      resource groups without any performance assurance
    • In the reserved hosting model, performance of workloads is assured by resource
      reservation.
    • In the physical hosting model, hardware is dedicated to a single tenant and performance
      is assured by the allocated hardware

    Tenant Using Shared Hosting on VCF Workload Domain

    In this use case a tenant is using shared hosting backed by a VMware Cloud Foundation workload domain. A workload domain, which is mapped to a provider VDC.

    vCD VCF Shared

    Tenant Using Shared Hosting and Reserved Hosting on Multiple VCF Workload Domains

    This use case describes the example of customer using shared and reserved hosting backed by multiple VCD workload domains. Here each cluster has a single resource pool mapped to a single PVDC.

    vCD VCF Shared Reserved

    Tenant Using Physical Hosting and Central Point of Management (CPOM)

    The last example shows a single customer using physical hosting. You will notice that there is also a vSphere with
    Kubernetes workload domain. VMware Cloud Foundation automates the installation of vSphere with Kubernetes (Tanzu) which makes it incredibly easy to deploy and manage.

    You can see that there is an ā€œSDDCā€ box on top of the Kubernetes Cluster vCenter, which is attached to
    the “SDDC Proxy” entity. vCD can act as an HTTP/S proxy server between tenants and the
    underlying vSphere environment in VMware Cloud Foundation. An SDDC proxy is an
    access point to a component from an SDDC, for example, a vCenter Server instance, an ESXi host, or
    an NSX Manager instance.

    The vCD becomes the central point of management (CPOM) in this case and the customer gets a complete dedicated SDDC with vCenter access.

    vCD VCF Physical CPOM

    Note: Since vCD 9.7 it is possible to present for example a vCenter Server instance securely to a tenant’s organization using the Cloud Director user interface.Ā This is how you could build your own VMC-on-AWS-like cloud offering!

    Cloud Director CPOM

    All 3 Tenants Together

    Finally, we put it all together. In the first use case we can see that different customers are sharing resources from a
    single PVDC. We can also see that resources from a single vCenter can be split across different provider virtual datacenters and that we can mix and match multi-tenants workload domains and workload domains offering dedicated private cloud all together.

    vCD VCF All Together

    Cloud Director Service and VMware Cloud on AWS

    If you don’t want to extend or operate your own data center or cloud infrastructure anymore and provide a managed service to multiple customer, there are still options for you available backed by VMware Cloud Foundation as well.

    Since October 2020 you have Cloud Director Service globally available, which delivers multi-tenancy to VMware Cloud on AWS for managed service providers (MSP).

    VMware sees not only new, but also existing VCPP partners moving towards a mixed-asset portfolio, where their cloud management platform consists of a VCPP and MSPĀ (VMware SaaS offerings) contract. This allows them for example to run vCD on-premises for their current customers and the onboarding of new tenants would happen in the public cloud with CDS and VMC on AWS.

    vCD CDS Mixed Mode

    Enterprise Multi-Tenancy with vRealize Automation

    With the release of vRealize Automation 8.1 (vRA) VMware offered support for dedicated infrastructure multi-tenancy, created and managed through vRealize Suite Lifecycle Manager. This means vRealize Automation enables customers or IT providers to set up multiple tenants or organizations within each deployment.

    Providers can set up multiple tenant organizations and allocate infrastructure. Each tenant manages its own projects (team structures), resources and deployments.

    Enabling tenancy creates a new Provider (default) organization. The Provider Admin will create new tenants, add tenant admins, setup directory synchronization, and add users. Tenant admins can also control directory synchronization for their tenant and will grant users access to services within their tenant. Additionally, tenant admins will configure Policies, Governance, Cloud Zones, Profiles, access to content and provisioned resources; within their tenant. A single shared SDDC or separate SDDCs can be used among tenants depending on available resources.

    vRealize Automation 8.1 Multi-Tenancy

    With vRealize Automation 8.2, provider administrators got the ability to share infrastructure by creating and assigning Virtual Private Zones (VPZ) to tenant organizations.

    Think of VPZs as a kind of container of infrastructure capacity and services which can be defined and allocated to a Tenant. You can add unique or shared cloud accounts, with associated compute, flavors, images, storage, networking, and tags to each VPZ. Each component offers the same configuration options you would see for a standalone configuration.

    vRealize Automation 8.2 Multi-Tenancy

    vRealize Automation and VMware Cloud Foundation

    With the pretty new multi-tenancy and VPZ capability a new consumption model on top of VCF can be built. You (provider) would map the Cloud Zones (compute resources on vSphere (or AWS for example)) to a VCF workload domain.

    The provider sets these cloud zones up for their customers and provides dedicated or shared infrastructure backed by Cloud Foundation workload domains.

    This combination would allow you to build an enterprise VPC construct (like AWS for example), a logically isolated section of your provider cloud.

    vRealize Automation and VMware Cloud Foundation

    SDDC Manager Integration and VMware Cloud Foundation (VCF) Cloud Account

    Since the vRA 8.2 release customers are also able to configure aĀ SDDC Manager integration and on-board workload domains as VMware Cloud Foundation cloud accounts into the VMware Cloud Assembly service.

    VMware Cloud Director or vRealize Automation?

    You wonder if vRealize Automation could replace existing vCD installations? Or if both cloud management platforms can do the same?

    I can assure you, that you can provide a self-service provisioning experience with both solutions and that you can provide any technology or cloud service “as a service”. Both have in common to be backed by Cloud Foundation, have some form of integration (vRA) and can be built by a VMware Validated Design (VVD).

    vCD is known to be a service provider solution, where vRA is more common in enterprise environments. VMware has VCPP partners, that use Cloud Director for their external customers and vRealize Automation for their internal IT and customers.

    If you are looking for a “cloud broker” and Infrastructure as Code (IaC), because you also want to provision workloads on AWS, Azure or GCP as well, then vRealize Automation is the better solution since vCD doesn’t offer this deep integration and these deployment options yet.

    Depending on your multi-tenant needs and if you for example only have chosen vCD in the past, because of the OrgVDC and resource pooling feature, vRealize Automation would be enough and could replace vCD in this case.

    It is also very important to understand how your current customer onboarding process and operational model look like:

    • How do you want to create a new tenant?Ā 
    • How do you want to onboard/migrate existing customer workloads to your provider infrastructure?
    • Do you need versioning of deployments or templates?
    • Do customers require access to the virtual infrastructure (e.g. vCenter or OrgVDC) or do you just provide SaaS or PaaS?
    • Do customers need a VPN or hybrid cloud extension into your provider cloud?
    • How would you onboard non-vSphere customers (Hyper-V, KVM) to your vSphere-based cloud?
    • Does your customer rely on other clouds like AWS or Azure?
    • How do you do billing for your vSphere-based cloud or multi-cloud environment?
    • What is your Kubernetes/container strategy?
    • And 100 other things šŸ˜‰

    There are so many factors and criteria to talk about, which would influence such a decision. There is no right or wrong answer to the question, if it should be VMware Cloud Director or vRealize Automation. Use what makes sense.

    Which could also be a combination of both.

    Multi-Cloud Load Balancing and Autoscaling with NSX Advanced Load Balancer (formerly Avi Networks)

    Multi-Cloud Load Balancing and Autoscaling with NSX Advanced Load Balancer (formerly Avi Networks)

    Do you want to build your private cloud like a hyperscaler is doing it? You know that VMware Cloud Foundation is becoming the new vSphere, but still wonder how you can implement software-defined load balancing (LB) or application services and features like autoscaling or predictive scaling? Then this article about multi-cloud load balancing and autoscaling with NSX Advanced Load Balancer aka Avi Networks is for you!

    My Experience with a Legacy ADC

    A few years ago, I was working on the customer side for an insurance company in Switzerland as a Citrix System Engineer. My daily tasks included the maintenance and operation of the Citrix environment, which included physical and virtual Citrix NetScaler Application Delivery Controller (ADC) appliances. The networking team owned a few hardware-based appliances (NetScaler SDX) with integrated virtualization capability (XenServer as hypervisor) to host multiple virtual NetScaler (VPX) instances.

    The networking team had their dedicated NetScaler VPX instances (for LDAP and HTTP load balancing mostly) and deployed my appliances after I filed a change request. Today, you would call thisĀ multi-tenancy. For a Citrix architecture it was best practices to have one high availability (HA) pair for the internal and one HA pair for the external (DMZ) network access. An HA pair was running in a active/passive mode and I had to maintain the same setup for the test environment as well.

    Since my virtual VPX appliances were hosted on the physical SDX appliance, I always relied on the network engineers when I needed more resources (CPU, RAM, SSL, throughput) allocated to my virtual instances. Before I could upgrade to a specific firmware version, I also had to wait until they upgraded the physical NetScaler appliances and approved my change request. This meant, we had to plan changes and maintenance windows together and had to cross fingers, that their upgrade went well, so that we then could upgrade all our appliances after.

    NetScaler SDX

    It was also possible to download a VPX appliance, which could run on top of VMware vSphere. To be more independent, I decided to install four new VPX appliances (for the production and test environment) on vSphere and migrated the configuration from the appliances running on the physical SDX appliance.

    Another experience I had with load balancers was when I started to work for Citrix as a consultant in Central Europe and had to perform a migration of physical NetScaler MPX appliances, which had no integrated virtualization capability. I believe I had two sites with each two of these powerful MPX appliances for tens of thousands of users. Beside the regular load balancing configuration for some of the Citrix components, I also had to configureĀ Global Server Load Balancing (GSLB) in active/passive mode for the two sites.

    NetScaler GSLB Active Passive

    There were so many more features available (e.g., Web Application Firewall, Content Switching, Caching, Intrusion Detection), but I never used anything else than the NetScaler Universal Gateway for the remote access to the virtual desktop infrastructure (VDI), load balancing, HTTP to HTTPS redirections and GSLB. In all scenarios I had an HA pair where one instance was idling and doing nothing. And the active unit was in average not utilized more than 15-20%. It was common to install/buy too large or powerful instances/licenses, because you wanted to be on the safe side and have enough capacity to terminate all your SSL sessions and so on.

    It (load balancing) was about distributing network traffic across multiple servers by spreading the requests and workload evenly, and to add some intelligence (health monitoring) in case an application server or a service would fail or become unavailable for any reason. If one more application server was needed, I ordered a new Windows Server, installed and configured the Citrix components and added the necessary load balancing configuration on the NetScaler. These were all manual tasks.Ā 

    This was my personal experience from 2017. Since then, applications became more complex and distributed. The analysts and the market are focusing on containerized and portable apps that are running in multiple clouds. The prediction is also that the future is multi-cloud.

    Multiple Clouds vs. Multi-Cloud

    There are different definitions and understandings out there what multi-cloud means. In my understanding, using a private cloud, the AWS cloud, Microsoft Office 365 and Azure is a typical setup with multiple clouds. There are simple scenarios where you migrate workloads from a private to a public cloud; or having applications with services hosted on the private and on the public cloud. The latter would be an example of a hybrid cloud architecture.

    There are various reasons for why services and resources (workloads) are distributed on multiple clouds (on-prem, Azure, AWS, GCP etc.):

    • Avoid dependence on one cloud provider only
    • Consume different specific services that are not provided elsewhere
    • Optimize costs for different workloads and services
    • React to price changes by the providers

    That is why we are seeing also the trend to break up big legacy applications (monoliths) in smaller pieces (segments), which is a best practice and design principle today. The goal is to move to a loosely coupled and more service-oriented architecture. This provides greater agility, more flexibility and easier scalability with less inter-dependencies.

    A segmented application is much easier to run in different clouds (think about portability). Running one application over multiple clouds is in my understanding the right definition of multi-cloud.

    Multiple Clouds versus Multi-Cloud

    Let’s assume that most probably all the four reasons above apply to larger enterprises. If we take another angle, we can define some business and technical requirements for multi-cloud:

    • Application or services need to be cloud vendor-agnostic
    • Provide or abstract control and management interfaces of multiple clouds
    • Support application portability (relocation between clouds)
    • Combine IaaS and other services from different clouds
    • Possibility to deploy components of applications in multiple clouds
    • (Cloud) Broker service needed
    • Policy and governance over multiple clouds
    • Network connectivity for migration scenarios with partially modernized applications
    • Automated procedures for deployments
    • Application monitoring over different clouds
    • Cost management
    • Lifecycle management of deployed applications in multiple clouds
    • Self-adaption and auto scaling features
    • Large team with various expertise needed

    How can you deliver and manage different applications services like load balancing, web application firewalling, analytics, automation and security over multiple clouds?

    Another important question would be, how you want to manage the workload deployment on the various clouds. But cloud management or a cloud management platform is something for another article. šŸ™‚

    The requirements for the developers, IT operations and the business are very complex and it’s a long list (see above).

    It is important, that you understand, based on the requirements for multi-cloud, that it is mandatory to implement a modern solution for your modern application architectures. Enterprises have become more application-centric and everyone is talking about continuous integration, continuous delivery and DevOps practices to automate operation and deployment tasks. A modern solution implicits a software-defined approach. Otherwise you won’t be able to be agile, adapt to changes and meet future requirements.

    My past experience with Citrix’ NetScaler (Citrix ADC) is a typical example that “virtualized” and “software-defined” are not the same thing. And this is very important if we want to have a future-ready solution. If we look at VMware’s software-defined data center (SDDC), it includes virtual compute (hypervisor), but software-defined storage and networkingĀ as well. Part of the software-defined networking portfolio is “NSX Advanced Load Balancer“, the software-defined application services platform, which was also known as “Avi Networks” before VMware bought them in June 2019.

    Unlike a virtualized load-balancing appliance, a software-defined
    application services platform separates the data and control planes
    to deliver application services beyond load balancing, real-time
    application analytics, security and monitoring, predictive autoscaling,
    and end-to-end automation for Transport (Layer 4) to
    Application (Layer 7) layer services. The platform supports multicloud
    environments and provides software-defined application
    services with infrastructure-agnostic deployments on bare metal
    servers, virtual machines (VMs), and containers, in on-premises
    data centers and private/public clouds.

    Auto scaling became famous with AWS as it monitors your applications and automatically adjusts capacity to maintain availability and performance at the lowest possible costs. It automatically adds or removes application servers (e.g. EC2 instances), load balancers, applies the right network configuration and so on.

    Can you achieve the same for your on-premises infrastructure with VMware? Yes.

    Is there even a solution which can serve both worlds – on-prem and cloud? Yes.

    And what about predictive scaling with real-time insights? Yes.

    NSX Advanced Load Balancer (NSX ALB)

    Why did VMware buy Avi? Because it follows the same architecture principles like NSX: A distributed platform with a separate control and data plane built on software-defined principles for any cloud.

    Avi High Level Architecture

    Traditional ADCs or load balancers are mostly configured in active/standby pairs, no matter if physical or virtual. Typically you would see around 15% utilization on the active node, while the secondary standby node is just idling and doing nothing. Each pair is its own island of static capacity which shares the management, control and data plane.

    You have to decide where to place the virtual IP (VIP) and how much you want to overprovision the physical or virtual appliances, because there is no capacity pooling available. This leads to operational complexity, especially when you have hundreds of such HA pairs running in different clouds. Therefore, legacy and virtualized ADCs are not the ideal choice for a multi-cloud architecture. Let’s check NSX ALB’s architecture:

    Control Plane – This is the brain (single point of management) of the whole platform that can be spun up in your on-prem environment or in the cloud (also available as a managed SaaS offering), typically as a three-node cluster. Within this cluster, all configuration is done. This also where the policies reside and the decisions are made. It is the controllerā€™s duty to place virtual services on Service Engines to load balance new applications.

    The control plane comprises the three pillars that deliver the key capabilities of the Avi platform:

    • Multi-Cloud – Consistent experience for any cloud, no lock-in
    • Intelligence – The machine learning based analytics engine enables application performance monitoring, troubleshooting, and operational insights (gathered by the SEs)
    • Automation – Elastic and predictive auto scaling & self-service without over-provisioning through a complete set of REST APIs

    Data Plane –Ā  The Service Engines (SEs) handle all data plane operations by receiving and executing instructions from the controller. The SEs perform load balancing and all client- and server-facing network interactions. It collects real-time application telemetry from application traffic flows.Ā 

    As already mentioned, NSX ALB can be deployed in multiple cloud environments like VMware vCenter, Amazon Web Services, Microsoft Azure, Google Cloud Platform, Oracle Cloud, IBM Cloud, VMC on AWS, Nutanix, OpenStack or bare-metal.

    Use Cases

    Most customers deploy Avi because of:

    • Load Balancer refresh
    • Multi-Cloud initiatives
    • Security including WAF, DDoS attack mitigation, achieving compliance (GDPR, PCI, HIPAA)
    • Container ingress (integrates via REST APIs with K8s ecosystems like Tanzu Kubernetes Grid, AKS, EKS, GKE, OpenShift)

    Advanced Kubernetes Ingress Controller Avi Networks

    • Virtual Desktop Infrastructure (Citrix, VMware Horizon)

    Consistent Application Services Platform (Features)

    Avi/NSX ALB is an enterpise-grade solution. So, everything you would expect from a traditional ADC (e.g. F5); layer 4 to layer 7 services, SSL, DDoS, WAF etc. is built-in without the need for a special license or edition. There is no NSX license requirement even the product name would suggest it. It can be deployed as a standalone load balancer or as an integrated solution with other VMware products (e.g., VCF, vRA/vRO, Horizon, Tanzu etc.).

    Avi Networks Features

    Below is a list with the core features:

    • Enterprise-class load balancing – SSL termination, default gateway, GSLB, DNS, and other L4-L7 services
    • Multi-cloud load balancing – Intelligent traffic routing across multiple sites and across private or public clouds
    • Application performance monitoring –Ā Monitor performance and record and replay network events like a Network DVR
    • Predictive auto scaling – Application and load balancer scaling based on real-time traffic patterns
    • Self-service – For app developers with REST APIs to build services into applications
    • Cloud connectors – VMware Cloud on AWS, SDN/NFV controllers, OpenStack, AWS, GCP, Azure, Linux Server Cloud, OpenShift/Kubernetes
    • Distributed application security fabric – Granular app insights from distributed service proxies to secure web apps in real time
    • SSO / Client Authentication – SAML 2.0 authentication for back-end HTTP applications
    • Automation and programmability – REST API based solution for accelerated application delivery; extending automation from networking to developers
    • Application Analytics – Real-time telemetry from a distributed load balancing fabric that delivers millions of data points in real time

    Load Balancing for VMware Horizon

    NSX ALB can be configured for load balancing in VMware Horizon deployments, where you place Service Engines in front of Unified Access Gateways (UAG) or Connection Servers (CS) as required.

    Avi Horizon High Level Architecture

    For a multi-site architecture you can also configure GSLB if needed. With GSLB, access to resources is controlled with DNS queries and health checking.

    Note: If you are using the Horizon Universal Broker, the cloud-based brokering service, there is no need for GSLB, because the Universal Broker can orchestrate connections from a higher level based on different policies.

    Automation

    With NSX Advanced Load Balancer there are two parts when we talk about automation. One part is about infrastructure automation, where the controller talks to the ecosystem like a vCenter, AWS or Azure to orchestrate the Service Engine. So, when you configure a new VIP, the controller would talk to vCenter to spin up a VM, puts it in the right portgroup, connects the front and the back-end, downloads the policy and Service Engine, and starts receiving traffic.

    The second piece of automation focuses more on the operational automation which is through the REST API. But, on top of that you can also run Ansible playbooks, Terraform templates, use Go and Python SDKs, have integrations with Splunk or other tools like vRealize Automation. These are the built-in automation capabilities of Avi.

    Avi Networks Automation

    VMworld 2020 Sessions

    This year, VMworld is going to be for free and virtual. Take this chance and register yourself and learn more about Avi aka NSX ALB:

    1. Making Your Private Cloud Network Run Like a Public Cloud – Part 2 [VCNC2918]
    2. Modern Apps and Containers: Networking and Security [VCNC2920]
    3. Prepare for the New Normal of Work from Anywhere [VCNC2919]