Professional Documents
Culture Documents
3 - Architecting A Vcloud 1.6 - Technical White Paper PDF
3 - Architecting A Vcloud 1.6 - Technical White Paper PDF
Architecting
a vCloud
Version 1.6
T e c h n i c a l W HI T E P A P E R
VMware vCloud
Architecting a vCloud
Table of Contents
List of Figures . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6
List of Tables . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7
1. What is a VMware vCloud?. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8
1.1 Document Purpose and Assumptions. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8
1.2 Cloud Computing and vCloud Introduction. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9
1.3 vCloud Components . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9
1.4 vCloud Infrastructure. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11
1.4.1 vCloud Management Cluster. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 12
1.4.2 Compute Resources. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 12
1.4.3 Storage Resources. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 13
1.4.4 Networking Resources . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 13
1.4.5 Component Placement. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 13
1.4.6 vCloud Consumer Resources . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 14
1.4.7 vCloud Logical Infrastructure . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 14
2. vCloud Director Constructs. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 15
3. vCloud Consumer Resources. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 16
3.1 Cloud Consumer Resources. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 16
3.2 Establish Provider Virtual Datacenters . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 17
3.2.1 Public Cloud Considerations. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 18
3.2.2 Private Cloud Considerations . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 18
3.2.3 Provider Virtual Datacenter Special Use Cases . . . . . . . . . . . . . . . . . . . . . 18
3.2.4 Compute Resources Considerations. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 19
3.2.5 Storage Resources Considerations . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 20
3.2.6 Networking Resources Considerations. . . . . . . . . . . . . . . . . . . . . . . . . . . . . 21
3.3 Multi-Site/Multi-Geo Clouds. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 21
3.3.1 Scenario #1Common User Interface . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 21
3.3.2 Scenario #2Common Set of Services. . . . . . . . . . . . . . . . . . . . . . . . . . . . .22
3.3.3 Suggested Deployment . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 22
3.3.4 Other Multi-Site Considerations. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 23
3.3.5 Merging Chargeback Reports. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 23
3.3.6 Synchronizing Catalogs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 23
T ECHNICAL W HI T E P A P E R / 2
VMware vCloud
Architecting a vCloud
T ECHNICAL W HI T E P A P E R / 3
VMware vCloud
Architecting a vCloud
T ECHNICAL W HI T E P A P E R / 4
VMware vCloud
Architecting a vCloud
T ECHNICAL W HI T E P A P E R / 5
VMware vCloud
Architecting a vCloud
List of Figures
Figure 1. vCloud Overview. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9
Figure 2. Core vCloud Logical Architecture. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11
Figure 3. vCloud Infrastructure . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11
Figure 4. vCloud Logical Architecture. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 14
Figure 5. vCloud Director Construct to vSphere Mapping . . . . . . . . . . . . . . . . . . . . . . . . . 15
Figure 6. vCloud Consumer Resource Mapping. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 17
Figure 7. Two Sites with Local vCloud Director Instances Managing Local vCenters . . 21
Figure 8. Remote Console Flow. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 22
Figure 9. Two Sites with Isolated vCloud Director Instances. . . . . . . . . . . . . . . . . . . . . . . . 23
Figure 10. Example Diagram of Provider Networking for a Public vCloud . . . . . . . . . . . 27
Figure 11. Configure External IPs. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 28
Figure 12. vCloud Director Logical Networking w/ Cisco Nexus 1000V . . . . . . . . . . . . . 29
Figure 13. Example Diagram of Provider Networking for a Private vCloud. . . . . . . . . . . 30
Figure 14. vCloud Connector Architecture. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 38
Figure 15. Architectural Example Drawing. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 42
Figure 16. Configure Firewall Services. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 44
Figure 17. Reference Architecture Kit. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 51
Figure 18. Log Collection in the Cloud Environment . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 64
Figure 19. Architecture of vCloud Components and Log Collection. . . . . . . . . . . . . . . . . 65
Figure 20. Infrastructure Layers. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 67
T ECHNICAL W HI T E P A P E R / 6
VMware vCloud
Architecting a vCloud
List of Tables
Table 1. Reference Documentation. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8
Table 2. vCloud Components. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10
Table 3. vCloud Director Constructs. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 15
Table 4. Component Requirements for a Management Cluster . . . . . . . . . . . . . . . . . . . . . 19
Table 5. Network Pool Options. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 25
Table 6. vCloud vApp Requirements Checklist. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 47
Table 7. Definition of Resource Pool and Virtual Machine Split. . . . . . . . . . . . . . . . . . . . . . 49
Table 8. Memory, CPU, Storage, and Networking . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 49
Table 9. Example Consolidation Ratios. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 49
Table 10. MBeans Used To Monitor vCloud Cells. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 51
Table 11. vCloud Availability Considerations . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 58
Table 12. Network Access Security Use Cases. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 61
Table 13. Audit Concerns Within The Cloud. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 62
Table 14. vCloud Component Logs. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 66
Table 15. Other Component Logs. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 66
Table 16. Load Balancer Considerations . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 68
Table 17. Certificate Steps. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 70
Table 18. vSphere Host Variables . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 88
Table 19. Determing Redundancy Overhead. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 88
Table 20. Network Capacity Planning Items . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 92
Table 21. Capacity Monitoring Metrics. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 93
Table 22. Organization Virtual Datacenter Units of Consumption. . . . . . . . . . . . . . . . . . . 95
Table 23. Recommended Organization Virtual Datacenter Capacity Thresholds. . . . . . 95
Table 24. Sample Organization Virtual Datacenter Resource Allocation . . . . . . . . . . . . . 96
Table 25. Organization Virtual Datacenter Trending Information. . . . . . . . . . . . . . . . . . . . 97
Table 26. Organization Virtual Datacenter Capacity Trending Variables . . . . . . . . . . . . . 98
Table 27. Sample Organization Virtual Datacenter Trending Information. . . . . . . . . . . . . 99
T ECHNICAL W HI T E P A P E R / 7
VMware vCloud
Architecting a vCloud
Referenced Document
Cloud Requirements
vCloud Implementations
vCloud Director
vCloud API
vSphere
vShield
vCenter Chargeback
T ECHNICAL W HI T E P A P E R / 8
VMware vCloud
Architecting a vCloud
For further information, refer to the set of documentation for the appropriate product. For additional guidance
and best practices, refer to the Knowledge Base on vmware.com.
vCloud API
vCloud
Director
vShield Edge
vCloud
Connector
vCenter
Orchestrator
VMware vSphere
T ECHNICAL W HI T E P A P E R / 9
VMware vCloud
Architecting a vCloud
v C lo u d C o m p o n e n t
D e s cr i p t i o n
vCloud API
Includes:
vCloud Director Server(s) (also known as cell)
vCloud Director Database
vCloud API, used to manage cloud objects
vCloud API
VMware vSphere
VMware vShield
Other VMware or third-party products or solutions are not addressed in this iteration of a vCloud.
T ECHNICAL W HI T E P A P E R / 1 0
VMware vCloud
Architecting a vCloud
From an architectural view, the following diagram shows how the core vCloud components interrelate.
vCloud API
NFS Server
VMware vSphere
vCenter
Service
vCenter Chargeback
LDAP
vCenter Database
vCenter
Chargeback
Server
vSphere Client
vShield
VM
VM
VM
VM
VM
VM
VM
wa
re
ESX/ESXi
Hosts
VM
wa
re
VM
VM
VM
VM
VM
VM
vCloud
Agent
VM
VM
VM
Data
Collectors
VM
VM
VM
wa
re
VM
wa
re
vCloud
Agent
VM
VM
VM
VM
VM
VM
vCloud
Agent
VM
VM
VM
VM
VM
VM
VM
wa
re
vCloud
Agent
VM
VM
VM
wa
re
vCloud
Agent
VM
VM
VM
vCenter
Chargeback
Database
VM
vCenter
Chargeback
Web Interface
vCloud
Agent
Datastores
Management
Cluster
Compute
Storage
Networking
Virtual Infrastrucure
Figure 3. vCloud Infrastructure
In building a vCloud, we assume that all management components, such as vCenter Server and vCenter
Chargeback Server, will run in virtual machines.
As a best practice of separating resources allocated for management functions from pure user-requested
workloads, the underlying vSphere clusters will be split into two logical groups:
A single management cluster running all core components and services needed to run the cloud.
Remaining available vCenter clusters are aggregated into a pool called cloud consumer resources. These
clusters will be under the control of VMware vCloud Director. Multiple clusters can be managed by the same
vCenter Server or different vCenter Servers, but vCloud Director will be managing the clusters through the
vCenter Servers.
T ECHNICAL W HI T E P A P E R / 1 1
VMware vCloud
Architecting a vCloud
Management
Cluster
Compute
Storage
Networking
Virtual Infrastrucure
The underlying vSphere Infrastructure will follow vSphere best practices. Design considerations specific to a
vCloud will be addressed accordingly in this document, organized by the vCloud management cluster and cloud
consumer resources.
1.4.1 vCloud Management Cluster
Cloud Consumer Resources
Management
Cluster
Compute
Storage
Networking
Virtual Infrastrucure
The management cluster will follow vSphere best practices to facilitate load balancing, redundancy, and high
availability.
1.4.2 Compute Resources
Compute resources for the management cluster will follow vSphere best practices where possible, including but
not limited to VMware DRS, HA, and FT.
To facilitate VMware HA, a cluster of three VMware ESXi hosts will be used. While additional hosts can be added,
three hosts supporting just vCloud management components should be sufficient for typical vCloud
environments. Detailed sizing guidance of the management cluster is provided later in this document. Use a
VMware HA percentage-based admission control policy in an N+1 fashion instead of dedicating a single host
for host failures or defining the amount of host failures a cluster can tolerate. This will allow the management
workloads to run evenly across the hosts in the cluster without the need to dedicate a host strictly for host
failure situations. Additional hosts can be added to the management cluster for N+2 or more redundancy but
this is not required by the current vCloud Service Definitions.
Use VMware HA (including VM Monitoring) and/or FT, where possible, to protect the management virtual
machines. vCenter Site Recovery Manager (SRM) can be used to protect components of the management
cluster. At this time, vCenter Site Recovery Manager will not be used to protect vCloud Director cells because
a secondary (DR) site is out of scope of the vCloud, and changes to IP addresses and schemas in recovered
vCloud Director cells can result in problems.
T ECHNICAL W HI T E P A P E R / 1 2
VMware vCloud
Architecting a vCloud
Unlike a traditional vSphere environment where vCenter Server is used by administrators to provision virtual
machines, vCenter Server plays an integral role in end-user self-service provisioning by handling all virtual
machine deployment requests by vCloud Director. Therefore, VMware recommends that vCenter Servers are
made available with a solution such as vCenter Heartbeat. Since FT is not supported for a multi-vCPU virtual
machine, this is another reason for using vCenter Heartbeat for high resiliency.
1.4.3 Storage Resources
Shared storage in the management cluster will be configured to include, but not limited to, the following:
Storage paths will be redundant at the host (connector), switch, and storage array levels.
All hosts in a cluster will have access to the same datastores.
1.4.4 Networking Resources
Host networking in the management cluster will be configured to include (but not limited to) the following:
Logical separation of network traffic for security and load considerations by type (management, virtual
machine, vMotion/FT, IP storage.
Network component and path redundancy.
At least 10GigE or GigE network speeds, if available.
Use of vNetwork distributed switches where possible for network management simplification. The architecture
calls for the use of vNetwork distributed switches in the user workload resource group, so it is a best practice
to use the vNetwork Distributed Switch across all of your clusters, including the management cluster.
Increasing the MTU size of the physical switches as well as the vNetwork distributed switches to at least 1524
(default is 1500) to accommodate the additional MAC header information used by vCloud Director Network
Isolation links. vCloud Director Network Isolation is called for by the Service Definition and the architecture
found later in this document. This needs to be done on the transport network for vCloud Director Network
Isolation. Failure to increase the MTU size could affect performance due to packet fragmentation affecting
network throughput of virtual machines hosted on the vCloud infrastructure.
1.4.5 Component Placement
Management components running as virtual machines in the management cluster include the following:
vCenter Server(s) and vCenter Database
vCloud Director Cell(s) and vCloud Director Database
vCenter Chargeback Server(s)
vShield Manager (one per vCenter Server)
Note: vShield Edge appliances are deployed automatically by vCloud Director through vShield Manager as
needed and will reside in the vCloud consumer resource clusters, not in the management cluster. They will be
placed in a system resource pool by vCloud Director and vCenter. For additional information on the vShield
Edge appliance and its functions, refer to the vShield Manager Administrator guides.
Optional management functions, deployed as virtual machines include:
vCenter Update Manager
vCenter Capacity IQ
VMware Management Assistant
vCenter Orchestrator (part of vCenter Server)
vCloud Request Manager and associated database
The optional management virtual machines are not required by the Service Definition but they are highly
recommended to increase the operational efficiency of the solution.
Database components, if running on the same platform, can be placed on the same database server. For
example, the databases used by vCloud Director, vCenter Chargeback, and vCloud Request Manager can be
consolidated on the same database server.
T ECHNICAL W HI T E P A P E R / 1 3
VMware vCloud
Architecting a vCloud
For more information on the resources needed by the virtual machines in the management cluster refer to the
Sizing section later in this document.
1.4.6 vCloud Consumer Resources
Cloud Consumer Resources
Management
Cluster
Compute
Storage
Networking
Virtual Infrastrucure
The cloud consumer resources represent vCenter clusters to host cloud workloads. These resources will be
carved up by vCloud Director. Well cover vCloud Director cloud constructs and definitions in the next section
first before drilling down on the compute, storage, and networking resources.
1.4.7 vCloud Logical Infrastructure
In summary, the vCloud logical architecture with vSphere resource separation is depicted as follows.
Management Cluster
VM
VM
VM
VM
VM
VM
VM
VM
wa
re
VM
VM
VM
VM
VM
VM
VM
wa
VM
VM
VM
VM
VM
VM
VM
VM
VM
wa
re
VM
VM
VM
VM
VM
VM
VM
wa
VM
VM
VM
VM
VM
VM
VM
VM
VM
wa
re
VM
VM
re
VM
re
VM
VM
VM
wa
VM
VM
VM
wa
VM
VM
VM
VM
VM
re
VM
VM
VM
VM
VM
wa
VM
VM
VM
VM
re
VM
VM
VM
VM
wa
re
VM
VM
VM
wa
re
re
VM
VM
VM
VM
VM
VM
VM
VM
wa
re
VM
VM
VM
VM
VM
VM
VM
wa
re
VM
VM
VM
VM
VM
VM
VM
wa
re
VM
VM
VM
VM
VM
VM
wa
re
vCenter Capacity IQ
VMware Management Assistant
vCenter Orchestrator (part of vCenter
Server)
vCloud Request Manager
No user workloads
The management cluster may also include virtual machines or have access to servers that provide infrastructure
services such as directory (LDAP/AD), timekeeping (NTP), networking (DNS, DHCP), and security (certificate).
Detailed considerations for sizing are addressed in the Sizing section.
T ECHNICAL W HI T E P A P E R / 1 4
VMware vCloud
Architecting a vCloud
The management cluster resides in a single physical site. vCloud consumer resources also reside within the same
physical site, ensuring a consistent level of service. Otherwise, latency issues might arise if workloads need to be
moved from one site to another, over a slower or less reliable network. For definition purposes, this cloud is
defined under the context of a single physical site, and does not span multiple sites.
Considerations for connecting clouds representing different sites are addressed later in this document.
Secondary DR sites are discussed later in the Disaster Recovery section of this document.
Catalogs
Organization B
Access Control
Users
Provisioning Policies
Catalogs
User Clouds
Organization vDCs
Access Control
Provisioning Policies
User Clouds
vApp
(VMs with vApp Network)
Organization vDCs
vApp
(VMs with vApp Network)
vSphere
vApp Network
Organization Network
Organization Network
External Networks
Organization vDCs
Provider vDC: Gold
Organization vDCs
Organization vDC
Port Groups or
dvPort Groups
Resource Pools
Host Cluster
Datastores
v C lo u d D i r e cto r C o n s tr u ct
D e s cr i p t i o n
Organization
T ECHNICAL W HI T E P A P E R / 1 5
VMware vCloud
Architecting a vCloud
v C lo u d D i r e cto r C o n s tr u ct
D e s cr i p t i o n
External Network
Organization Network
vApp Network
Management
Cluster
Compute
Storage
Networking
Virtual Infrastrucure
The cloud consumer resources are dedicated vCenter clusters that host cloud workloads. These resources are
carved up by vCloud Director in the form of one or more provider virtual datacenters, which is a vCenter cluster,
and one or more attached datastores. Networking for the resource group will encompass vSphere networks
visible to the hosts in that cluster. Provider virtual datacenters are further carved up into organization virtual
datacenters, which are backed by vCenter resource pools.
T ECHNICAL W HI T E P A P E R / 1 6
VMware vCloud
Architecting a vCloud
Host Cluster
Datastore
Resource Pool
Figure 6. vCloud Consumer Resource Mapping
T ECHNICAL W HI T E P A P E R / 1 7
VMware vCloud
Architecting a vCloud
Refer to the Service Definition for guidance on the size of vSphere clusters and datastores to attach when
creating a provider virtual datacenter.
Consider:
Expected number of virtual machines
Size of virtual machines (CPU, RAM, disk)
3.2.1 Public Cloud Considerations
Considerations for a public vCloud include creating multiple provider virtual datacenters based on tiers of
service that will be provided.
Since provider virtual datacenters only contain CPU, memory, and storage resources and those are common
across all of the requirements in the Service Definition for Public Cloud, you should create one large provider
virtual datacenter attached to a vSphere cluster that has sufficient capacity to run 1,500 virtual machines. You
should also leave overhead to grow the cluster with more resources up to the maximum of 32 hosts, should
organizations need to grow in the future.
If you determine that your hosts do not have sufficient capacity to run the maximum number of virtual machines
called out by the Service Definition for Public Cloud, then you will need additional provider virtual datacenters.
3.2.2 Private Cloud Considerations
Given that a provider virtual datacenter represents a vSphere cluster, it is commonly accepted that a single
provider virtual datacenter be established. Since provider virtual datacenters only contain CPU, memory, and
storage resources and those are common across all of the requirements in the Service Definition for Private
Cloud, you should create one large provider virtual datacenter attached to a cluster that has sufficient capacity
to run 400 virtual machines.
Refer to the Service Definition for Private Cloud for details on the service tier(s) called for. Should it be
determined that existing host capacity cant meet the requirement, or theres a desire to segment capacity along
the lines of equipment type (for example, CPU types in different provider virtual datacenters), then establish a
provider virtual datacenter for Pay-As-You-Go use cases and a separate provider virtual datacenter for the
resource-reserved use cases.
3.2.3 Provider Virtual Datacenter Special Use Cases
There are instances where a provider virtual datacenter must be viewed as special purpose in one way or
another. Special use-case provider virtual datacenters are a great example of what makes cloud computing so
flexible and powerful. The primary driver behind this need is to satisfy the license restrictions imposed by a
specific software vendor that stipulates that all the processors that could run specific software must be licensed
for it, regardless of whether or not they actually are running that software.
In order to meet the EULA requirements of such a software vendor, you can establish a purpose-specific
provider virtual datacenter, populated with enough sockets of processing power to meet the need but limited to
no more than what is needed in order to keep licensing costs down.
An example of this, in practice, is establishing an Oracle-only provider virtual datacenter. Since a provider virtual
datacenter is backed by a cluster, you can name a cluster for a special purpose and publish it to any and all
clouds that might need the service. You then maintain enough paid licenses to cover all the sockets in that
cluster, and you are covered under the EULA, because the guests can only run on one of the sockets in that
cluster/resource pool.
There is some level of user education needed to verify that all Oracle instances are deployed to the special
purpose virtual datacenter; that is, vCloud Director does not provide a way to prevent someone from incorrectly
deploying virtual machines. So, the enforcement has to be manual, typically through organizational processes.
In the following example, you could name the virtual datacenter with a descriptive name to deploy all Oracle
instances, or insert instructions in the vApp name so that users deploy to the correct virtual datacenter:
Oracle Database Use Only! PvDC
T ECHNICAL W HI T E P A P E R / 1 8
VMware vCloud
Architecting a vCloud
Management
Cluster
Compute
Storage
Networking
Virtual Infrastrucure
All hosts in will be configured per vSphere best practices, similar to the management cluster. VMware HA will
also be used to protect against host and virtual machine failures.
Provider vDCs can be of different compute capacity sizes (number of hosts, number of cores, performance of
hosts) to support differentiation of compute resources by capacity or performance for service level tiering
purposes.
Organization vDCs in turn should be created based on what services are planned.
For a detailed look at how to size the vCloud, refer to the Sizing section later in this document.
The following table lists out the requirements for each of the components that will run in the vCloud Director
management cluster. For the number of virtual machines and organizations listed in the Service Definitions you
will not need to worry about scaling too far beyond the provided numbers.
It e m
v C PU
Memory
Sto rag e
N e tw o r k i n g
vCenter Server
8 GB
20 GB
100 MB
Oracle Database
16 GB
100 GB
1 GigE
vCloud Director x 2
(stats for each)
4 GB
10 GB
1 GigE
vCenter Chargeback
8 GB
30 GB
1 GigE
vShield Manager
4 GB
512 MB
100 MB
TOTAL
11
40 GB
161 GB*
3 GigE*
For the table above, the Oracle Database will be shared between the vCenter Server, the vCloud Director cells,
and the vCenter Chargeback Server. Different users and instances should be used for each database instance
in-line with VMware best practices.
In addition to the storage requirements above, a NFS volume is required to be mounted and shared by each
vCloud Director cell to facilitate uploading of vApps from cloud consumers. The size for this volume will vary
depending on how many concurrent uploads are in progress. Once an upload completes the vApp is moved to
permanent storage on the datastores backing the catalogs for each organization and the data no longer resides
on the NFS volume. The recommended starting size for the NFS transfer volume is 250 GB. You should monitor
this volume and increase the size should you experience more concurrent or larger uploads in your environment.
T ECHNICAL W HI T E P A P E R / 1 9
VMware vCloud
Architecting a vCloud
Management
Cluster
Compute
Storage
Networking
Virtual Infrastrucure
Shared storage in the consumer resources will be configured per vSphere best practices, similar to the
management cluster. Storage types supported by vSphere will be used. The use of RDMs in the vCloud
infrastructure is currently not supported and should be avoided.
Creation of datastores will need to take into consideration Service Definition requirements and workload use
cases, which will affect the number and size of datastores to be created. vCloud Director will assign datastores
for use through provider virtual datacenters, and only existing vSphere datastores can be assigned.
Datastores attached to provider virtual datacenters will be used for vCloud workloads, known as vApps. vSphere
best practices apply for datastore sizing in terms of number and size. Vary datastore size or shared storage
characteristic if providing differentiated or tiered levels of service. Sizing considerations include:
Datastore storage expectations:
Size a datastore sufficiently to allow for placement of multiple vApps, avoiding creating small datastores that
can house only one or two vApps. A few large datastores are preferred over many small datastores,
especially since consumers are not allowed to choose which datastores to place their workload on when
selecting a virtual datacenter with more than one datastore; vCloud Director will choose the datastore with
the most free space available.
What is the average vApp size x number of vApps x spare capacity? For example: Average virtual machine
size * # virtual machines * (1+ % headroom)
What is the average virtual machine disk size?
How many virtual machines are in a vApp?
How many virtual machines are to be expected?
How much spare capacity do you want to allocate for room for growth (express in a percentage)?
Will expected workloads be transient or static?
Datastore performance characteristics:
Will expected workloads be disk intensive?
What are the performance characteristics of the associated cluster?
Refer to the requirements in the Service Definition and size your datastores accordingly.
Additionally, an NFS share must be set up and made visible to all hosts for use by vCloud Director for
transferring files in a vCloud Director multi-cell environment. NFS is the required protocol for the transfer
volume. Refer to the vCloud Director Installation and Configuration Guide for more information on where to
mount this volume.
See the Workload Availability section for additional storage and storage I/O factors to take into account.
T ECHNICAL W HI T E P A P E R / 2 0
VMware vCloud
Architecting a vCloud
Management
Cluster
Compute
Storage
Networking
Virtual Infrastrucure
Host networking for hosts within a provider vDC will be configured per vSphere best practices in the same
manner as the vCloud management cluster. In addition, the number of vNetwork Distributed Switch ports per
host should be increased from the default value of 128 to the maximum of 4096. Increasing the ports will allow
for vCloud Director to dynamically create port groups as necessary for the private organization networks created
later in this document. Refer to the vSphere Administrator Guide for more information on increasing this value.
Networking at the provider and organization virtual datacenter level is detailed in the next section on providing
cloud resources.
Site 1
vCD
vCD
vCD
Site 2
vCloud Director
vCenter Server
vCD
VM
VM
VM
VM
VM
VM
vCD
vCenter Server
VM
VM
vCD
wa
re
VM
VM
VM
VM
VM
VM
wa
re
Figure 7. Two Sites with Local vCloud Director Instances Managing Local vCenters
T ECHNICAL W HI T E P A P E R / 2 1
VMware vCloud
Architecting a vCloud
The local vCenter servers will control resources local to each site. This is a very logical setup of the infrastructure
until you look at some of the user flows.
If we are a user that is coming into site #1 requesting remote console access to a virtual machine in site #1 we are
not guaranteed to have all traffic stay in site #1. This is because we cannot control which vCloud Director cell is
the proxy for which vCenter Server. We could come into a vCloud Director cell in site #1 which would then have
to talk to the proxy for vCenter server #1 in site #2. That vCloud Director cell would then talk back to the vCenter
server in site #1 that would then finish setting up the remote console connection to the local ESXi host with the
virtual machine in question in site #1. Traffic at that time would then flow through the vCloud Director cell that
initiated the request in site #1. This is all illustrated below.
Site 1
vCD
vCD
vCD
vCenter Server
Site 2
vCD
VM
VM
VM
VM
VM
VM
vCD
vCenter Server
VM
VM
vCD
wa
re
VM
VM
VM
VM
VM
VM
wa
re
One of the problems with this setup is how do you control which vCloud Director cell a user gets terminated on,
based on virtual machine and site specific data? Its next to impossible to continue to figure this out and provide
that logic to a load balancer. Another problem with the scenario is we need to have a central Oracle database for
all of the vCloud Director cells from both sites. This creates even more traffic on the link between the 2 sites since
the message bus in vCloud Director uses the Oracle database for communication. Overall this solution is less
than optimal and only suggested for cross-campus multi-site configurations where site-to-site communication
will not overwhelm the network and where network availability is highly reliable.
3.3.2 Scenario #2Common Set of Services
A more pragmatic approach to multi-site setups is to have a single vCloud Director setup in each of the sites that
is isolated from other sites. This solves the network cross-talk issue but it introduces even more problems of its
own. For example, how do you provide a common set of services across the different sites? How do you keep
organization names and rights as well as catalogs, networks, storage, and other information common across the
different sites? Currently there is no mechanism to do this in the currently shipping vCloud Director product.
Using other VMware technologies included in the vSphere suite of products you can synchronize cloud
deployments using automation scripts and provide common sets of services across locations.
In an enterprise, a private vCloud maps to a single site. Multiple vClouds can be connected using vCloud
Connector for offline vApp migrations. A public vCloud can be connected to form a hybrid cloud.
3.3.3 Suggested Deployment
Multi-site deployments are not officially supported by VMware at this time. However, if you are still going to
create a multi-site deployment, then the recommended way to deploy multi-site solutions is to set up an isolated
vCloud Director instance in each location. This isolated vCloud Director instance would include local vCloud
T ECHNICAL W HI T E P A P E R / 2 2
VMware vCloud
Architecting a vCloud
Director cells, vCenter Servers, an Oracle database instance, a vCenter Chargeback instance, and local vSphere
resources as illustrated in the picture below.
Site 1
vCD
vCD
vCD
vCenter Server
Site 2
vCD
vCD
vCenter Server
VM
VM
VM
VM
VM
VM
VM
VM
vCD
wa
re
VM
VM
VM
VM
VM
VM
wa
re
In order to keep the sites synchronized with organization and resource information, VMware encourages you to
create a set of onboarding scripts and workflows. These workflows would be used anytime you need to create a
new organization or a new resource for an organization and would drive that creation across all cloud sites. The
VMware cloud services organization can assist you in the creation of these customer specific workflows based
on templates the cloud practice already has. VMware cloud services has created these template workflows using
the vCenter Orchestrator product that is included with vSphere. By using the workflows for administrative
resource creation you can keep multiple clouds synchronized with organization resources.
3.3.4 Other Multi-Site Considerations
When creating multi-site configurations, there are resources out of the control of the vCloud setup that require
some thought. How do you set up networking between the sites? How do you handle IP addressing? It is for
these physical resource decisions, varying between customers, that we have not provided specific guidance on
in the reference architecture. Setting up these physical resources is also not included in the sample scripts
previously mentioned.
3.3.5 Merging Chargeback Reports
In our reference multi-site setup we included multiple vCenter Chargeback instances. In order to provide one
common bill or usage report to your cloud consumer you must aggregate all of the chargeback reports into one
report. You can leverage the vCenter Chargeback API as well as vCenter Orchestrator to pull chargeback reports
from each vCenter Chargeback server and consolidate them into one master report.
3.3.6 Synchronizing Catalogs
Synchronizing catalogs between sites is the most time consuming task. When setting up multiple cloud sites you
should designate one site as the master site for template creation and have all other sites be replication peers.
It is advisable to leverage native storage array replication to replicate the storage for the templates in each
catalog. Array replication can provide several benefits for long distance data movement including data
de-duplication and compression. Once the data is synchronized you can leverage the catalog synchronization
workflows provided by VMwarevCloud API to import the replicated templates into the appropriate catalogs in
VMware vCloud Director.
Synchronizing templates added at remote sites is out of scope for this version of the reference architecture.
This feature can be added selectively by engaging VMware Professional Services.
T ECHNICAL W HI T E P A P E R / 2 3
VMware vCloud
Architecting a vCloud
T ECHNICAL W HI T E P A P E R / 2 4
VMware vCloud
Architecting a vCloud
v S p h e r e P o rt
Gr o u p B ac k e d
V L A N B ac k e d
v C lo u d
N e tw o r k
I s o l at i o n
B ac k e d
How it works
Advantages
Best network
performance
Requires manual
creation and
management of
portgroups
Possible to use a
portgroup that is in
fact not isolated
Table 5. Network Pool Options
T ECHNICAL W HI T E P A P E R / 2 5
VMware vCloud
Architecting a vCloud
T ECHNICAL W HI T E P A P E R / 2 6
VMware vCloud
Architecting a vCloud
of static IP addresses that will be consumed by vShield Edge appliances (that facilitate a routed connection)
each time you connect an organization network to this external network.
For sizing purposes, you should create a large enough IP address pool so that each of your organizations can
have access to an external network. Per the Service Definition, the estimated number of organizations for 1,500
virtual machines is 25 organizations, so make sure you have at least 25 IP addresses in your static IP pool. More
IP addresses should be set aside if you plan to allow inbound access into organizations.
4.3.2 Network Pools
In addition to access to external networks, each organization in a public vCloud will have organization-specific
private networks. vCloud Director instantiates Isolated L2 networks through the use of network pools.
Create a single large network pool for all organizations to share, and limit the use of this network pool when you
create each individual organization. The network pool created will use vCloud Network Isolation for separating
the traffic. This will use an existing vNetwork Distributed Switch previously created for connecting hosts. Use a
VLAN to further segregate all of the vCloud Director Network Isolation traffic in a transport network from the
rest of the infrastructure.
Because the network pools will be used by both the external organization network and private vApp networks,
you will need at least 11 networks in the network pool per organization. Ten of the networks in the pool will be for
the private vApp networks according to the Service Definition for a Public Cloud. One of the networks will be
used for the protected external organization network. Given the estimate of 25 organizations, you need at least
275 networks in the pool. There is a limitation of a maximum of 4096 networks in a network pool due to the port
limitation on the vNetwork Distributed Switch. Ephemeral ports in a vNetwork Distributed Switch are also
limited to 1016 per Switch and per vCenter server, further limiting the number of networks that can be
instantiated from a network pool. When connecting the network pool to a vNetwork Distributed Switch, make
sure you have enough free ports left on the switch (at least 275).
vCloud Datacenter
Organization ACME Corp.
Network Pool
Org Net:
ACME-Private
Private Internal
Org Net: ACME-Internet
Private Routed
Provider-Internet
T ECHNICAL W HI T E P A P E R / 2 7
VMware vCloud
Architecting a vCloud
Per the Service Definition for Public Cloud, the external network will be connected as a routed connection that
will leverage vShield Edge for firewalling and NAT to keep traffic separated from other organizations on the
same external provider network. Both the external organization network and the internal organization networks
will leverage the same vCloud Director Network Isolation network pool previously established. For both the
internal network and the external network, you will need to provide a range of IP addresses and associated
network information. Since both of the networks will be private networks, you can use RFC 1918 addresses for
both static IP address pools.
The Service Definition for Public Cloud defines a limit of external connections with a maximum of 8 IP addresses,
so you should provide a range of 8 IP addresses only when creating the static IP address pool for the external
network. For the private network, you can make the static IP address pool as large as desired. Typically, a full
RFC 1918 class C is used for the private network IP pool.
The last step is to add external public IP addresses to the vShield Edge configuration on the external
organization network. By selecting Configure Services on the external organization network, you can add 8
public IP addresses that can be used by that particular organization. These IP addresses should come from the
same subnet as the network that you assigned to the systems external network static IP pool.
T ECHNICAL W HI T E P A P E R / 2 8
VMware vCloud
Architecting a vCloud
Using the Cisco Nexus 1000V for vCloud Director network pools is not recommended because this requires
increased administrative overhead; the Cisco Nexus 1000V works only with vSphere port group-backed network
pools and introduces scalability limits. In this model, organization and vApp networks cannot be created
dynamically because port profiles need to be defined on the Cisco Nexus 1000V before being added to vCloud
Director. To maintain isolation within these internal networks, each port group will need to be configured with a
VLAN ID, which given the limit of 512 active VLANs across all virtual ethernet module (VEMs) managed by a
Cisco Nexus 1000V, also potentially limits the total number of networking pools. This is particularly true if one
virtual supervisor module (VSM) is managing VEMs in multiple vCloud resource groups, and the 802.1q standard
itself is limited to 4096 VLANs.
vCloud Director Network Isolation backed-network pools is an approach to address these scalability limits by
providing isolation of internal vCloud Director networks using MAC-in-MAC encapsulation over a transport
network. Instead of individual VLANs, vCloud Director Network Isolation network IDs are dynamically assigned
to these encapsulated networks by vCloud Director. VLAN backed network pools is another option where a
range of VLAN IDs is allocated to vCloud Director, which will then assign these VLANs to organization and vApp
networks, as required. So while it shares the same scalability limits as port group backed, it reduces manual
administrator setup. VLAN and vCloud Director Network Isolation backed network pools are only supported
with the vNetwork Distributed Switch.
The following diagram illustrates the recommended deployment model with the Cisco Nexus 1000V, used for
external networks only.
Resource Group
VMware vSwitch
Mgmt Port
Group
Service Port
Group
VLAN 10
pNIC
VLAN 20
pNIC
Core
Physical
Switching
VLAN 110
Org B External
VLAN 120
Org C External
VLAN 130
Org A VPN
VLAN 140
Org B VPN
VLAN 150
pNIC
pNIC
Core
Physical
Switching
VMware vDS
OrgNet1
VLAN 210
OrgNet2
VLAN 220
OrgNet3
VLAN 230
VCD-NI Pool A
VLAN 298
VCD-NI Pool B
VLAN 299
pNIC
pNIC
T ECHNICAL W HI T E P A P E R / 2 9
VMware vCloud
Architecting a vCloud
Enterprise vCloud
Organization Software Design
Network Pool
Org Net:
Internal Network
Private Internal (optional)
Org Net: External Access
Private Direct
Corporate Backbone
An important differentiation in a private vCloud vs. a public vCloud is the external network and organization
external network.
At least one external network is required to enable organization external networks to access resources outside
of the vCloud Director resourcesthe Internet for public cloud deployments and an internal (local) network for
private cloud deployments. It is a network that already exists within the address space used by the enterprise.
To establish this network, follow the wizard, filling in the network mask, default gateway and other specifications
of the LAN segment as required. When building this, specify enough address space for use as static
assignments, as this is where vCloud Director draws Public IP Pool addresses from. A good starting range is 30
addresses that do not conflict with existing addresses in use, or ranges already committed for DHCP.
Note: Static IP Pool address space is not used for DHCP, but the function is similar to that. This pool will be used
to provision NAT-type connectivity between the organizations and the cloud services below it.
4.4.2 Network Pools
You will need a network in the network pool for every private organization network and external organization
network in the vCloud environment. The Service Definition for a Private Cloud calls for one external organization
network and the ability for the organization to create private vApp networks. Since there is no minimum called
out in the Service Definition for the number of vApp networks a good number of networks to start out with is 10
per organization. Make your network pool as large as the number of organizations times 10.
T ECHNICAL W HI T E P A P E R / 3 0
VMware vCloud
Architecting a vCloud
T ECHNICAL W HI T E P A P E R / 3 1
VMware vCloud
Architecting a vCloud
VMware vCloud
Architecting a vCloud
vCloud Request Manager can be used to facilitate policy-based creation of organization virtual datacenters in a
private cloud to automate and standardize their creation through the creation and use of a organization virtual
datacenter template (or blueprint) to deploy new organization virtual datacenters.
T ECHNICAL W HI T E P A P E R / 3 3
VMware vCloud
Architecting a vCloud
vCloud API
vCloud
Director
vShield Edge
vCloud
Connector
vCenter
Orchestrator
VMware vSphere
Additional components to extend the vCloud capabilities are discussed further below.
vCloud API
vCloud
Director
vShield Edge
vCloud
Connector
vCenter
Orchestrator
VMware vSphere
T ECHNICAL W HI T E P A P E R / 3 4
VMware vCloud
Architecting a vCloud
vCloud Director provides a cloud portal whereby end consumers can self-provision their own workloads. For
environments where a formal provisioning process, including a request /approval mechanism, is needed, vCloud
Request Manager can be used as a front-end to vCloud Director. vCloud Request Manager 1.0 is largely intended
for private vClouds due to the fact that vCloud Request Manager requires cloud system privileges to vCloud
Director and therefore would not be ideal in a multi-tenant public cloud.
vCloud Request Managers primary capabilities include:
Provisioning with approvals
Software license tracking
Policy-based cloud partitioning (new organization creation)
In relation to the reference architecture, this new component sits in the functional stack above vCloud Director as a
new user entry point/UI, but not obscuring it entirely, as to allow for vCloud Director to be an entry point as well.
vCloud Request Manager is a front-end to the default vCloud Director portal to be exposed to those users who
need the policy-based approval/provisioning/tracking functionality over the more freeform vCloud Director UI.
vCloud Request Manager adds a vApp request/approval cycle to vCloud Director. This adds a flexible
mechanism by which vApps in catalogs can be requested, approved, and provisioned, based on business needs.
The included workflows can be modified as needed to match these requirements.
vCloud Request Manager adds simple software asset tracking and pairs these assets with vApps in the catalog.
The quantity of available licenses of a particular package that is being tracked is decremented each time a vApp
with that package is provisioned, and incremented when the vApp is destroyed. This license-to-vApp
relationship is managed manually inside vCloud Request Managers workflow engine.
Lastly, vCloud Request Manager provides easy creation tools for new private clouds with approval cycles
included. This enables the quick creation of new cloud instances (organizations) based on blueprints of cloud
policies and parameters.
One obvious application for this technology is adding lifecycle management to vApps provisioned in the private
clouds, a solution formerly covered by vCenter Lifecycle Manager.
vCloud Request Manager also provides a simplified interface for requesting resources from multiple cloud
installations. vCloud Request Manager can be explored as an option if you require a single interface for all of
your cloud installations. vCloud Request Manager does not provide the full richness of vApp management in a
cloud environment. Several third party solutions exist as well that can provide one interface to multiple cloud
installations.
Refer to the vCloud Request Manager Installation and Configuration Guide for specific installation requirements.
vCloud Request Manager runs in its own virtual machine separate from vCloud Director.
Note that several objects in vCloud Request Manager map to corresponding vCloud Director objects but do not
use consistent terms. They include:
organization in vCloud Request Manager refers to a vCloud Director system instance
location in vCloud Request Manager refers to an organization in vCloud Director
cloud in vCloud Request Manager refers to an organization vDC in vCloud Director
T ECHNICAL W HI T E P A P E R / 3 5
VMware vCloud
Architecting a vCloud
vCloud API
vCloud
Director
vShield Edge
vCloud
Connector
vCenter
Orchestrator
VMware vSphere
The vCloud API allows for interacting with a vCloud and can be used to facilitate communication with vCloud
Director using a UI other than the portal included with vCloud Director. For example, vCloud Request Manager
communicates with vCloud Director using the vCloud API. The vCloud API is the cornerstone to federation and
ecosystem support in a vCloud environment. All of the current federation tools talk to the vCloud environment
through the vCloud API. The ISV ecosystem also uses the vCloud API to allow their software to talk to vCloud
environments. It is very important that a vCloud environment exposes the vCloud API to the cloud consumer.
Currently, VMware vCloud Director is the only software package that exposes the vCloud API. In some
environments, vCloud Director is deployed behind a portal or in another location not readily accessible to the
cloud consumer. In this case there needs to be an API proxy or relay in to have the vCloud API exposed to the
end consumer.
Due to the value of the vCloud API, some environments may wish to meter API usage and charge extra for it to
customers. Protecting the vCloud API through audit trails as well as API inspection is also a good idea. Lastly,
there are several cases where cloud providers may wish to extend the vCloud API with new features.
In order to aid in several of the vCloud API use cases discussed, the cloud provider may wish to implement an
API proxy. The vCloud API is a REST-based service that contains XML payloads. For this reason any suitable XML
gateway can be used to proxy the vCloud API. There are several third party solutions on the market that excel in
XML gateway services today. VMware has begun to partner with some of these vendors to develop joint
guidance on how to deploy their solutions in a vCloud Director environment. For the latest information on these
efforts and collateral, please contact your local VMware vCloud specialist.
vCloud API
vCloud
Director
vShield Edge
vCloud
Connector
vCenter
Orchestrator
VMware vSphere
vCenter Orchestrator (vCO) is a system for assembling operational workflows. The primary benefit of vCloud
Orchestrator is to coordinate multiple systems to achieve a composite operation that would have taken several
individual operations on different systems. It is not meant to replace the APIs that it in turn calls; rather, it is
meant to bring them together when necessary. In general, if an operation uses only one underlying system,
direct access to that system should be considered for efficiency and complexity reduction. In the vCloud use
case, orchestration can be used to automate highly repetitive tasks to avoid manual work and potential errors.
vCloud Orchestrator has a plug-in framework. There are plug-ins for VMware products such as vCenter Server,
vCloud Director, vCenter Chargeback. Thus, vCloud Orchestrator can orchestrate workflows at the VIM API, VIX
API, vCloud API, and Chargeback API levels.
T ECHNICAL W HI T E P A P E R / 3 6
VMware vCloud
Architecting a vCloud
There are three main categories of use cases that vCloud Orchestrator can help satisfy:
Cloud administration operations
Organization administration operations
Organization consumer operations
5.4.1 Cloud Administration Orchestration Examples
Here are some example use cases that highlight the value of vCloud Orchestrator to the cloud owner. These use
cases are primarily focused on infrastructure management and the control of the resource allocation process.
First, consider the case of a provider who wants to bring a new customer into their vCloud. The major steps
would be to create a new organization, users (possibly imported from Active Directory), networks, virtual
datacenters, and catalogs. The provider may also want to set up a recurring chargeback report so the tenant
can be billed, and possibly send an email notification to the tenant advising them that their new cloud
environment is ready.
Another example would be the case of a tenant request for additional external network capacity. In this case, the
provider may want to automate the creation of the network, which would include name generation, identification
and allocation of available VLAN and IP address range, configuration of the network switch and cloud perimeter
firewall, creation of the external network in vCenter, and finally allocation of the external network to the tenants
organization.
5.4.2 Organization Administration Orchestration Examples
There are operational tasks within the tenants organization that can benefit from automation as well. These are
typically tasks that address the vApp and virtual machine lifecycle management tasks including creation,
configuration, routine maintenance, and decommissioning.
Consider the case of virtual machine creation in an environment that uses Active Directory to identify services
such as authentication and printing. After deployment, the virtual machine must join the Active Directory
domain. In many cases it is preferable to use an organization unit (OU) other than the default Computers
Container. vCloud Orchestrator could be used to create the virtual machines computer account in the proper OU
prior to virtual machine deployment, insuring that the computer account name is unique and residing in the
proper OU. Similarly, when the virtual machine is decommissioned, the entry in the OU can be removed as part
of the same workflow.
Another example is the case where an organization administrator would like to manage recurring updates to a
software package or configuration element across several virtual machines in a single operation. In this case, a
workflow could be created to accept a list of systems and a source for the software or configuration as
parameters, and carry out the activity on each system.
5.4.3 Cloud Consumer Operation Orchestration Examples
These operations generally fall into the category of tasks that the organization administrator wants to offload as
a self-service operation. Performing the operation as a vCloud Orchestrator workflow provides an easy way to
expose the operation to a customer via the built-in web portal or via a customized portal that leverages the
web-services API. Many of the operations in this category can be satisfied directly via the vCloud Director UI;
however, there are candidates that affect multiple systems or fit better into a customer portal, which may be
better implemented as an orchestration workflow. None of this is exposed to the cloud consumer, which makes it
somewhat difficult. This has to be initiated by the cloud provider using the vCenter Orchestrator Client, unless
the provider creates a portal to front-end vCenter Orchestrator.
Some examples of these types of use cases would include resetting of system or user account passwords on
virtual machines using the VIX plug-in, putting a load balanced service into maintenance mode by stopping the
service, removing it from the load balancing pool and disabling monitors, loading certificates into virtual
machines, and deploying instances of custom applications from the organizations catalog.
vCloud Orchestrator can be used to create custom workflows at the vCloud API and VIM levels. vCloud Request
Manager is an alternative to vCloud Orchestrator that has built-in workflow functionality that integrates with
vCloud Director through the vCloud API.
T ECHNICAL W HI T E P A P E R / 3 7
VMware vCloud
Architecting a vCloud
For additional information on topics on vCO installation and configuration and workflow solution development,
refer to the vCenter Orchestrator v4.1 documentation set at http://www.vmware.com/support/pubs/
orchestrator_pubs.html.
vCloud API
vShield Edge
vCloud
Connector
vCenter
Orchestrator
VMware vSphere
As more clouds are stood up, several clouds from different sites within a private enterprise can form a larger
cloud, or a private and public cloud can form a hybrid cloud. Cloud consumers need a way to migrate workloads
in a federated cloud.
vCloud Connector (vCC) solves this problem by allowing you to perform migrations from all of your public and
private clouds and obtain a consistent view of them from a single interface. vCloud Connector needs to be
installed by cloud administrators but can be used by administrators and end users alike to view and manage
workloads. Once vCloud Connector has been deployed to a vSphere host and registered with a vCenter Server,
end users can access the vCloud Connector under Solutions and Applications from the vSphere Client where
the OVF was deployed.
5.5.1 vCloud Connector Placement
There are two considerations on where to place your vCloud Connector appliance.
The virtual appliance must be deployed to a vCenter Server that the target users can access via the vCenter
Client. The only user access is via the vSphere Client so users of vCloud Connector must have the right to login
to this vCenter Server.
Workload copy operations use the vCloud Connector appliance as a middleman, so network latency and
bandwidth between clouds needs to be considered. In some cases it may be preferred to run multiple
instances of vCloud Connector across multiple vCenter Servers to avoid network latency or consuming
excessive bandwidth.
vCloud
Connector
UI
Remote vCloud
vCloud Director
X
REST/HTTP(S)
REST/HTTP(S)
vCloud Connector
Appliance
vSphere
Client
VM
VM
VM
VM
vCloud API
REST/HTTP(S)
vCloud Director
Y
wa
re
vCenter Server
A
ESXi Host
VIM API
SOAP/HTTP(S)
vCenter Server
B
T ECHNICAL W HI T E P A P E R / 3 8
VMware vCloud
Architecting a vCloud
T ECHNICAL W HI T E P A P E R / 3 9
VMware vCloud
Architecting a vCloud
6.2 Logging
This section describes logging architecture concerns and logging as a service. Logging requirements and
considerations for a public vCloud can be extensive. The requirements and considerations for a private vCloud
typically may not be as rigorous. For a private vCloud, refer to enterprise-specific requirements and guidelines.
Logs should be available in a vCloud for numerous reasons, including the following:
Regulatory Compliance. Collect logs to make them available for analysis, security review, compliance
requirements, as described in the Appendix: Security Considerations. Individual logs can then be used to
satisfy specific compliance controls; for example, a user access log can be used to verify access to a resource is
only by authorized users.
T ECHNICAL W HI T E P A P E R / 4 0
VMware vCloud
Architecting a vCloud
Customer Requirements. End customers (tenants) can retrieve logs that pertain to their environment in order
to satisfying their own requirements, many of which, such as compliance, will likely be similar to provider
requirements.
Operational Integrity. Operational alerts should be defined where specific logs trigger notifications for further
remediation. This will typically be a backup alert, secondary to monitoring.
Troubleshooting. Closely related to operational integrity, troubleshooting can be done with logs. For example,
the use of vShield Edge logs can show whether or not a specific external connection request is being passed
through the firewall or NATed by the firewall.
6.2.1 Logging Architectural Considerations
Redundancy
Many components rely on syslog for logging events. Syslog is a UDP-based protocol that lacks delivery
guarantees. To help ensure delivery:
Verify that infrastructure components have physically and logically redundant network interfaces.
Send logs to two syslog targets.
Where only a single syslog target is possible, it is recommended to log to a local syslog daemon configured to
retransmit the logs to two remote syslog targets. For example, vCloud Director 1.0 only supports a single
syslog target for its activity logs.
Where possible, place log receivers on DRS so vCenter will restart them in the case of failure.
Scalability
vCloud infrastructure components generate a relatively low level of logs for provider infrastructure. Customer
components, especially vShield Edge firewalls, can generate a very high volume of logs. Collecting logs on IOPS
performance is critical. Collecting logs on CPU performance is negligible, but will matter for analysis.
It is highly recommended that logs be collected to dedicated log partitions on collection servers.
Reporting
Logs need to be available to tenants. They should be able to download in raw format all vCloud Director and VSE
logs pertaining to their organizations/networks. Logs with customer identifiers should be flagged or indexed for
retrieval.
Customer activity in vCloud Director will generate logs that are flagged with their organization ID.
vShield Edge devices do not have unique identifiers in vCloud Director 1.0. Therefore, it is VMware recommends
you keep NAT-routed organization external networks and fenced vApps connected only to single-tenant
provider networks. When the vShield Edge device is deployed by vCloud Director and its external IP address is
allocated, the tenant can then be identified by the IP address.
T ECHNICAL W HI T E P A P E R / 4 1
VMware vCloud
Architecting a vCloud
vCenter
Log Collection Node
ESXi
ESXi
ESXi
DB
Org vDC
Inc.
LaaS
Inc.
Customer vApps
vCenter
Log Collection Node
ESXi
ESXi
ESXi
Web - Report/DL
Inc.
VMware,
VMware,
Inc.
VMware,
Inc.
VMware,
Inc.
VMware,
VMware,
Inc.
VMware,
Inc.
Inc.
VMware,
VMware,
Inc.
Collection/Agents - HA
Inc.
Customer vApps
VMware,
v
C
O
Inc.
CBM
Inc.
vSE
VMware,
vSM
Org vDC
VMware,
vCD
v
C
O
VMware,
Inc.
VMware,
Inc.
VMware,
VMware,
Inc.
Customer Access
Downloads, Customer
Archiving
T ECHNICAL W HI T E P A P E R / 4 2
VMware vCloud
Architecting a vCloud
T ECHNICAL W HI T E P A P E R / 4 3
VMware vCloud
Architecting a vCloud
Private vCloud network routing and firewall requirements depend on security policies, organizational
requirements, and workloads of the enterprise. For further details, see the Appendix on Security.
T ECHNICAL W HI T E P A P E R / 4 4
VMware vCloud
Architecting a vCloud
To address a 99.99% uptime SLA, VMware can only control the resiliency of its vCloud platform components and
provide recommendations to mitigate single points of failure (SPOF) in the underlying infrastructure. A provider
can eliminate SPOF by ensuring redundancy, as listed below:
Redundant power sourced from multiple feeds, with multiple whips to racks, as well as sufficient backup
battery and generator capacity.
Redundant network components.
Redundant storage components.
Storage design needs to be able to handle the I/O load as well. Customer workloads may not be accessible
under high disk latency, file locks, and so forth.
Storage design should also be tied to business continuity and disaster recovery efforts, possibly including
array level backups.
Redundant server components (multiple independent power supplies, network interface cards (NICs), and, if
appropriate, host based adaptors (HBAs).
Sufficient compute resources for a minimum of N+1 redundancy within a vSphere HA cluster including
sufficient capacity for timely recovery.
Redundant databases and management
Appropriate change, incident, problem and capacity management processes must also be well defined and
enforced to make sure that poor operational processes do not result in unnecessary downtime. In addition to a
redundant infrastructure, employees or contractors responsible for operating and maintaining the environment
and the supporting infrastructure must be adequately trained and skilled.
A vCloud is capable of supporting an uptime SLA of 99.99% by following the guidelines in the table in Appendix
on vCloud Availability. The availability recommendations in the table allow a vCloud to achieve a 99.99% uptime
SLA but only with no SPOFs in the underlying infrastructure, required skills available, and suitable processes
defined and followed.
6.4.2 Load Balancing of vCloud Director Cells
vCloud Director (vCloud Director) cells are stateless front-end processors for the vCloud. Each cell has a variety
of purposes and self-manages various functions among cells, while connecting to a central database. The cell
manages connectivity to the cloud and provides both API and UI end-points, or clients.
Multiple cells (a load balanced group) should be used to address availability and scale. This is typically achieved
by load balancing or content switching this front-end layer. Load balancers present a consistent address for
services regardless of the underlying node responding. They can spread session load across cells, and monitor
cell health and add/remove cells from the active service pool. The group should not be considered a true cluster
since there is no failover from one cell to another.
In general, any load balancer that supports SSL session persistence and has network connectivity to the public
facing Internet or internal service network can perform load balancing of vCloud Director cells. General concerns
around performance, security, manageability, and so forth should be taken into account when deciding to share
or dedicate load balancing resources.
For the purposes of this reference architecture, the load balancer is assumed to be a dedicated virtual machine
or hardware device.
For additional information on load balancing, see the Appendix on vCloud Availability, and the section on load
balancers.
T ECHNICAL W HI T E P A P E R / 4 5
VMware vCloud
Architecting a vCloud
T ECHNICAL W HI T E P A P E R / 4 6
VMware vCloud
Architecting a vCloud
Within a vCloud environment, a vApp can be a single virtual machine or group of virtual machines, treated as
one object. Backup of vApps on isolated networks must be supported. Identifying inventories of individual
organizations becomes challenging based on current methods that enumerate the backup items using vSphere,
which uses UUIDs to differentiate objects whereas vCloud Director uses object IDs.
For backing up and restoring vApps, VMware recommends the use of vStorage API Data Protection (VADP)
based backup technologies. This technology has no agents on Guest OSs, is centralized for improved
manageability, and has a reduced dependency on backup windows.
Guest-based backup solutions may not work in a vCloud because not all virtual machines are accessible by
network. Also, virtual machines may have identical IP addresses that can cause problems. Therefore, backups of
vCloud vApps must require a virtual machine-level approach.
When deploying virtual machines (as part of a vApp), use the full name and computer name fields to specify
realistic names that will help describe the virtual machines. If this is not done, the generic information in these
fields can make it hard to specify individual virtual machines. vApps and virtual machines that are provisioned by
vCloud Director have a large GUID template_name,which means many virtual machines could appear to be very
similar and make it hard for a user or administrator to ask for a specific virtual machine to be restored.
VMware Solutions
VMware Data Recovery is a vStorage API Data Protection based solution from VMware. Other vStorage API Data
Protection based backup technologies are available from third-party backup vendors. Currently due to the UUID
versus object ID issue discussed above, VMware Data Recovery cannot be used with VMware vCloud Director.
Backup of vCloud workloads has a few requirements to address. VMware recommends that clients validate the
level of support provided by the vendor to make sure client requirements are supported. Here is a list of Cloud
vApp requirements to ask your vendor about:
vA p p R e q u i r e m e n t
D e ta i l
vApp requirements
T ECHNICAL W HI T E P A P E R / 4 7
VMware vCloud
Architecting a vCloud
Challenges
The following is a list of backup and restore challenges:
vApp naming posing conflict issues between tenants
vApp meta data required for recovery
Multi-object vApp backup (protection groups for multi-tiered vApps)
Manual recovery steps in the cloud
Support for backup of vApps on isolated networks or with no network connectivity
Enumeration of vApps by organization for use by the organization administrator
Enumeration of vApps by organization and provider for use by the organization provider
User initiated backup/recovery
Support of provider (provider administrator) and consumer (organization administrator and user)
T ECHNICAL W HI T E P A P E R / 4 8
VMware vCloud
Architecting a vCloud
T y p e o f R e s o u rc e P o o l
Tota l P e rc e n tag e
Tota l V M s
Pay-As-You-Go
50%
750
37.5%
563*
10%
150
2.5%
37*
TOTAL
100%
1,500
* Note: Some total virtual machines are rounded up or down due to percentages.
Table 7. Definition of Resource Pool and Virtual Machine Split
The Service Definition for a Public Cloud also calls out the distribution for virtual machines in the environment
with 45% small, 35% medium, 15% large, and 5% extra large. Below is a table that shows the total amount of
memory, CPU, storage, and networking based on the assumptions and the total virtual machine count from the
Service Definition for a Public Cloud.
It e m
P e rc e n t
v C PU s
Memory
Sto rag e
N e tw o r k i n g
Small
45%
675
675 GB
40.5 TB
400 GB
Medium
35%
1,050
1,050 GB
31.5 TB
300 GB
Large
15%
900
900 GB
54 TB
400 GB
Extra Large
5%
600
600 GB
4.5 TB
200 GB
TOTAL
(1,500)
100%
3,225
3,225 GB
130.5
1,300 GB
The above numbers may shock you. Before you determine your final sizing numbers, you should refer to VMware
best practices for common consolidation ratios on the above resources. An example table below shows what
final numbers could look like using typical consolidation ratios seen in field deployments.
R e s o u rc e
Before
R at i o
After
CPU
3,225
8:1
403 vCPUs
Memory
3,225 GB
1.6:1
2,016 GB
Storage
130.5 TB
2.5:1
52 TB
Network
1,300 GB
6:1
217 GB
T ECHNICAL W HI T E P A P E R / 4 9
VMware vCloud
Architecting a vCloud
The above calculations do not take into account the storage consumed by consumers or providers templates.
The above calculations also do not take into account the resources consumed by the vShield Edge appliances
that are deployed for each organization. There will be a vShield Edge for each private organization network and
external organization network. Given the current Service Definition target of 25 organizations, a maximum of 275
vShield Edge appliances will be created.
The specifications for each vShield Edge appliance are listed below.
CPU: 1 vCPU
Memory: 64 MB
Storage: 16 MB
Network: 1 GigE (this is already calculated in the throughput of the workloads and should not be added again)
T ECHNICAL W HI T E P A P E R / 5 0
VMware vCloud
Architecting a vCloud
2a
Service Definition for a
Public Cloud
Public Cloud
(Service Provider)
3
Architecting a vCloud
2b
4b
Service Definition for a
Private Cloud
Private Cloud
Private vCloud
Implementation Example
Use as a reference for what a
vCloud architecture design
document can/should look like.
Audience: vCloud Architect familiar with vSphere best practices (ideally VCP-level) and exposure to vCloud product components
T ECHNICAL W HI T E P A P E R / 5 1
VMware vCloud
Architecting a vCloud
Mbean
com.vmware.vcloud.diagnostics.UserSessions
Description
Cardinality
Instance ID
n/a
Attribute
Description
totalSessions
successfulLogins
failedLogins
G lo ba l u s e r s e s s i o n s
Mbean
com.vmware.vcloud.GlobalUserSessionStatistics
Description
Cardinality
Instance ID
n/a
Attribute
Description
organization
active
Open_Session
Data acc e s s d i ag n o s t i c s
Mbean
com.vmware.vcloud.diagnostics.DataAccess
Description
Cardinality
Instance ID
Conversation
Attribute
Description
lastAccessInfo.objectType
lastAccessInfo.accessTime
worstAccessInfo.objectType
worstAccessInfo.accessTime
Databa s e C o n n e ct i o n P o o l
Mbean
com.vmware.vcloud.datasource.globalDataSource
Description
Cardinality
T ECHNICAL W HI T E P A P E R / 5 2
VMware vCloud
Architecting a vCloud
Lo ca l u s e r s e s s i o n s
Instance ID
Attribute
Description
abandonedConnectionTimeout
availableConnectionsCount
borrowedConnectionsCount
connectionHarvestMaxCount
connectionHarvestTriggerCount
connectionPoolName
connectionWaitTImeout
databaseName
dataSourceName
fastConnectionFailoverEnabled
inactiveConnectionTimeout
initialPoolSize
loginTImeout
maxConnectionReuseCount
maxIdleTime
maxPoolSize
maxStatements
minPoolSize
networkProtocol
ONSConfiguration
portNumber
SQLForValidateConnection
timeoutCheckInterval
timeToLiveConnectionTimeout
URL
user
validateConnectionOnBorrow
V I M O p e rat i o n s
Mbean
com.vmware.vcloud.diagnostics.VlsiOperations
Description
Cardinality
Instance ID
Attribute
Description
ObjectType.MethodName.httpTime
VMware vCloud
Architecting a vCloud
Lo ca l u s e r s e s s i o n s
Pr e s e n tat i o n A PI M e t h o d s
Mbean
com.vmware.vcloud.diagnostics.VlsiOperations
Description
Cardinality
Instance ID
method name
Attribute
Description
currentInvocations
totalFailed
totalInvocations
executionTime
J e tt y
Mbean
com.vmware.vcloud.diagnostics.Jetty
Description
Cardinality
Instance ID
Attribute
Description
Active
R ES T A PI
Mbean
com.vmware.vcloud.diagnostics.VlsiOperations
Description
Cardinality
Instance ID
Attribute
Description
currentInvocations
totalFailed
totalInvocations
executionTime
Ta s k E x e c u t i o n
Mbean
com.vmware.vcloud.diagnostics.TaskExecutionJobs
Description
Cardinality
1 per task
Instance ID
Name of task
Attribute
Description
currentInvocations
VMware vCloud
Architecting a vCloud
Lo ca l u s e r s e s s i o n s
totalFailed
totalInvocations
executionTime
Q u e r y S e rv i c e ( UI )
Mbean
com.vmware.vcloud.diagnostics.QueryService
Description
Cardinality
1 per query
Instance ID
query name
Attribute
Description
currentInvocations
totalFailed
totalInvocations
executionTime
returnedItems
VC Ta s k M a n ag e r
Mbean
com.vmware.vcloud.diagnostics.VcTasks
Description
Cardinality
Instance ID
Attribute
Description
successfulTasksCount
failedTasksCount
waitForTaskInvocationsCount
completedWaitForTasksCount
historicalTasksCount
vcRetrievedTaskCompletionsCount
taskCompletionMessagesPublishedCount
taskCompletionMessagesReceivedCount
success_elapsedTaskWaitTime
failed_elapsedTaskWaitTIme
Mbean
com.vmware.vcloud.diagnostics.VimInventoryUpdates
Description
Cardinality
Instance ID
ObjectUpdate
Attribute
Description
T ECHNICAL W HI T E P A P E R / 5 5
VMware vCloud
Architecting a vCloud
Lo ca l u s e r s e s s i o n s
totalUpdates
totalFailed
executionTime
V I M I n v e n to r y Ev e n t s
Mbean
com.vmware.vcloud.diagnostics.VimInventoryEvents
Description
Cardinality
Instance ID
event name
Attribute
Description
totalInvocations
totalFailed
executionTime
VC Obj e ct Va l i dat i o n s
Mbean
com.vmware.vcloud.diagnostics.VcValidation
Description
Cardinality
Instance ID
Attribute
Description
totalInvocations
executionTime
totalItemsInQueue
objectsInQueue
objectBusyRequeueCount
total number of objects requeued for validation due to object being busy
loadValidationObjectTime
duplicatesDiscarded
Mbean
com.vmware.vcloud.diagnostics.Reactions
Description
Cardinality
Instance ID
Attribute
Description
totalReactionsFired
requeueCount
totalInvocations
executionTime
T ECHNICAL W HI T E P A P E R / 5 6
VMware vCloud
Architecting a vCloud
Lo ca l u s e r s e s s i o n s
failedReactions
objectRequeueCount
VC c o n n e ct i o n s
Mbean
com.vmware.vcloud.diagnostics.VimConnection
Description
Cardinality
1 per VC
Instance ID
Attribute
Description
Connected Count
Disconnected Count
Total disconnections
Start Count
Act i v e M Q
Mbean
com.vmware.vcloud.diagnostics.ActiveMQ
Description
Cardinality
1 global and 1 per peer VCSD cell (each cell other than the current
one)
Instance ID
Attribute
Description
lastHealthCheckDate
messageRoundTripDurationMs
unreachableCells
isHealthy
reachableCells
T ra n s f e r S e rv e r
Mbean
com.vmware.vcloud.diagnostics.TransferService
Description
Cardinality
Instance ID
Attribute
Description
successfulPuts
failedPuts
successfulUploads
T ECHNICAL W HI T E P A P E R / 5 7
VMware vCloud
Architecting a vCloud
Component
Availability
Failure Impact
Virtual machine
resource
consumption
VMware vCloud
Architecting a vCloud
M a i n ta i n i n g R u n n i n g W o r k loa d
M a i n ta i n i n g W o r k loa d Acc e s s i b i l i t y
Component
Availability
Failure Impact
VMware vCenter
Server
VMware vCenter
Database
vCloud component
databases (vCloud
Director and
Chargeback)
VMware vCenter
Chargeback
vC lo u d I n f ra s tr u ct u r e Pr ot e ct i o n
Component
Availability
Failure Impact
T ECHNICAL W HI T E P A P E R / 5 9
VMware vCloud
Architecting a vCloud
M a i n ta i n i n g R u n n i n g W o r k loa d
vShield Manager
vCenter
Chargeback
vCloud Director
vShield Edge
T ECHNICAL W HI T E P A P E R / 6 0
VMware vCloud
Architecting a vCloud
D e s cr i p t i o n
Client software is generally not supported, although robust clients with static
IPs that support pre-shared key authentication can connect.
To configure vShield VPN, the endpoint connecting to the vShield Edge device must:
Support the following:
IKE for ISAKMP/Oakley
Pre-Shared Key Authentication Mode
3DES or AES128 encryption
SHA1 authentication
Diffie-Helman Group 2/5 (1024 bit/1536 bit, respectively)
PFS (Perfect Forward Secrecy)
ESP Tunnel Mode
Disable ISAKMP aggressive mode
11.2 Compliance
Audit concepts applied to a cloud environment, such as segmentation and monitoring, reveal new challenges.
Elasticity may break old segmentation controls and the ability to isolate sensitive data within a rapidly growing
environment. Role-based access controls and virtual firewalls must also demonstrate compatibility with audit
requirements for segmentation, including detailed audit trails and logs. Can a provider guarantee that an off-line
image with sensitive data in memory is accessible only by authorized users, and can a log tell who accessed it
and when? Multiple admin-level roles are necessary for cloud resource management.
The complexity of cloud environments, coupled with new and different technology, requires careful audits to
document and detail compliance. The following are a set of common audit concerns within the cloud.
T ECHNICAL W HI T E P A P E R / 6 1
VMware vCloud
Architecting a vCloud
Concern
D e ta i l
Hypervisor
May expose sensitive data when not configured and monitored properly;
physical and logical isolation has always been an audit concern. The ease
and speed of change to a virtualized environment within cloud
computing, often called elasticity, makes the setup of review of
segmentation controls even more critical to compliance.
Different/multiple primary
functions per host
A cloud can make much more efficient use of hardware, but this brings
auditors to assess whether sensitive data is at risk just from the proximity
of other virtual systems managed to a lesser level of security. Some
compliance standards for example, require one primary function per
server (or virtual server), as illustrated below.
App App App
App
Regulated
Data
App App
FW, IDS, AV
FW, IDS AV
ESXi
ESXi
Server
Server
Server
Routers
Switches
Management
Controls
App App
Nonregulated Data
Distributed Network
Hypervisor
ESXi
ESXi
Cluster
Storage Fabric
Physical
Storage
Server
The ability of systems to quickly change and move within the cloud gives
auditors a need to track this.
Customers need a view of their audit trails that is unique to their own use
of the cloud environment and that can be used for investigations.
Providers must enhance the sophistication of existing log tools in order to
keep up with the new technology and new management practices within
a cloud environment.
T ECHNICAL W HI T E P A P E R / 6 2
VMware vCloud
Architecting a vCloud
T ECHNICAL W HI T E P A P E R / 6 3
VMware vCloud
Architecting a vCloud
FW, IDS, AV
App
Regulated
Data
App App
App App
Nonregulated Data
Distributed Network
ESXi
Hypervisor
Log Collection
Cluster
ESXi
ESXi
ESXi
Storage Fabric
Physical
Storage
Server
Server
Server
Server
Routers
Switches
T ECHNICAL W HI T E P A P E R / 6 4
VMware vCloud
Architecting a vCloud
Logs, generated by VMware components, must be maintained by the provider but also must be available to
tenants. Tenants should be able to download in raw format all vCloud Director and VSE logs pertaining to their
organizations/networks. Logs with customer identifiers should be flagged or indexed for retrieval. The following
diagram illustrates architecture of vCloud components and log collection.
Log Reporting Archive
Log Analysis
Log Analysis
vSE
eVDC
vCenter Orchestrator
vCD
Server
vCD
Server
vCC
vCD DB
vCC DB
vCenter
vCenter
Server
vShield
Manager
vCenter DB
VMware
vSphere
VMware
vSphere
Customer
Env Log
Collector
VM
VM
VM
VM
vCenter
vShield
Manager
vCenter
Server
vCenter DB
VMware
vSphere
VMware
vSphere
Storage Pools
The following table illustrates to which logs a vCloud tenant must have access.
V M war e C o m p o n e n t
Pr ov i d e r Lo g s
T e n a n t Lo g s
Other components also generate logs in the cloud environment that must be maintained by the provider but
direct tenant access is not required.
T ECHNICAL W HI T E P A P E R / 6 5
VMware vCloud
Architecting a vCloud
Ot h e r C o m p o n e n t
Pr ov i d e r Lo g s
T e n a n t Lo g s
Logs in the vCloud Datacenter environment can further be categorized into four logical business layers:
1. Cloud Application: Represents the external interface that the enterprise administrators of the cloud are able
to interact with. These administrators are authenticated and authorized at this layer, and have no (direct or
indirect) access to the underlying infrastructure. They interact only with the Business Orchestration Layer.
2. Business Orchestration: Represents both the configuration entities of the cloud, as well as, the governance
policies to control the cloud deployment. vCenter Chargeback:
Service Catalog: Presents the different service levels available and their configuration elements
Service Design: Represents the service level and specific configuration elements along with any policies
defined.
Configuration Management Database (CMDB): Represents the system of record, which may be federated
with enterprise CMDB.
Service Provision: Represents the final configuration specification.
3. Service Orchestration: Represents the provisioning logic for the cloud infrastructure. This layer consists of
an orchestration director system and automation elements for network, storage, security, and server/
compute vCenter Server (VC), VMware vCloud Director (vCloud Director), vCenter Orchestrator (vCO).
4. Infrastructure Layer: Represents the physical and virtual compute, network, storage, hypervisor, security
and management components vSphere Server (ESXi), vShield Manager (VSM), vShield Edge (VSE).
T ECHNICAL W HI T E P A P E R / 6 6
VMware vCloud
Architecting a vCloud
Custom/Enterprise
Portal
API
Administrators
Policy
Application Admin
Application
Management
Users
Service
Design
Enterprise
CMDB
Service
Provision
Business Admin
Business
Management
Storage
Automation
Load
Balancer
Storage
AppVM
AppVM
Security
Automation
Orchestration Admin
IDS
Firewall
Service
Orchestration
Network
Automation
Service
Management
Federated
CMDB
Server
Automation
AppVM
Firewall
Network
Security
Storage
Compute
Management
Load
Balancer
Hypervisor
Infrastructure Admin
Infrastructure
Management
Infrastructure Layer
Storage
AppVM
AppVM
Physical
AppVM
The abstraction of these four layers and their security controls helps illustrate audit and compliance
requirements for proper authentication and segregation.
Cloud provider administrator accounts, for example, should be maintained in a central repository integrated with
two-factor authentication. Different tiers of cloud deployments (VPDCs) would be made available to enterprise
users. The following diagram illustrates architecture of vCloud components and log collection.
T ECHNICAL W HI T E P A P E R / 6 7
VMware vCloud
Architecting a vCloud
Audit events, as defined earlier, are not the only event types. Diagnostic logs, described below, contain
information about system operation events and are stored as files in the local file system of each cells OS.
Diagnostic logs can be useful for problem resolution but are not intended to preserve an trail of system
interactions for audit. Each VMware vCloud Director cell creates several diagnostic log files described in the
Viewing the vCloud Director Logs section of the VMware vCloud Director Administrators Guide.
Audit logs, on the other hand, do record significant actions, including login and logout. A syslog server can be
set up during installation as detailed in the vCloud Director Installation Guide. Exporting the logs to a syslog
server is required for compliance due to multiple reasons:
1. Database logs are not retained after 90 days, while logs transmitted via syslog can be retained as long as
desired.
2. It allows audit logs from all cells to be viewed together in a central location at the same time.
3. It protects the audit logs from loss on the local system due to failure, a lack of disk space, compromise, and
so on.
4. It supports forensics operations in the face of problems like those listed above.
5. It is the method by which many log management and Security Information and Event Management (SIEM)
systems will integrate with vCloud Director. This enables:
a. Correlation of events and activities across vCloud Director, vShield, vSphere, and even the physical
hardware layers of the stack
b. Integration of cloud security operations with the rest of the cloud providers or enterprises security
operations, cutting across physical, virtual, and cloud infrastructures
6. Logging to a remote system, rather than the system the cell is deployed on, provides data integrity,
that is, inhibits tampering. A compromise of the cell does not necessarily enable access to or alteration
of the audit log.
D e ta i l
Security
Sizing recommendations
for number of cells
T ECHNICAL W HI T E P A P E R / 6 8
VMware vCloud
Architecting a vCloud
C o n s i d e rat i o n
D e ta i l
Multiple vCloud Director cells require NTP (Network Time Protocol) which is a
best practice for all elements of the vCloud infrastructure.
Consult www.vmware.com/files/pdf/Timekeeping-In-VirtualMachines.pdf for
more information on how to set up NTP.
Proxy configuration
The cloud service URL should be mapped to the address provided via the load
balancer. This is configured in the vCloud Director administrator GUI as well as in
the load balancer configuration. This is the address that should be used to check
the health status of the vCloud Director cell.
Awareness of Multi-Cell
Roles
Some vCloud Director cell roles may consume high resources, for example,
image transfer. All cells can perform the same set of tasks but it would be
possible to set policies that effect which ones are used. See the advanced
configuration settings.
Sessions are generally provided in secure methods and are terminated at the
cells. Because of this, session persistence should be enabled using SSL.
Each load balancer service should be configured to check the health of the
individual vCloud Director cells. Since each cell responds via HTTPS, this can be
configured quickly via the IP and API end point URL. Load balancers may
support other types of health checks.
Generally services are checked every few-30 seconds based on load. A good
starting point is 5 seconds.
Example GUI URL - https://my.cloud.com/cloud/
Example API URL - https://my.cloud.com/api/versions
In the second example, the versions supported by this end point should be
returned as XML.
Public IP/port
The service IP should be specified appropriately before cells are added to the
service group. Typically port 443 is the only port exposed standard HTTPS.
Advanced configurations
Load balancers can also provide layer 7 content switching or direction, which
may allow a vCloud Director configuration send certain types of client traffic to
dedicated cells. While cells can perform any function, they can be utilized in a
dedicated fashion if they only receive those types of requests.
Connection mapping
When a cell joins an existing cluster, it may try and load balance sessions. This
may impact connection mapping thru the load balancer as it will be unaware of
the balancing happening within the cell cluster.
Session persistence
VMware vShield Edges load balancing functionality does not support SSL
session persistence today and may not be not be suitable at this point for this
application.
T ECHNICAL W HI T E P A P E R / 6 9
VMware vCloud
Architecting a vCloud
Referenced Document
Generate and import the CA signed wildcard certificate for vCloud Director
The CA will send you back the cert with a root cert and possibly an intermediate certificate
T ECHNICAL W HI T E P A P E R / 7 0
VMware vCloud
Architecting a vCloud
St e p
Referenced Document
Import the intermediate certificate (if there is one, it depends on your CA)
When you run the vCloud configuration script it looks for the correct aliases, you need to create them
by cloning the wildcard alias.
T ECHNICAL W HI T E P A P E R / 7 1
VMware vCloud
Architecting a vCloud
VMware vCloud
Architecting a vCloud
This step or subsequent certificate import steps may result in a trust this certificate? prompt from keytool(1),
so do not be surprised when this happens. Also be aware that the certificates.vmware) needs to be the same
keystore that the CSR was produced from.
NOTE: The keystore needs to be in JCEKS format, as vCloud Director 1.0 does not support other formats.
Import the Intermediate Certificate
Example:
$ /opt/vmware/cloud-director/jre/bin/keytool -storetype JCEKS -storepass <certificate passwd> -keystore
certificates.vmware -import alias intermediate -file EntrustCrossCertificate.cer
Create Correct Aliases for vCloud Directors Configuration Script
$ /opt/vmware/cloud-director/jre/bin/keytool -storetype JCEKS -storepass <certificate passwd> -keystore
certificates.vmware -keyclone alias wildcard -dest http
$ /opt/vmware/cloud-director/jre/bin/keytool -storetype JCEKS -storepass <certificate passwd> -keystore
certificates.vmware -keyclone alias wildcard -dest consoleproxy
Import the Wildcard Certificate
Example:
$ /opt/vmware/cloud-director/jre/bin/keytool -storetype JCEKS -storepass <certificate passwd> -keystore
certificates.vmware -import -alias http -file wildcard.cer
$ /opt/vmware/cloud-director/jre/bin/keytool -storetype JCEKS -storepass <certificate passwd> -keystore
certificates.vmware -import -alias consoleproxy -file wildcard.cer
Copy the Certificates
It may be obvious to the reader, but careful consideration should be made to ensure that you do not copy the
keystores into the $VCLOUD_HOME location, as this will only confuse you when you run the vCloud Director
configure tool which creates the certificates and proxycertificates files in $VCLOUD_HOME/etc. A more
important note is to ensure that the permissions are set such that the vcloud user has read access, and that the
files are not owned by root with the group and other bits unset).
Deleting an Entry from the Keystore
If you need to delete an entry from the keystore, then you can use the following procedure to do so.
Example:
$ /opt/vmware/cloud-director/jre/bin/keytool -storetype JCEKS -storepass <certificate passwd> -keystore
certificates.vmware -delete alias consoleproxy
Viewing and Verifying the Keystore Entries
The keystore used by vCloud Director is a storage mechanism for the cryptographic tokens. These tokens are
also known as entries, and we will see shortly how to view these keystore entry certificate details using
keytool(1). Each entry in a keystore is identified by a different alias or entry name. Entries also store their last
modified date/time. The KeyStore is also password protected. The password is required to load the keystore
and a password will be requested when saving a keystore for the first time. There are various different types of
KeyStores available, such as:
JKS Java KeyStore. Suns keystore format.
JCEKS Java Cryptography Extension KeyStore.
PKCS #12 Public-Key Cryptography Standards
BKS Bouncy Castle KeyStore.
UBER Bouncy Castle UBER KeyStore.
T ECHNICAL W HI T E P A P E R / 7 3
VMware vCloud
Architecting a vCloud
However, currently vCloud Director v1.0 only supports JCEKS, which is a more secure version of JKS.
As previously mentioned, to view the contents of a KeyStore that has already been created, you will need to
know the password, which is a random encrypted string. You can only verify a KeyStore that you have created or
know the password for. The following example shows you how to view the contents of the KeyStore entries.
There are two ways of passing the password to keytool(1). They are as follows:
$ /opt/vmware/cloud-director/jre/bin/keytool -storetype JCEKS -list -v -keystore certificates.vmware
Enter keystore password: <enter keystore password>
and
$ /opt/vmware/cloud-director/jre/bin/keytool -storetype JCEKS -list storepass <keystore passwd> -v -keystore
certificates.vmware
If you do not provide the correct KeyStore password you will see the following error message:
$ /opt/vmware/cloud-director/jre/bin/keytool -storetype JCEKS -list -v -keystore certificates.vmware
Enter keystore password: <incorrect keystore password>
keytool error: java.io.IOException: Keystore was tampered with, or password was incorrect
java.io.IOException: Keystore was tampered with, or password was incorrect
at com.sun.crypto.provider.JceKeyStore.engineLoad(DashoA13*..)
at java.security.KeyStore.load(KeyStore.java:1185)
at sun.security.tools.KeyTool.doCommands(KeyTool.java:620)
at sun.security.tools.KeyTool.run(KeyTool.java:172)
at sun.security.tools.KeyTool.main(KeyTool.java:166)
$
It is also worth mentioning that the vCloud Director cells do not share a common keystore. As it states in the
installation guide, each cell has its own keystore that contains two keys: one for the HTTP service and one for the
console proxy. If you use a wildcard certificate, you still need two entries in the keystore with the appropriate
aliases and since there is no cell-specific information in the keystore, you could use it for the configure step on
each cell.
It is also important to note that the keystore file should be protected by restrictive operating system
permissions. The password for the file should be stored securely or should be prompted for on server startup.
Things to Check
If you encounter any issues whilst setting up and implementing certificates in vCloud Director, such as the
infamous Cryptographic error then here are a few things to check.
1. Make sure that certificates-vmware is a JCEKS keystore, and not the default JKS type.
2. Make sure that any password for the keystore does not use special characters that the shell will interpret,
when the keystore is created, or that the arguments to keytool(1) were quoted to prevent the shell from
interpreting it (namely the dollar sign followed by anything or asterisk, and so on). There was a case
previously where a customer used something along the lines of -storepass ca$$ and wondered why the
configure script complained that that the password was wrong. It worked from one particular shell because
bash would expand $$ to be the PID of the current shell. Obviously the vCloud Director configure script
does not expand the value and kept using ca$$ instead of ca<someint>
3. Can you successfully list the certificates in the keystore or print it using /opt/vmware/cloud-director/jre/
bin/keytool? Given that the same Java platform code will be used under the covers to read in the keystore,
decrypt values, and so on, this is a good check to make sure that you have not done something wrong.
T ECHNICAL W HI T E P A P E R / 7 4
VMware vCloud
Architecting a vCloud
MD5: 80:04:E8:70:0E:F1:E8:8B:68:A7:7B:16:C7:69:60:FF
SHA1: B4:C8:82:88:63:2C:E6:08:6C:23:7D:5C:53:4A:C0:54:16:0A:08:88
Version: 3
Extensions:
T ECHNICAL W HI T E P A P E R / 7 5
VMware vCloud
Architecting a vCloud
T ECHNICAL W HI T E P A P E R / 7 6
VMware vCloud
Architecting a vCloud
Certificate[2]:
Owner: CN=Entrust Certification Authority - L1C, OU=(c) 2009 Entrust, Inc., OU=www.entrust.net/rpa is
incorporated by reference, O=Entrust, Inc., C=US
Issuer: CN=Entrust.net Certification Authority (2048), OU=(c) 1999 Entrust.net Limited, OU=www.entrust.net/
CPS_2048 incorp. by ref. (limits liab.), O=Entrust.net
Serial number: 7245h1sx
Valid from: Fri Dec 11 07:43:54 EST 2009 until: Wed Dec 11 08:13:54 EST 2019
Certificate fingerprints:
MD5: 2F:B3:00:F2:FA:12:7B:BD:82:95:70:05:96:17:DB:BE
SHA1: 61:43:AF:68:F7:B3:3A:47:94:04:74:98:8B:05:F7:B1:62:96:98:42
Version: 3
T ECHNICAL W HI T E P A P E R / 7 7
VMware vCloud
Architecting a vCloud
Extensions:
T ECHNICAL W HI T E P A P E R / 7 8
VMware vCloud
Architecting a vCloud
]] ]
]
Certificate[3]:
Owner: CN=Entrust.net Certification Authority (2048), OU=(c) 1999 Entrust.net Limited, OU=www.entrust.net/
CPS_2048 incorp. by ref. (limits liab.), O=Entrust.net
Issuer: CN=Entrust.net Certification Authority (2048), OU=(c) 1999 Entrust.net Limited, OU=www.entrust.net/
CPS_2048 incorp. by ref. (limits liab.), O=Entrust.net
Serial number: 8392k3du
Valid from: Sat Dec 25 04:50:51 EST 1999 until: Wed Jul 25 00:15:12 EST 2029
Certificate fingerprints:
MD5: EE:29:31:BC:32:7E:9A:E6:E8:B5:F7:51:B4:34:71:90
SHA1: 50:30:06:09:1D:97:D4:F5:AE:39:F7:CB:E7:92:7D:7D:65:2D:34:31
Version: 3
T ECHNICAL W HI T E P A P E R / 7 9
VMware vCloud
Architecting a vCloud
Extensions:
*******************************************
*******************************************
T ECHNICAL W HI T E P A P E R / 8 0
VMware vCloud
Architecting a vCloud
MD5: 80:04:E8:70:0E:F1:E8:8B:68:A7:7B:16:C7:69:60:FF
SHA1: B4:C8:82:88:63:2C:E6:08:6C:23:7D:5C:53:4A:C0:54:16:0A:08:88
Version: 3
Extensions:
T ECHNICAL W HI T E P A P E R / 8 1
VMware vCloud
Architecting a vCloud
]] ]
]
T ECHNICAL W HI T E P A P E R / 8 2
VMware vCloud
Architecting a vCloud
Certificate[2]:
Owner: CN=Entrust Certification Authority - L1C, OU=(c) 2009 Entrust, Inc., OU=www.entrust.net/rpa is
incorporated by reference, O=Entrust, Inc., C=US
Issuer: CN=Entrust.net Certification Authority (2048), OU=(c) 1999 Entrust.net Limited, OU=www.entrust.net/
CPS_2048 incorp. by ref. (limits liab.), O=Entrust.net
Serial number: 7245h1sx
Valid from: Fri Dec 11 07:43:54 EST 2009 until: Wed Dec 11 08:13:54 EST 2019
Certificate fingerprints:
MD5: 2F:B3:00:F2:FA:12:7B:BD:82:95:70:05:96:17:DB:BE
SHA1: 61:43:AF:68:F7:B3:3A:47:94:04:74:98:8B:05:F7:B1:62:96:98:42
Version: 3
Extensions:
T ECHNICAL W HI T E P A P E R / 8 3
VMware vCloud
Architecting a vCloud
]] ]
]
T ECHNICAL W HI T E P A P E R / 8 4
VMware vCloud
Architecting a vCloud
Certificate[3]:
Owner: CN=Entrust.net Certification Authority (2048), OU=(c) 1999 Entrust.net Limited, OU=www.entrust.net/
CPS_2048 incorp. by ref. (limits liab.), O=Entrust.net
Issuer: CN=Entrust.net Certification Authority (2048), OU=(c) 1999 Entrust.net Limited, OU=www.entrust.net/
CPS_2048 incorp. by ref. (limits liab.), O=Entrust.net
Serial number: 8392k3du
Valid from: Sat Dec 25 04:50:51 EST 1999 until: Wed Jul 25 00:15:12 EST 2029
Certificate fingerprints:
MD5: EE:29:31:BC:32:7E:9A:E6:E8:B5:F7:51:B4:34:71:90
SHA1: 50:30:06:09:1D:97:D4:F5:AE:39:F7:CB:E7:92:7D:7D:65:2D:34:31
Version: 3
Extensions:
T ECHNICAL W HI T E P A P E R / 8 5
VMware vCloud
Architecting a vCloud
T ECHNICAL W HI T E P A P E R / 8 6
VMware vCloud
Architecting a vCloud
T ECHNICAL W HI T E P A P E R / 8 7
VMware vCloud
Architecting a vCloud
It e m
Var i ab l e
Va lu e
Units
Processor Sockets
Nsocket,1
integer
integer
2.4
GHz
64
GB
Processor Cores
Processor Speed
Host Memory
Ncores,1
Sproc,1
Mhost,1
Calculating the total memory available is very straightforward; it is simply the total amount of RAM for the
vSphere host. Total CPU resources are calculated using the following formula:
D e s cr i p t i o n
Nnodes
Nredundant
Rredundancy,HA
T ECHNICAL W HI T E P A P E R / 8 8
VMware vCloud
Architecting a vCloud
Nnodes + Nredundant
Nnodes
= Rredundancy
For example, the level of redundancy is calculated below for a cluster size of ten nodes containing two
redundant nodes.
Nnodes + Nredundant
Nnodes
)( )
=
8+2
8
= 1.25 = Rredundancy
Once the ratio of redundancy is calculated, the number of units of consumption per provider vDC can be
determined with the following equation:
CPU resources per Cluster
Rredundancy, HA
PCPU, host
19.2GHz
NCPU, cluster =
8x19.2
1.25
122.88GHz
Nmem, host
64GB
N
M
Nmem, cluster = hosts, cluster mem, host
1.25
8 x 64
= 409.6GB
1.25
So weve now established that our example provider virtual datacenter has 122.88GHz of available CPU and
409.6GB of available memory, taking a vSphere cluster redundancy of N+2 into account. Next well look at some
guidance for capacity management as it applies to each of the consumption models.
T ECHNICAL W HI T E P A P E R / 8 9
VMware vCloud
Architecting a vCloud
Pay-As-You-Go Model
When an organization virtual datacenter is created in the Pay-As-You-Go model, a resource pool is instantiated
with expandable reservations. As such, the customer organization virtual datacenters contained on that provider
virtual datacenter can grow to consume all of the available provider virtual datacenter resources. While this
could be true in any vSphere environment, the added challenge in a vCloud is the use of reservations at the
vApp level. When an organization virtual datacenter is created out of a provider virtual datacenter using the PayAs-You-Go consumption model, a %guarantee is configured for CPU and memory. This is applied to each vApp
or virtual machine within a vApp. For example, if the service provider configures the organization virtual
datacenter with a 50% guarantee for CPU and 75% guarantee for memory, then the customer creates a virtual
machine consuming 1 vCPU of 1GHz and 1GB of memory, a reservation for that virtual machine will be set at 50%
of 1GHz, or 0.5 GHZ and 75% of 1GB, or 0.75GB of memory.
Since there is no way of knowing how a customer will define their virtual machine templates in their private
customer catalogs, coupled with the fact that organization virtual datacenters can expand on demand, VMware
recommends the following:
Calculate the total available CPU and memory resources (less an amount reserved for global catalog
templates), adjusted by the cluster redundancy ratio, at the provider virtual datacenter level
Establish a CPU and Memory %RESERVED threshold at the provider virtual datacenter level
Establish the %RESERVED for the provider virtual datacenter at a number in the 60% range initially
As the total amount of reserved CPU or reserved memory approaches the %RESERVED threshold, do not
deploy new organization virtual datacenters in that provider virtual datacenter without adding additional
resources. If the corresponding vSphere cluster has reached its maximum point of expansion, a new provider
virtual datacenter should be deployed and any new organization virtual datacenter s should be assigned to the
new provider virtual datacenter. In this way there is 40% of expansion capacity for the existing organization
virtual datacenters in the case where the provider virtual datacenter has reached its maximum point of
expansion.
CPU and memory over-commitment can be applied, and if so the %RESERVED value should be set lower than
if no over-commitment is applied due to the unpredictability of the virtual machine sizes being deployed (and
hence reservations being established)
Monitor the %RESERVED on a regular basis and adjust the value according to historical usage as well as project
demand
Allocation Model
When an organization virtual datacenter is created in the Allocation Model, a non-expandable resource pool is
instantiated with a %guaranteed value for CPU and memory that was specified. Using a %guaranteed value of
75%, this means if an organization virtual datacenter is created specifying 100GHz of CPU and 100GB of
memory, a resource pool is created for that organization virtual datacenter with a reservation of 75GHz and limit
of 100GHz for CPU and a reservation of 75GB with a limit of 100GB for memory. The additional 25%, in this
example, is not guaranteed and can be accessed only if its available across the provider virtual datacenter. In
other words, the 25% can be over-committed by the provider at the provider virtual datacenter level and
therefore may not be available depending on how ALL of the organization virtual datacenters in that provider
virtual datacenter are using it.
At the virtual machine level, when a virtual machine is deployed, it is instantiated with no CPU reservation but
with a memory reservation equal to the virtual machines memory allocation multiplied by the %guaranteed.
Despite the fact that no CPU reservation is set at the virtual machine level, the total amount of CPU allocated
across all virtual machines in that organization virtual datacenter is still subject to the overall CPU reservation of
the organization virtual datacenter established by the %guarantee value.
T ECHNICAL W HI T E P A P E R / 9 0
VMware vCloud
Architecting a vCloud
Based on this use of reservations in the Allocation Model, VMware recommends the following:
Calculate the total available CPU and memory resources (less an amount reserved for global catalog
templates), adjusted by the cluster redundancy ratio, at the provider virtual datacenter level
Determine how much resource, at the provider virtual datacenter level, you want to make available for
expanding organization virtual datacenters that are deployed to that provider virtual datacenter
Establish a CPU and Memory %RESERVED (guaranteed, not allocated) threshold at the provider virtual
datacenter level based on the %guaranteed less the amount reserved for growth. The remaining unreserved
resources are available to all organization virtual datacenters for bursting.
As the total amount of reserved CPU or reserved memory approaches the %RESERVED threshold, do not
deploy new organization virtual datacenters in that provider virtual datacenter without adding additional
resources. If the corresponding vSphere cluster has reached its maximum point of expansion, a new provider
virtual datacenter should be deployed and any new organization virtual datacenters should be assigned to the
new provider virtual datacenter. This gives some predetermined amount of capacity available for expanding
the existing organization virtual datacenters in the case where the provider virtual datacenter has reached its
maximum point of expansion.
CPU and memory over-commitment can be applied, but it should be based only on the amount of unreserved
resources at the provider virtual datacenter level, allowing for over-committing the resources available for
organization virtual datacenter bursting.
Monitor the %RESERVED on a regular basis and adjust the value according to historical usage as well as project
demand
Reservation Model
When an organization virtual datacenter is created in the Reservation Model, a non-expandable resource pool is
instantiated with the reservation and limit values equivalent to the amount of resources allocated. This means if
an organization virtual datacenter is created allocating 100GHz of CPU and 100GB of memory, a reservation pool
is created for that organization virtual datacenter with a reservation and limit of 100GHz for CPU and a
reservation and limit of 100GB for memory.
At the virtual machine level, when a virtual machine is deployed, it is instantiated with no reservation or limit for
either CPU or memory.
Based on this use of reservations in the Reservation Model, VMware recommends the following:
Calculate the total available CPU and memory resources (less an amount reserved for global catalog
templates), adjusted by the cluster redundancy ratio, at the provider virtual datacenter level
Determine how much resource, at the provider virtual datacenter level, you want to make available for
expanding organization virtual datacenters that are deployed to that provider virtual datacenter
Establish a CPU and Memory %RESERVED threshold at the provider virtual datacenter level equivalent to the
capacity of the underlying vSphere cluster, taking into account HA redundancy
As the total amount of reserved CPU or reserved memory approaches the %RESERVED threshold, do not
deploy new organization virtual datacenters in that provider virtual datacenter without adding additional
resources. If the corresponding vSphere cluster has reached its maximum point of expansion, a new provider
virtual datacenter should be deployed and any new organization virtual datacenters should be assigned to the
new provider virtual datacenter. In this way there is some predetermined amount of capacity available for
expanding the existing organization virtual datacenters in the case where the provider virtual datacenter has
reached its maximum point of expansion.
No over-commitment can be applied to the provider virtual datacenter in the Reservation Model, due to the
reservation being at the resource pool level
Monitor the %RESERVED on a regular basis and adjust the value according to historical usage as well as project
demand
T ECHNICAL W HI T E P A P E R / 9 1
VMware vCloud
Architecting a vCloud
Storage
VMware vCloud Director uses a largest available capacity algorithm for deploying virtual machines to
datastores. Storage capacity must be managed on both an individual datastore basis as well as in the aggregate
for a provider virtual datacenter.
In addition to considering VMware storage allocation best practices, manage capacity at the datastore level
using the largest virtual machine storage configuration, in terms of units of consumption, offered in the service
catalog when determining the amount of spare capacity to reserve. For example, if using 1 TB datastores (100
storage units of consumption based on a 10 GB unit of consumption) and the largest virtual machine storage
configuration is 6 storage units of consumption (60 GB), then applying the VMware best practice of
approximately 80% datastore utilization would imply managing to 82 storage units of consumption. This would
result in 82% datastore utilization and reserve capacity equivalent to 3 of the largest virtual machines offered in
the service catalog in terms of storage.
Im pact
IP Addresses
VLANs
Ephemeral Ports
T ECHNICAL W HI T E P A P E R / 9 2
VMware vCloud
Architecting a vCloud
M o n i to r e d p e r
%RESERVED CPU
%RESERVED Memory
CPU utilization
Memory utilization
Datastore utilization
provider vDC
vCloud
vCloud
T ECHNICAL W HI T E P A P E R / 9 3
VMware vCloud
Architecting a vCloud
Attr i b u t e
M o n i to r e d p e r
organization
vCloud
Once thresholds have been exceeded, the group responsible for capacity management of the vCloud should be
notified to add additional capacity. You should account for the time required to add the physical components
necessary to increase the capacity of a provider virtual datacenter. A vCloud-aware capacity management tool
should be deployed. Whichever tool is chosen, the capacity model can be used to forecast new provider virtual
datacenter capacity utilization as well as ongoing capacity management of existing provider virtual datacenters.
It should also account for expansion triggers based on provisioning timeframes.
Once a provider virtual datacenter has had its total amount of available resources calculated, no adjustments to
that provider virtual datacenter such as adding or removing hosts should be made without updating the
calculated value. This model may be altered if long-term CPU and memory reservations are not at the levels that
they were designed for. An increase in the resources allocated to an organization virtual datacenter can affect
the remaining capacity of a full provider virtual datacenter. Monitoring full provider virtual datacenters
should be done on a weekly basis. The resource consumption of virtual machines within an organization virtual
datacenter should be reviewed for trends that indicate the resources purchased for that organization virtual
datacenter are insufficient.
vCenter CapacitIQ, while not vCloud Director aware, can be used to provide insight into provider virtual
datacenter utilization and trends.
VMware vCloud
Architecting a vCloud
Var i ab l e
Va lu e
vCPU
PUC
1 GHz
MUC
Memory
1 GB
DUC
Storage
10 GB
Taking such an approach enables more efficient capacity management since the vApp component virtual
machine resource allocations are predefined in the Service Catalog resulting in vCloud Infrastructure resource
consumption being more accurately predicted.
Each organization will be provided with a finite quantity of resources (in the cases of the allocation and
reservation consumption models) from one or more provider virtual datacenters in the form of organization
virtual datacenters. This means that as the organization consumes the organization virtual datacenter resources,
a tripping point will need to be defined to make sure steps are taken to expand the organization virtual datacenter.
First, the resource consumption limits for an organizations organization virtual datacenters need to be defined,
with these limits defining when action needs to be taken to remove the potential capacity issue.
Attr i b u t e
Var i ab l e
Limit
D e s cr i p t i o n
organization virtual
datacenter CPU
Peak Utilization
CCPULimit
80%
organization virtual
datacenter Memory
Allocation Limit
CmemLimit
80%
T ECHNICAL W HI T E P A P E R / 9 5
VMware vCloud
Architecting a vCloud
The amount of CPU and Memory resources will vary dependant on the size of the organization virtual datacenter
contracted for. The table below provides an example of the resources needed to calculate the organization
virtual datacenters capacity.
It e m
Var i ab l e
Va lu e
Units
Total organization
virtual datacenter
vCPU Units of
Consumption
SorgvDC
50
GHz
organization virtual
datacenter Memory
Allocation in Units of
Consumption
MorgvDC
64
GB
The number of capacity units available within this organization virtual datacenter is found by using the following
equations.
Determining organization virtual datacenter memory units of consumption
MUC, orgVDC =
CmemLimit MorgVDC
MUC
Based on the information from the above tables, the total memory unit of consumption for the organization
virtual datacenter is calculated as shown below.
MUC, orgVDC =
CmemLimit MorgVDC
MUC
)(
=
0.8 x 64
1
51.2GB
This results in 51.2 memory units of consumption for the sample organization virtual datacenter.
Determining organization virtual datacenter CPU units of consumption
PUC, orgVDC =
SorgVDC CCPULimit
PUC
Based on the information from the above tables, the CPU units of consumption per organization virtual
datacenter are calculated as shown below.
PUC, orgVDC =
SorgVDC CCPULimit
PUC
)(
=
50 x 0.8
1
40GHz
This results in 40 CPU units of consumption for this sample organization virtual datacenter.
T ECHNICAL W HI T E P A P E R / 9 6
VMware vCloud
Architecting a vCloud
Nam e
D e s cr i p t i o n
Units
orgvDC
Organization virtual
datacenter
Identifier
Dbuild
Build Date
Date
NUC,cpu
CPU Units of
Consumption
CPU Units of
Consumption
NUC,mem
Memory Units of
Consumption
Memory Units of
Consumption
NVGB
Storage
GB
T ECHNICAL W HI T E P A P E R / 9 7
VMware vCloud
Architecting a vCloud
Nam e
D e s cr i p t i o n
Units
Time
Weeks
NcpuUC
CPU Units of
Consumption
NmemUC
Memory Units of
Consumption
NVGB
GB
Tpurchase
Organization Virtual
Datacenter Expansion
Purchase Time
Weeks
NcpuUC
NmemUC
NVGB
NcpuUC
NmemUC
T
NVGB
T
T ECHNICAL W HI T E P A P E R / 9 8
VMware vCloud
Architecting a vCloud
Va lu e
NcpuUC
12
NmemUC
12
NVGB
360 GB
Tpurchase
2 weeks
NcpuUC,cluster
320
NmemUC,cluster
717
In this example, NcpuUC,free and NmemUC,free represents the number of free resources within an organization
virtual datacenter at which point additional organization virtual datacenter resources should be ordered. In order
to determine the trigger point for ordering equation 6 should be used if no pipeline data exists.
Determining Trigger Point For Ordering Capacity Using Trends
For storage, in this example, the trigger point is calculated at 720 GB:
Tpurchase
360 x 2 = 720GB
T ECHNICAL W HI T E P A P E R / 9 9
VMware vCloud
Architecting a vCloud
VMware, Inc. 3401 Hillview Avenue Palo Alto CA 94304 USA Tel 877-486-9273 Fax 650-427-5001 www.vmware.com
Copyright 2010 VMware, Inc. All rights reserved. This product is protected by U.S. and international copyright and intellectual property laws. VMware products are covered by one or more patents listed
at http://www.vmware.com/go/patents. VMware is a registered trademark or trademark of VMware, Inc. in the United States and/or other jurisdictions. All other marks and names mentioned herein may be
trademarks of their respective companies. Item No: VMW_11Q1_WP_ArchitectingvCloud_p100_R2