Professional Documents
Culture Documents
EMC COMPUTE-AS-A-SERVICE
EMC Ionix IT Orchestrator, VCE Vblock Infrastructure Platforms,
VMware vCloud Director
Automate provisioning of infrastructure services
Introduce new services with an integrated framework
Abstract
This white paper explores the integration of cloud technology components into
a Compute-as-a-Service platform that enables service providers to deploy and
manage cloud-based services, and tenants to adopt and customize those
services into their business.
February 2012
EMC Compute-as-a-Service
EMC Ionix IT Orchestrator, VCE Vblock Infrastructure Platforms, VMware vCloud Director
Table of contents
Executive summary ............................................................................................................................. 5
Business case .................................................................................................................................. 5
Solution overview ............................................................................................................................ 5
Key benefits ..................................................................................................................................... 6
Introduction ....................................................................................................................................... 7
Purpose ........................................................................................................................................... 7
Scope .............................................................................................................................................. 7
Audience.......................................................................................................................................... 7
Terminology ..................................................................................................................................... 7
CaaS overview .................................................................................................................................... 8
What is Compute-as-a-Service? ........................................................................................................ 8
Self-service portals ...................................................................................................................... 8
Orchestration tools ...................................................................................................................... 9
Secure multi-tenant-enabled shared environment ....................................................................... 9
The six design principles of CaaS ................................................................................................... 10
High availability and protection ................................................................................................. 10
Secure separation ..................................................................................................................... 11
Security and compliance ........................................................................................................... 11
Service assurance, metering, and billing ................................................................................... 12
Tenant management and control ............................................................................................... 12
Service provider management and control................................................................................. 13
Summary ................................................................................................................................... 13
EMC Ionix IT Orchestrator ................................................................................................................. 14
Overview ........................................................................................................................................ 14
Adapters ........................................................................................................................................ 15
Design Studio ................................................................................................................................ 15
EMC Ionix Unified Infrastructure Manager ......................................................................................... 17
Overview ........................................................................................................................................ 17
Service catalog and service offerings ............................................................................................. 17
VMware vCloud Director.................................................................................................................... 19
Overview ........................................................................................................................................ 19
Compute resources ........................................................................................................................ 19
Networks and security .................................................................................................................... 21
Network pools ................................................................................................................................ 22
Network models ............................................................................................................................. 23
EMC Compute-as-a-Service
EMC Ionix IT Orchestrator, VCE Vblock Infrastructure Platforms, VMware vCloud Director
EMC Compute-as-a-Service
EMC Ionix IT Orchestrator, VCE Vblock Infrastructure Platforms, VMware vCloud Director
Executive summary
Business case
Solution overview
Provide the necessary security and data protection reassurance to end users
that helps accelerate cloud-service adoption.
EMC Compute-as-a-Service
EMC Ionix IT Orchestrator, VCE Vblock Infrastructure Platforms, VMware vCloud Director
Key benefits
EMC Ionix IT OrchestratorOffers service providers a scalable, highperformance enterprise solution to orchestrate and automate their public cloud
services.
Service providers can accelerate the time to deploy new services, leveraging an
architecture that integrates management, orchestration, compute, storage, and
network resources.
The solution provides a foundation for additional services like backup and data
protection, and increased agility in business processes through easy and fast
provisioning of required resources.
EMC Compute-as-a-Service
EMC Ionix IT Orchestrator, VCE Vblock Infrastructure Platforms, VMware vCloud Director
Introduction
Purpose
This white paper explores the integration of cloud technology components into a
CaaS platform that allows:
Scope
This white paper discusses multiple EMC products and products from other vendors.
General configuration and operational procedures are outlined. For detailed product
installation information, refer to the relevant product documentation.
Audience
This white paper is intended for EMC employees, partners, and customers, including
IT planners, virtualization architects and administrators, and any others involved in
evaluating, acquiring, managing, operating, or designing a CaaS infrastructure
environment using EMC technologies.
It is assumed that the reader is familiar with the concepts and operations related to
virtualization technologies and their use in a cloud infrastructure.
Terminology
Terminology
Term
Definition
API
CMDB
Organization
Service Catalog
Tenant
vApp
EMC Compute-as-a-Service
EMC Ionix IT Orchestrator, VCE Vblock Infrastructure Platforms, VMware vCloud Director
CaaS overview
What is Computeas-a-Service?
A self-service portal
An orchestration tool
Self-service portals
Self-service portals and service catalogs play a key role in a service-orientated
architecture. These allow users to select what they need from a published service
catalog, providing an experience similar to internet shopping.
There are various portal and service catalogs available that perform all or some of the
functions required by a service provider or a customer. Cloud providers can choose to
develop their own portal or integrate the cloud offering into an existing portal that
they own. Choosing a portal/catalog depends on what functionality is needed,
existing systems, and price, as well as other considerations.
For the discussions and use cases in this document, the Ionix IT Orchestrator
integrated portal is used as a front end to enable:
Customers to select and provision vApps from the VMware vCloud Director
service catalog
EMC Compute-as-a-Service
EMC Ionix IT Orchestrator, VCE Vblock Infrastructure Platforms, VMware vCloud Director
Orchestration tools
An orchestration tool allows you to define the workflows and operations needed to
deploy the service and execute it on demand. It can automate all kinds of processes
that would otherwise involve manual operations.
For example, it can automate:
Several major orchestrators are available, such as EMC Ionix IT Orchestrator, VMware
vCenter Orchestrator, and Cisco Intelligent Automation; EMC has CaaS solutions for
all these technologies. In general, most orchestrators are capable of handling all or
some of the same tasks. The specific choice for an environment is likely to be
determined by the particular automation needs of that environment, existing
components, and the plug-ins and APIs that are available to enable orchestrators to
integrate with those components. The choice of orchestration tool also depends on
existing skill sets and those required to successfully build complex workflows.
Secure multi-tenant-enabled shared environment
Any CaaS solution should have a systematic approach to secure separation at its
core, with a necessarily heavy focus on multi-tenancy. While the underlying
computing resources may be shared, tenant organizations must be confident that the
logical boundaries and technical controls in the CaaS solution ensure that the
highest degree of separation and security are achieved in a multi-tenanted
environment.
This is achieved using a combination of multiple components within the CaaS stack,
including:
VMware vShield
VMware vSphere
EMC Compute-as-a-Service
EMC Ionix IT Orchestrator, VCE Vblock Infrastructure Platforms, VMware vCloud Director
Most of the products in the preceding list are used and referenced in this document.
These products leverage each others capabilities to achieve the overall goal of
providing a secure multi-tenant environment for service providers and their tenants.
The six design
principles of CaaS
Secure separation
Figure 1.
EMC Compute-as-a-Service
EMC Ionix IT Orchestrator, VCE Vblock Infrastructure Platforms, VMware vCloud Director
10
The data within the CaaS infrastructure can be protected in several ways, using, for
example, EMC Avamar, EMC Data Domain, or EMC Replication Manager, depending
on the backup and recovery requirements.
Secure separation
VMware vCloud Director enables service providers or organizations to create virtual
data centers that are composed of compute, network, and storage resources,
selected from the underlying physical hardware layer. vCloud Director uses vSpheres
abstraction of the network layer as a building block. It pools and leverages these
resources to enable automated, large-scale deployment while at the same time
ensuring secure separation and multi-tenancy.
EMC storage arrays allow for secure separation and isolation of resources at the
storage layer. Authentication can be further extended by incorporating solutions such
as RSAs identity verification and assurance technologies.
Security and compliance
Lack of visibility into the environment and the bridging of geopolitical and regulatory
compliance boundaries are among the most significant security and compliance
concerns impeding cloud adoption.
A service provider can help to alleviate these concerns for their tenants through the
integration of vShield and RSA enVision, which enables the centralized logging of
administrator, user, and system actions.
Further integration with RSA SecurID, RSA Archer, and RSA Data Loss Prevention
(DLP) seamlessly extends compliance capabilities from the enterprise to the CaaS
environment by enabling multi-factor authentication, compliance and audit reporting,
and sensitive data discovery and remediation. Organizations can audit and
demonstrate compliance with regulatory statutes and indigenous security policies.
Figure 2 illustrates security and compliance life cycle management.
Figure 2.
EMC Compute-as-a-Service
EMC Ionix IT Orchestrator, VCE Vblock Infrastructure Platforms, VMware vCloud Director
11
Figure 3.
EMC Compute-as-a-Service
EMC Ionix IT Orchestrator, VCE Vblock Infrastructure Platforms, VMware vCloud Director
12
Figure 4.
Ionix IT Orchestrator provides abstraction of the workflow policies from the underlying
infrastructure. This allows companies to leverage the latest technology and tools to
effectively and efficiently cost the CaaS solution. Upgrades require a new adapter and
managed element only because the policies are not contained at the tool level.
Summary
Service providers can use these six design principles of CaaS as the framework for
any CaaS solution to deliver IT services through the network to their enterprise
customers. The platform enables service providers to build agile, secure, available,
and interoperable solutions as the foundation for the services that they provide. By
reducing administrative and operational expenses and efforts in such environments,
service providers can improve their current and future IT investment decisions for the
service(s) they deliver.
EMC Compute-as-a-Service
EMC Ionix IT Orchestrator, VCE Vblock Infrastructure Platforms, VMware vCloud Director
13
Figure 5.
Ionix IT Orchestrator
EMC Compute-as-a-Service
EMC Ionix IT Orchestrator, VCE Vblock Infrastructure Platforms, VMware vCloud Director
14
Adapters
Ionix IT Orchestrator uses open and flexible adapters to automate provisioning and
operational tasks across nearly any type of system that can generate events, expose
data, or execute actions. It includes an easy-to-use integrated development
environment, pre-built workflows (or accelerators), and a large number of Information
Technology Infrastructure Library (ITIL)-based adapters for third-party data center
products. Ionix IT Orchestrator integrates event and alert management data with best
practices for operational support processes. Figure 6 shows the vCloud adapter
provided with Ionix IT Orchestrator, and some of the common tasks it contains.
Figure 6.
Design Studio
EMC Compute-as-a-Service
EMC Ionix IT Orchestrator, VCE Vblock Infrastructure Platforms, VMware vCloud Director
15
Figure 7.
Ionix IT Orchestrator can encapsulate existing system scripts (Visual Basic, Java, Cshell, and so on) directly into its workflows to enable simple integration with external
IT data center and ITSM service desk applications.
EMC Compute-as-a-Service
EMC Ionix IT Orchestrator, VCE Vblock Infrastructure Platforms, VMware vCloud Director
16
Figure 8.
Service catalog
and service
offerings
EMC Compute-as-a-Service
EMC Ionix IT Orchestrator, VCE Vblock Infrastructure Platforms, VMware vCloud Director
17
properties of a service offering can contain, and the configuration that it will apply to
a blade or set of blade servers.
Figure 9.
Table 2 provides additional details on the numbered sections of the Ionix UIM/P
dashboard in Figure 9.
Table 2.
Section
Description
This section details the number and grade of the servers that will be
deployed. There may be multiple grades of servers available with varying
compute resources of CPU and RAM. In this example, the four servers are from
the Premium grade of servers.
This section contains details of the storage that will be configured and made
available to each server. In this example, the server boot devices are
configured on the Fibre Channel RAID 5 storage and the data devices on the
PoolBased grade.
EMC Compute-as-a-Service
EMC Ionix IT Orchestrator, VCE Vblock Infrastructure Platforms, VMware vCloud Director
18
VMware vCloud Director manages the virtual compute environment and, combined
with vCloud Connector, allows for hybrid- or multi-cloud management. It consolidates
data centers, deploys workloads, and provides security on shared infrastructure
along with VMware vShield.
Compute resources vCloud Director enables service providers or organizations to create logical data
centers, called Provider vDCs, that comprise compute, network, and storage
resources, selected from the underlying physical hardware layer, presented first to
VMware vCenter, and subsequently to vCloud Director. These Provider vDCs provide
the resources for the tenant Organization vDCs that support the tenant Organizations
within vCloud Director, as shown in Figure 10.
Figure 10.
Each Provider vDC could be an Ionix UIM service offering that consists of a certain
type or level of network, storage, and computing resourceshosted and distributed
by the Vblock platform. These different service offerings are eventually mapped as
different Provider vDCs within vCloud Director, as shown in Figure 11.
Figure 11.
EMC Compute-as-a-Service
EMC Ionix IT Orchestrator, VCE Vblock Infrastructure Platforms, VMware vCloud Director
19
Each tenant organization may have one or more Organization vDCs which are the
entities seen by the cloud tenants. An Organization vDC is associated with a higher
level Provider vDC and provides a further layer of abstraction between the tenants
and the physical infrastructure.
Multiple Organization vDCs (potentially from different tenants) are permitted to draw
on the resources available in the Provider vDCs created in vCloud Director, thereby
permitting multi-tenant sharing without visibility of other tenants resources.
To manage differences in resource requirements, consumption, or SLAs between the
organization and the service provider, vCloud Director provides three allocation
models for organizations, as shown in Figure 12.
Figure 12.
These allocation models are set at the Organization vDC layer and map directly into
vCenter Chargeback for billing purposes.
As with all resources in a virtual environment, management and monitoring of
available and remaining resources is key. vCloud Director allows administrators to set
thresholds for resource availability. vCloud Director monitors the utilization of
resources within the Provider vDCs, as shown in Figure 13, and automatically alerts
users and administrators when appropriate.
Figure 13.
EMC Compute-as-a-Service
EMC Ionix IT Orchestrator, VCE Vblock Infrastructure Platforms, VMware vCloud Director
20
Networks and
security
vCloud Director uses vSpheres abstraction of the network layer as a building block. It
pools and leverages these logical resources to enable automated, large-scale
deployment while at the same time ensuring the secure separation and multi-tenancy
required by a shared infrastructure model.
By design, vSpheres network layer can ensure network isolation at Layer 2 for each of
the provisioned networks in a multi-tenanted CaaS environment. vSphere virtual
switches provide protection over and above physical switches against threats such
as:
MAC flooding
Spanning-tree attacks
Double-encapsulation attacks
In addition, malicious network behavior, including MAC address changes and forged
transmits, can be restricted, and promiscuous mode is rejected by default.
When leveraged, the Cisco Nexus 1000V, which is an integral component of Vblock
Infrastructure Platforms, can bring additional security features to the virtual network,
including:
PVLANs
DHCP snooping
Port security
IP source guard
vShield Edge layers its L3 and L4 firewall capabilities to augment security controls
implemented at Layer 2 and enforce secure segregation between the tenants IP
networks.
vCloud Director manages access to the CaaS organizations cloud infrastructure and
uses the vCD organizations as the logical security boundaries. Organization
administrators and users are restricted to the resources of their organizationthat is,
the organizations virtual data centers (vDCs), networks, vApps, and catalogs.
EMC Compute-as-a-Service
EMC Ionix IT Orchestrator, VCE Vblock Infrastructure Platforms, VMware vCloud Director
21
Figure 14.
Another example is organizations that may want to extend their data center or private
cloud to the service providers vCloud CaaS implementation through the virtual
private network (VPN). Again, vShield Edge can be utilized to establish a secure VPN
between the sites, as shown in Org-vDC-C inFigure 14.
A further example is organizations or divisions that may share a segment to access
resources in each others vDCs, as shown in Org-vDC-B and Org-vDC-C inFigure 14.
They can control and secure access as required by their respective security policies
using vShield Edge.
Network pools
Network pools can be backed by port groups, VLANs, or vCloud Director Network
Isolation. Port-group-backed network pools are not appropriate for large-scale
deployment because they are difficult to automatically provision and manage.
Similarly, VLAN-backed network pools, while providing the best performance and
security, do not scale beyond 4,095 networks. For a CaaS environment that requires
scalability beyond this, vCloud Director Network Isolation can provide for large-scale
deployment.
As networks are decommissioned, their resources (IP ranges and VLAN IDs) are
dynamically returned to the resource pool for future allocation. This ensures minimum
wastage of resources and maximum availability and elasticity.
EMC Compute-as-a-Service
EMC Ionix IT Orchestrator, VCE Vblock Infrastructure Platforms, VMware vCloud Director
22
Network models
vCloud Director, used with vShield, can provision three different network models
external network, organization network, and vApp networkproviding as much
flexibility as possible to the tenant administrator in a multi-purpose, multi-tenanted,
virtual data center.
The types of connectivity and their capabilities are as follows:
VMware vShield
and vShield Edge
External network
An Internet connection
Organization network
vApp network
EMC Compute-as-a-Service
EMC Ionix IT Orchestrator, VCE Vblock Infrastructure Platforms, VMware vCloud Director
23
Figure 15.
This section of the document provides information around which APIs are required
and available for the development of automated workflows in a CaaS solution:
VIX API
EMC Compute-as-a-Service
EMC Ionix IT Orchestrator, VCE Vblock Infrastructure Platforms, VMware vCloud Director
24
The EMC Ionix UIM API provides support for developers who are building clients or
orchestration tools to interact with Vblock platforms. The API provides a centralized
interface for managing and interacting with the consolidated networking, storage,
and processing of Vblock Infrastructure Platforms. It uses a RESTful application
development style, with API clients and servers communicating over HTTP and taking
the form of XML elements. Figure 16 is a graphical representation of the components
that make up the UIM API.
Figure 16.
Ionix UIM discovers and manages Vblock platform devices through the UIM/P API, the
XML API for Cisco UCS Manager, CLI/SNMP for the Nexus IP and MDS FC switches,
EMC Unisphere, and EMC Symmetrix Management Console.
The Ionix UIM API provides functionality to:
Table 3.
Document Title
Document Location
EMC Compute-as-a-Service
EMC Ionix IT Orchestrator, VCE Vblock Infrastructure Platforms, VMware vCloud Director
25
VMware vCloud
API
The VMware vCloud API provides developers with the means to deliver resources
abstracted from the physical implementations of the infrastructure. Using vCloud API,
organization administrators can access and manage their vCloud Director resources
through the native vCloud Director user portal or through a third-party, front-end
portal. Figure 17 shows the structure of the Admin, Extension, and User APIs that
make up the vCloud API.
The vCloud API is an open, representational state transfer (REST) API that allows
scripted access to consume cloud resources, such as uploading and downloading
vApps, and catalog management. The vCloud API enables service providers to create
their own customized management solutions for a new environment or to integrate
existing ones with VMware cloud infrastructure. Clients and servers can communicate
over HTTP, to exchange representations of vCloud objects. These representations take
the form of XML elements.
Figure 17.
vCloud APIs
Table 4.
Document Title
Document Location
http://www.vmware.com/pdf/vcd_10_api_guide.pdf
http://www.vmware.com/pdf/vcd_10_api_spec.pdf
EMC Compute-as-a-Service
EMC Ionix IT Orchestrator, VCE Vblock Infrastructure Platforms, VMware vCloud Director
26
VMware vSphere
APIs
Figure 18.
The vSphere Web Services SDK is the most comprehensive of the available
management APIs. This SDK works with both ESX/ESXi and vCenter Server systems.
As a Web Services SDK, the SDK is language neutral. The SDK includes stubs and
examples for Java, Perl, and C# and a comprehensive documentation set including an
API Reference generated from the source.
Table 5.
Document Title
Document Location
http://pubs.vmware.com/vsphere50/index.jsp?topic=/com.vmware.wssdk.apiref.doc_50/rightpane.html
http://www.vmware.com/support/developer/vcsdk/visdk41pubs/ApiReference/index.html
EMC Compute-as-a-Service
EMC Ionix IT Orchestrator, VCE Vblock Infrastructure Platforms, VMware vCloud Director
27
VIX API
The VIX API is a library for writing scripts and programs to manipulate virtual
machines. It is highlevel, easy to use, and practical for both script developers and
application programmers. This API is well suited for dedicated IT personnel in an
organization that is building its own inhouse tools. It might also be used by software
vendors who are using VIX to integrate VMware products with their own products or to
build management products for virtual machines.
Table 6.
VMware Service
Manager API
Document Title
Document Location
http://www.vmware.com/support/developer/vixapi/vix111_reference/index2.html
Figure 19.
Table 7.
Document Title
Document Location
VMware Service
Manager v9.0 API User
Guide
http://downloads.vmware.com/d/details/sm_90_docrp5/ZG
hkYmRAQGhiZCUqKg
EMC Compute-as-a-Service
EMC Ionix IT Orchestrator, VCE Vblock Infrastructure Platforms, VMware vCloud Director
28
VMware vShield
API
VMware vShield is a suite of network edge and applicationaware firewalls built for
VMware vCenter Server integration. vShield inspects clientserver communications
and intervirtualmachine communication to provide detailed traffic analytics and
applicationaware firewall protection. vShield is a critical security component for
protecting virtualized data centers from attacks and misuse, helping you achieve your
compliancemandated goals. The VMware vShield API enables you to install,
configure, monitor, and maintain the VMware vShield system by using REST API
requests.
Table 8.
VMware vCenter
Chargeback API
Document Title
Document Location
http://www.vmware.com/pdf/vshield_50_api.pdf
VMware vCenter Chargeback is an end-to-end metering and cost reporting solution for
virtual environments that use VMware vSphere. It provides a unified control point for
data collection, chargeback mediation, and metric reporting, allowing administrators
to perform flexible cost measurement and utilization analysis. Figure 20 shows the
architecture of the REST-based VMware vCenter Chargeback API.
Figure 20.
vCenter Chargeback provides a REST-based Web service API for integrating the
vCenter Chargeback solution with existing applications such as enterprise billing
systems. Leverage this REST-based API to perform cost calculations and generate and
deliver resource utilization reports.
Table 9.
Document Title
Document Location
VMware vCenter
Chargeback Manager 2.0
API Programming Guide
http://www.vmware.com/pdf/cbm_api_prog_guide_2_0_
0.pdf
EMC Compute-as-a-Service
EMC Ionix IT Orchestrator, VCE Vblock Infrastructure Platforms, VMware vCloud Director
29
The purpose of this use case is to demonstrate how, by leveraging EMC Ionix IT
Orchestrator, a service provider administrator can automate the onboarding of a new
customer into a multi-tenant environment. The example of onboarding a customer
called GriffinCore is used in this document for the purposes of discussion.
Figure 21 provides a visual representation of the scope of the process in this use
case.
Figure 21.
This use case has been customized specifically to highlight the views and operations
specific to those a service provider administrator could experience in onboarding a
new customer/tenant. It is possible to customize and tailor all views and related
workflows to suit a more direct customer experience. This is entirely dependent on
what a service provider chooses to offer their customers.
The operations being focused on for this use case are (shown in Figure 22):
Authorization of request
Commissioning a UIM service offering from Vblock platform for a new customer,
where a customer requires dedicated hardware/infrastructure
EMC Compute-as-a-Service
EMC Ionix IT Orchestrator, VCE Vblock Infrastructure Platforms, VMware vCloud Director
30
Figure 22.
The details specific to a new customer can be input from the portal page and used
within the Ionix IT Orchestrator workflow in the creation of the new resources for the
customer. On the portal page in Figure 23, a new customer named GriffinCore is
created and provided with a dedicated infrastructure of Bronze level.
Figure 23.
The Customer Service Level correlates to the service tiers offered by various vCloud
Director Provider vDCs, which in turn are linked to the relevant Ionix UIM Service
Offerings. These service offerings provide the infrastructure resources for a single
vCloud Director Provider vDC with the relevant tier of service.
EMC Compute-as-a-Service
EMC Ionix IT Orchestrator, VCE Vblock Infrastructure Platforms, VMware vCloud Director
31
Figure 24 displays the available Ionix UIM Service Offerings published within the
UIM/P Service Catalog.
Figure 24.
By leveraging the Ionix UIM APIs, Ionix IT Orchestrator can access and select the
appropriate service offering from the UIM/P service catalog. This automatic
provisioning of resources is consolidated into a single step as part of the overall
onboarding process for a new customer. Figure 25 shows a sample UIM Commission
Service workflow.
Figure 25.
Note that a dedicated infrastructure is not a requirement for all customers. It is also
possible to onboard a customer into a shared infrastructure, which would not require
a UIM service offering to be created as part of the onboarding process. In this case,
the customers Organization vDC would use an existing Provider vDC within VMware
vCloud Director, thereby sharing that Provider vDC with other Organization vDCs.
The approval of this onboarding request is managed by VMware Service Manager,
which can be set to respond to, and deal with, all requests as appropriate. Certain
customer requests may require approval elsewhere in the business, while other
requests, such as internal service provider administrative requests, may be
automatically approved, based on the level or type of request. Such decisions are
specific to the business. Any changes made to the environment as a result of the
approved requests are then stored in a CMDB which stores an inventory of IT assets
and their relationships to each other.
For this use case, after the request has been approved by VMware Service Manager,
the onboarding process may continue. The onboarding process and creation of
infrastructure resources for the new customer, GriffinCore, requires the creation of a
EMC Compute-as-a-Service
EMC Ionix IT Orchestrator, VCE Vblock Infrastructure Platforms, VMware vCloud Director
32
secure environment within VMware vCloud Director. EMC Ionix UIM/P automatically
synchronizes the newly provisioned resources with VMware vCenter before adding
them as resources to the appropriate Provider vDC within VMware vCD.
Ionix IT Orchestrator uses the vCloud API to create the secure environment for
GriffinCore within vCloud Director. The primary vCD specific tasks required for
onboarding this new customer are:
The workflow in Figure 26 demonstrates the order and the process used within Ionix
IT Orchestrator for creating the new GriffinCore organization in VMware vCloud
Director, the relevant users, and the virtual data centers that will provide the
environment in which GriffinCore may deploy their vApps and associated services.
Figure 26.
EMC Compute-as-a-Service
EMC Ionix IT Orchestrator, VCE Vblock Infrastructure Platforms, VMware vCloud Director
33
Figure 27 displays the two new users created during the Onboarding New Customer
process for GriffinCore. An administrative user (admin) has been created as well as a
vApp user (peter).
Figure 27.
The GriffinCore organization, along with its associated resources and users, can be
viewed and managed by the service provider administrator along with all other
tenants. These tenants are completely isolated and secured from one another within
VMware vCloud Director.
The new customer GriffinCore is highlighted by selection in Figure 28, displaying an
overview of how many users and Provider vDCs are currently configured.
Figure 28.
Figure 29 displays the end-to-end mapping of the compute resources supporting this
new customer.
Figure 29.
EMC Compute-as-a-Service
EMC Ionix IT Orchestrator, VCE Vblock Infrastructure Platforms, VMware vCloud Director
34
The final step for this use case is to integrate a billing component for GriffinCore, as
shown in Figure 30.
Figure 30.
Through its tight integration with VMware vCloud Director, the creation of this new
customer is automatically detected and reflected in the VMware vCenter Chargeback
inventory.
After Ionix IT Orchestrator completes the onboarding process, the GriffinCore admin is
presented with their own secure environment within VMware vCloud Director from
which they can proceed to create and develop their own vApps, virtual machines, and
applications. Figure 31 shows the end-to-end mapping of the new tenant resources
through to the vCenter Chargeback billing component.
Figure 31.
EMC Compute-as-a-Service
EMC Ionix IT Orchestrator, VCE Vblock Infrastructure Platforms, VMware vCloud Director
35
Commissioning a vApp can be done in several ways, depending on the options the
Service Provider has chosen to provide. One of these options is to deploy a vApp from
an existing template available in the service catalog.
Even before a vApp is deployed, a series of Ionix IT Orchestrator workflows need to be
executed. The activity in Figure 32 corresponds to a workflow that retrieves the list of
templates from the service catalog for the template drop-down list.
Figure 32.
A similar workflow is executed to retrieve the list of networks available to connect the
vApp to, as shown in Figure 33.
Figure 33.
EMC Compute-as-a-Service
EMC Ionix IT Orchestrator, VCE Vblock Infrastructure Platforms, VMware vCloud Director
36
When commissioning the vApp, you can also specify how long this vApp is required
for, and have the system automatically decommission the application when that
lease time has expired, as shown in Figure 34.
Figure 34.
After the information has been gathered from the customer admin, Ionix IT
Orchestrator executes a vApp creation workflow; Figure 35 shows an example.
Figure 35.
Here we can see the vCloudService object (which is an Ionix IT Orchestrator Adapter
for VMware vCloud Director) being called. A workflow element named createVApp is
fed the relevant information gathered from the customer admin, and the vApp is
created with some error checking and power-on functions to complete the operation.
EMC Compute-as-a-Service
EMC Ionix IT Orchestrator, VCE Vblock Infrastructure Platforms, VMware vCloud Director
37
Figure 36.
Alternatively, automated configuration of billing rates, cost models, and reports for
tenants can be achieved by extending the vCenter Chargeback API within Ionix IT
Orchestrator workflows.
EMC Compute-as-a-Service
EMC Ionix IT Orchestrator, VCE Vblock Infrastructure Platforms, VMware vCloud Director
38
While it is possible to specify the lease duration (and hence the expiry time) of a vApp
during the commissioning process, it may also be necessary to manually
decommission a vApp which previously had no set expiry time. In this context,
manually means that the system decommissions the vApp based on a customer
admin request and not as a result of a scheduled event.
Figure 37 shows a corresponding Ionix IT Orchestrator workflow for this customerrequested decommissioning process.
Figure 37.
As before, the VCloudService adapter is called, but this time the decommissionvAPP
workflow element is used and is fed the information provided by the customer admin
to operate against the correct vApp.
As part of the decommissioning process, the compute, network, and storage
resources previously consumed by the vApp are released back into the pool that
corresponds with the Organization VDC of which the vApp was a part. The CMDB is
updated to reflect the removal of the vApp, and the metering, monitoring, and
chargeback functions for that vApp cease, though the chargeback data should be
retained for the billing process.
EMC Compute-as-a-Service
EMC Ionix IT Orchestrator, VCE Vblock Infrastructure Platforms, VMware vCloud Director
39
Conclusion
Summary
Secure separation
EMC helps service provider partners accelerate the creation, integration, and
deployment of cloud service offerings through pre-tested and optimized reference
architectures, blueprints, and build guides. Through the deployment of dedicated
service provider field experts, and the creation of Service Provider Competency
Centers, EMC combines decades of enterprise data center experience with a rigorous
solution-testing environment to develop Proven Solutions for Service Providers. EMC
ensures the compatibility of these solutions with service provider and end-user
environments alike.
EMC offers a portfolio of consulting and professional services for service providers
and their customers to assist in balancing workloads across service delivery models
ranging from legacy physical architectures and virtualized infrastructures through
on-premise (private) and off-premise (public) cloud architectures. The EMC Cloud
Advisory Service with Cloud Optimizer helps customers develop a strategy for
optimizing the placement of application workloads. By assessing three factors
economics, trust, and functionalityorganizations can maximize their cost savings
and business agility through the use of private and public cloud resources.
EMC Compute-as-a-Service
EMC Ionix IT Orchestrator, VCE Vblock Infrastructure Platforms, VMware vCloud Director
40
References
EMC
documentation
EMC Compute-as-a-Service
EMC Ionix IT Orchestrator, VCE Vblock Infrastructure Platforms, VMware vCloud Director
41