vCloud on vblock ueslan ConslderaLlons

Bocument veision ŵ.Ŷ
0ctobei ŶŴŵŵ
































Contributing Autbors:

Chiis Colotti, Consulting Aichitect - vNwaie
Kenuiick Coleman, Senioi vAichitect - vCE
Ieiamiah Booley, Piincipal Solution's vAichitect, SP & veiticals uioup - vCE
Sumnei Buikait, Senioi Consultant - vNwaie
Sony Fiancis, Platfoim Engineeiing - vCE
1ab|e Cf Contents

1ab|e Cf Contents ŦŦŦŦŦŦŦŦŦŦŦŦŦŦŦŦŦŦŦŦŦŦŦŦŦŦŦŦŦŦŦŦŦŦŦŦŦŦŦŦŦŦŦŦŦŦŦŦŦŦŦŦŦŦŦŦŦŦŦŦŦŦŦŦŦŦŦŦŦŦŦŦŦŦŦŦŦŦŦŦŦŦŦŦŦŦŦŦŦŦŦŦŦŦŦŦŦŦŦŦŦŦŦŦŦŦŦ 2
Lxecut|ve 5ummary ŦŦŦŦŦŦŦŦŦŦŦŦŦŦŦŦŦŦŦŦŦŦŦŦŦŦŦŦŦŦŦŦŦŦŦŦŦŦŦŦŦŦŦŦŦŦŦŦŦŦŦŦŦŦŦŦŦŦŦŦŦŦŦŦŦŦŦŦŦŦŦŦŦŦŦŦŦŦŦŦŦŦŦŦŦŦŦŦŦŦŦŦŦŦŦŦŦŦŦŦŦŦŦŦ 3
Bisclaimei ............................................................................................................................................................................. ŷ
Bocument uoals ................................................................................................................................................................. ŷ
Taiget Auuience ................................................................................................................................................................ ŷ
Assumptions ........................................................................................................................................................................ Ÿ
Requiiements...................................................................................................................................................................... Ÿ
Management Infrastructure ŦŦŦŦŦŦŦŦŦŦŦŦŦŦŦŦŦŦŦŦŦŦŦŦŦŦŦŦŦŦŦŦŦŦŦŦŦŦŦŦŦŦŦŦŦŦŦŦŦŦŦŦŦŦŦŦŦŦŦŦŦŦŦŦŦŦŦŦŦŦŦŦŦŦŦŦŦŦŦŦŦŦŦŦŦŦŦŦŦŦŦ 5
Auvanceu Nanagement Pou (ANP) ......................................................................................................................... Ź
vNwaie vClouu Biiectoi Nanagement Requiiements ................................................................................. ź
Auuitional Seiveis ............................................................................................................................................................ ź
Existing vSpheie Instance ............................................................................................................................................ Ż
Consuming vblock Blaues ............................................................................................................................................ Ż
vClouu Nanagement ........................................................................................................................................................ 8
Why Two vNwaie vCentei Seiveis. ...................................................................................................................... 8
AHP vHwore vCenter................................................................................................................................................. 8
AHP Cluster Botocenter ............................................................................................................................................ 8
vClouJ Birector Honoqement Cluster Botocenter ....................................................................................... 9
vblock vHwore vCenter ............................................................................................................................................ 9
vCenter Protection ....................................................................................................................................................... 9
-etwork|ng Infrastructure ŦŦŦŦŦŦŦŦŦŦŦŦŦŦŦŦŦŦŦŦŦŦŦŦŦŦŦŦŦŦŦŦŦŦŦŦŦŦŦŦŦŦŦŦŦŦŦŦŦŦŦŦŦŦŦŦŦŦŦŦŦŦŦŦŦŦŦŦŦŦŦŦŦŦŦŦŦŦŦŦŦŦŦŦŦŦŦŦŦŦŦŦŦŦ 9
The Cisco Nexus ŵŴŴŴv .............................................................................................................................................. ŵŴ
Netwoiking Solution foi vNwaie vClouu Biiectoi anu vblock using Cisco Nexus ŵŴŴŴv...... ŵŵ
Netwoiking Solution foi vNwaie vClouu Biiectoi anu vblock using vNwaie vNetwoik
Bistiubuteu Switch ....................................................................................................................................................... ŵŸ
5torage Infrastructure ŦŦŦŦŦŦŦŦŦŦŦŦŦŦŦŦŦŦŦŦŦŦŦŦŦŦŦŦŦŦŦŦŦŦŦŦŦŦŦŦŦŦŦŦŦŦŦŦŦŦŦŦŦŦŦŦŦŦŦŦŦŦŦŦŦŦŦŦŦŦŦŦŦŦŦŦŦŦŦŦŦŦŦŦŦŦŦŦŦŦŦŦŦŦŦŦŦŦ 15
0veiview ............................................................................................................................................................................ ŵŹ
FAST vP ............................................................................................................................................................................... ŵŹ
0se Case šŵ: Stanuaiu Stoiage Tieiing .............................................................................................................. ŵŹ
0se Case šŶ: FAST vP-Baseu Stoiage Tieiing ................................................................................................. ŵź
Tieiing Policies................................................................................................................................................................ ŵź
FAST Cache ........................................................................................................................................................................ ŵŻ
Stoiage Neteiing anu Chaigeback ........................................................................................................................ ŵŻ
VMware vC|oud D|rector and Vb|ock 5ca|ab|||ty ŦŦŦŦŦŦŦŦŦŦŦŦŦŦŦŦŦŦŦŦŦŦŦŦŦŦŦŦŦŦŦŦŦŦŦŦŦŦŦŦŦŦŦŦŦŦŦŦŦŦŦŦŦŦŦŦŦŦ 19
keference L|nks ŦŦŦŦŦŦŦŦŦŦŦŦŦŦŦŦŦŦŦŦŦŦŦŦŦŦŦŦŦŦŦŦŦŦŦŦŦŦŦŦŦŦŦŦŦŦŦŦŦŦŦŦŦŦŦŦŦŦŦŦŦŦŦŦŦŦŦŦŦŦŦŦŦŦŦŦŦŦŦŦŦŦŦŦŦŦŦŦŦŦŦŦŦŦŦŦŦŦŦŦŦŦŦŦŦŦŦŦ 20

Lxecut|ve 5ummary
D|sc|a|mer
Although this papei ueals with some uesign consiueiations, it shoulu be noteu the
opinions anu iueas expiesseu in this papei aie those of the authois anu not of theii
iespective companies. The contiibuting authois uo woik in the fielu anu have
collectively uiscusseu iueas to help customeis hanule this paiticulai solution. The
iueas piesenteu foith may not be ŵŴŴ% suppoiteu by vCE anu¡oi vNwaie anu aie
simply piesenteu as options to solve the challenge of vClouu solutions on vblock
haiuwaie technology.
Document Goa|s
The puipose of this uocument is to pioviue guiuance anu insight into some aieas of
inteiest when builuing a vNwaie vClouu solution on top of a vblock haiuwaie
infiastiuctuie. Both technologies pioviue flexibility in uiffeient aieas to enable an
oiganization, oi seivice pioviuei, to successfully ueploy a vNwaie vClouu
enviionment on vCE vblock" Infiastiuctuie Platfoims. To ensuie piopei
aichitectuie guiuelines aie met between vblock anu vClouu Biiectoi, ceitain uesign
consiueiations neeu to be met. This solution biief is intenueu to pioviue guiuance to
piopeily aichitect anu manage infiastiuctuie, viitual anu physical netwoiking,
stoiage configuiation, anu scalability of any vNwaie vClouu Biiectoi on vblock
enviionment. As vNwaie vClouu Biiectoi is being incieasingly ueployeu on vCE
vblock, employees, paitneis anu customeis have been seeking auuitional
infoimation specific to a combineu solution, which iequiies some auuitional
consiueiations. We will auuiess them in the following foui specific taiget aieas:

- Nanagement Infiastiuctuie
- Netwoiking Infiastiuctuie
- Stoiage Infiastiuctuie
- Scalability

1arget Aud|ence
The taiget auuience of this uocument is the inuiviuual with a highly technical
backgiounu that will be uesigning, ueploying, managing oi selling a vClouu Biiectoi
on vblock solution, incluuing, but not limiteu to: technical consultants,
infiastiuctuie aichitects, IT manageis, implementation engineeis, paitnei
engineeis, sales engineeis, anu potentially customei staff. This solutions biief is not
intenueu to ieplace oi oveiiiue existing ceitifieu uesigns foi both vNwaie vClouu
Biiectoi oi vCE vblock, but insteau, is meant to supplant knowleuge anu pioviue
auuitional guiuelines in ueploying oi mouifying any enviionment that ueploys the
two in unison.

Assumpt|ons
The following is a list of oveiall assumptions anu consiueiations befoie utilizing
infoimation containeu in this uocument:

O Any ieauei uesigning oi ueploying shoulu alieauy be familiai with both
vNwaie vClouu Biiectoi anu vCE vblock iefeience aichitectuies anu
teiminology
O All ieaueis shoulu have sufficient unueistanuing of the following subject
aieas oi piouucts:
4 Cisco Nexus ŵŴŴŴv auministiation
4 vNetwoik Bistiibuteu Switch (vBS) auministiation
4 vSpheie Best Piactices anu piinciples, incluuing, but not limiteu to:
A anu BRS clusteis
Fault toleiance
4 ENC Stoiage incluueu as pait of a vblock:
FAST pools
Stoiage tieiing
Bisk technologies such as EFB, FC, anu SATA
4 Physical anu viitual netwoiking aieas ielating to vLANs, subnets,
iouting, anu switching
4 Batabase seivei auministiation (oi access to existing enteipiise
uatabase iesouices, incluuing auministiation staff)
4 Extia components neeueu aie not stanuaiuizeu in the vCE vblock bill
of mateiials

Pleose note tbot vClouJ Birector APl inteqrotion will not be oJJresseJ in tbis Jocument.

kequ|rements
Recommenuations containeu thioughout this uocument have consiueieu the
following uesign iequiiements anu¡oi constiaints:

O vCE vblock ships with one of the following ANP clustei configuiations:
4 Nini Amp
4 A Amp
O The most iecent veision of the highly available (A) ANP clustei utilizes a
stanualone ENC vNXe ŷŵŴŴ
O A vblock uefinition to 0IN will only auuiesses a single 0CSN uomain which
is a maximum of źŸ 0CS blaues
O Eveiy vNwaie vCentei instance must be maue highly available
O A Cisco Nexus ŵŴŴŴv is optional in the uesign
O ENC Ionix 0IN will be useu to piovision vNwaie vSpheie hosts that aie
membeis of each anu eveiy vClouu Biiectoi iesouice gioup
Management Infrastructure
The management infiastiuctuie of both vNwaie vClouu Biiectoi anu vblock is
ciitical to the availability of each anu eveiy inuiviuual component. The vCE vblock
management clustei contiols the physical layei of the solution, while the vNwaie
vClouu Biiectoi management clustei contiols the viitual layei of the solution. Each
layei is equally impoitant anu has its own special iequiiements - it is theiefoie
impeiative to unueistanu what components manage each layei when uesigning a
unifieu aichitectuie.

Advanced Management Þod (AMÞ)
The ANP clustei is incluueu with eveiy vblock instance anu the uesiieu ANP
configuiation foi vNwaie vClouu Biiectoi on vblock Platfoim is the A ANP. The
A ANP is compiiseu of (Ŷ) two Cisco CŶŴŴ iack mount seiveis anu hosts all viitual
machines necessaiy to manage the vCE vblock haiuwaie stack. vblock viitual
machine seivei components consist of, but aien't necessaiily limiteu to, ENC's Ionix
0IN, PoweiPath Licensing, 0nispheie, vNwaie's vCentei anu 0puate Nanagei.
Cuiiently, this clustei is configuieu with an ENC vNXe ŷŵŴŴ, pioviuing stoiage foi
all ANP management vNs.

Since the ANP clustei is a uesign element of the vCE Engineeiing vblock Refeience
Aichitectuie, it shoulu not be mouifieu oi iemoveu in oiuei to stay tiue to the
oiiginal uesign. Changing the configuiation of the ANP Clustei iequiies auuitional
valiuation, input anu ieview fiom vaiious inteinal paities, anu ultimately woulu not
pioviue a timely solution. Auuitional justifications foi not mouifying this clustei
incluue:


O Cisco CŶŴŴ Seiveis aie not cableu anu connecteu to vblock SAN Stoiage
O An ANP Clustei of only Ŷ noues uoes not satisfy N+ŵ availability
iequiiements of vNwaie vSpheie
O 0tilizing the ANP clustei as a host platfoim foi vClouu Biiectoi coulu
possibly iesult in uowntime anu shoulu be avoiueu

igur¢ ŵ - AMP Clust¢r Logical D¢sign
VMware vC|oud D|rector Management kequ|rements
The cuiient vNwaie vClouu Biiectoi Refeience Aichitectuie calls foi sepaiate
management anu compute clusteis in oiuei to pioviue a scalable vNwaie vClouu
Biiectoi infiastiuctuie. With the iequiiement foi a ueuicateu anu highly available
vClouu management clustei, the solution is to cieate a seconu management clustei.
Restating the neeu to leave the ANP management clustei unchangeu, a seconu
management clustei must be cieateu anu can be uone in thiee uiffeient
configuiations. As shown in Figuie Ŷ below, theie aie a significant numbei of viitual
machines calleu foi by the vClouu Biiectoi infiastiuctuie: some manuatoiy, otheis
optional, uepenuing on the oveiall solution anu existing infiastiuctuie. In auuition,
vNwaie vClouu Biiectoi Refeience Aichitectuie uictates any vSpheie vCentei
Seivei configuieu to vClouu Biiectoi have auuitional secuiity ioles assigneu to it in
oiuei to piotect the viitual machines ueployeu into it. This becomes veiy uifficult if
all items aie manageu by a single vSpheie vCentei, theiefoie two instances shoulu
be pioviueu.

Add|t|ona| 5ervers
The fiist scenaiio consists of foui (Ÿ) Cisco C-ŶŴŴ hosts to be ueployeu to suppoit
vClouu Biiectoi. This vClouu management clustei will tie into the existing vCE
vblock fabiic. This allows the (Ÿ) foui CŶŴŴ seiveis hosting vClouu management
viitual machines to use the ENC SAN foi stoiage anu all netwoik connections neeu
to be maue fully ieuunuant by attaching them to the Cisco Nexus ŹŴŴŴ anu NBS
9ŴŴŴ seiies switches. The (Ÿ) foui CŶŴŴ seiveis can be packageu with the Cisco
Nexus ŵŴŴŴv anu ENC PoweiPath v¡E components, but is not iequiieu. This is the
iecommenueu appioach to iun vClouu Biiectoi on vblock because it allows gieatei
scalability anu iesiliency to failuies.

An auuitional uesign aspect to keep in peispective is the physical netwoiking foi
vNwaie vSpheie. A stanuaiu Cisco CŶŴŴ seivei is equippeu with two (Ŷ) on-boaiu
ŵub NICs by uefault. A suggesteu minimum foi a ŵub vSpheie uesign calls foi ź ŵub
NICs. The Cisco CŶŴŴ seiveis will utilize the vblock stoiage using Fibei Channel
BAs, which will consume a PCI-e slot leaving little ioom foi expansion. These CŶŴŴ
seiveis can be maxeu out with one auuitional PCI-expiess caiu. The suggesteu caiu
to use is the Bioaucom ŹŻŴ9 0uau Poit ŵŴ¡ŵŴŴ¡ŵŴŴŴ NIC to maximize ieuunuancy
anu ieuuce possibility of banuwiuth contention.

The next piece to consiuei is poit count anu switch location. Eveiy CŶŴŴ will
consume ź netwoik poits anu multiplies by the amount of seiveis in the Pou.
Connecting these seiveis to the Cisco Nexus ŹŴŴŴ switches via ŵub SFPs will
achieve netwoiking functionality but at the loss of ŵŴubE poits. It's also possible to
connect these seiveis to a uiffeient set of switches locateu outsiue the vblock to
obtain netwoiking functionality.

A seconu option foi netwoiking is utilizing the Cisco 0CS P8ŵE viitual Inteiface
Caiu. Equipping each Cisco CŶŴŴ seivei with the P8ŵE vIC will allow ŵŴubE
netwoik connectivity anu FCoE stoiage connectivity. The vblock utilizes Cisco 0CS
źŵŸŴXP Fabiic-Inteiconnects (źŵŶŴXP in vblock ŷŴŴ EX) foi unifieu computing.
Bepenuing on available poits, the P8ŵE auapteis can gain netwoik anu FCoE
functionality thiough these uevices. Remembei to keep in minu ovei-subsciiption
iatios foi the źŵŸŴXPs anu ŵŴubE licenses when ueteimining this appioach.

Lx|st|ng v5phere Instance
Nany customeis auopting vClouu Biiectoi may alieauy have an existing vSpheie
seivei faim. If the customei chooses to uo so, they may use an existing vSpheie
seivei faim to pioviue iesouices foi the vClouu management components. The
existing vSpheie instance must be fully ieuunuant anu have high banuwiuth
connections to the vblock. The existing vSpheie faim must also follow all the
guiuelines as shown above by pioviuing at least (ŷ) thiee to (Ÿ) foui hosts ueuicateu
to management to satisfy N+ŵ oi N+Ŷ ieuunuancy. Foi customeis puisuing this
ioute, the vCentei instance contiolling the vblock will iesiue in the customei's
existing vSpheie enviionment anu neeus to be migiateu fiom the ANP. This is
peifectly acceptable foi vClouu Biiectoi uesign because the vblock becomes
ueuicateu as vClouu iesouices to be consumeu.
Consum|ng Vb|ock 8|ades
The final option is to use (Ÿ) foui Cisco B-seiies blaues insiue the vblock. The blaues
useu foi vClouu management can be any stanuaiu blaue pack offeieu by vCE. This
appioach will iequiie the (Ÿ) foui seiveis in the clustei to come fiom a minimum of
(Ŷ) two uiffeient chassis. The blaues will automatically be packageu with Cisco
Nexus ŵŴŴŴv anu ENC PoweiPath v¡E components. This appioach is not
igur¢ Ŷ - vCloud Dir¢ctor Manag¢m¢nt Stack
iecommenueu because like any solution, scalability pioves to be a point of a
limitation. Consuming (Ÿ) blaues as a management clustei will ultimately iemove
the ability to scale up vClouu iesouices in a single vblock to its full potential.

vC|oud Management
Iustifications suppoiting a seconu vCentei instance anu management clustei:

O The appioach aligns with the vNwaie vClouu Biiectoi Refeience
Aichitectuie, which calls foi a sepaiate management clustei (oi "pou")
O It pioviues maximum scalability within the vClouu Biiectoi management
clustei thiough auuition of inuiviuual components
O It ensuies piopei vSpheie A capacity foi both N+ŵ ieuunuancy anu
maintenance moue
O Auuitional netwoik anu SAN poits iequiiements cannot be satisfieu with the
existing ANP clustei uesign
O Auuing auuitional Cisco CŶŴŴ seiveis pioviues a much simplei solution than
mouifying any existing appioveu ANP clustei uesign
O Cieating a sepaiate vClouu Biiectoi Pou iemoves any contention foi
iesouices oi potential conflicts if all management viitual machines weie
hosteu in a single A ANP clustei

The sepaiation of each tiei of management allows gieatei contiol of the vblock,
isolates vCE ANP management fiom vNwaie vClouu Biiectoi management, anu
pieseives the cuiient configuiation(s) with auueu flexibility. Although theie may be
othei uesigns possible that satisfy all iequiiements, the iecommenueu appioach
was to sepaiate the two enviionments completely.
Jhy 1wo VMware vCenter 5ervers?
Baseu on the aichitectuie suggesteu above anu aligning with the vClouu Biiectoi
Refeience aichitectuie, we want to make suie ieaueis of this uocument unueistanu
wheie each vCentei is not only hosteu, but which vCentei Seivei is also managing
what ESXi hosts anu vNwaie viitual Nachines.
AMÞ VMware vCenter
The fiist instance of vNwaie vCentei Seivei will be hosteu insiue the Auvanceu
Nanagement Pou. This vNwaie vCentei will seive two piimaiy functions anu will
be oiganizeu in two sepaiate uatacentei objects foi sepaiation.
AMÞ C|uster Datacenter
This uatacentei has a single clustei object housing two (Ŷ) ANP CŶŴŴ seiveis.
Essentially this vCentei uatacentei will be managing itself since it is also iunning in
that same clustei. It will pioviue vCentei functions to these two seiveis such as
0puate Nanagei, templates, anu cloning functions. This uatacentei object will have
one set of access ioles anu peimissions. (Customeis may oi may not have access to
these ESXi hosts uepenuing on theii agieement with vCE.)
vC|oud D|rector Management C|uster Datacenter
This also has a single clustei object uefineu that is maue up of foui (Ÿ) Cisco CŶŴŴ
iack seiveis oi the customeis chosen vClouu Nanagement Pou configuiation as
stateu pieviously. This clustei may have sepaiate uistinct access ioles anu
peimissions than the fiist clustei. The customei will geneially neeu full access to
this by any vSpheie auministiatois to manage the vNwaie viitual Nachines in the
management pou. This clustei, howevei, is outsiue the vCentei Seivei which
pioviues out of clustei management. This is a geneially accepteu best piactice with
vSpheie Aichitectuie.
Vb|ock VMware vCenter
The seconu vNwaie vCentei instance is hosteu insiue the vClouu management pou,
the hosts which aie in tuin manageu by the ANP vNwaie vCentei instance. Simply
speaking, this will be a vNwaie viitual Nachine in the ANP vCentei instance
iunning on the foui-noue vNwaie vClouu Nanagement Clustei. This may have
multiple uatacentei anu¡oi clustei objects uepenuing on the numbei of 0CS blaues
initially ueployeu anu scaleu up ovei time. Pei the vNwaie vClouu Refeience
Aichitectuie, this instance will only manage vClouu hosts anu viitual machines. 0IN
will also point to this vCentei as it piovisions 0CS blaues foi consumption by
vNwaie vClouu Biiectoi. Lastly, this vCentei instance will have completely sepaiate
peimissions to piotect vClouu contiolleu objects fiom being mishanuleu.

vCenter Þrotect|on
The existence of vCentei is ciitical in a vClouu Biiectoi implementation because
vCentei is now a seconuaiy layei in the vClouu Biiectoi Stack. The vClouu Biiectoi
seiveis aie a layei highei in the management stack anu contiol the vCentei seiveis.
The iecommenueu appioach is to piotect the vCentei instance hosteu insiue the
vClouu Nanagement Pou by utilizing vCentei eaitbeat. This is not a iequiieu
component of the vClouu Biiectoi on vblock uesign.

-etwork|ng Infrastructure
vNwaie vClouu Biiectoi pioviues Layei-Ŷ netwoiking as isolateu entities that can
be piovisioneu on uemanu anu consumeu by tenants in the clouu. These isolateu
entities aie cieateu as netwoik pools, which can be useu to cieate oiganization
netwoiks which vApps iely on. vApps aie the coie builuing block foi ueploying a
pieset numbei of viitual Nachines configuieu foi a specific puipose. When
ueployeu, theie aie ŷ uiffeient types of netwoiks, which can be connecteu:

O Exteinal (Public) Netwoiks
O Exteinal 0ig Netwoiks (Biiect connecteu oi NAT-iouteu to exteinal
netwoiks)
O Inteinal 0ig Netwoiks (Isolateu, uiiect connecteu oi NAT-iouteu to exteinal
netwoiks)

The viitual machines within a vApp can be placeu on any one oi moie of the
netwoiks piesenteu foi vaiying levels of connectivity baseu on each use case. In
auuition, vClouu Biiectoi uses thiee types of pool types to cieate these netwoiks.
Below is a basic compaiison of the thiee netwoik pool types (foi moie uetaileu
infoimation, please iefei to the vNwaie vClouu Biiectoi uocumentation):

O Poit uioup Backeu Pools
4 Benefits - suppoiteu by all thiee viitual switch types: Cisco Nexus
ŵŴŴŴv, vNwaie vBS anu vSwitch
4 Constiaints - manual piovisioning: vSpheie backeu switches have to
be pie-configuieu: must be available on eveiy host in clustei
O vLAN backeu Pools
4 Benefits - sepaiation of tiaffic thiough use of vLAN tagging
4 Constiaints - cuiiently only suppoiteu by vNwaie vBS: consumes a
vLAN IB foi eveiy netwoik pool
O vCB-NI backeu Pools
4 Benefits - automateu piovisioning of netwoik pools: consumption of
just ŵ vLAN IB
4 Constiaints - cuiiently only suppoiteu by vNwaie vBS: maximum
peifoimance iequiies an NT0 size of at least ŵŹŶŸ on physical
netwoik poits (both host anu uiiectly attacheu switches)

1he C|sco -exus 1000V
The Cisco Nexus ŵŴŴŴv is an integial pait of the vblock platfoim, allowing foi
auvanceu featuie sets of the Cisco NX-0S to live in the viitual space. The NX-0S gives
netwoik auministiatois the ability to see ueepei into netwoik tiaffic anu inspect
tiaffic that tiaveises the netwoik. It inteiopeiates with vNwaie vClouu Biiectoi,
anu extenus the benefits of Cisco NX-0S featuies, featuie consistency, anu Cisco's
non-uisiuptive opeiational mouel to enteipiise piivate clouus anu seivice pioviuei
hosteu public clouus manageu by vNwaie vClouu Biiectoi.
vNwaie vClouu Biiectoi Netwoik Isolation (vCB-NI) is a vNwaie technology that
pioviues isolateu Layei-Ŷ netwoiks foi multiple tenants of a clouu without
consuming vLAN auuiess space. vCB-NI pioviues Layei-Ŷ netwoik isolation by
means of a netwoik oveilay technology utilizing NAC in NAC encapsulation anu is
not available with the Cisco Nexus ŵŴŴŴv at the time of this wiiting. The Cisco Nexus
ŵŴŴŴv iequiies poit gioups to be pie-piovisioneu foi use by vNwaie vClouu
Biiectoi.


-etwork|ng 5o|ut|on for VMware vC|oud D|rector and Vb|ock us|ng C|sco -exus
1000v
The vblock solution foi vNwaie vClouu Biiectoi takes an appioach wheie both the
Cisco Nexus ŵŴŴŴv anu the vNwaie vNetwoik Bistiibuteu Switch (vBS) aie useu in
conjunction with each othei. The logical vblock platfoim builu piocess will be uone
slightly uiffeiently with vNwaie vClouu Biiectoi on vblock. Eveiy ESXi host will
have both a Nexus ŵŴŴŴv anu a vNwaie vBS.

Eveiy Cisco 0CS half wiuth blaue insiue the vblock platfoim comes with one N8ŵKR
(PAL0) viitual Inteiface caiu while Cisco 0CS full wiuth blaues aie configuieu with
two. The N8ŵKR is unique because each caiu has two ŵŴubE auapteis that can
allocate iesouices into viitual inteifaces. The vClouu Biiectoi on vblock solution
uses the Cisco 0CS N8ŵKR auapteis to piesent foui (Ÿ) viitual ŵŴubE auapteis to
each ESX host. This uoesn't mean eveiy host has ŸŴub of available thioughput, but
all Ÿ viitual netwoik inteifaces shaie ŶŴub of available banuwiuth. Two (Ŷ) ŵŴubE
auapteis aie given to each viitual switch, which allow foi simultaneous use anu full
ieuunuancy.

This changes slightly when using a Cisco B-seiies full wiuth blaue. Since theie aie
two N8ŵKR (PAL0) viitual inteiface caius in each blaue it has Ÿ ŵŴubE auapteis
that iesouices can use. The vClouu Biiectoi on vblock solution uses the Cisco 0CS
N8ŵKR auapteis to piesent foui (Ÿ) ŵŴubE auapteis to each ESXi host. Two (Ŷ)
ŵŴubE auapteis, one fiom each N8ŵKR caiu, aie given to each viitual switch type,
which allow foi simultaneous use anu full ieuunuancy.

The vNwaie vClouu on vblock solution uses the Cisco Nexus ŵŴŴŴv assigneu to poit
gioup-backeu netwoik pools foi eveiything enteiing anu exiting the vblock on
exteinal netwoiks. This appioach allows the netwoik team to contiol eveiything on
the netwoik up to the vblock components. Cuiiently the Cisco Nexus ŵŴŴŴv
capability extenus only as fai as pie-piovisioneu configuiation of poit gioups in
vSpheie. vNwaie vClouu Biiectoi exteinal netwoik poit gioups must be cieateu
manually in vNwaie vClouu Biiectoi anu then associateu with a pie-piovisioneu
vSpheie poit gioup. All exteinal poit gioups neeu to be cieateu on the Cisco Nexus
ŵŴŴŴv by the netwoik auministiatoi anu assigneu as neeueu insiue vNwaie vClouu
Biiectoi. This appioach allows the netwoik team to maintain contiol of the netwoik
foi eveiy packet that is exteinal to the vNwaie vClouu Biiectoi clouu.

The vNwaie vBS is iesponsible foi all Exteinal 0iganization anu Inteinal
0iganization Netwoiks which aie inteinal to the clouu. This allows vNwaie vClouu
Biiectoi to natively automate the piocess of cieating new poit gioups that aie
backeu with eithei vLAN-backeu pools oi vCB-NI-backeu pools. vNwaie vBS gives
clouu auministiatois the ability to uynamically cieate the vNwaie vClouu baseu
isolateu netwoiks with little to no inteivention by the netwoik team. It is also
iecommenueu that the vCB-NI pools aie useu since they pioviue the gieatest
flexibility with the least numbei of iequiieu vLANs. Exteinal 0ig anu¡oi Inteinal
0ig netwoiks using netwoik pools backeu by vLAN oi vCB-NI poit gioups, that aie
Layei-Ŷ segments, ioute between hosts in the same vNwaie clustei.

When a vApp (oi vN insiue a vApp) neeus to access an exteinal netwoik, the tiaffic
is iouteu inteinally on the ESX host fiom the vNwaie vBS to the Cisco Nexus ŵŴŴŴv
by use of the vShielu Euge appliance using a NAT-iouteu configuiation. The vShielu
Euge appliance is configuieu with Ŷ NICs, one connecteu to an oiganization netwoik
on the vNetwoik Bistiibuteu Switch, anu one connecteu to an exteinal netwoik on
the Cisco Nexus ŵŴŴŴv, biiuging the two netwoiks togethei. Auuitionally, a vApp
coulu be configuieu to uiiectly access an exteinal netwoik baseu on a specific use
case anu theiefoie woulu only be attacheu to the Cisco Nexus ŵŴŴŴv. The fiist
uiagiam below illustiates basic connectivity of a NAT-iouteu vApp with vNwaie
vShielu Euge:




The seconu alteinative configuiation wheie eithei the vApp (Inteinal 0ig) oi
Exteinal 0ig netwoik coulu be uiiect attacheu to the Exteinal (public) netwoik is
shown below. In this case, viitual machines insiue a vApp aie essentially uiiectly
connecteu to the exteinal netwoik anu theiefoie woulu not be able to take
auvantage of NAT anu¡oi fiiewall functionality pioviueu by vShielu Euge anu woulu
be consuming exteinal IP auuiesses fiom the exteinal netwoik pool.


igur¢ ŷ - NAT Rout¢d vApp N¢twork to Ext¢rnal N¢twork
igur¢ Ÿ - Dir¢ct Attacb¢d vApp N¢twork to Ext¢rnal N¢twork

-etwork|ng 5o|ut|on for VMware vC|oud D|rector and Vb|ock us|ng VMware
v-etwork D|str|buted 5w|tch
The Cisco Nexus ŵŴŴŴv is not a iequiieu component in a vCE vblock iunning
vNwaie vClouu Biiectoi ŵ.Ŵ.x. This uecision was maue because of the auuitional
steps anu iequiiements neeueu fiom a logical builu peispective as well as licensing
costs of vShielu Euge in auuition to the lack of integiation with vCB-NI. The Cisco
Nexus ŵŴŴŴv is still iecommenueu foi the vClouu management clustei to give
netwoik auministiatois access. owevei, if a customei ueciues to implement a
netwoiking solution baseu on the vNwaie vNetwoik Bistiibuteu Switch, eveiything
ielateu to the vClouu is iesponsible unuei the Clouu Auministiatoi's iole.

The logical builu of a Cisco B-Seiies blaue that will be useu by vClouu Biiectoi will
only neeu two (Ŷ) ŵŴubE auapteis (oi vNICs) anu two (Ŷ) vBAs assigneu to it by
0IN's cieation of Seivice Piofiles in 0CSN. These two (Ŷ) vNICs will seive as the
stanuaiu configuiation fiom vCE's logical builu anu will abiue by the 0oS templates
alieauy pieset by vCE stanuaius. These two (Ŷ) vNICs will be iesponsible foi all
netwoik tiaffic incluuing management, vNotion, anu viitual machine tiaffic.

The vNetwoik Bistiibuteu Switch will be iesponsible foi contiolling all thiee types
of netwoiks: Exteinal Netwoiks, Exteinal 0iganization Netwoiks, anu Inteinal
0iganization Netwoiks. This will allow vNwaie vClouu Biiectoi to natively
automate anu oichestiate the cieation anu uestiuction of poit gioups that aie
cieateu by vLAN-backeu netwoik pools oi vCB-NI backeu netwoik pools.

A vNetwoik Bistiibuteu Switch still neeus to comply with basic vClouu Biiectoi
iequiiements. All exteinal poit gioups must be cieateu befoie hanu, incluuing
vLANs that aie going to be utilizeu foi vCB-NI layei Ŷ tiansmissions.
Recommenuations foi vNetwoik Bistiibuteu Switch settings foi vCB-NI can all be
founu in the vNwaie vClouu Aichitectuie Toolkit veision ŵ.ź.

vShielu Euge uevices will be useu natively against vClouu Biiectoi to seive as
BCP¡Fiiewall¡NAT uevices foi fenceu netwoiks anu oiganizational netwoiks.

5torage Infrastructure
Cverv|ew
Stoiage is a key uesign element in a vNwaie vClouu enviionment, both at the
physical infiastiuctuie level, as well as the Pioviuei viitual Batacentei (vBC) level.
The functionality of the stoiage layei can impiove peifoimance, inciease scalability,
anu pioviue moie options in the seivice cieation piocess.
ENC aiiays at the heait of the vCE vblock Infiastiuctuie platfoim anu offei a
numbei of featuies that can be leveiageu in a vClouu enviionment, incluuing FAST
vP, FAST Cache anu the ability to pioviue a unifieu stoiage platfoim that can seive
both file anu block stoiage.
IA51 VÞ
vNX FAST vP is a policy-baseu auto-tieiing solution. The goal of FAST vP is to
efficiently utilize stoiage tieis is to lowei the oveiall cost of the stoiage solution by
moving "slices" of coluei uata to high-capacity uisks anu to inciease peifoimance by
keeping hottei slices of uata on peifoimance uiives. In a vNwaie vClouu
enviionment, FAST vP is a way foi pioviuei to offei a blenueu stoiage offeiing,
ieuucing the cost of a tiauitional single-type offeiing while allowing foi a wiuei
iange of customei-use cases anu accommouating a laigei cioss-section of vNs with
uiffeient peifoimance chaiacteiistics.
ŵ

Use Case #1ť 5tandard 5torage 1|er|ng
In a non-FAST vP enableu aiiay, typically multiple stoiage tieis aie piesenteu to the
vClouu enviionment, anu each of these offeiings is abstiacteu out into sepaiate
Pioviuei vBCs. Foi example, a pioviuei may choose to piovision an EFB
(SSB¡Flash) tiei, a FC¡SAS tiei anu a SATA tiei, anu then abstiact these into a uolu,
Silvei anu Bionze Pioviuei vBCs. The customei then chooses iesouices fiom these
foi use in theii 0iganizational vBC.

This piovisioning mouel is limiteu foi a numbei of ieasons:
O vNwaie vClouu Biiectoi uoesn't allow foi a non-uisiuptive way to move vNs
fiom one Pioviuei vBC to anothei, meaning the customei must pioviue foi
uowntime if the vApp neeus to be moveu to a moie appiopiiate tiei
O Foi woikloaus with a vaiiable I¡0 peisonality, theie is no mechanism to
automatically migiate those woikloaus to a moie appiopiiate tiei of uisk
O With the cost of EFBs still being significant, cieating an entiie tiei of them
can be piohibitively expensive, especially with few woikloaus having an I¡0
pattein that takes full auvantage of this paiticulai stoiage meuium

0ne way in which the stanuaiu stoiage tieiing mouel can be a benefit is when
multiple aiiays aie being utilizeu to pioviue uiffeient kinus of stoiage of uiffeient to
suppoit uiffeient I¡0 woikloaus.

ŵ
http:¡¡www.emcŶ.io¡collateial¡haiuwaie¡white-papeis¡h8ŶŶŴ-fast-suite-sap-vnx-wp.puf
Use Case #2ť IA51 VÞŴ8ased 5torage 1|er|ng
0n a vblock platfoim that is licenseu foi FAST vP, theie aie ways to pioviue moie
flexibility anu a moie cost-effective platfoim when compaieu to a stanuaiu tieiing
mouel. Rathei than using a single uisk type pei Pioviuei vBC, companies can blenu
both the cost anu peifoimance chaiacteiistics of multiple uisk types. Some examples
of this woulu incluue:

O Cieating a FAST vP pool that contains ŶŴ% EFB anu 8Ŵ% FC¡SAS uisks as a
"Peifoimance Tiei" offeiing foi customeis who may neeu the peifoimance of
EFB uuiing ceitain times, but who uon't want to pay foi that peifoimance all
the time.
O Cieating a FAST vP pool that contains ŹŴ% FC¡SAS uisks anu ŹŴ% SATA
uisks as a "Piouuction Tiei" wheie most stanuaiu enteipiise apps can take
auvantage of the stanuaiu FC¡SAS peifoimance, yet the ability to ue-stage
colu uata to SATA uisk biings the oveiall cost of the stoiage uown pei uB.
O Cieating a FAST vP pool that contains 9Ŵ% SATA uisks anu ŵŴ% FC¡SAS
uisks as an "Aichive Tiei" wheie mostly neai-line uata is stoieu, with the
FC¡SAS uisks being useu foi those instances wheie the customei neeus to go
to the aichive to iecovei uata, oi foi customeis who aie uumping a
significant amount of uata into the tiei.

1|er|ng Þo||c|es
FAST vP offeis a numbei of policy settings in how uata is placeu, how often uata is
piomoteu anu how uata movement is manageu. In a vClouu Biiectoi enviionment,
the following policy settings aie iecommenueu to best accommouate the types of
I¡0 woikloaus piouuceu:

O By uefault, the Bata Relocation Scheuule is set to migiate uata Ż uays a week,
between ŵŵpm anu źam, ieflecting the stanuaiu business uay, anu to use a
Bata Relocation Rate of "Neuium" which can ielocate ŷŴŴ-ŸŴŴ uB of uata pei
houi. In a vClouu enviionment, vCE iecommenus opening up the Bata
Relocation winuow to iun ŶŸ-houis a uay, but ieuuce the Bata Relocation
Rate to "Low." This will allow foi a constant piomotion anu uemotion of uata,
yet will limit the impact on host I¡0.
O By uefault, FAST vP-enableu L0Ns¡Pools aie set to use the "Auto-Tiei,"
spieauing uata acioss all tieis of uisk evenly. In a vClouu enviionment, wheie
customeis aie geneially paying foi the lowei tiei of stoiage but leveiaging
the ability to piomote woikloaus to highei peifoiming uisk when neeueu, the
vCE iecommenuation is to use the "Lowest Available Tiei" policy. This places
all uata onto the lowei tiei of uisk initially, keeping the highei tiei of uisk fiee
foi uata that neeus it.

IA51 Cache
FAST Cache is an inuustiy-leauing featuie, suppoiteu by all ŷŴŴ-seiies vblock
platfoims, which extenueu the vNX aiiay's ieau-wiite cache anu ensuies that
unpieuictable I¡0 spikes aie seiviceu at EFB speeus
Ŷ
, which is of paiticulai benefit
in a vClouu enviionment. Nultiple vNs, on multiple vNFS uatastoies spieau acioss
multiple hosts can geneiate a veiy ianuom I¡0 pattein, placing stiess on both the
stoiage piocessois as well as on the BRAN cache. FAST Cache, a stanuaiu featuie on
all vblocks, mitigates the effects of this kinu of I¡0 by extenuing the BRAN cache foi
both ieaus anu wiites, incieasing the oveiall cache peifoimance of the aiiay,
impioving I¡0 uuiing usage spikes anu uiamatically ieuucing the oveiall numbei of
uiity pages anu cache misses.

Because FAST Cache is awaie of EFB uisk tieis available in the aiiay, FAST vP anu
FAST Cache woik togethei in conceit to impiove aiiay peifoimance. Bata that has
been piomoteu to an EFB tiei will nevei be cacheu insiue FAST Cache, ensuiing that
both options aie leveiageu in the most efficient way.

In a vClouu Biiectoi enviionment, vCE iecommenus a minimum of ŵŴŴ uB of FAST
Cache, with the amount of FAST Cache incieasing as the numbei of vNs incieases.
The following table uetails the iecommenuations fiom vCE:

š of VMs AST Cacb¢ Configuration
Ŵ-ŶŸ9 ŵŴŴuB Total (ŶxŵŴŴuB, RAIBŵ)
ŶŹŴ-Ÿ99 ŸŴŴuB Total (ŸxŶŴŴuB, RAIBŵ)
ŹŴŴ-999 źŴŴuB Total (źxŶŴŴuB, RAIBŵ)
ŵŴŴŴ+ ŵŴŴŴuB Total (ŵŴxŶŴŴuB, RAIBŵ)

The combination of FAST vP anu FAST Cache allows the vClouu enviionment to
scale bettei, suppoit moie vNs anu a wiuei vaiiety of seivice offeiings, anu piotects
against I¡0 spikes anu buisting woikloaus in a way that is unique in the inuustiy.
These two technologies in tanuem aie a significant uiffeientiatoi foi the vCE vblock
infiastiuctuie platfoim.

5torage Meter|ng and Chargeback
aving flexibility in how you uelivei stoiage offeiings is impoitant, but in a vClouu
enviionment having the ability to metei anu chaige foi that stoiage is equally
ciitical. While not a iequiieu component of vNwaie vClouu Biiectoi on vblock, this
uesign uses the vNwaie vCentei Chaigeback piouuct, in conjunction with the
vNwaie Clouu Biiectoi Bata Collectoi anu vShielu Nanagei Bata Collectoi.
Configuiation of this piouuct is outsiue the scope of this papei, but iesouices can be
founu on the vNwaie website.


Ŷ
http:¡¡www.emc.com¡collateial¡haiuwaie¡white-papeis¡h8ŶŵŻ-intiouuction-vnx-wp.puf
Aftei Chaigeback is configuieu piopeily
ŷ
, 0iganizations cieateu in vClouu Biiectoi
will be impoiteu into vCentei Chaigeback, incluuing all of the 0iganization vBCs,
the meuia anu template files, vApps, viitual machines anu netwoiks. Each level of
the customei oiganization is iepiesenteu in the vCentei Chaigeback hieiaichy,
allowing iepoiting with as much gianulaiity as necessaiy.


ŷ
http:¡¡www.vmwaie.com¡iesouices¡techiesouices¡ŵŴŵŹŷ
VMware vC|oud D|rector and Vb|ock 5ca|ab|||ty
To unueistanu the scalability of vNwaie vClouu Biiectoi on vCE vblock we neeu to
auuiess items that will affect uecisions anu iecommenuations. Fiist, eveiy vblock
ships with ENC Ionix 0nifieu Infiastiuctuie Nanagei (0IN). ENC's 0IN softwaie is
useu as a haiuwaie-piovisioning piece to ueploy physical haiuwaie in a vblock
platfoim. Seconu, while eveiy vblock also uses vNwaie vCentei to manage the
vSpheie layei, in vClouu ueployments the vSpheie layei is actually contiolleu by
vNwaie vClouu Biiectoi.

ENC Ionix 0IN softwaie communicates to vNwaie vCentei to piovision physical
blaues with vNwaie ESX oi ESXi anu integiates them into vSpheie objects that
vNwaie vClouu Biiectoi can then consume. These can eithei be existing vSpheie
clustei objects oi they can be completely new objects locateu in the same vNwaie
vCentei.

An existing vNwaie vCentei instance managing vblock foi vClouu Biiectoi
iesouices can scale to the maximums set by vNwaie, which baseu on cuiient
uocumentation, is ŵŴŴŴ hosts. In the past, as moie piovisioneu blaues weie neeueu,
anothei 0IN instance was cieateu along with a new vNwaie vCentei instance. Since
0IN is ciucial to the oichestiation of hosts, anu the maximums of each piouuct
uiffei, iecommenuations can be baseu on inuiviuual customei iequiiements anu the
specific use case foi 0IN.

As each new vblock is ueployeu, oichestiation woikflows can uiscovei the new
vblock, cieate 0IN seivice offeiings, associate them to specific vCentei instances,
initiate new seivices on top of the vblock, as well as piovision new ESX hosts into
vCentei clusteis. Each auuitional vblock, fiom a haiuwaie peispective, miiiois the
configuiation of the fiist vblock, the exception being each anu eveiy new one uoes
not iequiie a new vCentei. 0IN on the othei hanu, is uiiecteu at the oiiginal vCentei
seivice available in the vClouu Biiectoi Nanagement Stack anu new blaues aie
piovisioneu anu auueu to a new vNwaie clustei. As auuitional vblocks aie auueu to
vCentei foi vClouu Biiectoi capacity, the iecommenueu maximum host
configuiation stanus at źŸŴ blaues. 0nce the źŸŴ blaue maximum has been ieacheu,
a new vCentei instance becomes necessaiy anu new vblocks aie then assigneu to it.

The uesign philosophy of aichitecting minimal vNwaie vCentei Seiveis, each
iepiesenting a builuing block, enables customeis to iealize the stiengths of vblock
scalability while ieuucing vNwaie vCentei anu vClouu enviionment complexity.
Customeis simply puichase moie compute iesouices (in the foim of vblocks) anu
auu them to theii vNwaie vClouu Biiectoi Clouu enviionment in a quick anu
convenient mannei - especially in 0IN-baseu ueployments. By leveiaging the iapiu
haiuwaie piovisioning of ENC Ionix 0IN anu the elasticity of vNwaie vClouu
Biiectoi, the best of both woilus aie joineu to pioviue consistent, ieauily available,
anu scalable iesouice ueployment foi clouu consumeis.
keference L|nks
http:¡¡www.vmwaie.com¡files¡puf¡vNwaie-Aichitecting-vClouu-WP.puf

http:¡¡www.emc.com¡collateial¡softwaie¡white-papeis¡h8ŴŹ8-fast-vp-unifieu-stoiage-wp.puf

http:¡¡www.emc.com¡collateial¡haiuwaie¡white-papeis¡h8ŶŵŻ-intiouuction-vnx-wp.puf

http:¡¡www.emcŶ.io¡collateial¡haiuwaie¡white-papeis¡h8ŶŶŴ-fast-suite-sap-vnx-wp.puf

Cisco Nexus ŵŴŴŴv Integiation with vNwaie vClouu Biiectoi

Master your semester with Scribd & The New York Times

Special offer for students: Only $4.99/month.

Master your semester with Scribd & The New York Times

Cancel anytime.