DMZ Design with vCloud Network and Security

“If you can create it with physical devices, you can build it in your own vCloud”. That’s something I always tell my customers when advising on VMware vCloud. Same goes for VMware vCloud Network and Security, which in my opinion hasn’t shown its full potential to customer yet. Thankfully Shubha Bheemarao and Ranga Maddipudi have created an excellent whitepaper on implementing vCloud Network and Security for a DMZ zone. This paper demonstrates how securing a virtual DMZ environment using VMware vCloud Networking and

Summary of the paper:

This paper highlights how securing a virtual DMZ environment using vCloud Networking and Security can be a strategic enabler to your organization as it helps you to reduce your capital expenditure and increase agility, while building a cloud ready, secure and scalable environment for business applications. The paper also highlights the different design approaches to securing business critical applications and enables you to make the choice that is most suited to your organization in the cloud journey. Further, it gives prescriptive configuration guidance to help you get started with the deployment of your preferred approach.

For more information on vCloud Networking and Security follow @vCloudNetSec on Twitter.

Source can be found here.

Understanding VMware vSphere 5.1 Storage DRS

Unfortunately @FrankDenneman will be leaving VMware to join PernixData. But before leaving us he has written een excellent whitepaper on Storage DRS.

If you want to know in depth what Storage DRS is all about : Read this whitepaper!

Protecting vCenter Database with Third Party Clustering Solution

New Book : VCDX Boot Camp

VMware Certified Design Expert (VCDX) is the highest level of VMware certification, achieved by dedicated professionals who have demonstrated exceptional skill in VMware enterprise deployments. To earn a VCDX, professionals must create a complete enterprise VMware design and undergo an arduous defense at the hands of some of the world’s most sophisticated VMware experts.

Now, for the first time, there’s a comprehensive guide to VCDX defense: VCDX Boot Camp. Based on the legendary standing-room-only boot camps led by VCDX co-creator John Arrasjid, this guide captures the unsurpassed personal experience of three pioneering VCDX certification holders, program developers, and defense panelists.

More information can be found here. Source : VMware Blogs

VMware NSX Network Virtualization

Read more information here. Source : VMware Blogs

Snapshots with vCloud Director 5.1 and VADP

Backup is hot topic when discussing your vCloud Director architecture setup. Until recently there was no real integration with vCloud Director and most backup vendors. Most of them could backup vCloud vApps, but did so without the metadata that is required to restore the vApp in the vCloud (i.e. which organization, which organizational vDC, etc.)

Over the last period several vendors have come up with an vCD 5.1 integrated solution, which is of course great for everybody running vCloud Director.

More information on backing up vApps for vCD Tenants can be found in the VMware whitepaper here.

Most backup products use vStorage API for Data Protection (VADP). VADP uses snapshots to create backups of running virtual machines in a vApp. This is were it becomes challenging. vCloud Director 5.1 will only support one snapshot (see here for more info).

So what happens when VADP takes a snapshot?

The snapshot action by VADP will commit the already existing snapshot of the virtual machine. This results in a single VMDK being backed up to the backup solution. In the event of a restore the backup solution will restore the consolidated virtual machine. The last state known, but without the snapshot.

Take this into account when designing your vCloud Director backup solution. Ask your backup solution provider what the backup solution does in the event that it recognises a snapshot. For now it would be better to skip / create a warning in the event of snapshot detection within vCD.

Performance Best Practices for Hadoop on vSphere 5.1

Apache Hadoop provides a platform for building distributed systems for massive data storage and analysis using a large cluster of standard x86-based servers. It uses data replication across hosts and racks of hosts to protect against individual disk, host, and even rack failures. A job scheduler can be used to run multiple jobs of different sizes simultaneously, which helps to maintain a high level of resource utilization. Given the built-in reliability and workload consolidation features of Hadoop it might appear there is little need to virtualize it.

However there are a lot of benefits on virtualizing the Hadoop workload on top of VMware vSphere. VMware has written a whitepaper with performance best practices for Hadoop on vSphere 5.1. Read the full paper for detailed results and to learn about performance best practices for deploying Hadoop on vSphere.

More information can also be found on the blog by Josh Simons over here.

vCenter and vCNS plugin for Puppet

Automation will become key in the Software Defined Data Center (SDDC). VMware recently invested in Puppet Labs.

Now a new plugin is released for managing vSphere and vCloud Network and Security (vCNS) within the virtual infrastructure.

This again is a great step in the direction enabling customer to create the SDDC. As I already said automation will become key when designing and operating the SDDC. Puppet Labs really helps in automation key parts of the virtual infrastructure. Plugins like this make things easier to implement and in the end easier to operate by just a few simple clicks.

For more information see the blog post by Nan Liu over here.

My road to becoming a VCDX

“Desire is the key to motivation, but it’s determination and commitment to an unrelenting pursuit of your goal – a commitment to excellence – that will enable you to attain the success you seek.” – Mario Andretti

Finally found some time to write down my experience on achieving my VCDX. It’s been a long road to achieving my VMware Certified Design eXpert (VCDX) certification and as the quote above states it takes determination and commitment to achieve this goal. It was a bumpy road, not only during my project, but also when doing the VCDX defenses. I didn’t achieve it the first time, but with determination and commitment I continued the journey. Sure, it was disappointing and it took me some time to get over it and regain confidence, but in the end it pays off when you receive the email stating that you’ve successfully passed for VCDX. That’s a great feeling and proves that with desire, commitment and determination you can come a long way.

Hopefully this post will help others to in achieving it the first time. But even if you didn’t pass the first time, that shouldn’t stop you from trying a second time. It isn’t a nice feeling when being told that you didn’t pass, but don’t look at it as failure, look at it as feedback. Learn from it and use that to your advantage.

Design is an art, it takes time and patience…

For me it al started when doing a VMware vSphere 4.1 project for a customer with a large virtual infrastructure that needed to be upgraded to vSphere 4.1. Not to say that your project needs to be big. This project incorporated 60 clusters and 360 ESXi hosts. That’s what I call a big environment, but isn’t necessary for a VCDX project. What does help is that you choose real-life project.

Tip #1: Choose a real-life project.

Something to get your teeth into and that guides you along the way of design. Design is a step-by-step, iterative process and helps you in determining why certain choices were made in your design. Seek peers to review the design along the way. Ask your customer to be critical and speak to them on the choices you’ve made in the design. Present the results in the end and ask them to challenge what you’ve come up with.

And like I already stated it doesn’t need to be a large, complex environment. As long as you have a project that takes you along the following route:

1. Gather customer requirements and constraints;

2. Create a vSphere logical design that meets the requirements and takes the constraints into account;

3. Translate this logical design into a physical implementation again taking the requirements and constraints into account.

Take into account that during your design you will go up and down this list. In most designs there will be contradictions between the requirements, constraints and the things that are physically possible. This is were your architect skills will come into play and the guidance that you need to provide to your customer and in the end this process will provide you the why for choices you’ve made in your design. Guess what is interesting during your VCDX design defense….

Tip #2 Keep a log of all the design decisions that were made during the design phase

Tip #3 : Use the VCDX blueprint when creating your design

The blueprint has been based on design areas that required in a vSphere design. Therefor it is a very useful document when creating a design. Use this information when going through your design process and try to focus on all the design areas that are mentioned in the blueprint.

Also it is useful to keep in mind that the choices you make for your design should be based on the requirements and constraints that apply to the customers environment. It is your job to explain why certain design choices have been made taking those customer requirements and constraints into account. In other words there is no single perfect design. That is not what the panel is looking for. The panel is looking for the validation of choices you made during your design phase. Show them the thinking process you went through when making a design decision.

Tip #4 : There is no single perfect design. The best design is the design that meets the requirements and constraints of your client.

Keep this tip in mind when designing. There is no perfect design. The best design you can create is the one that you’ve agreed upon with your customer. You need to take all the requirements and constraints into account and create a design that meets those elements. Don’t try to struggle with the fact that is must be a “perfect design”. The only perfect design is the design that takes the customers needs into account. And again you need to be able to recollect why you made certain choices for the customer in you design.

Going doing the certification path.

Trying to achieve your VCDX is a choice. It needs to be your decision and you will need to commit to go along on this journey. It takes time and a lot of effort before you eventually stand in front of the panel. With time and effort comes planning, so…

Tip #5: Make a planning, set a goal for yourself

Do this at the start. Doesn’t matter when. If your a VCAP, VCP or don’t have VMware certification at all, anytime you can decide to go for your VCDX certifcation, but do create a planning and commit to it. Try to analyse what you still need before applying for the VCDX defense. This can be certifications, a vSphere design, more VMware vSpere knowledge, etc. Create a breakdown structure of the things you need to do with a date that you’ve got in mind. Write them all down, put it on a wall and look at it from time. Setting a goal will help you motivate yourself to do the things necessary to achieve VCDX in the end.

Tip #6 : The application is a summary of your design, use it as strategy approach for your defense panel

The panel is to show your design skills to the panel. The application is usefull for strategy approach with the question in mind : What do you want to show the panel? Walk through your requiremetns, constraints and assumptions and see look at the ones that had the biggest impact on your design. Those are the ones that are the most interesting and the most fun to talk about during your defense.

For more information I would like to refer to the VCDX Candidate Tips which is full of useful tips.

# Tip 7 : Seek help from others.

Your not alone. You probably work with a lot of talented people that can challenge and help you to grow. Don’t just use them for a mock defense, but also let them help you achieve your VCDX. Ask for advice, let people read what you are doing and share the experience.

I’m not perfect, but there is no failure. There is only feedback!

Unfortunately I didn’t achieve my VCDX the first time. “We regret to inform you…” were the words that haunted my mind for quite some time. During that time I had a lot of things going through my mind. But when the dust from the “Cloud of Dissapointment” settles, it is time to pick up the pieces. And actually there is a lot of information in the experience you went through. I must admit, it wasn’t a fun experience, but it did have a lot of information in there. Here are some tips to help re-set your goal.

#Tip 8 : Have some time between the VCDX defenses. Don’t take another VCDX defense between 4 -6 months after you didn’t pass.

Instead of looking at it as failure, turn it around, look at it and see it as feedback. It wasn’t that you weren’t good enough. You already made it through the application phase and were allowed to go to the defense panel. You are good enough, but you just need to bring your A game, in stead of the B game that you brought to the defense that didn’t let you pass to become VCDX. And the information to bring your A game is all in the feedback that you got during the defense and in the email with the notice that you didn’t pass. OK, I’ll admit, the feedback in the email isn’t much. It has pointers, but combined with the experience you have, you can probably work out the areas that need your attention for your next try. Go through your design and adres the areas you need to work on using the following tip…

#Tip 9 : Using a real-life project doesn’t mean you can’t tweak things to your “advantage”

Some decisions in you design maybe are hard to explain or aren’t there because the customer didn’t have the information. That shouldn’t stop you from adding and tweaking your design to your “advantage”. Panels only have the information that is presented to them through the application, which basically means that you can create an ideal situation. If there a things in your design that you would like to have tweaked, feel free to do so, but do keep in mind that you need to clarify it with the requirements and constraints that the customers provided to you (or that you also added ) It needs to fit and you need to be able to explain it to the panel. Create your own world, but without losing the grip on reality!

# Tip 10 : Learn for the past, work hard in the present, focus on the future

Please learn from the experiences that you had during the defense you did not pass. This is valuable information before walking into the defense panel again. You already know what is expected of you, you already know what you did wrong the last time, but stop and I repeat STOP going back to “the bad experience”. There is no point in re-living the bad experience over and over again. In stead learn your lessons. Use them to your advantage. Work hard to getting things back on track to your VCDX and focus on the future. Try to imagine what it would be like standing in front of the panel again. You can do this!

To conclude my write-up try to look at gaining your VCDX as a learning experience. There are lots of lessons in there and there are barriers that you need to break before you achieve your goal. If it was that easy to gain your VCDX then there wasn’t any fun in doing it at all. So when you sit down again and think about your bucket list, write this one on it : Achieve VCDX! (I know you want this, you wouldn’t have read my complete article if you didn’t want to do this… Have fun!)

vCloud Suite 5.1 Licensing Explained

VMware has announced the release of the new vSphere 5.1 solution. Together with this new release, VMware has also announce it’s new VMware vCloud Suite 5.1 licensing model. This model combines multiple components (vSphere Enterprise Plus, vCloud Director, vCloud Networking and Security, etc.) into a single product with a single license. All virtual machines running on a properly licensed vCloud Suite processor can use all components included in that vCloud Suite edition.

Licensing per processor

As mentioned above the licensing unit takes place per-processor. VMware no longer limits it’s customers physical resources and on the number of virtual machines!!! VMware has listened to the VMware Community and no longer applies the vRAM principle. Or like other call it, the vTax. The VMware vCloud Suite 5.1 is licensed per physical processor. With all physical processors licensed in a server a customer can run all VMware products on top of this server that are licensed within the bundle.

vCloud Suites Editions

There are 3 editions available for the vCloud Suites :

1. VMware vCloud Suite Standard; vSphere Enterprise Plus, vCloud Director, vCloud Connector & VMware vCloud Network and Security Suite Standard.

2. VMware vCloud Suite Advanced; vSphere Enterprise Plus, vCloud Director, vCloud Connector & VMware vCloud Network and Security Suite Advanced and vCOPs Advanced.

3. VMware vCloud Suite Enterprise; vSphere Enterprise Plus, vCloud Director, vCloud Connector & VMware vCloud Network and Security Suite Enterprise, vCOPS Enterprise, vFabric Application Director and SRM.

So what’s the deal?

In my opinion VMware tried to simplify the whole licensing part of building a vCloud solution. Most customers that build a private cloud in general want to build such a vCloud solution in an easy manner, but it also needs to be easy to manage, must be monitored and should work in case of a disaster.

All of these components are in the bundle that is licensed with vCloud Suite Enterprise edition. An easy licensing path on the road to your own private vCloud. Most companies already have VMware vSphere licenses and VMware also provide an upgrade path toward the new VMware vCloud Suite licenses. For upgrading VMware has introduced the Fair Value Conversion Program that can be found at http://www.vmware.com/go/ vcloud-suite-licensing.

For more information on the VMware vCloud Suite licensing see the vCloud Suite 5.1 Pricing and Packaging Whitepaper or talk to your own VMware sales representative.