VMworld - vCloud Director Technical Overview Session

I'm playing a little catch up this week.  Sorry for the delay in getting my session write up's posted.  As usual, I took notes as fast as I could but I may be missing a few things and this post may contain some slight inaccuracies here and there.

The vCloud Director Technical Overview session was probably one of my favorite sessions at VMworld.  They did a very nice job staying low level to explain everything while also keeping it interesting at the same time.  The session started off with an overview of the product.  There have been many other good articles already published on this subject so I'll it.

Network Overview

 The first topic was a networking overview.  There are two basic types of networks that can be created in vCloud Director(vCD), External (shared) networks and Internal (pools) networks.

An External network communicates with the outside world and can be shared with other resources.  This type of network is attached to a port group on a virtual switch and isolation occurs through the use of Layer 2 VLAN's similar to regular virtual machine port groups today.  External networks are creating by the cloud administrator, they can't be self provisioned.

An Internal network is where things get interesting.  An internal network isolates a vApp (group of machines) within an organization from other vApps as well as other organizations.  Internal networks are created by the users based on pre-defined values that are entered into pools by the cloud administrator.  Internal networks will be self provisioned.  There are three types of internal networks: 1. portgroup based 2. VLAN based & 3. vCD Network

1. Portgroup Based Pool - The port groups are created ahead of time and "handed out" to vApps as needed.   The cloud administrator must create all necessary port groups ahead of time and they will attached as needed to the virtual switches
2. VLAN Based Pool - This pool type allows for creation and isolation based on VLANs.  The cloud admin would create a number of VLANs ahead of time and each vApp would grab a VLAN from the pool upon check out.
3. vCloud Director Based Pool - This type of network is very similar to Lab Manager's fencing.  A virtual machine (in this instance it is the new vShield Edge product) will sit in between the vApp and the outside world and perform Mac in Mac based isolation, NAT, DHCP, etc to communicate with the outside world.  This feature is limited to one VLAN per vApp at this time.  vCD based networks allow for Internal (fenced & isolated from the outside world) and External Routed (fenced but NOT isolated) networks.

Organization Overview 

Up next we had Organizations.  An organization in vCD is basically a "tenant" or a group that you would like to manage and isolate from others.  Each organization will have a unique web address created for them to use the vCD default GUI.  There are three ways to authenticate against an organization: 1. vCD Local Database (not recommended) 2. Global LDAP & 3. Per Organization LDAP.  I really like the ability of vCD to tie into an LDAP per organization; this will provide multiple tenants from different organizations an easy integration point.

Leases and Quotas

There are two types of leases and quotas in the vCD product, time based and storage based.  The concept of a lease allows users to check out vApps for a specified amount of time and then renew the lease as needed.  The user may also allow the lease to expire and the resources will return to the pool.  Resources can be configured to be suspended and held for an amount of time to make sure the lease expiration was intended.  A good example of this is a user going on vacation during the lease expiration.  The user could not renew the resources and would be very upset if they were destroyed.  This mechanism would prevent that situation.

Quotas are exactly as they sound.  A user is prevented from creating too much sprawl within an organization by checking out and consuming resources they may not need.  Only a certain amount may be checked out at a given time or only a certain amount of storage may be provisioned.

The idea of quotas brought up a number of questions around approvals and provisioning of vApps in the vCD product.  Currently, there is no approval mechanism built into the vCloud Director product but it MAY be incorporated into a future release.  What this means is that if a user has access to provision, there is nothing stopping them today except leases and quotas.

Allocation Models 

There are three types of allocation models built into vCD: 1. pay as you go (no over commit) 2. Allocation Pool (cloud admin over commits resources) & 3. Reservation Pool (organization admin over commits resources)

The use of the Allocation Pool and Reservation Pool models allow you to "thin provision your data center".  You can over commit your resources at either the Cloud or Organization levels based on your desire.  As with anything thin provisioned, use caution, understand the design, carefully monitor the environment, and generate alerts when trouble starts.

Organization Networks

As with everything else in this post, there are three types of Organization Networks.  An Organization Network is a template that is defined at the Organization level and will be associated with a vApp configuration:

1. Internal - An internal network utilizes the vShield Edge device to both isolate and fence the vApp group of machines from the outside world.  There is no external communication in this configuration.
2. External Routed - This network type also utilizes the vShield Edge device but allows communication to the outside world through NAT on the Edge device.
3. External Direct Connect - The vShield Edge device isn't utilized and the vApp group is connected directly to a Port Group on a virtual switch.

Conclusion

That about does it for this post.  I could write more but this is getting long and I'm sure you're sick of reading by now.  I will have more vCloud Director posts in the very near future.  As always, thanks for coming by!