White Paper: AirSembly Datacenter Architecture Models

White Paper: AirSembly Datacenter Architecture Models AirSembly Version 1.6 August 2015 Abstract: This white paper outlines different scenarios in which AirSembly can be configured. It presents common datacenter solution elements first and then different deployment scenarios. AirVM Local: 613-693-0083 NA: 1-877-552-4786 EMEA: +44 (0) 870-471-5732 www.airvm.com

Table of Contents INTRODUCTION 3 COMMON DATA CENTER SOLUTION ELEMENTS FOR SCENARIOS 1 4 4 HOSTING 4 STORAGE 5 COMMON REQUIREMENTS 5 SCENARIO 1: SINGLE DATACENTER WITH DEDICATED NETWORKS 6 NETWORKING 6 REQUIREMENTS 7 SCENARIO 2: SINGLE DATACENTER WITH VSHIELD EDGES 8 NETWORKING 8 REQUIREMENTS 9 SCENARIO 3: SINGLE DATACENTER WITH HYBRID SOLUTION 10 NETWORKING 10 REQUIREMENTS 12 SCENARIO 4: MULTIPLE DATACENTERS WITH HYBRID SOLUTION 13 NETWORKING 14 REQUIREMENTS 15 SCENARIO 5: NO DATACENTER, USED AS STOREFRONT (XAAS PRODUCTS) 16 PRODUCT PROFILES 16 CLIENT ORDERS 17 SCENARIO 6: VCLOUD DIRECTOR 18 AIRSEMBLY SERVICE PROVIDER PORTAL 18 AIRSEMBLY CLIENT PORTAL 19 2

Introduction AirVM AirSembly is a complete cloud management platform for service providers who want to bring their cloud services to market quickly; either by selling direct to customers or through channel partners. It is connected directly to VMware via an API to control clusters, datastores and datacenters. It also connects to networking infrastructure to enable the full end-toend automated deployment and delivery of cloud services. AirSembly enables the delivery of a range of branded cloud services to end users, either directly or through distribution, and the management of those services by all parties. AirSembly is built with the service provider, distributor, reseller and end customer in mind. At each tier within the IT distribution chain, users engage with the tools required to manage critical elements of their channel and virtual machine or cloud services environment. The AirVM AirSembly platform includes: Automated provisioning with VMware vsphere Automated provisioning with VMware vcloud Director An automated platform to build and manage cloud services Complete management of customers, billing and products Software ready for multi-tier distribution Rich API for OSS/BSS integration A control panel for end customer self-service and access to VMware vsphere client Full billing suite including customer billing and chargebacks (hourly, daily, weekly, monthly, yearly) Multilingual, multi-currency and multi-jurisdictional tax support 3

Common Data Center Solution Elements for Scenarios 1 4 AirSembly vcenter AirSembly is an end-to-end automation tool that provides a multi-tenant Infrastructure as a Service (IaaS) cloud. The application provisions network-to-virtual machines through a web portal for clients. This section describes the base requirements necessary for the scenarios in this document. AirSembly is installed within a vsphere 5 environment that has vsphere hosts managed by a single vcenter server. The vsphere hosts are in a cluster with Dynamic Resource Scheduling (DRS) enabled. The datastores are provided by a SAN storage available for both hosts. The networking design may change depending on which scenario you choose. AirSembly requires a set of common networking requirements, which must be on the management network. vcenter requires a deployment subnet that contains a DHCP server to allow AirSembly to talk with deployed virtual machines in order to configure them. Hosting AirSembly requires a vcenter server that manages the datacenter. This is where AirSembly interfaces into the VMware environment to create new virtual machines, and pulls some additional necessary information. Inside the hosting environment hosts must be in a cluster with DRS enabled. A cluster is created in AirSembly and each host is added and assigned to that cluster. When the client requests a virtual machine, AirSembly takes a template and clones it to the cluster that was configured into AirSembly. The clone virtual machine is reconfigured based on the information provided by the client interface. 4

Storage AirSembly leverages and provisions any type of storage shown through vcenter. This storage can consist of any of the following: shared NFS, iscsi, fiber channel or others that are supported for clustering by vsphere. It is recommended that high available shared storage is used. Support for multiple tiers of storage, such as Tier 1 storage for high speed versus Tier 2 for backup storage is available. Ordering, sizing and provisioning of storage is assigned within AirSembly. The storage is created into datastores that are presented to the hosts. These datastores are added to AirSembly to be used for deployment of new virtual machines. AirSembly breaks storage into two different tiers: Tier 1 storage, also referred to as production storage, and Tier 2 storage, also referred to as development storage. It is recommended that you follow VMware best practices for virtual machine storage RAID configuration of RAID 10. Tier 1 storage is generally used for operating system drives and any applications that require high performance. Tier 2 storage is generally used for file storage or backup storage. At this time AirSembly only allows clients to configure two drives, one per storage tier. When the client requests a virtual machine, AirSembly selects the appropriate storage and clones the virtual machine. It will reconfigure or add storage to the appropriate tier that was selected by the user. Common Requirements The following items are commonly required for all AirSembly installations: vsphere environment with a vcenter server At least one DRS cluster Two tiers of storage that are presented to the hosts in vsphere and added to AirSembly Management network Deployment subnet with DHCP server running 5

Scenario 1: Single Datacenter with Dedicated Networks vcenter AirSembly This scenario builds on the common datacenter solution element. In this scenario, AirSembly uses a dedicated network for all clients deployed. This requires particular network settings, as shown in the diagram. Each client is assigned a network and IP allocation that is dedicated to them. This provides isolation and security to each virtual machine in the environment. VLAN10 210.156.12.16/30 VLAN23 210.156.12.4/30 VLAN10 210.156.12.32/28 The network is connected to a single Cisco router that has been configured to support VLAN from each vsphere 5 host and Virtual Switching Instance (VSI). Networking AirSembly requires a VLAN enabled environment. The software supports Cisco, Juniper and other compatible routers that support VSI. In this scenario a single router connects the hosts to the upstream network with VSI enabled. On the VMware host multiple port groups are created with different VLAN IDs. Each port group is configured in AirSembly as a network. AirVM has created a number of port groups on all of the hosts with different VLAN IDs that are then configured in AirSembly as networks. How these networks are assigned to the client is explained later in this section. IP allocations are set from public IP addresses added into AirSembly and broken into subnets. In this scenario a class C network is broken in many /30 subnets, a few /29 subnets and one or two /28 subnets. The software keeps these subnets in its database to assign to the client. A /30 subnet provides a client with one address to assign to their virtual machine, where a /28 subnet provides 13 addresses. This is because the first address assignment is allocated to the network ID, the second address is set as the default gateway and the last address is used for broadcast. 6

When a client requests a new network, the system finds an unused network (port group) and assigns it to a client. The client can then request an IP allocation for this network that is assigned from the IP allocations that were created based on the size requested. This IP allocation is also configured in the router when router automation is turned on, which you do by configuring the appropriate VLAN with the required information. Requirements The following items are required for an AirSembly installation with dedicated networks: All common datacenter solution requirements VLAN per client configured at Layer 3 to accept gateways on the router and port groups for each VLAN in vsphere environment IP allocation of /30 at a minimum per virtual machine (recommended: a /24 for AirSembly to manage) Recommended: a supported router that AirSembly can run automation to setup gateways 7

Scenario 2: Single Datacenter with vshield Edges 192.120.13.1/24 192.120.13.2/24 XVLAN 5005 192.168.1.0/24 vcenter AirSembly vshield Manager 192.120.13.3/24 VLAN 311 10.1.1.0/24 VLAN300 This scenario builds on the common datacenter solution element. In this scenario AirSembly uses vshield Edges with VLANs or VXLANs to provide private networks for each client. This requires the use of a vshield manager configured in the vsphere environment. Each client is assigned a private network that is managed through a vshield Edge firewall. This firewall provides a private network that is isolated from the public Internet. The firewall provides firewall rules and VPN services to allow for secure connections to corporate offices or client machines. This scenario requires a network and subnet setup with a router that is shared with all vshield Edge appliances on their public IP. It also requires VLAN or VXLAN for each client provided network. Networking AirSembly requires a VLAN or VXLAN enabled environment. In this scenario a shared VLAN network is required for the vshield Edges to be placed on. This is the public network for all vshield edge appliances. AirVM has created a number of port groups on all of the hosts with different VLAN IDs or VXLAN Segment IDs that are then configured in AirSembly as networks by choosing the appropriate port group type. 8

Each vshield Edge is assigned either a VXLAN or VLAN as an internal network that is used for the internal subnet created by AirSembly. When the vshield Edge is created a public IP address is assigned from the shared IP allocation pool on the shared network. A private /24 subnet is created within AirSembly and assigned as the internal IP allocation for the client. This allocation is defined at the time of creation to any 10.X.X.0/24, 172.16.X.0/24, or 192.168.X.0/24. The first IP address in the allocation is used as the gateway address for the vshield Edge firewall. By default everything is blocked on the firewall and the SSL VPN is configured with the client accounts associated with AirSembly. Requirements The following items are required for an AirSembly installation with shared networks: All common datacenter solution requirements Shared VLAN network Shared IP allocation of a minimum of /30 (recommended: a /25 to support upwards of 125 clients) VLAN or VXLAN wire per client that is configured on the network and in the vsphere environment as port groups 9

Scenario 3: Single Datacenter with Hybrid Solution VLAN10 210.156.12.16/30 vcenter VLAN23 210.156.12.32/28 AirSembly vshield Manager 192.120.13.3/24 VLAN 311 192.120.13.1/24 VLAN300 This scenario builds on the common datacenter solution element. In this scenario AirSembly uses both the dedicated network solution and the vshield Edges shared network solution. This configuration gives the client the flexibility to assign their virtual machines on a public subnet or a private network behind a firewall. This is the most flexible solution for clients but also the most complex to set up. 10.1.1.0/24 Note: In this configuration VXLANs are not supported and will not function properly. Networking AirSembly requires a VLAN enabled environment. The software supports Cisco, Juniper and other compatible routers that support VSI. In this scenario a single router has connected the hosts to the upstream network with VSI enabled. On the VMware host multiple port groups are created with different VLAN IDs. Each port group is configured in AirSembly as a network. AirVM has created a number of port groups on all of the hosts with different VLAN IDs that are then configured in AirSembly as networks. How these networks are assigned to the client is 10

explained later in this section. A shared VLAN network is required for the vshield Edges to be placed on. This is the public network for all vshield Edge appliances. Each vshield Edge is assigned a VLAN as an internal network that is used for the internal subnet created by AirSembly. Dedicated IP allocations are set from public IP addresses added into AirSembly and broken into subnets. In this scenario a class C network is broken in many /30 subnets, a few /29 subnets and one or two /28 subnets. The software keeps these subnets in its database to assign to the client. A /30 subnet provides a client with one address to assign to their virtual machine, where a /28 subnet provides 13 addresses. This is because the first address assignment is allocated to the network ID, the second address is set as the default gateway and last address used for broadcast. When a client requests a new network the system finds an unused network (port group) and assigns it to a client. The client can then request an IP allocation for this network, which is assigned from the IP allocations that were created based on the size requested. This IP allocation is also configured in the router when router automation is turned on, which you can do by configuring the appropriate VLAN with the required information. Alternatively the client has the choice to deploy a vshield Edge firewall. When the vshield Edge is created a public IP address is assigned from the shared IP allocation pool on the shared network. A private /24 subnet is created within AirSembly and assigned as the internal IP allocation for the client. This allocation is defined at the time of creation to any 10.X.X.0/24, 172.16.X.0/24, or 192.168.X.0/24. The first IP address in the allocation is used as the gateway address for the vshield Edge firewall. By default everything is blocked on the firewall and SSL VPN is configured with the client accounts associated with AirSembly. 11

Requirements The following items are required for an AirSembly installation with a hybrid networks solution: All common datacenter solution requirements VLAN per client configured at Layer 3 to accept gateways on the router and port groups for each VLAN in vsphere environment Shared VLAN network IP allocation of /30 at a minimum per virtual machine (recommended: a /24 for AirSembly to manage) Shared IP allocation of a minimum of /30 (recommended: a /25 to support upwards of 125 clients) Recommended: supported router that AirSembly can run automation to set up gateways 12

Scenario 4: Multiple Datacenters with Hybrid Solution Data Center A 192.120.13.2/24 Data Center B 186.158.16.2/24 VLAN 310 VLAN300 VLAN300 VLAN506 192.168.1.0/24 192.120.13.3/24 vcenter AirSembly vcenter 192.168.8.0/24 186.158.16.3/24 VLAN 311 VLAN300 VLAN300 VLAN509 10.1.1.0/24 vshield Manager vshield Manager 10.1.1.0/24 IP Allocation Pool (Public) 210.156.12.0/30 210.156.12.8/30 210.156.12.12/30 210.156.12.20/30 210.156.12.248/30 210.156.12.16/30 VLAN10... 210.156.12.4/30 VLAN80 VLAN43 146.158.16.16/30 IP Allocation Pool (Public)... 146.158.16.4/30 VLAN92 146.158.16.0/30 146.158.16.8/30 146.158.16.12/30 146.158.16.20/30 146.158.16.248/30 This scenario builds on the common datacenter solution element. In this scenario AirSembly uses both the dedicated network solution and vshield Edges shared network solution in multiple datacenters. This scenario shows multiple vcenters and vshield managers, which is not required for AirSembly to create multiple datacenters. Each datacenter must have its own cluster and all associated objects to the cluster must be broken out as a unique datacenter. The selection of dedicated or shared mode is applied across all datacenters. It is expected that you will use the hybrid solution when working with multiple datacenters in a single AirSembly installation. This configuration gives the client the flexibility to assign their virtual machines on a public subnet or a private network behind a firewall. This is the most flexible solution for clients but also the most complex to set up. Note: In this configuration VXLANs are not supported and will not function properly. 13

Networking AirSembly requires a VLAN enabled environment. The software supports Cisco, Juniper and other compatible routers that support VSI. In this scenario a single router connects the hosts to the upstream network with VSI enabled. On the VMware host multiple port groups are created with different VLAN IDs. Each port group is configured in AirSembly as a network. Each datacenter requires the creation of its own port group with the associated VLAN IDs that are then configured in AirSembly as networks. How these networks are assigned to the client is explained later in this section. A shared VLAN network is required for the vshield Edges to be placed on. This is the public network for all vshield Edge appliances. Each vshield Edge is assigned a VLAN as an internal network that will be used for the internal subnet created by AirSembly. Each datacenter requires at least one dedicated IP allocation set from public IP addresses added into AirSembly and broken into subnets. In this case a class C network is broken in many /30 subnets, a few /29 subnets and one or two /28 subnets. The software keeps these subnets in its database to assign to the client. A /30 subnet provides a client with one address to assign to their virtual machine, whereas a /28 subnet will provide 13 addresses. This is because the first address assignment is allocated to the network ID, the second address is set as the default gateway and last address is used for broadcast. When a client requests a new network the system finds an unused network (port group) and assigns it to a client. The client can then request an IP allocation for this network, which is assigned from the IP allocations that were created based on the size requested. This IP allocation is also configured in the router when router automation is turned on, which you can do by configuring the appropriate VLAN with the required information. 14

Alternatively, the client has the choice to deploy a vshield Edge firewall. When the vshield Edge is created a public IP address is assigned from the shared IP allocation pool on the shared network. A private /24 subnet is created within AirSembly and assigned as the internal IP allocation for the client. This allocation is defined at the time of creation to any 10.X.X.0/24, 172.16.X.0/24, or 192.168.X.0/24. The first IP address in the allocation is used as the gateway address for the vshield Edge firewall. By default everything is blocked on the firewall and SSL VPN is configured with the client accounts that are associated with AirSembly. Requirements The following items are required for an AirSembly installation with a hybrid networks solution: All common datacenter solution requirements For each datacenter VLAN per client configured at Layer 3 to accept gateways on the router and port groups for each VLAN in vsphere environment For each datacenter shared VLAN network For each datacenter IP allocation of /30 at a minimum per virtual machine (recommend: a /24 for AirSembly to manage) For each datacenter shared IP allocation of a minimum of /30 (recommended: a /25 to support upwards of 125 clients) Recommended: for each datacenter supported router that AirSembly can run automation to setup gateways 15

Scenario 5: No Datacenter, Used as Storefront (XaaS Products) This scenario does not build on any of the common datacenter solution elements. In this scenario you are running AirSembly as an anything or X as a Service (XaaS) provider commercialization software. No virtual machines are deployed and no VMware infrastructure is required. AirSembly can be used to provide any XaaS product through channel distribution. This could be a PaaS, SaaS, BaaS, DRaaS or other aas by utilizing the XaaS functionality. A service provider can create products that will allow them to manually provision after an order has been placed to any other service. Or they can directly write an API connection to AirSembly to automatically provision a service that has been ordered. AirSembly XaaS Product Profiles The product profile allows AirSembly the flexibility to work with an XaaS offering. At the provider level you create a product profile that contains a name, licensing fee, product type XaaS and configuration items. It is the configuration items that allow the flexibility, as you can create a product profile with any number of List, Number or Slider elements that allow for a granular breakdown of each cost item within the profile. For example AirSembly licensing is a list of items with a different cost for each item in the list, where a user based licensed software can be a selection of either per user or per CPU licensing, where you have two other configuration items: one as a slider element to select number of user and the other as a number element that allows for the selection of CPUs. 16

Client Orders When a client orders the XaaS product from the reseller s storefront, the provider is notified by e-mail and is able to manage the order through the client order page. This page provides the information required to complete the order that was entered at the time of purchase. After the order has been executed then it can be manually completed on the page notifying the client that their XaaS product order has been completed. 17

Scenario 6: vcloud Director AirSembly is integrated with VMware vcloud Director (vcd) 5.5, 5.6 and 8.0 allowing AirSembly to act as a vcd marketplace portal to an existing or new vcd environment. New vcd features that are not available through the vcd GUI and only available through the vcd API are exposed in the AirSembly portal, for example virtual machine performance monitoring. vcenter AirSembly vcloud Director Provider VDC External Network vshield Manager The following diagram shows a typical vcd topology where AirSembly provides marketplace portal capability for a vcloud Director environment. VDC1 Client A Org Network VDC1 Client B Org Network Org Network VDC2 Client B Org Network Client A Organization Client B Organization AirSembly Service Provider Portal The first step begins in the AirSembly service provider portal by pointing AirSembly to a vcloud Director instance (either vcd 5.5, 5.6, or 8.0). An initial synchronization scans all of the vcd resources including organizations, users, virtual datacenters, storage profiles, network pools and external networks for vcd providers and clients. After the synchronization is complete, all vcd resources can be managed and consumed directly from the AirSembly portal. This is achieved in the AirSembly portal by associating the scanned vcd org with an AirSembly client. You can also create a new AirSembly client to associate with the virtual datacenter org. Note that after the initial synchronization is established between AirSembly and the vcloud Director environment, the AirSembly vcd portal includes a RabbitMQ integration that allows automatic real-time two-way synchronization between AirSembly and vcd. RabbitMQ needs to be set up with vcloud Director to point at 18

the AirSembly server. The AirSembly service provider portal allows you to create product blueprints of virtual datacenters. The product blueprint includes configuration parameters and unit pricing for Reserve compute, CPU Cores, RAM and two different tiers of storage. The AirSembly distributor and reseller portals allow you to create and price a branded virtual datacenter service based on the product blueprint. AirSembly Client Portal The AirSembly client portal allows a customer to create a new virtual datacenter (vdc) as well as manage vdcs that are already consumed. To order a new vdc, the customer can select a vdc from the storefront that was defined by the reseller. The customer can choose the sizing of the vdc based on specific configuration sizing options for #CPUs, guaranteed Ghz, RAM and storage tiers. After the customer has configured the vdc, an order is placed and the AirSembly platform automatically provisions the customer s vdc. When AirSembly creates a client vdc an internal network and firewall is deployed for that vdc. Note that internal (org) networks can span across multiple vdcs. 19

For vcloud Director catalog management, within a vdc a customer has access to VM templates that were made available from the provider ( public ) as well as VM templates that they can populate from the AirSembly client portal ( private ). After the vdc is created, the customer can deploy the VM and add one edge gateway. When it deploys a VM, AirSembly chooses the most optimal storage tier based on which one has the most available space. Note that the two tiers of storage are managed in the AirSembly service provider portal when AirSembly synchronizes with vcd storage profiles. AirSembly clients/vcd orgs can have multiple vdcs with their provider s organization. Each vdc can have multiple networks and vshield Edges. The client portal allows for full virtual datacenter life cycle management: you can reconfigure your vdc as well as manage your firewall including firewall rules, IPSec and NAT rules. For VMs you can start, stop and restart as well as access the VM virtual console directly from the AirSembly client portal. VM life cycle management also includes visibility of vcloud Director 5.6 virtual machine performance monitoring the AirSembly portal pulls VM performance monitoring metrics including the vcd 5.6 API. The metrics include %CPU utilization, CPU Mhz usage, memory usage and disk reads/writes. 20