EMC ENTERPRISE PRIVATE CLOUD

Reference Architecture EMC ENTERPRISE PRIVATE CLOUD Infrastructure as a service Automated provisioning and monitoring Service-driven IT operations EMC Solutions January 2014

Copyright 2014 EMC Corporation. All Rights Reserved. EMC believes the information in this publication is accurate as of its publication date. The information is subject to change without notice. The information in this publication is provided as is. EMC Corporation makes no representations or warranties of any kind with respect to the information in this publication, and specifically disclaims implied warranties of merchantability or fitness for a particular purpose. Use, copying, and distribution of any EMC software described in this publication requires an applicable software license. For the most up-to-date listing of EMC product names, see EMC Corporation Trademarks on EMC.com. All trademarks used herein are the property of their respective owners. Part Number H12710 2

Table of contents Executive summary... 5 Document purpose... 5 Audience... 5 Solution purpose... 5 Business challenge... 6 Technology solution... 6 Solution features and functionality... 8 Automated provisioning... 8 Self-service... 9 Multitenancy and secure separation... 10 Workload-optimized storage... 11 Elasticity and service assurance... 11 Monitoring... 12 Metering and chargeback... 14 Backup and recovery services... 14 Key components... 16 Introduction... 16 VMware virtualization and cloud infrastructure... 16 VMware vcloud Automation Center... 16 VMware vsphere with Operations Management... 16 VMware vcenter Operations Manager... 17 VMware vcenter Orchestrator... 17 VMware vcloud Networking and Security... 17 VMware vcenter Log Insight... 17 Vblock Systems... 17 Compute... 17 Network... 18 Storage... 18 Management... 18 EMC and VMware integration... 19 VMware vsphere Storage APIs... 19 EMC Virtual Storage Integrator... 19 EMC Storage Analytics... 19 EMC backup and recovery... 19 EMC Avamar... 19 EMC Data Domain... 19 EMC Data Protection Advisor... 20 EMC data protection workflows for vcenter Orchestrator... 20 3

Private cloud management infrastructure... 21 Architecture... 21 Cloud resources... 22 Data protection... 22 Availability... 23 Hardware resources... 24 Software resources... 25 Resource sizing... 26 Conclusion... 30 Summary... 30 4

Executive summary Document purpose Audience Solution purpose This document describes the reference architecture of an EMC enterprise private cloud (EPC) solution for an on-premises infrastructure as a service (IaaS) offering that enables IT to deliver Vblock-based private cloud services to their business. It introduces the main features and functionality of the solution, the solution architecture and key components, and the validated hardware and software environment. The companion Solution Guide is intended as an enablement reference to begin the planning and design of your enterprise private cloud and to set the stage for a successful implementation. This document is intended for executives, managers, architects, cloud administrators, and technical administrators of IT environments who want to implement a private cloud IaaS platform. You should be familiar with VMware vcloud Suite, storage technologies, and general IT functions and requirements, and how they fit into a private cloud architecture. EMC private cloud solutions enable customers to build enterprise-class, scalable, multitenant platforms that enable: Complete management of the infrastructure service lifecycle On-demand access to and control of network bandwidth, servers, storage, and security Provisioning, monitoring, and management of the infrastructure lifecycle by the end user without IT administrator involvement Maximum asset utilization This EMC EPC solution provides a reference architecture for a Vblock-based onpremises IaaS cloud solution that integrates all the key components and functionality of an enterprise private cloud, as shown in Figure 1. Figure 1. Private cloud solution stack 5

Business challenge Every organization is trying to do the same three things at all levels of their business: Lower operational costs Increase revenue Reduce risk While many organizations have successfully introduced virtualization as a core technology within their data center, many end users and business units within customer organizations have yet to experience the increased agility, mobility, and control made possible by virtualization. Transforming from the traditional IT model to an IaaS model involves overcoming the legacy challenges of: Inefficiency and inflexibility Slow, reactive responses to customer requests Inadequate visibility into the cost of the requested infrastructure Limited choice of availability and protection services The difficulty in overcoming these challenges has given rise to public cloud providers who have built technology and business models specifically catering to the requirements of end-user agility and control. Many organizations are under pressure to provide these same service levels within the secure and compliant confines of the on-premises data center. As a result, IT departments need to create cost-effective alternatives to public cloud services alternatives that do not compromise enterprise features such as data protection, disaster recovery, and guaranteed service levels. As IT organizations implement a private cloud, the they must consider the following factors: The infrastructure must be quick to deploy so that business value can be recognized quickly. The private cloud infrastructure and operations must be designed to reduce costs through higher utilization and higher staff productivity. Risk of downtime must be controlled through disciplined change control and careful management of component compatibility. Support agreements must be established for all elements of the solution. Technology solution This EPC solution integrates the best of EMC and VMware products and services, and empowers IT organizations to accelerate implementation and adoption of private cloud solutions. This solution takes advantage of the strong integrations developed by EMC and VMware product and services teams between EMC technologies and VMware vcloud Suite. This includes using EMC scalable storage arrays and integrated EMC and VMware monitoring and data protection suites to ensure that this private cloud solution becomes the foundation for enabling IaaS within the customer environment. 6

The solution also uses the Vblock converged infrastructure systems developed by VCE, which enable data center modernization so that IT can simplify every aspect of IT operations to improve agility and lower costs. The Vblock systems provide the following value in the private cloud solution: Factory-integration and validation accelerates deployment, ensures interoperability, and delivers predictable performance. Life cycle system assurance ensures system stability, performance, and compliance to reduce costs, and more importantly, business risk. VCE not only ensures that components are interoperable on day one, but also validates patches and updates before you install them to lower your risk, maximize uptime, and lower TCO. Comprehensive infrastructure support means that you have a single point of accountability for your entire infrastructure and data protection solution. VCE Support eliminates the need to manage multiple vendors to diagnose and resolve issues and speeds time to problem resolution. The key solution components include: VCE Vblock System 340 and VCE Vblock System 720 converged infrastructure systems EMC Avamar and EMC Data Domain backup and recovery solutions VMware vsphere virtualization platform VMware vcloud Suite cloud management and infrastructure EMC and VMware integration solutions 7

Solution features and functionality This EPC solution includes the following features and functionality: Automated provisioning Self-service Multitenancy and secure separation Workload-optimized storage Elasticity and service assurance Monitoring Metering and chargeback Backup and recovery services Automated provisioning This EPC solution provides automated provisioning capabilities that enable both users and administrators to quickly, easily, and efficiently provision virtual machines, add data protection policies, and implement archiving policies over the lifecycle of their virtual resources. These capabilities are supported through a modified VMware vcloud Automation Center (vcac) blueprint process. The EPC solution enables you to provision physical and logical resources from a Vblock infrastructure that can be handed over to business units. This solution uses vcac, which enables rapid deployment and provisioning of business-relevant cloud services across your private cloud and Vblock infrastructure and acts as the service governor, providing a cross-cloud storefront for IaaS deployments. The solution empowers organizations to enforce business and IT policies throughout the service lifecycle, helping them to transform virtualized environments into software-defined cloud data centers. Cloud users can choose from a self-service catalog of custom-defined blueprints, each containing the resources appropriate to different applications or business units. Blueprints can be single or multimachine, and can be used to easily deploy multitier enterprise applications that require multiple components (for example, application, database, and web) and multiple service levels. Administrators can add data protection using VMware vcenter Orchestrator workflows created by EMC that take advantage of EMC Avamar and EMC Data Domain backup and restore features. The EPC solution is built to work with both new and existing infrastructures. It supports the differing requirements of an enterprise s many business units and integrates with a wide variety of existing IT systems and best practices. Through the vcac workflow designer, vcenter Orchestrator workflows can easily be invoked to extend lifecycle state transitions and machine command menus. The virtual machine provisioning process is fully automated and requires no manual intervention by the IT team. In addition to the automation provided by vcac, EMC VSI for VMware enables automation of the most common storage configuration tasks, from creating LUNs and datastores to expanding the size of a datastore that is running low on space. This 8

allows administrators to quickly and easily manage EMC arrays and ensure that applications continue to have access to the storage resources they need. Self-service This EPC solution provides self-service capabilities that enable end users to quickly and easily provision and protect needed resources. By using the Self-Service Portal provided by vcac and the customized virtual machine blueprints provided by EMC, end users can deploy and protect virtual machines much faster than traditional IT allows. Figure 2 shows the EPC Self Service Portal, which is based on vcac. Figure 2. Self-service provisioning using the vcac user portal The EPC solution empowers users to request and manage their own compute resources within established operational policies this can reduce IT service delivery times from days or weeks to minutes. Features include: Cross-cloud storefront, which acts as a service governor that provisions workloads based on business and IT policies. User-aware Self-Service Portal, which delivers a user-appropriate catalog of IT services. Resource reservations, which allow resources to be allocated for use by a specific group and ensure that those resources are inaccessible to other groups. 9

Service levels, which define the amount and type of resources a given service can receive, either during initial provisioning or as part of any configuration changes. Build specifications, which contain the automation policies that specify the process for building or reconfiguring compute resources. The solution also provides customized vcac blueprints that enable cloud administrators to offer self-service access to end users, not only for provisioning virtual resources, but also for attaching a protection policy to those resources at provisioning time. In addition, users can request on-demand restores of their virtual machines and generation of backup reports, all from the vcac Self-Service Portal. Multitenancy and secure separation Multitenancy requirements in a cloud environment can range from shared, open resources to completely isolated resources, secure from any access. The Self-Service Portal shows only the appropriate views, functions, and operations to end users in line with their role within the business. This EPC solution provides the ability to enforce physical and virtual separation for multitenancy as strongly as the administrator requires. This separation can encompass network, compute, and storage resources to ensure appropriate security and performance for each tenant. Virtualized compute resources within the enterprise private cloud are objects inherited from the vsphere endpoint, most commonly representing VMware vsphere ESXi hosts, host clusters, or resource pools. Compute resources are configured at the infrastructure level on Vblock and also at the vsphere level to ensure physical and logical separation of resources between business units, thereby removing resource contention across critical applications. This solution separates physical resources at the enterprise group level so that there is no resource sharing between tenants. Compute resources are organized into enterprise groups from which virtual reservations are made for the various departments and business units. Business unit users can deploy their systems from their respective enterprise groups, as specified by their blueprints. The EPC solution supports secure multitenancy through vcac, which uses existing authentication and business groupings. Secure multitenancy at the virtual network level is achieved by enforcing Layer 2 network isolation for any provisioned networks, because VMware virtual networking does not suffer from the same vulnerabilities as those found in the physical network at Layers 2 and 3. This solution enables customers to further enhance a hardened security baseline across the hardware and software stacks supporting their private cloud infrastructure. It helps to reduce concerns around the complexities of the underlying infrastructure by demonstrating how to tightly integrate an as-a-service solution stack with a public key infrastructure (PKI) and a common authentication directory to provide centralized administration and tighter control over security. 10

The solution addresses the challenges of securing authentication and configuration management to aid compliance with industry and regulatory standards through: Securing the infrastructure by integrating with PKI to provide authenticity, nonrepudiation, and encryption Converging the various authentication sources into a single directory to enable a centralized point of administration and policy enforcement Using configuration management tools to audit the infrastructure and demonstrate compliance During testing of the solution, we 1 verified: Integration with a PKI implementation that enabled encryption of management activities Building and testing of a fully functional solution where all components use trusted certificates for authentication Integration with a centralized point of authentication and authorization for common system components Workloadoptimized storage This EPC solution enables customers to take advantage of the proven benefits of the converged infrastructure platforms of Vblock Systems, backed by EMC storage in an integrated cloud environment. With a scalable storage architecture that takes advantage of the latest flash and tiering technologies, the EMC VNX and EMC Symmetrix VMAX storage arrays enable customers to meet any workload requirements with maximum efficiency and performance and in the most costeffective way. With VNX and VMAX, customers can take advantage of the FAST Suite for maximum performance benefit while using the user-friendly management interfaces available with EMC Unisphere and EMC Virtual Storage Integrator (VSI) for VMware to manage block and file storage in their private cloud environment. This solution provides proven best practices for creating storage services so that administrators can provide tiered storage offerings Bronze, Silver, Gold to their end user tenants in order to achieve the most efficient use of the storage resources in their cloud environment. Elasticity and service assurance This EPC solution uses analytics to provide the intelligence and visibility required to proactively ensure service levels in virtual and cloud environments. Using the capabilities of vcac and the tools provided by EMC, administrators and end users can dynamically add resources as needed, based on their performance requirements. Administrators can add storage, compute, and network resources to their provisioning group resource pools, while end users can expand the resources of their own virtual machines to achieve the service levels they expect for their application workloads. 1 In this document, "we" refers to the EMC engineering team that validated the solution. 11

Monitoring This EPC solution includes automated monitoring capabilities that provide IT administrators with a comprehensive view of the cloud environment to enable smart decision making for resource provisioning and allocation. These capabilities are based on a combination of vcenter Operations Manager dashboards, alerts, and analytics, the extensive additional storage detail provided by EMC Storage Analytics, and the metering capabilities of vcac. VMware vcenter Operations Manager provides pre-built and configurable dashboards for real-time performance, capacity, and configuration management. Performance data is abstracted to health, risk, and efficiency measures that allow IT to efficiently identify evolving performance problems with less effort. Capacity analytics identify over-provisioned resources so they can be correctly sized for the most efficient use of virtualized resources. What-if scenarios eliminate the need for spreadsheets, scripts, and rules of thumb. vcenter Operations Manager Enterprise edition enables customizations and provides flexibility with advanced features that extend monitoring, analytics, and reporting capabilities, and it is suitable for solutions of any size. Table 1 provides an overview of some of the features. Table 1. vcenter Operations Manager Enterprise: Features Feature Customizable dashboards Self-learning performance analytics Proactive Smart Alerts Dynamic thresholds Third-party integration Description Presents data and analysis in several ways: Through Smart Alerts that warn of potential or occurring problems In configurable dashboards where you can create a view of the most important data in your environment Offers the ability to gain a deep understanding of your applications behavior patterns and give insights into the relationships between resources, tiers, and applications to optimize the performance of your cloud environment. Is able to learn an application s typical performance deviation level. When vcenter Operations Manager Enterprise detects significant abnormal behavior, exceeding the expected level, a Smart Alert warns you through an alert summary dashboard or by email that a problem is developing. Helps to dynamically determine and adjust the normal range of values for every metric for different time periods. Any behavior that deviates from this range triggers performance alarms. Enables direct integration with third-party monitoring tools, such as EMC Storage Analytics. 12

Integrating vcenter Operations Manager with the EMC Storage Analytics Suite enables full end-to-end visibility of the entire infrastructure, from virtual machine to LUN and every point in between. EMC Storage Analytics links VMware vcenter Operations Manager for EMC Storage with the EMC Adapters for VNX and VMAX. vcenter Operations Manager displays performance and capacity metrics from EMC storage systems with data that the adapter provides by: Connecting to and collecting data from block and file systems Converting the data into a format that vcenter Operations Manager can process Passing the data to the vcenter Operations Manager Collector This enables administrators to quickly visualize the health of EMC arrays (both block and file) using a simple Performance-at-a-glance tab, as shown in Figure 3. Figure 3. EMC Storage Analytics with vcenter Operations Manager In addition, infrastructure components can be configured to forward their logs to vcenter Log Insight, which then aggregates the logs from all the disparate sources for analytics and reporting. When integrated with Log Insight, EMC s Content Packs for Avamar, VNX, and VMAX provide dashboards and user-defined fields specifically for those EMC products to enable administrators to conduct problem analysis on their storage array and backup infrastructure. 13

Metering and chargeback This EPC solution uses the metering capabilities of VMware vcac and EMC Data Protection Advisor to provide users with chargeback information at the time of resource provisioning and with usage-based cost information on demand. Costs for services are therefore transparent users know up front how much it will cost them to use the virtual resources they provision. For chargeback and reporting purposes, administrators are able to provide business units and accounting departments with reports as needed to track usage by group and by user. When services such as backup are added to the virtual machine blueprints, related costs can be added as well, so that these incremental services become part of the overall cost of the provisioned resources. Backup and recovery services This EPC solution automates data protection provisioning so that administrators and end users can easily take advantage of EMC Avamar and EMC Data Domain features such as deduplication, compression, and tight VMware integration. Using the vcenter Orchestrator workflows provided with the solution, administrators can quickly and easily set up multitier data protection policies and allow users to select an appropriate policy using the customized blueprints when provisioning their virtual machines. Avamar provides scalable backup and restore capabilities with integrated data deduplication, which reduces total disk storage by up to 50 times and enables costeffective, long-term retention on Avamar Data Store servers. Avamar can alternatively use an EMC Data Domain appliance as the backup target. Using the vcloud Automation Center API and extensibility toolkits, this solution implements custom functionality using common interfaces to provide Avamar imagelevel backup services for applications and file systems within a single- or multiorganization enterprise private cloud environment. By integrating Avamar with vcenter Orchestrator through EMC custom workflows, the solution provides customized access to the backup, restore, configuration, and reporting aspects of Avamar without requiring direct access to the Avamar MCGUI. It uses the cloud infrastructure to automatically back up data to a shared, rather than a dedicated, backup infrastructure. With this solution, enterprise administrators can offer IaaS with EMC backup to end users who want a flexible, on-demand, automated backup infrastructure without having to purchase, configure, or maintain it themselves. 14

Figure 4 shows the overall architecture of the solution s availability and data protection functions. Figure 4. Availability and data protection 15

Key components Introduction This section describes the key components of the EPC solution, as shown in Figure 5. These include: VMware vcloud Suite Vblock Systems EMC Avamar, EMC Data Domain, and EMC Data Protection Advisor Figure 5. solution components VMware virtualization and cloud infrastructure This solution uses the VMware components described here most of these are part of the VMware vcloud Suite offering. VMware vcloud Automation Center VMware vcloud Automation Center enables customized, self-service provisioning and lifecycle management of cloud services that comply with established business policies. It provides a secure portal where authorized administrators, developers, and business users can request new IT services and manage existing computer resources from predefined user-specific menus or catalogs. VMware vsphere with Operations Management VMware vsphere ESXi is the industry-leading virtualization platform for building cloud infrastructures. vsphere enables you to run your business-critical applications confidently to meet your most demanding service level agreements at the lowest TCO. vsphere with Operations Management combines this leading virtualization platform with the award-winning management capabilities of VMware vcenter Server. This solution enables IT to gain operational insight into the virtual environment for improved availability, performance, and capacity utilization. 16

VMware vcenter Operations Manager VMware vcenter Operations Manager is the key component of the vcenter Operations Management Suite. It provides a new and much simplified approach to operations management of vsphere, physical, and cloud infrastructure. Using patented, selflearning analytics, and an open, extensible platform, vcenter Operations Manager provides operations dashboards that enable deep insights and visibility into the health, risk, and efficiency of your infrastructure, as well as performance management and capacity optimization capabilities. VMware vcenter Orchestrator VMware vcenter Orchestrator is an IT process automation engine that helps automate the cloud and integrate vcloud Suite with the rest of your management systems. Orchestration saves time, removes the potential for manual errors, reduces operating expenses, and simplifies IT management. vcenter Orchestrator allows administrators and architects to develop complex automation tasks within the workflow designer, and then quickly access and launch workflows directly from within the vsphere Client or through various triggering mechanisms. VMware vcloud Networking and Security VMware vcloud Networking and Security is the leading software-defined networking and security solution that enhances operational efficiency, unlocks agility, and enables extensibility to rapidly respond to business needs. It provides a broad range of services in a single solution, including virtual firewall, VPN, load balancing, and VXLAN extended networks. VMware vcenter Log Insight VMware vcenter Log Insight delivers automated log management through log aggregation, analytics, and search operations, extending VMware s leadership in analytics to log data. With an integrated cloud operations management approach, it provides the operational intelligence and enterprise-wide visibility needed to proactively enable service levels and operational efficiency in dynamic hybrid cloud environments. Vblock Systems Vblock Systems combine industry-leading compute, network, storage, virtualization, and management technologies into pre-packaged units of infrastructure. Vblock Systems 720 and 340 are enterprise- and service provider-class systems designed to help organizations benefit from virtualization and cloud computing. Compute The Cisco Unified Computing System (UCS) is based on a standard set of components that is familiar to most IT personnel. Cisco UCS Manager manages the entire UCS system by communicating with firmware embedded in every device in the system and can manage up to eight chassis, providing a combined total of 64 server blades per Vblock. Each UCS 5108 server chassis supports up to eight UCS B-series blades. B-series blades provide up to 24 Intel Xeon cores. The Vblock 720 supports up to 48 chassis, for a total of 384 server blades with up to 9,216 cores. The Vblock 340 supports up to 16 chassis, for a total of 128 server blades with up to 3072 cores. 17

Network Cisco UCS Fabric Interconnects are a core part of Cisco UCS and provide both network connectivity and management capabilities to all attached blades and chassis. The Cisco UCS Fabric Interconnects offer line-rate, low-latency, lossless 10 Gigabit Ethernet, Fibre Channel over Ethernet (FCoE), and 8-Gigabit Fibre Channel functions. The fabric interconnects provide the management and communication backbone for the Cisco UCS B-Series Blades and UCS 5100 Series Blade Server Chassis. The Cisco Nexus offers an end-to-end solution for aggregation and end-of-row and top-of-rack server connectivity in a single platform. The switch series, using cutthrough architecture, supports line-rate 10 Gigabit Ethernet on all ports while maintaining consistently low latency, irrespective of packet size and services enabled. The Cisco MDS 9500 Series Multilayer Director layers a broad set of intelligent features onto a high-performance, open-protocol switch fabric. By addressing the stringent requirements of large data center storage environments, Cisco MDS 9500 Series Multilayer Director provides high availability, security, scalability, ease of management, and transparent integration of new technologies. Storage EMC VNX and EMC Symmetrix VMAX are powerful, trusted, and smart storage array platforms that provide the highest level of performance, availability, and intelligence in the enterprise private cloud. EMC storage systems offer a broad array of functionality and tools that simplify storage management and reduce costs in the private cloud. Optimized for virtual environments and applications, EMC storage platforms provide unsurpassed simplicity and efficiency, while providing storage replication for business continuity and disaster recovery solutions. Enterprise customers can use the advanced storage tiering features and efficiencies of VNX and VMAX to deliver multiple storage service levels to their various organizations, accelerating and simplifying their as-a-service offerings in the private cloud environment. Management VCE Vblock infrastructure platforms can be managed by a variety of industry toolsets, including EMC Ionix UIM, or using the individual Vblock component management tools. VCE Vision Intelligent Operations Software provides a single object perspective of Vblock Systems to management frameworks such as VMware vcenter Operations Manager and vcloud Automation Center. VCE Vision VCE Vision Intelligent Operations software enables and simplifies converged operations by dynamically providing a high level of intelligence to your existing management toolset. VCE Vision software acts as a mediation layer between your system and your existing management tool, allowing for intelligent discovery by providing a continuous, near real-time perspective of your compute, network, storage, and virtualization resources as a single object ensuring that your management tools reflect the most current state of your Vblock Systems. 18

EMC Ionix Unified Infrastructure Manager (UIM) EMC Ionix UIM manages Vblock infrastructure platforms as a single element and accelerates the deployment of private cloud elements and resources through the creation of physical resource service catalogs and templates. In addition to providing a powerful and simplified GUI for administrators, EMC Ionix UIM also provides a comprehensive set of APIs that can be used by any orchestration tool to integrate Ionix UIM functionality into existing or new workflows. EMC and VMware integration VMware vsphere Storage APIs VCE Vblock Systems support VMware vsphere Storage APIs for Array Integration (VAAI). This technology improves overall storage performance by offloading various host resource-intensive operations to the array to optimize server performance. Both platforms also support VMware vsphere Storage API Storage Awareness (VASA), which provides VMware administrators with a single management view into VNX and VMAX drive types (flash, SAS, or NL-SAS). In addition, this solution uses VMware vsphere Storage APIs for Data Protection (VADP) to offload Avamar backup processing overhead from the client to a backup proxy server running as a virtual machine. EMC Virtual Storage Integrator EMC VSI is a free vcenter plug-in provided by EMC that extends the vcenter Server UI to add capabilities specific to EMC storage. VSI provides multiple feature sets including Storage Viewer, Path Management, and Unified Storage Management. Unified Storage Management simplifies provisioning of both VNX and VMAX virtual pooled storage for the private cloud and enables the cloud administrator to quickly and easily provision storage and perform management tasks. EMC Storage Analytics Powered by VMware vcenter Operations Management Suite, EMC Storage Analytics provides a powerful management tool for VMware and storage administrators to access real-time intelligent analytics for their VNX and VMAX platforms. Administrators can obtain detailed statistics through customizable dashboards, heat maps, and alerts while also accessing topology mapping in a VMware environment. EMC backup and recovery EMC Avamar EMC Avamar is a fast, efficient backup and recovery system provided through a complete software and hardware solution. Equipped with integrated variable-length deduplication technology, Avamar backup and recovery software provides integrated source and global data deduplication, which facilitates fast, daily full backups for enterprise private cloud environments. By integrating Avamar Management Console GUI (MCGUI) commands with vcenter Orchestrator workflows, this EPC solution enables set up of simple protection of resources at provisioning time. EMC Data Domain With Avamar, you can choose to direct backups to an EMC Data Domain system instead of to the Avamar server. Data Domain storage systems deduplicate data inline so that it lands already deduplicated on disk, thus requiring less disk space 19

than the original dataset. With Data Domain, you can retain backup and archive data on site longer to enable quick and reliable data restores from disk. EMC Data Protection Advisor With EMC Data Protection Advisor (DPA), you can automate and centralize the collection and analysis of data across backup applications, replication technologies, virtual environments, and the supporting infrastructure. This provides a single, comprehensive view of your data protection environment and activities. In addition, when integrated with vcenter Orchestrator workflows, DPA can be used to provide ondemand reporting of backup statistics and status. EMC data protection workflows for vcenter Orchestrator With vcenter Orchestrator, cloud administrators can use the data protection workflows created by EMC to automate Avamar and Data Domain protection of virtual machines. These workflows are added to the vcac virtual machine provisioning blueprints so that users can easily set up protection at provisioning time. In addition, workflows can be used to enable simple restore of the last good backup for a particular virtual machine. Administrators can also use workflows that set up the protection policies on Avamar and vcenter, which facilitates quick and easy deployment of the infrastructure required to support end user security. 20

Private cloud management infrastructure This section describes the environment and supporting infrastructure for this EPC solution. Architecture Figure 6 shows the overall architecture of the solution. Figure 6. Solution architecture The management infrastructure for this private cloud solution is critical to the availability of its supporting components. This solution has two management layers which separate the physical and virtual infrastructure into two distinct tiers: Vblock Advanced Management Pod (AMP-2) Provides a centralized management point for Vblock Systems and hosts all virtual machines required for management of the Vblock infrastructure platform. The AMP-2 contains one vcenter server to manage its own ESXi servers and virtual machines, and another vcenter server to manage the Enterprise Private Cloud Management Pod. Each AMP-2 is delivered pre-configured with the following software tools: AMP vcenter Server Cisco UCS Manager SQL Server 21

EMC PP/VE EMC Unisphere UIM (optional) Management Pod vcenter Server Enterprise Private Cloud Management Pod Hosts all virtual machines used for cloud-enabled infrastructure management and functions, such as the user portal and automated provisioning, monitoring, networking, security, and metering. The vcenter instance located in this management pod serves as the vsphere endpoint for vcac, which hosts the resource clusters supporting the business needs of the various organizations within the enterprise. All server and virtual machine components within this management pod are managed by the separate, higher level vcenter server instance in the AMP-2. The private cloud management pod consists of the following virtual machine components: vcloud Automation Center: Server vcloud Automation Center: Agent vcloud Automation Center: Web portal vcloud Automation Center: Distributed Execution Manager (DEM) vcloud Automation Center: Designer vcloud Automation Center: DB (SQL Server) vcenter Orchestrator vcenter Server (vcac endpoint) vcenter Server DB (SQL Server) vcenter Operations Manager (vcops) EMC SMI-S Provider EMC Data Protection Advisor EMC Avamar Proxy01 vcenter Log Insight Cloud resources Compute resources that support the private cloud management pod or the resource clusters can be provisioned or expanded at any time using the individual component element managers or a management framework that uses the element managers. In the case of the resource clusters, subsequent resource reservation changes will be required at the vcac layer to make the additional resources available for consumption. Existing storage resources can be extended automatically using the EMC VSI if required, but you should consider maintaining LUN size for storage devices involved in remote replication operations (if applicable). The VSI should only be used if an alternative tool such as UIM is not being used to control storage provisioning. Data protection Avamar provides data protection for all levels of this Enterprise Private Cloud solution by using agent-free image-level backup. While the virtual machines within the production resource clusters are automatically protected at provisioning time with 22

customizations between VMware vcac and Avamar, virtual machines in the management cluster are manually protected in the more traditional manner using the Avamar administrative console. Use Avamar guest-level backup with the client agent along with the Avamar SQL Server plug-in to protect the Microsoft SQL Server database instances that support vcac and vcenter Server in the management cluster. Avamar guest-level backup can co-exist with image-level backup of the same machine. Availability The VCE Vblock System provides high availability (HA) at the hardware level. The enterprise private cloud built and operating on Vblock inherit all the features designed for HA from the components of each Vblock. Figure 7 shows the highly available components of Vblock. Figure 7. Highly available components of the Vblock infrastructure platform Each of the management pods required for this solution can be configured for high availability. The VCE Vblock AMP-2, which provides a centralized management point for Vblock systems, can be ordered in a high-availability configuration that consists of two Cisco UCS C-series servers, a single EMC VNXe3150, and two Cisco Catalyst Ethernet switches. The Enterprise Private Cloud Management Pod is supported by three ESXi servers using VMware vsphere Distributed Resource Scheduler (DRS) and VMware vsphere HA. All storage is provisioned on VNX or VMAX and is RAID protected, and all ESXi servers use EMC PowerPath /VE for automatic path management and load balancing. 23