Learn how to build Enterprise Hybrid Clouds for your customers using VMware vcloud

Learn how to build Enterprise Hybrid Clouds for your customers using VMware vcloud 1

The business has strict demands of IT As the CIO, I provide Through Cloud I am able business with the to cost effectively services it needs, provision IT services to when it needs it, Supplier my business customers within my resource others will if I don t! constraints. Cloud services enable new and improved business models so that I can maximize windows of opportunity before others do! As the CEO, it s my responsibility to create sustainable value whilst being Consumer responsive to a dynamic market, changing workforce, and business environment. Efficiency Govern costs, get best from resources IT as a Service Agility Anticipate and respond to change Competitive Advantage Right Service at Right Price Competitive Advantage Right Capability at Right Time 2

Cloud requires elasticity, on-demand access, resource pooling vcloud Solution Only VMware offers true pooling with Virtual Datacenters End-User Computing Cloud Application Platform Cloud Infrastructure Only VMware address all three vcloud Powered Private Cloud Enterprise Hybrid Cloud Community Cloud Only VMware enables the hybrid cloud 3

VMware offers a secure hybrid cloud for enterprises The VMware vcloud Solution Private Cloud Public Cloud Cloud Consumption vcloud Operations and Management vcenter Security and Compliance vshield Virtualization vsphere Portability Cross-Cloud Standards vcloud API Open Virtualization Format Cross-Cloud Management vcloud Connector Co-Branded vcloud Services vcloud Datacenter Security & performance for enterprises vcloud Express Rapid credit-card payment for developers vcloud Powered Broad array of VMware-compatible clouds for any business need 4

VMware vcloud Director builds on vsphere to transform IT Builds on vsphere and scales up to 10,000 VMs and 25 vcenter Servers Users Organization 1 Organization m Creates virtual datacenters, by pooling resources into new units of consumption VMware vcloud Director User Portals Catalogs Security Securely enables the cloud with vshield, LDAP authentication, and RBAC Virtual Datacenter 1 (Gold) VMware vshield Virtual Datacenter n (Silver) Provides self-service portals and standardized infrastructure catalogs Isolates users into organizations with unique catalogs, policies, and LDAP VMware vcenter Server VMware vsphere VMware vcenter Server VMware vsphere Secure Private Cloud vcloud API Programmatic Control and Integrations Public Clouds vcloud API and extensions enables cloud portability, orchestration, and integrations 5

To make this possible, cloud requires new resource abstractions VMware vcloud Director Organization: Marketing Organization: Finance Users & Policies Organization VDCs Catalogs Users & Policies Organization VDCs Catalogs Provider Virtual Datacenters (Gold) (Silver) (Bronze) VMware vcenter Server Resource Pools Datastores Port Groups VMware vsphere Secure Private Cloud 6 Confidential Internal Use Only

Examples of Provider VDCs Use Provider VDCs to offer tiered compute and storage Fast, medium, slow compute and storage Silver (SATA), Gold (FC), Platinum (EFD), Unobtainium (aggregate) storage Nehalem based clusters, AMD based clusters Create a Provider VDC per tier of compute and storage you wish to offer to users 7 Confidential

First standardize services with vapps and place into a catalog vapp Catalog Java Stack Database on Linux Webserver Provisions hardware Needs services 8

vapps Container of one or more VMs Package up multi-tier applications into vapps Operate on VMs as one unit Select boot order of VMs, start delays and stop delays Set runtime and storage leases Can be created from scratch Building blocks templates in the catalog Can be imported from outside the cloud Availability = 99.99% Security = High Performance = msec SLA Definitions Uses the OVF standard Captures meta data about the VMs Allows import and export between clouds in standard format App OS vapp App OS App OS Copyright 2011 VMware, Inc. All rights reserved. This product is protected by U.S. and international copyright and intellectual property laws. VMware products are covered by one or more patents listed at http://www.vmware.com/go/patents. VMware is a registered trademark or trademark of VMware, Inc. in the United States and/or other jurisdictions. All other marks and names mentioned herein may be trademarks of their respective companies. 9 Confidential

Catalogs Catalogs are collections of vapps and media created Cloud-level or within organization Linux Templates Windows Templates Examples: Infrastructure as a Service Catalogs Small, medium and large VMs/vApps. Pre-installed Windows and Linux VMs OS Media files (ISO, floppy images) Application catalogs Corporate Database servers Corporate application servers Engineering vapps IT - Oracle vapps Basic Media Catalog Premium Media Catalog Copyright 2011 VMware, Inc. All rights reserved. This product is protected by U.S. and international copyright and intellectual property laws. VMware products are covered by one or more patents listed at http://www.vmware.com/go/patents. VMware is a registered trademark or trademark of VMware, Inc. in the United States and/or other jurisdictions. All other marks and names mentioned herein may be trademarks of their respective companies. 10 Confidential

Group users into organizations and delegate access to the catalog Organizations are completely isolated and secure Isolated virtual resources Independent LDAP-authentication Specific policy controls Unique catalogs Org A Catalogs can be customized by organization or shared Users can be given permission to create organization-wide catalogs Organizations can be given permission to create datacenterwide catalogs vapp Catalog Org B Enables a multi-tenant environment IT can serve multiple organizations 11 from common infrastructure (More on this later) Directory Services

Create Organizations Unit of tenancy Isolate groups or users or lines of business from each other E.g. Finance and IT created by Cloud administrator Users on boarded to organizations Each organization has a unique URL in the VMware vcloud Director system 12 Confidential

Users deploy into logical containers of tiered resources with SLAs Datacenter Org A vapp Catalog Org B One Size Fits All Directory Services 13

Users deploy into logical containers of tiered resources with SLAs Virtual Datacenters Gold Org A Silver vapp Catalog Bronze Org B Business-Driven SLAs Directory Services 14

Compute & Storage: Organization VDCs Allocate resources to organizations using Organization VDCs Org 1 Org 2 Org VDCs are allocated from Provider VDCs Can be as large as a Provider VDC All Organization VDCs in a Provider VDC are the same tier of service Org 1 Premium Organization VDC Premium Provider VDC Org 2 Premium Organization VDC Each organization VDC represents a tier of service SLA Cost vapps run in Org VDCs Commodity Provider VDC Premium Provider VDC Other Provider VDC 15

IT can define multiple consumption models Capacity-as-you-go Pay-Per-VM model No upfront resource allocation Org VDC allocated resources only as users create vapps IT can set compute limits to cap usage Reservation pools Guaranteed container 100% of container guaranteed Organization given resource management capabilities (shares and reservations) Allocation Pools Resources allocated, but not guaranteed Similar to the airline seat model IT can over-provision 16

Leases, Quotas and Limits Exercise control via leases, quotas and limits Set by Organization administrator Lease Length of time that a user can use a vapp in a vdc Runtime and storage lease Quotas Running VM Quota Stored VM Quota Limits Heavy operations - Per user - Per Org Simultaneous connection per VM Copyright 2011 VMware, Inc. All rights reserved. This product is protected by U.S. and international copyright and intellectual property laws. VMware products are covered by one or more patents listed at http://www.vmware.com/go/patents. VMware is a registered trademark or trademark of VMware, Inc. in the United States and/or other jurisdictions. All other marks and names mentioned herein may be trademarks of their respective companies. 17 Confidential

But IT never loses control with... strict controls and approvals 18 Strict access controls RBAC: Access privileges restricted by roles within LDAP o vapp creation/modification o Catalog creation/modification o Cross-organization sharing o Resource allocation Approvals and workflows IT can require pre-approval if necessary using VMware Service Manager, vcenter Orchestrator, or third-party approval mechanism IT can create provisioning workflows Customizable allocation models Pay-as-you-Go Allocation Pool Reservation Pool

IT can charge users on a pay-as-you-go model with Chargeback Gold Org A Bronze vapp Catalog Org B Directory Services 19

IT can charge users on a pay-as-you-go model with Chargeback Org A Gold SLA $100 per VM USE $100 $150 $175 $275 vapp Catalog Org B Bronze SLA $50 per VM $ 35 50 75 USE Directory Services Pay for SLA Pay for Use 20

Fast Provisioning using Linked Clones For Improved Agility Overview Provisions new VMs from a template or clone existing VMs without replicating the entire image Instead, links the images (clones) so that common elements are stored only once vmd k vmd k vmd k Benefits vmdk Template Dramatically speeds up provisioning time from >2 minutes to <5 seconds Reduces storage footprint (and cost) by over 60% 21 Confidential

Linked Clones in vcd 1.5 vs. Full Clones Full Clone (Default) A Entire disk copied New independent VM B Fast Provisioning A No disk copy Delta disks spawned A Delta Disk Base Disk (READ ONLY) Delta Disk 22 Confidential

Microsoft SQL Server Support Overview Build a vcloud Director environment u sing a Microsoft SQL database for all cloud configuration data Benefits Leverage existing investments and database skill sets Reduce the cost of building a cloud 23 Confidential

user ****** Connecting 24 Confidential Internal Use Only

25 Confidential Internal Use Only

Monte Carlo vapp 26 Confidential Internal Use Only

27 Confidential Internal Use Only

VM created in under 3 minutes; user experience like itunes! 28 Confidential Internal Use Only

Introducing VMware vcloud Connector (vcc) vcloud Connector (vcc) is a vsphere Client plugin that allows a user to use vsphere Client to: Visualize workloads & templates across vsphere & private/public vclouds Migrate workloads & templates between vsphere & vclouds vsphere <-> vcloud vsphere <-> vsphere vcloud <-> vcloud Perform basic power & deployment ops on workloads & templates Access console (VMRC) of vapps in vclouds Launch vcloud Director or vcloud Datacenter Service Web UI directly 29 Confidential

Workloads view shows workloads across hybrid clouds (vsphere & vclouds) Click on thumbnail to access console of vapp in vcloud 30 Confidential Internal Use Only

Security in the Cloud Traditional, network-based security will not work in the Cloud Physical topologies are no longer RIGID Physical security devices are chokepoints when inter/intra VM traffic must be routed through them. Splinter your ESX hosts Reduces consolidation ratio Reduces sharing of the pool Capacity over/under provisioned Fixed capacity physical security devices can t scale UP or DOWN You WILL use a Public Cloud someday. 31 Confidential Internal Use Only

Data Center needs to be secured at different levels Perimeter Security Sprawl: hardware, FW rules, VLANs Rigid Firewall, FW rules VPN Performance Load balancers bottlenecks Cost & Complexity Prevent unwanted access At the vdc Edge Internal Security VLAN 1 VLANs VLAN or subnet based policies Interior or Web application Firewalls Segment your services End Point Security Anti-virus Data Leak Protection Protect your data 32

Securing virtual Data Center (vdc) with legacy security solutions Internet PERIMETER SECURITY WEB ZONE vsphere INTERNAL SECURITY APPLICATION ZONE vsphere VIRTUALIZED DMZ WITH FIREWALLS DATABASE ZONE vsphere ENDPOINT SECURITY Air Gapped Pods with dedicated physical hardware Mixed trust clusters without internal security segmentation Configuration Complexity o VLAN sprawl o Firewall rules sprawl o Rigid network IP rules without resource context Private clouds (?) Customers cannot realize true virtualization benefits due to security concerns 33

Securing the Private Cloud End to End: from the Edge to the Endpoint vshield Edge Edge Secure the edge of the virtual datacenter vshield App - Create segmentation Security Zone between workloads - Sensitive data discovery vshield Endpoint Endpoint = VM Anti-virus processing DMZ Application 1 Application 2 Endpoint = VM vshield Manager Centralized Management

What Is vshield Edge? vshield Edge vshield Edge Tenant A Tenant C Tenant X vshield Edge vshield Edge secures the perimeter, edge, around a virtual datacenter. Common vshield Edge deployments include: Protecting the Extranet Protecting multi-tenant cloud environments Secure Virtual Appliance Secure Virtual Appliance Secure Virtual Appliance Key Benefits Reduce cost and complexity by eliminating multiple special-purpose appliances and rapidly provisioning edge services. Ensure policy enforcement with built-in edge network security and services that follow the Virtual machine Deployments Enables you to deliver multiple security needs across one shared resource pool increasing efficiency Firewall Load balancer VPN 35 35

Securing the Data Center Interior with vshield App Key Benefits Complete visibility and control to the Inter VM traffic enabling multi trust zones on same ESX cluster. Intuitive business language policy leveraging vcenter inventory. 36

vshield Data Security for Compliance Readiness 800% increase in data volumes in Data Centers, 80% of which is unstructured, i.e. not in databases UBS View from 2010 Gartner Data Center Conference 1 Discover Sensitive Data in the virtual environment Choose from built in templates for most common types of sensitive data PII Personally Identifiable Information PCI-DSS Payment Card Industry Standard PHI Patient Health information Continuous Data Privacy Sweep 2 Continuous sweep of datacenter scanning for sensitive data in unstructured files 3 Generate actionable reports about the discovery of sensitive data Continuous agentless discovery of data across all virtual machines 37 3 Confidential

vshield Endpoint Offload Anti-virus Processing for Endpoints Benefits Improve performance by offloading anti-virus functions in tandem with AV partners Improve VM performance by eliminating anti-virus storms Reduce risk by eliminating agents susceptible to attacks Satisfy audit requirements with detailed logging of AV tasks 38

Cloud Infrastructure Security- Defense in Depth First Level of Defense- vshield Edge Threat mitigation and blocks unauthorized external traffic Suite of edge services Zoning within the ORG- vshield App Policy applied to VM zones Dynamic, scale-out operation VM context based controls * * Compliance Check vshield App Discover PCI, PHI, PII sensitive data for virtual environment Compliance posture check AV agent offload- vshield Endpoint Attain higher efficiency Supports multiple AV solutions Always ON AV scanning 39

Thank You Listen Know where your customers are on their Journey to ITaaS and create a plan to accelerate their progress. Learn Upgrade your knowledge across the VMware stack for ITaaS. Update your Accreditations and Certifications. http://www.vmware.com/partners/partners.html Leverage Maximize the networking opportunities here and use those new relationships to accelerate your success. 40