Building an Enterprise Hybrid Cloud with the VMware vcloud Solution

Building an Enterprise Hybrid Cloud with the VMware vcloud Solution Glenn Grabowski, Staff Systems Engineer, Senior Cloud Specialist, VMware May 4, 2011 Customer Presentation 2009 VMware Inc. All rights reserved

Agenda VMware vcloud Initiative IT Needs Cloud To Enable Efficiency and Agility VMware s Cloud strategy VMware's vcloud solution stack Conclusion and Q&A 2

It s all about The App : Developers need more agile infrastructure Business Owner Operations How do we get the h/w, manage the app and deliver the SLA in production? We need to: Get capacity now Get s/w stacks deployed Simulate production Once in prod, we need Plan capacity for app Place on Tier 1 capacity Provision the App Server, web, database Set up the load balancer Set up the firewall Set up data protection Set up mgmt Manage the app 3

and often leverage commodity clouds when IT doesn t respond May I have a LAMP stack, please? Developers Queues Custom requests Hardware acquisition Individual Approvals CIOs have concerns about? Security and Compliance? Performance and SLAs? Availability and Data Protection? Intellectual Property vsphere Admin 4

Flexibility and agility are becoming increasingly important to IT Source: CIO LinkedIn Market Pulse Survey, Oct 2010 5

Business agility is the top driver for cloud computing Q9: Which of the following are top drivers of cloud computing initiatives at your organization? (Please check all that apply) 6 Base: 636 Total respondents; 234 US respondents; 202EMEA respondents; 200 APAC respondents Source: CIO Global Cloud Computing Adoption Survey January 2011

CIOs are facing public cost benchmarks Public rate cards lead to tough questions about internal IT costs Pushing IT to benchmark their own IT organization 7

Back to Reality - Real life Provisioning example! From: 8

Provisioning workflow with VMware's vcloud Director To: 9

Virtualization is the foundation of cloud, and it s proliferating Virtualization is a modernization catalyst and unlocks cloud computing. Gartner, May 2010 More VMs were deployed than physical servers starting 2 years ago VMware is alone in the Leaders Quadrant for x86 Server Virtualization VM Cross Over 17.5 15.0 12.5 Millions 10.0 7.5 5.0 2.5 2005 2006 2007 2008 2009 2010 2011 2012 2013 Physical Hosts Virtual Machines Gartner, Inc. Magic Quadrant for x86 Server Virtualization Infrastructure, Thomas J. Bittman, Philip Dawson, George J. Weiss, 26 May 2010. This Magic Quadrant graphic was published by Gartner, Inc. as part of a larger research note and should be evaluated in the context of the entire report. The Gartner report is available upon request from VMware. The Magic Quadrant is copyrighted 2010 by Gartner, Inc. and is reused with permission. The Magic Quadrant is a graphical representation of a marketplace at and for a specific time period. It depicts Gartner's analysis of how certain vendors measure against criteria for that marketplace, as defined by Gartner. Gartner does not endorse any vendor, product or service depicted in the Magic Quadrant, and does not advise technology users to select only those vendors placed in the "Leaders" quadrant. The Magic Quadrant is intended solely as a research tool, and is not meant to be a specific guide to action. Gartner disclaims all warranties, express or implied, with respect to this research, including any warranties of merchantability or fitness for a particular purpose. 11

What is this Cloud Thing? Public Cloud IaaS PaaS Your IT as a Service Cloud Private Cloud SaaS Cloud Computing is an approach to computing that leverages the efficient pooling of on-demand, self-managed virtual infrastructure, consumed as a service. 12

Cloud is changing the new IT landscape Re-think End-User Computing The Challenge for IT: Modernize Application Development Weave all this together into a cohesive, secure, compliant whole Existing Apps New Enterprise Apps SaaS Apps Evolve the Infrastructure Existing Datacenters Public Cloud Services 13

Evolve your existing datacenter to a private cloud Leverage virtualization to transform physical silos into elastic, virtual capacity Increase automation thru built-in policy-driven management Move from static, physical security to dynamic, embedded security Enable secure, self-service to pre-defined IT services, with pay-for-use Organization: Marketing Organization: Finance Users & Policies Organization VDCs Catalogs Users & Policies Organization VDCs Catalogs Compute Storage USE Network $75 14

Evolve your existing datacenter to a private cloud Organization: Marketing Organization: Finance Users & Policies Organization VDCs Catalogs Users & Policies Organization VDCs Catalogs Private Cloud Cloud Infrastructure Automation Management Compute Compute Storage Networking Integrated Security Storage Network USE $75 15

Only VMware offers the best of both worlds with hybrid cloud Apps Apps Common platform Common management Common security Private Cloud VMware Enterprise Security Hybrid Cloud Cloud Infrastructure Management vcloud Service Provider Cloud Infrastructure Cloud Computing Moves from a Technology Discussion to a Business Decision 16

VMware offers a secure hybrid cloud for enterprises vcloud Solution Private Cloud Public Cloud Cloud Consumption vcloud Operations and Management vcenter Security and Compliance vshield Virtualization vsphere Portability Cross-Cloud Standards vcloud API Open Virtualization Format Cross-Cloud Management vcloud Connector Co-Branded vcloud Services vcloud Datacenter Security & performance for enterprises vcloud Express Rapid, credit card payment for developers vcloud Powered Broad array of VMware-compatible clouds for any business need 17

The leading public clouds all partner with VMware 4,000+ vcloud IaaS Partners App Cloud PaaS Partners Source: Gartner (December 2010) 18

VMware offers two co-branded public cloud services vcloud Express Rapid Signup with Credit-card Billing Utility pay as you go Pricing Lowest cost with high QoS Interoperability across providers vcloud Datacenter Services Guaranteed quality of service Certified adherence to ref. architecture Secure and compliant Workload mobility across providers Private Cloud Public Cloud vshield Common security vcloud Datacenter Certified Service vshield vcloud Director Common management vcloud Director vsphere Common platform vsphere 19

Extensions, notifications, and APIs enable third-party integrations Easily orchestrate vcloud actions vcloud API vcenter Orchestrator Plug-in VMware Service Manager Plug-in JMX Interfaces can be monitored using existing monitoring systems VM Request Existing systems are supported In-Guest agents are fully supported Existing IT request systems, approval management systems can be configured to use the vcloud API Policy 20

Cloud Foundry - World s first open Platform as a Service (PaaS) offering Multiple Frameworks 21

Build a hybrid cloud with vcloud to resolve IT s challenges Increase business agility by empowering users to rapidly deploy services on-demand with self-service portals Optimize not only Reduce costs by more efficiently how IT is delivered delivering resources and by consolidating and standardizing your infrastructure and managed, but Improve security and compliance within also how it is multi-tenant environments with strong consumed access controls and vshield security Consuming Infrastructure as a Service Producing Infrastructure as a Service Enable application portability and interoperability across clouds while leverage existing investments 22

Intercontinental Hotels built a hybrid cloud to offer global access InterContinental Hotels Group More than 4,500 hotel properties, 650,000 guest rooms in more than 100 countries/ territories worldwide Business Drivers Need for elasticity Use of current IT configurations Ability to charge back applications Cost effective; no CapEx Solution Offering: Membership rewards program Exported vapp and uploaded into Verizon CaaS enabled by vcloud Datacenter Used vcd to manage and configure application for use 23

Cloud requires elasticity, on-demand access, resource pooling vcloud Solution Only VMware offers true pooling with Virtual Datacenters End-User Computing Cloud Application Platform Cloud Infrastructure Only VMware addresses all three vcloud Powered Private Cloud Enterprise Hybrid Cloud Community Cloud Only VMware enables the hybrid cloud 25

Requirements for Building a Private Cloud Ubiquitous Access Pay by consumption Self-Service Service Catalog User Facing Secure Multi-Tenancy SLA s Mgmt Automation IT Facing Elasticity Pooling Abstraction 26

VMware Offers a Complete CLOUD Solution Ubiquitous Access Pay by consumption Self-Service Service Catalog User Facing vcloud Director Secure Multi-Tenancy SLA s Mgmt Automation Elasticity Pooling Abstraction IT Facing vshield Security vcenter Management vsphere 27

VMware vcloud Director builds on vsphere to transform IT Builds on vsphere and scales up to 10,000 VMs and 25 vcenter Servers Users Organization 1 Organization m Creates virtual datacenters, by pooling resources into new units of consumption VMware vcloud Director User Portals Catalogs Security Securely enables the cloud with vshield, LDAP authentication, and RBAC Virtual Datacenter 1 (Gold) VMware vshield Virtual Datacenter n (Silver) Provides self-service portals and standardized infrastructure catalogs Isolates users into organizations with unique catalogs, policies, and LDAP VMware vcenter Server VMware vsphere VMware vcenter Server VMware vsphere Secure Private Cloud vcloud API Programmatic Control and Integrations Public Clouds vcloud API and extensions enables cloud portability, orchestration, and integrations 28

vcloud Director introduces new multi-tenant resource abstractions VMware vcloud Director Organization: Marketing Organization: Finance Users & Policies Organization VDCs Catalogs Users & Policies Organization VDCs Catalogs Provider Virtual Datacenters (Gold) (Silver) (Bronze) VMware vcenter Server Resource Pools Datastores Port Groups VMware vsphere Secure Private Cloud 29

IT must become an internal cloud service provider IT becomes a service provider, enabling true business agility Self-Service Portals Catalogs Achieve the economics and agility of cloud computing without sacrificing security or control Users are given an alternative to commodity public clouds, eliminating the need for unauthorized deployments Virtual Data Centers 30

First standardize services with vapps and place into a catalog Java Stack Database on Linux Provisions hardware Needs services 31

Group users into organizations and delegate access to the catalog Organizations are completely isolated and secure Isolated virtual resources Independent LDAP-authentication Specific policy controls Unique catalogs Catalogs can be customized by organization or shared Users can be given permission to create organization-wide catalogs Organizations can be given permission to create datacenterwide catalogs Enables a multi-tenant environment IT can serve multiple organizations from common infrastructure (More on this later) Directory Services 32

Users deploy into logical containers of tiered resources with SLAs Datacenter One Size Fits All Directory Services 33

Users deploy into logical containers of tiered resources with SLAs Virtual Datacenters Gold Silver Bronze Business-Driven SLAs Directory Services 34

These virtual data centers can be on premise or in public clouds Virtual Datacenters Gold Silver Bronze Business-Driven SLAs Directory Services 35

IT can charge users on a pay-as-you-go model with Chargeback Gold Bronze Directory Services 36

IT can charge users on a pay-as-you-go model with Chargeback Gold SLA $100 per VM USE $100 $150 $175 $275 Bronze SLA $50 per VM USE $ 35 50 75 Directory Services Pay for SLA Pay for Use 37

IT maintains control with Chargeback and user limits Strict user limits Leases: Set maximum time period VMs can exist; IT can select renewal policies Quotas: Maximum number of VMs per user within in organization VMware vsphere Chargeback integration Financial transparency for users and IT Resources like broadband network traffic, public IP addresses, DHCP, and NAT can be metered and billed Customizable allocation models Pay-as-you-Go Allocation Pool Reservation Pool 38

IT maintains control with strict controls and approvals Strict access controls RBAC: Access privileges restricted by roles within LDAP o vapp creation/modification o Catalog creation/modification o Cross-organization sharing o Resource allocation Approvals and workflows IT can require pre-approval if necessary using Service Manager or pre-existing suites IT can create provisioning workflows 39

Shared vapp catalogs enable collaboration & workload portability Development Organization Test Organization vapps contain all of the information required to deploy a service Dev Build Virtual Datacenter Dev Build Virtual Datacenter Functional Testing Virtual Datacenter Sandbox Testing Virtual Datacenter Development Cycle Example: Developer end user submits a vapp to QA by publishing to the shared catalog QA tester checks out the vapp from the shared catalog Network isolation between vdcs allows VMs to have identical network settings without conflicts vapps can be easily migrated to other clouds using vcloud Connector 40

This fundamentally changes user behavior, benefiting both sides Dynamic scaling and capacity management invisible to user, ensuring SLAs are met IT can hot add capacity to the virtual datacenter without user disruption As a result, users no longer feel the need to hoard or overprovision resources Aligns incentives to provision Eliminates over-provisioning Voluntary de-provisioning 41

LabCorp developers have instant access to VMs PROFILE LabCorp grows by acquisition. Virtualization and the cloud environment enable us to absorb new labs and speed time to market. James P. Jones, IT Manager, Virtual/Cloud Services, LabCorp Industry Headquarters Employees Annual Revenue VMware vsphere 4 Medical testing Burlington, N.C. 28,000 $5.2 billion VMWARE PRODUCTS & SERVICES VMware Site Recovery Manager (SRM) VMware vcloud Director vcloud Accelerator Service Objectives Speed provisioning Provide self-service capacity on demand to IT teams Ease regulatory compliance, reduce risk, speed time to market VMware Solution VMware vcloud Director provides secure cloud environment for controlled self-service to developers and admins Business Impact Absorb acquired labs quickly, maintaining legacy systems Developers get VMs in seconds Meet constant demand for new tests, upgrades, regulatory reports Build path to SaaS for agile, competitive business operations 42

Only VMware offers defense in depth for your cloud infrastructure Virtualizes common network services such as NAT and DHCP vshield Endpoint protects the individual VM with offloaded anti-virus vshield App protects the applications with multi-vm trust zones vshield Edge protects the virtual data centers with portlevel stateful firewalls 43

Security profiles remain intact in the dynamic cloud environment VDC Gold VDC Bronze 44

Security profiles follow workloads in the Hybrid Cloud model, too VDC Gold VDC Bronze VDC Silver Secure VPN Secure Private Cloud vcloud Datacenter 45

Cross cloud management makes hybrid cloud real vcloud Connector Connect, visualize and operate on multiple clouds Visualize resources across hybrid clouds inside the vsphere Client See VMs, vapps and templates across vsphere and private and public vclouds Delivered as a vsphere Client Plugin vsphere Private Cloud Verizon vcloud Colt vcloud Bluelock vcloud Copy & operate on resources across clouds Copy resources between vsphere and vclouds Perform power operations on workloads Access console of vapps running in vclouds Deliver enterprise level security Data managed by onsite server Security scope set by vsphere Client 46

VMware provides continuous compliance within & across clouds vcenter Configuration Manager Continuous Compliance Assessment & Enforcement Policies built from Out-of-the-box compliance templates SOX, HIPAA, FISMA, DISA, GLBA, ISO 27002, NIST, PCI DSS, NERC, CIS, FERC Harden the hypervisor configs for ESX, network, storage, etc. Harden the hypervisor guest Harden the Guest OS Build Golden Image / Standards 47

The US government trusts their vcloud deployment with vshield Customer Need Build and maintain a secure network that isolates highly sensitive scientific applications from the rest of the environment without creating airgaps Solution with vshield App Create adaptive trust zones on the same shared infrastructure to control access to o highly sensitive scientific apps o shared services o business critical apps o and the DMZ Restrict inbound and outbound traffic to the trust zones Restrict access to applications in a trust zone to View users in the subgroup within the zone Automatically move infected VMs to a remediation zone Shared. Svrs View Users Scientific Apps View Users Business Apps View Users Business Benefits Reduced provisioning time from 30 days to 30 minutes Lower Capex & Opex by replacing hardware appliances with virtual appliances 48

Secure multi-tenancy and VDCs allow BUs to share infrastructure Secure Multi-tenancy with vshield Virtual networking technologies segregate Healthcare Infrastructure Aerospace Infrastructure Consumer Infrastructure network traffic Policy-based management eliminates noisy neighbor concerns Enables shared infrastructure Formerly silo d infrastructures (either Healthcare Organization Aerospace Organization Consumer Organization separate clusters or entire datacenters) can be migrated to virtual data centers and share the Healthcare VDC Aerospace VDC Consumer VDC No airgapped pods/silos Eliminates the need for physical separation for security or compliance Maximizes consolidation ratio 49

vshield Manager and vshield Edge Virtual Appliances vcenter Chargeback Collectors (vcenter, vcd, vse) VMware is the leader in enterprise hybrid cloud infrastructures VMware is the leader in the cloud platform VMware offers the products and services to build a hybrid cloud Private Cloud Public Cloud Virtualization is a modernization catalyst and unlocks cloud computing. Gartner, May 2010 Service Consumption vcloud vcloud Request Request Manager Manager vcenter vcenter Chargeback Chargeback Service Delivery vcloud vcloud Director Director Security and Compliance vshield vshield Security Security Family Family vcenter vcenter Configuration Configuration Manager Manager Virtualization vsphere vsphere vcenter vcenter Management Management Family Family Portability Cross-Cloud Standards vcloud API vcloud API Open Virtualization Format Open Virtualization Format Cross-Cloud Management vcloud Connector vcloud Connector Co-Branded vcloud Services vcloud Datacenter Security & performance for enterprises vcloud Express Rapid, credit card payment for developers vcloud Powered Broad array of VMware-compatible clouds for any business need VMware powers the industry s largest cloud ecosystem VMware has the expertise and services to build clouds vcloud API VMware vcloud Director v Cl o u d A PI vshield Manager w/ Edge VMware vsphere 4 Enterprise Plus E n d U se rs v C D P or tal v C D VMwarD a e t a vcloudb a Directos e r vcente r Server v C e nt er D at a b as e L D A P vcenter Chargeback v C e nt er C h ar g e b ac k D at a b as N e et w or ks vcenter Chargeback Server D at as to re s vcenter Chargeback Web Interface ESX/E SXi Hosts VMware vcloud Director Security VMware Hardening vcloudguide WHITEPAPER Director Security VMware Hardening vcloud Guide Director WHITEPAPER 1.0 Performance and WHITEPAPER Best Practices 50