Shulou(Shulou.com)05/31 Report--

How to in-depth analysis of VMware vCloud Director, many novices are not very clear about this, in order to help you solve this problem, the following editor will explain for you in detail, people with this need can come to learn, I hope you can gain something.

VCloud Director (hereinafter referred to as Director) is a virtualization capability based on VMware vSphere, and extends the resource pool function of VMware vCenter to enable IT departments to create "VDC (Virtual Data Center, Virtual data Center)". That is, a resource pool composed of computing, network and storage resources and predefined management policies, service level agreements and pricing mechanisms, and provide users with VDC-based computing resources and the ability to deploy applications on it. In terms of user experience, unlike VMware vCenter, which is also a management software, Director does not choose a traditional client in the user interface, but a Web UI based on Adobe Flex RIA technology. Through this Web UI, users can complete some time-consuming and tedious operations, including cloud creation and management, network setup and application deployment, with a click of the mouse or a small amount of keyboard input. It is also based on the open OVF protocol and provides vCloud API using REST technology.

In addition to these basic functions mentioned above, in terms of billing, Director also integrates the latest version 1.5 of VMware vCenter Chargeback to complete the billing for the use of computing resources. In terms of security, Director also integrates VMware vShield technology to improve the security of cloud computing centers. In addition, VMware has launched Director-related VMware vCloud data center services, through which Director users can leverage VMware's extensive ecosystem of technology partners and service providers to expand data center capabilities by introducing secure, compatible public clouds, and manage public clouds as easily as private clouds. Through this hybrid model, users can reap the benefits of cloud computing without reducing security or control, and have comprehensive support for compliance and security that are critical to the enterprise.

Figure 1. Architecture diagram of vCloud Director

Create VDC and organization

Because both private and public clouds are likely to face various types of customers or multiple scenarios, vCloud Director does not classify all IT resources into one cloud or one user, but supports mechanisms such as resource isolation and multi-tenancy in design. To achieve this goal, vCloud Director introduces two very core concepts: one is VDC, which is mentioned above to isolate resources. The second is the organization (organization) used to support the multi-tenancy mechanism.

VDC is a collection of computing and storage resources for cloud computing. In use, administrators first add some vCenter Server to Director, so that these vCenter Server-managed computing resources can be published and combined into a huge resource pool, and then administrators can create a VDC. And add some or all of the computing and storage resources in the resource pool to the new VDC according to their own ideas or some rules. For example, the administrator can allocate the computing and storage resources with excellent performance to the VDC named "Tier1" according to the performance, and classify the hardware resources that are very backward in performance as a VDC named "Tier2". At the same time, administrators can set the corresponding Cost and SLA parameters for each VDC.

Administrators use rules (Policy) to combine multiple users into the same organization, for example, people belonging to the financial department are classified into the financial department, etc., and each organization has its own exclusive virtual resources and directories (Catalog), independent LDAP authentication system and specific rule management. Organizing this feature allows multiple units to share the same infrastructure, and Director generates different URL for each organization to log in, and within each organization, administrators can create their subordinate users and groups, and set parameters such as Lease, Quota, and Limit for each organization. In addition, users in an organization can authenticate in three ways: one is to use a Director local database; the second is to use an Active Directory or LDAP server that matches Director; and the third is to use an organization-specific Active Directory or LDAP server.

Next, we will introduce the relationship between VDC and the organization. First, VDC is divided into two categories according to its size, Provider and Organization. When using it, the administrator first creates multiple Provider VDC, such as Gold VDC and Silver VDC in the following figure. The administrator then creates a new Organization VDC for the organization based on the Provider VDC, such as Org 1 Gold VDC in the following figure. It is also important to note that an Organization VDC can be as large as creating its Provider VDC, and that an organization can have multiple Organization VDC.

Figure 2. Relationship between VDC and organization

In addition, Provider VDC can create an Organization VDC on it in three ways: one is on demand, and only when the user deploys a virtual machine on the Organization VDC will the resources of the relevant Provider VDC be consumed; the other is the reserved pool (Reservation Pool) mechanism, in which the Provider VDC allocates certain resources when the Organization VDC is created, and the organization controls advanced resource management configurations such as shared values (Shares) and retention values (Reservations). The third is the allocation pool (Allocation Pool) mechanism, which is the same as the previous reserved pool mechanism, in that Provider VDC allocates certain resources to Organization VDC, but advanced resource management configurations such as shared values and retention values are set by the administrator responsible for Provider VDC.

The design of network

In the aspect of network, Director mainly has two kinds of mechanisms: one is external network (External Network) mechanism, and the other is network pool (Network Pools) mechanism.

In Director, the external network mechanism mainly provides the deployed virtual machine with the ability to link to the network outside the organization to which the virtual machine belongs (including the network or Internet belonging to other organizations). In the implementation, an external network is a portgroup used to transport external virtual machine traffic, and this portgroup is isolated by using a VLAN tag (tag). In terms of usage, the administrator will first create an external network. The parameters that need to be filled in are the network subnet mask, default gateway, preferred and alternative DNS addresses, DNS prefix and static IP address pool, and then associate the external network with the relevant virtual machines.

The network pool is a series of isolated Layer 2 network segments, and the network pool is the cornerstone used to create a network of organizations and virtual machines, mainly for communication between virtual machines within the organization, and it also ensures that the network can be used and deployed automatically in the cloud. In terms of usage, each time a user deploys a virtual machine, it consumes an IP address of its corresponding network pool. In terms of implementation, the network pool is mainly supported by three technologies: one is based on VLAN, the other is based on Director's own network isolation technology VCDNI (VMware vCloud Director Network Isolation technology), and the third is using Portgroup.

Directory management

In Director, directories are mainly used to store containers for various resources. A directory belongs to an organization and is mainly created by the administrator of that organization, and the shared settings of this directory can be set as needed. The main storage includes two categories: one is vApp, which is a virtual device based on OVF format, which quickly builds an application containing multiple virtual machines by deploying vApp; and the other is some images and media such as ISO format and floppy format, which can be used to install the operating system on the virtual machine or transfer data to the virtual machine.

Security part

In terms of security, traditional enterprise security depends on agents, proprietary hardware, and fragile hardware-related configurations. Because of the dynamic nature of the cloud environment, applications and services can move everywhere and adopt a shared infrastructure, so it is necessary to adopt a new security model. So Director integrates vShield security technology specifically for virtual and cloud environments, and unveiled three new products at this year's VMworld conference, including VMware vShield Edge, VMware vShield App and VMware vShield Endpoint, which can virtualize security and edge services, including firewalls, virtual private networks (× ×), and load balancing, freeing them from the shackles of physical infrastructure. And provides a single, adaptive, programmable security infrastructure. This helps to solve the problem that the traditional model is too complex and inflexible, and provides better visibility and control for the IT team. When combined with VMware partner solutions, VMware vShield will be able to provide VMware virtualized and cloud environments that are more secure than traditional physical deployment models at a fraction of the cost of the latter.

Billing

In terms of billing, Director does not reinvent the wheel, but uses the latest version of VMware vCenter Chargeback. First, introduce Chargeback, which is mainly used for accurate costing, analysis and reporting to achieve cost transparency and accountability, and to enable users to map IT costs to business units, cost centers or external customers, thus helping to better understand resource costs, which not only allows business owners and IT personnel to understand the actual virtual infrastructure costs required to support business services. You can also learn about ways to optimize resource utilization to reduce overall IT infrastructure spending. In addition, through the integration with Chargeback, Director can charge for the use of a variety of cloud resources, such as storage resources, network resources and resources consumed by vShield services, and can generate different reports for different organizations.

VMware vCloud data Center Servic

First, while public cloud services provide an alternative to delivering computing power in a self-service, usage-based pay-for-use model, many disadvantages still limit the widespread adoption of public cloud services within the enterprise. examples include security issues, uncertain service level agreements, lack of regulatory compliance, and concerns about vendor locking. VMware vCloud data center services provide a new way for enterprises to extend the data center to the external cloud while maintaining security, regulatory compliance, and quality of service. VMware vCloud data center services are provided by several leading global service providers, including Bluelock, Colt, SingTel, Terremark, and Verizon, with a globally unified infrastructure and management and security models that enable enterprise customers to migrate workloads between an internally virtualized infrastructure and an external cloud.

Secondly, in terms of Compliance and security, VMware vCloud data center services provide VMware certified compatibility, portability, auditable security control, SAS-70-Type-II or ISO-27001 authentication, virtual application security including stateful firewall and two-tier network isolation, role-based access control, and LDAP directory authentication.

Overall, the Director product is mainly through the integration of multiple vCenter Server-based resource pools to achieve a basically complete IaaS cloud. Although the features supported by Director are not comparable to those supported by professional IaaS clouds such as Amazon EC2, it is involved in security and billing, coupled with the dominance of VMware's original virtualization software in the enterprise data center, it can be predicted that this product is very suitable for enterprise users who have already invested in VMware technology and want to experience the advantages of cloud computing. Also, through the introduction of Director, we should be able to have a more in-depth understanding of the basic structure of an IaaS cloud.

Is it helpful for you to read the above content? If you want to know more about the relevant knowledge or read more related articles, please follow the industry information channel, thank you for your support.

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.