Embed Size (px)
Citation preview
PBO1627BU
# VMworld #PBO1627BU
Software Super Convergence and Demo: How VMware Products Work Together to Deliver Business Solutions
VMworld 2017 Content: Not fo
r publication or distri
bution
• This presentation may contain product features that are currently under development.
• This overview of new technology represents no commitment from VMware to deliver these features in any generally available product.
• Features are subject to change, and must not be included in contracts, purchase orders, or sales agreements of any kind.
• Technical feasibility and market demand will affect final delivery.
• Pricing and packaging for any new technologies or features discussed or presented have not been determined.
Disclaimer
CONFIDENTIAL 2
VMworld 2017 Content: Not fo
r publication or distri
bution
Mitesh Pancholy
PBO1627BU
# VMworld #PBO1627BU
Software Super Convergence and Demo: How VMware Products Work Together to Deliver Business Solutions
VMworld 2017 Content: Not fo
r publication or distri
bution
10 Items the EA Must Know
1. Enterprise Architecture models
2. Port Distribution
3. Port Segmentation and Strategy
4. How SSO works
5. SSO Deployment Models
6. Authentication Flow in VMware
7. VMware DataBases
8. APIs .. APIs.. APIs
9. vRealize Automation / Orchestrator
10. Bring it all together
#PBO1627BU CONFIDENTIAL 4
VMworld 2017 Content: Not fo
r publication or distri
bution
Product Layout
#PBO1627BU CONFIDENTIAL 5
DA
TA
CE
NT
ER
AN
D C
LO
UD
IN
FR
AS
TR
UC
TU
RE
vSphere
vSphere Essentials Plus with vSphere Storage Appliance
vCloud Director
vSphere Storage Appliance
NSX Platform
vSAN
vSphere Data Protection Advanced
vCenter Support Assistant
Software Manager
Continuent
Photon Platform
INF
RA
ST
RU
CT
UR
E A
ND
O
PE
RA
TIO
NS
MA
NA
GE
ME
NT
vCenter Server
vRealize Suite
vRealize Operations Insight
Site Recovery Manager
vRealize Automation
vCloud Connector Core
vRealize Log Insight
vRealize Operations Management Pack for EPIC
vRealize Code Stream
Health Analyzer Collector
vRealize Operations Management Pack for MEDITECH
vRealize Network Insight
VMworld 2017 Content: Not fo
r publication or distri
bution
Product Layout
#PBO1627BU CONFIDENTIAL 6
SE
CU
RIT
Y P
RO
DU
CT
S vCloud Networking and Security
SU
ITE
S vCloud Suite
vSphere with Operations Management
vRealize Operations
vCloud NFV
Cloud Foundation
Server SAN Suite
DE
SK
TO
P A
ND
EN
D
US
ER
CO
MP
UT
ING
Horizon View Enterprise Addon
Horizon Client for IOS
Horizon Client for Windows Desktop
ThinApp
ThinApp Virtualization Packager
Workstation Pro
Fusion and Fusion Pro
Workstation Player
Socialcast
Mirage
Mirage Windows Migration
View Planner
vRealize Operations for Horizon
Horizon Air Desktop Platform
Horizon Air HybridMode
AirWatch Management Suites, Standalone Products and Hosting Services
App Volumes
User Environment Manager
Identity Manager Standard
Identity Manager Advanced VMworld 2017 Content: Not fo
r publication or distri
bution
Product Layout
#PBO1627BU CONFIDENTIAL 7
HO
RIZ
ON
BU
ND
LE
S
Horizon Standard Edition
Horizon Advanced Edition
Horizon Enterprise Edition
Horizon FLEX
Workspace Suite
Horizon for Linux
VIEW Enterprise
Workspace ONE
Collaboration Bundle
Horizon Apps
CLO
UD
AP
PL
ICA
TIO
N
PLA
TF
OR
M
vFabric Postgres
vRealize Hyperic
IT S
ER
VIC
E M
AN
AG
ER
Service Manager
IT B
US
INE
SS
M
AN
AG
EM
EN
T
vRealize Business for Cloud Advanced Edition
vRealize Business Enterprise Edition
DA
TA
CO
LL
EC
TIO
N
Skyline
Customer Experience Improvement Program
VMworld 2017 Content: Not fo
r publication or distri
bution
#PBO1627BU CONFIDENTIAL 8
66 Products
Product Spectrum
VMworld 2017 Content: Not fo
r publication or distri
bution
#PBO1627BU CONFIDENTIAL 9
PSO To the rescue
VMworld 2017 Content: Not fo
r publication or distri
bution
#PBO1627BU CONFIDENTIAL
VM Creation
VM Customization
VM Reconfiguration
VM Retirement
vSphere Creation
vSphere CustomizationvSphere Reconfiguration
vSphere Retirement
Life cycle automation
10
VMworld 2017 Content: Not fo
r publication or distri
bution
Enterprise Backoffice
#PBO1627BU CONFIDENTIAL
vRA (UI/API)
vCO
DNS
Hostname
Service
NowBlueCat
vSphere
VCF
Horizon
AD
F5
vCOps
CheckName
CreateTicket
Get IPDNS
ADSSO
Create CI CloseTicket
F5Monitoring
VM
SPEC
CMDB
TicketIPAM Get VM
Autho
Authen
CMDB
TicketF5 /Monitor Customize Email User
Service
Now
Puppet
Gugent
Custom-ization
vSphere Creation Pattern 1
11
VMworld 2017 Content: Not fo
r publication or distri
bution
vRO
VMC Workload Pattern
vRA (UI/API) / PowerCLI
VM
SPEC
CMDB
TicketIPAM Get VM
Autho
Authen
CMDB
TicketF5 /Monitor Customize Email User
VMC Gateway
VMC VPC
SDDC Internal Gateway
VPN / DC
VPC Lob 1 NPD
Router / NAT GatewayVC API
VPC Lob 1 PRDVMworld 2017 Content: Not fo
r publication or distri
bution
CONFIDENTIAL 13
VMworld 2017 Content: Not fo
r publication or distri
bution
Best of Breed Technology Platform
CONFIDENTIAL 14
DevOps
Frameworks
as a ServiceVMworld 2017 Content: N
ot for publicatio
n or distribution
Codestream
vRA
vRO
DevOps Framework as a Service
CONFIDENTIAL 15
TestStack
CommitStackCIStack
ArtifactStack CDStackConfigStack
ControlStack
vRA
vROps
vRLI
vRBArtifactory
Gerrit
Trigger
Plugins
CodeStack
ASD/vRO
Geany
Issues
FeedBackStackPlanStack
vSphere, vSAN, NSX, vRealize Suite
SDDC IaaS Foundation
vRealize Orchestrator
VMworld 2017 Content: Not fo
r publication or distri
bution
#PBO1627BU CONFIDENTIAL 16
Ports
• Talk to each other
• Talk to the world
DB
• Data storage / retrieval
• Session management
Authentication
• Who can access what
• How often does that change
Authorization
• Should access be given
IP / DNS
• Address in the virtual real-estate
API
• Talk to each other
• Talk to others
• Secret handshakes
What Our Products Need
VMworld 2017 Content: Not fo
r publication or distri
bution
Ports
#PBO1627BU CONFIDENTIAL 17
How every product talks to the world
Port block FW
Port Reuse
Typing Error
Ephemeral Port Issues
Port Exhaustion
When Ports Fail !
VMworld 2017 Content: Not fo
r publication or distri
bution
#PBO1627BU CONFIDENTIAL 18
338933894001400140014100
80098009
42966
80808009
443253892233 12345 23451
808022123443116222123443
1162443
7443
9443
5353
22024
804439029038044390290380443902903
8044390290322804439028044390380443903
80808443
80443902903
8080844394431008010443
0
5000
10000
15000
20000
25000
30000
35000
40000
45000
View/VDM 2.xView/VDM 2.xView/VDM 2.xView/VDM 2.x
View/VDM 2.xView/VDM 2.x
View/VDM 2.xView/VDM 2.x
View/VDM 2.x
VMware vCenter Chargeback 1.5
VMware vCenter Chargeback 1.5
VMware vCenter Chargeback 1.5
VMware vCenter Chargeback 1.5
VMware vCenter Chargeback 1.5
Virtual SAN
Virtual SAN
Virtual SAN
Virtual SAN
vShield 1.x
vShield 1.x
vShield 1.x
vShield 1.x
vShield 4.x
vShield 4.x
vShield 4.x
vShield 4.x
vSphere Management Assistant
EVO:RAIL 1.xEVO:RAIL 1.x
EVO:RAIL 1.xData Recovery
ESX 3.xESX 3.xESX 3.xESX 3.x
ESX 4.xESX 4.xESX 4.xESX 4.x
ESXi 3.xESXi 3.x
ESXi 3.x
ESXi 3.x
ESXi 4.x
ESXi 4.x
ESXi 4.x
ESXi 4.x
ESXi 5.x
ESXi 5.x
ESXi 5.x
ESXi 5.x
vCenter 2.5.x
vCenter 2.5.x
vCenter 2.5.x
vCenter 4.x
vCenter 4.x
vCenter 4.x
vCenter 4.x
vCenter 4.x
vCenter 5.x
vCenter 5.x
vCenter 5.xvCenter 5.x
vCenter 5.xvCenter 5.x
vCenter 5.xvCenter 5.xvCenter 5.x
Product Ports
VMworld 2017 Content: Not fo
r publication or distri
bution
92
568
11
113
716
142
746
454
773
511
62
12
35
15
21
20
14
22
33
32
68
33
89
41
72
54
32
59
88
65
00
69
69
70
09
73
43
75
00
80
03
80
09
80
84
80
87
81
82
82
00
82
44
82
81
82
86
83
02
90
87
94
27
10
111
11
712
12
721
22
024
27
000
31
100
50
002
57
348
59
888
889 -
10
24 t
o 6
553
520
000
-2001
031
000
to…
49
152
to…
80
/44
390
89,
909
0
0
1
2
3
4
5
6
7
Port Distribution
Detailed Port Distribution ≈ 700
#PBO1627BU CONFIDENTIAL 19
VMworld 2017 Content: Not fo
r publication or distri
bution
#PBO1627BU CONFIDENTIAL 20
• SSL
443
• ESXi Ops (network file copy)
902
• HTTP
80
• VM Remote Console
903
• View Transfer Server
4001
• Management Web Services
8443
Top 6 Ports You Must Know
VMworld 2017 Content: Not fo
r publication or distri
bution
#PBO1627BU CONFIDENTIAL 21
• SSL, ESX, HTTP, VMRC, VTP, MSWS
Keep Ports list handy
• Long FW change ticket cycles
Validate with Field Team and Internal Customer
• Check that it really works
Ping the port
• LogInsight for Port traffic
Monitor logging
Field Port Strategy
VMworld 2017 Content: Not fo
r publication or distri
bution
#PBO1627BU CONFIDENTIAL 22
VMware SSO
VMworld 2017 Content: Not fo
r publication or distri
bution
#PBO1627BU CONFIDENTIAL 23
Ports
• Talk to each other
• Talk to the world
DB
• Data storage / retrieval
• Session management
Authentication
• Who can access what
• How often does that change
Authorization
• Should access be given
IP / DNS
• Address in the virtual real-estate
API
• Talk to each other
• Talk to others
• Secret handshakes
What Our Products Need
VMworld 2017 Content: Not fo
r publication or distri
bution
#PBO1627BU CONFIDENTIAL 24
AD LDAP SSO CAC
Authentication
VMworld 2017 Content: Not fo
r publication or distri
bution
#PBO1627BU CONFIDENTIALvR
O25
SSO
Big
Data
Pro
tect
ion
vSA
N
VR
opS
Hyp
eric
Big
Data
Ext
ensi
on
ESX(i)
SR
M
vRA
IaaS vRA Appliance
App Services
Gugent DEM (Orch). DEM (Exe).
NSX Controller
Manager
vSwitch
Edge
Firewall
LB
vR Log Insight
vR Business
vR InfraNavigator
Horizon
SecureContentLocker
AirWatch
vSphereReplication
vCM
CodeStream
EVO:SDDC
vIO
RE
ST
SS
H
SQ
L
vCHS/vCA
SN
MP
Pow
erS
hell
RE
ST
AM
QP
vC
AC
vS
Rep
NS
X
AD
vC
Horizo
n
F5
Info
Blo
x
Dyn
am
ci
SO
AP
SN
OW
VC
IA
Authentication Flow
vCenter
VMworld 2017 Content: Not fo
r publication or distri
bution
Authentication
#PBO1627BU CONFIDENTIAL 26
User Plane
(vRO, API,
vRA, SNOW)
SSO
Server Specific
vRA
vRO
vRopS
vC
vSphere
LogInsight
vRA
vRO
vRopS
vC
vSphere
LogInsight
VMworld 2017 Content: Not fo
r publication or distri
bution
Things to Watch Out For
• Certificates (Quiz)
• SSO needs to create two Database user accounts
• AD Configuration
• SSO now handles all user identity management
#PBO1627BU CONFIDENTIAL 27
VMworld 2017 Content: Not fo
r publication or distri
bution
#PBO1627BU CONFIDENTIAL 28
Ports
• Talk to each other
• Talk to the world
DB
• Data storage / retrieval
• Session management
Authentication
• Who can access what
• How often does that change
Authorization
• Should access be given
IP / DNS
• Address in the virtual real-estate
API
• Talk to each other
• Talk to others
• Secret handshakes
What Our Products Need
VMworld 2017 Content: Not fo
r publication or distri
bution
#PBO1627BU CONFIDENTIAL 29
DataBases (Data Flow)
VMworld 2017 Content: Not fo
r publication or distri
bution
#PBO1627BU CONFIDENTIAL 30
• Appliance DB
vSphere
• Appliance DB
vCenter
• IaaS
• Appliance DB
vRA
• Appliance DB
SRM
• Appliance DB
vRO
• NSX Controller
• NSX Manager
NSX
• Appliance DB
vRB
• Appliance DB
LogInsight
• Appliance DB
View
• Appliance DB
Infrastructure Navigator
12 Databases
Object Models
VMworld 2017 Content: Not fo
r publication or distri
bution
vRA
#PBO1627BU CONFIDENTIAL 31
SSO
IaaS
Appliance
SSO
Appliance
AD SSO
vRO
Appliance
vC
Appliance
vSphere
Appliance
DataFlow Example VM
VMworld 2017 Content: Not fo
r publication or distri
bution
#PBO1627BU CONFIDENTIAL 32
• Determine the DBs you’ll need
Use DB guide
• Licenses / change ticket cycles
Validate with DB team
• Validate with customer on data volume expectations
Use Sizing Guide
• Really when DB fails
Have a backup / restore exercise
Monitor, Monitor, Monitor
Field DB Strategy
VMworld 2017 Content: Not fo
r publication or distri
bution
#PBO1627BU CONFIDENTIAL 33
Full Replication Strategy
Full Licensing Reqs
Multi-site DB HA/FT
Field DB Strategy (TBD)
VMworld 2017 Content: Not fo
r publication or distri
bution
#PBO1627BU CONFIDENTIAL 34
Ports
• Talk to each other
• Talk to the world
DB
• Data storage / retrieval
• Session management
Authentication
• Who can access what
• How often does that change
Authorization
• Should access be given
IP / DNS
• Address in the virtual real-estate
API
• Talk to each other
• Talk to others
• Secret handshakes
What Our Products Need
VMworld 2017 Content: Not fo
r publication or distri
bution
#PBO1627BU CONFIDENTIAL 35
• vCenter Chargeback Manager SDK for Java
• vCenter Converter SDK
• vCloud API
• vCloud SDK for .Net
• vCloud SDK for Java
• vCloud SDK for PHP
• vCloud Suite SDK for .NET
• vCloud Suite SDK for Java
• vCloud Suite SDK for Perl
• vCloud Suite SDK for Python
• vCloud Suite SDK for REST
• vCloud Suite SDK for Ruby
• vRealize Automation SDK
• vRealize Operations SDK 6.1 Update 1
• vRealize Orchestrator Plug-in SDK
• vSphere Guest SDK
• vSphere Management SDK
• vSphere Perl SDK
• vSphere Web Client SDK
Management and Orchestration
APIs
VMworld 2017 Content: Not fo
r publication or distri
bution
#PBO1627BU CONFIDENTIAL 36
• vCenter Chargeback Manager SDK for Java
• vCenter Converter SDK
• vCloud API
• vCloud SDK for .Net
• vCloud SDK for Java
• vCloud SDK for PHP
• vCloud Suite SDK for .NET
• vCloud Suite SDK for Java
• vCloud Suite SDK for Perl
• vCloud Suite SDK for Python
Management and Orchestration
APIs .. APIs
VMworld 2017 Content: Not fo
r publication or distri
bution
#PBO1627BU CONFIDENTIAL 37
• Pluggable Storage Architecture (PSA) SDK
• VAAI NAS SDK (NVDK)
• vSphere APIs for IO Filtering SDK (VAIODK)
• vSphere APIs for Storage Awareness (VASA) SDK
Storage
APIs .. APIs .. APIs
VMworld 2017 Content: Not fo
r publication or distri
bution
#PBO1627BU CONFIDENTIAL 38
•NSX SDK
•Network Extensibility (NetX) SDK
•Endpoint Security (EPSec) SDK
Networking and Security
APIs .. APIs .. APIs.. APIs
VMworld 2017 Content: Not fo
r publication or distri
bution
#PBO1627BU CONFIDENTIAL 39
• AirWatch by VMware SDK
• Horizon View Session Enhancement SDK
• RDP VC Bridge SDK
• Socialcast by VMware SDK
• ThinApp SDK
End-User Computing
APIs .. APIs .. APIs.. APIs .. APIs
VMworld 2017 Content: Not fo
r publication or distri
bution
#PBO1627BU CONFIDENTIAL 40
• vRA API
• vRO API
• vROps API
• vRB API
• vAPI
• SSO API
Others
APIs .. APIs .. APIs.. APIs .. APIs .. APIs
VMworld 2017 Content: Not fo
r publication or distri
bution
#PBO1627BU CONFIDENTIAL 41
APIs 37
APIs .. APIs .. APIs.. APIs .. APIs .. APIs
VMworld 2017 Content: Not fo
r publication or distri
bution
#PBO1627BU CONFIDENTIAL 42
REST Console
• Know how to use a REST API
MOB• Understand how MOB is organized
vROrchestrator
• Gateway to (almost) every API
vSphere• Base SDK / API Access
PowerCLI• PowerCLI Scripts used by many VMware products
Minimum API Knowledge
VMworld 2017 Content: Not fo
r publication or distri
bution
vSphere Managed Object Browser (MOB)
• The managed object browser allows users to browse or programmatically query the vSphere Inventory
– https://vcsa-01a.corp.local/mob/?moid=group-v225
– Basic form of the url is https://vcenter/mob
• Two parameters are important when referring to virtual machines
– MOID (Managed Object ID), example vm-721
– MOREF (Managed Object Reference), 128 bit Globally Unique ID, example 501d6aa3-54fc-8b8d-99a2-e448463ead18
• MOIDs are frequently used by the API and may have to be programmatically retrieved to achieve your automation objectives
#PBO1627BU CONFIDENTIAL 43
VMworld 2017 Content: Not fo
r publication or distri
bution
vRealize Orchestrator Inventory Browser
• The vRO Inventory Browser is an EXCELLENT way to browse, retrieve, and verify MOIDs, both for vCenter and NSX
• Getting VM MOID
#PBO1627BU CONFIDENTIAL 44
VMworld 2017 Content: Not fo
r publication or distri
bution
#PBO1627BU CONFIDENTIAL 45
Ports
• Talk to each other
• Talk to the world
DB
• Data storage / retrieval
• Session management
Authentication
• Who can access what
• How often does that change
Authorization
• Should access be given
IP / DNS
• Address in the virtual real-estate
API
• Talk to each other
• Talk to others
• Secret handshakes
What Our Products Need
VMworld 2017 Content: Not fo
r publication or distri
bution
VMworld 2017 Content: Not fo
r publication or distri
bution
VMworld 2017 Content: Not fo
r publication or distri
bution
• It is impossible for a distributed computer system to simultaneously provide all three of the following guarantees
• Computer System:
– Single Site DC
– Multi Site DC
– EUC
– Multi Network NSX
• All nodes see the same data at the same time
Consistency
• A guarantee that every request receives a response about whether it succeeded or failed
Availability
• The system continues to operate despite arbitrary partitioning due to network failures
Partition tolerance
#PBO1627BU CONFIDENTIAL 48
CA CP
AP
CAP Theorem
VMworld 2017 Content: Not fo
r publication or distri
bution
#PBO1627BU CONFIDENTIAL 49
VS
NSX
vSAN
vRA
vROvRop
CAP Reality
VMworld 2017 Content: Not fo
r publication or distri
bution
#PBO1627BU CONFIDENTIAL 50
vSphere NSX
vRAApplication Services
vROPS / Rabbit
vRO SRM
TOGAF VMware Fit
VMworld 2017 Content: Not fo
r publication or distri
bution
#PBO1627BU CONFIDENTIAL 51
vSphere NSX
VVD
TOGAF – > VVD Fit
VMworld 2017 Content: Not fo
r publication or distri
bution
