LHC3384BUS
#VMworld #LHC3384BUS
Lessons Learned: VMware Cloud Foundation on IBM Cloud
VMworld 2017 Content: Not fo
r publication or distri
bution
“We are a cognitive solutions and cloud
platform company that leverages the power
of innovation, data and expertise to improve
business and society.”
– Ginni Rometty
IBM CEO
Lessons Learned: VMware Cloud
Foundation on IBM Cloud
IBM Cloud
VMworld 2017 Content: Not fo
r publication or distri
bution
The IBM | VMware strategic partnership
is designed to provide a security-rich,
compatible hybrid cloud solution, leading to an
improved user experience for its clients.
VMworld 2017 Content: Not fo
r publication or distri
bution
Learnings
As we deployed more and more VMware platforms on
our client sites, we immediately saw ways we could
improve the solution and received correct validation on
some of our original assumptions.
We have identified these learnings and the mechanisms
we have leveraged to implement these, in production,
on our various client sites.
We intentionally set-up our service in such a manner
that we could quickly turnaround on client
requirements and harden the service directly with
learnings from the field.
This is what we know so far …
SECURITY
NETWORKING
LICENSING
MIGRATION
STANDARDIZED REPEATABLE ARCHITECTURES
SUPPORT
SET-UP TIME
EASE OF USE
AUTOMATIONVMworld 2017 Content: Not fo
r publication or distri
bution
5
VMware Cloud Foundation (VCF) on IBM Cloud
offering is a hyperconverged, software-defined data
center solution that uses IBM Cloud infrastructure,
VMware Cloud Foundation's SDDC Manager, VMware
vSphere Hypervisor, VMware vCenter, VMware vSAN,
VMware NSX and MS Active Directory/DNS services.
IBM Cloud for VMware solutions
VMware vCenter Server on IBM Cloud offering is
a partner to Cloud Foundation as a more
customizable, basic virtualization environment that
uses the IBM cloud infrastructure, VMware
vSphere Hypervisor, VMware vCenter Server and
VMware NSX.
VMworld 2017 Content: Not fo
r publication or distri
bution
Security, Security, Security
IBM Cloud
vSphere
vSAN
NSX
VMware Cloud Foundation
Security and Controls
Encryption
Identity & Access
AntiVirus
Logging
Intrusion Prevention
Firewall
Client Workloads
Feedback from the field
— The greatest barrier to IBM Cloud for VMware Solutions and overall cloud
adoption is security
— Majority of security concerns:
— Is my data safe?
— Where is my data stored?
— Can I encrypt my data?
— How do I prevent data from leaving a geographic boundary?
Solution | Improvement
— IBM developed a secure reference architecture with multiple financial
services customers that address a majority of security concerns
— Solution encompasses IBM Cloud for VMware Solutions deployment
with security tools included within the installation.
— Encryption
— AntiVirus
— Malware Protection
— Firewalls
— Pluggable, with bring-your-own solutions
VMworld 2017 Content: Not fo
r publication or distri
bution
Hybrid Cloud Connectivity
Feedback from the field
— The connectivity between on-prem and the cloud remains a challenge
— How do I connect over public internet and stay secure during a PoC? –
Firewall ports opening
— After a PoC, what are the connectivity options?
— Can I bring my own IP address range?
— What if I don’t know anything about NSX?
Solution | Improvement
— IBM has developed and documented several connectivity options for
both PoCs and production scenarios
— IPSEC VPN with an NSX Edge Services Gateway
— IPSEC VPN with a Vyatta
— Connection over direct-link options
— We also have implementation services that can assist with the
deployment and connectivity between on-prem and IBM Cloud.
— Look out for announcement at VMworld Barcelona!
VMworld 2017 Content: Not fo
r publication or distri
bution
8
• Helps ensure data centers are loosely integrated into globally available coverage of the VMware platform and IBM Cloud services
IBM Cloud Foundation provides interconnected data centers across the planet
VMworld 2017 Content: Not fo
r publication or distri
bution
Use Automation: Humans break things
Feedback from the field
— Customers that chose to implement their own VMware solution in IBM
Cloud have encountered issues
— Incorrect driver level for RAID controller causes vSAN outage
— Installation of unsupported ESXi version on servers
— Improper NSX controller configuration
— Upgrading becomes a difficult road on your own
Solution | Improvement
— IBM Cloud for VMware Solutions automates the installation and
configuration of VMware components
— BIOS, Firmware, and driver levels are certified
— Disks configured properly, VMware components installed an configured
according to best practices on the IBM Cloud
DECOMMISSION OPERATE
CREATE
VMworld 2017 Content: Not fo
r publication or distri
bution
VMware Licenses
Feedback from the field
— Customers that already had an VMware ELA were forced to buy licenses
from IBM Cloud for VMware Solutions deployments.
— New licenses added extra, unneeded cost to cloud environment.
— ELA pricing is typically priced more competitively than vCAN licenses
available on a per-month basis.
Solution | Improvement
— IBM Cloud for VMware Solutions now offer bring-your-own licenses
during the ordering process.
— License options are decoupled allowing licensing gaps to be purchased
(if any exist)
— Significantly reduces monthly expenditure for VMware deployments on
IBM Cloud
— IBM Cloud for VMware Solutions are deployed with 60-day evaluation
licenses to cover any licensing delays.
VMworld 2017 Content: Not fo
r publication or distri
bution
Physical Server Size & Clusters
Feedback from the field
— Customers want to be to able to choose their own certified hardware sizes
for CPU and memory
— Release 1: Server memory options were too large
— Release 2: Server memory options were too small
— Single cluster configuration for cloud workloads was only good for PoCs
and DR use cases
— Additional separate clusters are a must for cloud economics and
security
Solution | Improvement
— IBM Cloud for VMware Solutions customers will be able to customize
the CPU and memory ratio for desired workloads and economics.
— Upcoming release of IBM Cloud for VMware Solutions will contain
cluster addition and cluster configuration options
— Choose custom hardware for each cluster
— Make it right for your workloadsVMworld 2017 Content: N
ot for publicatio
n or distribution
Storage Performance
Feedback from the field
— Who still uses SATA drives?
— Why did VCF BOM standardized on SATA drives for vSAN capacity tier
— At the time, SSDs were too expensive
— Customers want performance and expect SSDs
Solution | Improvement
— Next release of IBM Cloud for VMware Solutions will standardize on an
all-SSD BOM for vSAN
VMworld 2017 Content: Not fo
r publication or distri
bution
13
Demonstration
— Show Management Console
— Add Services
— BYOL License
Solution
components
Ease of use
VMworld 2017 Content: Not fo
r publication or distri
bution
Benefits of
VMware
on IBM Cloud
IBM Differentiation
— Access the entire suite of IBM Cloud services, including cognitive
capabilities, artificial intelligence (AI), the Internet of Things (IoT)
and deep learning tools.
— Vmware on IBM Cloud offerings fully customizable with memory,
compute and storage options available
Compatibility
— Obtain full compatibility with vCenter on and off premises.
— Gain workload portability, putting you in charge of where your
environments reside.
— Continue using your existing staff, tools and infrastructure.
Flexibility
— Expand, even globally, as your needs grow.
— Manage virtually everything from a single console.
Cloud economics
— Achieve predictable and simplified budgeting with cloud economics.
— Pay for only what you use with the cloud operating expense
(Opex) model
1
4
VMworld 2017 Content: Not fo
r publication or distri
bution
15
© Copyright IBM Corporation 2017
IBM Corporation
Route 100
Somers, NY 10589
Produced in the United States of America
August 2017
IBM, the IBM logo, and ibm.com are trademarks of International Business Machines Corp., registered in many jurisdictions worldwide. Other product and service names might be trademarks of IBM or other companies.
A current list of IBM trademarks is available on the web at “Copyright and trademark information” at www.ibm.com/legal/copytrade.shtml.
VMware, the VMware logo, VMware vCenter, VMware vMotion, VMware NSX, and VMware vSphere are registered trademarks or trademarks of VMware, Inc. or its subsidiaries in the United States and/or other
jurisdictions.
This document is current as of the initial date of publication and may be changed by IBM at any time. Not all offerings are available in every country in which IBM operates.
It is the user’s responsibility to evaluate and verify the operation of any other products or programs with IBM products and programs. THE INFORMATION IN THIS DOCUMENT IS PROVIDED “AS IS” WITHOUT ANY
WARRANTY, EXPRESS OR IMPLIED, INCLUDING WITHOUT ANY WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND ANY WARRANTY OR CONDITION OF NON-
INFRINGEMENT. IBM products are warranted according to the terms and conditions of the agreements under which they are provided.
VMware is not an IBM product or offering. VMware is sold or licensed, as the case may be, to users under VMware terms and conditions, which are provided with the product or offering. Availability, and any and all
warranties, services and support for VMware is the direct responsibility of, and is provided directly to users by VMware.
Statement of Good Security Practices: IT system security involves protecting systems and information through prevention, detection and response to improper access from within and outside your enterprise. Improper
access can result in information being altered, destroyed, misappropriated or misused or can result in damage to or misuse of your systems, including for use in attacks on others. No IT system or product should be
considered completely secure and no single product, service or security measure can be completely effective in preventing improper use or access. IBM systems, products and services are designed to be part of a
lawful, comprehensive security approach, which will necessarily involve additional operational procedures, and may require other systems, products or services to be most effective. IBM DOES NOT WARRANT THAT
ANY SYSTEMS, PRODUCTS OR SERVICES ARE IMMUNE FROM, OR WILL MAKE YOUR ENTERPRISE IMMUNE FROM, THE MALICIOUS OR ILLEGAL CONDUCT OF ANY PARTY.
VMworld 2017 Content: Not fo
r publication or distri
bution