vSphere Integrated Containers – My thoughts

Capture

During the VMworld 2016, one thing that struck me was the continued focus VMware appears to have on containerisation. I have been looking at containerisation over the last year and half with interest to understand the conept, current capabilities of the available platforms and the practical use for the typical customer. I was also naturally keen on what companies such as VMware and Microsoft have to offer on the same front. VMware annouced number of initiatives such as vSphere Integrated Containers & the Photon platform during VMworld 2015 as their answers to the containerisation and having been looking at their solutions, and also having seen & listened to various speakers / engineers / evagelists during the VMworld 2016 US event, it kind of emphesized the need for me to venture further in to containerisation and especially, VMware’s solutions to containerisation. So Im gonna begin with a quick intro blog post about one of VMware’s approach to containers and what my thoughts are on the solution. I will aim to provide future posts to dig deeper in to th architecture and the deployment apsect of it…etc.

On the front of containers, VMware’s strategy is focused on 2 key solution offerings, vSphere Integrated Containers and Photon platform. While the Photon solution is not yet quite ready for production deployment in my view, its aimed at all greenfield customers who currently do not have legacy vSphere deployments and are strating out afresh. VIC on the other hand is available today & specially aimed at existring vSphere customers hence the main focus of this post.

vSphere Integrated Containers (VIC)

This is the containerisation solution for existing VMware vSphere customers and has been designed for extending vSphere capabilities to the containerised world (or vise versa, depending on how you look at it). It is predominantly aimed at existing vSphere customers who are wanting to jump on to or explore containerised app development for production use.

For those of you who are new to VIC, here’s a quick intro.

In addiiton to typical vSphere components, VIC solution itself consist of 3 main components

  1. VIC Engine – A container run time for vSphere which is deployed on to ESXi. This is an OpenSource development and is available on GitHub. This allows developpers familer wiyth Docker container developments to deploy them alongside existing VMs on an ESXi / vSphere platform and is directly manageable from using the vSphere UI (Web Client). VIC engine is referred to as VCH (Virtual Container Host) and is backed by a vSphere resource pool typically within a cluster. It also containes a copy of the conatainer images which are mapped as vmdk’s on tradiitonal vSphere components such as a VSAN datastore.                    vch-endpoint
  2. Harbour – An enterprise class registry service that stores & distributes Docker images that also include additional security, identity and management for the enterprise. Can be used as a lovcal, on-premise Docker repository so that enterprises using Docker containers won’t have to worry about the security concerns of using the public Docker repository over internet
  3. Admiral – Scalable, lightweight container management playtform used to deploy and manage container based applications

Together with vSphere, VIC provide the customers the ability to deliver a containr based solution in a production environment without having to build a dedicated environment exclusively for the containers.

The main difference between a native container approach such as native Docker on Linux Vs VIC is that,

  • Docker on Linux:  Docker outilises native Linux concept called namespaces. While more inforamtion can be found here, Docker on Linux relies on spewing multiple namespaces / containers within the same Linux server instance so spinning up an applicatiojn service 9that runs inside a container) is super fast (say, compared to powering on a VM with a full blown OS which takes time to load up and then launch the application). Same applies when you stop an application service (just stops the underlying container on th eLinux kerner). Both these operations are executed in memory. Containers
  • VMware Integrated Containers:  The container instance runs in a dedicated, micro OSE (Operating System Environment) called JeVM (Just Enough VM) which consist of a minimalistick version of Linux kernel that is just sufficient to run a container instance.. This kernal is derived from VMware’s project Photon. Photon platform itself is seperate to VIC solution and is supposed to be the second approach VMware are taking for conatiners and Cloud Native Applications, especifically aimed at greenfield deployments where you do not have an existing vSphere stack. in the case of VIC, it is important to remember that the Photon project code used within this micro VM consist of the minimal requirements to run a Docker container instance (Linux kernel and few addiitonal supporting resources giving it a minimum footprint). This Je VM instance is also using the instance clone feature available on vSphere 6.0 to quickly spin up Je VM’s for container instantiation (upon “docker run” for exmaple) so they strats up and closes down at near native speeds to that of a native container on Linux. In return for this fat client approach, customer gets a similar experience when it comes to managing these conatiner environments to that of thatier legacy infrastructure as the existing VMware tools such as vROPS, NSX…etc are all compatible with them (no such compatibility when runniong native Linux containers with Docker)

VIC3

The typical VIC architecture looks like below

VIC2

At the foundation of VIC is vSphere, the same infrastructure that customers have standardized on for all applications from test/dev to business critical apps. VIC adds a graphical plug in to the Web Client for management and monitoring. The Virtual Container Host provides a Docker API endpoint backed by a vSphere resource pool – beyond one VM or dedicated physical host. Instant Clone Template is running Photon OS Linux kernel. Developers interact from standard Docker command line interfaces or API clients. Docker commands are mapped to corresponding vSphere actions by the VCH. A request to run a new image invokes Instant Clone to rapidly fork new “just enough” VMs (Je VM) for execution of the container. Traditional apps can also run alongside containers on the VCH.

As for my thoughts, if you are an existing VMware customer, VIC gives you get the best of both worlds where you can benefit from the existing infrastructure while also benefiting from the agility available through the use of Docker container instances. For example, during the VMworld 2016 US event, VMware’s head of Cloud Native Applications BU, Kit Colbert demoed the integration of vSphere Integrated Containers with vROPS where even containerised apps can have the typical health and performance details shown via vROPS dashboards, much like legacy apps and such capabilities that are not natively available with vanila Docker instances. He also demoed the vRA integration which enables developers to self service containerised application storage placement through a policy change which automatically move the container VM / image content over from one VSAN storage tier to another. I believe such inter-operability and integration with th elegacy toolkit is very important for mass adoption of containerised apps going forward, especially for existing customers with legacy tools and apps. Furthermore, VIC solution also integrate with NSX for extending networking security components in to the container VMs / instance too which is totally cool.

Most importantly, VIC is available free as an opensource download for all VMware customers which makes the case for it even more appealing.

Cheers

Chan

P.S. Slide credit goes to VMware

#Cloud Native #VIC #Photon #VMware #VMworld

VVDs, Project Ice, vRNI & NSX – Summary Of My Breakout Sessions From Day 1 at VMworld 2016 US –

Capture

Quick post to summerise the sessions I’ve attended on day 1 at @VMworld 2016 and few interesting things I’ve noted. First up are the 3 sessions I had planned to attend + the additional session I managed to walk in to.

Breakout Session 1 – Software Defined Networking in VMware validated Designs

  • Session ID: SDDC7578R
  • Presenter: Mike Brown – SDDC Integration Architect (VMware)

This was a quick look at the VMware Validated Designs (VVD) in general and the NSX design elements within the SDDC stack design in the VVD. If you are new to VVD’s and are typically involved in designing any solutions using the VMware software stack, it is genuinely worth reading up on and should try to replicate the same design principles (within your solution design constraints) where possible. The diea being this will enable customers to deploy robust solutions that have been pre-validated by experts at VMware in order to ensure the ighest level of cross solution integrity for maximum availability and agility required for a private cloud deployment. Based on typical VMware PSO best practices, the design guide (Ref architecture doc) list out each design decision applicable to each of the solution components along with the justification for that decision (through an explanation) as well as the implication of that design decision. An example is given below

NSX VVD

I first found out about the VVDs during last VMworld in 2015 and mentioned in my VMworld 2015 blog post here. At the time, despite the annoucement of availability, not much content were actually avaialble as design documents but its now come a long way. The current set of VVD documents discuss every design, planning, deployment and operational aspect of the following VMware products & versions, integrated as a single solution stack based on VMware PSO best practises. It is based on a multi site (2 sites) production solution that customers can replicate in order to build similar private cloud solutions in their environments. These documentation set fill a great big hole that VMware have had for a long time in that, while their product documentation cover the design and deployment detail for individual products, no such documentaiton were available for when integrating multiple products and with VVD’s, they do now. In a way they are similar to CVD documents (Cisco Validated Designs) that have been in use for the likes of FlexPod for VMware…etc.

VVD Products -1

VVD Products -2

VVD’s generally cover the entire solution in the following 4 stages. Note that not all the content are fully available yet but the key design documents (Ref Architecture docs) are available now to download.

  1. Reference Architecture guide
    1. Architecture Overview
    2. Detailed Design
  2. Planning and preperation guide
  3. Deployment Guide
    1. Deployment guide for region A (primary site) is now available
  4. Operation Guide
    1. Monitoring and alerting guide
    2. backup and restore guide
    3. Operation verification guide

If you want to find out more about VVDs, I’d have a look at the following links. Just keep in mind that the current VVD documents are based on a fairly large, no cost barred type of design and for those of you who are looking at much smaller deployments, you will need to exercise caution and common sense to adopt some of the recommended design decisions to be within the appplicable cost constraints (for example, current NSX design include deploying 2 NSX managers, 1 integrated with the management cluster vCenter and the other with the compute cluster vCenter, meaning you need NSX licenses on the management clutser too. This may be an over kill for most as typically, for most deployments, you’d only deploy a single NSX manager integrated to the compute cluster)

As for the Vmworld session itself, the presenter went over all the NSX related design decisions and explained them which was a bit of a waste of time for me as most people would be able to read the document and understand most of those themselves. As a result I decided the leave the session early, but have downloaded the VVD documents in order to read throughly at leisure. 🙂

Breakout Session 2 – vRA, API, Ci Oh My!

  • Session ID: DEVOP7674
  • Presenters

vRA Jenkins Plugin

As I managd to leave the previous session early, I manage to just walk in to this session which had just started next door and both Kris and Ryan were talking about the DevOps best practises with vRealize Automation and vrealize Code Stream. they were focusing on how developpers who are using agile development that want to invoke infrastructure services can use these products and invoke their capabilities through code, rather than through the GUI. One of the key focus areas was the vRA plugin for Jenkins and if you were a DevOps person of a developper, this session content would be great value. if you can gain access to the slides or the session recordings after VMworld (or planning to attend VMworld 2016 Europe), i’d highly encourage you to watch this session.

Breakout Session 3 – vRealize, Secure and extend your data center to the cloud suing NSX: A perspective for service providers and end users

  • Session ID: HBC7830
  • Presenters
    • Thomas Hobika – Director, America’s Service Provider solutions engineering & Field enablement, vCAN, vCloud Proviuder Software business unit (VMware)
    • John White – Vice president of product strategy (Expedient)

Hosted Firewall Failover

This session was about using NSX and other products (i.e. Zerto) to enable push button Disaster Recovery for VMware solutions presented by Thomas, and John was supposed to talk about their involvement in designing this solution.  I didn’t find this session content that relevent to the listed topic to be honest so left failrly early to go to the blogger desks and write up my earlier blog posts from the day which I thought was of better use of my time. If you would like more information on the content covered within this sesstion, I’d look here.

 

Breakout Session 4 – Practical NSX Distributed Firewall Policy Creation

  • Session ID: SEC7568
  • Presenters
    • Ron Fuller – Staff Systems Engineer (VMware)
    • Joseph Luboimirski – Lead virtualisation administrator (University of Michigan)

Fairly useful session focusing about NSX distributed firewall capability and how to effectively create a zero trust security policy on ditributed firewall using vairous tools. Ron was talking about various different options vailablle including manual modelling based on existing firewall rules and why that could potentially be inefficient and would not allow customers to benefit from the versatality available through the NSX platform. He then mentioned other approaches such as analysing traffic through the use of vRealize Network Insight (Arkin solution) that uses automated collection of IPFIX & NetFlow information from thre virtual Distributed Switches to capture traffic and how that capture data could potentialy be exported out and be manipulated to form the basis for the new firewall rules. He also mentioned the use of vRealize Infrastructure Navigator (vIN) to map out process and port utilisation as well as using the Flow monitor capability to capture exisitng communication channels to design the basis of the distributed firewall. The session also covered how to use vRealize Log Insight to capture syslogs as well.

All in all, a good session that was worth attending and I would keep an eye out, especially if you are using / thinking about using NSx for advanced security (using DFW) in your organisation network. vRealize Network Insight really caught my eye as I think the additional monitoring and analytics available through this platform as well as the graphical visualisation of the network activities appear to be truely remarkeble (explains why VMware integrated this to the Cross Cloud Services SaS platform as per this morning’s announcement) and I cannot wait to get my hands on this tool to get to the nitty gritty’s.

If you are considering large or complex deployment of NSX, I would seriously encourage you to explore the additional features and capabilities that this vRNI solution offers, though it’s important to note that it is licensed separately form NSX at present.

vNI         vNI 02

 

Outside of these breakout sessions I attended and the bloggin time in between, I’ve managed to walk around the VM Village to see whats out there and was really interested in the Internet Of Things area where VMware was showcasing their IOT related solutions currently in R&D. VMware are currently actively developing an heterogeneous IOT platform monitoring soluton (internal code name: project Ice). The current version of the project is about partnering up with relevent IOT device vendors to develop a common monitoring platform to monitor and manage the various IOT devices being manufacured by various vendors in various areas. If you have a customer looking at IOT projects, there are opportunities available now within project Ice to sign up with VMware as a beta tester and co-develop and co-test Ice platform to perform monitoring of these devices.

An example of this is what VMware has been doing with Coca Cola to monitor various IOT sensors deployed in drinks vending machines and a demo was available in the booth for eall to see

IOT - Coke

Below is a screenshot of Project Ice monitoring screen that was monitoring the IOT sensors of this vending machine.   IOT -

The solution relies on an Open-Source, vendor neutral SDK called LIOTA (Little IOT Agent) to develop a vendor neutral agent to monitor each IOT sensor / device and relay the information back to the Ice monitoring platform. I would keep and eye out on this as the use cases of such a solution is endless and can be applied on many fronts (Auto mobiles, ships, trucks, Air planes as well as general consumer devices). One can argue that the IOT sensor vendors themselves should be respornsible for developping these mo nitoring agents and platforms but most of these device vendors do not have the knowledge or the resources to build such intelligent back end platforms which is where VMware can fill that gap through a partship.

If you are in to IOT solutions, this is defo a one to keep your eyes on for further developments & product releases. This solution is not publicly available as of yet though having spoken to the product manager (Avanti Kenjalkar), they are expecting a big annoucement within 2 months time which is totally exciting.

Some additional details can be found in the links below

Cheers

Chan

#vRNI #vIN #VVD # DevOps #Push Button DR # Arkin Project Ice # IOT #LIOTA

VMworld 2016 US – Arrival & Summary From Day 0

Entrance

A very quick post on the my first day at VMWare VMworld 2016 US today and few tips for the attendees of the event.

As per explained my previous post, I’ve arrived at Vegas on Sunday afternoon as had planned after which felt like a looooong flight from London Heathrow, via Chicago to Vegas. I had been up since about 4am Sunday morning to catch the early flight and having not had much sleep on the flight (doesn’t work for me), I managed to get to my hotel by around 2pm. And unfortunately due to sheer number of guests arriving (mostly VMworld guests form what I could see), I then spent the next 2 & 1/2 hours simply queuing at the check-in desk which really didn’t help.

Anyhow, after check-in -> Shower, I decided to have a quick shower and go over to the event venue (its a short cab ride away from my hotel) in order to register and collect my badge before the morning rush on the event’s public opening day on Tuesday which went smoothly as been the case at every other VMworld event I’ve attended.

After the registration, it is typical that you go to collect your official VMworld back pack and having picked up this years, I have  to say I’m not impressed. it looks a little tacky compared to previous years and slightly on the cheaper side when it comes to the build quality etc. So I’m thinking that I’d stick to using the last years bag myself and give the new one away to a colleague / customer who might appreciate it more than I would.

Bag comparison

After collecitng the bag, I ventured out to the Solutipons Exchange. Solutions Exchange is where all the VMware partners (other vendors) have their exhibitoion booths that showcase all of their product and solution offerings that typically go hand in hand with VMware (and competitive offerings in some cases like Nutanix).

In the solutions exchange, I had a brief look around, spoke to few vendors after which I moved on to go find my fellow VMUG members at the VMUG party at house of Blues with a live band to have few drinks and catch up. Well, sure I had some drinks but didn’t really see many that I knew as it turned out most of the attendees were form all the US VMUG’s whom I’d never met 🙂

IMG_5684

After couple of drinks and some food there, I was feeling pretty tired given the extra long day I’d had by then and decided to go back to my hotel for getting this post out and catching up on some sleep. I decided to take the tram from the venue (Mandalay bay hotel) which takes you all the way to Luxor hotel & Casino which was a short walk away from my hotel. As I was walking over one of the flyovers, I did manage to get a nice view of the famous Vegas strip too which looks full of life at night (below) though my priority was just getting back my air conditioned room pronto as I’d had enough of the heat by this time (note to myself: no more walking between hotels)

IMG_5685

 

Cheers

Chan

 

#VMworld 2016 #Day 0

VMworld 2016 US – Key Announcements From Day 1

Pat gelsinger

So the much awaited VMworld 2016 US event kicked off today amongst much fanfare and I was lucky to be one of them there at the event. Given below are the key highlights from the day 1 general session & the key annoucements made by VMware CEO Pat Gelsinger. I’ve highlighted the key items.

Theme of this years VMworld is Be Tomorrow. This is quite fitting as technology today defines the tomorrow for the world and we as the IT community plays a key part in this along with vendors like VMware who defines / invent most of those technologies.

Pat mentioned that for VMware and their future direction, the Cloud is key. Both Public and Private cloud are going to define many IT requirements of tomorrow which I fully agree with and VMware’s aim appears to be to move away from the traditional vSphere based compute virtualisation to become a facilitator of cross cloud workload mobility and management.

He also discussed the status of where the current public and private cloud adoption is at, which is presently heavily biased towards the public cloud rather than private cloud adoption, which inharently is quite difficult to retro fit to a legacy enviornment based on my experience too. Based on VMware research and market analytics, thre current IT platform adoption is split as below

  • Public Cloud = 15%
  • Private Cloud = 12%
  • Traditional IT = 73%

Current Cloud Split

According to Pat it will not be around 2021 that the public Vs private cloud usage adoption achieve similar levels and by 2030, they expect the adoptoin rates to be (approximately) as follows

  • Public Cloud =52%
  • Private Cloud = 29%
  • Traditional IT = 19%

From then, the tone shifted to look at VMware’s role in this evolving market. It is pretty obvioius that VMware as a vendor, been diversifying their product positioning to rely less on the core vSphere stack but to focus more on the Cloud management and other software defined offerings for the last few years. This was made possible through the use of vSphere + NSX + VSAN for the SDDC for those who wanted a traditional IT environment or a private cloud platform with vRealize Suite sat on top to provide a common management and monitoring platform (Cloud Management Portal). These have been quite popular and some key highlights mentioned were,

  • vSphere the market leader in Virtualisation – Software Defined Compute
  • VSAN now has over 5000 fee paying customers & growing – Software Defined Storage
  • NSX has 400% YoY growth in adoption – Software Defined Networking
  • vRealize Suite is the most popular Cloud management portal in the industry

Todays main annoucement brings these solutions together in to VMware Cloud Foundation with Cross Cloud Services support. Cross Cloud Architecture annouced as a technical preview today effectively focuses on centralizing the followings across various deifferent private and public cloud platforms

  • Management,
  • Operations
  • Security
  • Networking (the most important one for me)

This tech preview platform initially will support Publci clouds (Azure, AWS, Google Cloud, vCloud Air) as well as vCloud Air Network Partners and private cloud instances

Chris-Wolf-Day-1-Recap-image

The below graphic annouces the Corss cloud services model and the solution proposition quite well. One of the key interesting part of this annoucement is that throuh the IBM partnership, these cross cloud services will be made available as SaS offering (Software as a Service) which require no local installation or PS heavy deployment of management and monitoring components on premise. It would be interesting to see the details of what this means,  and cannot wait to get my hands on the tools once available to look deeper in to details and what that means for the average customers.

2016-08-29_13-15-50

Based on Pat’s description, Cross Cloud Services solution is designed to facilitate moving of applications between private and various public clouds with minimal disruption / effort for the customers.

They also showed a demo of this being in action which was really really impressive. It is pretty obvious that for true cross cloud connectivity and flexbility when it comes to moving applications..etc, one of the key blockers has been the networking restrictions such as the lack of easily available L2 adjacency….etc. VMware are in a prime position to address this through the SDN platform they have in NSX and the demo showed clearly the NSX integration with AWS that automatically deployed an L2 Edge gateway (software) devices in front of AWS Virtual datacenter to offer L2 connectivity back to customers on premise to extend the LAN capability as a key facilitator to enable being able to move a workload from AWS to On-Premise and back. (Think WAN is transformed in to an extended LAN with NSX). I’ve always seen this coming and also discussed with my customers various other posibilities like this that NSX brings on to the table and its nice to see that these capabilities are now being integrated in to othermanagement and monitoring platforms to proviude a true single pane of glass solution for multi cloud management.

The solution demo also included the Arkin integration of the same platfrom (VMware aquired Arkin recently) and it brings the security monitoring and anlytics capability to the platform which is totally awesome..!! I’ve already seen the extensively capability of visualizing networking flow and security contexts of vRealize Network Insight (rebranded Arkin solution) previously but its really good to see that bieng integrated to this Software as a Sevrice Offering. This solution also include traffic encryption capability, even within a public cloud platform like Amazon that you do not get by default which would go a long way towards deploying workloads siubject to regulatory compliance on public cloud platforms.

These new annoucements form the basis of the VMwares vision of Any device (through the use of Airwatch), Any application (through the use of Workspace one) and any cloud (now available through the Cross Cloud arhitecture) message that enable their customers to simply their modern day IT operations increse agility, efficiency and productivity.

Cross Cloud

Slide credit goes to VMware

You can find more details in the following links

Cheers

Chan

#NSX #vSphere #VSAN #CrossCloudServices #VmwareCloudFoundation

vRealize Infrastructure Navigator not appearing in the Web Client

I was playing around deploying the latest version of the vRealize infrastructure Navigator (5.8.6.230 – build 3923091) in my HomeLab (vSphere 6.5 with VCSA as the vCenter) and noticed that after the deployment of the VIN appliance and successfully starting it up, the Infrastructure Navigator option was not appearing within the home screen of the vSphere web client.

Upon some investigation, it turned out that the VIN plugin was not correctly downloaded to the web client so you need to manually check for new plugins to install. To achieve this, follow the process below

  1. In the Web Client, go to Home -> Administration -> Client plug-ins (under Solutions drop down menu on left) and verify that the Infrastructure Navigator plugin is not available
  2. Click the check for new plugins link on the top left. A small pop up box appears on the bottom right notifying you of the new plugin check-in action. 2
  3. Click on the Go to the event console link that’s on this pop up box to see the event updates and verify that the task is running to check for new plugins 3
  4. Wait until new plugin check is completed and is successful.   4
  5. Log off, and lock back in to vSphere web client to see the Infrastructure Navigator option appearing on the home screen so that you can go in to it and configure the VM discovery  5 6

Cheers

Chan