vCHS – VMware vCloud Hybrid Service Technical Overview
The vCloud Hybrid Service is a new public cloud offering from VMware, currently only available in the United States but coming to Europe early in 2014.
The vCloud Hybrid Service is composed of a vCloud Director and vSphere backed environment with a bespoke, customised web portal front-end that handles provisioning and basic configuration options, such as deploying workloads and changing virtual machine network settings.
Those familiar with vCloud Director will find it pretty easy to pickup.
The service consists of two core models, a dedicated platform called a Dedicated Cloud and a shared platform called a Virtual Private Cloud.
The Dedicated Cloud is a unique vCenter Server instance and dedicated vCloud Director and dedicated compute resources with shared storage and networking. The Virtual Private Cloud is akin to existing vCloud Director allocation pool backed organisation virtual datacenters (Org vDCs).
Both offerings have the same storage of auto-tiering, SSD cache enabled arrays with appropriate reservations in place to ensure a good, reliable service. VMware are being quite tight lipped about the actual storage being used so that they can change providers as new storage is developed, but they are assuring customers that it will always be fast, modern, high-end storage.
The two models are sized as shown in the image below:
All virtual machines within a Dedicated Cloud are contained in a reservation pool, 100% of the pool allocation is yours to configure as you see fit. The hosts in the pool are dedicated to you. This means that you can control the amount of over provisioning being performed by adjusting virtual machine reservations and limits.
With the virtual private cloud (VPC) you have a vCD allocation pool with a 100% reservation on memory and a 50% reservation on CPU (shown here as 5GHz burst to 10Ghz). What this means is that if you want enough RAM or CPU for 5 VMs then you pay for that amount of compute and you cannot add additional VMs without increasing your allocated pool size. (Parting with some hard earned cash!) By having a 100% reservation on RAM and a 50% reservation on CPU this should limit the ‘noisy neighbour’ issues sometimes experienced in over-provisioned virtual environments.
Note the figures shown above are minimums for the service offering, you can have any number greater than this in your cloud as long as you purchase these minimums. It is easy to add an additional GB of RAM as and when you like.
One of the key differences between these two offerings is the ability to provision additional Edge Gateways with the Dedicated Cloud.
In vCloud Director, Edge Gateways can only be provisioned by a vCloud System Administrator and not a Organisational level administrator. (If you use a public cloud provider then you are at most an Org level administrator.) However with vCHS you can do this. This extra level of control gives you much greater flexibility when configuring your cloud platform.
The two suites are available in the following minimum subscription terms with pricing being lower for longer term contracts.
Virtual Private Cloud
Those familiar with the vCloud Suite may be aware of the vCloud Automation Center (vCAC) and may make the reasonable assumption that this is the engine behind the vCloud Hybrid Service (vCHS), but that is not the case. The vCHS engine is a separate piece of software that is a VMware only product, that is it is used exclusively by VMware and not available to install. It uses VMware ‘secret sauce’, some code unique to vCHS that VMware are keeping close to their chest.
Using The vCloud Hybrid Service
The vCHS web portal itself is a fairly user friendly interface with ‘badges’ showing the name of Organisation Virtual Datacenters (Org vDC’s) that you can click on to manage the sub-components of the Org vDC such as VM configuration and network settings.
vCHS talks to vCloud Director on the back-end to perform administration tasks.
The way that vCHS talks to vCD is through the vCloud API and so the API is also available to you as a consumer of the cloud to allow you to provision and manage workloads as you see fit. The API will connect directly to the Organisation Virtual Datacenters (Org vDCs) to manage your workloads.
The virtual machines tab allows you to perform basic configuration of virtual machines such as powering on/off, re-configuring RAM and using VMware’s backup offering, register it for backup.
The backup is a daily backup that offers full VM restoration and not individual file level restore so you will still need your application level backup applications for that level of granularity and for application consistency using VSS etc.
The last tab is the gateway tab. This is where you configure the Edge Gateways in your organisation vDC.
The example here has two Org vDCs, Production and Development. If you want to add an additional Gateway, and you have a Dedicated Cloud, you can click the Add a Gateway link and set it up. You will need to make sure you have an additional public IP address available (speak to your reseller.)
Within the Org vDC in vCHS you can manage and view additional components such as allocation of resources, virtual machines, users configured and networks.
On most pages within the web interface is a link that can take you directly to vCloud Director in order to perform additional configuration that cannot be achieved in the vCHS portal. In it current infant stage there is a lot of settings that do need to be configured directly in vCloud Director as the functionality is not there yet in vCHS however if you give it time everything you can do in vCD will soon be available to vCHS and infact the idea is that eventually everything will have to be done in the vCHS portal and the vCD portal will no longer be available.
Every vCHS deployment is initally setup with an externally routed network connected to the Edge Gateway and an isolated network where any VMs connected to that network can only communicate with each other.
I like the way that the networks are shown ‘at a glance’ in vCHS as looking at the information involves quite a few clicks in vCD.
Also within the Org vDC is the links to purchase more resources as well as the vCloud Director URL that you need to connect to to manage the environment at a more granular level, for example if you want to configure NAT, static routes or firewall rules. This same address is used when connecting the vCloud API. For further information on using the vCHS vCloud API I suggest reading Massimo’s blog post on the subject.
VMware are also providing a market place for virtual machines packaged up as virtual appliances through their Solutions Exchange. They have a section dedicated to the Hybrid Cloud service where you can download an OS and set it up with some support. Certain appliances are billed according to the license requirements of the OS and the level of support offered by VMware.
The Hybrid Bit
Migration Of Workloads
You can connect your vSphere or private VMware vCloud to the vCHS platform, after all it is a hybrid service. You achieve this using the vCloud Connector in the same way you do with other service providers by installing a vCloud Connector Server and a node in your site and a node in the vCHS service. Then register this in vCenter to push the VMs between your site and the vCHS datacenters.
VMware have also added an option to move large workloads by sending out a 12TB drive to you to copy your VMs onto and ship back and then VMware will import and register it in vCHS for you.
You can also connect your site with an IPSec VPN to allow connectivity between your machines as well as doing a ‘datacenter extension’ stretched deploy setup, which means taking your existing IP addresses with you. The example below shows that the green networks are on the same IP range and can communicate over the VPN via a double NAT on each end of the VPN connection.
Chris Colotti has written several post on how to do this, I suggest you have a look through if this is something you would want to do. If you decide to take your IPs with you bear in mind that all traffic for the VM in the vCHS platform will be routing through the VPN back to your site, including any internet requests.
All in all the vCloud Hybrid Service looks to be a very interesting offering from VMware.