VMware NSX Use Cases in Real World IT Production

NSX Overview

 


NSX Overview 3


These are some use cases for VMware NSX, detail of each use cases will be explained in another post thread.

Use Case 1 : Network Segmentation
Use Case 2 : Microsegmentation for Securing VDI Infrastructure
Use Case 3 : Intelligent Grouping for Unsupported Operating Systems
Use Case 4 : Automated Security in a Software Defined Data Center (ex: Quarantine zone)
Use Case 5 : Advanced Security (IDS/IPS) Insertion – Example: Palo Alto Networks NGFW
Use Case 6 : ‘Collapsed’ DMZ
Use Case 7 : Integrate Dev, Test and Prod environment into single infrastructure
Use Case 8 : Securing access to and from Jump Box servers
Use Case 9 : Multisite Networking and Security (Cross vCenter)
Use Case 10 : DC Consolidation/Migration – Mergers & Acquisitions
Use Case 11 : Hybrid/Public Clouds Integration
Use Case 12 : Disaster Recovery
Use Case 13 : Self Service IT
Use Case 14 : Fast Application Deployment of template
Use Case 15 : Islands of Unused Compute Capacity
Use Case 16 : Compute Asset Consolidation
Use Case 17 : Reducing capital outlay in expensive HW devices by NSX Edge Services

 

Kind Regards,
Doddi Priyambodo

VMware vRealize Operations Manager Dashboard Repository

This link is a post from my colleague at VMware (Sunny Dua).
This is a very good Custom Dashboard for VROps (vRealize Operation), can create your war room with this thing!
Also a very good video webinar about VROps.

http://vxpresss.blogspot.co.id/2015/11/vcenter-vrealize-operations-manager.html
http://vxpresss.blogspot.co.id/search/label/vROps%20Webinar%20Series%202016

Kind Regards,
Doddi Priyambodo

Berapa Lama untuk melakukan migrasi dari server Physical to Virtual (P2V)?

Pada saat kita memutuskan untuk melakukan konversi ke vSphere Virtual Machine, akan ada proses untuk melakukan konversi dari physical machine atau virtual machine yang sebelumnya.
Kita biasa sebut sebagai Pyhysical to Virtual (P2V) atau Virtual to Virtual (V2V).

Ketika kita ingin menggunakan P2V/V2V, maka metode konversi ini akan melalui jaringan data. Biasanya paling rendah antara source dan destination menggunakan 1Gbps koneksi.
Tetapi jika environment network ini di-share dan tidak dedicated, kemungkinan throughput yaitu antara 20GB s/d 50GB data yang bisa ditransfer dalam 1 jam (perlu dianalisa langsung pada environment customer).
Proses konversi hanya akan mengirim data yang ter-utilisasi saja, misal jika disk besarnya adalah 300 GB tetapi hanya terisi 100 GB, maka data yang dikirim hanya 100 GB saja.

Berikut ini adalah rumus transfer:
Jumlah Data yang ditransfer = Jumlah VM atau Server x Jumlah Besar Disk x Utilisasi Disk

Waktu yang dibutuhkan = Jumlah Data yang ditransfer / Estimasi Throughput

Contoh:
Jika data yang ditransfer besarnya adalah 10 TB, dan throughput adalah 50 GB/hour. Maka waktu yang dibutuhkan adalah 200 jam (8 jam). Dengan asumsi kecepatan pengiriman data stabil.

 

Kind Regards,
Doddi Priyambodo

vRealize Automation 7.0 List of Improvements and it is GA now!

I am really excited about this news, because I implemented Distributed VRA 6.1 one year ago in one of my customer. And it was really complex installation experience. One of the improvement here is the installation mechanism, that will simplify the installations! A lot of new cool features now and integration too. Really Cool!

Following is an incomplete highlight of new features:

Streamlined and Automated Wizard-based Installation

  • Introduces management agent to automate the installation of Windows components and to collect logs
  • Automates the deployment of all vRealize Automation components
  • Installation wizards based on deployment needs: Minimal (Express) and Enterprise (Distributed) Installations

Simplified Deployment Architecture and High Availability Configuration

  • Embedded authentication service by using VMware Identity Manager
  • Converged Application Services in vRealize Automation Appliance
  • Reduced minimal number of appliances for HA configuration
  • Automated embedded PostgreSQL clustering with manual failover
  • Automated embedded vRealize Orchestrator clustering

Enhanced Authentication Service

  • Integrated user interface providing a common look and feel
  • Enabled multiple features by new authentication service

Simplified Blueprint Authoring for Infrastructure and Applications

  • Single unified model for both machine and application blueprints and unified graphical canvas for designing machine and application blueprint with dependencies and network topology
  • Software component (formerly software service in Application Services) authoring on vSphere, vCloud Air, vCloud Director, and AWS endpoints)
  • Extend or define external integrations in the canvas by using XaaS (formerly Advanced Service Design)
  • Enable team collaboration and role segregation by enhancing and introducing fine-grain roles
  • Blueprint as code and human-readable which can be created in editor of choice and stored in source control or import and export in the same or multiple vRealize Automation 7.0 instances
  • Customer-requested machine and application blueprints provided
  • Additional blueprints available on the VMware Solutions Exchange

Simplified and Enhanced NSX Support for Blueprint Authoring and Deployment

  • Dynamically configure NSX Network and micro-segmentation unique for each application
  • Automated connectivity to existing or on-demand networks
  • Micro-segmentation for application stack isolation
  • Automated security policy enforcement by using NSX security policies, groups, and tags
  • On-demand dedicated NSX load balancer

Simplified vRealize Automation REST API

  • Simplified schema for API requests by switching to normal JSON model
  • Follow-on request URIs and templates exposed as links in response bodies (HATEOAS)
  • New APIs to support business group and reservation management
  • Improved documentation and samples

Enhanced Cloud Support for vCloud Air and AWS

  • Software component authoring for vCloud Air, vCloud Director, and Amazon AWS
  • Simplified blueprint authoring for vCloud Air and vCloud Director
  • Improved vCloud Air endpoint configuration
  • Optional proxy configuration

Event-Based Extensibility Provided by Event Broker

  • Use vRealize Orchestrator workflows to subscribe any events triggered by most events happen in the system or custom events
  • Support blocking and non-blocking subscriptions
  • Provide administrative user interface for extensibility configurations

Enhanced Integration with vRealize Business

  • Unified location in vRealize Business to define flexible pricing policies for infrastructure resource, machine and application blueprints, and all type of endpoints in vRealize Automation
  • Support operational cost, one time cost and cost on custom properties
  • Role-based showback reports and fully leverage new features in vRealize Business 7.0

CloudClient Update

  • Content management (import and export blueprints between instances or tenants in vRealize Automation 7.0)
  • Existing functionality updated for vRealize Automation 7.0 APIs

vRealize Orchestrator 7 New Features

  • Introduce vRealize Orchestrator Control Center for easy monitoring and troubleshooting
  • Significant Smart Client improvements including Workflow tagging UI, Client reconnect options and enhanced search capabilities
  • vSphere 6.X  vAPI endpoint support

Other Improvements

  • Enhanced management of tenant, business group, approval, and entitlements
  • Customizable columns in the table for a given type of custom resource defined in XaaS
  • Accept a mix of license input, including vRealize Suite, vCloud Suite, and vRealize Automation Standalone
  • Improved stability, quality, and performance

 

The complete detail of the improvements can be read in here: http://pubs.vmware.com/Release_Notes/en/vra/vrealize-automation-70-release-notes.html

KUDOS! Great enhancement and innovations for VMware R&D Team!

 

Kind Regards,
Doddi Priyambodo

 

Pertanyaan Teknis yang diajukan saat vSphere Design during Requirement Analysis

Saya coba merangkum sekilas saja mengenai beberapa pertanyaan teknis dasar yang biasa diajukan saat kita melakukan Requirement Analysis / Design Workshop engagement dengan customer.

Berikut ini adalah beberapa high level questions yang biasa saya ajukan, dan melakukan penggalian lebih dalam berdasarkan pertanyaan tersebut. (Note: ini adalah pertanyaan2 teknis, jadi bukan diajukan ke business person or C level. So, to find the correct audience is important)

  • Compute: To gather information regarding the planned target Compute infrastructure
  • Storage: To understand the current and expected storage landscape
  • vCenter: To describe the state of vCenter to manage the ESXi environment
  • Network: To gather information around current and target network infrastructure
  • Backup & Patching: To understand the current backup and patching methodology.
  • Monitor: To analyze current and expected the Monitoring processes
  • VM Workloads: To analyzie the details of the current physical workloads to be virtualized and consolidated
  • Security: To understand detail the current security practices.
  • Processes & Operations: To understand the current operation procedures and processes
  • Availlaibility & Disaster Recovery: to gather information on Business Continuity Processes

Breakdown lebih detail dari pertanyaan tersebut diatas, bisa saja dilakukan lebih detail, contohnya sebagai berikut:

  • Compute: tipe hardware, network, disk, merk, redundancy, processor, koneksi storage, booting, automation, scalability, dll
  • Storage: SAN/NAS/iSCSI/NFS/VSAN, IOps, Latency, storage technology, cloning/snapshot, replication, dll
  • vCenter: linked mode, appliance, database decision, disk size, cpu memory size, pre-requirements, dll
  • Network: leaf spine, backbone technology, bandwith, VLAN, VXLAN, teaming, VPC, link aggregation, distributed switch, vendors, dll
  • Backup and Patching: storage backup, 3rd party backup, VDP, VADP, Update Manager, dll
  • Monitor: items to monitor, centralized log server, performance, capacity, usage, tresshold, alert, placement, dll
  • VM Workloads: user growth, IOps, Tier1/Tier2/Tier3, mission critical, OS clustering, Java/Oracle/SQL Server/SAP, dll
  • Security: firewall ports, virus protection, distributed firewall, hardening system, lockdown mode, access, dll
  • Processes and Operations: SLA agreements, private/public/hybrid strategy, budget/scope constraint, unique processes, dll
  • Availability & DR: RPO, RTO, VMware HA, Fault Tolerance, Active-Active DC. Bandwith and Hops, priority protected VMs, dll

Semoga bermanfaat.

Kind Regards,
Doddi Priyambodo

Urutan dalam melakukan Backup untuk VMware vRealize Suite

Untuk sistem skala Enterprise, urutan backup adalah sesuatu yang penting untuk menjaga data consistency. Kita perlu menjamin bahwa dependency antara VM satu dengan yang lain selalu terjaga, sehingga pada saat recovery tidak ada data yang missing.

Jika anda mengimplementasikan backup secara otomatis, maka urutan backup ini dapat diatur di backup tools yang anda gunakan (ex: Symantec NetBackup)

Berikut ini adalah urutan backup yang direkomendasikan untuk dijalankan satu persatu pada saat  backup berlangsung:

  1. 1). vRealize Business
  2. 2). vRealize Log Insight
  3. 3). vRealize Operations Manager
  4. 4). vRealize Orchestrator
  5. 5). vRealize Automation (jika VRA arsitekturnya distributed, backup juga perlu berurutan)
    1. a). Proxy Agents
    2. b). DEM Workers
    3. c). DEM Orchestrator
    4. d). Manager Services (backup yang passive dulu, baru aktif)
    5. e). Websites (backup node1, node2, dst)
    6. f). vRealize Automation Appliance (backup secondary node, baru primary)
    7. g). SSO (Identity Appliance)
    8. h). PostgreSQL
    9. i). MS SQL
    10. j). Backup Load Balancers

Bagaimana? Cukup rumit bukan? Enggak ah, simple enough kok 🙂

Sekarang, setelah dibackup. Pasti akan direstore dan Power On the VM. Urutannya tinggal dibalik saja dari urutan backup keatas. Jadi tinggal dibaca dari bawah ke atas.

 

Kind Regards,
Doddi Priyambodo

Oracle Real Application Cluster Pros-Cons Analysis on vSphere

There are several considerations, whether we want  to implement Oracle Real Application Cluster or not in vSphere environment. These are some simple writings of the Pros and Cons analysis.

 

Pros Analysis – Oracle RAC on vSphere Cons Analysis – Oracle RAC on vSphere
Availability perspective: It will create zero downtime of availability (but VMware already has VMware HA features) if customer thinks that the VMware HA feature is good enough (approximately 5 minutes RTO) then no need to consider RAC for availability option. Cost perspective: customer need to purchase additional licenses for Oracle RAC capabilities for each cores of the servers in the database cluster.
Performance perspective: it “might” help the database performance if needed. But, some DBs can have better performance with RAC, some don’t (ex: batch processing intensive application). It depends on the architecture of the application itself (need to be tested). Manageability perspective: It will create additional complex things to manage (such as oracle clusterware, ASM disks, and additional RAC processes).
Recoverability perspective: it will create zero downtime experience, if the failure is happening on the host. But, if the failure is happening on the shared storage connection then recovery process need to be conducted from backup or disaster recovery mechanism. Resource perspective: customer will need to create min 2 VMs for each DB in different ESXi hosts for full capability of RAC, anti-affinity should be configured so the VMs won’t start in the same host.

So, basically the decision will be on your hand. Whether you are willing to “pay the price” for the features that you “need”. Ask the question again: do you really need the features?

 

Kind Regards,
Doddi Priyambodo

Key Factors to create Perfect Design for VMware vSphere Infrastructure

If you are doing vSphere Design right now. Please remember this AMPRS rule for your design document.

Always think your design decision based on these key factors. Availability, Manageability, Performance, Recoverability, and Security.

Especially if it is for Business Critical Application, then you MUST consider all these factors.

 

Design Quality Description
Availability Indicates the effect of a design choice on the ability of a technology and the related infrastructure to achieve highly available operation.

Key metrics: percent of uptime.

Manageability Indicates the effect of a design choice on the flexibility of an environment and the ease of operations in its management. Sub-qualities might include scalability and flexibility. Higher ratios are considered better indicators.

Key metrics:

·         Servers per administrator.

·         Clients per IT personnel.

·         Time to deploy new technology.

Performance Indicates the effect of a design choice on the performance of the environment. This does not necessarily reflect the impact on other technologies within the infrastructure.

·         Key metrics:

·         Response time.

·         Throughput.

Recoverability Indicates the effect of a design choice on the ability to recover from an unexpected incident which affects the availability of an environment.

Key metrics:

·         RTO – Recovery time objective.

·         RPO – Recovery point objective.

Security Indicates the ability of a design choice to have a positive or negative impact on overall infrastructure security. Can also indicate whether a quality has an impact on the ability of a business to demonstrate or achieve compliance with certain regulatory policies.

Key metrics:

·         Unauthorized access prevention.

·         Data integrity and confidentiality.

·         Forensic capabilities in case of a compromise.

 

Kind Regards,

Doddi Priyambodo

How to Execute External Guest OS Script from VRO and VRA

These two posts explain the mechanism really well to extend VRA (VMware vRealize Automation) with VRO (VMware vRealize Orchestrator) to execute external script that is located in the External Guest Operating System folders (either Windows or Linux).

It is really useful if you want to execute one of these use cases :
– Silent Installation of Database/Apps platform (ex: SQL Server, Oracle DB, MySQL, PostgreSQL  Apache, etc after the VM is deployed)
– Configure parameters in Apps, DB, Middleware, agents (ex: NetBackup agent, Oracle DB, Tomcat, Weblogic, etc) after the VM is deployed)
– Execute other external scripts that is located in Guest OS

Please note that you also can use it with VRO only, if you don’t want to automate the process from VRA.

Can find the posts from these links :

http://www.vmtocloud.com/how-to-extend-vcac-with-vco-part-1-installation/
http://www.vmtocloud.com/how-to-extend-vcac-with-vco-part-2-hello-world-script-in-guest/

 

Kind Regards,
Doddi Priyambodo

 

Penjelasan mengenai my Computer Home Lab Facility untuk explore VMware Technology

Pada posting kali ini, saya ingin menampilkan home lab yang saya miliki untuk mengeksplorasi fitur2 VMware yang sangat banyak. Memiliki home lab yang “mumpuni” adalah penting bagi saya yang saat ini hidup dari dunia IT, lebih spesifiknya yaitu “IT Cloud” 😉

Ada tiga opsi yang saat  ini saya miliki untuk membuat Home Lab. Opsi pertama, yaitu menggunakan:
1). Public Cloud yang disediakan secara free oleh my company buat para employee-nya around the world. Cool!!!
2). Personal Home Lab yang disediakan oleh “kebaikan hati” istri saya yang mengijinkan saya untuk membeli ini
3). Portable Laptop yang disediakan kantor sebagai fasilitas resmi buat kerja dengan spesifikasi yang gahar! (beratnya juga gahar!!!)

Public cloud yang saya gunakan, tidak akan saya jelaskan lebih detail di posting ini. Tapi intinya fitur ini menggunakan produk dari VMware, yaitu VMware vCloud Director. Even though ada public cloud, tetapi personal home lab tetap saya gunakan karena koneksi internet di Indonesia (read, my home) is not stable enough untuk 100% relying on public cloud.

Berikut ini adalah deskripsi my home lab yang saya gunakan untuk “ngoprek” beberapa teknologi dari VMware, Oracle, Microsoft, RedHat, Quest, open source stuffs, dan beberapa produk lainnya yang menunjang hasrat hands-on-experience saya.

1. My Home Lab (PC Rakitan, baca: ngerakit berdua di toko komputer bareng kokoh mangga dua – what a memorable experience)

These are the Spec :
Category Description Comment
Merk Rakitan piece by piece hasil browsing yang cukup lama per-komponen
Processor Intel Core i7 3770K Ivy Bridge 4 Core @2 Thread 3,8 GHz Yeahhh!!!!
Memory V-Gen DDR3 16 GB Not enough right now, need 32 GB
Disk SATA III Seagate 2 TB Not enough right now, need SSD
VGA Card Digital Alliance NVidia GeForce 2 GB 128 Bit This is Spartaaaa!!!
Motherboard Gigabyte LGA 1155 OK
DVD Samsung DVD Writer OK
Webcam + Mic Logitech C120 buat video Skype-an sama keluarga
Casing Simbadda Simcool OK
Keyboard + Mouse Logitech MK200 + Dell mouse OK
Monitor LG LED 22″ Full HD + TV buat nonton Indovision kalau rebutan TV di luar
Wireless Router TP-LINK buat create wireless network di rumah
Internet Modem ProLink HSPA just in case kalau wifi internet mati, so move to 3G
Game Joystick 🙂 Wireless Havit I am a Pro Evolution Soccer (PES) Champion! 😉
2. My Portable Lab (Office Laptop, aka si GIANT)
Category Description Comment
Merk Dell Precission M4800 Making Michael Dell richer
Processor Intel® Core™ i7-4900 MQ CPU @ 2.80 GHz Super Nice, isn’t it?
Memory 32 GB Super Duper Nice, isn’t it?
Disk Full SSD 500 GB I am okay with it 🙂
VGA Card Nvidia Quadro K2100M 4 GB 128 Bit Sayang gak boleh install game di komputer kerja 😉
OS Microsoft Windows 7 Enterprise SP1 Biasanya lebih banyak buka VMware Workstation
DVD Built in OK
Webcam + Mic Built in Skype
Physical Mobile Laptop wih weight of 3.2 Kg bisa buat punggung jadi sakit kalau backpack
Monitor 15.6in panel super crisp, at 3,200 x 1,800 very clear and bright display
Wanna Upgrade my Home Lab!
Beberapa hari ini saya lagi “ngiler” dengan home-lab one of my best friend teman seperjuangan di VMware “Bayu Wibowo” yang baru saja purchase home lab-nya (kemarin baru datang) yang aduhai spec-nya dan yang penting murah biaya opex-nya (read, electricity consumption). Saatnya bikin proposal ke istri nih, kalau perlu pakai hitung2an TCO and ROI yang dipresentasikan secara formal 😀

Berikut ini adalah spec hardware yang dimiliki beliau:

3 buah SlimPC Shuttle DS81 (http://global.shuttle.com/news/productsDetail?productId=1767), dengan spesifikasi untuk tiap node sebagai berikut: –price list +/- Rp 8jt for each

Processor Intel® Core™ i3-4160 Processor 3.60 GHz
Hitachi 1TB SATA3 16MB 7200RPM
Plextor PCIe SSD M6M 128GB
Kingston SO-DIMM DDR3 16GB PC12800

atau sebenarnya bisa juga dengan pilihan menggunakan Intel-NUC (http://www.intel.com/content/www/us/en/nuc/overview.html) yang lebih “cantik” bentuknya (tapi agak lebih mahal).:

Finally…, Mamiii ada yang mau Papi omongin sebentar 🙂

 

Kind Regards,
Doddi Priyambodo