IBM Cloud for VMware Solutions: Take a look under the hood
Deploy and manage VMware virtualized environments
Take an in-depth look at the architecture of IBM Cloud for VMware Solutions, an IBM Cloud offering that provides deployment and management of VMware virtualized environments. In this tutorial, I'll show you the components of the offering so you can see how they work together to provision and maintain the environment in the public cloud.
Two companies, one streamlined solution
For some time now, users have been deploying VMware virtualized environments to the IBM public cloud, either by themselves or with the help of professional services. Beginning in February 2016, IBM and VMware announced a partnership to automate the process of deploying VMware software and VMware environments in the IBM cloud. One of the early fruits of this partnership was the ability to order a variety of VMware product deployments and licenses from the IBM Cloud portal, and later offering VMware Horizon Air in IBM Cloud. In addition, IBM and VMware worked together to jointly produce a standard reference architecture and deployment prescription for VMware in the IBM public cloud.
“Because you can provision these environments faster than ever before, you can focus your efforts on deploying your applications and solutions on top of them, and on connecting clouds together for disaster recovery or high availability.”
In the fall of 2016, IBM and VMware jointly released VMware Cloud Foundation and IBM Cloud for VMware Solutions. VMware Cloud Foundation is VMware's technology for deploying and managing fully virtualized environments, including virtualized compute (VMware vSphere), storage (VMware vSAN), and networking (VMware NSX). These environments are aptly called software-defined data centers.
IBM Cloud for VMware Solutions builds on Cloud Foundation technology to significantly streamline the deployment and management of these software–defined data centers in the IBM public cloud. Using IBM Cloud for VMware Solutions, it is now possible to deploy portions of the standard reference architecture to the IBM Cloud automatically rather than manually. Environments that previously took weeks to deploy and configure can now be provisioned in a matter of hours.
This ease of deployment allows you to focus on implementing solutions on top of VMware rather than building your environment. With environments at your quick disposal, you can build both hybrid cloud solutions spanning your private cloud and the IBM public cloud, as well as cloud native solutions in the IBM public cloud. By combining multiple deployments, you can easily add disaster recovery or high availability capabilities to your solutions.
Now let's take a look under the hood of the IBM Cloud for VMware Solutions architecture. You'll gain an understanding of the different components that are part of the solution, and how they work together to provision and manage your software–defined data center in the IBM Cloud. You'll also learn about the network topology and several options you have for connecting to your environment.
IBM Cloud for VMware Solutions basics
Your software–defined data centers are provisioned and managed using the IBM Cloud for VMware Solutions portal. You log in to this portal using your IBM id. You will also need to associate your IBM id with your IBM Bluemix account or create a new IBM Bluemix account.
Figure 1. IBM Cloud for VMware Solutions portal
Using this portal, you can provision of one of two kinds of virtualization environments:
- A VMware vCenter Server on IBM Cloud instance is a basic virtualization environment that uses VMware vSphere Hypervisor, VMware vCenter Server, and VMware NSX.
- A VMware Cloud Foundation on IBM Cloud instance is a comprehensive software–defined data center that uses VMware Cloud Foundation's SDDC Manager, VMware vSphere Hypervisor, VMware vCenter, VMware vSAN, and VMware NSX.
You can also provision either of these environments with the additional Zerto disaster recovery service.
Prior to ordering a Cloud Foundation or vCenter Server instance, you must configure your IBM SoftLayer API key in the IBM Cloud for VMware Solutions portal. To do this, click the Settings link in the top right-hand corner of the portal, and enter your user name and API key where prompted for SoftLayer credentials. The system will verify that your API key and account have appropriate permissions and settings to deploy your instance.
Figure 2 shows the first step in the order process for a Cloud Foundation instance. Cloud Foundation instances are deployed together with a Microsoft Active Directory domain controller, and for single sign-on purposes you must designate your instance as either a primary or secondary site. A primary instance is the first (and perhaps only) instance in your single sign-on domain. You can deploy additional secondary instances and associate them with the same single sign-on domain of an existing primary instance.
Figure 2. Step 1 in the Cloud Foundation instance order process
Figure 3 shows the second step in the order process for a Cloud Foundation instance. Here you are prompted for your domain name, which will serve as your single sign-on root domain; your instance name; and the data center where you want your instance to be deployed. The instance name will identify your instance in the IBM Cloud for VMware Solutions portal, but it will also be used as the DNS subdomain where the hostnames of your instance components will be registered.
Figure 3. Step 2 in the Cloud Foundation instance order process
Figure 4 shows the final step in the order process, where your order is summarized an you have an opportunity to review the terms and estimated cost.
Figure 4. Step 3 in the Cloud Foundation instance order process
If you are ordering a vCenter server instance, the order process is simpler. On a single screen you will have the opportunity to choose your instance name, data center location, the number of servers, and the size of attached shared storage.
VMware vCenter Server instances
Because the VMware vCenter Server instances do not make use of vSAN, they allow for more flexibility in ordering options. The servers are available in three sizes ranging from 16 cores with 128GB RAM to 28 cores with 512GB RAM, and you can order as few as two servers. Several options are available for size and performance of attached storage.
These instances are deployed using three VLANs, one public and two private. The public VLAN is largely reserved for your use at your discretion for public connectivity or tunneling for your own workload deployments. However, at deployment time an NSX Edge Services Gateway pair is deployed on the public VLAN to allow the IBM cloud driver component to connect over the public network. This allows it to communicate with the IBM management systems to perform management of your instance, such as adding nodes to the environment or upgrading system components. The first private VLAN is used for management communications and NSX VTEP, and the second is used for vMotion and for NFS storage traffic.
VMware vCenter Server instances are available in all IBM Cloud data centers that support these hardware and networking specifications (see sidebar).
VMware Cloud Foundation instances
VMware Cloud Foundation instances are available with servers in two sizes: 24 cores with 128GB RAM, and 28 cores with 256GB RAM. These instances require a minimum of four nodes due to the use of vSAN.
These instances are deployed using three VLANs, one public and two private. One private VLAN is used for management communications and for NSX VTEP, while the other is used for vMotion and for vSAN traffic. The public VLAN is largely reserved for your use at your discretion for public connectivity or tunneling for your own workload deployments. However, as with vCenter Server instances, at deployment time an NSX Edge Services Gateway pair is deployed on the public VLAN to allow the IBM cloud driver component to connect over the public network.
When you order a new VMware vCenter or VMware Cloud Foundation instance, you choose the instance location and specification. The IBM Cloud for VMware Solutions portal then uses your previously selected IBM Cloud username and API key to orchestrate the entire process of ordering, installing, and configuring your virtualization environment. This includes:
- Ordering VLANs and subnets for networking
- Ordering IBM Cloud Bare Metal Servers with vSphere Hypervisor installed
- Deploying and configuring VMware vCenter Server, Platform Services Controller, and VMware NSX Manager, Controllers, and Edge Services Gateways.
- In the case of VMware Cloud Foundation,
- Deploying VMware Cloud Foundation SDDC Manager
- Configuring VMware vSAN
- In the case of VMware vCenter Server, ordering IBM Cloud Endurance Storage to serve as network-attached storage for your hypervisors.
- Deploying an IBM management component called the cloud driver
- Ordering and configuring an IBM Cloud Virtual Server Instance (VSI) and Endurance Storage to serve as an integrated backup server for the management components
- Validating the installation and configuration of the environment
You select the IBM Cloud data center where you want to provision your instance. Provided the hardware is available in your selected IBM Cloud data center, the instance provisioning process typically takes less than 24 hours.
Once your instance has been provisioned, if you are connected to your IBM Cloud account through a VPN, you can connect to your vCenter server directly from the IBM Cloud for VMware Solutions portal. Figure 5 shows the vCenter web client view for a Cloud Foundation instance.
Figure 5. Deployed VMware Cloud Foundation instance
For a vCenter Server instance, you can log in directly to vCenter as long as you are connected to your IBM Cloud VPN. However, for a Cloud Foundation instance, the VMware Platform Services Controller (PSC) that authenticates your connection to vCenter is addressed by its hostname rather than by its IP address. For your Cloud Foundation instance, in order to connect to vCenter, you must first ensure that the PSC hostname can be resolved by your workstation by adding the PSC hostname to your workstation's hosts file as shown in Listing 1. You can find the PSC hostname and IP address on the detailed properties page for your instance in the portal.
Listing 1. Hosts file
# Cloud Foundation instance Platform Services Controller (PSC) 10.168.65.79 psc0.vrack.vsphere.local
After your instance has been deployed, you can manage it from the portal. The management capabilities include the ability to do each of the following:
- Deploy additional nodes into the cluster
- Remove existing nodes from the cluster
- For Cloud Foundation instances, display available IBM and VMware system updates for the instance and initiate or schedule an upgrade of instance components
- For vCenter Server instances, display available IBM system updates for the instance and initiate or schedule an upgrade of instance components.
- Initiate an unscheduled backup of the management components
- Open a ticket to IBM support to restore the management components from backup
Figure 6 shows the instance detail view for a Cloud Foundation instance. The primary properties tab includes a link to the vCenter console as well as other details about the instance and its hypervisors. Other tabs available in the instance detail view allow you to manage instance updates, manage backups, and manage or install additional services such as Zerto disaster recovery.
Figure 6. VMware Cloud Foundation instance management
IBM Cloud for VMware Solutions components
A number of different components work together to provision and manage your environment. Most of these components are deployed into your IBM Cloud account. Because the solution depends on all of these components working together, you should not modify or cancel any of these components from your IBM Cloud account. The correct way to remove a running instance is by using the portal rather than cancelling the individual components.
While this is an integrated virtualization environment, the cost of various virtualization components (such as VMware licenses), infrastructure components (bare metal servers, VLANs, subnets, and storage), and management components is itemized in the bill that you receive from IBM Cloud.
The portal component
The portal is part of the IBM Cloud. You log in to the portal to create and manage your instances. This portion of the solution is responsible for the initial ordering and provisioning of your environment, and also for the ongoing management of your environment. Your deployed instances communicate with the portal only by outbound-initiated secure connections through the NSX Edge Services Gateway pair in your instance.
The IBM Cloud Builder component
When you provision a new instance, the portal deploys a temporary virtual server instance (VSI) to your IBM Cloud account. This instance is known as the cloud builder. It performs the ordering of bare metal servers in your IBM Cloud account, the installation and configuration of all of the instance's components, and the validation of the environment. After the provisioning is complete the cloud builder is deleted.
The IBM Cloud Driver component
In addition to installing VMware components such as vCenter Server and Platform Services Controller, the cloud builder deploys a virtual machine (VM) directly into the VMware management cluster known as the cloud driver. Unlike the cloud builder, the cloud driver is a long–lived VM. It communicates with the portal only by outbound-initiated secure connections through the NSX Edge Services Gateway pair in your instance. The cloud driver acts as an agent to maintain your instance; for example, it is responsible for ordering and configuring new bare metal hosts that are added to the cluster, and for applying updates to the instance.
For all instances, vSphere Hypervisor is installed on the bare metal servers.
For a vCenter Server instance, vCenter Server, a Platform Services Controller, an NSX Manager, three NSX Controllers, and two NSX Edge Services Gateway pairs are deployed into the VMware management cluster, together with the cloud driver.
For a Cloud Foundation instance, a vCenter Server, a Platform Services Controller, an NSX Manager, three NSX Controllers, an NSX Edge Services Gateway pair, and a VMware SDDC Manager VM are all deployed into the VMware management cluster. The cloud driver works together with the SDDC Manager to maintain the VMware virtualization environment.
Outside of your VMware virtual data center, the cloud builder deploys an IBM Cloud virtual server instance (VSI) running as a backup server. The backup server performs a daily backup of the VMware management cluster, plus additional backups at your initiation. The backup server maintains the last 14 backup restore points.
In addition, the cloud builder orders IBM Cloud Endurance Storage, which is used to store these backups.
The cloud builder orders a number of VMware licenses (such as vCenter Server and NSX) in your IBM Cloud account, which correspond to their usage in the instance.
IBM Cloud for VMware Solutions network architecture
Both vCenter Server and Cloud Foundation instances connect to a public VLAN for your use with your deployed workloads. The public VLAN is largely reserved for your use at your discretion, but an NSX Edge Services Gateway pair is connected to the public VLAN allowing the cloud driver to communicate outbound with the portal for the management of your instance.
Both vCenter Server and Cloud Foundation instances have two private VLANs that are trunked together on the private network interface for your hypervisors. The first private VLAN is used for management connectivity (such as vCenter communications with hypervisors), and by NSX for tunneling all VXLAN traffic for your deployed workloads. The second private VLAN is used for vMotion and for storage traffic; the storage traffic is NFS traffic for vCenter Server instances, and vSAN traffic for Cloud Foundation instances.
Figure 7 illustrates the network and component architecture for the IBM Cloud components, as well as the components deployed in your IBM Cloud account. This diagram illustrates which VMs run within the ESXi cluster and which run as IBM Cloud VSIs. The communication between the portal and the cloud builder and cloud driver takes place outbound from your cloud builder and cloud driver through the NSX Edge Services Gateway pair in your instance.
Figure 7. Solution and network architecture
Connecting to your instance
You have a number of options for connecting to your instances. You can connect directly to private IP addresses in your instance (for example, vCenter) by using the IBM Cloud VPN. You can also order IBM Cloud network appliances and IBM Cloud hardware or virtual firewalls such as Vyatta and Fortigate for your account. IBM Cloud also offers direct links between your network and the VLANs in your IBM Cloud account.
For access to your deployed VMs, you can apply public IP addresses directly to your VMs. However, you can also use the IBM Cloud network appliance and firewall capabilities to set up more secure public access to your VMs using NAT and firewall. You can also deploy NSX Edge servers, and use these servers to set up VPN or NAT connectivity for your VMs.
In this tutorial, you learned about the basic capabilities of IBM Cloud for VMware Solutions for deploying and managing standardized VMware virtualization environments in the public cloud. Because you can provision these environments faster than ever before, you can focus your efforts on deploying your applications and solutions on top of them, and on connecting clouds together for disaster recovery or high availability.
We explored the various components that are deployed into your IBM Cloud account, which appear on your IBM Cloud billing statement and work together to keep your environment running. Finally, we considered the network architecture of the solution along with some options for establishing connectivity to the environment—either by using a variety of secure connectivity options to keep communications private, or by using various options for public internet connectivity.
Now that you're armed with everything you need to know to get started, go ahead and deploy your next VMware virtualization environment on the IBM Cloud today!
The author would like to express his appreciation to Ajay Apte, Liang Wang, and Rob Warren for their help with this article.
- Announcement of IBM and VMware partnership in February 2016
- Availability of VMware products and licenses in the IBM Cloud portal
- Availability of VMware Horizon Air in IBM Cloud
- VMware's Cloud Foundation announcement
- Reference architecture for deploying VMware virtualization environments to the IBM public cloud
- You can provision and manage your VMware software–defined data centers using the IBM Cloud for VMware Solutions portal.
- The IBM Cloud for VMware Solutions portal requires you to sign in using an IBM id. You can register for an IBM id at IBM's website.
- You can use the IBM Cloud VPN to connect to private VLANs in your IBM Cloud account.
- IBM Cloud offers network appliances for you to manage connectivity into and between your IBM Cloud VLANs.
- IBM Cloud offers hardware and virtual firewalls for you to manage connectivity into and between your IBM Cloud VLANs.
- IBM Cloud also offers direct links between your network and the VLANs in your IBM Cloud account.