IBM Cloud for VMware Solutions: Take a look under the hood
Deploy and manage VMware virtualized environments
Take an in-depth look at the architecture of IBM Cloud for VMware Solutions, an IBM Cloud offering that provides deployment and management of VMware virtualized environments. In this tutorial, I'll show you the components of the offering so you can see how they work together to provision and maintain the environment in the public cloud.
Two companies, one streamlined solution
For some time now, users have been deploying VMware virtualized environments to the IBM public cloud, either by themselves or with the help of professional services. Beginning in February 2016, IBM and VMware announced a partnership to automate the process of deploying VMware software and VMware environments in the IBM cloud. One of the early fruits of this partnership was the ability to order a variety of VMware product deployments and licenses from the IBM Cloud portal, and later offering VMware Horizon Air in IBM Cloud. In addition, IBM and VMware worked together to jointly produce a standard reference architecture and deployment prescription for VMware in the IBM public cloud.
“Because you can provision these environments faster than ever before, you can focus your efforts on deploying your applications and solutions on top of them, and on connecting clouds together for disaster recovery or high availability.”
In the fall of 2016, IBM and VMware jointly released VMware Cloud Foundation and IBM Cloud for VMware Solutions. VMware Cloud Foundation is VMware's technology for deploying and managing fully virtualized environments, including virtualized compute (VMware vSphere), storage (VMware vSAN), and networking (VMware NSX). These environments are aptly called software-defined data centers.
IBM Cloud for VMware Solutions builds on Cloud Foundation technology to significantly streamline the deployment and management of these software–defined data centers in the IBM public cloud. Using IBM Cloud for VMware Solutions, it is now possible to deploy portions of the standard reference architecture to the IBM Cloud automatically rather than manually. Environments that previously took weeks to deploy and configure can now be provisioned in a matter of hours.
This ease of deployment allows you to focus on implementing solutions on top of VMware rather than building your environment. With environments at your quick disposal, you can build both hybrid cloud solutions spanning your private cloud and the IBM public cloud, as well as cloud native solutions in the IBM public cloud. By combining multiple deployments, you can easily add disaster recovery or high availability capabilities to your solutions.
Now let's take a look under the hood of the IBM Cloud for VMware Solutions architecture. You'll gain an understanding of the different components that are part of the solution, and how they work together to provision and manage your software–defined data center in the IBM Cloud. You'll also learn about the network topology and several options you have for connecting to your environment.
IBM Cloud for VMware Solutions basics
Your software–defined data centers are provisioned and managed using the IBM Cloud for VMware Solutions portal. You log in to this portal using your IBM id. You will also need to associate your IBM id with your IBM Bluemix account or create a new IBM Bluemix account.
Figure 1. IBM Cloud for VMware Solutions portal
Using this portal, you can provision of one of two kinds of virtualization environments:
- A VMware vCenter Server on IBM Cloud instance is a basic virtualization environment that uses VMware vSphere Hypervisor and VMware vCenter.
- A VMware Cloud Foundation on IBM Cloud instance is a comprehensive software–defined data center that uses VMware Cloud Foundation's SDDC Manager, VMware vSphere Hypervisor, VMware vCenter, VMware vSAN, and VMware NSX.
You can also provision either of these environments with the additional Zerto disaster recovery service.
Figure 2 shows the first step in the order page in the portal for a Cloud Foundation instance, where you name your instance and select a SoftLayer data center. Subsequent order steps allow you to enter your SoftLayer account credentials and summarize your order. In the case of a vCenter Server instance, an additional step allows you to customize the number, size, and network speed of your bare metal servers.
Figure 2. IBM Cloud for VMware Solutions ordering
VMware vCenter Server instances
Because the VMware vCenter Server instances do not make use of vSAN and NSX, they allow for more flexibility in ordering options outside of the prescribed architecture. Depending on availability in a given data center, you have the choice of 1Gbps and 10GBps network links, and a choice of large (24 core, 512GB) and small (12 core, 64GB) servers. You can order as few as one ESXi server.
These instances are deployed using two VLANs, one public and one private. All components are initially deployed using only private subnets.
VMware vCenter Server instances are available in all IBM Cloud data centers that support these hardware and networking specifications (see sidebar).
VMware Cloud Foundation instances
The VMware Cloud Foundation instances carefully follow the prescribed reference architecture. The architecture requires the use of 10Gbps network links and large (24 core, 512GB) servers in order to support VMware NSX and vSAN. You can order as few as four ESXi servers.
These instances are deployed using three VLANs, one public and two private. One private VLAN is used for management communications and for NSX VTEP, while the other is used for vMotion and for vSAN traffic. The public VLAN is largely reserved for your use at your discretion for public connectivity or tunneling for your own workload deployments. However, at deployment time an NSX Edge Services Gateway pair is deployed on the public VLAN to allow the IBM cloud driver component to connect over the public network to the IBM management systems to perform management of your instance, such as adding nodes to the environment or upgrading system components.
Because the VMware Cloud Foundation instances have more stringent hardware and networking requirements, their provisioning is supported by fewer IBM Cloud data centers (see sidebar).
When you order a new VMware vCenter or VMware Cloud Foundation instance, you choose the instance location and specification, and provide your IBM Cloud username and API key for the portal to use to order your system. The IBM Cloud for VMware Solutions portal then orchestrates the entire process of ordering, installing, and configuring your virtualization environment. This includes:
- Ordering VLANs and subnets for networking
- Ordering IBM Cloud Bare Metal Servers with vSphere Hypervisor installed
- Deploying and configuring VMware vCenter Server and Platform Services Controller
- In the case of VMware Cloud Foundation,
- Deploying VMware Cloud Foundation SDDC Manager
- Deploying VMware NSX Manager, NSX Controllers, and NSX Edge Services Gateways
- Configuring VMware vSAN
- Deploying an IBM management component called the cloud driver
- Ordering and configuring an IBM Cloud Virtual Server Instance (VSI) and Endurance Storage to serve as an integrated backup server for the management components
- Validating the installation and configuration of the environment
You select the IBM Cloud data center where you want to provision your instance. Provided the hardware is available in your selected IBM Cloud data center, the instance provisioning process typically takes less than 12 hours.
Once your instance has been provisioned, if you are connected to your IBM Cloud account through a VPN, you can connect to your vCenter server directly from the IBM Cloud for VMware Solutions portal. Figure 3 shows the vCenter web client view for a Cloud Foundation instance.
Figure 3. Deployed VMware Cloud Foundation instance
For a vCenter Server instance, you can log in directly to vCenter as long as you are connected to your IBM Cloud VPN. However, for a Cloud Foundation instance, the VMware Platform Services Controller (PSC) that authenticates your connection to vCenter is addressed by its hostname rather than by its IP address. For your Cloud Foundation instance, in order to connect to vCenter, you must first ensure that the PSC hostname can be resolved by your workstation by adding the PSC hostname to your workstation's hosts file as shown in Listing 1. You can find the PSC hostname and IP address by hovering your mouse over the vCenter console link in the portal.
Listing 1. Hosts file
# Cloud Foundation instance Platform Services Controller (PSC) 10.168.65.79 psc0.vrack.vsphere.local
After your instance has been deployed, you can manage it from the portal. The management capabilities include the ability to do each of the following:
- Deploy additional nodes into the cluster
- Remove existing nodes from the cluster
- For Cloud Foundation instances, display available IBM and VMware system updates for the instance and initiate or schedule an upgrade of instance components
- Initiate an unscheduled backup of the management components
- Open a ticket to IBM support to restore the management components from backup
Figure 4 shows the instance detail view for a Cloud Foundation instance. The primary properties tab includes a link to the vCenter console as well as other details about the instance and its hypervisors. Other tabs available in the instance detail view allow you to manage instance updates and backups.
Figure 4. VMware Cloud Foundation instance management
IBM Cloud for VMware Solutions components
A number of different components work together to provision and manage your environment. Most of these components are deployed into your IBM Cloud account. Because the solution depends on all of these components working together, you should not modify or cancel any of these components from your IBM Cloud account. The correct way to remove a running instance is by using the portal rather than cancelling the individual components.
While this is an integrated virtualization environment, the cost of various virtualization components (such as VMware licenses), infrastructure components (bare metal servers, VLANs, subnets, and storage), and management components is itemized in the bill that you receive from IBM Cloud.
The portal component
The portal is part of the IBM Cloud. You log in to the portal to create and manage your instances. This portion of the solution is responsible for the initial ordering and provisioning of your environment, and also for the ongoing management of your environment. The portal communicates with your deployed instances primarily using private IBM Cloud message queues, but for Cloud Foundation instances some management communication from your instance takes place outbound through the NSX Edge Services Gateway pair.
The IBM Cloud Builder component
When you provision a new instance, the portal deploys a temporary virtual server instance (VSI) to your IBM Cloud account. This instance is known as the cloud builder. It performs the ordering of bare metal servers in your IBM Cloud account, the installation and configuration of all of the instance's components, and the validation of the environment. After the provisioning is complete the cloud builder is deleted.
The IBM Cloud Driver component
In addition to installing VMware components such as vCenter Server and Platform Services Controller, the cloud builder deploys a virtual machine (VM) directly into the VMware management cluster known as the cloud driver. Unlike the cloud builder, the cloud driver is a long–lived VM. It communicates with the portal primarily using private IBM Cloud message queues, but in the case of Cloud Foundation instances some outbound management communication takes place through the NSX Edge Services Gateway. The cloud driver acts as an agent to maintain your instance; for example, it is responsible for ordering and configuring new bare metal hosts that are added to the cluster, and for applying updates to the instance.
For all instances, vSphere Hypervisor is installed on the bare metal servers.
For a vCenter Server instance, vCenter Server and the Platform Services Controller are deployed into the VMware management cluster, together with the cloud driver.
For a Cloud Foundation instance, a vCenter Server, a Platform Services Controller, an NSX Manager, three NSX Controllers, an NSX Edge Services Gateway pair, and a VMware SDDC Manager VM are all deployed into the VMware management cluster. The cloud driver works together with the SDDC Manager to maintain the VMware virtualization environment.
Outside of your VMware virtual data center, the cloud builder deploys an IBM Cloud virtual server instance (VSI) running as a backup server. The backup server performs a daily backup of the VMware management cluster, plus additional backups at your initiation. The backup server maintains the last 14 backup restore points.
In addition, the cloud builder orders IBM Cloud Endurance Storage, which is used to store these backups.
The cloud builder orders a number of VMware licenses (such as vCenter Server and NSX) in your IBM Cloud account, which correspond to their usage in the instance.
IBM Cloud for VMware Solutions network architecture
Both vCenter Server and Cloud Foundation instances connect to a public VLAN for your use with your deployed workloads. The public VLAN is largely reserved for your use at your discretion, but in the case of Cloud Foundation instances an NSX Edge Services Gateway pair is connected to the public VLAN allowing the cloud driver to communicate outbound with the portal for the management of your instance.
A vCenter Server instance has a single private VLAN that is used for both management connectivity (such as vCenter communications with hypervisors) and for private connectivity for your deployed workloads (such as application–to–database traffic).
A Cloud Foundation instance has two private VLANs that are trunked together on the private network interface for your hypervisors. The first private VLAN is used for management connectivity (such as vCenter communications with hypervisors), and by NSX for tunneling all VXLAN traffic for your deployed workloads. The second private VLAN is used for vMotion and vSAN traffic.
Figure 5 illustrates the network and component architecture for the IBM Cloud components, as well as the components deployed in your IBM Cloud account. This diagram illustrates the more complex case of a Cloud Foundation instance with three VLANs. It also illustrates which VMs run within the ESXi cluster and which run as IBM Cloud VSIs. The communication between the portal and the cloud builder and cloud driver primarily takes place using private SoftLayer message queues rather than over the public internet. However, in the case of Cloud Foundation some management communication takes place outbound from your cloud driver through the NSX Edge Services Gateways.
Figure 5. Solution and network architecture
Connecting to your instance
You have a number of options for connecting to your instances. You can connect directly to private IP addresses in your instance (for example, vCenter) by using the IBM Cloud VPN. You can also order IBM Cloud network appliances and IBM Cloud hardware or virtual firewalls such as Vyatta and Fortigate for your account. IBM Cloud also offers direct links between your network and the VLANs in your IBM Cloud account.
For access to your deployed VMs, you can apply public IP addresses directly to your VMs. However, you can also use the IBM Cloud network appliance and firewall capabilities to set up more secure public access to your VMs using NAT and firewall.
If you are using a VMware Cloud Foundation instance, you can also deploy NSX Edge servers, and use these servers to set up VPN or NAT connectivity for your VMs.
In this tutorial, you learned about the basic capabilities of IBM Cloud for VMware Solutions for deploying and managing standardized VMware virtualization environments in the public cloud. Because you can provision these environments faster than ever before, you can focus your efforts on deploying your applications and solutions on top of them, and on connecting clouds together for disaster recovery or high availability.
We explored the various components that are deployed into your IBM Cloud account, which appear on your IBM Cloud billing statement and work together to keep your environment running. Finally, we considered the network architecture of the solution along with some options for establishing connectivity to the environment—either by using a variety of secure connectivity options to keep communications private, or by using various options for public internet connectivity.
Now that you're armed with everything you need to know to get started, go ahead and deploy your next VMware virtualization environment on the IBM Cloud today!
The author would like to express his appreciation to Ajay Apte, Liang Wang, and Rob Warren for their help with this article.
- Announcement of IBM and VMware partnership in February 2016
- Availability of VMware products and licenses in the IBM Cloud portal
- Availability of VMware Horizon Air in IBM Cloud
- VMware's Cloud Foundation announcement
- Reference architecture for deploying VMware virtualization environments to the IBM public cloud
- You can provision and manage your VMware software–defined data centers using the IBM Cloud for VMware Solutions portal.
- The IBM Cloud for VMware Solutions portal requires you to sign in using an IBM id. You can register for an IBM id at IBM's website.
- You can use the IBM Cloud VPN to connect to private VLANs in your IBM Cloud account.
- IBM Cloud offers network appliances for you to manage connectivity into and between your IBM Cloud VLANs.
- IBM Cloud offers hardware and virtual firewalls for you to manage connectivity into and between your IBM Cloud VLANs.
- IBM Cloud also offers direct links between your network and the VLANs in your IBM Cloud account.