Transcription
24Short Topics inSystem AdministrationJane-Ellen Long, Series EditorCloud Computing withVMware vCloud DirectorJohn Y. Arrasjid, Ben Lin, Raman Veeramraju,Steve Kaplan, Duncan Epping, and Michael HainesPublished by the USENIX Association2011
Copyright 2011 by the USENIX Association. All rights reserved.ISBN 978-1-931971-83-6To purchase additional copies, see http://www.sage.org/pubs/short topics.html.The USENIX Association2560 Ninth Street, Suite 215Berkeley, CA USA 94710http://www.usenix.org/USENIX is a registered trademark of the USENIX Association.USENIX acknowledges all trademarks herein.
ContentsAcknowledgments viiForeword ix1. Introduction to Cloud Computing 1Cloud Computing 1Topics Covered in This Book 22. What Is Cloud Computing? 5Characteristics of Cloud Computing 5Types of Clouds 6Cloud Layers and Service Models 8Use Cases for Service Models and Workloads 9Summary 103. The Benefits of Cloud Computing 11Cloud Computing as a Transformative Platform 11Strategic Value of IT 12Expense Reduction 14Developing a Compelling Business Case for Cloud ComputingSummary 194. Foundation for Cloud Computing 21Physical Layer 21Virtual Layer 22Cloud Layer 225. VMware vCloud and VMware vCloud Director 25VMware vCloud 25VMware vCloud Director 25Summary 316.7.8.9.VMware vCloud Director Virtual Datacenters 33Provider Virtual Datacenter 33Organization Virtual Datacenter 35Allocation Models 35VMware vCloud Networking 47Overview 47Network Pools 48vCloud Network Layers 52VMware vShield Components 56Summary 62VMware vCloud Storage 63Storage Tier Design 64Storage Configuration 66Summary 71VMware vCloud Director Logging and MonitoringLog Files and Locations 73Monitoring 747316
10. VMware vCloud API 79What Is VMware vCloud API? 79Language Bindings for vCloud API 80Design Considerations 80Summary 8111. vCenter Chargeback 83Architecture 83Cost Configuration 88VM Instance 88Design Considerations 90Summary 9012. Applications in the Cloud 91OVF 91vApps, VMs, and Images 91Software Licensing Considerations 91VMware vFabric Cloud Application Platform 93End-User Computing 93Migrations to and from the Cloud 94Summary 9713. Scalability 99Scalability Considerations 99Example Scenario 100Summary 10114. vCloud Security 103Developing a vCloud Security Strategy 103vSphere Security Functions 104vCloud Security Functions 105VMware vCloud Director and TLSv1/SSL 107VMware vCloud Director Security and vShield 108Summary 11015. Business Resiliency 111Redundancy 111Management Cluster 111Resource Group 112vApp Backup and Recovery 113Summary 116Appendix. Third-Party Technology Integrations 117VMware vCloud Director and Integrated Computing StacksVMware vCloud Director and Orchestration Tools 118Glossary 125References 133About the Authors and Editor 135117
Figures and TablesFigures1: Cloud Computing 52: Private Cloud Deployment 73: Public Cloud Deployment 84: Hybrid Cloud Deployment 85: Cloud Computing Layers 96: Yearly Discounted Cash Flow Analysis for a Private Cloud 177: VMware vCloud Building Blocks 268: Relationship between Physical, Virtual, and vCloud Layers 299: VMware vCloud Director Cell 3010: Cloud Resources 3311: Creation of Provider VDC 3412: Provider VDC and Organization VDC (Org VDC) Relationship 3513: Creation of an Organization VDC 3614: Organization VDC Allocation Model Screen 3715: Organization VDC Allocation Pool 3816: Allocation Pool Resource Pool 3817: Allocation Pool VM-Level CPU Reservation and Limits 3918: Allocation Pool VM-Level Memory Reservation and Limits 3919: Changed Memory Guarantee to 50% on Resource Pool 4020: Changed Memory Guarantee to 50% on Virtual Machine 4021: Organization VDC Pay-As-You-Go Model 4122: Pay-As-You-Go Resource Pool before Deploying a vApp 4223: Pay-As-You-Go Resource Pool after Deploying a vApp 4324: Pay-As-You-Go VM-Level CPU Reservation and Limits 4325: Pay-As-You-Go VM-Level Memory Reservation and Limits 4326: Organization VDC Reservation Pool 4427: Reservation Pool Resource Pool 4528: Reservation Pool VM-Level CPU Reservation and Limits 4529: Reservation Pool VM-Level Memory Reservation and Limits 4530: vCloud Network Layers 4731: Port Group–Backed Network Pool 4932: VLAN-Backed Network Pool 5033: vCloud Network Isolation Frame 5134: vCloud Director Network Isolation–Backed Network 5235: External Network 5336: Organization Network 5537: vApp Network 5638: vCloud Network Relationship Mapping 5939: vCloud Network Use Case 1 5940: vCloud Network Use Case 2 6041: vCloud Network Use Case 3 6142: Provider VDC Tiering 6643: Adding vCloud Datastores 6744: VDC Storage Properties 6945: Network Pool Availability 7546: Provider VDC Usage 7547: vCenter Chargeback System Health 76
48: vShield Edge Deployment through vShield Manager 7749: vCenter Chargeback Component Logical Layout 8450: vCenter Chargeback Integration with vCloud Director 8451: Organization to Hierarchy Mapping 8552: VM Instance Matrix 8953: VMware End-User Computing 9454: VMware vCloud Connector Architecture 9655: VMware vCloud Connector Interface 9656: CIA Information Security Framework 10457: VMware vCloud Security Layers 10558: Point-to-Point IPsec VPN Connection between vShield Edge and PhysicalGateway VPN 10859: VMware vStorage APIs for Data Protection 11260: Enterprise Deployment of VMware vSphere and HyTrust Appliance 11961: PCI Network Administrator Access Policy 12062: PCI Security Admin Access and Infrastructure Segmentation 12163: HyTrust Appliance Logs 12264: VMware vCloud Director and HyTrust Cloud Control 12365: Deployment Architecture 124Tables1: vSphere Infrastructure HA Cluster Configuration 362: Tier Considerations 64–653: Storage Tier Example 654: Storage Design Guidelines 70–715: VMware vCloud Director Logs 736: Log Levels 747: Allocation Pool Billing Policy 878: Networks Billing Policy 879: Pay-As-You-Go Fixed-Based Billing Policy 8710: Pay-As-You-Go Resource-Based Billing Policy 8811: Reservation Pool Billing Policy 8812: VMware vCloud Director Maximums 100
VMware vCloud Networking 47 Overview 47 Network Pools 48 vCloud Network Layers 52 VMware vShield Components 56 Summary 62 8. VMware vCloud Storage 63 . VMware vCloud Security Layers 105 58: Point-to-Point IPsec VPN Connection between vShield Edge and Physical Gateway VPN 108 59: VMware vStorage APIs for Data Protection 112 .
