June 30, 2014
by Gregg Robertson Leave a comment

VCAP-CID Objective 1.5 – Determine Security and Compliance Requirements for a Conceptual Design

Knowledge

Identify relevant industry security standards.

For security standards there are a few and for these they are normally for government,finance,military and telecommunications. There are a few standards each of these keep to and they largely overlap into the next point of compliancy. For example here in the United Kingdom there are a few cloud vendors who run community clouds where they assure they meet business impact levels and each of these levels determines the requirements for protection. A really good article straight from the UK government is here where information security is defined based on a number of criteria. A lot of government and military companies keep data in IL2 or IL3 and vSphere 4.0 and 4.1 were actually verified to meet IL3 compliancy. Recently they are still EAL4+ and FISMA certified.
For your conceptual design you will need to know what abstraction is required based on whatever the relevant security standard is and most likely have to sit down with the compliancy officer and determine what they feel is required for them to approve your solution meets their security standards.

Identify relevant industry compliance standards.

There are a number of compliance standards that are used from various companies who process credit cards, hospitals who keep peoples personal data to companies who have to keep to specific regulations. There are a number of these and some are only applicable in specific countries but the ones I think are the most likely to be seen in a vCloud environment are:
- Sarbanes-Oxley
- Health Insurance Portability and Accountability Act (HIPAA)
- Federal Financial Institutions Examination Council (FFIEC)
- Payment Card Industry Data Security Standard (PCI DSS)
- International Organization for Standardization (ISO) 17799
- National Institute of Standards and Technology (NIST)
- International Organization for Standardization (ISO) 27001
A really great example of this is the Architecture Design Guide for Payment Card Industry (PCI) document by VMware. This is PERFECT in showing the kinds of things you need to keep in mind and the varying mechanisms to achieve this. The document goes much deeper than conceptual but seeing as you will have to go from conceptual to logical and then to physical it makes sense to learn it now.
Another great document by VMware that is mentioned on the blueprint is the Infrastructure Security: Getting to the Bottom of Compliance in the Cloud document.

Explain vCloud security capabilities.

This along with the two points above are covered perfectly in appendix B of the vCAT Architecting a VMware vCloud pdf. For the conceptual design this is more around isolation and multi-tenancy but the whole of appendix B gives a great break down of the kinds of security that is possible within vCloud and the mechanisms and products that can be used to achieve this.

Identify the auditing capabilities of vCloud technologies.

This is the vast mechanisms such as logging,log retention, syslog shipping and firewall logging via vCNS to name but a few that are possible via vCloud. Appendix B of the vCAT covers these off really well and the retention policies mentioned in the Architecture Design Guide for Payment Card Industry (PCI) document cover off the kinds of auditing you may be requested to do. For conceptual this isn’t very applicable and I’m amazed it is actually mentioned here.

Skills and Abilities

Based on customer requirements, determine auditing requirements for a vCloud conceptual design.

These would be determined in design workshops and discussions with different subject matter experts within the customer around what they are looking to audit/log and if there are any compliancy standards they needs to meet. If they are a service provider who provides public cloud to the general public then there is a very good chance they have to meet PCI compliancy for example and so retain logs and do auditing to ensure security and allow retrospective inspection. For a conceptual design auditing isn’t something you would put in your “napkin” design but knowing if you need additional auditing does mean you have to design to be prepared for this in the logical and physical designs.

Based on customer requirements, determine security requirements for a vCloud conceptual design.

A large portion of this is the same as above as with security requirements around compliancy includes auditing also. For example if it is a private cloud that is being designed but it is for a hospital, then HIPAA standards need to be met and so certain security measures need to be applied. For conceptual this is mainly around separation, defence in depth and usage of two factor authentication to name a few off my head. How different zones within the cloud offering are separated and secured also need to be planned for and conceptually designed.

Based on customer requirements and vShield Edge security capabilities, determine the impact to a vCloud conceptual design.

For this you need to know what vShield Edge is capable of doing and in what use cases each of these would be used. A perfect document that describes this is the vShield Edge Design Guide Whitepaper. The actual impact to a conceptual design is mainly that vShield Edge allows isolated virtual datacentre’s hosted on a common physical infrastructure instead of needing siloed physical infrastructures. The separation via the vShield Edge firewall is in most cases more than sufficient but knowing where physical separation is required (PCI for example) is also very important.
vShield Edge also provides IPSec VPN capabilities which are very important for the security of your cloud infrastructure. Knowing that the vShield edge can provide this along with NAT,Load balancing and most importantly for this section firewall capabilities via one device means you don’t need multiple devices like in a traditional multitenant design.

Explain the logging capabilities of the various VMware products.

There are numerous products within the VMware product set that enable logging capabilities. The main ones that will apply to the vCloud infrastructure are:

vCloud Director: kb.vmware.com/kb/2021435
vCloud Director Cells: kb.vmware.com/kb/1026815
vCenter: kb.vmware.com/kb/1011641
vCloud Director Diagnostic and Audit Logs: http://download3.vmware.com/vcat/documentation-center/index.html#page/Operating%2520a%2520vCloud/3b%2520Operating%2520a%2520VMware%2520vCloud.2.139.html
vShield: kb.vmware.com/kb/1026255
A brilliant blog article by Tom Fojta about Centralized Logging in vCloud Director Environments which covers all of the above and some more

If you feel I have covered something incorrectly please let me know as I’m learning like everyone else and I certainly don’t claim to be perfect (near it but not perfect Winking smile ). Also the vBrownbag covered the whole of objective 1 here.

Gregg

December 3, 2013
by Gregg Robertson Leave a comment

VCAP-CID Objective 2.1 – Determine Catalog Requirements for a Logical Design

Knowledge

Identify what can be included in a published catalog.

A published catalog is one that is created in the administrative organisation with all the required components and vApp templates published to all other organisations in the vCloud environment. Good design practice to only allow the administrative organisation to publish its catalog and deny this ability for all the standard organisations.
The components that can be included in a published catalog are:
- Standardised gold master vApp that can consist of a single virtual machine all the way to 3 tiered offerings like a web service with a web front end, an application server and a database server. These are verified templates that meet regulatory and security standards which ensures consistency across the environment and provides the consumers with verified offerings that can be deployed with ease.Guest customisation changes the identity of the vApp and can be used for post-deployment steps, such as the joining of vApps to domains.
- vApp Templates which can cannot be deployed but can be deployed (instantiated), creating a vApp that can be deployed and powered on.
- Media like ISO files for software and applications. These are also verified and commonly customised to ensure standardisation and to provide specific capabilities.

Identify what can be included in a private catalog.

A private catalog can have the exact same components but it is controlled by the user/group assigned the Catalog Author vCloud role. This catalog is limited to a specific organisation and good design practice states you should limit the ability to publish this catalog thereby making it a private catalog.
This can still contain standardised vApp’s and ISO’s and if you are a service provider this is where the cloud consumer will place their standardised vApp’s and ISO’s so that the organisation can use them but other organisations cannot.

Identify permission controls for catalogs.

There are three Predefined roles in vCloud that have varying permissions and rights to make changes and create components in catalogs. A breakdown of the predefined roles and their rights are contained in this documentation centre link

Explain the functionality of a catalog.

This should be straight forward as this is VCP-IaaS level and I think all the previous sections define it pretty well also. But just in case i have pasted the VMware definition below:
- VMware vCloud Director uses the concept of a catalog for storing content. Organizations have their own catalog that they can populate and and share the contents with other organizations and users.

All entities in the catalog are stored in a content repository system. The content repository, a component in the vCloud Director storage subsystem, provides an abstraction to the underlying datastores while offering features to store, search, retrieve, and remove both structured and unstructured data.

Skills and Abilities

Based on application requirements, determine appropriate vApp configuration.

As I mentioned for the published catalog and private catalog sections above you can configure vApp’s with multiple tiers to allow the organisations to provision these offerings in their vCloud organisation and maintain standardisation. If a customer asks for a web service offerings then you can provide them with a three tiered vApp with a web front end, an application server and a database server. There may even be a requirement for availability of the offering so you will created multiple front end, application servers and a clustered database back end.
Using the web service example this will also require different networking to ensure the security of the offering which will mean different servers connecting to different networks and vCNS endpoint devices being configured as part of the vApp. I am planning on creating a few of these as practice in visio so that I can visualise them and make sure I know what they should look like in case a visio style question comes up or i just need a good mental picture to make decisions for questions.

Determine appropriate storage configuration for a given vApp.

This follows closely to what I covered above but now you need to think of the storage offering the vApp components are going to be kept on and what storage you are going to allow the vApp to be deployed onto. Using my trusty web service example you wouldn’t want the database sitting on low end storage as this would severely impact the service.
This is what I think they are asking for so if you think i’m wrong then please do tell me as I’m also learning and sometimes it’s difficult to gleam what they mean as this could also relate to fast provisioning.

Given customer requirements, determine appropriate catalog design.

I think for this if you have created catalogs countless times and know what you can put in there and that they can be published to specific organisations from other organisations or published to all from the administrative organisation then designing it should be simple enough.

Determine the impact of given security requirements, on a catalog structure.

This may be numerous things but there are times when an organisation wants only certain vApp’s and ISO’s in a catalog to be available to certain people and so you can configure the catalog to have certain portions only available to certain people.
There are also many organisations who have very customised and important virtual machines which they have converted to vApp templates and they want these secured so that only a certain person can access them and only that person can provision them for people.

If you think I have totally missed something then please do tell me as I’m only learning and I’m certainly not perfect.

Gregg

October 9, 2013
by Gregg Robertson Leave a comment

VCAP-CID Objective 1.3 – Determine Capacity Requirements for a Conceptual Design

Skills and Abilities

Determine how storage and network topologies affect capacity requirements for a vCloud conceptual design.

This in my opinion can be taken in a few ways so I welcome any feedback on if you think I have looked at this the wrong way but the way I am looking at this is the way it is all connected to differing portions of the environment obviously impacts the speeds that can be achieved and thereby the capacity of virtual machines that can be run over a certain link for networking or even over a specific NIC/Switch/HBA/Cable. So to use the networking topology as the example:

Network: For networking there are a number of constraints that can affect the capacity requirements for a vCloud conceptual design. To give an example I will use one that I am seeing a lot recently which is a 10Gb NIC connection from each blade/rack server in your proposed vCloud environment. For this 10Gb link you need to carve it up (either via native hardware methods or via NIOC) for all the varying types of traffic that needs to go over the link for your vCloud environment. Now if your network topology is inside an existing datacentre then you may have to connect to an existing top of rack switch which may only have the capability to provide two 10Gb connections per switch and the price for 2 new 10Gb switches (to obviously provide resiliency) won’t fit in the budget. So for the conceptual design if you need 10Gb of network traffic leaving each host to supply network requirements of the virtual machines on the host then you will need to either:

Change the hosts to have a sufficient number of NICs to provide this or
Go down an infiniband route or
Explain to the customer due to the constraint of having to use existing switches it is not possible to provide the required network bandwidth for each host so they will need to buy more hosts so that the virtual machines on each host get their required bandwidth.

This way of thinking applies exactly the same for storage and if you are running converged networking then it can be almost exactly the same.

Describe VMware vCloud Director and VMware vSphere functionality and limitations related to capacity.

This in my opinion is all about vSphere and vCloud maximums which is always something you have to keep in mind when doing a conceptual design as for example the linked clone chain length limit is 30 and then after this a new shadow copy is created which then utilises more space on a new datastore and affects storage capacity. Actually knowing these functionality metrics and limitations is something I have been learning from going through the vCAT documentation. I did think about listing all of them but there are so many and what they could impact is so vast I think this is something where you need to know the limitations and functional capabilities of the two products and then think of it in the holistic manner of the whole design and how it impacts the conceptual design. Now remember the conceptual design is the “napkin” style design and so product names do not feature but you need to understand at a certain level what is and is not possible from the products.
As I mentioned in my previous point if you feel I am totally wrong then please do tell me in a friendly manner as I am certainly not perfect and am doing this to learn.

Given current and future customer capacity requirements, determine impact to the conceptual design.

During your design workshops you will work out and record what the customer’s current and future capacity requirements are and then will need to plan for that 20% year on year growth they require to give an example. So if their current requirements can be met with eight hosts to be very simplistic then you will need to ensure you have sufficient capacity not just in compute but also storage, networking, cooling, power and switching.

Given a customer datacenter topology, determine impact to the conceptual design.

For this I think I covered it in the first section but you now need to look at the whole topology with storage, networking, power, rack space, distances between components, distances between datacentres, cooling and weight limitations to name a few off my head that may impact your conceptual design. So say for cooling you can only put in a certain amount of hardware into each rack which then impacts your conceptual design of how many blades can fit into the datacentre/server room.

Given cloud capacity needs, constraints, and future growth potential, create an appropriate high-level topology.

This is the point where you have done your design workshop and are now looking to do a high-level design of the environment that meets all the customers’ needs and shows to them you understand what they require and have planned for the future. The below diagram is a very basic version of what you would provide based on networking to show you understand their needs :

August 27, 2013
by Gregg Robertson Leave a comment

VMworld US Day 1

Now that the dust has started to settle on day 1 of VMworld US 2013 let’s have a look at what was announced, what seems to have been missed from the keynote that I felt are a few major improvements/fixes in vSphere/vCloud 5.5 and all the other important releases coming from the conference. *disclaimer* I am not at VMworld US so this is my take from across the Atlantic.

The day started with the keynote form VMware CEO Pat Gelsinger. I’m not going to detail a minute by minute commentary on it as I think the blog postings I will be mentioning below cover everything you need to know and you can watch the keynote for yourself Also Scott Lowe has done a brilliant live blogging of the keynote here.

I was fortunate enough to again be invited to an early access blogger program by VMware almost two months ago around all the announcements that were due to come out at VMworld. It has been really hard as a consultant to not mention it to customers especially the changes/rebuild of SSO. I did have a few blog postings in the works on the announcements but felt I could not do them justice so left it for better people and I was right in doing this I think as Chris Wahl has done an amazing nine part series on all the announcements which I think are a great overview of all the new features and changes and would have destroyed mine:

As I mentioned one of the big changes in vSphere 5.5 that I felt should have been mentioned in the keynote and would have probably got a loud cheer from the crowd was the massive changes to SSO. The SSO service has been almost totally rebuilt and when I was on the early access blogger webinars everyone breathed a sigh of relief as the SSO in vSphere 5.1 was not a simple thing to install especially seeing as it was recommended to break up all the individual components. This has now changed and it is recommended that they are all kept on one machine. Below is the recommended layout now for the vCenter Server design.

Kendrick Coleman also gave a great overview of it from 30k feet here . For me the real improvement is the simple steps to setup SSO now which are:

1. Accept License agreement (EULA)

2. Prerequisite check summary

3. Edit default port number 7444 (if necessary)

4. Select Deployment placement

5. Provide Administrator@vSphere.local password

6. Provide a site name or select a previous site name

7. Edit destination directory (if necessary)

8. Summary

9. Installation Complete

I’m one of the hosts of the EMEA vBrownbag and all of the US Brownbag and a few of the APAC vBrownbag team are out at VMworld US doing the very popular Tech Talks. The Tech Talks are 10 to 15 minute presentations by members of the VMware community on topics of their choice, almost like a mini #vBrownBag. They are being streamed live by the vBrownbag guys and are being recorded for people like me to watch them when you can. The schedule for the Tech Talks can be found here. Make sure you watch the stream live and give the guys the support they deserve as all of these presentations are from the community.

Talking about the vBrownbag crew one of the main culprits Nick Marshall has released alongside Scott Lowe, Forbes Guthrie, Matt Liebowitz and Josh Atwell (another vBrownbag host) the next instalment of the Mastering VMware vSphere book for vSphere 5.5. A massive congratulations to Nick on this project and for being asked and doing such an awesome job whilst still helping out on the vBrownbag. Nick has detailed the announcement on here blog here.

One of the biggest announcements from the keynote was the release of VMware NSX, as Forbes Guthrie said I’m waiting for NSXi but until that day the below are some of the highlights of the new feature and I would highly encourage you to read Chris Wahl’s detailing of the feature from above.

NSX Highlights:

VMware NSX is a next-generation network virtualization solution
Provide the key functions of network virtualization: decouple, reproduce, and automate
NSX will support any hypervisor, any CMP, any network hardware
- vSphere, KVM, and Xen are currently supported
- CMPs currently supported are OpenStack, CloudStack, and vCAC/VCD

NSX optimized for vSphere leverages the platform’s enhanced functionality

High-level View of VMware NSX Architecture:

VMware NSX Controllers:

Designed with a distributed, scale-out architecture.
- Minimum of 3 controllers for an NSX controller cluster.
- NSX optimized for vSphere scales to 5 controllers.

NSX controllers run a common code base in different form factors.
- Controllers run as infrastructure/service VMs in NSX optimized for vSphere.
- Controllers run as physical appliances in multi-hypervisor environments.

Controller functions optimized in each delivery option.

VMware NSX Virtual Switches:

NSX uses programmable virtual switches on the hypervisors
In NSX optimized for vSphere, NSX leverages:
- the vSphere Distributed Switch (VDS)
- the UW (Userworld) Agent for communications with NSX controllers

In multi-hypervisor environments, NSX uses:
- Open vSwitch for KVM and Xen
- NSX vSwitch (an in-kernel virtual switch) for ESXi

VMware NSX Gateways:

The gateways are the “on ramp/off ramp” into or out of logical networks
Both L2 (bridging) and L3 (routing) gateway functionality available
Basic functionality the same regardless of delivery option
- NSX optimized for vSphere leverages NSX Edge (derived from vCNS Edge)
- In multi-hypervisor environments, gateways are physical appliances leveraging a scale-out architecture

VMware have also posted the What’s New pdf for vSphere 5.5 which gives you a very good overview of all the new features and services here

VMware have released a new VMware certification called the VMware Certified Associate for those people looking to get into the IT industry. Unlike the VCP there is no required training but there are free eLearning courses available for people to skill up for the exam. These do look like a good starter for people thinking of learning the basics of virtualization and in my opinion would be great for high school students thinking of going into IT and virtualization after high school.

Well that is what caught my attention from day 1 of VMworld US. I’m looking forward to more information coming out and to getting my hands on all the new vSphere 5.5 tools.

Gregg

August 21, 2013
by Gregg Robertson Leave a comment

VMware vCloud Hybrid Service Beta Impressions

Almost two months ago I was selected as one of the very fortunate few VMware vExperts to participate in the VMware vCloud Hybrid Service beta. If you’ve not heard of vCloud Hybrid Service (vCHS) or not entirely sure what it is, then I’d recommend watching these videos before reading on:

“An Introduction to VMware vCloud Hybrid Service”

“A Look Inside vCloud Hybrid Service”

We were all provided a portion (or slice?) of a virtual datacenter in a multi-tenant cloud. As a bonus I got to share mine with two VCDX’s Chris McCain and Matt Vandenbeld. It’s always super exciting for a nerd like me to be able to do some of the cutting edge stuff with some of the top names in the industry.

Impressions:

The custom portal for vCHS looks extremely sleek and very intuitive for anyone using it for the first time or who may not have even used the vCloud GUI extensively. The front page presents you with a good overview of all your resources bundled into a Resource Snapshot section. You can easily review how much of your total resource is utilized and if you have more than one virtual datacenter you’ll observe the same utilization report per instance.

The virtual datacenter that I shared among three other people was number 25-202. If you click on the virtual datacenter in the Virtual Datacenters section above then it will take you through to your virtual datacenter page where you can check on your Usage & Allocation, Virtual Machines, Gateways, Networks and the Users who have access to this Virtual Datacenter.

Usage & Allocation

Virtual Machines

Gateways

Networks

I created a number of virtual machines for a test I am planning to blog about around using vCenter Configuration Manager in vCHS. One of these virtual machines is an MS SQL server which you can see below. You can access your virtual machines from either the virtual machines tab at the top of the page or via the Virtual Datacenter tab shown previously. If you are a user with permissions to access the vCHS vCloud Director portal (VPC Administrator) you’re able to manage VMs that you have permissions to using vCloud Director by simply clicking Manage VM in vCloud Director (shown below).

Personally I prefer working in the vCloud Director portal as this is something I’m very familiar with but the vCHS portal is more than adequate to undertake administration, it’s not too dissimilar to the standard vCloud one with an organization administrator view.

The flagship feature of the vCHS hybrid cloud connectivity is the ability to migrate workloads using VMware’s vCloud Connector using the new Data Center Extension in vCC 2.5 between your private vCloud instance and vCHS. I’m still testing this functionality but what I’ve seen so far the stretch deploy feature is looking like an amazing use case for people looking to migrate high workload resources to vCHS Chris Colotti covered a real world case and how he utilised stretch deploy here and here.

My initial impression of this service is really good and I’m looking forward to getting even more stuck in with real world customers and requirements. I’ll hopefully have my VCM blog posting out very soon although with all the goodness coming out of VMworld US it’s going to be hard.

Gregg

August 12, 2013
by Gregg Robertson Leave a comment

VCAP-CID Objective 1.2 – Identify and Categorize Business Requirements

Knowledge

Identify discovery questions for a conceptual design (number of users, number of VMs, capacity, etc.)

These questions are ones you are going to ask during the design workshop for the design/project. For the workshop you need to make sure you have the applicable project participants/stakeholders who can join the workshops (depends if you want one big one where people come and go at certain points or multiple ones where you speak to each business unit/ team). For the stakeholder meetings/design workshops I personally like to try bring in the following people, this does vary depending on the project and what has been chosen but 9/10 times these are the people you want to speak to:

Virtualisation administrators (if applicable. If not already present then future administrators of the solution)
Server Hardware Administrators
Backup Administrators
Storage Administrators
Desktop/OS Administrators
Network Administrators
Application Administrators (these are very important as their applications may have very specific requirements)
Security Officer
Project Sponsors
End users/ Help desk personnel (this I find is helpful to find out what are the current support desk tickets/problems the company are facing and if these will impact the project in any way. Also these discussions are easy to have in the hallway/over a coffee but have alerted me to unknown risks that would have severely impacted the design and delivery)

The US vBrownbag for the VCAP5-DCD objective 1 had a great first slide on VMware’s 5 Step Design Process:

Identify the effect of product architecture, capabilities, and constraints on a conceptual design.

I may be looking at this the wrong way but I think this is actually around how specific products architecture, capabilities and constraints isn’t applicable in a conceptual design as for a conceptual design you are only creating a “napkin” design diagram of how the whole environment is going to be delivered.

Skills and Abilities

Relate business and technical requirements to a conceptual design.

From one of the VMware service delivery kits available to VMware partners they give a great breakdown of what requirements are and what business and technical requirements are:
- Requirement – Documented statement that depicts the requisite attributes, characteristics, or qualities of the system
- Business requirements – Describes what must be achieved for the system to provide value
  - System must provide self-service capability
  - System must provide x% availability
  - System must provide optimal scalability and elasticity
- Technical requirements – Describes the properties of a system which allow it to fulfill the business requirements
  - System requires a Web portal where users can log in securely and deploy virtual machines based on defined policies
  - System must have fully redundant components throughout entire stack (host, network, storage)
  - System leverages virtualization technology and associated features

As mentioned these requirements will be gleamed from the Design Workshops/Stakeholder meetings and then put into the conceptual design. This is where you would work out if the customer requires a private, hybrid, public or even community cloud deployment. For example if the customer requires certain data to remain in a country for regulatory reasons then in the conceptual design you know compute resources, networking and connectivity between that country and the primary site need to be available. The speeds, number of hosts, make of hosts and amount of memory and vCPU are not in the conceptual design as this is the “napkin” design just covering the concept of how it will all work out and may actually change once you get to the logical and physical designs.

Some example business requirements a customer may have which are ones I did for my VCAP5-DCD Design Practice are :

Number	Requirement
R001	Virtualise the existing 6000 UK servers as virtual machines, with no degradation in performance when compared to current physical workloads
R002	To provide an infrastructure that can provide 99.7% availability or better
R003	The overall anticipated cost of ownership should be reduced after deployment
R004	Users to experience as close to zero performance impact when migrating from the physical infrastructure to the virtual infrastructure
R005	Design must maintain simplicity where possible to allow existing operations teams to manage the new environments
R006	Granular access control rights must be implemented throughout the infrastructure to ensure the highest levels of security
R007	Design should be resilient and provide the highest levels of availability where possible whilst keeping costs to a minimum
R008	The design must incorporate DR and BC practices to ensure no loss of data is achieved
R009	Management components must secured with the highest level of security
R010	Design must take into account VMware best practices for all components in the design as well as vendor best practices where applicable

For Technical Requirements a great way of doing it is to break them down into sections like:
- Virtual Datacentre Requirements – eg: Allocation model Virtual Datacenters reserves 75% of CPU and memory
- Availability Requirements – eg: VMware vCloud Director (clustering, load balancing)
- Network Requirements – eg: Organizations have the ability to provision vApp networks
- Storage Requirements – eg: Different tiers of storage resources must be available to the customer (Tier 1 = Gold, Tier 2 = Silver, Tier 3 = Bronze)
- Catalogue Requirements – eg: Catalog items are stored on a dedicated virtual datacenter and dedicated storage
- SLA Requirements – eg: SLA Requirement #1 – Networking 100%
- Security Requirements – eg: Organizations are isolated from each other
- Management Requirements – eg: Only technical staff uses remote console access
- Metering Requirements – eg: Metering solution must monitor vApp power states for PAYG
- Compliance Requirements– eg: Solution must comply with PCI standards
- Tenant Requirements – eg: Customer requires the ability to fence off vApp deployments

To make sure you are doing the design in a VCDX-like manner which should push you to do it at a very high level, don’t forget to refine the customer-specific technical requirements and validate that they are specific, measurable, accurate, realistic, and testable (SMART).

Gather customer inventory data.

This is what is going to be on the new vCloud system whether it is existing workloads or new workloads. A good way of getting this if the customer allows it is to run a VMware Capacity Planner collection on the existing workloads that are going to be migrated in so you know sizes, I/O and current state analysis values. The Capacity Planner can only be run by VMware partners so if this isn’t possible for you then manual collection and recording is going to be required. Another method is via the VMware vCloud Planner which is another tool only available to VMware Partners so maybe getting a VMware partner in to do this for you prior to the project running would be a good idea

Also knowing what the customer already has can help you understand possible future constraints for example that all their current servers are IBM and so this is likely to be the server platform for this design.

There may also be a requirement to use existing legacy physical kit already present in the datacentre which needs to be recorded and fully understood so that the risks and constraints of using this infrastructure are fully understood. For example if you are using legacy network switches which can’t do stretched VLANs this will impact your design substantially if you have two sites and a requirement for the Management cluster to be failed over/migrated in the event of a disaster.

Determine customer business goals.

This is plainly what is the customer looking to gain from the deployment of this solution? At the end of the project what do they hope to achieve? These are sometimes not as clear as you may hope as people have different ideas of what they want the solution to achieve so as the architect you will need to take all these business requirements, set expectations if they are unrealistic due to varying reasons like cost or pre-selected hardware and then define them and get sign off from the customer that they agree to these before any additional work is done. This is very important as if these aren’t defined and agreed to by the customer then scope creep can happen which could cause the project to fail.

Identify requirements, constraints, risks, and assumptions.

I’m not going to go into great depth here as I think the definitions of each will give you a good idea of what each is. During the design workshops/stakeholder meetings these are worked out, recorded and agreed to by the customer. Always remember that for any design you need to collect all of these and then look at it in a holistic manner and understand the impacts of each decision.
- Requirements – Documented statement that depicts the requisite attributes, characteristics, or qualities of the system. See above portions around Business and Technical requirements plus the examples.
- Constraints – Requirements that restrict the amount of freedom in developing the design
  - Hardware which already exists and must be used (for example,host or storage array)
  - Physical limitations (distance between sites, datacenter space)
  - Cost $$$
- Risks – Potential issues that may negatively impact the reliability of the design
  - Lack of redundancy for specific hardware component
  - Support staff has not had any training
- Assumptions – Suppositions made during the design process regarding the expected usage and implementation of a system
  - Provides a sounding board for design decisions which must be validated
  - Hardware required is installed before vCloud implementation
  - Network bandwidth is not a limiting factor for external end users
  - Appropriate training is provided to existing technical staff
- For assumptions and risks I like to get these highlighted to the customer right away as you normally don’t want any assumptions if possible and for the assumptions you record in your design you want these to be realistically clarified already so that the assumptions are only there to ensure that if what they promised would be there isn’t you can refer them to the assumptions they signed off.

Given customer requirements and product capabilities, determine the impact to a conceptual design.

This I think is covered above in places but is also something you can only really learn from actually doing a design and understanding how requirements shape a design and what impacts each of them have. On a conceptual design it isn’t as much of an impact as in a logical and physical design but limitations like keeping workloads in specific geographies and the capability of vCloud stretched clusters between the two locations for example are something that will impact the conceptual design. I would also read the Service definitions listed below in the recommended tools from the blueprint and the implementation examples from the vCAT.

Tools

Functional vs. Non-Functional Requirements
Conceptual, Logical, Physical: It is Simple
Private VMware vCloud Service Definition – This is in the vCAT
Public VMware vCloud Service Definition – This is in the vCAT
Hybrid VMware vCloud Use Case – This is in the vCAT
Product Documentation

If you feel I have missed something or am wrong on something then please do comment as I don’t proclaim to be the best and am always learning and welcome constructive criticism and feedback

Gregg

June 21, 2013
by Gregg Robertson 7 Comments

VCP5-IaaS Exam Experience

This morning I sat the VCP5-IaaS exam and am very pleased to say I passed it and with a pretty good score too! I decided to do the exam as I have been busy with a number of vCloud engagements and had a spare few days to prepare and get it done whilst the ability to gain the VCP5-Cloud if you have the VCP5-DCV was still available.

Resources

My preparations for the exam were fairly short as I only had two weeks of solid study before sitting the exam, that’s not to say I didn’t have a solid understanding of vCloud prior and I have been working with vCloud since the 1.0 days and have done a number of vCloud design and deployment engagements. The resources I used for the exam are as follows:

– The Trainsignal VMware vCloud Director Essentials videos by David Davis. I used these videos quite a while ago when they first came out which helped me gain a very good base knowledge and used a few of the videos again as the VCP5-IaaS exam is based on vCloud 1.5 and I have been using vCloud 5.1 most recently so needed to try remember/block out a few things.

– I also used the Trainsignal VMware vCloud Director Organizations set of training videos done by Jake Robinson. These are also based on vCloud 1.5 but give a great view of how an organisation administrator would do tasks.

– I used a third set of Trainsignal videos for my preparations were the VMware vCloud Director 5.1 Essentials set of videos by VCDX #104 Chris Wahl. These are for vCloud 5.1 whereas the test is vCloud 1.5 but the videos were brilliant and Chris explains vCloud networking amazingly which is the hardest part to get your head around in vCloud.

– For the above three sets of videos I followed along whilst doing it all in my lab and would HIGHLY recommend doing it this way as I don’t think you can understand vCloud without actually doing it yourself.

– Paul McSharry created three practice test for the VCP5-Iaas which can be done here VCP5-IAAS Practice Test 1, Test 2 and Test 3. These were great as a last minute practice test late yesterday to make sure I wasn’t missing anything.

– VMware vCenter Chargeback Manager is a big portion of the exam and I used the VMware vCenter Chargeback Fundamentals course to get my knowledge up to speed on the product. This course is really good and massively important as if you haven’t used Chargeback before you will be lacking in the exam.

– We did a few of the VCP5-IaaS objectives on the EMEA vBrownbag and I watched these as the way the guys cover the components are extremely helpful. They can be downloaded from iTunes here

– Lastly I used the vCloud Architecture Toolkit (vCAT) pdf’s which I read through and made sure I understood it all. This was probably a bit of overkill as the VCP5-IaaS exam is the entry level exam whereas the vCAT is geared more towards the CIA and CID but it gave me a great holistic view of how everything worked so if you have the time I would recommend reading them or at some of them.

The Exam

Due to my last two exams being the VCAP5-DCA and VCAP5-DCD I was used to having to burn through the exam/questions so having to go through the 85 questions was quite refreshing and the exhibits and questions were also fairly straight forward. I finished quicker than I thought I would which I put down to being used to the VCAP exams pace and felt the questions were easier than the ones for example were in the VCP5 (DCV).

Conclusion

Good luck to anyone looking to do the exam. I felt it was really fair although I may still be in a VCAP mind-set and is much shorter than the VCP5-Cloud so if you have your VCP5 already then I would say go for this whilst the “upgrade” path is still available. For me I think I am done for quite a while now and will be focusing on slowly building my VCDX design for a future submission.

Gregg

January 27, 2012
by Gregg Robertson 2 Comments

January 2012 London VMware User Group

Yesterday I was fortunate enough to not only attend the London VMware user Group but actually present. The day started pretty early and due to traffic I arrived half an hour late to the welcome and introduction from Alaric Davies so snuck into the back to not disturb and t allow me to have one or two last read through’s of my session at the end of the day.

The first session was from Symantec all about their ApplicationHA offering and then a live demo of bringing down a SQL instance on a virtual machine and how Application HA would automatically restart the service. They next demoed the product by deleting the database and showed how ApplicationHA would utilise Backup Exec to restore the database back and get it working again. A very cool product and one I’m hoping to test out in my home lab although sadly I wasn’t able to get myself an NFR licence that they were offering from their stand so hopefully I can find it and play with it.(UPDATE: Symantec saw this posting and have got in contact with me and have given me an NFR licence =0) ) Below is a video of what was shown to us on Thursday

ApplicationHA and Backup Exec Auto Recovery Demo

Next was Chris Kranz and Alex Smith presenting a session titled “would you like fries with your VM?” the session was a really great one as the guys spoke about how the landscape for IT professionals is constantly changing and how a normal server administrator was replaced quite largely by virtualisation and advancements in automation and with every release of the vSphere suite of products more and more work is being taken away from storage admins and network admins and now with cloud picking up the virtualisation admins are having to adapt or lose their roles. A very chilling reminder that if you don’t adapt in IT sooner or later you’ll be out of a job.

There was then a break where I got to meet a soon to start recruitment for Xtravirt Sean Duffy and chat about South Africa a bit with him being a Saffa too I also talked shop with Alan Renouf, Steve Chambers, Simon Davies, Ed Grigson, Jeremy Bowman and Harry Potter look alike Jonathan Medd.

The next session I attended was the VMware View session titled “End User Computing: Today & Tomorrow” by Clive Wenman from VMware. Sadly due to connection speeds he wasn’t able to do the demo he wanted but instead gave us a good overview of the new features in VMware View 5 and ThinApp 5. We then got talking about Horizon Manager and got a nice impromptu demo of the product and how it works which was highly interesting to me and looks to be a very good product once it’s released outside the US.

After lunch I attended the NimbleStorage presentation all about their offerings and the savings their products can bring you and how it all works. for me personally there was tiny bit too much comparison to competitors products but the product does look very interesting and I might actually be getting my hands on the product in my current role so hopefully I can write up and posting or two on my thought on the product once I’ve had a good play with it

Next was Dave Hill and Aidan Dalgleish presenting largely what Dave and Chris Collotti presented at the VMworld last year titled “Private vCloud Architecture Deep Dive”. I found this highly interesting as it was something I had hoped to attend at VMworld Europe but unfortunately due to the times they did them I was unable to attend. The session was highly interesting and gave loads of reference architectures and all the varying network pool methods and what each will enable you to do. I think the main recommendation from Dave that I think everyone needs to remember is that you need to build your vSphere environment correctly or else you vCloud environment won’t work like it should.

Now was the time of reckoning, my session was due and a number of people I chat to on twitter had made sure they were in the front row to heckle me and ask me loads of questions too. I was due to co-host the session with Scott Vessey from Global knowledge and of vmwaretraining.blogspot.com fame. My presentation was half around my VCP5 study resources page and all the resources mentioned on there that I used in my preparations for the VCP5 exam and how they helped me pass the exam and then a whole bunch of sample questions from Global Knowledge’s VCP5 Exam Preparation Workshop. Even though I started off quite nervous I think it went well and once we got to the sample questions at the end there were loads of discussions around the answers with some of the questions getting people calling out all the answers as correct even though there was actually only one correct answer. Quite few people said they enjoyed it and I think I put the fear into a large portion of the people in the audience after the sample questions and those knowing that have 31 days until the waiver period for VCP4 holders not needing to do the What’s New course to pass expires.

Afterwards we made our way to vBeers where I got to talk to loads of people (including fellow Xtravirt new starter Darren Woollard)and got some very helpful pointers on how to improve my presentation skills in my aim to hopefully present at VMworld this year. The day was a huge success in my opinion and it was great that over half the attendees were first time attendees! Thanks to the VMUG panel for setting it all up and hopefully I can attend the next one on the 17th of May (work permitting of course)

Gregg

May 13, 2011
by Gregg Robertson 4 Comments

London VMUG

Yesterday I was fortunate enough to attend the London VMware User Group (VMUG). I’ve been unable to attend the past few due to work commitments but yesterdays theme of “Your Journey to the Cloud” couldn’t have come at a better time as we’re currently looking at VMware’s vCloud Director product and a number of the sessions and talk were centred around this product.

The day started at 10am due to the number of presentations they were able to get in and the labs that people were able to take. The labs were a first and ran two different paths. The two labs and layout were described on the VMUG page as:

The VMUG are providing VMware vCloud Director Labs for all UG members to get a look and feel for the product. COLT has very kindly agreed to host the labs on their infrastructure in the Cloud. COLT are a certified VMware vCloud Datacenter Services Provider and the first in EMEA to provide this service. The COLT team along with VMware vCloud Architects have provided two types of labs to provide the best experience possible.

Lab A – Consuming Cloud resources from VMware vCloud Director
This lab is tailored to provide a user’s view of consuming compute resource from the cloud. It provides an insight into the ability provide resources via a self-service portal deploying virtual machines via vApps within private virtual datacenters.

Lab B – Administrating VMware vCloud Director
This lab provides the administrators view of vCloud Director. The lab contains a virtual center server, vCloud Director server and an ESX host to create compute resources within the cloud. It provides the ability to define different compute services in the form of vApp’s which can then be published within the vCloud Catalogue.

I personally didn’t attend a lab due to my wanting to get a number of my questions around vCloud Director answered and due to my already having done all the vCloud related labs at VMworld Copenhagen and so having already done large portions of the steps within the labs. I did however hear raving reviews of the labs from fellow attendees and when I arrived there was a line of people waiting to register for the labs which shows the interest in the labs.

The day kicked off with the standard welcome from Alaric Davies and Martyn Storey detailing the layout of the day and announcing the UK National VMUG being planned for Warwick for November 3rd .We then got straight into the first presentation from COLT who were presenting and demoing all about their vCloud environment’s implementation and inner workings. Greg Branch, Director of Architecture for Colt and Dan Senior, Virtualisation Architect for Colt did the presentation and demo’s together and I was really impressed with their offering and how they have used the vCloud technologies and products to be the first in EMEA to be a VMware vCloud Datacenter Services Provider.

Next was Paul Martin (@vzpaul) from Quest Software talking about “Private Cloud – Build for Success by Planning for Failure”. Pauls presentation was all about thinking and planning for things before and during the build out of your Private Cloud. Paul did leave me with a number of thoughts and things I need to research prior to us rolling out our own private cloud and how many differing parts of your environment can impact the running of it. Credit to Paul for not doing a marketing pitch for Quest software but rather giving valid points to look out for.

We then had a very quick refreshment break and then Simon Rahilly of EMC (@NoneOneMany) did his presentation all about the cloud and how the varying technologies from EMC from the storage, to backups to disaster recovery and high availability can help you with your journey to the cloud. I personally enjoyed the presentation and it was nice to hear a bit about the release of EMC’s Project Lightning also.

Lunch was then served at the event which was a very nice change as it meant everyone stayed in the rooms and I got to meet loads of people I follow on twitter and got to talk about all the things we’re currently doing in our VMware environments and gain some very helpful tips and tricks.

We were then given the option of two different tracks, each with different speakers and topics. I personally chose track two as I’ve always enjoyed hearing from Stuart Radnidge ( @vinternals ) and was keen to listen to Massimon Re Ferre’s presentation on the same track also. Stuart’s presentation was all about Rethinking Infrastructure and the experiences he has had with deploying a private cloud within his organisation. For anyone that knows Stuart you knew this was going to be a straight talking honest presentation and he didn’t disappoint as he gain some great pointers on how the business will ask for certain things and will expect things from your cloud implementation even though you “aren’t a web start-up”.

Next was Massimo (@mreferre ) who is a VMware vCloud Architect talking about vCloud and giving an overview of all the products in the “vCloud Family” and how each of them work. His presentation was very helpful to me to better understand vCloud Director and most importantly allowed me to ask all the questions I have been needing to ask about vCloud Director. I’m pleased to say Massimo and Martyn answered all my questions

Last in the track was Richard Zuber from VMware Global Support talking about support issues they have been receiving from customers using vCloud Director and the solutions they used to fix the problems. The presentation was a little dull as hearing about support calls and solutions isn’t the most exciting of things but it did show that making sure your networking is correctly administered and deployed for your vCloud implementation is very important in making sure you don’t experience problems and faults.

We were all then released to go to The Pavilion End pub for vBeers and I got to talk shop with fellow VMware Admins and met Julian Wood (@Julian_wood) of http://www.wooditwork.com fame, David Owen (@vMackem) of http://www.vmackem.co.uk fame, Simon Davies (@EV_Simon) of http://www.everything-virtual.com fame,Luke Munro (@mnrmunro) a fellow Saffa and Ed Grigson (@egrigson) of http://www.vExperienced.co.uk fame to name but a few.

It was an amazing day and I would highly recommend anyone thinking of attending to register for the next one on July 14th. Also a special thanks to Jane Rimmer (@Rimmergram) for her hard work on getting this all done and then not being able to attend due to being ill.

Gregg

December 16, 2010
by Gregg Robertson Leave a comment

All Things Virtual 20

There have been some brilliant blog postings since my last All Things Virtual,the release of some great news for android phones and a book written by two of the top VMware professionals in the world. If this is the first time you are reading one of my All Things Virtual then the idea of the posting is a quick post up of all the things virtual and linked to virtual that I have been doing/working with/learning/reading up on in the past few weeks.

Frank Denneman of frankdenneman.nl fame and Duncan Epping of Yellow-Bricks.com fame have written and released the vSphere 4.1 HA and DRS technical deepdive book. These two guys are probably the two best people in the fields of DRS and HA with Duncan having the very successful and extremely in-depth HA Deepdive and DRS Deepdive postings on his blog as well Frank having some of the best postings on DRS on his blog. I have ordered the book already and am awaiting its arrival. Both Duncan and Frank have already covered what is in the book in such detail that I feel it’s pointless to rehash what they have already said so here is Duncan and Franks postings about the book. I look forward to reading through the whole book when it arrives and strengthening my knowledge on the two technologies.
As I’ve said a few times before I enjoy testing myself by trying to obtain certain certifications, not to be a certification collector but to set goals to try to continually push myself and strengthen my knowledge and not sit still. So the release of the new certifications by EMC really caught my attention as I’m currently trying to strengthen my knowledge on storage technologies and practices by doing the ISM(Information Storage and Management) course. One of the perks of working for EMC is I’m able to do the course as a e-learning course for free and with the release of the new EMC Cloud Architect certifications the first step is obtaining your Information Storage and Management Associate (EMCISA) certification which fits in perfectly to my study goals for 2011. To make sure I don’t explain it incorrectly I would recommend reading Chuck Hollis’ blog where he has detailed the new certifications.
Speaking of certifications I’m really pleased by the amount of traffic my VCAP-DCA&DCD Study Resources Page and my VCP Study Resources Part 1 and Part 2 pages are receiving. Thanks to everyone who has linked to it/tweeted about it. One of the main resources listed in my VCAP-DCA study resources is Sean Crookston’s VCAP-DCA Index. Sean has now written the exam and has posted a brilliant write up on his impressions of the exam here. Rynardt Spies has also recently written the exam and posted his impressions here. I’ve decided to try sit the exam by March/April next year as I’m not likely to be ready before I go on holiday next year and have learnt from experience that writing an exam just before I go on holiday isn’t a good idea.
Next is one of my blog postings of the year due to its depth of information and brilliant supporting links and documents to cover his claim. It’s a blog by Julian Wood (@Julian_wood) all about how he feels vCenter is letting VMware’s side down. I would highly recommend everyone read it as it is both amusingly true to anyone looking after a virtual environment and covers many of the obstacles you may hit in the future with your own virtual centre server so you can be as prepared as possible if you are implementing any of the technologies. I agree with what Julian is saying and do think VMware need to make a plan with virtual centre as there are far too many bugs and problems still with virtual centre and for something that is so integral to the smooth working of your virtual environment it really needs to be as solid and reliable as possible.
With the release of PowerCLi 4.1 it is now possible to manage permissions with PowerCLI. The VMware blogs have covered all the new capabilities and how to do them here. I’m busy trying to teach myself PowerCLI by trying to do as much of my daily work with PowerCLI and VMA due to a large part of the VCAP-DCA exam being based on you knowing how to do things via these tools. Seeing as I’m a point and click person these are skills I need to learn very quickly and be able to do it as second nature.
One of the new features of vSphere 4.1 is VAAI (vStorage API’s for Array Integration). Recently both Duncan Epping and Eric Sloof have posted brilliant information on this feature and in Eric’s case have attached a video detailing how it all works. These are great for anyone who is working with VMware technologies and is likely to be either using vSphere 4.1 or will be upgrading to vSphere 4.1.
One of the biggest technologies to come out in virtualisation this year is VMware’s vCloud Director. It was the lab that was taken the most at VMworld Europe and everyone is trying to learn about it seeing as it is VMware’s product to help you move your resources into the cloud. I too did all the vCloud Director labs at VMworld Europe and have been collecting as many top postings about vCloud Director as possible so I can fully understand it so when I’m asked to implement it I’ll know how. Two blog postings have been added to this list from the past few weeks; one is from David Davis of Trainsignal fame interviewing the infamous Scott Lowe and was posted on the VMware blogs page interviewing Scott on Cloud Computing and vCloud Director. This posting really got my attention as it was really interesting to me to learn more about how the technologies from EMC and the VCE are perfect to help you move as smoothly as possible to the cloud, especially seeing as I work at EMC so I really should know about all of this. Next is an amazing demo by Duncan Epping that he created for the Dutch VMUG all about vCloud Director, creation of an Organization and its resources this demo is exactly what I love to watch and learn from as I’ve only recently been able to install vCloud Director in my home lab so it’s great to see how it’s all done and seeing as vCloud Director is such an in-depth and complex product any resources to shed some light on different things about how things are done within it are greatly appreciated by myself. I know I said two but if you missed me mentioning this in one of my previous postings and want to learn more about vCloud Director then look at the resources Scott mentioned in his interview and have a look at Hany Michael of Hypervizor.com fame’s vCloud Director page. Hany also has great video on vCloud director and his posting on VMware vCloud Director in a Box is what I used to setup my lab environment.
Next is the announcement of the Partnership between VMware and LG to virtualise android smartphones for usage by business users. Mobile virtualisation has been spoken about for quite a while but this next step is very exciting and as one of my colleagues Jaspal Dhalliwal posted that Virtualization is Coming of Age now and means VMware is going from servicing a few hundred thousand people to tens of millions of people via their smartphone devices. Simon Long also posted about this announcement on his page and has posted a very cool video of it. I’m not a massive phone person to be honest, I don’t have a smartphone or an iPhone but watching tat video is really making me think of getting myself one very soon.
Last but not least is the announcement by Veeam that they are giving away free NFR keys to VCPs, VCIs and vExperts. This is a brilliant idea and it shows that Veeam know who their dedicated followers are and who is likely to give them great press about the products and help them gain even more popularity. I’ve already downloaded mine and am due to install it into my lab environment very soon. If you’re a VCP/VCI or vExpert then get yourself a copy before they stop the deal.