Let me first wish everyone reading this a very successful 2015, I have a substantial amount of things I’m planning to do/accomplish this year and one of these is to get my VCDX and so this series is certainly going to help with this.
As the name alludes to, the EMEA vBrownbag of which I am one of the three hosts is going to be starting a VCDX series all around the VCDX to try help people along every section of the journey to obtaining the certification. I know all the things I am looking to get out of the series but despite me wanting to make it focus just on the things I want to do/know I wanted to get out a posting asking people what they would like us to cover. As I’m sure you are aware there are NDA’s attached to the certification but I am certain we can keep to these and have cleared this idea with the powers that be within VMware who are happy for us to do and will be participating at points also. Below are the rough plans for the series which we can run as long as there is content and people are interested. If you can please write in the comments section what you would like to see then we can start getting the ball rolling.
EMEA vBrownbag VCDX Series
January 20th (Confirmed) – VCDX Q&A Panel
A panel of a number of current VCDX and the VMware VCDX program manager where those burning questions you have about the VCDX can be asked. People need to come with questions for this.
February 10th (Tentative) – VCDX Design Scenario Mock Panel
We will do one or even two VCDX Design Scenario Mock Panels where a pre-agreed volunteer will do a VCDX Design Scenario Mock with a set panel just like the real defence and then will analyse what the panelists feel they did right and wrong.
February 17th (Confirmed) – What is required in a VCDX submission?
For this the name describes it all. We will go through what is required in a VCDX submission by following the VCDX blueprint and showing the depth and breadth of documentation that you should be submitting to be invited to defend your VCDX design.
March 3rd (Confirmed) –The Art of IT Infrastructure Design -Part 1
The authors of The Art of IT Infrastructure Design book will be covering their new book and what it entails and how it is a valuable resource for those looking to obtain the VCDX.
March 10th (Confirmed) –The Art of IT Infrastructure Design -Part 2
The authors of The Art of IT Infrastructure Design book will be covering their new book and what it entails and how it is a valuable resource for those looking to obtain the VCDX.
March 17th ( Confirmed) – VCDX Bootcamp Session with John Arrasjid, Mostafa Khalil, Chris McCain, and Mark Gabryjelski
A VCDX Bootcamp session will be run by John Arrasjid, Mostafa Khalil, Chris McCain, and Mark Gabryjelski.
As I said this is to help those thinking about doing the VCDX or even those who are already on the path towards it to get the information and knowledge they are looking for so let us know your thoughts on the tentative schedule and what other things you would like to see. Also don’t forget you can sign up for the EMEA #vBrownbag via this link.
Lastly a shameless plug of if anyone is interested in knowing all the resources I’m personally going through for my second VCDX attempt you can see them here.
I just wanted to repost this just in case people don’t follow the VMware SMB blog page. The below blog posting was posted by me on this blog over a week ago (I’m very busy at work doing cool vRealize Automation stuff which I hope to blog about very soon) . Hopefully this is of interest to a number of people and so keep an eye for my future blog posting via the SMB blog.
In recent years, virtualization has dramatically changed the infrastructure of companies and helped them to consolidate and optimize their environments. With the change and growth of the VMware vSphere® family of products, a number of features and solutions that were only part of the Enterprise and Enterprise plus licencing packages are now available for the small and midsize business (SMB) market as well. This change is causing SMB customers to rethink and re-evaluate their vSphere virtualized infrastructure to leverage these new offerings and realize the benefits of advanced reporting, data protection, enhanced optimization and advanced service offerings, to name a few.
In the past, many of these new features and technologies made a perfect fit for the SMB market, but costs made them prohibitive. That is now changing with a new wave of virtualization 2.0 technologies, including:
As a senior consultant doing work as a VMware partner and as an extension of VMware PSO, this change is something I am evangelising and explaining to all my customers. I especially want the small and midsize businesses I work with to know the capabilities and solutions that are now available at no extra cost to them, which can help enhance and optimize their virtualized infrastructure.
A large portion of these successes have been through the ability of SMB customers to now utilize vSphere with Operations Management to do reporting, monitoring and future planning through smart alerts, built in reports and health dashboards designed to optimize the utilization of hardware resources, such as CPU, memory and storage.
As shown in the screenshot below, this dashboard enables SMB customers to monitor the state of the environment through the current health score, the potential risks to the environment, the future health of the environment and how well the environment is running through the efficiency score. Each of these scores can be expanded to give further information and methods to improve these rankings. I always like to explain these scores like the the health of a person – the higher your health score is, the healthier you are, and the higher your risk factors, the bigger the chance of your health being impacted. Your efficiency is how well you are doing things and how you could do things better.
I’ve written a whitepaper around the need for SMBs to rethink their virtualization infrastructure and to elaborate on a number of the features and solutions that are now available to SMB customers, like vRealize Operations built into vSphere with Operations Management, as briefly detailed above. Download the whitepaper to learn how these solutions can help your business and your customers.
If you require any more information or consultancy about the solutions and technologies covered in the whitepaper, then please don’t hesitate to contact VMware Professional Services.
I am pleased to announce the second sponsor of my blog: Pluralsight . I am really excited by this sponsorship as I have been a massive fan and user of Pluralsight’s and previously Trainsignal’s videos and online courses for years and they have helped me pass all of my certifications within the last 7 years so you can understand how fond of the courses I am.
Pluralsight’s purchase of Trainsignal has enabled the videos to now be available via your tablet and gives you the ability to download videos to your tablet so you can watch them without needing Wi-Fi like on a train or plane. I honestly can’t recommend them enough and would highly recommend you give them a try and sign up for their no obligation 10-day free trial. They have videos ranging from VMware technologies, learning programming languages from scratch or advanced courses , Windows technologies,hacking, A+ N+ , leadership courses and Scrum fundamentals to name but a fraction of the courses. For some of the certifications I have recommended and personally used Pluralsight courses for and will be using again in the future have a look at the following study resources pages and blog posting:
I am pleased to announce the first sponsor of my blog: VMturbo. VMTurbo have been growing their solution year on year and won the “Best of VMworld 2014” Award – Virtualization Management and with their soon to be released VMTurbo 5.0 they are a major player in the virtualization management arena.
40%+ Utilization Increase. VMTurbo safely drives an average 40% workload:core density increase, freeing up valuable hardware and reducing software licensing costs. Customers re-purpose their existing hardware for HA, DR, VDI deployments, Test/Dev labs, and organic growth.
90-Day ROI. On average, VMTurbo customers recoup their VMTurbo investment within 90 days.
VMTurbo Operations Manager 5.0 is arriving in November. You’ll be upgraded for free.
Avoid 2015 price hikes.
Future-proof your organization. VMware CTO, Chris Wolf, said true automation is a necessity in tomorrow’s data centers. He also said VMTurbo is a vendor providing true automation today.
I am looking forward to trying out VMTurbo 5.0 in my lab and will be looking to review the solution also and give my honest opinion of it.
VMworld EMEA day 2 kicked off with the keynote from Carl Echenbach, Ben Fathi and Raghu Raghuram. Unfortunately the keynote was again largely a repeat of the VMworld US day 2 one with all of the same jokes and mock up pictures also. Due to this I’m not going to break down the keynote but rather recommend you watch the keynote recording here.
After watching the keynote and writing up my VMworld Day 1 blog posting I helped the vBrownbag crew with preparations for the TechTalks for which the recordings are now available on the vBrownbag YouTube channel. I would highly recommend watching these as there were some really great presentations from some very big vendors and names within the industry. I then went to the hands on labs and did HOL-SDC-1420 – OpenStack with VMware vSphere and NSX. The lab was really good and I plan to do the second part of it today.
Talking about containers VMware released a blog posting yesterday around Docker containers performance in VMware vSphere. some of the highlights from the article are that:
VMware find that for most of these micro-benchmarks and Redis tests, vSphere delivered near-native performance with generally less than 5% overhead.
Running an application in a Docker container in a vSphere VM has very similar overhead of running containers on a native OS (directly on a physical server).
After the HOL I attended the Solutions exchange and spoke to some of the vendors whose solutions interest me such as Nutanix, Hitachi Data Systems, PernixData, Simplivity , SolidFire and Colt stalls. Some amazing solution from these guys as well as many others, it’s scary how much the virtualisation ecosystem is changing.
From the solutions exchange I attended session STO2997-SPO The vExpert Storage Game Show EMEA which was really good fun and filled by really smart guys on the stage. I watched the recording of the one from the US a few weeks ago and it too was very informative and is a session I would recommend watching from both VMworld’s.
I then made my way back to the solutions exchange for the hall crawl where Hitachi were serving up sake and sushi at their stand which is two of my favourite things so I had to make sure I got myself some and they even gave us nice sake cups which I will personally use for a double espresso cup. A big thanks to Paul Meehan too for chatting us through their solution.
I stuck around in the solutions exchange until the VMworld party as the party is in the convention centre. The party seemed smaller this year although there was a big roller rink in the middle last year so possibly this was the reason. It was good to chat to very vNerds and even some ex-colleagues whilst waiting for Simple Minds to come on. I’m only 31 so I only knew two or three of their songs but they were hands down better than Taio Cruz last year and most of the crowd seemed to really enjoy it and they even did an encore. From the party I met up with some of my Xtravirt colleagues for a night cap.
Today at VMworld EU there are going to be a number of announcements and as has become the norm for VMworld Europe, VMware are making a number of announcements around their new management solutions. One of these announcements is vRealize Operations 6.0.
If you are wondering what I mean with the vRealize name then below is a very quick summary:
vRealize Suite
VMware vRealize is changing the name of the management solutions into simpler packaging and suites and as announced at VMworld US, vRealize Air Operations,Automation and Business will be available soon to provide a new SaaS solution for VMware customers via the renamed vCloud Air offering.
vRealize Operations 6
There are a number of new features and enhancements in vRealize Operations 6.0 one of these is the new scale-out architecture allowing high resiliency and availability as well as self monitoring to ensure that if an instance/slice is lost, it is reported and brought back seamlessly.
vRealize Operations 6.0 is now providing a public set of RESTful API’s to allow customers and partners to extend as well as get information in and out with ease so that it can be used for custom reporting or in the case of a project i have been on recently will allow monitoring of vCAC DEM’s and automatic provisioning of more if required.
The management dashboard of vRealize Operations 6.0 has maintained the same three panels on health Risk and Efficiency to provide viewing and reporting of immediate and future problems as well as opportunities to optimise. With vRealize Operations 6.0 you now have a new section below each of the three panels there are now problem alerts which give you correlation of problems and the ability to click the alerts to see the details as shown below.
There is also the ability to dig deeper into the problems by using vRealize Log Insight which can send alerts into vRealize Operations 6.0 if certain problems arise and allow custom reporting and alerting for partners and bigger customers who are looking for custom reporting and deep analysis.
Below is a summary of all the new features and solutions in vRealize Operations 6.0 allowing reporting of public and private architecture as well as simplistic single pane of glass management.
One of the biggest abilities of vRealize Operations 6.0 that I really like and i think will make all the customers I see as a consultant very happy is the support for new SDDC and hybrid cloud platforms meaning you can now monitor and report on networking,storage, OpenStack and vCloud Air. This will truly allow you to manage and report on your whole SDDC environment.
vRealize Operations 6.0 NSX Management Pack
With vRealize Operations 6.o as shown above is the ability to monitor and report on SDN solution NSX. With vRealize Operations 6.0 there is a new management pack for NSX.In the image below, you can see the heat map showing the transport layer. The transport layer is effectively all of the transport nodes (NSX term for hypervisors). These boxes are the ESX hosts registered with NSX, grouped by a particular transport zone. Transport zone is a group of hypervisors that share the same transport behaviour. On the bottom, the widget shows the top talkers. If there is a lot of traffic, this widget can help us figure out which VMs are responsible for the most network traffic.
There are three NSX dashboards: NSX main dashboard, NSX logical topology and NSX Edge services.
The current view is from the NSX main dashboard. Currently, we are a seeing information for a particular NSX Manager instance. The control plane widget is all the objects corresponding to the NSX Manager (API and connection to the vCenter Server for configuration), Controllers (responsible for configuring switches), Edge (VMs that deploy certain logical network services like DHCP, Load balancer etc. ), Logical Routers (Distributed routers responsible for configuring the routing software on each individual host).
All the alerts related to NSX are captured in Open Alerts widgets. This is based on hard threshold violations. We can see a number of High Availability violations. We have 40-50 alerts that are configured out of the box. We have detailed documentation on each of these metrics and what the alerts mean.
vRealize Operations Management Pack for OpenStack
OpenStack is emerging as the leading cloud platform for enterprises and some SPs. VMware are going to provide a management pack to support OpenStack providers. It will mostly be sold to existing vSphere customers who have OpenStack deployments currently.
Based on vRealize Operations 6.0
Unified UI for vSphere, NSX, OpenStack and other resources
Health, Risk and Efficiency badges for OpenStack objects
Sub-badges for OpenStack objects (workload, faults etc.) and capacity model
Problem detection and remediation for OpenStack infrastructure and tenants
Reporting templates for activity, capacity and issue frequency
Inventory, availability and capacity of ESX and non-ESX hosts, NSX and vSphere data stores registered with OpenStack
Integration with vSphere and NSX Multi Hypervisor Management Packs
OpenStack Controller Services Dashboard
Correlation of OpenStack Controllers to vSphere VMs
Services availability monitoring
Availability
Target GA date is Dec 2014
vRealize Operations Management Pack for vCloud Air
’Hybrid Cloud ‘Analytics
Provides utilization for cloud resources and deep VM performance data
Supports shared and dedicated/private Cloud
Includes 40 VM metrics related to CPU/memory/disk/network
Collects change events and resource topology from vCloud Air
Comprehensive vSphere like Out-of-box Dashboards
One operations console across private and public clouds
Out-of-the-box dashboards enable isolation and quick resolution of performance issue
Multiple Resources Supported
vCHS Cloud, vCHS Region, vCHS vApp, VDC ,VM, Cloud Type
All Form Factors Supported
vApp, Standalone – Windows and Linux
What’s Coming Next
Storage and networking service resource details or metrics
Summary
vRealize Operations 6.0 is going to enable both SMB and Enterprise customers who have either or both on premise and off premise workloads in their private or public clouds to monitor, report and make more efficient their environments. I am looking forward to working with vRealize Operations 6.0 and seeing all the capabilities especially through the RESTful API availability to enable my customers both large and small to get all the reporting and management they require integrated into their existing solutions.Make sure you watch the live VMworld keynote to learn more.
I came into IT when virtualization was just getting started. The more time I spent on call in the middle of the night the more I became motivated to find solutions. Application clustering was too costly for the developers and no business unit would agreed to it. Then came VMware it provided a live solution to hardware failures and great manageability benefits. At first chance I encouraged a proof of concept using VMware. Within the next two years we were 90% virtualized.
What made you decide to do the VCDX?
At some point every technical person is faced with the choice to specialize in their field. When I looked at my possible options I was faced with some tough options. I have to choose between operating systems (Linux), Storage or virtualization. It was the same year I had the opportunity to attend my first VMworld (2012). While attending the conference I really enjoyed being surrounded by such a great eco system and company. I was able to have some great technical discussions with people and I love the conference. It became clear to me that I wanted to specialize in VMware. I needed to learn a lot more about VMware. I have always found that certifications make me learn with purpose so I started setting certification goals for myself. Since I had been in a technical role the VCAP-DCA made sense. Once I passed that test I just kept going.
How long did it take you to complete the whole VCDX journey?
I got a VCP5 on Feb 2012. The certification journey really started with VMworld 2013 when I passed the VCAP-DCA and IaaS exams. This was followed up by the VCAP-DCD in Oct. 2013. I started on the VCDX on January of 2014 and submitted the design May 2014. The VCDX is not really a destination it’s really about becoming something not achieving it. I feel that my life’s experiences from a young child are part of my VCDX journey. I spent two years as a missionary for my church knocking on doors in Michigan. I like to think that really prepared me to stand my ground in a design defence better than any mock defence ever could. At the same time I feel like I am still trying to become a VCDX, I have a lot to learn.
What advice would you give to people thinking of pursuing the VCDX accreditation?
I have lots of advice and there is a write up on my blog (poorly written). The three largest pieces of advice I can give are the following:
Don’t kill yourself, set goals and keep them but keep balance don’t sacrifice the world for a cert. Lots of people think they are going to get it done by pulling all nighters… don’t it’s not going to end well.
Your design does not have to be perfect.. it’s not about perfect, nothing is perfect.
The key to school is figuring out what the teacher wants… read the blue print figure out what the teacher wants and do it… don’t try to outsmart the teacher.
Find a format for your documentation and stick with it.
If you could do the whole VCDX journey again what would you do differently?
Spend less time trying to figure out the format and more time on content.
Life after the VCDX? How did your company respond? Was it worth it?
LOL… well I switched jobs the week before my VCDX defence so the new employer was happy. I am still getting used to life after and a new job. Was the VCDX worth it? Yes, in fact even if I had not got the VCDX it was worth it. I learned so much about design… preparing for the VCDX forced me to learn more in six months than the last two years. If your desire to become a VCDX is purely in order to get a new job or more money you may not be on the right path.
What is next for you?
Great question. More certifications just don’t tell my wife… I already have the VCP-Cloud and I just finished a massive vCloud project and I am moving into a VCAC and NSX project so VCDX-Cloud might be in the future. Short term I think it’s time for a CCNA to help smooth over a rough bit in my knowledge.
For several years I have been very fortunate to attend VMworld Europe either via my company paying for the trip or in the case of last year, being able to attend as part of the vBrownbag crew and I’m very pleased to say that I will be attending this years VMworld US via the welcomed sponsorships of the vBrownbag sponsors (VMTurbo , Cisco , Brocade ,Infinio and Coho Data) for the TechTalks. Due to going as part of the vBrownbag crew VMware were gracious enough to give me a bloggers pass to cover my conference entrance fee and when I am not helping with the TechTalks or the VMunderground Open Acts i plan to blogging and tweeting away. But I am not only looking forward to going just for these reasons (certainly they are amazing enough reasons) but for several others and so I thought I would put out the reasons I’m looking forward to VMworld US and why if you haven’t booked to attend yet then why I would HIGHLY encourage you to register.
Social
I know what you are thinking and yes there certainly are some amazing parties and there are people who sadly take it as a jolly rather than experiencing the conference but the social I am referring to is social media as well as actual human interaction with like minded people. I am sure a number of people are like me where we sit behind a computer for countless hours,then sit on our phone or tablet tweeting away to people about the latest virtualisation or related technology but have never actually met these people. In fact most of the people you tweet with are actually on the opposite side of the world but their blog posting/communities response/book/podcast/webinar or twitter response to a question you posted saved you countless hours of work or helped you get that new role or certification. Well VMworld is the perfect place to meet these people and thank them for their help, get your book signed by the author or throw the book at them if they were wrong (physical violence no matter how funny it may be from afar isn’t the answer…most of the time). This also allows you to talk about how cool the new features in vSphere 6.0 are and not get that placating nod your wife/girlfriend (husband/boyfriend for those super vWoman in the community) gives you when you get excited about it. For me the interaction and friendships I have had and made from VMworld conferences have sometimes been the best part as being able to chat to the person who wrote the book on VSAN/PowerCLI/VMware Networking for example is worth the conference fee in itself.
Sessions/Labs
The sessions,labs and announcements are brilliant and the only reason I chose social first is due to it being something not that many people think about. The sessions and labs are amazing and even though you can watch almost all the sessions (breakouts aren’t recorded) and do all the labs now via labs.hol.vmware.com ,being able to attend the sessions for the week and hear about all the great new features and how people have taken the solutions provided by VMware and met their companies or customers requirements with them without being bothered by home life or work is an amazing learning experience. The same applies to the Hands on Labs where you can take the labs and skill up on the most recent technologies or even older ones that you might not have had the time to learn up until now. There are sessions for everyone as there are sessions where they are entry level for those people just getting into VMware technologies to advanced sessions where it is VMware engineers or product teams talking about the knitty gritty of the solutions. There are also loads of panel sessions ranging from meet the vExpert bloggers panel sessions to VCDX panel sessions where you can ask questions and learn from top vBloggers and or ask all those questions about the VCDX or the pre-requisites exams from those who have done it. If you are working for a VMware partner there is a partner day where as you guessed it, it is exclusively for partners and VMware will do sessions covering all the technologies and how they are working to make it better for partners or those selling their solutions.
TechTalks
Ok I’m probably very biased but the vBrownbag crew along with the help of our sponsors run the TechTalks from the community area where people who may not have had their sessions accepted to present at VMworld (this is not a reflection on the quality I can assure you) present about numerous different topics (no sales pitches) for ten minutes and they are streamed as well as recorded. The TechTalks have been a major success with loads of people watching the live stream, a very large number of views of the recordings and we also have a very good amount of live audience watching them. The schedule for the TechTalks is due out imminently and from having seen some of the amazing names on the list it will not disappoint.
Solutions Exchange
The solutions exchange is where all the vendors including sponsors have their stalls/booths where you can talk to them about their latest release, speak to some of their top people around possibly solutions you are looking to implement or need help fixing and even go to the VMware Expert bar. The Expert bar allows you to talk to the best people for each VMware technology and hear and see what all the new solutions from VMware can do for your business. As you would expect there are loads of freebies and competitions from all the vendors and this is the place where you can hear about that new technology and then be able to drop it in a conversation with your boss to show how on the ball you really are.
General
There are also numerous activities that fall under the general banner like the VMworld party which last year had Train and Imagine dragons performing at the AT&T Park and three years ago were the Killers. There are also a number of vendor parties, parties exclusively for VCDX/vExperts and vendor excursions (brewery tours etc.) . The parties and meet ups in the evenings are amazing and if you have some self restraint and make sure you answer your phone when the wife calls, you can have an amazing time and still get the most out of the conference during the day. These are also a really great place to make new friends and even speak to some of the top names in the industry and realise they are 9 out of ten times really humble and friendly people.
If your significant other wishes to join you then there is spousetivities run by Crystal Lowe where vWidows/ partners of conference attendees can do day excursions.
Register Now!
If you haven’t registered for VMworld then I would highly recommend doing so here as it is well worth attending and if you need to justify it to your boss then why not use the VMworld letter for that. If you are attending then I would love to meet you and have a beverage with you or just chat tech. I will most likely be wearing one of my vExpert shirts or hanging around with the vBrownbag crew.
I am also planning to blog about a number of the announcements from VMworld so keep an eye out on my blog for those
For security standards there are a few and for these they are normally for government,finance,military and telecommunications. There are a few standards each of these keep to and they largely overlap into the next point of compliancy. For example here in the United Kingdom there are a few cloud vendors who run community clouds where they assure they meet business impact levels and each of these levels determines the requirements for protection. A really good article straight from the UK government is here where information security is defined based on a number of criteria. A lot of government and military companies keep data in IL2 or IL3 and vSphere 4.0 and 4.1 were actually verified to meet IL3 compliancy. Recently they are still EAL4+ and FISMA certified.
For your conceptual design you will need to know what abstraction is required based on whatever the relevant security standard is and most likely have to sit down with the compliancy officer and determine what they feel is required for them to approve your solution meets their security standards.
Identify relevant industry compliance standards.
There are a number of compliance standards that are used from various companies who process credit cards, hospitals who keep peoples personal data to companies who have to keep to specific regulations. There are a number of these and some are only applicable in specific countries but the ones I think are the most likely to be seen in a vCloud environment are:
Sarbanes-Oxley
Health Insurance Portability and Accountability Act (HIPAA)
Federal Financial Institutions Examination Council (FFIEC)
Payment Card Industry Data Security Standard (PCI DSS)
International Organization for Standardization (ISO) 17799
National Institute of Standards and Technology (NIST)
International Organization for Standardization (ISO) 27001
A really great example of this is the Architecture Design Guide for Payment Card Industry (PCI) document by VMware. This is PERFECT in showing the kinds of things you need to keep in mind and the varying mechanisms to achieve this. The document goes much deeper than conceptual but seeing as you will have to go from conceptual to logical and then to physical it makes sense to learn it now.
This along with the two points above are covered perfectly in appendix B of the vCAT Architecting a VMware vCloud pdf. For the conceptual design this is more around isolation and multi-tenancy but the whole of appendix B gives a great break down of the kinds of security that is possible within vCloud and the mechanisms and products that can be used to achieve this.
Identify the auditing capabilities of vCloud technologies.
This is the vast mechanisms such as logging,log retention, syslog shipping and firewall logging via vCNS to name but a few that are possible via vCloud. Appendix B of the vCAT covers these off really well and the retention policies mentioned in the Architecture Design Guide for Payment Card Industry (PCI) document cover off the kinds of auditing you may be requested to do. For conceptual this isn’t very applicable and I’m amazed it is actually mentioned here.
Skills and Abilities
Based on customer requirements, determine auditing requirements for a vCloud conceptual design.
These would be determined in design workshops and discussions with different subject matter experts within the customer around what they are looking to audit/log and if there are any compliancy standards they needs to meet. If they are a service provider who provides public cloud to the general public then there is a very good chance they have to meet PCI compliancy for example and so retain logs and do auditing to ensure security and allow retrospective inspection. For a conceptual design auditing isn’t something you would put in your “napkin” design but knowing if you need additional auditing does mean you have to design to be prepared for this in the logical and physical designs.
Based on customer requirements, determine security requirements for a vCloud conceptual design.
A large portion of this is the same as above as with security requirements around compliancy includes auditing also. For example if it is a private cloud that is being designed but it is for a hospital, then HIPAA standards need to be met and so certain security measures need to be applied. For conceptual this is mainly around separation, defence in depth and usage of two factor authentication to name a few off my head. How different zones within the cloud offering are separated and secured also need to be planned for and conceptually designed.
Based on customer requirements and vShield Edge security capabilities, determine the impact to a vCloud conceptual design.
For this you need to know what vShield Edge is capable of doing and in what use cases each of these would be used. A perfect document that describes this is the vShield Edge Design Guide Whitepaper. The actual impact to a conceptual design is mainly that vShield Edge allows isolated virtual datacentre’s hosted on a common physical infrastructure instead of needing siloed physical infrastructures. The separation via the vShield Edge firewall is in most cases more than sufficient but knowing where physical separation is required (PCI for example) is also very important.
vShield Edge also provides IPSec VPN capabilities which are very important for the security of your cloud infrastructure. Knowing that the vShield edge can provide this along with NAT,Load balancing and most importantly for this section firewall capabilities via one device means you don’t need multiple devices like in a traditional multitenant design.
Explain the logging capabilities of the various VMware products.
There are numerous products within the VMware product set that enable logging capabilities. The main ones that will apply to the vCloud infrastructure are:
If you feel I have covered something incorrectly please let me know as I’m learning like everyone else and I certainly don’t claim to be perfect (near it but not perfect ). Also the vBrownbag covered the whole of objective 1 here.
Identify availability options for management components.
Availability can achieved within the vCloud architecture in a number of different ways and via differing methods. I’m going to break them up into different categories and i’m not going to cover each one but if you understand the different methods I think when you are reading the vCAT or any other kind of design book you’ll be able to identify them with ease.
Redundancy: This is simply creating multiple instances of an important service to ensure that if one or more fail that the solution isn’t impacted by this. There are multiple examples of this but the most simple but one of the most important in my opinion is the creation and usage of multiple vCloud cells to ensure load balancing but more importantly redundancy in the event of a loss of a vCloud cell. You can also cover this further down the stack with Heartbeat in the vSphere layer(even though this has now been made end of life) ,multiple network cards from the physical networking and multiple redundant switches to multiple redundant storage processors.
Disaster Recovery/Failover: This is covered in a whole section in the vCAT which goes over methods of utilising products like SRM to configure disaster recovery of the management layer. For conceptual this is more about knowing what is and isn’t possible but also taking the availability requirements of the customer from a business impact analysis where it is deemed the amount of money a customer is willing to lose due to downtime and then equate this to a number of nines. The table below gives an example of the number of times compared to amount of downtime and with the larger the number of nines this will then mean more expensive solutions which you will need to advise your customer about (99.9 can be met by HA for example but 99.99 will require heartbeat and synchronise replication with QoS). For conceptual you don’t cover specific products but knowing that you will need a DR site with fast links between will cover this for example.
Differentiate between management components and resource components.
This is simply determining what should be part of your management cluster and what should be part of your resource cluster. I think this is really straight forward as anything in your management cluster is used to provide services to you the vCloud administrator and the resource cluster/s are for your customers to provision to and is the pools of resources you configure as your provider virtual datacentres. The below image is a great example of a conceptual diagram of the management and resource clusters.
Skills and Abilities
Explain compatibility of various vSphere high availability features with a vCloud design.
This is covered perfectly in appendix A of the vCAT Architecting a VMware vCloud pdf so I don’t see the need to explain it here and i think it is better if you go through that instead. The link to the online documentation centre is here
Given customer requirements and constraints, determine appropriate customer Service Level Agreements (SLAs) for the conceptual design.
This is covered in more depth within objective 1.6 so we will cover this in that section.
Determine how given SLAs impact availability design decisions.
This is covered in more depth within objective 1.6 so we will cover this in that section.
Given customer requirements and constraints, determine how to achieve desired availability.
From the design workshops and requirements collecting you will have worked out what the customers requirements and constraints are and will then have to work with these to try meet them all. For this it is their availability requirements which will be as I mentioned above their permitted amount of downtime per year along with their RPO’s ,RTO’s , MTD’s and WRT’s. From this you will have to work with their constraints to design a solution that meets their requirements so for example if they have an RPO of 5 minutes for critical systems within the management cluster in the event of a site failure this cannot be achieved via SRM with vSphere replication. For the conceptual design my example isn’t applicable but knowing this kind of limitation will then mean you know conceptually what needs to be created (multiple sites with fast links that have near zero latency for multiple data service providers and storage that can achieve this)
Given customer requirements and VMware technologies, determine availability impact to the conceptual design.
I feel this is largely what i have mentioned above but now you are including VMware technologies limitations/capabilities into your thinking which I actually did above. You will need to know what is and isn’t possible with HA for example and how it’s can only provide a certain level of availability and is limited by the amount of restarts it can achieve at once whilst being possibly limited by priority groups.
If you feel I have covered something incorrectly please let me know as I’m learning like everyone else and I certainly don’t claim to be perfect (near it but not perfect ). Also the vBrownbag covered the whole of objective 1 here.
). Also the vBrownbag covered the whole of objective 1 
). Also the vBrownbag covered the whole of objective 1 
TheSaffaGeek 