While at a customer site this past week, I was confronted with a situation. But before I get to that, lets talk about vCenter and vCloud Design.
First thing is first, you should be vaguely familiar with vCloud Architecture Toolkit (vCAT). One important topic it discusses is the placement and use of vCenter when it comes to vCloud Director. It's a recommended practice to have 2 vCenter servers in a vCloud environment. Use 1 vCenter server for hosting Datacenters/Clusters/VMs that are relevant to vSphere and vCloud Infrastructure Components. Use another vCenter server for hosting vCloud Resources. Why's this?
So lets take a look at 2 vCenter vCloud environment where there is already a management cluster for other applications. This management cluster already has a vCenter Server, SQL Server, vCOPS, AD/DNS, etc. and probably manages other cluster in the datacenter. If the resources are available, you will want to create a cluster called a vCloud Management Cluster. This Management cluster will house the second vCenter Server, SQL, vShield Manager, vCD Cells. There is a second SQL server because the vCloud vCenter, vCloud vCenter Update Manager, and vCloud Director applications will all need access to a database. It's best to have a second because using a single SQL server in a different cluster can cause latency int he applications or unexpected downtime. As depicted in the diagram, the Management vCenter Server owns the Management Cluster and the vCloud Management Cluster. The vCloud vCenter Server own the vCloud Resource clusters.
This is how it would look in vCenter:
Here's another instance where we see a 2 vCenter vCloud environment. Instead of having a dedicated vCloud Management Cluster, it's integrated into a different management cluster. This management cluster will need to have ample space to satisfy HA requirements. As we can see in the logical diagram, all the VMs before have been listed (I didn't show AD/DNS, but that should be in there as well) except there is an orange and red box around the second SQL Server. This depiction means that a 2nd server may or may not be necessary depending on your requirements.
Here is a resemblance in vCenter:
So back to my dilemma this past week. I'm standing up a vCloud POC environment for a customer and they only purchased 1 vCenter license. What's the best approach? Well of course the single vCenter and SQL server are going to manage all clusters. But how do we get around some things we mentioned before about separation of management domains, and saving a vSphere admin from himself? Here is the simple logical design, but skip on down to the vCenter example.
So you might be looking at this diagram and saying, "yeah, so what?". There was thought into what you see below. Since we only have a single vCenter to manage all the clusters, we need to create a separation of management domains. This is done by creating a second logical datacenter and putting the vCD resource clusters in that datacenter. Using role based access control (RBAC) we can allow certain AD users/groups to only access the datacenter that is relevant to them. Therefore, an AD group such as "Cloud Admins" can access the vCloud-Resources Datacenter object when logging into vCenter. At the same time, creating this second logical datacenter is saving a vSphere admin from themselves. If this were all pooled into a single logical datacenter, a vSphere admin would be looking at a mess of multiple virtual distributed switches and folders. There would be a vDS assigned to the management cluster, and a vDS or two assigned to vCloud Resources, and perhaps a recovery vSwitch somewhere. All of these would be visible from a single view (BAD!). Since a virtual distributed switch is tied to logical datacenter, we get a clean separation. When a vSphere admin looks at the Networking tab under the vCloud-Resources datacenter, they will only see things relevant to vCloud and vice-versa. This logical datacenter separation allows you to safely use 1 vCenter server in your vCloud environment.
|
Nuffnang
Monday, July 2, 2012
vCenter and vCloud Management Design - Management Separation
Subscribe to:
Post Comments (Atom)
No comments:
Post a Comment