Jun 9, 2018 - vSCSI filter, tracks block changes to virtual disks (VMDKs) of running VMs. Depending on .... vcav resume
VMware vCloud® Architecture Toolkit™ for Service Providers
Architecting a VMware vCloud® Availability for vCloud Director® Solution Version 2.9 June 2018
Tomas Fojta
Senior Staff Architect, VCDX
1 | VMware vCloud® Architecture Toolkit™ for Service Providers
Architecting a VMware vCloud Availability for vCloud Director Solution
© 2018 VMware, Inc. All rights reserved. This product is protected by U.S. and international copyright and intellectual property laws. This product is covered by one or more patents listed at http://www.vmware.com/download/patents.html. VMware is a registered trademark or trademark of VMware, Inc. in the United States and/or other jurisdictions. All other marks and names mentioned herein may be trademarks of their respective companies.
VMware, Inc. 3401 Hillview Ave Palo Alto, CA 94304 www.vmware.com
2 | VMware vCloud® Architecture Toolkit™ for Service Providers
Architecting a VMware vCloud Availability for vCloud Director Solution
Contents Introduction.............................................................................................. 7 Use Cases ............................................................................................... 8 2.1 Disaster Recovery............................................................................................................... 8 2.2 Migration ............................................................................................................................. 9
vCloud Availability Architecture Design Overview ................................. 10 3.1 vCloud Availability Architecture ........................................................................................ 10 3.2 Network Flows .................................................................................................................. 12 3.3 Conceptual Architecture ................................................................................................... 12
vCloud Availability Management Components ...................................... 14 4.1 Logical Architecture .......................................................................................................... 14 4.2 vCloud Availability Installer Appliance .............................................................................. 15 4.3 vCloud Availability Portal .................................................................................................. 17 4.4 vCloud Availability Administration Portal .......................................................................... 18 4.5 Cloud Proxy ...................................................................................................................... 19 4.6 RabbitMQ .......................................................................................................................... 24 4.7 Cassandra > wss://:443/socket/cloudProxy
Table 4. Example of Load Balancer Configuration Attribute
Specification
Cloud Proxy FQDN (TCP 443)
From Cloud IP (TCP 31031)
Application type
TCP
SSL mode
SSL passthrough
Persistence
SSL Session ID
Pool members
Pool health check
TCP
Pool algorithm
LEASTCONN
Pool TCP ports
443 and 31031
20 | VMware vCloud® Architecture Toolkit™ for Service Providers
Architecting a VMware vCloud Availability for vCloud Director Solution
4.5.2 From-the-Cloud Tunnel The from-the-cloud replication is a complex process that involves a control connection (initiated by the on-premises vSphere Replication vCloud Tunneling Agent) and replication encoding="UTF-8" standalone="yes"?>
4.12 ESXi Hosts The cloud ESXi hosts already run vSphere Replication Agent and vSCSI filter because these services are embedded in the hypervisor. Incoming replications are coming through vSphere Replication Servers over Network File Copy protocol (NFC). Outgoing replications go directly from hosts to Cloud Proxies (HBR port TCP 31031).
2
https://vdc-repo.vmware.com/vmwb-repository/dcr-public/9673486d-16ff-4673-b18cea87d2315ff7/ad7f6352-26f3-4f38-8d42-4e275288d4d9/operations/GET-HbrServerStatistics.html
30 | VMware vCloud® Architecture Toolkit™ for Service Providers
Architecting a VMware vCloud Availability for vCloud Director Solution Figure 15. Provider vSphere Replication Traffic
In vSphere, you can specify which VMkernel ports must be used for both traffic types, so it is possible to dedicate specific network uplinks. Figure 16. VMkernel vSphere Replication Traffic Types
In most cases, vSphere Replication traffic shares the same uplink with other traffic types (Management, vSphere vMotion, and so on). In such cases, VMware vSphere Network I/O Control on VMware vSphere Distributed Switch™ can be used to define service quality by setting shares, reservations, or limits.
31 | VMware vCloud® Architecture Toolkit™ for Service Providers
Architecting a VMware vCloud Availability for vCloud Director Solution Figure 17. Network I/O Control Traffic Shaping of vSphere Replication Traffic Type
Make sure that every resource ESXi host can reach the from-the-cloud endpoint (usually Cloud Proxy internal load balancer – see Section 4.5.1) on port 31031. This process can be tested with the following command: cat /dev/zero | nc -v 31031
4.13 vCloud Availability Metering vCloud Availability is licensed on top of VMware Cloud Provider Program bundles with 18 points per protected VM per month.
Note
The VM that is replicated for migration is not subject to vCloud Availability licensing if its migration is fully finished within 30 days.
The metering is provided by vCloud Usage Meter version 3.6 or later. As vCloud Usage Meter cannot automatically distinguish the replication purpose for disaster recovery or for migration purposes, the service provider license administrator must subtract migrated workloads from the end-of-month report manually.
4.14 vRealize Orchestrator VMware vRealize® Orchestrator™ provides service orchestration. It can automate tasks across VMware products leveraging vCloud API, VIM API, NSX API, and so on. Using generic plug-ins (SSH, SOAP, HTTP REST, SQL, PowerShell, or Active Directory) or third-party specific plug-ins, vRealize Orchestrator can orchestrate other systems as well. vRealize Orchestrator has two distinct roles in vCloud Director environments: •
Act as an extension that is subscribed to RabbitMQ, and consume vCloud Director messages. In this role, vRealize Orchestrator extends vCloud Director by providing additional services (backup, additional controls, CMDB integration, and so on).
32 | VMware vCloud® Architecture Toolkit™ for Service Providers
Architecting a VMware vCloud Availability for vCloud Director Solution •
Act as an orchestrator for common onboarding or tenant life cycle tasks. The tasks are triggered by an external portal (VMware vRealize Automation™ Advanced Service Designer, or the vRealize Orchestrator REST API). By using vRealize Orchestrator plug-ins, you can configure the tenant service end-to-end.
For vCloud Availability use cases, the second role can be used to provide tenant onboarding and managing disaster recovery failover for fully provider managed services. To obtain high availability, deploy two vRealize Orchestrator appliances in active – standby configuration, with a network load balancer that provides access to the active instance behind common VIP. Both appliances must be configured in the exact same way and must share a common xmlns:vcloud_v1.5="http://www.vmware.com/vcloud/v1.5"> xs:boolean xs:boolean xs:boolean Table 14. Org VDC Replication Features Element
Description
IsPlannedMigrationEnabled
Can run planned migrations? (Boolean)
IsFailoverEnabled
Can configure failover? (Boolean)
IsTestFailoverEnabled
Can configure test failover (Boolean)
Limiting replication features at the Org VDC level is useful in scenarios where vCloud Availability for vCloud Director is used only for onboarding of tenants’ VMs and only planned migration is enabled.
Note
Only Org VDCs with thin storage provisioning can be enabled for replication.
5.4.2 Org VDC Architecture vCloud Availability for vCloud Director services can be offered on top of existing vCloud Director environments. In such cases, provide a separate Org VDC with enabled replication next to existing regular Org VDCs. Tenants can run regular workloads or the workloads that use application-level replication (for example, Active Directory servers or SQL AlwaysOn encoding="UTF-8" standalone="yes"?> > 4.0 {epochtime}< /ns2:LastHeartbeatTimestamp>
vSphere Replication Server
GET /api/admin/extension/ vr/ vrs/{vrs_id}
true
vSphere Replication Manager Server
GET /api/admin/extension/ vimServer/{vimserver-id}/vrmServer
true
55 | VMware vCloud® Architecture Toolkit™ for Service Providers
Architecting a VMware vCloud Availability for vCloud Director Solution Component
vCloud API call
Response
Cloud Proxy
GET /api/query?type=cell
or alternatively GET / api/server_status GET :8443/ api/vcd/server_status
Portal
Service is up.
Service is up.
Table 18. Monitoring using Service Manager Portal API Component
SMP API call
Response
Retrieve all monitored objects
GET /vRObjectList
{
"vRMSList": [ {
"name": "vcsa-mgmt",
id": "355072cf-0626-4c51-bf04-c7e075cfbcce"
}
],
"vRSList": [ {
"id": "52030010-0098-19be-23ab-fca03479627e" }, {
"id": "52d8e82e-1345-24a5-d8c9-a2839b9dab79" }
],
"vRCSList": [ {
"id": "0fcea3e7-3cd9-4e1f-a42c-9c838c82cbb7" }, {
"id": "27aca21f-b25b-4e4e-8002-0bf6bf7bfa90" }
}
vSphere Replication Cloud Service
GET /vRCSStatus?i d=
]
1518529429408
56 | VMware vCloud® Architecture Toolkit™ for Service Providers
Architecting a VMware vCloud Availability for vCloud Director Solution Component
SMP API call
Response
vSphere Replication Server
GET /vRSStatus?id =
52d8e82e-1345-24a5-d8c9a2839b9dab79
cae0acb5-d21d-47f4-be68b1f14de844f3 true
10.172.158.35
0 0
1509408830398
5598235
828105 0
1509408830398
16396
22469123 0
1509408830398
vSphere Replication Manager Server
GET /vRMSStatus?i d=
355072cf-0626-4c51-bf04c7e075cfbcce
cae0acb5-d21d-47f4-be68b1f14de844f3 true
10.2 VM Replication Monitoring Tenants and the provider (in managed service use case) monitor the VM replication state through the vCloud Availability for vCloud Director API. A list of replications can be obtained on the Organization object or the Peer (vSphere endpoint) object associated with a particular Org VDC. For more information, see Appendix E – Tenant API Structure. Detailed information about replication is provided through the calls: •
GET /api/vr/replications
•
/api/vr/failbackreplications
57 | VMware vCloud® Architecture Toolkit™ for Service Providers
Architecting a VMware vCloud Availability for vCloud Director Solution Table 19. Replication Details Element
Description
Name
Replication name, same as protected VM name
RPO
Recovery Point Objective (in minutes)
QuiesceGuestEnabled
Guest OS quiescing enabled? (Boolean)
NetworkCompressionEnabled
Network compression enabled? (Boolean)
PlaceholderVappId
vCloud vApp URN
EventPartitionId
vSphere Replication Manager Server UUID who manages replication
ReplicationState
OK or replication error
VrServerInfo
vSphere Replication Server that stages replicated href="xs:anyURI" type="xs:string"> xs:string xs:string xs:string xs:string xs:string xs:string
70 | VMware vCloud® Architecture Toolkit™ for Service Providers
Architecting a VMware vCloud Availability for vCloud Director Solution Attribute
Type
Required
Modifiable
Since
Description
href
anyURI
No
Always
5.6
The URI of the entity.
type
string
No
Always
5.6
The MIME of the entity.
Element
Type
Required Modifiable Since Description
CloudProxyBaseUri
string
No
none
5.6
Effective base URI for Cloud Proxy (wss) endpoint. By default, this value is the same as the base URI for the API endpoint. This value can be overridden by specifying the CloudProxyBaseUriOverride element.
CloudProxyBaseUriOverride
string
No
always
5.6
Base URI for Cloud Proxy (wss) endpoint. Leave empty to use the default.
CloudProxyBaseUriPublicCertChain
string
No
none
5.6
Effective SSL public certificate chain for the effective base URI for cloud proxy (wss) endpoint. The certificate chain is PEM encoded X.509 certificates. By default, this value is the same as the public certificate chain for the API endpoint. This value can be overridden by specifying the CloudProxyBaseUriPublicCertChainOverride element. This value will be empty if URI is overridden but the certificate is not.
CloudProxyBaseUriPublicCertChainOverride
string
No
always
5.6
SSL public certificate chain for the base URI for cloud proxy (wss) endpoint. The certificate chain must be PEM encoded X.509 certificates. A Base URI override must be specified if this value is included in a request.
71 | VMware vCloud® Architecture Toolkit™ for Service Providers
Architecting a VMware vCloud Availability for vCloud Director Solution
Element
Type
Required Modifiable Since Description
CloudProxyFromCloudTunnelHost
string
No
none
6
IP address or hostname of the effective host used for from-the-cloud tunnels.
CloudProxyFromCloudTunnelHostOverride
string
No
none
6
IP address or hostname of the host used for from-the-cloud tunnels. Leave empty to use the default value.
Link
LinkType
No
none
5.6
A reference to an entity or operation associated with this object.
VCloudExtension
VCloudExtensionType
No
always
5.6
An optional extension element that can contain an arbitrary number of elements and attributes. Not related to extension services.
72 | VMware vCloud® Architecture Toolkit™ for Service Providers
Architecting a VMware vCloud Availability for vCloud Director Solution
GET /admin/hybrid/settings Operation: GET /admin/hybrid/settings Internal: Yes Input parameters Consume media type: None Input type: None Output parameters current settings Produce media type: application/vnd.vmware.vcloud.hybridSettings+xml Output type: HybridSettingsType
PUT /admin/hybrid/settings Operation: PUT /admin/hybrid/settings Description: Updates settings Internal: Yes Input parameters New settings Consume media type: application/vnd.vmware.vcloud.hybridSettings+xml Input type: HybridSettingsType Output parameters updated settings Produce media type: application/vnd.vmware.vcloud.hybridSettings+xml Output type: HybridSettingsType
73 | VMware vCloud® Architecture Toolkit™ for Service Providers
Architecting a VMware vCloud Availability for vCloud Director Solution
Appendix G – Monitoring with vRealize Operations The essential vCloud Availability processes can be monitored with Endpoint Operations Management for vRealize Operations. The monitoring is achieved by installing vRealize Endpoint Operations Management Agent plug-in (64-bit RPM) into each appliance and by configuring process monitoring in vRealize Operations with the process queries in the following table. Table 26. Monitoring with Endpoint Operations Management for vRealize Operations Component
Process
Process query
vCloud Director cells
vcd-watchdog
State.Name.eq=vmware-vcd-watc
vCloud Director
State.Name.eq=java,Args.*.eq=/opt/vmware/vclouddirector/etc
CloudProxies
vcd-watchdog
State.Name.eq=vmware-vcd-watc
Cloud Proxy
State.Name.eq=java,Args.*.eq=/opt/vmware/vclouddirector/etc
vSphere Replication Cloud Service
hcs
State.Name.eq=java,Args.*.eq=libs/hcs-6.5.0.jar
vSphere Replication Manager Server
hms
State.Name.eq=java,Args.*.eq=libs/hms.jar
vSphere Replication Server
hbr
State.Name.eq=hbrsrv-bin
Tenant Portal
nginx
State.Name.eq=nginx-linux-x64
SMP Portal
Dashboard
State.Name.eq=java,Args.*.eq=com.vmware.dr2. DRServiceDashboard
MongoDB
State.Name.eq=mongod
74 | VMware vCloud® Architecture Toolkit™ for Service Providers
Architecting a VMware vCloud Availability for vCloud Director Solution Figure 34. Example of Process Configuration
75 | VMware vCloud® Architecture Toolkit™ for Service Providers
