Upload
ngonhan
View
232
Download
1
Embed Size (px)
Citation preview
Jad El-Zein | @virtualjad
Naomi Sullivan | @automationbabe
MGT1847BU
#VMworld #MGT1847BU
What’s New With vRealize Automation
VMworld 2017 Content: Not fo
r publication or distri
bution
• This presentation may contain product features that are currently under development.
• This overview of new technology represents no commitment from VMware to deliver these features in any generally available product.
• Features are subject to change, and must not be included in contracts, purchase orders, or sales agreements of any kind.
• Technical feasibility and market demand will affect final delivery.
• Pricing and packaging for any new technologies or features discussed or presented have not been determined.
Disclaimer
2#MGT1847BU CONFIDENTIAL
VMworld 2017 Content: Not fo
r publication or distri
bution
VMware Cloud Management Platform (CMP)
vSphere with
Operations Management
Intelligent Operations
Managed Virtualization
IT Automating IT
vRealize Suite Std
vRealize Suite Adv/Ent
DevOps-Ready IT
vRealize Suite Ent
and/or
VMware Integrated
OpenStack
+ vRealize Code Stream
Cap-Ex + Op-Ex + Agility
#MGT1847BU CONFIDENTIAL 3
VMworld 2017 Content: Not fo
r publication or distri
bution
Cloud Management is Fundamental to the SDDCvRA Defines, Delivers, and Governs the SDDC
Any Device Business Mobility: Applications | Devices | Content
Any Application Traditional | Cloud Native
Any Cloud Software-Defined Datacenter (SDDC)
Cloud Management Platform
Compute Networking
& SecurityStorage Hybrid Cloud
Virtual / Cloud Infrastructure
vRealize Automation
DevOps
Extensibility
Release Automation
IaaSApp-
CentricXaaS
Self-Service
GUI CLI API
#MGT1847BU CONFIDENTIAL 4
VMworld 2017 Content: Not fo
r publication or distri
bution
vRealize Automation 7.3What’s New – IT Automating IT
VMworld 2017 Content: Not fo
r publication or distri
bution
Install API• Trigger initial content creation
• Invoke self-signed certificate generation
• Certificate replacement in vRA, IAAS web and
IAAS MS
Migration UI and API• Automated migration from 7.0+ to 7.3
• New Cafe API for bulk-imports
6
Installation, Upgrade, MigrateIncrease Time to Value
Upgrade API• List all the available versions for upgrade
• View download status of upgrade packages
• Pre-upgrade check for the selected version
• Retrieve approximate upgrade time
• Retrieve upgrade status and progress
#MGT1847BU CONFIDENTIAL
VMworld 2017 Content: Not fo
r publication or distri
bution
Audit LoggingIT Automating IT
• Audit Logging Framework object types:
– Workflow Subscription (Café/Java)
– Fabric Groups (IaaS/.NET)
– Endpoints (IaaS/.NET)
• Send audit logs to vRLI or syslog server (using Log Insight Agent)
• Configurable retention period
#MGT1847BU CONFIDENTIAL 7
VMworld 2017 Content: Not fo
r publication or distri
bution
Parameterized BlueprintsEnhance Reusability & Reduce Sprawl
• Introducing Component Profiles for defining Size and Image attributes
• Support to add value sets as needed
• OOTB support for “t-shirt sizing” VM’s(CPU, Mem, Storage)
• Trigger Approval Policies to Size or Image conditions, including overrides
• Critical for reducing blueprint sprawl
• Automatically substitute component profile values
Component Profile with
value set definitions on
VM sizes
Select size values
at machine request
#MGT1847BU CONFIDENTIAL 8
VMworld 2017 Content: Not fo
r publication or distri
bution
Shared Access RoleAccess to Groups resources
9
• New Business Group role for Shared Access User
• Shared Access user can review Items and execute entitled Day 2 actions
• Access to same resource data and tabs as the owner
• Shared users can’t requestnew resources on behalf of the owner
#MGT1847BU CONFIDENTIAL
VMworld 2017 Content: Not fo
r publication or distri
bution
Intelligent Workload Placement
10
• OOTB integration vRA vR Ops
– Utilize vRealize Operations analytics
– Optimize the placement of workloads based on business needs
• Policy based
– Consolidate
• Optimize Capex through Densification
• Try and “fill” each cluster first
– Balance
• Mitigate possible contention through resource usage spikes
• Place on the cluster will the least utilization
#MGT1847BU CONFIDENTIAL
VMworld 2017 Content: Not fo
r publication or distri
bution
Performance & Capacity based Recommendation
Intelligent Placement Using vR Ops Analytics
11
Intelligent Workload Placement (WLP)
VM
vRA Requests
Clusters & Policy Details
In flight capacity reservation
Catalog
Request
Place VM in Cluster and Let DRS manage inside the cluster
VC3
VC2
VC1
1
2
3
4
5
Reservations
#MGT1847BU CONFIDENTIAL
vR Ops Policies
VMworld 2017 Content: Not fo
r publication or distri
bution
Enhanced vRB IntegrationvRealize Business for Cloud
• Consistent terminology across vRA and vRB
• No derived costing in vRA – vRB is the single source of truth for all pricing related information
• Supports pricing based on Blueprint, Reservation or Reservation Policy
• Accurate pricing for Fault Tolerant enabled machines and Azure Blueprints
• Pricing updated after Day 2 actions
– Reconfigured machine
– Scale-in and scale-out
– Imported machines
#MGT1847BU CONFIDENTIAL 12
VMworld 2017 Content: Not fo
r publication or distri
bution
Integrated Health ServiceRetrieve and View vRA Health Statistics
• Health Service now available within vRA UI
• Role based and tenanted access to health data
• Configure multiple vRA instances to monitor
• Schedule and configure test runs
• REST API Enables integration
with vRealize Operations / SDDC Health
Dashboard or 3rd-party tools
• Full REST interface to perform health
service system management tasks#MGT1847BU CONFIDENTIAL 13
VMworld 2017 Content: Not fo
r publication or distri
bution
DBaaS | Clone Production DB for Dev/Test“DBaaS” For SQL and Oracle Databases
Import Production Backup
Mask Data Share as Catalog Item
XaaS
XaaS Service Converged Blueprint
#MGT1847BU CONFIDENTIAL 14
VMworld 2017 Content: Not fo
r publication or distri
bution
Custom Request Forms (Beta)Easy and rich customization
• Customize Blueprint Parameters
• Change control types
• Dynamically show, hide or filter values
• Pre-configure auto-fill and default values
• Set field dependencies
• Apply field constraints (e.g. min, max,
mandatory)
• Define custom field validation
• In-browser calculation and regex
support
• Provide ‘more details’ to
each field
#MGT1847BU CONFIDENTIAL 15
VMworld 2017 Content: Not fo
r publication or distri
bution
vRA + NSX Enhancements#BetterTogether
Application-Centric Networking & Security
VMworld 2017 Content: Not fo
r publication or distri
bution
Enhanced Load Balancer ControlsNSX On-Demand Load Balancer | Blueprint Authoring
• Customize NSX On-Demand Load Balancer
• Use Default (simple) LB
• Per-Blueprint Customizable:
• All Algorithms
• Persistence
• Port
• Health Monitors
• Transparent Mode
• And More
#MGT1847BU CONFIDENTIAL 17
VMworld 2017 Content: Not fo
r publication or distri
bution
Enhanced Load Balancer ControlsNSX On-Demand Load Balancer | Day 0-2 Edits
• Add new Virtual Servers the NSX On-Demand Load Balancer
• Edit existing Virtual Servers including:
• All Algorithm
• Persistence
• Health Monitors
• Transparent Mode
• Port
• And More
#MGT1847BU CONFIDENTIAL 18
VMworld 2017 Content: Not fo
r publication or distri
bution
Enhanced NAT Port Forwarding RulesNSX On-Demand NAT | Blueprint Authoring
• NSX On-Demand NAT Port Forwarding Rules can be configured during app design
• Prioritize Rules
• Customize ESG Size
#MGT1847BU CONFIDENTIAL 19
VMworld 2017 Content: Not fo
r publication or distri
bution
Enhanced NAT Port Forwarding RulesNSX On-Demand NAT | Day 2 Actions
• Manage (edit) NSX On-Demand NAT Port Forwarding Rules as a Day 2 Action
– Rules can be added, removed
– Order can be changed
#MGT1847BU CONFIDENTIAL 20
VMworld 2017 Content: Not fo
r publication or distri
bution
NSX Security Groups and TagsSecurity Day 2 Actions
• View active NSX Security Groups and Tags
• Add Existing NSX Security Groups or Tags to a running application
• Disassociate NSX Security Groups and Tags from applications
#MGT1847BU CONFIDENTIAL 21
VMworld 2017 Content: Not fo
r publication or distri
bution
DEMO [NSX Day-2 Actions]
22#MGT1847BU CONFIDENTIAL
VMworld 2017 Content: Not fo
r publication or distri
bution
NSX Edge High AvailabilityAutomate HA for Edge Services
Edge High Availability mode in the blueprint, providing high availability for all Edge services to an application when deployed
• Configurable per-blueprint based on application availability needs
• Use Custom Properties to determine HA at request time
• Adds HA for Load Balancing, NAT, Firewall, etc
Active Edge Standby Edge
#MGT1847BU CONFIDENTIAL 23
VMworld 2017 Content: Not fo
r publication or distri
bution
NSX Edge Size SelectionNSX Edge Deployment Size
• Specify deployment size for NSX Edge Services Gateway (ESG)
• Configurable per-blueprint based on application needs / scale
• Use Custom Properties for size selection at request time
Compact Large Extra Large
#MGT1847BU CONFIDENTIAL 24
VMworld 2017 Content: Not fo
r publication or distri
bution
Extended IPAM Vendor FrameworkFramework Support for On-demand NAT
• Added support for On-demand
NAT Networks
• Supports 1:many static IP and
1:1 static IP NAT profiles
Design Partner: #MGT1847BU CONFIDENTIAL 25
VMworld 2017 Content: Not fo
r publication or distri
bution
Endpoint Configuration ServiceStreamlined Endpoint Management
• Endpoint Configuration Service has been enhanced to support a schema driven UI
• Provides greater capability, control and a unified experience when managing endpoints in vRA
• Allows configuration of endpoints that require inter-endpoint relationships.
• Enhanced UI Controls and Customer Experience:
– NSX is now a separate endpoint, no longer part of the vSphere endpoint configuration
– Endpoint Config Validation checks for valid URL, credentials and certificates
– Certificate trust verification
– Displays certificate details when an endpoint is using untrusted certificates
#MGT1847BU CONFIDENTIAL 26
VMworld 2017 Content: Not fo
r publication or distri
bution
Config. Automation FrameworkPuppet Integration
• Configuration Management as 1st class citizens
– Make plug-in invisible to customers and enable actions via blueprint design canvas
– Drag and drop config. management nodes
– Dynamically assign roles on the design canvas
• First implementation with Puppet
– Register Puppet Master as an endpoint
– Drag and Drop Puppet node
– Dynamically query Puppet Master, Environment and Roles
• Support late binding and early binding options
• Support Day 2 Actions (De-register / Delete)
#MGT1847BU CONFIDENTIAL 27
VMworld 2017 Content: Not fo
r publication or distri
bution
Software Syntax HighlightingSoftware Lifecycle Scripts
UX Enhancement
• Elegant syntax highlighting of software lifecycle scripts (app authoring)
• Intuitive color coding standards
• Improves productivity and reduces scripting errors
Syntax highlighting with
rich color coding
#MGT1847BU CONFIDENTIAL 28
VMworld 2017 Content: Not fo
r publication or distri
bution
Container Management with
29* Requires vRA Ent Licensing
New Capabilities in vRA 7.3:
Docker Volume SupportCreate and update persistent volumesDeploy applications with persistent
volumes
vSphere Integrated Containers Support for vSphere Integrated Containers
User ExperienceUser Interface Improvements
#MGT1847BU CONFIDENTIAL
VMworld 2017 Content: Not fo
r publication or distri
bution
vRA Container ManagementAdmiral Enhancement Summary
* Requires vRA Ent Licensing
Support for Docker volumes:
• Create volumes
• Attach volumes to containers
• Deploy volumes with container apps
Support for VMware Integrated Containers (VIC):
• Manage VCH instances in vRA with a feature set
similar traditional Docker hosts.
• Containerized applications can be provisioned
with networks and volumes.
UX Enhancements:
• UI improvements for easier and more user friendly navigation
• Clarity UI adoption, new tabs, icons and buttons
Other improvements:
• Support for Docker Remote API 1.21
• Enhanced selection of image versions in container definition form#MGT1847BU CONFIDENTIAL 30
VMworld 2017 Content: Not fo
r publication or distri
bution
vRealize Code Stream LicensingvRCS Management Pack for IT DevOps
• vRA customers are now entitled to
use vRealize Code Stream at no
charge for use with the vRCS
Management Pack for IT DevOps
(“Houdini”)
• Entitlement change applies to all
vRA licenses (Advanced or
Enterprise), whether purchased
standalone or as part of a suite
• Enabling Code Stream is an explicit
action done from the VAMI (CLI or
manually)
#MGT1847BU CONFIDENTIAL 31
VMworld 2017 Content: Not fo
r publication or distri
bution
DevOps is not just for Applications
Upstream Downstream
DEV/TEST PRODUCTION
• Blueprints & Services
• Templates & workflows
• Configurations & scripts
• Recipes, manifests, etc.
vRealize Code Stream
#MGT1847BU CONFIDENTIAL 32
VMworld 2017 Content: Not fo
r publication or distri
bution
vRCS Management Pack (Houdini)Kick-start “DevOps for IT”
▪ Automated capture of content from multiple
environments in a consistent format
▪ Check content in to a common repository – one
source of truth
▪ Automate progressions between environments
▪ Run automated tests before allowing progression
▪ Approve before releasing to production environments
(optional)
▪ Automated rollback
Enables the move to Infrastructure as Code!
vRealize Automation- Blueprints, software, build profiles,
property definitions, groups & actions
vRealize Orchestrator- Workflows, actions, configuration
elements & packages
vRealize Code Stream- Pipelines
vSphere & vCloud Director- Templates & custom specifications
- vCD vApp Templates, Media
vRealize Operations- Alerts, dashboards, reports, etc.
Files- Linux
- Windows
#MGT1847BU CONFIDENTIAL 33
VMworld 2017 Content: Not fo
r publication or distri
bution
Ready for VMware Cloud on AWSManaged Endpoint
Manage vCenter in VMware Cloud on AWS
• Treated as a traditional vSphere / vCenter Endpoint
• Build an IaaS Fabric using VMware Cloud SDDC Resources
• Leverage Reservation Policies for machine placement
34#MGT1847BU CONFIDENTIAL
VMworld 2017 Content: Not fo
r publication or distri
bution
Azure Public CloudService Design Enhancements
35
– Software Components
• Select and drag and drop Software components on Azure machines
• Specify software properties on the blueprint designer as well as on the request form
– Usability Improvements
• Pre-populated forms and dropdowns
#MGT1847BU CONFIDENTIAL
VMworld 2017 Content: Not fo
r publication or distri
bution
Additional EnhancementsHonorable Mentions
VMworld 2017 Content: Not fo
r publication or distri
bution
Plugin Enhancements
• Adds support for AWS catalog items (view and request AWS catalog items from the ServiceNow portal)
• Seamless integration with the ServiceNow governance engine
• CMDB and Day 2 operations support
• Available on Solution Exchange (at GA)
• Supported Releases
– ServiceNow Helsinki and Istanbul
– vRA 7.3
vRA +
#MGT1847BU CONFIDENTIAL 37
VMworld 2017 Content: Not fo
r publication or distri
bution
Force DestroyMachine Cleanup Option
• Safely ignores any failures interrupting the Destroy process
• Efficiently clean-up failed deployments
• Improves stable management of workloads
• Applies to entire deployment
Option to Force
destroy a deployment
• Available only after initial destroy request fails
• Only the Business Group Manager can invoke
the Force Destroy option
#MGT1847BU CONFIDENTIAL 38
VMworld 2017 Content: Not fo
r publication or distri
bution
vRO Control Center RBACTroubleshooting and Decrease TCO
RBAC Auth Support to vRO Control Center
• Admins log in with their accounts (previously only the ‘root’ user had access)
Troubleshoot requests based on user role
• Trace execution and logs for workflow-based vRA requests, based on user role
• Reuse privileges and roles from vRA
#MGT1847BU CONFIDENTIAL 39
VMworld 2017 Content: Not fo
r publication or distri
bution
Enable SPBM management through vRO
• All Storage Policy Based objects are now
accessible through API in vRO/vRA
Plug-in improvements
• The new vCenter Server plug-in is now
shipped with vRO out-of-the-box
• Updated AMQP, REST and PowerShell
plug-ins
• Addresses major limitations with
current SPBM 2.1 Plugin
SDDC Storage IntegrationUp to date SDDC support
*Intended to replace or coexist with existing SPBM 2.1 Plugin
#MGT1847BU CONFIDENTIAL 40
VMworld 2017 Content: Not fo
r publication or distri
bution
vRealize Suite LifeCycle Manager
41
Deliver
Peace-of-mind
Enable
Best Practice
Make Your Cloud
Easy to Operate
Accelerate
Time-to-Value
vRealize Suite
Install
Upgrade
Patching
Config
Management
Health
Monitoring
#MGT1847BU CONFIDENTIAL
VMworld 2017 Content: Not fo
r publication or distri
bution
Simple & Flexible Deployment Models
42
• Product & Solution Based install
• Import existing environment
• Standardized deployment sizing (Small/Medium/Large)
• GUI & API based Install
#MGT1847BU CONFIDENTIAL
VMworld 2017 Content: Not fo
r publication or distri
bution
Automated Pre-checks & Validation
43
✓ Entitlement Check✓ Integration with myvmware.com
✓ Environment Readiness Check
✓ SDDC Compatibility Check
#MGT1847BU CONFIDENTIAL
VMworld 2017 Content: Not fo
r publication or distri
bution
Simplifying the Upgrade
44
• One-click upgrade
• Snapshot existing environment
#MGT1847BU CONFIDENTIAL
VMworld 2017 Content: Not fo
r publication or distri
bution
vRealize Marketplace
45#MGT1847BU CONFIDENTIAL
VMworld 2017 Content: Not fo
r publication or distri
bution
vRealize Marketplace
46#MGT1847BU CONFIDENTIAL
VMworld 2017 Content: Not fo
r publication or distri
bution
vRealize Marketplace
47#MGT1847BU CONFIDENTIAL
VMworld 2017 Content: Not fo
r publication or distri
bution
Highlights
• Custom Forms
– Going GA in 7.4 (currently Beta in 7.3)
– Full-fledged UI designer for Customer Forms (currently CFs are created through code)
– Use case - Jason and Shauna will be able to drag and drop fields from the palette/toolbox to the design canvas and quickly build custom request forms
• Multi-tenant vRO
– vRO content will be tenant aware for vRA tenants
– Content & Inventory will be isolated
– Use case – Shauna/Scott need to see/edit/troubleshoot workflows and plug-in endpoints that they have permissions for and are available to the current tenant
• vRO new web UI
– vRO’s smart client will evolve into an HTML5/Angular app. Multi-tenancy will be supported with the new web client. The swing client will still remain in the product
– Use-case – Shauna/Scott will be able to create, run and troubleshoot workflows in a new modern web UI that will be bring tons of UX improvements to the users
48#MGT1847BU CONFIDENTIAL
VMworld 2017 Content: Not fo
r publication or distri
bution
Highlights
• Improve user experience in container management.
– Implement a common portal UI
– Provide better RBAC and business group level visibility into container clusters and workloads
– Include Admiral 1.2 in vRA 7.4
• Resume deployments from failure
– Use case - Scott/Shauna will be able to resume or re-submit a failed deployment
• Deploy basic and advanced OVFs
– Support for both OVF, OVA and parametrization
– Advanced OVFs have configuration options, while basic don’t
– Use cases:
• Jason can create a blueprint that provisions from OVF
• Scott can request a catalog item that provisions from OVF
• Scott can perform regular vSphere Day 2 operations on a machine provisioned from OVF
49#MGT1847BU CONFIDENTIAL
VMworld 2017 Content: Not fo
r publication or distri
bution
Highlights
• Enhanced multi-tenancy vSphere/NSX
– Only the Network Profiles, Reservation/Storage Policies, Security Groups/Tags and Transport Zones applicable to the current tenant are exposed when authoring a blueprint
– Hidе cross-tenant infrastructure objects from non-admin users
– The Cloud Client supports vRA multi-tenancy
– Use case - Jason needs a multi-tenant system that maintains all information (listed above) isolated between tenants
• Just-In-Time User Provisioning
– Fully integrate Just-In-Time (JIT) User Provisioning in vRA/vIDM
– Add an identity service API for triggering sync
• Expose a CAFE identity service API that invokes the vIDM sync API
– Use-case - Jason will be able to trigger on-demand directory sync via Cafe Identity Service API
50#MGT1847BU CONFIDENTIAL
VMworld 2017 Content: Not fo
r publication or distri
bution
Highlights
• Installation – easier troubleshooting
– Use-cases
• Jason will be able to start/stop the embedded vRO control-center and vRO server from a new tab in the VAMI UI
• Jason will be able to see the current status of all vRA VA+IaaS components on the VAMI/Cluster tab
• When upgrading vRA IaaS components, upgrade progress in % will be displayed in the VAMI/Update tab
• LCM will be able to replace all vRA certificates with a single API call
51#MGT1847BU CONFIDENTIAL
VMworld 2017 Content: Not fo
r publication or distri
bution
Thank YouJad El-Zein@virtualjad | virtualjad.com
Naomi Sullivan@automationbabe
VMworld 2017 Content: Not fo
r publication or distri
bution
VMworld 2017 Content: Not fo
r publication or distri
bution
VMworld 2017 Content: Not fo
r publication or distri
bution