Upload
others
View
4
Download
0
Embed Size (px)
Citation preview
®
VMworld 2018 Content: Not for publication or distribution
2
™
®
Agenda
™
VMworld 2018 Content: Not for publication or distribution
3
Who are we?
• Bhavin Shah– Technical Product Marketing Manager @ Lenovo
– VMware vExpert™ X 3
– AWS Certified Solutions Architect, SysOps Administrator and Developer Associate.
– Blog: https://datacenterrookie.wordpress.com
– Twitter: https://twitter.com/bhavin04890
• Mike McDermott– Senior Product Manager – VMware @ Lenovo
– Systems Engineer
VMworld 2018 Content: Not for publication or distribution
Disaster Recovery
4
VMworld 2018 Content: Not for publication or distribution
5
Minor Operational Major
Challenges of Disaster Recovery– Lack of DR Expertise
– Reliance on sophisticated, complex technology
– Technology (and data) are deployed to more locations
– Building your own DR solution can be manual and complex
Disaster RecoveryDisaster Recovery (DR) is
about preparing for and
recovering from a disaster!
VMworld 2018 Content: Not for publication or distribution
6
Metrics that Matter
• Recovery Point Objective(RPO): The acceptable amount of data loss measured in time.
• Recovery Time Objective(RTO): The time it takes after a disruption to restore a business process to its service level.
RPO RTO
Lost Data Lost Time
Objective Cost effective lowest RPO / RTOVMworld 2018 Content: Not for publication or distribution
7
Traditional DR Plan
• Primary Site – Routers
– Firewalls
– Network
– Hypervisor
– Servers
– SAN Fabric
– Primary Storage
– Backup
– Archive
• Secondary Site– Manual Update and Patching
– Idle Capacity ($$$)
+– Routers
– Firewalls
– Network
– Hypervisor
– Servers
– SAN Fabric
– Primary Storage
– Backup
– Archive
7
VMworld 2018 Content: Not for publication or distribution
8
On-Demand DR Plan
• Secondary Site– VMware Cloud on
AWS®
– VMware Site Recovery Manager™
– On-Demand Scaling
– Automated Update and Patching
• Primary Site – Routers
– Firewalls
– Network
– Hypervisor
– Servers
– SAN Fabric
– Primary Storage
– Backup
– Archive
• Secondary Site– Manual Update and
Patching
– Idle Capacity ($$$)
+– Routers
– Firewalls
– Network
– Hypervisor
– Servers
– SAN Fabric
– Primary Storage
– Backup
– Archive
8
VMworld 2018 Content: Not for publication or distribution
VMware Cloud® on AWS Architecture
9
VMworld 2018 Content: Not for publication or distribution
10
VMware Cloud® on AWS
• Software-Defined Data Center in AWS Cloud powered by VMware Cloud Foundation™
– VMware vSphere®
– VMware vSAN™
– VMware NSX®
– vCenter Server®
• Running on elastic, bare-metal AWS Infrastructure
• 4 – 16 node configuration– Dual Socket with 18 cores running at 2.3GHz
– 512GB Memory
– Eight NVMe devices for a total of 10TB raw capacity
- Eight drives are distributed across two disk groups with one cache and three capacity drives per disk group.
– RAID 1 by default, but RAID 5 or RAID 6 possible for higher node counts
AWS cloud
ESXi
vSAN
NSX
AWS Infrastructure
vCenter
Server
NSX
Manager
Platform
Services
Controller
VM VM VM VM VM
VMworld 2018 Content: Not for publication or distribution
11
VMware Cloud® on AWS Use Cases
VMware
vCenter®
Content Library
Enables effortless
distribution and
automatic
synchronization of
content – OVAs,
ISOs, etc.
Integration with
AWS services
VMC provides high
bandwidth, low
latency connectivity
to AWS services
like S3, EC2
Compliance
ISO 27001, ISO
27017, ISO 27018,
SOC 1(SSAE18 /
ISAE 3402), SOC 2,
SOC 3, and HIPAA,
and General Data
Protection
Regulation (GDPR)
VMware
vCenter®
Server Hybrid
Linked Mode
Single pane of glass
monitoring for
Hybrid Cloud
management
Workload
Mobility
Live Migration
between On-
Premises and VMC
using vMotion
VMworld 2018 Content: Not for publication or distribution
12
High Level Architecture
Customer Datacenter VMware Cloud®
on AWS
VPN over Public Internet
Direct Connect
AND / OR
Lenovo ThinkAgile™ VX
VMworld 2018 Content: Not for publication or distribution
13
VMware Cloud® on AWS Infrastructure
™
®
VMware Customer Cloud
Administrator
VMworld 2018 Content: Not for publication or distribution
14
On-Premises Infrastructure
• Lenovo ThinkAgile™ VX3320 Appliance– Four ThinkAgile VX3320 Nodes
- VMware vSphere® 6.7
- VMware vSAN™ 6.7
- Lenovo XClarity® Integrator for VMware vCenter®
– VMware NSX® 6.4.1
– VMware vCenter® Server 6.7
– VMware Site Recovery Manager™ 8.1
– VMware vSphere Replication™ Service 8.1
ThinkAgile™ VX Cluster
Customer Datacenter
VMworld 2018 Content: Not for publication or distribution
VMware Site Recovery
15
VMworld 2018 Content: Not for publication or distribution
16
Add-On Feature to VMware Cloud® on
AWS
Built on VMware Site Recovery
Manager™, Native hypervisor-based
replication, VMware vSphere®
Replication.
Protection Configurations:
On-Premises datacenter VMware
Cloud on AWS SDDC
VMware Cloud on AWS SDDC On-
Premises datacenter
VMware Cloud on AWS SDDC
VMware Cloud on AWS SDDC
VMware Site Recovery
VMworld 2018 Content: Not for publication or distribution
17
Features and Benefits
Easy to use DR /
Secondary Site
Application
Agnostic
protection
Low Recovery
times with single
click failover and
failback
Highly predictable
recovery
objectives
Centralized
management of
recovery plans
VMworld 2018 Content: Not for publication or distribution
18
Supported Topologies
Failover scenarios based on customer requirements, constraints, and objectives
Active Production Site running
Applications
Secondary Site sitting idle until
needed for recovery
Active-Passive
Secondary Site running low-
priority test/dev workloads
usually powered off as part of
the recovery plan
Active-Active
Production Applications
operating on both sites
Supports protecting virtual
machines in both directions
Bi-Directional
VMworld 2018 Content: Not for publication or distribution
19
VMware Site Recovery Use Cases
Disaster
Recovery
Unplanned
Failover
Most Critical, but least
frequently used
Disaster
Avoidance
Preventative
Failover
Graceful Shutdown of
VMs, Full Replication of
Data and ordered startup
ensuring app-consistency
and zero data loss
Upgrade
and Patch
Testing
Identical
Environment
Can use the secondary
environment with complete
copies of VMs to test new
updates or patches
VMworld 2018 Content: Not for publication or distribution
20
VMs, Protection Groups & Recovery Plans
Virtual Machines can be a
part of one or more Protection
Groups
Virtual Machines part of the
same Protection Group are
recovered together
Recovery Plan can have one
or more Protection Groups.
Flexibility to test or recover an
individual or a group of appsVMworld 2018 Content: Not for publication or distribution
On-Prem Cloud built using ThinkAgile™ VX
21
VMworld 2018 Content: Not for publication or distribution
22
Why VMware vSAN™ From Lenovo™
Faster access to the innovation, automation of vSAN running on the worlds most reliable hardware
Lower
Risk
Simple and easy installation
Latest innovations to power business
Performance and scalability
VMworld 2018 Content: Not for publication or distribution
23
Building a Lenovo™ vSAN Solution with ThinkAgile
ThinkAgile™ VX
Appliance
ThinkAgile™ VX
Certified Node
XClarity® Management
VX Installer
ThinkAgile™ Advantage Support
Prequalified Components
Lifecycle Managed
Single Point of Contact
VMworld 2018 Content: Not for publication or distribution
24
Reduce Customer Risk
Day 1Day 0Day 2
Easy to Order
No need to check HCL
Only certified firmware
No assembly required
Easy to Install
ThinkAgile™ VX installer
Standardized Deployments
Guaranteed firmware
compatibility
Easy to Manage
Utilize existing management tools
Best recipe firmware releases
Rolling firmware upgrades
With Lenovo ThinkAgile™ VX Appliances and Certified Nodes
VMworld 2018 Content: Not for publication or distribution
Solution Deep Dive
25
VMworld 2018 Content: Not for publication or distribution
26
Day 1Day 0Day 2
AWS cloud
S3 Buckets
Customer AWS environment
Alternate Reality
ThinkAgile™ VX Cluster
Customer Datacenter
AWS Storage
Gateway
Manual Deployment
and Management
VMworld 2018 Content: Not for publication or distribution
27
Protected Site Configuration
Lenovo ThinkAgile™ VX
Infrastructure VMs User VMs
VMworld 2018 Content: Not for publication or distribution
28
Recovery Site Configuration
Infrastructure VMs User VMs
VMware Cloud® on AWS
VMworld 2018 Content: Not for publication or distribution
29
Network Configuration
AWS cloud
ThinkAgile™ VX Cluster
Customer Datacenter
Workload Cluster
Management Cluster
Internet
Internet gateway
Internet
Gateway
CGW
MGW
IPsec VPN
NSX
Edge
VMware Cloud® on AWS
®
VMworld 2018 Content: Not for publication or distribution
30
Site Recovery Manager Configuration
VMworld 2018 Content: Not for publication or distribution
31
Day 1Day 0Day 2
Configuration Steps
• Network Configuration– IPsec Tunnel between NSX Edge(On-Prem) to Management Gateway(VMC)
- Used to enable access to vCenter, VM Migrations, Content Libraries
– IPsec Tunnel between NSX Edge(On-Prem) to Compute Gateway(VMC)
- L2VPN used to extend layer 2 networks across the tunnel
- Used to deploy User Virtual Machines and assign public IP addresses
– Firewall Rules
- Ability to define Firewall Rules for both the Management and Compute Networks
• Site Recovery Manager Configuration – Configure the Firewall rules for SRM and vSphere Replication traffic
– Create Site Pair to connect your On-Prem SRM and VMC SRM
– Resource Mapping between the two sites
– Create Replications, Protection Groups, and Recovery PlansVMworld 2018 Content: Not for publication or distribution
32
Best Practices
Design Aspect Best Practices
Software Versions Check the VMware Compatibility matrices before installing the VMware components
Network Services All the components should point to the same DNS and NTP servers to avoid any
configuration drifts
Management Traffic Isolate the Management or System Traffic from the Virtual Machine Network Traffic.
Database Servers Use Separate Database Server instances for vCenter and Site Recovery Manager.
Network Configuration No asymmetric network configurations in your Datacenter.
VPN Tunnel Configuration If your NSX Edge appliance is behind a firewall, you must configure the following firewall
rules to forward IPsec VPN protocol traffic
UDP Port 500 to allow Internet Security Association and Key Management Protocol (ISAKMP) traffic to be
forwarded through the firewall
Set IP protocol ID 50 to allow IPsec Encapsulating Security Protocol (ESP) traffic to be forwarded through the
firewall
Set IP protocol ID 51 to allow Authentication Header (AH) traffic to be forwarded through the firewall
Site Recovery Manager
(SRM) Configuration
After creating the Site Pair between the SRM instances On-Prem and in VMC, create the
resource mapping such that you still have access to the VMC SRM instance and your
applications in case of a disaster.VMworld 2018 Content: Not for publication or distribution
Demonstration
33
VMworld 2018 Content: Not for publication or distribution
34
Day 1Day 0Day 2
Resources
• Disaster Recovery Solution for Lenovo ThinkAgile VX with VMware Cloud on AWS: https://lenovopress.com/LP0947
• ThinkAgile™ VX: https://www.lenovo.com/us/en/data-center/software-defined-infrastructure/ThinkAgile-VX-Series/p/WMD00000340
• VMware Cloud® on AWS: https://docs.vmware.com/en/VMware-Cloud-on-AWS/index.html
• Lenovo Booth: 1326 – Solutions Exchange
VMworld 2018 Content: Not for publication or distribution
VMworld 2018 Content: Not for publication or distribution
VMworld 2018 Content: Not for publication or distribution