Author Archives: esxsi

Google Cloud VMware Engine Explained

Google Cloud VMware Engine (GCVE) has launched in the UK. This post has been updated now that more service information is available.

esxsi.com

Google Cloud VMware Engine (GCVE) is a fully managed VMware-as-a-Service solution provided and managed by Google, or a third-party VMware Cloud Provider, that can be deployed in as little as 30 minutes. VMware Engine runs VMware Cloud Foundation on dedicated Google Cloud bare metal servers, with native cloud integrations including Google’s innovative big data and machine-learning services. The VMware Cloud Foundation stack is made up of VMware vSphere, vCenter, NSX-T, and vSAN. The platform is VMware Cloud Verified and includes Hybrid Cloud Extension (HCX) to facilitate data centre extension or migration. You can read the full Google announcement from May 2020 here.

Google Cloud Platform

Google Cloud Platform (GCP) offers a wide variety of services from Infrastructure-as-a-Service (IaaS) to Platform-as-a-Service (PaaS) running on the same infrastructure Google uses to provide global end-user services. Google’s cloud services are built on data centres designed to save water and electricity, they have…

View original post 1,543 more words

VMware vCenter Server 7.0 Install Guide

This post provides a walkthrough for installing the latest iteration of vCenter Server 7.0; bringing cloud-native workloads to the data centre with embedded Kubernetes and Tanzu on VMware Cloud Foundation. The vCenter Server installation bundle comes as an ISO file mountable on a Windows, Linux, or Mac device. The installer must be run from a machine with network connectivity to the ESXi host or vCenter Server where the new appliance will be deployed. The target host or vCenter must be running vSphere version 6.5 or later.

Several design decisions have been removed in vSphere 7 as component topology and lifecycle management have been drastically simplified. The external Platform Services Controller (PSC) deployment model available in versions 6.0 and 6.5 has been removed, only the embedded option is offered in vSphere 7. Furthermore, running vCenter Server on Windows has finally been deprecated, and all deployments must now use the vCenter Server Appliance (VCSA). A migration path from Windows vCenter Servers 6.5 and 6.7 to VCSA 7.0 is available.

vCenter 7.0: Download | Release NotesvSphere 7 and vSAN 7 Headline New Features

System Requirements

  • vCenter Server 7.0 can only be deployed to, and manage, ESXi hosts v6.5 or later. There is no direct upgrade path for hosts running ESXi v5.5 or 6.0 to v7.0.
  • You must check the compatibility of any third party products and plugins that might be used for backups, anti-virus, monitoring, etc. as these may need upgrading for vSphere 7.0 compatibility.
  • To check version compatibility with other VMware products, see the VMware Product Interoperability Matrices.
  • In addition to software, you should also check the hardware in use is compatible with vSphere 7 using the VMware Compatibility Guide.
  • The vCenter Server appliance requires the following compute specifications, this includes vSphere Lifecycle Manager running as a service on the appliance:
    • Tiny (up to 10 hosts, 100 VMs) – 2 CPUs, 12 GB RAM
    • Small (up to 100 hosts, 1000 VMs) – 4 CPUs, 19 GB RAM
    • Medium (up to 400 hosts, 4000 VMs) – 8 CPUs, 28 GB RAM
    • Large (up to 1000 hosts, 10,000 VMs) – 16 CPUs, 37 GB RAM
    • X-Large (up to 2000 hosts, 35,000 VMs) – 24 CPUs, 56 GB RAM
  • Storage resources for the smallest environment start at 415 GB and increase based on database requirements, see Storage Requirements for the vCenter Server Appliance.
  • The ESXi host on which you deploy the VCSA should not be in lockdown or maintenance mode.
  • All vSphere components should be configured to use an NTP server. The installation can fail or the vCenter Server Appliance vpxd service may not be able to start if the clocks are synchronized.
  • FQDN resolution should be in place when deploying vCenter Server.
  • A list of Required Ports for vCenter Server can be found here.
  • The configuration maximums for vSphere 7.0 can be found here.

Installation

The vCenter Server 7 installation is practically identical to its predecessors’ versions 6.5 and 6.7. Download the VMware vCenter Server Appliance 7.0 ISO from VMware Downloads: v7.0.0 B. Mount the ISO on your computer and browse to the corresponding directory for your operating system, in my case \vcsa-ui-installer\win32. Right-click Installer and select Run as administrator. As we are installing a new instance, click Install.

vcenter7-install-1The installation is split into 2 stages, we begin with deploying the appliance. Note that the External PSC deployment is no longer available. Click Next.

vcenter7-install-2

Accept the license agreement and click Next.

vcenter7-install-3

Enter the FQDN or IP address of the host, or vCenter Server target to deploy the new VCSA. Enter the credentials of an administrative or root user and click Next. The installer will validate access. If you are prompted with an untrusted SSL certificate message click Yes to continue. Tip – connect to a vCenter for visibility of any networks using a distributed switch, connecting to the host direct will only pull back networks using a standard switch.

vcenter7-install-4

Enter the VM name for the VCSA and a root password, click Next.

vcenter7-install-5

Select the deployment size in line with the number of hosts and virtual machines that will be managed, click Next.

vcenter7-install-6

Select the datastore where the VCSA will be deployed, select thin provisioning if required, and click Next. Configure the network settings for the appliance and click Next.

vcenter7-install-7

On the summary page, click Finish. The appliance will now be deployed.

vcenter7-install-8

With the VCSA now deployed we can move on to stage 2, click Continue. If like me you added the DNS entry without leaving sufficient time for the client to pick it up, then you can still initiate the setup once the FQDN is resolving from a web browser at HTTPS:\\VCENTERFQDN:5480

vcenter7-install-9

Click Next to begin the VCSA setup.

vcenter7-install-10

Configure the NTP servers, enable SSH access if required, and click Next. Enter a unique SSO domain name, the default is vsphere.local. The SSO domain name should not be the same as your Active Directory Domain. Configure a password for the SSO administrator, click Next.

vcenter7-install-11

Select or deselect the customer experience improvement program box and click Next.

vcenter7-install-12

Review the details on the summary page and click Finish. Click Ok to acknowledge that the VCSA setup cannot be paused or stopped once started. When the installer is complete click Close to close the wizard.

vcenter7-install-13

Post-Installation

Connect to the vCenter post install using the IP or FQDN of the vCenter. Access vSphere by clicking either Launch vSphere Client (HTML5), the Flash (FLEX) vSphere web client is no longer provided.

vcenter7-install-14

You must apply a new vCenter license key within 60 days. Log in to the vSphere Web Client using the SSO administrator login. An orange banner is displayed that will link you directly to the licenses page; alternatively, you can select Administration from the Menu drop-down, and click Licenses.

vcenter7-install-15

If you have an Active Directory domain, then vCenter can use this as an identity source, configurable in the Administration page under Single Sign On and Configuration.

vcenter7-install-16

Google Cloud VMware Engine Explained

Google Cloud VMware Engine (GCVE) is a fully managed VMware-as-a-Service solution provided and managed by Google, or a third-party VMware Cloud Provider, that can be deployed in as little as 30 minutes. VMware Engine runs VMware Cloud Foundation on dedicated Google Cloud bare metal servers, with native cloud integrations including Google’s innovative big data and machine-learning services. The VMware Cloud Foundation stack is made up of VMware vSphere, vCenter, NSX-T, and vSAN. The platform is VMware Cloud Verified and includes Hybrid Cloud Extension (HCX) to facilitate data centre network extension and migration. You can read the full Google announcement from May 2020 here.

Google Cloud Platform

Google Cloud Platform (GCP) offers a wide variety of services from Infrastructure-as-a-Service (IaaS) to Platform-as-a-Service (PaaS) running on the same infrastructure Google uses to provide global end-user services. Google’s cloud services are built on data centres designed to save water and electricity, they have been carbon-neutral since 2007, powered data centre operations with 100% renewable energy since 2017, and have a target of 2030 to run on carbon-free energy, 24/7.

As an organisation, Google is all about big data at huge scale. Google has one of the largest most advanced private Software-Defined Networks in the world, stretching across thousands of miles of fibre optic cable through over 200 countries, with 140 network edge locations.

Google-Global-Locations

Perhaps the key differentiator for Google as a cloud services provider is the commercialisation of some innovative big data and machine-learning tools they use internally to serve billions of search results and billions of YouTube videos every day. Google’s focus is really to allow developers to think about the code and applications they develop, and not about operations.

Of course, like all the major cloud providers, Google provides you with the functionality to spin up Virtual Machines, and this is a completely different service to Google Cloud VMware Engine. Google Compute Engine (GCE) supplies the raw building blocks for Virtual Machine instances and networks. GCE enables performance-optimised fast-booting instances in an Infrastructure-as-a-Service (IaaS) model, similar to AWS’ Elastic Compute Cloud (EC2). In addition to standard pre-configured instance types, GCE allows you to customise CPU/RAM metrics and save money on ‘always-on’ VMs with sustained usage discounts. GCE is part of the Google Cloud compute suite of services alongside Platform-as-a-Service offerings like Google App Engine and Google Kubernetes Engine. The comprehensive list of Google Cloud products can be found here, VMware Engine is categorised as compute.

GCP-Example

You can try out Google Cloud here with certain always free products and $300 free credit.

Google Cloud VMware Engine

Google Cloud VMware Engine runs on high-performance bare metal hosts in Google Cloud locations. At the time of writing the service is available from Los Angeles, Virginia, Frankfurt, Tokyo, with London just launched and Sydney to follow. Further regions Montreal, Netherlands, Sao Paulo, and Singapore are due in 2020 Q4. The full VMware Cloud Foundation stack is utilised to provide a secure, scalable, consistent environment for VMware workloads with Google managing the lifecycle of the VMware stack and all related infrastructure.

By running VMware Cloud Foundation in Google Cloud customers are able to migrate workloads to the cloud without having to refactor applications, replace third-party integrated products, or reskill teams. The existing vSphere network design can be migrated or extended with minimal re-architecture using HCX, and taking advantage of Google Cloud’s edge network security and advanced DDoS protection. The dedicated VMware stack in Google Cloud can be linked back to the on-premises VMware environment using a VPN or high-speed, low-latency private interconnect, with HCX adding hybrid-connectivity for seamless workload and subnet migration.

VMware Engine enables deep integration with third-party services for backup and storage such as Veeam, NetApp, Dell, Cohesity, and Zerto. Infrastructure administrators can leverage the scale and agility of the cloud whilst maintaining operational continuity of tools, policies, and processes.

The Google Cloud console has a built-in VMware Engine User Interface (UI) that integrates with billing and Identity and Access Management. VMware workloads in the VMware Engine environment can connect into native Google Cloud services like BigQuery, Anthos, and Cloud Storage using a private interconnect into Google’s 100Gbps backbone network. While the Google Cloud UI integration provides unified management of VMware workloads and native cloud services, access to vCenter Server enables consistent operations and investment protection for IT support personnel. The familiar vCenter and ESXi host model also helps with licensing through the VMware partner ecosystem.

As with other VMware Cloud platforms, the customer retains control of their  Virtual Machines; deciding upon the data location, authorisation and access policies, and the networking and firewall configuration of both north-south traffic and east-west with separate Layer-2 networks within a private cloud environment. With VMware Engine Google also allows 24-hour privilege elevation for installing and managing tools requiring vCenter administrative access.

Google-Cloud-VMware-Engine

Technical specification for Google Cloud VMware Engine:

VMware Cloud Foundation in Google Cloud is built on isolated single-tenancy bare-metal infrastructure. All-flash NVMe storage in a hyper-converged setup provides the speed and performance required for most demanding workloads like Oracle, VDI, Microsoft Exchange and SQL. Data is encrypted at rest using vSAN, with support for customer-managed keys. Google Cloud Storage or third party solutions can be leveraged for lower-cost and secondary storage tiers. The standard node size is Google’s ve1-standard-72 with the following specifications:

  • CPU: Intel Xeon Gold 6240 (Skylake) 2.6 GHz (3.9 GHz Turbo) x2, 36 cores/72 hyper-threads
  • Memory: 768 GB
  • Data: 19.2 TB (6 x 3.2 TB NVMe)
  • Cache: 3.2 TB (2 x 1.6 TB NVMe)
  • Network: 100 Gbps throughput (4 x Mellanox ConnectX-4 Lx Dual Port 25 GbE)

Screenshot 2020-09-07 at 08.59.31

The minimum configuration is 3 hosts, up to 16 in a cluster, with a 64 host maximum per private cloud (soft limit) and any number of private clouds. A private cloud can be deployed in around 30 minutes while adding hosts to an existing cloud can be done in 15 minutes. Hosts can be purchased as a 1 or 3-year commitment or using on-demand per-hour pricing with all infrastructure costs and associated licenses included.

VMware administrators can use Storage Policy-Based Management (SPBM) to set policies defining RAID or protection configuration, and IOPS based performance, using the vCenter Server interface. Storage policies can be applied to many objects or as granular as an individual VMDK file. GCVE enables the bring your own Key Management Service (KMS) model, allowing the customer to maintain and manage vSAN encryption keys.

Access to the NSX-T Manager means customers can make use of the full suite of L2-L7 services available, including load balancing, perimeter and distributed firewalls, and full control over private networks.

With Google’s backbone 100 Gbps network taking care of GCVE private cloud to VPC connectivity (in the same region or between regions, without a VPN), there are a couple of options for on-premises connectivity. Hybrid cloud connectivity is achieved using either a private interconnect or a secure VPN over the Internet. The interconnect is a low latency, typically high bandwidth connection; available in 10 Gbps or 100 Gbps, or 50 Mbps to 10 Gbps through a partner.

Google sell and support VMware Engine, the customer’s contract is with Google while the VMware Cloud Verified accreditation gives existing VMware customers peace of mind that hybrid environments are supported end to end. Google provide 24×7 support with a 99.99% SLA on the network and storage infrastructure, and 99.9% for the management components.

Example use cases for Google Cloud VMware Engine:

  • Data Centre Extension or Migration: extend data centre boundaries and scale to the cloud or additional regions quickly with guaranteed compatibility of existing workloads. Achieve true workload mobility between VMware environments for high availability and demand-based scalability. Migrate Virtual Machines to the cloud, and back if needed, without refactoring applications or even changing network settings.
  • Disaster Recovery (DR): backup and DR targets can be moved to the cloud to improve availability options and reduce total cost of ownership. By taking advantage of Google’s global infrastructure organisations can improve system availability by deploying across multiple zones or regions. Business-critical applications can be scaled on-demand, either through native services or SDDC expansion in minutes. VMware Site Recovery Manager (SRM) can automate failover for use cases where the customer data centre is the primary site, and GCVE is the DR site.
  • Global Expansion and Virtual Desktop Infrastructure (VDI): expansion of business and services into new regions without having to commission new data centres and hardware. Burst capacity in the locations needed and provide low latency, local content delivery at a global scale. This use case is highlighted further with the need for many organisations to provide remote working, often in the form of virtual desktops. VMware Horizon 7 can provide a highly available pod architecture deployment using GCVE infrastructure, with customer managed desktops.
  • Data Analytics and Innovation: access to Google’s internal big data services for querying massive data-sets in seconds, with actionable insights from serverless and machine-learning data analytics platforms. IT staff can concentrate on new projects, or improving systems and processes, whilst Google maintains upgrades, updates, and security patches for all the underlying infrastructure.
  • Hybrid Applications: high-speed, low-latency (<2 ms) access to native Google Cloud Services with Virtual Private Cloud (VPC) peering enables hybrid application across platforms. For example, front end web and application servers migrated from on-premises data centres to Google Cloud VMware Engine and large databases in a dedicated VPC with millisecond response times.

Google Cloud VMware Engine provides secure and compliant ready infrastructure; globally with ISO 27001/27017/27018, SOC1/2/3, PCI DSS, CSA STAR, MPAA, GxP, and Independent Security Evaluators (ISE) Audit. In the UK & Europe the platform is also compliant with NCSC Cloud Security Principles, GDPR, Privacy Shield, and EU Model Contract Clauses. By implementing a shared security model, the above is caveated with compliant ready, since the necessary processes and controls have been implemented but a customer could implement poor security controls and governance in their own environment.

If you’re interested in learning more about Google Cloud VMware Engine take a look at the useful links below, along with the GCVE documentation page, and the GCVE product page; which lists features, reference architecture, and pricing. VMware Engine is also listed in the Google Cloud pricing calculator.