vRA and NSX in a Dutch multi-tenant Cloud solution

KPN CloudNL VMware vRA and NSX in a Dutch multi-tenant
Cloud solution Albert W. Alberts, VMware CTAB May 17 2018 in Berlin

Who am I … • KPN since Jan. 1999: –
HetNet (ISP), VoIP, Comet (backend deployment), Bewaarplicht (email logging), Cloud DevOps, CloudNL VMware, ApiMarketplace (Apigee) • Architect (with a software focus) • KPN patents & pending • MeetUp organization: – devNetNoord, – domoticaGrunn, – ManageIQ Albert W. Alberts Private Home automation (soft- & hardware), Bramble Swimming, Waterpolo, Cycling, Travelling Contact [email protected] @a_w_alberts www.linkedin.com/in/albertalberts

KPN CloudNL VMware • 1 Product Owner • 3 OPS
• 3 DEV • 1 Test • ½ Architect The Team: who and how?

CloudNL characteristics: • Services delivered by KPN in Dutch datacenters;
• Platform managed from within the Netherlands under Dutch law; • Cloud Compliance Framework assurance (CCF).

Cloud characteristics: • Self-service management • Create own infra •
Manage own infra • Scalable • Pay per use

CloudNL Microsoft, based on Microsoft WAP technology

CloudNL VMware, based on VMware technology • vRealize Automation; •
vRealize Orchestration; • NSX; • vCenter & vSphere.

Virtual Machines Networking Backup CloudNL VMware Focus op Infrastructuur (IaaS)

Virtual Machines Networking Backup CloudNL VMware vRealize suite vRealize Automation
vRealize Orchestration

vRealize Automation vRealize Orchestration Compute resources Networking resources Storage resources
CloudNL VMware Portal ReST API What does the customer get? Interfaces

CloudNL VMware Portal ReST API What does the customer get? Interfaces Go Ruby Python C#

vRealize Automation vRealize Orchestration Virtual Machines Networking Backup Compute resources
Networking resources Storage resources CloudNL VMware Portal API What does the customer get? Interfaces

Tenant A Tenant A private IP private IP NSX Edge
pair public IP public IP Tenant ESG Tenant ESG Perimeter ESG Perimeter ESG default GW Perimeter ESG Perimeter ESG Distributed Logical Router Tenant A ESG Tenant A ESG Distributed Logical Router VM VM VM VM VM VM VM VM transport network default GW default GW default GW transport network public network, without NAT(ting) private network, with sNAT(ting) Internet Aalsmeer (CCA) Apeldoorn (APD) What does the customer get? Default network setup: front-end & back-end

Tenant ESG Distributed Logical Router Tenant B ESG transport network
Tenant A Tenant ESG Distributed Logical Router Tenant B ESG transport network Tenant A private IP public IP Perimeter ESG default GW Perimeter ESG VM VM VM VM default GW transport network Internet Tenant ESG Tenant A ESG Distributed Logical Router Aalsmeer (CCA) Apeldoorn (APD) private IP public IP Perimeter ESG default GW Perimeter ESG VM VM VM VM default GW transport network Tenant ESG Tenant A ESG Distributed Logical Router Wat does the customer get? Multitenancy, separation at the pESG

vRealize Automation vRealize Orchestration Virtual Machines Networking Backup Compute resources
Networking resources Storage resources CloudNL VMware Portal API How does the customer get it? Interfaces

CloudNL VMware Portal How does the customer get it? Order / Request API

How does the customer get it? Order / Request flow Portal € Billing

vRealize Orchestration Compute resources Networking resources Storage resources How does
the customer get it? Order / Request flow € Billing vRealize Automation Portal

vRealize Orchestrator workflow Create a simple NSX Load Balancer

NSX Load Balancers: “simple” vs advanced Quick and easy vs
Lot’s of options “simple” Load Balancer: one catalog item with multiple tabs Advanced Load Balancer: multiple catalog items with dependencies

“Load Balancer” NSX Load Balancer: “simple” vs advanced Guided vs
Reusable Building blocks Load Balancer Host Load Balancer Certificate Load Balancer Application Profile Load Balancer Load Balancer Health Monitor Load Balancer Application Rule Load Balancer Pool Load Balancer Pool Members Application Profile Health Check Certificates “simple” Load Balancer: one catalog item with multiple tabs General Advanced Load Balancer: multiple catalog items with dependencies tab Catalog item

Structure of an advanced NSX Load Balancer Creation order Load
Balancer Host Load Balancer Certificate Load Balancer Application Profile Load Balancer (service) Load Balancer Health Monitor Load Balancer Application Rule Load Balancer Pool creation order

Tenant AWAlberts Tenant AWAlberts private IP private IP NSX Edge
pair public IP public IP Tenant ESG Tenant ESG Perimeter ESG Perimeter ESG default GW Perimeter ESG Perimeter ESG Distributed Logical Router Tenant ESG AWAlberts Tenant ESG AWAlberts Distributed Logical Router VM VM transport network default GW default GW default GW transport network Internet Aalsmeer (CCA) Apeldoorn (APD) Demo_01 Demo_02 Create an Internet-Facing Load Balancer Create an Internet-Facing Load Balancer with two VMs in the back-end

Tenant AWAlberts private IP public IP Tenant ESG Perimeter ESG
default GW Perimeter ESG Distributed Logical Router Tenant ESG AWAlberts VM VM default GW transport network Internet Aalsmeer (CCA) Load Balancer Create NSX Load Balancer, with two nodes public IP Portal vRA, vRO Create an Internet-Facing Load Balancer Create an Internet-Facing Load Balancer with two VMs in the back-end Demo_01 Demo_02

default GW Perimeter ESG Distributed Logical Router Tenant ESG AWAlberts VM VM default GW transport network Internet Aalsmeer (CCA) Create NSX Load Balancer, with two nodes public IP Create an Internet-Facing Load Balancer Create an Internet-Facing Load Balancer with two VMs in the back-end Demo_01 Demo_02 Load Balancer Portal vRA, vRO Application Profile Health Check Certificates General Load Balancer Load Balancer Host Load Balancer Pool Health Monitor Application Profile

default GW Perimeter ESG Distributed Logical Router Tenant ESG AWAlberts VM VM default GW transport network Internet Aalsmeer (CCA) Load Balancer public IP: 145.128.67.82:3333 while true; do curl 145.128.67.82:3333 sleep 1 done Portal vRA, vRO Create an Internet-Facing Load Balancer Create an Internet-Facing Load Balancer with two VMs in the back-end Demo_01 Demo_02 VMs listening on port 3333

Demo Create an Internet Facing Load Balancer with two VMs
in the back-end [2:53]

Tenant AWAlberts Tenant AWAlberts private IP private IP NSX Edge
pair public IP public IP Tenant ESG Tenant ESG Perimeter ESG Perimeter ESG default GW Perimeter ESG Perimeter ESG Distributed Logical Router Tenant ESG AWAlberts Tenant ESG AWAlberts Distributed Logical Router VM VM transport network default GW default GW default GW transport network Internet Aalsmeer (CCA) Apeldoorn (APD) Create an advanced Internet-Facing Load Balancer Create an Internet-Facing Load Balancer with two VMs in the back-end Demo_01 Demo_02

default GW Perimeter ESG Distributed Logical Router Tenant ESG AWAlberts VM VM default GW transport network Internet Aalsmeer (CCA) Adv. Load Balancer Create NSX Load Balancer, with same two nodes public IP Portal vRA, vRO Create an advanced Internet-Facing Load Balancer Create an Internet-Facing Load Balancer with two VMs in the back-end Demo_01 Demo_02

default GW Perimeter ESG Distributed Logical Router Tenant ESG AWAlberts VM VM default GW transport network Internet Aalsmeer (CCA) Create NSX Load Balancer, with same two nodes public IP Create an advanced Internet-Facing Load Balancer Create an Internet-Facing Load Balancer with two VMs in the back-end Demo_01 Demo_02 Adv. Load Balancer Portal vRA, vRO Load Balancer Application Rule Health Monitor Application Profile Load Balancer Pool Load Balancer Application Rule Health Monitor Application Profile Load Balancer Pool Load Balancer Host

Tenant AWAlberts VMs listening on port 3000 public IP Tenant
ESG Perimeter ESG default GW Perimeter ESG Distributed Logical Router Tenant ESG AWAlberts VM VM default GW transport network Internet Aalsmeer (CCA) Adv. Load Balancer public IP: 145.128.67.85:2222 while true; do curl 145.128.67.85:2222 sleep 1 done Portal vRA, vRO Demo: Create an Internet-Facing Load Balancer Create an Internet-Facing Load Balancer with two VMs in the back-end Demo_01 Demo_02 Application rules: - whitelist, - redirect HTTP to HTTPs

NSX Load Balancer Advanced Load Balancer Load Balancer Host Load
Balancer Certificate Load Balancer Application Profile Load Balancer (Service) Load Balancer Health Monitor Load Balancer Application Rule Load Balancer Pool 01:07 01:15 01:49 01:26 02:12

Demo Create an advanced Internet Facing Load Balancer with two
VMs in the back-end a sample application rule and port redirecting ~15 min. reduced to 2:37

Questions now or later ...

Thank you for your attention! and there is always more
to do …

var http = require('http'); http.createServer(function (req, res) { res.writeHead(200, {'Content-Type':
'text/plain'}); res.end(‘Hello, my name is DEMO_01. I\’m the numero UNO!\n’); }).listen(3333, “[node IP-address]”); console.log('Server running at http://[node IP-address]:3333/‘); Webserver with node.js, load balancer node index.js

#!/bin/bash # This script runs until you stop it with
Ctrl-C while true; do curl [load balancer IP-address]:3333 sleep 1 done Bash script calling the load balancer IP-address load-balancer-test.sh

vRA and NSX in a Dutch multi-tenant Cloud solution

vRA and NSX in a Dutch multi-tenant Cloud solution

More Decks by Albert W. Alberts

Other Decks in Technology

Featured

Transcript