Wednesday, July 20, 2011

Diagram: VMware vCloud Director Networking Architecture

Before I introduce this new diagram to you, I would like to make a bold statement: No matter how complex this diagram will look to you from the first glance, I can tell you that you’ve been practicing all its core technical concepts for a quite long time. You will just need a bit of imagination and I guarantee to you that everything will make a perfect sense faster than you can imagine. Read on…

Let’s go back to the very first VMware product that has changed the way we think in our IT industry – Workstation! When you create a new virtual machine in Workstation, you get four options for networking:

  • Bridged connection – a pass-through network to the outside world.
  • NAT’ed connection – a network translated connection.
  • Host-only connection – a private network isolated from the outside world.
  • None – no network at all.

Guess what? that’s the core technical concepts I’ve been talking about. Here are the new names that we will be using from now on when we refer to vCD (in the same order):

  • Direct connection
  • Routed connection.
  • Isolated (private)
  • None (no network)

Now, have you seen the “Inception” movie? (if you haven’t, you missed one of the greatest movies in this decade!) Do you remember the layer of dreams in that movie? Well, that is somehow what we have here. Imagine your virtual machines running in different layers of dreams networks, and depending on which layer you are looking at, it might be direct, routed or isolated. Let’s see that from a closer look:

  • First Layer: the real world – this is the actual physical network which we are in most cases not concerned about.
  • Second Layer: the vNetwork Standard Switch, Distributed Switch or even Cisco Nexus 1000V.
  • Third Layer: the External network – this is sort of your gateway to the outer world.
  • Forth Layer: the Organization network – this is sort of the gatekeeper for your VMs. It will always show you what is your logical boundaries.
  • Fifth and last layer: the vApp Network – this is the ultimate end your VM can reach (think LIMBO!)

Now that you have these basic concepts in mind, let’s see what we have in this diagram:

  • This is an A2 size diagram. I’ve really tried my best to keep it in the A3 scale but it’s just not possible with all this amount of information in one place.
  • The diagram covers nearly all the networking options of the vCD but from a “Private Cloud” perspective. In the world of Public Clouds this might be a bit different to layout (which i will do in the future) but the core concepts remains exactly the same.
  • The diagram comes with some text describing the various components and elements. I’m introducing this for the first time here to help you understand what you are looking at instantly without taking your focus away from the diagram.
  • You will see a different PDF layers in the diagram, you can hide/show them as you need. Example: when you are having a closer look into a specific area in the diag, you might find the descriptions useful to have while they might be a bit distracting if you are zooming out to have a holistic view of the diagram.
  • You will see the actual screens of the vCenter networking – the vSS, vDS and the different port groups. Not just that, you will actually see how the VMs in your cloud ultimately look like in vCenter. Add to that all the other components like the External/Organization networks as well as the vShield Edge devices. Of course i’m taking just examples of everything in most cases to avoid the complexity.
  • I’ve included as well the screens of the vCloud Director to show you how the Network Pools looks like along with the other panels of the External and Organization networks.
  • The IP addresses can play a very important role towards your understanding on how all these vApps communicate together. For example, when you see two vApps sharing the same OrgNetwork and still have the exact same IP addressing, it automatically means that they are routed through an edge device.
  • I included three connectivity examples for the outside world of your private cloud. A production cloud, an Internet cloud and an MPLS cloud. Please note that these are just examples not the only options you can have. This is something that can be very specific from a customer use case to another.
  • Last but not least, the vApp networks are laid out like that to fit the best view in the diagram. This is not an attempt to tell you how you should run your vApps but rather show you the different options you have. Again, this is something that is very specific to the customer use cases and requirements.

In the future networking posts on vCD i will start going deeper in the discussion and reference the examples shown in this diagram all the way through. I encourage you to print out this diagram and keep it somewhere near your home/office desk and have a glance through it from time to time. There is nothing better than visualizing something that is as complex rich as the vCD networking. I highly recommend also checking out Duncan Epping’s article on vCD networking, this is a must read for all the vCD newbies.

One more thing. I’d like to give some credit to my colleague at VMware, Massimo Re Ferre’, for showing me the way to understand this great networking topic. Massimo along with Eddie Dinel, Mike D and Vishal Kumar, presented together one of the most interesting presentations I’ve attended for vCD when it was still in Beta. I believe parts of this great presentation have been divided into more than one session in VMworld 2010, so I urge you to go and have a look into the recordings when the sessions are available online.

2 comments:

  1. The Cisco diagram can be really intimidating, just as long as you know the fundamentals and it's good.
    us vpn

    ReplyDelete
  2. Imagine your virtual machines running in different layers of networks, and depending on which layer you are looking at, it might be direct or isolated.

    Chicago Data Center

    ReplyDelete