Tag Archives: VMware Cloud on AWS

First Look: On Demand Recovery with Cloud Tier and VMware Cloud on AWS

Since Veeam Cloud Tier was released as part of Backup & Replication 9.5 Update 4, i’ve written a lot about how it works and what it offers in terms of offloading data from more expensive local storage to what is fundamentally cheaper remote Object Storage. As with most innovative technologies, if you dig a little deeper… different use cases start to present themselves and unintended use cases find their way to the surface.

Such was the case when, together with AWS and VMware, we looked at how Cloud Tier could be used as a way to allow on demand recovery into a cloud platform like VMware Cloud on AWS. By way of a quick overview, the solution shown below has Veeam backing up to a Scale Out Backup Repository which has a Capacity Tier backed by an Object Storage repository in Amazon S3. There is a minimal operational restore window set which means data is offloaded quicker to the Capacity Tier.

Once there, if disaster happens on premises, an SDDC is spun up, a Backup & Replication Server deployed and configured into that SDDC. From there, a SOBR is configured with the same Amazon S3 credentials that connects to the Object Storage bucket which detects the backup data and starts a resync of the metadata back to the local performance tier. (as described here) Once the resync has finished workloads can be recovered, streamed directly from the Capacity Tier.

The diagram above has been published on the AWS Reference Architecture page, and while this post has been brief, there is more to come by way of an offical AWS Blog Post co-authored by myself Frank Fan from AWS around this solution. We will also look to automate the process as much as possible to make this a truely on demand solution that can be actioned with the click of a button.

For now, the concept has been validated and the hope is people looking to leverage VMware Cloud on AWS as a target for disaster and recovery look to leverage Veeam and the Cloud Tier to make that happen.

References: AWS Reference Architecture

Configuring Amazon S3 Access from VMware Cloud on AWS through an S3 Endpoint

When looking at how to configure networking for interactions between a VMware Cloud on AWS SDDC and an Amazon VPC there is a little bit to grasp in terms of what needs to be done to achieve traffic flow between the SDDC and the rest of the world.

As an example, by default if you want to connect to S3 the default configuration is to go through the Amazon ENI (Elastic Network Interface) which means that unless configured correctly, connectively to Amazon S3 will fail. Brian Gaff has a really good series of posts on Networking and Security Groups when working on VMware Cloud on AWS and are worth a read to get a deeper understanding of VMC to AWS networking.

There is a way to change this behaviour to make connectivity to Amazon S3 connect via the SDDCs Internet Gateway. This is done through the VMware Cloud Portal by going to the Networking section of the relevant SDDC.

Doing this, while easy enough means that you loose a lot of the benefits that passing traffic through the ENI provides. That is a high-bandwidth, low latency connection between the VPC and the SDDC which also provides free egress. In the case of S3 and the utilising the Veeam Cloud Tier it means more optimal connectivity between a Veeam Backup & Replication instance hosted in the SDDC and Amazon S3.

To allow communication between the SDDC and Amazon S3 over the ENI the following needs to be actioned.

Create Endpoint:

First step is to go into the AWS Console, go to the VPC thats connected to the VMC service and create a new Endpoint for S3 as shown below making sure you select the correct Route Table.

Configure Security Group:

Next is to configure the Security Group associated with your VPC to allow traffic to the logical network or networks. It’s a basic HTTPS Inbound rule where your source is the SDDN network or networks you want access from.

Create Compute Gateway Firewall Rule:

The final step is to configure a firewall rule on the SDDC Compute Gateway to allow HTTPS traffic to the Amazon VPC from the network or networks you want access to Amazon S3 from.

That’s pretty much it! After that, you should be able to access Amazon S3 over the ENI and get all the benefits that delivers.

References:

https://docs.vmware.com/en/VMware-Cloud-on-AWS/services/com.vmware.vmc-aws-operations/GUID-B501FA3C-EAF9-4005-AC72-155C3F592281.html

Veeam on the VMware Cloud Marketplace Protecting VMware Cloud on AWS Workloads

At VMworld 2018, myself and Michael Cade gave a session on automating and orchestrating Veeam on VMware Cloud on AWS. The premise of the session was to showcase the art of the possible with Veeam and VMware that resulted in a fully deployed and configured Veeam platform. We chose VMware Cloud on AWS for the demo to showcase the power of the Software Defined Datacenter with Veeam, however our solution can be deployed onto any vSphere platform.

Why Veeam with VMware Cloud on AWS:

I’ve have spent a lot of time over the past couple of months looking into VMware Cloud on AWS and working out just where Veeam fits in terms of a backup and recovery solution for it. I’ve also spent time talking to VMware sales people as well as solution providers looking to wrap managed services around VMC and the question of data protection is often raised as a key concern. There is a good article here that talks about the need for backup and how application HA or stretched clustering is not a suitable alternative.

Without prejudice, I truly believe that Veeam is the best solution for the backup and recovery of workloads hosted on VMware Cloud on AWS SDDCs. Not only do we offer a solution that’s 100% software defines it’s self, but we can extend protection of all workloads from on-premises, through to the SDDC and also natively in AWS covering both backup, replication as well as offering the ability to use Cloud Connect to backup out to a Veeam Cloud and Service Provider. I’ll go into this in greater detail in a future post.

Veeam on the VMware Cloud on AWS Marketplace:

At the same time as our session on the Monday there was another session that introduced the VMware Cloud Marketplace that was announced in Technical Preview. As part of that launch, Veeam was announced as an initial software partner. This allows for the automated deployment and configuration of a Veeam Backup & Replication instance directly into a deployed SDDC and also configures an AWS EC2 EBS backed instance to be used as a Veeam Repository.

The VMware Cloud Marketplace will offer the ability to browse and filter validated third-party products and solutions, view technical and operational details, facilitate Bring Your Own License (BYOL) deployments, support commercial transactions, and deliver unified invoices. We plan to open Cloud Marketplace to a limited Beta audience following VMworld and are working on additional features and capabilities for future releases. We envision the Cloud Marketplace will quickly expand, introducing new third-party vendors and products over time and becoming the de-facto source for customers to extend the capabilities of VMware Cloud on AWS and VMware Cloud Provider Partner environments.

Compared to what Michael and I showcased in our session, this is a more targeted vanilla deployment of Veeam Backup & Replication 9.5 with Update 3a into the SDDC. At the end of the process, you will be able to access the Veeam Console, have it connected to the VMC vSphere endpoint and have the EC2 Veeam repository added.

This is done via CloudFormation templates and a little bit of PowerShell embedded into the Windows Image.

Being embedded directly into the VMware Cloud Marketplace is advantageous for customers looking to get started quick with their data protection for workloads running on VMware Cloud o AWs. Look out for more collateral from myself, Veeam and VMware on protecting VMC with Veeam as well as a deeper look at our VMworld session which digs into the automation and orchestration of Veeam on VMware Cloud on AWS using Chef, Terraform, PowerShell and PowerCLI.

References:

Introducing VMware Cloud Marketplace

https://cloud.vmware.com/cloud-marketplace

https://marketplace.vmware.com/vsx/solutions/veeam-availability-suite-for-vmware-cloud-on-aws-9-5?ref=search#summary

Veeam @VMworld 2018 Edition…

VMworld 2018 is less than a week away, and I can’t wait to fly into Las Vegas for my sixth VMworld and second with Veeam. It’s been an interesting year or so since the last VMworld and the industry has shifted a little when it comes to the backup and recovery market. Data management is the new buzz and lots of vendors (us included) have jumped onto the messaging around data growing at more than exponential rates…sprawling to more platforms than ever before and finally…being more critical than ever. The criticality and power of data is real and VMware still have a lot to say about where an how that data is processed and stored!

VMworld is still a destination event and Veeam recognises VMware’s continued influence in the IT industry by going all in at VMworld 2018. The ecosystem that VMware has built over the past ten to fifteen years is emense and though challenged a few years ago, came back with a bang in 2017. I’m looking forward to seeing VMware’s continues evolution at this years event! Like VMware,

Veeam is evolving as well, and we are building out own own strong ecosystem based on a software first, hardware agnostic platform that results in the greatest flexibility in the backup and recovery market. We continue to support VMware as our number 1 technology partner and this year we look to build on that with support for VMware Cloud on AWS and enhanced VMware features sets built into our core Backup & Replication product as we look to release Update 4 of 9.5 later in the year.

Veeam Sessions @VMworld:

Officially we have two breakout sessions this year, with Danny Allan and Rick Vanover presenting a What’s New in Update 4 for Veeam Backup & Replication and Michael Cade and myself presenting a session on Automation and Orchestration of VMware and Veeam on VMware Cloud on AWS. There are also a couple of vBrownBag Tech Talks where Veeam features including talks from Michael Cade and Michael White while Dave Russell will be presenting a Partner Spotlight session.

https://my.vmworld.com/widget/vmware/vmworld18us/uscatalog?search=Veeam

Veeam @VMworld Solutions Exchange:

This year, as per usual we will have significant presence on the floor, with a Main Booth Area doing demo’s prize, giveaways, having an Experts Bar and acting as sponsor of the opening night hall crawl. We also have an in booth Theatre where I will be presenting on our new vCloud Director integration with Veeam Cloud Connect.

Veeam Community Support @VMworld:

Veeam still gets the community and has been a strong supporter historically of VMworld community based events. This year again, we have come to the party are have gone all-in in terms of being front and center in supporting community events. Special mention goes to Rick Vanover who leads the charge in making sure Veeam is doing what it can to help make these events possible:

  • Opening Acts
  • VMunderground
  • vBrownBag
  • Spousetivities
  • vRockstar Party
  • Vanguard Takeover

Party with Veeam @VMworld:

Finally, it wouldn’t be VMworld without attending Veeam’s seriously legendary party. This year we are looking to top last years event at Hakkasan nightclub by taking over one of the hottest club in Vegas… Omnia Nightclub! If it’s anything like the VeeamON 2015 Party that I attended it’s going to go off!! I know how hard it is to plan evening activities at VMworld and there is no doubt that there are a lot of decent competing parties on the Tuesday night…however whatever you do, you need to make sure that you at least stop by Caesars Casino and party in green. RSVP here.

https://www.eventbrite.com/e/veeams-legendary-vmworld-party-2018-tickets-45869296300

Final Word:

Again, this year’s VMworld is going to be huge and Veeam will be right there front and center of the awesomeness. Please stop by our sessions, visit our stand and attend our community sponsored events and feel free to chase me down for a chat…I’m always keen to meet other members of this great community. Oh, and don’t forget to get to the party!

Automating the Creation of AWS VPC and Subnets for VMware Cloud on AWS

Yesterday I wrote about how to deploy a Single Host SDDC through the VMware Cloud on AWS web console. I mentioned some pre-requisites that where required in order for the deployment to be successful. Part of those is to setup an AWS VPC up with networking in place so that the VMC components can be deployed. While it’s not too hard a task to perform through the AWS console, in the spirit of the work I’m doing around automation I have gotten this done via a Terraform plan.

The max lifetime for a Single Instance deployment is 30 days from creation, but the reality is most people will/should be using this to test the waters and may only want to spin the SDDC up for a couple of hours a day, run some tests and then destroy it. That obviously has it’s disadvantages as well. The main one being that you have to start from scratch every time. Given the nature of the VMworld session around the automation and orchestration of Veeam and VMC, starting from scratch is not an issue however it was desirable to look for efficiencies during the re-deployment.

For those looking to save time and automate parts of the deployment beyond the AWS VPC, there are a number of PowerShell code example and modules available that along with the Terraform plan, reduce the time to get a new SDDC firing.

I’m using a combination of the above scripts to deploy a new SDDC once the AWS VPC has been created. The first one actually deploys the SDDC through PowerShell while the second one is a module that allows some interactivity via commandlets to do things such as export and import Firewall rules.

Using Terraform to Create AWS VPC for VMware Cloud on AWS:

The Terraform plan linked here on GitHub does a couple of things:

  • Creates a new VPC
  • Creates a VPC Network
  • Creates three VPC subnets across different Availability Zones
  • Associates the three VPN subnets to the main route table
  • Creates desired security group rules

https://github.com/anthonyspiteri/vmc_vpc_subnet_create

[Note] Even for the Single Instance Node SDDC it will take about 120 minutes to deploy…so that needs to be factored in in terms of the window to work on the instance.

Creating a Single Host SDDC for VMware Cloud on AWS

While preparing for my VMworld session with Michael Cade on automating and orchestrating the deployment of Veeam into VMware Cloud on AWS, we have been testing against the Single Host SDDC that’s been made available for on demand POCs for those looking to test the waters on VMware Cloud on AWS. The great thing about using the Single Host SDDC is it’s obviously cheaper to run than the four node production version, but also that you can spin it up and destroy the instance as many times as you like.

Single Host SDDC is our low-cost gateway into the VMware Cloud on AWS hybrid cloud solution. Typically purchased as a 4-host service, it is the perfect way to test your first workload and leverage the additional capability and flexibility of VMware Cloud on AWS for 30 days. You can seamlessly scale-up to Production SDDC, a 4-host service, at any time during the 30-days and get even more from the world’s leading private cloud provider running on the most popular public cloud platform.

To get started with the Single Host SDDC, you need to head to this page and sign up…you will get an Activation email and from there be able to go through the account setup. This big thing to note at the moment is that a US Based Credit Card is required.

There are a few pre-requisites before getting an SDDC spun up…mainly around VPC networking within AWS. There is a brilliant blog post here, that describes the networking that needs to be considered before kicking off a fresh deployment. The offical help files are a little less clear on what needs to be put into place from an AWS VPC perspective, but in a nutshell you need:

  • An AWS Account
  • A fresh VPC with a VPC Networking configured
  • At least three VPC Subnets configured
  • A Management Subnet for the VMware Objects to sit on

Once this has been configured in the AWS Region the SDDC will be deployed into the process can be started. First step is to select a region (this is dictated by the choices made at account creation) and then select a deployment type followed by a name for the SDDC.

The next step is to link an existing AWS account. This is not required at the time of setup however it is required to get the most out of the solution. This will go off and launch an AWS CloudFormation template to connect the SDDC to the AWS account. It creates IAM role to allow communication between the SDDC and AWS.

[Note] I ran into an issue initially where the default location for the CloudFormation template to be run out of was not set to the region where the SDDC was to be deployed into. Make sure that when you click on the Launch button you take not the the AWS region and change where appropriate by change the URL to the correct region.

After a minute or so, the VMware Cloud on AWS Create an SDDC page will automatically refresh as shown below

The next step is to select the VPC and the VPC subnets for the raw SDDC components to be deployed into. I ran into a few gotcha’s on this initially and what you need to have configured is the subnets configured to size as listed in the user guides and the post I linked to that covers networking, but you also need to make sure you have at least three subnets configured across different AWS Availability zones within the region. This was not clear, but I was told by support that it was required.

If the AWS side of things is not configured correctly you will see this error.

What you should see…all things being equal is this.

Finally you need to set the Management Subnet which is used for the vCenter, Hosts, NSX Manager and other VMware components being deployed into the SDDC. There is a default, but it’s important to consider that this should not overlap with any existing networks that you may look to extend the SDDC into.

From here, the SDDC can be deployed by clicking on the Deploy SDDC button.

[Note] Even for the Single Instance Node SDDC it will take about 120 minutes to deploy and you can not cancel the process once it’s started.

Once completed we can click into the details of the SDDC, which allows you to see all the relevant information relating to it and also allows you to configure the networking.

Finally, to access the vCenter you need to configure a Firewall rule to allow web access through the management gateway.

Once completed you can login to the vCenter that’s hosted on the VMware Cloud on AWS instance and start to create VMs and have a play around with the environment.

There is a way to automate a lot of what i’ve stepped through above…for that, i’ll go through the tools in another blog post later this week.

References:

Selecting IP Subnets for your SDDC

VMware Cloud Briefing Roundup – VMware Cloud on AWS and other Updates

VMware has held it’s first ever VMware Cloud Briefing today. This is an online, global event with an agenda featuring a keynote from Pat Gelsinger, new announcements and demos relating to VMware Cloud as well as discussions on cloud trends and market momentum. Key to the messaging is the fact that applications are driving cloud initiatives weather that be via delivering new SaaS or cloud applications as well as extending networks beyond traditional barriers while modernizing the datacenter.

The VMware Cloud is looking like a complete vision at this point and the graphic below highlights that fact. There are multiple partners offering VMware based Cloud Infrastructure along with the Public Cloud and SaaS providers. On top of that, VMware now talks about a complete cloud management layer underpinned by vSphere and NSX technologies.

VMware Cloud on AWS Updates:

The big news on the VMware Cloud on AWS front is that there is a new UK based service offering and continued expansion into Germany. This will extend into the APAC region later in the year.

VMware Cloud on AWS will also have support for stretch clusters using the same vSAN and NSX technologies used on-premises on top of the underlying AWS compute and networking platform. This looks to extend application uptime across AWS Availability Zones within AWS regions.

This will feature

  • Zero RPO high Availability across AZs
  • Built into the infrastructure layer with synchronous replication
  • Stretched Cluster with common logical networks with vSphere HA/DRS
  • If an AZ goes down it’s treated as a HA event and impacted VMs brought back in other AZ

They are also adding vSAN Compression and Deduplication for VMware Cloud on AWS services which in theory will save 40% in storage.

VMware Cloud Services Updates:

Hybrid Cloud Extension HCX (first announced at VMworld last year) has a new on-premises offering and is expanding availability through VMware Cloud Provider Partners. This included VMware Cloud on AWS, IBM Cloud and OVH. The promise here is an any-to-any vSphere migration that cross version while being still secure. We are talking about Hybridity here!

Log Intelligence is an interesting one…it looks like Log Insight delivered as a SaaS application. It is a real-time big data log management platform for VMware Cloud on AWS adding real-time visibility into infrastructure and application logs for faster troubleshooting. It support any SYSLOG source and will ingest over the internet in theory.

Cost Insight is an assessment tool for private cloud to VMware Cloud on AWS Migration. It calculates VMware Cloud on AWS capacity required to migrate from on-premises to VMC. It has integration with Network insight to calculate networking costs during migration as well.

Finally there is an update to Wavefront that expands inputs and integrations to enhance visibility and monitoring. There are 45 new integrations, monitoring of native AWS services and integration into vRealize Operations.

You can watch the whole event here.

9.5 Update 3 Officially Compatible with VMware Cloud on AWS

At VMworld 2017 Veeam was announced as one of only two foundation Data Protection partners for VMware Cloud on AWS. This functionality was dependant on the release of Veeam Backup & Replication 9.5 Update 3 that contained the enhancements for it to interoperate with VMware Cloud on AWS locked down vCenter.

This week 9.5 Update has been listed on the VMware Compatibility Guide (VCG) for Data Protection.

In terms of what you now get in Update 3, there is little noticeable difference in the process to configure and run backup or replication jobs from within Veeam Backup & Replication. The VMware Cloud on AWS resources are treated as just another cluster so most actions and features of the core platform work as if the cloud based cluster was local or otherwise.

There were a few limitations that VMware have placed on the solution which means that our NFS based features such as Instant VM Recovery, Virtual Labs or Surebackups won’t work at this stage. HotAdd mode is the only supported backup transport mode (which isn’t a bad thing as it’s my preferred transport mode) which talks to a new VDDK library that is part of the VMC platform.

With that the following features work out of the box:

  • Backup with In Guest Processing
  • Restores to original or new locations
  • Backup Copy Jobs
  • Replication
  • Cloud Connect Backup
  • Windows File Level Recovery
  • Veeam Explorers

I’m really excited where VMware takes VMware Cloud on AWS and I see a lot of opportunities for the platform to be used as an availability resource. Over the next couple of months I’m hoping to be able to dive a little more into how Veeam can offer both backup and replication solutions for VMware Cloud on AWS.

Resources:

https://www.vmware.com/resources/compatibility/search.php?deviceCategory=vsanps&details=1&partner=594&releases=282&page=1&display_interval=10&sortColumn=Partner&sortOrder=Asc

VMware Cloud on AWS: Thoughts One Year On

Last week at VMworld 2017 in the US, VMware announced the initial availability of VMware Cloud on AWS. It was the focal point for VMware at the event and probably the most important strategic play that VMware has undertaken in it’s history. This partnership was officially announced at last year’s VMworld and at the time I wrote a couple of blog posts commenting on the potential impact to the then, vCloud Air Network (now VCPP) and what needed to be done to empower the network.

As you can imagine at the time, I was a little skeptical about the announcement, but since that time we have seen the fall of vCloud Air to OVH and a doubling down of the efforts around enhancing vCloud Director and general support for the VMware Cloud Provider Program. Put this together with me stepping out of my role within the VCPP to one that is on the outside supporting it I feel that VMware Cloud on AWS is good for VMware and also good for service providers.

What It Looks Like:

This time last year we didn’t know exactly what VMC would look like apart from using vSphere, NSX and vSAN as it’s compute, networking and storage platforms or how exactly it would work on top of AWS’s infrastructure. For a detailed look under the hood, Frank Denneman has published a Technical Overview which is worth a read. A lot of credit needs to go to the engineering teams at both ends for achieving what they have achieved within a relatively small period of time.

The key thing to point out is the default compute and storage that’s included as part of the service. Four ESXi hosts will have dual E5-2686 v4 CPUs @2.3GHz with 18 Cores and 512GB of RAM. Storage wise there will be 10TB raw of All Flash vSAN per host, meaning depending on the FTT of vSAN a usable minimum of 20TB. The scale-out model enables expansion to up to 16 hosts, resulting in 576 CPU cores and 8TB of memory which is insane!

What does is Cost:

Here is where is starts to get interesting for me. Pricing wasn’t discussed during the Keynotes or in the announcements but looking at the pricing page here you can see what this base cluster will cost you. It’s going to cost $8.37 USD per host per hour for the on-demand option, which is the only option until VMware launches one year and three year reserved instances in the future where there looks to be a thirty and fifty percent saving respectively.

Upon first glance this seems expensive…however it’s only expensive in relative terms because there is the default resources that come the service. You can’t get anything less than the four hosts with all the trimmings at the moment which, when taken into consideration might lock out non enterprise companies from taking the service up.

Unless pricing changes by way of offering a smaller resource footprint I can see this not being attractive in other regions like ANZ or EMEA where small to medium size enterprises are more common. This is where VCPP service providers can still remain competitive and continue to offer services around the same building blocks as VMC on their own platforms.

CloudPhysics have an interesting blog post here, on some cost analytics that they ran.

How Can it be Leveraged:

With Veeam being a launch partner with VMware Cloud on AWS offering availability services it got me thinking as to how the service could be leveraged by service providers. A few things need to fall into place from a technology point of view but I believe that one of the best potential use cases for VMC is for service providers to leverage it for failover, replication and disaster recovery scenarios.

The fact that there this service posses auto-scaling of hosts means that it has the potential to be used as a resource cluster for disaster recovery services. If I think about Cloud Connect Replication, one of the hardest things to get right as a provider is sizing the failover resources and the procurement of the compute and storage to deal with customer requirements. As long as the base resources are covered the auto scaling capabilities mean that service providers only need to cover the base resources and pay any additional costs if a failover event happens and exceed the default cluster resources.

It must be pointed out that Cloud Connect can’t use a VMC cluster as a target at the moment due to the networking used…that is VXLAN on top of AWS VPN networking.

As I wrote last year, I feel like there is a great opportunity for service providers to leverage VMC as vCloud Director provider clusters however I know that this currently isn’t being supported by VMware. I honestly feel that service providers would love the ability to have cloud based Provider vDCs available across the world and I’m hoping that VMware realise the potential and allow vCloud Director to connect and consume VMC.

VMworld End of Show Report on VMware Cloud on AWS:

References:

https://www.vmware.com/company/news/releases/vmw-newsfeed.VMware-and-AWS-Announce-Initial-Availability-of-VMware-Cloud-on-AWS.2184706.html

https://cloud.vmware.com/vmc-aws

https://www.crn.com.au/news/pricing-revealed-for-vmware-cloud-on-aws-472011