Notes on Software-Defined Data Center

Here are my course notes from the VCP6-NV v6.2 Course touching on Software Defined Data Center (SDDC). I will keep posting the rest of my notes in hopes it will assist someone else as it did me.

 

 

  • Automated and managed by intelligent policy based data center management software
  • Centrally monitor and admin all applications with unified management experience
  • Enable IT to be more agile elastic and responsive
  • Extends past compute
    • Compute vsphere or vpshere with OM
    • Network Virtualization NSX
    • Storage Virtualization VSAN vsphere VVOLS or storage policy based management
  • DC automation
    • Vrealize automation
    • Vrealize operations
    • Vrealize log insight
  • X86 virtualization before vmware was limited to java vm or x window etc
  • Key files of vm
    • Config file
    • Virtual disk file
    • Log file
    • Nvram setting file
  • SDS Control Plane
    • Policy driven automation
    • Common across arrays
    • Dynamic control
  • SDS Data Plane
    • Server SAN
    • Flash accelerated
    • Distributed
  • Virtual SAN
    • Hyperconverged arch
    • Data persistence delivered from the hypervisor
  • Barriers
    • Slow
    • Placement
    • Mobility
    • Hardware dependent
    • Operationally intensive
  • Abstraction Need
    • Greater speed and agility
    • Lower operational overhead
    • Decreased capital expenditures
  • NSX
    • Network virtualization platform
      • Logical switching
        • L2 over L3 decoupled from physical network
      • Logical routing
        • Distributed logical router – route at line rate of hypervisor best for E to W traffic
        • Edge services GW router – routing services best for N to S
      • Logical firewall
        • DFW
        • Firewall in edge services GW
      • Logical load balancer
        • Load balance in software
      • Logical vpn
        • Site to site and vpn in software
      • NSX API
        • Representational state trasnfer for integration into any cloud platform
        • Best to use NSX to automate logical network and security services
      • Robust partner eco system
        • Service composer to use third party

  • ESXi
    • Virtualizes memory, proc memory storage etc
    • Decouples of OS from underlying hardware
      • Better mobility
      • Better backup
      • Improved DR
      • Improved speed and agility
    • Interposition
      • Interposes beween hardware and vms
    • Isolation
      • Fault performance and configuration isolation
    • Encapsulation
      • Encap in files
    • Portability
      • Highly portable virtual hardware irrespective of underlying hardware
      • 10k vms
      • 1000 hosts
      • PSC -SSO, license, look up, cert manager

  • NSX
    • All networking can be done virtually decoupling from thy physical network
    • Virtual Network with vsphere
      • If vlan is not on physical switch then only vms on same host tagged with vlan can communicate
    • Virtual Network with Vmware NSX
      • Uses VXLANs virtual extensible LAN instead of VLANS, no trunking required from distributed switch to physical network
    • IP connectivity and MTU 1600 or larger
    • Vms connected to logical switches can use ipv4 or ipv6 and this is transparent from transport
    • IPV6 NOT SUPPORT for VXLAN as well as follwing for NOGO ipv6
      • Controller nodes
      • NSX edge service gateway NAT
      • Distributed logical routing
  • NSX components
    • NSX Manager
      • Management plane of solution and REST API 1:1 mapping with vcenter
    • NSX Controller Cluster
      • Distributed state management system control plane for logical switching and routing
      • Maintains info about all hosts and logical switches DLR; control plane of NSX
    • NSX Virtual Switch
      • Provides access level switching in hypervisor based on vds+ VXLAN, DLR and firewall services
      • Components installed as VIB packages
    • EDGE services gateway
      • Edge services
      • NAT, dhcp, vpn, HA, firewall
    • VXLAN or logical switches
      • Overlay protocol that allows for logical L2 network over existing IP network
    • Distributed logical router
      • Optimize east west traffic
      • Vm on same host on different network can communicate with one another with tradition router
    • Distributed logical firewall
      • Segmentation of data center entity, port, IP address, filtering line rate, distributed across hosts
    • Service composer
      • Helps provision and assign networks
      • Services mapped to security group using policy
  • Logical switching
    • L2 over L3
    • VXLAN, break logical from physical
    • Scalable multi tennancy
    • Reduce vlan id usage
  • NSX route benefits
    • Support ospf and bgp
    • Optimized east west and NS traffic
    • Hypervisor based logical routing
  • Benefits of distributed firewall
    • At hypervisor level
    • Vnic microsegementation
    • Dynamic service chain
    • Line rate of 20GB per sec per host
    • Vm name vcenter and identy based rules
  • Reduce NS traffic due to no hair pinning

plasebikan