Chapter 6. VMware Product Integration
This chapter covers the following topics:
• Desktop and Application Virtualization
• Replication and Disaster Recovery
• Private Public and Hybrid Clouds
This chapter contains information related to VMware 2V0-21.20 exam objectives 2.2, 2.3, 2.4, 2.5.
This chapter provides information for vSphere 7.0 integration with other VMware Products, such as vRealize Suite, Site Recovery Manager, VMware Horizon, and NSX.
“Do I Know This Already?” Quiz
The “Do I Know This Already?” quiz allows you to assess whether you should study this entire chapter or move quickly to the “Exam Preparation Tasks” section. Regardless, the authors recommend that you read the entire chapter at least once. Table 6-1 outlines the major headings in this chapter and the corresponding “Do I Know This Already?” quiz questions. You can find the answers in Appendix A, “Answers to the ‘Do I Know This Already?’ Quizzes and Review Questions.”
Table 6-1 ”Do I Know This Already?” Section-to-Question Mapping
1. You want to streamline the development of modern applications using a familiar, single stack for containers and virtual machines. Which one of the following products should you use?
a. VMware Horizon
b. VMware App Volumes
c. VMware AppStack
d. vSphere with Tanzu
2. You want to provide continuous performance optimization and intelligent remediation in your vSphere SDDC. Which one of the following products should you use?
a. vRLI
b. vROps
c. vRA
d. vRNI
3. You want to decrease time and effort for root cause analysis in your data center. Which one of the following products should you use?
a. vRLI
b. vROps
c. vRA
d. vRNI
4. You want to deliver VDI using stateless virtual desktops and just in time delivery of user profile data and applications. Which products should you choose? (pick two)
a. VMware Horizon
b. VCF
c. vSphere Replication
d. HCX
e. App Volumes
5. You want to use App Volumes with you Horizon VDI environment. Which other environments can benefit from App Volumes? (pick two)
a. VCF
b. VMware on AWS
c. Azure VMware Solution
d. Citrix XenApp
e. RDSH
6. You want to provide replication for your vSphere virtual machines to a remote site. Which of the following includes the required software?
a. Site Recovery Manager
b. vRealize Suite
c. vSphere Foundations
d. vSphere Standard
7. Which of the following are use cases for VMware Site Recovery Manager? (pick two)
a. Replicate data
b. Planned migrations
c. Disaster Recovery
d. VDI
e. Data center automation
8. You want to use a platform that provides Cloud Builder and SDDC Manager. Which product should you choose?
a. HCX
b. vRealize Automation
c. VCF
d. vRNI
9. You want to implement a workload mobility platform that simplifies application migration, workload rebalancing, and business continuity across hybrid clouds. Which product should you implement?
a. HCX
b. vRealize Automation
c. VCF
d. vRNI
10. You want to adopt zero-trust security and automated network deployment. Which one of the following products should you use?
a. VMware NSX
b. HCX
c. VCF
d. AppDefense
Foundation Topics
vSphere Add-Ons
This section addresses the following products that are directly related to vSphere but are not covered in other chapters of this book.
• vSphere with Tanzu: a vSphere edition that provides support for containers natively in the hypervisor.
• vCenter Converter: a product that facilitates the conversion of physical and other servers into virtual machines running in vSphere.
• vSphere Replication: a virtual machine replication feature that is included with specific vSphere editions.
• VMware Skyline: a proactive support offering for many VMware products, including vSphere
vSphere with Tanzu
With vSphere with Tanzu you can implement vSphere as a platform for natively running Kubernetes workloads. When enabled on a vSphere cluster, vSphere with Tanzu enables you to run Kubernetes workloads directly in the ESXi hypervisor and create Kubernetes clusters using dedicated resource pools. This works by creating a Kubernetes control plane directly in the hypervisor. A vSphere cluster that is enabled with vSphere for Kubernetes is called a Supervisor Cluster. The Supervisor Cluster runs on top of ESXi for compute, NSX-T Data Center for networking, and vSAN (or another shared storage solution) for storage.
With a Kubernetes control plane, you can create namespaces on the Supervisor Cluster, run containers in vSphere Pods, and manage Kubernetes clusters using the Tanzu Kubernetes Grid Service. A vSphere Pod is a specialized virtual machine for running containers. In vSphere, you can manage and monitor vSphere Pods and Tanzu Kubernetes clusters running in different namespaces.
Use Cases
• Provide familiar, single stack for containers and virtual machines.
• Streamline development of modern applications
Integration
To get started, the main step is to install vSphere 7 with Kubernetes, instead of installing vSphere 7. To run Kubernetes workloads on a vSphere cluster, you must enable the cluster with vSphere with Tanzu. In the vSphere Client, select Workload Management, select a vCenter Server, select Enable, select a cluster, and complete the wizard. In the wizard configure the cluster, network, and storage settings.
vCenter Converter
VMware vCenter Converter Standalone (Converter) is a free solution that automates the process of converting existing Windows and Linux machines into virtual machines running in vSphere environment. The source machines can be physical server or virtual machines in non-ESXi environments. You can use Converter to convert virtual machines running in VMware Workstation, VMware Fusion, Hyper-V, and Amazon EC2 Windows to virtual machines running in vSphere.
With Converter, you can hot-clone Windows servers without disrupting users of the source Windows Server. With hot-clone, you can minimize downtime when converting existing Windows and Linux server to virtual machines running in vSphere.
Converter offers a Centralized management console allows users to queue and monitor multiple simultaneous remote, as well as local, conversions.
Use Case
• Create virtual machine templates based on existing servers
• Physical to virtual server conversions
• Virtual Machine migrations from non-vSphere environments
Integration
Converter is a standalone product that you can install on a Windows system. You can install it locally on a Windows desktop or server instance. To enable the ability for creating and managing tasks remotely., you can install its server and worker components on a Windows server in your data center and install the client component on multiple desktops. The server component installs an agent component on each Windows source machine prior to hot-cloning.
In the Converter user interface, you can specify a vCenter Server as the destination for a conversion operation. You must provide credentials with sufficient privileges to create the virtual machine in the vSphere environment.
VMware vSphere Replication
This product is included in multiple editions of vSphere. Please see the Replication and Disaster Recovery section in this chapter for details.
VMware SkyLine
VMware Skyline is a proactive support technology, developed by VMware Global Services, that is available to customers with an active Production Support or Premier Services agreement. Skyline helps you avoid problems before they occur and reduces the amount of time spent solving support requests.
The Skyline architecture includes a standalone, on-premise virtual appliance (Skyline Collector) for secure, automatic data collection. It also includes a self-service web portal (Skyline Advisor) for accessing your VMware inventory, proactive findings, recommendations, and risks. You can segment data by factors, such as region and lines of business. You can use VMware Cloud Services Console to control user access and permissions. With the Premier Services, you can access executive summary reports and view more powerful recommendations.
You can use Skyline Advisor to access Skyline Log Assist, which automatically (with your permission) uploads support log bundles to VMware Technical Support and eliminates manual procedures for log gathering and uploading. If you approve the request in Skyline Advisor, then the requested logs are automatically uploaded to VMware Support. Likewise, you can choose to proactively push log files to VMware Support using Log Assist within Skyline Advisor.
Use Cases
• Avoid issues and streamline resolution in a vSphere environment.
Integration
See Chapter 10 > Monitor and Manage Host Resources and Health for instructions for configuring vCenter Server integration with Skyline Health.
vRealize Suite
This section addresses the vRealize Suite, which is a set of products that provides a layer for operations, automation, and analysis for software defined data centers and hybrid clouds.
vRealize Operations Manager (vROps)
vRealize Operations Manager (vROps) provides operations management for private, hybrid, and multi-cloud environments in single pane of glass. If offers full-stack visibility from physical, virtual, and cloud infrastructure, to virtual machines, containers, and applications. vROps provides continuous performance optimization, efficient capacity planning, cost management, integrated compliance. It offers self-driving operations and intelligent remediation. It is available as an on-premise offering and as a SaaS offering.
vROps provides intelligent alerts, trending, and forecasting functionality. It uses current, historical, and predicted data for capacity analysis. For example, it calculates and provides a Days Remaining metrics for many managed objects, such as vSphere clusters and datastores. This metric represents the number of days until the resource is predicted to have insufficient capacity. vROps applies customizable policies for everything it does. For example, you can use policies to adjust head room buffers and provisioning lead times that impact the capacity analysis.
vROps provides many native dashboards for management and troubleshooting. It offers many management packs to extend its operations beyond just vSphere. For example, you can install VMWare provided and third-party provided management packs supporting operations for vSAN, NSX, third party network gear, third party storage system, and third-party software applications. Each management pack has its own unique requirements, which typically include installing the pack and connecting it to a management endpoint for the managed entity.
Use Cases
• Continuous performance optimization
• Integrated Compliance
• Next-Gen Operations Platform
• Capacity and Cost Management and Planning
• Intelligent Remediation
Integration
In the vROps user interface, you can use the Solutions page to add a vCenter Server adapter instance (cloud account). Configure the instance by providing the address and user credentials for connecting to vCenter Server. At a minimum, the user account must have Read privileges assigned at the data center or vCenter Server level. To collect virtual machine guest OS metrics, the credential must have Performance > Modify intervals permission enabled in the target. Additional requirements exist to allow vROps to perform automated actions in vSphere.
vRealize Log Insight (vRLI)
vRealize Log Insight (vRLI) is a software product that provides intelligent log management for infrastructure and applications for any environment. It is a highly scalable log management solution that provides intuitive dashboards, analytics, and third-party extensibility. It collects and automatically identifies structure in all types of machine-generated log data, such as application logs, network traces, configuration files, messages, performance data, and system state dumps. It builds a high-performance index for performing analytics. It monitors and manages machine data at scale.
vRLI is especially useful in a large environment with multiple vCenter Server instances and complex infrastructure. You can configure vRLI to collect and analyze data from the vCenter Servers, ESXi hosts, guest OS, network infrastructure, storage infrastructure, and more. When troubleshooting, you can use a single pane of glass to analyze data from the entire stack
Use Cases
• Decrease time and effort for root cause analysis
• Centralized log management and analysis
Integration
To collect alarms, events, and tasks data from a vSphere environment, you must connect vRealize Log Insight to one or more vCenter Server systems. vRLI can collect events, tasks, alerts, and other structured data directly from vCenter Server. It can also collect unstructured data from ESXi hosts and the vCenter Server via syslog.
When connecting the vCenter Server to vRLI, you must provide a service account with appropriate privileges. To collect structured data from vCenter Server, the service account must have the System.View privilege. To collect syslog data from ESXi hosts, the account must have the following privileges.
• Host.Configuration.Change settings
• Host.Configuration.Network configuration
• Host.Configuration.Advanced Settings
• Host.Configuration.Security profile and firewall
See the Log Insight section in Chapter 10 for instructions for configuring vRLI to integrate with vCenter Server.
vRealize Automation (vRA)
vRealize Automation (vRA) is an automation platform for private and multi-cloud environments. It delivers self-service automation, DevOps for infrastructure, and network automation that helps you increase your business’s agility, productivity, and efficiency. With vRA, your internal IT teams, DevOps engineers, developers, and others get the infrastructure, applications, and resources they need as a service with a public cloud like experience. Customer benefit from increased speed, flexibility, reliability, and scalability, while you maintain security and control.
vRA 8.x includes vRA Cloud Assembly, vRA Code Stream, and vRA Service Broker.
You can use vRA Cloud Assembly to iteratively develop and deploy blueprints for your vSphere environment and other clouds. You can use vRA Service Broker create, manage, and use self-service catalog items. You can use vRA Code Stream to create pipelines that automate your entire DevOps lifecycle, including the automation of software testing and release.
With vRA Cloud Assembly, you can build blueprints that automatically provision virtual machines based on existing virtual machines and templates in your vSphere environment. In the blueprint, you define the provisioning method, such as full clone or linked clone. You can configure the blueprint to provision multiple virtual machines, applications, and networks. For example, you can develop a blueprint to deploy a multi-tier application involving multiple virtual machines, networks, and software components. You can publish the blueprints and use vRA Service Broker to make them available as a service in the self-service catalog. You can configure vRA to allow consumers to provision the multi-tiered application and its networks on demand and to destroy it when no longer needed.
Use Cases
• Self-service private and hybrid clouds: Provide self-service catalog for delivering IaaS in your on-premise vSphere environment, private clouds built on VMware Cloud Foundations, and VMware Cloud Foundation on AWS.
• Multi-cloud automation with governance: Allow an organization who has used vRA to address the previous use case, to extend the self-service automation to multiple public clouds, including Amazon Web Services, Microsoft Azure, and Google Cloud Platform.
• DevOps: Provide automation for Continuous Integration / Continuous Development (CI/CD) pipelines.
• Kubernetes automation: Automate Kubernetes cluster and namespace provisioning management and support.
Integration
To get started, you should deploy a vRA instance to a management vSphere cluster. The vRA 8.x deployment typically involves three vRA virtual appliances and three VMware Identity Manager (vIDM) appliances. To facilitate the deployment of these appliances you can deploy and use the vRealize Lifecycle Manager (LCM) Appliance.
To provide vSphere automation using vRA 8.x, you need to add at least one vCenter cloud account. (In vRA 7.x, you create a vSphere endpoint.) The vCenter Server that you use for a cloud account manages the user workload vSphere clusters. The cloud account provides the credentials that vRA uses to connect to vCenter Server. Table 6-2 provides the required permissions for the vCenter cloud account.
Table 6-2 Required Permissions for the vCenter Cloud Account.
vRealize Orchestrator (vRO)
vRealize Orchestrator (vRO) provides modern workflow automation platform that simplifies complex infrastructure processes. It is a key component of vRA for providing custom workflows within on-demand services and providing anything as a service (XaaS). It can be used independently to run pre-built workflows and to create custom workflows. It automates management and operational tasks of VMware and third-party systems such as ticketing systems, change management systems, and IT asset management systems.
In a vSphere environment, you may frequently perform some operational tasks. For example, consider a scenario where you receive frequent requests to support the update procedure for a complex application involving multiple virtual machines. For each update, you are required to take the following actions.
• Shutdown each virtual machine, one by one, in a specific order, ensuring that each shutdown operation completes prior to beginning the next shutdown.
• Create a snapshot of each virtual machine.
• Power on each virtual machine, one by one, in a specific order, ensuring that each guest OS and application services are running prior to beginning the next power on.
• Inform the application team that the application is ready for update.
• Following a successful update, delete the snapshots.
With vRO, you can build workflows to automate all or portions of this this example operation. For example, vRO provides out of the box workflows for virtual machine power and snapshot operations. You can build a custom workflow that leverages the existing workflows as nested workflows. In the custom workflow you can add data input, conditional paths, looping, and monitoring.
Use Cases
• Orchestrate common vSphere operations tasks
• Orchestrate common data center infrastructure and application tasks.
• Provide XaaS for a vRA environment.
Integration
You can configure vRO 8.x to use vRA authentication or vSphere authentication. To use vSphere authentication, in the vRO Control Center set Configure Authentication Provider > Authentication Mode to vSphere and configure it to use the credentials of the local administrator account of the vCenter Single Sign On (SSO) domain ([email protected] by default). You must use vCenter Server 6.0 or later. To add a vCenter Server instance, you run the provided Add a vCenter Server Instance workflow.
vRealize Network Insight (vRNi)
VMware vRealize Network Insight (vRNi) helps you build an optimized, highly available and secure network infrastructure for your hybrid and multi-clouds. It accelerates micro-segmentation planning and implementation. It provides auditing for changes to the security posture and helps you ensure compliance. It facilitates troubleshooting across network infrastructure (virtual and physical) and security infrastructure.
It provides network visibility and analytics to accelerate micro-segmentation security, minimize risk during application migration, optimize network performance, and manage NSX, SD-WAN Velocloud, and Kubernetes deployments.
Use Cases
• Plan application security and migration: Accelerate micro-segmentation deployment for private clouds and public clouds.
• Optimize and troubleshoot virtual and physical networks: Reduce the mean time to resolution for application connectivity issues, eliminate network bottlenecks, and audit network and security changes.
• Manage and scale NSX: Extend the first two use cases to cover multiple NSX Managers and increase availability by proactively detecting configuration issues.
Integration
You can add VMware Managers, such as vCenter Server, VMware NSX Manager, and VMware NSX-T Manager to vRNI for data collection. To add a vCenter Server to vRNI as a data source, you need the following privileges applied and propagated at the root level.
• System.Anonymous
• System.Read
• System.View
• Global.Settings
To support IPFIX, you also need the Modify and Port configuration operation privilege on the distributed switches and Modify and Policy operation on the distributed port groups.
To identify virtual machine to virtual machine paths, you must install VMware Tools in the virtual machines.
Desktop and Application Virtualization
This section addresses VMware products for desktop and application virtualization.
VMware Horizon
VMware Horizon is a platform for securely delivering virtual desktops and applications in private and hybrid clouds. It provides the provisioning and management of desktop pools having thousands of virtual desktops per pool. It streamlines the management of images, applications, profiles and policies for the desktops and their users. It integrates with VMware Workspace ONE Access, which establishes and verifies end-user identity with multifactor authentication, and serves as the basis for conditional access and network micro-segmentation policies for Horizon virtual desktops and applications.
Horizon includes Instant Clones, which together with VMware Dynamic Environment Manager and VMware App Volumes dynamically provides Just in Time (JIT) delivery of user profile data and applications to stateless desktops.
Horizon provisions large pools of virtual desktops from a small set of base virtual desktops by integrating with vCenter Server. Horizon makes the provisioning requests, which are carried out by vCenter Server in the appropriate vSphere clusters. vSphere provides the environment, including the compute, storage, and network resources for running the virtual desktops. With vSphere DRS and vSphere HA, it provides load balancing and high availability.
Use Cases
• Remote users
• Kiosk and task users
• Call center
• Bring your own device (BYOD) deployments
• Graphic intensive applications
Integration
To get started, in the vSphere environment, you should prepare vSphere clusters to be used as resources for virtual desktop provisioning. You must add vCenter Server instances using the Horizon Console. When adding the vCenter Server instance, provide the vCenter Server address and appropriate user credentials. You can use the administrator account in the SSO domain ([email protected] by default) or preferably, an account that is assigned the minimum privileges. Table 6-3 provides the required privileges when you are not using Instant Clones. The use of Instant Clones requires additional privileges, such as all virtual machine configuration and inventory privileges.
Table 6-3 Required vCenter Server Privileges without Instant Clones
App Volumes
VMware App Volumes is a set of application and user management solutions for VMware Horizon, Citrix Virtual Apps and Desktops, and Remote Desktop Services Host (RDSH) virtual environments. It streamlines your ability to deliver, update, assign, and manage applications and users across virtual desktop (VDI) and published application environments. With App Volumes, you install an application once using a provisioning computer, collect the application components in AppStacks, and centrally control the mapping of AppStacks to desktops.
AppStacks and companion writeable volumes are stored in virtual disk files and attached to virtual machines to deliver applications. Updates to applications involve updating or replacing the AppStack or its mappings to desktops.
In RDSH environments, applications are installed on servers and delivered via Remote Desktop. Using App Volumes with RDSH allows simplifies the installation and management of the application on the server. Instead of attaching AppStacks to desktops, you attach AppStacks to RDSH servers and allow RDSH to deliver the application to the user.
Use Cases
• Application virtualization in VMware Horizon VDI environments.
• Application virtualization in a Citrix XenDesktop and XenApp environments.
• Virtualization for RDSH delivered applications
Integration
In the App Volumes Manage Console you can add and register a vCenter Server as a machine manager. To register vCenter Server and to allow App Volumes Manager to function, you must allow the following privileges.
• Datastore >
• Allocate space
• Browse datastore
• Low level file operations
• Remove file
• Update virtual machine files
• Global > Cancel task
• Host > Local Operations > Reconfigure virtual machine
• Sessions > View and stop sessions
• Tasks >Create task
• Virtual machine >
• Configuration >
• Add existing disk
• Add new disk
• Add or remove device
• Query unowned files
• Change resource
• Remove disk
• Settings
• Advanced
• Inventory >
• Create new
• Move
• Register
• Remove
• Unregister
• Provisioning > Promote disks
Replication and Disaster Recovery
This section addresses VMware products for replication and disaster recovery.
vSphere Replication
VMware vSphere Replication is an extension to VMware vCenter Server that provides
hypervisor-based virtual machine replication and recovery. It provides virtual machine replication between the following source and destination combinations.
• Data center to data center
• Cluster to cluster within a data center
• Multiple source sites to a shared target site
vSphere Replication provides the following benefits over storage-based replication.
• Lower cost per virtual machine
• Flexibility in the storage vendor selection at the source and target sites
• Lower overall cost per replication
vSphere Replication is compatible with most vSphere features, including vMotion, Storage vMotion, vSphere HA, DRS, Storage DRS, vSAN, and DPM. It is not compatible with vSphere Fault Tolerance.
Use Cases
• Disaster Recovery
• Data center migrations
Integration
vSphere Replication does not require separate licensing. Instead, it is included as a feature of the following vSphere license editions with no limit on the number of replicated virtual machines.
• vSphere Essentials Plus
• vSphere Standard
• vSphere Enterprise
• vSphere Enterprise Plus
A minimum vSphere Replication deployment involves a single virtual appliance per site that provides the vSphere Replication Management Service (VRMS) and a vSphere Replication Service (VRS). It requires that specific network ports including TCP 80, 443, and 902 be open for your ESXi hosts. Likewise, it requires TCP ports 80, 443, 10443, and 7444 to be open for the vCenter Server.
vSphere Replication provides hypervisor-based replication, where a vSphere Replication Agent in the hypervisor collects and transmits changed blocks to the target VRS appliance. The method is similar to the Change Block Tracking (CBT) feature in ESXi, but it is a mechanism that is unique to vSphere Replication, which avoids compatibility issues with technologies leveraging CBT.
Additionally, you can connect up to nine virtual appliances running just VRS per vCenter Server instance. A single VRMS appliance and nine VRS appliances can work in unison to provide replication for a single vCenter Server environment for up to 2000 replicated virtual machines.
Prior to installing vSphere Replication, set the vCenter Server advanced setting VirtualCenter.FQDN to the full qualified domain name of the vCenter Server. To install vSphere Replication, use the standard vSphere OVF deployment wizard in the vSphere Client. Then use the Virtual Appliance Management Interface (VAMI) to register the appliance with vCenter Single Sign-On. Successful registration produces a Site Recovery option on the vSphere Client home page.
To replicate between sites, deploy vSphere Replication to both sites and configure a vSphere Replication connection between the sites, using the Site Recovery page in the vSphere Client.
To configure replication, you can use the following procedure.
Step 1. In the vSphere Client, navigate to Home > Site Recovery > Open Site Recovery
Step 2. Select a vSphere connected pair and click View Details.
Step 3. Click the Replications tab.
Step 4. Select Outgoing or Incoming and click the Create new replication icon.
Step 5. Complete the wizard to configure the replication setting, such as target, seed, Recovery Point Objective (RPO), point in time instances, and quiescing options.
To recover a virtual machine, you can use the following procedure.
Step 1. In the vSphere Client, navigate to Home > Site Recovery > Open Site Recovery
Step 2. Select a vSphere connected pair and click View Details.
Step 3. Click the Replications tab.
Step 4. Select a replication instance in the Incoming section.
Step 5. Click the Recover icon.
Step 6. Choose Synchronize recent changes (perform a final synchronization) or Use latest available data (continue without performing a final synchronization).
Step 7. Optionally, select Power on the virtual machine after recovery.
Step 8. Complete the wizard to select the target folder, compute resource, and other options.
You can leverage alarms in vCenter Server to alert you concerning issues in the vSphere Replication, such as issues with the connection, a VRS instance, or a specific replication. For example, you can trigger an alarm whenever a configured replication exceeds the configured RPO.
Site Recovery Manager (SRM)
VMware Site Recovery Manager (SRM) is a business continuity solution that you can use to orchestrate planned migrations, test recoveries, and disaster recoveries. For data replication SRM integrates with vSphere Replication and supported storage-based replication products. In SRM you can build recovery plans that include recovery steps, virtual machine priority groups, dependencies, IP address changes, and resource mappings. You can run a single plan in planned migration, test, or disaster recovery mode. In planned migration mode, SRM automatically shuts down the source virtual machines prior to migration, performs a final data synchronization, and stops if errors occur. In disaster recovery mode, SRM attempts to shut down and synchronize the source virtual machines, but continues with recovery, regardless. In test mode, SRM leaves the source machines running while it brings up another instance of each virtual machine using snapshots at the recovery site in an isolated network. During a test recovery, the source machines continue to be replicated and protected. After a test recovery, you should run clean up to shutdown and remove the target site snapshots.
SRM is tightly integrated with vSphere Replication in vSphere 7.0. To use SRM, you begin by navigating to Home > Site Recovery in the vSphere Client.
Use Cases
• Disaster Recovery
• Data center migrations
Integration
Prior to installing SRM, you should implement a supported replication technology, such as EMC RecoverPoint or vSphere Replication. You need to deploy SRM to both the source and target site. You can install a Windows based version of SRM in a supported Windows server or you can deploy the SRM virtual appliance. In most cases, you should deploy the SRM appliance, which includes an embedded vPostgreSQL database that supports a full-scale SRM environment.
At each site, deploy an SRM server and register it with a vCenter Server. SRM requires a separate vCenter Server at the source and target sites.
SRM uses transport layer security (TLS) and solution user authentication for its secured connections with vCenter Server. It assigns a private key and a certificate to the solution user and registers it with the vCenter Single Sign-On service. When you pair SRM instances across vCenter Servers that do not use Enhanced Linked Mode, Site Recovery Manager creates an additional solution user at the remote site.
Private Public and Hybrid Clouds
This section addresses VMware products for replication and disaster recovery.
VMware Cloud Foundation (VCF)
VMware Cloud Foundation is a hybrid cloud platform built on full-stack hyperconverged infrastructure (HCI) technology. It provides a single, easy to deploy architecture that enables consistent, secure infrastructure and operations across private and public cloud.
VCF provides the following features.
• Automated bring-up of the software stack, including vSphere, vCenter Server, vSAN, NSX-T, and vRealize Suite.
• Simplified provisioning in workload domains built on vSphere, vSAN, and NSX-T
• Enables application focused management leveraging vSphere with Tanzu to support virtual machines and containers in the same platform.
• Automated Lifecycle Management (LCM) provide simplified updates for all components in the stack.
• Multi-instance management allows multiple VCF instances to be managed together.
The following items are the main components in a private cloud powered by VCF 4.0.
• Cloud Builder
• SDDC Manager
• vSphere
• vSAN
• NSX-T Data Center
• vRealize Suite
Cloud Builder is the VCF component that automates the deployment of the entire software-defined stack. SDDC Manager is the VCF component that automates the entire system lifecycle and simplifies day-to-day management and operations.
The standard model for VCF uses separate virtual infrastructure domains for running management and user workloads. VCF also supports a consolidated model, where the management and user workloads run in the same virtual infrastructure domain.
Use Cases
• Private cloud
• Hybrid cloud
• Modern applications
• VDI
Integration
To get started with VCF, you should prepare ESXi hosts for the implementation of the management domain, address network and environment prerequisites, fill in the deployment parameters workbook, deploy the VMware Cloud Builder appliance, and use Cloud Builder to deploy the management domain, including vCenter Server.
VMware HCX
VMware HCX is a workload mobility platform that simplifies application migration, workload rebalancing, and business continuity across on-premise data centers, private clouds, and hybrid clouds. HCX enables you to migrate thousands of virtual machines, change from non-vSphere platforms, upgrade vSphere versions, balance workload between on-premise and cloud, and replicate to protect against disaster.
VMware HCX enables you to schedule and migrate thousands of vSphere virtual machines within and across data centers without requiring a reboot. Its key services including the following.
• Interconnect
• WAN Optimization
• Network Extension
• Bulk Migration
• vMotion Migration
• Disaster Recovery
Depending on the VMware HCX license (Advanced or Enterprise), HCX offers many services described in Table 6-4.
Table 6-4 VMware HCX Services
Use Cases
• Cloud adoption and migration
• Workload rebalancing
• Business continuity
Integration
To integrate HCX with an on-premise vSphere environment, you need to implement HCX components that connect the environment and to another environment, such as a hosted private cloud or hybrid cloud. The following list contains the key components, whose services are described in Table 6-4.
• HCX Connector and HCX Cloud Installation
• HCX-IX Interconnect Appliance
• HCX WAN Optimization Appliance
• HCX Network Extension Virtual Appliance
VMware HCX is used in VMware on AWS, Azure VMware Solution, and other hybrid cloud solutions.
VMware on AWS
VMware Cloud (VMC) on Amazon Web Services (AWS) is an integrated cloud offering jointly developed by AWS and VMware. You can migrate and extend your on-premises VMware vSphere-based environments to the AWS Cloud running on Amazon Elastic Compute Cloud (Amazon EC2). With VMC on AWS you can deploy a software defined data center (SDDC) on demand. You configure the network and security to suit your needs and then begin deploying virtual machines. VMware provides support for VMC on AWS. You can open the VMware Cloud Services console to get support.
VMC on AWS provides your workloads with access to over 175 AWS services, including database, AI/ML, and security. It provides you with simplicity for hybrid cloud operations by enabling you to use the same VCF (vSphere, vSAN, NSX, vCenter Server) technologies across on-premise and the AWS Cloud. It does not require custom, on-premise hardware. It improves availability and accelerates cloud migration by enabling workloads to be directly migrated between on-premise and AWS. To migrate virtual machines from an on-premise vSphere environment to VMC on AWS, you can perform of a live migration via a vMotion or use VMware Hybrid Cloud Extension (HCX).
Azure VMware Solution
Azure VMware Solution combines VMware’s Software Defined Data Center (SDDC) software with Microsoft Azure global cloud service ecosystem to provide you with a hosted private cloud. The Azure VMware Solution is managed to meet performance, availability, security, and compliance requirements. Currently, you cannot use the on-premise vCenter Server to manage the hosted private cloud. Instead, you use the vCenter Server and NSX Manager in the hosted private cloud.
You can setup VMware Hybrid Cloud Extension (HCX) for your Azure VMware Solution private cloud. HCX enables migration of your VMware workloads to the cloud, and other connected site. If you meet standard cross vCenter vMotion requirements, then you can migrate on-premise virtual machines to the hosted private cloud. To configure HCX, you deploy an HCX virtual appliance in your on-premise vSphere environment and connect it to your HCX in your hosted private cloud.
You can use Azure Migrate to migrate on-premise vSphere virtual machines to Azure.
Networking and Security
This section addresses VMware products for networking and security.
AppDefense
VMware AppDefense provides data center endpoint security that protects applications running in a virtualized environment. It learns the good behavior for each of your virtual machines and applications, so it can detect and respond to deviations from that good behavior. It can respond by with actions on the virtual machine, such as block networking, suspend, quarantine, snapshot, power off, or kill a suspicious process in the guest OS.
AppDefense is a SaaS product that works with an on-premise virtual appliance and a vCenter Server plug-in. The on-premise virtual appliance connects to vCenter Server, NSX Manager, and other optional components. You can deploy an AppDefense module to each protected host. Likewise, an AppDefense agent can be deployed to guest operating systems. AppDefense can tie into provisioning systems such as vRealize Automation or Puppet to define appropriate and allowed behaviors.
Use Cases
• Accelerate security operations
• Protect critical workloads
• Assure every workload
• Enhance micro-segmentation effectiveness
Integration
The AppDefense Appliance must be able to connect over the Internet with the AppDefense Manager using TCP Port 443.
To get started, you should subscribe to the AppDefense Service, logon to the AppDefense Manager website, and download the AppDefense Appliance OVA file. Use the vSphere Client to deploy the appliance (Deploy OVF Template) into your management environment. Back in the AppDefense Manager website, choose Provision Appliance and identify the appliance name. The provisioning process generates an UUID, API key, and a URL. Use a web browser to access the AppDefense Appliance GUI and register the appliance with the protected vCenter Server. In the registration wizard, provide the UUID and API key. You should deploy one AppDefense Appliance for each protected vCenter Server.
When you deploy the AppDefense appliance, it registers with vCenter Server and collects inventory. You can then install the AppDefense host and guest modules. To install the host modules, download the vSphere Information Bundle (VIB) from AppDefense Manager and use the esxcli software vib install command.
To deploy the Guest Module to protected virtual machines, you must install VMware Tools, ensure the virtual machine hardware version is 13 or later, and install the AppDefense Host Module to the host running the virtual machine. Use the AppDefense Manager to select the virtual machine and select Enable Guest Integrity. Finally, install the Guest Module in the guest OS. In Windows, use Control Panel > Programs and Features to modify the VMware Tools program and enable AppDefense.
NSX
VMware NSX Data Center (NSX) is a network virtualization and security platform that enables a software-defined approach to networking that extends across data centers, clouds, and application frameworks. NSX enables you to provision and manage networks independently of the underlying hardware, much like you do with virtual machines. You can reproduce complex network in seconds and create multiple networks with diverse requirements.
NSX provides a new operational model for software defined networking and extends it to the virtual cloud network. It provides a complete set of logical networking, security capabilities, and services, such as logical switching, routing, firewalling, load balancing, virtual private network (VPN), quality of service (QoS) and monitoring.
VMware NSX-T Data Center (NSX-T) is now he recommended product for practically all new virtualized networking use cases. Although it was originally developed for non-vSphere environments, it now supports vSphere. Most NSX customers are migrating or starting to consider a migration to NSX-T. The NSX-T platform provides the following components.
• NSX-T Managers
• NSX-T Edge Nodes
• NSX-T Distributed Routes
• NSX-T Service Routers
• NSX-T Segments (logical switches)
It uses a data plane, a control plane, and a management plane.
Use Cases
• Adopt Zero-Trust Security
• Multi-cloud Networking
• Automated Network Deployment
• Network and Security for Cloud Native Applications (containers)
Integration
To prepare for an NSX-T installation, you need to meet the requirements for deploying its components, such as the NSX-T Managers and Edge Nodes. Typically, the three node NSX-T Manager cluster is deployed to a Management vSphere Cluster and the NSX-T Edges are deployed in a shared edge and compute cluster.
After deploying the required virtual appliances from OVF, you login to the NSX-T Manager and add a vCenter Server as a compute manager. When adding the vCenter Server compute manager, you should use the administrator account of the Single Sign-on domain ([email protected] by default) or use a custom account configured with the appropriate privileges. Next, you deploy NSX-T Edges to vSphere clusters managed by the vCenter Server and you create the Transport Zones and Transport Nodes.
With NSX-T you implement NSX-T Virtual Distributed Switches (N-VDS) that are logical switches that are decoupled from the vCenter Server to provide cross platform support. They function much like a vSphere Distributed Switch (vDS), such that they provide uplinks to host physical NIC, multiple teaming policies, VLAN support, and more, but they can reside in a non-vSphere environment.
With vSphere 7.0 and NSX-T 3.0, you can now run NSX-T directly on a vSphere Distributed Switch 7.0. This provides simpler integration in vCenter Server and provides some other benefits. When creating transport zone nodes on ESXi hosts, you can choose between N-VDS and VDS as the host switch type.
Exam Preparation Tasks
As mentioned in the section “How to Use This Book” in the Introduction, you have a couple of choices for exam preparation: the exercises here, Chapter 15, “Final Preparation,” and the exam simulation questions on the companion website.
Review All Key Topics
Review the most important topics in this chapter, noted with the Key Topics icon in the outer margin of the page. Table 6-5 lists a reference of these key topics and the page numbers on which each is found.
Table 6-5 Key Topics for Chapter 6
Complete Tables and Lists from Memory
Print a copy of Appendix B, “Memory Tables” (found on the companion website), or at least the section for this chapter, and complete the tables and lists from memory. Appendix C, “Memory Tables Answer Key,” also on the companion website includes completed tables and lists to check your work.
Define Key Terms
Define the following key terms from this chapter and check your answers in the glossary:
Review Questions
1. You want to build custom workflows to support XaaS. Which product should you use?
a. vRLI
b. vRO
c. vROps
d. App Volumes
2. You need to provide virtual desktops and applications to remote uses and call centers. Which product should you implement?
a. VCF
b. vRealize Suite
c. AppDefense
d. Horizon
3. You want to configure vSphere Replication using the vSphere Client. Which one of the following describes the correct navigation path?
a. Home > vCenter Server > vSphere Replication
b. Home > Site Recovery
c. Home > Host and Clusters > Replications
d. Home > Administration > Replication
4. Which of the following products provides connection, WAN optimization, and bulk migrations.
a. vRealize Suite
b. vSphere Replication
c. SRM
d. HCX
5. You want to provide data center endpoint security to protect applications running in a vSphere environment. Which one of the following products should you use?
a. AppDefense
b. HCX
c. VCF
d. vRealize Operations