The VMware Cloud Foundation on VxRail solution is integrated end-to-end to fully enable a software-defined cloud platform that is designed for the rapid deployment of physical resources into managed consumption pools, and for the provisioning of these resource pools on-demand to meet flexible and resilient workload requirements.
VxRail provides the physical resource foundation for the cloud delivery platform. VxRail is a set of specially engineered and manufactured compute nodes that when logically bound together after initial configuration, represent a single managed cluster for virtual workloads.
VxRail integrates software products from VMware with custom software engineered from Dell Technologies so that the physical compute, memory, network, and storage resources are placed under a virtualization layer to be managed and controlled as an adaptable pool of resources. The physical disk devices on each VxRail node are encapsulated under the virtualization layer to create a single consumable data store for the virtual workloads. In addition, a virtual switch is created during initial configuration and distributed across the entire VxRail cluster. The Ethernet ports on each node are placed under the virtualization layer to enable connectivity between virtual machines on the VxRail cluster, and to enable connectivity to end-users.
When integrated with VMware Cloud Foundation, the VxRail cluster is positioned as an individual building block to supply compute resources for consumption in Cloud Foundation virtual workloads. Cloud Foundation allows users to dynamically allocate and assign VxRail clusters into individual consumption pools, known as Virtual Infrastructure (VI) workload domains. A VI workload domain represents the logical boundary of consumable resources, and all functionality within these boundaries is managed through a single vCenter instance. Under this model, VI workload domains can be planned and deployed to support the distinct requirements of individual organizations or a set of applications.
The resources of individual VI workload domains can be expanded through the addition of individual nodes into a VxRail cluster. Resources can also be expanded by adding an entire new VxRail cluster into a VI workload domain. The physical resources are automatically added to the VI workload domain pool upon completion of this event.
With the layering of the VMware Cloud Foundation software stack on VxRail virtual switches, enterprise networking features such as routing, VPN, and security from NSX are embedded and enabled into each VI workload domain.
The networking resources for each VI workload domain are logically segmented, so that the distinct requirements for a set of applications can be individually managed. Virtual machines deployed in a Cloud Foundation VI workload domain connect to port groups on a virtual switch in their Cloud Foundation VI workload domain. Each port group on a virtual switch is assigned a VLAN to logically isolate the network traffic. In a vSphere environment without NSX, the physical network infrastructure would manage the routing between applications on the virtual machines. With NSX, Cloud Foundation on VxRail leverages NSX to enable support for routing in the virtual networks on the VI workload domains to complement the physical network routing capabilities. This means networking efficiencies can be realized:
To support connectivity to applications and end-users outside of the virtual network, the NSX virtual routing services form a peer relationship with existing upstream physical routers in the data center to share routing information, and form a seamless connection between the physical and logical networks.
NSX forms the peering relationship with virtual machines known as an ‘edge gateway’. The edge gateway devices are at the NSX ‘Tier 0’ layer, and form the line of delineation between the physical and virtual networks. At the ‘Tier 1’ layer below the edge gateways, virtual routers or gateways, are positioned in the NSX network. The gateways at ‘Tier 0’ and ‘Tier 1‘ form a peering relationship, using BGP to share routing tables. The gateways at ‘Tier 1’ serve as the ingress and egress point with the external physical network.
The virtual routers at ‘Tier 1’ enable routing within the Cloud Foundation virtual network. Virtual machines deployed in an individual Cloud Foundation VI workload domain connect to port groups on a virtual switch in their Cloud Foundation VI workload domain for network connectivity. Each port group on a virtual switch is assigned a VLAN to logically isolate that network traffic. To enable network connectivity outside of the virtual distributed switch, Cloud Foundation on VxRail through NSX supports connecting these virtual switches onto an extended logical network, known as a segment. This extended logical network enables the non-routable network traffic to travel over a routable network.
The VxRail nodes providing physical network resources to the Cloud Foundation workload domains are configured to support ‘overlay’ networks for NSX to use as a tunnel for this traffic. Individual NICs on the VxRail nodes are configured as end points on the tunnels. These end points on the tunnels enable virtual machine network traffic to flow through the logical switch to reach a virtual machine connected to a logical switch at another end point. Routing decisions can then be made within the virtual network by the NSX gateways at the ‘Tier 1’ level, which can direct the traffic to the proper end point, or pass the traffic upstream to the ‘Tier 0’ edge gateways for external network access.