Containing The Future With Dell EMC VxRail
Thu, 04 Nov 2021 15:14:26 -0000|
Read Time: 0 minutes
Containing The Future With Dell EMC VxRail: Modern HCI Infrastructure for Running Container Orchestration Platforms
The world of containers is here, and it is driving business forward. Developers and infrastructure operators are designing, deploying, and integrating next-generation cloud native applications using a combination of containers and virtual machines (VMs), and taking advantage of the benefits that each delivers.
This evolution empowers customers to use their existing virtualization knowledge and extend it to containerized applications. Rather than develop siloed infrastructures that cater to individual workload types during this transition, many organizations are looking for a unified infrastructure platform that supports running both VMs and containers. This is where VxRail comes in.
The VxRail infrastructure is designed to run both VMs and containers. Regardless of the container orchestration platform, VxRail provides a scalable and life cycle-managed environment for consistently running containers across single or multicluster solutions. The simplicity of running container orchestration platforms on VxRail frees up organizations to focus on the business value and benefits that the solution delivers.
In recent years, a steady stream of performing validations and creating reference architectures for running containers on VxRail highlights the following:
- More customers are running container frameworks alongside—or even within—their virtualization frameworks, making for a smoother shift into the adoption of containers.
- Organizations are seeing VxRail as an ideal foundational infrastructure platform for quickly adopting containers and supporting their container orchestration runtime ecosystems of choice.
VxRail Hyperconverged Infrastructure (HCI) capabilities
VxRail Hyperconverged Infrastructure (HCI)-integrated systems help accelerate data center modernization, deploy hybrid clouds, and implement developer-ready application platforms based on Kubernetes (K8s). These tasks are possible as VxRail supports running the most demanding workloads and applications, whether VM-based or containerized while simplifying operations for IT infrastructure teams.
VxRail is the only fully integrated, preconfigured, and tested HCI system optimized for VMware. It delivers a seamless, automated operational experience with 100 percent native integration between VxRail Manager and vCenter. Intelligent life cycle management automates non-disruptive upgrades, updates, and node addition or retirement while keeping the VxRail infrastructure in a continuously validated state to ensure that workloads are always available.
These features make VxRail ideal for running container orchestration platforms, specifically those platforms that require vSphere for operation. As a result, VxRail provides customers with the flexibility to choose container orchestration platforms that are right for them. It enables them to run the container orchestration platform on a common HCI infrastructure platform that may be used with other traditional workloads.
Validating VxRail across container platform options
Dell Technologies helps customers accelerate their multicloud adoption and ensure that they have choices to select the best container orchestration platform. This flexibility has been confirmed through the development of a series of validation or reference architectures across several of the most widely adopted container orchestration platform distributions.
With VxRail, these containerized solutions deliver the same benefits on-premises or in the cloud. The following figure highlights some of these distribution options where validation work has been performed.
Let’s look at specific examples of running VxRail with some of today’s most commonly adopted orchestration platforms.
VMware Cloud Foundation with Tanzu on VxRail
VMware Tanzu enables businesses to build, run, and manage modern applications on any cloud and continuously deliver value to their customers. With VMware Tanzu, organizations can simplify multicloud operations and free up developers to move faster with easy access to the right resources. It also enables development and operations teams to work together to deliver transformative business results.
These capabilities start with the Tanzu Kubernetes Grid (TKG) runtime. With TKG, VMware uses the leading open-source technologies in the Kubernetes ecosystem to build a full Kubernetes runtime platform capable of running mission-critical customer applications.
TKG has the following open-source technologies, which VMware supports, built into its runtime platform for easy enterprise adoption:
- Cluster API for cluster life cycle management
- Harbor for container registry
- Contour for ingress
- Fluentbit for logging
- Grafana and Prometheus for monitoring
- Antrea and Calico for container networking
- Velero for backup and recovery
- Sonobuoy for conformance testing
With VMware Tanzu, businesses also have the flexibility for implementing the TKG runtime. They can do any of the following:
- Run TKG on any infrastructure, including vSphere, VMware Cloud on AWS, or native public clouds like AWS
- Run TKG in vSphere by using the TKG Service, which is bundled as a part of vSphere 7 with Tanzu and VMware Cloud Foundation (VCF) with Tanzu
- Run TKG as a service with Tanzu Mission Control (TMC)
Having touched on these TKG runtime implementation options, let’s look at the method used in our validated reference architecture: validating VMware Cloud Foundation with Tanzu on VxRail using the TKG Service. Why did we choose this method out of the three available methods? Because it delivers the type of easy deployment and operation that customers are looking for! VMware Cloud Foundation on VxRail delivers a simple and direct path to the hybrid cloud and Kubernetes at cloud-scale with one complete, automated platform.
The Reference Architecture document provides general design and deployment guidelines for running modern applications such as Confluent Kafka and Elasticsearch on VMware Cloud Foundation with Tanzu on VxRail. Find the Running Modern Applications with VMware Cloud Foundation with Tanzu on Dell EMC VxRail document here.
Amazon EKS Anywhere on VxRail
Amazon EKS Anywhere is a deployment option that enables customers to create and operate Kubernetes clusters on-premises using VMware vSphere, while allowing for connectivity and portability to AWS public cloud environments. It also provides operational consistency and tooling with AWS EKS.
Dell Technologies and Amazon recently validated Dell EMC VxRail running Amazon EKS Anywhere, in addition to the use of Dell EMC VxRail dynamic node clusters and Dell EMC PowerStore to provide the back-end storage for Amazon EKS Anywhere. (Dynamic nodes are not limited to this solution as they are features of VxRail and not specific to Amazon EKS Anywhere.)
VxRail is a strong platform choice for EKS Anywhere, which requires vSphere for production environments. EKS Anywhere running on VxRail delivers a seamless, automated operational experience for VxRail infrastructure across cloud-native and traditional workloads.
VxRail intelligent life cycle management automates non-disruptive upgrades and updates to keep its infrastructure in a continuously validated state, ensuring running workloads and optimized clusters. This automation greatly reduces risk so that customers can stay current with the multiple releases of Kubernetes and the EKS platform, which are updated using EKS Anywhere. VxRail and EKS Anywhere make it easy to standardize both IT and developer operations on-premises and in the Amazon public cloud.
EKS Anywhere is built on open-source software, using VMware vSphere to create and operate Kubernetes on-premises with automated deployment, scaling, and management of containerized applications. EKS Anywhere provides an installable software package for creating and operating on-premises Kubernetes clusters based on Amazon EKS Distro—the same Kubernetes distribution used by Amazon EKS for clusters on AWS.
By simplifying the creation and operation of on-premises Kubernetes clusters and automating cluster management, EKS Anywhere can reduce support costs and avoid the maintenance of redundant open-source and third-party tools. Using the EKS console also means viewing all Kubernetes clusters (including EKS Anywhere clusters) running through the EKS Connector (public preview).
Red Hat OpenShift with VMware Cloud Foundation on VxRail
Red Hat OpenShift ships with Red Hat Enterprise Linux CoreOS for the Kubernetes control plane nodes. It supports both Red Hat Enterprise Linux CoreOS and Red Hat Enterprise Linux for worker nodes.
OpenShift supports the Open Container Initiative (OCI), an open governance structure for container formats and runtimes, including hundreds of fixes for defects, security, and performance issues for
upstream Kubernetes in each release. It is tested with dozens of technologies as a tightly integrated platform supported over a nine-year life cycle. OpenShift includes software-defined networking, validates additional common networking solutions, and validates numerous storage and third-party plug-ins for its releases.
VMware Cloud Foundation on VxRail delivers flexible, consistent, secure infrastructure and operations across private and public clouds. It is well suited to meet the demands of modern applications running on Red Hat OpenShift Container Platform in a virtualized environment and makes it easy to manage the life cycle of the hybrid cloud environment. A unified management plane is also available for all applications, including OpenShift.
VMware Cloud Foundation uses leading virtualization technologies, including vSphere, NSX-T, and vSAN. VxRail Manager and VMware Cloud Foundation Manager provide the life cycle management, and vSAN provides reliable, high-performance, and flexible storage to OpenShift. NSX-T provides the secure, high-performance virtual networking infrastructure to OpenShift, and vSphere DRS and vSphere HA deliver efficient resource usage and high availability. All of these technologies combined to create a consolidated solution of running OpenShift Container Platform with VMware Cloud Foundation on VxRail.
The Running Red Hat OpenShift Container Platform on VMware Cloud Foundation Reference Architecture document, which demonstrates the architecture of running OpenShift Container Platform with VMware Cloud Foundation on VxRail, can be found here. This document shows the configuration details, hardware resources, and software resources used in the solution validation, along with various configuration options and best practices.
Dell Technologies and VMware continue to see containers as a high-value technology foundation for the future of enterprise solutions. While this blog post is heavily focused on containerization, keep in mind the significant and lasting role that virtualization continues to have in modern data centers. The importance of virtualization is especially true as not every workload is suited for containerization, meaning that containers complement virtualization while setting the foundation for building on the flexibility of containerized systems and platforms on VxRail.
- VxRail Info Hub, which includes multiple white papers about applications running with Tanzu on VCF with VxRail
- Running Amazon Elastic Kubernetes Service Anywhere on Dell EMC VxRail – Solutions Brief
- Running Red Hat OpenShift Container Platform on VMware Cloud Foundation – Reference Architecture document
Vic Dery, Senior Principal Technical Marketing Engineer
Related Blog Posts
Microsoft SQL Server Big Data Clusters on Tanzu Kubernetes Grid on Dell EMC VxRail
Thu, 19 Aug 2021 15:25:12 -0000|
Read Time: 0 minutes
A recently created reference architecture, running Microsoft SQL Server Big Data Clusters (BDC) on Tanzu Kubernetes Grid (TKG) on Dell EMC VxRail, demonstrates a fast and simple way to get started with big data workloads running on Kubernetes. It also shows how the containerized workloads ran using VxRail.
SQL BDC on TKG on VxRail enables simplified servicing for cloud native workloads, and is designed to scale with business needs. Administrators can implement the policies for namespaces and manage access and quota allocation for application-focused management. All of this helps build a developer ready infrastructure with enterprise-grade Kubernetes with advanced governance, reliability, and security.
This reference architecture also validated SQL BDC with Spark SQL TPC-DS benchmark optimized parameters. The test results showed that Tanzu Kubernetes Grid on VxRail provides linear scalability (for complex TPC-DS-like decision support workloads that use different query types) with predictable query response time and high throughput.
In the business value section for using SQL BDC and TKG on VxRail, based on the five measurements below. It's covered in more detail within the reference architecture.
- Simplified installation of Kubernetes
- Automated multi-cluster operations
- Integrated platform services
- Open source alignment
- Production Ready
Cross-functional teams from Dell EMC VxRail, VMware, and Microsoft have reviewed the reference architecture for content and supportability. This can provide comfort for those wanting to run on Tanzu. Some notes from Microsoft Release notes from Cumulative Update 12 (CU12) of BDC):
SQL Server Big Data Clusters is supported as a workload. Microsoft provides support for the software components on the containers installed and configured by SQL Server Big Data Clusters only. Kubernetes itself, and other containers that may influence SQL Server Big Data Clusters behavior, are not supported by the (Microsoft) support team. For Kubernetes support please contact your certified Kubernetes distribution provider.
Note: This reference architecture provides general design and deployment guidelines of running Microsoft SQL Server Big Data Clusters on VMware Tanzu™ Kubernetes Grid™ on Dell EMC VxRail. The reference architecture also applies to any compatible hardware platforms running VMware Tanzu Kubernetes Grid on vSAN™.
To wrap up, VxRail provides SQL BDC on Tanzu as a scalable and secure platform to deliver key business outcomes. This reference architecture highlights one of the first known support solutions built on Tanzu Kubernetes Grid to manage Kubernetes. The paper covers the spectrum on the build, testing, and expected performance on VxRail.
- Running Microsoft SQL Server Big Data Clusters on VMware Tanzu Kubernetes Grid
- SQL Server Big Data Clusters platform release notes - SQL Server Big Data Clusters | Microsoft Docs It's reformulated release notes, now simpler and focused on tested configurations and documenting known issues.
- SQL Server Big Data Clusters CU12 release notes - SQL Server Big Data Clusters | Microsoft Docs For every release starting with CU12, we will provide a dedicated article containing many details about what's new, fixes, and most importantly, an extensive list of what's under the hood.
- SQL Server Big Data Clusters cumulative updates history - SQL Server Big Data Clusters | Microsoft Docs In this article, we will keep track of all previous update details.
Author: Vic Dery – Linkedin
HCI Security Simplified: Protecting Dell VxRail with VMware NSX Security
Fri, 08 Apr 2022 17:22:10 -0000|
Read Time: 0 minutes
Cybersecurity and protection against ransomware attacks are among the top priorities for most customers who have successfully implemented or are going through a digital transformation. According to the ESG’s 2022 Technology Spending Intentions Survey:
- 69 percent of respondents shared that their spending on cybersecurity will increase in 2022 (#1).
- 48 percent of respondents believe their IT organizations have a problematic shortage of existing skills in this area (#1).
- 38 percent of respondents believe that strengthening cybersecurity will drive the majority of technology spending in their organization in the next 12 months (#1).
The data clearly shows that this area is one of the top concerns for our customers today. They need solutions that significantly simplify increasing cybersecurity activities due to a perceived skills shortage.
It is worth reiterating the critical role that networking plays within Hyperconverged Infrastructure (HCI). In contrast to legacy three-tier architectures, which typically have a dedicated storage network and storage, HCI architecture is more integrated and simplified. Its design lets you share the same network infrastructure for workload-related traffic and intercluster communication with the software-defined storage. The accessibility of the running workloads (from the external network) depends on the reliability of this network infrastructure, and on setting it up properly. The proper setup also impacts the performance and availability of the storage and, as a result, the whole HCI system. To prevent human error, it is best to employ automated solutions to enforce configuration best practices.
VxRail as an HCI system supports VMware NSX, which provides tremendous value for increasing cybersecurity in the data center, with features like microsegmentation and AI-based behavioral analysis and prevention of threats. Although NSX is fully validated with VxRail as a part of VMware Cloud Foundation (VCF) on VxRail platform, setting it outside of VCF requires strong networking skills. The comprehensive capabilities of this network virtualization platform might be overwhelming for VMware vSphere administrators who are not networking experts. What if you only want to consume the security features? This scenario might present a common challenge, especially for customers who are deploying small VxRail environments with few nodes and do not require full VCF on the VxRail stack.
The great news is that VMware recognized these customer challenges and now offers a simplified method to deploy NSX for security use cases. This method fits the improved operational experience our customers are used to with VxRail. This experience is possible with a new VMware vCenter Plug-in for NSX, which we introduce in this blog.
NSX and security
NSX is a comprehensive virtualization platform that provides advanced networking and security capabilities that are entirely decoupled from the physical infrastructure. Implementing networking and security in software, distributed across the hosts responsible for running virtual workloads, provides significant benefits:
- Flexibility—Total flexibility for positioning workloads in the data center enables optimal use of compute resources (a key aspect of virtualization).
- Optimal consumption of CPU resources —Advanced NSX features only consume CPU from the hosts when they are used. This consumption leads to lower cost and simplified provisioning when compared to running the features on dedicated appliances.
- High performance—NSX features are performed in VMware ESXi kernel space, a unique capability on vSphere.
The networking benefits are evident for large deployments, with NSX running in almost all Fortune 100 companies and many medium scale businesses. In today’s world of widespread viruses, ransomware, and even cyber warfare, the security aspect of NSX built on top of the NSX distributed firewall (DFW) is relevant to vSphere customers, regardless of their size.
The NSX DFW is a software firewall instantiated on the vNICs of the virtual machines in the data center. Thanks to its inline position, it provides maximum filtering granularity because it can inspect the traffic coming in and going out of every virtual machine without requiring redirection of the traffic to a security appliance, as shown in the following figure. It also moves along with the virtual machine during vMotion and maintains its state.
Figure 1: Traditional firewall appliance compared to the NSX DFW
The NSX DFW state-of-the-art capabilities are configured centrally from the NSX Manager and allow implementing security policies independently of the network infrastructure. This method makes it easy to implement microsegmentation and compliance requirements without dedicating racks, servers, or subnets to a specific type of workload. With the NSX DFW, security teams can deploy advanced threat prevention capabilities such as distributed IDS/IPS, network sandboxing, and network traffic analysis/network detection and response (NTA/NDR) to protect against known and zero-day threats.
A dedicated solution for security
Many NSX customers who are satisfied with the networking capability of vSphere run their production environment on a VDS with VLAN-backed dvportgroups. They deploy NSX for its security features only, and do not need its advanced networking components. Until now, those customers had to migrate their virtual machines to NSX-backed dvportgroups to benefit from the NSX DFW. This migration is easy but managing networking from NSX modifies the workflow of all the teams, including those teams that are not concerned by security:
Figure 2: Traditional NSX deployment
Starting with NSX 3.2, you can run NSX security on a regular VDS, without introducing the networking components of NSX. The security team receives all the benefits of NSX DFW, and there is no impact to any other team:
Figure 3: NSX Security with vCenter Plugin
Even better, NSX can now integrate further with vCenter, thanks to a plug-in that allows you to configure NSX from the vCenter UI. This method means that NSX can be consumed as a simple security add-on for a traditional vSphere deployment.
How to deploy and configure NSX Security
First, we need to ensure that our VxRail environment meets the following requirements:
- vCenter Server 7.0 U3c (included with VxRail 7.0.320)
- VDS 6.7 or later
- The OVA for NSX-T with the vCenter Plugin version 3.2 or later and an appropriate NSX license
Deploy the NSX Manager and the NSX DFW on ESXi hosts
Running NSX in a vSphere environment consists of deploying a single NSX Manager virtual machine protected by vSphere HA. A shortcut in vCenter enables this step:
Figure 4: Deploy the NSX Manager appliance virtual machine from the NSX tab in vCenter
When the NSX Manager is up and running, it sets up a one-to-one association with vCenter and uploads the plug-in that presents the NSX UI in vCenter, as if NSX security is part of vCenter. The vCenter administrator becomes an effective NSX security administrator.
The next step, performed directly from the vCenter UI, is to enter the NSX license and select the cluster on which to install the NSX DFW binaries:
Figure 5: Select the clusters that will receive the NSX DFW binaries
After the DFW binaries are installed on the ESXi hosts, the NSX security is deployed and operational. You can exit the security configuration wizard (and configure directly from the NSX view in the vCenter UI) or let the wizard run.
Run the security configuration wizard
After installing the NSX binaries on the ESXi hosts, the plug-in runs a wizard that guides you through the configuration of basic security rules according to VMware best practices. The wizard gives the vSphere administrator simple guidance for implementing a baseline configuration that the security team can build on later. There are three different steps in this guided workflow.
First step—Segment the data center in groups
Perform the following steps, as shown in the following figure:
- Create an infrastructure group, identifying the services that the workloads in the data center will access. These services typically include DNS, NTP, DHCP servers, and so on.
- Segment the data center coarsely in environments, such as groups like Development, Production, and DMZ.
- Segment the data center finely by identifying applications running across the different environments.
Figure 6: Example of group creation
Second step—Define communication between different groups
Perform the following steps, as shown in the following figure:
- Define which groups can access the infrastructure services
- Define how the different environments communicate with each other
- Define how applications communicate with each other
Figure 7: Define the communication between environments using a graphcial represenation
Third step—Review the configuration and publish it to the NSX DFW
After reviewing the configuration, publish the configuration to NSX:
Figure 8: Review DFW rules before exiting the wizard
The full NSX UI is now available in vCenter. Select the NSX tab to access the NSX UI directly.
The new VMware vCenter Plug-in for NSX drastically simplifies the deployment and adoption of NSX with VxRail for security use cases. In the past, advanced knowledge of the network virtualization platform was required. A vSphere adminstrator can now deploy it easily, using an intuitive configuration wizard available directly from vCenter.
The VMware vCenter Plug-in for NSX provides the kind of simplified and optimized experience that VxRail customers are used to when managing their HCI environment. It also addresses the challenge that customers face today, improving security even with a perceived shortage of skills in this area. Also, it can be configured easily and quickly, making the robust NSX security features more available for smaller HCI deployments.
VMworld 2021 Session: NET1483 - Deploy and Manage NSX-T via vCenter: A Single Console to Drive VMware SDDC
Francois Tallet, Technical Product Manager, VMware
Karol Boguniewicz, Senior Principal Engineering Technologist, Dell Technologies