October 14

Part 13: My vCloud Journey Journal – There are more questions, than answers…

[Disclaimer: The title of this blogpost is a homage to legendary Johhny Nash of the same title, not a dig at TrainSignal! 🙂 ]

Screen Shot 2012-10-24 at 10.30.09.png

Today I finished working through TrainSignal’s vCloud Director 1.5 presented by David “and with that lets get started” Davis. BTW, that’s one of David’s catchphrases by the way. We all have them – I mean instructors and former-instructors – if you don’t believe just ask my former students! 🙂

The previous training I did on vCD was the “essentials” training that is available for free on VMware’s MyLearn site. My intention is/was to build-up gradually more and more “intensive” content bit by bit. Learning is about series of building blocks, and you better of starting with little (yellow) bricks of information and building up bit by bit rather than jumping in with both feet and hoping to swim rather than sink. So this is part of my preparation for the “main deal” which is attending the instructor-led, official VMware course on vCD in November. Sorry to my fellow delegates but then I will sporting a fully-fledge “movember

So this blog post is about the thoughts the TrainSignal package inspired in me. The inspiration for the title of this blog is something I’ve felt about training for a long time. Lots of people attend training hoping to get answers to all their questions – that’s all good and proper. But I would also say you should leave with as many questions (if not more) than you came in with. If not, its likely the course hasn’t stimulated your synapses enough. So for my money if you not left with list of questions to take back to your business, organization, colleagues then something went awry in your training course – for there are many questions that no instructor could ever answer. After all by its nature training tends to be generic, not consultancy which is specific.

That’s how I felt going through the Training Signal material. Each module create a series of debates/arguments in my head – and that is a very good thing. In fairness the course is pitched as an essentials course, not as a “everything-you-wanted-to-know-but-were-too-afraid-to-ask” course. For me the main deal in the course was lessons 04-10. That’s not to say the other modules don’t have value – its just much of this I covered early using the “essentials” training on MyLearn.

However, Jake Robinson of Blue Lock who presents lesson 2 had a couple of tidbits which I found interesting. Firstly, he mentions a term I’ve not heard before “Shadow IT”. It’s used to describe end-consumers who bypass/circumvent CorpIT by engaging the services of a public cloud provider such as Amazon. There’s a bit of cautionary tale in the dangers of using the wild-wild-west of public cloud (Amazon Cloud Service Goes Down and Takes Popular Sites With It)  by him citing experience of Consona who tried using Amazon for a while but had to move to VMware backed service provider – because of tussles over support and availability. Turns out this tale happens to be a VMware case-study… I’m not trying to bad mouth Amazon here which I think gets a unfair bad-press, and not enough recognition for its uptimes. As ever in our industry what gets press is the not the 99.999% uptimes, but the 00.001% time that something is down or doesn’t work. Not that I think Amazon actually offers anything like that as an QoS/SLA as others have rightly indicated in fact its a lot lower than that – and that’s important for customers who think they maybe in line for compensation for breach of the SLA.

It might come as surprise to you (given my new position) that I wasn’t aware of all the vCloud offerings available via VMware’s service provider community. Well, I guess I knew the basics. But this field hasn’t been a focus for me for a while so I’m still learning. I think the stuff in the course might be a little bit dated in this area (recorded April, 2011) – but its generally right. Along side the new VMware vCloud Service Evaluation Beta there is:

vCloud Datacenter Service:
vCloud Datacenter is a globally consistent cloud service built on VMware cloud infrastructure offered through certified VMware Service Providers. vCloud Datacenter delivers guaranteed performance and uptime and audit-able security and compliance.

vCloud Powered Service:
VMware vCloud Powered services are a broad array of on-demand, secure, VMware-compatible infrastructure clouds delivered by VMware service providers for any business need.

Anyway, the name-checking of this by David inspired me to take a walk over and have look. It looks like I will be doing something with the evaluation service soon, and I also want to get the vCloud Connector folks on the VMwareWag sometime, ideally just as the new version ships – and get that setup in the lab. I’ve got two providers in the UK who I get on well with so I’m hoping they will assist me in getting setup, and also with some sort of longer-term NFR for demos and documentation purposes.
More Questions than answers; Some other thoughts:
Anyway, looking back over my notes I began to see some seeds of new ideas/thinking about vCD. I still don’t really know where I am going with these ideas or questions or insights. I’m hoping as I get more into the official courseware things will become clearer, and with the benefit of ILT I will be able to ask questions and get answers quickly…
MTUs. Changing the MTU for vCDNI or VXLAN networking is pretty important to stop fragmentation. I noticed it needs to be set correctly in 3 areas – the physical switch (of course), the vSwitch and within vCD. That made me think how important the new health check feature in vSphere5.1 is going to be for folks deploying vCD.
Allocating resources to an Organization” – That’s a piece of text that appears in the “Getting started pages” is actually where you begin to create Organization vDCs. Previously my thinking has been very much focused on the Provider vDC, but increasingly I’m thinking where the real “action” exists is in the Organization vDC because that is where you fundamentally control HOW those physical resources are used – where you find the resource allocation policies (pay-as-you-go and so on).
Allocation Models – There’s a couple of ways of allocating resources to the Organization vDC such as “Pay-as-you-go”, “Reservation” and “Allocation”. I’ve been thinking of the way these allocations work and what scenarios and usage cases they would be used (I’m big on scenarios/usage case). It’s strikes me that a “Test/Dev” Organization vDC would use a PAYG model with very stringent lease/duration/limits policies. As by their nature test/dev environments are more volatile and the requirements are often temporary. I know of a customer who spins out new VMs in their test lab, and then destroys them at least every 5mins. In a Test/Dev lab were generally not to bothered about guaranteeing a high QoS or meeting SLAs. Unless its some sort of staging area used to stress test for performance purposes the application – or to see how it performs with a script to generate user load. You could make a counter argument that a business highly dependent on it development team (say they are rolling out as many as 10-15 applications or new versions of applications a week) would need something a lot more robust from a performance perspective. In that use case the rapidity of how quickly new vApps could be spun up and destroy directly feeds into the development teams productive. But anyway, I digress – in the main when I was an instructor I would focus on the 9/10 time you find this feature used this way approach, rather than getting hung up on all the exceptions to the general rule.
That quite naturally leads us to assume that either “reservation” or “allocation” model is best suited to a Production environment where QoS/SLA are often imposed. But I’m not sure yet which of these two models I prefer…
Finally, I’m one thing I released is how these settings introduce yet another condition in the “admission control” logic. We used to seeing that in vSphere say with the “Expandable Reservation” option, or the “Insufficient resources” message on a HA cluster. As an instructor I used to play a game with my students. I’d tell my students I had VM wouldn’t power on because of admission control. Then I get them to list the stuff they could do to get the VM to power on. It was my of testing if they understood the concept, but also if having understood the concept – they could troubleshoot a problem. It occurred to me if I was still a VCI now, I’d be adding “review settings in vCD”… With that said – as I far as I can tell a great many of the “allocation models” to the resource pool in DRS – although there are some unique ones to vCD like quotas for instance…. My other concern is keeping all this simple. I believe in not using TOO many performance controls because If you use too many levers simultaneously its hard to see which is the effective one….
LDAP/AD. Keeping in line with my scenario which I outlined in Part 7: My vCloud Journey Journal – The Organization –  This is an issue that has been troubling me for some days. As you might recall I have fictitious company called “CORP.COM” which is a holding company for 3 other business. There will be 4 Orgs (CorpHQ, Business1/2/3).
What to do? There’s really two choices…
a.) One domain for Corp.com for all the three subsidiaries – and just use OUs to separate their users/groups?
OR
b.) Separate LDAP/AD domains for each business within Corp.com because they each have distinct business names/identities and are managed separately…
  • iStock Public Trading Platform (istoxs.com)
  • Quark AlgoTrading (quarkalgotrading.com)
  • Corp Offshore Investments Group (COIG)
My gut instinct is the right thing to do is the former, and then if necessary create trusts to the corp.com domain. What I really love to do is automate the creation of new Organization, and its own Organization vDC replete with a LDAP service as the first VM in the Organization. That way if Corp.com took over a new company it would be an automated process to setup a Organization vDC together with their own DNS/LDAP namespace. A bit like the way a vCloud Service Provider needs to automate the on-boarding of a new tenant/customer.
I guess I’m running ahead of myself here. My only concern is that each domain I setup I consume more of my precious lab resources in running infrastructure VMs (aka Microsoft Active Directory). The concern is where should these domain controller reside – inside the Org seems right, but is it. Should tenant in my scenario have/need their own AD instance? The other thing I have to consider is I like scenarios that force me to use the full capabilities of a product – so perhaps the answer is both. One org like COIG could be just part of the Corp.com domain with an OU where as iStoxs and QuarkAlgoTrading could be in their own domain. That would fit with the idea that these were separate entities bought by Corp.com – whereas COIG is very small, lean and evolved naturally out of corp.com trading history…
And Finally…
Last night whilst lying awake in bed I got to thinking about how I’ve setup my lab environment. (Yes, I know I’m wierd. Sometime I can’t sleep for think about virtualization, cloud, SDDC and my lab environment). And I’m thinking that the way I’ve setup for Network & Storage is unrealistic, and doesn’t map to how customers ACTUALLY setup their clusters. But anyway, that’s tommorows blogpost – until then tat-ta for now…

 



Copyright 2018. All rights reserved.

Posted October 14, 2012 by Michelle Laverick in category "Cloud Journal