运营商行业solution vmware integraed openstack解决方案v0

1、VMware Integrated Openstack解决方案刘承罡Continued enhancements based on user demandInvestment Protection: VMware Integrated Openstack for Telco2Production ServicesvCloud Director APIOpenStack MaturationProofs of Concept, Test DeploymentsCommercial ScaleTelco GradeLive Trial ServicesOpen Container APIvClou

2、d NFV PlatformvRealizeTM OperationsVirtual SANNSXTMvSphereCloud Foundry APIvCloud APIVIO APIContainersvRealize Orchestrator 优势与主要用途3PlatformPlug-InsEcosystem 优点快速集成VMware 解决方案到现有IT环境和流程中减少VMware 解决方案与第三方解决方案与系统的交互成本自动化云计算加速实现IT as a Service (ITaaS)主要用途为自动化： 云计算管理任务突发事件处理普通定时IT管理任务Workflow开发重用已有的内容Wo

3、rkflowsActions Resource 元素预制 “scriptable” 任务超过500 个可重用的actions和workflows 更多第三方组件plug-ins4客户端vRealize Orchestrator 客户端 用于开发 workflows 的主要工具5版本更新CONFIDENTIAL6V0.1 根据VIO Deep Dive v11和VMworld 2014 VIO的资料整理完成 by 刘承罡V0.2 汉化部分内容，条理化一些章节，增加deep dive 301的部分内容V0.3 根据blog内容更新一些VIO 2.0的重点featureAgenda1什么是VMwar

4、e Integrated Openstack(VIO)2VMware 的VIO技术架构3VMware VIO+NSX+vSphere物理部署4VMware VIO使用场景CONFIDENTIAL7OpenStack2014年度最受欢迎的开源项目最受欢迎的开源云项目最受欢迎的开源IaaS项目CONFIDENTIAL8OpenStack：提升应用开发与维护效率9适用于OpenStack的负载 主要是新应用，或者从公有云迁回到私有云的应用。常见应用举例：水平扩展的SaaS/Web应用，移动应用后端开发与测试的一体化平台科研、批处理任务：数据分析，编码和模拟等。OpenStack是一个可以帮助企业快速

5、开发和维护新应用的框架，同时也是运行在虚拟基础架构上的一组工具。应用开发与运维团队备置代码更新扩展或缩减脚本或代码API callsOpenStack IaaS Cloud应用管理工具or虚拟计算、网络与存储?CONFIDENTIALHypervisor网络虚拟化存储管理基础架构服务API + 驱动基础架构消费工具虚拟化技术10云的运维与管理硬件资源云管理应用管理, 财务报告云运维监视，诊断私有云环境下的OpenStackOpenStack需补充 底层的软硬件基础架构产品云运维与管理产品私有云Web门户计算服务网络服务存储服务OpenStack APIs/ SDKs命令行工具OpenStack

6、框架OpenStack可提供开发者友好的云服务API厂商中立的基础架构服务CONFIDENTIALVMware是OpenStack的主要贡献者Source: Stackalytics for “integrated (i.e., core) OpenStack projects in OpenStack Icehouse ( ) 贡献内容涵盖所有7个核心项目: Nova, Neutron, Cinder, Glance, Keystone, Horizon, Ceilometer在最新的OpenStack Icehouse发行版中贡献量位列第四21 专职开发员414 内容提交66,488 代码

7、数量3,770 更新审阅CONFIDENTIALOpenStack面对的主要挑战(1)-复杂度高12复杂度构建云监控故障分析容量扩展或缩减升级或打补丁简化CONFIDENTIALOpenStack面对的主要挑战(2)-功能有待完善可扩展性?”降低总体拥有成本”可用性与可靠性?”“应该选择什么样的技术.” 有效的运维与升级?”. 基础架构与应用的服务质量?” 故障分析与技术支持?”高级特性?安全性?”CONFIDENTIAL?Web PortalCLI ToolsCompute APINetwork APIStorage APIImage APIOpenStack API SDKs?NSXESX

8、 & vCentervCenter Datastores3rd-party / Virtual SANIaaS API服务与驱动开发者工具虚拟化技术OpenStack Framework 应用开发团队应用管理与自动化硬件技术云基础架构团队基础架构运维与管理vCOPs, Log Insight, ITBMvCAC14VMware云解决方案是OpenStack的有力补充App DirectorCONFIDENTIALVMware Integrated OpenStack成熟完善的云架构现存的虚拟化环境VMware Integrated OpenStack支持OpenStack的云管理CONFIDE

9、NTIALVMware开发的OpenStack发行版以OVA的形式发布的虚拟设备内部集成了用于安装和管理OpenStack的工具松散集成产品OpenStack APIsOpenStack用户的新选择CONFIDENTIAL开源代码、产品包或OpenStack发行版VMware组件厂商中立的开发者API紧密集成产品OpenStack APIsVMware Integrated OpenStack (VIO)Agenda1什么是VMware Integrated Openstack(VIO)2VMware 的VIO技术架构3VMware VIO+NSX+vSphere物理部署4VMware VIO

10、使用场景CONFIDENTIAL17VMware Integrated OpenStack整体架构和演进思路 Horizon(web portal)CLI Tools / SDKsvCAC / ITBMCost visibility, governance, etc. vCenter Nova(compute)Neutron(network)Cinder(block storage)Glance(images)vCenter Datastores3rd-party / Virtual SANHeat, Trove, Ceilometer, etc.(Additional higher laye

11、r services in future releases)Keystone(identity)Local DB & LDAPSSOLog Insight Log collection, O/S Content packNSXvCOPsOpenStack mgmt packs基于“OpenStack Icehouse”发行版VMware提供Openstack开源软件打包、优化、支持一体化服务体系充分利用VMware SDDC现有组件，和Openstack取长补短Included OpenStack Components:Integrated VMware Technologies:Curren

12、tFutureSwift(object store)Basic open sourcevSphere Web Client Install, Configure and TroubleshootEMC ViPRVIO 架构 VIO部署拓扑架构VIO 架构 使用VIO的SDDC逻辑拓扑VIO 架构 OpenStack Management ServerThe VIO OpenStack Management Server 保存整个VIO环境的配置信息, 并负责在安装和升级中推送整个VIO配置信息到其他VIO所有的核心组件中.所有的VIO核心组件都会从一个模版VIO Template中创建生成.

13、VIO 架构 Load Balancers对上：VIO的部分服务, 比如Horizon Dashboard, compute-api, glance-api, keystone, cinder-api, neutron-api and nova-vncproxy 会通过 负载均衡模块的public virtual IP提供给最终租户.对下：负载均衡模块对Openstack Controller、RabbitMQ and Memcached 提供服务VIO 架构 OpenStack Controllers控制节点包括:All OpenStack API servicesAll OpenStack

14、 schedulersOpenStack schedulers 服务被用来分发计算、网络和存储卷的服务请求. The following services are connected to the messaging backend (RabbitMQ) and can be scaled-out:nova-schedulernova-conductorcinder-schedulerneutron-serverOpenStack projects provide an API service for resource management. VIO 架构 OpenStack Controll

15、ersVIO Controllers 和VMware 后台组件的交互:vCenter/vSAN/NSX Interactions和vCenter/NSX 负责交互的主要是4个服务：Nova (Compute Service), Glance (Image Service), Cinder (Volume Service), Neutron (Networking).OpenStack Glance - vSphere Interactions在Controller VM中运行.上传用户镜像(vmdk, iso, ova)到Glance所在的Datastore中Glance所在的Datastor

16、e 可以是VMFS/NFS/vSAN Datastores.OpenStack Cinder - vSphere Interactions在Controller VM中运行.在Cinder数据平面的Data Store中创建Flat VMDK.OpenStack Neutron - vSphere Interactions支持两种Neutron服务- NSX/VDS and runs in the controller and DHCP node VMs.NSX 模式和 NSX Manager交互VDS 模式和VC 交互VIO 架构 MemcachedVIO数据库服务的前端缓层，用来缓存从数据

17、库返回的小规模数据VIO中主要缓存的数据是Keystone tokensVIO 架构 RabbitMQRabbitMQ 消息中间件，A/A部署，主要负责整个VIO环境的异步消息传递OpenStack中的子组件之间的通讯，比如nova-scheduler 到 pute会使用该服务组件和组件之间的服务，比如Nova到Neutron的通讯，通过 REST API之间调用.For more details about the HA implementation of RabbitMQ, please click here.VIO 架构 Database数据库节点，一共三个节点，Active/Stand

18、by架构，使用MariaDB.VIO 架构 Nova ComputeNova的 Compute Driver VM和加入到VIO的计算容量内的Cluster一对一配置. pute runs in this Compute VM (each Compute VM has 1:1 correspondence with a vCenter cluster).Compute VM 负责的功能包括:创建Instance前，负责从Glance DS中拷贝到Cluster所在的共享DS（用来缓存）.基于拷贝过来的VMDK用来创建Instance.给Instance添加相应的虚拟接口给instances添加

19、Cinder服务创建的vmdk.VIO 如何与 vSphere and NSX交互Nova Compute Nova ServicesNSX ManagerNeutron PluginNeutron ServerHeatGlanceRabbitMQvCenterESXi-2vSphere PluginNSXVIOESXi-1NSXKeystoneCinderVMDK DriverVMDK DriverIntroduction NSX vSphere Neutron PluginVMwares OpenStack Team开发, 后端和NSX-v集成.该插件随VIO发行版自带集成, 上传到Ope

20、nstack的官方(repo is vmware-nsx in StackForge).最大支持2000VMs和250台主机.Requires NSX vSphere 6.1.3 or later 支持 VLAN (Neutron Provider Networks) and VXLAN (Overlay Tenant Networks).支持 Distributed Routing, scalable DHCP services, NAT/no-NAT Centralized Routing and Distributed Firewall.Additional information in

21、 speakers notes.Web Network (Logical Switch)基本的Neutron工作流App-1App-2Web-1Web-2App Network (Logical Switch)Floating IP (NSX Edge Services Gateway-DNAT)Security Group (Distributed Firewall Security Group)IntranetInternetRouter (NSX Edge Services Gateway-SNAT)DHCP (NSX Edge Services Gateway)NSX PluginvD

22、S PluginProvider Networks leveraging VLANsAPI/Management Plane High AvailabilityDC-Wide Control Plane ScaleHighLimitedLayer 3/NAT High Availability & Scale-Full Neutron feature-setPrivate Logical Network Identifier Independent of VLANsHighly Available DHCP ServiceSecurity Groups Metadata Service Int

23、egration & SupportL3/NAT & Floating IP Support-Enterprise FeaturesMicro-segmentation with line-rate Stateful distributed firewallProvider-side security via Service InsertionIn-kernel distributed routingMany more.-vCenter Operations & Log Insight Content Packs-VMware VIO 两种Neutron插件NSXv Neutron Plugi

24、n 支持拓扑多层应用、集中路由Intranet/InternetVM1VM2Network ANetwork BTenant Logical Router(NSX ESG)VM4Provider Logical RouterStatic RoutingNotes:租户网络可以是VLAN 或者VXLAN由NSX Edge实现租户的核心路由.支持NAT (floating IPs) 或者 no-NAT 配置.可选的DHCP服务，DHCP服务会由一个共享的Edge设备提供（VIO根据IP地址是否重叠自动创建）每个Edge最大10个租户网络在Edge和边界路由器之间只支持静态路由（通过API/CLI配

25、置）.Tenant SpaceDHCP Server(NSX ESG)VM5VM3Provider SpaceNSXv Neutron Plugin 支持拓扑多层应用、分布式路由Intranet/InternetVM1VM2Network ANetwork BTenant Router(NSX ESG)VM4Provider Logical RouterStatic RoutingNotes:租户网络只能是VXLAN通过NSX Distributed Logical Router创建分布式路由器通过Edge实现租户核心路由最大支持999个租户网络VIO自动生成DLR和Edge之间的网络，并自动

26、在Edge和DLR之间生成静态路由从VIO的角度DLR和Edge会显示为一个租户路由器在Edge上支持NAT no-NAT可选的DHCP服务，DHCP服务会由一个共享的Edge设备提供（VIO根据IP地址是否重叠自动创建）Tenant SpaceDHCP Server(NSX ESG)Transit Logical SwitchDistributed Logical RouterVM3VM5Static RoutingProvider SpaceNSX vSphere Neutron Plugin NSX Edges PoolNSX Edges, whether DLRs or ESGs, r

27、equire a VM to operate. This means provisioning time could be significant when requesting these resources from Neutron.为了减少供给时间，VIO在初始化安装的时候自动创建一个Edge PoolEdges are then selected by the Neutron plugin, based on function and purpose (centralized routing, distributed routing and/or DHCP server).这个池包含1

28、2个事先供给的NSX Edges. The naming format for the pre-provisioned Edges is backup-XXXXX, for example, backup-60e5f345-8adf. Currently, the number of Edges is not configurable.Every time a pre-provisioned Edge is selected, a new one is spun off in order to maintain the pool whole. The Edge is renamed dhcp-

29、XXXX when the ESG is being used for DHCP services, or NAME-XXXX if used for Tenant routing services (按照租户名字来命名租户的Edge)An enhancement in NSX 6.2 will allow for the NSX DLR to operate without the need of a control VM, but only when using static routing, which is the only option supported in Neutron at

30、 the moment. This will help with provisioning time as well as VM sprawl.Backup NSXESG -RouterVIO Prepopulated Edge PoolNSXESG - DHCPBackup NSXDistributed RoutersNSX vSphere Neutron Plugin DHCP ImplementationWhen a Tenant requests DHCP services for a network segment, an NSX ESG is picked from the poo

31、l and configured with static DHCP bindings. This NSX ESG is different from the Tenant Router ESG.Emphasis: DHCP bindings are statically configured (no DHCP Pools).If overlapping IPs are required, a new ESG will be selected; otherwise the same ESG will be used. IMPORTANT: The same ESG will be used ac

32、ross Tenants in order to optimize resource utilization and mitigate VM sprawl.VLAN-trunks and VXLAN-trunks (sub-interfaces) are leveraged in order to e the 10-vNIC limit of the ESG. In VIO 1.0, 200 sub-interfaces are supported per DHCP ESG (NSX dependency).VLAN/VXLAN TrunkDHCP Server(NSX ESG)DHCP Se

33、rvers(NSX ESG)Non-overlapping IPsOverlapping IPsTenant ATenant BTenant CTenant ATenant BTenant C/24/24/24/24/24/24Agenda1什么是VMware Integrated Openstack(VIO)2VMware 的VIO技术架构3VMware VIO+NSX+vSphere物理部署4VMware VIO使用场景CONFIDENTIAL37Compute ClustersInfrastructure Clusters (Edge, vCenter and NSX/VIO Manag

34、ement)IntranetInternetThe VIO 的安装架构要求vSphere的环境必须按照计算机架、管理机架、Edge机架的拓扑架构来进行安装部署Optional: 管理集群和Edge集群可以合并管理集群至少三台主机. 计算和Edge机架必须安装NSX VTEP(主机准备)并且处于一个Transport Zone中.VIO 1.0只支持一个Transport Zone.VIO 架构 物理部署拓扑存储设计：vSphere Design Requirements for VIOVIO Controller 1Shared Datastore 1VIO 基础架构管理组件，默认需要3个da

35、ta store实现冗余，data store也作为所有的A/A组件、A/S组件布置在这三个data store上，保障冗余和高可用，同时供给给这三台主机的 data store也作为Glance Image Service计算集群和Edge集群需要配置共享存储用来存放Instance和虚拟路由器（Edge）计算集群的data store作为cinder的数据平面，为instance存放持久的卷数据VIO Load Balancer 1VIO DB 1VIO DB 2VIO RabbitMQ 1VIO Memcache 1VIO Object Storage 1VIO Controller 2

36、VIO Load Balancer 2VIO DB 3VIO RabbitMQ 2VIO Memchache 2VIO Object Storage 2VIO Compute 1VIO Compute 2OpenStack Management ServerVIO Compute nManagement (VIO Infrastructure)Tenant VMTenant VMTenant VMTenant VMCompute/EdgeShared Datastore(s)Tenant Cinder VolumesRedundancy provided by vSphere HARedund

37、ancy provided in VIOGlance Image 1Glance Image 2Glance ImagesGlance Image nNSX ESGDLR CVMShared Datastore 2Shared Datastore 3VIO安装准备CONFIDENTIAL40CONFIDENTIAL41VIO安装准备-2VIO 部署CONFIDENTIAL42VIO界面CONFIDENTIAL43Troubleshooting vRealize Log InsightNSX Content Pack for Log Insight available now.OpenStack

38、 Content Pack for Log InsightTroubleshooting vRealize Operations ManagerNSX Management Pack for vROPS available now.OpenStack Management Pack for vROPS available now.Agenda1什么是VMware Integrated Openstack(VIO)2VMware 的VIO技术架构3VMware VIO+NSX+vSphere物理部署4VMware VIO使用场景CONFIDENTIAL46典型场景：在Horizon中创建一个租户

39、的典型拓扑47租户创建一个逻辑拓扑拓扑和需求如下VM1VM2Web TierDB TierTenant Router(NSX ESG)VM3Sample Logical TopologyDHCP Server(NSX ESG)Transit Logical SwitchDistributed Logical RouterStatic RoutingNotes:二层应用 (Web and DB).安全策略:All inbound TCP traffic to Web is allowed on external routable IP (Floating IP)Web to DB traffic

40、 allowed on TCP 3306 (MySQL)Use Distributed Routing for optimized East-West communications (CLI provisioning).Use Centralized Routing for North-South connectivity.云管理员：配置外部网络(0of 6)Admin-only operation: Create an external VLAN-backed Provider Network (for floating IPs) in Horizon and the Neutron CLI

41、.neutron net-create EXTNET -router:external True -provider:network_type portgroup -provider:physical_network dvportgroup-108Note: Checking the “Shared” and “External” options will allow floating IPs to exist on this VLAN-backed network, given a subnet is created, a range is provisioned and the physi

42、cal network has been mapped to the corresponding VDS PortGroup (which can be obtained from the vCenter MOB).Note: The dvportgroup corresponds to the vSphere Port Group mapped to the external network on the Edge cluster. You can obtain this OID by browsing the vCenter Management Object Base (MOB): ht

43、tps:/mob 云管理员：配置外部网络的subnet(0 of 6)To create a Floating IP Range (Allocation Pools), simply create a subnet for the Provider External Network, with DHCP disabled:租户创建一个逻辑拓扑(1 of 6)51第一步创建两个二层网络，并分别创建两个Instance加入这两个二层网络From Horizon, access the Network tab and create the Web and DB Networks, with diff

44、erent IP Subnets and DHCP Enabled.Launch the corresponding VMs from the Instances tab and connect them to the appropriate Network (Project Compute).Examine the Dashboard Topology Map (Project Network Topology).租户创建一个逻辑拓扑(2 of 6)使用Neutron CLI创建分布式路由器. VIO会自动创建分布式路由器和分布式路由器上联的租户核心路由器 neutron router-cr

45、eate Tenant-Router distributed True在Horizon中，添加Web和DB两个租户网络的接口到路由器上（后台自动在Edge和DLR之间添加静态路由）设置路由器的默认网关在外部网络上.VIO会自动制定该Edge为核心路由并为路由上已经增加的Instance添加SNAT The Topology Dashboard will display both NSX routers as a single Neutron Router (Project Network Routers).租户创建一个逻辑拓扑(3 of 6)为Web Instance创建 Floating I

46、Ps to the Web Instances (Project Compute Associate Floating IP).租户创建一个逻辑拓扑(4 of 6)创建2个安全组并编辑规则(Web and DB) (Project Compute Access and Security Security Groups Manage Rules).边界Instance并添加安全组规则 (Project Compute Instances Edit Security Groups).租户创建一个逻辑拓扑(5 of 6)在NSX UI上检查租户拓扑、确认配置租户创建一个逻辑拓扑(6 of 6)在NS

47、X UI上检查租户拓扑、确认配置：DHCP/DFW.总结：VIO简化企业环境中OpenStack的交付与运维自动化的OpenStack管理通过vCenter自动化OpenStack的常规管理任务vCOPs集成，用于OpenStack的监控与故障分析Log Insight集成，用于诊断OpenStack的服务日志简单快速的OpenStack部署以虚拟设备形式交付OpenStack通过vSphere Web Client简化安装使用现有的集群和数据存储来配置OpenStackOpenStack部署自动配置为高可用与水平扩展架构企业级的OpenStack云健壮的基础架构vSphere, NSX &

48、VSAN为OpenStack提供丰富的基础架构功能OpenStack代码强化与测试单一厂商提供技术服务VMware为以下内容提供技术支持OpenStack代码底层基础架构安装和运维产品升级与补丁57CONFIDENTIALVIO Roadmap SummaryVIO 1.0 (2015.03 GA)Production Ready ArchitectureAutomated Deployment & ConfigurationAutomated Patching Nova with vCenter DriverGlance and Cinder with VMDK driversNSXv Neutron pluginL2/L3/ security groups/ floating IPsAuthentication w/ Active Directory Encrypted Passwords in configuration filesFeaturesIcehouse-basedNova, Neutron, Cinder, Glance, Horizon, Keystone, HeatOpenStack ReleaseLife-Cycle Mgmt. of OpenStack