2.3 vCloud Infrastructure Logical Design
When architecting a VMware vCloud infrastructure logical design, VMware recommends using a building block approach to provide a scalable, resilient architecture. The two top-level logical building blocks are virtual management clusters and resource groups. The segregation of resources allocated for management functions from resources dedicated to user-requested workloads is achieved using management clusters and resource groups.
A vSphere management cluster
contains both
the core
and optional components and services needed to run the vCloud.
This includes core vCloud components such as VMware vCenter Server, vCloud Director
, vCenter Chargeback Manager, vCenter Orchestrator, and optional components such the VMware
vCenter Operations Suite and vFabric App
lication Director.
Resource
groups represent vCloud dedicated resources for end-user consumption. Each resource group consists of
vSphere clusters (
VMware vSphere hosts managed by a vCenter Server)
, and is under the control of vCloud Director. vCloud Director can manage the resources of multiple resource groups.
Reasons for separate management and resource clusters include the following:
Separation of duties –
I
n a vCloud infrastructure you typically have
at least two types of administrator:
i
nfrastructure (vSphere) administrator and a vCloud administrator.
By separating the management cluster from resource groups, clear separation of duties is established to
enforce administrative boundaries, limiting the actions that can be performed in the vSphere clusters
that comprise a resource group.
There are actions that can be performed on a resource group through the vSphere Client that should not be carried out by an administrator. These include:
Editing
virtual machine
properties.
Renaming
virtual machine.
Disabling
DRS.
Deleting
or renaming
resource pools.
Changing
networking properties.
Renaming
datastores.
Changing
or renaming
folders.
This is not an exhaustive list, but it covers some of the detrimental actions a vCenter administrator could perform on a vCloud resource group. The inherent risk highlights the architectural importance of maintaining separation of management clusters and resource groups.
Resource consumption
– Virtual machines
deployed into
resource groups that are not managed by
vCloud Director consume resources that are allocated for a particular
vCloud virtual datacenter.
This skews
the resource utilization and consumption metrics available to the vCloud.
Scalability and configuration maximums
– Having separate vSphere clusters
to manage end-user-consumed
compute resources
increases
r
esource group scalability.
A vCloud environment must
co
nform to
vSphere scalability and configuration maximums. Having dedicated resource group vSphere clusters
means that the scalability of vCloud user resources
is not affected by management
workloads. Availability
– A virtual management cluster allows the
use of
VMware vSphere HA and DRS
to provide enhanced availability to all management components. A separate management cluster enables this protection
in a more granular fashion to satisfy management-
specific SLAs.
It also increases upgrade flexibility because management cluster upgrades are not tied to resource group upgrades.
Prevents denial-of-service attacks or intensive provisioning activity on the resource groups from affecting management component availability.
Disaster Recovery facilitation
– Having separate
management clusters and resource groups simplifies
the design and implementation of vCloud Disaster Recovery. The vCloud Disaster Recovery solution uses an SRM-
managed vSphere cluster that contains all of the vCloud infrastructure management components.
This solution is explained in further detail in Appendix C: vCloud Suite Disaster Recovery.
Support and troubleshooting – To facilitate troubleshooting and problem resolution, m
anagement components are strictly contained in a relatively small and manageable cluster. Running management components within
large clusters
that contain mixe
d resource and management components mak
es it difficult to diagnose issues with
management components efficiently.
Separation of management components from the resources they are managing. This helps avoid inadvertent changes to vCloud Director-created entities through the vSphere Client.
Figure 3. vCloud Logical Architecture Overview
Achieving economies of scale means scaling vCloud resources in a consistent and predictable manner. Follow applicable, recommended practices when deploying the underlying vSphere infrastructure and other vCloud components.