Process Automation and Tool Alignment/Integration

The Configuration and Compliance processes for vCloud depend on tooling and if the appropriate tools are not in place it is very difficult to manage and operate the environment while sustaining the required service levels. Traditionally, Configuration and Compliance Management has been mostly performed manually, with very few tools used. In a vCloud, the scope of the required tools increases. This is due to the additional requirements that the vCloud has, such as a greater need for a high level of standardization and compliance, along with a higher level of automation. A number of products are available to assist with these tasks.

vCloud Director (VCD) – As the core of the vCloud, it is the single source of truth for all the vCloud components and manages all the vCloud relationships such as provider virtual datacenters, organization virtual datacenters, and vCloud networks and storage.

vSphere – Though VCD provides a level of abstraction from the vSphere virtualization layer, vSphere itself provides the single source of truth for configuration and relationship information about the virtualization components that support the vCloud such as hosts, virtual switches and datastores. Typically, the vSphere configuration information is not referred to directly for configuration and compliance management, but is used in other tools.

vCenter Configuration Manager (VCM) – Collects and validates configuration, software and patch information of the vCloud infrastructure and the vCloud service components. It also remediates configuration settings, and software and patch levels.

vCenter Infrastructure Navigator – Collects and stores relationships between virtual machines that make up and interact with an application or service.

vCenter Orchestrator (VCO) –- Used to collect information, generate reports, and remediate issues through automated workflows. vCO is also the preferred method to interface with systems outside of the VMware ecosystem.

For further information on these tools, see the latest documentation at http://www.vmware.com/products.

This suite of products is required in to varying degrees depending on whether configuration and compliance is from a provider or tenant perspective.

Tenants have visibility of all components in their domain, but might not have visibility into components that make up a service that has been provided to them. For example, a public vCloud tenant will probably not have any view into the vSphere virtual infrastructure within their provider’s environment, hence the scope of the their configuration and compliance management is limited to their virtual date center instance.

A vCloud provider will probably not have any view inside the components that it has provided to a tenant. This also applies to tenants who provide services to sub-tenants. For example, a Value Added Reseller (VAR) who buys an organizational virtual datacenter from a vCloud provider would not have visibility into the virtual machines that it resells to its customers.

A provider offers a vCloud service with infrastructure that may meet a certain level of compliance (for example, PCI, SOX, others.), which would be reflected in the service level offered to its tenants. It is the provider’s responsibility to make sure that this service level is adhered to, and all the components remain compliant, which may include services consumed from other providers. It is then each tenant’s responsibility to make sure that the infrastructure and services built on top of this also adhere to the same compliance level to provide compliance at all levels.