vCloud Infrastructure Logical Design

When architecting a VMware vCloud infrastructure logical design, VMware recommends using a building block approach to provide a scalable, resilient architecture. The following top-level logical building blocks are used to segregate resources that are allocated for management functions from resources dedicated to user-requested workloads.

vSphere virtual management cluster – Contains the core and optional components and services needed to run the vCloud instance. This includes core vCloud components such as VMware vCenter Server, vCloud Director, vCenter Chargeback Manager, vCenter Orchestrator, and optional components such as the vCenter Operations Management Suite and vFabric Application Director.

Resource group – Represents vCloud-dedicated resources for end-user consumption. Each resource group consists of vSphere clusters (vSphere hosts managed by a vCenter Server) and is under the control of vCloud Director. vCloud Director can manage the resources of multiple resource groups.

Separate management and resource clusters are important for the following reasons:

Separation of duties – A vCloud infrastructure typically has at least two types of administrator: infrastructure (vSphere) administrator and vCloud administrator. Separating the virtual management cluster from resource groups allows separation of duties and enforcement of administrative boundaries, limiting the actions that can be performed in the vSphere clusters of a resource group.

An administrator should not perform the following actions on a resource group through the vSphere Client:

This is not an exhaustive list, but it covers some of the detrimental actions a vCenter administrator could perform on a vCloud resource group.

Resource consumption – Virtual machines deployed into resource groups that are not managed by vCloud Director consume resources that are allocated for a particular vCloud virtual datacenter. This skews the resource utilization and consumption metrics available to the vCloud.

Scalability and configuration maximums – Having separate vSphere clusters to manage compute resources consumed by end users increases resource group scalability. A vCloud environment must conform to vSphere scalability and configuration maximums. Having dedicated resource group vSphere clusters means that the scalability of vCloud user resources is not affected by management workloads.

Availability – A virtual management cluster allows the use of VMware vSphere High Availability (HA) and DRS to provide enhanced availability to all management components. A separate management cluster enables this protection in a granular fashion to satisfy management-specific SLAs. It also increases upgrade flexibility because management cluster upgrades are not tied to resource group upgrades.

Denial-of-service attacks or intensive provisioning – Having separate management clusters and resource groups keeps this type of activity on the resource groups from affecting management component availability.

Disaster recovery facilitation – Having separate management clusters and resource groups simplifies design and implementation of vCloud disaster recovery. The vCloud disaster recovery solution uses a vSphere cluster managed by vCenter Site Recovery Manager that contains the vCloud infrastructure management components. For more information, see Appendix C: vCloud Suite Disaster Recovery.

Support and troubleshooting – Running management components in large clusters that contain mixed resource and management components makes it difficult to diagnose issues with the management components. To facilitate troubleshooting and problem resolution, place the management components in a small and manageable cluster.

Separation of management components from managed resources – Separation helps to prevent inadvertent changes through the vSphere Client to entities created with vCloud Director.

Achieving economies of scale means scaling vCloud resources in a consistent and predictable manner. Follow recommended practices when deploying the underlying vSphere infrastructure and other vCloud components.