Process Automation and Tool Alignment/Integration

The configuration and compliance processes for vCloud depend on tooling. The appropriate tools must be in place to effectively manage and operate the environment while sustaining the required service levels. Traditionally, Configuration and Compliance Management has been mostly manual, with few tools used. In a vCloud, additional tools are required due to additional requirements, such as a greater need for standardization and compliance, and a higher level of automation.

The following products are available to assist with process automation:

vCloud Director – As the core of the vCloud, this is the single source of truth for all the vCloud components. vCloud Director manages all of the vCloud relationships, including provider virtual datacenters, organization virtual datacenters, and vCloud networks and storage.

vSphere – While vCloud Director provides a level of abstraction from the vSphere virtualization layer, vSphere provides the single source of truth for configuration and relationship information about the virtualization components that support the vCloud, such as hosts, virtual switches, and datastores. vSphere configuration information is usually not referred to directly for configuration and compliance management, but is used in other tools.

VMware vCenter Configuration Manager™ – Collects and validates configuration, software, and patch information for the vCloud infrastructure and the vCloud service components. It also remediates configuration settings and software and patch levels.

VMware vCenter Infrastructure Navigator™ – Collects and stores relationships between the virtual machines that make up and interact with an application or service.

VMware vCloud Networking and Security Manager™, VMware vCloud Networking and Security App™, and VMware vCloud Networking and Security Edge™ – Manages vCloud network policies, configurations, and settings.

vCenter Orchestrator – Collects information, generates reports, and remediates issues through automated workflows. vCenter Orchestrator is the preferred method to interface with systems outside of the VMware ecosystem.

For more information about these tools, see the latest documentation at http://www.vmware.com/products.

This suite of products is required to varying degrees depending on whether configuration and compliance is from a provider or tenant perspective.

Tenants have visibility of all components in their domain but might not have visibility into components that make up a service that has been provided to them. For example, a public vCloud tenant will probably not have a view into the vSphere virtual infrastructure within the provider’s environment. For this example, the scope of configuration and compliance management is limited to the virtual datacenter instance.

A vCloud provider will probably not have any view inside the components that it has provided to a tenant. This also applies to tenants who provide services to sub-tenants. For example, a Value Added Reseller (VAR) who buys an organizational virtual datacenter from a vCloud provider would not have visibility into the virtual machines that it resells to its customers.

A provider offers a vCloud service with infrastructure that might meet a certain level of compliance (for example, PCI or SOX), which would be reflected in the service level offered to its tenants. It is the provider’s responsibility to make sure that this service level is adhered to and that all the components remain compliant (possibly including services consumed from other providers). It is each tenant’s responsibility to make sure that the infrastructure and services built on top also adhere to the same compliance level.